feat: config foundation — extends, zod validation, concurrency, barrelAllowlist by aidenybai · Pull Request #287 · millionco/react-doctor

aidenybai · 2026-05-17T07:13:48Z

First of a three-PR split of #286 ("Support mature-codebase adoption workflows natively"). This one lands the foundational config surface; the next two stack on top of it.

Why this PR exists

Three independent config knobs grouped on a shared zod-based validator. None of these change the scan execution path — they affect config loading, project orchestration, and one rule's allowlist.

What's in it

`extends` — config inheritance

{
  "extends": ["../../react-doctor.base.json"],
  "customRulesOnly": true
}

One or more parent configs, string or string array. Each parent can itself extend further.
Cycle and depth guards (max 16) keep pathological configs from hanging the loader.
Semantics match tsconfig / eslint: later entries override earlier ones on scalar conflicts; arrays concat + dedupe; nested objects merge field-by-field; the current config always wins over anything it extends.
Tests cover deep chains, missing parents, array concat, and cycle breakage through symlinked directories.

zod-based validation framework

Replaces ~280 lines of hand-rolled typeof === "..." / Array.isArray / isPlainObject checks in validate-config-types.ts with a declarative zod schema map.

One FieldDescriptor entry per ReactDoctorConfig field ({ expectedDescription, schema }).
One parseFieldOrWarn helper preserves the exact stderr message shape the existing --json mode and the 14 validate-config-types tests rely on (config field "X" must be …; ignoring this field).
filteringArrayTransform higher-order helper unifies the drop-and-warn-but-keep-valid-siblings semantics across extends, barrelAllowlist, and the surface include/exclude lists.
8 boolean fields generated from a single array instead of being hand-spelled three times each.
zod ^4 added as a dependency of @react-doctor/core.

`concurrency` — parallel runner

react-doctor . --concurrency 4

--concurrency <n> CLI flag + top-level concurrency config field.
Workspace projects scan in parallel via runWithConcurrency (output ordering preserved).
Default 1; clamped to [1, 32].

`barrelAllowlist` — `no-barrel-import` allowlist

{
  "barrelAllowlist": ["packages/*/src/index.ts", "src/components/ui/index.ts"]
}

Globs matched against the resolved barrel index file's project-relative path.
The rule reads the list from plugin settings and skips reports against any matching barrel.
Differs from ignore.overrides[].rules: this keys on the imported barrel path (one entry exempts every importer), whereas the override system keys on the importer (one entry per importer file).

Stats

20 new tests across extends-config, merge-configs, validate-config-types, matches-barrel-allowlist, and run-with-concurrency.
All 1192 tests passing; lint / typecheck / format clean.

What's NOT in this PR

Baseline mode — in stacked PR 2.
Touched-line enforcement — in stacked PR 2.
PR comment markdown / sticky comment integration — in stacked PR 3.
action.yml knob additions for the new inputs — in stacked PRs 2/3.

Originally landed as part of #286; that PR is being closed in favor of this 3-way split.

reactreview · 2026-05-17T07:13:51Z

🔴 No new issues

0/100 (unchanged)

^{Reviewed by react-review for commit ebb1c04. Configure here.}

vercel · 2026-05-17T07:13:54Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
react-doctor-website	Ready	Preview, Comment	May 17, 2026 0:13am

Second of a three-PR split of #286. Stacked on cursor/config-foundation-675b (PR #287). Both features are scan-time filters that combine with diff mode, both extend InspectResult / JsonReport, both touch action.yml inputs. - Baseline mode: --baseline [path] / --update-baseline. Stable per-diagnostic fingerprint (plugin + rule + filepath + message; line / column intentionally excluded so unrelated edits don't break the baseline). Baseline counts surface in InspectResult.baselineDiagnostics, JsonReport.summary.baselineDiagnosticCount, and the PR comment header ("9 baseline issues, no new violations"). - Touched-line enforcement: --touched-lines. In diff or staged mode, restricts diagnostics to lines actually touched by the active diff (git diff --unified=0). DiffInfo.diffBaseRef + a HEAD baseRef for current-changes mode so staged-only edits aren't silently dropped. Hidden-by-touched-lines counts surface in the JSON report. - action.yml: baseline + touched-lines inputs alongside the existing annotations input. - 25 new tests across baseline + get-touched-lines suites. 1217 tests passing; lint / typecheck / format clean. Co-authored-by: Aiden Bai <aidenybai@users.noreply.github.com>

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit e42aee0. Configure here.}

…lAllowlist Three independent config knobs grouped on a shared zod-based validator foundation. None of these change the scan execution path - they affect config loading, project orchestration, and one rule's allowlist. - `extends`: ReactDoctorConfig grows a string | string[] field; each parent is loaded the same way the top-level config is. Cycle and depth guards keep pathological configs from hanging the loader. Semantics match tsconfig / eslint: later entries override earlier ones on scalar conflicts; arrays concat + dedupe; the current config always wins over anything it extends. - zod refactor: replace ~280 lines of hand-rolled type checks in `validate-config-types.ts` with declarative zod schemas. One descriptor table per ReactDoctorConfig field, one parseFieldOrWarn helper that preserves the exact stderr message shape the existing --json mode and the 14 validate-config-types tests rely on. Filtering record / array transforms keep the drop-and-warn-but-keep- valid-siblings semantics so a single bad entry never invalidates the whole list. - `concurrency`: --concurrency <n> CLI flag + top-level config field. Workspace projects scan in parallel via runWithConcurrency (output ordering preserved); default 1, clamped to 32. - `barrelAllowlist`: glob list matched against the resolved barrel index file's path. no-barrel-import reads it via plugin settings and skips reports against any matching barrel. Differs from ignore.overrides[].rules because it keys on the IMPORTED barrel rather than every IMPORTER. 20 new tests across extends-config, merge-configs, validate-config-types, matches-barrel-allowlist, and run-with-concurrency suites. Total 1192 tests passing. Co-authored-by: Aiden Bai <aidenybai@users.noreply.github.com>

Second of a three-PR split of #286. Stacked on cursor/config-foundation-675b (PR #287). Both features are scan-time filters that combine with diff mode, both extend InspectResult / JsonReport, both touch action.yml inputs. - Baseline mode: --baseline [path] / --update-baseline. Stable per-diagnostic fingerprint (plugin + rule + filepath + message; line / column intentionally excluded so unrelated edits don't break the baseline). Baseline counts surface in InspectResult.baselineDiagnostics, JsonReport.summary.baselineDiagnosticCount, and the PR comment header ("9 baseline issues, no new violations"). - Touched-line enforcement: --touched-lines. In diff or staged mode, restricts diagnostics to lines actually touched by the active diff (git diff --unified=0). DiffInfo.diffBaseRef + a HEAD baseRef for current-changes mode so staged-only edits aren't silently dropped. Hidden-by-touched-lines counts surface in the JSON report. - action.yml: baseline + touched-lines inputs alongside the existing annotations input. - 25 new tests across baseline + get-touched-lines suites. 1217 tests passing; lint / typecheck / format clean. Co-authored-by: Aiden Bai <aidenybai@users.noreply.github.com>

This was referenced May 17, 2026

feat: baseline mode + touched-line enforcement #288

Closed

feat: first-class PR comment markdown via --pr-comment-output #289

Closed

cursor Bot mentioned this pull request May 17, 2026

feat: support mature-codebase adoption workflows natively #286

Closed

aidenybai marked this pull request as ready for review May 17, 2026 08:37