"Unsafe" schema additions

[hawkeyexl]

Summary by CodeRabbit

• New Features

  • Added support for marking tests and steps as "unsafe," allowing users to specify actions that may modify the system or environment. Unsafe tests and steps are only executed in secure environments or when explicitly enabled.
  • Introduced a new configuration option allowUnsafeTests to control the execution of potentially unsafe tests.
  • Updated schema support for custom file types to allow either extensions or extends properties.

• Improvements

  • Enhanced error messages for validation failures, providing clearer and more detailed feedback.

• Dependency Updates

  • Updated several dependencies and development tools to their latest versions.

[coderabbitai]

"""

Walkthrough

This update introduces a new unsafe boolean property across multiple JSON schemas for tests and steps, enabling explicit marking of potentially unsafe actions. A new top-level config property, allowUnsafeTests, is added. The fileTypes schema is modified to accept either extensions or extends. Error reporting in validation is improved for clarity, and several dependencies are updated in package.json.

Changes

File(s)	Change Summary
package.json	Updated version to 3.1.0-dev.1; upgraded mocha, sinon, @apidevtools/json-schema-ref-parser, and axios.
src/schemas/output_schemas/config_v3.schema.json, src/schemas/output_schemas/resolvedTests_v3.schema.json, src/schemas/src_schemas/config_v3.schema.json	Added allowUnsafeTests config property; modified fileTypes to allow either extensions or extends.
src/schemas/output_schemas/spec_v3.schema.json, src/schemas/output_schemas/report_v3.schema.json, src/schemas/output_schemas/test_v3.schema.json, src/schemas/output_schemas/step_v3.schema.json, src/schemas/src_schemas/test_v3.schema.json, src/schemas/src_schemas/step_v3.schema.json	Added unsafe boolean property (default false) to tests and steps schemas; updated examples accordingly.
src/validate.js	Enhanced error reporting by formatting validation errors for improved readability.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Validator
    participant Schema

    User->>Validator: Submit config/test/step for validation
    Validator->>Schema: Validate including 'unsafe' and 'allowUnsafeTests' properties
    Schema-->>Validator: Return validation result (with detailed errors if any)
    Validator-->>User: Return result with formatted error messages

Loading

Poem

A whisk of code, a hop, a leap,
Now "unsafe" flags are ours to keep!
Tests and steps with caution marked,
In Docker safe, or flags embarked.
Errors clear, dependencies new—
This rabbit’s joy hops straight to you! 🐇✨
"""

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 8

♻️ Duplicate comments (16)

src/schemas/output_schemas/test_v3.schema.json (1)

633-637: Duplicate: step-level unsafe property addition
These hunks repeatedly add the same unsafe boolean field (with identical description and default) across all step definitions. See the earlier comment on centralizing this schema to avoid redundancy and reduce drift.

Also applies to: 680-684, 735-739, 946-950, 1128-1132, 1924-1928, 2081-2085, 3079-3083, 3381-3385, 3669-3673, 3885-3889, 4328-4332, 4495-4499, 4575-4579, 4650-4654, 5374-5378, 5421-5425, 5476-5480, 5687-5691, 5869-5873, 6665-6669, 6822-6826, 7820-7824, 8122-8126, 8410-8414, 8626-8630, 9069-9073, 9236-9240, 9316-9320, 9391-9395

src/schemas/output_schemas/step_v3.schema.json (12)

76-80: Duplicate: fix grammar and config reference

---

131-135: Duplicate: fix grammar and config reference

---

342-346: Duplicate: fix grammar and config reference

---

524-528: Duplicate: fix grammar and config reference

---

1320-1324: Duplicate: fix grammar and config reference

---

1477-1481: Duplicate: fix grammar and config reference

---

2777-2781: Duplicate: fix grammar and config reference

---

3077-3081: Duplicate: fix grammar and config reference

---

3281-3285: Duplicate: fix grammar and config reference

---

3891-3895: Duplicate: fix grammar and config reference

---

3971-3975: Duplicate: fix grammar and config reference

---

4046-4050: Duplicate: fix grammar and config reference

src/schemas/output_schemas/spec_v3.schema.json (1)

1234-1238: Duplicate of comment above.

Also applies to: 1281-1285, 1336-1340, 1547-1551, 1729-1733, 2525-2529, 2682-2686, 3680-3684, 3982-3986, 4270-4274, 4486-4490, 4929-4933, 5096-5100, 5176-5180, 5251-5255, 5938-5942, 5975-5979, 6022-6026, 6077-6081, 6288-6292, 6470-6474, 7266-7270, 7423-7427, 8421-8425, 8723-8727, 9011-9015, 9227-9231, 9670-9674, 9837-9841, 9917-9921, 9992-9996

src/schemas/output_schemas/report_v3.schema.json (1)

1252-1256: Consistent addition of the unsafe property across step variants verified.

Each step schema now includes the unsafe boolean with the correct default and description. This change is consistent and aligns with the test-level addition above. Ensure you apply any grammar refinements (if accepted) uniformly across all occurrences.

Also applies to: 1299-1303, 1354-1358, 1565-1569, 1747-1751, 2543-2547, 2700-2704, 3698-3702, 4000-4004, 4288-4292, 4504-4508, 4947-4951, 5114-5118, 5194-5198, 5269-5273, 5956-5960, 5993-5997, 6040-6044, 6095-6099, 6306-6310, 6488-6492, 7284-7288, 7441-7445, 8439-8443, 8741-8745, 9029-9033, 9245-9249, 9688-9692, 9855-9859, 9935-9939, 10010-10014

src/schemas/output_schemas/config_v3.schema.json (1)

842-849: Apply grammar/config-fix from above to all unsafe insertions.

Also applies to: 897-904, 1108-1115, 1293-1297, 2089-2093, 2246-2250, 3244-3248, 3546-3550, 3834-3838, 4050-4054, 4493-4497, 4660-4664, 4740-4744, 4815-4819, 5922-5926, 5969-5973, 6024-6028, 6235-6239, 6417-6421, 7213-7217, 7370-7374, 8368-8372, 8670-8674, 8958-8962, 9174-9178, 9617-9621, 9784-9788, 9864-9868, 9939-9943

🧹 Nitpick comments (8)

src/schemas/src_schemas/step_v3.schema.json (1)

23-25: Redundant $ref indirection

common.properties.unsafe just re-references the component schema defined a few lines below.
This is a tiny inefficiency: duplicate level of indirection adds no value and makes tooling output less compact. Consider inlining the boolean schema directly in common to keep the generated bundle smaller.

src/schemas/output_schemas/test_v3.schema.json (1)

19-23: Refine and centralize the unsafe property definition
The identical unsafe boolean schema (same description and default) is copy-pasted at the test root and in the test object definition. Extract this into a shared definitions/unsafe component and use $ref to improve maintainability and ensure single-source truth. Also, the description references allowUnsafeTests, but the config schema introduces allowUnsafeMarkup; please verify which config key is correct and update descriptions accordingly.

Also applies to: 5337-5341

src/schemas/output_schemas/resolvedTests_v3.schema.json (2)

558-567: Clarify the anyOf requirements for custom mode file types.
Allowing either extensions or extends is correct, but consider adding descriptive comments or examples in the schema to illustrate typical usage patterns. Also verify that using the keyword extends won’t conflict with any JSON Schema keywords or downstream tooling.

---

811-815: Fix grammatical error in unsafe descriptions.
The phrase "Whether or not the test or step is may be unsafe." contains an extra "is". It should read "Whether or not the test or step may be unsafe." for clarity.

Example diff:

-"description": "Whether or not the test or step is may be unsafe. Unsafe tests and steps may perform actions..."
+"description": "Whether or not the test or step may be unsafe. Unsafe tests and steps may perform actions..."

Also applies to: 858-862, 913-917, 1124-1128, 1306-1310, 2102-2106, 2259-2263, 3257-3261, 3559-3563, 3847-3851, 4063-4067, 4506-4510, 4673-4677, 4753-4757, 4828-4832, 5935-5939, 5982-5986, 6037-6041, 6248-6252, 6430-6434, 7226-7230, 7383-7387, 8381-8385, 8683-8687, 8971-8975, 9187-9191, 9630-9634, 9797-9801, 9877-9881, 9952-9956, 11232-11236, 11846-11850, 11893-11897, 11948-11952, 12159-12163, 12341-12345, 13137-13141, 13294-13298, 14292-14296, 14594-14598, 14882-14886, 15098-15102, 15541-15545, 15708-15712, 15788-15792, 15863-15867, 16550-16554, 16587-16591, 16634-16638, 16689-16693, 16900-16904, 17082-17086, 17878-17882, 18035-18039, 19033-19037, 19335-19339, 19623-19627, 19839-19843, 20282-20286, 20449-20453, 20529-20533, 20604-20608

src/schemas/output_schemas/spec_v3.schema.json (1)

620-624: Correct grammatical error and improve maintainability.

The description text has a typo ("is may be unsafe") and is duplicated in many places. Consider extracting the unsafe property definition into a reusable definition and referencing it with $ref to avoid repetition and ensure consistent updates.

src/schemas/output_schemas/report_v3.schema.json (1)

638-642: Refine description grammar for the unsafe flag.

The phrase “Whether or not the test or step is may be unsafe” contains a redundancy. Consider rewording for clarity, for example:

-"description": "Whether or not the test or step is may be unsafe. Unsafe tests and steps may perform actions that could modify the system or environment in unexpected ways. Tests that contain unsafe steps are only performed within Docker containers or if unsafe tests are enabled with the `allowUnsafeTests` config property or the `--unsafe` flag.",
+"description": "Whether the test or step may be unsafe. Unsafe actions can modify the system or environment unexpectedly. Tests with unsafe steps run only within Docker containers or when enabled via the `allowUnsafeTests` config property or the `--unsafe` flag.",

src/schemas/output_schemas/config_v3.schema.json (2)

132-135: Ensure default for allowUnsafeMarkup and clarify semantics.
The new allowUnsafeMarkup flag lacks a default value—consider adding "default": false to align with other boolean flags. Also, verify that its description correctly distinguishes allowUnsafeMarkup from any existing allowUnsafeTests property.

---

545-556: Consider using oneOf for exclusive extensions/extends.
If extensions and extends are meant to be mutually exclusive, replace anyOf with oneOf to enforce exactly one choice. Otherwise, add a note in the description that both can coexist.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 321c5c3 and 5569f93.

⛔ Files ignored due to path filters (7)

• dist/schemas/config_v3.schema.json is excluded by !**/dist/**
• dist/schemas/report_v3.schema.json is excluded by !**/dist/**
• dist/schemas/resolvedTests_v3.schema.json is excluded by !**/dist/**
• dist/schemas/spec_v3.schema.json is excluded by !**/dist/**
• dist/schemas/step_v3.schema.json is excluded by !**/dist/**
• dist/schemas/test_v3.schema.json is excluded by !**/dist/**
• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (11)

• package.json (2 hunks)
• src/schemas/output_schemas/config_v3.schema.json (32 hunks)
• src/schemas/output_schemas/report_v3.schema.json (33 hunks)
• src/schemas/output_schemas/resolvedTests_v3.schema.json (65 hunks)
• src/schemas/output_schemas/spec_v3.schema.json (33 hunks)
• src/schemas/output_schemas/step_v3.schema.json (15 hunks)
• src/schemas/output_schemas/test_v3.schema.json (33 hunks)
• src/schemas/src_schemas/config_v3.schema.json (9 hunks)
• src/schemas/src_schemas/step_v3.schema.json (2 hunks)
• src/schemas/src_schemas/test_v3.schema.json (10 hunks)
• src/validate.js (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test (windows-latest, 22)

🔇 Additional comments (23)

package.json (1)

3-3: Lock-file & CI check after dependency bumps

Version bump to 3.1.0-dev.0 and upgrades for mocha / @apidevtools/json-schema-ref-parser look fine, but remember to:

1. Commit the regenerated lock-file (package-lock.json/pnpm-lock.yaml) so CI produces reproducible installs.
2. Ensure the updated parser (^13.0.5) still passes the schema dereference task – its minor changes occasionally break remote $ref resolution.

Also applies to: 24-24, 28-28

src/schemas/output_schemas/test_v3.schema.json (1)

10066-10066: Verify example alignment with schema and config
The example test object now includes "unsafe": true, which matches the new schema. Please ensure the JSON syntax remains strict (no trailing commas) and confirm that the example’s reference to the config property matches the actual key (allowUnsafeMarkup vs. allowUnsafeTests).

src/schemas/src_schemas/test_v3.schema.json (4)

100-104: Inconsistent AI summary regarding required properties

The summary states “No changes were made to required properties,” but this schema now adds a second anyOf branch requiring contexts. Please correct the summary or revise the change.

Likely an incorrect or invalid review comment.

---

119-122: Approve negative constraint on operationId

Using a not schema block to forbid operationId in test‐level OpenAPI objects and requiring name + descriptionPath is a clear way to enforce the intended contract.

---

160-161: Approve addition of unsafe flag in example

The example test now correctly demonstrates the new unsafe boolean property.

---

149-150: Approve single-line array formatting in examples

Consolidating arrays into single lines improves readability and consistency across examples.

Also applies to: 163-164, 178-179, 205-206, 224-225, 231-232

src/schemas/output_schemas/resolvedTests_v3.schema.json (1)

21279-21280: Example update is correct.
The test example now includes "unsafe": true, aligning with the schema enhancements.

src/schemas/src_schemas/config_v3.schema.json (13)

49-49: Approve single-line enum formatting for relativePathBase
Consolidating the enum into a single line improves readability and aligns with the rest of the schema.

---

103-103: Approve single-line enum formatting for logLevel
This adjustment keeps the style consistent with other enum definitions.

---

115-115: Approve single-line default for fileTypes
The default array is now on one line, consistent with other simple arrays.

---

126-126: Approve single-line enum formatting for predefined fileTypes
This maintains uniform formatting for enum arrays across the schema.

---

132-134: Approve relaxed anyOf requirements for custom file types
Allowing either extensions or extends grants flexibility in defining custom templates.

---

144-144: Approve single-line enum formatting for the extends property
Consistent styling for enum values improves maintainability.

---

171-171: Approve explicit required for executable file type
Requiring extensions in executable mode is correct to ensure valid detection.

---

222-222: Approve addition of required: ["send"] in telemetry
Forcing send to be present guarantees telemetry behavior is always defined.

---

239-239: Approve addition of required: ["platform"] in environment schema
Requiring platform ensures at least this key is available in the read-only environment object.

---

248-248: Approve enum values for platform
The permitted OS values are clear and cover the supported environments.

---

253-253: Approve enum values for arch
The architecture list comprehensively covers the expected targets.

---

390-390: Approve example formatting for fileTypes
Updating the example to a single-line array improves consistency with the schema.

---

396-396: Approve example extensions array formatting
The shift to a single-line extensions array aligns with schema formatting conventions.

src/schemas/output_schemas/spec_v3.schema.json (2)

620-624: Align config property naming.

The description references allowUnsafeTests, but the PR introduces allowUnsafeMarkup as the config property. Please confirm the intended name and update the description to match.

---

10667-10668: Example usage of unsafe flag is appropriate.

src/schemas/output_schemas/report_v3.schema.json (1)

10685-10685: Example updated to demonstrate the unsafe flag.

The example test object now correctly includes "unsafe": true, illustrating usage of the new property.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/schemas/output_schemas/resolvedTests_v3.schema.json (1)

811-815: Consider extracting the unsafe property into a shared definition.
The unsafe flag with identical schema is repeated across many objects. Defining it once under #/definitions/unsafeFlag and referencing it via $ref will reduce duplication and simplify future updates.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7130bb9 and dc7ac11.

⛔ Files ignored due to path filters (6)

• dist/schemas/config_v3.schema.json is excluded by !**/dist/**
• dist/schemas/report_v3.schema.json is excluded by !**/dist/**
• dist/schemas/resolvedTests_v3.schema.json is excluded by !**/dist/**
• dist/schemas/spec_v3.schema.json is excluded by !**/dist/**
• dist/schemas/step_v3.schema.json is excluded by !**/dist/**
• dist/schemas/test_v3.schema.json is excluded by !**/dist/**

📒 Files selected for processing (8)

• src/schemas/output_schemas/config_v3.schema.json (32 hunks)
• src/schemas/output_schemas/report_v3.schema.json (33 hunks)
• src/schemas/output_schemas/resolvedTests_v3.schema.json (65 hunks)
• src/schemas/output_schemas/spec_v3.schema.json (33 hunks)
• src/schemas/output_schemas/step_v3.schema.json (15 hunks)
• src/schemas/output_schemas/test_v3.schema.json (33 hunks)
• src/schemas/src_schemas/step_v3.schema.json (2 hunks)
• src/schemas/src_schemas/test_v3.schema.json (10 hunks)

🚧 Files skipped from review as they are similar to previous changes (7)

• src/schemas/output_schemas/test_v3.schema.json
• src/schemas/src_schemas/step_v3.schema.json
• src/schemas/output_schemas/spec_v3.schema.json
• src/schemas/src_schemas/test_v3.schema.json
• src/schemas/output_schemas/report_v3.schema.json
• src/schemas/output_schemas/config_v3.schema.json
• src/schemas/output_schemas/step_v3.schema.json

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test (windows-latest, 22)

🔇 Additional comments (2)

src/schemas/output_schemas/resolvedTests_v3.schema.json (2)

558-568: Verify the use of anyOf for custom file types.
Allowing either extensions or extends in the file type schema looks correct, but please confirm that validation logic, documentation, and any downstream code generators are updated to handle both properties.

---

21279-21279: Confirm example override of unsafe.
The example now explicitly sets "unsafe": true. Ensure this aligns with updated documentation and clearly contrasts with the default false behavior.

[coderabbitai]

🛠️ Refactor suggestion

Fix typo in the unsafe description.
There's an extra "is" in:

"Whether or not the test or step is may be unsafe."

It should read:

"Whether or not the test or step may be unsafe."

🤖 Prompt for AI Agents

In src/schemas/output_schemas/resolvedTests_v3.schema.json around lines 16550 to
16554, fix the typo in the description of the `unsafe` field by removing the
extra "is" so that it reads "Whether or not the test or step may be unsafe."
instead of "Whether or not the test or step is may be unsafe."

[coderabbitai]

🛠️ Refactor suggestion

Add a default for allowUnsafeTests.
The new allowUnsafeTests boolean lacks a default value, which can lead to unsafe-by-default behavior. It should default to false to enforce safe-by-default semantics.
Apply this diff:

 "allowUnsafeTests": {
   "type": "boolean",
   "description": "Whether or not to run potentially unsafe tests, such as those that execute shell commands or run code.",
+  "default": false
 },

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"allowUnsafeTests": {
	"type": "boolean",
	"description": "Whether or not to run potentially unsafe tests, such as those that execute shell commands or run code."
	},
	"allowUnsafeTests": {
	"type": "boolean",
	"description": "Whether or not to run potentially unsafe tests, such as those that execute shell commands or run code.",
	"default": false
	},

🤖 Prompt for AI Agents

In src/schemas/output_schemas/resolvedTests_v3.schema.json around lines 133 to
136, the boolean property allowUnsafeTests is missing a default value, which can
cause unsafe behavior by default. Add a default value of false to the
allowUnsafeTests property in the schema to ensure safe-by-default semantics.