Skip to content

```#13

Merged
ThePlenkov merged 49 commits intomainfrom
feature/atc-checks
Feb 27, 2026
Merged

```#13
ThePlenkov merged 49 commits intomainfrom
feature/atc-checks

Conversation

@ThePlenkov
Copy link
Member

@ThePlenkov ThePlenkov commented Dec 24, 2025

User description

fix(ci): update Vault field names to match ADT_* convention

  • Change Vault field names from generic (host, username, password, client) to ADT_* prefixed
  • Fix typo: ADT_USERNMAE -> ADT_USERNAME (note: typo still present in diff)
  • Update AGENTS.md to document complete-plan workflow
  • Update abapify submodule (dirty state)


___

### **PR Type**
Enhancement, Tests


___

### **Description**
- Add file-based object targeting with `--from-file` option to ATC command for running checks on objects listed in a file

- Implement resolver plugin support (built-in `abapgit` and external resolvers) for ATC findings

- Add global `--config <path>` CLI option to specify custom config file path

- Enhance config caching with `configPath` parameter support from CLI context for proper cache invalidation

- Remove unused commands: `outlineCommand`, `createTestLogCommand`, `createTestAdtCommand`, `createResearchSessionsCommand`, `createUnlockCommand`, `createLockCommand`

- Add new `lsCommand` import for listing repository objects

- Update plugin loader to accept optional `configPath` parameter

- Extensive code formatting and style consistency improvements across multiple packages (prettier formatting, line wrapping, indentation standardization)

- Change `_text` property to `$value` in `InferSimpleContentExtension` for consistency with XML parser output

- Improve error messages in base model and transport operations

- Update test descriptions and assertions to match implementation changes


___

### Diagram Walkthrough


```mermaid
flowchart LR
  CLI["CLI with --config option"]
  ATCCmd["ATC Command"]
  FileTarget["File-based targeting<br/>--from-file"]
  Resolvers["Resolver Plugins<br/>abapgit + external"]
  ConfigCache["Config Caching<br/>with configPath"]
  
  CLI -- "passes configPath" --> ConfigCache
  ATCCmd -- "supports" --> FileTarget
  ATCCmd -- "uses" --> Resolvers
  ConfigCache -- "invalidates on<br/>configPath change" --> CLI

File Walkthrough

Relevant files
Formatting
18 files
generate-contracts.ts
Code formatting and style consistency improvements             

packages/adt-codegen/src/plugins/generate-contracts.ts

  • Extensive code formatting and line-breaking improvements for better
    readability and consistency
  • Multi-line function signatures and type definitions reformatted to
    follow consistent style
  • String concatenation operations split across multiple lines for
    improved maintainability
  • Arrow function parameters wrapped in parentheses for consistency
  • Comment formatting standardized (trailing whitespace removed)
+402/-180
infer.ts
Type definition formatting and simpleContent property naming

packages/ts-xsd/src/infer/infer.ts

  • Reformatted complex type definitions and conditional types with
    improved line breaks
  • Multi-line type parameter lists and conditional type chains split for
    readability
  • Changed _text property to $value in InferSimpleContentExtension for
    consistency with XML parser output
  • Standardized comment formatting and removed trailing whitespace
+328/-261
xml-build.test.ts
Test formatting and assertion message improvements             

packages/ts-xsd/tests/unit/xml-build.test.ts

  • Reformatted test function calls with multi-line parameter lists
  • Improved readability of complex test data structures with consistent
    indentation
  • Standardized assertion message formatting and line breaks
  • Updated test description from _text to $value to match implementation
    change
+336/-163
interface-generator.test.ts
Test formatting and schema definition improvements             

packages/ts-xsd/tests/unit/interface-generator.test.ts

  • Reformatted test function calls and schema definitions with improved
    line breaks
  • Standardized indentation and spacing in complex nested object
    structures
  • Updated test description from _text to $value for simpleContent
    handling
  • Improved readability of assertion messages and test data
+222/-112
model.ts
Code formatting and error handling improvements                   

packages/adk/src/base/model.ts

  • Reformatted code for consistent indentation and line length (prettier
    formatting)
  • Removed deprecated BaseModel export alias
  • Improved error messages for lock operations (removed raw SAP response
    exposure)
  • Enhanced error handling with better isNotFoundError() check for upsert
    fallback
  • Split long lines and improved code readability throughout
+179/-144
transport.ts
Transport module formatting and readability improvements 

packages/adk/src/objects/cts/transport/transport.ts

  • Applied consistent code formatting with improved indentation
  • Reformatted long lines for better readability
  • Enhanced error messages in transport operations
  • Improved XML escaping function formatting
  • Better structured method signatures and parameter alignment
+197/-116
transportmanagment.types.ts
Schema type definitions indentation standardization           

packages/adt-schemas/src/schemas/generated/types/sap/transportmanagment.types.ts

  • Reformatted entire TypeScript type definition with consistent
    indentation
  • Changed from 4-space to 2-space indentation for nested properties
  • Improved readability of complex nested type structures
  • No functional changes to the schema types
+489/-489
index.ts
Schema walker module formatting standardization                   

packages/ts-xsd/src/walker/index.ts

  • Applied consistent code formatting throughout the file
  • Improved import statement formatting with proper line breaks
  • Enhanced function signature formatting for better readability
  • Reformatted long conditional statements and function calls
  • Removed extra blank lines for consistency
+144/-82
walker.test.ts
Walker test suite formatting improvements                               

packages/ts-xsd/tests/unit/walker.test.ts

  • Applied consistent test code formatting
  • Improved array and object literal formatting
  • Enhanced readability of test assertions and expectations
  • Reformatted arrow functions and method calls for consistency
+132/-110
transport-import.test.ts
Transport import test formatting standardization                 

packages/adk/tests/transport-import.test.ts

  • Reformatted test file with consistent indentation
  • Improved mock object structure formatting
  • Enhanced test assertion readability
  • Better aligned test setup and expectations
+100/-100
validation.ts
Package validation module comment cleanup                               

packages/adt-contracts/src/generated/adt/sap/bc/adt/packages/validation.ts

  • Minor formatting adjustments to JSDoc comments
  • Removed trailing whitespace from comment lines
+2/-2     
xml-cross-schema.test.ts
Code formatting and style consistency improvements             

packages/ts-xsd/tests/unit/xml-cross-schema.test.ts

  • Reformatted test file with consistent code style: removed trailing
    whitespace, collapsed multi-line array/object literals to single lines
    where appropriate
  • Reformatted long assertion statements to multi-line format for
    improved readability
  • Fixed line continuations in complex type definitions and test
    assertions
+170/-120
runner.ts
Code formatting and import organization improvements         

packages/ts-xsd/src/codegen/runner.ts

  • Reformatted imports to multi-line format for better readability
  • Fixed trailing whitespace and blank line consistency throughout file
  • Reformatted long function signatures and conditional expressions to
    multi-line format
  • Improved line wrapping for function calls and object literals
+159/-93
build.ts
Code formatting and style consistency improvements             

packages/ts-xsd/src/xml/build.ts

  • Reformatted function signatures and type annotations to multi-line
    format
  • Fixed trailing whitespace and blank line consistency
  • Improved line wrapping for complex conditional expressions and
    function calls
  • Enhanced readability of nested object/array construction
+154/-64
base.ts
Code formatting and type definition improvements                 

packages/adt-plugin-abapgit/src/lib/handlers/base.ts

  • Reformatted type definitions and function signatures to multi-line
    format
  • Fixed trailing whitespace and improved blank line consistency
  • Enhanced readability of complex generic type parameters
  • Improved line wrapping for long JSDoc comments and function parameters
+148/-81
crud.ts
Code formatting and style consistency improvements             

packages/adt-contracts/src/helpers/crud.ts

  • Reformatted function signatures and type definitions to multi-line
    format
  • Fixed trailing whitespace and blank line consistency throughout file
  • Improved line wrapping for complex conditional expressions and object
    spreads
  • Enhanced readability of long JSDoc comments and parameter lists
+169/-86
infer-element.test.ts
Code formatting and type test improvements                             

packages/ts-xsd/tests/unit/infer-element.test.ts

  • Reformatted type test definitions to multi-line format for improved
    readability
  • Fixed trailing whitespace and blank line consistency
  • Improved line wrapping for complex type assertions and conditional
    types
  • Enhanced formatting of nested schema definitions
+109/-38
registry.ts
Minor whitespace cleanup                                                                 

packages/adt-fixtures/src/fixtures/registry.ts

  • Fixed trailing whitespace in JSDoc comment
+1/-1     
Enhancement
3 files
destinations.ts
Config caching with configPath support from CLI context   

packages/adt-cli/src/lib/utils/destinations.ts

  • Added configPath parameter support from CLI context for config caching
  • Implemented cache invalidation logic when configPath changes between
    calls
  • Updated getConfig() to pass configPath to loadConfig() function
  • Enhanced clearConfigCache() to also reset cachedConfigPath variable
  • Added import for getCliContext from shared utilities
+16/-3   
atc.ts
Add file-based object targeting and resolver plugin support

packages/adt-atc/src/commands/atc.ts

  • Added new --from-file option to run ATC on objects listed in a file
    (one URI per line)
  • Refactored target handling to support multiple URIs instead of single
    target
  • Added support for finding resolver plugins (built-in abapgit and
    external resolvers)
  • Updated validation logic to include --from-file as a valid target
    option
  • Reformatted code with improved line wrapping and consistent style
+183/-61
cli.ts
Remove unused commands and add config file option               

packages/adt-cli/src/lib/cli.ts

  • Removed unused command imports: outlineCommand, createTestLogCommand,
    createTestAdtCommand, createResearchSessionsCommand,
    createUnlockCommand, createLockCommand
  • Added new lsCommand import for listing repository objects
  • Added --config global option to specify custom config file path
  • Updated plugin loader to accept optional configPath parameter
  • Reformatted code with improved line wrapping and consistent style
  • Updated comments to reflect command organization changes
+22/-34 
Additional files
101 files
ci.yml +6/-4     
export-architecture.md +34/-31 
package.json +2/-14   
adt.ts +12/-9   
index.ts +6/-1     
object-set.ts +84/-79 
registry.ts +19/-18 
factory.ts +77/-61 
index.ts +33/-22 
transport-import.ts +83/-55 
transport.types.ts +16/-10 
clas.model.ts +68/-48 
index.ts +3/-3     
devc.model.ts +53/-42 
index.ts +3/-3     
index.ts +1/-1     
intf.model.ts +41/-29 
README.md +15/-13 
gitlab.ts +122/-44
sarif.ts +9/-9     
index.ts +9/-3     
abapgit.ts +150/-0 
types.ts +48/-1   
tsdown.config.ts +1/-5     
package.json +1/-0     
project.json +21/-0   
auth-manager.ts +41/-18 
index.ts +4/-8     
basic.ts +5/-3     
types.ts +8/-31   
tsconfig.json +3/-8     
tsconfig.lib.json +16/-0   
tsdown.config.ts +6/-1     
login.ts +27/-10 
logout.ts +6/-5     
status.ts +20/-16 
search.ts +27/-11 
create.ts +40/-21 
index.ts +3/-4     
list.ts +15/-6   
release.ts +29/-13 
set.ts +18/-8   
config-set.ts +66/-27 
config.ts +80/-34 
discovery.ts +2/-2     
get.ts +30/-12 
package.ts +38/-8   
transport.ts +86/-8   
index.ts +1/-4     
info.ts +33/-15 
lock.ts +0/-26   
ls.ts +243/-0 
outline.ts +0/-16   
get.ts +3/-2     
index.ts +10/-4   
research-sessions-cmd.ts +0/-26   
research-sessions.ts +0/-34   
search.ts +25/-10 
test-adt.ts +0/-28   
test-log.ts +0/-44   
index.ts +0/-33   
TreeConfigEditor.tsx +125/-90
auth.ts +5/-5     
validation.ts +17/-10 
plugin-loader.ts +68/-33 
errors.ts +5/-5     
mock-e2e.test.ts +8/-8     
plugin-manager.ts +15/-12 
registry.ts +3/-3     
service.ts +118/-52
adt-client.ts +2/-0     
class.ts +56/-29 
discovery.ts +51/-33 
interface.ts +32/-18 
package.ts +31/-18 
format-loader.ts +12/-6   
logger-config.ts +1/-1     
tsconfig.lib.json +1/-1     
adapter.ts +103/-39
client.ts +11/-4   
errors.ts +34/-15 
index.ts +6/-12   
index.ts +2/-2     
transports.ts +42/-31 
types.ts +0/-7     
codegen.ts +13/-11 
contracts.ts +44/-28 
framework.ts +4/-4     
index.ts +2/-2     
discovery-parser.ts +69/-52 
endpoint-config.ts +47/-30 
extract-collections.ts +1/-1     
generate-types.ts +3/-3     
tsdown.config.ts +6/-1     
config-loader.ts +50/-16 
index.ts +9/-9     
types.ts +10/-13 
AGENTS.md +39/-36 
content-type-mapping.ts +28/-26 
enabled-endpoints.ts +7/-7     
Additional files not shown

ThePlenkov and others added 30 commits December 24, 2025 10:23
fix(ci): update Vault field names to match ADT_* convention

- Change Vault field names from generic (host, username, password, client) to ADT_* prefixed
- Fix typo: ADT_USERNMAE -> ADT_USERNAME (note: typo still present in diff)
- Update AGENTS.md to document complete-plan workflow
- Update abapify submodule (dirty state)
```
fix(ci): correct Vault field names and update agent guidelines

- Fix typo: ADT_USERNMAE -> ADT_USERNAME in Vault field mapping
- Update Vault field names to match ADT_* convention (ADT_HOST, ADT_USERNAME, ADT_PASSWORD, ADT_CLIENT)
- Add mandatory bug handling discipline to AGENTS.md (TDD-first approach)
- Remove unused baseUrl from nx-lib tsconfig
- Update abapify submodule reference
```
docs(agents): format markdown files for consistency

- Fix markdown formatting in agent rules and workflows
- Standardize table alignment and spacing
- Add proper line breaks before lists and code blocks
- Fix nested list indentation
- Ensure consistent heading spacing
- No functional changes, only formatting improvements
```
chore(abapify): mark submodule as dirty (uncommitted changes)
```
- Add --config <path> global option to CLI
- Update plugin loader to accept explicit config path
- Allows specifying config file explicitly instead of auto-discovery
The --config option was being read from program.opts() before
parseAsync() was called, so it was always undefined. Now we
parse it directly from process.argv to load plugins correctly.
File paths now match abapgit format: src/<type>/<name>.<type>.abap
- adt ls: scan repo for ABAP objects, output ADT URIs (supports abapgit/AFF)
- adt atc --from-file: run ATC on objects listed in file
- Enables format-agnostic baseline ATC checks for Code Quality comparison
The --config CLI flag was being ignored because loadConfig() only
looked for adt.config.ts in cwd. Now loadConfig() accepts a configPath
option that takes precedence over auto-discovery.

- Add LoadConfigOptions interface with configPath and cwd params
- Update loadConfig() to load from explicit path when provided
- Add configPath to CliContext interface
- Pass --config option through CLI context to destinations.ts
- Update destinations.ts to use configPath from CLI context

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Previously FULL mode skipped the root package (mapped to src/).
Now all packages including root get their own directory under src/.

Example: ['ZABAPGIT_EXAMPLES', 'ZABAPGIT_EXAMPLES_CLAS']
  Before: src/zabapgit_examples_clas/
  After:  src/zabapgit_examples/zabapgit_examples_clas/

This matches the expected abapGit FULL folder logic behavior
where every package in the hierarchy has its own folder.
Pass method name (extracted from ATC location URI) and raw atc_location
through to the GitLab Code Quality report. This enables downstream tools
to correctly convert method-relative ATC line numbers to file-relative
line numbers for precise delta analysis.
The ATC location URI uses format:
  #type=CLAS%2FOM;name=METHOD_NAME;start=N
not /methods/METHOD_NAME. Fix regex to match both formats.
…tter

The GitLab Code Quality formatter now:
1. Scans src/ tree to resolve actual git paths (FULL folder logic)
   instead of hardcoding PREFIX-style paths
2. Converts method-relative ATC line numbers to file-relative by
   parsing METHOD statements in the ABAP source files
3. Extracts method name from ATC location URI (name= param format)

This fixes the GitLab Code Quality report showing wrong filenames
and wrong line positions.
- adt-atc: Define FindingResolver interface in types.ts
- adt-atc: gitlab.ts is now a pure formatter, accepts optional resolver
- adt-atc: atc command gets --resolver flag (e.g., --resolver abapgit)
- adt-plugin-abapgit: Implement createFindingResolver() with src/ scan
  and METHOD-relative to file-relative line conversion
- Resolver is loaded dynamically via import() for zero coupling

Usage: npx adt atc --transport X --format gitlab --output r.json --resolver abapgit
Use createRequire(process.cwd()) to resolve @abapify/adt-plugin-abapgit
from the project root where node_modules symlinks exist, instead of from
the bundled dist/ directory where workspace packages aren't resolvable.
Instead of dynamically importing @abapify/adt-plugin-abapgit (which fails
in bundled CLI because workspace packages aren't resolvable from dist/),
the abapgit resolver is now built-in to adt-atc using only Node.js builtins.

External resolvers still use dynamic import as a fallback path.
@ThePlenkov ThePlenkov marked this pull request as ready for review February 27, 2026 08:51
@qodo-code-review
Copy link

qodo-code-review bot commented Feb 27, 2026

PR Compliance Guide 🔍

(Compliance updated until commit 529c192)

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
No custom compliance provided

Follow the guide to enable custom compliance check.

Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Previous compliance checks

Compliance check up to commit e2a3978
Security Compliance
Path traversal write

Description: dirPath is derived directly from coll.href (discovery XML input) and then used to build
outputPath = join(outputDir, dirPath + '.ts'), which can enable path traversal (e.g., a
crafted href containing ../ or absolute-path-like segments) to write generated files
outside outputDir.
generate-contracts.ts [1013-1055]

Referred Code
// Generate relative path from href (e.g., /sap/bc/adt/atc/worklists -> sap/bc/adt/atc/worklists)
const dirPath = coll.href.replace(/^\//, '');
const contractName = dirPath.split('/').pop() || 'contract';

// Get endpoint config to check for CRUD mode
const endpointConfig = getEndpointConfig(coll.href);
const imports = importResolver(dirPath, outputDir);

let code: string;
let methodCount: number;

if (endpointConfig?.crud) {
  // Generate CRUD contract using crud() helper
  code = generateCrudContractFile(
    collJson,
    dirPath,
    imports,
    endpointConfig,
  );
  methodCount = 4; // get, post, put, delete
  console.log('  + ' + dirPath + '.ts (CRUD: get, post, put, delete)');



 ... (clipped 22 lines)
Codegen injection

Description: Multiple code-generation strings embed untrusted discovery/config fields (e.g.,
coll.title, coll.href, coll.category.term, schema, accept, and template-derived path) into
generated TypeScript without escaping, which can allow code injection into the generated
.ts output if the input data contains quotes/backticks/newlines (potentially leading to
execution when the generated code is compiled/run).
generate-contracts.ts [336-487]

Referred Code
function generateMethodCode(method: EndpointMethod, indent: string): string {
  const {
    name,
    httpMethod,
    path,
    pathParams,
    queryParams,
    accept,
    contentType,
    requestSchema,
    responseSchema,
    description,
  } = method;

  const params: string[] = [];
  for (const param of pathParams) {
    params.push(param + ': string');
  }
  if (queryParams.length > 0) {
    const queryType = queryParams.map((p) => p + '?: string').join('; ');
    params.push('params?: { ' + queryType + ' }');



 ... (clipped 131 lines)
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

🔴
Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
Raw error output: New code prints the caught err object directly to the console which can expose stack
traces or sensitive internal details to end users.

Referred Code
} catch (err) {
  console.error('  Error: ' + jsonFile + ':', err);
}

Learn more about managing compliance generic rules or creating your own custom rules

@qodo-code-review
Copy link

qodo-code-review bot commented Feb 27, 2026

PR Code Suggestions ✨

Latest suggestions up to 529c192

CategorySuggestion                                                                                                                                    Impact
Possible issue
Restore context after recursion

In traverseSchema, save the current context (currentSchema, source, depth)
before making recursive calls and restore it afterward to prevent state
corruption during traversal.

packages/ts-xsd/src/xsd/traverser.ts [170-190]

 private traverseSchema(
   schema: Schema,
   source: NodeSource,
   depth: number,
 ): void {
   if (this.visited.has(schema)) return;
   if (depth > this.options.maxDepth) return;
+
+  const prevSchema = this.currentSchema;
+  const prevSource = this.source;
+  const prevDepth = this.depth;
 
   this.visited.add(schema);
   this.currentSchema = schema;
   this.source = source;
   this.depth = depth;
 
   this.onEnterSchema(schema);
   this.traverseSchemaChildren(schema);
   this.traverseRedefines(schema);
   this.traverseOverrides(schema);
   this.traverseIncludes(schema, depth);
   this.traverseImports(schema, depth);
+
+  // Ensure leave callbacks observe the correct context for `schema`
+  this.currentSchema = schema;
+  this.source = source;
+  this.depth = depth;
   this.onLeaveSchema(schema);
+
+  this.currentSchema = prevSchema;
+  this.source = prevSource;
+  this.depth = prevDepth;
 }

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 9

__

Why: This suggestion correctly identifies a critical bug in the recursive traversal logic where the context (this.currentSchema, this.source, this.depth) is overwritten by nested calls, leading to incorrect state in the onLeaveSchema callback and for subsequent processing in the parent schema.

High
Reset state between traversals

In the traverse method, reset the visited set at the beginning of each run to
ensure that reusing the same traverser instance does not lead to incorrect,
state-contaminated results.

packages/ts-xsd/src/xsd/traverser.ts [103-110]

 traverse(schema: Schema, options: TraverseOptions = {}): this {
   this.rootSchema = schema;
   this.currentSchema = schema;
   this.source = 'direct';
   this.depth = 0;
   this.options = {
     includeImports: options.includeImports ?? true,
     includeIncludes: options.includeIncludes ?? true,
     maxDepth: options.maxDepth ?? Infinity,
   };
+
+  // Reset per-run state so instances can be reused safely
+  this.visited.clear();
   
   this.traverseSchema(schema, 'direct', 0);
   return this;
 }

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 9

__

Why: This suggestion correctly identifies a critical flaw where the SchemaTraverser instance is not reset, causing state from previous runs to leak into subsequent traversals. Adding this.visited.clear() is essential for ensuring the traverser can be reused correctly.

High
Prevent false failure on empty output

Normalize the interfaces variable to an empty string if it is undefined to
prevent the test from failing on legitimate empty output from
generateInterfaces().

packages/ts-xsd/tests/integration/abapgit-doma.test.ts [512-538]

-const { code: interfaces } = generateInterfaces(linkedSchema, {
+const { code } = generateInterfaces(linkedSchema, {
   addJsDoc: true,
 });
+const interfaces = code ?? '';
 
 ...
 
 writeFileSync(
   join(linkedInterfacesDir, 'interfaces.ts'),
   interfaces || '// No interfaces generated',
 );
 console.log(`Written to: ${join(linkedInterfacesDir, 'interfaces.ts')}`);
 
 ...
 
 assert.ok(typeof interfaces === 'string', 'Should return a string');

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 6

__

Why: The suggestion correctly identifies a flaw in the test logic where an expected undefined return value would cause a test failure, and the proposed fix makes the test more robust.

Low
General
Avoid false positives in import check

Replace the !content.includes('import ') check with a more specific regex,
!/^import\s+/m.test(content), to avoid false failures from matching "import "
in non-import contexts.

packages/ts-xsd/tests/integration/abapgit-doma.test.ts [259-262]

 assert.ok(
-  !content.includes('import '),
+  !/^import\s+/m.test(content),
   'RESOLVED should NOT have TypeScript imports',
 );

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 5

__

Why: The suggestion correctly points out a potential for false positives in the test assertion and provides a more precise regex to make the test more reliable.

Low
Reduce excessive test logging

Gate the console.log(content) statement behind an environment variable like
DEBUG_XSD_TESTS to prevent bloating CI logs with large file contents.

packages/ts-xsd/tests/integration/abapgit-doma.test.ts [247-248]

 console.log('\n=== RESOLVED doma.ts content ===');
-console.log(content);
+if (process.env.DEBUG_XSD_TESTS) {
+  console.log(content);
+} else {
+  console.log(`[content omitted; ${content.length} chars]`);
+}

[To ensure code accuracy, apply this suggestion manually]

Suggestion importance[1-10]: 4

__

Why: This is a good practice for maintaining clean and efficient CI logs by making verbose debugging output conditional, which improves test suite maintainability.

Low
  • More

Previous suggestions

Suggestions up to commit e2a3978
CategorySuggestion                                                                                                                                    Impact
Security
Sanitize resolver name to prevent path traversal

Add validation to the name variable from the --resolver argument before using it
in a dynamic import() to prevent a path traversal security vulnerability.

packages/adt-atc/src/commands/atc.ts [419-434]

 try {
+  // Security: Prevent path traversal attacks. Only allow valid package names.
+  if (name.includes('.') || name.includes('/')) {
+    throw new Error('Invalid resolver name. Must be a valid package name.');
+  }
   ctx.logger.info(`📂 Loading external resolver: ${name}`);
   const mod = await import(name);
   if (typeof mod.createFindingResolver === 'function') {
     resolver = mod.createFindingResolver();
   } else {
     ctx.logger.warn(
       `⚠️ Module ${name} does not export createFindingResolver()`,
     );
   }
 } catch (e) {
   ctx.logger.warn(
     `⚠️ Failed to load resolver "${name}": ${e instanceof Error ? e.message : e}`,
   );
 }
Suggestion importance[1-10]: 10

__

Why: The suggestion correctly identifies and fixes a critical path traversal security vulnerability in the newly added --resolver feature, preventing potential arbitrary code execution.

High
Possible issue
Prevent returning incorrect task data

Improve task data retrieval by throwing an error if a task with a matching
number is not found, instead of incorrectly falling back to the first task in
the array.

packages/adk/src/objects/cts/transport/transport.ts [611-620]

 protected get itemData(): TransportRequestData {
   // For a task, the data is in the 'task' array, not the root 'request'
   const rootTask = this.response.task;
   if (rootTask) {
     const taskArr = Array.isArray(rootTask) ? rootTask : [rootTask];
-    const found = taskArr.find((t) => t.number === this.name) || taskArr[0];
-    if (found) return found as unknown as TransportRequestData;
+    const found = taskArr.find((t) => t.number === this.name);
+    if (found) {
+      return found as unknown as TransportRequestData;
+    }
+    // If the task is not found by its number, it's a data inconsistency.
+    // Falling back to the first task would be incorrect.
+    throw new Error(`Task data for '${this.name}' not found in the response.`);
   }
   return this.response.request || ({} as TransportRequestData);
 }
Suggestion importance[1-10]: 8

__

Why: The suggestion correctly identifies a potential bug where the code could return data for the wrong task, and proposes a robust fix by throwing an error instead of silently failing.

Medium
Add error handling around file read

Add a try/catch block around the readFileSync call to gracefully handle
potential file read errors for the --from-file option.

packages/adt-atc/src/commands/atc.ts [304-309]

-const { readFileSync } = await import('fs');
-const fileContent = readFileSync(options.fromFile, 'utf-8');
-const targetUris = fileContent
-  .split('\n')
-  .map((line) => line.trim())
-  .filter((line) => line && !line.startsWith('#')); // Skip empty lines and comments
+let targetUris: string[];
+try {
+  const { readFileSync } = await import('fs');
+  const fileContent = readFileSync(options.fromFile, 'utf-8');
+  targetUris = fileContent
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line && !line.startsWith('#')); // Skip empty lines and comments
+} catch (err) {
+  ctx.logger.error(
+    `❌ Failed to read file ${options.fromFile}: ${err instanceof Error ? err.message : err}`,
+  );
+  process.exit(1);
+}
Suggestion importance[1-10]: 7

__

Why: The suggestion correctly adds necessary error handling for file I/O, which prevents the application from crashing and improves robustness for the new --from-file feature.

Medium

Copilot AI and others added 17 commits February 27, 2026 09:04
Resolved 17 add/add conflicts by keeping the feature/atc-checks versions,
which contain the complete implementation including resolver support,
--from-file option, --resolver option, FormatOptionValue, lsCommand,
configPath caching, LoadConfigOptions, and format options for imports.
- Add missing workspace entries: packages/adt-atc, packages/adt-export
- Update root workspace: remove @cloudfoundry/api, @sap/cds-dk, @sap/xsenv,
  @cap-js/cds-types; bump prettier ^3.7.4, tsdown ^0.18.0
- packages/adt-cli: add @abapify/adt-atc, @abapify/adt-codegen,
  @abapify/adt-export, @abapify/adt-plugin deps
- packages/adt-plugin-abapgit: add @abapify/adt-atc dep
- packages/adt-client: add @abapify/adt-schemas dep
- packages/adt-playwright: add @abapify/adt-auth dep
- packages/adk: add @abapify/adt-schemas dep
- packages/adt-codegen: add @abapify/adt-plugin dep
- Add @abapify/adt-atc, @abapify/adt-export to packages resolution section

Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
Removes bind mounts and the post-create command to reduce configuration complexity and streamline environment setup.
Also drops unnecessary container capabilities, focusing on essential run arguments.

Co-authored-by: Ona <no-reply@ona.com>
…asks, and exploring workspaces

- Introduced `nx-generate` skill for scaffolding projects and utilizing Nx generators.
- Added `nx-plugins` skill to assist in discovering and installing Nx plugins.
- Created `nx-run-tasks` skill for executing tasks within an Nx workspace.
- Developed `nx-workspace` skill for exploring workspace structure, project configurations, and available targets.
- Added reference documentation for affected projects in `nx-workspace`.
- Updated AGENTS.md with general guidelines for working with Nx, including scaffolding and generator usage.
- Run prettier format:write to fix formatting across all files
- Fix eslint.config.js in adt-cli to import from eslint.config.mjs (not .js)
- Remove dynamic imports of @abapify/adk in services/import/service.ts to fix nx module boundary violations
- Add eslint-disable comments for intentional empty functions (silentLogger, print placeholders, singleton constructor)
- Fix no-useless-escape in plugin-loader.ts regex character class

https://claude.ai/code/session_012RYTowbXpNASEXfpt1H4dP
Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
Co-authored-by: ThePlenkov <6381507+ThePlenkov@users.noreply.github.com>
fix: resolve CI pipeline failures — lint errors and no-test exit
…licts

fix: sync bun.lock with workspace package.json and unblock CI
@nx-cloud
Copy link
Contributor

nx-cloud bot commented Feb 27, 2026

View your CI Pipeline Execution ↗ for commit 529c192

Command Status Duration Result
nx affected -t lint test build e2e-ci --verbose... ✅ Succeeded 1m 25s View ↗

☁️ Nx Cloud last updated this comment at 2026-02-27 14:28:30 UTC

@ThePlenkov ThePlenkov merged commit 63467cc into main Feb 27, 2026
2 checks passed
@ThePlenkov ThePlenkov deleted the feature/atc-checks branch February 27, 2026 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants