Validate apt package names

[jsdavid278-cyber]

Fixes the pkg-apt target accepting invalid Debian package names before rendering package metadata. Invalid names such as path traversal, spaces, uppercase letters, or one-character names are now rejected before build artifacts or ship IDs are produced.

Validation:

• vitest run packages/targets/pkg-apt/src/index.test.ts
• tsc -p packages/targets/pkg-apt/tsconfig.json --noEmit

[greptile-apps]

Greptile Summary

This PR adds input validation to the pkg-apt target, preventing invalid Debian package names from reaching file-write or ship operations. Both build and ship now call assertPackageName as their first action, throwing a descriptive error for names that violate Debian policy rules.

• Adds assertPackageName with the regex ^[a-z0-9][a-z0-9+.-]+$, which enforces lowercase-only, minimum two characters, alphanumeric start, and the allowed +, ., - special characters.
• Guards both build and ship entry points before any filesystem writes or API calls.
• Test suite extended with acceptance tests for libfoo-bar, g++, and python3.10, and rejection tests for path-traversal, spaces, uppercase, and single-character names in both build and ship.

Confidence Score: 5/5

Safe to merge — the change is a targeted input-validation guard with no side effects on existing valid inputs.

The regex correctly implements Debian policy (lowercase, min-2 chars, alphanumeric start, +/-/. allowed), the guard fires before any file I/O or network calls in both build and ship, and the test suite now covers both acceptance and rejection paths. No existing behaviour for valid package names is altered.

No files require special attention.

Important Files Changed

Filename	Overview
packages/targets/pkg-apt/src/index.ts	Adds assertPackageName guard called at the top of both build and ship; the regex ^[a-z0-9][a-z0-9+.-]+$ correctly enforces Debian policy (lowercase, min-2-char, alphanumeric start, +/-/. allowed)
packages/targets/pkg-apt/src/index.test.ts	Adds three new test cases: positive regression for allowed special-char names (libfoo-bar, g++, python3.10), rejection of invalid names in build, and rejection of an invalid name in ship

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A([caller: build or ship]) --> B[assertPackageName]
    B --> C{valid Debian name?}
    C -- no --> D[throw Error]
    C -- yes --> E{which method?}
    E -- build --> F[mkdir + writeFile control and Packages index]
    E -- ship --> G{dryRun?}
    G -- yes --> H[return dry-run]
    G -- no --> I[upload .deb and update InRelease]

Loading

_{Reviews (2): Last reviewed commit: "Cover valid apt package name characters" | Re-trigger Greptile}