mirror of
https://github.com/prompt-security/clawsec.git
synced 2026-06-23 10:21:21 +03:00
David Abutbul
80 lines
2.7 KiB
JavaScript
80 lines
2.7 KiB
JavaScript
import assert from "node:assert/strict";
|
|
import { mkdtemp, readFile, rm } from "node:fs/promises";
|
|
import { tmpdir } from "node:os";
|
|
import path from "node:path";
|
|
import { spawnSync } from "node:child_process";
|
|
|
|
const outputDir = await mkdtemp(path.join(tmpdir(), "clawsec-trust-packet-"));
|
|
|
|
function runTrustPacket(skillDir, targetDir, tag) {
|
|
return spawnSync(
|
|
process.execPath,
|
|
[
|
|
"scripts/ci/generate_skill_release_trust_packet.mjs",
|
|
skillDir,
|
|
targetDir,
|
|
"--repository",
|
|
"prompt-security/clawsec",
|
|
"--tag",
|
|
tag,
|
|
"--source-ref",
|
|
"main",
|
|
],
|
|
{ encoding: "utf8" },
|
|
);
|
|
}
|
|
|
|
try {
|
|
const result = runTrustPacket("skills/clawsec-suite", outputDir, "clawsec-suite-v0.1.11");
|
|
|
|
assert.equal(
|
|
result.status,
|
|
0,
|
|
`trust packet generator failed\nstdout:\n${result.stdout}\nstderr:\n${result.stderr}`,
|
|
);
|
|
|
|
const skillCard = await readFile(path.join(outputDir, "skill-card.md"), "utf8");
|
|
const permissions = JSON.parse(await readFile(path.join(outputDir, "permissions.json"), "utf8"));
|
|
const install = await readFile(path.join(outputDir, "install.md"), "utf8");
|
|
|
|
assert.match(skillCard, /^# Skill Card/m);
|
|
assert.match(skillCard, /## License\/Terms of Use/);
|
|
assert.match(skillCard, /AGPL-3\.0-or-later/);
|
|
assert.match(skillCard, /skillspector-report\.md/);
|
|
assert.match(skillCard, /clawsec-suite-v0\.1\.11/);
|
|
|
|
assert.equal(permissions.skill, "clawsec-suite");
|
|
assert.equal(permissions.version, "0.1.11");
|
|
assert.equal(permissions.platform, "openclaw");
|
|
assert.deepEqual(
|
|
permissions.required_binaries,
|
|
["node", "npx", "openclaw", "curl", "jq", "shasum", "openssl", "unzip"],
|
|
);
|
|
assert.match(permissions.network_egress, /signed advisory feed/);
|
|
assert.match(permissions.persistence, /OpenClaw advisory hook/);
|
|
assert.ok(Array.isArray(permissions.operator_review));
|
|
assert.ok(permissions.operator_review.length > 0);
|
|
|
|
assert.match(install, /npx skills add prompt-security\/clawsec --skill clawsec-suite --agent openclaw --global --yes/);
|
|
assert.match(install, /npx skills update clawsec-suite/);
|
|
|
|
const hermesOutputDir = path.join(outputDir, "hermes");
|
|
const hermesResult = runTrustPacket(
|
|
"skills/hermes-attestation-guardian",
|
|
hermesOutputDir,
|
|
"hermes-attestation-guardian-v0.1.5",
|
|
);
|
|
assert.equal(
|
|
hermesResult.status,
|
|
0,
|
|
`Hermes trust packet generator failed\nstdout:\n${hermesResult.stdout}\nstderr:\n${hermesResult.stderr}`,
|
|
);
|
|
const hermesInstall = await readFile(path.join(hermesOutputDir, "install.md"), "utf8");
|
|
assert.match(
|
|
hermesInstall,
|
|
/npx skills add prompt-security\/clawsec --skill hermes-attestation-guardian --agent hermes-agent --global --yes/,
|
|
);
|
|
} finally {
|
|
await rm(outputDir, { recursive: true, force: true });
|
|
}
|