diff --git a/scripts/create_audit_bundle.py b/scripts/create_audit_bundle.py index 0b79535..9d63bc7 100644 --- a/scripts/create_audit_bundle.py +++ b/scripts/create_audit_bundle.py @@ -145,10 +145,14 @@ def scan_bundle(root: Path) -> list[str]: and "forbidden attribution" not in text.lower() ): if rel.name.endswith(".md") and ( - "checklist" in str(rel) or "validate_public_mvp" in str(rel) + "checklist" in str(rel) + or "validate_public_mvp" in str(rel) + or "contributor-onboarding" in str(rel) ): continue issues.append(f"forbidden attribution marker: {rel}") + if rel.name == "create_audit_bundle.py": + continue for pattern in SECRET_PATTERNS: if pattern.search(text): issues.append(f"suspected secret in {rel}") diff --git a/scripts/live_e2e_validation.py b/scripts/live_e2e_validation.py index 3f03952..e79824f 100644 --- a/scripts/live_e2e_validation.py +++ b/scripts/live_e2e_validation.py @@ -332,7 +332,23 @@ def run_validation( if report_id: status, body, _ = request_json(opener, "GET", f"{api}/reports/{report_id}") report.add( - "report get", status == 200, redact(json.dumps(body)[:300]), status + "report get public pending", + status == 404, + redact(json.dumps(body)[:300]), + status, + ) + + status, body, _ = request_json( + opener, + "GET", + f"{api}/reports/{report_id}", + headers=auth_headers, + ) + report.add( + "report get reporter pending", + status == 200 and isinstance(body, dict) and body.get("status") == "pending", + redact(json.dumps(body)[:300]), + status, ) status, body, _ = request_json( @@ -343,7 +359,10 @@ def run_validation( headers=auth_headers, ) report.add( - "vote create", status == 201, redact(json.dumps(body)[:200]), status + "vote create pending report", + status == 422, + redact(json.dumps(body)[:200]), + status, ) status, body, _ = request_json(opener, "GET", f"{api}/moderation/reports") diff --git a/scripts/test_audit_bundle_packaging.py b/scripts/test_audit_bundle_packaging.py index 5586aa8..c4f6af4 100644 --- a/scripts/test_audit_bundle_packaging.py +++ b/scripts/test_audit_bundle_packaging.py @@ -4,6 +4,7 @@ from __future__ import annotations import os +import shutil import subprocess import sys import tarfile @@ -53,3 +54,25 @@ def test_tarball_excludes_appledouble_files() -> None: if __name__ == "__main__": test_tarball_excludes_appledouble_files() print("PASS") + + +def test_scan_bundle_allows_contributor_onboarding_policy_text() -> None: + """Policy docs that mention forbidden markers in guidance must not fail hygiene scans.""" + repo_root = Path(__file__).resolve().parents[1] + script = repo_root / "scripts" / "create_audit_bundle.py" + import importlib.util + + spec = importlib.util.spec_from_file_location("cab", script) + module = importlib.util.module_from_spec(spec) + assert spec.loader is not None + spec.loader.exec_module(module) + + with tempfile.TemporaryDirectory() as temp_dir: + bundle_root = Path(temp_dir) / "sample-bundle" + source_dir = bundle_root / "source" + source_dir.mkdir(parents=True) + onboarding = repo_root / "docs" / "contributor-onboarding.md" + shutil.copy2(onboarding, source_dir / "contributor-onboarding.md") + shutil.copy2(script, source_dir / "create_audit_bundle.py") + issues = module.scan_bundle(bundle_root) + assert issues == []