Compare commits

...

33 Commits

Author SHA1 Message Date
github-actions[bot]
e28d5caa14 chore: bump version to 0.12.3 2026-07-01 16:36:55 +00:00
WOLIKIMCHENG
d982c2f67f feat(copilot): warn before skills default rollout (#3256)
* feat(copilot): default to skills mode

* feat(copilot): warn before skills default rollout

* Make Copilot skills warning test less brittle

---------

Co-authored-by: root <kinsonnee@gmail.com>
2026-07-01 11:35:53 -05:00
Manfred Riem
e8ade110da Add June 2026 newsletter (#3289) 2026-07-01 09:35:26 -05:00
Ali jawwad
876e532d76 docs(toc): add Bundles and Authentication to the Reference nav (#3267)
docs/reference/bundles.md and docs/reference/authentication.md exist on
disk but were absent from the Reference section of docs/toc.yml, so both
pages were orphaned and undiscoverable in the published docs sidebar.
Add the two nav entries (Bundles after Workflows, matching the ordering
in reference/overview.md; Authentication last).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 16:50:11 -05:00
Ali jawwad
b4a0f8b564 fix(integrations): add zed to discovery catalog.json (#3266)
zed is registered, registrar-aligned and registry-tested, but it was the
only one of the 34 integrations absent from integrations/catalog.json,
making it undiscoverable through the discovery manifest. Add the missing
'zed' entry (mirroring the sibling skills entries) and a registry<->catalog
parity regression test so a future integration can't silently drift.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 16:21:08 -05:00
Ali jawwad
2d56dfd73d fix(integrations): cline hook note collapses onto instruction at EOF (#3263)
The hook-note injection regex matches the line terminator via
(\r\n|\n|$), so the captured eol group is empty when the instruction
is the final line of a file with no trailing newline. The cline
integration emitted the note with that empty eol, mashing the note text
and the instruction onto a single line. Default eol to '\n', matching
the agy integration twin which already guards this case.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 15:44:49 -05:00
darion-yaphet
810d6fcfe1 refactor: move workflow command handlers to workflows/_commands.py (PR-8/8) (#3159)
* refactor: move workflow command handlers to workflows/_commands.py (PR-8/8)

Final PR of the __init__.py split. Moves the workflow command group out of
__init__.py into the existing workflows/ package, completing the domain-dir
layout established in PR-5 (integrations), PR-6 (presets) and PR-7
(extensions).

- New workflows/_commands.py holds the four Typer apps (workflow / catalog /
  step / step-catalog), all 25 command handlers, the six workflow-only
  helpers (_parse_input_values, _workflow_run_payload, _emit_workflow_json,
  _stdout_to_stderr_when, _validate_step_id_or_exit,
  _resolve_steps_base_dir_or_exit), and a register(app) entry point.
- workflows is already a package, so no rename is needed; intra-package
  imports change from `.workflows.x` to `.x`. The only root-helper dep
  (_require_specify_project) is reached through a call-time shim so test
  monkeypatching of specify_cli._require_specify_project keeps working.
- __init__.py drops ~1445 lines (2066 -> 621); the workflow group is
  re-attached via register(app). Dead `contextlib` import removed.
- tests/test_workflows.py: import the now-relocated _stdout_to_stderr_when
  helper from its new home (workflows._commands) instead of the package root.

No behavior change. Full suite green (3847 passed), ruff clean.

* Prevent workflow state writes through symlinked storage

Workflow commands persist run state under .specify/workflows/runs, so the command-local project shim now rejects symlinked workflow storage before any workflow command proceeds. The standalone YAML path uses the same guard because it intentionally bypasses the normal project requirement while still creating workflow state under the current directory.

Constraint: Local YAML workflow runs do not require an existing .specify project directory but still create .specify/workflows/runs state

Rejected: Guard only .specify in the file-source path | .specify/workflows and runs can independently redirect writes

Confidence: high

Scope-risk: narrow

Directive: Keep workflow storage symlink checks centralized before constructing WorkflowEngine

Tested: .venv/bin/python -m pytest tests/test_workflow_run_without_project.py tests/test_workflows.py::TestWorkflowAddSymlinkGuard -v

Tested: .venv/bin/python -m py_compile src/specify_cli/workflows/_commands.py tests/test_workflow_run_without_project.py tests/test_workflows.py

Not-tested: Ruff lint; ruff is not installed in the repo virtualenv

Assisted-by: OpenAI Codex (model: GPT-5, autonomous)

* fix(workflows): pass github_hosts allowlist to GHES release asset resolver

workflow add resolved GitHub release download URLs without forwarding the
github_provider_hosts() allowlist, so resolve_github_release_asset_api_url
never treated any host as GHES. This regressed GitHub Enterprise Server
release asset resolution and diverged from presets/extensions, which already
pass github_hosts. Forward github_provider_hosts() at both the direct-URL and
catalog install call sites. The allowlist remains the anti-SSRF gate.

* fix(workflows): reject symlinked/traversal <id> dir on workflow install

Local/URL and catalog installs wrote to .specify/workflows/<id>/workflow.yml
without guarding the <id> segment. A pre-planted symlink at <id> or
<id>/workflow.yml let mkdir+copy/download follow it and write outside the
project root; a non-directory <id> made mkdir raise unhandled.

Add _safe_workflow_id_dir() to reject path traversal, symlinked or
non-directory <id>, and a symlinked workflow.yml leaf before any write.
Fold the catalog branch's existing traversal check into the helper.

* fix(workflows): harden _safe_workflow_id_dir output and leaf checks

- Reorder symlink/non-directory check before resolve() so a symlinked
  <id> reports as symlinked instead of misleading "Invalid workflow ID"
- Reject a pre-existing <id>/workflow.yml that is not a file, avoiding an
  unhandled IsADirectoryError on later write/copy2
- Escape workflow_id in Rich output to prevent markup injection; escape
  the repr (not the raw id) so repr-added backslashes cannot re-expose
  brackets, matching extensions/_commands.py hardening
- Add tests for workflow.yml-as-directory and markup-escaped invalid id

* Avoid stale lint failures from config helper imports

Move PyYAML loading into the helpers that read and write agent-context configuration, and replace the broad Any annotation with object. The runtime behavior stays the same while the module no longer exposes top-level imports that can be flagged as unused when CI analyzes a narrower code shape.

* Prevent workflow commands from targeting reserved storage

Workflow install and removal paths are derived from workflow IDs before any catalog download, local copy, or directory deletion. Validate that IDs are single workflow-id path segments and reject names reserved for workflow runtime storage so commands cannot target .specify/workflows/runs or .specify/workflows/steps.
2026-06-30 11:03:54 -05:00
Ben Buttigieg
36501d459f chore: retire Roo Code integration — extension shut down (#3167) (#3212)
* chore: retire roo integration — extension shut down (#3167)

Remove the Roo Code integration after the extension was shut down: subpackage,
registry entry, catalog entry, docs, tests, and issue-template options.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: remove stale Roo Code mention in upgrade guide

Assisted-by: GitHub Copilot (model: gpt-5.3-codex, autonomous)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: remove leftover Roo Code references after merge

Drop roo from presets/ARCHITECTURE.md example and the agent-context
defaults map; these came in from main and were flagged by review.

Assisted-by: GitHub Copilot (model: claude-opus-4.8, autonomous)

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 10:24:04 -05:00
Ali jawwad
c5ac90b245 fix(bundle): allow 'catalog remove' by the same relative path used to add (#3242)
* fix(bundle): allow 'catalog remove' by the same relative path used to add

add_source canonicalizes a local catalog path to an absolute url before persisting it, but remove_source compared only the raw input against the stored id/url. So 'bundle catalog remove ./cat.json' could not undo 'bundle catalog add ./cat.json' -- the stored url was absolute, the removal target relative, and they never matched ('No project-scoped catalog source found'). Match the canonicalized form too (a no-op for ids and remote urls), so a local source is removable by the same path it was added with.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(bundle): match catalog removal target exactly first, canonical only as fallback

Address Copilot review: canonicalizing the removal target unconditionally could let 'remove <id>' also delete a different source whose url equals that id's canonicalized path (ids are treated as local paths by _canonicalize_url, empty scheme). Try an exact id/url match first; only fall back to a canonicalized-url match when no exact match is found, so relative-path removal still works without collateral deletion.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 10:21:53 -05:00
Ali jawwad
3571ba72d8 fix(workflows): reject bool max_iterations in while/do-while validation (#3237)
* fix(workflows): reject bool max_iterations in while/do-while validation

while/do-while validate() checked 'not isinstance(max_iter, int) or max_iter < 1'. Since bool is a subclass of int, isinstance(True, int) is True and True < 1 is False, so 'max_iterations: true' passed validation and then ran as a single iteration (range(True) == range(1)) instead of being reported as a type error. Reject bools explicitly, matching the fail-fast-on-bool handling already used for number inputs and gate options.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: assert empty error list for the valid do-while max_iterations case

Address Copilot review: the accepted-config assertion only checked that no error mentioned 'max_iterations', which could let an unrelated validation error pass unnoticed. For a known-good config, assert the entire error list is empty (consistent with the other validate tests in this file).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 10:17:05 -05:00
Dyan Galih
6fb7e77b3e fix: allow prerelease spec-kit versions in compatibility checks (#2695)
* docs: generate integrations reference from catalog

* refactor: integrate table rendering into specify integration search --markdown

- Remove standalone scripts/generate_integrations_reference.py
- Strip doc injection machinery from catalog_docs.py; keep only table rendering
- Wire render_integrations_table() into existing --markdown flag of integration search
- Remove old simple markdown table block from integration_search (was Name|ID|Version|Description|Author)
- Simplify tests: drop subprocess/doc-path tests, keep table rendering and metadata tests
- Clean up docs/reference/integrations.md: remove generated markers, update note

* fix: address Copilot review feedback on catalog_docs and integration_search

- Warn when --markdown is combined with filters (query/--tag/--author) which are
  silently ignored; catch ValueError/FileNotFoundError and surface clean error
  via console instead of raw traceback (r3244821516)
- Add coverage enforcement in list_integrations_for_docs(): raises ValueError
  with actionable message if any registry key is missing from INTEGRATION_DOC_URLS,
  preventing silently incomplete doc tables (r3244821589)
- Rename test to accurately reflect sources: label derives from registry config,
  URL comes from INTEGRATION_DOC_URLS doc map — not solely from registry (r3244821607)
- Simplify test dict construction to idiomatic dict comprehension (r3244821619)

* fix: add sync test, INTEGRATIONS_REFERENCE_PATH constant, and fix naming

* revert: restore docs/reference/integrations.md to upstream/main; remove sync test (GH Actions job will handle)

* fix: remove dead INTEGRATIONS_REFERENCE_PATH, drop URL-length padding, fix docstring, drop FileNotFoundError

* fix: send --markdown warnings/errors to stderr, rename test for clarity

* fix: detect stale doc-map keys, test _render_cell escaping, strengthen header assertion

* refactor: promote _render_cell to public render_cell function

* test: mock registry and doc maps to avoid brittle live registry coupling

* refactor: flatten patches, remove unused imports, fix trailing whitespace, optimize missing calculation

* refactor: make validation non-fatal, fix context manager syntax, add CLI tests

* fix: improve docstring clarity, test robustness, and exception handling

* fix: improve test assertions, disable warnings by default, enhance exception handling

* fix: make CLI tests deterministic and improve config access resilience

* fix: remove extra blank line, add stale keys validation, add regression test for docs sync

* Fix 5 remaining feedback items:
- Rename _get_mocked_cli_runner() to _get_catalog_docs_patches() for clarity
- Use ExitStack context manager for guaranteed patch cleanup
- Add explicit UTF-8 encoding to file reads
- Skip doc sync test gracefully when docs aren't present
- Remove exception chaining from typer.Exit to avoid noisy tracebacks

* address all outstanding copilot review feedback on PR 2563

* Address Copilot feedback: escape URLs in markdown links, deduplicate cell rendering, fix table parser for escaped pipes

* Address 3 new Copilot feedback: add URL escaping test, fix parse_first_markdown_table for escaped pipes, guard community tests with skip

* Address 3 new Copilot feedback: escape id field, remove unused alias, escape integration URLs

* Address 3 new Copilot feedback: fix comment name, include all integrations in list

* Fix architectural issue: escape raw fields before composing Markdown to prevent double-escaping

* Deduplicate _escape_url_for_markdown_link and add URL escaping test

* Address 4 new Copilot feedback: add trailing newline, fix test helper ExitStack, update warning message

* Address 4 new Copilot feedback: make escape function public, fix error message, validate test rows, prevent double newline

* Update error message in test_missing_catalog_file for clarity

* Remove obsolete integrations sync test

* keep integrations docs in sync

* fix: allow prerelease spec-kit versions in compatibility checks

Allow prerelease/dev builds to satisfy extension and preset compatibility
checks when their version number falls within the required specifier range.
Also harden the integrations docs rendering helpers and add regression
coverage for the markdown table parsing and version gating paths.

Tests: pytest -q; python3 -m compileall -q .; black/flake8 unavailable
Reference: branch 002-generate-integrations-docs; source patch /tmp/spec-kit-changes.patch

* fix: isolate prerelease compatibility gate changes

Keep the prerelease/version compatibility fix on its own branch and remove
the unrelated integrations docs updates that belong with PR 2563.

Tests: full suite passed on the prerelease branch before splitting; docs branch covered by targeted docs tests
Reference: upstream/main; source patch /tmp/spec-kit-changes.patch

* Address PR 2695 feedback: Centralize prerelease policy and add boundary test

* Address remaining Copilot PR feedback: revert docs and add preset prerelease tests

* Remove unreachable raise CompatibilityError

* Fix PEP8 E302 and E303 formatting issues
2026-06-30 09:41:57 -05:00
Manfred Riem
5e72b1d486 chore: release 0.12.2, begin 0.12.3.dev0 development (#3259)
* chore: bump version to 0.12.2

* chore: begin 0.12.3.dev0 development

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 09:38:57 -05:00
Pascal THUET
86709f6089 fix(scripts): portable uppercase for branch-name acronym retention (bash 3.2) (#3192)
* fix(scripts): portable uppercase for branch-name acronym retention

Branch-name generation keeps short uppercase acronyms (e.g. "AI") by re-checking
the lowercased word against the original description with ${word^^}. That
parameter expansion is bash 4+ only; on macOS's default bash 3.2 it errors with
"bad substitution", so the acronym/short-word retention branch never matches and
those words are dropped ("go AI now" yields 001-now instead of 001-ai-now). Use
tr '[:lower:]' '[:upper:]' instead, which is portable.

Applies to both the core create-new-feature.sh and the git extension's
create-new-feature-branch.sh. The existing
test_branch_name_short_word_case_sensitivity / test_short_word_retention tests
cover this and now pass on bash 3.2 (CI runs on bash 4+/Linux, so they passed
there already).

(Disclosure: an AI coding agent surfaced the failure while running the suite on
macOS and pinned the root cause; fix written and reviewed by me.)

* fix(scripts): portability follow-ups from code review

- core create-new-feature.sh: match the acronym with `grep -qw` (POSIX
  whole-word) instead of `\b...\b` (GNU/BSD-only), matching the git extension
  and dropping a non-POSIX construct.
- lint: add a CI guard rejecting bash 4+ case-modification expansions in *.sh.
  shellcheck assumes bash 4+ from the shebang and can't flag them, and CI has no
  bash-3.2 lane, so this prevents silently re-shipping the macOS regression this
  PR fixes.
- update a stale PowerShell extension comment that cited the removed bash idiom.

(Disclosure: prompted by an AI code review of the PR; written and reviewed by me.)
2026-06-30 09:34:09 -05:00
Ben Buttigieg
c47dd2b812 chore: retire Windsurf integration — absorbed into Cognition Devin (#3168) (#3213)
* chore: retire windsurf integration — absorbed into Cognition Devin (#3168)

windsurf.com now permanently redirects to devin.ai/desktop following
acquisition. Remove subpackage, registry/catalog entries, docs, and tests;
re-point sample-agent test fixtures to Kilo Code.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: remove stale Windsurf support references

Assisted-by: GitHub Copilot (model: gpt-5.3-codex, autonomous)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: fix Kilo Code command path in upgrade guide

Assisted-by: GitHub Copilot (model: gpt-5.3-codex, autonomous)

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* chore: align integration lists after rebase

Assisted-by: GitHub Copilot (model: gpt-5.3-codex, autonomous)

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

* docs: align kilocode example with runtime behavior

Assisted-by: GitHub Copilot (model: gpt-5.3-codex, autonomous)

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 08:49:49 -05:00
github-actions[bot]
844c73685b [extension] Update Intake extension to v0.1.3 (#3254)
* Update Intake extension to v0.1.3

Update intake extension submitted by @bigsmartben to:
- extensions/catalog.community.json (version, download_url, description, provides.commands, updated_at)
- docs/community/extensions.md community extensions table

Closes #3247

Assisted-by: GitHub Copilot (model: claude-sonnet-4.6, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Revert catalog-wide formatting churn; keep intake-only changes

Addresses review feedback on PR #3254: the previous commit re-serialized
the entire community catalog (escaping Unicode punctuation like — to
\u2014 and reformatting unrelated entries). Restore the catalog to its
prior formatting and limit the diff to the intake entry (version,
download_url, description, provides.commands, updated_at).

Assisted-by: GitHub Copilot (model: claude-opus-4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Manfred Riem <15701806+mnriem@users.noreply.github.com>
2026-06-30 08:36:05 -05:00
Huy Do
20f430686c feat(workflows): honor max_concurrency in fan-out via a bounded thread pool (#3224)
* feat(workflows): honor max_concurrency in fan-out via a bounded thread pool

* feat(workflows): address review — sliding-window fan-out, locked output, faithful halt

Address the reviewer feedback on the bounded fan-out concurrency:

- Sliding submission window: keep at most `workers` items in flight and stop
  launching new items once the run is halting, instead of submitting all items
  up front (which let the pool keep starting queued work after a halt).
- Faithful halt prefix: attribute a halt to the specific item whose own
  recorded result halted the run (replaying the sequential break condition,
  honoring continue_on_error/aborted), not the shared run status a later
  concurrent item may have flipped. The returned prefix now includes the actual
  halting item, matching the sequential path. An item that fails before
  recording a result (e.g. an unknown step type) is attributed too, since every
  item runs the same template.
- Lock the parent fan-out output mutation: route the post-fan-out
  step_results[...]['output'] update through a new RunState.set_step_output()
  under the run lock, so it cannot race a concurrent save().
- Docstring: describe int() coercion accurately (numeric strings / floats are
  honored; only non-coercible or <= 1 runs sequentially).

Tests: add concurrent halt-includes-halting-item, continue_on_error-does-not-
truncate, and unknown-template-type-matches-sequential coverage; make the
timing test use a monotonic clock with a looser threshold to avoid CI flakiness.

* feat(workflows): address second review pass — concurrency hardening

- append_log: serialize the log_entries append + log.jsonl write under a
  dedicated RunState._log_lock so concurrent fan-out workers can't interleave
  or corrupt log lines (kept separate from the state lock; never nested).
- _run_fan_out.run_item: read the item output back through the item_ctx it
  executed against rather than the outer context closure — clearer and robust
  if StepContext ever stops sharing the steps dict by reference.
- StepBase: document the thread-safety contract — STEP_REGISTRY holds one shared
  instance per type, so concurrent fan-out invokes execute() on the same object;
  implementations must be stateless/thread-safe (the built-ins already are).
- test_concurrency_is_real: prove parallelism deterministically with a
  threading.Barrier (sequential execution can't clear it) instead of a
  wall-clock timing assertion.

* feat(workflows): address review — stamp updated_at under lock, clarify cancel semantics

- RunState.save(): move the updated_at timestamp assignment inside the run lock
  so the timestamp matches the snapshot the thread serializes and concurrent
  savers don't race on it.
- _run_fan_out docstring: clarify that on a halt only not-yet-started items are
  cancelled; items already running finish but their outputs are ignored
  (Future.cancel() can't stop running work, and the pool joins on exit).

* feat(workflows): serialize on_step_start callback under a lock

The concurrent fan-out path invokes _execute_steps from worker threads, which
calls the engine's on_step_start callback (the CLI sets it to a console.print
lambda). Concurrent invocation could interleave/garble progress output. Guard
the call with a WorkflowEngine._callback_lock so callbacks are serialized;
the lock is uncontended for sequential runs.

* feat(workflows): re-raise worker exceptions in-place to preserve traceback

In _run_fan_out's concurrent path, a worker exception was stashed in first_exc
and re-raised after the loop. Re-raise it from within the except block with a
bare `raise` (after cancelling outstanding futures) so the original traceback is
preserved, and drop the now-unneeded first_exc variable. The ThreadPoolExecutor
__exit__ still joins any already-running workers before the exception escapes.

* feat(workflows): lock final fan-out status, drop redundant output write, bound workers

Address third review pass:

- Remove the unlocked `context.steps[step_id]["output"] = …` writes in the
  fan-out parent update. context.steps[step_id] is the same dict object that
  set_step_output() updates under the run lock, so the direct (unsynchronized)
  mutation was redundant.
- Preserve sequential halt semantics under concurrency: a later in-flight item
  could overwrite state.status after the halting item was identified. _run_fan_out
  now derives the halting item's run status (item_halt_status, replacing the bool
  item_halted) and restores it after the pool joins, so the final status is the
  first halting item's outcome.
- Bound the pool: workers = min(max_concurrency, len(items)) and early-return for
  empty items, so a user-controlled max_concurrency can't over-allocate threads.

Add coverage that an earlier PAUSED item's status wins over a later concurrent
FAILED item.

* feat(workflows): avoid unlocked context.steps writes when it aliases step_results

On a resume run, StepContext is built with steps=state.step_results, so the two
direct `context.steps[...] = ...` writes mutated the shared dict outside the run
lock and could race save(). Route both through a new _record_result helper that
mirrors into context.steps only when it is a distinct object (a fresh run) and
otherwise relies solely on record_step_result's locked write.
2026-06-30 08:23:27 -05:00
github-actions[bot]
9c691e57b9 Update Architecture Workflow extension to v1.2.2 (#3255)
Update arch extension submitted by @bigsmartben to:
- extensions/catalog.community.json (version, download_url, description, commands count)
- docs/community/extensions.md community extensions table

Closes #3246

Assisted-by: GitHub Copilot (model: claude-sonnet-4.6, autonomous)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 08:16:24 -05:00
github-actions[bot]
ada293e203 Add Repository Governance extension to community catalog (#3252)
Add repository-governance extension submitted by @bigsmartben to:
- extensions/catalog.community.json (alphabetical order)
- docs/community/extensions.md community extensions table

Closes #3245

Assisted-by: GitHub Copilot (model: claude-sonnet-4.6, autonomous)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 07:34:23 -05:00
github-actions[bot]
5f440a8e20 Update Workflow Preset to v1.3.11 (#3251)
Update workflow-preset submitted by @bigsmartben:
- presets/catalog.community.json (version, download_url, updated_at)

Closes #3248

Assisted-by: GitHub Copilot (model: claude-sonnet-4.6, autonomous)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 07:33:25 -05:00
Ben Buttigieg
28a38af6c1 chore: retire iflow integration — product discontinued (#3166) (#3211)
Remove the iFlow CLI integration whose product was shut down: subpackage,
registry entry, catalog entry, docs, tests, and issue-template options.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 07:30:52 -05:00
Ben Buttigieg
8215f3308b docs(codebuddy): fix dead install links and CodeBuddy capitalization (#3172) (#3216)
* fix(codebuddy): repoint install_url to codebuddy.cn (#3172)

The codebuddy.ai domain no longer resolves; CodeBuddy consolidated onto
codebuddy.cn (Tencent). Update install_url and docs links to
https://www.codebuddy.cn/cli (verified live).

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs: use canonical 'CodeBuddy' capitalization in installation prereqs

Address Copilot review: the link text read 'Codebuddy CLI' while the rest of
the docs and the integration metadata use 'CodeBuddy'.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 07:29:33 -05:00
Noor ul ain
cb7c36c95b fix: reject host-less catalog URLs in base and preset validators (#3209) (#3227)
`CatalogStackBase._validate_catalog_url` (inherited by `IntegrationCatalog`)
and `PresetCatalog._validate_catalog_url` checked `parsed.netloc`, which is
truthy for host-less URLs like `https://:8080` (port only) or `https://user@`
(userinfo only). Such URLs slipped past validation despite the error message
promising "a valid URL with a host", then failed later with a confusing fetch
error.

Switch both validators to `parsed.hostname` (None for those inputs), matching
the workflow, step, and bundler catalog validators that already do this.

Add regression tests covering port-only and userinfo-only URLs for both
validators.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 07:18:39 -05:00
Manfred Riem
8025481eca chore: release 0.12.1, begin 0.12.2.dev0 development (#3253)
* chore: bump version to 0.12.1

* chore: begin 0.12.2.dev0 development

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-30 06:47:09 -05:00
Manfred Riem
4038d370bf chore: align CI Python matrix with devguide lifecycle + fix bash 3.2 portability (#3244)
* chore: align CI Python matrix with devguide release lifecycle

Run the pytest matrix only on the bugfix (maintenance) releases — 3.13
and 3.14 — instead of 3.11/3.12/3.13, and point the ruff lint job at the
latest interpreter (3.14). The supported floor stays at requires-python
>= 3.11 (oldest non-EOL security release): older security versions are
supported by claim and fixed reactively rather than gated on a wide
per-commit matrix. Also add macos-latest to the OS matrix so macOS
regressions are caught.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: make bash scripts portable to bash 3.2 (macOS system /bin/bash)

Adding macos-latest to the CI matrix surfaced two pre-existing bash 3.2
incompatibilities (macOS ships bash 3.2 as /bin/bash):

1. update-agent-context.sh embedded Python heredocs inside $(...) command
   substitution. bash 3.2 mis-parses an apostrophe in a heredoc body
   nested in $(...), failing with "unexpected EOF while looking for
   matching `''". Removed the apostrophes from the affected $()-nested
   heredoc body and documented the constraint to prevent regressions.

2. create-new-feature-branch.sh and create-new-feature.sh used the
   bash 4+ ${word^^} uppercase parameter expansion, which errors as a
   "bad substitution" on bash 3.2 and caused short uppercase acronyms
   (e.g. "GO") to be dropped from derived branch names. Replaced with a
   portable `tr '[:lower:]' '[:upper:]'` pipeline.

Verified the full test suite passes under bash 3.2.57 and shellcheck
(--severity=error) is clean.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address review feedback on bash 3.2 portability changes

- create-new-feature.sh: replace the non-portable `\b...\b` grep
  word-boundary (BSD grep treats `\b` as a backspace, so the acronym
  branch could silently fail) with `grep -qw`, matching its twin
  create-new-feature-branch.sh, and pipe the description via
  `printf '%s'` instead of `echo`.
- create-new-feature-branch.sh: switch the acronym check to
  `printf '%s'` as well so both twins are identical and avoid `echo`
  on user-provided text.
- update-agent-context.sh: reword the apostrophe-free self-seeding
  comment to be clearer and less easy to misread.

Verified under bash 3.2.57 (full bash-script suite green) and
shellcheck --severity=error.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-30 06:43:48 -05:00
Noor ul ain
ea1827769a fix: stop check-prerequisites --paths-only from writing feature.json (#3025) (#3190)
* fix: stop check-prerequisites --paths-only from writing feature.json (#3025)

check-prerequisites --paths-only / -PathsOnly is documented as pure,
read-only path resolution, but when SPECIFY_FEATURE_DIRECTORY was set it
called the persist routine and rewrote .specify/feature.json. That dirtied
the working tree and overwrote a pinned feature directory during what should
be a no-op.

Add an explicit opt-out at the resolver boundary instead of a global env
back-channel:

- bash: get_feature_paths accepts a leading --no-persist flag that skips
  _persist_feature_json; check-prerequisites.sh passes it in --paths-only mode.
- PowerShell: Get-FeaturePathsEnv gains a -NoPersist switch that skips
  Save-FeatureJson; check-prerequisites.ps1 passes it in -PathsOnly mode.

Normal (non-paths-only) invocations are unchanged and still persist the
override, so future sessions without the env var keep working.

Add regression tests asserting --paths-only/-PathsOnly leaves a pinned
feature.json untouched even when the env override differs, plus a guard that
normal mode still persists.

* fix: use ASCII hyphen in common.ps1 comment for PS 5.1 compatibility

The em-dash in the persist comment introduced non-ASCII bytes, failing
test_ps1_file_is_ascii_only which enforces ASCII-only PowerShell sources
for Windows PowerShell 5.1 compatibility.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: add PowerShell normal-mode persistence guard (#3025)

Addresses Copilot review feedback on #3190: the bash side had a
`test_normal_mode_still_persists_feature_json` guard, but there was no
symmetric PowerShell test asserting that running check-prerequisites.ps1
*without* -PathsOnly still persists the SPECIFY_FEATURE_DIRECTORY override
into .specify/feature.json.

Add test_ps_normal_mode_still_persists_feature_json, which guards against
accidentally passing -NoPersist unconditionally (or flipping the default)
in a future refactor. Verified it fails when -NoPersist is passed in the
non -PathsOnly branch and passes with the current conditional.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 06:38:59 -05:00
Quratulain-bilal
00f6a80201 docs: document integration catalog subcommands (#3206)
* docs: document integration catalog subcommands

the integration reference omits the 'specify integration catalog'
subcommand group (list/add/remove) that exists in code, while the
extension, preset, and workflow references all document their catalog
equivalents. add a catalog management section matching that structure.

* docs: address review feedback on integration catalog section

- catalogs are consulted by the discovery commands (search/info), not
  install; install resolves from the built-in registry
- 'catalog list' shows project sources as removable only when configured,
  otherwise active sources are non-removable
2026-06-30 06:13:17 -05:00
Ali jawwad
4badf3b5b1 fix(scripts): use ASCII [OK] marker in initialize-repo.sh (parity with PowerShell twin) (#3231)
* fix(scripts): use ASCII [OK] marker in initialize-repo.sh (parity with PowerShell twin)

initialize-repo.sh printed its success line with a Unicode checkmark ('✓ Git repository initialized'), while the PowerShell twin initialize-repo.ps1 and both auto-commit scripts use the ASCII marker '[OK]'. That is an output-text divergence across the bash/PowerShell twins and an inconsistency among sibling extension scripts. Use '[OK]' to match.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* test: assert full [OK] init line and surface stderr on failure

Address Copilot review: assert the full success line '[OK] Git repository initialized' (not just the '[OK]' substring, which could pass if unrelated [OK] output is added later) and include result.stderr in the assertion message so a failure is debuggable.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:56:06 -05:00
Noor ul ain
9dfef8629e docs: document integration search/info/scaffold subcommands (#3174) (#3194)
* docs: document integration search/info/scaffold subcommands (#3174)

docs/reference/integrations.md omitted three subcommands that exist in
code, breaking parity with the extension/preset/bundle/workflow
references which all document their search/info equivalents.

Added sections for:
- `specify integration search [query]` (--tag, --author)
- `specify integration info <integration_id>`
- `specify integration scaffold <key>` (--type: markdown/skills/toml/yaml)

Content mirrors the command docstrings, arguments, and options in
src/specify_cli/integrations/_query_commands.py and _scaffold_commands.py.

Fixes #3174.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 16:52:01 -05:00
Noor ul ain
5a29e4b659 docs: remove Cursor from specify check agent list (#3178) (#3193)
* docs: remove Cursor from specify check agent list (#3178)

Cursor is registered as an IDE-based integration (requires_cli=False),
so `specify check` never probes for a "Cursor CLI". Listing it in the
README's check description misled users into expecting a check that
does not happen. Removed it from the list; the remaining entries all
correspond to integrations with requires_cli=True.

Fixes #3178.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-29 16:50:55 -05:00
Ben Buttigieg
b1bd9180ca fix(goose): repoint install_url and docs to goose-docs.ai (#3171) (#3215)
* fix(goose): repoint install_url and docs to goose-docs.ai (#3171)

Goose moved to the Agentic AI Foundation; docs moved from block.github.io/goose
to goose-docs.ai. Update install_url and the docs reference link.

Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* docs(goose): restore table column alignment

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Assisted-by: GitHub Copilot (model: Claude Opus 4.8, autonomous)

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-29 16:43:06 -05:00
Ali jawwad
804e7329b8 fix(scripts): route 'Plan template not found' per --json in setup-plan.ps1 (parity with bash) (#3241)
The 'template not found' fallback used Write-Warning, which emits 'WARNING: Plan template not found' on the warning stream -- diverging from the bash twin (echo 'Warning: Plan template not found' to stderr in --json, stdout in text mode) in both wording and routing, and inconsistent with the sibling 'Copied plan template' message (#3198) in the same block. Route it the same way so the two scripts share one status-output contract.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 16:37:40 -05:00
Ali jawwad
c5fb3dc86f fix(bundle): send command errors to stderr so --json stdout stays parseable (#3235)
The bundle command group's _fail() helper is documented as printing 'to stderr', and the module contract is 'human logs go to stderr/console' while --json 'emits machine-readable data on stdout'. But it called console.print(), and the shared console writes to STDOUT, so every bundle error (every command routes through _fail) landed on stdout -- corrupting the JSON stream that --json consumers parse.

Add a stderr-bound err_console to _console.py (its documented role as the single Console source) and use it in _fail. stdout now carries only the JSON payload.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 15:46:56 -05:00
Manfred Riem
5a7d84311b chore: release 0.12.0, begin 0.12.1.dev0 development (#3243)
* chore: bump version to 0.12.0

* chore: begin 0.12.1.dev0 development

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-06-29 15:46:35 -05:00
71 changed files with 3538 additions and 1913 deletions

View File

@@ -48,8 +48,6 @@
"openai.chatgpt",
// Kilo Code
"kilocode.Kilo-Code",
// Roo Code
"RooVeterinaryInc.roo-cline",
// Claude Code
"anthropic.claude-code"
],

View File

@@ -8,7 +8,7 @@ body:
value: |
Thanks for requesting a new agent! Before submitting, please check if the agent is already supported.
**Currently supported agents**: Amp, Antigravity, Auggie CLI, Claude Code, Cline, CodeBuddy, Codex CLI, Cursor, Devin for Terminal, Firebender, Forge, Gemini CLI, GitHub Copilot, Goose, Hermes Agent, IBM Bob, iFlow CLI, Junie, Kilo Code, Kimi Code, Kiro CLI, Lingma, Mistral Vibe, Oh My Pi, opencode, Pi Coding Agent, Qoder CLI, Qwen Code, Roo Code, RovoDev ACLI, SHAI, Tabnine CLI, Trae, Windsurf, ZCode, Zed
**Currently supported agents**: Amp, Antigravity, Auggie CLI, Claude Code, Cline, CodeBuddy, Codex CLI, Cursor, Devin for Terminal, Firebender, Forge, Gemini CLI, GitHub Copilot, Goose, Hermes Agent, IBM Bob, Junie, Kilo Code, Kimi Code, Kiro CLI, Lingma, Mistral Vibe, Oh My Pi, opencode, Pi Coding Agent, Qoder CLI, Qwen Code, RovoDev ACLI, SHAI, Tabnine CLI, Trae, ZCode, Zed
- type: input
id: agent-name

View File

@@ -78,7 +78,6 @@ body:
- Goose
- Hermes Agent
- IBM Bob
- iFlow CLI
- Junie
- Kilo Code
- Kimi Code
@@ -90,12 +89,10 @@ body:
- Pi Coding Agent
- Qoder CLI
- Qwen Code
- Roo Code
- RovoDev ACLI
- SHAI
- Tabnine CLI
- Trae
- Windsurf
- ZCode
- Zed
- Not applicable

View File

@@ -72,7 +72,6 @@ body:
- Goose
- Hermes Agent
- IBM Bob
- iFlow CLI
- Junie
- Kilo Code
- Kimi Code
@@ -84,12 +83,10 @@ body:
- Pi Coding Agent
- Qoder CLI
- Qwen Code
- Roo Code
- RovoDev ACLI
- SHAI
- Tabnine CLI
- Trae
- Windsurf
- ZCode
- Zed
- Not applicable

View File

@@ -54,3 +54,16 @@ jobs:
# (notably SC2155). Tighten in a follow-up after cleanup.
- name: Run shellcheck on shell scripts
run: git ls-files -z -- '*.sh' | xargs -0 shellcheck --severity=error
# macOS ships bash 3.2, where bash 4+ case-modification parameter
# expansions error with "bad substitution". shellcheck assumes bash 4+
# from the shebang and cannot flag these, so guard explicitly; use tr
# for portable case conversion.
- name: Reject bash 4+ case-modification expansions
run: |
matches=$(git ls-files -z -- '*.sh' | xargs -0 grep -nE '\$\{[A-Za-z_][A-Za-z0-9_]*(\[[^]]*\])?(\^\^?|,,?|~~?|@[UuLl])[^}]*\}' || true)
if [ -n "$matches" ]; then
echo "Found bash 4+ case-modification expansion(s); use tr for portability (macOS ships bash 3.2):"
echo "$matches"
exit 1
fi

View File

@@ -21,7 +21,7 @@ jobs:
- name: Set up Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6
with:
python-version: "3.13"
python-version: "3.14"
- name: Run ruff check
run: uvx ruff check src/
@@ -30,8 +30,8 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ["3.11", "3.12", "3.13"]
os: [ubuntu-latest, windows-latest, macos-latest]
python-version: ["3.13", "3.14"]
steps:
- name: Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0

View File

@@ -23,7 +23,7 @@ src/specify_cli/integrations/
│ └── __init__.py # ClaudeIntegration class
├── gemini/ # Example: TomlIntegration subclass
│ └── __init__.py
├── windsurf/ # Example: MarkdownIntegration subclass
├── kilocode/ # Example: MarkdownIntegration subclass
│ └── __init__.py
├── copilot/ # Example: IntegrationBase subclass (custom setup)
│ └── __init__.py
@@ -52,25 +52,25 @@ Most agents only need `MarkdownIntegration` — a minimal subclass with zero met
Create `src/specify_cli/integrations/<package_dir>/__init__.py`, where `<package_dir>` is the Python-safe directory name derived from `<key>`: use the key as-is when it contains no hyphens (e.g., key `"gemini"``gemini/`), or replace hyphens with underscores when it does (e.g., key `"kiro-cli"``kiro_cli/`). The `IntegrationBase.key` class attribute always retains the original hyphenated value, since that is what the CLI and registry use. For CLI-based integrations (`requires_cli: True`), the `key` should match the actual CLI tool name (the executable users install and run) so CLI checks can resolve it correctly. For IDE-based integrations (`requires_cli: False`), use the canonical integration identifier instead.
**Minimal example — Markdown agent (Windsurf):**
**Minimal example — Markdown agent (Kilo Code):**
```python
"""Windsurf IDE integration."""
"""Kilo Code IDE integration."""
from ..base import MarkdownIntegration
class WindsurfIntegration(MarkdownIntegration):
key = "windsurf"
class KilocodeIntegration(MarkdownIntegration):
key = "kilocode"
config = {
"name": "Windsurf",
"folder": ".windsurf/",
"name": "Kilo Code",
"folder": ".kilocode/",
"commands_subdir": "workflows",
"install_url": None,
"requires_cli": False,
}
registrar_config = {
"dir": ".windsurf/workflows",
"dir": ".kilocode/workflows",
"format": "markdown",
"args": "$ARGUMENTS",
"extension": ".md",
@@ -148,7 +148,7 @@ class CodexIntegration(SkillsIntegration):
| `config` | Class attribute (dict) | Agent metadata: `name`, `folder`, `commands_subdir`, `install_url`, `requires_cli` |
| `registrar_config` | Class attribute (dict) | Command output config: `dir`, `format`, `args` placeholder, file `extension` |
**Key design rule:** For CLI-based integrations (`requires_cli: True`), `key` must be the actual executable name (e.g., `"cursor-agent"` not `"cursor"`). This ensures `shutil.which(key)` works for CLI-tool checks without special-case mappings. IDE-based integrations (`requires_cli: False`) should use their canonical identifier (e.g., `"windsurf"`, `"copilot"`).
**Key design rule:** For CLI-based integrations (`requires_cli: True`), `key` must be the actual executable name (e.g., `"cursor-agent"` not `"cursor"`). This ensures `shutil.which(key)` works for CLI-tool checks without special-case mappings. IDE-based integrations (`requires_cli: False`) should use their canonical identifier (e.g., `"kilocode"`, `"copilot"`).
### 3. Register it
@@ -201,8 +201,8 @@ Only add custom setup logic when the agent needs non-standard behavior. Integrat
specify init my-project --integration <key>
# Verify files were created in the commands directory configured by
# config["folder"] + config["commands_subdir"] (for example, .windsurf/workflows/)
ls -R my-project/.windsurf/workflows/
# config["folder"] + config["commands_subdir"] (for example, .kilocode/workflows/)
ls -R my-project/.kilocode/workflows/
# Uninstall cleanly
cd my-project && specify integration uninstall <key>

View File

@@ -2,6 +2,68 @@
<!-- insert new changelog below this comment -->
## [0.12.3] - 2026-07-01
### Changed
- feat(copilot): warn before skills default rollout (#3256)
- Add June 2026 newsletter (#3289)
- docs(toc): add Bundles and Authentication to the Reference nav (#3267)
- fix(integrations): add zed to discovery catalog.json (#3266)
- fix(integrations): cline hook note collapses onto instruction at EOF (#3263)
- refactor: move workflow command handlers to workflows/_commands.py (PR-8/8) (#3159)
- chore: retire Roo Code integration — extension shut down (#3167) (#3212)
- fix(bundle): allow 'catalog remove' by the same relative path used to add (#3242)
- fix(workflows): reject bool max_iterations in while/do-while validation (#3237)
- fix: allow prerelease spec-kit versions in compatibility checks (#2695)
- chore: release 0.12.2, begin 0.12.3.dev0 development (#3259)
## [0.12.2] - 2026-06-30
### Changed
- fix(scripts): portable uppercase for branch-name acronym retention (bash 3.2) (#3192)
- chore: retire Windsurf integration — absorbed into Cognition Devin (#3168) (#3213)
- [extension] Update Intake extension to v0.1.3 (#3254)
- feat(workflows): honor max_concurrency in fan-out via a bounded thread pool (#3224)
- Update Architecture Workflow extension to v1.2.2 (#3255)
- Add Repository Governance extension to community catalog (#3252)
- Update Workflow Preset to v1.3.11 (#3251)
- chore: retire iflow integration — product discontinued (#3166) (#3211)
- docs(codebuddy): fix dead install links and CodeBuddy capitalization (#3172) (#3216)
- fix: reject host-less catalog URLs in base and preset validators (#3209) (#3227)
- chore: release 0.12.1, begin 0.12.2.dev0 development (#3253)
## [0.12.1] - 2026-06-30
### Changed
- chore: align CI Python matrix with devguide lifecycle + fix bash 3.2 portability (#3244)
- fix: stop check-prerequisites --paths-only from writing feature.json (#3025) (#3190)
- docs: document integration catalog subcommands (#3206)
- fix(scripts): use ASCII [OK] marker in initialize-repo.sh (parity with PowerShell twin) (#3231)
- docs: document integration `search`/`info`/`scaffold` subcommands (#3174) (#3194)
- docs: remove Cursor from `specify check` agent list (#3178) (#3193)
- fix(goose): repoint install_url and docs to goose-docs.ai (#3171) (#3215)
- fix(scripts): route 'Plan template not found' per --json in setup-plan.ps1 (parity with bash) (#3241)
- fix(bundle): send command errors to stderr so --json stdout stays parseable (#3235)
- chore: release 0.12.0, begin 0.12.1.dev0 development (#3243)
## [0.12.0] - 2026-06-29
### Changed
- feat: make agent-context extension a full opt-in (#3097)
- docs(workflows): add the built-in 'init' step type to the Step Types table (#3234)
- fix(workflows): gate validate() must not crash on non-string options (#3233)
- fix(workflows): make pipe-filter detection quote-aware in expressions (#3232)
- fix(workflows): reject a fan-in wait_for that names an unknown step at validation (#3225)
- fix(scripts): warn when spec template is missing in create-new-feature.ps1 (parity with bash) (#3230)
- fix(scripts): count subdirectory-only dirs as non-empty in PowerShell (parity with bash) (#3137)
- fix(scripts): drop HAS_GIT from PowerShell git-extension output (parity with bash) (#3195)
- Update Product Spec Extension to v1.0.1 (#3226)
- chore: release 0.11.10, begin 0.11.11.dev0 development (#3240)
## [0.11.10] - 2026-06-29
### Changed

View File

@@ -406,7 +406,7 @@ specify init . --force --integration copilot
specify init --here --force --integration copilot
```
The CLI will check if you have Claude Code, Gemini CLI, Cursor CLI, Qwen CLI, opencode, Codex CLI, Qoder CLI, Tabnine CLI, Kiro CLI, Pi, Oh My Pi, Forge, Goose, Mistral Vibe, or ZCode installed. If you do not, or you prefer to get the templates without checking for the right tools, use `--ignore-agent-tools` with your command:
The CLI will check that your selected agent's CLI tool is installed (for integrations that require a CLI), such as Claude Code, Gemini CLI, Qwen Code, opencode, Codex CLI, Qoder CLI, Tabnine CLI, Kiro CLI, Pi Coding Agent, Oh My Pi, Forge, Goose, Mistral Vibe, or ZCode. If you don't have the required tool installed, or you prefer to get the templates without checking for the right tools, use `--ignore-agent-tools` with your command:
```bash
specify init <project_name> --integration copilot --ignore-agent-tools

View File

@@ -31,7 +31,7 @@ The following community-contributed extensions are available in [`catalog.commun
| API Evolve | Managed API contract evolution — breaking-change detection, semver enforcement, deprecation orchestration, and lifecycle gates across REST, GraphQL, and gRPC | `process` | Read+Write | [spec-kit-api-evolve](https://github.com/Quratulain-bilal/spec-kit-api-evolve) |
| Architect Impact Previewer | Predicts architectural impact, complexity, and risks of proposed changes before implementation. | `visibility` | Read-only | [spec-kit-architect-preview](https://github.com/UmmeHabiba1312/spec-kit-architect-preview) |
| Architecture Guard | Framework-agnostic architecture review extension for validating implementation against governance and architecture constitutions, detecting architectural drift, and generating non-blocking refactor tasks | `process` | Read+Write | [spec-kit-architecture-guard](https://github.com/DyanGalih/spec-kit-architecture-guard) |
| Architecture Workflow | Generate or reverse project-level 4+1 architecture views as separate commands | `docs` | Read+Write | [spec-kit-arch](https://github.com/bigsmartben/spec-kit-arch) |
| Architecture Workflow | Generate or reverse project-level 4+1 architecture views with per-view and full-workflow commands | `docs` | Read+Write | [spec-kit-arch](https://github.com/bigsmartben/spec-kit-arch) |
| Archive Extension | Archive merged features into main project memory. | `docs` | Read+Write | [spec-kit-archive](https://github.com/stn1slv/spec-kit-archive) |
| Azure DevOps Integration | Sync user stories and tasks to Azure DevOps work items using OAuth authentication | `integration` | Read+Write | [spec-kit-azure-devops](https://github.com/pragya247/spec-kit-azure-devops) |
| Blueprint | Stay code-literate in AI-driven development: review a complete code blueprint for every task from spec artifacts before /speckit.implement runs | `docs` | Read+Write | [spec-kit-blueprint](https://github.com/chordpli/spec-kit-blueprint) |
@@ -58,7 +58,7 @@ The following community-contributed extensions are available in [`catalog.commun
| GitHub Issues Integration 2 | Creates and syncs local specs from an existing GitHub issue | `integration` | Read+Write | [spec-kit-issue](https://github.com/aaronrsun/spec-kit-issue) |
| Golden Demo | Extracts acceptance criteria from specs, builds test vectors, and produces a behavioral drift report — complementary to Architecture Guard and CDD | `docs` | Read+Write | [spec-kit-golden-demo](https://github.com/jasstt/spec-kit-golden-demo) |
| Improve Extension | Audits any codebase as a senior advisor and writes prioritized, self-contained spec prompts under specs/ that the spec-kit lifecycle can process | `process` | Read+Write | [spec-kit-improve](https://github.com/d0whc3r/spec-kit-improve) |
| Intake | Normalize PRD, design, and test-case evidence into SDD-ready intake artifacts | `docs` | Read+Write | [spec-kit-intake](https://github.com/bigsmartben/spec-kit-intake) |
| Intake | Normalize PRD, design, HTML SSOT, and test-case evidence into SDD-ready intake artifacts. | `docs` | Read+Write | [spec-kit-intake](https://github.com/bigsmartben/spec-kit-intake) |
| Intelligent Agent Orchestrator | Cross-catalog agent discovery and intelligent prompt-to-command routing | `process` | Read+Write | [spec-kit-orchestrator](https://github.com/pragya247/spec-kit-orchestrator) |
| Iterate | Iterate on spec documents with a two-phase define-and-apply workflow — refine specs mid-implementation and go straight back to building | `docs` | Read+Write | [spec-kit-iterate](https://github.com/imviancagrace/spec-kit-iterate) |
| Jira Integration | Create Jira Epics, Stories, and Issues from spec-kit specifications and task breakdowns with configurable hierarchy and custom field support | `integration` | Read+Write | [spec-kit-jira](https://github.com/mbachorik/spec-kit-jira) |
@@ -98,6 +98,7 @@ The following community-contributed extensions are available in [`catalog.commun
| Reconcile Extension | Reconcile implementation drift by surgically updating feature artifacts. | `docs` | Read+Write | [spec-kit-reconcile](https://github.com/stn1slv/spec-kit-reconcile) |
| Red Team | Adversarial review of specs before /speckit.plan — parallel lens agents surface risks that clarify/analyze structurally can't (prompt injection, integrity gaps, cross-spec drift, silent failures). Produces a structured findings report; no auto-edits to specs. | `docs` | Read+Write | [spec-kit-red-team](https://github.com/ashbrener/spec-kit-red-team) |
| Research Harness | State-externalizing research harness: budgeted exploration, evidence curation, and claim verification for spec-driven development | `process` | Read+Write | [spec-kit-harness](https://github.com/formin/spec-kit-harness) |
| Repository Governance | Generate project-governance projections from Spec Kit metadata | `process` | Read+Write | [spec-kit-agent-governance](https://github.com/bigsmartben/spec-kit-agent-governance) |
| Repository Index | Generate index for existing repo for overview, architecture and module level. | `docs` | Read-only | [spec-kit-repoindex](https://github.com/liuyiyu/spec-kit-repoindex) |
| Reqnroll BDD | Adds Reqnroll BDD planning, Gherkin generation, traceability, safe task injection, handoff, and verification to Spec Kit | `process` | Read+Write | [spec-kit-reqnroll-bdd](https://github.com/LoogacyStudio/spec-kit-reqnroll-bdd) |
| Retro Extension | Sprint retrospective analysis with metrics, spec accuracy assessment, and improvement suggestions | `process` | Read+Write | [spec-kit-retro](https://github.com/arunt14/spec-kit-retro) |

View File

@@ -31,7 +31,7 @@ Define what to build before building it. Rich templates, quality checklists, and
### Use any coding agent
<span class="pillar-stat">30+ integrations</span> — Copilot, Gemini, Codex, Windsurf, Zed, Claude, Forge, Kiro, and more. Switch freely between agents with a single command. No lock-in.
<span class="pillar-stat">30+ integrations</span> — Copilot, Gemini, Codex, Kilo Code, Zed, Claude, Forge, Kiro, and more. Switch freely between agents with a single command. No lock-in.
Run `specify init` with your agent of choice and Spec Kit sets up the right command files, context rules, and directory structures automatically. If your agent isn't listed, the `generic` integration is an escape hatch for any tool.

View File

@@ -3,7 +3,7 @@
## Prerequisites
- **Linux/macOS** (or Windows; PowerShell scripts now supported without WSL)
- AI coding agent: [Claude Code](https://www.anthropic.com/claude-code), [GitHub Copilot](https://code.visualstudio.com/), [Codebuddy CLI](https://www.codebuddy.ai/cli), [Gemini CLI](https://github.com/google-gemini/gemini-cli), [Pi Coding Agent](https://pi.dev), or [Oh My Pi](https://www.npmjs.com/package/@oh-my-pi/pi-coding-agent)
- AI coding agent: [Claude Code](https://www.anthropic.com/claude-code), [GitHub Copilot](https://code.visualstudio.com/), [CodeBuddy CLI](https://www.codebuddy.cn/docs/cli/installation), [Gemini CLI](https://github.com/google-gemini/gemini-cli), [Pi Coding Agent](https://pi.dev), or [Oh My Pi](https://www.npmjs.com/package/@oh-my-pi/pi-coding-agent)
- [uv](https://docs.astral.sh/uv/) for package management (recommended) or [pipx](https://pipx.pypa.io/) for persistent installation
- [Python 3.11+](https://www.python.org/downloads/)
- [Git](https://git-scm.com/downloads) _(optional — required only when the git extension is enabled)_

View File

@@ -11,7 +11,7 @@ The Specify CLI supports a wide range of AI coding agents. When you run `specify
| [Auggie CLI](https://docs.augmentcode.com/cli/overview) | `auggie` | |
| [Claude Code](https://www.anthropic.com/claude-code) | `claude` | Skills-based integration; installs skills in `.claude/skills` |
| [Cline](https://github.com/cline/cline) | `cline` | IDE-based agent |
| [CodeBuddy CLI](https://www.codebuddy.ai/cli) | `codebuddy` | |
| [CodeBuddy CLI](https://www.codebuddy.cn/docs/cli/installation) | `codebuddy` | |
| [Codex CLI](https://github.com/openai/codex) | `codex` | Skills-based integration; installs skills into `.agents/skills` and invokes them as `$speckit-<command>` |
| [Cursor](https://cursor.sh/) | `cursor-agent` | |
| [Devin for Terminal](https://cli.devin.ai/docs) | `devin` | Skills-based integration; installs skills into `.devin/skills/` and invokes them as `/speckit-<command>` |
@@ -19,10 +19,9 @@ The Specify CLI supports a wide range of AI coding agents. When you run `specify
| [Forge](https://forgecode.dev/) | `forge` | |
| [Gemini CLI](https://github.com/google-gemini/gemini-cli) | `gemini` | |
| [GitHub Copilot](https://code.visualstudio.com/) | `copilot` | |
| [Goose](https://block.github.io/goose/) | `goose` | Uses YAML recipe format in `.goose/recipes/` |
| [Goose](https://goose-docs.ai/) | `goose` | Uses YAML recipe format in `.goose/recipes/` |
| [Hermes](https://github.com/NousResearch/hermes-agent) | `hermes` | Skills-based integration; installs skills globally into `~/.hermes/skills/` |
| [IBM Bob](https://www.ibm.com/products/bob) | `bob` | IDE-based agent |
| [iFlow CLI](https://docs.iflow.cn/en/cli/quickstart) | `iflow` | |
| [Junie](https://junie.jetbrains.com/) | `junie` | |
| [Kilo Code](https://github.com/Kilo-Org/kilocode) | `kilocode` | |
| [Kimi Code](https://code.kimi.com/) | `kimi` | Skills-based integration; installs into `.kimi-code/skills/`. `--migrate-legacy` moves old `.kimi/skills/` installs to the new paths, and (when the `agent-context` extension is enabled) migrates `KIMI.md` context into `AGENTS.md` |
@@ -34,12 +33,10 @@ The Specify CLI supports a wide range of AI coding agents. When you run `specify
| [Pi Coding Agent](https://pi.dev) | `pi` | Pi doesn't have MCP support out of the box, so `taskstoissues` won't work as intended. MCP support can be added via [extensions](https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent#extensions) |
| [Qoder CLI](https://qoder.com/cli) | `qodercli` | |
| [Qwen Code](https://github.com/QwenLM/qwen-code) | `qwen` | |
| [Roo Code](https://roocode.com/) | `roo` | |
| [RovoDev](https://www.atlassian.com/software/rovo-dev) | `rovodev` | Generates `.rovodev/skills/`, prompt wrappers, and `prompts.yml`; runtime dispatch uses `acli rovodev` |
| [SHAI (OVHcloud)](https://github.com/ovh/shai) | `shai` | |
| [Tabnine CLI](https://docs.tabnine.com/main/getting-started/tabnine-cli) | `tabnine` | |
| [Trae](https://www.trae.ai/) | `trae` | Skills-based integration; skills are installed automatically |
| [Windsurf](https://windsurf.com/) | `windsurf` | |
| [ZCode](https://zcode.z.ai/) | `zcode` | Skills-based integration; installs skills into `.zcode/skills/` and invokes them as `$speckit-<command>` |
| [Zed](https://zed.dev/) | `zed` | Skills-based integration; installs skills into `.agents/skills` and invokes them as `/speckit-<command>` |
| Generic | `generic` | Bring your own agent — use `--integration generic --integration-options="--commands-dir <path>"` for AI coding agents not listed above |
@@ -54,6 +51,27 @@ Shows all available integrations, which one is currently installed, and whether
When multiple integrations are installed, the list marks the default integration separately from the other installed integrations.
The list also shows whether each built-in integration is declared multi-install safe.
## Search Available Integrations
```bash
specify integration search [query]
```
| Option | Description |
| ---------- | ------------------ |
| `--tag` | Filter by tag |
| `--author` | Filter by author |
Searches the active catalog stack for integrations matching the query. Without a query, lists all available integrations. Must be run inside a Spec Kit project.
## Integration Info
```bash
specify integration info <integration_id>
```
Shows catalog details for a single integration, including its description, author, license, tags, source catalog, repository (when available), and whether it is currently active. Must be run inside a Spec Kit project.
## Install an Integration
```bash
@@ -152,6 +170,47 @@ is `null` when no installed integration set can be evaluated, such as when the
integration state is missing, unreadable, lacks a valid recorded integration
list, or records no installed integrations.
## Catalog Management
Integration catalogs control where the discovery commands (`search` and `info`) look for integrations. Catalogs are checked in priority order.
### List Catalogs
```bash
specify integration catalog list
```
Shows the active catalog sources. Project-level sources (when configured) are removable by index; otherwise the active sources are shown as non-removable.
### Add a Catalog
```bash
specify integration catalog add <url>
```
| Option | Description |
| --------------- | ----------------------------- |
| `--name <name>` | Optional name for the catalog |
Adds a custom catalog URL to the project's `.specify/integration-catalogs.yml`. The URL must use HTTPS (except `http://localhost`, `http://127.0.0.1`, or `http://[::1]` for local testing).
### Remove a Catalog
```bash
specify integration catalog remove <index>
```
Removes a project catalog source by its 0-based index in `catalog list`.
### Catalog Resolution Order
Catalogs are resolved in this order (first match wins):
1. **Environment variable**`SPECKIT_INTEGRATION_CATALOG_URL` overrides all catalogs
2. **Project config**`.specify/integration-catalogs.yml`
3. **User config**`~/.specify/integration-catalogs.yml`
4. **Built-in defaults** — official catalog + community catalog
## Integration-Specific Options
Some integrations accept additional options via `--integration-options`:
@@ -167,6 +226,18 @@ Example:
specify integration install generic --integration-options="--commands-dir .myagent/cmds"
```
## Scaffold a New Integration
```bash
specify integration scaffold <key>
```
Creates a minimal built-in integration package and a matching test skeleton in the Spec Kit repository, then prints the next steps for wiring it up. Run this command from the Spec Kit repository root. The `<key>` must be lowercase kebab-case (for example, `my-agent`).
| Option | Description |
| -------- | ---------------------------------------------------------------- |
| `--type` | Scaffold template to use: `markdown` (default), `skills`, `toml`, or `yaml` |
## FAQ
### Can I install multiple integrations in the same project?
@@ -191,16 +262,13 @@ The currently declared multi-install safe integrations are:
| `cursor-agent` | `.cursor/skills`, `.cursor/rules/specify-rules.mdc` |
| `firebender` | `.firebender/commands`, `.firebender/rules/specify-rules.mdc` |
| `gemini` | `.gemini/commands`, `GEMINI.md` |
| `iflow` | `.iflow/commands`, `IFLOW.md` |
| `junie` | `.junie/commands`, `.junie/AGENTS.md` |
| `kilocode` | `.kilocode/workflows`, `.kilocode/rules/specify-rules.md` |
| `qodercli` | `.qoder/commands`, `QODER.md` |
| `qwen` | `.qwen/commands`, `QWEN.md` |
| `roo` | `.roo/commands`, `.roo/rules/specify-rules.md` |
| `shai` | `.shai/commands`, `SHAI.md` |
| `tabnine` | `.tabnine/agent/commands`, `TABNINE.md` |
| `trae` | `.trae/skills`, `.trae/rules/project_rules.md` |
| `windsurf` | `.windsurf/workflows`, `.windsurf/rules/specify-rules.md` |
| `zcode` | `.zcode/skills`, `ZCODE.md` |
Integrations that share a context file or command directory with another integration, require dynamic install paths such as `--commands-dir`, or merge shared tool settings are not declared safe by default. They can still be installed alongside another integration with `--force`.
@@ -215,7 +283,7 @@ Run `specify integration list` to see all available integrations with their keys
### Do I need the AI coding agent installed to use an integration?
CLI-based integrations (like Claude Code, Gemini CLI) require the tool to be installed. IDE-based integrations (like Windsurf, Cursor) work through the IDE itself. Some agents like GitHub Copilot support both IDE and CLI usage. `specify integration list` shows which type each integration is.
CLI-based integrations (like Claude Code, Gemini CLI) require the tool to be installed. IDE-based integrations (like Cursor) work through the IDE itself. Some agents like GitHub Copilot support both IDE and CLI usage. `specify integration list` shows which type each integration is.
### When should I use `upgrade` vs `switch`?

View File

@@ -35,6 +35,10 @@
href: reference/presets.md
- name: Workflows
href: reference/workflows.md
- name: Bundles
href: reference/bundles.md
- name: Authentication
href: reference/authentication.md
# Concepts
- name: Concepts

View File

@@ -185,7 +185,7 @@ cp -r .specify/scripts .specify/scripts-backup
### 3. Duplicate slash commands (IDE-based agents)
Some IDE-based agents (like Kilo Code, Windsurf) may show **duplicate slash commands** after upgrading—both old and new versions appear.
Some IDE-based agents (like Kilo Code, Cline) may show **duplicate slash commands** after upgrading—both old and new versions appear.
**Solution:** Manually delete the old command files from your agent's folder.
@@ -193,7 +193,7 @@ Some IDE-based agents (like Kilo Code, Windsurf) may show **duplicate slash comm
```bash
# Navigate to the agent's commands folder
cd .kilocode/rules/
cd .kilocode/workflows/
# List files and identify duplicates
ls -la
@@ -242,11 +242,11 @@ mv /tmp/constitution-backup.md .specify/memory/constitution.md
### Scenario 3: "I see duplicate slash commands in my IDE"
This happens with IDE-based agents (Kilo Code, Windsurf, Roo Code, etc.).
This happens with IDE-based agents (Kilo Code, Cline, etc.).
```bash
# Find the agent folder (example: .kilocode/rules/)
cd .kilocode/rules/
# Find the agent folder (example: .kilocode/workflows/)
cd .kilocode/workflows/
# List all files
ls -la

View File

@@ -18,7 +18,6 @@
"generic": "AGENTS.md",
"goose": "AGENTS.md",
"hermes": "AGENTS.md",
"iflow": "IFLOW.md",
"junie": ".junie/AGENTS.md",
"kilocode": ".kilocode/rules/specify-rules.md",
"kimi": "AGENTS.md",
@@ -29,7 +28,6 @@
"pi": "AGENTS.md",
"qodercli": "QODER.md",
"qwen": "QWEN.md",
"roo": ".roo/rules/specify-rules.md",
"rovodev": "AGENTS.md",
"shai": "SHAI.md",
"tabnine": "TABNINE.md",

View File

@@ -59,6 +59,13 @@ case "$(uname -s 2>/dev/null || true)" in
esac
# Parse extension config once; emit context files as JSON, followed by marker strings.
#
# NOTE (bash 3.2 / macOS portability): the embedded Python heredocs below run
# inside $(...) command substitution. bash 3.2 (the system /bin/bash on macOS)
# mis-parses a single-quote/apostrophe in a heredoc body nested in $(...),
# failing with "unexpected EOF while looking for matching `''". Keep these
# $(...)-nested heredoc bodies free of apostrophes (use double quotes in Python
# string literals and avoid contractions in comments).
if ! _raw_opts="$("$_python" - "$EXT_CONFIG" "$_case_insensitive_context_files" "$PROJECT_ROOT" <<'PY'
import json
import sys
@@ -113,11 +120,11 @@ if isinstance(raw_files, list):
if not context_files:
add_context_file(get_str(data, "context_file"))
if not context_files:
# Self-seed: the agent-context extension owns its lifecycle, so when its
# own config declares no target it derives one from the active integration
# recorded in init-options.json, using the extension's OWN bundled mapping
# (agent-context-defaults.json). This is independent of the Specify CLI by
# design nothing here imports specify_cli.
# Self-seed: the agent-context extension manages its own lifecycle, so when
# its config declares no target, it derives one from the active integration
# recorded in init-options.json, mapped through the bundled
# agent-context-defaults.json file. This is independent of the Specify CLI
# by design; nothing here imports specify_cli.
project_root = sys.argv[3] if len(sys.argv) > 3 else "."
integration_key = ""
try:
@@ -144,7 +151,7 @@ if not context_files:
except Exception:
print(
"agent-context: unable to read %s; cannot self-seed the context "
"file. Set 'context_file' in the extension config." % defaults_path,
"file. Set context_file in the extension config." % defaults_path,
file=sys.stderr,
)
mapping = {}
@@ -152,7 +159,7 @@ if not context_files:
if not context_files:
print(
"agent-context: no default context file is known for integration "
"'%s'. Set 'context_file' in the extension config to choose one."
"%s. Set context_file in the extension config to choose one."
% integration_key,
file=sys.stderr,
)

View File

@@ -1,6 +1,6 @@
{
"schema_version": "1.0",
"updated_at": "2026-06-29T00:00:00Z",
"updated_at": "2026-06-30T00:00:00Z",
"catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json",
"extensions": {
"aide": {
@@ -187,10 +187,10 @@
"arch": {
"name": "Architecture Workflow",
"id": "arch",
"description": "Generate or reverse project-level 4+1 architecture views as separate commands",
"description": "Generate or reverse project-level 4+1 architecture views with per-view and full-workflow commands",
"author": "bigsmartben",
"version": "1.2.1",
"download_url": "https://github.com/bigsmartben/spec-kit-arch/archive/refs/tags/v1.2.1.zip",
"version": "1.2.2",
"download_url": "https://github.com/bigsmartben/spec-kit-arch/archive/refs/tags/v1.2.2.zip",
"repository": "https://github.com/bigsmartben/spec-kit-arch",
"homepage": "https://github.com/bigsmartben/spec-kit-arch",
"documentation": "https://github.com/bigsmartben/spec-kit-arch/blob/main/README.md",
@@ -202,7 +202,7 @@
"speckit_version": ">=0.8.10.dev0"
},
"provides": {
"commands": 10,
"commands": 12,
"hooks": 0
},
"tags": [
@@ -215,7 +215,7 @@
"downloads": 0,
"stars": 0,
"created_at": "2026-05-14T00:00:00Z",
"updated_at": "2026-06-23T00:00:00Z"
"updated_at": "2026-06-30T00:00:00Z"
},
"architect-preview": {
"name": "Architect Impact Previewer",
@@ -1440,10 +1440,10 @@
"intake": {
"name": "Intake",
"id": "intake",
"description": "Normalize PRD, design, and test-case evidence into SDD-ready intake artifacts.",
"description": "Normalize PRD, design, HTML SSOT, and test-case evidence into SDD-ready intake artifacts.",
"author": "bigsmartben",
"version": "0.1.2",
"download_url": "https://github.com/bigsmartben/spec-kit-intake/archive/refs/tags/v0.1.2.zip",
"version": "0.1.3",
"download_url": "https://github.com/bigsmartben/spec-kit-intake/archive/refs/tags/v0.1.3.zip",
"repository": "https://github.com/bigsmartben/spec-kit-intake",
"homepage": "https://github.com/bigsmartben/spec-kit-intake",
"documentation": "https://github.com/bigsmartben/spec-kit-intake/blob/main/README.md",
@@ -1461,7 +1461,7 @@
]
},
"provides": {
"commands": 3,
"commands": 4,
"hooks": 1
},
"tags": [
@@ -1475,7 +1475,7 @@
"downloads": 0,
"stars": 0,
"created_at": "2026-06-23T00:00:00Z",
"updated_at": "2026-06-23T00:00:00Z"
"updated_at": "2026-06-30T00:00:00Z"
},
"issue": {
"name": "GitHub Issues Integration 2",
@@ -2828,6 +2828,46 @@
"created_at": "2026-03-23T13:30:00Z",
"updated_at": "2026-03-23T13:30:00Z"
},
"repository-governance": {
"name": "Repository Governance",
"id": "repository-governance",
"description": "Generate project-governance projections from Spec Kit metadata",
"author": "bigben",
"version": "3.0.1",
"download_url": "https://github.com/bigsmartben/spec-kit-agent-governance/releases/download/v3.0.1/repository-governance-v3.0.1.zip",
"repository": "https://github.com/bigsmartben/spec-kit-agent-governance",
"homepage": "https://github.com/bigsmartben/spec-kit-agent-governance",
"documentation": "https://github.com/bigsmartben/spec-kit-agent-governance/blob/main/README.md",
"changelog": "https://github.com/bigsmartben/spec-kit-agent-governance/blob/main/CHANGELOG.md",
"license": "MIT",
"category": "process",
"effect": "read-write",
"requires": {
"speckit_version": ">=0.8.0",
"tools": [
{
"name": "uv",
"required": true
}
]
},
"provides": {
"commands": 1,
"hooks": 3
},
"tags": [
"governance",
"repository",
"agents",
"memory",
"context"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-06-30T00:00:00Z",
"updated_at": "2026-06-30T00:00:00Z"
},
"reqnroll-bdd": {
"name": "Reqnroll BDD",
"id": "reqnroll-bdd",

View File

@@ -280,7 +280,7 @@ generate_branch_name() {
local stop_words="^(i|a|an|the|to|for|of|in|on|at|by|with|from|is|are|was|were|be|been|being|have|has|had|do|does|did|will|would|should|could|can|may|might|must|shall|this|that|these|those|my|your|our|their|want|need|add|get|set)$"
local clean_name=$(echo "$description" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/ /g')
local clean_name=$(printf '%s' "$description" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/ /g')
local meaningful_words=()
for word in $clean_name; do
@@ -288,7 +288,9 @@ generate_branch_name() {
if ! echo "$word" | grep -qiE "$stop_words"; then
if [ ${#word} -ge 3 ]; then
meaningful_words+=("$word")
elif echo "$description" | grep -qw -- "${word^^}"; then
# Uppercase via tr (portable) rather than bash's 4+ "^^" case
# expansion, which breaks on macOS's default bash 3.2 (bad substitution).
elif printf '%s' "$description" | grep -qw -- "$(printf '%s' "$word" | tr '[:lower:]' '[:upper:]')"; then
meaningful_words+=("$word")
fi
fi

View File

@@ -51,4 +51,4 @@ _git_out=$(git init -q 2>&1) || { echo "[specify] Error: git init failed: $_git_
_git_out=$(git add . 2>&1) || { echo "[specify] Error: git add failed: $_git_out" >&2; exit 1; }
_git_out=$(git commit --allow-empty -q -m "$COMMIT_MSG" 2>&1) || { echo "[specify] Error: git commit failed: $_git_out" >&2; exit 1; }
echo " Git repository initialized" >&2
echo "[OK] Git repository initialized" >&2

View File

@@ -253,9 +253,10 @@ function Get-BranchName {
if ($word.Length -ge 3) {
$meaningfulWords += $word
} elseif ($Description -cmatch "\b$($word.ToUpper())\b") {
# Case-sensitive (-cmatch) to mirror the bash twin's `grep -qw -- "${word^^}"`:
# keep a short word only when its UPPERCASE form appears in the original
# (an acronym). -match is case-insensitive and would keep every short word.
# Case-sensitive (-cmatch) to mirror the bash twin's case-sensitive
# whole-word acronym match: keep a short word only when its UPPERCASE
# form appears in the original (an acronym). -match is case-insensitive
# and would keep every short word.
$meaningfulWords += $word
}
}

View File

@@ -48,15 +48,6 @@
"repository": "https://github.com/github/spec-kit",
"tags": ["ide"]
},
"windsurf": {
"id": "windsurf",
"name": "Windsurf",
"version": "1.0.0",
"description": "Windsurf IDE workflow integration",
"author": "spec-kit-core",
"repository": "https://github.com/github/spec-kit",
"tags": ["ide"]
},
"amp": {
"id": "amp",
"name": "Amp",
@@ -174,15 +165,6 @@
"repository": "https://github.com/github/spec-kit",
"tags": ["ide"]
},
"roo": {
"id": "roo",
"name": "Roo Code",
"version": "1.0.0",
"description": "Roo Code IDE integration",
"author": "spec-kit-core",
"repository": "https://github.com/github/spec-kit",
"tags": ["ide"]
},
"rovodev": {
"id": "rovodev",
"name": "RovoDev ACLI",
@@ -264,15 +246,6 @@
"repository": "https://github.com/github/spec-kit",
"tags": ["cli"]
},
"iflow": {
"id": "iflow",
"name": "iFlow CLI",
"version": "1.0.0",
"description": "iFlow CLI integration by iflow-ai",
"author": "spec-kit-core",
"repository": "https://github.com/github/spec-kit",
"tags": ["cli"]
},
"vibe": {
"id": "vibe",
"name": "Mistral Vibe",
@@ -326,6 +299,15 @@
"author": "spec-kit-core",
"repository": "https://github.com/github/spec-kit",
"tags": ["cli", "skills", "z-ai"]
},
"zed": {
"id": "zed",
"name": "Zed",
"version": "1.0.0",
"description": "Zed editor skills-based integration",
"author": "spec-kit-core",
"repository": "https://github.com/github/spec-kit",
"tags": ["ide", "skills"]
}
}
}

156
newsletters/2026-June.md Normal file
View File

@@ -0,0 +1,156 @@
# Spec Kit - June 2026 Newsletter
This edition covers Spec Kit activity in June 2026 — a month of maturation and mainstream validation. Twenty-five releases shipped (v0.9.0 through v0.12.2), spanning four minor bumps and delivering two headline capabilities: the **`/speckit.converge` command**, which closes the loop between a spec and the code that implements it, and the new **`specify bundle` subsystem**, a role-based distribution layer that composes extensions, presets, workflows, and steps into a single installable unit. The workflow engine became programmable, the git extension went opt-in as the first real breaking change, and the ecosystem crossed **120+ community extensions**. Externally, June was the highest-volume press month on record — Microsoft's own Developer Blog published a first-party spec-driven development post, an enterprise reported 24× velocity gains, and 75 substantive articles appeared across 25+ languages. A summary is in the table below, followed by details.
| **Spec Kit Core (Jun 2026)** | **Community & Content** | **SDD Ecosystem & Next** |
| --- | --- | --- |
| Twenty-five releases shipped (v0.9.0v0.12.2) with key features: the `/speckit.converge` convergence loop, the `specify bundle` role-based packaging subsystem, a programmable workflow engine (step catalog, JSON output, `from_json`), the git extension becoming opt-in (`--no-git` removed), and six new agents (Cline, rovodev, Zed, Firebender, ZCode, omp). The repo grew from ~107k to **~116,500 stars**. [\[github.com\]](https://github.com/github/spec-kit/releases) | The community extension catalog grew from 105 to **124 entries**; presets reached **23**. Microsoft's Developer Blog published a first-party SDD post naming Spec Kit as the operationalizing toolkit. June was the highest-volume press month yet — **75 substantive articles** across 25+ languages. **245 contributors** now listed. | An enterprise (SNCF Connect & Tech) reported **24× velocity** from SDD. Analysts and comparisons increasingly name Spec Kit "the category anchor" and agent-neutral default. Competitors differentiate on brownfield and drift; balanced reviews continue to flag review-overload and ceremony for small tasks. |
***
> **Spec-Driven Development, Institutionalized.** If May was defined by milestone 100s, June was defined by validation from outside the project. Microsoft's own Developer Blog published a first-party post presenting spec-driven development and positioning Spec Kit as the toolkit that operationalizes it. An enterprise — SNCF Connect & Tech — went on the record with **24× velocity gains** from adopting SDD. A record **75 substantive articles** appeared in more than 25 languages, and the recurring verdict across independent comparisons was that Spec Kit is "the category anchor" and the agent-neutral default. Meanwhile the core matured from v0.9 to v0.12: the workflow engine became genuinely programmable, the first real breaking change shipped, and the new convergence loop and bundle subsystem gave the project answers to its two most-cited gaps — drift and distribution. None of this happens without the community — the contributors, extension and preset authors, bundle builders, and practitioners writing in a dozen languages. Thank you.
## Spec Kit Project Updates
### Releases Overview
**v0.9.0v0.9.5** (June 15) opened the month with a minor bump and five patches. The headline was **native Cline integration** (#2508) and **rovodev** support (#2539), plus the long-running effort to extract agent-context updates into a bundled, opt-in **`agent-context` extension** (#2546, closing #2398). The CLI gained **`specify self upgrade`** (#2475) and a **`--force` flag for `extension add`** (#2530). The workflow engine picked up four capabilities: running YAML files **without a project** (#2825), accepting **updated inputs on resume** (#2815), **structured JSON output** across `run`/`resume`/`status` (#2814), and a **`continue_on_error` step field** for non-halting failures (#2663). Windows compatibility hardened with UTF-8 stdout/stderr (#2817), and cursor-agent headless dispatch now works end-to-end (#2631). [\[github.com\]](https://github.com/github/spec-kit/releases)
**v0.10.0v0.10.4** (June 916) delivered the month's first real **breaking change**: the **git extension is now opt-in** and the long-deprecated `--no-git` flag was removed at v0.10.0 (#2873, closing #2168). A long-standing community ask landed as **per-event hook lists with priority ordering** (#2798, closing #2378), letting extensions cleanly compose multiple hooks on one event. Operators gained a **`specify integration status`** reporting command (#2674), and the extension schema picked up first-class **`category` and `effect` fields** (#2899) to natively express the `Candidate`/`Adjacent`/`Niche`/`Bridge` signals. Security-relevant fixes hardened **preset URL installs against unsafe redirects** (#2911) and preserved the Claude `SKILL.md` `argument-hint` for extension commands (#2916). [\[github.com\]](https://github.com/github/spec-kit/releases)
**v0.11.0v0.11.10** (June 1629) was the largest release cluster of the month and centered on **workflows** and the new **convergence loop**. The **`/speckit.converge` command** shipped (#3001), and the **workflow step catalog** made workflow steps community-installable the way extensions and presets already are (#2394, closing #2216). A complementary **`init` workflow step** (#2838) lets a workflow bootstrap a project the way `specify init` does. Workflow execution became programmable: opt-in `output_format: json` exposes parsed shell stdout as `output.data` (#2963), and a new **`from_json` expression filter** (#2961) turns step outputs into typed values. The new **`bug-assess` agentic workflow** (#3023) automates bug triage from labeled issues, **Zed** joined the supported agents (#2780), and contributors gained an **integration scaffolder** (#2685). The **`specify bundle` command** made its debut here (#3070). Two Windows/PowerShell pain points closed — `specify init` no longer hangs on PowerShell 5.1 (#2938) and the 233-day-old worktree branch-numbering bug was fixed (#3054, closing #1066). [\[github.com\]](https://github.com/github/spec-kit/releases)
**v0.12.0v0.12.2** (June 2930) closed the month with a minor bump making the **`agent-context` extension a full opt-in** (#3097) and a run of workflow-engine hardening: `max_concurrency` is now honored in fan-out via a bounded thread pool (#3224), gate validation no longer crashes on non-string options (#3233), pipe-filter detection became quote-aware (#3232), and a fan-in `wait_for` that names an unknown step is now rejected at validation (#3225). Three agents were also rationalized — **Firebender** (Android Studio / IntelliJ, #3077, closing #1548), **ZCode** (Z.AI, #3063), and **omp** (#3107) joined earlier in the run, while **Windsurf** was absorbed into Cognition Devin (#3168) and **iflow** was retired as discontinued (#3166). [\[github.com\]](https://github.com/github/spec-kit/releases)
### The Convergence Loop: `/speckit.converge`
The most significant addition to the SDD workflow since the core commands themselves, **`/speckit.converge`** (#3001) adds a ninth step that runs *after* `/speckit.implement` and answers the single most-cited concern in every review of the project: *does the code actually match the spec?*
Converge reads `spec.md`, `plan.md`, and `tasks.md` as the **sole source of intent** — with the constitution as governing constraints — assesses the current state of the code, and appends any remaining unbuilt work as new, traceable tasks. It is deliberately **not** a diff or git tool: it evaluates the *present* state of the code relative to the feature's artifacts, with no branch comparison and no history. Findings are classified by **gap type**`missing` (absent entirely), `partial` (present but incomplete), `contradicts` (conflicts with intent or a constitution MUST), or `unrequested` (work the spec never called for) — and graded by severity, with a constitution-MUST violation always the highest.
Its defining design choice is that it is **append-only and never rewrites**. Its only write is a new `## Phase N: Convergence` section at the bottom of `tasks.md`; it never modifies the spec or plan, never renumbers existing tasks, and never touches application code — completing the appended tasks remains the job of `/speckit.implement`. When the codebase already satisfies everything, it leaves `tasks.md` byte-for-byte unchanged and simply reports **"✅ Converged."** Each appended task carries a `source-ref` (e.g. `FR-003`, `SC-002`, `US1/AC2`, a plan decision, or a constitution article), preserving traceability from requirement to remediation.
The result is an **iterative convergence loop** — converge → implement → converge — that runs until no gaps remain. It also smooths migration from OpenSpec by giving Spec Kit a first-class verify-and-close-the-gap step (#2673), directly answering the drift-and-verification demand the community had been expressing through extensions like Architecture Guard, Spec Trace, and the various drift-control tools. The command is now documented in the quickstart and the evolving-specs guide. [\[github.com\]](https://github.com/github/spec-kit/blob/main/docs/quickstart.md)
### The Bundle Subsystem: `specify bundle`
June's second headline was the debut of **bundles** (#3070), a distribution and composition layer that sits above the existing primitives. Where extensions, presets, workflows, and steps are the building blocks, a **bundle is a curated, versioned, role-based stack** that declares everything a team or role needs and installs it in a single step. Crucially, a bundle adds *no new runtime behavior of its own* — it composes what already exists through each component's own machinery, so there is nothing new to learn at execution time.
A bundle is described by a **`bundle.yml` manifest**: metadata (`id`, `name`, `version`, `role`, `author`, `license`), a `requires` block (minimum `speckit_version`, tools, MCP servers), and a `provides` block listing the exact extensions, presets (with `priority` and composition `strategy`), steps, and workflows it installs — each pinned to a version. The first example bundles ship four roles: **developer, product-manager, business-analyst, and security-researcher**.
The subcommand surface is a full package-manager experience: `search` and `info` (which previews the **fully expanded component set** with pinned versions and a `verified`-vs-`community` trust indicator before you install), `install`, `update` (`--all`), `remove`, `list`, `init`, `validate`, `build` (produces a single versioned `.zip` artifact), `publish`, and `catalog` management (`list`/`add`/`remove` sources). Installs are **idempotent with full provenance tracking**, so a bundle can be cleanly removed or refreshed later; `remove` uninstalls only the components a bundle contributed, leaving anything another installed bundle still needs in place. If run in a directory that isn't yet a Spec Kit project, `install` and `init` **bootstrap one first**, so a fresh checkout reaches a working state in a single command. The only cross-bundle conflict point checked at install time is the active integration.
Bundles are discovered through the same priority-ordered catalog stack (project, user, and built-in scopes) as every other component, and by the end of the month they had become a **fourth community-submittable artifact type** alongside extensions, presets, and workflows, via a dedicated submission path (#3162). Bundles are the project's answer to the "how do I distribute a whole role setup?" question — the composability story that ties the entire catalog together. [\[github.com\]](https://github.com/github/spec-kit/blob/main/docs/reference/bundles.md)
### The Workflow Engine Matures
Beyond converge and bundles, June was the month the **workflow engine grew up**. The **step catalog** (#2394) made steps community-distributable; the **`init` step** (#2838) let workflows bootstrap projects; **JSON output** (#2963) and the **`from_json` filter** (#2961) made step outputs consumable as typed data; and the **`bug-assess`** agentic workflow (#3023) became the first shipped end-to-end automation built on the engine. Late-month hardening added bounded-concurrency fan-out (#3224), quote-aware expression parsing (#3232, #3197), stricter gate and `wait_for` validation (#3233, #3225), and correct non-zero exit codes on failed or aborted runs (#2959). The engine that began as a fixed seven-step sequence is now a programmable, community-extensible automation substrate. [\[github.com\]](https://github.com/github/spec-kit/releases)
### Architecture & Refactoring
The **`__init__.py` decomposition series** advanced from 4/8 to **7/8** during June. PR 5/8 co-located integration commands in the `integrations/` domain directory (#2720), PR 6/8 extracted preset command handlers into `presets/_commands.py` (#2826), and PR 7/8 moved extension command handlers into `extensions/_commands.py` (#3014). The systematic extraction continues to improve contributor onboarding and test isolation, with one part remaining. Dead HTTP helpers (`open_github_url`, `_StripAuthOnRedirect`) were removed following the preset URL-install hardening (#2883). [\[github.com\]](https://github.com/github/spec-kit/releases)
### Bug Fixes and Security
Twenty-five releases produced a heavy cadence of fixes, concentrated on **cross-platform parity** and **workflow robustness**. Windows/PowerShell saw the most attention: the PowerShell 5.1 init hang (#2938), UTF-8 stdout/stderr (#2817), stderr routing for `check-prerequisites.ps1` (#3123), case-sensitive branch-name acronym parity (#3129), and several bash-parity script fixes (#3196, #3198, #3230, #3231). Workflow correctness improved with loud failures on unknown expression filters (#3074), rejection of phantom permissions gates (#3079), and preserved commas inside quoted list literals (#3134). Long-standing bugs closed include the 233-day worktree branch-numbering repeat (#1066) and the extension-command registration gap on integration upgrade (#2886).
Security and supply-chain work was a distinct theme this month. **Preset URL installs were hardened against unsafe redirects** (#2911), **`run_command` now rejects `shell=True`** (#3132), **command-registration path handling was hardened** (#3088), **CI actions were pinned to commit SHAs with shellcheck added** (#3126), **catalog archives are verified by sha256 before install** (#3080), the **extension self-install path can no longer delete its source directory** (#2991), **per-extension failures are isolated** so one bad extension can't drop the rest (#2951), and **host-less catalog URLs are now rejected** in the base and preset validators (#3209). [\[github.com\]](https://github.com/github/spec-kit/releases)
### The Extension & Preset Ecosystem
The community extension catalog grew from 105 to **124 entries** during June — nineteen net additions across four steady weeks. Community presets grew from 21 to **23**.
Notable new extensions by category:
- **Verification & drift**: Golden Demo executable-reference + behavioral-drift detection, Coding Standards Drift Control, Spec Trace spec-to-code traceability
- **External trackers & round-trip**: Linear integration (`spec-kit-linear`), Jira Integration via sync engine, Tasks to GitHub Project
- **Autonomy & loops**: Loop Engineering (safe maker/checker agent loops), Research Harness
- **Token & context economy**: Token Economy (routing, measured savings, context audits)
- **Visibility & artifacts**: Spec Kit TLDR review dashboard, Data Model Diagram (Mermaid ER diagrams), Spec Roadmap
- **Intake & discovery**: Improve (audit a codebase into prioritized spec prompts), Intake (structured requirement intake), Spec Kit Discovery
- **Multi-project**: Multi-Sites Spec Kit, RAG Azure Builder, SpecKit Companion
The catalog also showed strong maintenance activity: **Linear Integration** advanced through several releases (to v0.7.0), **DocGuard — CDD Enforcement** progressed to v0.28.0, the **Superpowers** bridges continued rapid iteration, and **Architecture Guard**, **Security Review**, **Product Forge**, **MemoryLint**, and **Multi-Model Review** all shipped updates. New presets included **Command Density** and **SicarioSpec Core**, and the governance-preset family (a11y, agent-parity, cross-platform, iSAQB-architecture, architecture, security) received a coordinated round of updates. [\[github.com\]](https://github.github.io/spec-kit/community/extensions.html)
### Documentation & Docs Site
June closed several long-standing documentation gaps. A **guide for handling complex features** landed (#3004), and **evolving specs in existing projects** was formally documented (#2902, closing the 243-day #916). **Spec-persistence models** were documented (#2856), a **monorepo guide** was added (#3084), and **GitHub Copilot CLI guidance** joined the README (#2891). Reference docs for the new **bundles** and **integration catalog** subcommands were added (#3206, #3174), agent disclosure was strengthened to cover commits and per-round comments (#3071), and preset submissions now require a usage README with Spec Kit CLI syntax (#3104). [\[github.com\]](https://github.com/github/spec-kit/releases)
## Community & Content
### Microsoft's First-Party Endorsement
On **June 10**, the **Microsoft Developer Blog** published *"Spec-Driven Development: A Spec-First Approach to AI-Native Engineering"* by Apoorv Gupta (Principal Software Engineer, Microsoft) — the first first-party, non-maintainer post to present SDD and position **GitHub Spec Kit as the toolkit that operationalizes it**. The article covers the seven-step lifecycle and walks through three real greenfield and brownfield case studies, distilling the practice to a single line: **"spec quality = output quality."** Coming from Microsoft's own developer platform rather than the maintainers, it was the month's clearest signal that spec-driven development has moved from community experiment to institutionally endorsed practice. [\[developer.microsoft.com\]](https://developer.microsoft.com/blog/spec-driven-development-ai-native-engineering)
### Press and Industry Coverage
June was the **highest-volume coverage month on record — 75 substantive articles** across more than 25 languages.
**Xebia / XPRT Magazine #21** (Hidde de Smet & Emanuele Bartolesi, June 17) published a 32-minute full six-command walkthrough covering both greenfield and brownfield, honest about markdown-review overhead and where spec quality becomes the bottleneck. [\[xebia.com\]](https://xebia.com/blog/building-software-with-spec-kit/)
**Design News** (Jacob Beningo, June 26) published *"A Practical Guide to Spec-Driven Development with AI"*, explaining SDD for embedded engineers and highlighting Spec Kit as the agent-agnostic reference tool — notable for reaching an audience well outside the usual web-developer sphere. [\[designnews.com\]](https://www.designnews.com/embedded-systems/a-practical-guide-to-spec-driven-development-with-ai)
**SSOJet** (David Brown, June 26) surveyed seven SDD tools and named GitHub Spec Kit **"the category anchor and default agent-neutral pick."** [\[ssojet.com\]](https://ssojet.com/blog/best-spec-driven-development-tools)
**The Tokenizer** (Sairam Sundaresan, June 12), a curated AI newsletter, spotlighted `github/spec-kit` as the structured alternative to one-shot prompting alongside coverage of Spotify and DeepMind. [\[artofsaience.com\]](https://newsletter.artofsaience.com/p/spotifys-agent-context-layer-deepminds)
**FintechExtra** (June 1) published a factual v0.9.x release-notes summary covering the agent-context migration to an opt-in extension, UTF-8 CLI encoding fixes, JSON workflow output, and headless CLI dispatch. [\[fintechextra.com\]](https://www.fintechextra.com/news/spec-kit-v090-agent-context-migration-to-extension-608)
### Enterprise Adoption
**SNCF Connect & Tech** — the technology arm of France's national railway — went on the record in a **CIO Online** interview (Reynald Fléchaux, June 30). CTO Emmanuel Cordente reported **24× velocity gains** from adopting spec-driven development via open-source frameworks it named explicitly, including Spec Kit, while candidly flagging token-cost and governance concerns. It is one of the first named-enterprise, on-the-record velocity claims for SDD. [\[cio-online.com\]](https://www.cio-online.com/actualites/lire-emmanuel-cordente-sncf-connect-et-tech--avec-le-spec-driven-development-une-vitesse-multipliee-par-2-a-4-17120.html)
### Developer Articles and Blog Posts
June's 75 articles skewed heavily multilingual, with deep hands-on series in Chinese, Japanese, and Korean, and a strong current of "which tool should I choose?" comparisons.
Notable English-language articles:
- **Achraf Ben Alaya** (Azure MVP, June 28) published an honest .NET 10 / Blazor field report praising plan→tasks decomposition and the converge loop while flagging migration pitfalls and "overwhelming" markdown output. [\[achrafbenalaya.com\]](https://achrafbenalaya.com/2026/06/28/i-tried-github-spec-kit-an-honest-field-report/)
- **Particula Tech** (Sebastian Mondragon, June 18) compared Spec Kit, Kiro, and Tessl, calling Spec Kit the heaviest and most flexible (30+ agents) but "prone to review overload" — match tool weight to task. [\[particula.tech\]](https://particula.tech/blog/spec-driven-development-tools-spec-kit-vs-kiro-vs-tessl)
- **ToolTwist** (Portia Canlas, June 10) published a CxO field guide to BMAD, OpenSpec, and Spec Kit, concluding "none is best" and calling Spec Kit the **safe default for scaling teams**. [\[tooltwist.com\]](https://tooltwist.com/insights/spec-driven-frameworks-cxo-guide)
- **Allegro Tech** (Konrad Piechna, June 8) shared hard-won SDD best practices, threading Spec Kit's Specify→Plan→Implement→Validate model throughout. [\[blog.allegro.tech\]](https://blog.allegro.tech/2026/06/spec-driven-development-best-practices.html)
- **Yauhen Pyl** (June 3) published a hands-on scoring comparison rating Spec-Kit 2.77 vs OpenSpec 4.00 for brownfield/DX — praising the constitution model while calling it verbose and greenfield-biased. [\[ypyl.github.io\]](https://ypyl.github.io/programming/2026/06/03/openspec-vs-spec-kit-sdd.html)
Notable non-English coverage:
- **Japanese**: haru_iida published a thorough install + `/speckit.*` tutorial on Zenn from 6+ months of use. [\[zenn.dev\]](https://zenn.dev/haru_iida/articles/github-spec-kit-guide) A Qiita piece by IBM's Tomoyuki Hori documented integrating Spec Kit into the IBM Bob IDE. [\[qiita.com\]](https://qiita.com/Tomoyuki_Hori/items/eb0b1db560ba804cf8ac)
- **Chinese**: 掘金 (juejin.cn) ran multiple three-way "Spec Kit vs OpenSpec vs Superpowers" decision guides, and 腾讯云 published a balanced "spec as scaffolding vs single truth" analysis. [\[juejin.cn\]](https://juejin.cn/post/7657070407262421007)
- **Korean**: velog and Naver carried a wave of hands-on build logs and honest "is it too heavy?" critiques, including a full Claude Code + Spec-Kit end-to-end build. [\[velog.io\]](https://velog.io/@yono/GitHub-Spec-Kit%EC%9C%BC%EB%A1%9C-Spec-Driven-Development-%EC%8B%9C%EC%9E%91%ED%95%98%EA%B8%B0)
- **Russian**: a vc.ru field report trialed Spec Kit across four projects, concluding roughly 30% of the author's work suits it — strong on greenfield, weak on research and existing code. [\[vc.ru\]](https://vc.ru/ai/2974391-opyt-ispolzovaniya-spec-kit-na-proyektakh)
Coverage also appeared on TabNews (Portuguese), Habr and CSDN, note.com, Substack (multiple), Medium, DEV Community, Design News, and company engineering blogs — the broadest linguistic spread yet recorded.
### Community Growth by the Numbers
| Metric | Start of June | End of June | Change |
| --- | --- | --- | --- |
| GitHub stars | 106,951 | ~116,500 | +~9,500 (+9%) |
| Forks | 9,464 | ~10,250 | +~800 |
| Contributors | 217 | 245 | +28 |
| Releases (total) | 152 | 177 | +25 (v0.9.0v0.12.2) |
| Community extensions | 105 | 124 | +19 |
| Community presets | 21 | 23 | +2 |
| Discussions (open) | 422 | 436 | +14 |
## SDD Ecosystem & Industry Trends
### The Category Consolidates
Across June's record article volume, a consistent framing emerged: spec-driven development is now an established category, and Spec Kit is its reference implementation. SSOJet called it "the category anchor," Design News and multiple comparison pieces called it the agent-neutral default, and ToolTwist's CxO guide named it the "safe default for scaling teams." The Microsoft Developer Blog post and the SNCF enterprise interview extended that framing beyond the developer press into institutional and enterprise contexts. [\[ssojet.com\]](https://ssojet.com/blog/best-spec-driven-development-tools)
### Competitive Landscape
The "which SDD tool?" comparison became June's dominant content genre, almost always featuring the same field: **Spec Kit, OpenSpec, Superpowers, BMAD, Kiro, Tessl, and GSD**. The recurring conclusion — from ToolTwist, BrainGrid, Particula Tech, and numerous multilingual surveys — was that the *practice* matters more than the tool, with Spec Kit positioned as the portable, community-driven, agent-agnostic default and competitors differentiating on brownfield ergonomics and drift management. Balanced reviews were consistent about the trade-off: Spec Kit is the heaviest and most flexible option (30+ agents, a full constitution/lifecycle model), which brings both the widest capability surface and the most review overhead. Hands-on scoring pieces (ypyl, vc.ru) rated it strong on greenfield and multi-scenario work and weaker on research tasks and incremental brownfield edits — precisely the gaps the `/speckit.converge` loop and the growing brownfield/drift extension ecosystem are built to close. [\[tooltwist.com\]](https://tooltwist.com/insights/spec-driven-frameworks-cxo-guide)
## Roadmap
Areas under discussion or in progress for future development:
- **The convergence loop** — `/speckit.converge` (#3001) is the core's direct answer to the drift-and-verification concern raised in nearly every review. Expect the append-only convergence model to deepen, and the community drift/verification extensions (Golden Demo, Spec Trace, Coding Standards Drift Control) to keep feeding requirements upstream. [\[github.com\]](https://github.com/github/spec-kit/blob/main/docs/quickstart.md)
- **The bundle subsystem** — `specify bundle` (#3070) establishes role-based distribution as a first-class primitive. With a community submission path now open (#3162) and four example roles shipped, curation, trust signals (`verified` vs `community`), and version-pin enforcement become the next areas to mature. [\[github.com\]](https://github.com/github/spec-kit/blob/main/docs/reference/bundles.md)
- **A programmable workflow platform** — with the step catalog, JSON output, and `from_json` filter, workflows are now community-extensible and scriptable. The open question is discoverability and pull: the step catalog is new, and adoption will show whether standalone workflow authoring becomes a real ecosystem or stays a power-user niche. [\[github.com\]](https://github.com/github/spec-kit/releases)
- **PyPI publishing** — a publishing workflow and README metadata landed (#2915, closing #2623), but official PyPI distribution is not yet the recommended install path; `uv tool install` and git remain canonical. Completing and hardening this reduces friction for restricted/air-gapped environments. [\[github.com\]](https://github.com/github/spec-kit/releases)
- **CLI architecture cleanup** — the `__init__.py` decomposition reached 7/8 (extensions/_commands.py, #3014), with one part remaining. The payoff is contributor onboarding and test isolation. [\[github.com\]](https://github.com/github/spec-kit/releases)
- **Toward a stable release** — v0.10.0's removal of `--no-git` and the git extension going opt-in was the first real breaking change, and the run to v0.12 reflects sustained pre-1.0 momentum. Expect continued API stabilization as the surface (bundles, workflows, converge) settles. [\[github.com\]](https://github.com/github/spec-kit/releases)
- **Experience simplification** — review overload, ceremony for small tasks, and verbose markdown output remain the most-cited concerns across June's balanced reviews (Particula Tech, ypyl, vc.ru, multiple Korean and Japanese pieces). The lean preset, TinySpec, `/speckit.converge`, and role bundles provide answers; surfacing them to new users is the ongoing opportunity. [\[particula.tech\]](https://particula.tech/blog/spec-driven-development-tools-spec-kit-vs-kiro-vs-tessl)

View File

@@ -99,7 +99,7 @@ The `CommandRegistrar` renders commands differently per agent:
| Agent | Format | Extension | Arg placeholder |
|-------|--------|-----------|-----------------|
| Claude, Cursor, opencode, Windsurf, etc. | Markdown | `.md` | `$ARGUMENTS` |
| Claude, Kilo Code, opencode, etc. | Markdown | `.md` | `$ARGUMENTS` |
| Copilot | Markdown | `.agent.md` + `.prompt.md` | `$ARGUMENTS` |
| Gemini, Qwen, Tabnine | TOML | `.toml` | `{{args}}` |

View File

@@ -1,6 +1,6 @@
{
"schema_version": "1.0",
"updated_at": "2026-06-25T00:00:00Z",
"updated_at": "2026-06-30T00:00:00Z",
"catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/presets/catalog.community.json",
"presets": {
"a11y-governance": {
@@ -670,11 +670,11 @@
"workflow-preset": {
"name": "Workflow Preset",
"id": "workflow-preset",
"version": "1.3.2",
"description": "Behavior-first specification, design artifacts, and agent-native handoff orchestration.",
"version": "1.3.11",
"description": "Behavior-first specification, design artifacts, and agent-native handoff orchestration",
"author": "bigsmartben",
"repository": "https://github.com/bigsmartben/spec-kit-workflow-preset",
"download_url": "https://github.com/bigsmartben/spec-kit-workflow-preset/releases/download/v1.3.2/spec-kit-workflow-preset-v1.3.2.zip",
"download_url": "https://github.com/bigsmartben/spec-kit-workflow-preset/releases/download/v1.3.11/spec-kit-workflow-preset-v1.3.11.zip",
"homepage": "https://github.com/bigsmartben/spec-kit-workflow-preset",
"documentation": "https://github.com/bigsmartben/spec-kit-workflow-preset/blob/main/README.md",
"license": "MIT",
@@ -693,7 +693,7 @@
"handoff"
],
"created_at": "2026-05-27T00:00:00Z",
"updated_at": "2026-06-03T00:00:00Z"
"updated_at": "2026-06-30T00:00:00Z"
}
}
}

View File

@@ -1,6 +1,6 @@
[project]
name = "specify-cli"
version = "0.11.11.dev0"
version = "0.12.3"
description = "Specify CLI, part of GitHub Spec Kit. A tool to bootstrap your projects for Spec-Driven Development (SDD)."
readme = "README.md"
requires-python = ">=3.11"

View File

@@ -78,8 +78,14 @@ done
SCRIPT_DIR="$(CDPATH="" cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/common.sh"
# Get feature paths
_paths_output=$(get_feature_paths) || { echo "ERROR: Failed to resolve feature paths" >&2; exit 1; }
# Get feature paths.
# In --paths-only mode this is pure resolution, so pass --no-persist to opt out
# of the feature.json write side effect (issue #3025).
if $PATHS_ONLY; then
_paths_output=$(get_feature_paths --no-persist) || { echo "ERROR: Failed to resolve feature paths" >&2; exit 1; }
else
_paths_output=$(get_feature_paths) || { echo "ERROR: Failed to resolve feature paths" >&2; exit 1; }
fi
eval "$_paths_output"
unset _paths_output

View File

@@ -152,6 +152,15 @@ _persist_feature_json() {
}
get_feature_paths() {
# Read-only callers (e.g. check-prerequisites.sh --paths-only) pass
# --no-persist so pure path resolution never writes .specify/feature.json,
# which would dirty the working tree or overwrite a pinned value (issue #3025).
local no_persist=false
if [[ "${1:-}" == "--no-persist" ]]; then
no_persist=true
shift
fi
# Split decl/assignment so a SPECIFY_INIT_DIR validation failure in
# get_repo_root propagates as a hard error instead of being masked by `local`.
local repo_root
@@ -168,8 +177,11 @@ get_feature_paths() {
feature_dir="$SPECIFY_FEATURE_DIRECTORY"
# Normalize relative paths to absolute under repo root
[[ "$feature_dir" != /* ]] && feature_dir="$repo_root/$feature_dir"
# Persist to feature.json so future sessions without the env var still work
_persist_feature_json "$repo_root" "$SPECIFY_FEATURE_DIRECTORY"
# Persist to feature.json so future sessions without the env var still
# work — unless the caller opted out for read-only resolution (#3025).
if [[ "$no_persist" != true ]]; then
_persist_feature_json "$repo_root" "$SPECIFY_FEATURE_DIRECTORY"
fi
elif [[ -f "$repo_root/.specify/feature.json" ]]; then
local _fd
_fd=$(read_feature_json_feature_directory "$repo_root")

View File

@@ -140,7 +140,7 @@ generate_branch_name() {
local stop_words="^(i|a|an|the|to|for|of|in|on|at|by|with|from|is|are|was|were|be|been|being|have|has|had|do|does|did|will|would|should|could|can|may|might|must|shall|this|that|these|those|my|your|our|their|want|need|add|get|set)$"
# Convert to lowercase and split into words
local clean_name=$(echo "$description" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/ /g')
local clean_name=$(printf '%s' "$description" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/ /g')
# Filter words: remove stop words and words shorter than 3 chars (unless they're uppercase acronyms in original)
local meaningful_words=()
@@ -152,8 +152,10 @@ generate_branch_name() {
if ! echo "$word" | grep -qiE "$stop_words"; then
if [ ${#word} -ge 3 ]; then
meaningful_words+=("$word")
elif echo "$description" | grep -q "\b${word^^}\b"; then
# Keep short words if they appear as uppercase in original (likely acronyms)
# Keep short words that appear as an uppercase acronym in the original.
# Uppercase via tr and match with grep -w (both portable) rather than
# bash's 4+ "^^" case expansion (breaks on macOS bash 3.2) and \b (non-POSIX).
elif printf '%s' "$description" | grep -qw -- "$(printf '%s' "$word" | tr '[:lower:]' '[:upper:]')"; then
meaningful_words+=("$word")
fi
fi

View File

@@ -56,8 +56,14 @@ EXAMPLES:
# Source common functions
. "$PSScriptRoot/common.ps1"
# Get feature paths
$paths = Get-FeaturePathsEnv
# Get feature paths.
# In -PathsOnly mode this is pure resolution, so pass -NoPersist to opt out of
# the feature.json write side effect (issue #3025).
if ($PathsOnly) {
$paths = Get-FeaturePathsEnv -NoPersist
} else {
$paths = Get-FeaturePathsEnv
}
# If paths-only mode, output paths and exit (no validation)
if ($PathsOnly) {

View File

@@ -143,6 +143,13 @@ function Save-FeatureJson {
}
function Get-FeaturePathsEnv {
# Read-only callers (e.g. check-prerequisites.ps1 -PathsOnly) pass -NoPersist
# so pure path resolution never writes .specify/feature.json, which would
# dirty the working tree or overwrite a pinned value (issue #3025).
param(
[switch]$NoPersist
)
$repoRoot = Get-RepoRoot
$currentBranch = Get-CurrentBranch
@@ -157,8 +164,11 @@ function Get-FeaturePathsEnv {
if (-not [System.IO.Path]::IsPathRooted($featureDir)) {
$featureDir = Join-Path $repoRoot $featureDir
}
# Persist to feature.json so future sessions without the env var still work
Save-FeatureJson -RepoRoot $repoRoot -FeatureDirectory $env:SPECIFY_FEATURE_DIRECTORY
# Persist to feature.json so future sessions without the env var still
# work - unless the caller opted out for read-only resolution (#3025).
if (-not $NoPersist) {
Save-FeatureJson -RepoRoot $repoRoot -FeatureDirectory $env:SPECIFY_FEATURE_DIRECTORY
}
} elseif (Test-Path $featureJson) {
$featureJsonRaw = Get-Content -LiteralPath $featureJson -Raw
try {

View File

@@ -48,7 +48,14 @@ if (Test-Path $paths.IMPL_PLAN -PathType Leaf) {
Write-Output "Copied plan template to $($paths.IMPL_PLAN)"
}
} else {
Write-Warning "Plan template not found"
# Match the bash twin's wording and stream routing (stderr in -Json so
# stdout stays pure JSON, stdout otherwise), consistent with the sibling
# "Copied plan template" message above.
if ($Json) {
[Console]::Error.WriteLine("Warning: Plan template not found")
} else {
Write-Output "Warning: Plan template not found"
}
# Create a basic plan file if template doesn't exist
New-Item -ItemType File -Path $paths.IMPL_PLAN -Force | Out-Null
}

File diff suppressed because it is too large Load Diff

View File

@@ -34,6 +34,10 @@ TAGLINE = "GitHub Spec Kit - Spec-Driven Development Toolkit"
console = Console(highlight=False)
# Stderr-bound console for error/diagnostic output, so human-facing messages
# never contaminate stdout (which carries machine-readable ``--json`` payloads).
err_console = Console(stderr=True, highlight=False)
class StepTracker:
"""Track and render hierarchical steps without emojis, similar to Claude Code tree output.
Supports live auto-refresh via an attached refresh callback.

View File

@@ -304,3 +304,27 @@ def _display_project_path(project_root: Path, path: str | Path) -> str:
except (OSError, ValueError):
return path_obj.as_posix()
return rel_path.as_posix()
def version_satisfies(current: str, required: str) -> bool:
"""Check if current version satisfies required version specifier.
Evaluates the version against the specifier using the project's
prerelease policy (prereleases are allowed).
Args:
current: Current version (e.g., "0.1.5")
required: Required version specifier (e.g., ">=0.1.0,<2.0.0")
Returns:
True if version satisfies requirement
"""
from packaging import version as pkg_version
from packaging.specifiers import InvalidSpecifier, SpecifierSet
try:
current_ver = pkg_version.Version(current)
specifier = SpecifierSet(required)
return specifier.contains(current_ver, prereleases=True)
except (pkg_version.InvalidVersion, InvalidSpecifier):
return False

View File

@@ -180,9 +180,18 @@ def remove_source(project_root: Path, id_or_url: str) -> str:
)
catalogs = _read(project_root)
remaining = [
c for c in catalogs if c.get("id") != target and c.get("url") != target
]
# Prefer an exact id/url match.
remaining = [c for c in catalogs if c.get("id") != target and c.get("url") != target]
if len(remaining) == len(catalogs):
# No exact match. add_source canonicalizes a local path to an absolute
# url before storing, so fall back to a canonicalized-url match -- this
# lets `remove ./cat.json` undo `add ./cat.json` (stored absolute).
# Only as a *fallback*: _canonicalize_url treats a bare id as a local
# path (empty scheme), so applying it unconditionally could also delete a
# different source whose url equals the id's canonicalized path.
canonical = _canonicalize_url(target)
if canonical != target:
remaining = [c for c in catalogs if c.get("url") != canonical]
if len(remaining) == len(catalogs):
raise BundlerError(
f"No project-scoped catalog source matching '{target}' was found."

View File

@@ -80,7 +80,7 @@ class CatalogStackBase:
)
# Check hostname, not netloc: netloc is truthy for host-less URLs like
# "https://:8080" or "https://user@", so the host guarantee this error
# promises would not actually hold. hostname is None in those cases.
# promises would not actually hold. hostname is None in those cases (#3209).
if not parsed.hostname:
raise cls._error("Catalog URL must be a valid URL with a host.")

View File

@@ -13,7 +13,7 @@ from pathlib import Path
import typer
from ..._console import console
from ..._console import console, err_console
from ...bundler import BundlerError
from ...bundler.lib.project import (
active_integration,
@@ -41,7 +41,9 @@ bundle_app.add_typer(bundle_catalog_app, name="catalog")
def _fail(message: str) -> None:
"""Print an actionable error to stderr and exit non-zero."""
console.print(f"[red]Error:[/red] {message}", style=None)
# Use the stderr console so the error never lands on stdout, which under
# ``--json`` carries the machine-readable payload and must stay parseable.
err_console.print(f"[red]Error:[/red] {message}", style=None)
raise typer.Exit(code=1)

View File

@@ -28,7 +28,7 @@ from packaging.specifiers import InvalidSpecifier, SpecifierSet
from .._init_options import is_ai_skills_enabled
from .._invocation_style import is_dollar_skills_agent, is_slash_skills_agent
from .._utils import dump_frontmatter, relative_extension_path_violation
from .._utils import dump_frontmatter, relative_extension_path_violation, version_satisfies
from ..catalogs import CatalogEntry as BaseCatalogEntry
from ..catalogs import CatalogStackBase
from ..shared_infra import verify_archive_sha256
@@ -1279,20 +1279,20 @@ class ExtensionManager:
CompatibilityError: If extension is incompatible
"""
required = manifest.requires_speckit_version
current = pkg_version.Version(speckit_version)
# Parse version specifier (e.g., ">=0.1.0,<2.0.0")
try:
specifier = SpecifierSet(required)
if current not in specifier:
raise CompatibilityError(
f"Extension requires spec-kit {required}, "
f"but {speckit_version} is installed.\n"
f"Upgrade spec-kit with: {REINSTALL_COMMAND}"
)
SpecifierSet(required) # Just to validate
except InvalidSpecifier:
raise CompatibilityError(f"Invalid version specifier: {required}")
if not version_satisfies(speckit_version, required):
raise CompatibilityError(
f"Extension requires spec-kit {required}, "
f"but {speckit_version} is installed.\n"
f"Upgrade spec-kit with: {REINSTALL_COMMAND}"
)
return True
def install_from_directory(
@@ -1871,24 +1871,6 @@ class ExtensionManager:
return None
def version_satisfies(current: str, required: str) -> bool:
"""Check if current version satisfies required version specifier.
Args:
current: Current version (e.g., "0.1.5")
required: Required version specifier (e.g., ">=0.1.0,<2.0.0")
Returns:
True if version satisfies requirement
"""
try:
current_ver = pkg_version.Version(current)
specifier = SpecifierSet(required)
return current_ver in specifier
except (pkg_version.InvalidVersion, InvalidSpecifier):
return False
class CommandRegistrar:
"""Handles registration of extension commands with AI agents.

View File

@@ -64,7 +64,6 @@ def _register_builtins() -> None:
from .generic import GenericIntegration
from .goose import GooseIntegration
from .hermes import HermesIntegration
from .iflow import IflowIntegration
from .junie import JunieIntegration
from .kilocode import KilocodeIntegration
from .kimi import KimiIntegration
@@ -75,13 +74,11 @@ def _register_builtins() -> None:
from .pi import PiIntegration
from .qodercli import QodercliIntegration
from .qwen import QwenIntegration
from .roo import RooIntegration
from .rovodev import RovodevIntegration
from .shai import ShaiIntegration
from .tabnine import TabnineIntegration
from .trae import TraeIntegration
from .vibe import VibeIntegration
from .windsurf import WindsurfIntegration
from .zcode import ZcodeIntegration
from .zed import ZedIntegration
@@ -103,7 +100,6 @@ def _register_builtins() -> None:
_register(GenericIntegration())
_register(GooseIntegration())
_register(HermesIntegration())
_register(IflowIntegration())
_register(JunieIntegration())
_register(KilocodeIntegration())
_register(KimiIntegration())
@@ -114,13 +110,11 @@ def _register_builtins() -> None:
_register(PiIntegration())
_register(QodercliIntegration())
_register(QwenIntegration())
_register(RooIntegration())
_register(RovodevIntegration())
_register(ShaiIntegration())
_register(TabnineIntegration())
_register(TraeIntegration())
_register(VibeIntegration())
_register(WindsurfIntegration())
_register(ZcodeIntegration())
_register(ZedIntegration())

View File

@@ -96,7 +96,11 @@ class ClineIntegration(MarkdownIntegration):
def repl(m: re.Match[str]) -> str:
indent = m.group(1)
instruction = m.group(2)
eol = m.group(3)
# ``eol`` is empty when the regex matched via ``$`` because the
# instruction was the final line of a file with no trailing
# newline. Default to ``\n`` so the note never collapses onto
# the same line as the instruction.
eol = m.group(3) or "\n"
return (
indent
+ _HOOK_COMMAND_NOTE.rstrip("\n")

View File

@@ -57,6 +57,17 @@ def _allow_all() -> bool:
return True
def _warn_legacy_markdown_default() -> None:
"""Warn that Copilot's default markdown scaffold is being phased out."""
warnings.warn(
"Copilot legacy markdown mode is deprecated and will stop being the "
'default in a future Spec Kit release; pass --integration-options "--skills" '
"to opt in to Copilot skills mode now.",
UserWarning,
stacklevel=3,
)
class _CopilotSkillsHelper(SkillsIntegration):
"""Internal helper used when Copilot is scaffolded in skills mode.
@@ -316,6 +327,8 @@ class CopilotIntegration(IntegrationBase):
self._skills_mode = bool(parsed_options.get("skills"))
if self._skills_mode:
return self._setup_skills(project_root, manifest, parsed_options, **opts)
if "skills" not in parsed_options:
_warn_legacy_markdown_default()
return self._setup_default(project_root, manifest, parsed_options, **opts)
def _setup_default(

View File

@@ -1,4 +1,4 @@
"""Goose integration — Block's open source AI agent."""
"""Goose integration — open source AI agent (Agentic AI Foundation)."""
from ..base import YamlIntegration
@@ -9,7 +9,7 @@ class GooseIntegration(YamlIntegration):
"name": "Goose",
"folder": ".goose/",
"commands_subdir": "recipes",
"install_url": "https://block.github.io/goose/docs/getting-started/installation",
"install_url": "https://goose-docs.ai/docs/getting-started/installation",
"requires_cli": True,
}
registrar_config = {

View File

@@ -1,21 +0,0 @@
"""iFlow CLI integration."""
from ..base import MarkdownIntegration
class IflowIntegration(MarkdownIntegration):
key = "iflow"
config = {
"name": "iFlow CLI",
"folder": ".iflow/",
"commands_subdir": "commands",
"install_url": "https://docs.iflow.cn/en/cli/quickstart",
"requires_cli": True,
}
registrar_config = {
"dir": ".iflow/commands",
"format": "markdown",
"args": "$ARGUMENTS",
"extension": ".md",
}
multi_install_safe = True

View File

@@ -1,21 +0,0 @@
"""Roo Code integration."""
from ..base import MarkdownIntegration
class RooIntegration(MarkdownIntegration):
key = "roo"
config = {
"name": "Roo Code",
"folder": ".roo/",
"commands_subdir": "commands",
"install_url": None,
"requires_cli": False,
}
registrar_config = {
"dir": ".roo/commands",
"format": "markdown",
"args": "$ARGUMENTS",
"extension": ".md",
}
multi_install_safe = True

View File

@@ -1,21 +0,0 @@
"""Windsurf IDE integration."""
from ..base import MarkdownIntegration
class WindsurfIntegration(MarkdownIntegration):
key = "windsurf"
config = {
"name": "Windsurf",
"folder": ".windsurf/",
"commands_subdir": "workflows",
"install_url": None,
"requires_cli": False,
}
registrar_config = {
"dir": ".windsurf/workflows",
"format": "markdown",
"args": "$ARGUMENTS",
"extension": ".md",
}
multi_install_safe = True

View File

@@ -30,7 +30,7 @@ from packaging.specifiers import SpecifierSet, InvalidSpecifier
from ..extensions import REINSTALL_COMMAND, ExtensionRegistry, normalize_priority
from .._init_options import is_ai_skills_enabled
from ..integrations.base import IntegrationBase
from .._utils import dump_frontmatter
from .._utils import dump_frontmatter, version_satisfies
from ..shared_infra import verify_archive_sha256
@@ -572,19 +572,16 @@ class PresetManager:
PresetCompatibilityError: If pack is incompatible
"""
required = manifest.requires_speckit_version
current = pkg_version.Version(speckit_version)
try:
specifier = SpecifierSet(required)
if current not in specifier:
raise PresetCompatibilityError(
f"Preset requires spec-kit {required}, "
f"but {speckit_version} is installed.\n"
f"Upgrade spec-kit with: {REINSTALL_COMMAND}"
)
SpecifierSet(required) # Just to validate
except InvalidSpecifier:
raise PresetCompatibilityError(f"Invalid version specifier: {required}")
if not version_satisfies(speckit_version, required):
raise PresetCompatibilityError(
f"Invalid version specifier: {required}"
f"Preset requires spec-kit {required}, "
f"but {speckit_version} is installed.\n"
f"Upgrade spec-kit with: {REINSTALL_COMMAND}"
)
return True
@@ -1863,7 +1860,7 @@ class PresetCatalog:
)
# Check hostname, not netloc: netloc is truthy for host-less URLs like
# "https://:8080" or "https://user@", so the host guarantee this error
# promises would not actually hold. hostname is None in those cases.
# promises would not actually hold. hostname is None in those cases (#3209).
if not parsed.hostname:
raise PresetValidationError(
"Catalog URL must be a valid URL with a host."

File diff suppressed because it is too large Load Diff

View File

@@ -97,6 +97,13 @@ class StepBase(ABC):
Every step type — built-in or extension-provided — implements this
interface and registers in ``STEP_REGISTRY``.
Thread-safety: ``STEP_REGISTRY`` holds a single shared instance per type, so
a concurrent ``fan-out`` (``max_concurrency > 1``) can invoke ``execute`` on
the same instance from several threads at once. Implementations must be
stateless / thread-safe — derive all per-run state from the ``config`` and
``context`` arguments and never mutate ``self`` in ``execute``. The built-in
steps follow this rule.
"""
#: Matches the ``type:`` value in workflow YAML.

View File

@@ -10,10 +10,14 @@ The engine is the orchestrator that:
from __future__ import annotations
import dataclasses
import json
import os
import re
import tempfile
import threading
import uuid
from concurrent.futures import Future, ThreadPoolExecutor
from datetime import datetime, timezone
from pathlib import Path
from typing import Any
@@ -412,6 +416,15 @@ class RunState:
self.current_step_index = 0
self.current_step_id: str | None = None
self.step_results: dict[str, dict[str, Any]] = {}
# Guards step_results mutation and save() so a concurrent fan-out cannot
# mutate the dict while save() is serializing it (which would raise
# "dictionary changed size during iteration").
self._lock = threading.Lock()
# Serializes append_log's list append + log.jsonl write so concurrent
# fan-out workers cannot interleave or corrupt log lines. Kept separate
# from _lock so frequent logging never contends with state saves; since
# append_log is never called while _lock is held, the two never nest.
self._log_lock = threading.Lock()
self.inputs: dict[str, Any] = {}
self.created_at = datetime.now(timezone.utc).isoformat()
self.updated_at = self.created_at
@@ -421,28 +434,72 @@ class RunState:
def runs_dir(self) -> Path:
return self.project_root / ".specify" / "workflows" / "runs" / self.run_id
def record_step_result(self, step_id: str, data: dict[str, Any]) -> None:
"""Record one step's result under the run lock.
Routing the mutation through the lock keeps it from racing a concurrent
``save()`` that is iterating ``step_results`` (e.g. during a concurrent
fan-out). For a sequential run this is an uncontended lock.
"""
with self._lock:
self.step_results[step_id] = data
def set_step_output(self, step_id: str, output: Any) -> None:
"""Replace an already-recorded step's ``output`` under the run lock.
Fan-out updates its parent step's output after the items have run;
routing that nested mutation through the lock keeps it from racing a
``save()`` serializing ``step_results`` — the same invariant
``record_step_result`` provides for the top-level assignment.
"""
with self._lock:
if step_id in self.step_results:
self.step_results[step_id]["output"] = output
def save(self) -> None:
"""Persist current state to disk."""
self.updated_at = datetime.now(timezone.utc).isoformat()
"""Persist current state to disk.
Held under the run lock and written atomically (temp file + ``os.replace``)
so a concurrent fan-out can neither mutate ``step_results`` mid-serialization
nor leave a reader observing a half-written file. Racing writers only
contend to be last; they never corrupt.
"""
runs_dir = self.runs_dir
runs_dir.mkdir(parents=True, exist_ok=True)
state_data = {
"run_id": self.run_id,
"workflow_id": self.workflow_id,
"status": self.status.value,
"current_step_index": self.current_step_index,
"current_step_id": self.current_step_id,
"step_results": self.step_results,
"created_at": self.created_at,
"updated_at": self.updated_at,
}
with open(runs_dir / "state.json", "w", encoding="utf-8") as f:
json.dump(state_data, f, indent=2)
with self._lock:
# Stamp updated_at inside the lock so the timestamp matches the
# snapshot this thread serializes (concurrent savers don't race it).
self.updated_at = datetime.now(timezone.utc).isoformat()
state_data = {
"run_id": self.run_id,
"workflow_id": self.workflow_id,
"status": self.status.value,
"current_step_index": self.current_step_index,
"current_step_id": self.current_step_id,
"step_results": self.step_results,
"created_at": self.created_at,
"updated_at": self.updated_at,
}
self._atomic_write_json(runs_dir / "state.json", state_data)
self._atomic_write_json(runs_dir / "inputs.json", {"inputs": self.inputs})
inputs_data = {"inputs": self.inputs}
with open(runs_dir / "inputs.json", "w", encoding="utf-8") as f:
json.dump(inputs_data, f, indent=2)
@staticmethod
def _atomic_write_json(path: Path, data: dict[str, Any]) -> None:
"""Write *data* as indented JSON to *path* atomically (temp + ``os.replace``)."""
fd, tmp = tempfile.mkstemp(
dir=str(path.parent), prefix=f".{path.name}.", suffix=".tmp"
)
try:
with os.fdopen(fd, "w", encoding="utf-8") as f:
json.dump(data, f, indent=2)
os.replace(tmp, path)
except BaseException:
try:
os.unlink(tmp)
except OSError:
pass
raise
@classmethod
def load(cls, run_id: str, project_root: Path) -> RunState:
@@ -490,14 +547,18 @@ class RunState:
return state
def append_log(self, entry: dict[str, Any]) -> None:
"""Append a log entry to the run log."""
entry["timestamp"] = datetime.now(timezone.utc).isoformat()
self.log_entries.append(entry)
"""Append a log entry to the run log.
Held under ``_log_lock`` so concurrent fan-out workers serialize their
list append and ``log.jsonl`` write rather than interleaving lines.
"""
entry["timestamp"] = datetime.now(timezone.utc).isoformat()
runs_dir = self.runs_dir
runs_dir.mkdir(parents=True, exist_ok=True)
with open(runs_dir / "log.jsonl", "a", encoding="utf-8") as f:
f.write(json.dumps(entry) + "\n")
with self._log_lock:
self.log_entries.append(entry)
with open(runs_dir / "log.jsonl", "a", encoding="utf-8") as f:
f.write(json.dumps(entry) + "\n")
# -- Workflow Engine ------------------------------------------------------
@@ -509,6 +570,10 @@ class WorkflowEngine:
def __init__(self, project_root: Path | None = None) -> None:
self.project_root = project_root or Path(".")
self.on_step_start: Any = None # Callable[[str, str], None] | None
# Serializes on_step_start so a concurrent fan-out can't interleave the
# callback's output (the CLI sets it to a console.print lambda). Uncontended
# for sequential runs.
self._callback_lock = threading.Lock()
def load_workflow(self, source: str | Path) -> WorkflowDefinition:
"""Load a workflow from an installed ID or a local YAML path.
@@ -712,6 +777,22 @@ class WorkflowEngine:
state.save()
return state
@staticmethod
def _record_result(
context: StepContext, state: RunState, step_id: str, data: dict[str, Any]
) -> None:
"""Record a step result into both the live context and persistent state.
``record_step_result`` writes ``state.step_results`` under the run lock.
On a resume run ``context.steps`` *is* that same dict, so that locked
write is the only one needed; mirror into ``context.steps`` separately
only when it is a distinct object (a fresh run), to avoid an unlocked
mutation of the shared dict that could race a concurrent ``save()``.
"""
if context.steps is not state.step_results:
context.steps[step_id] = data
state.record_step_result(step_id, data)
def _execute_steps(
self,
steps: list[dict[str, Any]],
@@ -739,7 +820,8 @@ class WorkflowEngine:
# otherwise stay silent (library-safe default).
label = step_config.get("command", "") or step_type
if self.on_step_start is not None:
self.on_step_start(step_id, label)
with self._callback_lock:
self.on_step_start(step_id, label)
step_impl = registry.get(step_type)
if not step_impl:
@@ -772,8 +854,7 @@ class WorkflowEngine:
"output": result.output,
"status": result.status.value,
}
context.steps[step_id] = step_data
state.step_results[step_id] = step_data
self._record_result(context, state, step_id, step_data)
state.append_log(
{
@@ -900,40 +981,32 @@ class WorkflowEngine:
):
return
if orig and ns_copy["id"] in context.steps:
context.steps[orig] = context.steps[ns_copy["id"]]
state.step_results[orig] = context.steps[ns_copy["id"]]
self._record_result(
context, state, orig,
context.steps[ns_copy["id"]],
)
# Fan-out: execute nested step template per item with unique IDs
# Fan-out: execute the nested step template once per item. Honors
# max_concurrency — <=1 runs sequentially (default, historical
# behavior); >1 runs up to that many items concurrently. Either way
# results are assembled in item order under the
# parentId:templateId:index id grammar.
if step_type == "fan-out":
items = result.output.get("items", [])
template = result.output.get("step_template", {})
if template and items:
fan_out_results = []
for item_idx, item_val in enumerate(result.output["items"]):
context.item = item_val
# Per-item ID: parentId:templateId:index
item_step = dict(template)
base_id = item_step.get("id", "item")
item_step["id"] = f"{step_id}:{base_id}:{item_idx}"
self._execute_steps(
[item_step], context, state, registry,
step_offset=-1,
)
# Collect per-item result for fan-in
item_result = context.steps.get(item_step["id"], {})
fan_out_results.append(item_result.get("output", {}))
if state.status in (
RunStatus.PAUSED,
RunStatus.FAILED,
RunStatus.ABORTED,
):
break
fan_out_results = self._run_fan_out(
items, template, step_id, context, state, registry,
result.output.get("max_concurrency", 1),
)
context.item = None
# Preserve original output and add collected results
fan_out_output = dict(result.output)
fan_out_output["results"] = fan_out_results
context.steps[step_id]["output"] = fan_out_output
state.step_results[step_id]["output"] = fan_out_output
# set_step_output updates the recorded dict under the run lock;
# context.steps[step_id] is that same object, so it reflects the
# change too — no separate (unlocked) context mutation needed.
state.set_step_output(step_id, fan_out_output)
if state.status in (
RunStatus.PAUSED,
RunStatus.FAILED,
@@ -943,8 +1016,170 @@ class WorkflowEngine:
else:
# Empty items or no template — normalize output
result.output["results"] = []
context.steps[step_id]["output"] = result.output
state.step_results[step_id]["output"] = result.output
state.set_step_output(step_id, result.output)
def _run_fan_out(
self,
items: list[Any],
template: dict[str, Any],
step_id: str,
context: StepContext,
state: RunState,
registry: dict[str, Any],
max_concurrency: Any,
) -> list[Any]:
"""Run a fan-out template once per item; return per-item outputs in item order.
``max_concurrency`` <= 1 (the default) runs items sequentially, identical
to the historical fan-out behavior. ``max_concurrency`` > 1 runs items on a
bounded thread pool using a sliding submission window of that size: at most
that many items are ever in flight, and no new item is launched once the run
has reached a halting status, so a halt cannot keep starting queued work.
Results are always returned in item order (never completion order). On a
halt (PAUSED/FAILED/ABORTED) the returned prefix is the items up to and
including the first item *in item order* whose own execution halted the run
— identical to the sequential path. Later items that have not yet started
are cancelled; any already running are allowed to finish but their outputs
are ignored. Halt is attributed per item from that item's recorded result
(not the shared run status, which a concurrently-running later item may have
already flipped), so the prefix never drops the actual halting item.
``max_concurrency`` is coerced with ``int()``; a value that cannot be
coerced (``None``, a non-numeric string, …) or that coerces to <= 1 runs
sequentially, while a numeric string like ``"4"`` or a float like ``4.0``
is honored.
"""
if not items:
return []
halting = (RunStatus.PAUSED, RunStatus.FAILED, RunStatus.ABORTED)
try:
workers = max(1, int(max_concurrency))
except (TypeError, ValueError):
workers = 1
# Never spin up more workers than there is work — bounds a user-controlled
# max_concurrency from over-allocating threads.
workers = min(workers, len(items))
base_id = template.get("id", "item")
def item_id(idx: int) -> str:
# Per-item ID grammar: parentId:templateId:index.
return f"{step_id}:{base_id}:{idx}"
def run_item(idx: int, item_ctx: StepContext) -> Any:
item_step = dict(template)
item_step["id"] = item_id(idx)
self._execute_steps(
[item_step], item_ctx, state, registry, step_offset=-1,
)
# Read back through the context that was actually executed against,
# not the outer closure — clearer and robust if StepContext copying
# ever stops sharing the steps dict by reference.
return item_ctx.steps.get(item_step["id"], {}).get("output", {})
# Sequential path — identical to the historical behavior.
if workers <= 1:
results: list[Any] = []
for item_idx, item_val in enumerate(items):
context.item = item_val
results.append(run_item(item_idx, context))
if state.status in halting:
break
return results
# Concurrent path — bounded sliding window; results assembled in item order.
n = len(items)
slots: list[Any] = [None] * n
def run_isolated(idx: int) -> Any:
# Each item runs against its own context copy so context.item is not
# clobbered across threads; the shared steps dict is written only on the
# disjoint parentId:templateId:index key (GIL-safe on distinct keys).
return run_item(idx, dataclasses.replace(context, item=items[idx]))
def item_halt_status(idx: int) -> RunStatus | None:
# If THIS item's own execution halted the run, return the resulting run
# status; else None. Decided from the item's own recorded result, not
# the shared run status, so a later item's concurrent halt is never
# misattributed here. Mirrors the sequential mapping: PAUSED -> PAUSED;
# FAILED -> ABORTED when aborted, else FAILED, unless continue_on_error
# routes around it.
rec = context.steps.get(item_id(idx))
if rec is None:
# Ran but recorded nothing — only when the item failed before
# record_step_result (e.g. an unknown step type returns early).
# Every item runs the same template, so the shared run status is
# this item's own outcome; attribute the halt to it.
return state.status if state.status in halting else None
status = rec.get("status")
if status == StepStatus.PAUSED.value:
return RunStatus.PAUSED
if status == StepStatus.FAILED.value:
out = rec.get("output") or {}
if out.get("aborted"):
return RunStatus.ABORTED
if template.get("continue_on_error") is not True:
return RunStatus.FAILED
return None
# (halting item index, its run status) once a halt is attributed.
halt: tuple[int, RunStatus] | None = None
collected = 0
with ThreadPoolExecutor(max_workers=workers) as pool:
futures: dict[int, Future] = {}
next_submit = 0
for idx in range(n):
# Refill the window: keep <= workers in flight, and stop launching
# new items once the run is halting so a halt cannot keep starting
# queued work. Already-submitted futures are still collected in
# item order below.
while (
next_submit < n
and len(futures) < workers
and state.status not in halting
):
futures[next_submit] = pool.submit(run_isolated, next_submit)
next_submit += 1
fut = futures.pop(idx, None)
if fut is None:
# Safety net: the window submits indices in order and the loop
# breaks at the first halting item, so every collected index has
# an in-flight future. Stop cleanly rather than raise if a future
# change ever breaks that invariant.
break
try:
slots[idx] = fut.result()
except Exception:
# A genuine exception escaping a step (not a normal step
# FAILED, which sets state.status) must not be masked: cancel
# outstanding work and re-raise — with a bare ``raise`` so the
# original traceback is preserved — so the engine marks the run
# failed instead of reporting a vacuous completion. The pool's
# __exit__ still joins any already-running workers.
for other in futures.values():
other.cancel()
raise
collected = idx + 1
halt_status = item_halt_status(idx)
if halt_status is not None:
# First halting item in item order: include it (slots[idx] is
# already set), record its status, and cancel everything pending.
halt = (idx, halt_status)
for other in futures.values():
other.cancel()
break
if halt is not None:
halted_at, halted_status = halt
# A later in-flight item may have overwritten state.status before the
# pool joined; restore the halting item's own outcome so the final run
# status matches the sequential semantics.
state.status = halted_status
return slots[: halted_at + 1]
return slots[:collected]
def _resolve_inputs(
self,

View File

@@ -48,7 +48,10 @@ class DoWhileStep(StepBase):
)
max_iter = config.get("max_iterations")
if max_iter is not None:
if not isinstance(max_iter, int) or max_iter < 1:
# bool is a subclass of int, so isinstance(True, int) is True and
# True < 1 is False; reject bools explicitly so `max_iterations: true`
# is a type error rather than a silent single iteration.
if isinstance(max_iter, bool) or not isinstance(max_iter, int) or max_iter < 1:
errors.append(
f"Do-while step {config.get('id', '?')!r}: "
f"'max_iterations' must be an integer >= 1."

View File

@@ -55,7 +55,10 @@ class WhileStep(StepBase):
)
max_iter = config.get("max_iterations")
if max_iter is not None:
if not isinstance(max_iter, int) or max_iter < 1:
# bool is a subclass of int, so isinstance(True, int) is True and
# True < 1 is False; reject bools explicitly so `max_iterations: true`
# is a type error rather than a silent single iteration.
if isinstance(max_iter, bool) or not isinstance(max_iter, int) or max_iter < 1:
errors.append(
f"While step {config.get('id', '?')!r}: "
f"'max_iterations' must be an integer >= 1."

View File

@@ -62,6 +62,21 @@ def test_commands_outside_project_fail_with_guidance(tmp_path: Path, monkeypatch
assert "Spec Kit project" in result.output
def test_fail_writes_error_to_stderr_not_stdout(capsys):
"""_fail must write to stderr, not stdout: every bundle command routes errors
through it, and under --json the error would otherwise corrupt the JSON payload
that consumers read from stdout."""
import typer
from specify_cli.commands.bundle import _fail
with pytest.raises(typer.Exit):
_fail("something broke")
captured = capsys.readouterr()
assert "something broke" in captured.err
assert "something broke" not in captured.out
def test_search_works_without_a_project(tmp_path: Path, monkeypatch):
# Discovery commands fall back to the built-in/user catalog stack and must
# not require a Spec Kit project (matches README/quickstart examples).

View File

@@ -233,6 +233,10 @@ class TestInitializeRepoBash:
result = _run_bash("initialize-repo.sh", project)
assert result.returncode == 0, result.stderr
# Success marker is the full ASCII "[OK] ..." line (matching the PowerShell
# twin and the sibling auto-commit scripts), not a Unicode checkmark.
assert "[OK] Git repository initialized" in result.stderr, result.stderr
# Verify git repo exists
assert (project / ".git").exists()

View File

@@ -70,16 +70,17 @@ class TestCatalogURLValidation:
@pytest.mark.parametrize(
"url",
[
"https://:8080", # port only, no host
"https://:0", # port only, no host
"https://user@", # userinfo only, no host
"https://user:pw@", # userinfo only, no host
"https://:8080", # port only, no host
"https://:8080/catalog.json", # port only, with path
"https://:0", # port only, no host
"https://user@", # userinfo only, no host
"https://user:pass@", # userinfo only, no host
],
)
def test_hostless_url_with_truthy_netloc_rejected(self, url):
# These have a truthy netloc (":8080", "user@") but no actual host,
# so a netloc-based check would wrongly accept them despite the
# "valid URL with a host" promise. hostname is None for all of them.
# "valid URL with a host" promise. hostname is None for all of them (#3209).
with pytest.raises(IntegrationCatalogError, match="valid URL"):
IntegrationCatalog._validate_catalog_url(url)

View File

@@ -90,6 +90,22 @@ class TestClineIntegration(MarkdownIntegrationTests):
assert "replace dots (`.`) with hyphens (`-`)" in injected
assert "- For each executable hook, output the following:" in injected
def test_cline_hook_instruction_injection_no_trailing_newline(self):
"""Note must not collapse onto the instruction line when the
instruction is the final line with no trailing newline.
The injection regex matches the end-of-line via ``(\\r\\n|\\n|$)``, so
the captured ``eol`` is empty on a file's last line that lacks a
trailing newline. Without an ``or "\\n"`` fallback the note text and
the instruction are emitted on the same line.
"""
cline = get_integration("cline")
content = "- For each executable hook, output the following:" # no trailing \n
injected = cline._inject_hook_command_note(content)
assert "replace dots (`.`) with hyphens (`-`)" in injected
# Instruction stays on its own line rather than being mashed onto the note.
assert "\n- For each executable hook, output the following:" in injected
# -- Overrides for MarkdownIntegrationTests ---------------------------
def test_setup_creates_files(self, tmp_path):

View File

@@ -2,7 +2,9 @@
import json
import os
import warnings
import pytest
import yaml
from specify_cli.integrations import get_integration
@@ -34,6 +36,31 @@ class TestCopilotIntegration:
assert f.parent == tmp_path / ".github" / "agents"
assert f.name.endswith(".agent.md")
def test_setup_warns_legacy_markdown_default_is_deprecated(self, tmp_path):
from specify_cli.integrations.copilot import CopilotIntegration
copilot = CopilotIntegration()
m = IntegrationManifest("copilot", tmp_path)
with pytest.warns(UserWarning, match="Copilot legacy markdown mode is deprecated"):
created = copilot.setup(tmp_path, m)
assert any(f.name.endswith(".agent.md") for f in created)
def test_skills_setup_does_not_warn_about_legacy_default(self, tmp_path):
from specify_cli.integrations.copilot import CopilotIntegration
copilot = CopilotIntegration()
m = IntegrationManifest("copilot", tmp_path)
with warnings.catch_warnings(record=True) as caught:
warnings.simplefilter("always")
created = copilot.setup(tmp_path, m, parsed_options={"skills": True})
assert not any(
"Copilot legacy markdown mode is deprecated" in str(item.message)
for item in caught
)
assert any(f.name == "SKILL.md" for f in created)
def test_setup_creates_companion_prompts(self, tmp_path):
from specify_cli.integrations.copilot import CopilotIntegration
copilot = CopilotIntegration()
@@ -295,6 +322,51 @@ class TestCopilotIntegration:
f"Extra: {sorted(set(actual) - set(expected))}"
)
def test_default_cli_init_warns_legacy_markdown_is_deprecated(self, tmp_path):
"""Default Copilot init should warn users about the future skills default."""
from typer.testing import CliRunner
from specify_cli import app
project = tmp_path / "default-warning"
project.mkdir()
old_cwd = os.getcwd()
try:
os.chdir(project)
with pytest.warns(
UserWarning,
match="Copilot legacy markdown mode is deprecated",
):
result = CliRunner().invoke(app, [
"init", "--here", "--integration", "copilot", "--script", "sh",
], catch_exceptions=False)
finally:
os.chdir(old_cwd)
assert result.exit_code == 0, result.output
def test_skills_cli_init_does_not_warn_about_legacy_markdown(self, tmp_path):
"""Explicit Copilot skills mode should not warn about the legacy default."""
from typer.testing import CliRunner
from specify_cli import app
project = tmp_path / "skills-no-warning"
project.mkdir()
old_cwd = os.getcwd()
try:
os.chdir(project)
with warnings.catch_warnings(record=True) as caught:
warnings.simplefilter("always")
result = CliRunner().invoke(app, [
"init", "--here", "--integration", "copilot",
"--integration-options", "--skills", "--script", "sh",
], catch_exceptions=False)
finally:
os.chdir(old_cwd)
assert result.exit_code == 0, result.output
assert not any(
"Copilot legacy markdown mode is deprecated" in str(item.message)
for item in caught
)
class TestCopilotSkillsMode:
"""Tests for Copilot integration in --skills mode."""

View File

@@ -28,7 +28,7 @@ class TestDevinBuildExecArgs:
assert args is not None, (
"DevinIntegration.build_exec_args must not return None. "
"None is the codebase sentinel for IDE-only integrations "
"(see WindsurfIntegration); Devin is dispatchable via 'devin -p'."
"(see KilocodeIntegration); Devin is dispatchable via 'devin -p'."
)
assert args[:3] == ["devin", "-p", "test prompt"]

View File

@@ -403,7 +403,7 @@ class TestForgeCommandRegistrar:
encoding="utf-8"
)
# Register with Windsurf (standard markdown agent without inject_name)
# Register with Kilo Code (standard markdown agent without inject_name)
registrar = CommandRegistrar()
commands = [
{
@@ -413,22 +413,22 @@ class TestForgeCommandRegistrar:
]
registrar.register_commands(
"windsurf",
"kilocode",
commands,
"test-extension",
ext_dir,
tmp_path
)
# Windsurf uses standard markdown format without name injection.
# Kilo Code uses standard markdown format without name injection.
# The format_name callback should not be invoked for non-Forge agents.
windsurf_cmd = tmp_path / ".windsurf" / "workflows" / "speckit.my-extension.example.md"
assert windsurf_cmd.exists()
kilocode_cmd = tmp_path / ".kilocode" / "workflows" / "speckit.my-extension.example.md"
assert kilocode_cmd.exists()
content = windsurf_cmd.read_text(encoding="utf-8")
# Windsurf should NOT have a name field injected
content = kilocode_cmd.read_text(encoding="utf-8")
# Kilo Code should NOT have a name field injected
assert "name:" not in content, (
"Windsurf should not inject name field - format_name callback should be Forge-only"
"Kilo Code should not inject name field - format_name callback should be Forge-only"
)
def test_git_extension_command_uses_hyphen_notation(self, tmp_path):

View File

@@ -1,10 +0,0 @@
"""Tests for IflowIntegration."""
from .test_integration_base_markdown import MarkdownIntegrationTests
class TestIflowIntegration(MarkdownIntegrationTests):
KEY = "iflow"
FOLDER = ".iflow/"
COMMANDS_SUBDIR = "commands"
REGISTRAR_DIR = ".iflow/commands"

View File

@@ -1,10 +0,0 @@
"""Tests for RooIntegration."""
from .test_integration_base_markdown import MarkdownIntegrationTests
class TestRooIntegration(MarkdownIntegrationTests):
KEY = "roo"
FOLDER = ".roo/"
COMMANDS_SUBDIR = "commands"
REGISTRAR_DIR = ".roo/commands"

View File

@@ -1,10 +0,0 @@
"""Tests for WindsurfIntegration."""
from .test_integration_base_markdown import MarkdownIntegrationTests
class TestWindsurfIntegration(MarkdownIntegrationTests):
KEY = "windsurf"
FOLDER = ".windsurf/"
COMMANDS_SUBDIR = "workflows"
REGISTRAR_DIR = ".windsurf/workflows"

View File

@@ -22,8 +22,8 @@ ALL_INTEGRATION_KEYS = [
"copilot",
# Stage 3 — standard markdown integrations
"claude", "qwen", "opencode", "junie", "kilocode", "auggie",
"roo", "rovodev", "codebuddy", "qodercli", "amp", "shai", "bob", "trae",
"pi", "iflow", "kiro-cli", "windsurf", "vibe", "cursor-agent", "firebender",
"rovodev", "codebuddy", "qodercli", "amp", "shai", "bob", "trae",
"pi", "kiro-cli", "vibe", "cursor-agent", "firebender",
# Stage 4 — TOML integrations
"gemini", "tabnine",
# Stage 5 — skills, generic & option-driven integrations
@@ -244,3 +244,26 @@ class TestMultiInstallSafeContracts:
f"{initial} and {additional} are declared multi-install safe but both manage "
f"these files: {sorted(initial_files & additional_files)}"
)
class TestCatalogParity:
"""The discovery catalog must list every registered integration."""
def test_every_registered_integration_is_in_catalog(self):
"""``integrations/catalog.json`` must cover every registry key.
The catalog is the discovery manifest; an integration that is
registered, registrar-aligned and registry-tested but missing from
the catalog is undiscoverable through it. ``generic`` is exempt —
it is the no-fixed-directory fallback, not a catalogued agent.
"""
from pathlib import Path
repo_root = Path(__file__).resolve().parents[2]
catalog = json.loads(
(repo_root / "integrations" / "catalog.json").read_text(encoding="utf-8")
)
catalogued = set(catalog["integrations"])
registered = set(INTEGRATION_REGISTRY) - {"generic"}
missing = sorted(registered - catalogued)
assert not missing, f"integrations missing from catalog.json: {missing}"

View File

@@ -27,7 +27,6 @@ ISSUE_TEMPLATE_AGENT_KEYS = [
"goose",
"hermes",
"bob",
"iflow",
"junie",
"kilocode",
"kimi",
@@ -39,12 +38,10 @@ ISSUE_TEMPLATE_AGENT_KEYS = [
"pi",
"qodercli",
"qwen",
"roo",
"rovodev",
"shai",
"tabnine",
"trae",
"windsurf",
"zcode",
"zed",
]
@@ -292,28 +289,6 @@ class TestAgentConfigConsistency:
"""AGENT_CONFIG should include pi."""
assert "pi" in AGENT_CONFIG
# --- iFlow CLI consistency checks ---
def test_iflow_in_agent_config(self):
"""AGENT_CONFIG should include iflow with correct folder and commands_subdir."""
assert "iflow" in AGENT_CONFIG
assert AGENT_CONFIG["iflow"]["folder"] == ".iflow/"
assert AGENT_CONFIG["iflow"]["commands_subdir"] == "commands"
assert AGENT_CONFIG["iflow"]["requires_cli"] is True
def test_iflow_in_extension_registrar(self):
"""Extension command registrar should include iflow targeting .iflow/commands."""
cfg = CommandRegistrar.AGENT_CONFIGS
assert "iflow" in cfg
assert cfg["iflow"]["dir"] == ".iflow/commands"
assert cfg["iflow"]["format"] == "markdown"
assert cfg["iflow"]["args"] == "$ARGUMENTS"
def test_agent_config_includes_iflow(self):
"""AGENT_CONFIG should include iflow."""
assert "iflow" in AGENT_CONFIG
# --- Goose consistency checks ---
def test_goose_in_agent_config(self):

View File

@@ -163,6 +163,66 @@ def test_normal_mode_still_validates_branch(prereq_repo: Path) -> None:
assert result.stdout.strip() == ""
@requires_bash
def test_paths_only_does_not_persist_feature_json(prereq_repo: Path) -> None:
"""--paths-only must not rewrite feature.json even when the env override
differs from the pinned value (#3025).
Path resolution is read-only, so it must never dirty the working tree or
overwrite the persisted feature directory.
"""
pinned = "specs/001-my-feature"
(prereq_repo / "specs" / "001-my-feature").mkdir(parents=True, exist_ok=True)
(prereq_repo / "specs" / "002-other").mkdir(parents=True, exist_ok=True)
_write_feature_json(prereq_repo, pinned)
fj = prereq_repo / ".specify" / "feature.json"
before = fj.read_text(encoding="utf-8")
script = prereq_repo / ".specify" / "scripts" / "bash" / "check-prerequisites.sh"
env = _clean_env()
env["SPECIFY_FEATURE_DIRECTORY"] = "specs/002-other"
result = subprocess.run(
["bash", str(script), "--json", "--paths-only"],
cwd=prereq_repo,
capture_output=True,
text=True,
check=False,
env=env,
)
assert result.returncode == 0, result.stderr
# The override is honored in the output...
data = json.loads(result.stdout)
assert "002-other" in data["FEATURE_DIR"]
# ...but the pinned file on disk is untouched.
assert fj.read_text(encoding="utf-8") == before
@requires_bash
def test_normal_mode_still_persists_feature_json(prereq_repo: Path) -> None:
"""Without --paths-only, the env override is still persisted to feature.json,
so the --no-persist opt-out does not regress normal write behavior (#3025)."""
(prereq_repo / "specs" / "001-my-feature").mkdir(parents=True, exist_ok=True)
feat = prereq_repo / "specs" / "002-other"
feat.mkdir(parents=True, exist_ok=True)
(feat / "plan.md").write_text("# plan\n", encoding="utf-8")
_write_feature_json(prereq_repo, "specs/001-my-feature")
fj = prereq_repo / ".specify" / "feature.json"
script = prereq_repo / ".specify" / "scripts" / "bash" / "check-prerequisites.sh"
env = _clean_env()
env["SPECIFY_FEATURE_DIRECTORY"] = "specs/002-other"
result = subprocess.run(
["bash", str(script), "--json"],
cwd=prereq_repo,
capture_output=True,
text=True,
check=False,
env=env,
)
assert result.returncode == 0, result.stderr
assert json.loads(fj.read_text(encoding="utf-8"))["feature_directory"] == "specs/002-other"
# ── PowerShell tests ──────────────────────────────────────────────────────
@@ -283,3 +343,64 @@ def test_ps_missing_tasks_error_goes_to_stderr(prereq_repo: Path) -> None:
assert "tasks.md not found" in result.stderr
assert "tasks.md not found" not in result.stdout
assert result.stdout.strip() == ""
@pytest.mark.skipif(not (HAS_PWSH or _WINDOWS_POWERSHELL), reason="no PowerShell available")
def test_ps_paths_only_does_not_persist_feature_json(prereq_repo: Path) -> None:
"""-PathsOnly must not rewrite feature.json even when the env override
differs from the pinned value (#3025)."""
pinned = "specs/001-my-feature"
(prereq_repo / "specs" / "001-my-feature").mkdir(parents=True, exist_ok=True)
(prereq_repo / "specs" / "002-other").mkdir(parents=True, exist_ok=True)
_write_feature_json(prereq_repo, pinned)
fj = prereq_repo / ".specify" / "feature.json"
before = fj.read_text(encoding="utf-8")
script = prereq_repo / ".specify" / "scripts" / "powershell" / "check-prerequisites.ps1"
exe = "pwsh" if HAS_PWSH else _WINDOWS_POWERSHELL
env = _clean_env()
env["SPECIFY_FEATURE_DIRECTORY"] = "specs/002-other"
result = subprocess.run(
[exe, "-NoProfile", "-File", str(script), "-Json", "-PathsOnly"],
cwd=prereq_repo,
capture_output=True,
text=True,
check=False,
env=env,
)
assert result.returncode == 0, result.stderr
data = json.loads(result.stdout)
assert "002-other" in data["FEATURE_DIR"]
assert fj.read_text(encoding="utf-8") == before
@pytest.mark.skipif(not (HAS_PWSH or _WINDOWS_POWERSHELL), reason="no PowerShell available")
def test_ps_normal_mode_still_persists_feature_json(prereq_repo: Path) -> None:
"""Without -PathsOnly, the env override is still persisted to feature.json,
so the -NoPersist opt-out does not regress normal write behavior (#3025).
Symmetric to the bash test_normal_mode_still_persists_feature_json guard:
asserts the default path still persists and that -NoPersist is not passed
unconditionally.
"""
(prereq_repo / "specs" / "001-my-feature").mkdir(parents=True, exist_ok=True)
feat = prereq_repo / "specs" / "002-other"
feat.mkdir(parents=True, exist_ok=True)
(feat / "plan.md").write_text("# plan\n", encoding="utf-8")
_write_feature_json(prereq_repo, "specs/001-my-feature")
fj = prereq_repo / ".specify" / "feature.json"
script = prereq_repo / ".specify" / "scripts" / "powershell" / "check-prerequisites.ps1"
exe = "pwsh" if HAS_PWSH else _WINDOWS_POWERSHELL
env = _clean_env()
env["SPECIFY_FEATURE_DIRECTORY"] = "specs/002-other"
result = subprocess.run(
[exe, "-NoProfile", "-File", str(script), "-Json"],
cwd=prereq_repo,
capture_output=True,
text=True,
check=False,
env=env,
)
assert result.returncode == 0, result.stderr
assert json.loads(fj.read_text(encoding="utf-8"))["feature_directory"] == "specs/002-other"

View File

@@ -37,8 +37,8 @@ from specify_cli.extensions import (
ValidationError,
CompatibilityError,
normalize_priority,
version_satisfies,
)
from specify_cli._utils import version_satisfies
# Minimal valid ZIP (empty end-of-central-directory record). Passes
# zipfile.is_zipfile() so --from download tests exercise the content guard.
@@ -1005,6 +1005,14 @@ class TestExtensionManager:
with pytest.raises(CompatibilityError, match="Extension requires spec-kit"):
manager.check_compatibility(manifest, "0.0.1")
def test_check_compatibility_allows_prerelease_builds(self, extension_dir, project_dir):
"""Prerelease spec-kit builds should satisfy compatible version ranges."""
manager = ExtensionManager(project_dir)
manifest = ExtensionManifest(extension_dir / "extension.yml")
result = manager.check_compatibility(manifest, "0.8.8.dev0")
assert result is True
def test_install_from_directory(self, extension_dir, project_dir):
"""Test installing extension from directory."""
manager = ExtensionManager(project_dir)
@@ -2629,6 +2637,12 @@ class TestVersionSatisfies:
assert version_satisfies("1.0.5", ">=1.0.0,!=1.0.3")
assert not version_satisfies("1.0.3", ">=1.0.0,!=1.0.3")
def test_version_satisfies_prerelease(self):
"""Prerelease builds should satisfy compatible lower bounds, but not higher bounds."""
assert version_satisfies("0.8.8.dev0", ">=0.2.0")
assert not version_satisfies("0.2.0.dev0", ">=0.2.0")
assert not version_satisfies("0.8.7.dev1", ">=0.8.8")
def test_version_satisfies_invalid(self):
"""Test invalid version strings."""
assert not version_satisfies("invalid", ">=1.0.0")

View File

@@ -710,6 +710,15 @@ class TestPresetManager:
manifest = PresetManifest(pack_dir / "preset.yml")
assert manager.check_compatibility(manifest, "0.1.5") is True
def test_check_compatibility_prerelease(self, pack_dir, temp_dir):
"""Test compatibility check allows prereleases and fails on boundary."""
manager = PresetManager(temp_dir)
manifest = PresetManifest(pack_dir / "preset.yml")
# manifest requires >=0.1.0
assert manager.check_compatibility(manifest, "0.8.8.dev0") is True
with pytest.raises(PresetCompatibilityError, match="Preset requires spec-kit"):
manager.check_compatibility(manifest, "0.1.0.dev0")
def test_check_compatibility_invalid(self, pack_dir, temp_dir):
"""Test compatibility check with invalid specifier."""
manager = PresetManager(temp_dir)
@@ -1427,14 +1436,15 @@ class TestPresetCatalog:
@pytest.mark.parametrize(
"url",
[
"https://:8080", # port only, no host
"https://:0", # port only, no host
"https://user@", # userinfo only, no host
"https://user:pw@", # userinfo only, no host
"https://:8080", # port only, no host
"https://:8080/catalog.json", # port only, with path
"https://:0", # port only, no host
"https://user@", # userinfo only, no host
"https://user:pass@", # userinfo only, no host
],
)
def test_validate_catalog_url_hostless_rejected(self, project_dir, url):
"""Reject host-less URLs whose netloc is truthy but hostname is None.
"""Reject host-less URLs whose netloc is truthy but hostname is None (#3209).
``urlparse('https://:8080').netloc`` is ``':8080'`` (truthy) but its
``hostname`` is ``None``, so a netloc-based check would accept a URL

View File

@@ -246,3 +246,27 @@ def test_ps_setup_plan_copied_message_on_stderr_in_json_mode(plan_repo: Path) ->
data = json.loads(result.stdout)
assert "IMPL_PLAN" in data
assert "Copied plan template" in result.stderr
@pytest.mark.skipif(not (HAS_PWSH or _WINDOWS_POWERSHELL), reason="no PowerShell available")
def test_ps_setup_plan_template_not_found_warning_matches_bash(plan_repo: Path) -> None:
"""When no plan template resolves, -Json mode must emit 'Warning: Plan template
not found' on stderr (matching the bash twin's wording and stream routing) while
keeping stdout pure JSON. Before the fix the PowerShell script used Write-Warning,
producing a different 'WARNING:' prefix on the warning stream instead."""
# Remove the template the fixture installs so resolution finds nothing.
(plan_repo / ".specify" / "templates" / "plan-template.md").unlink()
script = plan_repo / ".specify" / "scripts" / "powershell" / "setup-plan.ps1"
exe = "pwsh" if HAS_PWSH else _WINDOWS_POWERSHELL
result = subprocess.run(
[exe, "-NoProfile", "-File", str(script), "-Json"],
cwd=plan_repo,
capture_output=True,
text=True,
check=False,
env=_clean_env(),
)
assert result.returncode == 0, result.stderr
data = json.loads(result.stdout)
assert "IMPL_PLAN" in data
assert "Warning: Plan template not found" in result.stderr

View File

@@ -204,7 +204,91 @@ class TestWorkflowRunWithoutProject:
os.chdir(old_cwd)
assert result.exit_code != 0
assert "Refusing to use symlinked .specify path in current directory" in result.output
assert "Refusing to use symlinked .specify path" in result.output
def test_workflow_run_yaml_rejects_symlinked_workflows_dir(self, tmp_path):
"""Running local YAML should fail when .specify/workflows is a symlink."""
from typer.testing import CliRunner
from specify_cli import app
runner = CliRunner()
workflow_file = tmp_path / "test-workflow.yml"
workflow_content = {
"schema_version": "1.0",
"workflow": {
"id": "symlink-workflows-test",
"name": "Symlink Workflows Test",
"version": "1.0.0",
"description": "A workflow for symlink guard testing",
},
"steps": [{"id": "noop", "type": "shell", "run": "echo done"}],
}
workflow_file.write_text(yaml.dump(workflow_content), encoding="utf-8")
(tmp_path / ".specify").mkdir()
target_dir = tmp_path / "real-workflows-dir"
target_dir.mkdir()
try:
(tmp_path / ".specify" / "workflows").symlink_to(
target_dir, target_is_directory=True
)
except (OSError, NotImplementedError):
pytest.skip("Symlinks are not available in this environment")
old_cwd = os.getcwd()
try:
os.chdir(tmp_path)
result = runner.invoke(app, [
"workflow", "run", str(workflow_file),
], catch_exceptions=False)
finally:
os.chdir(old_cwd)
assert result.exit_code != 0
assert "Refusing to use symlinked .specify/workflows path" in result.output
def test_workflow_run_yaml_rejects_symlinked_runs_dir(self, tmp_path):
"""Running local YAML should fail when .specify/workflows/runs is a symlink."""
from typer.testing import CliRunner
from specify_cli import app
runner = CliRunner()
workflow_file = tmp_path / "test-workflow.yml"
workflow_content = {
"schema_version": "1.0",
"workflow": {
"id": "symlink-runs-test",
"name": "Symlink Runs Test",
"version": "1.0.0",
"description": "A workflow for symlink guard testing",
},
"steps": [{"id": "noop", "type": "shell", "run": "echo done"}],
}
workflow_file.write_text(yaml.dump(workflow_content), encoding="utf-8")
(tmp_path / ".specify" / "workflows").mkdir(parents=True)
target_dir = tmp_path / "real-runs-dir"
target_dir.mkdir()
try:
(tmp_path / ".specify" / "workflows" / "runs").symlink_to(
target_dir, target_is_directory=True
)
except (OSError, NotImplementedError):
pytest.skip("Symlinks are not available in this environment")
old_cwd = os.getcwd()
try:
os.chdir(tmp_path)
result = runner.invoke(app, [
"workflow", "run", str(workflow_file),
], catch_exceptions=False)
finally:
os.chdir(old_cwd)
assert result.exit_code != 0
assert "Refusing to use symlinked .specify/workflows/runs path" in result.output
def test_workflow_run_yaml_rejects_non_directory_specify_path(self, tmp_path):
"""Running local YAML should fail when .specify is not a directory."""

View File

@@ -650,8 +650,8 @@ class TestBuildExecArgs:
assert "--yolo" in args
def test_ide_only_returns_none(self):
from specify_cli.integrations.windsurf import WindsurfIntegration
impl = WindsurfIntegration()
from specify_cli.integrations.kilocode import KilocodeIntegration
impl = KilocodeIntegration()
assert impl.build_exec_args("test") is None
def test_no_model_omits_flag(self):
@@ -1822,6 +1822,12 @@ class TestWhileStep:
step = WhileStep()
errors = step.validate({"id": "test", "condition": "{{ true }}", "max_iterations": 0, "steps": []})
assert any("must be an integer >= 1" in e for e in errors)
# bool is an int subclass; `max_iterations: true` must be rejected, not
# silently treated as a single iteration.
bool_errors = step.validate(
{"id": "test", "condition": "{{ true }}", "max_iterations": True, "steps": []}
)
assert any("must be an integer >= 1" in e for e in bool_errors)
class TestDoWhileStep:
@@ -1861,6 +1867,21 @@ class TestDoWhileStep:
assert len(result.next_steps) == 1
assert result.output["max_iterations"] == 5
def test_validate_rejects_bool_max_iterations(self):
from specify_cli.workflows.steps.do_while import DoWhileStep
step = DoWhileStep()
# bool is an int subclass; `max_iterations: true` must be rejected.
errors = step.validate(
{"id": "test", "condition": "{{ true }}", "max_iterations": True, "steps": []}
)
assert any("must be an integer >= 1" in e for e in errors)
# a real positive integer is fully valid (no errors at all).
ok = step.validate(
{"id": "test", "condition": "{{ true }}", "max_iterations": 3, "steps": []}
)
assert ok == [], ok
def test_execute_empty_steps(self):
from specify_cli.workflows.steps.do_while import DoWhileStep
from specify_cli.workflows.base import StepContext
@@ -2045,6 +2066,210 @@ class TestFanInStep:
assert any("non-empty list" in e for e in errors)
class TestFanOutConcurrency:
"""Fan-out honors max_concurrency (WorkflowEngine._run_fan_out)."""
@staticmethod
def _build(tmp_path, on_item=None):
"""Wire an engine + run state to a probe step that echoes context.item.
Per-item output is ``{"seen": <item>}`` so order and per-thread item
isolation are checkable. ``on_item(item)`` may run a side effect and
optionally return a StepStatus to override COMPLETED (or raise).
"""
from specify_cli.workflows.base import (
RunStatus,
StepBase,
StepContext,
StepResult,
StepStatus,
)
from specify_cli.workflows.engine import RunState, WorkflowEngine
class _ProbeStep(StepBase):
type_key = "probe"
def execute(self, config, context):
status = StepStatus.COMPLETED
if on_item is not None:
override = on_item(context.item)
if override is not None:
status = override
return StepResult(status=status, output={"seen": context.item})
engine = WorkflowEngine(project_root=tmp_path)
context = StepContext()
state = RunState(run_id="r", workflow_id="w", project_root=tmp_path)
state.status = RunStatus.RUNNING
template = {"id": "impl", "type": "probe"}
return engine, context, state, {"probe": _ProbeStep()}, template
def _run(self, tmp_path, items, max_concurrency, on_item=None):
engine, context, state, registry, template = self._build(tmp_path, on_item)
results = engine._run_fan_out(
items, template, "fan", context, state, registry, max_concurrency
)
return results, state
def test_sequential_default_preserves_order(self, tmp_path):
results, _ = self._run(tmp_path, list(range(5)), 1)
assert results == [{"seen": i} for i in range(5)]
def test_concurrent_runs_all_items_in_item_order(self, tmp_path):
results, _ = self._run(tmp_path, list(range(10)), 4)
assert results == [{"seen": i} for i in range(10)]
def test_sequential_and_concurrent_agree(self, tmp_path):
items = [{"n": i} for i in range(8)]
seq, _ = self._run(tmp_path, items, 1)
con, _ = self._run(tmp_path, items, 4)
assert seq == con == [{"seen": {"n": i}} for i in range(8)]
def test_shuffled_completion_preserves_item_order(self, tmp_path):
# Determinism keystone: completion order is forced to the exact REVERSE of
# item order by an event chain (no sleeps) — item i blocks until item i+1
# has finished, so item 0 completes LAST — yet results must still be in
# item order. K == len(items) so all workers are in flight together.
import threading
n = 4
done = [threading.Event() for _ in range(n)]
completion: list[int] = []
clock = threading.Lock()
def on_item(item):
if item + 1 < n:
assert done[item + 1].wait(2.0), f"item {item + 1} never finished"
with clock:
completion.append(item)
done[item].set()
return None
results, _ = self._run(tmp_path, list(range(n)), n, on_item)
assert results == [{"seen": i} for i in range(n)]
assert completion == list(reversed(range(n)))
def test_concurrency_is_real(self, tmp_path):
import threading
# Deterministic proof of real parallelism (no wall-clock threshold to
# tune or flake): every item must reach the barrier before any may pass.
# Sequential execution would block the first item forever — the barrier
# times out, raises BrokenBarrierError, and fails the test.
n = 4
barrier = threading.Barrier(n, timeout=5)
def on_item(item):
barrier.wait()
return None
results, _ = self._run(tmp_path, list(range(n)), n, on_item)
assert results == [{"seen": i} for i in range(n)]
@pytest.mark.parametrize("bad", [0, -1, None, "abc", 1.0])
def test_invalid_max_concurrency_coerces_to_sequential(self, tmp_path, bad):
results, _ = self._run(tmp_path, list(range(4)), bad)
assert results == [{"seen": i} for i in range(4)]
def test_string_max_concurrency_is_honored(self, tmp_path):
results, _ = self._run(tmp_path, list(range(4)), "2")
assert results == [{"seen": i} for i in range(4)]
def test_context_item_isolation_across_threads(self, tmp_path):
items = [{"id": f"x{i}"} for i in range(6)]
results, _ = self._run(tmp_path, items, 6)
assert [r["seen"]["id"] for r in results] == [f"x{i}" for i in range(6)]
def test_empty_items(self, tmp_path):
results, _ = self._run(tmp_path, [], 4)
assert results == []
def test_concurrent_halt_status_not_clobbered_by_later_item(self, tmp_path):
# Item 1 PAUSES (first halting item in order); item 3 FAILS while in
# flight. The final run status must be the halting item's (PAUSED), never
# a later item's (FAILED) that raced after it — matching sequential.
from specify_cli.workflows.base import RunStatus, StepStatus
def on_item(item):
if item == 1:
return StepStatus.PAUSED
if item == 3:
return StepStatus.FAILED
return None
results, state = self._run(tmp_path, list(range(4)), 4, on_item)
assert results == [{"seen": 0}, {"seen": 1}]
assert state.status == RunStatus.PAUSED
def test_halt_on_failure_sequential_returns_prefix(self, tmp_path):
from specify_cli.workflows.base import RunStatus, StepStatus
def on_item(item):
return StepStatus.FAILED if item == 2 else None
results, state = self._run(tmp_path, list(range(5)), 1, on_item)
assert len(results) == 3 # items 0,1,2 ran; 3,4 never dispatched
assert results[2] == {"seen": 2}
assert state.status == RunStatus.FAILED
def test_halt_on_failure_concurrent_includes_halting_item(self, tmp_path):
# The concurrent prefix must match the sequential one: items up to and
# INCLUDING the failing item (2), never a short prefix that drops it just
# because a later in-flight item flipped the shared run status first.
from specify_cli.workflows.base import RunStatus, StepStatus
def on_item(item):
return StepStatus.FAILED if item == 2 else None
results, state = self._run(tmp_path, list(range(6)), 4, on_item)
assert results == [{"seen": 0}, {"seen": 1}, {"seen": 2}]
assert state.status == RunStatus.FAILED
def test_continue_on_error_item_does_not_halt_concurrent(self, tmp_path):
# A failing item whose template sets continue_on_error must NOT truncate
# the fan-out: every item still runs and is returned in order.
from specify_cli.workflows.base import StepStatus
def on_item(item):
return StepStatus.FAILED if item == 2 else None
engine, context, state, registry, template = self._build(tmp_path, on_item)
template["continue_on_error"] = True
results = engine._run_fan_out(
list(range(5)), template, "fan", context, state, registry, 4
)
assert results == [{"seen": i} for i in range(5)]
def test_unknown_template_type_halts_concurrent_like_sequential(self, tmp_path):
# A template whose type isn't registered fails fast and records no result;
# the concurrent path must still attribute the halt to the first item and
# return the same prefix as sequential — never run on as if completed.
from specify_cli.workflows.base import RunStatus, StepContext
from specify_cli.workflows.engine import RunState, WorkflowEngine
def fresh():
state = RunState(run_id="r", workflow_id="w", project_root=tmp_path)
state.status = RunStatus.RUNNING
return WorkflowEngine(project_root=tmp_path), StepContext(), state
template = {"id": "impl", "type": "does-not-exist"}
e1, c1, s1 = fresh()
seq = e1._run_fan_out(list(range(5)), template, "fan", c1, s1, {}, 1)
e2, c2, s2 = fresh()
con = e2._run_fan_out(list(range(5)), template, "fan", c2, s2, {}, 4)
assert seq == con == [{}] # halted at the first item; rest never returned
assert s1.status == s2.status == RunStatus.FAILED
def test_first_exception_cancels_and_reraises(self, tmp_path):
def on_item(item):
if item == 0:
raise ValueError("boom")
return None
with pytest.raises(ValueError, match="boom"):
self._run(tmp_path, list(range(4)), 2, on_item)
class TestFanInWaitForValidation:
"""fan-in wait_for must reference a declared step (no silent empty join)."""
@@ -5078,6 +5303,279 @@ class TestWorkflowStepRemoveCLI:
assert "Refusing to use symlinked step directory" in result.output
class TestWorkflowRemoveGuard:
def test_remove_rejects_traversal_registry_key(self, project_dir, monkeypatch):
"""A corrupted registry key must not let remove delete outside workflows/."""
from typer.testing import CliRunner
from specify_cli import app
from specify_cli.workflows.catalog import WorkflowRegistry
registry = WorkflowRegistry(project_dir)
registry.add("../outside", {"name": "Bad"})
outside = project_dir / ".specify" / "outside"
outside.mkdir()
sentinel = outside / "keep.txt"
sentinel.write_text("keep", encoding="utf-8")
monkeypatch.chdir(project_dir)
result = CliRunner().invoke(app, ["workflow", "remove", "../outside"])
assert result.exit_code != 0
assert "Invalid workflow ID" in result.output
assert sentinel.read_text(encoding="utf-8") == "keep"
@pytest.mark.parametrize("workflow_id", ["runs", "steps"])
def test_remove_rejects_reserved_storage_ids(
self, project_dir, monkeypatch, workflow_id
):
"""Reserved workflow storage directories must never be removable workflows."""
from typer.testing import CliRunner
from specify_cli import app
from specify_cli.workflows.catalog import WorkflowRegistry
registry = WorkflowRegistry(project_dir)
registry.add(workflow_id, {"name": "Bad"})
reserved_dir = project_dir / ".specify" / "workflows" / workflow_id
reserved_dir.mkdir(exist_ok=True)
sentinel = reserved_dir / "keep.txt"
sentinel.write_text("keep", encoding="utf-8")
monkeypatch.chdir(project_dir)
result = CliRunner().invoke(app, ["workflow", "remove", workflow_id])
assert result.exit_code != 0
assert "Invalid workflow ID" in result.output
assert sentinel.read_text(encoding="utf-8") == "keep"
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_remove_refuses_symlinked_workflow_dir(self, project_dir, monkeypatch):
"""A symlinked workflow directory must not let remove delete its target."""
from typer.testing import CliRunner
from specify_cli import app
from specify_cli.workflows.catalog import WorkflowRegistry
registry = WorkflowRegistry(project_dir)
registry.add("test-wf", {"name": "Test"})
outside = project_dir / "outside-workflow-remove-target"
outside.mkdir(exist_ok=True)
sentinel = outside / "keep.txt"
sentinel.write_text("keep", encoding="utf-8")
(project_dir / ".specify" / "workflows" / "test-wf").symlink_to(
outside, target_is_directory=True
)
monkeypatch.chdir(project_dir)
result = CliRunner().invoke(app, ["workflow", "remove", "test-wf"])
assert result.exit_code != 0
assert "symlinked .specify/workflows/test-wf" in result.output
assert sentinel.read_text(encoding="utf-8") == "keep"
assert WorkflowRegistry(project_dir).is_installed("test-wf")
def test_remove_refuses_non_directory_workflow_path(self, project_dir, monkeypatch):
"""A file at the workflow path must fail cleanly instead of crashing."""
from typer.testing import CliRunner
from specify_cli import app
from specify_cli.workflows.catalog import WorkflowRegistry
registry = WorkflowRegistry(project_dir)
registry.add("test-wf", {"name": "Test"})
workflow_path = project_dir / ".specify" / "workflows" / "test-wf"
workflow_path.write_text("not a directory", encoding="utf-8")
monkeypatch.chdir(project_dir)
result = CliRunner().invoke(app, ["workflow", "remove", "test-wf"])
assert result.exit_code != 0
assert "exists but is not a directory" in result.output
assert workflow_path.read_text(encoding="utf-8") == "not a directory"
assert WorkflowRegistry(project_dir).is_installed("test-wf")
class TestWorkflowAddSymlinkGuard:
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_add_refuses_symlinked_specify(self, temp_dir, monkeypatch):
"""workflow add must refuse a symlinked .specify (writes could escape root)."""
from typer.testing import CliRunner
from specify_cli import app
outside = temp_dir.parent / "outside-specify-target"
(outside / "workflows").mkdir(parents=True, exist_ok=True)
(temp_dir / ".specify").symlink_to(outside, target_is_directory=True)
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "add", "anything.yml"])
assert result.exit_code != 0
assert "symlinked .specify" in result.output
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_add_refuses_symlinked_workflows_dir(self, temp_dir, monkeypatch):
"""workflow add must refuse a symlinked .specify/workflows directory."""
from typer.testing import CliRunner
from specify_cli import app
(temp_dir / ".specify").mkdir()
outside = temp_dir.parent / "outside-workflows-target"
outside.mkdir(parents=True, exist_ok=True)
(temp_dir / ".specify" / "workflows").symlink_to(outside, target_is_directory=True)
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "add", "anything.yml"])
assert result.exit_code != 0
assert "symlinked .specify/workflows" in result.output
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_add_refuses_symlinked_id_dir(self, temp_dir, monkeypatch, sample_workflow_yaml):
"""A symlinked <id> install dir must not let a copy escape the project root."""
from typer.testing import CliRunner
from specify_cli import app
(temp_dir / ".specify" / "workflows").mkdir(parents=True)
outside = temp_dir.parent / "outside-id-target"
outside.mkdir(parents=True, exist_ok=True)
# <id> from the YAML below is "test-workflow"; plant it as a symlink.
(temp_dir / ".specify" / "workflows" / "test-workflow").symlink_to(
outside, target_is_directory=True
)
src = temp_dir / "incoming.yml"
src.write_text(sample_workflow_yaml, encoding="utf-8")
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "add", str(src)])
assert result.exit_code != 0
# No write-through: the symlink target stays empty.
assert not (outside / "workflow.yml").exists()
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_add_refuses_symlinked_workflow_yml_leaf(self, temp_dir, monkeypatch, sample_workflow_yaml):
"""A symlinked <id>/workflow.yml must not let copy2 write through the link."""
from typer.testing import CliRunner
from specify_cli import app
id_dir = temp_dir / ".specify" / "workflows" / "test-workflow"
id_dir.mkdir(parents=True)
outside_file = temp_dir.parent / "outside-leaf-target.yml"
outside_file.write_text("original\n", encoding="utf-8")
(id_dir / "workflow.yml").symlink_to(outside_file)
src = temp_dir / "incoming.yml"
src.write_text(sample_workflow_yaml, encoding="utf-8")
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "add", str(src)])
assert result.exit_code != 0
# Rich may wrap the message; assert on the unbroken path fragment.
assert "test-workflow/workflow.yml" in result.output
assert "symlinked" in result.output
# The link target content is untouched.
assert outside_file.read_text(encoding="utf-8") == "original\n"
def test_add_refuses_non_directory_id(self, temp_dir, monkeypatch, sample_workflow_yaml):
"""An <id> path that already exists as a file must fail cleanly, not crash."""
from typer.testing import CliRunner
from specify_cli import app
wf_dir = temp_dir / ".specify" / "workflows"
wf_dir.mkdir(parents=True)
(wf_dir / "test-workflow").write_text("not a dir", encoding="utf-8")
src = temp_dir / "incoming.yml"
src.write_text(sample_workflow_yaml, encoding="utf-8")
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "add", str(src)])
assert result.exit_code != 0
assert "exists but is not a directory" in result.output
assert result.exception is None or isinstance(result.exception, SystemExit)
def test_add_refuses_workflow_yml_as_directory(self, temp_dir, monkeypatch, sample_workflow_yaml):
"""A pre-existing <id>/workflow.yml *directory* must fail cleanly, not crash."""
from typer.testing import CliRunner
from specify_cli import app
id_dir = temp_dir / ".specify" / "workflows" / "test-workflow"
id_dir.mkdir(parents=True)
# Plant workflow.yml as a directory so a later write/copy2 would raise
# IsADirectoryError without the explicit non-file guard.
(id_dir / "workflow.yml").mkdir()
src = temp_dir / "incoming.yml"
src.write_text(sample_workflow_yaml, encoding="utf-8")
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "add", str(src)])
assert result.exit_code != 0
assert "test-workflow/workflow.yml" in result.output
assert "is not a file" in result.output
# Clean exit, not an unhandled IsADirectoryError traceback.
assert result.exception is None or isinstance(result.exception, SystemExit)
def test_safe_workflow_id_dir_escapes_markup_in_invalid_id(self, temp_dir, capsys):
"""A traversal <id> carrying Rich markup must be escaped, not interpreted."""
import typer
from specify_cli.workflows._commands import _safe_workflow_id_dir
workflows_dir = temp_dir / ".specify" / "workflows"
workflows_dir.mkdir(parents=True)
# Traversal (so the "Invalid workflow ID" branch fires) plus markup.
with pytest.raises(typer.Exit):
_safe_workflow_id_dir(workflows_dir, "../[red]evil[/red]")
out = capsys.readouterr().out
# Literal bracketed text survives; Rich did not consume it as a tag.
assert "[red]evil[/red]" in out
@pytest.mark.parametrize(
"workflow_id",
[
"runs",
"steps",
"nested/workflow",
"nested\\workflow",
"bad id",
" bad-id",
"bad-id ",
],
)
def test_safe_workflow_id_dir_rejects_reserved_or_non_segment_ids(
self, temp_dir, workflow_id, capsys
):
"""Install IDs must not collide with workflow internals or create nested paths."""
import typer
from specify_cli.workflows._commands import _safe_workflow_id_dir
workflows_dir = temp_dir / ".specify" / "workflows"
workflows_dir.mkdir(parents=True)
with pytest.raises(typer.Exit):
_safe_workflow_id_dir(workflows_dir, workflow_id)
assert "Invalid workflow ID" in capsys.readouterr().out
assert not (workflows_dir / workflow_id).exists()
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_list_refuses_symlinked_runs_dir(self, temp_dir, monkeypatch):
"""workflow commands using the project shim must refuse symlinked run storage."""
from typer.testing import CliRunner
from specify_cli import app
(temp_dir / ".specify" / "workflows").mkdir(parents=True)
outside = temp_dir.parent / "outside-runs-target"
outside.mkdir(parents=True, exist_ok=True)
(temp_dir / ".specify" / "workflows" / "runs").symlink_to(
outside, target_is_directory=True
)
monkeypatch.chdir(temp_dir)
result = CliRunner().invoke(app, ["workflow", "list"])
assert result.exit_code != 0
assert "symlinked .specify/workflows/runs" in result.output
class TestWorkflowStepAddCLI:
@pytest.mark.skipif(not hasattr(os, "symlink"), reason="symlinks are unavailable")
def test_add_rejects_symlinked_steps_base_dir(self, project_dir, monkeypatch):
@@ -5391,7 +5889,7 @@ steps:
# at the file-descriptor level, so it sees the subprocess output too.
import subprocess
import sys as _sys
from specify_cli import _stdout_to_stderr_when
from specify_cli.workflows._commands import _stdout_to_stderr_when
print("STDOUT_BEFORE")
with _stdout_to_stderr_when(True):
@@ -5410,7 +5908,7 @@ steps:
assert "PY_LEAK" in err and "SUBPROC_LEAK" in err
def test_json_redirect_inactive_is_noop(self, capfd):
from specify_cli import _stdout_to_stderr_when
from specify_cli.workflows._commands import _stdout_to_stderr_when
with _stdout_to_stderr_when(False):
print("VISIBLE_ON_STDOUT")
@@ -6031,7 +6529,7 @@ steps:
# not cleared afterwards, so a `completed`/`failed` run whose last
# executed step was a gate must NOT surface a stale gate block.
from types import SimpleNamespace
from specify_cli import _gate_outcome
from specify_cli.workflows._commands import _gate_outcome
gate_step = {
"type": "gate",
@@ -6058,7 +6556,7 @@ steps:
# message may be a non-string YAML literal (e.g. a number); the JSON
# surface normalises it so the emitted schema stays stable.
from types import SimpleNamespace
from specify_cli import _gate_outcome
from specify_cli.workflows._commands import _gate_outcome
state = SimpleNamespace(
status=SimpleNamespace(value="paused"),
@@ -6077,7 +6575,7 @@ steps:
# workflow; the JSON surface always normalises them to list[str] | None
# so the emitted schema is stable regardless of the input shape.
from types import SimpleNamespace
from specify_cli import _gate_outcome
from specify_cli.workflows._commands import _gate_outcome
def _options_payload(options):
state = SimpleNamespace(
@@ -6107,7 +6605,7 @@ steps:
# surface normalises it to str (and keeps None = no decision yet),
# consistent with the message/options normalization.
from types import SimpleNamespace
from specify_cli import _gate_outcome
from specify_cli.workflows._commands import _gate_outcome
def _choice_payload(choice):
state = SimpleNamespace(
@@ -6131,7 +6629,7 @@ steps:
# gate is still detected by its unique output signature (`on_reject`),
# so resume surfaces the gate block instead of silently dropping it.
from types import SimpleNamespace
from specify_cli import _gate_outcome
from specify_cli.workflows._commands import _gate_outcome
state = SimpleNamespace(
status=SimpleNamespace(value="paused"),
@@ -6157,7 +6655,7 @@ steps:
# A typeless record lacking the gate signature must NOT be mistaken for
# a gate (the fallback keys off `on_reject`, which only GateStep writes).
from types import SimpleNamespace
from specify_cli import _gate_outcome
from specify_cli.workflows._commands import _gate_outcome
state = SimpleNamespace(
status=SimpleNamespace(value="paused"),

View File

@@ -69,6 +69,49 @@ def test_add_source_persists_absolute_local_path(tmp_path: Path, monkeypatch):
assert Path(source.url) == catalog.resolve()
def test_remove_source_accepts_relative_local_path(tmp_path: Path, monkeypatch):
"""add_source stores a local path as an absolute url, so remove_source must
accept the same relative path the caller added; otherwise `remove ./cat.json`
cannot undo `add ./cat.json`."""
project = tmp_path / "proj"
(project / ".specify").mkdir(parents=True)
catalog = project / "sub" / "cat.json"
catalog.parent.mkdir()
catalog.write_text("{}", encoding="utf-8")
monkeypatch.chdir(project)
cc.add_source(project, "sub/cat.json", policy="install-allowed", priority=50)
# Removing with the same relative path must succeed (stored absolute).
removed = cc.remove_source(project, "sub/cat.json")
assert removed == "sub/cat.json"
# And it is actually gone now.
with pytest.raises(BundlerError, match="No project-scoped catalog source"):
cc.remove_source(project, "sub/cat.json")
def test_remove_by_id_does_not_also_delete_canonical_url_match(tmp_path: Path, monkeypatch):
"""`remove <id>` must remove only the exact-id source, not also a different
source whose url happens to equal the id's canonicalized path. (_canonicalize_url
treats a bare id as a local path, so the canonical match is only a fallback when
there is no exact id/url match.)"""
project = tmp_path / "proj"
(project / ".specify").mkdir(parents=True)
monkeypatch.chdir(project)
# Source A: id "local", a remote url.
cc.add_source(
project, "https://example.com/a.json", source_id="local",
policy="install-allowed", priority=10,
)
# Source B: a local path that canonicalizes to <cwd>/local, with a distinct id.
cc.add_source(project, "local", source_id="bsource", policy="install-allowed", priority=20)
removed = cc.remove_source(project, "local")
assert removed == "local"
ids = {c["id"] for c in cc._read(project)}
assert "local" not in ids # the exact-id source was removed
assert "bsource" in ids # the canonical-url source survives (not collateral)
def test_add_source_refuses_symlinked_specify_escape(tmp_path: Path):
project = tmp_path / "proj"
project.mkdir()