Fix minor issues with CLI

[fracek]

Fix a couple of small issues I have found while working on the tutorial.

• a shebang is needed in the CLI file to work with npm
• hash the indexers filename so that users can use special characters in their indexers name

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new JSON metadata file for the apibara package, indicating a prerelease version. It also updates the build.config.ts file to enhance the CLI module with a shebang banner, allowing it to be executed as a script. Additionally, a new dependency, ohash, is added to the package.json, and the indexers function in the indexers.ts file is modified to use hashed identifiers for imports, improving the handling of indexers.

Changes

File	Change Summary
change/apibara-f4d98eff-8f08-4f04-bf68-8ac249c3c0e7.json	New JSON file created for apibara package metadata indicating a prerelease version.
packages/cli/build.config.ts	New rollup configuration added with a banner function for the CLI module to include a shebang.
packages/cli/package.json	New dependency added: "ohash": "^1.1.4".
packages/cli/src/rollup/plugins/indexers.ts	Modified indexers function to use hashed identifiers for indexer imports instead of original names.

Possibly related PRs

• Prepare for release #102: Updates the release workflow to include a new tag for prerelease versions, related to the new JSON file for apibara.
• ci: fix release workflow #103: Modifies the release workflow to add a build step, supporting the overall release process that includes the new prerelease metadata.
• cli: include runtime-meta in package #114: Introduces a new JSON file for the apibara package specifying metadata for a prerelease version, similar to the changes in this PR.

Poem

In the burrow where code does play,
A new JSON file brightens the day.
With a shebang to guide the way,
And hashed names that dance and sway.
Oh, what joy in the CLI's array! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

packages/cli/src/rollup/plugins/indexers.ts (1)

13-13: Consider documenting the hashing strategy

The implementation correctly maintains the mapping between original indexer names and their hashed versions. Consider adding a comment explaining this strategy for future maintainers.

Add a comment above the indexers array:

    ${indexers.map((i) => `import _${hash(i)} from '${i.indexer}';`).join("\n")}

+   // Map original indexer names to their hashed versions to support special characters
+   // while maintaining valid JavaScript identifiers
    export const indexers = [
      ${indexers.map((i) => `{ name: "${i.name}", indexer: _${hash(i)} }`).join(",\n")}

packages/cli/build.config.ts (1)

46-47: Consider improving maintainability with constants and documentation.

The implementation could benefit from these minor improvements:

+ // CLI output file name
+ const CLI_OUTPUT_FILE = "cli/index.mjs";
+ // Add shebang to make the CLI executable through npm
  rollup: {
    output: {
      banner: ({ fileName }) =>
-        fileName === "cli/index.mjs" ? "#!/usr/bin/env node" : undefined,
+        fileName === CLI_OUTPUT_FILE ? "#!/usr/bin/env node" : undefined,
    },
  },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 383d0fc and 413fd1e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (4)

• change/apibara-f4d98eff-8f08-4f04-bf68-8ac249c3c0e7.json (1 hunks)
• packages/cli/build.config.ts (1 hunks)
• packages/cli/package.json (1 hunks)
• packages/cli/src/rollup/plugins/indexers.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• change/apibara-f4d98eff-8f08-4f04-bf68-8ac249c3c0e7.json

🔇 Additional comments (6)

packages/cli/src/rollup/plugins/indexers.ts (3)

3-3: LGTM: Good choice of hashing library

The addition of ohash is appropriate for generating consistent hashes for indexer names.

---

10-10: Verify hash consistency across builds

The implementation correctly handles special characters in indexer names by using hashed identifiers. The _ prefix ensures valid JavaScript identifiers.

Let's verify the hash consistency and potential collisions:

✅ Verification successful

Let me analyze the hash implementation to verify its consistency. I'll need to check the hash function and its usage.

---

Hash implementation is reliable and consistent

The implementation uses the ohash package, which is a well-tested and reliable hashing library. The hash function is deterministic, meaning it will produce the same output for the same input across different builds. The _ prefix ensures valid JavaScript identifiers, and using ohash guarantees consistent hash generation with minimal collision probability.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential hash collisions in indexer names
# Look for files that might contain indexer definitions to test hash consistency

# Search for indexer definitions
rg -l "indexer[\"']?\s*[:=]" | while read -r file; do
  echo "=== Checking $file for indexer definitions ==="
  rg "indexer[\"']?\s*[:=]" "$file" -A 2
done

Length of output: 9822

---

Script:

#!/bin/bash
# Check the hash function implementation and its usage
rg -l "function hash" packages/cli/src/rollup/plugins/indexers.ts
echo "=== Hash function implementation ==="
rg "function hash" -A 5 packages/cli/src/rollup/plugins/indexers.ts

# Check if the hash function is imported from another module
echo "=== Hash imports ==="
rg "import.*hash" packages/cli/src/rollup/plugins/indexers.ts

Length of output: 446

---

Line range hint 5-17: Verify error handling for edge cases

While the implementation is solid, we should ensure proper error handling for edge cases.

Let's check for existing error handling patterns:

✅ Verification successful

No additional error handling needed for indexers plugin

Based on the codebase analysis, the current implementation is appropriate and doesn't require additional error handling for edge cases because:

1. Input validation is handled at the type level through the Apibara interface which ensures indexers is an array of IndexerDefinition objects.
2. The plugin uses Set to deduplicate indexers, preventing any duplicate processing.
3. The hash function from ohash is a reliable hashing implementation that safely handles various input types.
4. The virtual plugin is used in a straightforward way with string template literals, which is safe for the given input types.
5. The indexers array is already validated and processed by the CLI's core scanning logic in packages/cli/src/core/scan.ts before reaching this plugin.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for error handling patterns in similar plugin files

# Look for error handling patterns in rollup plugins
echo "=== Checking error handling patterns in rollup plugins ==="
rg -B 2 -A 2 "throw|catch|Error" "packages/cli/src/rollup/plugins/"

# Look for validation patterns
echo "=== Checking validation patterns ==="
rg -B 2 -A 2 "validate|check|assert" "packages/cli/src/rollup/plugins/"

Length of output: 349

---

Script:

#!/bin/bash
# Let's try a different approach to analyze the codebase for error handling patterns

# First, let's see what other files exist in the plugins directory
echo "=== Listing files in plugins directory ==="
fd . "packages/cli/src/rollup/plugins/"

# Let's examine the content of these plugin files
echo "=== Examining plugin implementations ==="
fd . "packages/cli/src/rollup/plugins/" -t f -x cat

# Let's also check if there are any type definitions or interfaces that might enforce validation
echo "=== Checking for type definitions ==="
rg -t ts "interface|type" "packages/cli/src/rollup/plugins/"

Length of output: 3568

---

Script:

#!/bin/bash
# Let's examine the Apibara type definition to understand the input validation
echo "=== Checking Apibara type definition ==="
rg -t ts "interface.*Apibara|type.*Apibara" -A 10

# Let's also check if there's any validation in the main CLI code that calls this plugin
echo "=== Checking CLI validation ==="
fd . "packages/cli/src/" -t f -x rg -l "indexers.*plugin|apibara.*indexers"

Length of output: 20851

packages/cli/build.config.ts (1)

44-49: LGTM! The shebang implementation looks correct.

The rollup configuration correctly adds the shebang to the CLI module, which will enable proper execution through npm.

packages/cli/package.json (2)

102-102: LGTM! Addition of ohash dependency.

The addition of ohash aligns with the PR objective to hash indexer filenames for better handling of special characters.

---

102-102: Verify ohash version and security.

Let's verify the latest stable version and check for any security advisories for ohash.

✅ Verification successful

ohash version 1.1.4 is up-to-date and secure

The package is using the latest stable version (1.1.4) and no security issues were found:

• Latest version on npm registry matches the version in package.json
• No open security-labeled issues in the GitHub repository
• Package is actively maintained with recent releases

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check latest version and security advisories for ohash

# Check NPM for latest versions
curl -s https://registry.npmjs.org/ohash | jq '.["dist-tags"].latest'

# Check for known vulnerabilities
curl -s https://registry.npmjs.org/ohash | jq '.versions | keys[] as $k | select($k | contains("1.1.4")) | . as $version | $version' && \
npm audit --json ohash@1.1.4 2>/dev/null || echo "Package not found in npm audit"

# Check GitHub issues for security-related concerns
gh api graphql -f query='
{
  repository(owner: "unjs", name: "ohash") {
    issues(first: 5, labels: ["security"], states: OPEN) {
      nodes {
        title
        url
        createdAt
      }
    }
  }
}'

Length of output: 40185

[jaipaljadeja]

Looks good! Thanks.