safe-push 0.3.0 → 0.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "safe-push",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Git push safety checker - blocks pushes to forbidden areas",
   "type": "module",
   "bin": {
@@ -9,9 +9,15 @@
   "scripts": {
     "build": "bun build ./src/index.ts --outdir ./dist --target bun",
     "typecheck": "tsc --noEmit",
-    "dev": "bun run ./src/index.ts"
+    "dev": "bun run ./src/index.ts",
+    "generate-schema": "bun run ./scripts/generate-schema.ts"
   },
   "dependencies": {
+    "@opentelemetry/api": "^1.9.0",
+    "@opentelemetry/exporter-trace-otlp-http": "^0.212.0",
+    "@opentelemetry/resources": "^2.5.1",
+    "@opentelemetry/sdk-trace-base": "^2.5.1",
+    "@opentelemetry/semantic-conventions": "^1.39.0",
     "commander": "^12.1.0",
     "jsonc-parser": "^3.3.1",
     "zod": "^3.23.8"
@@ -19,6 +25,7 @@
   "devDependencies": {
     "@types/bun": "latest",
     "@types/node": "^22.10.0",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "zod-to-json-schema": "^3.25.1"
   }
 }

package/scripts/generate-schema.ts

@@ -0,0 +1,13 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { zodToJsonSchema } from "zod-to-json-schema";
+import { ConfigSchema } from "../src/types";
+
+const jsonSchema = zodToJsonSchema(ConfigSchema, {
+  name: "SafePushConfig",
+  $refStrategy: "none",
+});
+
+const outPath = path.join(import.meta.dirname, "..", "config.schema.json");
+fs.writeFileSync(outPath, JSON.stringify(jsonSchema, null, 2) + "\n", "utf-8");
+console.log(`Generated ${outPath}`);

package/src/checker.ts

@@ -7,6 +7,7 @@ import {
   getDiffFiles,
   getRepoVisibility,
 } from "./git";
+import { withSpan } from "./telemetry";
 
 /**
  * Visibility チェック結果
@@ -24,20 +25,27 @@ export interface VisibilityCheckResult {
 export async function checkVisibility(
   allowedVisibility?: RepoVisibility[]
 ): Promise<VisibilityCheckResult | null> {
-  if (!allowedVisibility || allowedVisibility.length === 0) {
-    return null;
-  }
+  return withSpan("safe-push.check.visibility", async (span) => {
+    if (!allowedVisibility || allowedVisibility.length === 0) {
+      return null;
+    }
+
+    const visibility = await getRepoVisibility();
+    const allowed = allowedVisibility.includes(visibility as RepoVisibility);
 
-  const visibility = await getRepoVisibility();
-  const allowed = allowedVisibility.includes(visibility as RepoVisibility);
+    span.addEvent("visibility.result", {
+      value: visibility,
+      allowed,
+    });
 
-  return {
-    allowed,
-    reason: allowed
-      ? `Repository visibility "${visibility}" is allowed`
-      : `Repository visibility "${visibility}" is not in allowed list: [${allowedVisibility.join(", ")}]`,
-    visibility,
-  };
+    return {
+      allowed,
+      reason: allowed
+        ? `Repository visibility "${visibility}" is allowed`
+        : `Repository visibility "${visibility}" is not in allowed list: [${allowedVisibility.join(", ")}]`,
+      visibility,
+    };
+  });
 }
 
 /**
@@ -88,58 +96,69 @@ function findForbiddenFiles(
  * (禁止エリア変更なし) AND (新規ブランチ OR 最終コミットが自分)
  */
 export async function checkPush(config: Config): Promise<CheckResult> {
-  const currentBranch = await getCurrentBranch();
-  const newBranch = await isNewBranch();
-  const authorEmail = await getLastCommitAuthorEmail();
-  const localEmail = await getLocalEmail();
-  const diffFiles = await getDiffFiles();
+  return withSpan("safe-push.check.push", async (span) => {
+    const currentBranch = await getCurrentBranch();
+    const newBranch = await isNewBranch();
+    const authorEmail = await getLastCommitAuthorEmail();
+    const localEmail = await getLocalEmail();
+    const diffFiles = await getDiffFiles();
 
-  const forbiddenFiles = findForbiddenFiles(diffFiles, config.forbiddenPaths);
-  const hasForbiddenChanges = forbiddenFiles.length > 0;
-  const isOwnLastCommit =
-    authorEmail.toLowerCase() === localEmail.toLowerCase();
+    const forbiddenFiles = findForbiddenFiles(diffFiles, config.forbiddenPaths);
+    const hasForbiddenChanges = forbiddenFiles.length > 0;
+    const isOwnLastCommit =
+      authorEmail.toLowerCase() === localEmail.toLowerCase();
 
-  const details = {
-    isNewBranch: newBranch,
-    isOwnLastCommit,
-    hasForbiddenChanges,
-    forbiddenFiles,
-    currentBranch,
-    authorEmail,
-    localEmail,
-  };
-
-  // 禁止エリアに変更がある場合は常にブロック
-  if (hasForbiddenChanges) {
-    return {
-      allowed: false,
-      reason: `Forbidden files detected: ${forbiddenFiles.join(", ")}`,
-      details,
+    const details = {
+      isNewBranch: newBranch,
+      isOwnLastCommit,
+      hasForbiddenChanges,
+      forbiddenFiles,
+      currentBranch,
+      authorEmail,
+      localEmail,
     };
-  }
 
-  // 新規ブランチの場合は許可
-  if (newBranch) {
-    return {
-      allowed: true,
-      reason: "New branch - no restrictions",
-      details,
-    };
-  }
+    let result: CheckResult;
 
-  // 最終コミットが自分の場合は許可
-  if (isOwnLastCommit) {
-    return {
-      allowed: true,
-      reason: "Last commit is yours",
-      details,
-    };
-  }
+    // 禁止エリアに変更がある場合は常にブロック
+    if (hasForbiddenChanges) {
+      result = {
+        allowed: false,
+        reason: `Forbidden files detected: ${forbiddenFiles.join(", ")}`,
+        details,
+      };
+    } else if (newBranch) {
+      // 新規ブランチの場合は許可
+      result = {
+        allowed: true,
+        reason: "New branch - no restrictions",
+        details,
+      };
+    } else if (isOwnLastCommit) {
+      // 最終コミットが自分の場合は許可
+      result = {
+        allowed: true,
+        reason: "Last commit is yours",
+        details,
+      };
+    } else {
+      // それ以外はブロック
+      result = {
+        allowed: false,
+        reason: `Last commit is by someone else (${authorEmail})`,
+        details,
+      };
+    }
+
+    span.addEvent("check.result", {
+      allowed: result.allowed,
+      reason: result.reason,
+      isNewBranch: newBranch,
+      isOwnLastCommit,
+      hasForbiddenChanges,
+      forbiddenFileCount: forbiddenFiles.length,
+    });
 
-  // それ以外はブロック
-  return {
-    allowed: false,
-    reason: `Last commit is by someone else (${authorEmail})`,
-    details,
-  };
+    return result;
+  });
 }

package/src/commands/check.ts

@@ -3,6 +3,8 @@ import { loadConfig } from "../config";
 import { checkPush, checkVisibility } from "../checker";
 import { isGitRepository, hasCommits } from "../git";
 import { printError, printCheckResultJson, printCheckResultHuman } from "./utils";
+import { ExitError } from "../types";
+import { withSpan } from "../telemetry";
 
 /**
  * checkコマンドを作成
@@ -12,20 +14,27 @@ export function createCheckCommand(): Command {
     .description("Check if push is allowed")
     .option("--json", "Output result as JSON")
     .action(async (options: { json?: boolean }) => {
-      try {
+      await withSpan("safe-push.check", async (rootSpan) => {
         // Gitリポジトリ内か確認
         if (!(await isGitRepository())) {
           printError("Not a git repository");
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         // コミットが存在するか確認
         if (!(await hasCommits())) {
           printError("No commits found");
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         const config = loadConfig();
+
+        rootSpan.addEvent("config.loaded", {
+          forbiddenPaths: JSON.stringify(config.forbiddenPaths),
+          onForbidden: config.onForbidden,
+          hasVisibilityRule: !!(config.allowedVisibility && config.allowedVisibility.length > 0),
+        });
+
         const result = await checkPush(config);
 
         // visibility チェック
@@ -41,6 +50,7 @@ export function createCheckCommand(): Command {
               }
             }
           } catch (error) {
+            if (error instanceof ExitError) throw error;
             result.details.repoVisibility = "unknown";
             result.details.visibilityAllowed = false;
             result.allowed = false;
@@ -54,12 +64,9 @@ export function createCheckCommand(): Command {
           printCheckResultHuman(result);
         }
 
-        process.exit(result.allowed ? 0 : 1);
-      } catch (error) {
-        printError(
-          `Check failed: ${error instanceof Error ? error.message : String(error)}`
-        );
-        process.exit(1);
-      }
+        if (!result.allowed) {
+          throw new ExitError(1);
+        }
+      });
     });
 }

package/src/commands/push.ts

@@ -9,6 +9,8 @@ import {
   printCheckResultHuman,
   promptConfirm,
 } from "./utils";
+import { ExitError } from "../types";
+import { withSpan } from "../telemetry";
 
 /**
  * pushコマンドを作成
@@ -21,34 +23,41 @@ export function createPushCommand(): Command {
     .allowUnknownOption()
     .action(async (options: { force?: boolean; dryRun?: boolean }, command: Command) => {
       const gitArgs = command.args;
-      try {
+      await withSpan("safe-push.push", async (rootSpan) => {
         // Gitリポジトリ内か確認
         if (!(await isGitRepository())) {
           printError("Not a git repository");
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         // コミットが存在するか確認
         if (!(await hasCommits())) {
           printError("No commits found");
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         const config = loadConfig();
 
+        rootSpan.addEvent("config.loaded", {
+          forbiddenPaths: JSON.stringify(config.forbiddenPaths),
+          onForbidden: config.onForbidden,
+          hasVisibilityRule: !!(config.allowedVisibility && config.allowedVisibility.length > 0),
+        });
+
         // visibility チェック（--force でもバイパスできない）
         if (config.allowedVisibility && config.allowedVisibility.length > 0) {
           try {
             const visibilityResult = await checkVisibility(config.allowedVisibility);
             if (visibilityResult && !visibilityResult.allowed) {
               printError(visibilityResult.reason);
-              process.exit(1);
+              throw new ExitError(1);
             }
           } catch (error) {
+            if (error instanceof ExitError) throw error;
             printError(
               `Failed to check repository visibility. Ensure 'gh' CLI is installed and authenticated.\n  ${error instanceof Error ? error.message : String(error)}`
             );
-            process.exit(1);
+            throw new ExitError(1);
           }
         }
 
@@ -58,16 +67,19 @@ export function createPushCommand(): Command {
 
           if (options.dryRun) {
             printSuccess("Dry run: would push (checks bypassed)");
-            process.exit(0);
+            throw new ExitError(0);
           }
 
           const result = await execPush(gitArgs);
           if (result.success) {
+            if (result.output) {
+              console.log(result.output);
+            }
             printSuccess("Push successful");
-            process.exit(0);
+            return;
           } else {
             printError(`Push failed: ${result.output}`);
-            process.exit(1);
+            throw new ExitError(1);
           }
         }
 
@@ -88,45 +100,46 @@ export function createPushCommand(): Command {
             if (confirmed) {
               if (options.dryRun) {
                 printSuccess("Dry run: would push (user confirmed)");
-                process.exit(0);
+                throw new ExitError(0);
               }
 
               const result = await execPush(gitArgs);
               if (result.success) {
+                if (result.output) {
+                  console.log(result.output);
+                }
                 printSuccess("Push successful");
-                process.exit(0);
+                return;
               } else {
                 printError(`Push failed: ${result.output}`);
-                process.exit(1);
+                throw new ExitError(1);
               }
             } else {
               printError("Push cancelled by user");
-              process.exit(1);
+              throw new ExitError(1);
             }
           }
 
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         // チェック通過、pushを実行
         if (options.dryRun) {
           printSuccess("Dry run: would push");
-          process.exit(0);
+          throw new ExitError(0);
         }
 
         const result = await execPush(gitArgs);
         if (result.success) {
+          if (result.output) {
+            console.log(result.output);
+          }
           printSuccess("Push successful");
-          process.exit(0);
+          return;
         } else {
           printError(`Push failed: ${result.output}`);
-          process.exit(1);
+          throw new ExitError(1);
         }
-      } catch (error) {
-        printError(
-          `Push failed: ${error instanceof Error ? error.message : String(error)}`
-        );
-        process.exit(1);
-      }
+      });
     });
 }

package/src/config.ts

@@ -4,6 +4,9 @@ import * as os from "node:os";
 import * as jsonc from "jsonc-parser";
 import { ConfigSchema, ConfigError, type Config } from "./types";
 
+const CONFIG_SCHEMA_URL =
+  "https://raw.githubusercontent.com/shoppingjaws/safe-push/main/config.schema.json";
+
 /**
  * 設定ファイルのデフォルトパス
  */
@@ -92,11 +95,16 @@ export function saveConfig(config: Config, configPath?: string): void {
     ? `,\n  // 許可するリポジトリ visibility: "public" | "private" | "internal"\n  "allowedVisibility": ${JSON.stringify(config.allowedVisibility)}`
     : "";
 
+  const traceSection = config.trace
+    ? `,\n  // トレーシング: "otlp" | "console" （省略で無効）\n  "trace": "${config.trace}"`
+    : "";
+
   const content = `{
+  "$schema": "${CONFIG_SCHEMA_URL}",
   // 禁止エリア（Globパターン）
   "forbiddenPaths": ${JSON.stringify(config.forbiddenPaths, null, 4).replace(/\n/g, "\n  ")},
   // 禁止時の動作: "error" | "prompt"
-  "onForbidden": "${config.onForbidden}"${allowedVisibilitySection}
+  "onForbidden": "${config.onForbidden}"${allowedVisibilitySection}${traceSection}
 }
 `;