safe-push 0.3.0 → 0.5.0

package/src/commands/push.ts

@@ -9,6 +9,8 @@ import {
   printCheckResultHuman,
   promptConfirm,
 } from "./utils";
+import { ExitError } from "../types";
+import { withSpan } from "../telemetry";
 
 /**
  * pushコマンドを作成
@@ -21,34 +23,41 @@ export function createPushCommand(): Command {
     .allowUnknownOption()
     .action(async (options: { force?: boolean; dryRun?: boolean }, command: Command) => {
       const gitArgs = command.args;
-      try {
+      await withSpan("safe-push.push", async (rootSpan) => {
         // Gitリポジトリ内か確認
         if (!(await isGitRepository())) {
           printError("Not a git repository");
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         // コミットが存在するか確認
         if (!(await hasCommits())) {
           printError("No commits found");
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         const config = loadConfig();
 
+        rootSpan.addEvent("config.loaded", {
+          forbiddenPaths: JSON.stringify(config.forbiddenPaths),
+          onForbidden: config.onForbidden,
+          hasVisibilityRule: !!(config.allowedVisibility && config.allowedVisibility.length > 0),
+        });
+
         // visibility チェック（--force でもバイパスできない）
         if (config.allowedVisibility && config.allowedVisibility.length > 0) {
           try {
             const visibilityResult = await checkVisibility(config.allowedVisibility);
             if (visibilityResult && !visibilityResult.allowed) {
               printError(visibilityResult.reason);
-              process.exit(1);
+              throw new ExitError(1);
             }
           } catch (error) {
+            if (error instanceof ExitError) throw error;
             printError(
               `Failed to check repository visibility. Ensure 'gh' CLI is installed and authenticated.\n  ${error instanceof Error ? error.message : String(error)}`
             );
-            process.exit(1);
+            throw new ExitError(1);
           }
         }
 
@@ -58,16 +67,19 @@ export function createPushCommand(): Command {
 
           if (options.dryRun) {
             printSuccess("Dry run: would push (checks bypassed)");
-            process.exit(0);
+            throw new ExitError(0);
           }
 
           const result = await execPush(gitArgs);
           if (result.success) {
+            if (result.output) {
+              console.log(result.output);
+            }
             printSuccess("Push successful");
-            process.exit(0);
+            return;
           } else {
             printError(`Push failed: ${result.output}`);
-            process.exit(1);
+            throw new ExitError(1);
           }
         }
 
@@ -88,45 +100,46 @@ export function createPushCommand(): Command {
             if (confirmed) {
               if (options.dryRun) {
                 printSuccess("Dry run: would push (user confirmed)");
-                process.exit(0);
+                throw new ExitError(0);
               }
 
               const result = await execPush(gitArgs);
               if (result.success) {
+                if (result.output) {
+                  console.log(result.output);
+                }
                 printSuccess("Push successful");
-                process.exit(0);
+                return;
               } else {
                 printError(`Push failed: ${result.output}`);
-                process.exit(1);
+                throw new ExitError(1);
               }
             } else {
               printError("Push cancelled by user");
-              process.exit(1);
+              throw new ExitError(1);
             }
           }
 
-          process.exit(1);
+          throw new ExitError(1);
         }
 
         // チェック通過、pushを実行
         if (options.dryRun) {
           printSuccess("Dry run: would push");
-          process.exit(0);
+          throw new ExitError(0);
         }
 
         const result = await execPush(gitArgs);
         if (result.success) {
+          if (result.output) {
+            console.log(result.output);
+          }
           printSuccess("Push successful");
-          process.exit(0);
+          return;
         } else {
           printError(`Push failed: ${result.output}`);
-          process.exit(1);
+          throw new ExitError(1);
         }
-      } catch (error) {
-        printError(
-          `Push failed: ${error instanceof Error ? error.message : String(error)}`
-        );
-        process.exit(1);
-      }
+      });
     });
 }

package/src/config.ts

@@ -4,6 +4,9 @@ import * as os from "node:os";
 import * as jsonc from "jsonc-parser";
 import { ConfigSchema, ConfigError, type Config } from "./types";
 
+const CONFIG_SCHEMA_URL =
+  "https://raw.githubusercontent.com/shoppingjaws/safe-push/main/config.schema.json";
+
 /**
  * 設定ファイルのデフォルトパス
  */
@@ -92,11 +95,16 @@ export function saveConfig(config: Config, configPath?: string): void {
     ? `,\n  // 許可するリポジトリ visibility: "public" | "private" | "internal"\n  "allowedVisibility": ${JSON.stringify(config.allowedVisibility)}`
     : "";
 
+  const traceSection = config.trace
+    ? `,\n  // トレーシング: "otlp" | "console" （省略で無効）\n  "trace": "${config.trace}"`
+    : "";
+
   const content = `{
+  "$schema": "${CONFIG_SCHEMA_URL}",
   // 禁止エリア（Globパターン）
   "forbiddenPaths": ${JSON.stringify(config.forbiddenPaths, null, 4).replace(/\n/g, "\n  ")},
   // 禁止時の動作: "error" | "prompt"
-  "onForbidden": "${config.onForbidden}"${allowedVisibilitySection}
+  "onForbidden": "${config.onForbidden}"${allowedVisibilitySection}${traceSection}
 }
 `;
 

package/src/git.ts

@@ -1,5 +1,6 @@
 import { $ } from "bun";
 import { GitError } from "./types";
+import { withSpan } from "./telemetry";
 
 /**
  * Gitコマンドを実行し、結果を返す
@@ -28,40 +29,48 @@ async function execGit(args: string[]): Promise<string> {
  * 現在のブランチ名を取得
  */
 export async function getCurrentBranch(): Promise<string> {
-  return execGit(["rev-parse", "--abbrev-ref", "HEAD"]);
+  return withSpan("safe-push.git.getCurrentBranch", async () => {
+    return execGit(["rev-parse", "--abbrev-ref", "HEAD"]);
+  });
 }
 
 /**
  * リモートに存在しない新規ブランチかどうかを判定
  */
 export async function isNewBranch(remote = "origin"): Promise<boolean> {
-  const branch = await getCurrentBranch();
-  try {
-    await execGit(["rev-parse", "--verify", `${remote}/${branch}`]);
-    return false;
-  } catch {
-    return true;
-  }
+  return withSpan("safe-push.git.isNewBranch", async () => {
+    const branch = await getCurrentBranch();
+    try {
+      await execGit(["rev-parse", "--verify", `${remote}/${branch}`]);
+      return false;
+    } catch {
+      return true;
+    }
+  });
 }
 
 /**
  * 最後のコミットの作者メールアドレスを取得
  */
 export async function getLastCommitAuthorEmail(): Promise<string> {
-  return execGit(["log", "-1", "--format=%ae"]);
+  return withSpan("safe-push.git.getLastCommitAuthorEmail", async () => {
+    return execGit(["log", "-1", "--format=%ae"]);
+  });
 }
 
 /**
  * ローカルのGit設定からメールアドレスを取得
  */
 export async function getLocalEmail(): Promise<string> {
-  // 環境変数が設定されている場合はそちらを優先
-  const envEmail = process.env.SAFE_PUSH_EMAIL;
-  if (envEmail) {
-    return envEmail;
-  }
+  return withSpan("safe-push.git.getLocalEmail", async () => {
+    // 環境変数が設定されている場合はそちらを優先
+    const envEmail = process.env.SAFE_PUSH_EMAIL;
+    if (envEmail) {
+      return envEmail;
+    }
 
-  return execGit(["config", "user.email"]);
+    return execGit(["config", "user.email"]);
+  });
 }
 
 /**
@@ -69,34 +78,36 @@ export async function getLocalEmail(): Promise<string> {
  * 新規ブランチの場合はmainまたはmasterとの差分を取得
  */
 export async function getDiffFiles(remote = "origin"): Promise<string[]> {
-  const branch = await getCurrentBranch();
-  const isNew = await isNewBranch(remote);
+  return withSpan("safe-push.git.getDiffFiles", async () => {
+    const branch = await getCurrentBranch();
+    const isNew = await isNewBranch(remote);
 
-  let baseBranch: string;
-  if (isNew) {
-    // 新規ブランチの場合、mainまたはmasterを基準にする
-    try {
-      await execGit(["rev-parse", "--verify", `${remote}/main`]);
-      baseBranch = `${remote}/main`;
-    } catch {
+    let baseBranch: string;
+    if (isNew) {
+      // 新規ブランチの場合、mainまたはmasterを基準にする
       try {
-        await execGit(["rev-parse", "--verify", `${remote}/master`]);
-        baseBranch = `${remote}/master`;
+        await execGit(["rev-parse", "--verify", `${remote}/main`]);
+        baseBranch = `${remote}/main`;
       } catch {
-        // mainもmasterもない場合は空の配列を返す
-        return [];
+        try {
+          await execGit(["rev-parse", "--verify", `${remote}/master`]);
+          baseBranch = `${remote}/master`;
+        } catch {
+          // mainもmasterもない場合は空の配列を返す
+          return [];
+        }
       }
+    } else {
+      baseBranch = `${remote}/${branch}`;
     }
-  } else {
-    baseBranch = `${remote}/${branch}`;
-  }
 
-  const output = await execGit(["diff", "--name-only", baseBranch, "HEAD"]);
-  if (!output) {
-    return [];
-  }
+    const output = await execGit(["diff", "--name-only", baseBranch, "HEAD"]);
+    if (!output) {
+      return [];
+    }
 
-  return output.split("\n").filter(Boolean);
+    return output.split("\n").filter(Boolean);
+  });
 }
 
 /**
@@ -106,95 +117,120 @@ export async function execPush(
   args: string[] = [],
   remote = "origin"
 ): Promise<{ success: boolean; output: string }> {
-  let pushArgs: string[];
+  return withSpan("safe-push.git.execPush", async (span) => {
+    let pushArgs: string[];
 
-  // ユーザーがremote/refspecを明示的に指定したか判定
-  const hasUserRefspec = args.some((arg) => !arg.startsWith("-"));
+    // ユーザーがremote/refspecを明示的に指定したか判定
+    const hasUserRefspec = args.some((arg) => !arg.startsWith("-"));
 
-  if (hasUserRefspec) {
-    // ユーザー指定のremote/refspecをそのまま使用
-    pushArgs = ["push", ...args];
-  } else {
-    // 自動でremote/branchを決定
-    const branch = await getCurrentBranch();
-    const isNew = await isNewBranch(remote);
+    if (hasUserRefspec) {
+      // ユーザー指定のremote/refspecをそのまま使用
+      pushArgs = ["push", ...args];
+    } else {
+      // 自動でremote/branchを決定
+      const branch = await getCurrentBranch();
+      const isNew = await isNewBranch(remote);
 
-    pushArgs = ["push"];
+      pushArgs = ["push"];
 
-    // 新規ブランチ、またはユーザーが-uを指定した場合に追加
-    const hasSetUpstream = args.some(
-      (a) => a === "-u" || a === "--set-upstream"
-    );
-    if (isNew || hasSetUpstream) {
-      pushArgs.push("-u");
-    }
+      // 新規ブランチ、またはユーザーが-uを指定した場合に追加
+      const hasSetUpstream = args.some(
+        (a) => a === "-u" || a === "--set-upstream"
+      );
+      if (isNew || hasSetUpstream) {
+        pushArgs.push("-u");
+      }
 
-    pushArgs.push(remote, branch);
+      pushArgs.push(remote, branch);
 
-    // -u/--set-upstream以外のフラグを追加
-    const remainingFlags = args.filter(
-      (a) => a !== "-u" && a !== "--set-upstream"
-    );
-    pushArgs.push(...remainingFlags);
-  }
+      // -u/--set-upstream以外のフラグを追加
+      const remainingFlags = args.filter(
+        (a) => a !== "-u" && a !== "--set-upstream"
+      );
+      pushArgs.push(...remainingFlags);
+    }
 
-  try {
-    const output = await execGit(pushArgs);
-    return { success: true, output };
-  } catch (error) {
-    if (error instanceof GitError) {
-      return { success: false, output: error.message };
+    let result: { success: boolean; output: string };
+    try {
+      const proc = await $`git ${pushArgs}`.quiet();
+      const stdout = proc.stdout.toString().trim();
+      const stderr = proc.stderr.toString().trim();
+      const output = [stdout, stderr].filter(Boolean).join("\n");
+      result = { success: true, output };
+    } catch (error) {
+      if (error && typeof error === "object" && "exitCode" in error) {
+        const stderr =
+          "stderr" in error ? String((error as { stderr: unknown }).stderr).trim() : "";
+        const stdout =
+          "stdout" in error ? String((error as { stdout: unknown }).stdout).trim() : "";
+        const output = [stdout, stderr].filter(Boolean).join("\n");
+        result = { success: false, output: output || `Push failed with exit code ${(error as { exitCode: number }).exitCode}` };
+      } else {
+        result = {
+          success: false,
+          output: error instanceof Error ? error.message : String(error),
+        };
+      }
     }
-    return {
-      success: false,
-      output: error instanceof Error ? error.message : String(error),
-    };
-  }
+
+    span.addEvent("push.result", {
+      success: result.success,
+      hasUserRefspec,
+    });
+
+    return result;
+  });
 }
 
 /**
  * リポジトリの visibility を取得（gh CLI を使用）
  */
 export async function getRepoVisibility(): Promise<string> {
-  const command = "gh repo view --json visibility --jq '.visibility'";
-  try {
-    const result = await $`gh repo view --json visibility --jq .visibility`.quiet();
-    return result.stdout.toString().trim().toLowerCase();
-  } catch (error) {
-    if (error && typeof error === "object" && "exitCode" in error) {
-      const exitCode = (error as { exitCode: number }).exitCode;
-      const stderr =
-        "stderr" in error ? String((error as { stderr: unknown }).stderr) : "";
-      throw new GitError(
-        `Failed to get repository visibility: ${stderr || command}`,
-        command,
-        exitCode
-      );
+  return withSpan("safe-push.git.getRepoVisibility", async () => {
+    const command = "gh repo view --json visibility --jq '.visibility'";
+    try {
+      const result = await $`gh repo view --json visibility --jq .visibility`.quiet();
+      return result.stdout.toString().trim().toLowerCase();
+    } catch (error) {
+      if (error && typeof error === "object" && "exitCode" in error) {
+        const exitCode = (error as { exitCode: number }).exitCode;
+        const stderr =
+          "stderr" in error ? String((error as { stderr: unknown }).stderr) : "";
+        throw new GitError(
+          `Failed to get repository visibility: ${stderr || command}`,
+          command,
+          exitCode
+        );
+      }
+      throw new GitError(`Failed to get repository visibility: ${command}`, command, null);
     }
-    throw new GitError(`Failed to get repository visibility: ${command}`, command, null);
-  }
+  });
 }
 
 /**
  * Gitリポジトリ内かどうかを確認
  */
 export async function isGitRepository(): Promise<boolean> {
-  try {
-    await execGit(["rev-parse", "--git-dir"]);
-    return true;
-  } catch {
-    return false;
-  }
+  return withSpan("safe-push.git.isGitRepository", async () => {
+    try {
+      await execGit(["rev-parse", "--git-dir"]);
+      return true;
+    } catch {
+      return false;
+    }
+  });
 }
 
 /**
  * コミットが存在するか確認
  */
 export async function hasCommits(): Promise<boolean> {
-  try {
-    await execGit(["rev-parse", "HEAD"]);
-    return true;
-  } catch {
-    return false;
-  }
+  return withSpan("safe-push.git.hasCommits", async () => {
+    try {
+      await execGit(["rev-parse", "HEAD"]);
+      return true;
+    } catch {
+      return false;
+    }
+  });
 }

package/src/index.ts

@@ -3,16 +3,54 @@ import { Command } from "commander";
 import { createCheckCommand } from "./commands/check";
 import { createPushCommand } from "./commands/push";
 import { createConfigCommand } from "./commands/config";
+import { createMcpCommand } from "./commands/mcp";
+import { initTelemetry, shutdownTelemetry } from "./telemetry";
+import { loadConfig } from "./config";
+import { ExitError } from "./types";
+import packageJson from "../package.json";
 
 const program = new Command();
 
 program
   .name("safe-push")
   .description("Git push safety checker - blocks pushes to forbidden areas")
-  .version("0.1.0");
+  .version(packageJson.version)
+  .option("--trace [exporter]", "Enable OpenTelemetry tracing (otlp|console)");
+
+program.hook("preAction", async () => {
+  const traceOpt = program.opts().trace;
+
+  // CLI フラグ優先、なければ config を参照
+  let exporter: "otlp" | "console" | undefined;
+  if (traceOpt) {
+    exporter = traceOpt === "otlp" ? "otlp" : "console";
+  } else {
+    const config = loadConfig();
+    if (config.trace) {
+      exporter = config.trace;
+    }
+  }
+
+  if (exporter) {
+    await initTelemetry(exporter);
+  }
+});
 
 program.addCommand(createCheckCommand());
 program.addCommand(createPushCommand());
 program.addCommand(createConfigCommand());
+program.addCommand(createMcpCommand());
 
-program.parse();
+let exitCode = 0;
+try {
+  await program.parseAsync();
+} catch (error) {
+  if (error instanceof ExitError) {
+    exitCode = error.exitCode;
+  } else {
+    throw error;
+  }
+} finally {
+  await shutdownTelemetry();
+}
+process.exit(exitCode);

package/src/telemetry.ts

@@ -0,0 +1,95 @@
+import { trace, type Span, SpanStatusCode, type Attributes } from "@opentelemetry/api";
+
+const TRACER_NAME = "safe-push";
+
+let shutdownFn: (() => Promise<void>) | null = null;
+
+/**
+ * OpenTelemetry トレーシングを初期化する。
+ * SDK は動的 import で読み込み、--trace 未使用時はゼロオーバーヘッドとする。
+ */
+export async function initTelemetry(exporter: "otlp" | "console"): Promise<void> {
+  const { BasicTracerProvider, SimpleSpanProcessor } = await import(
+    "@opentelemetry/sdk-trace-base"
+  );
+  const { resourceFromAttributes } = await import("@opentelemetry/resources");
+  const { ATTR_SERVICE_NAME, ATTR_SERVICE_VERSION } = await import(
+    "@opentelemetry/semantic-conventions"
+  );
+
+  let spanExporter;
+  if (exporter === "otlp") {
+    const { OTLPTraceExporter } = await import(
+      "@opentelemetry/exporter-trace-otlp-http"
+    );
+    spanExporter = new OTLPTraceExporter();
+  } else {
+    const { ConsoleSpanExporter } = await import(
+      "@opentelemetry/sdk-trace-base"
+    );
+    spanExporter = new ConsoleSpanExporter();
+  }
+
+  const resource = resourceFromAttributes({
+    [ATTR_SERVICE_NAME]: "safe-push",
+    [ATTR_SERVICE_VERSION]: "0.3.0",
+  });
+
+  const provider = new BasicTracerProvider({
+    resource,
+    spanProcessors: [new SimpleSpanProcessor(spanExporter)],
+  });
+  trace.setGlobalTracerProvider(provider);
+
+  shutdownFn = async () => {
+    await provider.forceFlush();
+    await provider.shutdown();
+  };
+}
+
+/**
+ * トレーシングをシャットダウンし、バッファ内のスパンをフラッシュする。
+ */
+export async function shutdownTelemetry(): Promise<void> {
+  if (shutdownFn) {
+    await shutdownFn();
+    shutdownFn = null;
+  }
+}
+
+/**
+ * トレーサーを取得する。
+ * initTelemetry() 未呼び出し時は no-op tracer が返る。
+ */
+export function getTracer() {
+  return trace.getTracer(TRACER_NAME);
+}
+
+/**
+ * スパンを作成し、関数を実行する。エラー時はスパンにエラーを記録して再 throw する。
+ */
+export async function withSpan<T>(
+  name: string,
+  fn: (span: Span) => Promise<T>,
+  attributes?: Attributes,
+): Promise<T> {
+  const tracer = getTracer();
+  return tracer.startActiveSpan(name, { attributes }, async (span) => {
+    try {
+      const result = await fn(span);
+      span.setStatus({ code: SpanStatusCode.OK });
+      return result;
+    } catch (error) {
+      span.setStatus({
+        code: SpanStatusCode.ERROR,
+        message: error instanceof Error ? error.message : String(error),
+      });
+      span.recordException(
+        error instanceof Error ? error : new Error(String(error)),
+      );
+      throw error;
+    } finally {
+      span.end();
+    }
+  });
+}

package/src/types.ts

@@ -12,6 +12,12 @@ export type OnForbidden = z.infer<typeof OnForbiddenSchema>;
 export const RepoVisibilitySchema = z.enum(["public", "private", "internal"]);
 export type RepoVisibility = z.infer<typeof RepoVisibilitySchema>;
 
+/**
+ * トレースエクスポーター
+ */
+export const TraceExporterSchema = z.enum(["otlp", "console"]);
+export type TraceExporter = z.infer<typeof TraceExporterSchema>;
+
 /**
  * 設定ファイルのスキーマ
  */
@@ -19,6 +25,7 @@ export const ConfigSchema = z.object({
   forbiddenPaths: z.array(z.string()).default([".github/"]),
   onForbidden: OnForbiddenSchema.default("error"),
   allowedVisibility: z.array(RepoVisibilitySchema).optional(),
+  trace: TraceExporterSchema.optional(),
 });
 export type Config = z.infer<typeof ConfigSchema>;
 
@@ -67,3 +74,14 @@ export class ConfigError extends Error {
     this.name = "ConfigError";
   }
 }
+
+/**
+ * コマンドハンドラから exit code を伝搬するためのエラー。
+ * process.exit() を直接呼ばず、index.ts で shutdown 後に exit する。
+ */
+export class ExitError extends Error {
+  constructor(public readonly exitCode: number) {
+    super(`Process exiting with code ${exitCode}`);
+    this.name = "ExitError";
+  }
+}