mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-04-01 22:53:27 +08:00
Merge branch 'fix/unicode-safety-eslint-regex' into fix/harness-audit-consumer-mode
This commit is contained in:
Affaan Mustafa
@@ -195,7 +195,7 @@ function writeCatalogFixture(testDir, options = {}) {
|
||||
fs.writeFileSync(path.join(testDir, 'commands', 'plan.md'), '---\ndescription: Plan\n---\n# Plan');
|
||||
fs.writeFileSync(path.join(testDir, 'skills', 'demo-skill', 'SKILL.md'), '---\nname: demo-skill\ndescription: Demo skill\norigin: ECC\n---\n# Demo Skill');
|
||||
|
||||
fs.writeFileSync(readmePath, `Access to ${readmeCounts.agents} agents, ${readmeCounts.skills} skills, and ${readmeCounts.commands} commands.\n| Feature | Claude Code | Cursor IDE | Codex CLI | OpenCode |\n|---------|------------|------------|-----------|----------|\n| Agents | ✅ ${readmeCounts.agents} agents | Shared | Shared | 1 |\n| Commands | ✅ ${readmeCounts.commands} commands | Shared | Shared | 1 |\n| Skills | ✅ ${readmeCounts.skills} skills | Shared | Shared | 1 |\n`);
|
||||
fs.writeFileSync(readmePath, `Access to ${readmeCounts.agents} agents, ${readmeCounts.skills} skills, and ${readmeCounts.commands} commands.\n| Feature | Claude Code | Cursor IDE | Codex CLI | OpenCode |\n|---------|------------|------------|-----------|----------|\n| Agents | PASS: ${readmeCounts.agents} agents | Shared | Shared | 1 |\n| Commands | PASS: ${readmeCounts.commands} commands | Shared | Shared | 1 |\n| Skills | PASS: ${readmeCounts.skills} skills | Shared | Shared | 1 |\n`);
|
||||
fs.writeFileSync(agentsPath, `This is a **production-ready AI coding plugin** providing ${summaryCounts.agents} specialized agents, ${summaryCounts.skills} skills, ${summaryCounts.commands} commands, and automated hook workflows for software development.\n\n\`\`\`\n${structureLines.join('\n')}\n\`\`\`\n`);
|
||||
|
||||
return { readmePath, agentsPath };
|
||||
|
||||
@@ -1965,7 +1965,26 @@ async function runTests() {
|
||||
passed++;
|
||||
else failed++;
|
||||
if (
|
||||
test('script references use CLAUDE_PLUGIN_ROOT variable or safe SessionStart inline resolver', () => {
|
||||
test('Stop and SessionEnd hooks use the safe inline resolver when plugin root may be unset', () => {
|
||||
const hooksPath = path.join(__dirname, '..', '..', 'hooks', 'hooks.json');
|
||||
const hooks = JSON.parse(fs.readFileSync(hooksPath, 'utf8'));
|
||||
const stopHooks = (hooks.hooks.Stop || []).flatMap(entry => entry.hooks || []);
|
||||
const sessionEndHooks = (hooks.hooks.SessionEnd || []).flatMap(entry => entry.hooks || []);
|
||||
|
||||
for (const hook of [...stopHooks, ...sessionEndHooks]) {
|
||||
assert.ok(hook.command.startsWith('node -e "'), 'Lifecycle hook should use inline node resolver');
|
||||
assert.ok(hook.command.includes('run-with-flags.js'), 'Lifecycle hook should resolve the runner script');
|
||||
assert.ok(hook.command.includes('CLAUDE_PLUGIN_ROOT'), 'Lifecycle hook should consult CLAUDE_PLUGIN_ROOT');
|
||||
assert.ok(hook.command.includes('plugins'), 'Lifecycle hook should probe known plugin roots');
|
||||
assert.ok(!hook.command.includes('find '), 'Lifecycle hook should not scan arbitrary plugin paths with find');
|
||||
assert.ok(!hook.command.includes('head -n 1'), 'Lifecycle hook should not pick the first matching plugin path');
|
||||
}
|
||||
})
|
||||
)
|
||||
passed++;
|
||||
else failed++;
|
||||
if (
|
||||
test('script references use CLAUDE_PLUGIN_ROOT variable or a safe inline resolver', () => {
|
||||
const hooksPath = path.join(__dirname, '..', '..', 'hooks', 'hooks.json');
|
||||
const hooks = JSON.parse(fs.readFileSync(hooksPath, 'utf8'));
|
||||
|
||||
@@ -1973,9 +1992,8 @@ async function runTests() {
|
||||
for (const entry of hookArray) {
|
||||
for (const hook of entry.hooks) {
|
||||
if (hook.type === 'command' && hook.command.includes('scripts/hooks/')) {
|
||||
// Check for the literal string "${CLAUDE_PLUGIN_ROOT}" in the command
|
||||
const isSessionStartInlineResolver = hook.command.startsWith('node -e') && hook.command.includes('session:start') && hook.command.includes('run-with-flags.js');
|
||||
const hasPluginRoot = hook.command.includes('${CLAUDE_PLUGIN_ROOT}') || isSessionStartInlineResolver;
|
||||
const usesInlineResolver = hook.command.startsWith('node -e') && hook.command.includes('run-with-flags.js');
|
||||
const hasPluginRoot = hook.command.includes('${CLAUDE_PLUGIN_ROOT}') || usesInlineResolver;
|
||||
assert.ok(hasPluginRoot, `Script paths should use CLAUDE_PLUGIN_ROOT: ${hook.command.substring(0, 80)}...`);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,6 +48,7 @@ function resetAliases() {
|
||||
}
|
||||
|
||||
function runTests() {
|
||||
const rocketEmoji = String.fromCodePoint(0x1F680);
|
||||
console.log('\n=== Testing session-aliases.js ===\n');
|
||||
|
||||
let passed = 0;
|
||||
@@ -1441,7 +1442,7 @@ function runTests() {
|
||||
'CJK characters should be rejected');
|
||||
|
||||
// Emoji
|
||||
const emojiResult = aliases.resolveAlias('rocket-🚀');
|
||||
const emojiResult = aliases.resolveAlias(`rocket-${rocketEmoji}`);
|
||||
assert.strictEqual(emojiResult, null,
|
||||
'Emoji should be rejected by the ASCII-only regex');
|
||||
|
||||
|
||||
@@ -27,6 +27,8 @@ function test(name, fn) {
|
||||
|
||||
// Test suite
|
||||
function runTests() {
|
||||
const rocketParty = String.fromCodePoint(0x1F680, 0x1F389);
|
||||
const partyEmoji = String.fromCodePoint(0x1F389);
|
||||
console.log('\n=== Testing utils.js ===\n');
|
||||
|
||||
let passed = 0;
|
||||
@@ -166,7 +168,7 @@ function runTests() {
|
||||
if (test('sanitizeSessionId returns stable hashes for non-ASCII values', () => {
|
||||
const chinese = utils.sanitizeSessionId('我的项目');
|
||||
const cyrillic = utils.sanitizeSessionId('проект');
|
||||
const emoji = utils.sanitizeSessionId('🚀🎉');
|
||||
const emoji = utils.sanitizeSessionId(rocketParty);
|
||||
assert.ok(/^[a-f0-9]{8}$/.test(chinese), `Expected 8-char hash, got: ${chinese}`);
|
||||
assert.ok(/^[a-f0-9]{8}$/.test(cyrillic), `Expected 8-char hash, got: ${cyrillic}`);
|
||||
assert.ok(/^[a-f0-9]{8}$/.test(emoji), `Expected 8-char hash, got: ${emoji}`);
|
||||
@@ -707,7 +709,7 @@ function runTests() {
|
||||
if (test('writeFile handles unicode content', () => {
|
||||
const testFile = path.join(utils.getTempDir(), `utils-test-${Date.now()}.txt`);
|
||||
try {
|
||||
const unicode = '日本語テスト 🚀 émojis';
|
||||
const unicode = `日本語テスト ${String.fromCodePoint(0x1F680)} émojis`;
|
||||
utils.writeFile(testFile, unicode);
|
||||
const content = utils.readFile(testFile);
|
||||
assert.strictEqual(content, unicode);
|
||||
@@ -1877,8 +1879,8 @@ function runTests() {
|
||||
const tmpDir = fs.mkdtempSync(path.join(utils.getTempDir(), 'r108-grep-unicode-'));
|
||||
const testFile = path.join(tmpDir, 'test.txt');
|
||||
try {
|
||||
fs.writeFileSync(testFile, '🎉 celebration\nnormal line\n🎉 party\n日本語テスト');
|
||||
const emojiResults = utils.grepFile(testFile, /🎉/);
|
||||
fs.writeFileSync(testFile, `${partyEmoji} celebration\nnormal line\n${partyEmoji} party\n日本語テスト`);
|
||||
const emojiResults = utils.grepFile(testFile, new RegExp(partyEmoji, 'u'));
|
||||
assert.strictEqual(emojiResults.length, 2,
|
||||
'Should find emoji on 2 lines (lines 1 and 3)');
|
||||
assert.strictEqual(emojiResults[0].lineNumber, 1);
|
||||
|
||||
@@ -216,6 +216,11 @@ test('.mcp.json includes at least github, context7, and exa servers', () => {
|
||||
assert.ok(servers.includes('exa'), 'Expected exa MCP server');
|
||||
});
|
||||
|
||||
test('.mcp.json declares exa as an http MCP server', () => {
|
||||
assert.strictEqual(mcpConfig.mcpServers.exa.type, 'http', 'Expected exa MCP server to declare type=http');
|
||||
assert.strictEqual(mcpConfig.mcpServers.exa.url, 'https://mcp.exa.ai/mcp', 'Expected exa MCP server URL to remain unchanged');
|
||||
});
|
||||
|
||||
// ── Codex marketplace file ────────────────────────────────────────────────────
|
||||
// Per official docs: repo marketplace lives at $REPO_ROOT/.agents/plugins/marketplace.json
|
||||
console.log('\n=== .agents/plugins/marketplace.json ===\n');
|
||||
|
||||
@@ -67,7 +67,7 @@ for (const testFile of testFiles) {
|
||||
const displayPath = testFile.split(path.sep).join('/');
|
||||
|
||||
if (!fs.existsSync(testPath)) {
|
||||
console.log(`⚠ Skipping ${displayPath} (file not found)`);
|
||||
console.log(`WARNING Skipping ${displayPath} (file not found)`);
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
114
tests/scripts/check-unicode-safety.test.js
Normal file
114
tests/scripts/check-unicode-safety.test.js
Normal file
@@ -0,0 +1,114 @@
|
||||
const assert = require('assert');
|
||||
const fs = require('fs');
|
||||
const os = require('os');
|
||||
const path = require('path');
|
||||
const { spawnSync } = require('child_process');
|
||||
|
||||
const scriptPath = path.join(__dirname, '..', '..', 'scripts', 'ci', 'check-unicode-safety.js');
|
||||
|
||||
function test(name, fn) {
|
||||
try {
|
||||
fn();
|
||||
console.log(`PASS: ${name}`);
|
||||
return true;
|
||||
} catch (error) {
|
||||
console.log(`FAIL: ${name}`);
|
||||
console.log(` ${error.message}`);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function runCheck(root, args = []) {
|
||||
return spawnSync('node', [scriptPath, ...args], {
|
||||
env: {
|
||||
...process.env,
|
||||
ECC_UNICODE_SCAN_ROOT: root,
|
||||
},
|
||||
encoding: 'utf8',
|
||||
});
|
||||
}
|
||||
|
||||
function makeTempRoot(prefix) {
|
||||
return fs.mkdtempSync(path.join(os.tmpdir(), prefix));
|
||||
}
|
||||
|
||||
const warningEmoji = String.fromCodePoint(0x26A0, 0xFE0F);
|
||||
const toolsEmoji = String.fromCodePoint(0x1F6E0, 0xFE0F);
|
||||
const zeroWidthSpace = String.fromCodePoint(0x200B);
|
||||
const rocketEmoji = String.fromCodePoint(0x1F680);
|
||||
|
||||
let passed = 0;
|
||||
let failed = 0;
|
||||
|
||||
if (
|
||||
test('fails on invisible unicode and emoji before cleanup', () => {
|
||||
const root = makeTempRoot('ecc-unicode-check-');
|
||||
fs.mkdirSync(path.join(root, 'docs'), { recursive: true });
|
||||
fs.mkdirSync(path.join(root, 'scripts'), { recursive: true });
|
||||
fs.writeFileSync(path.join(root, 'docs', 'guide.md'), `> ${warningEmoji} Important launch note\n`);
|
||||
fs.writeFileSync(path.join(root, 'scripts', 'sample.js'), `const x = "a${zeroWidthSpace}";\n`);
|
||||
|
||||
const result = runCheck(root);
|
||||
assert.notStrictEqual(result.status, 0, result.stdout + result.stderr);
|
||||
assert.match(result.stderr, /dangerous-invisible U\+200B/);
|
||||
assert.match(result.stderr, /emoji U\+26A0/);
|
||||
})
|
||||
)
|
||||
passed++;
|
||||
else failed++;
|
||||
|
||||
if (
|
||||
test('write mode removes emoji and invisible unicode', () => {
|
||||
const root = makeTempRoot('ecc-unicode-fix-');
|
||||
fs.mkdirSync(path.join(root, 'docs'), { recursive: true });
|
||||
fs.writeFileSync(path.join(root, 'docs', 'guide.md'), `> ${warningEmoji} Important launch note\n`);
|
||||
fs.writeFileSync(path.join(root, 'README.md'), `## ${toolsEmoji} Tools\n`);
|
||||
fs.writeFileSync(path.join(root, 'note.txt'), `one${zeroWidthSpace}two\n`);
|
||||
|
||||
const writeResult = runCheck(root, ['--write']);
|
||||
assert.strictEqual(writeResult.status, 0, writeResult.stdout + writeResult.stderr);
|
||||
|
||||
assert.strictEqual(fs.readFileSync(path.join(root, 'docs', 'guide.md'), 'utf8'), '> WARNING: Important launch note\n');
|
||||
assert.strictEqual(fs.readFileSync(path.join(root, 'README.md'), 'utf8'), '## Tools\n');
|
||||
assert.strictEqual(fs.readFileSync(path.join(root, 'note.txt'), 'utf8'), 'onetwo\n');
|
||||
|
||||
const cleanResult = runCheck(root);
|
||||
assert.strictEqual(cleanResult.status, 0, cleanResult.stdout + cleanResult.stderr);
|
||||
})
|
||||
)
|
||||
passed++;
|
||||
else failed++;
|
||||
|
||||
if (
|
||||
test('write mode does not rewrite executable files', () => {
|
||||
const root = makeTempRoot('ecc-unicode-code-');
|
||||
fs.mkdirSync(path.join(root, 'scripts'), { recursive: true });
|
||||
const scriptFile = path.join(root, 'scripts', 'sample.js');
|
||||
const original = `const label = "Launch ${rocketEmoji}";\n`;
|
||||
fs.writeFileSync(scriptFile, original);
|
||||
|
||||
const result = runCheck(root, ['--write']);
|
||||
assert.notStrictEqual(result.status, 0, result.stdout + result.stderr);
|
||||
assert.match(result.stderr, /scripts\/sample\.js:1:23 emoji U\+1F680/);
|
||||
assert.strictEqual(fs.readFileSync(scriptFile, 'utf8'), original);
|
||||
})
|
||||
)
|
||||
passed++;
|
||||
else failed++;
|
||||
|
||||
if (
|
||||
test('plain symbols like copyright remain allowed', () => {
|
||||
const root = makeTempRoot('ecc-unicode-symbols-');
|
||||
fs.mkdirSync(path.join(root, 'docs'), { recursive: true });
|
||||
fs.writeFileSync(path.join(root, 'docs', 'legal.md'), 'Copyright © ECC\nTrademark ® ECC\n');
|
||||
|
||||
const result = runCheck(root);
|
||||
assert.strictEqual(result.status, 0, result.stdout + result.stderr);
|
||||
})
|
||||
)
|
||||
passed++;
|
||||
else failed++;
|
||||
|
||||
console.log(`\nPassed: ${passed}`);
|
||||
console.log(`Failed: ${failed}`);
|
||||
process.exit(failed > 0 ? 1 : 0);
|
||||
@@ -116,8 +116,10 @@ if (
|
||||
fs.mkdirSync(codexDir, { recursive: true });
|
||||
fs.writeFileSync(configPath, config);
|
||||
|
||||
const syncResult = runBash(syncScript, [], { HOME: homeDir, CODEX_HOME: codexDir });
|
||||
assert.strictEqual(syncResult.status, 0, syncResult.stderr || syncResult.stdout);
|
||||
const syncResult = runBash(syncScript, ['--update-mcp'], { HOME: homeDir, CODEX_HOME: codexDir });
|
||||
assert.strictEqual(syncResult.status, 0, `${syncResult.stdout}\n${syncResult.stderr}`);
|
||||
const syncedConfig = fs.readFileSync(configPath, 'utf8');
|
||||
assert.match(syncedConfig, /^\[mcp_servers\.context7\]$/m);
|
||||
|
||||
const checkResult = runBash(checkScript, [], { HOME: homeDir, CODEX_HOME: codexDir });
|
||||
assert.strictEqual(checkResult.status, 0, checkResult.stderr || checkResult.stdout);
|
||||
|
||||
Reference in New Issue
Block a user