Skip to content

chore(main): release qurl 0.2.0#3

Open
github-actions[bot] wants to merge 1 commit intomainfrom
release-please--branches--main--components--qurl
Open

chore(main): release qurl 0.2.0#3
github-actions[bot] wants to merge 1 commit intomainfrom
release-please--branches--main--components--qurl

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented Mar 11, 2026
edited
Loading

🤖 I have created a release beep boop

0.2.0 (2026-04-29)

⚠ BREAKING CHANGES

  • align types and client with latest API spec (#14)
  • restructure QURL type — add AccessToken type (#19)

Features

  • align types and client with latest API spec (#14) (a8b2d56)
  • ci: adopt fleet issue-template + priority-enforcement pattern (#45) (04e6f75)
  • initial TypeScript SDK setup (#1) (24915d7)
  • restructure QURL type — add AccessToken type (#19) (a3619e1)

Bug Fixes

  • use canonical /v1/qurls path for create (plural) (#46) (e6a199d)

This PR was generated with Release Please. See documentation.

@claude claude Bot mentioned this pull request Mar 31, 2026
Merged
5 tasks
@github-actions github-actions Bot changed the title chore(main): release qurl 0.1.1 chore(main): release qurl 0.2.0 Apr 10, 2026
@github-actions github-actions Bot force-pushed the release-please--branches--main--components--qurl branch from 753ea44 to fddfbad Compare April 10, 2026 07:48
@justin-layerv justin-layerv mentioned this pull request Apr 11, 2026
Merged
3 tasks
@github-actions github-actions Bot force-pushed the release-please--branches--main--components--qurl branch from fddfbad to 34cf15c Compare April 11, 2026 05:31
justin-layerv added a commit that referenced this pull request Apr 11, 2026
@justin-layerv @claude
fix: address latest review — status union, error info leak, create test
dc659c2 
1. Drop the "active,revoked" literal from ListInput.status. Reviewer
   flagged the asymmetry: listing one CSV combination implies it's
   canonical, but the API accepts any order ("active,revoked" or
   "revoked,active") and may add filter-only values. Simplified to
   `"active" | "revoked" | (string & {})`. The JSDoc already documents
   the CSV form, so autocomplete for the canonical single values stays
   and arbitrary strings still type-check.

2. Remove the raw response-body snippet from the batchCreate shape
   validation error. The previous message embedded up to 200 chars of
   the unexpected body, which could leak sensitive data (auth details,
   request echoes) into client-side error logs. Replaced with a static
   "Unexpected response shape from POST /v1/qurls/batch" message.
   Added a comment explaining why the snippet is intentionally absent.

3. Add qurl_id and label assertions to the existing "creates a QURL"
   test. The PR adds both fields to CreateOutput but the existing test
   only checked resource_id and qurl_link, leaving the new required
   fields without a regression guard.

Tests: 63 (unchanged — #3 tightens an existing test rather than
adding a new one).

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@github-actions github-actions Bot force-pushed the release-please--branches--main--components--qurl branch 3 times, most recently from 112d45b to 873a7bd Compare April 17, 2026 00:15
@justin-layerv justin-layerv mentioned this pull request Apr 17, 2026
Closed
@github-actions github-actions Bot force-pushed the release-please--branches--main--components--qurl branch 6 times, most recently from 4bc41d9 to e658563 Compare April 24, 2026 20:25
justin-layerv added a commit that referenced this pull request Apr 24, 2026
@justin-layerv @claude
test: address cr round 1 + simplify findings on contract test
2b7e2b4 
cr round 1 (non-blocking) + /simplify findings:

- Extract mockFetch + createClient to src/test-helpers.ts so both
  client.test.ts and contract.test.ts import a single fixture.
  tsconfig.json excludes the new file from the build output so it
  doesn't ship in dist/.
- Regen script: replace the `CONTENT=$(git show …)` capture with a
  direct `git show` stream inside the heredoc. Avoids bash command-
  substitution's trailing-newline strip and ARG_MAX edges on large
  specs.
- Regen script: run `git fetch --quiet origin` before `rev-parse`
  so `origin/main` resolves to the live upstream tip rather than
  a stale local ref.
- Multi-page listAll contract case: original test asserted only
  the first page; the new case mocks two pages and asserts both
  calls hit GET /v1/qurls (covers the pagination path properly).
- `assertSdkCallMatches` takes a `callIndex` param for the multi-
  page case and guards against a future SDK method calling fetch
  without an `init` object (clearer error than a bare access).
- Trim narrative-only comment explaining a lint workaround that
  would rot if the rule changed.
- Add CONTRIBUTING note: new public SDK methods require a matching
  contract case (alias methods included, so alias rewires can't
  silently slip past).

Snapshot-staleness detector (cr round 1 suggestion #3) filed as a
follow-up issue — scope-appropriate since it's a new CI workflow
rather than a change to this test.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
justin-layerv added a commit that referenced this pull request Apr 24, 2026
@justin-layerv @claude
test+script: address cr round 5 — actionable diagnostics
e39ff2c 
cr round 5 (Approved, non-blocking) findings I acted on:

- Completeness test: replace vitest's default set-diff with a
  custom remediation message. On drift, it names the offending
  method AND tells the contributor what to do: "add to
  SDK_PUBLIC_METHODS + add a case" OR "add to INTERNAL_HELPERS
  if not user-facing." Saves a future-dev the five minutes of
  figuring out where to update on first encounter.
- Regen script: verify origin remote is qurl-service. Prevents
  the silent-foot-gun where someone with an unrelated repo at
  ../qurl-service that happens to contain api/openapi.yaml
  (or a fork) snapshots from the wrong source. The header SHA
  would otherwise be from the fork, not upstream.

Skipped per cr's explicit guidance:
  - #2 (throw-vs-expect) — cr: "probably the right tradeoff"
  - #3 (second-page cursor) — cr: "no coverage gap … consistent
    with the CONTRIBUTING.md scope note"
  - #5 (mockOk in test-helpers) — cr: "not worth churning for"

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@github-actions github-actions Bot force-pushed the release-please--branches--main--components--qurl branch 2 times, most recently from 996c217 to ec0bb40 Compare April 27, 2026 02:53
justin-layerv added a commit that referenced this pull request Apr 27, 2026
@justin-layerv @claude
fix: address review — empty-string timing fields, IPv6 comment, suspi…
79e8f4b 
…cious-batch logs

5 items + 2 coverage gaps from the latest cr round.

### Concerns

1. **Empty-string handling on timing fields.** `update({ extend_by: "" })`
   and `mintLink({ expires_in: "" })` previously round-tripped to the API
   as `{"extend_by": ""}`, hitting either the mutual-exclusion check
   (because `"" !== undefined`) or the server's duration parser. Both
   write surfaces now reject empty-string timing fields with a structured
   `ValidationError` — `description: ""` keeps its documented
   clear-the-field semantic. Three new tests: rejection on each surface
   plus a positive test locking in `description: ""` round-trips.

2. **Conflicting IPv6 hostname comment.** Tightened the outer comment
   that said `URL.hostname` strips IPv6 brackets — the inner comment
   correctly notes Node returns hosts WITH brackets, and the code
   handles both forms. Outer comment now points at the inner block
   instead of contradicting it.

4. **`request_id` shadowing debug log.** Added a both-fields-present
   debug log in `batchCreate` mirroring `mapQurlsField`'s pattern.
   If the server ever puts `request_id` on both `data` and `meta`,
   operators see the divergence rather than learning about it via
   support-ticket archaeology.

5. **Empty BatchCreateOutput debug log.** Added a debug log in
   `validateBatchCreateResponse` for the `succeeded: 0, failed: 0,
   results: []` case — shape-valid but suspicious (the SDK definitely
   sent items). Keeps the response valid; surfaces the anomaly.

### Coverage

- **list-side `mapQurlsField` mapping.** Test asserts list items
  containing wire-format `qurls` map to `access_tokens` consistently.
  Locks in the defensive `data.map(mapQurlsField)` in `list()`.

### No action

- **#3 RFC 3339 client-side parse for `expires_at`.** Reviewer marked
  optional ("if you ever want a tiny sanity check"). Keeping the
  duration-parser stance: server is authoritative.
- **#6 `requireValidTags` empty-array semantics.** Reviewer noted as
  intentional and well-supported by existing test.
- **#7 `Number.isFinite` for `maxRetries` null-coverage.** Reviewer
  confirmed the `?? DEFAULT_MAX_RETRIES` chain already handles null.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@justin-layerv justin-layerv mentioned this pull request Apr 27, 2026
Open
@github-actions github-actions Bot force-pushed the release-please--branches--main--components--qurl branch from ec0bb40 to d6d3606 Compare April 29, 2026 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

autorelease: pending

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants