internal: (studio) add manifest for all of the cloud delivered files

[ryanthemanuel]

Additional details

The general idea behind the manifest is:

• We add a manifest to the cloud delivered bundles containing each file and a sha-256 hash for that file
• At upload time, we sign the manifest using our encryption key and stores it alongside other bundle information
• When requested from the app, we send the manifest signature along as a header
• In the app at download time, we read the manifest into memory and then validates it using the signature
• The in-memory manifest is then used to validate every file that is read from the bundle to ensure it has not been modified

Steps to test

How has the user experience changed?

PR Tasks

• Have tests been added/updated?
• Has a PR for user-facing changes been opened in cypress-documentation?
• Have API changes been updated in the type definitions?

[cypress]

cypress    Run #63491

Run Properties:   Passed #63491  •  6ff5d08b0a: Merge branch 'develop' into ryanm/chore/add-manifest-for-studio

Project	cypress
Branch Review	ryanm/chore/add-manifest-for-studio
Run status	Passed #63491
Run duration	18m 25s
Commit	6ff5d08b0a: Merge branch 'develop' into ryanm/chore/add-manifest-for-studio
Committer	Ryan Manuel
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	10
Pending	1232
Skipped	0
Passing	32178
View all changes introduced in this branch ↗︎

UI Coverage  45.56%
Untested elements	191
Tested elements	164

Accessibility  92.74%
Failed rules	3 critical   9 serious   2 moderate   2 minor
Failed elements	695

[Copilot]

Pull Request Overview

This PR introduces a manifest file into the cloud-delivered bundles, adding SHA-256 hash verification and signature checking to ensure file integrity. Key changes include adding manifest handling to the bundle extraction logic, updating studio and API tests to verify manifest-related behavior, and modifying studio manager setup to use the manifest for server script hash verification.

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
scripts/after-pack-hook.js	Reorders and groups file writes to include new studio protocol and environment files.
packages/types/src/studio/studio-server-types.ts	Adds definitions for manifest and verifyHash in studio server options.
packages/server/test/unit/cloud/studio/studio_spec.ts	Updates tests to include a manifest property in studio server options.
packages/server/test/unit/cloud/studio/ensure_studio_bundle_spec.ts	Extends tests to check for manifest presence and signature validation error paths.
packages/server/test/unit/cloud/studio/StudioLifecycleManager_spec.ts	Incorporates manifest usage in studio lifecycle manager tests and error handling for missing/incorrect studio script hashes.
packages/server/test/unit/cloud/api/studio/get_studio_bundle_spec.ts	Validates the retrieval and checking of the manifest signature from response headers.
packages/server/lib/cloud/studio/studio.ts	Integrates the manifest and hash verification logic during studio server creation.
packages/server/lib/cloud/studio/ensure_studio_bundle.ts	Implements manifest extraction, file existence check, signature verification, and JSON parsing.
packages/server/lib/cloud/studio/StudioLifecycleManager.ts	Updates studio manager lifecycle to use the manifest for verifying the studio server script’s hash.
packages/server/lib/cloud/encryption.ts	Updates verifySignature to accept BinaryLike input rather than a string.
packages/server/lib/cloud/api/studio/get_studio_bundle.ts	Retrieves and returns the manifest signature from response headers and handles its absence.

[cypress-bot]

Released in 14.5.2.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v14.5.2, please open a new issue.