@karaoke-cms/assert-privacy 0.6.3 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +41 -0
  2. package/package.json +1 -1
package/README.md ADDED
@@ -0,0 +1,41 @@
1
+ # @karaoke-cms/assert-privacy
2
+
3
+ Post-build privacy gate for karaoke-cms. Scans the built `dist/` directory and fails if any unpublished vault content has leaked into the output.
4
+
5
+ ## Where it belongs
6
+
7
+ `packages/assert-privacy/` in the monorepo. Runs as a CI step after `astro build`:
8
+
9
+ ```yaml
10
+ # .github/workflows/deploy.yml
11
+ - run: pnpm build
12
+ - run: node scripts/assert-privacy.js dist
13
+ ```
14
+
15
+ It is also callable directly:
16
+
17
+ ```bash
18
+ node node_modules/.bin/assert-privacy dist/
19
+ ```
20
+
21
+ ## What it does
22
+
23
+ Walks every `.html` file in the build output and checks:
24
+
25
+ - No content from unpublished vault entries (those without `publish: true`) appears in any page
26
+ - The RSS feed at `dist/rss.xml` is well-formed XML
27
+ - No internal draft markers or handbook content leaked into production HTML
28
+
29
+ Exits with code 1 and a clear error message if a violation is found, blocking the deploy.
30
+
31
+ ## Status
32
+
33
+ **Stub** — the package entry point (`bin/assert-privacy`) is declared but the implementation has not yet been migrated from `apps/template/scripts/assert-privacy.js`. Until migration is complete, use the script directly from your project's `scripts/` directory.
34
+
35
+ The canonical implementation is at `apps/template/scripts/assert-privacy.js` in this monorepo and at `scripts/assert-privacy.js` in scaffolded projects.
36
+
37
+ ## How it changes the behavior of the system
38
+
39
+ - This is the last line of privacy defense before content reaches the CDN. The Astro content filter (`publish: true` in `makeCollections()`) prevents unpublished content from entering the build graph. This package verifies the output, catching edge cases like content injected via wikilinks or manually added pages.
40
+ - In CI, a failed assert blocks the Cloudflare Pages deploy entirely.
41
+ - Running it locally after `pnpm build` is the recommended way to verify privacy before pushing.
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@karaoke-cms/assert-privacy",
3
3
  "type": "module",
4
- "version": "0.6.3",
4
+ "version": "0.9.1",
5
5
  "description": "Post-build privacy gate for karaoke-cms",
6
6
  "bin": {
7
7
  "assert-privacy": "./src/assert-privacy.js"