From c2994ba24f4e4a7a0ebc92aa2c492feaad28588e Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Sun, 5 Apr 2026 20:09:02 -0700 Subject: [PATCH] test: guard opencode package payload --- WORKING-CONTEXT.md | 1 + tests/scripts/build-opencode.test.js | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/WORKING-CONTEXT.md b/WORKING-CONTEXT.md index 148a90b1..2f6aa614 100644 --- a/WORKING-CONTEXT.md +++ b/WORKING-CONTEXT.md @@ -91,6 +91,7 @@ Keep this file detailed for only the current sprint, blockers, and next actions. ## Latest Execution Notes - 2026-04-05: Continued `#1213` overlap cleanup by narrowing `coding-standards` into the baseline cross-project conventions layer instead of deleting it. The skill now explicitly points detailed React/UI guidance to `frontend-patterns`, backend/API structure to `backend-patterns` / `api-design`, and keeps only reusable naming, readability, immutability, and code-quality expectations. +- 2026-04-05: Added a packaging regression guard for the OpenCode release path after `#1287` showed the published `v1.10.0` artifact was still stale. `tests/scripts/build-opencode.test.js` now asserts the `npm pack --dry-run` tarball includes `.opencode/dist/index.js` plus compiled plugin/tool entrypoints, so future releases cannot silently omit the built OpenCode payload. - 2026-04-05: Fixed the `main` npm CI break after the latest direct ports. `package-lock.json` had drifted behind `package.json` on the `globals` devDependency (`^17.1.0` vs `^17.4.0`), which caused all npm-based GitHub Actions jobs to fail at `npm ci`. Refreshed the lockfile only, verified `npm ci --ignore-scripts`, and kept the mixed-lock workspace otherwise untouched. - 2026-04-05: Direct-ported the useful discoverability part of `#1221` without duplicating a second healthcare compliance system. Added `skills/hipaa-compliance/SKILL.md` as a thin HIPAA-specific entrypoint that points into the canonical `healthcare-phi-compliance` / `healthcare-reviewer` lane, and wired both healthcare privacy skills into the `security` install module for selective installs. - 2026-04-05: Direct-ported the audited blockchain/web3 security lane from `#1222` into `main` as four self-contained skills: `defi-amm-security`, `evm-token-decimals`, `llm-trading-agent-security`, and `nodejs-keccak256`. These are now part of the `security` install module instead of living as an unmerged fork PR. diff --git a/tests/scripts/build-opencode.test.js b/tests/scripts/build-opencode.test.js index 760c41d8..56b30f43 100644 --- a/tests/scripts/build-opencode.test.js +++ b/tests/scripts/build-opencode.test.js @@ -45,6 +45,29 @@ function main() { assert.strictEqual(result.status, 0, result.stderr) assert.ok(fs.existsSync(distEntry), ".opencode/dist/index.js should exist after build") }], + ["npm pack includes the compiled OpenCode dist payload", () => { + const result = spawnSync("npm", ["pack", "--dry-run", "--json"], { + cwd: repoRoot, + encoding: "utf8", + }) + assert.strictEqual(result.status, 0, result.stderr) + + const packOutput = JSON.parse(result.stdout) + const packagedPaths = new Set(packOutput[0]?.files?.map((file) => file.path) ?? []) + + assert.ok( + packagedPaths.has(".opencode/dist/index.js"), + "npm pack should include .opencode/dist/index.js" + ) + assert.ok( + packagedPaths.has(".opencode/dist/plugins/index.js"), + "npm pack should include compiled OpenCode plugin output" + ) + assert.ok( + packagedPaths.has(".opencode/dist/tools/index.js"), + "npm pack should include compiled OpenCode tool output" + ) + }], ] for (const [name, fn] of tests) {