test(import): add messy Bun lockfile install smoke

[johnpyp]

Motivation

Recent changes showed that aube install could use a broader smoke coverage for projects that already carry a package-manager-native lockfile. The existing Bun coverage used a small fixture, but it did not stress the messy workspace shapes that tend to expose lockfile import and format-preservation bugs.

Changes

• Add a messy Bun workspace fixture with catalogs, overrides, patches, trusted and untrusted lifecycle script packages, local folder and tarball deps, npm aliases, remote tarball deps, GitHub git specifiers, and workspace dependency variations.
• Regenerate the fixture bun.lock with Bun against the repo Verdaccio registry for normal registry packages.
• Add aube-test-builds-marker-2 to the Verdaccio fixture registry so the messy fixture can cover both trusted and untrusted lifecycle script deps without pulling large public packages into the test path.
• Add a high-level BATS smoke test that copies the fixture, runs aube install, and asserts bun.lock stays byte-for-byte unchanged.

Validation

• mise run test:bats test/import.bats

PR description created with GPT 5.5

[greptile-apps]

Greptile Summary

Adds a messy Bun workspace fixture covering catalogs, overrides, patches, local/remote/git deps, npm aliases, and workspace variations, plus a BATS smoke test that asserts bun.lock is byte-for-byte unchanged after aube install. A new aube-test-builds-marker-2 Verdaccio entry enables untrusted lifecycle script coverage without pulling public packages into the test path.

Confidence Score: 5/5

Safe to merge; only finding is a P2 suggestion on the developer helper script.

All findings are P2 style suggestions. The test logic, fixture structure, lockfile content, and Verdaccio registry additions are all correct and consistent with the rest of the test suite.

No files require special attention.

Important Files Changed

Filename	Overview
test/import.bats	Adds a smoke test that copies the messy Bun fixture, runs aube install, and asserts the lockfile is byte-for-byte unchanged; test logic is correct and consistent with the rest of the file.
fixtures/import-bun-messy/regenerate-lock.sh	Helper script to regenerate bun.lock; does not remove the existing lockfile before bun install, which may leave stale entries rather than producing a fully clean regeneration.
fixtures/import-bun-messy/bun.lock	Authentic Bun text lockfile covering catalogs, overrides, patches, local/remote/git deps, npm aliases, and workspace variations; format and content look consistent with what bun install produces.
fixtures/import-bun-messy/package.json	Root workspace manifest with catalogs, overrides, trustedDependencies, patchedDependencies, and a broad mix of dep specifiers; consistent with the lockfile.
test/registry/storage/aube-test-builds-marker-2/package.json	New Verdaccio registry entry for aube-test-builds-marker-2@1.0.0 enabling untrusted lifecycle script coverage without hitting the public registry.

_{Reviews (3): Last reviewed commit: "test(import): smoke install messy bun lo..." | Re-trigger Greptile}