test(plugin_exporter): update archive assertions from .tar.gz to .zip

Three test files were still expecting the old default archive format
(.tar.gz). Updated to assert .zip and use zipfile.ZipFile / is_zipfile.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: nadav-y

packages/apm-guide/.apm/skills/apm-usage/commands.md

@@ -80,7 +80,7 @@ When `apm install` has already deployed instructions to `.claude/rules/`, `apm c
 
 | Command | Purpose | Key flags |
 |---------|---------|-----------|
-| `apm pack` | Build distributable artifacts (bundle and/or marketplace.json -- driven by `apm.yml`). Default output is a Claude Code plugin directory. Bundles are **target-agnostic**: `pack.target` is recorded in every bundle for diagnostic purposes (typically `"all"` for target-agnostic packs, or the project's detected target) and is not authoritative at install time; `pack.bundle_files` (path -> sha256) drives integrity verification. The consumer's project decides where files land. Marketplace-publishing projects (`marketplace:` block, no `dependencies:`) no longer emit the misleading "No plugin.json found" warning; after a successful build, a vendor-neutral catalog of artifact paths is appended together with a single docs pointer (`producer/publish-to-a-marketplace/#consume-from-any-assistant`) listing per-assistant install paths. Release-time gates `--check-versions` and `--check-clean` are opt-in: when present, they run after the build and exit non-zero on misalignment / drift (codes 3 and 4 respectively) so release pipelines can fail fast. When `apm.yml` declares `target: claude` or `target: copilot` (or the plural `targets:` equivalent), `apm pack` also generates an ecosystem-specific `plugin.json`: `.claude-plugin/plugin.json` for Claude (includes `mcpServers` from `.mcp.json` if present) and `.github/plugin/plugin.json` for Copilot (omits `mcpServers`). An existing file at the target path is preserved (a warning is emitted and the write is skipped) unless `--force` is passed; `--dry-run` prevents writes. Credential-bearing keys and secret-shaped values in `.mcp.json` are stripped recursively at any depth from the Claude manifest before writing, so a committed manifest never leaks secrets (see the apm pack reference, `reference/cli/pack/#credential-stripping-claude-mcpservers`). | `-o PATH`, `--archive`, `--dry-run`, `--format [plugin\|apm]` (default `plugin`), `--force`, `--offline`, `--include-prerelease`, `--marketplace=FORMATS`, `--marketplace-path FORMAT=PATH`, `--json`, `--check-versions` (release gate: per-package versions match `marketplace.versioning.strategy`; exit 3 on failure), `--check-clean` (release gate: regenerate-and-diff against the committed `marketplace.json`; exit 4 on drift). `-t/--target` is **deprecated** (warn only). Exit codes: `0` success, `1` build/runtime error, `2` schema validation error, `3` `--check-versions` misalignment, `4` `--check-clean` drift. |
+| `apm pack` | Build distributable artifacts (bundle and/or marketplace.json -- driven by `apm.yml`). Default output is a Claude Code plugin directory. Bundles are **target-agnostic**: `pack.target` is recorded in every bundle for diagnostic purposes (typically `"all"` for target-agnostic packs, or the project's detected target) and is not authoritative at install time; `pack.bundle_files` (path -> sha256) drives integrity verification. The consumer's project decides where files land. Marketplace-publishing projects (`marketplace:` block, no `dependencies:`) no longer emit the misleading "No plugin.json found" warning; after a successful build, a vendor-neutral catalog of artifact paths is appended together with a single docs pointer (`producer/publish-to-a-marketplace/#consume-from-any-assistant`) listing per-assistant install paths. Release-time gates `--check-versions` and `--check-clean` are opt-in: when present, they run after the build and exit non-zero on misalignment / drift (codes 3 and 4 respectively) so release pipelines can fail fast. When `apm.yml` declares `target: claude` or `target: copilot` (or the plural `targets:` equivalent), `apm pack` also generates an ecosystem-specific `plugin.json`: `.claude-plugin/plugin.json` for Claude (includes `mcpServers` from `.mcp.json` if present) and `.github/plugin/plugin.json` for Copilot (omits `mcpServers`). An existing file at the target path is preserved (a warning is emitted and the write is skipped) unless `--force` is passed; `--dry-run` prevents writes. Credential-bearing keys and secret-shaped values in `.mcp.json` are stripped recursively at any depth from the Claude manifest before writing, so a committed manifest never leaks secrets (see the apm pack reference, `reference/cli/pack/#credential-stripping-claude-mcpservers`). | `-o PATH`, `--archive` (produce an archive instead of a directory), `--archive-format [zip\|tar.gz]` (default `zip`; only active with `--archive`), `--dry-run`, `--format [plugin\|apm]` (default `plugin`), `--force`, `--offline`, `--include-prerelease`, `--marketplace=FORMATS`, `--marketplace-path FORMAT=PATH`, `--json`, `--check-versions` (release gate: per-package versions match `marketplace.versioning.strategy`; exit 3 on failure), `--check-clean` (release gate: regenerate-and-diff against the committed `marketplace.json`; exit 4 on drift). `-t/--target` is **deprecated** (warn only). Exit codes: `0` success, `1` build/runtime error, `2` schema validation error, `3` `--check-versions` misalignment, `4` `--check-clean` drift. |
 | `apm unpack BUNDLE` | **[Deprecated]** Extract a bundle. Use `apm install <bundle-path>` instead -- it deploys directly with integrity verification and target resolution. | `-o PATH`, `--skip-verify`, `--force`, `--dry-run` |
 
 `apm install <BUNDLE-PATH>` -- when the positional argument resolves to a directory containing `plugin.json` at its root, or to a `.tar.gz`/`.tgz` archive whose extracted root contains `plugin.json`, install switches to local-bundle mode: the bundle is integrity-verified against its embedded `apm.lock.yaml` (`pack.bundle_files`) and deployed into the consumer's resolved target. Target resolution follows the same precedence as registry installs (`--target` > `apm.yml` > directory detection); the bundle itself carries no target binding. Compile-only targets (opencode, codex, gemini) receive instructions staged under `apm_modules/<slug>/.apm/instructions/` and the install emits a hint to run `apm compile` to merge them. Other existing paths (e.g. a source-package directory without `plugin.json`) still flow through the normal local-path dependency-resolver pipeline. Files are recorded under `local_deployed_files` in the project lockfile -- `apm.yml` is **never** mutated. Honours `--target`, `--global`, `--force`, `--dry-run`, `--verbose`, plus `--as ALIAS` (log/display label only). Resolver/MCP/registry/policy flags (`--update`, `--mcp`, `--parallel-downloads`, `--allow-insecure-host`, `--skill`, ...) are rejected with a single consolidated error -- local-bundle install is an imperative deploy and bypasses those subsystems.

src/apm_cli/bundle/packer.py

@@ -274,6 +274,10 @@ def pack_bundle(
 
     # 10. Archive if requested
     if archive:
+        if archive_format not in ("zip", "tar.gz"):
+            raise ValueError(
+                f"Unknown archive_format: {archive_format!r}. Must be 'zip' or 'tar.gz'."
+            )
         if archive_format == "tar.gz":
             archive_path = output_dir / f"{pkg_name}-{pkg_version}.tar.gz"
             with tarfile.open(archive_path, "w:gz") as tf:

src/apm_cli/bundle/plugin_exporter.py

@@ -648,6 +648,10 @@ def export_plugin_bundle(
 
     # 15. Archive if requested
     if archive:
+        if archive_format not in ("zip", "tar.gz"):
+            raise ValueError(
+                f"Unknown archive_format: {archive_format!r}. Must be 'zip' or 'tar.gz'."
+            )
         if archive_format == "tar.gz":
             archive_path = output_dir / f"{bundle_dir.name}.tar.gz"
             ensure_path_within(archive_path, output_dir)

src/apm_cli/commands/pack.py

@@ -26,7 +26,7 @@
 
 Reads apm.yml to decide what to produce:
 
-  dependencies: block  ->  bundle (directory or .zip)
+  dependencies: block  ->  bundle (directory or archive; see --archive and --archive-format)
   marketplace: block   ->  selected marketplace artifacts
   target: / targets:   ->  ecosystem-specific plugin.json (claude/copilot)
   both blocks present  ->  bundle plus selected marketplace artifacts

tests/unit/commands/test_pack_cli_surface.py

@@ -493,6 +493,30 @@ def test_format_invalid_choice_fails(self) -> None:
         result = CliRunner().invoke(pack_cmd, ["--format", "invalid"])
         assert result.exit_code != 0
 
+    def test_archive_format_zip_accepted(self, tmp_path: Path, monkeypatch) -> None:
+        (tmp_path / "apm.yml").write_text(_APM_SIMPLE, encoding="utf-8")
+        monkeypatch.chdir(tmp_path)
+        result = CliRunner().invoke(pack_cmd, ["--dry-run", "--archive", "--archive-format", "zip"])
+        assert "Invalid value for '--archive-format'" not in (result.output or "")
+        assert result.exit_code in (0, 1)
+
+    def test_archive_format_tar_gz_accepted(self, tmp_path: Path, monkeypatch) -> None:
+        (tmp_path / "apm.yml").write_text(_APM_SIMPLE, encoding="utf-8")
+        monkeypatch.chdir(tmp_path)
+        result = CliRunner().invoke(
+            pack_cmd, ["--dry-run", "--archive", "--archive-format", "tar.gz"]
+        )
+        assert "Invalid value for '--archive-format'" not in (result.output or "")
+        assert result.exit_code in (0, 1)
+
+    def test_archive_format_invalid_choice_fails(self) -> None:
+        """Click rejects unknown archive format values before the command runs."""
+        result = CliRunner().invoke(pack_cmd, ["--archive", "--archive-format", "bz2"])
+        assert result.exit_code != 0
+        assert (
+            "invalid" in (result.output or "").lower() or "error" in (result.output or "").lower()
+        )
+
     def test_deprecated_target_flag_emits_warning(self, tmp_path: Path, monkeypatch) -> None:
         (tmp_path / "apm.yml").write_text(_APM_SIMPLE, encoding="utf-8")
         monkeypatch.chdir(tmp_path)

tests/unit/test_packer.py

@@ -219,6 +219,30 @@ def test_pack_archive(self, tmp_path):
             names = zf.namelist()
             assert any("a.md" in n for n in names)
 
+    def test_pack_archive_tar_gz(self, tmp_path):
+        deployed = [".github/agents/a.md"]
+        project = _setup_project(tmp_path, deployed, target="vscode")
+        out = tmp_path / "build"
+
+        result = pack_bundle(project, out, archive=True, archive_format="tar.gz")
+
+        assert result.bundle_path.name == "test-pkg-1.0.0.tar.gz"
+        assert result.bundle_path.exists()
+        assert not (out / "test-pkg-1.0.0").exists()
+        import tarfile
+
+        with tarfile.open(result.bundle_path, "r:gz") as tf:
+            names = tf.getnames()
+            assert any("a.md" in n for n in names)
+
+    def test_pack_archive_invalid_format_raises(self, tmp_path):
+        deployed = [".github/agents/a.md"]
+        project = _setup_project(tmp_path, deployed, target="vscode")
+        out = tmp_path / "build"
+
+        with pytest.raises(ValueError, match="Unknown archive_format"):
+            pack_bundle(project, out, archive=True, archive_format="bz2")
+
     def test_pack_custom_output_dir(self, tmp_path):
         deployed = [".github/agents/a.md"]
         project = _setup_project(tmp_path, deployed, target="vscode")

tests/unit/test_plugin_exporter.py

@@ -2,7 +2,7 @@
 
 import json
 import os
-import tarfile
+import zipfile
 from pathlib import Path
 from unittest.mock import patch
 
@@ -700,11 +700,11 @@ def test_archive(self, tmp_path):
 
         result = export_plugin_bundle(project, out, archive=True)
 
-        assert result.bundle_path.name == "test-pkg-1.0.0.tar.gz"
+        assert result.bundle_path.name == "test-pkg-1.0.0.zip"
         assert result.bundle_path.exists()
         assert not (out / "test-pkg-1.0.0").exists()
-        with tarfile.open(result.bundle_path, "r:gz") as tar:
-            names = tar.getnames()
+        with zipfile.ZipFile(result.bundle_path, "r") as zf:
+            names = zf.namelist()
             assert any("agent.md" in n for n in names)
 
     def test_dependency_components_included(self, tmp_path):

tests/unit/test_plugin_exporter_compatibility.py

@@ -15,7 +15,7 @@
 from __future__ import annotations
 
 import json
-import tarfile
+import zipfile
 from unittest.mock import MagicMock, patch
 
 import pytest
@@ -462,8 +462,8 @@ def test_archive_creates_tarball(self, tmp_path):
         output_dir.mkdir()
 
         result = export_plugin_bundle(project, output_dir, archive=True)
-        assert result.bundle_path.suffix == ".gz"
-        assert tarfile.is_tarfile(str(result.bundle_path))
+        assert result.bundle_path.suffix == ".zip"
+        assert zipfile.is_zipfile(str(result.bundle_path))
 
     def test_collision_warning_emitted_no_logger(self, tmp_path):
         from apm_cli.bundle.plugin_exporter import export_plugin_bundle

tests/unit/test_plugin_exporter_phase3w5.py

@@ -15,7 +15,7 @@
 from __future__ import annotations
 
 import json
-import tarfile
+import zipfile
 from unittest.mock import MagicMock, patch
 
 import pytest
@@ -462,8 +462,8 @@ def test_archive_creates_tarball(self, tmp_path):
         output_dir.mkdir()
 
         result = export_plugin_bundle(project, output_dir, archive=True)
-        assert result.bundle_path.suffix == ".gz"
-        assert tarfile.is_tarfile(str(result.bundle_path))
+        assert result.bundle_path.suffix == ".zip"
+        assert zipfile.is_zipfile(str(result.bundle_path))
 
     def test_collision_warning_emitted_no_logger(self, tmp_path):
         from apm_cli.bundle.plugin_exporter import export_plugin_bundle