Skip to content

silent verify script#282

Open
jasonmorais wants to merge 17 commits into
mainfrom
jason/silent-verify
Open

silent verify script#282
jasonmorais wants to merge 17 commits into
mainfrom
jason/silent-verify

Conversation

@jasonmorais

@jasonmorais jasonmorais commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary by Sourcery

Introduce a reusable silent verification runner package and wire it into the repo’s verify workflow while keeping existing checks intact.

New Features:

  • Add the @cellix/local-dev package providing silent command runners, verification sequences, and tool-specific wrappers for pnpm, Snyk, Sonar, Knip, and test scripts.
  • Expose the silent runner utilities via a documented public API and add tests and configuration for the new local-dev package.
  • Add a Node-based verify script that composes the existing verification steps using the new silent runner primitives and prints a concise success message.

Bug Fixes:

  • Prevent the Serenity agent formatter from logging a results section when there are no issues.

Enhancements:

  • Tidy various import orders and formatting across the codebase for consistency.
  • Slightly adjust agent result messaging to always log the issue count when there are any.
  • Export additional queue storage service and JSON schema helper types from the queue storage package.

Build:

  • Update the root verify script to use the new TypeScript-based runner instead of an inline pnpm command chain.
  • Register the @cellix/local-dev workspace package and wire its build, lint, and test scripts into the monorepo setup.

Documentation:

  • Add README and manifest documentation describing the purpose, API, and usage patterns of the @cellix/local-dev silent runners.

@sourcery-ai

sourcery-ai Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Introduces a new @cellix/local-dev package that provides silent command runners and a fluent verification sequence API, rewires the root verify workflow to use a new Node-based script built on these utilities, and adjusts the agent formatter to suppress output on success while still logging issue counts on failure, alongside minor export/import tidy-ups and docs/tests for the new package.

Sequence diagram for the new silent verify workflow

sequenceDiagram
    actor Dev
    participant VerifyScript as verify.ts
    participant VerifySeq as VerificationSequence
    participant SeqRunner as runSilentCommandSequence
    participant CmdRunner as runSilentCommand

    Dev->>VerifyScript: runVerifyCommand()
    VerifyScript->>VerifySeq: run()
    VerifySeq->>SeqRunner: runSilentCommandSequence(options)

    loop steps in sequence
        SeqRunner->>CmdRunner: runSilentCommand(step)
        alt [command succeeds]
            CmdRunner-->>SeqRunner: SilentCommandResult(status=0)
        else [command fails]
            CmdRunner-->>SeqRunner: SilentCommandResult(status!=0)
            SeqRunner-->>VerifySeq: SilentCommandSequenceResult(step, status!=0)
            VerifySeq-->>VerifyScript: result
            VerifyScript-->>Dev: process.exitCode = status
        end
    end

    SeqRunner-->>VerifySeq: SilentCommandSequenceResult(status=0)
    VerifySeq-->>VerifyScript: result(status=0)
    VerifyScript->>Dev: write verify passed
    VerifyScript->>Dev: process.exitCode = 0
Loading

Sequence diagram for updated agent formatter output logic

sequenceDiagram
    participant Formatter as AgentFormatter
    participant Runner as CucumberRunner

    Runner->>Formatter: onTestRunFinished(testRunFinished)
    alt [issueCount === 0]
        Formatter-->>Runner: return (no log)
    else [issueCount > 0]
        Formatter->>Formatter: log("\n--- (Agent) Results ---\n")
        Formatter->>Formatter: log(statusCounts)
        Formatter->>Formatter: log(duration)
        Formatter->>Formatter: log("Issues: " + issueCount)
    end
Loading

File-Level Changes

Change Details Files
Add reusable silent command runner and verification sequence utilities plus tool-specific wrappers in @cellix/local-dev.
  • Implement runSilentCommand and runSilentCommandSequence to capture output and only replay it on failure, with configurable buffers and injectable spawn/stream dependencies.
  • Provide a VerificationSequence builder and shared verificationSequence instance for fluent, reusable workflows.
  • Add pnpm, pnpm audit, Knip, Snyk (dependency/code/IaC), Sonar, and test runner helpers that return CommandSequenceStep descriptors.
  • Export a consolidated public API surface for all silent-runner types and helpers from the package root.
packages/cellix/local-dev/src/silent-runners/index.ts
packages/cellix/local-dev/src/silent-runners/pnpm.ts
packages/cellix/local-dev/src/silent-runners/pnpm-audit.ts
packages/cellix/local-dev/src/silent-runners/knip.ts
packages/cellix/local-dev/src/silent-runners/snyk.ts
packages/cellix/local-dev/src/silent-runners/sonar.ts
packages/cellix/local-dev/src/silent-runners/test-runners.ts
packages/cellix/local-dev/src/index.ts
packages/cellix/local-dev/package.json
Wire root verify workflow through the new silent verification utilities with a Node-based script and workspace plumbing.
  • Replace the long inline verify npm script with a Node entrypoint that builds a verificationSequence using the new helpers and prints a single success line on complete pass.
  • Pass Snyk org/policy/repo arguments via the new Snyk wrappers while keeping tool-CLI details encoded in @cellix/local-dev.
  • Add @cellix/local-dev as a workspace dev dependency and update lockfile/build config as needed.
build-pipeline/scripts/verify.ts
package.json
pnpm-lock.yaml
turbo.json
knip.json
biome.json
Add tests, configs, and docs for @cellix/local-dev and the silent verification behavior.
  • Create Vitest tests that validate silent success, failure replay, buffer configuration, and full verify-step ordering using injected spawn functions and fake streams.
  • Add Vitest and TypeScript configs scoped to the local-dev package, including path aliases for source-based imports during tests.
  • Document silent runner concepts, API, and usage patterns in README plus a manifest describing package intent and boundaries.
packages/cellix/local-dev/src/index.test.ts
packages/cellix/local-dev/vitest.config.ts
packages/cellix/local-dev/tsconfig.json
packages/cellix/local-dev/tsconfig.vitest.json
packages/cellix/local-dev/README.md
packages/cellix/local-dev/manifest.md
Suppress agent formatter output when there are no issues and simplify issue logging on failure.
  • Short-circuit AgentFormatter.onTestRunFinished when issueCount is zero so no result banner is printed for fully passing runs.
  • Always log a simple Issues: line when there are failures instead of conditionally printing a success message.
packages/cellix/serenity-framework/src/formatters/agent-formatter.ts
Minor export/import and formatting adjustments for queue storage and test code.
  • Reorder and extend exports in service-queue-storage index to surface JSON schema types and internal lifecycle/logging types more cleanly.
  • Tidy various imports (order and type positioning) and inline a few multi-line logical expressions/actor calls without changing behavior.
  • Adjust readme spacing and keep tool configs in sync with the new package.
packages/cellix/service-queue-storage/src/index.ts
packages/ocom/service-queue-storage/src/schemas/inbound/end-user-update.ts
packages/ocom-verification/e2e-tests/src/shared/support/queue-storage.ts
packages/ocom-verification/acceptance-ui/src/contexts/community/step-definitions/create-community.steps.tsx
packages/ocom/persistence/src/datasources/domain/community/community/community.domain-adapter.ts
apps/server-oauth2-mock/src/index.ts
packages/ocom-verification/acceptance-api/src/mock-application-services.ts
packages/ocom-verification/e2e-tests/src/contexts/community/step-definitions/create-community.steps.ts
readme.md

Possibly linked issues

  • #: PR delivers the silent verify wrappers, tool-specific runners, and root verify integration requested in the issue.

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@jasonmorais jasonmorais marked this pull request as ready for review June 22, 2026 15:32
@jasonmorais jasonmorais requested a review from a team June 22, 2026 15:32
@jasonmorais jasonmorais requested a review from a team as a code owner June 22, 2026 15:32

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 2 issues, and left some high level feedback:

  • In AgentFormatter.onTestRunFinished you now return early when issueCount === 0, which removes the previous "All scenarios passed" messaging entirely; if that feedback is still desired, consider keeping a minimal success summary instead of returning silently.
  • The verify.ts script prints a custom failure line after runSilentCommandSequence has already replayed the failing step's stdout/stderr; consider including the step exit status in that replay or adjusting the extra message to avoid redundant-but-slightly-different failure context.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In `AgentFormatter.onTestRunFinished` you now return early when `issueCount === 0`, which removes the previous "All scenarios passed" messaging entirely; if that feedback is still desired, consider keeping a minimal success summary instead of returning silently.
- The `verify.ts` script prints a custom failure line after `runSilentCommandSequence` has already replayed the failing step's stdout/stderr; consider including the step exit status in that replay or adjusting the extra message to avoid redundant-but-slightly-different failure context.

## Individual Comments

### Comment 1
<location path="build-pipeline/scripts/verify.ts" line_range="29-38" />
<code_context>
+	.addStep(sonarPullRequestAnalysis())
+	.addStep(sonarQualityGate());
+
+const isRunningAsCommand = import.meta.main;
+
+function runVerifyCommand(): void {
+	const result = cellixVerify.run();
+	if (result.status !== 0) {
+		process.stderr.write(`\nverify failed at step "${result.step.name}" (exit ${result.status})\n`);
+	} else {
+		process.stdout.write('verify passed\n');
+	}
+	process.exitCode = result.status;
+}
+
+if (isRunningAsCommand) {
+	runVerifyCommand();
+}
</code_context>
<issue_to_address>
**issue (bug_risk):** Using `import.meta.main` will never trigger in Node.js and prevents the script from running when executed directly.

In Node.js, `import.meta.main` is always `undefined`, so `runVerifyCommand()` never runs, even when this file is invoked as the entry script (e.g. via `pnpm run verify`). Use a Node-compatible check instead, such as comparing `import.meta.url` to `pathToFileURL(process.argv[1]).href`, or invoke `runVerifyCommand()` from a dedicated bootstrap file that always calls it.
</issue_to_address>

### Comment 2
<location path="package.json" line_range="52" />
<code_context>
 		"sonar:pr-windows": "for /f %i in ('node build-pipeline/scripts/get-pr-number.cjs') do set PR_NUMBER=%i && sonar-scanner -Dsonar.pullrequest.key=%PR_NUMBER% -Dsonar.pullrequest.branch=%BRANCH_NAME% -Dsonar.pullrequest.base=main",
 		"check-sonar": "node build-pipeline/scripts/check-sonar-quality-gate.cjs",
-		"verify": "pnpm run format:check && pnpm run test:arch && pnpm run test:coverage:merge && pnpm run test:e2e && pnpm run knip && pnpm run audit && pnpm run snyk && pnpm run sonar:pr && pnpm run check-sonar",
+		"verify": "node build-pipeline/scripts/verify.ts",
 		"knip": "knip",
 		"snyk": "pnpm run snyk:test && pnpm run snyk:code",
</code_context>
<issue_to_address>
**issue (bug_risk):** Running a `.ts` file directly with `node` will fail without a custom loader or precompiled JS.

This script now calls `node build-pipeline/scripts/verify.ts`, but Node can’t run TypeScript directly. Unless there’s an existing loader configured for this command (e.g. `tsx`, `ts-node`, or a custom `--loader`), it will fail at runtime. Consider either targeting the compiled `.js` file or running it via the configured TS runner instead of plain `node`.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread build-pipeline/scripts/verify.ts Outdated
Comment thread package.json Outdated
@jasonmorais

Copy link
Copy Markdown
Contributor Author

image For reference

@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue

Prompt for AI Agents
Please address the comments from this code review:

## Individual Comments

### Comment 1
<location path="build-pipeline/scripts/verify.ts" line_range="29-38" />
<code_context>
+	.addStep(sonarPullRequestAnalysis())
+	.addStep(sonarQualityGate());
+
+const isRunningAsCommand = import.meta.main;
+
+function runVerifyCommand(): void {
+	const result = cellixVerify.run();
+	if (result.status !== 0) {
+		process.stderr.write(`\nverify failed at step "${result.step.name}" (exit ${result.status})\n`);
+	} else {
+		process.stdout.write('verify passed\n');
+	}
+	process.exitCode = result.status;
+}
+
+if (isRunningAsCommand) {
+	runVerifyCommand();
+}
</code_context>
<issue_to_address>
**issue (bug_risk):** Using `import.meta.main` is likely non-portable and may prevent the verify script from running when invoked directly.

In Node’s current ESM implementation `import.meta.main` is not available, so `isRunningAsCommand` will be `undefined` and `runVerifyCommand()` will never run, even when you call `node build-pipeline/scripts/verify.ts` directly. To ensure the script actually executes as a CLI, switch to the common pattern of comparing `import.meta.url` with `pathToFileURL(process.argv[1]).href` (or another supported entry-point check).
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread build-pipeline/scripts/verify.ts Outdated
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • The new verify.ts script prints verify passed on success, which slightly conflicts with the goal of keeping successful verification runs silent; consider making this success message optional (e.g., behind a flag) or removing it to keep the workflow fully quiet when healthy.
  • The runSilentCommand helper hardcodes a 64MB maxBuffer; if you expect some tools to produce larger output, consider exposing maxBuffer (or a similar option) on SilentCommandOptions so callers can tune this per command.
  • The construction of the cellixVerify sequence in verify.ts is fairly specific and could be reused elsewhere; consider extracting this builder into a small shared helper in @cellix/local-dev (or a nearby module) so local/CI verification flows can share the same sequence definition without duplication.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The new `verify.ts` script prints `verify passed` on success, which slightly conflicts with the goal of keeping successful verification runs silent; consider making this success message optional (e.g., behind a flag) or removing it to keep the workflow fully quiet when healthy.
- The `runSilentCommand` helper hardcodes a 64MB `maxBuffer`; if you expect some tools to produce larger output, consider exposing `maxBuffer` (or a similar option) on `SilentCommandOptions` so callers can tune this per command.
- The construction of the `cellixVerify` sequence in `verify.ts` is fairly specific and could be reused elsewhere; consider extracting this builder into a small shared helper in `@cellix/local-dev` (or a nearby module) so local/CI verification flows can share the same sequence definition without duplication.

## Individual Comments

### Comment 1
<location path="packages/cellix/local-dev/src/silent-runners/index.ts" line_range="177-186" />
<code_context>
+ * @param options - Sequence steps and optional process context.
+ * @returns The final successful step result or the first failing step result.
+ */
+export function runSilentCommandSequence(options: SilentCommandSequenceOptions): SilentCommandSequenceResult {
+	const { cwd, env, spawn, steps, streams } = options;
+	if (steps.length === 0) {
+		throw new Error('runSilentCommandSequence requires at least one step');
+	}
+
+	let lastResult: SilentCommandSequenceResult | undefined;
+
+	for (const step of steps) {
+		const context: CommandSequenceContext = { cwd, env, spawn, streams };
+		const result = step.output === 'inherit' ? runInheritedCommand(buildCommandOptions(step, context)) : runSilentCommand(buildCommandOptions(step, context));
+		lastResult = {
+			...result,
+			step,
+		};
+
+		if (result.status !== 0) {
+			return lastResult;
+		}
+	}
+
+	if (!lastResult) {
+		throw new Error('runSilentCommandSequence requires at least one step');
+	}
</code_context>
<issue_to_address>
**nitpick:** The `runSilentCommandSequence` empty-steps guard is duplicated and could be simplified.

The function throws `runSilentCommandSequence requires at least one step` both on the initial `steps.length === 0` check and again when `!lastResult` after the loop. Because of the initial check, the post-loop guard is unreachable and can be removed, or you can drop the initial check and rely solely on the `lastResult` check to cover the empty-steps case.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread packages/cellix/local-dev/src/silent-runners/index.ts Outdated
@jasonmorais jasonmorais changed the title initial commit for precommit silent verify script Jun 23, 2026
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The new verify runner currently writes verify passed on success, which slightly conflicts with the "silent on success" contract of the silent runners; consider omitting this message so local runs stay fully quiet when healthy.
  • In replayFailureOutput, the stderr replay concatenates the failure banner and the tool stderr without ensuring a trailing newline from the tool output; consider always terminating the combined message with a newline to avoid malformed prompts when the tool's stderr is not newline-terminated.
  • The Snyk helper snykIacScan takes targets as the first argument whereas the other Snyk helpers accept only an options object; consider making its signature consistent (e.g., snykIacScan({ targets, args, name })) to keep the public API uniform.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The new verify runner currently writes `verify passed` on success, which slightly conflicts with the "silent on success" contract of the silent runners; consider omitting this message so local runs stay fully quiet when healthy.
- In `replayFailureOutput`, the stderr replay concatenates the failure banner and the tool stderr without ensuring a trailing newline from the tool output; consider always terminating the combined message with a newline to avoid malformed prompts when the tool's stderr is not newline-terminated.
- The Snyk helper `snykIacScan` takes `targets` as the first argument whereas the other Snyk helpers accept only an options object; consider making its signature consistent (e.g., `snykIacScan({ targets, args, name })`) to keep the public API uniform.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

# Conflicts:
#	package.json
#	packages/cellix/serenity-framework/src/formatters/agent-formatter.ts
@jasonmorais

Copy link
Copy Markdown
Contributor Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

Fixed security issues:

  • @opentelemetry/exporter-prometheus (link)

  • @vitest/browser (link)

  • form-data (link)

  • protobufjs (link)

  • vite (link)

  • ws (link)

  • Some of the step-definition and helper changes collapse previously multi-line logical conditions and actor.attemptsTo calls into single very long lines, which hurts readability; consider keeping these broken across lines to preserve clarity and easier diffs.

  • For runSilentCommandSequence failures you currently only show the raw command line in replayFailureOutput; consider also including the CommandSequenceStep.name so failures are easier to correlate with the higher-level verify steps (e.g. snyk:code, audit:prod).

Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- Some of the step-definition and helper changes collapse previously multi-line logical conditions and `actor.attemptsTo` calls into single very long lines, which hurts readability; consider keeping these broken across lines to preserve clarity and easier diffs.
- For `runSilentCommandSequence` failures you currently only show the raw command line in `replayFailureOutput`; consider also including the `CommandSequenceStep.name` so failures are easier to correlate with the higher-level verify steps (e.g. `snyk:code`, `audit:prod`).

## Individual Comments

### Comment 1
<location path="packages/cellix/local-dev/src/silent-runners/index.ts" line_range="283-293" />
<code_context>
+		...(step.args ? { args: step.args } : {}),
+		...(options.cwd ? { cwd: options.cwd } : {}),
+		...(options.env ? { env: options.env } : {}),
+		...(step.maxBuffer !== undefined ? { maxBuffer: step.maxBuffer } : options.maxBuffer !== undefined ? { maxBuffer: options.maxBuffer } : {}),
+		...(options.spawn ? { spawn: options.spawn } : {}),
+		...(options.streams ? { streams: options.streams } : {}),
</code_context>
<issue_to_address>
**suggestion:** Nested ternary for resolving maxBuffer hurts readability and is easy to misinterpret.

Consider replacing this nested ternary with clearer logic, e.g. compute `const maxBuffer = step.maxBuffer ?? options.maxBuffer;` and then conditionally spread `{ maxBuffer }`, or use straightforward `if` branches. This makes the precedence explicit and reduces the chance of mistakes if more options are added later.

```suggestion
function buildCommandOptions(step: CommandSequenceStep, options: CommandSequenceContext): SilentCommandOptions {
	const maxBuffer = step.maxBuffer ?? options.maxBuffer;

	return {
		...(step.args ? { args: step.args } : {}),
		...(options.cwd ? { cwd: options.cwd } : {}),
		...(options.env ? { env: options.env } : {}),
		...(maxBuffer !== undefined ? { maxBuffer } : {}),
		...(options.spawn ? { spawn: options.spawn } : {}),
		...(options.streams ? { streams: options.streams } : {}),
		command: step.command,
	};
}
```
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread packages/cellix/local-dev/src/silent-runners/index.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant