feat(manifest): default to Socket facts, delegate generation to Coana CLI#1352
Merged
Jeppe Fredsgaard Blaabjerg (jfblaa) merged 8 commits intoJun 4, 2026
Conversation
… CLI
Make `socket manifest {gradle,kotlin,scala,auto}` emit `.socket.facts.json`
by default; add `--pom` for the legacy pom.xml generation. `--facts` is still
accepted (it is now the default) and socket.json `facts: false` still selects
pom generation.
Facts generation now delegates to the Coana CLI's `manifest gradle|sbt`
command (the Gradle init script and sbt plugin live in Coana now), forwarding
--bin/--configs/--ignore-unresolved/--gradle-opts/--sbt-opts via spawnCoanaDlx
(which honors SOCKET_CLI_COANA_LOCAL_PATH for local builds).
Remove the now-dead bundled socket-facts.init.gradle, the sbt plugin, their
rollup copy steps, and the ported gradle-facts test fixtures. The pom-path
init.gradle is unchanged.
REA-507
…configs
Match the Coana CLI's split of `--configs` into `--include-configs` and
`--exclude-configs` for `socket manifest {gradle,kotlin,scala,auto}`; both
forward to Coana as `--include-configs` / `--exclude-configs`. `--include-configs`
keeps the old include-only semantics; `--exclude-configs` skips matching
configurations (applied after the include filter).
The old `--configs` flag and its socket.json `configs` key are removed (beta;
clean break, no deprecated alias).
REA-507
Match the gradle flag description and help prose: drop the sbt-only "bare names act as exact-name filters" / "for variants" asides so both ecosystems document the include/exclude config flags identically as globs.
`socket manifest setup` now reflects Socket facts as the default for the gradle and sbt generators and lets you configure the facts-only options it previously couldn't: --include-configs, --exclude-configs, and --ignore-unresolved. These are prompted only when facts generation is selected (not --pom), and the sbt pom output questions (stdout/outfile) now only appear when pom is chosen. Refreshes the stale "generate pom.xml (default)" wording left over from the facts-by-default switch.
Finalizes the manifest facts-by-default / Coana-delegation work: bumps the socket-cli version to 1.1.113 and pins @coana-tech/cli to the published 15.3.19 (which ships the `manifest gradle|sbt` commands this PR delegates to), plus the 1.1.113 CHANGELOG entry. REA-507
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Contributor
Martin Torp (mtorp)
left a comment
Martin Torp (mtorp)
left a comment
There was a problem hiding this comment.
A few minor, non-blocking nits from the review (docs/comments + one UX design question). Nothing here blocks merge — the two larger items (the default-output flip and the Coana 15.3.19 runtime dependency) are intentional/documented and I'll raise those separately.
Martin Torp (mtorp)
approved these changes
Jun 3, 2026
Contributor
Martin Torp (mtorp)
left a comment
Martin Torp (mtorp)
left a comment
There was a problem hiding this comment.
Approving the code. Verified locally: check:tsc, ESLint, and the manifest unit suite (22/22) all pass; build is clean. Traced the facts/--pom default-flip logic and the generateAutoManifest opt-out across all branches — correct. All converter call sites updated, no dangling refs to the removed init.gradle/sbt-plugin/fixtures, version pin consistent.
Left a few minor doc/comment nits inline; none are blocking.
…ng success
Address PR review feedback on the facts-by-default flow:
- Align the `--ignore-unresolved` help text with the adjacent config flags
("When generating facts: ...") across gradle, kotlin, and scala.
- Pin the `.socket.facts.json` output location explicitly via Coana's
`--output-dir`/`--output-file` instead of relying on its project-root
default. The pinned path is the single source of truth for both what we
ask Coana to write and what we verify, so the two can't drift.
- Verify the facts file exists after a successful Coana run before printing
the success/next-step message; warn instead when no facts were written
(e.g. no resolvable dependencies), rather than trusting the exit code.
- Reject `--out`/`--stdout` in scala facts mode with a usage error (they only
apply to `--pom`); facts always land in the project root so `socket scan
create` finds them. Clarify the flag help and add a regression test.
Resolve conflicts: - package.json / pnpm-lock.yaml: take @coana-tech/cli 15.3.20 from v1.x. - CHANGELOG.md: fold the facts-by-default changes into a new 1.1.114 section and keep v1.x's released 1.1.113 (Bazel + Coana 15.3.20) intact, dropping the duplicate 1.1.113 our branch had cut locally. - Bump socket-cli to 1.1.114.
Jeppe Fredsgaard Blaabjerg (jfblaa)
deleted the
jfblaa/rea-507-socket-cli-delegate-manifest-gradlescala-facts-generation-to
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Make
socket manifest {gradle,kotlin,scala,auto}emit.socket.facts.jsonby default and add--pomfor the legacy pom.xml generation.manifest gradle|sbtcommand viaspawnCoanaDlx(which honorsSOCKET_CLI_COANA_LOCAL_PATH). socket-cli no longer runs gradle/sbt itself for the facts path; the build-tool resolution scripts live in Coana.coana-manifest-facts.mts;convert-gradle-to-facts/convert-sbt-to-factsare now thin wrappers.--pomopts into pom.xml generation.--factsis still accepted (it's the default); socket.jsonfacts: falsestill selects pom; passing--facts --pomtogether warns and generates facts.socket manifest autoflipped to match.socket-facts.init.gradle, the sbt plugin, their rollup copy steps, and thegradle-factstest fixtures (ported to Coana). The pom-pathinit.gradleis unchanged.The resolved artifact-paths sidecar (file paths used for reachability) stays internal to Coana —
socket manifestonly requests the uploadable facts file.Testing
check:tsc,check:lint, Biome clean; full unit suite passing (help snapshots + auto-manifest tests updated).socket manifest gradle(no flags) against a Gradle (Fabric Loom) test project delegates to a local Coana build and produces the expected.socket.facts.json.Linear: REA-507 (related: REA-509)
Note
High Risk
Default output flipped from pom.xml to facts and facts now depend on Coana
manifestsubcommands that may not ship in the pinned CLI version yet, so this is a breaking UX change with an external runtime dependency.Overview
socket manifest gradle,kotlin, andscalanow emit.socket.facts.jsonby default;--pomopts into the previouspom.xmlpath.--configsis replaced by--include-configsand--exclude-configs.socket manifest auto,socket.jsondefaults, and the setup wizard follow the same default and flag names.Facts generation no longer runs Gradle/sbt or ships in-repo resolution scripts. A new
coana-manifest-facts.mtshelper forwards tocoana manifest gradle|sbtviaspawnCoanaDlx; the Gradle/sbt facts converters are thin wrappers. Bundledsocket-facts.init.gradleand the sbt facts plugin, their rollup copy steps, and local gradle-facts fixtures are removed. The pominit.gradlepath is unchanged. Release 1.1.113 bumps@coana-tech/clito 15.3.19.Reviewed by Cursor Bugbot for commit acdba63. Configure here.