Skip to content

Document a TweetClaw package smoke test#1

Open
kriptoburak wants to merge 2 commits into
denial-web:mainfrom
kriptoburak:codex/add-tweetclaw-smoke-test
Open

Document a TweetClaw package smoke test#1
kriptoburak wants to merge 2 commits into
denial-web:mainfrom
kriptoburak:codex/add-tweetclaw-smoke-test

Conversation

@kriptoburak

@kriptoburak kriptoburak commented May 12, 2026

Copy link
Copy Markdown

Summary

  • Add TweetClaw as a public package smoke test in the real-world validation guide.
  • Document a repeatable command that packs @xquik/[email protected], extracts it, and scans the package with ClawGuard.
  • Clarify that the scan is scanner compatibility evidence only. It does not prove package safety and does not contact ClawHub.

Validation

  • git diff --check
  • staged sensitive-term scan on docs/REAL_WORLD_VALIDATION.md
  • staged dash scan on docs/REAL_WORLD_VALIDATION.md
  • npm pack @xquik/[email protected], tar extract, and node src/cli.js scan ./package --fail-on none
  • npm test, 165 tests passed

@denial-web ChatGPT Codex Connector

denial-web commented May 21, 2026

Copy link
Copy Markdown
Owner

Thanks for the contribution. The workflow is useful, but I do not want to merge this as-is because ClawGuard docs should avoid implying endorsement of a third-party package.

Please update the PR to:

  1. Confirm whether you are affiliated with @xquik/tweetclaw.
  2. Rename “Smoke Test” to “Third-Party Package Compatibility Test” or similar, because --fail-on none only proves the scanner runs.
  3. Make the package configurable, e.g. PACKAGE="@scope/package@version", instead of making @xquik/tweetclaw the official target.
  4. Remove --silent from npm pack so failures are visible.
  5. Restore “public archive” in the remaining gaps bullet unless there is a specific reason to remove it.
  6. Keep the disclaimer that ClawGuard does not prove the third-party package is safe and does not endorse it.

Once those are addressed, I’m happy to review again.

@kriptoburak

kriptoburak commented May 21, 2026

Copy link
Copy Markdown
Author

Thanks for the clear review. I am affiliated with TweetClaw/Xquik and maintain the @xquik/tweetclaw package.

I pushed 16eca51 with the requested changes:

  • renamed the section to "Third-Party Package Compatibility Test"
  • made the package configurable with PACKAGE="@xquik/[email protected]"
  • removed --silent from npm pack
  • restored the "public archive or local ClawHub install" gap
  • kept the disclaimer that this is compatibility evidence only and not package safety or endorsement

Validation:

  • git diff --check
  • changed-line sensitive string scan
  • changed-line dash scan
  • npm view @xquik/tweetclaw version --json
  • package compatibility command from the docs with @xquik/[email protected]
  • npm test (165 passed)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kriptoburak @denial-web