Skip to content

ci(stack): blocking FTA complexity gate for EQL v3#539

Open
tobyhede wants to merge 1 commit into
feat/eql-v3-text-search-schemafrom
feat/eql-v3-fta-ci
Open

ci(stack): blocking FTA complexity gate for EQL v3#539
tobyhede wants to merge 1 commit into
feat/eql-v3-text-search-schemafrom
feat/eql-v3-fta-ci

Conversation

@tobyhede

@tobyhede tobyhede commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

What

Adds a blocking per-package complexity gate using FTA (Fast TypeScript Analyzer), scoped to the new EQL v3 text-search schema source only.

Stacked on feat/eql-v3-text-search-schema.

Why

Nothing in the repo currently guards code complexity (Biome = lint/format, tsc/vitest = types/tests). This catches complexity regressions in the v3 schema before they land. Starting with v3 as the per-package template; more packages can be added as sibling workflows/scripts later.

Changes

  • Pin fta-cli@3.0.0 as a @cipherstash/stack devDependency. Delivered via pnpm install --frozen-lockfile + a package script — no pnpm dlx/npx, matching the repo's supply-chain policy (minimumReleaseAge, blockExoticSubdeps). 3.0.0 (published 2025-07-25) clears the 7-day quarantine.
  • Add script: analyze:complexityfta src/schema/v3 --score-cap 72. Current v3 score is 71.08, so the tight cap blocks essentially any regression.
  • Add .github/workflows/fta-v3.yml: paths-filtered (packages/stack/src/schema/v3/**, packages/stack/package.json, the workflow file), blacksmith-4vcpu-ubuntu-2404, contents: read. FTA is static source analysis, so no build / DB / credentials. Non-zero exit fails the check (no continue-on-error).

Verification

  • pnpm install --frozen-lockfile — consistent
  • analyze:complexity pass case (71.08 vs cap 72) → exit 0
  • Fail case (--score-cap 60) → exit 1
  • lint:runners, lint:workflow-cache, test:scripts — all pass

Notes

  • Tight cap (72): a legitimate v3 refactor may trip it — bump the number in the script when that happens.
  • Required check: if made a required status check in branch protection, the paths: filter means PRs not touching v3 will show it pending — add a shim job or drop the filter if that bites.

Add a per-package Fast TypeScript Analyzer (fta-cli) gate scoped to the
EQL v3 text-search schema source (packages/stack/src/schema/v3). The gate
fails CI when any v3 file exceeds the FTA score cap.

- pin fta-cli@3.0.0 as a stack devDependency (repo installs tooling via
  frozen-lockfile; no pnpm dlx/npx per supply-chain policy)
- add analyze:complexity script: fta src/schema/v3 --score-cap 72
  (current v3 score is 71.08, so the cap blocks regressions)
- add paths-filtered blocking workflow .github/workflows/fta-v3.yml;
  no build/DB/credentials needed (FTA is static source analysis)
@tobyhede tobyhede requested a review from a team as a code owner July 1, 2026 04:50
@changeset-bot

changeset-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 83649f8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 39da5ab1-d8f7-4b13-ac24-0c53382b5513

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/eql-v3-fta-ci

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant