npm - codex-plugin-doctor - Versions diffs - 1.9.0 → 1.10.0 - Mend

codex-plugin-doctor 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md +2 -2
package/dist/core/review-bundle.js +25 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -358,9 +358,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: Esquetta/CodexPluginDoctor@v1.9.0
+      - uses: Esquetta/CodexPluginDoctor@v1.10.0
         with:
-          version: "1.9.0"
+          version: "1.10.0"
           path: .
           runtime: "true"
           policy: codex-publish

package/dist/core/review-bundle.js CHANGED Viewed

@@ -377,7 +377,32 @@ export async function verifyDoctorReviewBundle(bundleDirectory, options) {
                 message: "The review bundle manifest uses SHA-256 integrity digests."
             });
         }
+        const expectedIntegrityFileKeys = Object.keys(files).filter((fileKey) => fileKey !== "manifest");
+        const integrityFileKeys = Object.keys(manifest.integrity.files);
+        for (const fileKey of expectedIntegrityFileKeys) {
+            if (!(fileKey in manifest.integrity.files)) {
+                integrityStatus = "fail";
+                checks.push({
+                    id: `review_bundle.integrity.${fileKey}`,
+                    status: "fail",
+                    message: `${files[fileKey]} is missing a manifest integrity entry.`
+                });
+            }
+        }
+        for (const fileKey of integrityFileKeys) {
+            if (!expectedIntegrityFileKeys.includes(fileKey)) {
+                integrityStatus = "fail";
+                checks.push({
+                    id: `review_bundle.integrity.${fileKey}`,
+                    status: "fail",
+                    message: "The review bundle manifest includes an unexpected integrity entry."
+                });
+            }
+        }
         for (const [fileKey, expected] of Object.entries(manifest.integrity.files)) {
+            if (!expectedIntegrityFileKeys.includes(fileKey)) {
+                continue;
+            }
             try {
                 const content = await readFile(path.join(resolvedBundleDirectory, expected.path));
                 const digest = sha256(content);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codex-plugin-doctor",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "description": "CLI-first validator for Codex plugins, skills, and MCP package surfaces with runtime MCP protocol validation.",
   "type": "module",
   "main": "./dist/index.js",