feat(manifest): --facts mode emits Socket facts JSON for Gradle projects (REA-442)

.config/rollup.dist.config.mjs

@@ -79,6 +79,15 @@ async function copyInitGradle() {
   await fs.copyFile(filepath, destPath)
 }
 
+async function copySocketFactsInitGradle() {
+  const filepath = path.join(
+    constants.srcPath,
+    'commands/manifest/socket-facts.init.gradle',
+  )
+  const destPath = path.join(constants.distPath, 'socket-facts.init.gradle')
+  await fs.copyFile(filepath, destPath)
+}
+
 async function copyBashCompletion() {
   const filepath = path.join(
     constants.srcPath,
@@ -458,6 +467,7 @@ export default async () => {
           async writeBundle() {
             await Promise.all([
               copyInitGradle(),
+              copySocketFactsInitGradle(),
               copyBashCompletion(),
               updatePackageJson(),
               // Remove dist/vendor.js.map file.

.github/workflows/e2e-tests.yml

@@ -65,6 +65,18 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
 
+      # Required by socket-facts-init-gradle.e2e.test.mts — exercises the
+      # `socket manifest gradle --facts` init script against real Gradle.
+      # Without these the test auto-skips.
+      - uses: actions/setup-java@c1e323688fd81a25caa38c78aa6df2d33d3e20d9 # v4
+        with:
+          distribution: temurin
+          java-version: '21'
+
+      - uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
+        with:
+          gradle-version: '9.2.1'
+
       - name: Download sfw-free
         shell: bash
         env:

.gitignore

@@ -21,6 +21,13 @@ Thumbs.db
 test/fixtures/commands/fix/e2e-test-js-temp-*
 test/fixtures/commands/fix/e2e-test-py-temp-*
 
+# Generated by `socket manifest gradle --facts` integration runs.
+test/fixtures/commands/manifest/gradle-facts/**/.gradle/
+test/fixtures/commands/manifest/gradle-facts/**/build/
+test/fixtures/commands/manifest/gradle-facts/**/.socket.facts.json
+test/fixtures/commands/manifest/gradle-facts/**/pom.xml
+test/fixtures/commands/manifest/gradle-facts/**/local.properties
+
 /.claude/*
 !/.claude/agents/
 !/.claude/commands/

src/commands/manifest/cmd-manifest-gradle.mts

@@ -3,6 +3,7 @@ import path from 'node:path'
 import { debugFn } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
+import { convertGradleToFacts } from './convert-gradle-to-facts.mts'
 import { convertGradleToMaven } from './convert_gradle_to_maven.mts'
 import constants, { REQUIREMENTS_TXT, SOCKET_JSON } from '../../constants.mts'
 import { commonFlags } from '../../flags.mts'
@@ -28,6 +29,11 @@ const config: CliCommandConfig = {
       type: 'string',
       description: 'Location of gradlew binary to use, default: CWD/gradlew',
     },
+    facts: {
+      type: 'boolean',
+      description:
+        'Emit a Socket facts JSON file (`.socket.facts.json`) describing the resolved dependency graph instead of generating `pom.xml` files',
+    },
     gradleOpts: {
       type: 'string',
       description:
@@ -110,7 +116,7 @@ async function run(
     sockJson?.defaults?.manifest?.gradle,
   )
 
-  let { bin, gradleOpts, verbose } = cli.flags
+  let { bin, facts, gradleOpts, verbose } = cli.flags
 
   // Set defaults for any flag/arg that is not given. Check socket.json first.
   if (!bin) {
@@ -140,6 +146,14 @@ async function run(
       verbose = false
     }
   }
+  if (facts === undefined) {
+    if (sockJson.defaults?.manifest?.gradle?.facts !== undefined) {
+      facts = sockJson.defaults?.manifest?.gradle?.facts
+      logger.info(`Using default --facts from ${SOCKET_JSON}:`, facts)
+    } else {
+      facts = false
+    }
+  }
 
   if (verbose) {
     logger.group('- ', parentName, config.commandName, ':')
@@ -175,13 +189,25 @@ async function run(
     return
   }
 
+  const parsedGradleOpts = String(gradleOpts || '')
+    .split(' ')
+    .map(s => s.trim())
+    .filter(Boolean)
+
+  if (facts) {
+    await convertGradleToFacts({
+      bin: String(bin),
+      cwd,
+      gradleOpts: parsedGradleOpts,
+      verbose: Boolean(verbose),
+    })
+    return
+  }
+
   await convertGradleToMaven({
     bin: String(bin),
     cwd,
-    gradleOpts: String(gradleOpts || '')
-      .split(' ')
-      .map(s => s.trim())
-      .filter(Boolean),
+    gradleOpts: parsedGradleOpts,
     verbose: Boolean(verbose),
   })
 }

src/commands/manifest/cmd-manifest-gradle.test.mts

@@ -24,6 +24,7 @@ describe('socket manifest gradle', async () => {
 
           Options
             --bin               Location of gradlew binary to use, default: CWD/gradlew
+            --facts             Emit a Socket facts JSON file (\`.socket.facts.json\`) describing the resolved dependency graph instead of generating \`pom.xml\` files
             --gradle-opts       Additional options to pass on to ./gradlew, see \`./gradlew --help\`
             --verbose           Print debug messages
 
@@ -85,4 +86,22 @@ describe('socket manifest gradle', async () => {
       expect(code, 'dry-run should exit with code 0 if input ok').toBe(0)
     },
   )
+
+  cmdit(
+    ['manifest', 'gradle', '--facts', FLAG_DRY_RUN, FLAG_CONFIG, '{}'],
+    'should accept --facts with dry-run',
+    async cmd => {
+      const { code, stderr, stdout } = await spawnSocketCli(binCliPath, cmd)
+      expect(stdout).toMatchInlineSnapshot(`"[DryRun]: Bailing now"`)
+      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
+        "
+           _____         _       _        /---------------
+          |   __|___ ___| |_ ___| |_      | CLI: <redacted>
+          |__   | * |  _| '_| -_|  _|     | token: <redacted>, org: <redacted>
+          |_____|___|___|_,_|___|_|.dev   | Command: \`socket manifest gradle\`, cwd: <redacted>"
+      `)
+
+      expect(code, '--facts --dry-run should exit with code 0').toBe(0)
+    },
+  )
 })

src/commands/manifest/cmd-manifest-kotlin.mts

@@ -3,6 +3,7 @@ import path from 'node:path'
 import { debugFn } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
+import { convertGradleToFacts } from './convert-gradle-to-facts.mts'
 import { convertGradleToMaven } from './convert_gradle_to_maven.mts'
 import constants, { REQUIREMENTS_TXT, SOCKET_JSON } from '../../constants.mts'
 import { commonFlags } from '../../flags.mts'
@@ -33,6 +34,11 @@ const config: CliCommandConfig = {
       type: 'string',
       description: 'Location of gradlew binary to use, default: CWD/gradlew',
     },
+    facts: {
+      type: 'boolean',
+      description:
+        'Emit a Socket facts JSON file (`.socket.facts.json`) describing the resolved dependency graph instead of generating `pom.xml` files',
+    },
     gradleOpts: {
       type: 'string',
       description:
@@ -115,7 +121,7 @@ async function run(
     sockJson?.defaults?.manifest?.gradle,
   )
 
-  let { bin, gradleOpts, verbose } = cli.flags
+  let { bin, facts, gradleOpts, verbose } = cli.flags
 
   // Set defaults for any flag/arg that is not given. Check socket.json first.
   if (!bin) {
@@ -145,6 +151,14 @@ async function run(
       verbose = false
     }
   }
+  if (facts === undefined) {
+    if (sockJson.defaults?.manifest?.gradle?.facts !== undefined) {
+      facts = sockJson.defaults?.manifest?.gradle?.facts
+      logger.info(`Using default --facts from ${SOCKET_JSON}:`, facts)
+    } else {
+      facts = false
+    }
+  }
 
   if (verbose) {
     logger.group('- ', parentName, config.commandName, ':')
@@ -180,13 +194,25 @@ async function run(
     return
   }
 
+  const parsedGradleOpts = String(gradleOpts || '')
+    .split(' ')
+    .map(s => s.trim())
+    .filter(Boolean)
+
+  if (facts) {
+    await convertGradleToFacts({
+      bin: String(bin),
+      cwd,
+      gradleOpts: parsedGradleOpts,
+      verbose: Boolean(verbose),
+    })
+    return
+  }
+
   await convertGradleToMaven({
     bin: String(bin),
     cwd,
-    gradleOpts: String(gradleOpts || '')
-      .split(' ')
-      .map(s => s.trim())
-      .filter(Boolean),
+    gradleOpts: parsedGradleOpts,
     verbose: Boolean(verbose),
   })
 }

src/commands/manifest/cmd-manifest-kotlin.test.mts

@@ -24,6 +24,7 @@ describe('socket manifest kotlin', async () => {
 
           Options
             --bin               Location of gradlew binary to use, default: CWD/gradlew
+            --facts             Emit a Socket facts JSON file (\`.socket.facts.json\`) describing the resolved dependency graph instead of generating \`pom.xml\` files
             --gradle-opts       Additional options to pass on to ./gradlew, see \`./gradlew --help\`
             --verbose           Print debug messages
 
@@ -85,4 +86,22 @@ describe('socket manifest kotlin', async () => {
       expect(code, 'dry-run should exit with code 0 if input ok').toBe(0)
     },
   )
+
+  cmdit(
+    ['manifest', 'kotlin', '--facts', FLAG_DRY_RUN, FLAG_CONFIG, '{}'],
+    'should accept --facts with dry-run',
+    async cmd => {
+      const { code, stderr, stdout } = await spawnSocketCli(binCliPath, cmd)
+      expect(stdout).toMatchInlineSnapshot(`"[DryRun]: Bailing now"`)
+      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
+        "
+           _____         _       _        /---------------
+          |   __|___ ___| |_ ___| |_      | CLI: <redacted>
+          |__   | * |  _| '_| -_|  _|     | token: <redacted>, org: <redacted>
+          |_____|___|___|_,_|___|_|.dev   | Command: \`socket manifest kotlin\`, cwd: <redacted>"
+      `)
+
+      expect(code, '--facts --dry-run should exit with code 0').toBe(0)
+    },
+  )
 })