feat(B-0805 sub-target 1): audit-dep-currency.ts — dep-pin inventory tool#5217
Merged
AceHack merged 1 commit intoMay 26, 2026
Merged
Conversation
…n inventory tool B-0805 sub-target 1 ships. Scans + reports all dep pins across: - full-ai-cluster/flake.nix nix inputs (nixpkgs.url, nix-darwin.url, etc.) - full-ai-cluster/k8s/applications/ ArgoCD apps (targetRevision + chart) - Container image tags in NixOS modules + K8s manifests (image: <repo>:<tag>) - .mise.toml runtime versions Empirical run on current main: 81 pins surfaced (29 helm charts, 35 ArgoCD targetRevisions, plus nix inputs / image tags / mise runtimes). What this DOES: inventory ONLY. Lists everywhere version pins live so operator can compare against upstream-latest. What this does NOT do yet (file as sibling B-NNNN rows when ready): - WebSearch / upstream-API "current latest" comparison - Weekly cadence GitHub Actions wiring - PR-opening on drift detection Usage: bun tools/audit/audit-dep-currency.ts # human-readable table bun tools/audit/audit-dep-currency.ts --json # machine-readable JSON Exit codes: 0 = inventory completed; 1 = invocation error. Composes with B-0805 capstone (this is sub-target 1 of 3+) + the dep-pin-search-first-authority rule landed earlier today (#5126): the inventory output IS the substrate that lets the discipline operate at scale (operator scans the list quarterly + WebSearches each pin). Implementation notes: - Bounded regex alternation/quantifier lengths per regex-safety guidance (prevents quadratic blowup on adversarial inputs) - spawnSync with explicit args[] array (NOT shell-evaluated string) for git rev-parse — execFile-equivalent safe form - ESM-style imports (top-of-file), not dynamic require, for clean scope + tooling compatibility Co-Authored-By: Claude <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
AceHack
deleted the
otto-cli/b0805-sub1-audit-dep-currency-tool-2026-05-26
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ships B-0805 sub-target 1 —
tools/audit/audit-dep-currency.ts. Scans + reports all dep pins across the repo. Empirical: 81 pins on current main (29 helm charts + 35 ArgoCD targetRevisions + nix inputs + image tags + mise runtimes).What it does NOW
full-ai-cluster/flake.nixfor<name>.url = "..."nix inputsfull-ai-cluster/k8s/applications/**/*.yamlfor ArgoCDtargetRevision+chartfull-ai-cluster/**/*.{yaml,yml,nix}forimage: <repo>:<tag>patterns.mise.toml[tools]section for runtime pins--json(machine-readable)What it does NOT do yet (B-0805 sub-targets 2+)
These ship as sibling B-NNNN rows when implementation begins.
Composes with
.claude/rules/dep-pin-search-first-authority.md(the discipline this tool operationalizes at scale)Test plan
🤖 Generated with Claude Code