fix: guard packaged AstrBot runtime version

[zouyonghe]

Summary

• validate AstrBot's runtime VERSION during desktop resource preparation
• fail early when the packaged source reports 0.0.0 or drifts from pyproject.toml
• add prepare-resources tests for runtime version parsing, 0.0.0 rejection, and drift rejection

Why

AstrBot core briefly derived VERSION dynamically and could fall back to 0.0.0 in packaged desktop resource layouts. Core has restored a static VERSION, but desktop builds should still fail before producing artifacts if the selected AstrBot source ref has a broken or mismatched runtime version.

Testing

• pnpm run test:prepare-resources
• ASTRBOT_SOURCE_DIR="/Users/buding/Code/AstrBot" pnpm run sync:version

Co-Authored-By: OpenCode opencode@local

Summary by Sourcery

Guard AstrBot desktop resource preparation by validating the packaged runtime VERSION against pyproject.toml and failing early on invalid or mismatched versions.

New Features:

• Add reading of AstrBot runtime VERSION from the core config default.py during prepare-resources.
• Introduce validation of the AstrBot runtime VERSION against the expected version from pyproject.toml when no desktop version override is provided.

Tests:

• Add prepare-resources tests covering runtime VERSION parsing, rejection of 0.0.0, and rejection of version drift between runtime and pyproject.

[gemini-code-assist]

Code Review

This pull request adds runtime version validation for AstrBot during the resource preparation phase. It introduces helper functions to extract the version from default.py and verify it against the version specified in pyproject.toml, raising errors for mismatches or unresolved '0.0.0' versions. Corresponding unit tests have also been implemented to cover these scenarios. There are no review comments, and I have no additional feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In validateAstrbotRuntimeVersion, the return value of runtimeVersion is currently unused by its only caller; consider either returning void or wiring the returned value through to avoid suggesting it is meaningful output.
• The logic for locating the runtime version file (astrbot/core/config/default.py) is now duplicated between the implementation and tests; consider pulling the path construction into a small helper or constant to avoid drift if the layout changes.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `validateAstrbotRuntimeVersion`, the return value of `runtimeVersion` is currently unused by its only caller; consider either returning `void` or wiring the returned value through to avoid suggesting it is meaningful output.
- The logic for locating the runtime version file (`astrbot/core/config/default.py`) is now duplicated between the implementation and tests; consider pulling the path construction into a small helper or constant to avoid drift if the layout changes.

## Individual Comments

### Comment 1
<location path="scripts/prepare-resources.mjs" line_range="64-65" />
<code_context>
   const astrbotVersion =
     desktopVersionOverride || (await readAstrbotVersionFromPyproject({ sourceDir }));

+  if (!desktopVersionOverride) {
+    await validateAstrbotRuntimeVersion({ sourceDir, expectedVersion: astrbotVersion });
+  }
+
</code_context>
<issue_to_address>
**question (bug_risk):** Consider validating runtime VERSION even when a desktopVersionOverride is supplied, at least for the 0.0.0 guard.

Because `validateAstrbotRuntimeVersion` is only called when `desktopVersionOverride` is unset, a runtime VERSION of `0.0.0` (or drift from `pyproject`) is silently accepted whenever an override is used, despite the error text implying `0.0.0` is always invalid. To align behavior with the messaging, consider always enforcing at least the `0.0.0` (and maybe drift) checks even when an override is present, or clarify in the code/message that overrides bypass these checks.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

question (bug_risk): Consider validating runtime VERSION even when a desktopVersionOverride is supplied, at least for the 0.0.0 guard.

Because validateAstrbotRuntimeVersion is only called when desktopVersionOverride is unset, a runtime VERSION of 0.0.0 (or drift from pyproject) is silently accepted whenever an override is used, despite the error text implying 0.0.0 is always invalid. To align behavior with the messaging, consider always enforcing at least the 0.0.0 (and maybe drift) checks even when an override is present, or clarify in the code/message that overrides bypass these checks.