import { readFileSync } from "node:fs"; import { rootPath } from "./src/config"; const source = readFileSync(rootPath("scripts/src/artifact-registry.ts"), "utf8"); const downloadRemoteFileSource = source.slice( source.indexOf("function downloadRemoteFile("), source.indexOf("async function runRemoteScriptBackground("), ); function assertCondition(condition: unknown, message: string): void { if (!condition) throw new Error(message); } assertCondition(!source.includes('docker save "$image" | gzip -1"'), "artifact registry must not stream docker save over ssh stdout"); assertCondition(source.includes("downloadRemoteFile(options, remoteArchive, localArchive"), "compose artifact pull must use verified ssh download"); assertCondition(source.includes("runRemoteScriptBackground(options, remoteScript"), "remote docker save must run as a background job"); assertCondition(source.includes('runRemoteScriptBackground(options, deployScript, Math.max(options.timeoutMs, 420_000), "d601-k3s-deploy")'), "D601 k3s deploy must use background polling"); assertCondition(source.includes('"ssh",\n options.providerId,\n "download"'), "download helper must route through UniDesk ssh download"); assertCondition(downloadRemoteFileSource.includes('"--chunk-bytes",\n "1048576"'), "artifact ssh download chunk should use MiB-scale blocks after ssh data moved to tcp-pool"); assertCondition(!downloadRemoteFileSource.includes('"45000"'), "artifact ssh download must not preserve the old provider bridge truncation boundary"); assertCondition(downloadRemoteFileSource.includes("tee -a") && downloadRemoteFileSource.includes("UNIDESK_JOB_STDERR_FILE"), "artifact ssh download must stream progress stderr into async job logs"); assertCondition(source.includes("UNIDESK_SSH_CLIENT_TOKEN") && source.includes("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST"), "dev frontend artifact deploy must sync scoped ssh runtime keys"); console.log(JSON.stringify({ ok: true, test: "artifact-registry-ssh-timeout-contract", assertions: [ "no docker-save stdout stream over ssh", "compose artifact uses verified ssh download", "remote docker save and k3s deploy use background polling", "artifact downloads use MiB-scale tcp-pool chunks instead of the old bridge truncation boundary", "artifact download progress is visible in async job stderr", "dev frontend artifact deploy syncs scoped ssh runtime keys" ] }, null, 2));