Validate and update links (STF-557)

.github/workflows/links.yml

@@ -0,0 +1,32 @@
+name: Links
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: "0 13 * * 1" # weekly, to catch external link rot without a commit
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  linkChecker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Setup mise
+        uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
+        with:
+          install: false
+
+      # Install only lychee (not the repo's full toolchain) and run the check.
+      - name: Check links
+        env:
+          MISE_AUTO_INSTALL: "false"
+        run: |
+          mise install lychee
+          mise run check-links

.gitignore

@@ -134,3 +134,6 @@ UpgradeLog*.XML
 # Hugo docs build output
 docs/.hugo_build.lock
 docs/public/
+
+# lychee link checker cache
+.lycheecache

CLAUDE.md

@@ -536,7 +536,7 @@ Requires `EnumMemberValueConverter<T>` in JSON options.
 ## Additional Resources
 
 - [API Documentation](https://maxmind.github.io/minfraud-api-dotnet/)
-- [minFraud Web Services Docs](https://dev.maxmind.com/minfraud?lang=en)
+- [minFraud Web Services Docs](https://dev.maxmind.com/minfraud/?lang=en)
 - [minFraud Response Docs](https://dev.maxmind.com/minfraud/api-documentation/responses/)
 - [GitHub Issues](https://github.com/maxmind/minfraud-api-dotnet/issues)
 - [Release Process](README.dev.md)

MaxMind.MinFraud.UnitTest/JsonElementComparer.cs

@@ -5,7 +5,7 @@
 
 namespace MaxMind.MinFraud.UnitTest
 {
-    // This is taken from https://stackoverflow.com/questions/60580743/what-is-equivalent-in-jtoken-deepequal-in-system-text-json
+    // This is taken from https://stackoverflow.com/questions/60580743/what-is-equivalent-in-jtoken-deepequals-in-system-text-json
     //
     // Per https://stackoverflow.com/help/licensing, it is licensed under CC BY-SA 4.0.
     //
@@ -54,7 +54,7 @@ public bool Equals(JsonElement x, JsonElement y)
                         // Surprisingly, JsonDocument fully supports duplicate property names.
                         // I.e. it's perfectly happy to parse {"Value":"a", "Value" : "b"} and will store both
                         // key/value pairs inside the document!
-                        // A close reading of https://tools.ietf.org/html/rfc8259#section-4 seems to indicate that
+                        // A close reading of https://datatracker.ietf.org/doc/html/rfc8259#section-4 seems to indicate that
                         // such objects are allowed but not recommended, and when they arise, interpretation of 
                         // identically-named properties is order-dependent.  
                         // So stably sorting by name then comparing values seems the way to go.
@@ -81,7 +81,7 @@ public bool Equals(JsonElement x, JsonElement y)
 
         public int GetHashCode(JsonElement obj)
         {
-            var hash = new HashCode(); // New in .Net core: https://docs.microsoft.com/en-us/dotnet/api/system.hashcode
+            var hash = new HashCode(); // New in .Net core: https://learn.microsoft.com/en-us/dotnet/api/system.hashcode?view=net-10.0
             ComputeHashCode(obj, ref hash, 0);
             return hash.ToHashCode();
         }

MaxMind.MinFraud/Exception/InvalidRequestException.cs

@@ -63,7 +63,7 @@ public InvalidRequestException(string message, string code, Uri? uri, System.Exc
         }
 
         /// <summary>
-        /// The <a href="https://dev.maxmind.com/minfraud/api-documentation/responses?lang=en#errors">
+        /// The <a href="https://dev.maxmind.com/minfraud/api-documentation/responses/?lang=en#errors">
         /// reason code</a> for why the web service rejected the request.
         /// </summary>
         public string? Code { get; init; }

MaxMind.MinFraud/Request/CustomInputs.cs

@@ -9,7 +9,7 @@ namespace MaxMind.MinFraud.Request
 {
     /// <summary>
     ///     Custom inputs to be used in
-    ///     <a href="https://www.maxmind.com/en/minfraud-interactive/#/custom-rules">Custom Rules</a>.
+    ///     <a href="https://www.maxmind.com/en/accounts/current/minfraud-interactive/custom-rules">Custom Rules</a>.
     ///     In order to use custom inputs, you must set them up from your account portal.
     /// </summary>
     public sealed class CustomInputs

MaxMind.MinFraud/Request/Transaction.cs

@@ -16,7 +16,7 @@ public Transaction() { }
 
         /// <summary>
         ///     Constructor. See
-        ///     <a href="https://dev.maxmind.com/minfraud/api-documentation/requests?lang=en">
+        ///     <a href="https://dev.maxmind.com/minfraud/api-documentation/requests/?lang=en">
         ///         the minFraud documentation
         ///     </a>
         ///     for a general overview of the request sent to the web

MaxMind.MinFraud/Response/Device.cs

@@ -8,7 +8,7 @@ namespace MaxMind.MinFraud.Response
     /// believes is associated with the IP address passed in the request.
     /// In order to receive device output from minFraud Insights or
     /// minFraud Factors, you must be using the
-    /// <see href="https://dev.maxmind.com/minfraud/track-devices?lang=en">Device
+    /// <see href="https://dev.maxmind.com/minfraud/track-devices/?lang=en">Device
     /// Tracking Add-on</see>.
     /// </summary>
     public sealed record Device

MaxMind.MinFraud/Response/Warning.cs

@@ -9,7 +9,7 @@ public sealed record Warning
     {
         /// <summary>
         /// This value is a machine-readable code identifying the
-        /// warning. See the <a href="https://dev.maxmind.com/minfraud/api-documentation/responses?lang=en#schema--response--warning">
+        /// warning. See the <a href="https://dev.maxmind.com/minfraud/api-documentation/responses/?lang=en#schema--response--warning">
         /// web service documentation</a> for the current list of warning
         ///  codes.
         ///</summary>

README.md

@@ -7,9 +7,9 @@
 ## Description
 
 This package provides an API for the
-[MaxMind minFraud web services](https://dev.maxmind.com/minfraud?lang=en). This
+[MaxMind minFraud web services](https://dev.maxmind.com/minfraud/?lang=en). This
 includes minFraud Score, Insights, and Factors. It also includes our
-[minFraud Report Transaction API](https://dev.maxmind.com/minfraud/report-a-transaction?lang=en).
+[minFraud Report Transaction API](https://dev.maxmind.com/minfraud/report-a-transaction/?lang=en).
 
 The legacy minFraud Standard and Premium services are not supported by this API.
 
@@ -115,7 +115,7 @@ See the API documentation for more details.
 ### ASP.NET Core Usage
 
 To use the web service API with HttpClient factory pattern as a
-[Typed client](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/http-requests?view=aspnetcore-3.1#typed-clients)
+[Typed client](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-requests?view=aspnetcore-3.1#typed-clients)
 you need to do the following:
 
 1. Add the following lines to `Startup.cs` `ConfigureServices` method:
@@ -373,7 +373,8 @@ Please report all issues with this code using the
 [GitHub issue tracker](https://github.com/maxmind/minfraud-api-dotnet/issues).
 
 If you are having an issue with the minFraud service that is not specific to the
-client API, please see [our support page](https://www.maxmind.com/en/support).
+client API, please see
+[our support page](https://support.maxmind.com/knowledge-base).
 
 ## Contributing
 

lychee.toml

@@ -0,0 +1,74 @@
+# Lychee link checker configuration
+# https://lychee.cli.rs/#/usage/config
+#
+# Run locally with:
+#   lychee './**/*.md' './**/*.cs' './MaxMind.MinFraud/MaxMind.MinFraud.csproj'
+
+# Include URL fragments in checks
+include_fragments = true
+
+# Don't allow any redirects, so links that have moved are surfaced and can be
+# updated to their canonical destination.
+max_redirects = 0
+
+# Accept these HTTP status codes
+# 100-103: Informational responses
+# 200-299: Success responses
+# 403: Forbidden (some sites use this for rate limiting)
+# 429: Too Many Requests
+# 500-599: Server errors (temporary issues shouldn't fail CI)
+# 999: LinkedIn's custom status code
+accept = ["100..=103", "200..=299", "403", "429", "500..=599", "999"]
+
+# Exclude URL patterns from checking (treated as regular expressions)
+exclude = [
+    # GitHub blob URLs with line-number fragments (not parseable as page anchors)
+    '^https://github\.com/[^/]+/[^/]+/blob/[0-9a-fA-F]+/.+#L\d+$',
+    # Live / auth-gated MaxMind endpoints: appear as code string literals or
+    # require login, so they can't be verified by an anonymous request.
+    '^https://geoip\.maxmind\.com',
+    '^https://geolite\.info',
+    '^https://minfraud\.maxmind\.com',
+    '^https://sandbox\.maxmind\.com',
+    '^https://updates\.maxmind\.com',
+    '^https://www\.maxmind\.com/en/accounts/',
+    '^https://www\.maxmind\.com/en/account/login',
+    # XML / build-tool namespace URIs (identifiers, not real links)
+    '^http://schemas\.',
+    '^https://schemas\.',
+    '^http://www\.w3\.org/',
+    # dev.maxmind.com docs are a single-page app: deep "#schema--" anchors are
+    # rendered client-side and not present in the server HTML, so lychee cannot
+    # verify the fragment even though the page (a clean 200) and anchor are valid.
+    '^https://dev\.maxmind\.com/minfraud/api-documentation/responses/.*#schema--',
+    # Placeholder / example hosts that only appear in unit-test fixtures and
+    # README sample code (not navigable links to verify).
+    '^https?://www\.maxmind\.com/$',
+    '^https?://test\.maxmind\.com',
+    '^https?://www\.mm\.com',
+    '^https?://(www\.)?amazon\.com',
+    # Local / placeholder URLs (e.g. proxy examples in docs)
+    '^file://',
+    '^https?://example\.(com|org|net)',
+    '^http://localhost',
+    '127\.0\.0\.1',
+]
+
+# Exclude file paths from getting checked (regular expressions, matched against
+# the path relative to the working directory). Patterns are segment-anchored
+# with (^|/) so short names like "bin" don't match unintended paths.
+exclude_path = [
+    '(^|/)bin/',
+    '(^|/)obj/',
+    '(^|/)\.worktrees/',
+    '(^|/)docs/public/',
+    # Changelog: historical entries are preserved as-is, not rewritten
+    '(^|/)releasenotes\.md$',
+]
+
+# Cache results for 1 day to speed up repeated checks
+cache = true
+max_cache_age = "1d"
+
+# Skip missing input files instead of erroring
+skip_missing = true

mise.toml

@@ -10,6 +10,7 @@ disable_backends = [
 dotnet = ["latest", "9", "8"]
 hugo = "latest"
 "github:houseabsolute/precious" = "latest"
+lychee = "latest"
 node = "latest"
 "npm:prettier" = "latest"
 
@@ -21,6 +22,10 @@ run = "hugo --source docs --minify"
 description = "Serve the docs site locally with Hugo dev server"
 run = "hugo server --source docs"
 
+[tasks.check-links]
+description = "Check links with lychee"
+run = "lychee --no-progress './**/*.md' './**/*.cs' './MaxMind.MinFraud/MaxMind.MinFraud.csproj'"
+
 [hooks]
 enter = "mise install --quiet --locked"