fix: address high + medium priority audit findings from #234 #401
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: MIT | |
| # Copyright (c) PromptKit Contributors | |
| name: Validate Prompt Library | |
| on: | |
| push: | |
| paths: | |
| - 'manifest.yaml' | |
| - 'personas/**' | |
| - 'protocols/**' | |
| - 'formats/**' | |
| - 'taxonomies/**' | |
| - 'templates/**' | |
| - 'tests/validate-manifest.py' | |
| - 'tests/validate-graph-integrity.py' | |
| - 'cli/**' | |
| pull_request: | |
| paths: | |
| - 'manifest.yaml' | |
| - 'personas/**' | |
| - 'protocols/**' | |
| - 'formats/**' | |
| - 'taxonomies/**' | |
| - 'templates/**' | |
| - 'tests/validate-manifest.py' | |
| - 'tests/validate-graph-integrity.py' | |
| - 'cli/**' | |
| permissions: | |
| contents: read | |
| jobs: | |
| validate-manifest: | |
| name: Check manifest ↔ template protocol sync | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Validate manifest protocols | |
| run: python tests/validate-manifest.py | |
| validate-graph-integrity: | |
| name: Check prompt graph integrity | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Validate graph integrity | |
| run: python tests/validate-graph-integrity.py | |
| cli-smoke-test: | |
| name: CLI smoke test (launch path) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install CLI dependencies | |
| run: npm ci | |
| working-directory: cli | |
| - name: Run CLI tests | |
| run: npm test | |
| working-directory: cli | |
| - name: Verify --dry-run smoke test (copilot) | |
| run: node bin/cli.js interactive --cli copilot --dry-run | |
| working-directory: cli | |
| - name: Verify --dry-run smoke test (claude) | |
| run: node bin/cli.js interactive --cli claude --dry-run | |
| working-directory: cli |