ci(stack): blocking FTA complexity gate for EQL v3#539
Conversation
Add a per-package Fast TypeScript Analyzer (fta-cli) gate scoped to the EQL v3 text-search schema source (packages/stack/src/schema/v3). The gate fails CI when any v3 file exceeds the FTA score cap. - pin fta-cli@3.0.0 as a stack devDependency (repo installs tooling via frozen-lockfile; no pnpm dlx/npx per supply-chain policy) - add analyze:complexity script: fta src/schema/v3 --score-cap 72 (current v3 score is 71.08, so the cap blocks regressions) - add paths-filtered blocking workflow .github/workflows/fta-v3.yml; no build/DB/credentials needed (FTA is static source analysis)
|
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
What
Adds a blocking per-package complexity gate using FTA (Fast TypeScript Analyzer), scoped to the new EQL v3 text-search schema source only.
Stacked on
feat/eql-v3-text-search-schema.Why
Nothing in the repo currently guards code complexity (Biome = lint/format, tsc/vitest = types/tests). This catches complexity regressions in the v3 schema before they land. Starting with v3 as the per-package template; more packages can be added as sibling workflows/scripts later.
Changes
fta-cli@3.0.0as a@cipherstash/stackdevDependency. Delivered viapnpm install --frozen-lockfile+ a package script — nopnpm dlx/npx, matching the repo's supply-chain policy (minimumReleaseAge,blockExoticSubdeps). 3.0.0 (published 2025-07-25) clears the 7-day quarantine.analyze:complexity→fta src/schema/v3 --score-cap 72. Current v3 score is 71.08, so the tight cap blocks essentially any regression..github/workflows/fta-v3.yml:paths-filtered (packages/stack/src/schema/v3/**,packages/stack/package.json, the workflow file),blacksmith-4vcpu-ubuntu-2404,contents: read. FTA is static source analysis, so no build / DB / credentials. Non-zero exit fails the check (nocontinue-on-error).Verification
pnpm install --frozen-lockfile— consistentanalyze:complexitypass case (71.08 vs cap 72) → exit 0--score-cap 60) → exit 1lint:runners,lint:workflow-cache,test:scripts— all passNotes
paths:filter means PRs not touching v3 will show it pending — add a shim job or drop the filter if that bites.