openclaw/reporting-governance-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(reporting-governance): tighten packed tarball hygiene

Browse Source
This commit is contained in:
Eve
2026-05-08 15:53:07 +08:00
parent 8a91206e07
commit c3b9e12474
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/reporting-governance/package.json
View File

@@ -16,6 +16,16 @@
"bin": {
"reporting-governance-package-smoke": "./scripts/package-smoke.mjs"
},
"files": [
"README.md",
"capabilities/",
"examples/",
"profiles/",
"profiles-src/",
"schemas/",
"scripts/",
"src/"
],
"scripts": {
"test": "node --test test/package-structure.test.mjs test/policy-evaluator.test.mjs test/compatibility-preflight.test.mjs test/profile-artifact.test.mjs test/profile-generator.test.mjs test/decision-runner.test.mjs test/decision-store.test.mjs test/decision-store-runtime.integration.test.mjs test/governance-contract.integration.test.mjs test/watchdog-chain.integration.test.mjs test/runtime-integrated.integration.test.mjs test/exports-boundary.integration.test.mjs test/packed-consumer-install.smoke.test.mjs",
"smoke": "node ./scripts/package-smoke.mjs --compact"

24
plugins/reporting-governance/test/packed-consumer-install.smoke.test.mjs
View File

@@ -6,6 +6,12 @@ import path from 'node:path';
import { spawnSync } from 'node:child_process';
const packageRoot = path.resolve(import.meta.dirname, '..');
const unexpectedPackedPathMatchers = [
/\.tgz$/,
/^state\//,
/^docs\//,
/^node_modules\//,
];
function run(command, args, { cwd, env = {} } = {}) {
const result = spawnSync(command, args, {
@@ -31,6 +37,24 @@ function run(command, args, { cwd, env = {} } = {}) {
return result;
}
test('packed tarball excludes nested tarballs and obvious repo junk', () => {
const packResult = run('npm', ['pack', '--json', '--dry-run'], { cwd: packageRoot });
const packPayload = JSON.parse(packResult.stdout.trim());
const files = packPayload.at(-1)?.files?.map((entry) => entry.path) ?? [];
assert.ok(files.length > 0, 'npm pack --dry-run should report packed files');
for (const packedPath of files) {
for (const matcher of unexpectedPackedPathMatchers) {
assert.equal(
matcher.test(packedPath),
false,
`packed tarball should not include ${packedPath}`
);
}
}
});
test('packed tarball installs into clean consumer and works via public exports/bin only', () => {
const root = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-packed-consumer-'));