CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/speaker-toolkit

Six-skill presentation system: ingest talks into a rhetoric vault, run interactive clarification, generate a speaker profile, create presentations that match your documented patterns, produce the deck illustrations + thumbnail visual layer, and publish talk pages to a Jekyll shownotes site. Includes a 102-entry Presentation Patterns taxonomy (91 observable, 11 unobservable go-live items) for scoring, brainstorming, and go-live preparation.

86

1.24x
Quality

92%

Does it follow best practices?

Impact

86%

1.24x

Average score across 26 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

check-tessl-pins.shscripts/

#!/usr/bin/env bash
# Deploy-time check for the tessl-version-floating carve-out.
#
# Walks every manifest covered by the carve-out (see
# rules/tessl-version-floating.md) and fails if any dependency uses a
# specifier other than the permitted floating value "latest" — rejecting
# literal pins, version ranges, tags, and anything else per the
# `jbaruch/coding-policy: dependency-management` clause "rejecting only
# literal pins lets a non-literal pinned/ranged value slip through".
#
# Wired into CI by .github/workflows/tests.yml.
set -euo pipefail

# Every manifest covered by the carve-out. Keep in sync with
# rules/tessl-version-floating.md → "Covered Manifests".
COVERED_MANIFESTS=(
  "tessl.json"
)

EXPECTED_SPECIFIER="latest"
status=0

for manifest in "${COVERED_MANIFESTS[@]}"; do
  if [ ! -f "$manifest" ]; then
    echo "ERROR: covered manifest $manifest not found." >&2
    echo "  rules/tessl-version-floating.md lists $manifest as a covered manifest, but it does not exist on disk." >&2
    echo "  Either restore the manifest or remove it from rules/tessl-version-floating.md → Covered Manifests." >&2
    status=1
    continue
  fi

  # Walk every dependency entry; collect anything that's not exactly "latest".
  # Capture combined stdout+stderr into `bad` and the exit code into `rc`.
  # The `|| rc=$?` consumes the failure exit code so `set -e` doesn't abort.
  rc=0
  bad=$(python3 - "$manifest" "$EXPECTED_SPECIFIER" 2>&1 <<'PY'
import json, sys

manifest_path, expected = sys.argv[1], sys.argv[2]
try:
    with open(manifest_path) as f:
        data = json.load(f)
except json.JSONDecodeError as e:
    # Exit 2 — malformed JSON branch. The wrapper switches on this to
    # emit a "fix the JSON syntax" message instead of the unrelated
    # "non-floating specifiers" message.
    print(f"MALFORMED_JSON: {e.msg} at line {e.lineno} col {e.colno}", file=sys.stderr)
    sys.exit(2)
except OSError as e:
    # Exit 3 — file present (the bash precheck for existence passed)
    # but unreadable. Distinct from "syntax error in content" because
    # the fix is permissions / disk, not the manifest text.
    print(f"UNREADABLE_MANIFEST: {e}", file=sys.stderr)
    sys.exit(3)

# Exit 4 — top-level shape is wrong. `tessl.json` is expected to be an
# object (`{"dependencies": {...}}`); arrays or scalars at the top level
# would crash `.get("dependencies")` with a clear traceback otherwise.
if not isinstance(data, dict):
    print(
        f"BAD_SHAPE: expected top-level JSON object, got {type(data).__name__}",
        file=sys.stderr,
    )
    sys.exit(4)

violations = []
for name, spec in (data.get("dependencies") or {}).items():
    if not isinstance(spec, dict):
        violations.append((name, repr(spec)))
        continue
    version = spec.get("version")
    if version != expected:
        violations.append((name, repr(version)))

for name, found in violations:
    print(f"{name}: {found}")

sys.exit(1 if violations else 0)
PY
  ) || rc=$?

  case "$rc" in
    0)
      ;;
    2)
      echo "ERROR: $manifest is not valid JSON." >&2
      echo "$bad" | sed 's/^/  /' >&2
      echo "" >&2
      echo "  Fix the JSON syntax error and re-run. The tessl-version-floating" >&2
      echo "  check can't verify pin status until the manifest parses." >&2
      status=1
      ;;
    3)
      echo "ERROR: $manifest could not be read." >&2
      echo "$bad" | sed 's/^/  /' >&2
      echo "" >&2
      echo "  Check file permissions / disk state. The check can't verify pin" >&2
      echo "  status until the manifest is readable." >&2
      status=1
      ;;
    4)
      echo "ERROR: $manifest has the wrong top-level shape." >&2
      echo "$bad" | sed 's/^/  /' >&2
      echo "" >&2
      echo "  tessl.json must be a JSON object (\"{...}\"). Restore the" >&2
      echo "  manifest shape before re-running the check." >&2
      status=1
      ;;
    *)
      echo "ERROR: $manifest contains dependencies with non-floating specifiers:" >&2
      echo "$bad" | sed 's/^/  /' >&2
      echo "" >&2
      echo "  Per rules/tessl-version-floating.md, every dependency in this manifest must use" >&2
      echo "  \"version\": \"latest\". Pinning here produces silent drift because \`tessl update\`" >&2
      echo "  rewrites the manifest in-place at runtime and .tessl/tiles/ is gitignored." >&2
      echo "" >&2
      echo "  Fix: change the flagged specifier(s) to \"latest\", or — if you intentionally" >&2
      echo "  want this manifest to pin — remove it from the carve-out by editing both" >&2
      echo "  rules/tessl-version-floating.md → Covered Manifests AND scripts/check-tessl-pins.sh" >&2
      echo "  → COVERED_MANIFESTS." >&2
      status=1
      ;;
  esac
done

if [ "$status" -ne 0 ]; then
  exit 1
fi

echo "OK: every dependency in every covered manifest uses the permitted floating specifier ($EXPECTED_SPECIFIER)."

scripts

check-tessl-pins.sh

CHANGELOG.md

README.md

tessl.json

tile.json