Skip to content

chore: trigger PR check#1

Open
EmmyCodes234 wants to merge 16 commits into
mainfrom
test/trigger-pr-check
Open

chore: trigger PR check#1
EmmyCodes234 wants to merge 16 commits into
mainfrom
test/trigger-pr-check

Conversation

@EmmyCodes234

@EmmyCodes234 EmmyCodes234 commented Apr 25, 2026

Copy link
Copy Markdown
Collaborator

What

Brief description of the change.

Why

Motivation and context. Link related issues: Closes #...

How

Implementation approach (if non-obvious).

Checklist

  • Tests pass (cargo test --workspace)
  • Code formatted (cargo fmt --all)
  • No clippy warnings (cargo clippy --workspace -- -D warnings)
  • Documentation updated (if applicable)
  • CHANGELOG.md updated (for user-facing changes)

@EmmyCodes234
chore: trigger PR check
e09cbb5
@EmmyCodes234
feat: implement PR scan workflow - SAST engine, rules, orchestrator, …
c9f1f9d 
…and tests

- Add prSastEngine.ts: TypeScript SAST engine with scanFiles, detectLanguage,
  computeFingerprint, evaluateThreshold pure functions
- Add prSastRules.ts: 45 regex-based SAST rules converted from YAML covering
  JavaScript, Python, Java, Go, and Rust
- Add prScanWorkflow.ts: Convex Node.js action orchestrating full PR scan
  lifecycle (token acquisition, file fetching, scanning, results storage,
  GitHub Check Run posting) with 120s timeout and error handling
- Wire http.ts webhook handler to schedule runPrScan on PR opened/synchronize
- Add 7 property-based tests and 96 unit tests (103 total, all passing)
- Install @types/node and fix all TypeScript errors across convex project
- Fix pre-existing type errors in auth.ts, http.ts, and test files
@EmmyCodes234
Merge branch 'main' into test/trigger-pr-check
d6a3029 
# Conflicts:
#	convex/convex/prSastEngine.ts
@EmmyCodes234
chore: trigger PR scan with production env vars configured
87a8506
@EmmyCodes234
chore: test scan with env vars v2
0326dda
@EmmyCodes234
chore: test scan with Node.js JWT fix
674c044
@EmmyCodes234
chore: test scan v3
c18b645
@EmmyCodes234
chore: test scan v4 - createPrivateKey fix
9c09931
@EmmyCodes234
chore: debug key format
ad10b2a
@EmmyCodes234
chore: test scan v5 - quote-stripped key
3efb308
@EmmyCodes234
test: add intentionally vulnerable code to trigger SAST findings
1cd7929
@EmmyCodes234
chore: retrigger scan after redeploy
1fb38bf
@EmmyCodes234
chore: retrigger v2
de68809
@EmmyCodes234
chore: retrigger v3
2aff55c
@EmmyCodes234
chore: retrigger v4
c35191a
@EmmyCodes234
fix: sever prScanWorkflow -> githubApp dependency to fix atob bundler…
d1b721d 
… crash

Move requireGitHubAppEnv, generateAppJwt, and getInstallationToken into
githubAppNode.ts using Node native crypto.createSign instead of Web Crypto.
This prevents esbuild from pulling atob/crypto.subtle into the Node runtime,
which caused 'Invalid character at atob' when parsing the RSA private key.

- githubAppNode.ts: add exported auth functions using Node crypto
- prScanWorkflow.ts: import from githubAppNode instead of githubApp
- Update test mocks to reference githubAppNode
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EmmyCodes234