Skip to content

chore: migrate lint/format stack to OXC #841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
KooshaPari merged 4 commits into from
Mar 5, 2026
Merged

chore: migrate lint/format stack to OXC #841

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bcb27b6
chore: remove tracked AI artifact files
KooshaPari Mar 1, 2026
e25cb53
chore: add shared pheno devops task surface
KooshaPari Mar 2, 2026
a35f602
docs(branding): normalize cliproxyapi-plusplus naming across docs
KooshaPari Mar 3, 2026
5651fb4
chore: migrate lint/format stack to OXC
KooshaPari Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 29 additions & 2 deletions .github/workflows/docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,22 @@
name: VitePress Pages

on:
pull_request:
branches: [main]
paths:
- "docs/**"
- "package.json"
- "bun.lock"
- ".oxlintrc.json"
- ".oxfmtrc.json"
push:
branches-ignore:
- "gh-pages"
branches: [main]
paths:
- "docs/**"
- "package.json"
- "bun.lock"
- ".oxlintrc.json"
- ".oxfmtrc.json"
workflow_dispatch:

concurrency:
Expand Down Expand Up @@ -31,6 +44,20 @@ jobs:
cache: "npm"
cache-dependency-path: docs/package.json

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: latest

- name: Install OXC dependencies
run: bun install --frozen-lockfile

- name: Lint docs TS/JS with OXC
run: bun run lint

- name: Check docs TS/JS formatting with OXC
run: bun run format:check

- name: Install dependencies
working-directory: docs
run: npm install --frozen-lockfile
Comment on lines +47 to 63
Copy link

Copilot AI Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow installs dependencies twice (Bun at repo root, then npm under docs/). This is likely to add substantial CI time and can lead to confusing “which node_modules is active?” behavior. Consider consolidating onto a single package manager for docs CI (either run the Bun steps in working-directory: docs if the scripts live there, or drop the separate npm install if Bun is meant to drive the docs install/build).

Copilot uses AI. Check for mistakes.
Comment on lines 61 to 63
Copy link

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

npm install --frozen-lockfile vs npm ci documentation

💡 Result:

  • npm ci is npm’s “frozen/clean” install for CI: it requires an existing package-lock.json/npm-shrinkwrap.json, fails if the lockfile doesn’t match package.json, removes node_modules first, and never writes/updates package-lock.json or package.json. [1]
  • npm install --frozen-lockfile is not an npm option. The --frozen-lockfile flag exists in other package managers, not npm. For npm, the closest equivalent is npm ci. [1]
  • npm install installs dependencies and (when a lockfile exists) is “driven by” package-lock.json/shrinkwrap, but unlike npm ci, it’s not specifically the “immutable CI install” command and can update lockfile state as part of normal workflows. [2]
  • If you meant Yarn: yarn install --immutable is the modern “don’t modify the lockfile” behavior; --frozen-lockfile is an alias for backward compatibility. [3] (Yarn Classic docs also describe --frozen-lockfile.) [4]
  • If you meant pnpm: pnpm install --frozen-lockfile prevents lockfile updates and fails when the lockfile is out of sync (and is typically enforced in CI). [5]

Sources:
[1] npm Docs – npm ci https://docs.npmjs.com/cli/v10/commands/npm-ci/
[2] npm Docs – npm install https://docs.npmjs.com/cli/v6/commands/npm-install/
[3] Yarn Docs – yarn install (--immutable / --frozen-lockfile alias) https://yarnpkg.com/cli/install
[4] Yarn Classic Docs – --frozen-lockfile https://classic.yarnpkg.com/lang/en/docs/cli/install/
[5] pnpm docs mirror – pnpm install --frozen-lockfile behavior https://pnpm.nodejs.cn/9.x/cli/install/

🌐 Web query:

npm v10 --frozen-lockfile flag support

💡 Result:

npm v10 does not support a --frozen-lockfile flag (that flag name is used by other package managers, not npm). In npm, the “frozen lockfile” behavior is provided by npm ci. It requires an existing package-lock.json/npm-shrinkwrap.json, fails if the lockfile and package.json don’t match, removes any existing node_modules, and does not write/update the lockfile (i.e., installs are effectively “frozen”). [1]

If you use npm install instead, npm may update package-lock.json; the npm install docs describe lockfile-related behaviors/config such as package-lock / package-lock-only. [2]

Practical equivalent:

  • CI / reproducible install: npm ci [1]

Sources
[1] npm Docs – npm ci (clean install, lockfile mismatch fails, doesn’t write lockfiles) (docs.npmjs.com)
[2] npm Docs – npm install (lockfile behavior/config options; no --frozen-lockfile) (docs.npmjs.com)

Citations:

Replace npm install --frozen-lockfile with npm ci.

--frozen-lockfile is not a valid npm flag (it exists in Yarn and pnpm, not npm). For CI environments, npm ci is the correct command—it ensures reproducible installs by failing if the lockfile doesn't match package.json and never updating the lockfile. Using an unrecognized flag can cause unexpected behavior.

✅ Suggested fix 
       - name: Install dependencies
         working-directory: docs
-        run: npm install --frozen-lockfile
+        run: npm ci
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Install dependencies
working-directory: docs
run: npm install --frozen-lockfile
- name: Install dependencies
working-directory: docs
run: npm ci
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/docs.yml around lines 61 - 63, Replace the incorrect npm
flag in the GitHub Actions job step named "Install dependencies": change the run
command from "npm install --frozen-lockfile" to "npm ci" so the workflow uses
the proper CI-safe install that respects the lockfile and fails if it is out of
sync.

Expand Down
18 changes: 18 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,21 @@ cli-proxy-api-plus-integration-test
boardsync
releasebatch
.cache

# Added by Spec Kitty CLI (auto-managed)
.windsurf/
.qwen/
.augment/
.roo/
.amazonq/
.github/copilot/
.kittify/.dashboard

Comment on lines +73 to +74
Copy link

@gemini-code-assist gemini-code-assist bot Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The entry .kittify/ on line 75 ignores the entire .kittify directory, which makes the entry .kittify/.dashboard on line 67 redundant. To improve clarity and avoid redundancy, you can remove this line and one of the extra blank lines.

# AI tool artifacts
.cursor/
.kittify/
Comment on lines +73 to +77
Copy link

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Redundant ignore entry for .kittify/.dashboard.

Line 77 (.kittify/) already covers Line 73 (.kittify/.dashboard), so the dashboard-specific entry can be removed for clarity.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.gitignore around lines 73 - 77, Remove the redundant .gitignore entry
`.kittify/.dashboard` because the existing `.kittify/` rule already ignores the
entire directory; delete the specific `.kittify/.dashboard` line and keep the
broader `.kittify/` entry to simplify and avoid duplication.

.kilocode/
.github/prompts/
.github/copilot-instructions.md
.claudeignore
.llmignore
6 changes: 6 additions & 0 deletions .oxfmtrc.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"$schema": "https://oxc.rs/schemas/oxfmt.json",
"printWidth": 100,
"useTabs": false,
"indentWidth": 2
}
14 changes: 14 additions & 0 deletions .oxlintrc.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"$schema": "https://oxc.rs/schemas/oxlintrc.json",
"ignorePatterns": [
"**/node_modules/**",
"**/dist/**",
"**/.vitepress/dist/**",
"**/.vitepress/cache/**"
],
"plugins": ["typescript"],
"rules": {
"correctness": "error",
"suspicious": "error"
}
}
6 changes: 3 additions & 3 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Contributing to cliproxyapi++
# Contributing to cliproxyapi-plusplus

First off, thank you for considering contributing to **cliproxyapi++**! It's people like you who make this tool better for everyone.
First off, thank you for considering contributing to **cliproxyapi-plusplus**! It's people like you who make this tool better for everyone.

## Code of Conduct

Expand All @@ -26,7 +26,7 @@ By participating in this project, you agree to abide by our [Code of Conduct](CO

#### Which repository to use?
- **Third-party provider support**: Submit your PR directly to [kooshapari/cliproxyapi-plusplus](https://github.com/kooshapari/cliproxyapi-plusplus).
- **Core logic improvements**: If the change is not specific to a third-party provider, please propose it to the [mainline project](https://github.com/kooshapari/cliproxyapi) first.
- **Core logic improvements**: If the change is not specific to a third-party provider, please propose it to the [mainline project](https://github.com/kooshapari/cliproxyapi-plusplus) first.
Copy link

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Core-logic contribution path is currently indistinguishable from provider PR path.

Line 29 links to the same repository URL as Line 28, so the “mainline project first” instruction is unclear. Use the actual mainline URL or reword the instruction to match the intended workflow.

Proposed doc fix 
-- **Core logic improvements**: If the change is not specific to a third-party provider, please propose it to the [mainline project](https://github.com/kooshapari/cliproxyapi-plusplus) first.
+- **Core logic improvements**: For non-provider changes, open an issue/PR in this repository first (or update this link to the intended mainline repository).
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@CONTRIBUTING.md` at line 29, The "Core logic improvements" guideline
currently points to the same repository as the provider path, making the
"mainline project first" instruction ambiguous; update the "**Core logic
improvements**" line to either replace the URL with the actual mainline
repository URL (the intended target) or reword the sentence to remove the
duplicate link and clearly state the intended workflow (e.g., "Propose
core-logic changes to the mainline project first" with the correct mainline URL
or "Propose core-logic changes to the mainline project first; provider-specific
changes may be submitted here"). Ensure you edit the exact "**Core logic
improvements**" paragraph so the guidance is unambiguous.


## Governance

Expand Down
44 changes: 29 additions & 15 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,10 @@
# CLIProxyAPI++
# cliproxyapi-plusplus

Agent-native, multi-provider OpenAI-compatible proxy for production and local model routing.

## Table of Contents
This is the Plus version of [cliproxyapi-plusplus](https://github.com/kooshapari/cliproxyapi-plusplus), adding support for third-party providers on top of the mainline project.

- [Key Features](#key-features)
- [Architecture](#architecture)
- [Getting Started](#getting-started)
- [Operations and Security](#operations-and-security)
- [Testing and Quality](#testing-and-quality)
- [Documentation](#documentation)
- [Contributing](#contributing)
- [License](#license)
All third-party provider support is maintained by community contributors; cliproxyapi-plusplus does not provide technical support. Please contact the corresponding community maintainer if you need assistance.

## Key Features

Expand Down Expand Up @@ -39,8 +32,29 @@ Agent-native, multi-provider OpenAI-compatible proxy for production and local mo
### Quick Start

```bash
go build -o cliproxy ./cmd/server
./cliproxy --config config.yaml
# Create deployment directory
mkdir -p ~/cli-proxy && cd ~/cli-proxy

# Create docker-compose.yml
cat > docker-compose.yml << 'EOF'
services:
cli-proxy-api:
image: eceasy/cli-proxy-api-plus:latest
container_name: cli-proxy-api-plus
ports:
- "8317:8317"
volumes:
- ./config.yaml:/CLIProxyAPI/config.yaml
- ./auths:/root/.cli-proxy-api
- ./logs:/CLIProxyAPI/logs
restart: unless-stopped
EOF

# Download example config
curl -o config.yaml https://raw.githubusercontent.com/kooshapari/cliproxyapi-plusplus/main/config.example.yaml

# Pull and start
docker compose pull && docker compose up -d
Comment on lines +35 to +57
Copy link

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Pin Quick Start artifacts instead of floating latest/main.

On Lines [42] and [54], onboarding depends on mutable refs (:latest and main), which can break reproducibility and incident rollback.

🔧 Proposed hardening 
-    image: eceasy/cli-proxy-api-plus:latest
+    image: eceasy/cli-proxy-api-plus:${CLIPROXY_TAG:-vX.Y.Z}
@@
-curl -o config.yaml https://raw.githubusercontent.com/kooshapari/cliproxyapi-plusplus/main/config.example.yaml
+curl -o config.yaml https://raw.githubusercontent.com/kooshapari/cliproxyapi-plusplus/${CLIPROXY_TAG:-vX.Y.Z}/config.example.yaml
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 35 - 57, Replace mutable refs in the quick-start by
pinning the Docker image and the example config URL: update the docker-compose
service image reference (currently "eceasy/cli-proxy-api-plus:latest") to a
specific semantic version tag or digest, and change the curl URL that fetches
"config.example.yaml" from the GitHub "main" branch to a URL that references a
specific commit SHA or release tag; modify the README's docker-compose.yml
snippet and the curl command accordingly so onboarding pulls immutable artifacts
reproducibly (search for the image string eceasy/cli-proxy-api-plus:latest and
the URL raw.githubusercontent.com/.../main/config.example.yaml to locate the
exact lines to change).

```

### Docker Quick Start
Expand Down Expand Up @@ -85,9 +99,9 @@ npm run docs:build

## Contributing

1. Create a worktree branch.
2. Implement and validate changes.
3. Open a PR with clear scope and migration notes.
This project only accepts pull requests that relate to third-party provider support. Any pull requests unrelated to third-party provider support will be rejected.

If you need to submit any non-third-party provider changes, please open them against the [mainline](https://github.com/kooshapari/cliproxyapi-plusplus) repository.

## License

Expand Down
45 changes: 45 additions & 0 deletions Taskfile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,18 @@ tasks:
fi
staticcheck ./...

quality:oxc:
desc: "Run OXC lint + format checks for docs TypeScript/JavaScript files"
cmds:
- |
if ! command -v bun >/dev/null 2>&1; then
echo "[WARN] bun not found; skipping OXC checks"
exit 0
fi
Comment on lines +333 to +340
Copy link

@coderabbitai coderabbitai bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Do not silently skip OXC checks in CI.

Lines [337-340] currently return success when bun is missing, but Line [358] wires this task into quality:ci; this can let CI pass without running OXC gates.

✅ Proposed fix (strict in CI, permissive locally) 
   quality:oxc:
     desc: "Run OXC lint + format checks for docs TypeScript/JavaScript files"
     cmds:
       - |
         if ! command -v bun >/dev/null 2>&1; then
-          echo "[WARN] bun not found; skipping OXC checks"
-          exit 0
+          if [ "${CI:-}" = "true" ] || [ "${CI:-}" = "1" ]; then
+            echo "[FAIL] bun not found; cannot run OXC checks in CI"
+            exit 1
+          fi
+          echo "[WARN] bun not found; skipping OXC checks locally"
+          exit 0
         fi
         bun install --frozen-lockfile
         bun run lint
         bun run format:check

Also applies to: 358-358

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Taskfile.yml` around lines 333 - 340, The current quality:oxc task in
Taskfile.yml silently exits 0 when bun is missing, letting quality:ci pass
without running OXC; update the check inside the quality:oxc cmds so that when
bun is missing it fails CI but remains permissive locally: detect CI via a
standard CI env var (e.g., CI) and if set emit an error message and exit
non‑zero, otherwise print the existing warning and exit 0; reference the
quality:oxc task and the quality:ci wiring to ensure CI runs will fail when bun
is absent.

bun install --frozen-lockfile
bun run lint
bun run format:check

quality:ci:
desc: "Run non-mutating PR quality gates"
cmds:
Expand All @@ -343,6 +355,7 @@ tasks:
- task: quality:vet
- task: quality:staticcheck
- task: quality:shellcheck
- task: quality:oxc
- task: lint:changed

test:provider-smoke-matrix:test:
Expand Down Expand Up @@ -376,6 +389,38 @@ tasks:
- |
go test -run 'TestServer_StartupSmokeEndpoints|TestServer_StartupSmokeEndpoints/GET_v1_models|TestServer_StartupSmokeEndpoints/GET_v1_metrics_providers|TestServer_RoutesNamespaceIsolation|TestServer_ControlPlane_MessageLifecycle|TestServer_ControlPlane_IdempotencyKey_ReplaysResponseAndPreventsDuplicateMessages|TestServer_ControlPlane_IdempotencyKey_DifferentKeysCreateDifferentMessages' ./pkg/llmproxy/api

devops:status:
desc: "Show git status, remotes, and branch state"
cmds:
- git status --short --branch
- git remote -v
- git log --oneline -n 5

devops:check:
desc: "Run shared DevOps checks for this repository"
cmds:
- bash scripts/devops-checker.sh

devops:check:ci:
desc: "Run shared DevOps checks including CI lane"
cmds:
- bash scripts/devops-checker.sh --check-ci

devops:check:ci-summary:
desc: "Run shared DevOps checks with CI lane and JSON summary"
cmds:
- bash scripts/devops-checker.sh --check-ci --emit-summary

devops:push:
desc: "Push branch with shared helper and fallback remote behavior"
cmds:
- bash scripts/push-cliproxyapi-plusplus-with-fallback.sh {{.CLI_ARGS}}

devops:push:origin:
desc: "Push using fallback remote only (skip primary)"
cmds:
- bash scripts/push-cliproxyapi-plusplus-with-fallback.sh --skip-primary {{.CLI_ARGS}}

lint:changed:
desc: "Run golangci-lint on changed/staged files only"
cmds:
Expand Down
111 changes: 111 additions & 0 deletions bun.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading