Skip to content

[rush] Add stricter changefile validation to ensure changefiles target extant, correct projects.#5715

Open
iclanton wants to merge 8 commits intomicrosoft:mainfrom
iclanton:stricter-rush-change-verification
Open

[rush] Add stricter changefile validation to ensure changefiles target extant, correct projects.#5715
iclanton wants to merge 8 commits intomicrosoft:mainfrom
iclanton:stricter-rush-change-verification

Conversation

@iclanton
Copy link
Member

@iclanton iclanton commented Mar 21, 2026
edited
Loading

Summary

AI coding agents occasionally create change files with incorrect project names — for example, targeting @microsoft/rush-lib instead of the lockstep driving project @microsoft/rush, or referencing a misspelled/nonexistent package. These mistakes can slip through rush change --verify undetected.

This PR adds stricter validation for change files, gated behind a new strictChangefileValidation experiment. When enabled, rush change --verify will report errors if change files reference projects that don't exist in the Rush configuration, or if they target a non-main project in a lockstepped version policy. A new --verify-all flag is also added to retroactively validate all change files in the repository.

Details

New experiment: strictChangefileValidation

When enabled in experiments.json, ChangeFiles.validateAsync() performs two additional checks on each package name found in change files:

  1. Nonexistent project — errors if the packageName doesn't match any project in rush.json
  2. Non-main lockstep project — errors if the project belongs to a lockstepped version policy with a mainProject set, but the change file targets a different (non-driving) project in that policy

Error messages include the specific file path(s) that contain the problematic references.

New flag: rush change --verify-all

While --verify only checks change files that are new on the current branch (via git diff), --verify-all loads every change file from common/changes/ and runs the same validation. This is useful for retroactively catching stale or incorrect change files that were merged before the experiment was enabled.

The validation is gated behind the experiment flag so this is a fully opt-in, non-breaking change.

How it was tested

  • Added 5 unit tests for the strict validation logic in ChangeFiles.test.ts:
    • Throws for nonexistent project
    • Throws for non-main lockstep project
    • Does not throw for the main lockstep project
    • Does not throw when lockstep policy has no mainProject
    • Does not throw when experiment is disabled
  • Added 3 JSON test fixtures under src/logic/test/strictValidation/
  • Updated CLI help snapshots for the new --verify-all parameter

Impacted documentation

@github-project-automation github-project-automation bot moved this to Needs triage in Bug Triage Mar 21, 2026
@iclanton iclanton changed the title [ [rush] Add stricter changefile validation to ensure changefiles target extant, correct projects. Mar 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@octogonz octogonz Awaiting requested review from octogonz octogonz is a code owner

@apostolisms apostolisms Awaiting requested review from apostolisms apostolisms is a code owner

@dmichon-msft dmichon-msft Awaiting requested review from dmichon-msft dmichon-msft is a code owner

@jxanthony jxanthony Awaiting requested review from jxanthony jxanthony is a code owner

@bmiddha bmiddha Awaiting requested review from bmiddha bmiddha is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Bug Triage
Status: Needs triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iclanton