Files
openclaw/scripts/github/dependency-guard.d.mts
Peter Steinberger fe261b0f59 chore(tooling): typecheck root test/** with a dedicated tsgo lane (#104475)
* chore(types): add declaration files for scripts/lib and scripts/e2e modules

* chore(types): add declaration files for top-level script modules (a-m)

* chore(types): add declaration files for top-level script modules (n-z)

* test: use a non-secret-shaped gateway token fixture

* test: type ci workflow guard helpers for the root test lane

* chore(tooling): typecheck root test/** with a dedicated tsgo lane

- test/tsconfig/tsconfig.test.root.json: root-test program (strict unused checks,
  fixtures excluded; two Docker E2E clients that import built dist/** stay out,
  same rationale as the scripts/e2e exclusion in tsconfig.scripts.json)
- tsgo:test:root wired into tsgo:test, check:test-types, scripts/check.mjs, and
  the ci.yml test-types shard, mirroring the tsgo:scripts lane (#104348)
- changed-lane routing: test/**/*.ts (excluding fixtures) and the lane tsconfig
  now trigger 'typecheck test root' in check:changed; previously test/ paths ran
  lint only, so harness type errors surfaced first in CI (#104287 envDir case)
- burn down all 1071 latent type errors in the program: precise param/local
  types across test/scripts, test/vitest, test/e2e, and transitive scripts/e2e
  program members; 205 sibling .d.mts declaration files for imported .mjs
  modules (committed separately); zero any, zero ts-expect-error
- resolve the pre-existing testing star-export ambiguity in
  scripts/e2e/parallels/common.ts with an explicit re-export

Closes #104388

* chore(types): correct declaration fidelity per structured review

- re-derive 51 .d.mts files from implementation data flow instead of
  initializers: fix a wrong never return (runTestProjectsDelegation returns
  the child), add encoding-sensitive exec/spawn overloads (plain-gh), restore
  the full release profile union, make parsed paths string | null, add missing
  parseArgs fields via help/non-help unions, add a missing sibling declaration
  (budget-number-args), drop 15 unused lint directives
- precise install-record/tuple typing removes the type-aware oxlint
  regressions the first declarations caused in scripts/e2e implementations
- route .mts declaration edits under test/ to the testRoot lane and reference
  the test-root project from tsconfig.projects.json so tsgo:all covers it
  (closes both review findings against the lane wiring)

* chore(scripts): keep telegram runner dist typing structural for the boundary guard

* chore(types): declare runtime pack and gateway readiness exports added on main

* test: pin the importTargetPlan form of the plugin-contract plan import

The guard expectation still referenced the raw await import( form that
7ae5996bb3 (#103975) replaced with the importTargetPlan fallback helper;
the assertion fails on current main.
2026-07-11 06:15:41 -07:00

106 lines
4.0 KiB
TypeScript

export const GITHUB_API_REQUEST_TIMEOUT_MS: number;
export const GITHUB_ERROR_BODY_MAX_BYTES: number;
export const GITHUB_RESPONSE_BODY_MAX_BYTES: number;
export const dependencyChangedLabel: "dependencies-changed";
type Comment = {
body?: string;
created_at?: string;
html_url?: string;
user?: { login?: string };
};
type PullRequest = {
head?: { ref?: string; repo?: { full_name?: string }; sha?: string };
maintainer_can_modify?: boolean;
user?: { login?: string };
};
type ActorCandidate = { login: string; source: string };
export function isDependencyFile(filename: string): boolean;
export function isDependencyManifest(filename: string): boolean;
export function isPackageLockfile(filename: string): boolean;
export function dependencyFieldChanges(
baseManifest: Record<string, unknown>,
headManifest: Record<string, unknown>,
): string[];
export function shouldAutoscrubDependencyLockfiles(options: {
dependencyFiles?: string[];
lockfileChanges: unknown[];
dependencyManifestChanges?: unknown[];
}): boolean;
export function canAutoscrubPullRequest(options: {
owner: string;
repo: string;
pullRequest: PullRequest;
}): boolean;
export function sanitizeDisplayValue(value: unknown): string;
export function markdownCode(value: unknown): string;
export function readBoundedGitHubJson(
response: Response,
maxBytes?: number,
options?: { signal?: AbortSignal },
): Promise<unknown>;
export function findDependencyOverrideCommand(options: {
comments: Comment[];
expectedSha: string;
isSecurityMember: (login: string) => boolean;
newerThan?: string;
}): { login: string; reason: string | null; sha: string; url?: string } | null;
export function findDependencyOverrideCommandAsync(options: {
comments: Comment[];
expectedSha: string;
isSecurityMember: (login: string) => Promise<boolean>;
newerThan: string;
}): Promise<{ login: string; reason: string | null; sha: string; url?: string } | null>;
export function dependencyGuardCommentHeadSha(comment: Comment): string | null;
export function dependencyOverrideExpectedSha(
existingGuardComment: Comment | null,
currentHeadSha: string,
): string | null;
export function isDependencyGuardAuthorizedForHead(
comment: Comment,
currentHeadSha: string,
): boolean;
export function isDependencyGuardTrustedForHead(comment: Comment, currentHeadSha: string): boolean;
export function securityApproverSet(value: unknown): Set<string>;
export function dependencyGuardCommentAuthors(value?: unknown): Set<string>;
export function isDependencyGuardMarkerComment(
comment: Comment,
marker: string,
trustedAuthors: Set<string>,
): boolean;
export function renderAuthorizedDependencyComment(override: Record<string, unknown>): string;
export function renderTrustedDependencyComment(options: {
actor: { login: string; reason: string };
headSha: string;
}): string;
export function renderAutoscrubbedDependencyComment(options: {
baseBranch: string;
lockfileChanges: string[];
commitSha: string;
}): string;
export function isAutoscrubbedDependencyComment(comment: Comment): boolean;
export function renderClearedDependencyGuardComment(options: { headSha: string }): string;
export function renderBlockedDependencyComment(options: Record<string, unknown>): string;
export function dependencyGuardTrustedActorCandidates(options: {
pullRequest: PullRequest;
event: Record<string, unknown>;
currentHeadSha: string;
}): ActorCandidate[];
export function findTrustedDependencyGuardActor(options: {
candidates: ActorCandidate[];
isDependencyApprover: (login: string) => Promise<string | null>;
}): Promise<{ login: string; reason: string } | null>;
export function githubApi(
token: string,
options?: {
fetchImpl?: typeof fetch;
responseMaxBodyBytes?: number;
timeoutMs?: number;
},
): { request(path: string, options?: Record<string, unknown>): Promise<unknown> };
export function createAutoscrubCommit(...args: unknown[]): Promise<unknown>;
export function readBoundedGitHubErrorText(...args: unknown[]): Promise<string>;