Merge pull request #43 from MythologIQ/hotfix/v4.9.7-skill-validation #132

	name: VSIX Proprietary Guardrails

	on:
	pull_request:
	push:
	branches:
	- main
	- master
	workflow_dispatch:

	jobs:
	verify-vsix-guardrails:
	runs-on: ubuntu-latest

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	cache: npm
	cache-dependency-path: FailSafe/extension/package-lock.json

	- name: Install dependencies
	run: npm ci
	working-directory: FailSafe/extension

	- name: Package VSIX
	run: npx @vscode/vsce package
	working-directory: FailSafe/extension

	- name: Scan VSIX for prohibited content
	working-directory: FailSafe/extension
	run: \|
	VSIX_FILE=$(ls -t *.vsix \| head -1)
	if [ -z "$VSIX_FILE" ]; then
	echo "::error::No VSIX file found"
	exit 1
	fi

	CONTENTS=$(unzip -Z1 "$VSIX_FILE")
	PROHIBITED_PATTERNS=(
	"proprietary/"
	"internal/"
	"private/"
	".env"
	".vsce-token"
	".ovsx-token"
	)

	FOUND=0
	for pattern in "${PROHIBITED_PATTERNS[@]}"; do
	MATCHES=$(echo "$CONTENTS" \| grep -i "$pattern" \|\| true)
	if [ -n "$MATCHES" ]; then
	echo "::error::Prohibited content found: $pattern"
	echo "$MATCHES"
	FOUND=1
	fi
	done

	if [ "$FOUND" -eq 1 ]; then
	echo "::error::VSIX contains prohibited content. Review .vscodeignore."
	exit 1
	fi

	echo "VSIX guardrail check passed: $VSIX_FILE"

Provide feedback