kunthawat/moreminimore-redesign
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Activity
Files
4413226dd876186b27910165172bf9657c587ef6
moreminimore-redesign/packages/marketplace
History
Matt Kane ca398cc3f8 format
2026-04-01 15:25:41 +01:00
..
src
first commit
2026-04-01 10:44:22 +01:00
tests
first commit
2026-04-01 10:44:22 +01:00
package.json
Add publish CI with OIDC trusted publishing and changesets
2026-04-01 12:01:32 +01:00
README.md
Fix scope
2026-04-01 10:58:32 +01:00
tsconfig.json
first commit
2026-04-01 10:44:22 +01:00
vitest.config.ts
first commit
2026-04-01 10:44:22 +01:00
worker-configuration.d.ts
first commit
2026-04-01 10:44:22 +01:00
wrangler.jsonc
format
2026-04-01 15:25:41 +01:00

README.md

@emdash-cms/marketplace

Standalone Cloudflare Worker that hosts the EmDash plugin marketplace — discovery, publishing, and moderation.

Development

pnpm dev        # starts wrangler dev server on :8787
pnpm test       # runs vitest

Requires an AI binding (wrangler.jsonc has it configured). Code and image audits run on Workers AI.

Manual audit testing

The /api/v1/dev/audit endpoint (localhost only) runs the code + image audit pipeline without auth or DB writes. Use it to evaluate AI model accuracy against the fixture corpus.

Using the test script

# Run a single fixture
tests/fixtures/audit/test-audit.sh tests/fixtures/audit/prompt-injection

# Against a different host
tests/fixtures/audit/test-audit.sh tests/fixtures/audit/data-exfiltration http://localhost:8787

The script tars the fixture directory and POSTs it as a multipart bundle. Output is the raw audit JSON.

Using curl directly

Tarball mode (full bundle with manifest, code, and images):

tar -czf /tmp/bundle.tar.gz -C tests/fixtures/audit/crypto-miner .
curl -s -X POST http://localhost:8787/api/v1/dev/audit -F "bundle=@/tmp/bundle.tar.gz" | jq

JSON mode (code only, no manifest required):

curl -s -X POST http://localhost:8787/api/v1/dev/audit \
  -H "Content-Type: application/json" \
  -d '{"backendCode": "const x = eval(\"1+1\");"}' | jq

Running all fixtures

for d in tests/fixtures/audit/*/; do
  echo "=== $(basename "$d") ==="
  tests/fixtures/audit/test-audit.sh "$d"
  echo
done

Compare the verdict and riskScore in each response against the fixture's expected.json to evaluate model accuracy.

Fixture format

Each fixture in tests/fixtures/audit/ is a directory containing:

File Required Purpose
manifest.json yes Plugin manifest
backend.js yes Backend code (primary audit target)
admin.js no Admin UI code
icon.png no Plugin icon (triggers image audit)
screenshots/*.png no Screenshots (trigger image audit)
expected.json yes Expected verdict, score, categories

expected.json shape:

{
  "verdict": "pass" | "warn" | "fail",
  "minRiskScore": 50,
  "maxRiskScore": 10,
  "categories": ["data-exfiltration", "obfuscation"]
}

minRiskScore and maxRiskScore are optional bounds. categories lists the finding categories the model should detect.

Reference in New Issue View Git Blame Copy Permalink