Skip to content

[AAASM-4339] πŸ”’ (examples): Scenario manifest hygiene β€” exact pins + js-yaml types#244

Merged
Chisanan232 merged 3 commits into
masterfrom
v0.0.1/AAASM-4339/scenario_manifest_hygiene
Jul 9, 2026
Merged

[AAASM-4339] πŸ”’ (examples): Scenario manifest hygiene β€” exact pins + js-yaml types#244
Chisanan232 merged 3 commits into
masterfrom
v0.0.1/AAASM-4339/scenario_manifest_hygiene

Conversation

@Chisanan232

Copy link
Copy Markdown
Contributor

What changed

Two residual manifest-hygiene fixes in the scenarios tree (LOW), following AAASM-4333:

  1. Exact-pin live-core-enforcement β€” replaced the bare agent-assembly>=0.0.1rc3 floors in scenarios/live-core-enforcement/python-agent/Dockerfile and scenarios/live-core-enforcement/README.md with the ecosystem's canonical ==0.0.1rc3 exact pin, matching every other example and the repo's never-bare->= rule.
  2. Aligned js-yaml runtime + types β€” the approval-gates and policy-enforcement node scenarios pinned js-yaml ^5.2.1 (runtime) but @types/js-yaml ^4.0.9 (types), a major mismatch. Investigation (npm view js-yaml@5.2.1) shows js-yaml 5.x ships its own bundled declarations (types: ./dist/js-yaml.d.ts in both the types field and exports), and no ^5 @types/js-yaml is published (max is 4.0.9). So the @types/js-yaml devDep is both redundant and mismatched β€” removed it from both manifests and refreshed the lockfiles.

Grep-sweep result: grep -rn 'agent-assembly>=' . found 3 hits β€” the 2 live-core-enforcement files above (fixed) and verification-reports/AAASM-2262-verify-python-examples.md (a historical verification report quoting a past pyproject.toml state, not a live install/pin β€” left as-is). Post-fix sweep of scenarios/ is clean.

Related ticket

Closes AAASM-4339

How to verify

  • grep -rn 'agent-assembly>=' scenarios/ β†’ no results.
  • Both package.json are valid JSON and no longer list @types/js-yaml; js-yaml ^5.2.1 remains.
  • pnpm typecheck (tsc --noEmit) passes in both scenarios/approval-gates/node and scenarios/policy-enforcement/node with @types/js-yaml removed, confirming js-yaml 5.x self-typing.
  • Lockfiles regenerated with pnpm 10 (matching CI's pnpm/action-setup version: 10); diff is limited to the @types/js-yaml removal (plus additive libc platform metadata) β€” no esbuild/vite/version churn.

Checklist

  • PR title follows [AAASM-XXXX] <GitEmoji> (<scope>): <summary>
  • No secrets, API keys, or .env files committed
  • Example sub-projects include their own README.md with prerequisites and run instructions
  • SDK/runtime version dependencies are documented or pinned

πŸ€– Generated with Claude Code

https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz

Chisanan232 and others added 2 commits July 9, 2026 12:41
Replace bare agent-assembly>=0.0.1rc3 floors in the
live-core-enforcement Dockerfile and README with the ecosystem's
canonical ==0.0.1rc3 exact pin, matching the other examples and the
repo never-bare->= rule.

Refs AAASM-4339

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
js-yaml 5.x ships its own bundled type declarations (types +
exports.types), so the @types/js-yaml ^4.0.9 devDep was both
redundant and a major mismatch against the ^5.2.1 runtime (no ^5
@types is published). Remove @types/js-yaml from the approval-gates
and policy-enforcement node scenarios and refresh their lockfiles;
tsc --noEmit passes in both.

Refs AAASM-4339

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
@Chisanan232

Copy link
Copy Markdown
Contributor Author

Claude Code review β€” AAASM-4339

Verdict: approve-ready βœ…

CI: βœ… green β€” 23/23 checks passed.

Scope β€” fully covers both AC items:

  1. Bare >= pins removed: scenarios/live-core-enforcement/ Dockerfile + README agent-assembly>=0.0.1rc3 β†’ exact ==0.0.1rc3, matching the ecosystem canonical form. Grep-sweep of the branch confirms the only remaining bare agent-assembly>= is in verification-reports/AAASM-2262-*.md (historical, correctly left).
  2. @types/js-yaml mismatch resolved by removal: dropped from both scenarios/approval-gates/node and scenarios/policy-enforcement/node package.json (+ lockfiles). Verified npm view js-yaml@5.2.1 self-types β€” it ships types: ./dist/js-yaml.d.ts and an exports["."].types entry β€” so the v4 @types devDep was both redundant and version-mismatched. No @types/js-yaml remains anywhere in the tree. Both manifests still pin runtime js-yaml ^5.2.1.

Side-effects: clean.

  • tsc --noEmit runs green in both scenarios (exit 0, zero diagnostics) with @types/js-yaml gone and js-yaml's bundled .d.ts resolving the import * as yaml from "js-yaml" / yaml.load / yaml.CORE_SCHEMA usages (skipLibCheck: true).
  • Lockfiles regenerated with lockfileVersion: 9.0 (pnpm-10); the security pnpm.overrides are intact β€” esbuild: '>=0.28.1' still present in overrides and esbuild 0.28.1 resolved in the lock, not reverted. The only other lock churn is additive libc: fields on rollup optionals (expected from the newer pnpm).
  • JSON/TOML valid.

No changes requested.

β€” Claude Code review

…cenario_manifest_hygiene

# Conflicts:
#	scenarios/approval-gates/node/package.json
#	scenarios/approval-gates/node/pnpm-lock.yaml
#	scenarios/policy-enforcement/node/package.json
#	scenarios/policy-enforcement/node/pnpm-lock.yaml
@sonarqubecloud

sonarqubecloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

@Chisanan232

Copy link
Copy Markdown
Contributor Author

Conflict resolved β€” synced with latest base

Base moved (408cbf0β†’a14273e) and touched the same 2 node scenarios via AAASM-4349 (pnpm scope @agent-assembly-examples/*β†’@examples/*) + Dependabot (@types/node 26.1.0β†’26.1.1), colliding with this PR's @types/js-yaml removal + lock regen.

Resolution (merged origin/master in, non-force):

  • package.json Γ—2 β€” kept base's @examples/* name + @types/node ^26.1.1, reapplied this PR's @types/js-yaml removal (js-yaml@5.2.1 self-types).
  • pnpm-lock.yaml Γ—2 β€” regenerated with pnpm 10 (corepack) to preserve the esbuild >=0.28.1 security override (pnpm 11 drops pnpm.overrides); @types/js-yaml gone, esbuild override intact.

Verified: tsc --noEmit exit 0 in both scenarios; esbuild override present; no residual conflict markers; net diff vs base is only the intended 4339 delta (6 files, +28/βˆ’20). mergeable=MERGEABLE. β€” Claude Code

@Chisanan232 Chisanan232 merged commit d51195d into master Jul 9, 2026
24 checks passed
@Chisanan232 Chisanan232 deleted the v0.0.1/AAASM-4339/scenario_manifest_hygiene branch July 9, 2026 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant