feat(maker): add package update policy check by 529951164 · Pull Request #258 · taptap/instant-games-open-mcp

529951164 · 2026-06-23T10:08:24Z

改动内容

为 Maker MCP 增加远端版本策略检查，只输出升级建议，不自动执行升级。
在 MCP 启动时异步检查，在 status/doctor 中输出结构化 package update 状态。
status/doctor 不等待远端 raw 请求，GitHub 不可访问时只降级为 unavailable，不影响使用。
发布 latest/beta 成功后自动更新版本策略并创建可审核 PR。

预期行为

低于 minimum_supported、命中 blacklist、过期 beta 会提示 required_upgrade。
普通 stable 落后 latest 只提示 update_available。
网络不可用时继续正常工作，不执行升级命令。

验证

npm test -- --runTestsByPath src/tests/makerVersionCheck.test.ts src/tests/makerMcpVersionStatus.test.ts src/tests/makerCliCommands.test.ts src/tests/makerBuildLocalChanges.test.ts src/tests/makerVersionPolicyUpdate.test.ts src/tests/releaseScope.test.ts src/tests/releaseScopeCli.test.ts src/tests/releaseWorkflowGuards.test.ts
npm run build
npm run lint

Greptile Summary

此 PR 为 Maker MCP 增加了远端版本策略检查功能：MCP 启动时异步拉取策略 JSON，在 status/doctor 命令中输出结构化升级建议，网络不可用时降级为 unavailable 不影响正常使用；发布后通过 CI 自动更新策略文件并创建可审核 PR。

src/maker/versionCheck.ts：新增核心模块，包含版本决策逻辑（blacklist / minimum_supported / beta_outdated / update_available）、12 小时 TTL 缓存、后台刷新去重，以及数值型 prerelease identifier 的精确字符串比较（避免 Number() 精度丢失）。
scripts/update-maker-version-policy.cjs：发布后策略文件更新脚本，仅更新 latest / latest_beta 字段，保留 minimum_supported、blacklist、message 等手动策略字段；scripts/resolve-maker-version.js 新增 manual 模式下 prerelease identifier 与 dist-tag 一致性校验。
.github/workflows/publish-maker.yml：npm publish 成功后自动运行策略更新脚本并使用 GitHub App token 创建可审核 PR；权限从 contents: read 升级为 contents: write（工作流级），覆盖范围超出实际需要。

Confidence Score: 5/5

整体改动逻辑正确、测试覆盖充分，可安全合并；工作流权限配置略有改进空间。

核心版本检查逻辑、缓存机制、后台刷新去重均有对应测试验证，策略文件更新脚本的字段校验与运行时解析保持一致，doctor 命令通过 backgroundRefresh:false 避免了进程延迟退出。工作流权限在工作流级设置了 contents: write，但该写权限在实际执行路径中由 App token 承担，GITHUB_TOKEN 的写权限未被实际使用，属于可改进但不影响功能的配置。

.github/workflows/publish-maker.yml 的权限配置值得在合并前确认是否需要将写权限下放至 job 级别。

Important Files Changed

Filename	Overview
src/maker/versionCheck.ts	新增版本策略检查核心模块：缓存、后台刷新、版本决策逻辑均已完整实现，数值型 prerelease identifier 比较用长度加字典序避免精度丢失，整体逻辑正确。
scripts/update-maker-version-policy.cjs	发布后策略文件更新脚本：对 latest/beta tag 做了版本格式校验，blacklist 元素逐项校验 semver，发布前字段验证与运行时 parsePolicy 保持一致。
.github/workflows/publish-maker.yml	新增发布后策略更新与 PR 创建步骤；工作流级 `contents: write` 权限比实际所需更宽泛，`resolve-version` job 获得了不必要的写权限。
scripts/resolve-maker-version.js	新增 `assertVersionMatchesTag` 在 manual 模式下校验 prerelease identifier 与 dist-tag 一致，填补了之前的发布前验证空缺。
src/maker/cli/commands.ts	doctor 命令集成包更新状态检查，使用 `allowRemoteFetch: false, backgroundRefresh: false` 确保 CLI 进程不会因后台检查而延迟退出。
src/maker/server/mcp.ts	MCP 启动时触发异步后台检查，status 工具使用缓存结果避免阻塞，逻辑正确。
config/maker-version-policy.json	新增策略文件初始内容，字段齐全，schema_version 正确。
scripts/release-scope.cjs	将策略文件和更新脚本加入 MAKER 与 release_infra 两个范围的路径集合，确保相关变更触发正确的 CI 检查。

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant MCP as MCP Server / CLI
    participant VC as versionCheck.ts
    participant Cache as 本地缓存 (JSON)
    participant GH as GitHub Raw (policy JSON)

    MCP->>VC: "startMakerPackageUpdateCheck({ currentVersion })"
    VC-->>Cache: 后台异步 checkMakerPackageUpdate
    Cache-->>VC: 读取旧缓存
    VC->>GH: fetchWithTimeout (3s)
    GH-->>VC: MakerPackageVersionPolicy
    VC->>Cache: writeCache(decision)

    MCP->>VC: "getMakerPackageUpdateStatus({ allowRemoteFetch:false })"
    VC-->>Cache: readCache()
    alt 缓存新鲜 (TTL 12h)
        Cache-->>VC: decision
        VC-->>MCP: 返回缓存决策
    else 缓存过期 / 无缓存
        VC-->>MCP: unavailable (后台已触发刷新)
    end

    Note over VC,GH: doctor 命令使用 backgroundRefresh:false，不触发后台请求

    participant WF as publish-maker workflow
    participant NPM as npm registry
    participant PR as GitHub PR

    WF->>NPM: "npm publish @taptap/maker@version"
    NPM-->>WF: 发布成功
    WF->>WF: update-maker-version-policy.cjs
    WF->>PR: peter-evans/create-pull-request (App token)
    PR-->>WF: PR URL

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant MCP as MCP Server / CLI
    participant VC as versionCheck.ts
    participant Cache as 本地缓存 (JSON)
    participant GH as GitHub Raw (policy JSON)

    MCP->>VC: "startMakerPackageUpdateCheck({ currentVersion })"
    VC-->>Cache: 后台异步 checkMakerPackageUpdate
    Cache-->>VC: 读取旧缓存
    VC->>GH: fetchWithTimeout (3s)
    GH-->>VC: MakerPackageVersionPolicy
    VC->>Cache: writeCache(decision)

    MCP->>VC: "getMakerPackageUpdateStatus({ allowRemoteFetch:false })"
    VC-->>Cache: readCache()
    alt 缓存新鲜 (TTL 12h)
        Cache-->>VC: decision
        VC-->>MCP: 返回缓存决策
    else 缓存过期 / 无缓存
        VC-->>MCP: unavailable (后台已触发刷新)
    end

    Note over VC,GH: doctor 命令使用 backgroundRefresh:false，不触发后台请求

    participant WF as publish-maker workflow
    participant NPM as npm registry
    participant PR as GitHub PR

    WF->>NPM: "npm publish @taptap/maker@version"
    NPM-->>WF: 发布成功
    WF->>WF: update-maker-version-policy.cjs
    WF->>PR: peter-evans/create-pull-request (App token)
    PR-->>WF: PR URL

_{Reviews (7): Last reviewed commit: "fix(maker): harden review edge cases" | Re-trigger Greptile}

- Add Maker package version policy fetching, caching, and structured status output. - Surface required upgrade guidance in maker status and doctor without running upgrade commands. - Keep status and doctor non-blocking when remote policy access is unavailable. - Update publish workflow to open a policy update PR after latest or beta publishes. - Add tests for decision rules, cache TTL behavior, release policy updates, and status output.

- Reject prerelease versions when updating the stable latest policy field. - Retry remote policy fetches when only a previous failure cache exists. - Keep doctor from starting background package policy requests in short-lived CLI runs. - Add regression tests for release tag validation and failure-cache retry behavior.

- Move manual tag/version shape validation into the publish version resolver. - Reject stable versions for beta-style tags before npm publish runs. - Reject prerelease versions for stable latest publishes before npm publish runs. - Update resolver tests for stable latest and prerelease beta manual releases.

- Avoid background retry wording when package update background refresh is disabled. - Keep doctor output accurate when policy checks are unavailable or uncached. - Add regression coverage for non-blocking status text without background refresh.

- Require cached package update decisions to match the active policy URL. - Retry policy fetches when callers switch policy URL within the cache TTL. - Validate blacklist entries in the policy updater before writing release PR changes. - Add regression tests for policy URL cache isolation and blacklist schema validation.

- Do not expose cached package update decision fields when the active policy URL changes. - Prefer the active policy URL in unavailable non-blocking status output. - Add regression coverage for policy URL changes in status without remote fetch.

- Bind unavailable package update status to the active policy URL - Require manual prerelease versions to match their npm dist-tag - Compare numeric prerelease identifiers without JavaScript number precision loss - Verification: targeted maker version tests, lint, and build

github-actions Bot assigned MikotoZero Jun 23, 2026