From 56e0fb0c57d3289f9b518ca7d5b3615d526047a5 Mon Sep 17 00:00:00 2001 From: Mark Larah Date: Tue, 19 May 2026 16:45:33 -0700 Subject: [PATCH] Validate that GAP directories only contain allowed files Restrict files in GAP directories to *.md and metadata.yml to prevent files that could poison developer environments (e.g. .nvmrc) from being merged. Co-Authored-By: Claude Opus 4.7 --- scripts/validate-structure.js | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/scripts/validate-structure.js b/scripts/validate-structure.js index 6c0b634..85683f2 100755 --- a/scripts/validate-structure.js +++ b/scripts/validate-structure.js @@ -9,7 +9,7 @@ * find ./gaps -maxdepth 1 -type d -name 'GAP-*' | xargs -I{} node scripts/validate-structure.js {} */ -import { existsSync, readFileSync, statSync } from "node:fs"; +import { existsSync, readFileSync, readdirSync, statSync } from "node:fs"; import { basename, join, dirname } from "node:path"; import { fileURLToPath } from "node:url"; import { parseArgs } from "node:util"; @@ -114,6 +114,26 @@ function validateMetadata(dirPath, gapName) { } } +function validateAllowedFiles(dirPath, gapName) { + const entries = readdirSync(dirPath); + for (const entry of entries) { + const fullPath = join(dirPath, entry); + if (statSync(fullPath).isDirectory()) { + error( + gapName, + `Unexpected directory "${entry}" found. GAP directories may only contain *.md files and metadata.yml. If you believe this is in error, please ping @graphql/gaps-editors.`, + ); + } + if (entry === "metadata.yml" || entry.endsWith(".md")) { + continue; + } + error( + gapName, + `Unexpected file "${entry}" found. GAP directories may only contain *.md files and metadata.yml. If you believe this is in error, please ping @graphql/gaps-editors.`, + ); + } +} + function main() { const { positionals } = parseArgs({ allowPositionals: true, strict: true }); @@ -137,6 +157,9 @@ function main() { // Validate directory naming const gapName = validateDirectoryNaming(dirPath); + // Validate only allowed files are present + validateAllowedFiles(dirPath, gapName); + // Validate README.md exists validateReadmeExists(dirPath, gapName);