feat: add xport lock-step manifest tooling#1284
Open
John-David Dalton (jdalton) wants to merge 2 commits intomainfrom
Open
feat: add xport lock-step manifest tooling#1284John-David Dalton (jdalton) wants to merge 2 commits intomainfrom
John-David Dalton (jdalton) wants to merge 2 commits intomainfrom
Conversation
Adds the xport tooling shared across the Socket fleet for declaring cross-repo lockstep dependencies (gitlinks, package versions). Files: scripts/xport.mts — runner scripts/xport-schema.mts — TypeBox source of truth scripts/xport-emit-schema.mts — generates xport.schema.json xport.schema.json — machine-generated, used by validators @sinclair/typebox is already in the pnpm-workspace.yaml catalog (consumed by .claude/hooks/setup-security-tools and packages/build- infra), so root-level imports resolve through hoisting — no new dep needed at the root. Self-landable split from #1279.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
…rade - Swap spread order in xport-emit-schema.mts so the comment matches the code: spread XportManifestSchema first, then layer the canonical $schema / $id / title on top. Previously the explicit headers came first and were silently overridden by any matching key the TypeBox schema might gain (TypeBox's SchemaOptions supports title/$schema/$id). - Guard the rejected-loop in xport.mts checkLangParity so a 'rejected' anti-pattern message cannot downgrade an already-'error' severity to 'drift'. Structural problems (port not in sites map, opt-out missing reason) keep their error severity even when the row also matches the rejected anti-pattern.
Contributor
Author
|
bugbot run |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit fa3c38d. Configure here.
Bill Li (billxinli)
approved these changes
Apr 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Self-landable split from #1279.
Files
scripts/xport.mts— runnerscripts/xport-schema.mts— TypeBox source of truthscripts/xport-emit-schema.mts— generatesxport.schema.jsonxport.schema.json— machine-generated@sinclair/typeboxis already in thepnpm-workspace.yamlcatalog (consumed by.claude/hooks/setup-security-toolsandpackages/build-infra), so root-level imports resolve through hoisting — no new dep needed at the root.Test plan
Note
Medium Risk
Adds new harness that reads manifests, shells out to
git, and exits with CI-significant codes; while isolated to new files, incorrect validation or drift detection could cause false failures in downstream automation.Overview
Introduces the
xportlock-step manifest tooling: a newscripts/xport.mtsrunner that loadsxport.json(plus optionalincludes[]), validates it, performs per-kinddrift checks (file-fork,version-pin,feature-parity,spec-conformance,lang-parity), and emits either human output or--jsonsummaries with standardized exit codes.Adds a single-source-of-truth TypeBox schema in
scripts/xport-schema.mtsfor all supported manifest row types and top-level keys, plusscripts/xport-emit-schema.mtsto emit the generated draft-2020-12xport.schema.json.Reviewed by Cursor Bugbot for commit fa3c38d. Configure here.