npm - open-azdo - Versions diffs - 0.3.1 → 0.3.3 - Mend

open-azdo 0.3.1 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +16 -0
package/SECURITY.md +3 -1
package/dist/open-azdo.js +693 -257
package/dist/open-azdo.js.map +13 -13
package/examples/azure-pipelines.review.debug.yml +1 -1
package/examples/azure-pipelines.review.pnpm.yml +66 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -51,6 +51,19 @@ Optional flags:
 - `--dry-run`
 - `--json`
+## Output And Logging
+Operational logs are pretty, colorized, and written to `stderr` by default so humans can follow the run in local terminals and CI job logs.
+The final command result stays on `stdout`.
+Use `--json` when you want fully machine-readable output:
+- command results stay on `stdout` as JSON
+- operational logs stay on `stderr` as JSON
+- `review` and `sandbox capture` both follow the same contract
+During OpenCode execution, `open-azdo` now emits live progress milestones such as session start, retries, tool start/completion, todo-plan updates, and session errors. Raw assistant text deltas and full tool outputs are intentionally omitted from default logs to keep them readable.
 ## Sandbox Capture
 Use the live capture command when you want to validate changes against a real Azure DevOps pull request without mutating PR threads:
@@ -99,11 +112,13 @@ Exit behavior:
 - successful review runs return `0`, even when findings are posted
 - operational failures return non-zero
+- logs always use `stderr`; results always use `stdout`
 ## Azure Pipelines
 The canonical example is in [examples/azure-pipelines.review.yml](./examples/azure-pipelines.review.yml).
 For first-time rollout or debugging, use [examples/azure-pipelines.review.debug.yml](./examples/azure-pipelines.review.debug.yml).
+For pnpm-managed repositories that want dependency install, `.NET` provisioning, restore, and experimental LSP access, use [examples/azure-pipelines.review.pnpm.yml](./examples/azure-pipelines.review.pnpm.yml).
 Key requirements:
@@ -114,6 +129,7 @@ Key requirements:
 - grant repository read and pull request thread read/write permissions
 Attach the pipeline as a branch build-validation policy. Findings are posted as PR comments by default and do not fail the build.
+`open-azdo` does not install language-specific prerequisites itself. LSP prerequisites are provided by the pipeline environment, and the pnpm example enables OpenCode's experimental LSP tool while provisioning `.NET` plus `dotnet restore` for C# projects.
 ```yaml
 trigger: none

package/SECURITY.md CHANGED Viewed

@@ -43,11 +43,13 @@ If required history is missing, `open-azdo` fails with a remediation message ins
 Each review run starts a short-lived OpenCode server bound to `127.0.0.1` on a dynamically chosen port and shuts it down on exit. The generated `azdo-review` agent remains read-only:
-- read/search/listing tools allowed
+- read/search/listing tools and local LSP queries allowed
 - edit and write denied
 - web fetch and web search denied
 - bash denied by default, with a narrow allowlist for read-style commands
+LSP access remains local code-intelligence only and does not broaden edit, network, or general shell execution permissions.
 OpenCode is prompted through the SDK v2 client with JSON-schema structured output. If structured output is unavailable or malformed, the workflow attempts JSON repair and then degrades to a summary-only `"concerns"` result instead of trusting arbitrary text as valid findings.
 ## Azure DevOps Mutations