fix(install): allow POSIX colon tarball filenames

[jdx]

Summary

• Allow : inside tarball entry filenames on POSIX platforms while continuing to reject it on Windows.
• Keep the linker materialization guard in sync with the store-side tarball validator.
• Add regression tests for the reported package-json:version.d.ts path.

Root Cause

The store tarball validator treated : as malformed on every platform to defend against Windows drive-prefix and NTFS alternate-data-stream ambiguity. That was too broad for POSIX, where colon is a valid filename character. After relaxing the store-side validator, the linker still rejected cached package index keys containing :, so both guards needed the same platform split.

Validation

• cargo fmt --check
• cargo test -p aube-store
• cargo test -p aube-linker
• cargo clippy -p aube-store --all-targets -- -D warnings
• cargo clippy -p aube-linker --all-targets -- -D warnings
• Smoke-tested the reported redos-detector@6.1.4 install with the debug binary.

---

Note

Low Risk
Small, targeted validation change gated by OS cfg; main risk is unintended path-safety regression, mitigated by keeping Windows restrictions and adding tests.

Overview
Allows : in package tarball entry filenames and cached PackageIndex keys on non-Windows platforms while continuing to reject : on Windows (drive/ADS safety).

Updates aube-store tarball path normalization and the linker's validate_index_key to apply colon checks only under cfg(windows), and adds platform-gated regression tests covering dist/__mocks__/package-json:version.d.ts plus the Windows-only rejection cases.

^{Reviewed by Cursor Bugbot for commit e6e5d81. Bugbot is set up for automated code reviews on this repo. Configure here.}

[greptile-apps]

Greptile Summary

This PR relaxes the tarball-entry and linker-index-key validators to allow : in filenames on POSIX, where it is a legal character, while keeping the rejection on Windows (NTFS alternate-data-stream / drive-prefix hazard). Both call sites — normalize_tar_entry_path in aube-store and validate_index_key in aube-linker — receive the same #[cfg(windows)] / #[cfg(not(windows))] split, and tests are gated accordingly. The logic is sound and the platform symmetry between the two guards is maintained correctly.

Confidence Score: 5/5

Safe to merge — the change is a targeted, well-scoped fix with no logic errors found.

Both changed functions apply identical platform splits; path-traversal guards (ParentDir, RootDir, Prefix) are untouched; the let _ = os no-op correctly suppresses the unused-variable warning without dropping any previously existing checks on Normal components; and regression tests cover both the acceptance case (POSIX) and the rejection case (Windows).

No files require special attention.

Important Files Changed

Filename	Overview
crates/aube-store/src/lib.rs	Moves : rejection from the universal Normal component check into a #[cfg(windows)] block; updates doc-comment and renames/gates the corresponding regression test.
crates/aube-linker/src/lib.rs	Mirrors the store-side platform split in validate_index_key: Windows block retains the colon guard; non-Windows block is a no-op (let _ = os). Gates the rejects_windows_drive test to #[cfg(windows)] and adds a POSIX acceptance test.

_{Reviews (1): Last reviewed commit: "fix(install): allow POSIX colon tarball ..." | Re-trigger Greptile}