Add standardized CLAUDE.md documentation file (AST-146798)#710
Add standardized CLAUDE.md documentation file (AST-146798)#710cx-rahul-pidde wants to merge 11 commits intomainfrom
Conversation
This commit introduces a comprehensive Cloud.md file following the standardized Cloud MD documentation template from epic AST-146793. The file includes: Essential Sections: - Project Overview: Purpose, status, and repository information - Architecture: System design, components, and data flow - Repository Structure: Directory organization and file purposes - Technology Stack: Languages, frameworks, and dependencies - Development Setup: Installation, build, and local testing instructions - Coding Standards: TypeScript style guide and best practices - Project Rules: Development constraints and contribution requirements - Testing Strategy: Test framework, types, and coverage requirements - Known Issues: Current limitations and workarounds Recommended Sections: - Database Schema: Clarification on stateless design - External Integrations: Checkmarx One, Azure DevOps, Marketplace - Deployment Info: Publishing process and installation - Performance Considerations: Optimization tips and known issues - API/Endpoints/Interfaces: Task inputs, outputs, and parameters - Security & Access: Authentication, authorization, and credential management - Logging: Log output, levels, and masking - Debugging Steps: Common issues, solutions, and diagnostic commands Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
|
Great job! No new security vulnerabilities introduced in this pull request |
cx-atish-jadhav
left a comment
cx-atish-jadhav
left a comment
There was a problem hiding this comment.
Review: CLAUDE.md Documentation
Good coverage overall — all 17 sections from the epic are present and the structure is clean. However, several sections reference inputs, files, and paths that do not match the actual codebase. These need to be corrected before merge so the document doesn't mislead contributors or AI assistants using it as a codebase map.
See inline comments for specific line-level issues.
| @@ -0,0 +1,828 @@ | |||
| # Cloud.md - AST Azure Plugin | |||
There was a problem hiding this comment.
File title is wrong.
The file is named CLAUDE.md but the title reads # Cloud.md - AST Azure Plugin. Please update to:
# CLAUDE.md - AST Azure Plugin
| │ └── PULL_REQUEST_TEMPLATE.md # PR template | ||
| │ | ||
| ├── images/ # Documentation images | ||
| ├── scripts/ # Build and utility scripts |
There was a problem hiding this comment.
scripts/ directory does not exist in the repository.
Searched the entire repo — there is no scripts/ directory. Please remove this line from the structure diagram.
| ├── cxAstScan/ # Main plugin source code | ||
| │ ├── index.ts # Entry point for the ADO task | ||
| │ ├── cleanup.ts # Cleanup entry point | ||
| │ ├── services/ |
There was a problem hiding this comment.
cxAstScan/task.json is missing from the repository structure.
This is one of the most important files in the plugin — it is the ADO task definition manifest that defines task inputs, output variables, execution target (Node20_1), and minimum agent version (3.232.1). It should be listed here alongside index.ts and cleanup.ts.
| ### Languages & Runtime | ||
| - **TypeScript** 5.6.3+ - Primary development language | ||
| - **Node.js** 16.0+ - Runtime requirement (`engines.node >= 16`) | ||
| - **ES2015** - Compilation target for backward compatibility |
There was a problem hiding this comment.
Node.js runtime version is incorrect.
cxAstScan/task.json specifies "Node20_1" as the execution target (with minimumAgentVersion: 3.232.1). The plugin requires Node 20, not Node 16. Please update to:
- **Node.js** 20.0+ - Runtime requirement
| - **ES2015** - Compilation target for backward compatibility | ||
|
|
||
| ### Core Dependencies | ||
| - **azure-pipelines-task-lib** - Azure DevOps task library for ADO integration |
There was a problem hiding this comment.
azure-pipelines-task-lib is not in the root package.json.
The root package.json dependencies are: nyc, typescript-logging, vss-web-extension-sdk, @babel/helpers. azure-pipelines-task-lib lives in cxAstScan/package.json (the task-level package). Please clarify this is a task-level dependency, not a workspace-root one.
|
|
||
| ### Type Safety | ||
|
|
||
| - **Strict Mode**: Enabled in `tsconfig.json` (`"strict": true`) |
There was a problem hiding this comment.
Coding standard contradicts the actual TypeScript and ESLint configuration.
The doc says "avoid any where possible", but:
cxAstScan/tsconfig.jsonhas"noImplicitAny": false(overridingstrict).eslintrc.jsonhas"@typescript-eslint/no-explicit-any": 0
Both tools explicitly permit any. The standards doc should reflect what the tooling actually enforces, not a stricter ideal.
| #### Unit Tests | ||
| - Located in `cxAstScan/test/` with filenames matching test scenario | ||
| - Each test file extends `_suite.ts` base test class | ||
| - Tests cover both success and failure scenarios |
There was a problem hiding this comment.
_suite.ts is not a base class — this description is inaccurate.
_suite.ts is the Mocha entry point that requires all individual test files. The test files don't extend or inherit from it. Please update to:
_suite.tsis the Mocha entry point that imports all individual test files
|
|
||
| | Input | Type | Required | Default | Description | | ||
| |-------|------|----------|---------|-------------| | ||
| | `checkmarxService` | Endpoint | Yes | N/A | Azure DevOps service connection to Checkmarx One | |
There was a problem hiding this comment.
Task Inputs table has multiple errors — please update based on cxAstScan/task.json.
Issues found:
CheckmarxService— documented as Required: Yes, buttask.jsonhas"required": falsetenantNameinput is completely missing from the table (optional string, label: "Tenant Name")projectNameandbranchNamehave ADO variable defaults not shown ($(Build.Repository.Name)and$(Build.SourceBranchName)respectively)
Corrected table:
| Input | Type | Required | Default | Description |
|---|---|---|---|---|
CheckmarxService |
Endpoint | No | `` | Service connection to Checkmarx One |
projectName |
String | Yes | $(Build.Repository.Name) |
Checkmarx One project name |
branchName |
String | Yes | $(Build.SourceBranchName) |
Repository branch being scanned |
tenantName |
String | No | `` | Tenant name for the Checkmarx One instance |
additionalParams |
String | No | `` | CLI parameters for scan customization |
| The plugin sets these Azure DevOps variables after execution: | ||
|
|
||
| | Variable | Scope | Description | | ||
| |----------|-------|-------------| |
There was a problem hiding this comment.
CxOneCurrentScanId is not a declared output variable.
task.json only declares CxOneScanId in OutputVariables. CxOneCurrentScanId is set programmatically inside the code but is not an official ADO output variable consumers can reference downstream. Please remove it from this table or add a note clarifying it is an internal variable only.
| To gather diagnostic information for support: | ||
|
|
||
| 1. **Enable debug mode** in pipeline | ||
| 2. **Capture task output**: Copy entire console log |
There was a problem hiding this comment.
Log file path is wrong.
The actual log filename (from cxAstScan/services/Utils.ts) follows the pattern CxLog_<Build.BuildId>.txt stored in Agent.TempDirectory. Please update to:
Agent.TempDirectory/CxLog_<Build.BuildId>.txt
2 participants
Summary
Add a comprehensive CLAUDE.md file following the standardized Cloud MD documentation template from epic AST-146793. This file provides complete documentation for understanding, deploying, and maintaining the ast-azure-plugin repository.
Changes
Acceptance Criteria
Testing
Documentation reviewed for completeness and accuracy against:
🤖 Generated with Claude Code