Script examples & scripting docs, Open VSX deployment, and broader test coverage

[MelbourneDeveloper]

TLDR

Adds the scriptexamples body of work — runnable scripting examples + rewritten scripting docs, broader F# Core/LSP/DotHttp + VS Code test coverage, and an Open VSX deployment channel (plus Dependabot) so the per-platform VSIXs ship to the VS Code forks alongside the Marketplace.

Details

Deployment / CI (.github/)

• release.yml: new publish-openvsx job mirroring publish-marketplace. Downloads every vsix-* artifact and publishes one VSIX per platform to the Open VSX Registry (Cursor / Windsurf / VSCodium / Gitpod / Eclipse Theia) via version-pinned npx ovsx@1.0.0 publish. Fully independent of the Marketplace/Release/Homebrew/Scoop jobs (!cancelled() && package-vsix != skipped), so a missing token only stalls Open VSX. Token is passed only through the OVSX_PAT env (never on argv); the job runs least-privilege (contents: read, actions: read) and prints an actionable error (with the ovsx create-namespace hint) when the secret is absent. Implements [SWR-VSIX-PUBLISH], [SWR-SEC-TOKEN-PRIVILEGE].
• New .github/dependabot.yml: 5 ecosystems (github-actions, npm ×2, nuget, cargo), each grouped patterns: ["*"] into one combined PR per run to keep pinned action SHAs + deps fresh. Implements [SWR-SEC-ACTION-PINNING].
• ci.yml: minor gate additions.

Scripting examples & docs

• New examples/scripts/, examples/scripting-ctx/, examples/jsonplaceholder/ — runnable scripting samples (the branch's namesake).
• Rewritten website/src/docs/* scripting pages (F#/C#/JS/Python scripting, assertions, nap/naplist files, OpenAPI import, quick-start) + new installation/onboarding screenshots.

Core / LSP / converter + tests

• src/Napper.Core, src/Napper.Lsp, src/DotHttp source changes with matching test additions in Napper.Core.Tests (26 files), DotHttp.Tests (13), Napper.Lsp.Tests (6).
• VS Code extension (src/Napper.VsCode, 43 files): new cliResolver unit tests (+132 lines), stryker.conf.json mutation config, watcher/provider updates.

54 files added, 124 modified, 4 renamed.

How Do The Automated Tests Prove It Works?

• Open VSX workflow is statically validated: actionlint .github/workflows/release.yml → exit 0 with zero findings on the new publish-openvsx job; the job's Require Open VSX credential step fails fast and visibly if OPEN_VSX_PAT is unset rather than emitting an opaque registry auth error. The per-platform VSIXs it publishes are the same artifacts the existing package-vsix job already content-verifies (bin/<platform>/napper, shipwright.json present, no foreign-platform binaries).
• Manifest contract: npx @nimblesite/shipwright-validate-manifest --schema schemas/shipwright.schema.json src/Napper.VsCode/shipwright.json → valid; CI's version-contract gate asserts napper --version == napper <ver> and --version --json matches the schema, and aot-smoke drives a real initialize handshake through the NativeAOT napper lsp binary.
• Core/converter/LSP behaviour: the added assertions in Napper.Core.Tests, DotHttp.Tests, and Napper.Lsp.Tests exercise the changed parsing/scripting/LSP paths; the VS Code cliResolver unit tests cover the resolve/retry policy and are included in the StrykerJS mutation gate.
• Dependabot config parses as valid YAML (version: 2, 5 ecosystems).

Breaking Changes

None. All changes are additive: new examples, docs, and tests, plus a new opt-in Open VSX publish channel that no-ops (with a clear error) until OPEN_VSX_PAT is configured. No existing CLI/extension behaviour or public contract changes.