SocketDev
diff --git a/‎.github/actions/debug/action.yml‎
Lines changed: 42 additions & 0 deletions b/‎.github/actions/debug/action.yml‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎.github/actions/workflows/claude-auto-review.yml‎
Lines changed: 66 additions & 0 deletions b/‎.github/actions/workflows/claude-auto-review.yml‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎.github/actions/workflows/claude.yml‎
Lines changed: 39 additions & 0 deletions b/‎.github/actions/workflows/claude.yml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎.github/actions/workflows/lint.yml‎
Lines changed: 37 additions & 0 deletions b/‎.github/actions/workflows/lint.yml‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎.github/actions/workflows/provenance.yml‎
Lines changed: 56 additions & 0 deletions b/‎.github/actions/workflows/provenance.yml‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎.github/actions/workflows/socket-fix.yml‎
Lines changed: 85 additions & 0 deletions b/‎.github/actions/workflows/socket-fix.yml‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎.github/actions/workflows/test.yml‎
Lines changed: 45 additions & 0 deletions b/‎.github/actions/workflows/test.yml‎
Lines changed: 45 additions & 0 deletions
@@ -0,0 +1,42 @@
+name: 'Setup Debug'
+description: 'Parse and setup debug environment variables'
+
+inputs:
+  debug:
+    description: 'Debug input - accepts "0", "1", or DEBUG="..." format'
+    required: false
+    default: '0'
+
+outputs:
+  socket_cli_debug:
+    description: 'The processed SOCKET_CLI_DEBUG value'
+    value: ${{ steps.parse.outputs.socket_cli_debug }}
+  debug_value:
+    description: 'The processed DEBUG value'
+    value: ${{ steps.parse.outputs.debug_value }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Parse debug input
+      id: parse
+      shell: bash
+      run: |
+        debug_input="${{ inputs.debug }}"
+
+        # Check if input is in DEBUG='...' format
+        if [[ "$debug_input" =~ ^DEBUG=[\'\"]*(.+)[\'\"]*$ ]]; then
+          debug_value="${BASH_REMATCH[1]}"
+          echo "socket_cli_debug=$debug_value" >> $GITHUB_OUTPUT
+          echo "debug_value=$debug_value" >> $GITHUB_OUTPUT
+          echo "DEBUG=$debug_value" >> $GITHUB_ENV
+          echo "SOCKET_CLI_DEBUG=$debug_value" >> $GITHUB_ENV
+        # Check if it's just a simple value (0, 1, or debug string)
+        else
+          echo "socket_cli_debug=$debug_input" >> $GITHUB_OUTPUT
+          echo "debug_value=$debug_input" >> $GITHUB_OUTPUT
+          echo "SOCKET_CLI_DEBUG=$debug_input" >> $GITHUB_ENV
+          if [[ "$debug_input" != "0" ]]; then
+            echo "DEBUG=$debug_input" >> $GITHUB_ENV
+          fi
+        fi
@@ -0,0 +1,66 @@
+name: Claude Auto Review
+
+on:
+  workflow_call:
+    inputs:
+      timeout_minutes:
+        description: 'Timeout in minutes'
+        required: false
+        type: string
+        default: '60'
+      direct_prompt:
+        description: 'Prompt for the review'
+        required: false
+        type: string
+        default: |
+          Please review this pull request and provide actionable feedback.
+
+          Focus on:
+          - Code quality and best practices
+          - Potential bugs or issues
+          - Performance considerations
+          - Security implications
+          - Overall architecture and design decisions
+
+          Provide constructive feedback with specific suggestions for improvement.
+          Use inline comments to highlight specific areas of concern. Be concise and clear in your feedback.
+      allowed_tools:
+        description: 'Allowed tools for the review'
+        required: false
+        type: string
+        default: 'mcp__github__create_pending_pull_request_review,mcp__github__add_pull_request_review_comment_to_pending_review,mcp__github__submit_pending_pull_request_review,mcp__github__get_pull_request_diff'
+      debug:
+        description: 'Enable debug output'
+        required: false
+        type: string
+        default: '0'
+    secrets:
+      anthropic_api_key:
+        required: true
+
+permissions:
+  contents: read
+  pull-requests: read
+  id-token: write
+
+jobs:
+  auto-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 1
+
+      - name: Setup debug
+        uses: SocketDev/socket-registry/.github/actions/debug@main
+        with:
+          debug: ${{ inputs.debug }}
+
+      - name: Automatic PR Review
+        uses: anthropics/claude-code-action@28f83620103c48a57093dcc2837eec89e036bb9f # beta
+        with:
+          anthropic_api_key: ${{ secrets.anthropic_api_key }}
+          timeout_minutes: ${{ inputs.timeout_minutes }}
+          direct_prompt: ${{ inputs.direct_prompt }}
+          allowed_tools: ${{ inputs.allowed_tools }}
@@ -0,0 +1,39 @@
+name: Claude Code
+
+on:
+  workflow_call:
+    inputs:
+      debug:
+        description: 'Enable debug output'
+        required: false
+        type: string
+        default: '0'
+    secrets:
+      anthropic_api_key:
+        required: true
+
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+  id-token: write
+
+jobs:
+  claude:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 1
+
+      - name: Setup debug
+        uses: SocketDev/socket-registry/.github/actions/debug@main
+        with:
+          debug: ${{ inputs.debug }}
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@28f83620103c48a57093dcc2837eec89e036bb9f # beta
+        with:
+          anthropic_api_key: ${{ secrets.anthropic_api_key }}
@@ -0,0 +1,37 @@
+name: Lint
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        description: 'Node version to use'
+        required: false
+        type: string
+        default: '22'
+      debug:
+        description: 'Enable debug output'
+        required: false
+        type: string
+        default: '0'
+
+permissions:
+  contents: read
+
+jobs:
+  linting:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup debug
+        uses: SocketDev/socket-registry/.github/actions/debug@main
+        with:
+          debug: ${{ inputs.debug }}
+
+      - uses: SocketDev/socket-registry/.github/actions/setup@main
+        with:
+          node-version: ${{ inputs.node-version }}
+
+      - name: Run linting
+        run: pnpm run check-ci
@@ -0,0 +1,56 @@
+name: Provenance
+
+on:
+  workflow_call:
+    inputs:
+      debug:
+        description: 'Enable debug output'
+        required: false
+        type: string
+        default: '0'
+      node-version:
+        description: 'Node version to use'
+        required: false
+        type: string
+        default: '22'
+      publish-script:
+        description: 'NPM script to run for publishing'
+        required: false
+        type: string
+        default: ''
+      access-script:
+        description: 'NPM script to run for access control'
+        required: false
+        type: string
+        default: ''
+    secrets:
+      npm_token:
+        required: true
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup debug
+        uses: SocketDev/socket-registry/.github/actions/debug@main
+        with:
+          debug: ${{ inputs.debug }}
+
+      - uses: SocketDev/socket-registry/.github/actions/setup@main
+        with:
+          node-version: ${{ inputs.node-version }}
+      - run: pnpm config set //registry.npmjs.org/:_authToken ${{ secrets.npm_token }}
+      - run: pnpm run ${{ inputs.publish-script }}
+        if: inputs.publish-script != ''
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.npm_token }}
+      - run: pnpm run ${{ inputs.access-script }}
+        if: inputs.access-script != ''
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.npm_token }}
@@ -0,0 +1,85 @@
+name: Socket Fix
+
+# Recommended schedule for calling workflows:
+# schedule:
+#   - cron: '0 0 * * *'   # Run daily at midnight UTC
+#   - cron: '0 12 * * *'  # Run daily at noon UTC
+
+on:
+  workflow_call:
+    inputs:
+      debug:
+        description: 'Enable debug output'
+        required: false
+        type: string
+        default: '0'
+      node-version:
+        description: 'Node version to use'
+        required: false
+        type: string
+        default: '22'
+      glob-pattern:
+        description: 'Glob pattern for files to fix'
+        required: false
+        type: string
+        default: ''
+      autopilot:
+        description: 'Enable autopilot mode'
+        required: false
+        type: boolean
+        default: true
+      git-user-email:
+        description: 'Git user email for commits'
+        required: false
+        type: string
+        default: 'socket-fix[bot]@users.noreply.github.com'
+      git-user-name:
+        description: 'Git user name for commits'
+        required: false
+        type: string
+        default: 'socket-fix[bot]'
+    secrets:
+      socket_cli_api_token:
+        required: true
+      github_token:
+        required: true
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  socket-fix:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup debug
+        uses: SocketDev/socket-registry/.github/actions/debug@main
+        with:
+          debug: ${{ inputs.debug }}
+
+      - uses: SocketDev/socket-cli/.github/actions/setup@main
+        with:
+          node-version: ${{ inputs.node-version }}
+
+      - name: Run Socket Fix CLI
+        env:
+          SOCKET_CLI_GITHUB_TOKEN: ${{ secrets.github_token }}
+          SOCKET_CLI_GIT_USER_EMAIL: ${{ inputs.git-user-email }}
+          SOCKET_CLI_GIT_USER_NAME: ${{ inputs.git-user-name }}
+          SOCKET_CLI_API_TOKEN: ${{ secrets.socket_cli_api_token }}
+        run: |
+          AUTOPILOT_FLAG=""
+          GLOB_FLAG=""
+
+          if [[ "${{ inputs.autopilot }}" == "true" ]]; then
+            AUTOPILOT_FLAG="--autopilot"
+          fi
+
+          if [[ -n "${{ inputs.glob-pattern }}" ]]; then
+            GLOB_FLAG="--glob '${{ inputs.glob-pattern }}'"
+          fi
+
+          pnpm dlx @socketsecurity/cli fix $AUTOPILOT_FLAG $GLOB_FLAG
@@ -0,0 +1,45 @@
+name: Test
+
+on:
+  workflow_call:
+    inputs:
+      node-version:
+        description: 'Node version to test'
+        required: true
+        type: string
+      os:
+        description: 'Operating system to run on'
+        required: true
+        type: string
+      timeout-minutes:
+        description: 'Timeout in minutes'
+        required: false
+        type: number
+        default: 10
+      debug:
+        description: 'Enable debug output'
+        required: false
+        type: string
+        default: '0'
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ${{ inputs.os }}
+    timeout-minutes: ${{ inputs.timeout-minutes }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - name: Setup debug
+        uses: SocketDev/socket-registry/.github/actions/debug@main
+        with:
+          debug: ${{ inputs.debug }}
+
+      - uses: SocketDev/socket-registry/.github/actions/setup@main
+        with:
+          node-version: ${{ inputs.node-version }}
+
+      - name: Run tests
+        run: pnpm run test-ci