kunthawat/emdash-patch-imageupload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
emdash-patch-imageupload/packages/marketplace/README.md
kunthawat 2d1be52177 Emdash source with visual editor image upload fix 
Fixes:
1. media.ts: wrap placeholder generation in try-catch
2. toolbar.ts: check r.ok, display error message in popover
2026-05-03 10:44:54 +07:00

84 lines
2.6 KiB
Markdown
Raw Permalink Blame History

# @emdash-cms/marketplace
Standalone Cloudflare Worker that hosts the EmDash plugin marketplace — discovery, publishing, and moderation.
## Development
```bash
pnpm dev # starts wrangler dev server on :8787
pnpm test # runs vitest
```
Requires an AI binding (`wrangler.jsonc` has it configured). Code and image audits run on Workers AI.
## Manual audit testing
The `/api/v1/dev/audit` endpoint (localhost only) runs the code + image audit pipeline without auth or DB writes. Use it to evaluate AI model accuracy against the fixture corpus.
### Using the test script
```bash
# Run a single fixture
tests/fixtures/audit/test-audit.sh tests/fixtures/audit/prompt-injection
# Against a different host
tests/fixtures/audit/test-audit.sh tests/fixtures/audit/data-exfiltration http://localhost:8787
```
The script tars the fixture directory and POSTs it as a multipart bundle. Output is the raw audit JSON.
### Using curl directly
Tarball mode (full bundle with manifest, code, and images):
```bash
tar -czf /tmp/bundle.tar.gz -C tests/fixtures/audit/crypto-miner .
curl -s -X POST http://localhost:8787/api/v1/dev/audit -F "bundle=@/tmp/bundle.tar.gz" | jq
```
JSON mode (code only, no manifest required):
```bash
curl -s -X POST http://localhost:8787/api/v1/dev/audit \
-H "Content-Type: application/json" \
-d '{"backendCode": "const x = eval(\"1+1\");"}' | jq
```
### Running all fixtures
```bash
for d in tests/fixtures/audit/*/; do
echo "=== $(basename "$d") ==="
tests/fixtures/audit/test-audit.sh "$d"
echo
done
```
Compare the `verdict` and `riskScore` in each response against the fixture's `expected.json` to evaluate model accuracy.
## Fixture format
Each fixture in `tests/fixtures/audit/` is a directory containing:
| File | Required | Purpose |
| ------------------- | -------- | ----------------------------------- |
| `manifest.json` | yes | Plugin manifest |
| `backend.js` | yes | Backend code (primary audit target) |
| `admin.js` | no | Admin UI code |
| `icon.png` | no | Plugin icon (triggers image audit) |
| `screenshots/*.png` | no | Screenshots (trigger image audit) |
| `expected.json` | yes | Expected verdict, score, categories |
`expected.json` shape:
```json
{
"verdict": "pass" | "warn" | "fail",
"minRiskScore": 50,
"maxRiskScore": 10,
"categories": ["data-exfiltration", "obfuscation"]
}
```
`minRiskScore` and `maxRiskScore` are optional bounds. `categories` lists the finding categories the model should detect.
Reference in New Issue View Git Blame Copy Permalink