Commit f9351d4
Phase 6: Polish, resilience & DX improvements (#151)
* feat: add polish, resilience, and DX improvements (Phase 6)
Phase 6 implements six sub-features:
- 6.1: Enrich team entities with display names from Compass Teams API
(falls back to UUID in YAML mode or on API failure)
- 6.2: Configurable serviceIdStrategy ('name', 'compass-id', or custom
function) for flexible service ID generation
- 6.3: Error resilience with try/catch per service, partial failure
handling, and success/failure summary reporting
- 6.4: Dry-run mode (dryRun option) that logs what would be written
without modifying the catalog
- 6.5: AsyncAPI spec support extending link detection to match
"asyncapi" in link names alongside existing OpenAPI/Swagger detection
- 6.6: Scorecard-to-badge mapping with color-coded badges (green ≥80%,
amber ≥50%, red <50%) from Compass scorecard data via extended
GraphQL query
Adds 50 new tests (99 total), two new test fixtures, and updates
PLAN.md to mark Phase 6 complete.
https://claude.ai/code/session_01Fy2nsmjnuXvohgv2zXJgPH
* fix: move read permission from workflow level to job level in tests.yml
Scopes the `contents: read` permission to the job level instead of
the workflow level, following the principle of least privilege.
https://claude.ai/code/session_01Fy2nsmjnuXvohgv2zXJgPH
* fix: add CODEOWNERS for critical files
Protects workflows, CODEOWNERS itself, SECURITY.md, and dependency
management files (package.json, pnpm-lock.yaml) by requiring review
from @IsmaelMartinez.
https://claude.ai/code/session_01Fy2nsmjnuXvohgv2zXJgPH
* Revert "fix: add CODEOWNERS for critical files"
This reverts commit b7d218c.
* Revert "fix: move read permission from workflow level to job level in tests.yml"
This reverts commit 0731eed.
* fix: address PR review — sanitize API data, improve error tracking
- Sanitize team displayName from Compass API to prevent XSS injection
- Sanitize scorecard names in badge content via sanitizeMarkdownText()
- Track first-pass YAML loading failures in the summary report
- Log actual error message in fetchTeamById catch block (debug mode)
- Add test using malformed YAML fixture for error resilience
- Exclude malformed test fixture from prettier
https://claude.ai/code/session_01Fy2nsmjnuXvohgv2zXJgPH
* fix: redact error details in team fetch to prevent sensitive data logging
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: add workflow permissions, remove completed plan files
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: remove tainted error variable from team fetch catch block
Drop the error binding entirely so CodeQL taint analysis no longer
traces a data flow from apiToken through the caught exception.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>1 parent 8e5dcc6 commit f9351d4
File tree
16 files changed
+841
-952
lines changed- .github/workflows
- src
- test
16 files changed
+841
-952
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
| 2 | + | |
| 3 | + | |
2 | 4 | | |
3 | 5 | | |
4 | 6 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
| 3 | + | |
| 4 | + | |
3 | 5 | | |
4 | 6 | | |
5 | 7 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
| 4 | + | |
| 5 | + | |
This file was deleted.
0 commit comments