Skip to content

feat(outdated): support monorepo tag nameing convention#1504

Merged
danielmeppiel merged 4 commits into
microsoft:mainfrom
kevinbeier-enbw:feat/outdated-name-version-tag-support
Jun 4, 2026
Merged

feat(outdated): support monorepo tag nameing convention#1504
danielmeppiel merged 4 commits into
microsoft:mainfrom
kevinbeier-enbw:feat/outdated-name-version-tag-support

Conversation

@kevinbeier-enbw

Copy link
Copy Markdown
Contributor

What

apm outdated and apm marketplace outdated now understand monorepo-style git tags like my-package_v1.0.1, not only v1.0.0.

Why

Repos that tag per package often use package_v1.0.0. Before this change, APM treated those refs as branch names, so outdated showed unknown instead of a real Latest / Status.

Idea is when you have a monorepo with multiple apm's

examples/monorepo-multi-apm/
├── README.md
├── TAGGING.md
├── apm.yml                      # marketplace index (apm1 + apm2)
└── packages/
    ├── apm1/
    │   ├── apm.yml
    │   └── .apm/skills/hello/SKILL.md
    └── apm2/
        ├── apm.yml
        └── .apm/skills/hello/SKILL.md

Note

We use _v (e.g. api-governance_v1.0.2), not @, because @ is already used for marketplace installs (apm install pkg@my-marketplace). If any other prefered standard is wanted, this can be changed.

Copilot AI review requested due to automatic review settings May 27, 2026 11:41
@kevinbeier-enbw

kevinbeier-enbw commented May 27, 2026

Copy link
Copy Markdown
Contributor Author

@microsoft-github-policy-service agree company="EnBW"

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Comment thread src/apm_cli/commands/marketplace/__init__.py
Comment thread src/apm_cli/marketplace/tag_pattern.py Outdated
Comment thread src/apm_cli/commands/outdated.py Outdated
Comment thread src/apm_cli/commands/outdated.py Outdated
@danielmeppiel danielmeppiel added status/accepted Direction approved, safe to start work. status/shepherding Actively being driven by an APM shepherd run labels Jun 4, 2026
@danielmeppiel danielmeppiel self-assigned this Jun 4, 2026
kevinbeier-enbw and others added 4 commits June 4, 2026 09:08
When a tag_pattern contains {name}, specialize matching to the target package name so monorepo tags for other packages don't skew outdated results. Also harden parse_tag_version for patterns without {version}.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sync the shipped command guide with the new outdated behavior, add integration coverage for marketplace monorepo tag inference, and align automatic outdated tag patterns with the documented double-dash convention. Addresses shepherd panel follow-ups for PR microsoft#1504.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@danielmeppiel danielmeppiel force-pushed the feat/outdated-name-version-tag-support branch from 59a885f to acf9306 Compare June 4, 2026 07:10
@danielmeppiel

Copy link
Copy Markdown
Collaborator

APM Review Panel: ship_now

Monorepo tag support for outdated commands ships clean after the shepherd fold.

cc @kevinbeier-enbw @danielmeppiel @sergio-sisternes-epam -- a fresh advisory pass is ready for your review.

All active panelists returned zero findings after the shepherd fold in acf9306d. The change is bounded, tested with an integration path for marketplace monorepo tag inference, and documented in both the public CLI reference and the shipped apm-guide command resource. No specialist disagreements remain. Strategically this strengthens APM's monorepo story: per-package version tags now participate in stale-dependency reporting without creating a new command surface.

Dissent. No dissent. Auth panel inactive as expected because no auth surface was touched.

Aligned with: portability by manifest: monorepo users get accurate staleness detection per package without special configuration; pragmatic as npm: the existing outdated workflow learns the common tag layouts instead of adding a new command.

Growth signal. This is a useful release-note hook: apm outdated now understands common monorepo per-package tags.

Panel summary

Persona B R N Takeaway
Python Architect 0 0 0 Clean extraction of monorepo tag logic into tag_pattern module; fallback diagnostics and docs/tests are folded.
CLI Logging Expert 0 0 0 No user-facing output regressions; fallback inference now has debug breadcrumbs.
DevX UX Expert 0 0 0 Monorepo tag support is well-motivated; the shipped command guide and docs are now in sync.
Supply Chain Security Expert 0 0 0 No security-relevant surface touched; tag inference remains informational.
OSS Growth Hacker 0 0 0 Monorepo tag support removes an adoption blocker and is now visible in reference docs.
Doc Writer 0 0 0 Outdated and marketplace docs now accurately describe patterned-tag detection.
Test Coverage Expert 0 0 0 Unit coverage is thorough; integration coverage now exercises marketplace outdated monorepo tag inference.

B = blocking-severity findings, R = recommended, N = nits.
Counts are signal strength, not gates. The maintainer ships.

Reservations carried from strategic-alignment

  • PR changes CLI behavior for apm outdated name/version/tag support -- addressed by folded docs in packages/apm-guide/.apm/skills/apm-usage/commands.md and public reference docs.
  • Ensure required CI checks run green on the merge commit -- local validation is green; GitHub Actions workflows are awaiting maintainer approval to run on the fork.

Folded in this run

  • (panel) Synced apm-guide command docs for apm outdated and apm marketplace outdated -- resolved in acf9306d.
  • (panel) Added marketplace outdated integration coverage for {name}_v{version} monorepo tags -- resolved in acf9306d.
  • (panel) Aligned default outdated tag detection with documented {name}--v{version} layout -- resolved in acf9306d.
  • (panel) Added fallback inference diagnostics and clarified public docs -- resolved in acf9306d.

Copilot signals reviewed

  • Copilot review 4372079457 -- NOT-LEGIT: bot reported it could not review any files and provided no actionable inline finding.

Regression-trap evidence (mutation-break gate)

  • tests/integration/marketplace/test_outdated_integration.py::TestOutdatedVersionRanges::test_name_underscore_tags_are_inferred_end_to_end -- deleted _collect(inferred) fallback; test FAILED as expected; guard restored.

Lint contract

uv run --extra dev ruff check src/ tests/ and
uv run --extra dev ruff format --check src/ tests/ both passed after rebase onto origin/main.

CI

Local targeted tests passed: 85 passed. GitHub check rollup currently reports license/cla success; CI, Merge Gate, CodeQL, Deploy Docs, Spec conformance, and NOTICE Drift Check are action_required because the fork workflow runs need maintainer approval.

Mergeability status

Captured from gh pr view 1504 --json mergeable,mergeStateStatus,statusCheckRollup after the last push of this run.

PR head SHA CEO stance iters folds defers Copilot rounds CI mergeable mergeStateStatus notes
#1504 acf9306 ship_now 1 4 0 1 red MERGEABLE BLOCKED awaiting workflow approval

Recommendation

Advisory panel recommends ship after maintainer approval runs the pending workflows and the protected checks report green.


This panel is advisory. It does not block merge. Re-apply the panel-review label after addressing feedback to re-run.

@danielmeppiel danielmeppiel added status/shepherding Actively being driven by an APM shepherd run and removed status/shepherding Actively being driven by an APM shepherd run labels Jun 4, 2026
@danielmeppiel danielmeppiel merged commit 41e3cdd into microsoft:main Jun 4, 2026
34 checks passed
kevinbeier-enbw added a commit to kevinbeier-enbw/apm that referenced this pull request Jun 25, 2026
…ching

PR microsoft#1504 added monorepo tag support ({name}_v{version}), but
_package_basename() only considered repo_url. For virtual
subdirectory packages (e.g. path: packages/agent-dev-workflow),
the repo basename (smo-architektur.ai) did not match the tag prefix
(agent-dev-workflow), causing apm outdated to report unknown.

This fix derives the basename from virtual_path for subdirectory
packages, aligning with the same logic already used in
revision_pins.py.

Resolves the unknown status seen for monorepo virtual deps.
kevinbeier-enbw added a commit to kevinbeier-enbw/apm that referenced this pull request Jun 25, 2026
…directory deps

- Document that {name} in patterned tags is derived from virtual_path
  basename for virtual subdirectory packages (e.g. packages/my-pkg).
- Add example row showing monorepo virtual dep in sample output.
- Add concrete apm.yml example with path: for monorepo deps.

Follow-up to microsoft#1504 and microsoft#1893.
kevinbeier-enbw added a commit to kevinbeier-enbw/apm that referenced this pull request Jun 25, 2026
…directory deps

- Document that {name} in patterned tags is derived from virtual_path
  basename for virtual subdirectory packages (e.g. packages/my-pkg).
- Add example row showing monorepo virtual dep in sample output.
- Add concrete apm.yml example with path: for monorepo deps.

Follow-up to microsoft#1504 and microsoft#1893.
danielmeppiel added a commit that referenced this pull request Jun 27, 2026
…ching (#1893)

* fix(outdated): use virtual-path basename for monorepo tag pattern matching

PR #1504 added monorepo tag support ({name}_v{version}), but
_package_basename() only considered repo_url. For virtual
subdirectory packages (e.g. path: packages/agent-dev-workflow),
the repo basename (smo-architektur.ai) did not match the tag prefix
(agent-dev-workflow), causing apm outdated to report unknown.

This fix derives the basename from virtual_path for subdirectory
packages, aligning with the same logic already used in
revision_pins.py.

Resolves the unknown status seen for monorepo virtual deps.

* fix(outdated): avoid MagicMock truthiness in _package_basename

Existing unit tests build deps with bare MagicMock() and never
set is_virtual. MagicMock returns a new (truthy) MagicMock for
unknown attributes, so the new virtual-path branch fires and
returns a MagicMock as package_name. That flows into re.compile
and raises TypeError.

Change `if dep.is_virtual` to `if dep.is_virtual is True` so
only real LockedDependency instances with is_virtual=True enter
the branch.

* fix(outdated): address review-panel feedback for PR #1893

- Revert 'is True' identity guard; fix test helpers to set is_virtual=False.
- Delegate virtual-subdir basename extraction to revision_pins._package_name
  to avoid silent divergence between outdated and update.
- Pass already-built dep_ref into _package_basename to avoid double-allocation.
- Add parametrized unit tests for trailing-slash / nested virtual_path variants.
- Add CHANGELOG entry under [Unreleased] > Fixed.

* fix(outdated): fold review feedback for PR 1893

Restore the release changelog entries that the branch had dropped, move the new outdated fix note back under Unreleased, and promote the revision-pin package-name helper before reusing it from outdated.py.

Addresses apm-review-panel follow-ups for PR #1893.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Sergio Sisternes <sergio_sisternes@epam.com>
Co-authored-by: danielmeppiel <danielmeppiel@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Daniel Meppiel <51440732+danielmeppiel@users.noreply.github.com>
danielmeppiel added a commit that referenced this pull request Jun 28, 2026
…directory deps (#1895)

* docs(outdated): clarify monorepo tag pattern matching for virtual subdirectory deps

- Document that {name} in patterned tags is derived from virtual_path
  basename for virtual subdirectory packages (e.g. packages/my-pkg).
- Add example row showing monorepo virtual dep in sample output.
- Add concrete apm.yml example with path: for monorepo deps.

Follow-up to #1504 and #1893.

* docs(outdated): address review-panel feedback for PR #1895

- Widen Current column in sample output so monorepo tag names fit.
- Fix outdated dependency count in sample output (7, not 2).
- Add #### Monorepo subdirectory packages heading before YAML example.
- Add note that apm.lock.yaml stores resolved_commit SHA, not the tag, as
  the integrity anchor.
- Mention path validation / traversal-rejection in the virtual_path prose.

* docs(outdated): fold panel feedback -- remove impl-detail parenthetical, fix heading level

Remove security implementation detail from patterned-tag bullet:
the path-validation note belongs in internals docs, not a usage
reference bullet. All six active panelists flagged the same sentence.

Fix heading level inconsistency: the new Monorepo subdirectory
section used h4 (####) while the adjacent Status values section uses
h3 (###). Both are subsections of Examples; align to h3.

Also trim redundant parenthetical from the subsection intro sentence:
tag derivation is already explained in the Description section above.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Sergio Sisternes <sergio_sisternes@epam.com>
Co-authored-by: danielmeppiel <danielmeppiel@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

status/accepted Direction approved, safe to start work.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants