Skip to content

silent verify script#282

Open
jasonmorais wants to merge 19 commits into
mainfrom
jason/silent-verify
Open

silent verify script#282
jasonmorais wants to merge 19 commits into
mainfrom
jason/silent-verify

Conversation

@jasonmorais

@jasonmorais jasonmorais commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary by Sourcery

Introduce silent verification command runners and adopt them in the root verify script while updating local-dev exports and documentation.

New Features:

  • Add silent command and sequence runners plus a fluent verification sequence builder under the @cellix/local-dev/silent-runners entrypoint.
  • Provide reusable tool-wrapper builders for pnpm scripts, audits, Knip, Snyk scans, Sonar scripts, and test runners to standardize verification workflows.
  • Expose writeJsonFile from local-dev file utilities for broader JSON handling support.

Enhancements:

  • Update local-dev README and manifest to document silent verification runners, new subpath exports, and clarified package scope around scanner policy.
  • Refine AgentFormatter logging to suppress summary output when no issues are found and only report issue counts when present.

Build:

  • Publish new @cellix/local-dev/silent-runners and vite subpath exports and align workspace vitest config aliases accordingly.
  • Upgrade several dependency overrides including protobufjs, body-parser, js-yaml, and OpenTelemetry components in the pnpm workspace.

CI:

  • Replace the root verify npm script with a Node-based pipeline script that uses the new silent verification sequence and tool wrappers.

Tests:

  • Add vitest coverage for silent runners to verify success remains silent, failure output is replayed, sequences stop on first failure, buffer configuration works, and the shared verification sequence remains immutable.

@sourcery-ai

sourcery-ai Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Implements a new generic silent verification runner subsystem in @cellix/local-dev, exposes it via public and subpath APIs, wires a Node-based verify script for the repo using these primitives, adds documentation and tests, tweaks the Serenity agent formatter output behavior, and updates some dependency overrides.

File-Level Changes

Change Details Files
Introduce silent verification runner primitives and tool-specific wrappers in @cellix/local-dev and expose them as part of the public API.
  • Add a new silent-runners module implementing runSilentCommand, runSilentCommandSequence, VerificationSequence, and helper types to capture command output silently and replay on failure.
  • Provide pnpm, pnpm audit, Knip, Snyk, Sonar, and test-runner specific CommandSequenceStep builders to encode reusable CLI shapes without project-specific policy.
  • Export all silent-runner APIs from the root index, files index, package.json exports map, vitest config aliases, tsconfig, and manifest so they are consumable via @cellix/local-dev and @cellix/local-dev/silent-runners.
packages/cellix/local-dev/src/silent-runners/index.ts
packages/cellix/local-dev/src/silent-runners/pnpm.ts
packages/cellix/local-dev/src/silent-runners/pnpm-audit.ts
packages/cellix/local-dev/src/silent-runners/knip.ts
packages/cellix/local-dev/src/silent-runners/snyk.ts
packages/cellix/local-dev/src/silent-runners/sonar.ts
packages/cellix/local-dev/src/silent-runners/test-runners.ts
packages/cellix/local-dev/src/index.ts
packages/cellix/local-dev/package.json
packages/cellix/local-dev/vitest.config.ts
packages/cellix/local-dev/tsconfig.vitest.json
packages/cellix/local-dev/src/files/index.ts
Add tests and documentation for the silent runners and update local-dev package metadata and manifest to cover verification responsibilities and boundaries.
  • Extend index.test.ts with unit tests for runSilentCommand, runSilentCommandSequence, buffer sizing, verify sequence composition/immutability, and end-to-end verify step wiring using a fake spawn.
  • Expand README.md with sections describing silent runners, sequence builders, tool-wrapper usage patterns, new subpath export, and updated public API list.
  • Update manifest.md purpose, scope, non-goals, public entrypoints, core concepts, package-boundary notes, testing strategy, and documentation obligations to explicitly cover silent verification runners and scanner policy separation.
  • Adjust @cellix/local-dev package description to mention verification helpers.
packages/cellix/local-dev/src/index.test.ts
packages/cellix/local-dev/README.md
packages/cellix/local-dev/manifest.md
packages/cellix/local-dev/package.json
Wire a new Node-based verify script that composes the repo’s verification workflow using the silent runners and update the root package to use it.
  • Create build-pipeline/scripts/verify.ts that builds a reusable VerificationSequence composed of format, architecture tests, coverage merge, e2e tests, Knip, pnpm audits, Snyk dependency/code scans, and Sonar steps, and prints a concise success message on overall success.
  • Configure Snyk wrapper steps with repository-specific org and remote-repo-url arguments while keeping them outside the shared local-dev package.
  • Change the root verify npm script to call the new TypeScript-based verify.ts via node --conditions=source instead of chaining pnpm scripts directly, and add @cellix/local-dev as a devDependency in the root package.json.
build-pipeline/scripts/verify.ts
package.json
Refine the Serenity agent formatter so it only logs a results block when there are issues and always prints an issue count in that case.
  • Short-circuit onTestRunFinished in AgentFormatter when issueCount is zero so no results section is logged for fully passing runs.
  • Simplify the final log to always print Issues: when there are any issues instead of conditionally printing an "All scenarios passed" message.
packages/cellix/serenity-framework/src/formatters/agent-formatter.ts
Update workspace dependency overrides and lockfile for security/compatibility updates and ensure local-dev subpaths are wired for build/test.
  • Adjust pnpm-workspace.yaml overrides for protobufjs, js-yaml, body-parser, @opentelemetry/propagator-jaeger, and others to newer versions, and propagate protobufjs override aliases.
  • Update pnpm-lock.yaml and Snyk/Knip configuration files accordingly to align with new dependencies (details in lock and config diffs).
  • Add vite subpath export in local-dev package.json and ensure ts/vitest configs align with new entrypoints.
pnpm-workspace.yaml
pnpm-lock.yaml
packages/cellix/local-dev/package.json
.snyk
knip.json

Possibly linked issues

  • #Silent Verify Runs - Create wrappers for scripts and enfornce native silence: PR introduces silent runners, tool-specific wrappers, and a new verify script, fulfilling the silent verification issue.

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@jasonmorais jasonmorais marked this pull request as ready for review June 22, 2026 15:32
@jasonmorais jasonmorais requested a review from a team June 22, 2026 15:32
@jasonmorais jasonmorais requested a review from a team as a code owner June 22, 2026 15:32

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 2 issues, and left some high level feedback:

  • In AgentFormatter.onTestRunFinished you now return early when issueCount === 0, which removes the previous "All scenarios passed" messaging entirely; if that feedback is still desired, consider keeping a minimal success summary instead of returning silently.
  • The verify.ts script prints a custom failure line after runSilentCommandSequence has already replayed the failing step's stdout/stderr; consider including the step exit status in that replay or adjusting the extra message to avoid redundant-but-slightly-different failure context.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In `AgentFormatter.onTestRunFinished` you now return early when `issueCount === 0`, which removes the previous "All scenarios passed" messaging entirely; if that feedback is still desired, consider keeping a minimal success summary instead of returning silently.
- The `verify.ts` script prints a custom failure line after `runSilentCommandSequence` has already replayed the failing step's stdout/stderr; consider including the step exit status in that replay or adjusting the extra message to avoid redundant-but-slightly-different failure context.

## Individual Comments

### Comment 1
<location path="build-pipeline/scripts/verify.ts" line_range="29-38" />
<code_context>
+	.addStep(sonarPullRequestAnalysis())
+	.addStep(sonarQualityGate());
+
+const isRunningAsCommand = import.meta.main;
+
+function runVerifyCommand(): void {
+	const result = cellixVerify.run();
+	if (result.status !== 0) {
+		process.stderr.write(`\nverify failed at step "${result.step.name}" (exit ${result.status})\n`);
+	} else {
+		process.stdout.write('verify passed\n');
+	}
+	process.exitCode = result.status;
+}
+
+if (isRunningAsCommand) {
+	runVerifyCommand();
+}
</code_context>
<issue_to_address>
**issue (bug_risk):** Using `import.meta.main` will never trigger in Node.js and prevents the script from running when executed directly.

In Node.js, `import.meta.main` is always `undefined`, so `runVerifyCommand()` never runs, even when this file is invoked as the entry script (e.g. via `pnpm run verify`). Use a Node-compatible check instead, such as comparing `import.meta.url` to `pathToFileURL(process.argv[1]).href`, or invoke `runVerifyCommand()` from a dedicated bootstrap file that always calls it.
</issue_to_address>

### Comment 2
<location path="package.json" line_range="52" />
<code_context>
 		"sonar:pr-windows": "for /f %i in ('node build-pipeline/scripts/get-pr-number.cjs') do set PR_NUMBER=%i && sonar-scanner -Dsonar.pullrequest.key=%PR_NUMBER% -Dsonar.pullrequest.branch=%BRANCH_NAME% -Dsonar.pullrequest.base=main",
 		"check-sonar": "node build-pipeline/scripts/check-sonar-quality-gate.cjs",
-		"verify": "pnpm run format:check && pnpm run test:arch && pnpm run test:coverage:merge && pnpm run test:e2e && pnpm run knip && pnpm run audit && pnpm run snyk && pnpm run sonar:pr && pnpm run check-sonar",
+		"verify": "node build-pipeline/scripts/verify.ts",
 		"knip": "knip",
 		"snyk": "pnpm run snyk:test && pnpm run snyk:code",
</code_context>
<issue_to_address>
**issue (bug_risk):** Running a `.ts` file directly with `node` will fail without a custom loader or precompiled JS.

This script now calls `node build-pipeline/scripts/verify.ts`, but Node can’t run TypeScript directly. Unless there’s an existing loader configured for this command (e.g. `tsx`, `ts-node`, or a custom `--loader`), it will fail at runtime. Consider either targeting the compiled `.js` file or running it via the configured TS runner instead of plain `node`.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread build-pipeline/scripts/verify.ts Outdated
Comment thread package.json Outdated
@jasonmorais

Copy link
Copy Markdown
Contributor Author

image For reference

@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue

Prompt for AI Agents
Please address the comments from this code review:

## Individual Comments

### Comment 1
<location path="build-pipeline/scripts/verify.ts" line_range="29-38" />
<code_context>
+	.addStep(sonarPullRequestAnalysis())
+	.addStep(sonarQualityGate());
+
+const isRunningAsCommand = import.meta.main;
+
+function runVerifyCommand(): void {
+	const result = cellixVerify.run();
+	if (result.status !== 0) {
+		process.stderr.write(`\nverify failed at step "${result.step.name}" (exit ${result.status})\n`);
+	} else {
+		process.stdout.write('verify passed\n');
+	}
+	process.exitCode = result.status;
+}
+
+if (isRunningAsCommand) {
+	runVerifyCommand();
+}
</code_context>
<issue_to_address>
**issue (bug_risk):** Using `import.meta.main` is likely non-portable and may prevent the verify script from running when invoked directly.

In Node’s current ESM implementation `import.meta.main` is not available, so `isRunningAsCommand` will be `undefined` and `runVerifyCommand()` will never run, even when you call `node build-pipeline/scripts/verify.ts` directly. To ensure the script actually executes as a CLI, switch to the common pattern of comparing `import.meta.url` with `pathToFileURL(process.argv[1]).href` (or another supported entry-point check).
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread build-pipeline/scripts/verify.ts Outdated
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • The new verify.ts script prints verify passed on success, which slightly conflicts with the goal of keeping successful verification runs silent; consider making this success message optional (e.g., behind a flag) or removing it to keep the workflow fully quiet when healthy.
  • The runSilentCommand helper hardcodes a 64MB maxBuffer; if you expect some tools to produce larger output, consider exposing maxBuffer (or a similar option) on SilentCommandOptions so callers can tune this per command.
  • The construction of the cellixVerify sequence in verify.ts is fairly specific and could be reused elsewhere; consider extracting this builder into a small shared helper in @cellix/local-dev (or a nearby module) so local/CI verification flows can share the same sequence definition without duplication.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The new `verify.ts` script prints `verify passed` on success, which slightly conflicts with the goal of keeping successful verification runs silent; consider making this success message optional (e.g., behind a flag) or removing it to keep the workflow fully quiet when healthy.
- The `runSilentCommand` helper hardcodes a 64MB `maxBuffer`; if you expect some tools to produce larger output, consider exposing `maxBuffer` (or a similar option) on `SilentCommandOptions` so callers can tune this per command.
- The construction of the `cellixVerify` sequence in `verify.ts` is fairly specific and could be reused elsewhere; consider extracting this builder into a small shared helper in `@cellix/local-dev` (or a nearby module) so local/CI verification flows can share the same sequence definition without duplication.

## Individual Comments

### Comment 1
<location path="packages/cellix/local-dev/src/silent-runners/index.ts" line_range="177-186" />
<code_context>
+ * @param options - Sequence steps and optional process context.
+ * @returns The final successful step result or the first failing step result.
+ */
+export function runSilentCommandSequence(options: SilentCommandSequenceOptions): SilentCommandSequenceResult {
+	const { cwd, env, spawn, steps, streams } = options;
+	if (steps.length === 0) {
+		throw new Error('runSilentCommandSequence requires at least one step');
+	}
+
+	let lastResult: SilentCommandSequenceResult | undefined;
+
+	for (const step of steps) {
+		const context: CommandSequenceContext = { cwd, env, spawn, streams };
+		const result = step.output === 'inherit' ? runInheritedCommand(buildCommandOptions(step, context)) : runSilentCommand(buildCommandOptions(step, context));
+		lastResult = {
+			...result,
+			step,
+		};
+
+		if (result.status !== 0) {
+			return lastResult;
+		}
+	}
+
+	if (!lastResult) {
+		throw new Error('runSilentCommandSequence requires at least one step');
+	}
</code_context>
<issue_to_address>
**nitpick:** The `runSilentCommandSequence` empty-steps guard is duplicated and could be simplified.

The function throws `runSilentCommandSequence requires at least one step` both on the initial `steps.length === 0` check and again when `!lastResult` after the loop. Because of the initial check, the post-loop guard is unreachable and can be removed, or you can drop the initial check and rely solely on the `lastResult` check to cover the empty-steps case.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread packages/cellix/local-dev/src/silent-runners/index.ts Outdated
@jasonmorais jasonmorais changed the title initial commit for precommit silent verify script Jun 23, 2026
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The new verify runner currently writes verify passed on success, which slightly conflicts with the "silent on success" contract of the silent runners; consider omitting this message so local runs stay fully quiet when healthy.
  • In replayFailureOutput, the stderr replay concatenates the failure banner and the tool stderr without ensuring a trailing newline from the tool output; consider always terminating the combined message with a newline to avoid malformed prompts when the tool's stderr is not newline-terminated.
  • The Snyk helper snykIacScan takes targets as the first argument whereas the other Snyk helpers accept only an options object; consider making its signature consistent (e.g., snykIacScan({ targets, args, name })) to keep the public API uniform.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The new verify runner currently writes `verify passed` on success, which slightly conflicts with the "silent on success" contract of the silent runners; consider omitting this message so local runs stay fully quiet when healthy.
- In `replayFailureOutput`, the stderr replay concatenates the failure banner and the tool stderr without ensuring a trailing newline from the tool output; consider always terminating the combined message with a newline to avoid malformed prompts when the tool's stderr is not newline-terminated.
- The Snyk helper `snykIacScan` takes `targets` as the first argument whereas the other Snyk helpers accept only an options object; consider making its signature consistent (e.g., `snykIacScan({ targets, args, name })`) to keep the public API uniform.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

# Conflicts:
#	package.json
#	packages/cellix/serenity-framework/src/formatters/agent-formatter.ts
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

Fixed security issues:

  • @opentelemetry/exporter-prometheus (link)

  • @vitest/browser (link)

  • form-data (link)

  • protobufjs (link)

  • vite (link)

  • ws (link)

  • Some of the step-definition and helper changes collapse previously multi-line logical conditions and actor.attemptsTo calls into single very long lines, which hurts readability; consider keeping these broken across lines to preserve clarity and easier diffs.

  • For runSilentCommandSequence failures you currently only show the raw command line in replayFailureOutput; consider also including the CommandSequenceStep.name so failures are easier to correlate with the higher-level verify steps (e.g. snyk:code, audit:prod).

Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- Some of the step-definition and helper changes collapse previously multi-line logical conditions and `actor.attemptsTo` calls into single very long lines, which hurts readability; consider keeping these broken across lines to preserve clarity and easier diffs.
- For `runSilentCommandSequence` failures you currently only show the raw command line in `replayFailureOutput`; consider also including the `CommandSequenceStep.name` so failures are easier to correlate with the higher-level verify steps (e.g. `snyk:code`, `audit:prod`).

## Individual Comments

### Comment 1
<location path="packages/cellix/local-dev/src/silent-runners/index.ts" line_range="283-293" />
<code_context>
+		...(step.args ? { args: step.args } : {}),
+		...(options.cwd ? { cwd: options.cwd } : {}),
+		...(options.env ? { env: options.env } : {}),
+		...(step.maxBuffer !== undefined ? { maxBuffer: step.maxBuffer } : options.maxBuffer !== undefined ? { maxBuffer: options.maxBuffer } : {}),
+		...(options.spawn ? { spawn: options.spawn } : {}),
+		...(options.streams ? { streams: options.streams } : {}),
</code_context>
<issue_to_address>
**suggestion:** Nested ternary for resolving maxBuffer hurts readability and is easy to misinterpret.

Consider replacing this nested ternary with clearer logic, e.g. compute `const maxBuffer = step.maxBuffer ?? options.maxBuffer;` and then conditionally spread `{ maxBuffer }`, or use straightforward `if` branches. This makes the precedence explicit and reduces the chance of mistakes if more options are added later.

```suggestion
function buildCommandOptions(step: CommandSequenceStep, options: CommandSequenceContext): SilentCommandOptions {
	const maxBuffer = step.maxBuffer ?? options.maxBuffer;

	return {
		...(step.args ? { args: step.args } : {}),
		...(options.cwd ? { cwd: options.cwd } : {}),
		...(options.env ? { env: options.env } : {}),
		...(maxBuffer !== undefined ? { maxBuffer } : {}),
		...(options.spawn ? { spawn: options.spawn } : {}),
		...(options.streams ? { streams: options.streams } : {}),
		command: step.command,
	};
}
```
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread packages/cellix/local-dev/src/silent-runners/index.ts
# Conflicts:
#	pnpm-lock.yaml
#	pnpm-workspace.yaml
# Conflicts:
#	packages/cellix/local-dev/README.md
#	packages/cellix/local-dev/manifest.md
#	packages/cellix/local-dev/package.json
#	packages/cellix/local-dev/src/index.test.ts
#	packages/cellix/local-dev/src/index.ts
#	packages/cellix/local-dev/tsconfig.vitest.json
#	packages/cellix/local-dev/vitest.config.ts
#	pnpm-lock.yaml
#	pnpm-workspace.yaml
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!

Fixed security issues:

  • @opentelemetry/exporter-prometheus (link)
  • @vitest/browser (link)
  • form-data (link)
  • protobufjs (link)
  • vite (link)
  • ws (link)

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants