From adc3a77e2b95260a53867dcd4bf3a713e35965db Mon Sep 17 00:00:00 2001 From: Arthur Aleksandro Alves Silva Date: Mon, 13 Apr 2026 16:40:23 +0000 Subject: [PATCH 1/5] =?UTF-8?q?docs:=20adicionar=20novas=20fragilidades=20?= =?UTF-8?q?relacionadas=20a=20erros=20de=20autoriza=C3=A7=C3=A3o=20e=20val?= =?UTF-8?q?ida=C3=A7=C3=A3o=20de=20seguran=C3=A7a?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .project/issues.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.project/issues.json b/.project/issues.json index 4ddaf3a..fd49fa1 100644 --- a/.project/issues.json +++ b/.project/issues.json @@ -127,6 +127,22 @@ "category": "fragility", "priority": "critical", "source": "monitor" + }, + { + "id": "fragility-fragility-mnxey39k", + "description": "Agent encountered an explicit error (bash ERROR) indicating authorization mismatch and ambiguous user direction but responded with empty output, leaving the known fragility unaddressed rather than communicating the issue back to the user.", + "status": "open", + "category": "fragility", + "priority": "critical", + "source": "monitor" + }, + { + "id": "fragility-fragility-mnxezib3", + "description": "Agent provided empty response after pre-push validation flagged security vulnerabilities and test coverage gaps, offering no acknowledgment, plan, or action to address the known issues before proceeding with git push.", + "status": "open", + "category": "fragility", + "priority": "critical", + "source": "monitor" } ] } From f8269c75246182eceacceec3f37a02ed2dbd2f80 Mon Sep 17 00:00:00 2001 From: Arthur Aleksandro Alves Silva Date: Mon, 13 Apr 2026 17:30:39 +0000 Subject: [PATCH 2/5] chore(deps): override basic-ftp to 5.2.2 --- package-lock.json | 8 +++++--- package.json | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 10d25ca..1ac9847 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9689,9 +9689,9 @@ } }, "node_modules/basic-ftp": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.1.tgz", - "integrity": "sha512-0yaL8JdxTknKDILitVpfYfV2Ob6yb3udX/hK97M7I3jOeznBNxQPtVvTUtnhUkyHlxFWyr5Lvknmgzoc7jf+1Q==", + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/basic-ftp/-/basic-ftp-5.2.2.tgz", + "integrity": "sha512-1tDrzKsdCg70WGvbFss/ulVAxupNauGnOlgpyjKzeQxzyllBLS0CGLV7tjIXTK3ZQA9/FBEm9qyFFN1bciA6pw==", "dev": true, "license": "MIT", "peer": true, @@ -22714,6 +22714,7 @@ }, "devDependencies": { "@playwright/test": "^1.58.2", + "@refarm.dev/vtconfig": "*", "@types/node": "^25.5.0", "@types/sql.js": "^1.4.9", "typescript": "~5.9.3", @@ -22764,6 +22765,7 @@ "devDependencies": { "@playwright/test": "^1.58.2", "@refarm.dev/hello-world-plugin": "*", + "@refarm.dev/vtconfig": "*", "serve": "^14.2.4", "typescript": "^5.7.3", "vite": "^8.0.1" diff --git a/package.json b/package.json index d61ac17..ed30a41 100644 --- a/package.json +++ b/package.json @@ -79,7 +79,8 @@ "vitest": "^4.1.0" }, "overrides": { - "flatted": "3.4.2" + "flatted": "3.4.2", + "basic-ftp": "5.2.2" }, "//": "jest is kept for type-safety/compatibility with certain node_modules in vitest runs", "packageManager": "npm@10.9.2", From a7db44c9b5ad969a42cfe730703f2ba698e769bb Mon Sep 17 00:00:00 2001 From: Arthur Aleksandro Alves Silva Date: Mon, 13 Apr 2026 18:25:19 +0000 Subject: [PATCH 3/5] chore(deps): align astro check versions to reduce yaml advisory chain --- apps/dev/package.json | 14 +- apps/me/package.json | 6 +- package-lock.json | 384 ++++++++++++++++++++++++++++-------------- 3 files changed, 268 insertions(+), 136 deletions(-) diff --git a/apps/dev/package.json b/apps/dev/package.json index aca064f..6b9b792 100644 --- a/apps/dev/package.json +++ b/apps/dev/package.json @@ -16,21 +16,21 @@ "clean": "rm -rf dist .astro" }, "dependencies": { - "@astrojs/check": "^0.9.2", - "@refarm.dev/sower": "*", + "@astrojs/check": "0.9.2", + "@refarm.dev/ds": "*", + "@refarm.dev/homestead": "*", "@refarm.dev/scarecrow": "*", + "@refarm.dev/sower": "*", + "@refarm.dev/storage-sqlite": "*", "@refarm.dev/sync-loro": "*", "@refarm.dev/tractor": "*", "@refarm.me/identity-nostr": "*", - "@refarm.dev/storage-sqlite": "*", - "@refarm.dev/ds": "*", - "@refarm.dev/homestead": "*", "astro": "^5.3.0" }, "devDependencies": { "@refarm.dev/config": "*", - "typescript": "^5.7.3", - "@refarm.dev/tsconfig": "*" + "@refarm.dev/tsconfig": "*", + "typescript": "^5.7.3" }, "license": "MIT" } diff --git a/apps/me/package.json b/apps/me/package.json index 7117892..01a09d7 100644 --- a/apps/me/package.json +++ b/apps/me/package.json @@ -15,16 +15,16 @@ }, "dependencies": { "@refarm.dev/homestead": "*", + "@refarm.dev/storage-sqlite": "*", "@refarm.dev/sync-loro": "*", "@refarm.dev/tractor": "*", - "@refarm.dev/storage-sqlite": "*", "astro": "^5.3.0" }, "devDependencies": { + "@astrojs/check": "0.9.2", "@refarm.dev/config": "*", - "typescript": "^5.7.3", "@refarm.dev/tsconfig": "*", - "@astrojs/check": "^0.9.4" + "typescript": "^5.7.3" }, "license": "MIT" } diff --git a/package-lock.json b/package-lock.json index 1ac9847..11559a8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -38,7 +38,7 @@ "version": "0.1.0", "license": "MIT", "dependencies": { - "@astrojs/check": "^0.9.2", + "@astrojs/check": "0.9.2", "@refarm.dev/ds": "*", "@refarm.dev/homestead": "*", "@refarm.dev/scarecrow": "*", @@ -55,6 +55,131 @@ "typescript": "^5.7.3" } }, + "apps/dev/node_modules/@astrojs/check": { + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/@astrojs/check/-/check-0.9.2.tgz", + "integrity": "sha512-6rWxtJTbd/ctdAlmla0CAvloGaai5IUTG0K21kctJHHGKJKnGH6Xana7m0zNOtHpVPEJi1SgC/TcsN+ltYt0Cg==", + "license": "MIT", + "dependencies": { + "@astrojs/language-server": "^2.13.2", + "chokidar": "^3.5.3", + "fast-glob": "^3.3.1", + "kleur": "^4.1.5", + "yargs": "^17.7.2" + }, + "bin": { + "astro-check": "dist/bin.js" + }, + "peerDependencies": { + "typescript": "^5.0.0" + } + }, + "apps/dev/node_modules/@astrojs/language-server": { + "version": "2.16.6", + "resolved": "https://registry.npmjs.org/@astrojs/language-server/-/language-server-2.16.6.tgz", + "integrity": "sha512-N990lu+HSFiG57owR0XBkr02BYMgiLCshLf+4QG4v6jjSWkBeQGnzqi+E1L08xFPPJ7eEeXnxPXGLaVv5pa4Ug==", + "license": "MIT", + "dependencies": { + "@astrojs/compiler": "^2.13.1", + "@astrojs/yaml2ts": "^0.2.3", + "@jridgewell/sourcemap-codec": "^1.5.5", + "@volar/kit": "~2.4.28", + "@volar/language-core": "~2.4.28", + "@volar/language-server": "~2.4.28", + "@volar/language-service": "~2.4.28", + "muggle-string": "^0.4.1", + "tinyglobby": "^0.2.15", + "volar-service-css": "0.0.70", + "volar-service-emmet": "0.0.70", + "volar-service-html": "0.0.70", + "volar-service-prettier": "0.0.70", + "volar-service-typescript": "0.0.70", + "volar-service-typescript-twoslash-queries": "0.0.70", + "volar-service-yaml": "0.0.70", + "vscode-html-languageservice": "^5.6.2", + "vscode-uri": "^3.1.0" + }, + "bin": { + "astro-ls": "bin/nodeServer.js" + }, + "peerDependencies": { + "prettier": "^3.0.0", + "prettier-plugin-astro": ">=0.11.0" + }, + "peerDependenciesMeta": { + "prettier": { + "optional": true + }, + "prettier-plugin-astro": { + "optional": true + } + } + }, + "apps/dev/node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "license": "MIT", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "apps/dev/node_modules/picomatch": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", + "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "apps/dev/node_modules/prettier": { + "version": "3.8.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.2.tgz", + "integrity": "sha512-8c3mgTe0ASwWAJK+78dpviD+A8EqhndQPUBpNUIPt6+xWlIigCwfN01lWr9MAede4uqXGTEKeQWTvzb3vjia0Q==", + "license": "MIT", + "optional": true, + "peer": true, + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "apps/dev/node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "license": "MIT", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, "apps/farmhand": { "name": "@refarm.dev/farmhand", "version": "0.1.0", @@ -98,12 +223,143 @@ "astro": "^5.3.0" }, "devDependencies": { - "@astrojs/check": "^0.9.4", + "@astrojs/check": "0.9.2", "@refarm.dev/config": "*", "@refarm.dev/tsconfig": "*", "typescript": "^5.7.3" } }, + "apps/me/node_modules/@astrojs/check": { + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/@astrojs/check/-/check-0.9.2.tgz", + "integrity": "sha512-6rWxtJTbd/ctdAlmla0CAvloGaai5IUTG0K21kctJHHGKJKnGH6Xana7m0zNOtHpVPEJi1SgC/TcsN+ltYt0Cg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@astrojs/language-server": "^2.13.2", + "chokidar": "^3.5.3", + "fast-glob": "^3.3.1", + "kleur": "^4.1.5", + "yargs": "^17.7.2" + }, + "bin": { + "astro-check": "dist/bin.js" + }, + "peerDependencies": { + "typescript": "^5.0.0" + } + }, + "apps/me/node_modules/@astrojs/language-server": { + "version": "2.16.6", + "resolved": "https://registry.npmjs.org/@astrojs/language-server/-/language-server-2.16.6.tgz", + "integrity": "sha512-N990lu+HSFiG57owR0XBkr02BYMgiLCshLf+4QG4v6jjSWkBeQGnzqi+E1L08xFPPJ7eEeXnxPXGLaVv5pa4Ug==", + "dev": true, + "license": "MIT", + "dependencies": { + "@astrojs/compiler": "^2.13.1", + "@astrojs/yaml2ts": "^0.2.3", + "@jridgewell/sourcemap-codec": "^1.5.5", + "@volar/kit": "~2.4.28", + "@volar/language-core": "~2.4.28", + "@volar/language-server": "~2.4.28", + "@volar/language-service": "~2.4.28", + "muggle-string": "^0.4.1", + "tinyglobby": "^0.2.15", + "volar-service-css": "0.0.70", + "volar-service-emmet": "0.0.70", + "volar-service-html": "0.0.70", + "volar-service-prettier": "0.0.70", + "volar-service-typescript": "0.0.70", + "volar-service-typescript-twoslash-queries": "0.0.70", + "volar-service-yaml": "0.0.70", + "vscode-html-languageservice": "^5.6.2", + "vscode-uri": "^3.1.0" + }, + "bin": { + "astro-ls": "bin/nodeServer.js" + }, + "peerDependencies": { + "prettier": "^3.0.0", + "prettier-plugin-astro": ">=0.11.0" + }, + "peerDependenciesMeta": { + "prettier": { + "optional": true + }, + "prettier-plugin-astro": { + "optional": true + } + } + }, + "apps/me/node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dev": true, + "license": "MIT", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "apps/me/node_modules/picomatch": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", + "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "apps/me/node_modules/prettier": { + "version": "3.8.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.2.tgz", + "integrity": "sha512-8c3mgTe0ASwWAJK+78dpviD+A8EqhndQPUBpNUIPt6+xWlIigCwfN01lWr9MAede4uqXGTEKeQWTvzb3vjia0Q==", + "dev": true, + "license": "MIT", + "optional": true, + "peer": true, + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "apps/me/node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "license": "MIT", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, "node_modules/@acemir/cssom": { "version": "0.9.31", "resolved": "https://registry.npmjs.org/@acemir/cssom/-/cssom-0.9.31.tgz", @@ -210,110 +466,6 @@ "dev": true, "license": "MIT" }, - "node_modules/@astrojs/check": { - "version": "0.9.8", - "resolved": "https://registry.npmjs.org/@astrojs/check/-/check-0.9.8.tgz", - "integrity": "sha512-LDng8446QLS5ToKjRHd3bgUdirvemVVExV7nRyJfW2wV36xuv7vDxwy5NWN9zqeSEDgg0Tv84sP+T3yEq+Zlkw==", - "license": "MIT", - "dependencies": { - "@astrojs/language-server": "^2.16.5", - "chokidar": "^4.0.3", - "kleur": "^4.1.5", - "yargs": "^17.7.2" - }, - "bin": { - "astro-check": "bin/astro-check.js" - }, - "peerDependencies": { - "typescript": "^5.0.0" - } - }, - "node_modules/@astrojs/check/node_modules/@astrojs/language-server": { - "version": "2.16.6", - "resolved": "https://registry.npmjs.org/@astrojs/language-server/-/language-server-2.16.6.tgz", - "integrity": "sha512-N990lu+HSFiG57owR0XBkr02BYMgiLCshLf+4QG4v6jjSWkBeQGnzqi+E1L08xFPPJ7eEeXnxPXGLaVv5pa4Ug==", - "license": "MIT", - "dependencies": { - "@astrojs/compiler": "^2.13.1", - "@astrojs/yaml2ts": "^0.2.3", - "@jridgewell/sourcemap-codec": "^1.5.5", - "@volar/kit": "~2.4.28", - "@volar/language-core": "~2.4.28", - "@volar/language-server": "~2.4.28", - "@volar/language-service": "~2.4.28", - "muggle-string": "^0.4.1", - "tinyglobby": "^0.2.15", - "volar-service-css": "0.0.70", - "volar-service-emmet": "0.0.70", - "volar-service-html": "0.0.70", - "volar-service-prettier": "0.0.70", - "volar-service-typescript": "0.0.70", - "volar-service-typescript-twoslash-queries": "0.0.70", - "volar-service-yaml": "0.0.70", - "vscode-html-languageservice": "^5.6.2", - "vscode-uri": "^3.1.0" - }, - "bin": { - "astro-ls": "bin/nodeServer.js" - }, - "peerDependencies": { - "prettier": "^3.0.0", - "prettier-plugin-astro": ">=0.11.0" - }, - "peerDependenciesMeta": { - "prettier": { - "optional": true - }, - "prettier-plugin-astro": { - "optional": true - } - } - }, - "node_modules/@astrojs/check/node_modules/chokidar": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz", - "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==", - "license": "MIT", - "dependencies": { - "readdirp": "^4.0.1" - }, - "engines": { - "node": ">= 14.16.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - } - }, - "node_modules/@astrojs/check/node_modules/prettier": { - "version": "3.8.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz", - "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", - "license": "MIT", - "optional": true, - "peer": true, - "bin": { - "prettier": "bin/prettier.cjs" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/prettier/prettier?sponsor=1" - } - }, - "node_modules/@astrojs/check/node_modules/readdirp": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz", - "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==", - "license": "MIT", - "engines": { - "node": ">= 14.18.0" - }, - "funding": { - "type": "individual", - "url": "https://paulmillr.com/funding/" - } - }, "node_modules/@astrojs/compiler": { "version": "2.13.1", "resolved": "https://registry.npmjs.org/@astrojs/compiler/-/compiler-2.13.1.tgz", @@ -3590,7 +3742,6 @@ "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", - "dev": true, "license": "MIT", "dependencies": { "@nodelib/fs.stat": "2.0.5", @@ -3604,7 +3755,6 @@ "version": "2.0.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", - "dev": true, "license": "MIT", "engines": { "node": ">= 8" @@ -3614,7 +3764,6 @@ "version": "1.2.8", "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", - "dev": true, "license": "MIT", "dependencies": { "@nodelib/fs.scandir": "2.1.5", @@ -9739,7 +9888,6 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", - "dev": true, "license": "MIT", "engines": { "node": ">=8" @@ -9959,7 +10107,6 @@ "version": "3.0.3", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", - "dev": true, "license": "MIT", "dependencies": { "fill-range": "^7.1.1" @@ -12424,7 +12571,6 @@ "version": "3.3.3", "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", - "dev": true, "license": "MIT", "dependencies": { "@nodelib/fs.stat": "^2.0.2", @@ -12474,7 +12620,6 @@ "version": "1.20.1", "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz", "integrity": "sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==", - "dev": true, "license": "ISC", "dependencies": { "reusify": "^1.0.4" @@ -12529,7 +12674,6 @@ "version": "7.1.1", "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", - "dev": true, "license": "MIT", "dependencies": { "to-regex-range": "^5.0.1" @@ -12821,7 +12965,6 @@ "version": "5.1.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dev": true, "license": "ISC", "dependencies": { "is-glob": "^4.0.1" @@ -13669,7 +13812,6 @@ "version": "2.1.0", "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", - "dev": true, "license": "MIT", "dependencies": { "binary-extensions": "^2.0.0" @@ -13725,7 +13867,6 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", - "dev": true, "license": "MIT", "engines": { "node": ">=0.10.0" @@ -13774,7 +13915,6 @@ "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "dev": true, "license": "MIT", "dependencies": { "is-extglob": "^2.1.1" @@ -13817,7 +13957,6 @@ "version": "7.0.0", "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", - "dev": true, "license": "MIT", "engines": { "node": ">=0.12.0" @@ -16102,7 +16241,6 @@ "version": "1.4.1", "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", - "dev": true, "license": "MIT", "engines": { "node": ">= 8" @@ -16718,7 +16856,6 @@ "version": "4.0.8", "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", - "dev": true, "license": "MIT", "dependencies": { "braces": "^3.0.3", @@ -16732,7 +16869,6 @@ "version": "2.3.2", "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", - "dev": true, "license": "MIT", "engines": { "node": ">=8.6" @@ -18369,7 +18505,6 @@ "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", - "dev": true, "funding": [ { "type": "github", @@ -18993,7 +19128,6 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", - "dev": true, "license": "MIT", "engines": { "iojs": ">=1.0.0", @@ -19111,7 +19245,6 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", - "dev": true, "funding": [ { "type": "github", @@ -20583,7 +20716,6 @@ "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "dev": true, "license": "MIT", "dependencies": { "is-number": "^7.0.0" From e4a992fb50b5ee097b44ceff0130111b0ab652cb Mon Sep 17 00:00:00 2001 From: Arthur Aleksandro Alves Silva Date: Mon, 13 Apr 2026 19:42:45 +0000 Subject: [PATCH 4/5] ci(granular-tests): skip matrix/symbiosis for dependency-only PRs --- .github/workflows/granular-tests.yml | 31 ++++++++++++++++++++ scripts/ci/github-matrix-builder.mjs | 43 ++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/.github/workflows/granular-tests.yml b/.github/workflows/granular-tests.yml index c510b16..27accc8 100644 --- a/.github/workflows/granular-tests.yml +++ b/.github/workflows/granular-tests.yml @@ -21,21 +21,52 @@ jobs: id: setup uses: ./.github/actions/setup + - name: Detect dependency-only changes + id: change-kind + run: | + set -euo pipefail + files=$(git diff --name-only origin/main...HEAD) + echo "Changed files:" + echo "$files" + + dep_only=true + while IFS= read -r f; do + [[ -z "$f" ]] && continue + if [[ ! "$f" =~ (^|/)package\.json$ ]] && \ + [[ ! "$f" =~ (^|/)package-lock\.json$ ]] && \ + [[ ! "$f" =~ ^final-report\.md$ ]] && \ + [[ ! "$f" =~ ^\.changeset/.*\.md$ ]]; then + dep_only=false + break + fi + done <<< "$files" + + echo "dep_only=$dep_only" >> "$GITHUB_OUTPUT" + echo "Dependency-only PR: $dep_only" + - name: Setup Refarm Environment + if: ${{ steps.change-kind.outputs.dep_only != 'true' }} run: node scripts/ci/setup-env.mjs - name: Build Shared Contracts & Configs + if: ${{ steps.change-kind.outputs.dep_only != 'true' }} run: npx turbo run build --filter="$REFARM_SCOPE_DEV/storage-contract-v1" --filter="$REFARM_SCOPE_DEV/identity-contract-v1" --filter="$REFARM_SCOPE_DEV/tsconfig" - name: Build WASM plugin for tests + if: ${{ steps.change-kind.outputs.dep_only != 'true' }} run: | cd validations/wasm-plugin/hello-world cargo component build --release - name: Turbo Test (Local Monorepo Boundaries) + if: ${{ steps.change-kind.outputs.dep_only != 'true' }} run: npx turbo run test --filter=...[origin/main] + - name: Skip Local Symbiosis for dependency-only PR + if: ${{ steps.change-kind.outputs.dep_only == 'true' }} + run: echo "Skipping Local Symbiosis for dependency-only changes; quality/security workflows still validate this PR." + # ----------------------------------------------------------------- # JOB 2: Matrix Discovery (Detect changes and calculate impact) # ----------------------------------------------------------------- diff --git a/scripts/ci/github-matrix-builder.mjs b/scripts/ci/github-matrix-builder.mjs index 0eace0c..9680555 100644 --- a/scripts/ci/github-matrix-builder.mjs +++ b/scripts/ci/github-matrix-builder.mjs @@ -19,11 +19,54 @@ const __dirname = fileURLToPath(new URL('.', import.meta.url)); const ROOT_DIR = join(__dirname, "../.."); const config = loadConfig(ROOT_DIR); +/** + * Get changed files compared to origin/main + */ +function getChangedFiles() { + try { + const output = execSync( + "git diff --name-only origin/main...HEAD", + { cwd: ROOT_DIR, encoding: "utf-8" } + ); + return output + .split("\n") + .map(f => f.trim()) + .filter(Boolean); + } catch (err) { + console.warn("⚠️ Failed to detect changed files:", err.message); + return []; + } +} + +/** + * Detect dependency-only updates to avoid exploding compatibility matrix. + * These PRs are already covered by standard quality/security workflows. + */ +function isDependencyOnlyChange(files) { + if (!files.length) return false; + + const allowed = [ + /(^|\/)package\.json$/, + /(^|\/)package-lock\.json$/, + /^final-report\.md$/, + /^\.changeset\/.*\.md$/, + ]; + + return files.every(file => allowed.some(pattern => pattern.test(file))); +} + /** * Identify packages that have changed compared to main branch */ function getChangedPackages() { try { + const changedFiles = getChangedFiles(); + if (isDependencyOnlyChange(changedFiles)) { + console.log("ℹ️ Dependency-only change detected. Skipping granular compatibility matrix."); + changedFiles.forEach(file => console.log(` - ${file}`)); + return []; + } + // Use turbo's built-in dry-run to detect affected packages const output = execSync( "npx turbo run test --filter=...[origin/main] --dry-run=json", From 1c5072bc93b338de0e52a37c0763eb3011336482 Mon Sep 17 00:00:00 2001 From: Arthur Aleksandro Alves Silva Date: Mon, 13 Apr 2026 20:40:54 +0000 Subject: [PATCH 5/5] ci(granular-tests): treat ci+deps-only PRs as non-matrix --- .github/workflows/granular-tests.yml | 4 +++- scripts/ci/github-matrix-builder.mjs | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/granular-tests.yml b/.github/workflows/granular-tests.yml index 27accc8..65978d4 100644 --- a/.github/workflows/granular-tests.yml +++ b/.github/workflows/granular-tests.yml @@ -35,7 +35,9 @@ jobs: if [[ ! "$f" =~ (^|/)package\.json$ ]] && \ [[ ! "$f" =~ (^|/)package-lock\.json$ ]] && \ [[ ! "$f" =~ ^final-report\.md$ ]] && \ - [[ ! "$f" =~ ^\.changeset/.*\.md$ ]]; then + [[ ! "$f" =~ ^\.changeset/.*\.md$ ]] && \ + [[ ! "$f" =~ ^\.github/workflows/granular-tests\.yml$ ]] && \ + [[ ! "$f" =~ ^scripts/ci/github-matrix-builder\.mjs$ ]]; then dep_only=false break fi diff --git a/scripts/ci/github-matrix-builder.mjs b/scripts/ci/github-matrix-builder.mjs index 9680555..7f049f4 100644 --- a/scripts/ci/github-matrix-builder.mjs +++ b/scripts/ci/github-matrix-builder.mjs @@ -50,6 +50,8 @@ function isDependencyOnlyChange(files) { /(^|\/)package-lock\.json$/, /^final-report\.md$/, /^\.changeset\/.*\.md$/, + /^\.github\/workflows\/granular-tests\.yml$/, + /^scripts\/ci\/github-matrix-builder\.mjs$/, ]; return files.every(file => allowed.some(pattern => pattern.test(file)));