You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Refactoring] Extract config-audit persistence and cleanup closure from createMainAction in src/commands/main-action.ts (follow-
[Content truncated due to length] #5822
After #3019 and #3227, several concerns were correctly extracted (preflight validation → ./preflight, signal handling → ./signal-handler, workflow execution → ../cli-workflow). However the mainAction closure remains 185 lines and still handles mixed concerns:
Lines
Block
Responsibility
44–78
Argument processing
Single vs. multi-arg shell handling
80–84
Config precedence + validation
Calls applyConfigFilePrecedence and validateOptions
Redacts secrets, writes awf-resolved-config.json artifact to disk
148–184
Cleanup closure definition
36-line performCleanup closure capturing 3 local variables
186–192
Signal handler registration
Wires performCleanup into registerSignalHandlers
194–220
Workflow execution + exit
Delegates to runMainWorkflow and calls process.exit
The config-audit block (lines 107–135, ~28 lines) and the DinD probe block (lines 90–105, ~15 lines) are self-contained and have no dependencies on the cleanup closure or signal handler registration that follow.
Proposed Split
Extract persistConfigAuditArtifact(config, redactedConfig) (~28 lines) — writes the redacted config JSON to the audit dir; callers become a single function call
Extract buildCleanupFn(config, getContainersStarted, getHostIptablesSetup) or inline the cleanup body into ./signal-handler — the 36-line closure is a natural sibling of registerSignalHandlers
Consider extracting the DinD probe + bootstrap block into a helper such as applyDindProbeResult(config)
Affected Callers
grep -rn "from.*main-action" src/ 2>/dev/null
Output: only src/cli.ts (line 4) and src/commands/main-action.test.ts (line 18) import from this file. The public API (createMainAction) is unchanged.
Effort Estimate
Low-Medium — the config-audit extraction is purely mechanical. The cleanup closure extraction requires threading its captured variables as parameters.
Benefits
Config artifact persistence can be unit-tested without standing up the full action handler
The signal-handler + cleanup relationship is made explicit in one place
Reduces the primary action closure to a ~100-line orchestration sequence
Detected by Refactoring Scanner workflow. Run date: 2026-07-02 Prior related issues: #3019, #3227 (both closed: completed)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpg
To allow these domains, add them to the network.allowed list in your workflow frontmatter:
Refactoring Opportunity
Summary
src/commands/main-action.tsmainActionclosure withincreateMainAction— 185 lines (lines 44–227)src/commands/main-action.tsinto focused validation and orchestration modules #3227 (closed: completed)Evidence
After #3019 and #3227, several concerns were correctly extracted (preflight validation →
./preflight, signal handling →./signal-handler, workflow execution →../cli-workflow). However themainActionclosure remains 185 lines and still handles mixed concerns:applyConfigFilePrecedenceandvalidateOptionsawf-resolved-config.jsonartifact to diskperformCleanupclosure capturing 3 local variablesperformCleanupintoregisterSignalHandlersrunMainWorkflowand callsprocess.exitThe config-audit block (lines 107–135, ~28 lines) and the DinD probe block (lines 90–105, ~15 lines) are self-contained and have no dependencies on the cleanup closure or signal handler registration that follow.
Proposed Split
persistConfigAuditArtifact(config, redactedConfig)(~28 lines) — writes the redacted config JSON to the audit dir; callers become a single function callbuildCleanupFn(config, getContainersStarted, getHostIptablesSetup)or inline the cleanup body into./signal-handler— the 36-line closure is a natural sibling ofregisterSignalHandlersapplyDindProbeResult(config)Affected Callers
Output: only
src/cli.ts(line 4) andsrc/commands/main-action.test.ts(line 18) import from this file. The public API (createMainAction) is unchanged.Effort Estimate
Low-Medium — the config-audit extraction is purely mechanical. The cleanup closure extraction requires threading its captured variables as parameters.
Benefits
Detected by Refactoring Scanner workflow. Run date: 2026-07-02
Prior related issues: #3019, #3227 (both closed: completed)
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.