feat: json output support for monograph/subgraph check

[comatory]

Summary by CodeRabbit

• New Features

  • Added a JSON output option (-j / --json) for check commands to produce machine-readable results.

• Tests

  • Expanded in-process CLI test suites covering many schema-check scenarios, error conditions, and both JSON and human-readable output validation.

• Chores

  • Updated formatting tooling and scripts, README formatting, gitignore to ignore coverage, adjusted TypeScript project config, and minor stylistic cleanups.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on chore(docs): document --json flag cosmo-docs#258
• I have read the Contributors Guide.

Adds --json flag to check commands for monograph/subgraph.
The way I implemented this was to first create comprehensive test suite for existing
check subcommand and assert on stdout.
Once that was done, I added JSON support and then I did a somewhat larger refactoring
because the handler function was hard to follow and reason about.

JSON schema of the check result

export type JsonOutputDescriptor = { status: 'error' | 'success'; code: EnumStatusCode; details?: string; message?: string; url?: string; proposals?: { message: string; }; traffic?: { message: string; }; changes?: { breaking: SchemaChange[]; nonBreaking: SchemaChange[]; }; composition?: { errors: CompositionError[]; warnings: CompositionError[]; }; lint?: { errors: LintIssue[]; warnings: LintIssue[]; }; graphPrune?: { errors: GraphPruningIssue[]; warnings: GraphPruningIssue[]; }; extensions?: { message: string; }; exceededRowLimit?: boolean; rowLimit: number; operationUsageStats?: CheckOperationUsageStats; };

Caution

There are some changes in other CLI files but they are related to formatting. The issue was that some
files were being ignored by the formatter (tests).

Question(s) for reviewers?

1. The JSON output is separated into sections, like lint: { warning: ..., error: ..., success: ...}. This way I figured it would be nice to just check the .success property from DX point of view. I consider success=false when either the response has warnings or errors, but Coderabbit raised a point that perhaps that's not correct. What would you propose? My thinking was that it's only successful if no warnings or errors are present, but it depends on what we agree on. @JivusAyrus and me talked, we decided the nested success properties are unnecessary.
2. I noticed when I pass --skip-traffic-check, the response still contains operationUsageStats, which means that .traffic property gets passed to the output. I should probably detect the flag and omit it completely, correct? Just want to make sure that operationUsageStats are related to this flag. I ended up checking whether --skip-traffic-check flag is set and exclude the traffic output. This makes it consistent with stdout.

How to test

1. Have Cosmo stack running locally with subgraphs (demo subgraphs will work fine)
2. Open studio, enable linter in Policies
3. Pull the branch
4. Run in cli/ package directory (running the the source via tsx gets rid of pnpm-related
   error messages which would disallow you piping the JSON to a file):

./node_modules/.bin/tsx  --env-file=.env src/index.ts \
    subgraph check employeesupdated \
    --schema=../demo/pkg/subgraphs/employeeupdated/subgraph/schema.graphqls \
    --json > /tmp/out.json

5. The /tmp/out.json should have data in it, like lint warnings (depending on other
   settings you might have)

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds JSON output support to schema check commands, refactors check-result handling into a JsonOutputBuilder/API, wires a -j/--json flag into check CLIs, expands in-process CLI tests for JSON and text outputs, and applies minor CLI config/formatting adjustments.

Changes

Cohort / File(s)	Summary
Configuration & Docs cli/.gitignore, cli/README.md, cli/package.json, cli/tsconfig.json, cli/vite.config.ts	Ignore coverage, README list marker formatting, remove prettier devDependency and adjust format script, expand tsconfig includes/excludes, and minor import quote style change.
Check Command CLIs cli/src/commands/graph/monograph/commands/check.ts, cli/src/commands/subgraph/commands/check.ts	Add -j/--json flag and update callers to handleCheckResult({ response: resp, rowLimit: limit, shouldOutputJson: options.json }) (replacing prior positional args).
Check Result Core cli/src/handle-check-result.ts	Large refactor: new exported JsonOutputDescriptor and JsonOutputBuilder, modular handlers for sections, object-based handleCheckResult({ response, rowLimit, shouldOutputJson }), JSON-first output path with preserved text printing, studio URL generation, row-limit truncation metadata, and richer structured error/status reporting.
Expanded Tests — in-process CLI cli/test/check-schema.test.ts	Replace lightweight harness with comprehensive in-process CLI test harness, add extensive mocks and controlled transport responses, and validate both text and JSON outputs for many scenarios (OK, proposals, breaking/non-breaking changes, composition/lint/graph-prune, traffic/prune failures, extensions, row-limit).
Other Tests — formatting & restructure cli/test/fetch-schema.test.ts, cli/test/grpc-service.test.ts, cli/test/parse-operations.test.ts	Formatting and structural tweaks (single-line program.parseAsync calls, removal of an outer describe, minor stylistic changes) without behavior changes.
Test Fixtures & Data cli/test/fixtures/*, cli/test/testdata/query-map.json	Whitespace/indentation and trailing-newline normalizations in GraphQL fixtures and JSON test data; no semantic changes.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: add support for federated graph schema changes #2566 — Overlaps changes to cli/src/handle-check-result.ts and the handleCheckResult API/output behavior.
• fix: limit the number of entries shown in the table for schema checks on the cli #2417 — Modifies CLI check commands and handleCheckResult usage around row-limit and output handling.
• feat: add format script + optional git hooks #2579 — Alters cli/package.json formatting script and Prettier devDependency similar to this PR.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: json output support for monograph/subgraph check' accurately and concisely describes the main feature addition across multiple files.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-ad7a6549d24dee5b61a7c721c29898f881f57ba3

[codecov]

Codecov Report

❌ Patch coverage is 96.81208% with 19 lines in your changes missing coverage. Please review.
✅ Project coverage is 42.24%. Comparing base (1dc4fe2) to head (a691057).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
cli/src/commands/graph/monograph/commands/check.ts	16.66%	10 Missing ⚠️
cli/src/handle-check-result.ts	97.93%	9 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##            main    #2590       +/-   ##
==========================================
+ Coverage   1.46%   42.24%   +40.77%     
==========================================
  Files        296     1043      +747     
  Lines      45041   144694    +99653     
  Branches     432     9618     +9186     
==========================================
+ Hits         662    61122    +60460     
- Misses     44093    82009    +37916     
- Partials     286     1563     +1277     

Files with missing lines	Coverage Δ
cli/src/commands/subgraph/commands/check.ts	100.00% <100.00%> (ø)
cli/src/json-check-schema-output-builder.ts	100.00% <100.00%> (ø)
cli/src/handle-check-result.ts	97.66% <97.93%> (ø)
cli/src/commands/graph/monograph/commands/check.ts	30.68% <16.66%> (ø)

... and 743 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

cli/test/grpc-service.test.ts (1)

80-102: ⚠️ Potential issue | 🟠 Major

Missing exitOverride causes test failure.

The pipeline failure indicates "process.exit unexpectedly called with '1'". This test needs program.exitOverride() to prevent the actual process.exit call and allow the error to be caught by rejects.toThrow().

🐛 Proposed fix

     const program = new Command();
     program.addCommand(GenerateCommand({ client }));
+    program.exitOverride();

     const tmpDir = join(tmpdir(), `grpc-test-${Date.now()}`);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/test/grpc-service.test.ts` around lines 80 - 102, The test calls
program.parseAsync which triggers a process.exit; call program.exitOverride() on
the Command instance before invoking parseAsync so the CLI throws an exception
instead of exiting. Locate the Command instance creation (program = new
Command()) used with GenerateCommand({ client }) and insert
program.exitOverride() right after adding the command and before
program.parseAsync in the 'should fail when input file does not exist' test so
the await expect(...).rejects.toThrow() can catch the error.

🧹 Nitpick comments (1)

cli/test/check-schema.test.ts (1)

69-82: Make JSON extraction deterministic.

getJsonOutput returns the first parseable JSON log. If any earlier log becomes JSON-like, assertions can bind to the wrong payload.

Proposed refactor

 function getJsonOutput(logSpy: MockInstance<typeof console.log>): JsonOutputDescriptor {
-  const call = logSpy.mock.calls.find(([arg]) => {
+  const jsonCalls = logSpy.mock.calls.filter(([arg]) => {
     try {
       JSON.parse(String(arg));
       return true;
@@
-  if (!call) {
+  if (jsonCalls.length === 0) {
     throw new Error('No JSON output found in console.log calls');
   }
-  return JSON.parse(String(call[0]));
+  if (jsonCalls.length > 1) {
+    throw new Error(`Expected exactly one JSON output, found ${jsonCalls.length}`);
+  }
+  return JSON.parse(String(jsonCalls[0][0]));
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/test/check-schema.test.ts` around lines 69 - 82, getJsonOutput is
nondeterministic because it picks the first parseable JSON from
logSpy.mock.calls; change it to pick the last parseable JSON so assertions bind
to the most recent payload. Locate the getJsonOutput function and replace the
search logic over logSpy.mock.calls with a reverse-order search (iterate from
end to start or use Array.prototype.slice().reverse().find) to find the last
call whose first arg parses as JSON, then return JSON.parse(String(call[0])) and
keep the existing error thrown when no JSON is found; ensure references to
logSpy and JsonOutputDescriptor remain unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@cli/src/commands/graph/monograph/commands/check.ts`:
- Around line 23-25: Remove the duplicate option declaration for the limit flag:
locate the two identical command.option('-l, --limit [number]', 'The amount of
entries shown in the schema checks output.', '50') entries in the monograph
check command and delete the redundant one so only a single '-l, --limit' option
remains (leaving the '-j, --json' option untouched).

In `@cli/src/handle-check-result.ts`:
- Around line 169-177: The addLintWarnings method incorrectly sets
this.data.lint.success = false when adding warnings; change it to leave success
unchanged (do not set success to false) so adding to this.data.lint.warnings
only appends warnings and preserves the existing success state—update the
addLintWarnings function to merge warnings into this.data.lint.warnings without
modifying this.data.lint.success (referencing addLintWarnings and
this.data.lint).
- Around line 190-199: The addGraphPruneWarnings method wrongly forces success:
false; update it to preserve the existing success state (do not mark as failed
for warnings). Replace the hardcoded success: false with a preservation
expression like success: this.data.graphPrune?.success ?? true (or simply remove
the success assignment so the previous value is kept) in the
addGraphPruneWarnings method to match other warning handlers.
- Around line 149-157: The addCompositionWarnings method currently forces
this.data.composition.success to false; change it to preserve the existing
success value (or default to true if missing) instead of marking composition as
failed for warnings. In the addCompositionWarnings function, remove the
hard-coded success: false and set success to this.data.composition?.success ??
true (or simply omit changing success so it remains unchanged), while still
appending the new warnings to this.data.composition.warnings and returning this.

In `@cli/test/grpc-service.test.ts`:
- Around line 123-131: The test currently asserts the exit error inside
program.exitOverride's callback (program.exitOverride) which doesn't propagate
to the test harness; instead, remove the assertion from the exitOverride
callback and assert the error message on the rejected promise returned by
program.parseAsync (including checking that the rejection message contains
`Output directory ${outputFile} is not a directory` or the exact expected text).
Keep exitOverride only to prevent process.exit, and perform the
expect(...).rejects.toThrow(...) (or rejects.toMatch/contains) against
program.parseAsync to validate the error message.

---

Outside diff comments:
In `@cli/test/grpc-service.test.ts`:
- Around line 80-102: The test calls program.parseAsync which triggers a
process.exit; call program.exitOverride() on the Command instance before
invoking parseAsync so the CLI throws an exception instead of exiting. Locate
the Command instance creation (program = new Command()) used with
GenerateCommand({ client }) and insert program.exitOverride() right after adding
the command and before program.parseAsync in the 'should fail when input file
does not exist' test so the await expect(...).rejects.toThrow() can catch the
error.

---

Nitpick comments:
In `@cli/test/check-schema.test.ts`:
- Around line 69-82: getJsonOutput is nondeterministic because it picks the
first parseable JSON from logSpy.mock.calls; change it to pick the last
parseable JSON so assertions bind to the most recent payload. Locate the
getJsonOutput function and replace the search logic over logSpy.mock.calls with
a reverse-order search (iterate from end to start or use
Array.prototype.slice().reverse().find) to find the last call whose first arg
parses as JSON, then return JSON.parse(String(call[0])) and keep the existing
error thrown when no JSON is found; ensure references to logSpy and
JsonOutputDescriptor remain unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 972a57a3-3659-4781-a0c8-aab73f313f9e

📥 Commits

Reviewing files that changed from the base of the PR and between 1bad24d and 58b1b8f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (17)

• cli/.gitignore
• cli/README.md
• cli/package.json
• cli/src/commands/graph/monograph/commands/check.ts
• cli/src/commands/subgraph/commands/check.ts
• cli/src/handle-check-result.ts
• cli/test/check-schema.test.ts
• cli/test/fetch-schema.test.ts
• cli/test/fixtures/full-schema.graphql
• cli/test/fixtures/schema-with-nullable-list-items.graphql
• cli/test/fixtures/schema-with-validation-errors.graphql
• cli/test/fixtures/schema-with-warnings-and-errors.graphql
• cli/test/grpc-service.test.ts
• cli/test/parse-operations.test.ts
• cli/test/testdata/query-map.json
• cli/tsconfig.json
• cli/vite.config.ts

[coderabbitai]

🧹 Nitpick comments (2)

cli/test/check-schema.test.ts (2)

69-82: Make JSON extraction in tests descriptor-aware (not just JSON-parseable).

On Line 70, selecting the first parseable JSON log can match unrelated JSON-ish output and make tests flaky. Prefer selecting the latest parsed object that matches JsonOutputDescriptor shape (status + code).

Proposed stabilization patch

 function getJsonOutput(logSpy: MockInstance<typeof console.log>): JsonOutputDescriptor {
-  const call = logSpy.mock.calls.find(([arg]) => {
-    try {
-      JSON.parse(String(arg));
-      return true;
-    } catch {
-      return false;
-    }
-  });
-  if (!call) {
+  const parsed = logSpy.mock.calls
+    .map(([arg]) => {
+      try {
+        return JSON.parse(String(arg));
+      } catch {
+        return null;
+      }
+    })
+    .filter(
+      (value): value is JsonOutputDescriptor =>
+        !!value && typeof value === 'object' && 'status' in value && 'code' in value,
+    );
+
+  const output = parsed.at(-1);
+  if (!output) {
     throw new Error('No JSON output found in console.log calls');
   }
-  return JSON.parse(String(call[0]));
+  return output;
 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/test/check-schema.test.ts` around lines 69 - 82, The test helper
getJsonOutput should pick the most recent console.log entry that matches the
JsonOutputDescriptor shape instead of the first JSON-parseable string; update
getJsonOutput to iterate logSpy.mock.calls in reverse, JSON.parse each call, and
return the first parsed value that is an object and has both 'status' and 'code'
properties (and non-null), throwing an error if none match; reference the
getJsonOutput function and JsonOutputDescriptor when making this change.

---

176-177: Avoid positional log assertions for breaking-change messages.

On Line 176 and Line 193, assertions depend on mock.calls[1], which is brittle if log ordering changes. Assert that any call matches the message instead.

Proposed assertion hardening

-    expect(String(logSpy.mock.calls[1]?.[0])).toMatch(/Found .*1.* breaking changes\./);
+    expect(logSpy).toHaveBeenCalledWith(expect.stringMatching(/Found .*1.* breaking changes\./));

-    expect(String(logSpy.mock.calls[1]?.[0])).toMatch(/2.*operations impacted\./);
-    expect(String(logSpy.mock.calls[1]?.[0])).toMatch(/1.*operations marked safe due to overrides\./);
+    expect(logSpy).toHaveBeenCalledWith(expect.stringMatching(/2.*operations impacted\./));
+    expect(logSpy).toHaveBeenCalledWith(expect.stringMatching(/1.*operations marked safe due to overrides\./));

Also applies to: 193-195

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@cli/test/check-schema.test.ts` around lines 176 - 177, Replace brittle
positional assertions that reference logSpy.mock.calls[1] with a search across
all calls so the test asserts that any logged call matches the breaking-change
regex; locate the assertions using logSpy (the
expect(String(logSpy.mock.calls[1]?.[0])).toMatch(/Found .*1.* breaking
changes\./) and the similar block around lines 193-195) and change them to
assert that logSpy.mock.calls contains at least one entry whose first argument
matches the regex (e.g., use Array.prototype.some or an equivalent check over
logSpy.mock.calls to find a call where the message matches /Found .*1.* breaking
changes\./).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@cli/test/check-schema.test.ts`:
- Around line 69-82: The test helper getJsonOutput should pick the most recent
console.log entry that matches the JsonOutputDescriptor shape instead of the
first JSON-parseable string; update getJsonOutput to iterate logSpy.mock.calls
in reverse, JSON.parse each call, and return the first parsed value that is an
object and has both 'status' and 'code' properties (and non-null), throwing an
error if none match; reference the getJsonOutput function and
JsonOutputDescriptor when making this change.
- Around line 176-177: Replace brittle positional assertions that reference
logSpy.mock.calls[1] with a search across all calls so the test asserts that any
logged call matches the breaking-change regex; locate the assertions using
logSpy (the expect(String(logSpy.mock.calls[1]?.[0])).toMatch(/Found .*1.*
breaking changes\./) and the similar block around lines 193-195) and change them
to assert that logSpy.mock.calls contains at least one entry whose first
argument matches the regex (e.g., use Array.prototype.some or an equivalent
check over logSpy.mock.calls to find a call where the message matches /Found
.*1.* breaking changes\./).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8d09d467-ebcd-4d2d-9359-bf3787f0446c

📥 Commits

Reviewing files that changed from the base of the PR and between 58b1b8f and 89a31d4.

📒 Files selected for processing (1)

• cli/test/check-schema.test.ts

[JivusAyrus]

composedSchemaBreakingChanges are not handled

[comatory]

composedSchemaBreakingChanges are not handled

This was not handled by the subgraph check subcommand so far. Could we do it as a follow up PR? Or maybe add it as a new feature, I think the changeset here is already quite big.

[JivusAyrus]

composedSchemaBreakingChanges are not handled

This was not handled by the subgraph check subcommand so far. Could we do it as a follow up PR? Or maybe add it as a new feature, I think the changeset here is already quite big.

It is handled by the subgraph check command, it was pushed a few days ago. We will need to do it in this pr, as that would cause a break in functionality.

[comatory]

composedSchemaBreakingChanges are not handled

This was not handled by the subgraph check subcommand so far. Could we do it as a follow up PR? Or maybe add it as a new feature, I think the changeset here is already quite big.

It is handled by the subgraph check command, it was pushed a few days ago. We will need to do it in this pr, as that would cause a break in functionality.

Oh ok I was not aware of that. I will have to check the existing implementation, I did some major refactoring so hopefully I'm able to transfer it.

[comatory]

@JivusAyrus Ok I had to backport the changes from main. I guess due to my refactoring, it was not caught as breaking change as we were working on the same file at the same time, anyways it's good you caught it.
You can review the changes in 0655b96 (feat: backport composedSchemaBreakingChanges)

[StarpTech]

LGTM