Validate Fire TV package names

[jsdavid278-cyber]

Fixes #582.

Changes:

• validate tv-firetv packageName as an Android application ID before planning build/ship
• use the validated packageName in the generated package plan and dry-run metadata
• add regression tests for path separators and single-segment names

Validation:

• vitest run packages/targets/tv-firetv/src/index.test.ts
• tsc -p packages/targets/tv-firetv/tsconfig.json --noEmit

[greptile-apps]

Greptile Summary

This PR introduces an ANDROID_PACKAGE_NAME_RE regex validator and a requirePackageName helper that is called at the start of both artifactPath and buildPlan, preventing path-traversal and single-segment package names from reaching the build/ship pipeline. The validated name is now used throughout the plan file and dry-run metadata.

• requirePackageName validates the Android application-ID format (e.g. rejects ../com.acme.firetv and bare firetv) before any file I/O or API calls occur.
• buildPlan and the dry-run ship branch now surface the validated, trimmed packageName rather than the raw config value.
• Two new regression tests cover the path-separator and single-segment rejection cases.

Confidence Score: 4/5

Safe to merge; the validation logic is correct and the tests cover the stated rejection cases.

The regex and requirePackageName guard work correctly for the intended inputs. The only notable issue is that buildPlan triggers requirePackageName twice per call — once directly and once inside artifactPath — which is redundant but not incorrect. No data is lost or mis-scoped.

No files require special attention; both changed files are straightforward.

Important Files Changed

Filename	Overview
packages/targets/tv-firetv/src/index.ts	Adds requirePackageName validator with an Android package-name regex; wires it into artifactPath, buildPlan, and the dry-run meta. Minor redundancy: buildPlan validates twice (directly and inside artifactPath).
packages/targets/tv-firetv/src/index.test.ts	Adds two regression tests for validation rejection (path-separator and single-segment names); existing happy-path tests unchanged.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[build / ship called] --> B[buildPlan]
    B --> C{requirePackageName}
    C -- invalid --> D[throw Error 'packageName must be a valid Android ID']
    C -- valid trimmed name --> E[artifactPath]
    E --> F{requirePackageName again}
    F -- valid --> G[return apkPath or join outDir/firetv/name.apk]
    G --> H[assemble plan object]
    H --> I{dryRun?}
    I -- yes --> J[return dry-run meta with plan.packageName]
    I -- no --> K[writeFile plan JSON / submit to Amazon]

Loading

_{Reviews (1): Last reviewed commit: "Validate Fire TV package names" | Re-trigger Greptile}

[greptile-apps]

requirePackageName is called twice for every buildPlan invocation: once on line 33, and again inside artifactPath on line 34. The validated name from the first call is already available, so passing it through to artifactPath would eliminate the redundant validation and make the data-flow explicit.

Suggested change

	function artifactPath(ctx: { outDir: string }, config: Config): string {
	return config.apkPath ?? join(ctx.outDir, 'firetv', `${config.packageName}.apk`);
	const packageName = requirePackageName(config);
	return config.apkPath ?? join(ctx.outDir, 'firetv', `${packageName}.apk`);
	}
	function targeting(config: Config): NonNullable<Config['deviceTargeting']> {
	return config.deviceTargeting ?? 'firetv-only';
	}
	function buildPlan(ctx: { outDir: string; version: string; channel: string }, config: Config) {
	const packageName = requirePackageName(config);
	const artifact = artifactPath(ctx, config);
	function artifactPath(ctx: { outDir: string }, packageName: string, config: Pick<Config, 'apkPath'>): string {
	return config.apkPath ?? join(ctx.outDir, 'firetv', `${packageName}.apk`);
	}
	function targeting(config: Config): NonNullable<Config['deviceTargeting']> {
	return config.deviceTargeting ?? 'firetv-only';
	}
	function buildPlan(ctx: { outDir: string; version: string; channel: string }, config: Config) {
	const packageName = requirePackageName(config);
	const artifact = artifactPath(ctx, packageName, config);

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!