Skip to content

test(scripts): guard miner package README against stale public-package wording#7043

Merged
loopover-orb[bot] merged 1 commit into
JSONbored:mainfrom
jaytbarimbao-collab:fix-miner-package-stale-readme-guard-7013
Jul 17, 2026
Merged

test(scripts): guard miner package README against stale public-package wording#7043
loopover-orb[bot] merged 1 commit into
JSONbored:mainfrom
jaytbarimbao-collab:fix-miner-package-stale-readme-guard-7013

Conversation

@jaytbarimbao-collab

Copy link
Copy Markdown
Contributor

Closes #7013

The publish-time `check-miner-package` check validated the miner package's file list and scanned for secret-like content, but — unlike its sibling `check-mcp-package` — never guarded `README.md` against stale pre-release wording (`private beta`, a preview `zeronode.workers.dev` URL, `preview URL`). That let placeholder marketing copy ship in the public `@loopover/miner` README unnoticed.

Change

  • Mirror the mcp-package guard: reject a `README.md` whose content matches `STALE_PACKAGE_TEXT` in `validateMinerPackFileList`.
  • Add a regression test injecting stale README content through the existing `CHECK_MINER_PACK_TEST_CONTENT` hook.

Verification

  • `npx vitest run test/unit/check-miner-package.test.ts` → 14 passed (incl. the real-workspace pass-through and the new stale-README case).
  • The live miner README is already clean, so `node scripts/check-miner-package.mjs` still exits 0.

scripts/test-only; no `src/**` touched.

…e wording

The publish-time check-miner-package check validated the miner package's file
list and scanned for secret-like content, but — unlike its sibling
check-mcp-package — never guarded README.md against stale pre-release wording
("private beta", a preview zeronode.workers.dev URL, "preview URL"). That let
placeholder marketing copy ship in the public @loopover/miner README unnoticed.

Mirror the mcp-package guard: reject a README containing STALE_PACKAGE_TEXT, and
add a regression test injecting stale README content via the existing
CHECK_MINER_PACK_TEST_CONTENT hook. The real miner README is already clean, so
the guard passes on the live workspace.

Closes JSONbored#7013
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

1 similar comment
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.74%. Comparing base (15715dc) to head (a9b63f5).
⚠️ Report is 27 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #7043   +/-   ##
=======================================
  Coverage   93.74%   93.74%           
=======================================
  Files         691      691           
  Lines       68658    68658           
  Branches    18760    18760           
=======================================
  Hits        64361    64361           
  Misses       3302     3302           
  Partials      995      995           
Flag Coverage Δ
shard-1 43.86% <ø> (ø)
shard-2 36.89% <ø> (ø)
shard-3 33.06% <ø> (ø)
shard-4 33.95% <ø> (ø)
shard-5 32.26% <ø> (ø)
shard-6 45.80% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

@loopover-orb loopover-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 17, 2026
@loopover-orb

loopover-orb Bot commented Jul 17, 2026

Copy link
Copy Markdown

Tip

✅ LoopOver review result - approve/merge recommended

Review updated: 2026-07-17 19:36:48 UTC

2 files · 1 AI reviewer · no blockers · readiness 98/100 · CI green · clean

✅ Suggested Action - Approve/Merge

  • safe to merge

Review summary
This diff mirrors check-mcp-package.mjs's existing README stale-wording guard onto check-miner-package.mjs, adding a small regex check plus a regression test that injects the same content via the existing CHECK_MINER_PACK_TEST_CONTENT hook. The change is straightforward, correctly scoped to README.md only (mirrors the sibling's file==="README.md" gate), and the new test asserts both the exit status and the specific error message, closing #7013. It's a narrow, well-targeted parity fix with no src/** changes and matches the pattern already validated in check-mcp-package.test.ts.

Nits — 3 non-blocking
  • Unlike check-mcp-package.test.ts, this PR doesn't add a test proving the stale-wording check is scoped to README.md only (i.e., the same phrase in another allowlisted file like DEPLOYMENT.md still passes) — worth mirroring that sibling test for symmetry.
  • The long inline comment on STALE_PACKAGE_TEXT (scripts/check-miner-package.mjs) duplicates most of the PR description; a shorter one-liner referencing check-miner-package.mjs missing the stale pre-GA-wording README guard its check-mcp-package.mjs sibling has #7013 and the mcp-package sibling would suffice.
  • Add a 'scopes stale-wording check to README.md only' test in test/unit/check-miner-package.test.ts, matching the pattern already present in check-mcp-package.test.ts.

Decision drivers

  • ✅ Code review — No blockers (1 reviewer)
  • ✅ Gate result — Passing (No configured blocker found.)
Context & advisory signals — never blocks the verdict
Signal Result Evidence
Linked issue ✅ Linked #7013
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 183 registered-repo PR(s), 93 merged, 14 issue(s).
Contributor context ✅ Confirmed Gittensor contributor jaytbarimbao-collab; Gittensor profile; 183 PR(s), 14 issue(s).
Improvement ✅ Minor risk: clean · value: minor · LLM: minor
Linked issue satisfaction

Addressed
The diff mirrors check-mcp-package.mjs's STALE_PACKAGE_TEXT guard into validateMinerPackFileList, checking README.md content and throwing on match, wired into the same fail path as the existing forbidden-content check.

Review context
  • Author: jaytbarimbao-collab
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: Rust
  • Official Gittensor activity: 183 PR(s), 14 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Keep the PR focused and include validation evidence before maintainer review.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
🧪 Chat with LoopOver

Ask LoopOver a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @loopover ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @loopover chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @loopover mention with a real question is routed to the closest matching read-only command automatically — no exact syntax required.

Full command reference: https://loopover.ai/docs/loopover-commands

🧪 Experimental — new and may change.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by LoopOver, a quiet PR intelligence layer for OSS maintainers.

  • Re-run LoopOver review

@loopover-orb loopover-orb Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LoopOver approves — the gate is satisfied and CI is green.

@loopover-orb
loopover-orb Bot merged commit 28b6e9e into JSONbored:main Jul 17, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

check-miner-package.mjs missing the stale pre-GA-wording README guard its check-mcp-package.mjs sibling has

1 participant