DSACMS
diff --git a/‎.github/workflows/updateCodeJSON.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/updateCodeJSON.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 2 deletions b/‎.gitignore‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 12 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 86 additions & 39 deletions b/‎README.md‎
Lines changed: 86 additions & 39 deletions
diff --git a/‎code.json‎
Lines changed: 9 additions & 26 deletions b/‎code.json‎
Lines changed: 9 additions & 26 deletions
diff --git a/‎dist/helper.d.ts‎
Lines changed: 0 additions & 6 deletions b/‎dist/helper.d.ts‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎dist/index.d.ts‎
Lines changed: 0 additions & 1 deletion b/‎dist/index.d.ts‎
Lines changed: 0 additions & 1 deletion
@@ -22,7 +22,7 @@ jobs:
 
       - name: Update code.json
         id: generator
-        uses: DSACMS/automated-codejson-generator@sachin/jsonValidationImplementation
+        uses: DSACMS/automated-codejson-generator@v1.2.0
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ADMIN_TOKEN: ${{ secrets.ADMIN_PAT }}
 
@@ -1,5 +1,8 @@
 # Dependency directory
-node_modules
+node_modules/
+
+# Typescript build files
+dist/
 
 # Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
@@ -23,7 +26,7 @@ pids
 lib-cov
 
 # Coverage directory used by tools like istanbul
-coverage
+coverage/
 *.lcov
 
 # nyc test coverage
 
@@ -38,6 +38,18 @@ npm run package
 npm test
 ```
 
+## Validation
+
+The action uses [Zod](https://zod.dev/) for schema validation, automatically validating code.json in two scenarios:
+
+### 1. Before Generation
+
+Every time the action generates or updates code.json (via schedule or workflow_dispatch), it validates the output before creating a PR or pushing. If validation fails, no changes are made.
+
+### 2. On PR Edits
+
+When the `pull_request` trigger is configured, the action validates code.json whenever it's edited in a PR. This ensures users cannot accidentally merge invalid JSON.
+
 ### Workflow and Branching
 
 We follow the [GitHub Flow Workflow](https://guides.github.com/introduction/flow/):
 
@@ -6,53 +6,58 @@ A GitHub Action that automatically generates and maintains code.json files for f
 
 This project provides a GitHub Action that helps federal agencies maintain their code.json files, which are required for compliance with the Federal Source Code Policy. The action automatically calculates and updates various metadata fields including labor hours, programming languages used, repository information, and timestamps. It can either create pull requests or push directly to branches (with appropriate permissions), making it easier to keep code.json files accurate and up-to-date.
 
-## Inputs
+## How It Works
 
-```yaml
-GITHUB_TOKEN:
-  description: "GitHub token used for API access and PR creation"
-  required: true
-  default: ${{ github.token }}
-
-BRANCH:
-  description: "Name of the branch to update"
-  required: false
+**Automatic Generation**
 
-SKIP_PR:
-  description: "Try to push directly to branch first, fallback to PR if it fails. Requires ADMIN_TOKEN."
-  required: false
-  default: "false"
+- The action calculates metadata and creates a PR or pushes directly
+- Users can then fill in manual fields by editing the PR
 
-ADMIN_TOKEN:
-  description: "Personal Access Token with admin/write privileges for direct push. Required when SKIP_PR is true."
-  required: false
-```
+**PR Validation**
 
-## Outputs
+- When users edit code.json in a PR, validation runs automatically on every commit
+- The PR cannot be merged if validation fails (when branch protection is enabled)
+- Error messages help users fix issues quickly
+- Validation ensures only valid code.json reaches your main branch
 
-```yaml
-updated:
-  description: "Boolean indicating whether code.json was updated"
-pr_url:
-  description: "URL of the created pull request if changes were made via PR"
-commit_sha:
-  description: "SHA of the commit if pushed directly to branch"
-method_used:
-  description: "Method used for the update: 'direct_push' or 'pull_request'"
-```
+**Important:** For direct push mode, users should always create PRs when manually editing code.json to ensure validation runs. Direct edits to the main branch will not be validated by this action.
 
 ## Workflow Examples
 
 ### Option 1: Direct Push
 
-This approach tries to push directly to the branch using a Personal Access Token, but falls back to creating a pull request if the direct push fails.
+This approach tries to push directly to the branch using a Personal Access Token, but falls back to creating a pull request if the direct push fails. When users need to edit code.json, they should create a PR which will automatically validate their changes. Refer to this [section](https://github.com/DSACMS/automated-codejson-generator?tab=readme-ov-file#setting-up-personal-access-token-pat) for a guide to create the necessary Personal Access Token.
+
+#### Direct Push Mode Limitations
+
+**Important:** Direct push mode (`SKIP_PR: "true"`) will fall back to creating a pull request if:
+- Branch protection rules are enabled on the target branch
+- The PAT doesn't have sufficient permissions
+- Any other push restriction exists
+
+This is expected behavior. If you need all updates to go through pull requests, use `SKIP_PR: "false"`.
+
+##### When Direct Push Works
+- No branch protection on target branch
+- PAT has write access
+- No other repository restrictions
+
+##### When It Falls Back to PR
+- Any branch protection enabled 
+- Any push restrictions
+
+**Recommendation:** For repositories with branch protection, use `SKIP_PR: "false"` to always create pull requests.
 
 ```yaml
 name: Update Code.json
 on:
   schedule:
     - cron: 0 0 1 * * # First day of every month
   workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - "code.json"
 
 permissions:
   contents: write
@@ -73,7 +78,7 @@ jobs:
         uses: DSACMS/automated-codejson-generator@v1.2.0
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ADMIN_TOKEN: ${{ secrets.ADMIN_PAT }}  # PAT with admin/push permissions
+          ADMIN_TOKEN: ${{ secrets.ADMIN_PAT }} # PAT with admin/push permissions
           BRANCH: "main"
           SKIP_PR: "true"
 
@@ -89,14 +94,18 @@ jobs:
 
 ### Option 2: Pull Request Only
 
-This approach always creates a pull request, ensuring code review for all changes.
+This approach always creates a pull request for both automatic generation and validation of manual edits, ensuring code review for all changes.
 
 ```yaml
 name: Update Code.json
 on:
   schedule:
     - cron: 0 0 1 * * # First day of every month
   workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - "code.json"
 
 permissions:
   contents: write
@@ -113,11 +122,49 @@ jobs:
           fetch-depth: 0
 
       - name: Update code.json
-        uses: DSACMS/automated-codejson-generator@latest
+        uses: DSACMS/automated-codejson-generator@v1.2.0
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           BRANCH: "main"
-          SKIP_PR: "false" 
+          SKIP_PR: "false"
+```
+
+### Inputs
+
+```yaml
+GITHUB_TOKEN:
+  description: "GitHub token used for API access and PR creation"
+  required: true
+  default: ${{ github.token }}
+
+BRANCH:
+  description: "Name of the branch to update"
+  required: false
+
+SKIP_PR:
+  description: "Try to push directly to branch first, fallback to PR if it fails. Requires ADMIN_TOKEN."
+  required: false
+  default: "false"
+
+ADMIN_TOKEN:
+  description: "Personal Access Token with admin/write privileges for direct push. Required when SKIP_PR is true."
+  required: false
+```
+
+### Outputs
+
+```yaml
+updated:
+  description: "Boolean indicating whether code.json was updated"
+
+pr_url:
+  description: "URL of the created pull request if changes were made via PR"
+
+commit_sha:
+  description: "SHA of the commit if pushed directly to branch"
+
+method_used:
+  description: "Method used for the update: 'direct_push' or 'pull_request'"
 ```
 
 ## Setting Up Personal Access Token (PAT)
@@ -128,10 +175,10 @@ To use the direct push functionality, you'll need to create a Personal Access To
 
 1. **Go to GitHub Settings**: Navigate to your GitHub account settings
 2. **Developer Settings**: Click on "Developer settings" in the left sidebar
-3. **Personal Access Tokens**: Choose "Tokens (classic)" or "Fine-grained tokens"
+3. **Personal Access Tokens**: Choose "Tokens (classic)"
 4. **Generate New Token**: Click "Generate new token"
 5. **Configure Token**:
-   - **Name**: Give it a descriptive name like "Code.json Generator"
+   - **Name**: Give it a name like "code.json Generator"
    - **Expiration**: Set appropriate expiration (recommend 90 days or 1 year)
    - **Scopes**: 
      - For classic tokens: Select `repo` (full repository access)
@@ -149,8 +196,7 @@ To use the direct push functionality, you'll need to create a Personal Access To
 5. **Save**: Click "Add secret"
 
 ⚠️ _Please make sure the following are enabled within your Repository Action Settings in order to work properly_ ⚠️
-<img width="789" height="361" alt="Screenshot 2025-08-05 at 1 44 36 PM" src="https://github.com/user-attachments/assets/3795dc0e-c4c4-4378-8eb2-b7b9d861c08a" />
-
+<img width="789" height="361" alt="Screenshot 2025-08-05 at 1 44 36 PM" src="https://github.com/user-attachments/assets/3795dc0e-c4c4-4378-8eb2-b7b9d861c08a" />
 
 ## Generation Context
 
@@ -174,7 +220,7 @@ The automated code.json generator calculates specific fields by analyzing your r
 
 **dateLastModified**: This uses your repository's last update timestamp, reflecting the most recent changes. No configuration needed.
 
-**dateMetaDataLastUpdated**: The generator sets this to the current timestamp each time it runs, providing a record of when the metadata was last refreshed. No configuration needed.
+**dateMetadataLastUpdated**: The generator sets this to the current timestamp each time it runs, providing a record of when the metadata was last refreshed. No configuration needed.
 
 **feedbackMechanism**: The repository's issues URL in the format of {repositoryURL}/issues. If you already have a code.json file with existing feedback mechanisms, the generator preserves those values. No configuration needed.
 
@@ -214,6 +260,7 @@ An up-to-date list of core team members can be found in [MAINTAINERS.md](MAINTAI
 .
 ├── src/
 │   ├── model.ts          # TypeScript interfaces for code.json schema
+│   ├── validation.ts     # Zod schema definitions and validation logic
 │   ├── main.ts           # Main action logic
 │   ├── helper.ts         # Helper functions for GitHub API interactions
 │   └── index.ts          # Action entrypoint
 
@@ -28,19 +28,10 @@
     "forks": 3,
     "clones": 0
   },
-  "platforms": [
-    "web",
-    "linux"
-  ],
-  "categories": [
-    "developer-tools",
-    "automation"
-  ],
+  "platforms": ["web", "linux"],
+  "categories": ["developer-tools", "automation"],
   "softwareType": "standalone/backend",
-  "languages": [
-    "TypeScript",
-    "JavaScript"
-  ],
+  "languages": ["TypeScript", "JavaScript"],
   "maintenance": "internal",
   "contractNumber": [],
   "SBOM": "https://github.com/DSACMS/automated-codejson-generator/network/dependencies",
@@ -50,11 +41,9 @@
   "date": {
     "created": "2025-02-07T16:29:38Z",
     "lastModified": "2025-10-02T14:32:07Z",
-    "metaDataLastUpdated": "2025-10-03T14:08:54.770Z"
+    "metadataLastUpdated": "2025-10-03T14:08:54.770Z"
   },
-  "tags": [
-    "cmsoss-tier2"
-  ],
+  "tags": ["cmsoss-tier2"],
   "contact": {
     "email": "opensource@cms.hhs.gov",
     "name": "CMS Open Source Team"
@@ -66,15 +55,9 @@
   "userInput": false,
   "fismaLevel": "Low",
   "group": "CMS/OA/DSAC",
-  "projects": [
-    "SHARE IT Act"
-  ],
+  "projects": ["SHARE IT Act"],
   "systems": [],
-  "subsetInHealthcare": [
-    "Operational"
-  ],
-  "userType": [
-    "Government"
-  ],
+  "subsetInHealthcare": ["Operational"],
+  "userType": ["Government"],
   "maturityModelTier": 3
-}
+}