fix: harden integration manifest read errors

Author: PascalThuet

src/specify_cli/__init__.py

@@ -1929,6 +1929,9 @@ def _remove_integration_json(project_root: Path) -> None:
         path.unlink()
 
 
+_MANIFEST_READ_ERRORS = (ValueError, FileNotFoundError, OSError, UnicodeDecodeError)
+
+
 def _normalize_script_type(script_type: str, source: str) -> str:
     """Normalize and validate a script type from CLI/config sources."""
     normalized = script_type.strip().lower()
@@ -2443,7 +2446,7 @@ def integration_uninstall(
 
     try:
         manifest = IntegrationManifest.load(key, project_root)
-    except (ValueError, FileNotFoundError) as exc:
+    except _MANIFEST_READ_ERRORS as exc:
         console.print(f"[red]Error:[/red] Integration manifest for '{key}' is unreadable.")
         console.print(f"Manifest: {manifest_path}")
         console.print(
@@ -2598,7 +2601,7 @@ def integration_switch(
             console.print(f"Uninstalling current integration: [cyan]{installed_key}[/cyan]")
             try:
                 old_manifest = IntegrationManifest.load(installed_key, project_root)
-            except (ValueError, FileNotFoundError) as exc:
+            except _MANIFEST_READ_ERRORS as exc:
                 console.print(f"[red]Error:[/red] Could not read integration manifest for '{installed_key}': {manifest_path}")
                 console.print(f"[dim]{exc}[/dim]")
                 console.print(
@@ -2622,7 +2625,7 @@ def integration_switch(
                     console.print(f"  Removed {len(removed)} file(s)")
                 if skipped:
                     console.print(f"  [yellow]⚠[/yellow]  {len(skipped)} modified file(s) preserved")
-            except (ValueError, FileNotFoundError) as exc:
+            except _MANIFEST_READ_ERRORS as exc:
                 console.print(f"[yellow]Warning:[/yellow] Could not read manifest for '{installed_key}': {exc}")
         else:
             console.print(f"[red]Error:[/red] Integration '{installed_key}' is installed but has no manifest.")
@@ -2789,7 +2792,7 @@ def integration_upgrade(
 
     try:
         old_manifest = IntegrationManifest.load(key, project_root)
-    except (ValueError, FileNotFoundError) as exc:
+    except _MANIFEST_READ_ERRORS as exc:
         console.print(f"[red]Error:[/red] Integration manifest for '{key}' is unreadable: {exc}")
         raise typer.Exit(1)
 

tests/integrations/test_integration_subcommand.py

@@ -31,6 +31,12 @@ def _init_project(tmp_path, integration="copilot"):
     return project
 
 
+def _write_invalid_manifest(project, key):
+    manifest = project / ".specify" / "integrations" / f"{key}.manifest.json"
+    manifest.write_bytes(b"\xff\xfe\x00")
+    return manifest
+
+
 # ── list ─────────────────────────────────────────────────────────────
 
 
@@ -374,6 +380,20 @@ def test_uninstall_wrong_key(self, tmp_path):
         assert result.exit_code != 0
         assert "not installed" in result.output
 
+    def test_uninstall_invalid_manifest_reports_cli_error(self, tmp_path):
+        project = _init_project(tmp_path, "claude")
+        _write_invalid_manifest(project, "claude")
+
+        old_cwd = os.getcwd()
+        try:
+            os.chdir(project)
+            result = runner.invoke(app, ["integration", "uninstall", "claude"])
+        finally:
+            os.chdir(old_cwd)
+        assert result.exit_code != 0
+        assert "manifest" in result.output
+        assert "unreadable" in result.output
+
     def test_uninstall_non_default_preserves_default(self, tmp_path):
         project = _init_project(tmp_path, "claude")
         old_cwd = os.getcwd()
@@ -557,6 +577,22 @@ def test_switch_unknown_target(self, tmp_path):
         assert result.exit_code != 0
         assert "Unknown integration" in result.output
 
+    def test_switch_invalid_current_manifest_reports_cli_error(self, tmp_path):
+        project = _init_project(tmp_path, "claude")
+        _write_invalid_manifest(project, "claude")
+
+        old_cwd = os.getcwd()
+        try:
+            os.chdir(project)
+            result = runner.invoke(app, [
+                "integration", "switch", "codex",
+                "--script", "sh",
+            ])
+        finally:
+            os.chdir(old_cwd)
+        assert result.exit_code != 0
+        assert "Could not read integration manifest" in result.output
+
     def test_switch_same_noop(self, tmp_path):
         project = _init_project(tmp_path, "copilot")
         old_cwd = os.getcwd()
@@ -710,6 +746,20 @@ def test_failed_switch_keeps_fallback_metadata_consistent(self, tmp_path):
 
 
 class TestIntegrationUpgrade:
+    def test_upgrade_invalid_manifest_reports_cli_error(self, tmp_path):
+        project = _init_project(tmp_path, "claude")
+        _write_invalid_manifest(project, "claude")
+
+        old_cwd = os.getcwd()
+        try:
+            os.chdir(project)
+            result = runner.invoke(app, ["integration", "upgrade", "claude"])
+        finally:
+            os.chdir(old_cwd)
+        assert result.exit_code != 0
+        assert "manifest" in result.output
+        assert "unreadable" in result.output
+
     def test_upgrade_non_default_keeps_default_template_invocations(self, tmp_path):
         project = _init_project(tmp_path, "gemini")
         template = project / ".specify" / "templates" / "plan-template.md"

tests/integrations/test_registry.py

@@ -237,53 +237,54 @@ def test_safe_integrations_have_disjoint_manifests(
         first,
         second,
     ):
-        project_root = tmp_path / "project"
-        project_root.mkdir()
-        runner = CliRunner()
-
-        original_cwd = os.getcwd()
-        try:
-            os.chdir(project_root)
-            init_result = runner.invoke(
-                app,
-                [
-                    "init",
-                    "--here",
-                    "--integration",
-                    first,
-                    "--script",
-                    "sh",
-                    "--no-git",
-                    "--ignore-agent-tools",
-                ],
-                catch_exceptions=False,
+        for initial, additional in ((first, second), (second, first)):
+            project_root = tmp_path / f"project-{initial}-{additional}"
+            project_root.mkdir()
+            runner = CliRunner()
+
+            original_cwd = os.getcwd()
+            try:
+                os.chdir(project_root)
+                init_result = runner.invoke(
+                    app,
+                    [
+                        "init",
+                        "--here",
+                        "--integration",
+                        initial,
+                        "--script",
+                        "sh",
+                        "--no-git",
+                        "--ignore-agent-tools",
+                    ],
+                    catch_exceptions=False,
+                )
+                assert init_result.exit_code == 0, init_result.output
+
+                install_result = runner.invoke(
+                    app,
+                    ["integration", "install", additional, "--script", "sh"],
+                    catch_exceptions=False,
+                )
+                assert install_result.exit_code == 0, install_result.output
+            finally:
+                os.chdir(original_cwd)
+
+            initial_manifest = json.loads(
+                (
+                    project_root / ".specify" / "integrations" / f"{initial}.manifest.json"
+                ).read_text(encoding="utf-8")
             )
-            assert init_result.exit_code == 0, init_result.output
-
-            install_result = runner.invoke(
-                app,
-                ["integration", "install", second, "--script", "sh"],
-                catch_exceptions=False,
+            additional_manifest = json.loads(
+                (
+                    project_root / ".specify" / "integrations" / f"{additional}.manifest.json"
+                ).read_text(encoding="utf-8")
             )
-            assert install_result.exit_code == 0, install_result.output
-        finally:
-            os.chdir(original_cwd)
 
-        first_manifest = json.loads(
-            (
-                project_root / ".specify" / "integrations" / f"{first}.manifest.json"
-            ).read_text(encoding="utf-8")
-        )
-        second_manifest = json.loads(
-            (
-                project_root / ".specify" / "integrations" / f"{second}.manifest.json"
-            ).read_text(encoding="utf-8")
-        )
-
-        first_files = set(first_manifest.get("files", {}))
-        second_files = set(second_manifest.get("files", {}))
+            initial_files = set(initial_manifest.get("files", {}))
+            additional_files = set(additional_manifest.get("files", {}))
 
-        assert first_files.isdisjoint(second_files), (
-            f"{first} and {second} are declared multi-install safe but both manage "
-            f"these files: {sorted(first_files & second_files)}"
-        )
+            assert initial_files.isdisjoint(additional_files), (
+                f"{initial} and {additional} are declared multi-install safe but both manage "
+                f"these files: {sorted(initial_files & additional_files)}"
+            )