codex-plugin-doctor 1.13.0 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +2 -2
  2. package/dist/core/review-bundle.js +115 -15
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -358,9 +358,9 @@ jobs:
358
358
  runs-on: ubuntu-latest
359
359
  steps:
360
360
  - uses: actions/checkout@v5
361
- - uses: Esquetta/CodexPluginDoctor@v1.13.0
361
+ - uses: Esquetta/CodexPluginDoctor@v1.14.0
362
362
  with:
363
- version: "1.13.0"
363
+ version: "1.14.0"
364
364
  path: .
365
365
  runtime: "true"
366
366
  policy: codex-publish
package/dist/core/review-bundle.js CHANGED
@@ -47,21 +47,120 @@ function isManifestIntegrity(value) {
47
47
  isPlainObject(value.files) &&
48
48
  Object.values(value.files).every(isIntegrityEntry);
49
49
  }
50
+ function valueType(value) {
51
+ return Array.isArray(value) ? "array" : value === null ? "null" : typeof value;
52
+ }
53
+ function describeExpectedType(pathName, expected, actual) {
54
+ return `${pathName} expected ${expected}, got ${valueType(actual)}.`;
55
+ }
56
+ function validateManifestFileMap(value) {
57
+ if (!isPlainObject(value)) {
58
+ return [describeExpectedType("files", "object", value)];
59
+ }
60
+ const expectedKeys = Object.keys(relativeBundleFiles());
61
+ const actualKeys = Object.keys(value);
62
+ const errors = [];
63
+ for (const key of expectedKeys) {
64
+ if (!(key in value)) {
65
+ errors.push(`files.${key} is missing.`);
66
+ }
67
+ else if (typeof value[key] !== "string") {
68
+ errors.push(describeExpectedType(`files.${key}`, "string", value[key]));
69
+ }
70
+ }
71
+ for (const key of actualKeys) {
72
+ if (!expectedKeys.includes(key)) {
73
+ errors.push(`files.${key} is unexpected.`);
74
+ }
75
+ }
76
+ return errors;
77
+ }
78
+ function validateManifestIntegrity(value) {
79
+ if (value === undefined) {
80
+ return [];
81
+ }
82
+ if (!isPlainObject(value)) {
83
+ return [describeExpectedType("integrity", "object", value)];
84
+ }
85
+ const errors = [];
86
+ if (value.algorithm !== "sha256") {
87
+ errors.push(`integrity.algorithm expected sha256, got ${String(value.algorithm)}.`);
88
+ }
89
+ if (!isPlainObject(value.files)) {
90
+ errors.push(describeExpectedType("integrity.files", "object", value.files));
91
+ return errors;
92
+ }
93
+ for (const [key, entry] of Object.entries(value.files)) {
94
+ if (!isPlainObject(entry)) {
95
+ errors.push(describeExpectedType(`integrity.files.${key}`, "object", entry));
96
+ continue;
97
+ }
98
+ if (typeof entry.path !== "string") {
99
+ errors.push(describeExpectedType(`integrity.files.${key}.path`, "string", entry.path));
100
+ }
101
+ if (typeof entry.digest !== "string" || !/^sha256:[a-f0-9]{64}$/.test(entry.digest)) {
102
+ errors.push(`integrity.files.${key}.digest expected sha256 digest, got ${valueType(entry.digest)}.`);
103
+ }
104
+ if (typeof entry.bytes !== "number" || !Number.isSafeInteger(entry.bytes) || entry.bytes < 0) {
105
+ errors.push(describeExpectedType(`integrity.files.${key}.bytes`, "non-negative safe integer", entry.bytes));
106
+ }
107
+ }
108
+ return errors;
109
+ }
110
+ function validateDoctorReviewBundleManifest(value) {
111
+ if (!isPlainObject(value)) {
112
+ return [describeExpectedType("manifest", "object", value)];
113
+ }
114
+ const errors = [];
115
+ if (value.schemaVersion !== "1.0.0") {
116
+ errors.push(`schemaVersion expected 1.0.0, got ${String(value.schemaVersion)}.`);
117
+ }
118
+ if (value.kind !== "doctor.review.bundle") {
119
+ errors.push(`kind expected doctor.review.bundle, got ${String(value.kind)}.`);
120
+ }
121
+ if (typeof value.generatedAt !== "string") {
122
+ errors.push(describeExpectedType("generatedAt", "string", value.generatedAt));
123
+ }
124
+ if (typeof value.version !== "string") {
125
+ errors.push(describeExpectedType("version", "string", value.version));
126
+ }
127
+ if (typeof value.targetPath !== "string") {
128
+ errors.push(describeExpectedType("targetPath", "string", value.targetPath));
129
+ }
130
+ if (typeof value.outputDirectory !== "string") {
131
+ errors.push(describeExpectedType("outputDirectory", "string", value.outputDirectory));
132
+ }
133
+ if (!isStatus(value.status)) {
134
+ errors.push(`status expected pass, warn, or fail, got ${String(value.status)}.`);
135
+ }
136
+ if (value.exitCode !== 0 && value.exitCode !== 1) {
137
+ errors.push(`exitCode expected 0 or 1, got ${String(value.exitCode)}.`);
138
+ }
139
+ if (!isPlainObject(value.summary)) {
140
+ errors.push(describeExpectedType("summary", "object", value.summary));
141
+ }
142
+ else {
143
+ if (!isRuntimePolicyDecision(value.summary.runtimePolicy)) {
144
+ errors.push(`summary.runtimePolicy expected allow, review, sandbox_recommended, or deny, got ${String(value.summary.runtimePolicy)}.`);
145
+ }
146
+ if (typeof value.summary.releaseReady !== "boolean") {
147
+ errors.push(describeExpectedType("summary.releaseReady", "boolean", value.summary.releaseReady));
148
+ }
149
+ if (!isStatus(value.summary.attestation)) {
150
+ errors.push(`summary.attestation expected pass, warn, or fail, got ${String(value.summary.attestation)}.`);
151
+ }
152
+ if (value.summary.releaseEvidence !== "pass" && value.summary.releaseEvidence !== "fail") {
153
+ errors.push(`summary.releaseEvidence expected pass or fail, got ${String(value.summary.releaseEvidence)}.`);
154
+ }
155
+ }
156
+ errors.push(...validateManifestFileMap(value.files));
157
+ errors.push(...validateManifestIntegrity(value.integrity));
158
+ return errors;
159
+ }
50
160
  function isDoctorReviewBundleManifest(value) {
51
- return isPlainObject(value) &&
52
- value.schemaVersion === "1.0.0" &&
53
- value.kind === "doctor.review.bundle" &&
54
- typeof value.generatedAt === "string" &&
55
- typeof value.version === "string" &&
56
- typeof value.targetPath === "string" &&
57
- typeof value.outputDirectory === "string" &&
58
- isStatus(value.status) &&
59
- (value.exitCode === 0 || value.exitCode === 1) &&
161
+ return validateDoctorReviewBundleManifest(value).length === 0 &&
162
+ isPlainObject(value) &&
60
163
  isPlainObject(value.summary) &&
61
- isRuntimePolicyDecision(value.summary.runtimePolicy) &&
62
- typeof value.summary.releaseReady === "boolean" &&
63
- isStatus(value.summary.attestation) &&
64
- (value.summary.releaseEvidence === "pass" || value.summary.releaseEvidence === "fail") &&
65
164
  isBundleFileMap(value.files) &&
66
165
  (value.integrity === undefined || isManifestIntegrity(value.integrity));
67
166
  }
@@ -383,7 +482,8 @@ export async function verifyDoctorReviewBundle(bundleDirectory, options) {
383
482
  let integrityStatus = "pass";
384
483
  try {
385
484
  const manifestArtifact = await readBundleJsonFile(resolvedBundleDirectory, "manifest.json");
386
- if (isDoctorReviewBundleManifest(manifestArtifact)) {
485
+ const manifestErrors = validateDoctorReviewBundleManifest(manifestArtifact);
486
+ if (manifestErrors.length === 0 && isDoctorReviewBundleManifest(manifestArtifact)) {
387
487
  manifest = manifestArtifact;
388
488
  checks.push({
389
489
  id: "review_bundle.manifest.valid",
@@ -395,7 +495,7 @@ export async function verifyDoctorReviewBundle(bundleDirectory, options) {
395
495
  checks.push({
396
496
  id: "review_bundle.manifest.valid",
397
497
  status: "fail",
398
- message: "The review bundle manifest is missing or invalid."
498
+ message: `The review bundle manifest is invalid: ${manifestErrors.slice(0, 3).join(" ")}`
399
499
  });
400
500
  }
401
501
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "codex-plugin-doctor",
3
- "version": "1.13.0",
3
+ "version": "1.14.0",
4
4
  "description": "CLI-first validator for Codex plugins, skills, and MCP package surfaces with runtime MCP protocol validation.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",