delivery-friction-analyzer 0.14.3 → 0.15.0

package/docs/contracts/target-repository.md

@@ -19,6 +19,8 @@ Schema: `schemas/target-repository.schema.json`. Live analysis selection is late
 
 The validator rejects a target repository that exactly matches the configured product repository. For this repository, the product repository is `hannasdev/delivery-friction-analyzer`; the first validation target is `hannasdev/mcp-writing`.
 
+Live GitHub analysis enforces this separation before GitHub collection starts. If `--repo` names this tool's product repository, the command fails before provider calls, tells you to choose the repository you want to measure with `--repo owner/name`, and confirms that no GitHub data was collected. The product repository identity is repo-local implementation configuration, not a public CLI option.
+
 ## Degraded Behavior
 
 If a target repository is private or the token lacks access, the analyzer should report coverage as unavailable or partial instead of silently emitting complete-looking metrics. Missing `defaultBranch` or malformed owner/name input is a hard contract error.

package/docs/reference/repository-profile.md

@@ -6,6 +6,8 @@ Schema: `schemas/repository-profile.schema.json`.
 
 Repository profiles own repository semantics. Keep file rules, PR class rules, workflow context, branch or release strategy, and contributor-source declarations here. Optional [run presets](run-presets.md) only store reusable run settings such as the target repository, profile path, sample size, output directory, dry-run mode, CSV preference, JSON completion preference, validation-target mode, and requested PR class exclusions. Explicit CLI flags override preset values.
 
+Live analysis validates the selected repository profile before GitHub provider calls in normal runs, dry runs, and preset-loaded runs. Validation failures name the profile path, failing field or rule, problem, and next action. Edit the named field or rule in the existing profile; use interactive setup with `--interactive --dry-run` only when you want to create or regenerate a starter profile.
+
 ## Categories
 
 - `code`
@@ -37,6 +39,8 @@ Rules are evaluated in order and can match by `exact`, `prefix`, `suffix`, `incl
 
 This keeps validation-target details in profile data rather than hardcoded product assumptions.
 
+Each file rule must include a unique lowercase `id`, a non-empty `match` object, a supported `category`, and a supported `role`. Optional `functionalSurface` values use the same lowercase identifier shape as rule IDs. Optional `generated` values must be booleans. Unsupported rule or matcher keys fail validation, and invalid JavaScript regexes fail before collection with the rule ID and matcher field in the error.
+
 ## Pull Request Classes
 
 `prClasses` is optional. Rules are evaluated in order and the first matching rule wins. The current profile contract supports title-only matchers:

package/docs/reference/run-presets.md

@@ -4,6 +4,8 @@ Run presets are optional local JSON files for reusing CLI run settings. They are
 
 Repository meaning stays in repository profiles. Put file rules, PR class rules, workflow context, branch or release strategy, and contributor-source declarations in a repository profile. A run preset may only point at a profile and store run inputs or preferences such as the target repository, sample size, output directory, dry-run mode, CSV preference, JSON completion preference, validation-target mode, and requested PR class exclusions.
 
+When a preset supplies `profilePath`, the CLI validates that referenced profile exactly as if it had been passed with `--profile`. Presets do not copy, freeze, or override profile rules; fixing profile validation failures means editing the referenced profile or choosing a different profile path.
+
 ## Save A Preset
 
 Interactive setup asks whether to save a local run preset near the end of the prompt flow. If you answer yes, you choose the preset path explicitly. The CLI does not invent a global or cloud-synced preset location.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "delivery-friction-analyzer",
-  "version": "0.14.3",
+  "version": "0.15.0",
   "description": "Local GitHub pull request analytics for delivery friction reports.",
   "license": "MIT",
   "type": "module",

package/release-log.md

@@ -2,6 +2,14 @@
 
 ## Unreleased
 
+### 2026-06-21 — Runtime Contract Preflight
+
+- What changed: GitHub analysis now rejects this tool's product repository before collection and validates repository profiles more completely before provider calls, including file-rule shape, duplicate IDs, unsupported keys, invalid values, and malformed regexes.
+- Why it matters: Maintainers get clearer failures before rate-limited GitHub work begins, so invalid targets or profiles are fixed at the input boundary instead of producing misleading reports.
+- Who is affected: Maintainers running live GitHub analysis, dry runs, or preset-based runs, and contributors authoring repository profiles.
+- Action needed: If a run now fails preflight, choose the repository you want to measure with `--repo owner/name` or fix the named profile field or rule before rerunning.
+- PR: #55
+
 ### 2026-06-21 — Repo-Specific Review Guidance
 
 - What changed: Added repo-local maintainer and agent guidance for recurring review themes, broad-change tripwires, and validation command selection, with self-profile coverage for the new guidance file.

package/schemas/repository-profile.schema.json

@@ -14,8 +14,14 @@
       "additionalProperties": false,
       "required": ["owner", "name"],
       "properties": {
-        "owner": { "type": "string" },
-        "name": { "type": "string" }
+        "owner": {
+          "type": "string",
+          "pattern": "^[A-Za-z0-9_.-]+$"
+        },
+        "name": {
+          "type": "string",
+          "pattern": "^[A-Za-z0-9_.-]+$"
+        }
       }
     },
     "rules": {
@@ -25,16 +31,20 @@
         "additionalProperties": false,
         "required": ["id", "match", "category", "role"],
         "properties": {
-          "id": { "type": "string" },
+          "id": {
+            "type": "string",
+            "minLength": 1,
+            "pattern": "^[a-z0-9]+(?:[-_][a-z0-9]+)*$"
+          },
           "match": {
             "type": "object",
             "additionalProperties": false,
             "properties": {
-              "exact": { "type": "string" },
-              "prefix": { "type": "string" },
-              "suffix": { "type": "string" },
-              "includes": { "type": "string" },
-              "regex": { "type": "string" }
+              "exact": { "type": "string", "minLength": 1 },
+              "prefix": { "type": "string", "minLength": 1 },
+              "suffix": { "type": "string", "minLength": 1 },
+              "includes": { "type": "string", "minLength": 1 },
+              "regex": { "type": "string", "minLength": 1 }
             },
             "minProperties": 1
           },
@@ -57,7 +67,10 @@
               "unknown"
             ]
           },
-          "functionalSurface": { "type": "string" },
+          "functionalSurface": {
+            "type": "string",
+            "pattern": "^[a-z0-9]+(?:[-_][a-z0-9]+)*$"
+          },
           "generated": { "type": "boolean" },
           "notes": { "type": "string" }
         }

package/src/cli/analyze-github.js

@@ -16,15 +16,13 @@ import {
   generateRepositoryFrictionReport,
   renderRepositoryFrictionMarkdown,
 } from "../report/friction-report.js";
-import { assertValidPrClassRules } from "../profile/pr-class.js";
 import { conventionalCommitPrClassRules } from "../profile/pr-class-presets.js";
+import { assertValidRepositoryProfile } from "../profile/repository-profile.js";
 import {
   WORKFLOW_BRANCH_STRATEGIES,
   WORKFLOW_PRIMARY_MERGE_METHODS,
   WORKFLOW_RELEASE_STRATEGIES,
-  assertValidWorkflowContext,
 } from "../profile/workflow.js";
-import { assertValidContributorSource } from "../profile/contributor-source.js";
 
 const RUN_PRESET_SCHEMA_VERSION = "analyze-github-run-preset.v1";
 
@@ -568,9 +566,7 @@ function normalizeMultiSelectAnswer(raw, prompt) {
 }
 
 function validateProfile(profile) {
-  assertValidPrClassRules(profile);
-  assertValidWorkflowContext(profile);
-  assertValidContributorSource(profile);
+  assertValidRepositoryProfile(profile);
 }
 
 function parseProfileJson(text) {
@@ -588,6 +584,14 @@ function hasTrailingPathSeparator(profilePath) {
   return /[/\\]$/.test(profilePath);
 }
 
+function invalidProfileMessage(profilePath, error) {
+  return `Invalid repository profile at ${profilePath}: ${error.message}. Fix the named field or rule in this profile. If you want to create or regenerate a starter profile instead, rerun interactive setup with --interactive --dry-run.`;
+}
+
+function invalidProfileJsonMessage(profilePath, error) {
+  return `Invalid repository profile at ${profilePath}: ${error.message}. Fix the JSON syntax in this profile. If you want to create or regenerate a starter profile instead, rerun interactive setup with --interactive --dry-run.`;
+}
+
 async function inspectProfilePath(profilePath) {
   if (hasTrailingPathSeparator(profilePath)) {
     throw new Error("profile path must be a JSON file path, not a directory or special file.");
@@ -618,10 +622,10 @@ async function readProfile(profilePath) {
     inspected = await inspectProfilePath(profilePath);
   } catch (error) {
     if (error.message?.startsWith("profile must be valid JSON")) {
-      throw error;
+      throw new Error(invalidProfileJsonMessage(profilePath, error));
     }
     if (error.message?.startsWith("invalid ")) {
-      throw new Error(`profile is invalid: ${error.message}`);
+      throw new Error(invalidProfileMessage(profilePath, error));
     }
     throw new Error(`profile could not be read: ${error.message}`);
   }
@@ -1046,10 +1050,10 @@ async function promptProfilePath(promptAdapter, output, prompt) {
         profileState = await inspectProfilePath(value);
       } catch (error) {
         if (error.message?.startsWith("profile must be valid JSON")) {
-          throw error;
+          throw new Error(invalidProfileJsonMessage(value, error));
         }
         if (error.message?.startsWith("invalid ")) {
-          throw new Error(`profile is invalid: ${error.message}`);
+          throw new Error(invalidProfileMessage(value, error));
         }
         throw new Error(`profile could not be read: ${error.message}`);
       }
@@ -1130,10 +1134,10 @@ export async function collectInteractiveAnalyzeGithubOptions(options, {
         };
       } catch (error) {
         if (error.message?.startsWith("profile must be valid JSON")) {
-          throw error;
+          throw new Error(invalidProfileJsonMessage(resolved.profilePath, error));
         }
         if (error.message?.startsWith("invalid ")) {
-          throw new Error(`profile is invalid: ${error.message}`);
+          throw new Error(invalidProfileMessage(resolved.profilePath, error));
         }
         throw new Error(`profile could not be read: ${error.message}`);
       }
@@ -1477,6 +1481,7 @@ export async function runAnalyzeGithub(options, {
   provider = createGhCliProvider(),
   now = () => new Date().toISOString(),
   onProgress = null,
+  productRepository,
 } = {}) {
   requireOptions(options);
   validateRepositorySlug(options.repository);
@@ -1509,6 +1514,7 @@ export async function runAnalyzeGithub(options, {
     collectedAt: now(),
     isValidationTarget: options.isValidationTarget,
     contributors: repositoryProfile.contributors,
+    productRepository,
   });
 
   if (options.dryRun) {

package/src/collect/github-source-bundle.js

@@ -1,4 +1,9 @@
-import { validateTargetRepository } from "../contracts/target-repository.js";
+import {
+  DEFAULT_PRODUCT_REPOSITORY,
+  isProductRepositoryTarget,
+  productRepositoryTargetError,
+  validateTargetRepository,
+} from "../contracts/target-repository.js";
 import {
   assertValidContributorSource,
   normalizeContributorSourceConfig,
@@ -44,7 +49,7 @@ function visibilityOf(repository) {
   return "unknown";
 }
 
-function mapTargetRepository({ owner, name, repositoryMetadata, analysisPullRequestLimit, isValidationTarget }) {
+function mapTargetRepository({ owner, name, repositoryMetadata, analysisPullRequestLimit, isValidationTarget, productRepository }) {
   const targetRepository = {
     owner,
     name,
@@ -53,7 +58,7 @@ function mapTargetRepository({ owner, name, repositoryMetadata, analysisPullRequ
     analysisPullRequestLimit,
     isValidationTarget,
   };
-  const errors = validateTargetRepository(targetRepository);
+  const errors = validateTargetRepository(targetRepository, { productRepository });
   if (errors.length > 0) {
     throw new Error(`collected target repository metadata is invalid: ${errors.join(" ")}`);
   }
@@ -372,6 +377,7 @@ export async function collectGitHubSourceBundle({
   analysisPullRequestLimit,
   isValidationTarget = false,
   contributors = null,
+  productRepository = DEFAULT_PRODUCT_REPOSITORY,
 } = {}) {
   if (!provider) {
     throw new Error("provider is required.");
@@ -379,13 +385,16 @@ export async function collectGitHubSourceBundle({
   const targetPullRequestLimit = analysisPullRequestLimit ?? limit;
   requirePullRequestLimit(targetPullRequestLimit);
   const targetInput = repository ? parseRepositoryInput(repository) : { owner, name };
+  if (isProductRepositoryTarget(targetInput, productRepository)) {
+    throw new Error(productRepositoryTargetError(targetInput));
+  }
   const targetNameErrors = validateTargetRepository({
     ...targetInput,
     defaultBranch: "main",
     visibility: "unknown",
     analysisPullRequestLimit: targetPullRequestLimit,
     isValidationTarget,
-  }).filter(error => !error.includes("defaultBranch") && !error.includes("visibility"));
+  }, { productRepository }).filter(error => !error.includes("defaultBranch") && !error.includes("visibility"));
   if (targetNameErrors.length > 0) {
     throw new Error(targetNameErrors.join(" "));
   }
@@ -396,6 +405,7 @@ export async function collectGitHubSourceBundle({
     repositoryMetadata,
     analysisPullRequestLimit: targetPullRequestLimit,
     isValidationTarget,
+    productRepository,
   });
   const repositoryCoverage = coverageEntry({
     family: "repository_metadata",

package/src/contracts/target-repository.js

@@ -1,6 +1,11 @@
 const OWNER_OR_NAME = /^[A-Za-z0-9_.-]+$/;
 const REF_NAME = /^[A-Za-z0-9._/-]+$/;
 
+export const DEFAULT_PRODUCT_REPOSITORY = Object.freeze({
+  owner: "hannasdev",
+  name: "delivery-friction-analyzer",
+});
+
 function validateRepoPart(value, label) {
   if (typeof value !== "string" || !OWNER_OR_NAME.test(value)) {
     return `${label} must be a GitHub owner/name segment using letters, numbers, dots, underscores, or dashes.`;
@@ -73,3 +78,26 @@ export function normalizeTargetRepository(input, options = {}) {
     },
   };
 }
+
+export function isProductRepositoryTarget(input, productRepository = DEFAULT_PRODUCT_REPOSITORY) {
+  const normalizedInputOwner = typeof input?.owner === "string" ? input.owner.toLowerCase() : null;
+  const normalizedInputName = typeof input?.name === "string" ? input.name.toLowerCase() : null;
+  const normalizedProductOwner = typeof productRepository?.owner === "string" ? productRepository.owner.toLowerCase() : null;
+  const normalizedProductName = typeof productRepository?.name === "string" ? productRepository.name.toLowerCase() : null;
+
+  return Boolean(
+    normalizedInputOwner
+    && normalizedInputName
+    && normalizedProductOwner
+    && normalizedProductName
+    && normalizedInputOwner === normalizedProductOwner
+    && normalizedInputName === normalizedProductName
+  );
+}
+
+export function productRepositoryTargetError(input) {
+  const repository = typeof input?.owner === "string" && typeof input?.name === "string"
+    ? `${input.owner}/${input.name}`
+    : "the requested repository";
+  return `Cannot analyze ${repository} because it is this tool's product repository, not the target repository to measure. Choose a different repository with --repo owner/name. No GitHub data was collected.`;
+}

package/src/profile/pr-class.js

@@ -5,6 +5,8 @@ export const PR_CLASS_FALLBACK = Object.freeze({
 });
 
 const PR_CLASS_IDENTIFIER_PATTERN = /^[a-z0-9]+(?:[-_][a-z0-9]+)*$/;
+const PR_CLASS_RULE_KEYS = new Set(["id", "class", "match", "notes"]);
+const PR_CLASS_MATCH_KEYS = new Set(["titleIncludes", "titleRegex"]);
 
 function ruleLabel(rule, index) {
   return typeof rule?.id === "string" && rule.id.length ? rule.id : `index ${index}`;
@@ -35,6 +37,12 @@ export function validatePrClassRules(profile = {}) {
       continue;
     }
 
+    for (const key of Object.keys(rule)) {
+      if (!PR_CLASS_RULE_KEYS.has(key)) {
+        errors.push(`prClasses rule "${label}" ${key} is not supported`);
+      }
+    }
+
     if (typeof rule.id !== "string" || rule.id.length === 0) {
       errors.push(`prClasses[${index}].id must be a non-empty string`);
     } else if (seenRuleIds.has(rule.id)) {
@@ -46,6 +54,9 @@ export function validatePrClassRules(profile = {}) {
     if (typeof rule.class !== "string" || !PR_CLASS_IDENTIFIER_PATTERN.test(rule.class)) {
       errors.push(`prClasses rule "${label}" class must be lower-kebab-case or lower_snake_case`);
     }
+    if (rule.notes !== undefined && typeof rule.notes !== "string") {
+      errors.push(`prClasses rule "${label}" notes must be a string when provided`);
+    }
 
     const match = rule.match;
     if (!match || typeof match !== "object" || Array.isArray(match)) {
@@ -53,6 +64,21 @@ export function validatePrClassRules(profile = {}) {
       continue;
     }
 
+    for (const key of Object.keys(match)) {
+      if (!PR_CLASS_MATCH_KEYS.has(key)) {
+        errors.push(`prClasses rule "${label}" match.${key} is not supported`);
+      }
+    }
+
+    for (const field of PR_CLASS_MATCH_KEYS) {
+      if (
+        Object.prototype.hasOwnProperty.call(match, field)
+        && (typeof match[field] !== "string" || match[field].length === 0)
+      ) {
+        errors.push(`prClasses rule "${label}" match.${field} must be a non-empty string`);
+      }
+    }
+
     const hasTitleIncludes = typeof match.titleIncludes === "string" && match.titleIncludes.length > 0;
     const hasTitleRegex = typeof match.titleRegex === "string" && match.titleRegex.length > 0;
     if (!hasTitleIncludes && !hasTitleRegex) {

package/src/profile/repository-profile.js

@@ -0,0 +1,173 @@
+import { FILE_CATEGORIES, FILE_ROLES } from "./file-role.js";
+import { validateContributorSource } from "./contributor-source.js";
+import { validatePrClassRules } from "./pr-class.js";
+import { validateWorkflowContext } from "./workflow.js";
+
+const REPOSITORY_PROFILE_SCHEMA_VERSION = "repository-profile.v1";
+const REPO_SEGMENT_PATTERN = /^[A-Za-z0-9_.-]+$/;
+const IDENTIFIER_PATTERN = /^[a-z0-9]+(?:[-_][a-z0-9]+)*$/;
+const TOP_LEVEL_KEYS = new Set([
+  "schemaVersion",
+  "repository",
+  "rules",
+  "prClasses",
+  "workflow",
+  "contributors",
+]);
+const REPOSITORY_KEYS = new Set(["owner", "name"]);
+const FILE_RULE_KEYS = new Set([
+  "id",
+  "match",
+  "category",
+  "role",
+  "functionalSurface",
+  "generated",
+  "notes",
+]);
+const MATCH_KEYS = new Set(["exact", "prefix", "suffix", "includes", "regex"]);
+
+function isPlainObject(value) {
+  return value && typeof value === "object" && !Array.isArray(value);
+}
+
+function unsupportedKeys(value, allowedKeys, path) {
+  return Object.keys(value)
+    .filter(key => !allowedKeys.has(key))
+    .map(key => `${path}.${key} is not supported`);
+}
+
+function ruleLabel(rule, index) {
+  return typeof rule?.id === "string" && rule.id.length ? rule.id : `index ${index}`;
+}
+
+function validateRepositoryIdentity(profile) {
+  const errors = [];
+  if (!isPlainObject(profile.repository)) {
+    return ["repository must be an object with owner and name"];
+  }
+
+  errors.push(...unsupportedKeys(profile.repository, REPOSITORY_KEYS, "repository"));
+  for (const field of ["owner", "name"]) {
+    const value = profile.repository[field];
+    if (typeof value !== "string" || !REPO_SEGMENT_PATTERN.test(value)) {
+      errors.push(`repository.${field} must be a GitHub owner/name segment using letters, numbers, dots, underscores, or dashes`);
+    }
+  }
+  return errors;
+}
+
+function validateFileRuleMatch(rule, index) {
+  const errors = [];
+  const label = ruleLabel(rule, index);
+  const match = rule.match;
+  if (!isPlainObject(match)) {
+    return [`rules[${index}] "${label}" match must be an object`];
+  }
+
+  errors.push(...unsupportedKeys(match, MATCH_KEYS, `rules[${index}] "${label}" match`));
+  const configuredMatchers = [...MATCH_KEYS]
+    .filter(key => Object.prototype.hasOwnProperty.call(match, key));
+  if (configuredMatchers.length === 0) {
+    errors.push(`rules[${index}] "${label}" match must include at least one matcher: exact, prefix, suffix, includes, or regex`);
+  }
+
+  for (const field of MATCH_KEYS) {
+    if (!Object.prototype.hasOwnProperty.call(match, field)) continue;
+    const value = match[field];
+    if (typeof value !== "string" || value.length === 0) {
+      errors.push(`rules[${index}] "${label}" match.${field} must be a non-empty string`);
+      continue;
+    }
+    if (field === "regex") {
+      try {
+        new RegExp(value);
+      } catch (error) {
+        errors.push(`rules[${index}] "${label}" match.regex is not a valid JavaScript regex: ${error.message}`);
+      }
+    }
+  }
+
+  return errors;
+}
+
+export function validateFileRoleRules(profile = {}) {
+  const errors = [];
+  if (!isPlainObject(profile)) return ["profile must be an object"];
+  if (!Object.prototype.hasOwnProperty.call(profile, "rules")) {
+    return ["rules is required"];
+  }
+
+  const rules = profile.rules;
+  if (!Array.isArray(rules)) {
+    return ["rules must be an array"];
+  }
+
+  const seenRuleIds = new Set();
+  for (const [index, rule] of rules.entries()) {
+    const label = ruleLabel(rule, index);
+    if (!isPlainObject(rule)) {
+      errors.push(`rules[${index}] must be an object`);
+      continue;
+    }
+
+    errors.push(...unsupportedKeys(rule, FILE_RULE_KEYS, `rules[${index}] "${label}"`));
+
+    if (typeof rule.id !== "string" || !IDENTIFIER_PATTERN.test(rule.id)) {
+      errors.push(`rules[${index}].id must be a non-empty lowercase identifier using letters, digits, "-" or "_" separators`);
+    } else if (seenRuleIds.has(rule.id)) {
+      errors.push(`rules rule id "${rule.id}" is duplicated`);
+    } else {
+      seenRuleIds.add(rule.id);
+    }
+
+    errors.push(...validateFileRuleMatch(rule, index));
+
+    if (!FILE_CATEGORIES.includes(rule.category)) {
+      errors.push(`rules[${index}] "${label}" category must be one of: ${FILE_CATEGORIES.join(", ")}`);
+    }
+    if (!FILE_ROLES.includes(rule.role)) {
+      errors.push(`rules[${index}] "${label}" role must be one of: ${FILE_ROLES.join(", ")}`);
+    }
+    if (
+      rule.functionalSurface !== undefined
+      && (typeof rule.functionalSurface !== "string" || !IDENTIFIER_PATTERN.test(rule.functionalSurface))
+    ) {
+      errors.push(`rules[${index}] "${label}" functionalSurface must be a lowercase identifier using letters, digits, "-" or "_" separators`);
+    }
+    if (rule.generated !== undefined && typeof rule.generated !== "boolean") {
+      errors.push(`rules[${index}] "${label}" generated must be a boolean when provided`);
+    }
+    if (rule.notes !== undefined && typeof rule.notes !== "string") {
+      errors.push(`rules[${index}] "${label}" notes must be a string when provided`);
+    }
+  }
+
+  return errors;
+}
+
+export function validateRepositoryProfile(profile = {}) {
+  const errors = [];
+  if (!isPlainObject(profile)) {
+    return ["profile must be an object"];
+  }
+
+  errors.push(...unsupportedKeys(profile, TOP_LEVEL_KEYS, "profile"));
+
+  if (profile.schemaVersion !== REPOSITORY_PROFILE_SCHEMA_VERSION) {
+    errors.push(`schemaVersion must be ${REPOSITORY_PROFILE_SCHEMA_VERSION}`);
+  }
+  errors.push(...validateRepositoryIdentity(profile));
+  errors.push(...validateFileRoleRules(profile));
+  errors.push(...validatePrClassRules(profile));
+  errors.push(...validateWorkflowContext(profile));
+  errors.push(...validateContributorSource(profile));
+
+  return errors;
+}
+
+export function assertValidRepositoryProfile(profile = {}) {
+  const errors = validateRepositoryProfile(profile);
+  if (errors.length > 0) {
+    throw new Error(`invalid repository profile: ${errors.join("; ")}`);
+  }
+}