Skip to content

Commit 7353fbd

Browse files
committed
chore(wheelhouse): cascade template@720f4328
Auto-applied by socket-wheelhouse sync-scaffolding into socket-lib. 3 file(s) touched: - pnpm-workspace.yaml - scripts/fleet/ai-lint-fix/rule-guidance.mts - scripts/fleet/publish-release.mts
1 parent 5922d4c commit 7353fbd

3 files changed

Lines changed: 71 additions & 323 deletions

File tree

pnpm-workspace.yaml

Lines changed: 43 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ catalog:
6161
# Fleet bundler (replaces esbuild). Single-sourced to match the
6262
# wheelhouse catalog pin + the rolldown vite 8.0.14 bundles natively.
6363
'playwright-core': 1.60.0
64-
'regjsparser': 0.13.1
64+
'regjsparser': 0.13.2
6565
'rolldown': 1.1.0
6666
'shell-quote': 1.8.4
6767
'taze': 19.14.1
@@ -113,6 +113,48 @@ minimumReleaseAgeExclude:
113113
# esbuild + its platform binaries — test-only browser-bundle e2e dep (the build
114114
# bundler is rolldown). All published 2026-06-11; the 7-day soak clears
115115
# 2026-06-18, after which this whole block is removable.
116+
# published: 2026-06-18 | removable: 2026-06-25
117+
- 'typescript@7.0.1-rc'
118+
# published: 2026-06-18 | removable: 2026-06-25
119+
- '@typescript/typescript-aix-ppc64@7.0.1-rc'
120+
# published: 2026-06-18 | removable: 2026-06-25
121+
- '@typescript/typescript-darwin-arm64@7.0.1-rc'
122+
# published: 2026-06-18 | removable: 2026-06-25
123+
- '@typescript/typescript-darwin-x64@7.0.1-rc'
124+
# published: 2026-06-18 | removable: 2026-06-25
125+
- '@typescript/typescript-freebsd-arm64@7.0.1-rc'
126+
# published: 2026-06-18 | removable: 2026-06-25
127+
- '@typescript/typescript-freebsd-x64@7.0.1-rc'
128+
# published: 2026-06-18 | removable: 2026-06-25
129+
- '@typescript/typescript-linux-arm@7.0.1-rc'
130+
# published: 2026-06-18 | removable: 2026-06-25
131+
- '@typescript/typescript-linux-arm64@7.0.1-rc'
132+
# published: 2026-06-18 | removable: 2026-06-25
133+
- '@typescript/typescript-linux-loong64@7.0.1-rc'
134+
# published: 2026-06-18 | removable: 2026-06-25
135+
- '@typescript/typescript-linux-mips64el@7.0.1-rc'
136+
# published: 2026-06-18 | removable: 2026-06-25
137+
- '@typescript/typescript-linux-ppc64@7.0.1-rc'
138+
# published: 2026-06-18 | removable: 2026-06-25
139+
- '@typescript/typescript-linux-riscv64@7.0.1-rc'
140+
# published: 2026-06-18 | removable: 2026-06-25
141+
- '@typescript/typescript-linux-s390x@7.0.1-rc'
142+
# published: 2026-06-18 | removable: 2026-06-25
143+
- '@typescript/typescript-linux-x64@7.0.1-rc'
144+
# published: 2026-06-18 | removable: 2026-06-25
145+
- '@typescript/typescript-netbsd-arm64@7.0.1-rc'
146+
# published: 2026-06-18 | removable: 2026-06-25
147+
- '@typescript/typescript-netbsd-x64@7.0.1-rc'
148+
# published: 2026-06-18 | removable: 2026-06-25
149+
- '@typescript/typescript-openbsd-arm64@7.0.1-rc'
150+
# published: 2026-06-18 | removable: 2026-06-25
151+
- '@typescript/typescript-openbsd-x64@7.0.1-rc'
152+
# published: 2026-06-18 | removable: 2026-06-25
153+
- '@typescript/typescript-sunos-x64@7.0.1-rc'
154+
# published: 2026-06-18 | removable: 2026-06-25
155+
- '@typescript/typescript-win32-arm64@7.0.1-rc'
156+
# published: 2026-06-18 | removable: 2026-06-25
157+
- '@typescript/typescript-win32-x64@7.0.1-rc'
116158

117159
# Refuse transitive dependencies declared via git/tarball/local-tarball
118160
# specs — an npm package shouldn't be allowed to drag in a git URL we

scripts/fleet/ai-lint-fix/rule-guidance.mts

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,16 @@ export const AI_HANDLED_RULES: ReadonlySet<string> = new Set([
2727
'socket/inclusive-language',
2828
'socket/max-file-lines',
2929
'socket/no-fetch-prefer-http-request',
30+
'socket/no-malformed-bypass-marker',
31+
'socket/no-namespace-import',
3032
'socket/no-placeholders',
33+
'socket/no-source-sniffing',
3134
'socket/personal-path-placeholders',
3235
'socket/prefer-async-spawn',
3336
'socket/prefer-exists-sync',
3437
'socket/prefer-node-builtin-imports',
38+
'socket/prefer-non-capturing-group',
39+
'socket/prefer-normalize-path',
3540
'socket/prefer-undefined-over-null',
3641
'socket/require-regex-comment',
3742
])
@@ -59,8 +64,11 @@ export const RULE_MODEL_TIER: Readonly<
5964
> = {
6065
__proto__: null,
6166
// Identifier renames, single-token substitutions, namespace rewrites.
62-
// The right rewrite is fully determined by the pattern that fired.
67+
// The right rewrite is fully determined by the pattern that fired
68+
// (appending a `-- reason` to a marker, `import * as` → named imports).
6369
'socket/inclusive-language': 'haiku',
70+
'socket/no-malformed-bypass-marker': 'haiku',
71+
'socket/no-namespace-import': 'haiku',
6472
'socket/no-placeholders': 'haiku',
6573
'socket/personal-path-placeholders': 'haiku',
6674
'socket/prefer-node-builtin-imports': 'haiku',
@@ -70,8 +78,17 @@ export const RULE_MODEL_TIER: Readonly<
7078
// the sync→async caller chain, the fetch → httpJson error-handling
7179
// shape). Sonnet's reasoning is the right depth.
7280
'socket/no-fetch-prefer-http-request': 'sonnet',
81+
// Source-sniffing: rewrite a text-scan into a typed-export read or AST parse
82+
// (or justify-disable when the scan is genuinely necessary) — reads + reasons
83+
// about surrounding code, not a mechanical substitution.
84+
'socket/no-source-sniffing': 'sonnet',
7385
'socket/prefer-async-spawn': 'sonnet',
7486
'socket/prefer-exists-sync': 'sonnet',
87+
// Capture group: decide used→named vs unused→non-capturing by reading how the
88+
// match is consumed; normalize-path: pick the right import for a self-aliasing
89+
// lib. Both read surrounding code, so Sonnet's depth over Haiku's.
90+
'socket/prefer-non-capturing-group': 'sonnet',
91+
'socket/prefer-normalize-path': 'sonnet',
7592
// Reading a regex and writing a part-by-part breakdown comment is reasoning
7693
// about pattern semantics — Sonnet's the right depth (Haiku tends to write a
7794
// shallow restatement; Opus is overkill).
@@ -215,6 +232,16 @@ export const RULE_GUIDANCE: Readonly<Record<string, string>> = {
215232
'Implement the placeholder. If the work is too large, do NOT delete the marker — leave the file unchanged and explain in your final reply.',
216233
'socket/no-fetch-prefer-http-request':
217234
'Replace `fetch(url, opts)` with the right helper from `@socketsecurity/lib-stable/http-request`: `httpJson` when the caller calls `.json()` on the response, `httpText` when it calls `.text()`, `httpRequest` for raw access. Add the named import.',
235+
'socket/no-malformed-bypass-marker':
236+
'A disable marker (`oxlint-disable-next-line <rule>` or `socket-lint: allow <rule>`) is missing its required `-- <reason>`. Append ` -- <reason>` where the reason states WHY the waiver is correct, read from the disabled line plus any comment directly above it (for example `// oxlint-disable-next-line socket/prefer-undefined-over-null -- spec returns null here`). Keep the marker AND the code it guards exactly as-is; only add the reason. If multiple rules are listed, justify them all. Never delete the marker or change the guarded line.',
237+
'socket/no-namespace-import':
238+
'Rewrite a namespace import (`import * as X from "..."`) to named imports with the names actually used: inspect every `X.foo` reference in the file, import exactly those (`import { foo, bar } from "..."`), and change each `X.foo` to bare `foo`. If `X` is passed as a value (for example `someApi(X)`), or the import is a test module-mock or a bare Node builtin, keep the namespace form and add a `// no-namespace-import: passed-as-value` comment instead.',
239+
'socket/no-source-sniffing':
240+
'Code that scans source/file TEXT with a regex to infer behavior (for example, regex-testing a file string for a `module.exports =` assignment or an export keyword). Prefer rewriting to import the module and read its typed export (e.g. a `defineHook` instance), or parse the AST, instead of matching raw text. If a behavior-preserving rewrite is not safely possible because the text-scan is genuinely necessary (e.g. it lints raw source that cannot be imported), append `// oxlint-disable-next-line socket/no-source-sniffing -- <reason>` with a concrete justification. Never silently weaken behavior to satisfy the rule.',
241+
'socket/prefer-non-capturing-group':
242+
'A bare `(...)` capture group fired. If its captured text IS used (referenced by group index or name, or consumed by `String.prototype.split` / `matchAll` / `replace` group references), convert it to a NAMED group `(?<name>...)` with a descriptive name. If the group exists only for precedence or quantification and its capture is never read, convert it to non-capturing `(?:...)`. Read how the regex matches are consumed to decide. Do not change what the pattern matches.',
243+
'socket/prefer-normalize-path':
244+
'A manual path-separator rewrite fired (replacing backslashes with forward slashes on a path string). Replace the hand-rolled rewrite with `normalizePath(p)` and add the import, matching the import style the file already uses for sibling lib modules: the canonical `@socketsecurity/lib/paths/normalize` in `src/`/`test/` (vitest aliases it to local source), a relative path to `paths/normalize` when the module is nearby, or the `-stable` alias `@socketsecurity/lib-stable/paths/normalize` in scripts/hooks/config. Verify the rewrite is semantically identical (normalizePath yields one forward-slash-separated representation across platforms).',
218245
'socket/require-regex-comment': `Add a \`//\` comment that explains the flagged regex for a junior reader who won't mentally execute it. Put it on the line directly ABOVE the regex (preferred) or trailing the same line. Break the pattern into its parts and say what each MATCHES, not just what the variable is for.
219246
220247
<process>

0 commit comments

Comments
 (0)