test: guard OpenClaw plugin install metadata contracts

[100yenadmin]

TL;DR

Eva found two packaging-contract footguns that are mostly fixed on current master, but not yet protected well enough: the root OpenClaw bundle must launch the installed gbrain serve runtime, and repo-owned version surfaces must agree. This PR adds focused install-contract tests so the repo cannot drift back to a missing ./bin/gbrain manifest or mismatched package/plugin versions.

Closes #93.
Closes #94.

Why

Agents and installers need one boring answer to two questions:

1. What command does this repo-owned OpenClaw bundle actually run?
2. Which version is this checkout/package/plugin advertising?

If those answers drift, a fresh checkout can look installable while pointing at a missing binary, or a healthy install can look stale because package metadata, plugin metadata, and runtime output disagree.

flowchart LR
  A[Fresh eva-brain checkout] --> B[package.json version]
  A --> C[root openclaw.plugin.json]
  A --> D[Codex plugin metadata]
  C --> E[gbrain serve]
  B --> F[gbrain --version]
  D --> G[Codex Desktop install]
  B -.must match.-> C
  B -.must match.-> D
  C -.must launch.-> E

Loading

What Changed

• Added an install-contract regression test that pins the root bundle MCP server to:
  • command: "gbrain"
  • args: ["serve"]
• Added an install-contract regression test that checks repo-owned version surfaces against package.json:
  • root openclaw.plugin.json
  • plugins/gbrain-codex/package.json
  • plugins/gbrain-codex/.codex-plugin/plugin.json
  • src/version.ts deriving runtime CLI version from package metadata

Notes

The current master checkout already has the direct symptoms fixed: root openclaw.plugin.json is at 0.33.0 and uses gbrain serve, not ./bin/gbrain. This PR makes that an explicit contract instead of relying on humans to notice future drift.

Validation

git diff --check
bun test test/install-contract.test.ts

Summary by CodeRabbit

• Tests
  • Added validation tests for configuration consistency across project files.
  • Added tests to verify version alignment across all configuration sources.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 4657960d-66d3-461a-b274-8694017ea483

📥 Commits

Reviewing files that changed from the base of the PR and between 172dbcc and 2fedab1.

📒 Files selected for processing (1)

• test/install-contract.test.ts

---

📝 Walkthrough

Walkthrough

This PR adds two validation tests to the Eva Brain install contract suite. The first test verifies that openclaw.plugin.json correctly declares the gbrain MCP server command. The second test asserts version consistency across package.json, plugin manifests, and source files.

Install Contract Tests

Layer / File(s)	Summary
MCP command and version contract validation test/install-contract.test.ts	Tests verify that openclaw.plugin.json defines gbrain as the MCP server command with ['serve'] args, and that version strings in package.json, openclaw.plugin.json, codex plugin packages, and src/version.ts all match.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• Fresh checkout OpenClaw bundle manifest points at missing ./bin/gbrain #93: Fresh checkout OpenClaw bundle manifest points at missing ./bin/gbrain — The new test validates that the manifest declares a command that aligns with the expected runtime surface, directly addressing the contract verification gap described in the issue.
• Version surfaces drift across openclaw.plugin.json, package.json, and installed CLI #94: Version surfaces drift across openclaw.plugin.json, package.json, and installed CLI — The version consistency test explicitly asserts that all version surfaces remain synchronized, catching the drift scenario described in the issue.

Possibly related PRs

• electricsheephq/eva-brain#31: The new install-contract tests validate the gbrain/openclaw plugin command and version alignment, which corresponds to the plugin packaging changes in that PR.

Poem

🐰 A rabbit hops through manifest files,
Checking versions align with smiles,
Commands declared, contracts complete,
Fresh checkouts and CI now compete,
Consistency wins—the bundle's sweet! 🌿

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the primary change: adding tests to guard OpenClaw plugin install metadata contracts.
Linked Issues check	✅ Passed	The PR implements regression tests that enforce the exact contracts specified in #93 and #94: MCP server command validation and version surface consistency checks.
Out of Scope Changes check	✅ Passed	All changes are focused solely on adding install-contract regression tests directly addressing #93 and #94 requirements; no out-of-scope modifications present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/plugin-version-contracts

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[100yenadmin]

Reality-sync triage: still useful, not stale. This is a narrow test-only guard for plugin/install version contracts and the missing ./bin/gbrain regression class. It is non-blocking for the dashboard/runtime-shell work, but I would keep it open and refresh/merge when we next touch Eva Brain packaging so #93/#94 stay guarded by tests instead of tribal memory.