caac5c7f36
Release-cycle test audit: the strip boundary was tested only via a stand-in helper re-implemented in the spec, so a deleted/misplaced guard kept CI green (the missing create() guard was proof). Replace it with tests against real code: - persistence.extension.onStoreDocument: real ydoc from a rich doc (columns/ table/mention/htmlEmbed) -> non-admin strip removes only htmlEmbed, every other node preserved (data-loss guard); admin keeps; empty fragment no-throw. - collaboration.handler.updatePageContent: real path, user?.role gate, decoded ydoc embed-free for non-admin, kept for admin. - transclusion unsync: member stripped, admin preserved. - editor-ext gains a vitest setup (was zero tests) + a markdown round-trip: the <!--html-embed:BASE64--> marker -> htmlEmbed node with decoded source, and hasHtmlEmbedNode matches it — pinning the marked/turndown shape the import strip relies on. tsconfig now excludes specs from the shipped dist. - Fail-closed identity: source-pinned contracts that the gate keys on fileTask.creatorId (zip) / request userId (single) / callerRole (create) / authUser.role (duplicate), and missing-user -> strip (services can't load under jest's ESM graph; helpers replay the exact predicate). Adds the verified-safe ^src/ jest moduleNameMapper (identical fail set). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
18 lines
354 B
JSON
18 lines
354 B
JSON
{
|
|
"name": "@docmost/editor-ext",
|
|
"homepage": "https://docmost.com",
|
|
"private": true,
|
|
"scripts": {
|
|
"build": "tsc --build",
|
|
"dev": "tsc --watch",
|
|
"test": "vitest run",
|
|
"test:watch": "vitest"
|
|
},
|
|
"main": "dist/index.js",
|
|
"module": "./src/index.ts",
|
|
"types": "dist/index.d.ts",
|
|
"dependencies": {
|
|
"marked": "17.0.5"
|
|
}
|
|
}
|