Validate Android TV package names

[jsdavid278-cyber]

Fixes #586.

Changes:

• validate tv-androidtv packageName as an Android application ID before planning build/ship
• reject path separators and single-segment package names
• add regression tests for invalid packageName values

Validation:

• vitest run packages/targets/tv-androidtv/src/index.test.ts
• tsc -p packages/targets/tv-androidtv/tsconfig.json --noEmit

[greptile-apps]

Greptile Summary

This PR adds a regex-based validation of Android package names in the tv-androidtv target, rejecting values that contain path separators or consist of a single segment, and pairs the change with two focused regression tests.

• packages/targets/tv-androidtv/src/index.ts: Adds ANDROID_PACKAGE_NAME_RE and wires it into requirePackageName, which is already the single gateway called by both build and ship before any filesystem or API work begins.
• packages/targets/tv-androidtv/src/index.test.ts: Two new tests — one exercising build with a path-traversal-style name (../com.acme.tv) and one exercising ship with a single-segment name (androidtv).

Confidence Score: 4/5

Safe to merge — the change is a small, additive guard with no effect on existing valid inputs.

The regex correctly enforces Android application ID rules, closing the path-traversal and single-segment gaps. The only minor gap is that uppercase letters are permitted in the regex, which could allow IDs that the Play Store and Android tooling would reject.

No files require special attention; both changed files are straightforward and self-contained.

Important Files Changed

Filename	Overview
packages/targets/tv-androidtv/src/index.ts	Adds ANDROID_PACKAGE_NAME_RE regex and validates it in requirePackageName; regex correctly enforces two-or-more dotted segments each starting with a letter, covering path separators and single-segment names. Minor: regex permits uppercase letters (e.g. Com.Acme.App) which the Play Store technically accepts but Android convention strongly discourages.
packages/targets/tv-androidtv/src/index.test.ts	Two new regression tests covering the path-separator and single-segment rejection paths; path-separator test uses build, single-segment test uses ship — both paths call requirePackageName so coverage is valid.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[build / ship called] --> B[buildPlan]
    B --> C[requirePackageName]
    C --> D{packageName truthy?}
    D -- No --> E[throw: tv-androidtv requires packageName]
    D -- Yes --> F{matches ANDROID_PACKAGE_NAME_RE?}
    F -- No --> G[throw: must be valid Android application ID]
    F -- Yes --> H[return trimmed packageName]
    H --> I[artifactPath / maybeValidateManifest]
    I --> J[write plan JSON / upload to Play Console]

Loading

_{Reviews (1): Last reviewed commit: "Validate Android TV package names" | Re-trigger Greptile}

[greptile-apps]

The regex allows uppercase letters in every segment position ([a-zA-Z]), so names like Com.Acme.App or com.Acme.TV pass validation. Android application IDs are required to be all-lowercase by the Play Store and Android tooling (aapt, bundletool), and a mixed-case ID would cause a mismatch if the same string is compared case-sensitively against the manifest or Gradle config. Restricting the character class to [a-z] keeps the guard aligned with the official Android docs and Play Store requirements.

Suggested change

	const ANDROID_PACKAGE_NAME_RE = /^[a-zA-Z][a-zA-Z0-9_]*(?:\.[a-zA-Z][a-zA-Z0-9_]*)+$/;
	const ANDROID_PACKAGE_NAME_RE = /^[a-z][a-z0-9_]*(?:\.[a-z][a-z0-9_]*)+$/;