Skip to content

fix(export,import): validate --module flag value before execution#266

Merged
cs-raj merged 3 commits into
v2-devfrom
fix/DX-9444
Jul 3, 2026
Merged

fix(export,import): validate --module flag value before execution#266
cs-raj merged 3 commits into
v2-devfrom
fix/DX-9444

Conversation

@cs-raj

@cs-raj cs-raj commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Summary

  • --module flag in cm:stacks:export and cm:stacks:import now validates its value at parse time using OCLIF's options constraint
  • Passing an invalid module name (e.g. --module foo) immediately prints a clear error listing all valid options instead of proceeding and failing with an opaque internal error
  • Unit tests added for both export and import packages to assert the flag options list

Problem

When running either command with an unrecognised module name, the CLI accepted the value without complaint, proceeded past flag parsing, and only failed deep inside startModuleExport / startModuleImport when it attempted await import('./<moduleName>') on a file that didn't exist. The resulting error was confusing and gave no hint about what values are valid.

Root Cause

Both --module flag definitions were plain flags.string() with no options constraint:

// before
module: flags.string({ description: '...' })

OCLIF only performs enum validation when options is provided.

Fix

Added options: [...] to the module flag in both command files:

// after
module: flags.string({
  description: '...',
  options: ['stack', 'assets', 'locales', 'environments', ...],
})

Now the framework rejects invalid values immediately:

Expected --module=foo to be one of: stack, assets, locales, environments,
extensions, webhooks, global-fields, entries, content-types, custom-roles,
workflows, publishing-rules, labels, marketplace-apps, taxonomies,
personalize, composable-studio

Files Changed

File Change
packages/contentstack-export/src/commands/cm/stacks/export.ts Added options array to module flag (17 valid modules)
packages/contentstack-import/src/commands/cm/stacks/import.ts Added options array to module flag (18 valid modules, incl. variant-entries)
packages/contentstack-export/test/unit/commands/cm/stacks/export.test.ts New — unit tests for export command module flag options
packages/contentstack-import/test/unit/commands/cm/stacks/import.test.ts Added 3 tests for module flag options validation

@cs-raj cs-raj requested a review from a team as a code owner July 3, 2026 10:19
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 73 25 ✅ Passed
🟡 Medium Severity 0 1 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 1 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 73
  • Medium without fixes: 1
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 73 25 ✅ Passed
🟡 Medium Severity 0 1 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 1 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 73
  • Medium without fixes: 1
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the UX of the cm:stacks:export and cm:stacks:import commands by constraining the --module flag to a known set of module names so invalid values are rejected during flag parsing (instead of failing later during dynamic module loading).

Changes:

  • Added options: [...] constraints to the --module flag for both export and import commands.
  • Added/updated unit tests to assert the presence and contents of the module flag options list.
  • Updated lockfile (and talisman checksum) as part of dependency resolution.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
packages/contentstack-export/src/commands/cm/stacks/export.ts Adds an options allowlist to validate --module values during parsing.
packages/contentstack-import/src/commands/cm/stacks/import.ts Adds an options allowlist to validate --module values during parsing (includes variant-entries).
packages/contentstack-export/test/unit/commands/cm/stacks/export.test.ts New unit tests asserting module flag options exist and contain expected modules.
packages/contentstack-import/test/unit/commands/cm/stacks/import.test.ts Adds unit tests asserting module flag options exist and contain expected modules.
pnpm-lock.yaml Updates resolved dependency versions (includes more than just the OCLIF-related bump).
.talismanrc Updates the stored checksum for pnpm-lock.yaml ignore configuration.
Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/contentstack-export/src/commands/cm/stacks/export.ts
Comment thread packages/contentstack-import/src/commands/cm/stacks/import.ts
Comment thread pnpm-lock.yaml
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 73 25 ✅ Passed
🟡 Medium Severity 0 1 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 1 90 / 365 days ⚠️ Warning
🔵 Low 0 0 180 / 365 days ✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

  • Critical without fixes: 0
  • High without fixes: 73
  • Medium without fixes: 1
  • Low without fixes: 0

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.

@cs-raj cs-raj merged commit efaaf46 into v2-dev Jul 3, 2026
10 checks passed
@cs-raj cs-raj deleted the fix/DX-9444 branch July 3, 2026 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants