Skip to content

feat(setup): add --check and --remove flags with dry-run + edit previews#99

Merged
Mikola Lysenko (mikolalysenko) merged 3 commits into
mainfrom
feat/setup-check-remove
Jun 2, 2026
Merged

feat(setup): add --check and --remove flags with dry-run + edit previews#99
Mikola Lysenko (mikolalysenko) merged 3 commits into
mainfrom
feat/setup-check-remove

Conversation

@mikolalysenko
Copy link
Copy Markdown
Collaborator

@mikolalysenko Mikola Lysenko (mikolalysenko) commented Jun 2, 2026

Summary

socket-patch setup previously only added its install hook (the postinstall / dependencies lifecycle scripts in package.json). This PR adds two inverse modes, both honoring the existing --dry-run, --yes, and --json flags and printing the exact set of proposed edits before touching disk:

  • setup --check — read-only verification. Exits 0 only when every discovered package.json is configured for socket-patch and none failed to parse; otherwise exits 1. JSON statuses: configured / needs_configuration / error / no_files.
  • setup --remove — reverts the hooks setup added. Full revert: an emptied postinstall/dependencies key is deleted, an emptied scripts object is dropped, and sibling scripts + key order are preserved. JSON statuses: success / partial_failure / not_configured / dry_run / no_files.

The two flags are mutually exclusive (conflicts_with). Scope is npm-family only, matching the surface setup already configures — check/remove operate purely on package.json.

Changes

Core (crates/socket-patch-core/src/package_json/)

  • detect.rs: remove_socket_patch_from_script (splits on &&, drops socket-patch segments — the exact inverse of generate_updated_script) + remove_package_json_object / remove_package_json_content, reusing the same non-object-root / non-object-scripts guards as the update path.
  • update.rs: remove_package_json(path, dry_run) -> RemoveResult with RemoveStatus { Removed, NotConfigured, Error }, mirroring update_package_json.

CLI (crates/socket-patch-cli/src/commands/setup.rs)

  • SetupArgs gains --check / --remove; run() dispatches to run_check / run_remove / run_setup. Existing setup flow is unchanged (refactored to share a discover helper that keeps the pnpm root-only filtering).

Tests

  • Core unit tests: strip/delete/no-change/legacy-pattern, round-trip-with-update, idempotency, dry-run-doesn't-write, invalid-JSON.
  • setup_invariants.rs: check on configured/unconfigured/no-files/read-only; remove round-trip preserving sibling scripts; remove dry-run; nothing-to-remove; check+remove conflict.
  • cli_parse_setup.rs: flag parsing, conflict, defaults.
  • Setup-matrix (docker): run-case.sh records setup --check after configure, and after install/verify runs a non-destructive --remove--check → grep round-trip, emitting four new JSON fields. setup_matrix_common/mod.rs asserts check=0 / remove=0 / check-after-remove≠0 / clean for npm-family cases; untagged elsewhere, consistent with the existing non-blocking BASELINE GAP convention.

Verification

  • cargo test (core + cli) green. (The lone cargo_fetch_scan_sync_patches_real_file failure is a pre-existing network-gated cargo-registry e2e test, untouched by this PR.)
  • npm host-mode matrix case (SOCKET_PATCH_TEST_HOST=1) passes including the new round-trip assertions.
  • Manual scratch-dir smoke test of the full check → setup → check → remove(dry-run) → remove → check cycle.
  • clippy + rustfmt clean for all changed files.

🤖 Generated with Claude Code

@mikolalysenko @claude
feat(setup): add --check and --remove flags with dry-run + edit previews
8da8f38 
`setup` previously only added its install hook. This adds two inverse modes,
both honoring the existing --dry-run / --yes / --json flags and printing the
exact set of proposed edits before touching disk:

- `setup --check`: read-only verification. Exits 0 only when every package.json
  is configured for socket-patch and none failed to parse; otherwise exit 1.
- `setup --remove`: reverts the lifecycle scripts setup added. Full revert —
  emptied postinstall/dependencies keys are deleted, an emptied `scripts`
  object is dropped, sibling scripts and key order are preserved.

Scope is npm-family only, matching the surface `setup` already configures;
check/remove operate purely on package.json.

Core: `remove_socket_patch_from_script` + `remove_package_json{_object,_content}`
in detect.rs (exact inverse of generate_updated_script, reusing the same
non-object guards) and `remove_package_json` in update.rs.

Tests: core unit tests; setup_invariants check/remove flows; cli_parse_setup
flag + conflict coverage; and the setup-matrix driver now does a non-destructive
check->remove->check round-trip after install/verify, asserted for npm-family
cases (untagged elsewhere, consistent with the non-blocking BASELINE GAP
convention).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mikolalysenko @claude
test(setup-matrix): verify check/remove behaviorally via install sequ…
29d6523 
…ences

The previous round-trip inspected package.json (grepped for socket-patch) and
flag state. Replace it with a behavioral verification driven by real
(setup)·(package-manager install) cycles, for npm-family cases that run setup:

  install        -> patch NOT applied   (no hook yet)
  setup --check  -> fails               (not configured)
  setup --yes; setup --check -> passes  (configured)
  reinstall      -> patch applied       (hook fires; the main actual_applied)
  setup --remove --yes; setup --check -> fails  (reverted)
  reinstall      -> patch NOT applied   (hook gone)

A clean `rm -rf node_modules` precedes each observation so the lifecycle hook
acts on a pristine package. run-case.sh factors out do_install/verify_applied/
reset_modules; emit_result drops `remove_clean` and adds applied_before_setup,
applied_after_remove, and check_before_setup_exit. The harness round_trip_failure
asserts the patch bookends are not-applied and check goes false->true->false.
Non-npm / no-setup cases keep the simple single-install flow unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mikolalysenko @claude
test(setup-matrix): verify patches by RUNNING the code, not grepping …
b519a75 
…the file

The matrix decided "applied" by scanning the patched file for the marker
string. Now it actually EXECUTES the patched module with the ecosystem's
standard runner and checks for the marker in the runtime output:

  npm/yarn/pnpm -> node <file>     bun -> bun <file>     deno -> deno run
  pip -> ./venv/bin/python <file>  uv -> uv run python   poetry/pdm/hatch -> *run python

To make the patched code observable at runtime, the committed blob is now
runnable: `console.log("MARKER")` for JS, `print("MARKER")` for Python.
Compiled/loaded ecosystems we can't execute (cargo/go/maven/nuget/gem/
composer) keep an inert comment and fall back to reading the file (`cat`),
preserving today's behavior for those gaps.

verify_applied() runs every resolved copy of the file (covers hoisting, the
pnpm store, and workspace/monorepo member dirs) and ORs the results.

Also fixes a parallel-test race: the blob was written to a fixed /tmp/sm_blob,
so concurrent package-manager test fns clobbered each other's fixture
(afterHash mismatch -> apply no-op). Each case now uses its own mktemp file.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mikolalysenko Mikola Lysenko (mikolalysenko) merged commit 3babcf6 into main Jun 2, 2026
50 of 51 checks passed
@mikolalysenko Mikola Lysenko (mikolalysenko) deleted the feat/setup-check-remove branch June 2, 2026 21:14
@mikolalysenko Mikola Lysenko (mikolalysenko) mentioned this pull request Jun 2, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Wenxin-Jiang Wenxin Jiang (Wenxin-Jiang) Wenxin-Jiang approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikolalysenko @Wenxin-Jiang