Pin Pester to exact version and use approved PowerShell verbs

[Copilot]

Summary

Pin Pester module to specific version (5.7.1) using -RequiredVersion to prevent automatic upgrades to potentially compromised versions during CI/local test runs. Additionally, refactor helper functions to use approved PowerShell verbs.

Motivation

The previous implementation used -MinimumVersion, allowing automatic upgrades to any newer Pester version from the PowerShell Gallery. If the module or gallery were compromised, malicious code satisfying Pester >= $MinimumVersion would execute with repository access and CI permissions, creating a supply-chain attack vector.

Additionally, helper functions used the non-approved verb Ensure, which violates PowerShell naming best practices.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Refactoring / internal improvement

Changes

• Renamed parameter MinimumPesterVersion → PesterVersion (matches PSScriptAnalyzerVersion pattern)
• Refactored Initialize-Pester function (formerly Ensure-Pester) to enforce exact version matching:
  • Changed Install-Module -MinimumVersion → -RequiredVersion
  • Changed Import-Module -MinimumVersion → -RequiredVersion
  • Changed version check from $pester.Version -lt $MinimumVersion → $_.Version -eq $RequiredVersion
  • Added -AllowClobber flag for consistency with Initialize-Module pattern
• Pinned Pester to 5.7.1 (current stable version)
• Updated documentation to reflect deterministic version pinning
• Renamed helper functions to use approved PowerShell verb Initialize:
  • Ensure-Directory → Initialize-Directory (in both tool scripts)
  • Ensure-Pester → Initialize-Pester (in Invoke-IdlePesterTests.ps1)
  • Ensure-Module → Initialize-Module (in Invoke-IdleScriptAnalyzer.ps1)

Before:

# Would install/use any Pester >= 5.0.0
function Ensure-Pester { ... }
Install-Module -Name Pester -MinimumVersion $MinimumVersion
Import-Module -Name Pester -MinimumVersion $MinimumVersion

After:

# Only installs/uses exact version 5.7.1 with approved verb
function Initialize-Pester { ... }
Install-Module -Name Pester -RequiredVersion $RequiredVersion
Import-Module -Name Pester -RequiredVersion $RequiredVersion

Testing

• Unit tests
• Contract tests
• Manual testing

How to test & review

Run ./tools/Invoke-IdlePesterTests.ps1 and ./tools/Invoke-IdleScriptAnalyzer.ps1 - verify they use Pester 5.7.1 exactly, do not attempt to upgrade, and all function names use approved PowerShell verbs.

Checklist

• Code follows STYLEGUIDE.md
• Tests added or updated
• Documentation updated
• No UI/auth logic added to IdLE.Core
• No breaking changes without discussion

Related Issues

Addresses feedback from #70

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• www.powershellgallery.com
  • Triggering command: /usr/bin/pwsh pwsh -NoProfile -File ./tools/Invoke-IdlePesterTests.ps1 (dns block)
  • Triggering command: /usr/bin/pwsh pwsh -NoProfile -Command Find-Module -Name Pester -AllVersions | Select-Object -First 10 | Format-Table Version (dns block)
  • Triggering command: /usr/bin/pwsh pwsh -NoProfile -Command Get-PSRepository (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[blindzero]

@copilot Change Ensure-* functions to use approved verbs as well

[Copilot]

@copilot Change Ensure-* functions to use approved verbs as well

Fixed in 7818a34. Renamed all Ensure-* functions to use the approved PowerShell verb Initialize:

• Ensure-Directory → Initialize-Directory
• Ensure-Pester → Initialize-Pester
• Ensure-Module → Initialize-Module

All function calls updated accordingly in both Invoke-IdlePesterTests.ps1 and Invoke-IdleScriptAnalyzer.ps1.