From b3881112c94444e9b2f57df81d00104002b0fa11 Mon Sep 17 00:00:00 2001 From: Champbreed Date: Fri, 20 Mar 2026 18:05:56 +0100 Subject: [PATCH] feat(infra): standardize ESM root and harden security audit pipeline (#363) * chore: implement ESM standardization and security attestation Aligning root infrastructure with Node.js v24.14.0 standards. - Set type: module in package.json to eliminate re-parsing overhead. - Migrated Jetski Loader tests to .cjs to maintain legacy security audit compatibility. - Verified path traversal and symlink protections with clean attestation. * chore(ci): update pr_preflight path to .cjs for ESM compatibility * feat(infra): surgical ESM modernization for Gemini suite Resolved Codex P1 by reverting global root ESM shift to preserve installer stability. - Implemented scoped 'type: module' in /docs/integrations/jetski-gemini-loader/ to eliminate re-parsing overhead. - Updated test runner (run-test-suite.js) and CI (ci.yml) to track .cjs transitions. - Verified zero-warning execution in Node v24.14.0. --- .github/workflows/ci.yml | 2 +- docs/integrations/jetski-gemini-loader/package.json | 1 + tools/scripts/{pr_preflight.js => pr_preflight.cjs} | 0 ...tski_gemini_loader.test.js => jetski_gemini_loader.test.cjs} | 1 + tools/scripts/tests/run-test-suite.js | 2 +- 5 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 docs/integrations/jetski-gemini-loader/package.json rename tools/scripts/{pr_preflight.js => pr_preflight.cjs} (100%) rename tools/scripts/tests/{jetski_gemini_loader.test.js => jetski_gemini_loader.test.cjs} (98%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a2ffc44f..bcd9af9c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,7 +37,7 @@ jobs: - name: Intake PR change id: intake run: | - node tools/scripts/pr_preflight.js \ + node tools/scripts/pr_preflight.cjs \ --base "origin/${{ github.base_ref }}" \ --head "HEAD" \ --event-path "$GITHUB_EVENT_PATH" \ diff --git a/docs/integrations/jetski-gemini-loader/package.json b/docs/integrations/jetski-gemini-loader/package.json new file mode 100644 index 00000000..6990891f --- /dev/null +++ b/docs/integrations/jetski-gemini-loader/package.json @@ -0,0 +1 @@ +{"type": "module"} diff --git a/tools/scripts/pr_preflight.js b/tools/scripts/pr_preflight.cjs similarity index 100% rename from tools/scripts/pr_preflight.js rename to tools/scripts/pr_preflight.cjs diff --git a/tools/scripts/tests/jetski_gemini_loader.test.js b/tools/scripts/tests/jetski_gemini_loader.test.cjs similarity index 98% rename from tools/scripts/tests/jetski_gemini_loader.test.js rename to tools/scripts/tests/jetski_gemini_loader.test.cjs index f4f85bd7..3c63efb4 100644 --- a/tools/scripts/tests/jetski_gemini_loader.test.js +++ b/tools/scripts/tests/jetski_gemini_loader.test.cjs @@ -123,6 +123,7 @@ async function main() { ]), /symlink|outside the skills root|regular file/i, ); + console.log("✅ All Jetski Loader Security Checks Passed!"); } finally { fs.rmSync(fixtureRoot, { recursive: true, force: true }); } diff --git a/tools/scripts/tests/run-test-suite.js b/tools/scripts/tests/run-test-suite.js index 6809f8ad..21cf4ec8 100644 --- a/tools/scripts/tests/run-test-suite.js +++ b/tools/scripts/tests/run-test-suite.js @@ -11,7 +11,7 @@ const LOCAL_TEST_COMMANDS = [ [path.join(TOOL_TESTS, "activate_skills_batch_security.test.js")], [path.join(TOOL_TESTS, "build_catalog_bundles.test.js")], [path.join(TOOL_TESTS, "claude_plugin_marketplace.test.js")], - [path.join(TOOL_TESTS, "jetski_gemini_loader.test.js")], + [path.join(TOOL_TESTS, "jetski_gemini_loader.test.cjs")], [path.join(TOOL_TESTS, "npm_package_contents.test.js")], [path.join(TOOL_TESTS, "setup_web_sync.test.js")], [path.join(TOOL_TESTS, "skill_filter.test.js")],