Merge branch 'main' into barslev/add-option-reach-use-unreachable-from-precomputation

Author: jdalton

packages/bootstrap/.config/esbuild.npm.config.mjs

@@ -11,6 +11,7 @@ import { build } from 'esbuild'
 import { unicodeTransformPlugin } from '@socketsecurity/build-infra/lib/esbuild-plugin-unicode-transform'
 
 import nodeVersionConfig from '../node-version.json' with { type: 'json' }
+import socketPackageJson from '../../socket/package.json' with { type: 'json' }
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url))
 const rootPath = path.resolve(__dirname, '..')
@@ -22,6 +23,7 @@ const config = {
   bundle: true,
   define: {
     __MIN_NODE_VERSION__: JSON.stringify(nodeVersionConfig.versionSemver),
+    __SOCKET_CLI_VERSION__: JSON.stringify(socketPackageJson.version),
   },
   entryPoints: [path.join(rootPath, 'src', 'bootstrap-npm.mts')],
   external: [],

packages/bootstrap/.config/esbuild.sea.config.mjs

@@ -11,6 +11,7 @@ import { build } from 'esbuild'
 import { unicodeTransformPlugin } from '@socketsecurity/build-infra/lib/esbuild-plugin-unicode-transform'
 
 import nodeVersionConfig from '../node-version.json' with { type: 'json' }
+import socketPackageJson from '../../socket/package.json' with { type: 'json' }
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url))
 const rootPath = path.resolve(__dirname, '..')
@@ -22,6 +23,7 @@ const config = {
   bundle: true,
   define: {
     __MIN_NODE_VERSION__: JSON.stringify(nodeVersionConfig.versionSemver),
+    __SOCKET_CLI_VERSION__: JSON.stringify(socketPackageJson.version),
   },
   entryPoints: [path.join(rootPath, 'src', 'bootstrap-sea.mts')],
   external: [],

packages/bootstrap/.config/esbuild.smol.config.mjs

@@ -11,6 +11,7 @@ import { build } from 'esbuild'
 import { unicodeTransformPlugin } from '@socketsecurity/build-infra/lib/esbuild-plugin-unicode-transform'
 
 import nodeVersionConfig from '../node-version.json' with { type: 'json' }
+import socketPackageJson from '../../socket/package.json' with { type: 'json' }
 
 import { smolTransformPlugin } from './esbuild-plugin-smol-transform.mjs'
 
@@ -21,6 +22,7 @@ const config = {
   bundle: true,
   define: {
     __MIN_NODE_VERSION__: JSON.stringify(nodeVersionConfig.versionSemver),
+    __SOCKET_CLI_VERSION__: JSON.stringify(socketPackageJson.version),
   },
   entryPoints: [path.join(rootPath, 'src', 'bootstrap-smol.mts')],
   external: [],

packages/bootstrap/src/shared/bootstrap-shared.mjs

@@ -35,6 +35,14 @@ const SOCKET_CLI_DISABLE_NODE_FORWARDING = envAsBoolean(
 // @ts-expect-error - Injected by esbuild define.
 const MIN_NODE_VERSION = __MIN_NODE_VERSION__
 
+/**
+ * Socket CLI version.
+ * This constant is injected at build time by esbuild.
+ * @type {string}
+ */
+// @ts-expect-error - Injected by esbuild define.
+const SOCKET_CLI_VERSION = __SOCKET_CLI_VERSION__
+
 /**
  * Get CLI package paths.
  */
@@ -173,8 +181,10 @@ export async function downloadCli() {
       spinner: Spinner({ shimmer: { dir: 'random' } }),
       operation: async () =>
         // Download and cache @socketsecurity/cli package.
+        // Uses caret range (^) to auto-update within same major version.
+        // Update notifications will only trigger for major version changes.
         await downloadPackage({
-          package: '@socketsecurity/cli',
+          package: `@socketsecurity/cli@^${SOCKET_CLI_VERSION}`,
           binaryName: 'socket',
           // Use cached version if available.
           force: false,
@@ -206,6 +216,12 @@ export async function findAndExecuteCli(args) {
   const result = await downloadCli()
   const cliPackageDir = result.packageDir
 
+  // Pass metadata to CLI for manifest writing.
+  // CLI will use this to write entries to ~/.socket/_dlx/.dlx-manifest.json
+  const spec = `@socketsecurity/cli@^${SOCKET_CLI_VERSION}`
+  process.env.SOCKET_CLI_BOOTSTRAP_SPEC = spec
+  process.env.SOCKET_CLI_BOOTSTRAP_CACHE_DIR = cliPackageDir
+
   // Get CLI entry path (dist/index.js handles brotli decompression internally).
   const { cliEntry } = getCliPaths(cliPackageDir)
 

packages/cli/src/cli-entry.mts

@@ -7,6 +7,7 @@ import './polyfills/intl-stub.mts'
 import { setTheme } from '@socketsecurity/lib/themes'
 setTheme('socket')
 
+import path from 'node:path'
 import process from 'node:process'
 import { fileURLToPath, pathToFileURL } from 'node:url'
 
@@ -33,9 +34,12 @@ import { messageWithCauses, stackWithCauses } from 'pony-cause'
 import lookupRegistryAuthToken from 'registry-auth-token'
 import lookupRegistryUrl from 'registry-url'
 
-import { debug, debugDir } from '@socketsecurity/lib/debug'
+import { debug as debugNs, debugDir } from '@socketsecurity/lib/debug'
 import { getDefaultLogger } from '@socketsecurity/lib/logger'
 
+// Debug logger for manifest operations
+const debug = debugNs
+
 import { rootAliases, rootCommands } from './commands.mts'
 import ENV from './constants/env.mts'
 import { SOCKET_CLI_BIN_NAME } from './constants/packages.mts'
@@ -51,9 +55,55 @@ import { serializeResultJson } from './utils/output/result-json.mts'
 import { runPreflightDownloads } from './utils/preflight/downloads.mts'
 import { isSeaBinary } from './utils/sea/detect.mts'
 import { scheduleUpdateCheck } from './utils/update/manager.mts'
+import { dlxManifest } from '@socketsecurity/lib/dlx-manifest'
 
 const __filename = fileURLToPath(import.meta.url)
 
+/**
+ * Write manifest entry for CLI installed via bootstrap.
+ * Bootstrap passes spec and cache dir via environment variables.
+ */
+async function writeBootstrapManifestEntry(): Promise<void> {
+  const spec = ENV.SOCKET_CLI_BOOTSTRAP_SPEC
+  const cacheDir = ENV.SOCKET_CLI_BOOTSTRAP_CACHE_DIR
+
+  if (!spec || !cacheDir) {
+    // Not launched via bootstrap, skip.
+    return
+  }
+
+  try {
+    // Extract cache key from path (last segment)
+    const cacheKey = path.basename(cacheDir)
+
+    // Read package.json to get installed version
+    const pkgJsonPath = path.join(
+      cacheDir,
+      'node_modules',
+      '@socketsecurity',
+      'cli',
+      'package.json',
+    )
+
+    let installedVersion = '0.0.0'
+    try {
+      const fs = await import('node:fs/promises')
+      const pkgJson = JSON.parse(await fs.readFile(pkgJsonPath, 'utf8'))
+      installedVersion = pkgJson.version || '0.0.0'
+    } catch {
+      // Failed to read version, use default
+    }
+
+    // Write manifest entry.
+    await dlxManifest.setPackageEntry(spec, cacheKey, {
+      installed_version: installedVersion,
+    })
+  } catch (error) {
+    // Silently ignore manifest write errors - not critical
+    debug(`Failed to write bootstrap manifest entry: ${error}`)
+  }
+}
+
 void (async () => {
   // Skip update checks in test environments.
   if (!ENV.VITEST && !ENV.CI) {
@@ -68,6 +118,10 @@ void (async () => {
       version: ENV.INLINED_SOCKET_CLI_VERSION || '0.0.0',
     })
 
+    // Write manifest entry if launched via bootstrap (SEA/smol).
+    // Bootstrap passes spec and cache dir via env vars.
+    await writeBootstrapManifestEntry()
+
     // Background preflight downloads for optional dependencies.
     // This silently downloads @coana-tech/cli and @socketbin/cli-ai in the
     // background to ensure they're cached for future use.

packages/cli/src/commands/audit-log/fetch-audit-log.test.mts

@@ -50,12 +50,12 @@ describe('fetchAuditLog', () => {
     const result = await fetchAuditLog(config)
 
     expect(mockSdk.getAuditLogEvents).toHaveBeenCalledWith('test-org', {
-      outputJson: 'true',
-      outputMarkdown: 'false',
+      outputJson: true,
+      outputMarkdown: false,
       orgSlug: 'test-org',
       type: 'all',
-      page: '1',
-      per_page: '100',
+      page: 1,
+      per_page: 100,
     })
     expect(mockHandleApi).toHaveBeenCalledWith(expect.any(Promise), {
       description: 'audit log for test-org',
@@ -137,8 +137,8 @@ describe('fetchAuditLog', () => {
     expect(mockSdk.getAuditLogEvents).toHaveBeenCalledWith(
       'test-org',
       expect.objectContaining({
-        page: '5',
-        per_page: '25',
+        page: 5,
+        per_page: 25,
       }),
     )
   })

packages/cli/src/commands/repository/fetch-list-all-repos.test.mts

@@ -51,8 +51,8 @@ describe('fetchListAllRepos', () => {
     expect(mockSdk.listRepositories).toHaveBeenCalledWith('test-org', {
       sort: undefined,
       direction: undefined,
-      per_page: '100',
-      page: '0',
+      per_page: 100,
+      page: 0,
     })
     expect(mockHandleApi).toHaveBeenCalledWith(expect.any(Promise), {
       description: 'list of repositories',
@@ -164,8 +164,8 @@ describe('fetchListAllRepos', () => {
     expect(mockSdk.listRepositories).toHaveBeenCalledWith('sorted-org', {
       sort: 'name',
       direction: 'asc',
-      per_page: '100',
-      page: '0',
+      per_page: 100,
+      page: 0,
     })
   })
 

packages/cli/src/commands/repository/fetch-list-repos.test.mts

@@ -63,8 +63,8 @@ describe('fetchListRepos', () => {
     expect(mockSdk.listRepositories).toHaveBeenCalledWith('test-org', {
       sort: 'created_at',
       direction: 'desc',
-      per_page: '10',
-      page: '1',
+      per_page: 10,
+      page: 1,
     })
     expect(mockHandleApi).toHaveBeenCalledWith(expect.any(Promise), {
       description: 'list of repositories',
@@ -190,8 +190,8 @@ describe('fetchListRepos', () => {
     expect(mockSdk.listRepositories).toHaveBeenCalledWith('large-org', {
       sort: 'stars',
       direction: 'desc',
-      per_page: '100',
-      page: '0',
+      per_page: 100,
+      page: 0,
     })
   })
 
@@ -223,8 +223,8 @@ describe('fetchListRepos', () => {
     expect(mockSdk.listRepositories).toHaveBeenCalledWith('sort-org', {
       sort: 'alphabetical',
       direction: 'asc',
-      per_page: '25',
-      page: '0',
+      per_page: 25,
+      page: 0,
     })
   })
 

packages/cli/src/commands/scan/fetch-create-org-full-scan.test.mts

@@ -53,11 +53,8 @@ describe('fetchCreateOrgFullScan', () => {
         commit_hash: 'abc123',
         commit_message: 'Initial commit',
         committers: '[email protected]',
-        make_default_branch: 'undefined',
         pull_request: '42',
         repo: 'test-repo',
-        set_as_pending_head: 'undefined',
-        tmp: 'undefined',
       },
     )
     expect(mockHandleApi).toHaveBeenCalledWith(expect.any(Promise), {
@@ -171,11 +168,11 @@ describe('fetchCreateOrgFullScan', () => {
         commit_hash: 'xyz789',
         commit_message: 'Feature commit',
         committers: '[email protected]',
-        make_default_branch: 'true',
+        make_default_branch: true,
         pull_request: '123',
         repo: 'feature-repo',
-        set_as_pending_head: 'false',
-        tmp: 'true',
+        set_as_pending_head: false,
+        tmp: true,
       },
     )
   })
@@ -203,10 +200,7 @@ describe('fetchCreateOrgFullScan', () => {
       ['/path/to/package.json'],
       {
         pathsRelativeTo: process.cwd(),
-        make_default_branch: 'undefined',
         repo: 'test-repo',
-        set_as_pending_head: 'undefined',
-        tmp: 'undefined',
       },
     )
   })

packages/cli/src/commands/scan/fetch-list-scans.test.mts

@@ -44,8 +44,8 @@ describe('fetchOrgFullScanList', () => {
       sort: 'created_at',
       direction: 'desc',
       from: '2023-01-01',
-      page: '1',
-      per_page: '10',
+      page: 1,
+      per_page: 10,
     })
     expect(mockHandleApi).toHaveBeenCalledWith(expect.any(Promise), {
       description: 'list of scans',
@@ -141,8 +141,8 @@ describe('fetchOrgFullScanList', () => {
       sort: 'updated_at',
       direction: 'asc',
       from: '2023-06-01',
-      page: '2',
-      per_page: '25',
+      page: 2,
+      per_page: 25,
     })
   })
 
@@ -168,8 +168,8 @@ describe('fetchOrgFullScanList', () => {
       sort: 'created_at',
       direction: 'desc',
       from: '2023-01-01',
-      page: '1',
-      per_page: '10',
+      page: 1,
+      per_page: 10,
     })
   })
 
@@ -206,8 +206,8 @@ describe('fetchOrgFullScanList', () => {
         sort: 'created_at',
         direction: 'desc',
         from: '2023-01-01',
-        page: String(page),
-        per_page: String(perPage),
+        page,
+        per_page: perPage,
       })
     }
   })
@@ -245,8 +245,8 @@ describe('fetchOrgFullScanList', () => {
         sort,
         direction,
         from: '2023-01-01',
-        page: '1',
-        per_page: '10',
+        page: 1,
+        per_page: 10,
       })
     }
   })