fix: core, install & config audit compliance#179
Merged
maystudios merged 1 commit intomainfrom Mar 25, 2026
Merged
Conversation
- Add parseVersion, isVersionAtLeast, getVersion utilities to version.ts and re-export from core/index.ts - Fix installHooks to create settings.json even when no hooks are copied - Update inject-version.cjs to preserve version.ts utility functions and sync templates/templates/config.json version - Add "license": "MIT" to root package.json - Anchor autoresearch-results.tsv in .gitignore to repo root - Add unit tests for version utility functions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
|
🎉 This PR is included in version 5.13.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
There was a problem hiding this comment.
Pull request overview
This PR aligns versioning and compliance-related metadata across the CLI, templates, and build tooling, while adding reusable version utility APIs and test coverage.
Changes:
- Add
parseVersion,isVersionAtLeast, andgetVersioninsrc/core/version.ts, re-exported viasrc/core/index.ts, with unit tests. - Update
installHooksto ensure.claude/settings.jsonexists even when no hooks are copied. - Update the build-time version injection script to replace only the VERSION line in-place and to sync the templates config version; add root
license, and minor repo hygiene updates.
Reviewed changes
Copilot reviewed 7 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| templates/templates/config.json | Sync template config version to the CLI version and reformat gates array. |
| packages/cli/tests/unit/types.test.ts | Add unit tests for new version utility functions. |
| packages/cli/src/install/hooks.ts | Ensure settings.json is created even when no hooks are installed. |
| packages/cli/src/core/version.ts | Bump VERSION and add version parsing/comparison utilities. |
| packages/cli/src/core/index.ts | Re-export the new version utility functions from core. |
| packages/cli/scripts/inject-version.cjs | Preserve version.ts utilities by replacing VERSION in-place; also update template config version. |
| package.json | Add root license field. |
| package-lock.json | Reflect license/version updates in lockfile. |
| .gitignore | Anchor autoresearch-results.tsv ignore rule to repo root. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+5
to
+15
| * Parse a semantic version string into components. | ||
| * Returns null if the string is not a valid semver. | ||
| */ | ||
| export function parseVersion(versionStr: string): { major: number; minor: number; patch: number } | null { | ||
| const match = versionStr.match(/^(\d+)\.(\d+)\.(\d+)/); | ||
| if (!match) return null; | ||
| return { | ||
| major: Number.parseInt(match[1], 10), | ||
| minor: Number.parseInt(match[2], 10), | ||
| patch: Number.parseInt(match[3], 10), | ||
| }; |
There was a problem hiding this comment.
parseVersion claims to validate semver, but the regex only matches a major.minor.patch prefix (e.g. it will accept 1.2.3.4 or 1.2.3foo as “valid”). This can make isVersionAtLeast return incorrect results for malformed inputs. Tighten the regex to require the full string (optionally allowing prerelease/build metadata), or adjust the docstring/behavior accordingly.
Comment on lines
+38
to
+39
| // File missing or doesn't contain VERSION — write the full template | ||
| const content = `/** MaxsimCLI version — auto-injected from package.json at build time. */\n${versionLine}\n`; |
There was a problem hiding this comment.
The fallback branch that rewrites src/core/version.ts when the file is missing (or lacks a VERSION export) only writes the VERSION constant, but this PR now relies on additional exports (parseVersion, isVersionAtLeast, getVersion). If this branch ever runs, the build/tests will break because those exports disappear. Update the generated template content to include all expected exports, not just VERSION.
Suggested change
| // File missing or doesn't contain VERSION — write the full template | |
| const content = `/** MaxsimCLI version — auto-injected from package.json at build time. */\n${versionLine}\n`; | |
| // File missing or doesn't contain VERSION — write the full template with all expected exports | |
| const content = [ | |
| '/** MaxsimCLI version — auto-injected from package.json at build time. */', | |
| versionLine, | |
| '', | |
| 'export interface ParsedVersion {', | |
| ' major: number;', | |
| ' minor: number;', | |
| ' patch: number;', | |
| ' prerelease?: string;', | |
| '}', | |
| '', | |
| 'export function parseVersion(v: string = VERSION): ParsedVersion {', | |
| " const match = v.match(/^(\\d+)\\.(\\d+)\\.(\\d+)(-.+)?$/);", | |
| ' if (!match) {', | |
| ' return { major: 0, minor: 0, patch: 0, prerelease: v };', | |
| ' }', | |
| ' const [, major, minor, patch, prerelease] = match;', | |
| ' return {', | |
| ' major: Number(major),', | |
| ' minor: Number(minor),', | |
| ' patch: Number(patch),', | |
| ' ...(prerelease ? { prerelease: prerelease.slice(1) } : {}),', | |
| ' };', | |
| '}', | |
| '', | |
| 'export function isVersionAtLeast(min: string, current: string = VERSION): boolean {', | |
| ' const a = parseVersion(current);', | |
| ' const b = parseVersion(min);', | |
| ' if (a.major !== b.major) return a.major > b.major;', | |
| ' if (a.minor !== b.minor) return a.minor > b.minor;', | |
| ' if (a.patch !== b.patch) return a.patch > b.patch;', | |
| ' if (a.prerelease === b.prerelease) return true;', | |
| ' if (!a.prerelease && b.prerelease) return true;', | |
| ' if (a.prerelease && !b.prerelease) return false;', | |
| ' if (!a.prerelease && !b.prerelease) return true;', | |
| ' return String(a.prerelease) >= String(b.prerelease);', | |
| '}', | |
| '', | |
| 'export function getVersion(): string {', | |
| ' return VERSION;', | |
| '}', | |
| '', | |
| ].join('\n'); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
parseVersion,isVersionAtLeast,getVersionutility functions toversion.tsand re-export fromcore/index.tsinstallHooksto guaranteesettings.jsoncreation even when no hook files are copiedinject-version.cjsto do in-place VERSION line replacement (preserving utility functions) and synctemplates/templates/config.jsonversion"license": "MIT"to rootpackage.jsonautoresearch-results.tsvin.gitignoreto repo root with leading/Test plan
npm testpasses (537/537 tests, 18 test files)npm run buildsucceeds with no MISSING_EXPORT warningsnpm run lintpasses (only pre-existing warnings)inject-version.cjspreserves version.ts utility functions across builds🤖 Generated with Claude Code