arol-ai 0.1.4 → 0.1.6

package/README.md

@@ -1,5 +1,7 @@
 # arol-ai
 
+[![tests](https://github.com/benminor/arol/actions/workflows/ci.yml/badge.svg)](https://github.com/benminor/arol/actions/workflows/ci.yml)
+
 Scan a local code repo for usage of third-party APIs/SDKs that have **upcoming deprecations**, and print a clean report.
 
 **Everything runs locally.** No network calls, no telemetry, no uploads, no auth. Your code never leaves your machine.
@@ -134,6 +136,26 @@ npx arol-ai scan --within 7 # only fail when a sunset is within a week
 
 Colors are automatically disabled when output is not a TTY (e.g. piped to a file), or when `NO_COLOR` is set. Use `FORCE_COLOR=1` to force them on.
 
+## Run arol in CI
+
+Add a workflow file at `.github/workflows/arol.yml` in **your own repo**. GitHub Actions runs anything in `.github/workflows/` automatically — the filename is arbitrary — and this one triggers on every `push` and `pull_request`:
+
+```yaml
+name: arol deprecation scan
+on: [push, pull_request]
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: { node-version: 20 }
+      - run: npx arol-ai scan
+```
+
+1. **Exit codes fail the build only on real breaks.** The scan exits non-zero only for high-severity or imminent dated deprecations, and stays warn-only (exit `0`) for `deprecated`/`medium` findings — so it won't block a PR over a deprecation that has no deadline.
+2. **Portable to any CI.** `npx arol-ai scan` is the one line that matters (GitLab CI, CircleCI, a cron job, etc.); only the YAML wrapper above is GitHub-specific.
+
 ## The dataset (`deprecations.json`)
 
 All detections are **data-driven** — the bundled dataset lives at

package/dist/cli.js

@@ -139,14 +139,7 @@ function runScan(targetPath, opts) {
     const within = Number.isFinite(parsedWithin) && parsedWithin >= 0
         ? parsedWithin
         : DEFAULT_WITHIN_DAYS;
-    const tripped = result.findings.some((f) => {
-        if (f.deprecation.severity === "high")
-            return true;
-        if ((0, status_1.effectiveStatus)(f.deprecation, now) !== "scheduled")
-            return false;
-        const days = (0, status_1.daysUntil)(f.deprecation.sunset_date, now);
-        return days !== null && days >= 0 && days <= within;
-    });
+    const tripped = result.findings.some((f) => (0, status_1.isActionable)(f.deprecation, now, within));
     if (tripped)
         process.exitCode = 1;
 }

package/dist/scanner.js

@@ -36,6 +36,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.modelRegexSource = modelRegexSource;
 exports.scanRepo = scanRepo;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));

package/dist/status.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseSunsetDate = parseSunsetDate;
 exports.daysUntil = daysUntil;
 exports.effectiveStatus = effectiveStatus;
+exports.isActionable = isActionable;
 const MS_PER_DAY = 24 * 60 * 60 * 1000;
 /** Midnight-UTC timestamp for a Date's calendar day. */
 function startOfDayUTC(d) {
@@ -43,3 +44,16 @@ function effectiveStatus(d, now) {
         return "deprecated";
     return t < startOfDayUTC(now) ? "retired" : "scheduled";
 }
+/**
+ * Whether a finding should fail the CI gate (non-zero exit): any high-severity
+ * finding, or a scheduled finding landing within `within` days. Dateless
+ * "deprecated" and non-imminent medium/low findings are warn-only.
+ */
+function isActionable(d, now, within) {
+    if (d.severity === "high")
+        return true;
+    if (effectiveStatus(d, now) !== "scheduled")
+        return false;
+    const days = daysUntil(d.sunset_date, now);
+    return days !== null && days >= 0 && days <= within;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "arol-ai",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Scan a local repo for upcoming third-party API/SDK deprecations. Fully local — no network, no telemetry, your code never leaves the machine.",
   "keywords": [
     "deprecation",
@@ -29,6 +29,8 @@
   "scripts": {
     "build": "tsc",
     "scan": "node dist/cli.js scan",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
@@ -37,6 +39,7 @@
   },
   "devDependencies": {
     "@types/node": "^22.10.0",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "vitest": "^4.1.8"
   }
 }

package/src/data/deprecations.json

@@ -216,15 +216,14 @@
     "severity": "high",
     "match": "pattern",
     "applies_to": ["py", "js", "ts", "jsx", "tsx", "mjs"],
-    "sunset_date": "2027-01-31",
-    "date_confidence": "verify",
+    "sunset_date": "2025-12-31",
     "detect": {
       "sdk": ["twilio"],
       "patterns": ["notify\\.v1", "\\.notify\\.services", "client\\.notify"]
     },
-    "migration_url": "https://www.twilio.com/en-us/changelog",
-    "summary": "Twilio Notify reaches end of life Jan 31, 2027; after that all Notify API requests will fail. No 1:1 replacement — rebuild with Programmable Messaging / Conversations. Verify the date against Twilio's official EOL notice.",
-    "source": "https://www.courier.com/blog/twilio-notify-end-of-life"
+    "migration_url": "https://support.twilio.com/hc/en-us/articles/9198083260571-Transitioning-off-Notify",
+    "summary": "Twilio Notify reached end of life December 31, 2025; Notify API requests now fail. No 1:1 replacement — rebuild with Programmable Messaging / Conversations.",
+    "source": "https://www.twilio.com/en-us/changelog/notify-api-end-of-life-further-extension-notice"
   },
   {
     "id": "twilio-programmable-chat-retired",