Skip to content

[rush] Add stricter changefile validation to ensure changefiles target extant, correct projects.#5715

Merged
iclanton merged 18 commits intomicrosoft:mainfrom
iclanton:stricter-rush-change-verification
Apr 16, 2026
Merged

[rush] Add stricter changefile validation to ensure changefiles target extant, correct projects.#5715
iclanton merged 18 commits intomicrosoft:mainfrom
iclanton:stricter-rush-change-verification

Conversation

@iclanton
Copy link
Copy Markdown
Member

@iclanton iclanton commented Mar 21, 2026
edited
Loading

Summary

AI coding agents occasionally create change files with incorrect project names — for example, targeting @microsoft/rush-lib instead of the lockstep driving project @microsoft/rush, or referencing a misspelled/nonexistent package. These mistakes can slip through rush change --verify undetected.

This PR adds stricter validation for change files, gated behind a new strictChangefileValidation experiment. When enabled, rush change --verify will report errors if change files reference projects that don't exist in the Rush configuration, or if they target a non-main project in a lockstepped version policy. A new --verify-all flag is also added to retroactively validate all change files in the repository.

Details

New experiment: strictChangefileValidation

When enabled in experiments.json, ChangeFiles.validateAsync() performs two additional checks on each package name found in change files:

  1. Nonexistent project — errors if the packageName doesn't match any project in rush.json
  2. Non-main lockstep project — errors if the project belongs to a lockstepped version policy with a mainProject set, but the change file targets a different (non-driving) project in that policy

Error messages include the specific file path(s) that contain the problematic references.

New flag: rush change --verify-all

While --verify only checks change files that are new on the current branch (via git diff), --verify-all loads every change file from common/changes/ and runs the same validation. This is useful for retroactively catching stale or incorrect change files that were merged before the experiment was enabled.

The validation is gated behind the experiment flag so this is a fully opt-in, non-breaking change.

How it was tested

  • Added 5 unit tests for the strict validation logic in ChangeFiles.test.ts:
    • Throws for nonexistent project
    • Throws for non-main lockstep project
    • Does not throw for the main lockstep project
    • Does not throw when lockstep policy has no mainProject
    • Does not throw when experiment is disabled
  • Added 3 JSON test fixtures under src/logic/test/strictValidation/
  • Updated CLI help snapshots for the new --verify-all parameter

Impacted documentation

@github-project-automation github-project-automation bot moved this to Needs triage in Bug Triage Mar 21, 2026
@iclanton iclanton changed the title [ [rush] Add stricter changefile validation to ensure changefiles target extant, correct projects. Mar 21, 2026
bmiddha
bmiddha approved these changes Apr 15, 2026
View reviewed changes
Comment thread libraries/rush-lib/src/schemas/experiments.schema.json Outdated
Comment thread libraries/rush-lib/src/logic/test/ChangeFiles.test.ts Outdated
iclanton and others added 18 commits April 15, 2026 20:52
@iclanton
Add stricter verification to 'rush change --verify' to disallow chang…
b50eb9d 
…efiles for nonexistent projects.
@iclanton
Add unit tests for the new change validation feature.
f77430b
@iclanton
Refactor changefile validation to be async.
4a3d53b
@iclanton
Add a --verify-all flag to rush change.
1884c6f
@iclanton
Improve verification logging.
6fa06b6
@iclanton
Snapshot test output.
3c89b69
@iclanton
Rush change.
8b94349
@iclanton
fixup! Add a --verify-all flag to rush change.
4feab65
@iclanton
fixup! Snapshot test output.
e8a4776
@iclanton
Copilot WIP
53b35e3
@iclanton
fixup! Copilot WIP
bb974cc
@iclanton
Refactor ChangeFiles API.
686f004
@iclanton
Minor cleanup.
207d48c
@iclanton
fixup! Snapshot test output.
452cd32
@iclanton @bmiddha
fixup! Add stricter verification to 'rush change --verify' to disallo…
538cdf3 
…w changefiles for nonexistent projects.

Co-authored-by: Bharat Middha <5100938+bmiddha@users.noreply.github.com>
@iclanton
fixup! Snapshot test output.
c808c23
@iclanton
Use better convention in testing asny code.
2f2c699
@iclanton @claude
Hoist file path consts to describe block scope in ChangeFiles.test.ts.
53bf5d3 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@iclanton iclanton force-pushed the stricter-rush-change-verification branch from 1fb858c to 53bf5d3 Compare April 16, 2026 04:10
@iclanton iclanton enabled auto-merge (squash) April 16, 2026 04:14
@iclanton iclanton merged commit b5625d8 into microsoft:main Apr 16, 2026
6 checks passed
@github-project-automation github-project-automation bot moved this from Needs triage to Closed in Bug Triage Apr 16, 2026
@iclanton iclanton deleted the stricter-rush-change-verification branch April 16, 2026 04:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bmiddha bmiddha bmiddha approved these changes

@octogonz octogonz Awaiting requested review from octogonz octogonz is a code owner

@apostolisms apostolisms Awaiting requested review from apostolisms apostolisms is a code owner

@dmichon-msft dmichon-msft Awaiting requested review from dmichon-msft dmichon-msft is a code owner

@jxanthony jxanthony Awaiting requested review from jxanthony jxanthony is a code owner

Assignees

No one assigned

Labels

None yet

Projects

Bug Triage
Status: Closed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iclanton @bmiddha