chore(tooling): typecheck root test/** with a dedicated tsgo lane (#104475)

* chore(types): add declaration files for scripts/lib and scripts/e2e modules

* chore(types): add declaration files for top-level script modules (a-m)

* chore(types): add declaration files for top-level script modules (n-z)

* test: use a non-secret-shaped gateway token fixture

* test: type ci workflow guard helpers for the root test lane

* chore(tooling): typecheck root test/** with a dedicated tsgo lane

- test/tsconfig/tsconfig.test.root.json: root-test program (strict unused checks,
  fixtures excluded; two Docker E2E clients that import built dist/** stay out,
  same rationale as the scripts/e2e exclusion in tsconfig.scripts.json)
- tsgo:test:root wired into tsgo:test, check:test-types, scripts/check.mjs, and
  the ci.yml test-types shard, mirroring the tsgo:scripts lane (#104348)
- changed-lane routing: test/**/*.ts (excluding fixtures) and the lane tsconfig
  now trigger 'typecheck test root' in check:changed; previously test/ paths ran
  lint only, so harness type errors surfaced first in CI (#104287 envDir case)
- burn down all 1071 latent type errors in the program: precise param/local
  types across test/scripts, test/vitest, test/e2e, and transitive scripts/e2e
  program members; 205 sibling .d.mts declaration files for imported .mjs
  modules (committed separately); zero any, zero ts-expect-error
- resolve the pre-existing testing star-export ambiguity in
  scripts/e2e/parallels/common.ts with an explicit re-export

Closes #104388

* chore(types): correct declaration fidelity per structured review

- re-derive 51 .d.mts files from implementation data flow instead of
  initializers: fix a wrong never return (runTestProjectsDelegation returns
  the child), add encoding-sensitive exec/spawn overloads (plain-gh), restore
  the full release profile union, make parsed paths string | null, add missing
  parseArgs fields via help/non-help unions, add a missing sibling declaration
  (budget-number-args), drop 15 unused lint directives
- precise install-record/tuple typing removes the type-aware oxlint
  regressions the first declarations caused in scripts/e2e implementations
- route .mts declaration edits under test/ to the testRoot lane and reference
  the test-root project from tsconfig.projects.json so tsgo:all covers it
  (closes both review findings against the lane wiring)

* chore(scripts): keep telegram runner dist typing structural for the boundary guard

* chore(types): declare runtime pack and gateway readiness exports added on main

* test: pin the importTargetPlan form of the plugin-contract plan import

The guard expectation still referenced the raw await import( form that
7ae5996bb3 (#103975) replaced with the importTargetPlan fallback helper;
the assertion fails on current main.
This commit is contained in:
Peter Steinberger
2026-07-11 06:15:41 -07:00
committed by GitHub
parent e681646834
commit fe261b0f59
307 changed files with 8531 additions and 401 deletions

View File

@@ -0,0 +1,21 @@
export const managedLabelSpecs: Record<string, { color: string; description: string }>;
export const candidateLabels: {
blankTemplate: string;
lowSignalDocs: string;
docsDiscoverability: string;
testOnlyNoBug: string;
refactorOnly: string;
needsPrContext: string;
dirtyCandidate: string;
riskyInfra: string;
externalPluginCandidate: string;
};
export function classifyPullRequestCandidateLabels(
pullRequest: Record<string, unknown>,
files: Array<{ filename: string; status: string }>,
): string[];
export function runBarnacleAutoResponse(params: {
github: Record<string, unknown>;
context: Record<string, unknown>;
core?: Pick<Console, "info">;
}): Promise<void>;

View File

@@ -0,0 +1,105 @@
export const GITHUB_API_REQUEST_TIMEOUT_MS: number;
export const GITHUB_ERROR_BODY_MAX_BYTES: number;
export const GITHUB_RESPONSE_BODY_MAX_BYTES: number;
export const dependencyChangedLabel: "dependencies-changed";
type Comment = {
body?: string;
created_at?: string;
html_url?: string;
user?: { login?: string };
};
type PullRequest = {
head?: { ref?: string; repo?: { full_name?: string }; sha?: string };
maintainer_can_modify?: boolean;
user?: { login?: string };
};
type ActorCandidate = { login: string; source: string };
export function isDependencyFile(filename: string): boolean;
export function isDependencyManifest(filename: string): boolean;
export function isPackageLockfile(filename: string): boolean;
export function dependencyFieldChanges(
baseManifest: Record<string, unknown>,
headManifest: Record<string, unknown>,
): string[];
export function shouldAutoscrubDependencyLockfiles(options: {
dependencyFiles?: string[];
lockfileChanges: unknown[];
dependencyManifestChanges?: unknown[];
}): boolean;
export function canAutoscrubPullRequest(options: {
owner: string;
repo: string;
pullRequest: PullRequest;
}): boolean;
export function sanitizeDisplayValue(value: unknown): string;
export function markdownCode(value: unknown): string;
export function readBoundedGitHubJson(
response: Response,
maxBytes?: number,
options?: { signal?: AbortSignal },
): Promise<unknown>;
export function findDependencyOverrideCommand(options: {
comments: Comment[];
expectedSha: string;
isSecurityMember: (login: string) => boolean;
newerThan?: string;
}): { login: string; reason: string | null; sha: string; url?: string } | null;
export function findDependencyOverrideCommandAsync(options: {
comments: Comment[];
expectedSha: string;
isSecurityMember: (login: string) => Promise<boolean>;
newerThan: string;
}): Promise<{ login: string; reason: string | null; sha: string; url?: string } | null>;
export function dependencyGuardCommentHeadSha(comment: Comment): string | null;
export function dependencyOverrideExpectedSha(
existingGuardComment: Comment | null,
currentHeadSha: string,
): string | null;
export function isDependencyGuardAuthorizedForHead(
comment: Comment,
currentHeadSha: string,
): boolean;
export function isDependencyGuardTrustedForHead(comment: Comment, currentHeadSha: string): boolean;
export function securityApproverSet(value: unknown): Set<string>;
export function dependencyGuardCommentAuthors(value?: unknown): Set<string>;
export function isDependencyGuardMarkerComment(
comment: Comment,
marker: string,
trustedAuthors: Set<string>,
): boolean;
export function renderAuthorizedDependencyComment(override: Record<string, unknown>): string;
export function renderTrustedDependencyComment(options: {
actor: { login: string; reason: string };
headSha: string;
}): string;
export function renderAutoscrubbedDependencyComment(options: {
baseBranch: string;
lockfileChanges: string[];
commitSha: string;
}): string;
export function isAutoscrubbedDependencyComment(comment: Comment): boolean;
export function renderClearedDependencyGuardComment(options: { headSha: string }): string;
export function renderBlockedDependencyComment(options: Record<string, unknown>): string;
export function dependencyGuardTrustedActorCandidates(options: {
pullRequest: PullRequest;
event: Record<string, unknown>;
currentHeadSha: string;
}): ActorCandidate[];
export function findTrustedDependencyGuardActor(options: {
candidates: ActorCandidate[];
isDependencyApprover: (login: string) => Promise<string | null>;
}): Promise<{ login: string; reason: string } | null>;
export function githubApi(
token: string,
options?: {
fetchImpl?: typeof fetch;
responseMaxBodyBytes?: number;
timeoutMs?: number;
},
): { request(path: string, options?: Record<string, unknown>): Promise<unknown> };
export function createAutoscrubCommit(...args: unknown[]): Promise<unknown>;
export function readBoundedGitHubErrorText(...args: unknown[]): Promise<string>;

View File

@@ -0,0 +1,40 @@
export const PROOF_OVERRIDE_LABEL: "proof: override";
export const PROOF_SUFFICIENT_LABEL: "proof: sufficient";
export const NEEDS_PR_CONTEXT_LABEL: "triage: needs-pr-context";
export const DEFAULT_GITHUB_API_TIMEOUT_MS: 30000;
type PullRequest = Record<string, unknown>;
type Comment = Record<string, unknown>;
type Evaluation = {
status: string;
reason: string;
applies: boolean;
passed: boolean;
missingSections: string[];
};
export function readBoundedGitHubApiJson(
response: Response,
label: string,
maxBytes?: number,
options?: { timeoutMs?: number },
): Promise<unknown>;
export function isMaintainerTeamMember(params?: {
token?: string;
org?: string;
login?: string;
teamSlug?: string;
fetch?: typeof globalThis.fetch;
timeoutMs?: number;
}): Promise<boolean>;
export function hasAuthoredPullRequestSection(heading: string, body?: string): boolean;
export function hasClawSweeperExactHeadProof(params?: {
pullRequest?: PullRequest;
comments?: Comment[];
}): boolean;
export function evaluateClawSweeperExactHeadProof(params?: {
pullRequest?: PullRequest;
comments?: Comment[];
}): Evaluation;
export function evaluatePullRequestContext(params?: { pullRequest?: PullRequest }): Evaluation;
export function labelsForPullRequestContext(evaluation: Evaluation): string[];

View File

@@ -0,0 +1,76 @@
export const GITHUB_API_REQUEST_TIMEOUT_MS: number;
export const GITHUB_ERROR_BODY_MAX_BYTES: number;
export const GITHUB_RESPONSE_BODY_MAX_BYTES: number;
export const allowSecuritySensitiveCommand: string;
export const securitySensitiveGuardMarker: string;
type Comment = { body?: string; created_at?: string; html_url?: string; user?: { login?: string } };
type ActorCandidate = { login: string; source: string };
export function securitySensitiveFileDefinitions(): Array<{ path: string; reason: string }>;
export function securitySensitiveFileDefinition(
filename: string,
): { path: string; reason: string } | undefined;
export function isSecuritySensitiveFile(filename: string): boolean;
export function sanitizeDisplayValue(value: unknown): string;
export function markdownCode(value: unknown): string;
export function findSecuritySensitiveOverrideCommand(options: {
comments: Comment[];
expectedSha: string;
isSecurityMember: (login: string) => boolean;
newerThan?: string;
}): { login: string; reason: string | null; sha: string; url?: string } | null;
export function findSecuritySensitiveOverrideCommandAsync(options: {
comments: Comment[];
expectedSha: string;
isSecurityMember: (login: string) => Promise<boolean>;
newerThan?: string;
}): Promise<{ login: string; reason: string | null; sha: string; url?: string } | null>;
export function securitySensitiveGuardCommentHeadSha(comment: Comment): string | null;
export function securitySensitiveOverrideExpectedSha(
comment: Comment | null,
currentHeadSha: string,
): string | null;
export function isSecuritySensitiveGuardAuthorizedForHead(
comment: Comment,
currentHeadSha: string,
): boolean;
export function isSecuritySensitiveGuardTrustedForHead(
comment: Comment,
currentHeadSha: string,
): boolean;
export function securityApproverSet(value: unknown): Set<string>;
export function securitySensitiveGuardCommentAuthors(value?: unknown): Set<string>;
export function isSecuritySensitiveGuardMarkerComment(
comment: Comment,
trustedAuthors: Set<string>,
): boolean;
export function collectSecuritySensitiveChanges(
files: Array<{ filename: string; previous_filename?: string; status?: string }>,
): Array<Record<string, string>>;
export function renderSecuritySensitiveAwarenessComment(
changes: Array<Record<string, string>>,
): string;
export function renderAuthorizedSecuritySensitiveComment(override: Record<string, unknown>): string;
export function renderTrustedSecuritySensitiveComment(options: Record<string, unknown>): string;
export function renderClearedSecuritySensitiveGuardComment(options: { headSha: string }): string;
export function renderBlockedSecuritySensitiveComment(options: Record<string, unknown>): string;
export function securitySensitiveGuardTrustedActorCandidates(
options: Record<string, unknown>,
): ActorCandidate[];
export function findTrustedSecuritySensitiveGuardActor(options: {
candidates: ActorCandidate[];
isSecuritySensitiveApprover: (login: string) => Promise<string | null>;
}): Promise<{ login: string; reason: string } | null>;
export function githubApi(
token: string,
options?: { fetchImpl?: typeof fetch; responseMaxBodyBytes?: number; timeoutMs?: number },
): { request(path: string, options?: Record<string, unknown>): Promise<unknown> };
export function readBoundedGitHubErrorText(
response: Response,
maxBytes?: number,
options?: { signal?: AbortSignal },
): Promise<string>;
export function readBoundedGitHubJson(
response: Response,
maxBytes?: number,
options?: { signal?: AbortSignal },
): Promise<unknown>;