Validate SteamOS app identifiers

[jsdavid278-cyber]

Fixes #600.

Changes:

• validate desktop-steamos appId as a reverse-DNS identifier before build or ship
• use the normalized appId in generated Flatpak plans, artifact names, Flathub URLs, and real ship IDs
• add regression tests for invalid appId values in build and ship flows

Validation:

• vitest run packages/targets/desktop-steamos/src/index.test.ts
• tsc -p packages/targets/desktop-steamos/tsconfig.json --noEmit

[greptile-apps]

Greptile Summary

This PR adds a requireAppId validator to the desktop-steamos target that enforces a reverse-DNS format before any build or ship operation, and threads the normalized app ID through all generated artifact names, Flathub URLs, and ship record IDs.

• Validation logic (index.ts): introduces APP_ID_PATTERN and requireAppId, called at the top of both build and ship; the validated appId replaces raw config.appId in the plan JSON and return values — but two ctx.log lines were missed and still log the raw input.
• Regex coverage: the segment character class excludes underscores, which are permitted by the Flatpak/D-Bus app-ID spec and would cause valid identifiers like com.acme.my_app to be incorrectly rejected.
• Tests (index.test.ts): adds two regression tests using ../deckapp and com.acme/deckapp as invalid inputs, covering both build and ship paths.

Confidence Score: 3/5

The core validation logic is sound, but the two log statements that still reference raw config.appId mean the logs will disagree with the artifacts whenever the caller passes a value with surrounding whitespace, and the regex will reject valid Flatpak IDs containing underscores.

Two ctx.log calls in build and ship were not updated to use the validated appId, creating a divergence between what is logged and what is actually written to disk or returned. Additionally, the APP_ID_PATTERN regex excludes underscores, which are allowed by the Flatpak app-ID specification, so legitimate callers with identifiers like com.acme.my_app will get a validation error rather than a successful build.

packages/targets/desktop-steamos/src/index.ts — the log references and the regex character class both need attention before this is production-ready.

Important Files Changed

Filename	Overview
packages/targets/desktop-steamos/src/index.ts	Adds requireAppId validator and uses the returned normalized value throughout – but both ctx.log calls still reference raw config.appId instead of the validated appId, and the regex rejects underscores that are valid per the Flatpak/D-Bus spec.
packages/targets/desktop-steamos/src/index.test.ts	Adds two regression tests for invalid appId values in build and ship flows; imports fakeShipContext correctly and exercises the new validation error path.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[build / ship called] --> B[requireAppId]
    B --> C{appId empty?}
    C -- yes --> D[throw: requires appId]
    C -- no --> E{matches APP_ID_PATTERN?}
    E -- no --> F[throw: must be reverse-DNS]
    E -- yes --> G[return trimmed appId]
    G --> H[ctx.log — ⚠️ still uses config.appId]
    H --> I{build or ship?}
    I -- build --> J[write steamos-flatpak-plan.json\nusing validated appId]
    I -- ship --> K{dryRun?}
    K -- yes --> L[return dry-run id]
    K -- no --> M[return id & Flathub URL\nusing validated appId]

Loading

_{Reviews (1): Last reviewed commit: "Validate SteamOS app identifiers" | Re-trigger Greptile}

[greptile-apps]

Both ctx.log calls still reference config.appId (raw input) instead of the validated, trimmed appId returned by requireAppId. If a caller passes an appId with surrounding whitespace, the log emits the untrimmed string while every downstream artifact (JSON plan, outputArtifact, ship id, Flathub URL) uses the trimmed value — making the log misleading. The same stale reference exists in ship() at line 64.

Suggested change

	ctx.log(`flatpak-builder · appId=${config.appId}`);
	ctx.log(`flatpak-builder · appId=${appId}`);

[greptile-apps]

Same stale reference in ship(): the log uses the raw config.appId while the returned id and url already use the validated appId. When the inputs differ (e.g. due to whitespace), the log disagrees with the emitted ship record.

Suggested change

	ctx.log(`publish ${config.appId}@${ctx.version} → ${dest}`);
	ctx.log(`publish ${appId}@${ctx.version} → ${dest}`);

[greptile-apps]

The segment character class [A-Za-z0-9-] omits underscores, but the Flatpak app-ID spec (which follows D-Bus naming) explicitly permits underscores in segments — e.g. org.kde.Plasma_Shell. Valid identifiers like com.acme.my_app would be rejected, potentially blocking users with legitimate Flatpak IDs.

Suggested change

	const APP_ID_PATTERN = /^[A-Za-z][A-Za-z0-9-]*(\.[A-Za-z][A-Za-z0-9-]*)+$/;
	const APP_ID_PATTERN = /^[A-Za-z][A-Za-z0-9_-]*(\.[A-Za-z][A-Za-z0-9_-]*)+$/;

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!