codex-plugin-doctor 0.21.0 → 1.0.0-rc.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/dist/release/release-sync.d.ts +3 -0
- package/dist/release/release-sync.js +15 -8
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -194,8 +194,8 @@ codex-plugin-doctor doctor contract
|
|
|
194
194
|
codex-plugin-doctor doctor contract --json --output output-contract.json
|
|
195
195
|
codex-plugin-doctor doctor corpus
|
|
196
196
|
codex-plugin-doctor doctor corpus --json --output validation-corpus.json
|
|
197
|
-
codex-plugin-doctor doctor npm
|
|
198
|
-
codex-plugin-doctor doctor npm
|
|
197
|
+
codex-plugin-doctor doctor npm <published-plugin-package>
|
|
198
|
+
codex-plugin-doctor doctor npm <published-plugin-package> --json --output npm-preinstall.json
|
|
199
199
|
codex-plugin-doctor doctor attest .
|
|
200
200
|
codex-plugin-doctor doctor attest . --json --output attestation.json
|
|
201
201
|
codex-plugin-doctor doctor inspector .
|
|
@@ -276,7 +276,7 @@ codex-plugin-doctor check . --json --runtime --verbose-runtime
|
|
|
276
276
|
|
|
277
277
|
`self-test` runs the bundled runtime-complete sample through static validation, runtime MCP probes, and the compatibility scorecard. It is the fastest post-install check after `npm install -g codex-plugin-doctor`.
|
|
278
278
|
|
|
279
|
-
`doctor` checks the local environment, including package version, platform, Node version, npm global prefix, Codex home, and Codex plugin cache visibility. The text output also includes recommended next commands for self-test, installed plugin discovery, runtime checks, compatibility scoring, and CI setup. `doctor contract` publishes the machine-readable output contract, including public JSON schema surfaces, stable-through-1.0 compatibility metadata, and a frozen rule catalog digest. Add `--json` for automation or `--output output-contract.json` to write the contract to disk. `doctor corpus` runs the bundled validation corpus against healthy runtime, risky security, and starter skill packages, then reports whether each case matched its expected outcome. Add `--json` for automation or `--output validation-corpus.json` to write the corpus report to disk. `doctor npm <package>` runs a preinstall scan by packing the npm package with scripts disabled, extracting the publish tarball, and running validation, security, trust, and recommendation checks against the shipped contents. Add `--json` for automation or `--output npm-preinstall.json` to write the report to disk. `doctor attest <path>` creates a deterministic local attestation with a package fingerprint, report digest, validation/security/compatibility/trust summary, and unsigned verification metadata. Add `--json` for automation or `--output attestation.json` to write the artifact to disk. `doctor inspector <path>` builds a safe MCP Inspector launch command from a packaged `.mcp.json` file without starting the Inspector proxy automatically. Use `--server <name>` when the package contains multiple MCP server entries. `doctor diff --before <path> --after <path>` compares two package roots and reports new findings, resolved findings, trust score delta, and whether risk increased. `doctor recommend <path>` turns validation, security, and compatibility signals into a prioritized action plan with blocker, high, medium, and info actions. Add `--json` for automation or `--output recommendations.json` to write the report to disk. `doctor trust <path>` creates a local trust score from package lifecycle scripts, dependency specs, and MCP security findings. Use it before release when you want supply-chain risks summarized as one score. `doctor perf <path>` profiles the shared package analysis pipeline and reports per-stage durations for validation, config, security, compatibility, trust, recommendations, and total runtime. `doctor export --bundle <path>` creates a redacted operator handoff bundle that includes validation JSON, security scorecard data, compatibility matrix, recommendations, and trust score in one file. `doctor snapshot` creates a redacted diagnostics bundle with environment health, client config readiness, installed plugin metadata, and next commands. Add `--json` for machine-readable output or `--output doctor-snapshot.json` to write the bundle to disk. `doctor clients` reports local Codex, Claude Desktop, Cursor, Cline, and Windsurf config readiness. `doctor --update-check` compares the installed CLI version with the latest npm version and prints the upgrade command when a newer release is available.
|
|
279
|
+
`doctor` checks the local environment, including package version, platform, Node version, npm global prefix, Codex home, and Codex plugin cache visibility. The text output also includes recommended next commands for self-test, installed plugin discovery, runtime checks, compatibility scoring, and CI setup. `doctor contract` publishes the machine-readable output contract, including public JSON schema surfaces, stable-through-1.0 compatibility metadata, and a frozen rule catalog digest. Add `--json` for automation or `--output output-contract.json` to write the contract to disk. `doctor corpus` runs the bundled validation corpus against healthy runtime, risky security, and starter skill packages, then reports whether each case matched its expected outcome. Add `--json` for automation or `--output validation-corpus.json` to write the corpus report to disk. `doctor npm <package>` runs a preinstall scan by packing the npm package with scripts disabled, extracting the publish tarball, and running validation, security, trust, and recommendation checks against the shipped contents. Use a published Codex plugin package as the target; scanning `codex-plugin-doctor` itself intentionally reports a missing plugin manifest because this CLI package is not a plugin package. Add `--json` for automation or `--output npm-preinstall.json` to write the report to disk. `doctor attest <path>` creates a deterministic local attestation with a package fingerprint, report digest, validation/security/compatibility/trust summary, and unsigned verification metadata. Add `--json` for automation or `--output attestation.json` to write the artifact to disk. `doctor inspector <path>` builds a safe MCP Inspector launch command from a packaged `.mcp.json` file without starting the Inspector proxy automatically. Use `--server <name>` when the package contains multiple MCP server entries. `doctor diff --before <path> --after <path>` compares two package roots and reports new findings, resolved findings, trust score delta, and whether risk increased. `doctor recommend <path>` turns validation, security, and compatibility signals into a prioritized action plan with blocker, high, medium, and info actions. Add `--json` for automation or `--output recommendations.json` to write the report to disk. `doctor trust <path>` creates a local trust score from package lifecycle scripts, dependency specs, and MCP security findings. Use it before release when you want supply-chain risks summarized as one score. `doctor perf <path>` profiles the shared package analysis pipeline and reports per-stage durations for validation, config, security, compatibility, trust, recommendations, and total runtime. `doctor export --bundle <path>` creates a redacted operator handoff bundle that includes validation JSON, security scorecard data, compatibility matrix, recommendations, and trust score in one file. `doctor snapshot` creates a redacted diagnostics bundle with environment health, client config readiness, installed plugin metadata, and next commands. Add `--json` for machine-readable output or `--output doctor-snapshot.json` to write the bundle to disk. `doctor clients` reports local Codex, Claude Desktop, Cursor, Cline, and Windsurf config readiness. `doctor --update-check` compares the installed CLI version with the latest npm version and prints the upgrade command when a newer release is available.
|
|
280
280
|
|
|
281
281
|
`audit --installed` runs a local ecosystem audit against every discovered Codex plugin in the installed plugin cache. Add `--security` to include security scorecards, `--compat` to include the all-client compatibility matrix, and `--json --output local-audit.json` when you want a shareable machine-readable report. Add `--cache` to reuse unchanged plugin results between runs; add `--changed` to only report plugins whose fingerprint changed since the last cached audit. Use `--cache-file path/to/audit-cache.json` when CI or scripted runs need an explicit cache location.
|
|
282
282
|
|
|
@@ -342,9 +342,9 @@ jobs:
|
|
|
342
342
|
runs-on: ubuntu-latest
|
|
343
343
|
steps:
|
|
344
344
|
- uses: actions/checkout@v4
|
|
345
|
-
- uses: Esquetta/CodexPluginDoctor@
|
|
345
|
+
- uses: Esquetta/CodexPluginDoctor@v1.0.0-rc.2
|
|
346
346
|
with:
|
|
347
|
-
version: "0.
|
|
347
|
+
version: "1.0.0-rc.2"
|
|
348
348
|
path: .
|
|
349
349
|
runtime: "true"
|
|
350
350
|
policy: codex-publish
|
|
@@ -6,9 +6,12 @@ export interface GitHubReleaseSyncState {
|
|
|
6
6
|
export interface ReleaseSyncEvaluationInput {
|
|
7
7
|
version: string;
|
|
8
8
|
npmVersion: string;
|
|
9
|
+
npmDistTag?: string;
|
|
9
10
|
remoteTagOutput: string;
|
|
10
11
|
githubRelease: GitHubReleaseSyncState | null;
|
|
11
12
|
latestReleaseTag: string;
|
|
13
|
+
expectPrerelease?: boolean;
|
|
14
|
+
requireLatestRelease?: boolean;
|
|
12
15
|
}
|
|
13
16
|
export interface ReleaseSyncCheck {
|
|
14
17
|
id: string;
|
|
@@ -7,24 +7,31 @@ function buildCheck(id, status, message) {
|
|
|
7
7
|
}
|
|
8
8
|
export function evaluateReleaseSync(input) {
|
|
9
9
|
const expectedTag = `v${input.version}`;
|
|
10
|
+
const npmDistTag = input.npmDistTag ?? "latest";
|
|
11
|
+
const expectPrerelease = input.expectPrerelease ?? false;
|
|
12
|
+
const requireLatestRelease = input.requireLatestRelease ?? !expectPrerelease;
|
|
10
13
|
const checks = [];
|
|
11
14
|
checks.push(input.npmVersion === input.version
|
|
12
|
-
? buildCheck("npm.version", "pass", `npm
|
|
13
|
-
: buildCheck("npm.version", "fail", `npm
|
|
15
|
+
? buildCheck("npm.version", "pass", `npm ${npmDistTag} is ${input.version}.`)
|
|
16
|
+
: buildCheck("npm.version", "fail", `npm ${npmDistTag} is ${input.npmVersion || "missing"}, expected ${input.version}.`));
|
|
14
17
|
checks.push(input.remoteTagOutput.includes(`refs/tags/${expectedTag}`)
|
|
15
18
|
? buildCheck("git.remote_tag", "pass", `Remote tag ${expectedTag} exists.`)
|
|
16
19
|
: buildCheck("git.remote_tag", "fail", `Remote tag ${expectedTag} is missing.`));
|
|
17
20
|
const releaseMatches = input.githubRelease?.tagName === expectedTag &&
|
|
18
21
|
!input.githubRelease.isDraft &&
|
|
19
|
-
|
|
22
|
+
input.githubRelease.isPrerelease === expectPrerelease;
|
|
20
23
|
checks.push(releaseMatches
|
|
21
|
-
? buildCheck("github.release", "pass",
|
|
24
|
+
? buildCheck("github.release", "pass", expectPrerelease
|
|
25
|
+
? `GitHub prerelease ${expectedTag} is published.`
|
|
26
|
+
: `GitHub release ${expectedTag} is published.`)
|
|
22
27
|
: buildCheck("github.release", "fail", input.githubRelease
|
|
23
|
-
? `GitHub release state is tag=${input.githubRelease.tagName}, draft=${input.githubRelease.isDraft}, prerelease=${input.githubRelease.isPrerelease}; expected published ${expectedTag}.`
|
|
28
|
+
? `GitHub release state is tag=${input.githubRelease.tagName}, draft=${input.githubRelease.isDraft}, prerelease=${input.githubRelease.isPrerelease}; expected ${expectPrerelease ? "published prerelease" : "published release"} ${expectedTag}.`
|
|
24
29
|
: `GitHub release ${expectedTag} is missing.`));
|
|
25
|
-
checks.push(
|
|
26
|
-
? buildCheck("github.latest_release", "pass", `GitHub latest release
|
|
27
|
-
:
|
|
30
|
+
checks.push(!requireLatestRelease
|
|
31
|
+
? buildCheck("github.latest_release", "pass", `GitHub latest release does not need to be ${expectedTag} for this prerelease verification.`)
|
|
32
|
+
: input.latestReleaseTag === expectedTag
|
|
33
|
+
? buildCheck("github.latest_release", "pass", `GitHub latest release is ${expectedTag}.`)
|
|
34
|
+
: buildCheck("github.latest_release", "fail", `GitHub latest release is ${input.latestReleaseTag || "missing"}, expected ${expectedTag}.`));
|
|
28
35
|
return {
|
|
29
36
|
version: input.version,
|
|
30
37
|
status: checks.some((check) => check.status === "fail") ? "fail" : "pass",
|
package/package.json
CHANGED