Skip to content

feat(dependency-impact): add Composer support and npm/Packagist repo resolution#10

Merged
dortort merged 9 commits into
mainfrom
chore/rebuild-dist
Feb 16, 2026
Merged

feat(dependency-impact): add Composer support and npm/Packagist repo resolution#10
dortort merged 9 commits into
mainfrom
chore/rebuild-dist

Conversation

@dortort
Copy link
Copy Markdown
Owner

@dortort dortort commented Feb 16, 2026
edited
Loading

Summary

  • Composer ecosystem support — parse composer.json (diff-based) and composer.lock (name+version field tracking) for dependency version changes; scan .php files for usage via PHP namespace import patterns
  • npm registry resolution — look up npm packages on registry.npmjs.org to resolve their GitHub source repo, enabling release notes via the GitHub Releases API
  • Packagist registry resolution — look up Composer packages on packagist.org to resolve their GitHub source repo
  • Layered release notes sourcing — bot PRs use PR body first; then GitHub Releases API for Go, Terraform, npm, and Composer; falls back to PR body
  • Shared module additionsPullRequestInfo includes author; new listReleaseNotesBetween() fetches GitHub Releases between two semver tags
  • Prompt improvements — with usage: cross-references release notes against actual code, bans speculation; without usage: summarizes release notes as bullets

Test plan

  • npm run build — all 7 projects compile
  • npm test in dependency-impact — all 24 parser tests pass (5 new Composer tests)
  • Trigger on a real Dependabot/Renovate PR to verify output quality
  • Trigger on a manual PR with an npm dependency bump to verify registry resolution
  • Trigger on a manual PR with a Composer dependency bump to verify Packagist resolution

@dortort
feat(shared): add PR author field and release notes fetching
4b13b43 
Add `author` to PullRequestInfo so consumers can identify bot PRs.
Add `listReleaseNotesBetween()` to fetch release notes from
GitHub Releases API between two semver tags.
@dortort
fix(dependency-impact): ground analysis in release notes, eliminate f…
af51edb 
…iller

- Fetch release notes via PR body (bot PRs) or GitHub Releases API
- Branch prompt based on whether usage sites were found
- With usage: cross-reference release notes against actual code
- Without usage: summarize release notes, skip fabricated analysis
- Explicitly ban generic advice and speculative breaking changes
@dortort
docs(dependency-impact): document release notes sourcing approach
2fdfd20
@dortort
chore: rebuild dist bundles
bfd0a6e
@dortort
feat(dependency-impact): add Composer parser for composer.json and co…
bbf8c39 
…mposer.lock

Parse dependency version changes from composer.json (diff-based, same
approach as package.json) and composer.lock (name+version field tracking).
Add PHP namespace import patterns for codebase usage scanning.
@dortort
test(dependency-impact): add Composer parser tests
9ed62f3 
Cover composer.json version change detection, composer.lock version
tracking, unchanged version ignoring, multiple lock changes, and PHP
namespace import pattern generation.
@dortort
feat(dependency-impact): resolve npm and Composer packages to GitHub …
f8072dd 
…repos

Make resolveGitHubRepo async with registry lookups:
- npm: fetch repository URL from registry.npmjs.org
- Composer: fetch source URL from packagist.org

Also add .php to source file scanning extensions.
@dortort
docs(dependency-impact): add Composer ecosystem and npm/Composer reso…
ad58892 
…lution

Update supported ecosystems, workflow trigger paths, and release notes
sourcing table. Remove outdated npm/pip resolution caveat.
@dortort
chore(dependency-impact): rebuild dist bundle
5e89a18
@dortort dortort changed the title fix(dependency-impact): ground analysis in release notes, eliminate filler feat(dependency-impact): add Composer support and npm/Packagist repo resolution Feb 16, 2026
@dortort dortort merged commit e3dacd3 into main Feb 16, 2026
1 check passed
@dortort dortort deleted the chore/rebuild-dist branch February 16, 2026 19:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dortort