NEW @W-22393691@ - sfap workspace scan#473
Conversation
|
Git2Gus App is installed but the |
…n scanMetadata - Define ApexGuruScanMetadata type matching SFAP API contract - Extend ApexGuruService to parse and return scan metadata from API responses - Update engine to pass insights through to results - Add comprehensive tests for metadata extraction and type handling feat(core): add insights to JSON and SARIF output formatters - Add getInsights and getEngineInsights methods to results interfaces - Enhance JSON output to include insights from engines - Enhance SARIF output with custom insights property - Add tests for insights serialization feat(engine-api): add optional insights field to EngineRunResults type - Allow engines to return structured metadata about scan execution - Enables richer telemetry and debugging capabilities
nikhil-mittal-165
force-pushed
the
feature/W-22393691-sfap-workspace-scan-v2
branch
from
9e20a60 to
3a28c37
Compare
| } | ||
|
|
||
| // Method 2: SF CLI default org (fallback) | ||
| this.emitLogEvent(LogLevel.Fine, 'No target org specified, using default org'); |
There was a problem hiding this comment.
Why are we removing these logs?
| this.emitLogEvent(LogLevel.Fine, 'Successfully authenticated to default org'); | ||
| } catch { | ||
| this.emitLogEvent(LogLevel.Error, 'Failed to authenticate: No default org found'); | ||
| } catch (_err) { |
There was a problem hiding this comment.
Should we include this as part of the debug logs? err is the actual exception and we are skipping it.
| export type ApexGuruRequestBody = { | ||
| classContent: string; // Base64 encoded Apex class | ||
| }; | ||
| export type ApexGuruScanMetadata = { |
There was a problem hiding this comment.
nit: For the new JSDoc we can add documentation.
| "@salesforce/core": "^8.28.3" | ||
| "@salesforce/code-analyzer-engine-api": "0.39.0-SNAPSHOT", | ||
| "@salesforce/core": "^8.28.3", | ||
| "archiver": "^7.0.0", |
There was a problem hiding this comment.
I am not sure of the procedure to add new dependencies in the package. Is there any SOP we follow for doing this?
There was a problem hiding this comment.
I have raised support tickets and also involved 3pp bot support here
https://salesforce-internal.slack.com/archives/C09R6E6BH8C/p1782101685635199
| * - starts with "." (any dotfile/dotfolder, e.g. .sfdx, .git, .vscode) | ||
| * - is "node_modules" (npm dependencies — can be hundreds of MB and are not source code) | ||
| */ | ||
| function shouldExcludeFromZip(entryPath: string): boolean { |
There was a problem hiding this comment.
@nikhil-mittal-165 - Can this be an inclusive logic? Do we care for any other files other than Apex? If so, can we include only .cls and .trigger files?
| const requestId = await this.submitAnalysis(classContent); | ||
| private async performScan(workspaceRoot: string, pathsToZip: string[]): Promise<{violations: ApexGuruViolation[], scanMetadata?: ApexGuruScanMetadata}> { | ||
| // Step 1: Create zip of workspace | ||
| const zipBuffer = await this.createWorkspaceZip(workspaceRoot, pathsToZip); |
There was a problem hiding this comment.
I have some concerns about really large projects. Is there any limitation on the ApexGuru side?
There was a problem hiding this comment.
i have capped it to 20 mb currently, we can change this post apex guru comes back with their analysis
4 participants
Summary
This PR adds support for returning scan metadata (insights) from the ApexGuru engine through to the final output formats. It extends the API types to capture SFAP workspace scan metadata, adapts the service layer to parse and return this information, and enhances both JSON and SARIF formatters to include insights in their output.
GUS Ticket
W-22393691 — sfap workspace scan
Changes
ApexGuruScanMetadatatype matching SFAP API contract with fields for workspace details, analysis info, and execution metadataEngineRunResultsinsightsfield toEngineRunResultstype to support arbitrary engine-specific metadatagetInsights()andgetEngineInsights()methods to results interfaces for accessing metadatainsightsarray with engine-specific metadataproperties.insightsfieldDependencies
None
Test Evidence
Unit tests added for:
Manual testing required:
Test Status
Pending - awaiting unit test execution and manual validation
Findings Doc
Not applicable