mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-14 21:16:06 +00:00
* chore(types): add declaration files for scripts/lib and scripts/e2e modules
* chore(types): add declaration files for top-level script modules (a-m)
* chore(types): add declaration files for top-level script modules (n-z)
* test: use a non-secret-shaped gateway token fixture
* test: type ci workflow guard helpers for the root test lane
* chore(tooling): typecheck root test/** with a dedicated tsgo lane
- test/tsconfig/tsconfig.test.root.json: root-test program (strict unused checks,
fixtures excluded; two Docker E2E clients that import built dist/** stay out,
same rationale as the scripts/e2e exclusion in tsconfig.scripts.json)
- tsgo:test:root wired into tsgo:test, check:test-types, scripts/check.mjs, and
the ci.yml test-types shard, mirroring the tsgo:scripts lane (#104348)
- changed-lane routing: test/**/*.ts (excluding fixtures) and the lane tsconfig
now trigger 'typecheck test root' in check:changed; previously test/ paths ran
lint only, so harness type errors surfaced first in CI (#104287 envDir case)
- burn down all 1071 latent type errors in the program: precise param/local
types across test/scripts, test/vitest, test/e2e, and transitive scripts/e2e
program members; 205 sibling .d.mts declaration files for imported .mjs
modules (committed separately); zero any, zero ts-expect-error
- resolve the pre-existing testing star-export ambiguity in
scripts/e2e/parallels/common.ts with an explicit re-export
Closes #104388
* chore(types): correct declaration fidelity per structured review
- re-derive 51 .d.mts files from implementation data flow instead of
initializers: fix a wrong never return (runTestProjectsDelegation returns
the child), add encoding-sensitive exec/spawn overloads (plain-gh), restore
the full release profile union, make parsed paths string | null, add missing
parseArgs fields via help/non-help unions, add a missing sibling declaration
(budget-number-args), drop 15 unused lint directives
- precise install-record/tuple typing removes the type-aware oxlint
regressions the first declarations caused in scripts/e2e implementations
- route .mts declaration edits under test/ to the testRoot lane and reference
the test-root project from tsconfig.projects.json so tsgo:all covers it
(closes both review findings against the lane wiring)
* chore(scripts): keep telegram runner dist typing structural for the boundary guard
* chore(types): declare runtime pack and gateway readiness exports added on main
* test: pin the importTargetPlan form of the plugin-contract plan import
The guard expectation still referenced the raw await import( form that
7ae5996bb3 (#103975) replaced with the importTargetPlan fallback helper;
the assertion fails on current main.
61 lines
1.5 KiB
TypeScript
61 lines
1.5 KiB
TypeScript
#!/usr/bin/env node
|
|
/**
|
|
* Classifies npm advisory findings into report-only findings and hard blockers.
|
|
*/
|
|
export type VulnerabilityAdvisory = {
|
|
id: string;
|
|
severity: string;
|
|
title: string;
|
|
url: string;
|
|
vulnerable_versions: string;
|
|
};
|
|
export type VulnerabilityFinding = VulnerabilityAdvisory & {
|
|
malware: boolean;
|
|
packageName: string;
|
|
production: boolean;
|
|
};
|
|
export function classifyVulnerabilityFindings({
|
|
allAdvisories,
|
|
productionAdvisories,
|
|
}: {
|
|
allAdvisories: Record<string, VulnerabilityAdvisory[]>;
|
|
productionAdvisories: Record<string, VulnerabilityAdvisory[]>;
|
|
}): {
|
|
blockers: VulnerabilityFinding[];
|
|
findings: VulnerabilityFinding[];
|
|
};
|
|
/**
|
|
* Runs the dependency vulnerability gate against pnpm-lock.yaml.
|
|
*/
|
|
export function runDependencyVulnerabilityGate({
|
|
rootDir,
|
|
fetchImpl,
|
|
}?: {
|
|
rootDir?: string | undefined;
|
|
fetchImpl?: typeof fetch | undefined;
|
|
}): Promise<{
|
|
blockers: VulnerabilityFinding[];
|
|
findings: VulnerabilityFinding[];
|
|
generatedAt: string;
|
|
policy: {
|
|
blocks: string[];
|
|
reports: string[];
|
|
vulnerabilityExceptions: boolean;
|
|
};
|
|
graphs: {
|
|
all: {
|
|
packages: number;
|
|
packageVersions: unknown;
|
|
};
|
|
production: {
|
|
packages: number;
|
|
packageVersions: unknown;
|
|
};
|
|
};
|
|
}>;
|
|
/**
|
|
* Renders the dependency vulnerability gate report as Markdown.
|
|
*/
|
|
export function renderDependencyVulnerabilityGateMarkdownReport(report: unknown): string;
|
|
export function main(argv?: string[]): Promise<1 | 0>;
|