feat(lock): add structural validation and feature-gated lock checks#111
Open
dmcilvaney wants to merge 2 commits intomicrosoft:mainfrom
Open
Conversation
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds feature-gated lockfile consistency validation to prevent inconsistent component state during component resolution, along with CLI escape hatches and update-time orphan pruning. It also removes the previous per-component release configuration and shifts “manual release handling” to being inferred from overlays, plus introduces a gated config validation rule disallowing per-component snapshot timestamps.
Changes:
- Add lock store consistency validation + fix suggestions, feature-gated by
AZLDEV_ENABLE_LOCK_VALIDATIONand overridable via--skip-lock-validation. - Add orphan lock pruning during
component update -a, and wire lock validation into command execution. - Remove
ReleaseConfigfrom project config/schema/docs and update release bump behavior/tests accordingly.
Reviewed changes
Copilot reviewed 70 out of 70 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| schemas/azldev.schema.json | Removes the release component config schema definitions. |
| scenario/snapshots/TestSnapshots_help_stdout_1.snap | Updates help snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestSnapshots_config_generate-schema_stdout_1.snap | Updates generated-schema snapshot after removing release. |
| scenario/snapshots/TestSnapshots_--help_with_color_stdout_1.snap | Updates colored help snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestSnapshots_--help_stdout_1.snap | Updates help snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestSnapshots_--bogus-flag_stderr_1.snap | Updates flags list snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestSnapshotsContainer_help_stdout_1.snap | Updates container help snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestSnapshotsContainer_config_generate-schema_stdout_1.snap | Updates container generated-schema snapshot after removing release. |
| scenario/snapshots/TestSnapshotsContainer_--help_stdout_1.snap | Updates container help snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestSnapshotsContainer_--bogus-flag_stderr_1.snap | Updates container flags list snapshot to include --skip-lock-validation. |
| scenario/snapshots/TestMCPServerMode_1.snap.json | Updates MCP server mode schema snapshots with skip-lock-validation. |
| internal/projectconfig/fingerprint_test.go | Removes fingerprint coverage expectations for deleted ReleaseConfig. |
| internal/projectconfig/configfile_test.go | Adds test for gated per-component snapshot rejection. |
| internal/projectconfig/configfile.go | Adds gated validation to reject per-component upstream snapshot timestamps. |
| internal/projectconfig/component_test.go | Removes validation test for deleted release calculation config. |
| internal/projectconfig/component.go | Removes ReleaseConfig and Release field from ComponentConfig. |
| internal/lockfile/store.go | Adds store-level validation/prune/suggestion helpers around lock consistency. |
| internal/lockfile/lockfile_test.go | Adds tests for upstream commit validation, consistency checking, and pruning. |
| internal/lockfile/lockfile.go | Adds lockfile-level APIs for validating upstream pins and detecting/pruning orphans. |
| internal/app/azldev/resolvedconfigs.go | Adds “resolved component config map” helper and lock validation entrypoint. |
| internal/app/azldev/env.go | Adds env plumbing for enabling/disabling lock validation. |
| internal/app/azldev/core/sources/release_test.go | Adds tests for new overlay-based “manual release” detection logic. |
| internal/app/azldev/core/sources/release_internal_test.go | Removes tests that depended on the deleted release config feature. |
| internal/app/azldev/core/sources/release.go | Switches release bump skipping from config-based to overlay-based detection. |
| internal/app/azldev/core/components/resolver_test.go | Updates tests to remove release config from component definitions. |
| internal/app/azldev/core/components/resolver.go | Removes resolver defaulting for the deleted release config field. |
| internal/app/azldev/command.go | Wires pre-run lock validation into command execution, with annotations to skip. |
| internal/app/azldev/cmds/component/update.go | Marks update as a lock writer, adds cancellation guard, prunes orphans on -a. |
| internal/app/azldev/app.go | Adds global --skip-lock-validation and rollout env-var gating. |
| docs/user/reference/config/components.md | Removes release config documentation. |
| docs/user/reference/cli/azldev_version.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_project_new.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_project_init.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_project.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_package_list.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_package.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image_test.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image_list.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image_inject-files.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image_customize.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image_build.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image_boot.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_image.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_docs_markdown.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_docs.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_config_generate-schema.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_config_dump.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_config.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_update.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_render.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_query.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_prepare-sources.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_list.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_diff-sources.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_build.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component_add.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_component.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_completion_zsh.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_completion_powershell.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_completion_fish.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_completion_bash.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_completion.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced_wget.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced_mock_shell.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced_mock_build-rpms.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced_mock.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced_mcp.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced_download-sources.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev_advanced.md | Regenerates CLI docs to include --skip-lock-validation. |
| docs/user/reference/cli/azldev.md | Regenerates CLI docs to include --skip-lock-validation. |
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
force-pushed
the
damcilva/add_commit_lock_file_parts/5_structural_validation
branch
from
93fcb04 to
7d3ccec
Compare
dmcilvaney
commented
Apr 22, 2026
dmcilvaney
force-pushed
the
damcilva/add_commit_lock_file_parts/5_structural_validation
branch
from
6e94946 to
048de20
Compare
dmcilvaney
force-pushed
the
damcilva/add_commit_lock_file_parts/5_structural_validation
branch
from
4682df7 to
ac4e839
Compare
dmcilvaney
force-pushed
the
damcilva/add_commit_lock_file_parts/5_structural_validation
branch
from
d4f6321 to
dbb8586
Compare
…lout Add lock file consistency validation to the component resolver, gated behind AZLDEV_ENABLE_LOCK_VALIDATION=1 with --skip-lock-validation as a permanent CLI escape hatch. Validation runs in FindComponents after resolution: - Missing/stale lock detection for non-local components - Orphan lock detection (only on full-project queries, not filtered) - Actionable fix suggestions (specific 'update <names>' or 'update -a') Update command enhancements: - Orphan lock pruning on 'update -a' (guarded against empty sets) - Cancellation check before saving (Ctrl+C safety) - Skip lock validation (update is the lock writer) Also adds: - Per-component snapshot rejection in config validation (gated) - Test environment workaround with TODO(lockfiles) for cleanup - registerGlobalFlags extraction in app.go
dmcilvaney
force-pushed
the
damcilva/add_commit_lock_file_parts/5_structural_validation
branch
from
dbb8586 to
a241620
Compare
reubeno
reviewed
Apr 24, 2026
| // spec-glob-discovered components that aren't in config directly. | ||
| // Lock files are version controlled, so pruning is safe even if the | ||
| // resolved set is empty (e.g., all components removed from config). | ||
| if options.ComponentFilter.IncludeAllComponents { |
Member
There was a problem hiding this comment.
I'm still a bit uncomfortable with commands whose semantics are different when used with -a vs. not. It violates the principle of least surprise.
Can we at minimum indicate it in the command help usage?
Contributor
Author
There was a problem hiding this comment.
added here and to render
| return allComps, findErr | ||
| } | ||
|
|
||
| return allComps, r.validateLockFiles(allComps, true) |
Member
There was a problem hiding this comment.
Does this mean that azldev comp list will fail if the found components have lock issues? Is this one of those cases where we want to figure out how to report the output and also display errors and return non-zero?
Contributor
Author
There was a problem hiding this comment.
made list skip for now
| // run — orphan detection is a project-wide invariant that would misfire against | ||
| // a subset. | ||
| func (r *Resolver) validateLockFiles(resolved *ComponentSet, checkOrphans bool) error { | ||
| if r.env.SkipLockValidation() { |
Member
There was a problem hiding this comment.
Since validateLockFiles() is only called from a function that has a ComponentFilter, what do you think about making the skip lock validation option not a tool-global thing but rather a field in ComponentFilter like the others, which is uniformly added to all commands that operate on components. (Filter would be a bit of a misnomer at that point, but the model still fits.)
It would also make it more explicitly threaded through as opposed to a global in the env.
Contributor
Author
There was a problem hiding this comment.
I've made the change here, but might end up needing to roll it back in a subsequent PR depending on how hard it is to pipe it everywhere it needs to go.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add lock file consistency validation to the component resolver, gated
behind AZLDEV_ENABLE_LOCK_VALIDATION=1 with --skip-lock-validation as
a permanent CLI escape hatch.
Validation runs in FindComponents after resolution:
Update command enhancements:
Also adds: