Tighten lint:pkg gate: fail CI on publint suggestions (enforcement #33)#49
Merged
jasperboerhof merged 1 commit intoApr 23, 2026
Conversation
Closes enforcement queue #33. publint 0.3.18 CLI does not expose a flag to fail on suggestions: --level only controls log verbosity, --strict only promotes warnings → errors. Verified empirically with all three flag combinations on a real git+ URL suggestion — every invocation exits 0. Option (a) rejected by empirical test; Option (b) chosen. Adds scripts/lint-pkg.mjs — ESM Node wrapper that runs publint per workspace, detects Suggestions:/Warnings:/Errors: blocks, runs attw --pack alongside, and exits non-zero on any publint advisory OR attw failure. Failure output names both the package and the advisory class in a single greppable line. Root "lint:pkg" now points at the wrapper; per-package "lint:pkg" scripts stay as "publint && attw --pack" for developer ergonomics during per-package iteration. Smoke test: - BEFORE tightening: publint && attw on git+-stripped http/package.json → exit 0 (silent drift) - AFTER tightening: npm run lint:pkg on same regression → exit 1 with "fs-http: publint emitted \"Suggestions:\" block (fail-on-suggestion gate)" - Post-revert: npm run lint:pkg → exit 0 All 8 CI gates green on sweep-normalized base (stacked on armory-publint-git-prefix-sweep). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Deploying fs-packages with
|
| Latest commit: |
4a02c7b
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://116a3c2e.fs-packages.pages.dev |
| Branch Preview URL: | https://armory-publint-gate-tighteni.fs-packages.pages.dev |
jasperboerhof
merged commit d3f7143
into
armory-publint-git-prefix-sweep
1 check passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Why a wrapper, not a CLI flag
publint 0.3.18's documented `--strict` flag only promotes warnings → errors. Empirical testing of all four flag combinations (no flag, `--strict`, `--level suggestion`, `--strict --level suggestion`) confirmed all exit 0 on a real `git+` suggestion. Option (a) in enforcement #33 was vaporware. The wrapper was the only viable path.
How the wrapper works
`scripts/lint-pkg.mjs` iterates each workspace and for each:
Per-package `lint:pkg` scripts stay `publint && attw --pack` for developer ergonomics — only the CI-facing root gate enforces the tightened severity.
Smoke test verified the gate fires
Stacking
This PR is stacked on #48 (publint `git+` sweep). Base is `armory-publint-git-prefix-sweep`, not `main` — because tightening the gate on top of the regressed manifests would fail CI immediately. When #48 merges to main, this PR auto-retargets.
Test plan
All 8 CI gates confirmed green locally on the stacked branch:
Future-proofing
If publint adds a native `--strict-suggestions` (or equivalent) flag in a future release, the wrapper is a one-character swap away from being replaced by a flag. Until then, the wrapper is the enforcement surface.