Compare commits

..

41 Commits

Author SHA1 Message Date
github-actions[bot]
48685926cf chore: bump version to 0.8.4 2026-05-01 15:14:31 +00:00
Ismael
bb8fd50763 fix(specify): correct self-referencing step number in validation flow (#2152) 2026-05-01 10:13:31 -05:00
dependabot[bot]
cc6f203dd9 chore(deps): bump DavidAnson/markdownlint-cli2-action (#2425)
Bumps [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) from 23.0.0 to 23.1.0.
- [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases)
- [Commits](ce4853d438...6b51ade7a9)

---
updated-dependencies:
- dependency-name: DavidAnson/markdownlint-cli2-action
  dependency-version: 23.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-01 08:56:13 -05:00
Thorsten Hindermann
de9d98683a Add security-governance to community catalog (#2386)
Co-authored-by: Your Name <your@email.example>
2026-05-01 08:17:12 -05:00
Thorsten Hindermann
4133c8a543 Add cross-platform-governance to community catalog (#2384)
Co-authored-by: Your Name <your@email.example>
2026-05-01 08:03:12 -05:00
Thorsten Hindermann
6ee8a887e0 Add architecture-governance to community catalog (#2383)
Co-authored-by: Your Name <your@email.example>
2026-05-01 07:57:02 -05:00
Thorsten Hindermann
b13eea1e27 Add a11y-governance to community catalog (#2381)
Co-authored-by: Your Name <your@email.example>
2026-05-01 07:47:22 -05:00
Alex Vieira
9fac01fb47 feat(extensions): add Spec2Cloud extension for Azure deployment workflow (#2412)
* feat(extensions): add Spec2Cloud extension for Azure deployment workflow

Co-authored-by: Copilot <copilot@github.com>

* Update extensions/catalog.community.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update extensions/catalog.community.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* feat(extensions): update Spec2Cloud extension details and remove duplicate entry

Co-authored-by: Copilot <copilot@github.com>

* fix(extensions): correct formatting of updated_at timestamp

* fix(extensions): update Spec2Cloud extension version and timestamps

---------

Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-05-01 07:46:48 -05:00
Chengyou Liu
5edc9a5358 fix: migrate extension commands on integration switch (#2404)
* fix: migrate extension commands on integration switch

When switching integrations (e.g. kimi → opencode), extension commands
were not re-registered for the new agent, leaving the new agent without
extension support and orphaning files in the old agent's directory.

Changes:
- Add ExtensionManager.unregister_agent_artifacts() to clean up old
  agent extension files and registry entries during switch
- Add ExtensionManager.register_enabled_extensions_for_agent() to
  re-register all enabled extensions for the new agent
- Wire both into integration_switch() after uninstall/install phases
- Handle skills mode (Copilot --skills) correctly
- Add tests for kimi→opencode→claude migration, Copilot skills mode,
  and disabled extension handling

Fixes extension commands not appearing after integration switch.

* Update src/specify_cli/extensions.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-05-01 07:41:38 -05:00
Jeff Williams
da1bf028ab feat: add Squad Bridge extension to community catalog (#2417)
* feat: add squad bridge extension to community catalog

Adds spec-kit-squad by jwill824 — a Spec Kit extension that bootstraps
and synchronizes a Squad agent team from your Speckit spec and tasks.

- 4 commands: init, generate, route, status
- 2 hooks: after_specify (generate), after_tasks (route)
- v1.0.0 release

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* chore: add requires.tools for squad-cli in catalog entry

* Update extensions/catalog.community.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-29 17:05:08 -05:00
Manfred Riem
7cedd85f2a chore: release 0.8.3, begin 0.8.4.dev0 development (#2418)
* chore: bump version to 0.8.3

* chore: begin 0.8.4.dev0 development

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-29 16:50:09 -05:00
Sakit
2cb848f0d3 Add Work IQ extension to community catalog (#2415)
* Add Work IQ extension to community catalog

Adds the Work IQ extension by sakitA to the community catalog.
Work IQ integrates Microsoft 365 organizational knowledge (emails,
meetings, documents, Teams) into spec-driven development workflows.

- 4 commands: ask, context, stakeholders, enrich
- 2 hooks: before_specify, after_specify
- Requires: speckit >=0.1.0, Node.js >=18.0.0, workiq CLI

Repository: https://github.com/sakitA/spec-kit-workiq

* Address PR review comments

- Fix download_url to use .zip (Spec Kit installer requires ZIP format)
- Bump top-level catalog updated_at to 2026-04-29

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Sakit Atakishiyev <satakishiyev@microsoft.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 16:41:19 -05:00
vishal-gandhi
237e918f11 feat(integrations): add Devin for Terminal skills-based integration (#2364)
* feat(integrations): add Devin for Terminal skills-based integration

- Register DevinIntegration as a SkillsIntegration with .devin/skills/ layout
- Add catalog entry, docs row, and supported-agents listing
- Display /speckit-<command> hyphen syntax in init "Next Steps" panel
  (matches Claude/Cursor/Copilot skills mode, since Devin invokes skills
  by directory name)

Closes #2346

* fix(devin): implement -p non-interactive dispatch; clarify skills comment

Addresses Copilot review on PR #2364:

- Override build_exec_args() in DevinIntegration to emit
  'devin -p <prompt> [--model X]' for non-interactive text dispatch
  (verified Devin CLI supports -p / --print). Returns None when
  output_json=True since Devin has no structured-output flag, so
  CommandStep workflows that require JSON cleanly raise
  NotImplementedError instead of crashing on an unknown CLI flag.
  requires_cli=True is retained for tool detection.

- Extend the skills-integrations enumeration comment in
  specify_cli/__init__.py to include copilot and devin so the
  comment matches the code below it.

* fix(devin): always return exec args; document plain-text stdout

Addresses third Copilot review comment on PR #2364.

Returning None from build_exec_args() when output_json=True
incorrectly used the codebase's IDE-only sentinel: workflow
CommandStep checks 'impl.build_exec_args("test") is None' to
detect non-dispatchable integrations (test_workflows.py exercises
this with WindsurfIntegration). The previous implementation made
Devin appear non-dispatchable to all command steps even though it
runs fine via 'devin -p'.

Always return the args list. When output_json is requested, Devin
is still dispatched and returns plain-text stdout instead of
structured JSON; the docstring documents this explicitly.

* docs(devin): include claude in skills-integrations enumeration comment

Addresses Copilot review on PR #2364: the comment listing skills
integrations omitted Claude, which is also a SkillsIntegration
subclass. Updated to keep the comment accurate for future readers.

* test(devin): add build_exec_args regression tests; bump catalog updated_at

Addresses Copilot review on PR #2364, per @mnriem's request to
'address the Copilot feedback, especially the testing ask':

- tests/integrations/test_integration_devin.py: add TestDevinBuildExecArgs
  with three regression assertions:
    * build_exec_args returns args (not the None IDE-only sentinel)
    * --output-format is never emitted, regardless of output_json
    * --model flag is passed through correctly
- integrations/catalog.json: bump top-level updated_at to reflect the
  Devin entry addition so downstream catalog consumers can detect the
  change reliably.
2026-04-29 16:22:06 -05:00
Quratulain-bilal
ab9c70262d fix: include --from git+... in upgrade hint to avoid PyPI squat package (#2411)
The compatibility-error messages in extensions.py and presets.py, plus the
extension troubleshooting guide, told users to upgrade with:

    uv tool install specify-cli --force

Without `--from git+https://github.com/github/spec-kit.git`, uv resolves
`specify-cli` from PyPI, where an unrelated package with the same name
(no author, no project URLs) ships a stub CLI that lacks `extension`,
`preset`, and most spec-kit commands. Users following the upgrade hint
land on the squat package and report "extension command removed"
(see #1982).

Reuse the existing `REINSTALL_COMMAND` constant in extensions.py and
import it from presets.py so all three call sites point at the GitHub
source. The doc fix also adds a one-line note explaining the PyPI
collision so the same advice doesn't get re-stripped later.

Refs #1982
2026-04-29 10:12:04 -05:00
Andrii Furmanets
c079b2cc32 fix: dispatch opencode commands via run (#2410) 2026-04-29 09:39:45 -05:00
Adrian Osorio Blanchard
1049e17a43 feat: add catalog discovery CLI commands (#2360)
* feat: add catalog discovery CLI commands

* fix: address second Copilot review

* fix: address third Copilot review

* fix: align catalog remove with displayed order

* fix: route local catalog config errors to local guidance

* fix: address integration catalog review feedback

* fix: accept numeric string catalog priorities

* fix: align catalog remove with visible entries

* fix: preserve invalid catalog root validation

* fix: include invalid catalog priority value

* fix: preserve falsy catalog root validation

* fix: clarify integration catalog guidance

* fix: align integration catalog list and remove

* fix: align integration catalog edge cases

* fix: clarify catalog error guidance tests

* fix: clarify integration catalog edge cases

* fix: harden integration catalog removal

* fix: validate integration state before catalog search

* fix: reject empty integration catalog URL

* fix: allow catalog remove to clean non-string URLs

* fix: address catalog env and priority review

* fix: align catalog source display names

* fix: align catalog fallback names
2026-04-29 07:24:30 -05:00
Dyan Galih
9cf3151a72 update security review extension catalog to v1.3.0 (#2374)
* chore: update security review catalog metadata

* fix: sync security review catalog with v1.3.0

* chore: refresh community catalog timestamp

* fix: update author information for Security Review catalog entry

* fix: correct author name format in Security Review catalog entry

* chore: refresh community catalog timestamps

* chore: reapply catalog formatting

* chore: align catalog formatting with main
2026-04-29 07:16:01 -05:00
Leonardo Nascimento
9483e5cb1f chore(catalog): bump v-model extension to v0.6.0 (#2399)
Update v-model extension entry in community catalog to reflect the v0.6.0
release: https://github.com/leocamello/spec-kit-v-model/releases/tag/v0.6.0

Highlights of v0.6.0:
- Domain Overlay Architecture (9 overlay manifests; automotive, medical,
  aerospace, general)
- ID Lifecycle Model (Proposed -> Active -> Deprecated -> Removed)
- Standards enrichment across all 11 commands (IEEE 1012:2016, ISO
  25010:2023, ISO 42030:2019, ISO 12207:2017, IEEE 1016, IEEE 29148,
  ISO 29119-4, ISO 14971, DO-178C, ARP4761A, INCOSE SE Handbook)
- Aerospace DO-178C support: Flight Warning Computer DAL-A golden fixture
- Test infrastructure: fixtures reorganized; +11 LLM-as-judge evals (42 -> 53)

Command count remains 14 (no new commands added in this release).
Stars updated to live count (21) from GitHub API.
2026-04-28 17:14:21 -05:00
NaviaSamal
38f99e8381 feat: add threatmodel extension to community catalog (#2369)
* feat: add threatmodel extension to community catalog

* update timestamp for catalogue freshness

* update timestamp for catalogue freshness

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Update README.md

update readme.md with spec-kit-threatmodel

---------

Co-authored-by: Samal <navia.samal@sap.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 17:02:42 -05:00
Thorsten Hindermann
16aa57fce4 Add isaqb-architecture-governance to community catalog (#2385)
Co-authored-by: Your Name <your@email.example>
2026-04-28 15:34:53 -05:00
Manfred Riem
bc3409e340 chore: release 0.8.2, begin 0.8.3.dev0 development (#2397)
* chore: bump version to 0.8.2

* chore: begin 0.8.3.dev0 development

* Update CHANGELOG.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-28 13:52:25 -05:00
Ben Buttigieg
0aa588a9b4 Merge pull request #2392 from BenBtg/community/add-m365-extension
Add m365 to community catalog
2026-04-28 17:06:54 +01:00
Ben Buttigieg
ea92155b52 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 16:55:12 +01:00
Manfred Riem
047be2308c Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 10:50:23 -05:00
Ben Buttigieg
7d0f670b83 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 16:40:27 +01:00
Ben Buttigieg
5b3ebabcaf Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 16:36:01 +01:00
Ben Buttigieg
719eef3ff1 Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 16:31:53 +01:00
Ben Buttigieg
fe9f19d569 Potential fix for pull request finding
"microsoft-365",
        "teams",
        "meetings",
        "transcripts",

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 16:16:47 +01:00
Ben Buttigieg
56f9b95b0d Potential fix for pull request finding
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-04-28 16:07:20 +01:00
Ben Buttigieg
7b99fef2bc Merge branch 'main' into community/add-m365-extension 2026-04-28 15:51:40 +01:00
Ben Buttigieg
bd3ae9aaef Add MarkItDown Document Converter extension to community catalog (#2390) 2026-04-28 09:28:05 -05:00
Ben Buttigieg
a0634ef96e Merge branch 'github:main' into community/add-m365-extension 2026-04-28 15:18:50 +01:00
adaumann
a918979236 feat: Speckit preset fiction book v1.7 - Support for RAG (Chroma DB) offline semantic search (#2367)
* Update preset-fiction-book-writing to community catalog

- Preset ID: fiction-book-writing
- Version: 1.5.0
- Author: Andreas Daumann
- Description: Spec-Driven Development for novel and long-form fiction. Replaces software engineering terminology with storytelling craft: specs become story briefs, plans become story structures, and tasks become scene-by-scene writing tasks. Supports 8 POV modes, all major plot structure frameworks, 5 humanized-AI prose profiles, and exports to DOCX/EPUB/LaTeX via pandoc. V1.5.0: Support interactive, audiobooks, series, workflow corrections

* Add fiction-book-writing preset to community catalog

- Preset ID: fiction-book-writing
- Version: 1.6.0
- Author: Andreas Daumann
- Description: Added support for 12 languages, export with templates, cover builder, bio builder, workflow fixes

* Update presets/catalog.community.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fixed update_at for fiction-book-writing preset

* Update README.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fixed description for fiction-book-writing

* "Add fiction-book-preset to community catalog

- Preset ID: fiction-book-writing
- Version: 1.7.0
- Author: Andreas Daumann
- Description: It adapts the Spec-Driven Development workflow for storytelling to create books or audiobooks (with annotations) in 12 languages: features become story elements, specs become story briefs, plans become story structures, and tasks become scene-by-scene writing tasks. Supports single and multi-POV, all major plot structure frameworks, and two style modes: an author voice sample or humanized AI prose. Supports interactive elements like brainstorming, interview, roleplay and extras like statistics, cover builder and bio command. Export with templates for KDP, D2D etc. V1.7.0: Support for offline semantic search.

* Update presets/catalog.community.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update presets/catalog.community.json

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Add fiction-book-writing to community catalog

- Preset ID: fiction-book-writing
- Version: 1.7.0
- Author: Andreas Daumann
- Description: Spec-Driven Development for novel and long-form fiction. RAG support

* Update docs/community/presets.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-28 08:58:30 -05:00
Quratulain-bilal
3a7f64c8a5 fix(extensions): use explicit UTF-8 encoding when reading manifest YAML (#2370)
* fix(extensions): use explicit UTF-8 encoding when reading manifest YAML

On Windows, Python's open() defaults to the system locale encoding
(e.g., GBK on Chinese Windows), which causes UnicodeDecodeError when
extension.yml or preset.yml contains non-ASCII content such as Chinese
characters in description fields.

Add encoding='utf-8' to ExtensionManifest._load_yaml and
PresetManifest._load_yaml so manifests are read consistently across
platforms.

Fixes #2325

* test(extensions,presets): add UTF-8 manifest regression tests for #2325

Positive: extension.yml/preset.yml with non-ASCII (Chinese + emoji)
descriptions load correctly when written as UTF-8 bytes — fails on
Windows without explicit encoding='utf-8'.

Negative: files containing invalid UTF-8 bytes raise a clean error
(ValidationError or UnicodeDecodeError), not a silent crash.

* fix(extensions,presets): wrap I/O and decode errors as ValidationError

Address remaining Copilot concerns on #2370:

- Catch UnicodeDecodeError and OSError in both manifest loaders and
  re-raise as ValidationError / PresetValidationError so callers see a
  consistent error type, not a bare decode/IO traceback.
- Validate that PresetManifest YAML root is a mapping (extensions.py
  already had this; presets.py was missing it). Treat None as {} for
  empty-file compatibility.
- Tighten the negative regression tests to assert the specific message,
  and add a non-mapping-root test for PresetManifest matching the
  existing one for ExtensionManifest.
2026-04-28 08:47:22 -05:00
Ben Buttigieg
77ca5f4ed5 catalog: add m365 community extension
Add Microsoft 365 Integration to community catalog and README.
Ingests Teams messages, files, and meeting transcripts as Markdown
for use with speckit specify.
2026-04-27 17:54:50 +01:00
Manfred Riem
171b65ac33 docs: replace deprecated --ai flag with --integration in all documentation (#2359)
* docs: replace deprecated --ai flag with --integration in all documentation

Replace all user-facing --ai, --ai-skills, and --ai-commands-dir references
with their modern equivalents:

- --ai <agent> → --integration <agent>
- --ai-skills → --integration-options="--skills"
- --ai-commands-dir <dir> → --integration generic --integration-options="--commands-dir <dir>"

Updated files:
- README.md (~17 occurrences)
- docs/installation.md (~8 occurrences)
- docs/upgrade.md (~11 occurrences)
- docs/local-development.md (~5 occurrences)
- CONTRIBUTING.md (1 occurrence)
- extensions/EXTENSION-USER-GUIDE.md (1 occurrence)
- src/specify_cli/__init__.py (docstring examples and error messages)

Left unchanged:
- CHANGELOG.md (historical record)
- Test files (intentionally exercise deprecated flag path)
- CLI flag implementation (backward compatibility)

Closes #2358

* docs: address review feedback on pre-existing issues

- Fix duplicate copilot example in README.md (replace with codex)
- Fix invalid gemini --integration-options="--skills" example (gemini
  does not support --skills)
- Update generic integration comment from 'Unsupported agent' to
  'Bring your own agent; requires --commands-dir'
- Clarify EXTENSION-USER-GUIDE.md: skills auto-register for
  skills-based integrations, not only with --integration-options

* docs: replace bare 'AI agent' / 'AI assistant' with 'coding agent' throughout

Full sweep across all documentation and user-facing CLI messages to
align terminology. Bare references like 'AI agent', 'AI assistant',
and 'AI Agent' are replaced with 'coding agent' or 'coding agent
integration' as appropriate.

Intentionally left unchanged:
- 'AI coding agent' (already correct expanded form)
- Deprecated --ai flag help text and error messages (describes the
  deprecated flag itself)
- Community extension descriptions (external project text)
- 'generated by an AI' in CONTRIBUTING.md (general AI, not agent)

* docs: address review — remove deprecated --offline, qualify --skills scope

- Remove --offline from docstring examples (deprecated no-op)
- Remove --offline from CONTRIBUTING.md testing example
- Replace --offline instructions in docs/installation.md with note that
  bundled assets are used by default
- Qualify --integration-options="--skills" in README.md to note it only
  applies to integrations that support skills mode
2026-04-24 16:04:04 -05:00
Taylor Mulder
232c19cb04 feat(extensions,presets): authenticate GitHub-hosted catalog and download requests with GITHUB_TOKEN/GH_TOKEN (#2331)
* feat(extensions,presets): authenticate GitHub-hosted catalog and download requests with GITHUB_TOKEN/GH_TOKEN

Squashed from #2087 (original author: @anasseth).

Adds GitHub-token authentication to extension and preset catalog fetching
and ZIP downloads so private GitHub repos work when GITHUB_TOKEN/GH_TOKEN
is set, while preventing credential leakage to non-GitHub hosts.

- Introduces shared _github_http module with build_github_request() and
  open_github_url() helpers
- Routes ExtensionCatalog and PresetCatalog network calls through
  GitHub-auth-aware opener
- Adds comprehensive unit/integration tests for auth header behavior
- Updates user docs for both extensions and presets

Co-authored-by: anasseth <16745089+anasseth@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(auth): address review feedback from #2087

- Fix redirect handler to preserve Authorization on GitHub-to-GitHub
  redirects (e.g. github.com → codeload.github.com). The previous
  implementation relied on super().redirect_request() which strips
  auth on cross-host redirects, breaking private repo archive downloads.
- Add codeload.github.com to documented host lists in both
  EXTENSION-USER-GUIDE.md and presets/README.md
- Add redirect auth-preservation and auth-stripping tests

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(auth): use Bearer scheme instead of token for consistency

Aligns with the rest of the codebase (e.g. __init__.py:1721) and
GitHub's current API guidance. Updates all test assertions accordingly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix: address second round of Copilot review feedback

- Fix docstring to say Bearer instead of token (matches implementation)
- Remove unused imports/fixtures from redirect tests (GITHUB_HOSTS,
  MagicMock, temp_dir, monkeypatch)
- Replace __import__('io').BytesIO() with normal import io pattern
  in test_presets.py

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: anasseth <16745089+anasseth@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-24 14:17:40 -05:00
Manfred Riem
ca51d739fb Update extensify to v1.1.0 in community catalog (#2337) 2026-04-24 13:58:34 -05:00
Manfred Riem
03f3024c66 feat(init): deprecate --no-git flag, gate deprecations at v0.10.0 (#2357)
* feat(init): deprecate --no-git flag, gate deprecations at v0.10.0

- Add deprecation warning when --no-git is used on specify init
- Update --ai deprecation gate from 1.0.0 to 0.10.0
- Update test expectation for the new version gate

Closes #2167

* fix: address PR review feedback

- Update --no-git deprecation message to reference existing 'specify extension'
  commands instead of non-existent --extension flag
- Add test_no_git_emits_deprecation_warning CLI test

* fix: strengthen --no-git deprecation test assertions

Add assertions unique to the --no-git message ('will be removed',
'git extension will no longer be enabled by default') to prevent
false positives from the --ai deprecation panel.
2026-04-24 13:54:40 -05:00
Quratulain-bilal
aad7b16188 Add Spec Orchestrator extension to community catalog (#2350) 2026-04-24 13:11:39 -05:00
Manfred Riem
6cec171772 chore: release 0.8.1, begin 0.8.2.dev0 development (#2356)
* chore: bump version to 0.8.1

* chore: begin 0.8.2.dev0 development

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-04-24 12:50:38 -05:00
35 changed files with 3858 additions and 179 deletions

View File

@@ -8,7 +8,7 @@ body:
value: |
Thanks for requesting a new agent! Before submitting, please check if the agent is already supported.
**Currently supported agents**: Claude Code, Gemini CLI, GitHub Copilot, Cursor, Qwen Code, opencode, Codex CLI, Windsurf, Kilo Code, Auggie CLI, Roo Code, CodeBuddy, Qoder CLI, Kiro CLI, Amp, SHAI, Tabnine CLI, Antigravity, IBM Bob, Mistral Vibe, Kimi Code, Trae, Pi Coding Agent, iFlow CLI
**Currently supported agents**: Claude Code, Gemini CLI, GitHub Copilot, Cursor, Qwen Code, opencode, Codex CLI, Windsurf, Kilo Code, Auggie CLI, Roo Code, CodeBuddy, Qoder CLI, Kiro CLI, Amp, SHAI, Tabnine CLI, Antigravity, IBM Bob, Mistral Vibe, Kimi Code, Trae, Pi Coding Agent, iFlow CLI, Devin for Terminal
- type: input
id: agent-name

View File

@@ -15,7 +15,7 @@ jobs:
uses: actions/checkout@v6
- name: Run markdownlint-cli2
uses: DavidAnson/markdownlint-cli2-action@ce4853d43830c74c1753b39f3cf40f71c2031eb9 # v23
uses: DavidAnson/markdownlint-cli2-action@6b51ade7a9e4a75a7ad929842dd298a3804ebe8b # v23
with:
globs: |
'**/*.md'

View File

@@ -2,6 +2,51 @@
<!-- insert new changelog below this comment -->
## [0.8.4] - 2026-05-01
### Changed
- fix(specify): correct self-referencing step number in validation flow (#2152)
- chore(deps): bump DavidAnson/markdownlint-cli2-action (#2425)
- Add security-governance to community catalog (#2386)
- Add cross-platform-governance to community catalog (#2384)
- Add architecture-governance to community catalog (#2383)
- Add a11y-governance to community catalog (#2381)
- feat(extensions): add Spec2Cloud extension for Azure deployment workflow (#2412)
- fix: migrate extension commands on integration switch (#2404)
- feat: add Squad Bridge extension to community catalog (#2417)
- chore: release 0.8.3, begin 0.8.4.dev0 development (#2418)
## [0.8.3] - 2026-04-29
### Changed
- Add Work IQ extension to community catalog (#2415)
- feat(integrations): add Devin for Terminal skills-based integration (#2364)
- fix: include --from git+... in upgrade hint to avoid PyPI squat package (#2411)
- fix: dispatch opencode commands via run (#2410)
- feat: add catalog discovery CLI commands (#2360)
- update security review extension catalog to v1.3.0 (#2374)
- chore(catalog): bump v-model extension to v0.6.0 (#2399)
- feat: add threatmodel extension to community catalog (#2369)
- Add isaqb-architecture-governance to community catalog (#2385)
- chore: release 0.8.2, begin 0.8.3.dev0 development (#2397)
## [0.8.2] - 2026-04-28
### Changed
- Add MarkItDown Document Converter extension to community catalog (#2390)
- feat: Speckit preset fiction book v1.7 - Support for RAG (Chroma DB) offline semantic search (#2367)
- fix(extensions): use explicit UTF-8 encoding when reading manifest YAML (#2370)
- catalog: add m365 community extension
- docs: replace deprecated --ai flag with --integration in all documentation (#2359)
- feat(extensions,presets): authenticate GitHub-hosted catalog and download requests with GITHUB_TOKEN/GH_TOKEN (#2331)
- Update extensify to v1.1.0 in community catalog (#2337)
- feat(init): deprecate --no-git flag, gate deprecations at v0.10.0 (#2357)
- Add Spec Orchestrator extension to community catalog (#2350)
- chore: release 0.8.1, begin 0.8.2.dev0 development (#2356)
## [0.8.1] - 2026-04-24
### Changed

View File

@@ -94,7 +94,7 @@ uv pip install -e .
# Ensure the `specify` binary in this environment points at your working tree so the agent runs the branch you're testing.
# Initialize a test project using your local changes
uv run specify init <temp-dir>/speckit-test --ai <agent> --offline
uv run specify init <temp-dir>/speckit-test --integration <agent>
cd <temp-dir>/speckit-test
# Open in your agent
@@ -102,7 +102,7 @@ cd <temp-dir>/speckit-test
#### Manual testing process
Any change that affects a slash command's behavior requires manually testing that command through an AI agent and submitting results with the PR.
Any change that affects a slash command's behavior requires manually testing that command through a coding agent and submitting results with the PR.
1. **Identify affected commands** — use the [prompt below](#determining-which-tests-to-run) to have your agent analyze your changed files and determine which commands need testing.
2. **Set up a test project** — scaffold from your local branch (see [Testing setup](#testing-setup)).

0
EOF Normal file
View File

View File

@@ -81,9 +81,9 @@ And use the tool directly:
specify init <PROJECT_NAME>
# Or initialize in existing project
specify init . --ai copilot
specify init . --integration copilot
# or
specify init --here --ai copilot
specify init --here --integration copilot
# Check installed tools
specify check
@@ -105,9 +105,9 @@ Run directly without installing:
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <PROJECT_NAME>
# Or initialize in existing project
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init . --ai copilot
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init . --integration copilot
# or
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init --here --ai copilot
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init --here --integration copilot
```
**Benefits of persistent installation:**
@@ -123,7 +123,7 @@ If your environment blocks access to PyPI or GitHub, see the [Enterprise / Air-G
### 2. Establish project principles
Launch your AI assistant in the project directory. Most agents expose spec-kit as `/speckit.*` slash commands; Codex CLI in skills mode uses `$speckit-*` instead.
Launch your coding agent in the project directory. Most agents expose spec-kit as `/speckit.*` slash commands; Codex CLI in skills mode uses `$speckit-*` instead.
Use the **`/speckit.constitution`** command to create your project's governing principles and development guidelines that will guide all subsequent development.
@@ -228,11 +228,14 @@ The following community-contributed extensions are available in [`catalog.commun
| MAQA Jira Integration | Jira integration for MAQA — syncs Stories and Subtasks as features progress through the board | `integration` | Read+Write | [spec-kit-maqa-jira](https://github.com/GenieRobot/spec-kit-maqa-jira) |
| MAQA Linear Integration | Linear integration for MAQA — syncs issues and sub-issues across workflow states as features progress | `integration` | Read+Write | [spec-kit-maqa-linear](https://github.com/GenieRobot/spec-kit-maqa-linear) |
| MAQA Trello Integration | Trello board integration for MAQA — populates board from specs, moves cards, real-time checklist ticking | `integration` | Read+Write | [spec-kit-maqa-trello](https://github.com/GenieRobot/spec-kit-maqa-trello) |
| MarkItDown Document Converter | Convert documents (PDF, Word, PowerPoint, Excel, and more) to Markdown for use as spec reference material | `docs` | Read+Write | [spec-kit-markitdown](https://github.com/BenBtg/spec-kit-markitdown) |
| Memory Loader | Loads .specify/memory/ files before lifecycle commands so LLM agents have project governance context | `docs` | Read-only | [spec-kit-memory-loader](https://github.com/KevinBrown5280/spec-kit-memory-loader) |
| Memory MD | Repository-native durable memory for Spec Kit projects | `docs` | Read+Write | [spec-kit-memory-hub](https://github.com/DyanGalih/spec-kit-memory-hub) |
| MemoryLint | Agent memory governance tool: Automatically audits and fixes boundary conflicts between AGENTS.md and the constitution. | `process` | Read+Write | [memorylint](https://github.com/RbBtSn0w/spec-kit-extensions/tree/main/memorylint) |
| Microsoft 365 Integration | Fetch Teams messages, meeting transcripts, and SharePoint/OneDrive files as local Markdown for spec generation | `integration` | Read+Write | [spec-kit-m365](https://github.com/BenBtg/spec-kit-m365) |
| Onboard | Contextual onboarding and progressive growth for developers new to spec-kit projects. Explains specs, maps dependencies, validates understanding, and guides the next step | `process` | Read+Write | [spec-kit-onboard](https://github.com/dmux/spec-kit-onboard) |
| Optimize | Audit and optimize AI governance for context efficiency — token budgets, rule health, interpretability, compression, coherence, and echo detection | `process` | Read+Write | [spec-kit-optimize](https://github.com/sakitA/spec-kit-optimize) |
| OWASP LLM Threat Model | OWASP Top 10 for LLM Applications 2025 threat analysis on agent artifacts | `code` | Read-only | [spec-kit-threatmodel](https://github.com/NaviaSamal/spec-kit-threatmodel) |
| Plan Review Gate | Require spec.md and plan.md to be merged via MR/PR before allowing task generation | `process` | Read-only | [spec-kit-plan-review-gate](https://github.com/luno/spec-kit-plan-review-gate) |
| PR Bridge | Auto-generate pull request descriptions, checklists, and summaries from spec artifacts | `process` | Read-only | [spec-kit-pr-bridge-](https://github.com/Quratulain-bilal/spec-kit-pr-bridge-) |
| Presetify | Create and validate presets and preset catalogs | `process` | Read+Write | [presetify](https://github.com/mnriem/spec-kit-extensions/tree/main/presetify) |
@@ -249,17 +252,20 @@ The following community-contributed extensions are available in [`catalog.commun
| Review Extension | Post-implementation comprehensive code review with specialized agents for code quality, comments, tests, error handling, type design, and simplification | `code` | Read-only | [spec-kit-review](https://github.com/ismaelJimenez/spec-kit-review) |
| Ripple | Detect side effects that tests can't catch after implementation — delta-anchored analysis across 9 domain-agnostic categories | `code` | Read+Write | [spec-kit-ripple](https://github.com/chordpli/spec-kit-ripple) |
| SDD Utilities | Resume interrupted workflows, validate project health, and verify spec-to-task traceability | `process` | Read+Write | [speckit-utils](https://github.com/mvanhorn/speckit-utils) |
| Security Review | Comprehensive security audit of codebases using AI-powered DevSecOps analysis | `code` | Read-only | [spec-kit-security-review](https://github.com/DyanGalih/spec-kit-security-review) |
| Security Review | Full-project secure-by-design security audits plus staged, branch/PR, plan, task, follow-up, and apply reviews | `code` | Read+Write | [spec-kit-security-review](https://github.com/DyanGalih/spec-kit-security-review) |
| SFSpeckit | Enterprise Salesforce SDLC with 18 commands for the full SDD lifecycle. | `process` | Read+Write | [spec-kit-sf](https://github.com/ysumanth06/spec-kit-sf) |
| Ship Release Extension | Automates release pipeline: pre-flight checks, branch sync, changelog generation, CI verification, and PR creation | `process` | Read+Write | [spec-kit-ship](https://github.com/arunt14/spec-kit-ship) |
| Spec Reference Loader | Reads the ## References section from the feature spec and loads only the listed docs into context | `docs` | Read-only | [spec-kit-spec-reference-loader](https://github.com/KevinBrown5280/spec-kit-spec-reference-loader) |
| Spec Critique Extension | Dual-lens critical review of spec and plan from product strategy and engineering risk perspectives | `docs` | Read-only | [spec-kit-critique](https://github.com/arunt14/spec-kit-critique) |
| Spec Diagram | Auto-generate Mermaid diagrams of SDD workflow state, feature progress, and task dependencies | `visibility` | Read-only | [spec-kit-diagram-](https://github.com/Quratulain-bilal/spec-kit-diagram-) |
| Spec Orchestrator | Cross-feature orchestration — track state, select tasks, and detect conflicts across parallel specs | `process` | Read-only | [spec-kit-orchestrator](https://github.com/Quratulain-bilal/spec-kit-orchestrator) |
| Spec Refine | Update specs in-place, propagate changes to plan and tasks, and diff impact across artifacts | `process` | Read+Write | [spec-kit-refine](https://github.com/Quratulain-bilal/spec-kit-refine) |
| Spec Scope | Effort estimation and scope tracking — estimate work, detect creep, and budget time per phase | `process` | Read-only | [spec-kit-scope-](https://github.com/Quratulain-bilal/spec-kit-scope-) |
| Spec Sync | Detect and resolve drift between specs and implementation. AI-assisted resolution with human approval | `docs` | Read+Write | [spec-kit-sync](https://github.com/bgervin/spec-kit-sync) |
| Spec Validate | Comprehension validation, review gating, and approval state for spec-kit artifacts — staged quizzes, peer review SLA, and a hard gate before /speckit.implement | `process` | Read+Write | [spec-kit-spec-validate](https://github.com/aeltayeb/spec-kit-spec-validate) |
| Spec2Cloud | Spec-driven workflow tuned for shipping to Azure | `process` | Read+Write | [spec2cloud](https://github.com/Azure-Samples/Spec2Cloud) |
| SpecTest | Auto-generate test scaffolds from spec criteria, map coverage, and find untested requirements | `code` | Read+Write | [spec-kit-spectest](https://github.com/Quratulain-bilal/spec-kit-spectest) |
| Squad Bridge | Bootstrap and synchronize a Squad agent team from your Speckit spec and tasks | `process` | Read+Write | [spec-kit-squad](https://github.com/jwill824/spec-kit-squad) |
| Staff Review Extension | Staff-engineer-level code review that validates implementation against spec, checks security, performance, and test coverage | `code` | Read-only | [spec-kit-staff-review](https://github.com/arunt14/spec-kit-staff-review) |
| Status Report | Project status, feature progress, and next-action recommendations for spec-driven workflows | `visibility` | Read-only | [Open-Agent-Tools/spec-kit-status](https://github.com/Open-Agent-Tools/spec-kit-status) |
| Superpowers Bridge | Orchestrates obra/superpowers skills within the spec-kit SDD workflow across the full lifecycle (clarification, TDD, review, verification, critique, debugging, branch completion) | `process` | Read+Write | [superpowers-bridge](https://github.com/RbBtSn0w/spec-kit-extensions/tree/main/superpowers-bridge) |
@@ -271,6 +277,7 @@ The following community-contributed extensions are available in [`catalog.commun
| Version Guard | Verify tech stack versions against live npm registries before planning and implementation | `process` | Read-only | [spec-kit-version-guard](https://github.com/KevinBrown5280/spec-kit-version-guard) |
| What-if Analysis | Preview the downstream impact (complexity, effort, tasks, risks) of requirement changes before committing to them | `visibility` | Read-only | [spec-kit-whatif](https://github.com/DevAbdullah90/spec-kit-whatif) |
| Wireframe Visual Feedback Loop | SVG wireframe generation, review, and sign-off for spec-driven development. Approved wireframes become spec constraints honored by /speckit.plan, /speckit.tasks, and /speckit.implement | `visibility` | Read+Write | [spec-kit-extension-wireframe](https://github.com/TortoiseWolfe/spec-kit-extension-wireframe) |
| Work IQ | Integrate Microsoft 365 organizational knowledge into spec-driven development workflows | `integration` | Read-only | [spec-kit-workiq](https://github.com/sakitA/spec-kit-workiq) |
| Worktree Isolation | Spawn isolated git worktrees for parallel feature development without checkout switching | `process` | Read+Write | [spec-kit-worktree](https://github.com/Quratulain-bilal/spec-kit-worktree) |
| Worktrees | Default-on worktree isolation for parallel agents — sibling or nested layout | `process` | Read+Write | [spec-kit-worktree-parallel](https://github.com/dango85/spec-kit-worktree-parallel) |
@@ -301,7 +308,7 @@ Run `specify integration list` to see all available integrations in your install
## Available Slash Commands
After running `specify init`, your AI coding agent will have access to these slash commands for structured development. If you pass `--ai <agent> --ai-skills`, Spec Kit installs agent skills instead of slash-command prompt files; `--ai-skills` requires `--ai`.
After running `specify init`, your AI coding agent will have access to these slash commands for structured development. For integrations that support skills mode, passing `--integration <agent> --integration-options="--skills"` installs agent skills instead of slash-command prompt files.
#### Core Commands
@@ -474,37 +481,37 @@ specify init --here --force
![Specify CLI bootstrapping a new project in the terminal](./media/specify_cli.gif)
You will be prompted to select the AI agent you are using. You can also proactively specify it directly in the terminal:
You will be prompted to select the coding agent integration you are using. You can also proactively specify it directly in the terminal:
```bash
specify init <project_name> --ai copilot
specify init <project_name> --ai gemini
specify init <project_name> --ai copilot
specify init <project_name> --integration copilot
specify init <project_name> --integration gemini
specify init <project_name> --integration codex
# Or in current directory:
specify init . --ai copilot
specify init . --ai codex --ai-skills
specify init . --integration copilot
specify init . --integration codex --integration-options="--skills"
# or use --here flag
specify init --here --ai copilot
specify init --here --ai codex --ai-skills
specify init --here --integration copilot
specify init --here --integration codex --integration-options="--skills"
# Force merge into a non-empty current directory
specify init . --force --ai copilot
specify init . --force --integration copilot
# or
specify init --here --force --ai copilot
specify init --here --force --integration copilot
```
The CLI will check if you have Claude Code, Gemini CLI, Cursor CLI, Qwen CLI, opencode, Codex CLI, Qoder CLI, Tabnine CLI, Kiro CLI, Pi, Forge, Goose, or Mistral Vibe installed. If you do not, or you prefer to get the templates without checking for the right tools, use `--ignore-agent-tools` with your command:
```bash
specify init <project_name> --ai copilot --ignore-agent-tools
specify init <project_name> --integration copilot --ignore-agent-tools
```
### **STEP 1:** Establish project principles
Go to the project folder and run your AI agent. In our example, we're using `claude`.
Go to the project folder and run your coding agent. In our example, we're using `claude`.
![Bootstrapping Claude Code environment](./media/bootstrap-claude-code.gif)
@@ -516,7 +523,7 @@ The first step should be establishing your project's governing principles using
/speckit.constitution Create principles focused on code quality, testing standards, user experience consistency, and performance requirements. Include governance for how these principles should guide technical decisions and implementation choices.
```
This step creates or updates the `.specify/memory/constitution.md` file with your project's foundational guidelines that the AI agent will reference during specification, planning, and implementation phases.
This step creates or updates the `.specify/memory/constitution.md` file with your project's foundational guidelines that the coding agent will reference during specification, planning, and implementation phases.
### **STEP 2:** Create project specifications
@@ -724,9 +731,9 @@ The `/speckit.implement` command will:
- Provide progress updates and handle errors appropriately
> [!IMPORTANT]
> The AI agent will execute local CLI commands (such as `dotnet`, `npm`, etc.) - make sure you have the required tools installed on your machine.
> The coding agent will execute local CLI commands (such as `dotnet`, `npm`, etc.) - make sure you have the required tools installed on your machine.
Once the implementation is complete, test the application and resolve any runtime errors that may not be visible in CLI logs (e.g., browser console errors). You can copy and paste such errors back to your AI agent for resolution.
Once the implementation is complete, test the application and resolve any runtime errors that may not be visible in CLI logs (e.g., browser console errors). You can copy and paste such errors back to your coding agent for resolution.
</details>

View File

@@ -7,15 +7,20 @@ The following community-contributed presets customize how Spec Kit behaves — o
| Preset | Purpose | Provides | Requires | URL |
|--------|---------|----------|----------|-----|
| A11Y Governance | Adds WCAG 2.2 AA accessibility checks, bilingual DE/EN delivery, CEFR-B2 readability, CLI accessibility, and inclusive-content guidance | 9 templates, 3 commands | — | [spec-kit-preset-a11y-governance](https://github.com/hindermath/spec-kit-preset-a11y-governance) |
| AIDE In-Place Migration | Adapts the AIDE extension workflow for in-place technology migrations (X → Y pattern) — adds migration objectives, verification gates, knowledge documents, and behavioral equivalence criteria | 2 templates, 8 commands | AIDE extension | [spec-kit-presets](https://github.com/mnriem/spec-kit-presets) |
| Architecture Governance | Adds secure architecture governance: trust boundaries, threat modeling, STRIDE/CAPEC, S-ADRs, Zero Trust applicability, and OWASP SAMM | 11 templates, 3 commands | — | [spec-kit-preset-architecture-governance](https://github.com/hindermath/spec-kit-preset-architecture-governance) |
| Canon Core | Adapts original Spec Kit workflow to work together with Canon extension | 2 templates, 8 commands | — | [spec-kit-canon](https://github.com/maximiliamus/spec-kit-canon) |
| Claude AskUserQuestion | Upgrades `/speckit.clarify` and `/speckit.checklist` on Claude Code from Markdown-table prompts to the native AskUserQuestion picker, with a recommended option and reasoning on every question | 2 commands | — | [spec-kit-preset-claude-ask-questions](https://github.com/0xrafasec/spec-kit-preset-claude-ask-questions) |
| Cross-Platform Governance | Adds Bash/PowerShell parity, dry-run/WhatIf parity, Unix man-page expectations, PowerShell comment-based help, and Verb-Noun Cmdlet discipline | 8 templates, 3 commands | — | [spec-kit-preset-cross-platform-governance](https://github.com/hindermath/spec-kit-preset-cross-platform-governance) |
| Explicit Task Dependencies | Adds explicit `(depends on T###)` dependency declarations and an Execution Wave DAG to tasks.md for parallel scheduling | 1 template, 1 command | — | [spec-kit-preset-explicit-task-dependencies](https://github.com/Quratulain-bilal/spec-kit-preset-explicit-task-dependencies) |
| Fiction Book Writing | It adapts the Spec-Driven Development workflow for storytelling to create books or audiobooks (with annotations) in 12 languages: features become story elements, specs become story briefs, plans become story structures, and tasks become scene-by-scene writing tasks. Supports single and multi-POV, all major plot structure frameworks, and two style modes: an author voice sample or humanized AI prose. Supports interactive elements like brainstorming, interview, roleplay and extras like statistics, cover builder and bio command. Export with templates for KDP, D2D etc. | 22 templates, 27 commands, 1 script | — | [speckit-preset-fiction-book-writing](https://github.com/adaumann/speckit-preset-fiction-book-writing) |
| Fiction Book Writing | It adapts the Spec-Driven Development workflow for storytelling to create books or audiobooks (with annotations) in 12 languages: features become story elements, specs become story briefs, plans become story structures, and tasks become scene-by-scene writing tasks. Supports single and multi-POV, all major plot structure frameworks, and two style modes: an author voice sample or humanized AI prose. Supports interactive elements like brainstorming, interview, roleplay and extras like statistics, cover builder and bio command. Export with templates for KDP, D2D etc. | 22 templates, 27 commands, 2 scripts | — | [speckit-preset-fiction-book-writing](https://github.com/adaumann/speckit-preset-fiction-book-writing) |
| iSAQB Architecture Governance | Adds general iSAQB/CPSA-F and arc42 architecture governance: goals, context, building blocks, runtime and deployment views, quality scenarios, ADRs, risks, and technical debt | 13 templates, 3 commands | — | [spec-kit-preset-isaqb-architecture-governance](https://github.com/hindermath/spec-kit-preset-isaqb-architecture-governance) |
| Jira Issue Tracking | Overrides `speckit.taskstoissues` to create Jira epics, stories, and tasks instead of GitHub Issues via Atlassian MCP tools | 1 command | — | [spec-kit-preset-jira](https://github.com/luno/spec-kit-preset-jira) |
| Multi-Repo Branching | Coordinates feature branch creation across multiple git repositories (independent repos and submodules) during plan and tasks phases | 2 commands | — | [spec-kit-preset-multi-repo-branching](https://github.com/sakitA/spec-kit-preset-multi-repo-branching) |
| Pirate Speak (Full) | Transforms all Spec Kit output into pirate speak — specs become "Voyage Manifests", plans become "Battle Plans", tasks become "Crew Assignments" | 6 templates, 9 commands | — | [spec-kit-presets](https://github.com/mnriem/spec-kit-presets) |
| Screenwriting | Spec-Driven Development for screenwriting/scriptwriting/tutorials: feature films, television (pilot, episode, limited series), and stage plays. Adapts the Spec Kit workflow to screenplay craft — slug lines, action lines, act breaks, beat sheets, and industry-standard pitch documents. Supports three-act, Save the Cat, TV pilot, network episode, cable/streaming episode, and stage-play structural frameworks. Export to Fountain, FTX, PDF | 26 templates, 32 commands, 1 script | — | [speckit-preset-screenwriting](https://github.com/adaumann/speckit-preset-screenwriting) |
| Security Governance | Adds secure development governance: memory-safe-language preference, secure code generation, NIST SSDF, CWE Top 25, OWASP ASVS, SBOM/VEX/SLSA, OpenSSF Scorecard, and EU CRA applicability | 12 templates, 3 commands | — | [spec-kit-preset-security-governance](https://github.com/hindermath/spec-kit-preset-security-governance) |
| Table of Contents Navigation | Adds a navigable Table of Contents to generated spec.md, plan.md, and tasks.md documents | 3 templates, 3 commands | — | [spec-kit-preset-toc-navigation](https://github.com/Quratulain-bilal/spec-kit-preset-toc-navigation) |
| VS Code Ask Questions | Enhances the clarify command to use `vscode/askQuestions` for batched interactive questioning. | 1 command | — | [spec-kit-presets](https://github.com/fdcastel/spec-kit-presets) |

View File

@@ -39,16 +39,16 @@ uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init .
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init --here
```
### Specify AI Agent
### Specify Integration
You can proactively specify your AI agent during initialization:
You can proactively specify your coding agent integration during initialization:
```bash
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --ai claude
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --ai gemini
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --ai copilot
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --ai codebuddy
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --ai pi
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --integration claude
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --integration gemini
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --integration copilot
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --integration codebuddy
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --integration pi
```
### Specify Script Type (Shell vs PowerShell)
@@ -73,7 +73,7 @@ uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <proje
If you prefer to get the templates without checking for the right tools:
```bash
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --ai claude --ignore-agent-tools
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init <project_name> --integration claude --ignore-agent-tools
```
## Verification
@@ -86,7 +86,7 @@ specify version
This helps verify you are running the official Spec Kit build from GitHub, not an unrelated package with the same name.
After initialization, you should see the following commands available in your AI agent:
After initialization, you should see the following commands available in your coding agent:
- `/speckit.specify` - Create specifications
- `/speckit.plan` - Generate implementation plans
@@ -131,12 +131,10 @@ pip install --no-index --find-links=./dist specify-cli
```bash
# Initialize a project — no GitHub access needed
specify init my-project --ai claude --offline
specify init my-project --integration claude
```
The `--offline` flag tells the CLI to use the templates, commands, and scripts bundled inside the wheel instead of downloading from GitHub.
> **Deprecation notice:** Starting with v0.6.0, `specify init` will use bundled assets by default and the `--offline` flag will be removed. The GitHub download path will be retired because bundled assets eliminate the need for network access, avoid proxy/firewall issues, and guarantee that templates always match the installed CLI version. No action will be needed — `specify init` will simply work without network access out of the box.
Bundled assets are used by default — no network access is required.
> **Note:** Python 3.11+ is required.

View File

@@ -20,7 +20,7 @@ You can execute the CLI via the module entrypoint without installing anything:
```bash
# From repo root
python -m src.specify_cli --help
python -m src.specify_cli init demo-project --ai claude --ignore-agent-tools --script sh
python -m src.specify_cli init demo-project --integration claude --ignore-agent-tools --script sh
```
If you prefer invoking the script file style (uses shebang):
@@ -52,7 +52,7 @@ Re-running after code edits requires no reinstall because of editable mode.
`uvx` can run from a local path (or a Git ref) to simulate user flows:
```bash
uvx --from . specify init demo-uvx --ai copilot --ignore-agent-tools --script sh
uvx --from . specify init demo-uvx --integration copilot --ignore-agent-tools --script sh
```
You can also point uvx at a specific branch without merging:
@@ -69,14 +69,14 @@ If you're in another directory, use an absolute path instead of `.`:
```bash
uvx --from /mnt/c/GitHub/spec-kit specify --help
uvx --from /mnt/c/GitHub/spec-kit specify init demo-anywhere --ai copilot --ignore-agent-tools --script sh
uvx --from /mnt/c/GitHub/spec-kit specify init demo-anywhere --integration copilot --ignore-agent-tools --script sh
```
Set an environment variable for convenience:
```bash
export SPEC_KIT_SRC=/mnt/c/GitHub/spec-kit
uvx --from "$SPEC_KIT_SRC" specify init demo-env --ai copilot --ignore-agent-tools --script ps
uvx --from "$SPEC_KIT_SRC" specify init demo-env --integration copilot --ignore-agent-tools --script ps
```
(Optional) Define a shell function:
@@ -123,7 +123,7 @@ When testing `init --here` in a dirty directory, create a temp workspace:
```bash
mkdir /tmp/spec-test && cd /tmp/spec-test
python -m src.specify_cli init --here --ai claude --ignore-agent-tools --script sh # if repo copied here
python -m src.specify_cli init --here --integration claude --ignore-agent-tools --script sh # if repo copied here
```
Or copy only the modified CLI portion if you want a lighter sandbox.

View File

@@ -42,7 +42,7 @@ uvx --from git+https://github.com/github/spec-kit.git specify init <PROJECT_NAME
### Step 2: Define Your Constitution
**In your AI Agent's chat interface**, use the `/speckit.constitution` slash command to establish the core rules and principles for your project. You should provide your project's specific principles as arguments.
**In your coding agent's chat interface**, use the `/speckit.constitution` slash command to establish the core rules and principles for your project. You should provide your project's specific principles as arguments.
```markdown
/speckit.constitution This project follows a "Library-First" approach. All features must be implemented as standalone libraries first. We use TDD strictly. We prefer functional programming patterns.
@@ -159,7 +159,7 @@ Generate an actionable task list using the `/speckit.tasks` command:
### Step 7: Validate and Implement
Have your AI agent audit the implementation plan using `/speckit.analyze`:
Have your coding agent audit the implementation plan using `/speckit.analyze`:
```bash
/speckit.analyze
@@ -180,7 +180,7 @@ Finally, implement the solution:
- **Don't focus on tech stack** during specification phase
- **Iterate and refine** your specifications before implementation
- **Validate** the plan before coding begins
- **Let the AI agent handle** the implementation details
- **Let the coding agent handle** the implementation details
## Next Steps

View File

@@ -13,6 +13,7 @@ The Specify CLI supports a wide range of AI coding agents. When you run `specify
| [CodeBuddy CLI](https://www.codebuddy.ai/cli) | `codebuddy` | |
| [Codex CLI](https://github.com/openai/codex) | `codex` | Skills-based integration; installs skills into `.agents/skills` and invokes them as `$speckit-<command>` |
| [Cursor](https://cursor.sh/) | `cursor-agent` | |
| [Devin for Terminal](https://cli.devin.ai/docs) | `devin` | Skills-based integration; installs skills into `.devin/skills/` and invokes them as `/speckit-<command>` |
| [Forge](https://forgecode.dev/) | `forge` | |
| [Gemini CLI](https://github.com/google-gemini/gemini-cli) | `gemini` | |
| [GitHub Copilot](https://code.visualstudio.com/) | `copilot` | |

View File

@@ -10,7 +10,7 @@
|----------------|---------|-------------|
| **CLI Tool Only** | `uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git@vX.Y.Z` | Get latest CLI features without touching project files |
| **CLI Tool Only (pipx)** | `pipx install --force git+https://github.com/github/spec-kit.git@vX.Y.Z` | Reinstall/upgrade a pipx-installed CLI to a specific release |
| **Project Files** | `specify init --here --force --ai <your-agent>` | Update slash commands, templates, and scripts in your project |
| **Project Files** | `specify init --here --force --integration <your-agent>` | Update slash commands, templates, and scripts in your project |
| **Both** | Run CLI upgrade, then project update | Recommended for major version updates |
---
@@ -32,7 +32,7 @@ uv tool install specify-cli --force --from git+https://github.com/github/spec-ki
Specify the desired release tag:
```bash
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init --here --ai copilot
uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init --here --integration copilot
```
### If you installed with `pipx`
@@ -82,7 +82,7 @@ The `specs/` directory is completely excluded from template packages and will ne
Run this inside your project directory:
```bash
specify init --here --force --ai <your-agent>
specify init --here --force --integration <your-agent>
```
Replace `<your-agent>` with your AI coding agent. Refer to this list of [Supported AI Coding Agent Integrations](reference/integrations.md)
@@ -90,7 +90,7 @@ Replace `<your-agent>` with your AI coding agent. Refer to this list of [Support
**Example:**
```bash
specify init --here --force --ai copilot
specify init --here --force --integration copilot
```
### Understanding the `--force` flag
@@ -124,7 +124,7 @@ Without `--force`, shared infrastructure files that already exist are skipped
cp .specify/memory/constitution.md .specify/memory/constitution-backup.md
# 2. Run the upgrade
specify init --here --force --ai copilot
specify init --here --force --integration copilot
# 3. Restore your customized constitution
mv .specify/memory/constitution-backup.md .specify/memory/constitution.md
@@ -182,7 +182,7 @@ Restart your IDE to refresh the command list.
uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git
# Update project files to get new commands
specify init --here --force --ai copilot
specify init --here --force --integration copilot
# Restore your constitution if customized
git restore .specify/memory/constitution.md
@@ -199,7 +199,7 @@ cp -r .specify/templates /tmp/templates-backup
uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git
# 3. Update project
specify init --here --force --ai copilot
specify init --here --force --integration copilot
# 4. Restore customizations
mv /tmp/constitution-backup.md .specify/memory/constitution.md
@@ -232,7 +232,7 @@ If you initialized your project with `--no-git`, you can still upgrade:
cp .specify/memory/constitution.md /tmp/constitution-backup.md
# Run upgrade
specify init --here --force --ai copilot --no-git
specify init --here --force --integration copilot --no-git
# Restore customizations
mv /tmp/constitution-backup.md .specify/memory/constitution.md
@@ -253,13 +253,13 @@ The `--no-git` flag tells Spec Kit to **skip git repository initialization**. Th
**During initial setup:**
```bash
specify init my-project --ai copilot --no-git
specify init my-project --integration copilot --no-git
```
**During upgrade:**
```bash
specify init --here --force --ai copilot --no-git
specify init --here --force --integration copilot --no-git
```
### What `--no-git` does NOT do
@@ -367,7 +367,7 @@ Only Spec Kit infrastructure files:
- **Use `--force` flag** - Skip this confirmation entirely:
```bash
specify init --here --force --ai copilot
specify init --here --force --integration copilot
```
**When you see this warning:**

View File

@@ -669,7 +669,7 @@ hooks:
**Error**: `Extension requires spec-kit >=0.2.0`
- **Fix**: Update spec-kit with `uv tool install specify-cli --force`
- **Fix**: Update spec-kit with `uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git`. The bare `specify-cli` package on PyPI is a different, unrelated project — installing it without `--from git+...` will give you a stub CLI that does not include `extension`, `preset`, or other spec-kit commands.
**Error**: `Command file not found`

View File

@@ -153,7 +153,7 @@ This will:
2. Validate the manifest
3. Check compatibility with your spec-kit version
4. Install to `.specify/extensions/jira/`
5. Register commands with your AI agent
5. Register commands with your coding agent
6. Create config template
### Install from URL
@@ -189,7 +189,7 @@ Provided commands:
### Automatic Agent Skill Registration
If your project was initialized with `--ai-skills`, extension commands are **automatically registered as agent skills** during installation. This ensures that extensions are discoverable by agents that use the [agentskills.io](https://agentskills.io) skill specification.
If your project uses a skills-based integration (e.g., `--integration claude`, `--integration codex`) or was initialized with `--integration-options="--skills"`, extension commands are **automatically registered as agent skills** during installation. This ensures that extensions are discoverable by agents that use the [agentskills.io](https://agentskills.io) skill specification.
```text
✓ Extension installed successfully!
@@ -208,7 +208,7 @@ When an extension is removed, its corresponding skills are also cleaned up autom
### Using Extension Commands
Extensions add commands that appear in your AI agent (Claude Code):
Extensions add commands that appear in your coding agent (Claude Code):
```text
# In Claude Code
@@ -423,7 +423,7 @@ In addition to extension-specific environment variables (`SPECKIT_{EXT_ID}_*`),
| Variable | Description | Default |
|----------|-------------|---------|
| `SPECKIT_CATALOG_URL` | Override the full catalog stack with a single URL (backward compat) | Built-in default stack |
| `GH_TOKEN` / `GITHUB_TOKEN` | GitHub API token for downloads | None |
| `GH_TOKEN` / `GITHUB_TOKEN` | GitHub token for authenticated requests to GitHub-hosted URLs (`raw.githubusercontent.com`, `github.com`, `api.github.com`, `codeload.github.com`). Required when your catalog JSON or extension ZIPs are hosted in a private GitHub repository. | None |
#### Example: Using a custom catalog for testing
@@ -435,6 +435,21 @@ export SPECKIT_CATALOG_URL="http://localhost:8000/catalog.json"
export SPECKIT_CATALOG_URL="https://example.com/staging/catalog.json"
```
#### Example: Using a private GitHub-hosted catalog
```bash
# Authenticate with a token (gh CLI, PAT, or GITHUB_TOKEN in CI)
export GITHUB_TOKEN=$(gh auth token)
# Search a private catalog added via `specify extension catalog add`
specify extension search jira
# Install from a private catalog
specify extension add jira-sync
```
The token is attached automatically to requests targeting GitHub domains. Non-GitHub catalog URLs are always fetched without credentials.
---
## Extension Catalogs
@@ -780,12 +795,12 @@ specify extension add --dev /path/to/extension
### Command Not Available
**Issue**: Extension command not appearing in AI agent
**Issue**: Extension command not appearing in coding agent
**Solutions**:
1. Check extension is enabled: `specify extension list`
2. Restart AI agent (Claude Code)
2. Restart coding agent (Claude Code)
3. Check command file exists:
```bash
@@ -819,8 +834,8 @@ specify extension add --dev /path/to/extension
**Solutions**:
1. Check MCP server is installed
2. Check AI agent MCP configuration
3. Restart AI agent
2. Check coding agent MCP configuration
3. Restart coding agent
4. Check extension requirements: `specify extension info jira`
### Permission Denied

View File

@@ -1,6 +1,6 @@
{
"schema_version": "1.0",
"updated_at": "2026-04-24T00:00:00Z",
"updated_at": "2026-04-30T09:00:00Z",
"catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/extensions/catalog.community.json",
"extensions": {
"aide": {
@@ -657,18 +657,18 @@
"id": "extensify",
"description": "Create and validate extensions and extension catalogs.",
"author": "mnriem",
"version": "1.0.0",
"download_url": "https://github.com/mnriem/spec-kit-extensions/releases/download/extensify-v1.0.0/extensify.zip",
"version": "1.1.0",
"download_url": "https://github.com/mnriem/spec-kit-extensions/releases/download/extensify-v1.1.0/extensify.zip",
"repository": "https://github.com/mnriem/spec-kit-extensions",
"homepage": "https://github.com/mnriem/spec-kit-extensions",
"documentation": "https://github.com/mnriem/spec-kit-extensions/blob/main/extensify/README.md",
"changelog": "https://github.com/mnriem/spec-kit-extensions/blob/main/extensify/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.2.0"
"speckit_version": ">=0.8.0"
},
"provides": {
"commands": 4,
"commands": 5,
"hooks": 0
},
"tags": [
@@ -681,7 +681,7 @@
"downloads": 0,
"stars": 0,
"created_at": "2026-03-18T00:00:00Z",
"updated_at": "2026-03-18T00:00:00Z"
"updated_at": "2026-04-23T00:00:00Z"
},
"fix-findings": {
"name": "Fix Findings",
@@ -941,6 +941,44 @@
"created_at": "2026-03-17T00:00:00Z",
"updated_at": "2026-03-17T00:00:00Z"
},
"m365": {
"name": "Microsoft 365 Integration",
"id": "m365",
"description": "Fetch Teams messages, meeting transcripts, and SharePoint/OneDrive files as local Markdown for spec generation.",
"author": "BenBtg",
"version": "1.0.0",
"download_url": "https://github.com/BenBtg/spec-kit-m365/archive/refs/tags/v1.0.0.zip",
"repository": "https://github.com/BenBtg/spec-kit-m365",
"homepage": "https://github.com/BenBtg/spec-kit-m365",
"documentation": "https://github.com/BenBtg/spec-kit-m365/blob/main/README.md",
"changelog": "https://github.com/BenBtg/spec-kit-m365/blob/main/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.1.0",
"tools": [
{
"name": "m365",
"required": true
}
]
},
"provides": {
"commands": 3,
"hooks": 0
},
"tags": [
"microsoft-365",
"teams",
"transcripts",
"collaboration",
"summarization"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-28T00:00:00Z",
"updated_at": "2026-04-28T00:00:00Z"
},
"maqa": {
"name": "MAQA — Multi-Agent & Quality Assurance",
"id": "maqa",
@@ -1167,6 +1205,45 @@
"created_at": "2026-03-26T00:00:00Z",
"updated_at": "2026-03-26T00:00:00Z"
},
"markitdown": {
"name": "MarkItDown Document Converter",
"id": "markitdown",
"description": "Convert documents (PDF, Word, PowerPoint, Excel, and more) to Markdown for use as spec reference material in Spec Kit workflows.",
"author": "BenBtg",
"version": "1.0.0",
"download_url": "https://github.com/BenBtg/spec-kit-markitdown/archive/refs/tags/v1.0.0.zip",
"repository": "https://github.com/BenBtg/spec-kit-markitdown",
"homepage": "https://github.com/BenBtg/spec-kit-markitdown",
"documentation": "https://github.com/BenBtg/spec-kit-markitdown/blob/main/README.md",
"changelog": "https://github.com/BenBtg/spec-kit-markitdown/blob/main/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.1.0",
"tools": [
{
"name": "markitdown",
"version": ">=0.1.0",
"required": true
}
]
},
"provides": {
"commands": 1,
"hooks": 0
},
"tags": [
"markdown",
"pdf",
"document-conversion",
"reference-material",
"extraction"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-28T00:00:00Z",
"updated_at": "2026-04-28T00:00:00Z"
},
"memory-loader": {
"name": "Memory Loader",
"id": "memory-loader",
@@ -1327,6 +1404,38 @@
"created_at": "2026-04-03T00:00:00Z",
"updated_at": "2026-04-03T00:00:00Z"
},
"orchestrator": {
"name": "Spec Orchestrator",
"id": "orchestrator",
"description": "Cross-feature orchestration — track state, select tasks, and detect conflicts across parallel specs.",
"author": "Quratulain-bilal",
"version": "1.0.0",
"download_url": "https://github.com/Quratulain-bilal/spec-kit-orchestrator/archive/refs/tags/v1.0.0.zip",
"repository": "https://github.com/Quratulain-bilal/spec-kit-orchestrator",
"homepage": "https://github.com/Quratulain-bilal/spec-kit-orchestrator",
"documentation": "https://github.com/Quratulain-bilal/spec-kit-orchestrator/blob/main/README.md",
"changelog": "https://github.com/Quratulain-bilal/spec-kit-orchestrator/releases",
"license": "MIT",
"requires": {
"speckit_version": ">=0.4.0"
},
"provides": {
"commands": 4,
"hooks": 0
},
"tags": [
"orchestration",
"multi-feature",
"coordination",
"workflow",
"parallel"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-24T14:00:00Z",
"updated_at": "2026-04-24T14:00:00Z"
},
"plan-review-gate": {
"name": "Plan Review Gate",
"id": "plan-review-gate",
@@ -1820,10 +1929,10 @@
"security-review": {
"name": "Security Review",
"id": "security-review",
"description": "Comprehensive security audit of codebases using AI-powered DevSecOps analysis",
"description": "Full-project secure-by-design security audits plus staged, branch/PR, plan, task, follow-up, and apply reviews",
"author": "DyanGalih",
"version": "1.1.1",
"download_url": "https://github.com/DyanGalih/spec-kit-security-review/archive/refs/tags/v1.1.1.zip",
"version": "1.3.0",
"download_url": "https://github.com/DyanGalih/spec-kit-security-review/archive/refs/tags/v1.3.0.zip",
"repository": "https://github.com/DyanGalih/spec-kit-security-review",
"homepage": "https://github.com/DyanGalih/spec-kit-security-review",
"documentation": "https://github.com/DyanGalih/spec-kit-security-review/blob/main/README.md",
@@ -1833,7 +1942,7 @@
"speckit_version": ">=0.1.0"
},
"provides": {
"commands": 3,
"commands": 6,
"hooks": 0
},
"tags": [
@@ -1847,7 +1956,7 @@
"downloads": 0,
"stars": 0,
"created_at": "2026-04-03T03:24:03Z",
"updated_at": "2026-04-03T04:15:00Z"
"updated_at": "2026-04-29T00:00:00Z"
},
"sf": {
"name": "SFSpeckit — Salesforce Spec-Driven Development",
@@ -1986,6 +2095,38 @@
"created_at": "2026-04-20T00:00:00Z",
"updated_at": "2026-04-21T00:00:00Z"
},
"spec2cloud": {
"name": "Spec2Cloud",
"id": "spec2cloud",
"description": "Spec-driven workflow tuned for shipping to Azure: spec → plan → tasks → implement → deploy.",
"author": "Azure Samples",
"version": "1.1.0",
"download_url": "https://github.com/Azure-Samples/Spec2Cloud/releases/download/spec-kit-spec2cloud-v1.1.0/extension.zip",
"repository": "https://github.com/Azure-Samples/Spec2Cloud",
"homepage": "https://aka.ms/spec2cloud",
"documentation": "https://github.com/Azure-Samples/Spec2Cloud/blob/main/spec-kit/README.md",
"changelog": "https://github.com/Azure-Samples/Spec2Cloud/blob/main/spec-kit/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.4.0"
},
"provides": {
"commands": 2,
"hooks": 0
},
"tags": [
"spec2cloud",
"azure",
"cloud",
"deploy",
"workflow"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-30T00:00:00Z",
"updated_at": "2026-04-30T00:00:00Z"
},
"speckit-utils": {
"name": "SDD Utilities",
"id": "speckit-utils",
@@ -2051,6 +2192,45 @@
"created_at": "2026-04-10T16:00:00Z",
"updated_at": "2026-04-10T16:00:00Z"
},
"squad": {
"name": "Squad Bridge",
"id": "squad",
"description": "Bootstrap and synchronize a Squad agent team from your Spec Kit spec and tasks.",
"author": "jwill824",
"version": "1.1.0",
"download_url": "https://github.com/jwill824/spec-kit-squad/archive/refs/tags/v1.1.0.zip",
"repository": "https://github.com/jwill824/spec-kit-squad",
"homepage": "https://github.com/jwill824/spec-kit-squad",
"documentation": "https://github.com/jwill824/spec-kit-squad/blob/main/README.md",
"changelog": "https://github.com/jwill824/spec-kit-squad/blob/main/docs/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.1.0",
"tools": [
{
"name": "@bradygaster/squad-cli",
"version": ">=0.1.0",
"required": true
}
]
},
"provides": {
"commands": 4,
"hooks": 2
},
"tags": [
"multi-agent",
"agents",
"orchestration",
"process",
"integration"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-29T00:00:00Z",
"updated_at": "2026-04-29T00:00:00Z"
},
"staff-review": {
"name": "Staff Review Extension",
"id": "staff-review",
@@ -2283,13 +2463,45 @@
"created_at": "2026-04-10T00:00:00Z",
"updated_at": "2026-04-10T00:00:00Z"
},
"threatmodel": {
"name": "OWASP LLM Threat Model",
"id": "threatmodel",
"description": "OWASP Top 10 for LLM Applications 2025 threat analysis on agent artifacts",
"author": "NaviaSamal",
"version": "1.0.0",
"download_url": "https://github.com/NaviaSamal/spec-kit-threatmodel/archive/refs/tags/v1.0.0.zip",
"repository": "https://github.com/NaviaSamal/spec-kit-threatmodel",
"homepage": "https://github.com/NaviaSamal/spec-kit-threatmodel",
"documentation": "https://github.com/NaviaSamal/spec-kit-threatmodel/blob/main/README.md",
"changelog": "https://github.com/NaviaSamal/spec-kit-threatmodel/blob/main/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.6.0"
},
"provides": {
"commands": 1,
"hooks": 1
},
"tags": [
"security",
"owasp",
"threat-model",
"llm",
"analysis"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-25T00:00:00Z",
"updated_at": "2026-04-25T00:00:00Z"
},
"v-model": {
"name": "V-Model Extension Pack",
"id": "v-model",
"description": "Enforces V-Model paired generation of development specs and test specs with full traceability.",
"author": "leocamello",
"version": "0.5.0",
"download_url": "https://github.com/leocamello/spec-kit-v-model/archive/refs/tags/v0.5.0.zip",
"version": "0.6.0",
"download_url": "https://github.com/leocamello/spec-kit-v-model/archive/refs/tags/v0.6.0.zip",
"repository": "https://github.com/leocamello/spec-kit-v-model",
"homepage": "https://github.com/leocamello/spec-kit-v-model",
"documentation": "https://github.com/leocamello/spec-kit-v-model/blob/main/README.md",
@@ -2311,9 +2523,9 @@
],
"verified": false,
"downloads": 0,
"stars": 0,
"stars": 21,
"created_at": "2026-02-20T00:00:00Z",
"updated_at": "2026-04-06T00:00:00Z"
"updated_at": "2026-04-25T00:00:00Z"
},
"verify": {
"name": "Verify Extension",
@@ -2472,6 +2684,50 @@
"created_at": "2026-04-22T00:00:00Z",
"updated_at": "2026-04-22T00:00:00Z"
},
"workiq": {
"name": "Work IQ",
"id": "workiq",
"description": "Integrate Microsoft 365 organizational knowledge into spec-driven development workflows",
"author": "sakitA",
"version": "1.0.0",
"download_url": "https://github.com/sakitA/spec-kit-workiq/archive/refs/tags/v1.0.0.zip",
"repository": "https://github.com/sakitA/spec-kit-workiq",
"homepage": "https://github.com/sakitA/spec-kit-workiq",
"documentation": "https://github.com/sakitA/spec-kit-workiq/blob/main/README.md",
"changelog": "https://github.com/sakitA/spec-kit-workiq/blob/main/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.1.0",
"tools": [
{
"name": "workiq",
"version": ">=1.0.0",
"required": true
},
{
"name": "node",
"version": ">=18.0.0",
"required": true
}
]
},
"provides": {
"commands": 4,
"hooks": 2
},
"tags": [
"microsoft-365",
"work-iq",
"context",
"integration",
"productivity"
],
"verified": false,
"downloads": 0,
"stars": 0,
"created_at": "2026-04-29T00:00:00Z",
"updated_at": "2026-04-29T00:00:00Z"
},
"worktree": {
"name": "Worktree Isolation",
"id": "worktree",
@@ -2534,7 +2790,7 @@
"downloads": 0,
"stars": 0,
"created_at": "2026-04-13T00:00:00Z",
"updated_at": "2026-04-13T00:00:00Z"
"updated_at": "2026-04-13T00:00:00Z"
}
}
}

View File

@@ -1,6 +1,6 @@
{
"schema_version": "1.0",
"updated_at": "2026-04-08T00:00:00Z",
"updated_at": "2026-04-28T00:00:00Z",
"catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/integrations/catalog.json",
"integrations": {
"claude": {
@@ -66,6 +66,15 @@
"repository": "https://github.com/github/spec-kit",
"tags": ["cli", "skills"]
},
"devin": {
"id": "devin",
"name": "Devin for Terminal",
"version": "1.0.0",
"description": "Devin for Terminal CLI skills-based integration",
"author": "spec-kit-core",
"repository": "https://github.com/github/spec-kit",
"tags": ["cli", "skills"]
},
"qwen": {
"id": "qwen",
"name": "Qwen Code",

View File

@@ -123,9 +123,25 @@ See [scaffold/](scaffold/) for a scaffold you can copy to create your own preset
## Environment Variables
| Variable | Description |
|----------|-------------|
| `SPECKIT_PRESET_CATALOG_URL` | Override the catalog URL (replaces all defaults) |
| Variable | Description | Default |
|----------|-------------|---------|
| `SPECKIT_PRESET_CATALOG_URL` | Override the full catalog stack with a single URL (replaces all defaults) | Built-in default stack |
| `GH_TOKEN` / `GITHUB_TOKEN` | GitHub token for authenticated requests to GitHub-hosted URLs (`raw.githubusercontent.com`, `github.com`, `api.github.com`, `codeload.github.com`). Required when your catalog JSON or preset ZIPs are hosted in a private GitHub repository. | None |
#### Example: Using a private GitHub-hosted catalog
```bash
# Authenticate with a token (gh CLI, PAT, or GITHUB_TOKEN in CI)
export GITHUB_TOKEN=$(gh auth token)
# Search a private catalog added via `specify preset catalog add`
specify preset search my-template
# Install from a private catalog
specify preset add my-template
```
The token is attached automatically to requests targeting GitHub domains. Non-GitHub catalog URLs are always fetched without credentials.
## Configuration Files

View File

@@ -1,8 +1,36 @@
{
"schema_version": "1.0",
"updated_at": "2026-04-15T00:00:00Z",
"updated_at": "2026-04-27T00:00:00Z",
"catalog_url": "https://raw.githubusercontent.com/github/spec-kit/main/presets/catalog.community.json",
"presets": {
"a11y-governance": {
"name": "A11Y Governance",
"id": "a11y-governance",
"version": "0.2.0",
"description": "Adds accessibility, bilingual DE/EN delivery, CEFR-B2 readability, and inclusive-content governance to Spec Kit.",
"author": "Thorsten Hindermann",
"repository": "https://github.com/hindermath/spec-kit-preset-a11y-governance",
"download_url": "https://github.com/hindermath/spec-kit-preset-a11y-governance/archive/refs/tags/v0.2.0.zip",
"homepage": "https://github.com/hindermath/spec-kit-preset-a11y-governance",
"documentation": "https://github.com/hindermath/spec-kit-preset-a11y-governance/blob/main/README.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.8.0"
},
"provides": {
"templates": 9,
"commands": 3
},
"tags": [
"a11y",
"accessibility",
"bilingual",
"wcag",
"inclusion"
],
"created_at": "2026-04-27T00:00:00Z",
"updated_at": "2026-04-27T00:00:00Z"
},
"aide-in-place": {
"name": "AIDE In-Place Migration",
"id": "aide-in-place",
@@ -16,7 +44,9 @@
"license": "MIT",
"requires": {
"speckit_version": ">=0.2.0",
"extensions": ["aide"]
"extensions": [
"aide"
]
},
"provides": {
"templates": 2,
@@ -29,6 +59,34 @@
"aide"
]
},
"architecture-governance": {
"name": "Architecture Governance",
"id": "architecture-governance",
"version": "0.2.0",
"description": "Adds secure architecture governance, threat modeling, STRIDE/CAPEC, Zero Trust, S-ADRs, and OWASP SAMM to Spec Kit.",
"author": "Thorsten Hindermann",
"repository": "https://github.com/hindermath/spec-kit-preset-architecture-governance",
"download_url": "https://github.com/hindermath/spec-kit-preset-architecture-governance/archive/refs/tags/v0.2.0.zip",
"homepage": "https://github.com/hindermath/spec-kit-preset-architecture-governance",
"documentation": "https://github.com/hindermath/spec-kit-preset-architecture-governance/blob/main/README.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.8.0"
},
"provides": {
"templates": 11,
"commands": 3
},
"tags": [
"architecture",
"governance",
"threat-modeling",
"stride",
"zero-trust"
],
"created_at": "2026-04-27T00:00:00Z",
"updated_at": "2026-04-27T00:00:00Z"
},
"canon-core": {
"name": "Canon Core",
"id": "canon-core",
@@ -80,6 +138,34 @@
"created_at": "2026-04-13T00:00:00Z",
"updated_at": "2026-04-13T00:00:00Z"
},
"cross-platform-governance": {
"name": "Cross-Platform Governance",
"id": "cross-platform-governance",
"version": "0.1.0",
"description": "Adds Bash and PowerShell parity, dry-run/WhatIf parity, man-page expectations, and Verb-Noun Cmdlet discipline.",
"author": "Thorsten Hindermann",
"repository": "https://github.com/hindermath/spec-kit-preset-cross-platform-governance",
"download_url": "https://github.com/hindermath/spec-kit-preset-cross-platform-governance/archive/refs/tags/v0.1.0.zip",
"homepage": "https://github.com/hindermath/spec-kit-preset-cross-platform-governance",
"documentation": "https://github.com/hindermath/spec-kit-preset-cross-platform-governance/blob/main/README.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.8.0"
},
"provides": {
"templates": 8,
"commands": 3
},
"tags": [
"cross-platform",
"bash",
"powershell",
"man-page",
"cmdlet"
],
"created_at": "2026-04-27T00:00:00Z",
"updated_at": "2026-04-27T00:00:00Z"
},
"explicit-task-dependencies": {
"name": "Explicit Task Dependencies",
"id": "explicit-task-dependencies",
@@ -108,11 +194,11 @@
"fiction-book-writing": {
"name": "Fiction Book Writing",
"id": "fiction-book-writing",
"version": "1.6.0",
"description": "Spec-Driven Development for novel and long-form fiction. 27 AI commands from idea to submission: story bible governance, 9 POV modes, all major plot structure frameworks, scene-by-scene drafting with quality gates, audiobook pipeline (SSML/ElevenLabs), cover design, sensitivity review, pacing and prose statistics, and pandoc-based export to DOCX/EPUB/LaTeX. Two style modes: author voice sample extraction or humanized-AI prose with 5 craft profiles. 12 languages supported.",
"version": "1.7.0",
"description": "Spec-Driven Development for novel and long-form fiction. 27 AI commands from idea to submission: story bible governance, 9 POV modes, all major plot structure frameworks, scene-by-scene drafting with quality gates, audiobook pipeline (SSML/ElevenLabs), cover design, sensitivity review, pacing and prose statistics, and pandoc-based export to DOCX/EPUB/LaTeX. Two style modes: author voice sample extraction or humanized-AI prose with 5 craft profiles. 12 languages supported. Support for offline semantic search.",
"author": "Andreas Daumann",
"repository": "https://github.com/adaumann/speckit-preset-fiction-book-writing",
"download_url": "https://github.com/adaumann/speckit-preset-fiction-book-writing/archive/refs/tags/v1.6.0.zip",
"download_url": "https://github.com/adaumann/speckit-preset-fiction-book-writing/archive/refs/tags/v1.7.0.zip",
"homepage": "https://github.com/adaumann/speckit-preset-fiction-book-writing",
"documentation": "https://github.com/adaumann/speckit-preset-fiction-book-writing/blob/main/fiction-book-writing/README.md",
"license": "MIT",
@@ -122,7 +208,7 @@
"provides": {
"templates": 22,
"commands": 27,
"scripts": 1
"scripts": 2
},
"tags": [
"writing",
@@ -140,7 +226,35 @@
"language-support"
],
"created_at": "2026-04-09T08:00:00Z",
"updated_at": "2026-04-19T08:00:00Z"
"updated_at": "2026-04-27T08:00:00Z"
},
"isaqb-architecture-governance": {
"name": "iSAQB Architecture Governance",
"id": "isaqb-architecture-governance",
"version": "0.1.0",
"description": "Adds general iSAQB/CPSA-F and arc42 architecture governance, including views, quality scenarios, ADRs, risks, and technical debt.",
"author": "Thorsten Hindermann",
"repository": "https://github.com/hindermath/spec-kit-preset-isaqb-architecture-governance",
"download_url": "https://github.com/hindermath/spec-kit-preset-isaqb-architecture-governance/archive/refs/tags/v0.1.0.zip",
"homepage": "https://github.com/hindermath/spec-kit-preset-isaqb-architecture-governance",
"documentation": "https://github.com/hindermath/spec-kit-preset-isaqb-architecture-governance/blob/main/README.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.8.0"
},
"provides": {
"templates": 13,
"commands": 3
},
"tags": [
"architecture",
"governance",
"isaqb",
"arc42",
"adr"
],
"created_at": "2026-04-27T00:00:00Z",
"updated_at": "2026-04-27T00:00:00Z"
},
"jira": {
"name": "Jira Issue Tracking",
@@ -259,6 +373,34 @@
"created_at": "2026-04-23T08:00:00Z",
"updated_at": "2026-04-23T08:00:00Z"
},
"security-governance": {
"name": "Security Governance",
"id": "security-governance",
"version": "0.2.0",
"description": "Adds secure development governance, MSL preference, ASVS verification, supply-chain transparency, and EU CRA awareness.",
"author": "Thorsten Hindermann",
"repository": "https://github.com/hindermath/spec-kit-preset-security-governance",
"download_url": "https://github.com/hindermath/spec-kit-preset-security-governance/archive/refs/tags/v0.2.0.zip",
"homepage": "https://github.com/hindermath/spec-kit-preset-security-governance",
"documentation": "https://github.com/hindermath/spec-kit-preset-security-governance/blob/main/README.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.8.0"
},
"provides": {
"templates": 12,
"commands": 3
},
"tags": [
"security",
"governance",
"msl",
"asvs",
"supply-chain"
],
"created_at": "2026-04-27T00:00:00Z",
"updated_at": "2026-04-27T00:00:00Z"
},
"toc-navigation": {
"name": "Table of Contents Navigation",
"id": "toc-navigation",

View File

@@ -1,6 +1,6 @@
[project]
name = "specify-cli"
version = "0.8.1"
version = "0.8.4"
description = "Specify CLI, part of GitHub Spec Kit. A tool to bootstrap your projects for Spec-Driven Development (SDD)."
requires-python = ">=3.11"
dependencies = [

View File

@@ -127,7 +127,7 @@ def _build_ai_deprecation_warning(
ai_commands_dir=ai_commands_dir,
)
return (
"[bold]--ai[/bold] is deprecated and will no longer be available in version 1.0.0 or later.\n\n"
"[bold]--ai[/bold] is deprecated and will no longer be available in version 0.10.0 or later.\n\n"
f"Use [bold]{replacement}[/bold] instead."
)
@@ -967,7 +967,7 @@ def init(
ai_assistant: str = typer.Option(None, "--ai", help=AI_ASSISTANT_HELP),
ai_commands_dir: str = typer.Option(None, "--ai-commands-dir", help="Directory for agent command files (required with --ai generic, e.g. .myagent/commands/)"),
script_type: str = typer.Option(None, "--script", help="Script type to use: sh or ps"),
ignore_agent_tools: bool = typer.Option(False, "--ignore-agent-tools", help="Skip checks for AI agent tools like Claude Code"),
ignore_agent_tools: bool = typer.Option(False, "--ignore-agent-tools", help="Skip checks for coding agent tools like Claude Code"),
no_git: bool = typer.Option(False, "--no-git", help="Skip git repository initialization"),
here: bool = typer.Option(False, "--here", help="Initialize project in the current directory instead of creating a new one"),
force: bool = typer.Option(False, "--force", help="Force merge/overwrite when using --here (skip confirmation)"),
@@ -997,29 +997,28 @@ def init(
This command will:
1. Check that required tools are installed (git is optional)
2. Let you choose your AI assistant
2. Let you choose your coding agent integration
3. Download template from GitHub (or use bundled assets with --offline)
4. Initialize a fresh git repository (if not --no-git and no existing repo)
5. Optionally set up AI assistant commands
5. Optionally set up coding agent integration commands
Examples:
specify init my-project
specify init my-project --ai claude
specify init my-project --ai copilot --no-git
specify init my-project --integration claude
specify init my-project --integration copilot --no-git
specify init --ignore-agent-tools my-project
specify init . --ai claude # Initialize in current directory
specify init . # Initialize in current directory (interactive AI selection)
specify init --here --ai claude # Alternative syntax for current directory
specify init --here --ai codex --ai-skills
specify init --here --ai codebuddy
specify init --here --ai vibe # Initialize with Mistral Vibe support
specify init . --integration claude # Initialize in current directory
specify init . # Initialize in current directory (interactive integration selection)
specify init --here --integration claude # Alternative syntax for current directory
specify init --here --integration codex --integration-options="--skills"
specify init --here --integration codebuddy
specify init --here --integration vibe # Initialize with Mistral Vibe support
specify init --here
specify init --here --force # Skip confirmation when current directory not empty
specify init my-project --ai claude # Claude installs skills by default
specify init --here --ai gemini --ai-skills
specify init my-project --ai generic --ai-commands-dir .myagent/commands/ # Unsupported agent
specify init my-project --offline # Use bundled assets (no network access)
specify init my-project --ai claude --preset healthcare-compliance # With preset
specify init my-project --integration claude # Claude installs skills by default
specify init --here --integration gemini
specify init my-project --integration generic --integration-options="--commands-dir .myagent/commands/" # Bring your own agent; requires --commands-dir
specify init my-project --integration claude --preset healthcare-compliance # With preset
"""
show_banner()
@@ -1029,14 +1028,14 @@ def init(
if ai_assistant and ai_assistant.startswith("--"):
console.print(f"[red]Error:[/red] Invalid value for --ai: '{ai_assistant}'")
console.print("[yellow]Hint:[/yellow] Did you forget to provide a value for --ai?")
console.print("[yellow]Example:[/yellow] specify init --ai claude --here")
console.print("[yellow]Example:[/yellow] specify init --integration claude --here")
console.print(f"[yellow]Available agents:[/yellow] {', '.join(AGENT_CONFIG.keys())}")
raise typer.Exit(1)
if ai_commands_dir and ai_commands_dir.startswith("--"):
console.print(f"[red]Error:[/red] Invalid value for --ai-commands-dir: '{ai_commands_dir}'")
console.print("[yellow]Hint:[/yellow] Did you forget to provide a value for --ai-commands-dir?")
console.print("[yellow]Example:[/yellow] specify init --ai generic --ai-commands-dir .myagent/commands/")
console.print("[yellow]Example:[/yellow] specify init --integration generic --integration-options=\"--commands-dir .myagent/commands/\"")
raise typer.Exit(1)
if ai_assistant:
@@ -1088,6 +1087,13 @@ def init(
'use [bold]--integration generic --integration-options="--commands-dir <dir>"[/bold] instead.[/dim]'
)
if no_git:
console.print(
"[yellow]⚠️ --no-git is deprecated and will be removed in v0.10.0.[/yellow]\n"
"[yellow]The git extension will no longer be enabled by default "
"— use the [bold]specify extension[/bold] commands to install or enable the git extension if needed.[/yellow]"
)
if project_name == ".":
here = True
project_name = None # Clear project_name to use existing validation logic
@@ -1163,7 +1169,7 @@ def init(
ai_choices = {key: config["name"] for key, config in AGENT_CONFIG.items()}
selected_ai = select_with_arrows(
ai_choices,
"Choose your AI assistant:",
"Choose your coding agent integration:",
"copilot"
)
@@ -1234,7 +1240,7 @@ def init(
else:
selected_script = default_script
console.print(f"[cyan]Selected AI assistant:[/cyan] {selected_ai}")
console.print(f"[cyan]Selected coding agent integration:[/cyan] {selected_ai}")
console.print(f"[cyan]Selected script type:[/cyan] {selected_script}")
tracker = StepTracker("Initialize Specify Project")
@@ -1243,7 +1249,7 @@ def init(
tracker.add("precheck", "Check required tools")
tracker.complete("precheck", "ok")
tracker.add("ai-select", "Select AI assistant")
tracker.add("ai-select", "Select coding agent integration")
tracker.complete("ai-select", f"{selected_ai}")
tracker.add("script-select", "Select script type")
tracker.complete("script-select", selected_script)
@@ -1522,7 +1528,7 @@ def init(
step_num = 2
# Determine skill display mode for the next-steps panel.
# Skills integrations (codex, kimi, agy, trae, cursor-agent) should show skill invocation syntax.
# Skills integrations (codex, claude, kimi, agy, trae, cursor-agent, copilot, devin) should show skill invocation syntax.
from .integrations.base import SkillsIntegration as _SkillsInt
_is_skills_integration = isinstance(resolved_integration, _SkillsInt) or getattr(resolved_integration, "_skills_mode", False)
@@ -1533,7 +1539,8 @@ def init(
trae_skill_mode = selected_ai == "trae"
cursor_agent_skill_mode = selected_ai == "cursor-agent" and (ai_skills or _is_skills_integration)
copilot_skill_mode = selected_ai == "copilot" and _is_skills_integration
native_skill_mode = codex_skill_mode or claude_skill_mode or kimi_skill_mode or agy_skill_mode or trae_skill_mode or cursor_agent_skill_mode or copilot_skill_mode
devin_skill_mode = selected_ai == "devin"
native_skill_mode = codex_skill_mode or claude_skill_mode or kimi_skill_mode or agy_skill_mode or trae_skill_mode or cursor_agent_skill_mode or copilot_skill_mode or devin_skill_mode
if codex_skill_mode and not ai_skills:
# Integration path installed skills; show the helpful notice
@@ -1545,6 +1552,9 @@ def init(
if cursor_agent_skill_mode and not ai_skills:
steps_lines.append(f"{step_num}. Start Cursor Agent in this project directory; spec-kit skills were installed to [cyan].cursor/skills[/cyan]")
step_num += 1
if devin_skill_mode:
steps_lines.append(f"{step_num}. Start Devin in this project directory; spec-kit skills were installed to [cyan].devin/skills[/cyan]")
step_num += 1
usage_label = "skills" if native_skill_mode else "slash commands"
def _display_cmd(name: str) -> str:
@@ -1554,11 +1564,11 @@ def init(
return f"/speckit-{name}"
if kimi_skill_mode:
return f"/skill:speckit-{name}"
if cursor_agent_skill_mode or copilot_skill_mode:
if cursor_agent_skill_mode or copilot_skill_mode or devin_skill_mode:
return f"/speckit-{name}"
return f"/speckit.{name}"
steps_lines.append(f"{step_num}. Start using {usage_label} with your AI agent:")
steps_lines.append(f"{step_num}. Start using {usage_label} with your coding agent:")
steps_lines.append(f" {step_num}.1 [cyan]{_display_cmd('constitution')}[/] - Establish project principles")
steps_lines.append(f" {step_num}.2 [cyan]{_display_cmd('specify')}[/] - Create baseline specification")
@@ -1629,7 +1639,7 @@ def check():
console.print("[dim]Tip: Install git for repository management[/dim]")
if not any(agent_results.values()):
console.print("[dim]Tip: Install an AI assistant for the best experience[/dim]")
console.print("[dim]Tip: Install a coding agent for the best experience[/dim]")
@app.command()
def version():
@@ -1875,11 +1885,18 @@ def get_speckit_version() -> str:
integration_app = typer.Typer(
name="integration",
help="Manage AI agent integrations",
help="Manage coding agent integrations",
add_completion=False,
)
app.add_typer(integration_app, name="integration")
integration_catalog_app = typer.Typer(
name="catalog",
help="Manage integration catalog sources",
add_completion=False,
)
integration_app.add_typer(integration_catalog_app, name="catalog")
INTEGRATION_JSON = ".specify/integration.json"
@@ -2013,7 +2030,7 @@ def integration_list(
console.print(table)
return
table = Table(title="AI Agent Integrations")
table = Table(title="Coding Agent Integrations")
table.add_column("Key", style="cyan")
table.add_column("Name")
table.add_column("Status")
@@ -2359,6 +2376,19 @@ def integration_switch(
)
raise typer.Exit(1)
# Unregister extension commands for the old agent so they don't
# remain as orphans in the old agent's directory.
try:
from .extensions import ExtensionManager
ext_mgr = ExtensionManager(project_root)
ext_mgr.unregister_agent_artifacts(installed_key)
except Exception as ext_err:
console.print(
f"[yellow]Warning:[/yellow] Could not clean up extension artifacts "
f"(commands, skills, registry entries) for '{installed_key}': {ext_err}"
)
# Clear metadata so a failed Phase 2 doesn't leave stale references
_remove_integration_json(project_root)
opts = load_init_options(project_root)
@@ -2398,6 +2428,19 @@ def integration_switch(
_write_integration_json(project_root, target_integration.key)
_update_init_options_for_integration(project_root, target_integration, script_type=selected_script)
# Re-register extension commands for the new agent so that
# previously-installed extensions are available in the new integration.
try:
from .extensions import ExtensionManager
ext_mgr = ExtensionManager(project_root)
ext_mgr.register_enabled_extensions_for_agent(target)
except Exception as ext_err:
console.print(
f"[yellow]Warning:[/yellow] Could not register extension commands, skills, "
f"or related artifacts for '{target}': {ext_err}"
)
except Exception as e:
# Attempt rollback of any files written by setup
try:
@@ -2529,6 +2572,314 @@ def integration_upgrade(
console.print(f"\n[green]✓[/green] Integration '{name}' upgraded successfully")
# ===== Integration catalog discovery commands =====
#
# These commands mirror the workflow catalog CLI shape:
# - `search` / `info` for discovery over the active catalog stack
# - `catalog list/add/remove` for managing catalog sources
#
# They deliberately do NOT add `integration add/remove/enable/disable/
# set-priority`: integrations are single-active (install / uninstall / switch),
# not additive like extensions and presets.
def _require_specify_project() -> Path:
"""Return the current project root if it is a spec-kit project, else exit."""
project_root = Path.cwd()
if not (project_root / ".specify").exists():
console.print("[red]Error:[/red] Not a spec-kit project (no .specify/ directory)")
console.print("Run this command from a spec-kit project root")
raise typer.Exit(1)
return project_root
@integration_app.command("search")
def integration_search(
query: Optional[str] = typer.Argument(None, help="Search query (optional)"),
tag: Optional[str] = typer.Option(None, "--tag", help="Filter by tag"),
author: Optional[str] = typer.Option(None, "--author", help="Filter by author"),
):
"""Search for integrations in the active catalog stack."""
from .integrations import INTEGRATION_REGISTRY
from .integrations.catalog import (
IntegrationCatalog,
IntegrationCatalogError,
IntegrationValidationError,
)
project_root = _require_specify_project()
integration_config = _read_integration_json(project_root)
installed_key = integration_config.get("integration")
catalog = IntegrationCatalog(project_root)
try:
results = catalog.search(query=query, tag=tag, author=author)
except IntegrationValidationError as exc:
console.print(f"[red]Error:[/red] {exc}")
console.print(
"\nTip: Check the configuration file path shown above for invalid catalog configuration "
"(for example, .specify/integration-catalogs.yml or ~/.specify/integration-catalogs.yml)."
)
raise typer.Exit(1)
except IntegrationCatalogError as exc:
console.print(f"[red]Error:[/red] {exc}")
if os.environ.get("SPECKIT_INTEGRATION_CATALOG_URL", "").strip():
console.print(
"\nTip: Check the SPECKIT_INTEGRATION_CATALOG_URL environment variable for an invalid "
"catalog URL, or unset it to use the configured catalog files "
"(.specify/integration-catalogs.yml or ~/.specify/integration-catalogs.yml)."
)
else:
console.print("\nTip: The catalog may be temporarily unavailable. Try again later.")
raise typer.Exit(1)
if not results:
console.print("\n[yellow]No integrations found matching criteria[/yellow]")
if query or tag or author:
console.print("\nTry:")
console.print(" • Broader search terms")
console.print(" • Remove filters")
console.print(" • specify integration search (show all)")
return
console.print(f"\n[green]Found {len(results)} integration(s):[/green]\n")
for integ in sorted(results, key=lambda e: e.get("id", "")):
iid = integ.get("id", "?")
name = integ.get("name", iid)
version = integ.get("version", "?")
console.print(f"[bold]{name}[/bold] ({iid}) v{version}")
desc = integ.get("description", "")
if desc:
console.print(f" {desc}")
console.print(f"\n [dim]Author:[/dim] {integ.get('author', 'Unknown')}")
tags = integ.get("tags", [])
if isinstance(tags, list) and tags:
console.print(f" [dim]Tags:[/dim] {', '.join(str(t) for t in tags)}")
cat_name = integ.get("_catalog_name", "")
install_allowed = integ.get("_install_allowed", True)
if cat_name:
if install_allowed:
console.print(f" [dim]Catalog:[/dim] {cat_name}")
else:
console.print(
f" [dim]Catalog:[/dim] {cat_name} "
"[yellow](discovery only — not installable)[/yellow]"
)
if iid == installed_key:
console.print("\n [green]✓ Installed[/green] (currently active)")
elif iid in INTEGRATION_REGISTRY:
console.print(f"\n [cyan]Install:[/cyan] specify integration install {iid}")
elif install_allowed:
console.print(
"\n [yellow]Found in catalog.[/yellow] Only built-in integration IDs "
"can be installed with 'specify integration install'."
)
else:
console.print(
f"\n [yellow]⚠[/yellow] Not directly installable from '{cat_name}'."
)
console.print()
@integration_app.command("info")
def integration_info(
integration_id: str = typer.Argument(..., help="Integration ID"),
):
"""Show catalog details for a single integration."""
from .integrations import INTEGRATION_REGISTRY
from .integrations.catalog import (
IntegrationCatalog,
IntegrationCatalogError,
IntegrationValidationError,
)
project_root = _require_specify_project()
catalog = IntegrationCatalog(project_root)
installed_key = _read_integration_json(project_root).get("integration")
try:
info = catalog.get_integration_info(integration_id)
except IntegrationCatalogError as exc:
info = None
# Keep the live exception so the fallback branch below can give
# different guidance for local-config vs. network failures.
catalog_error: Optional[IntegrationCatalogError] = exc
else:
catalog_error = None
if info:
name = info.get("name", integration_id)
version = info.get("version", "?")
console.print(f"\n[bold cyan]{name}[/bold cyan] ({integration_id}) v{version}")
if info.get("description"):
console.print(f" {info['description']}")
console.print()
console.print(f" [dim]Author:[/dim] {info.get('author', 'Unknown')}")
if info.get("license"):
console.print(f" [dim]License:[/dim] {info['license']}")
tags = info.get("tags", [])
if isinstance(tags, list) and tags:
console.print(f" [dim]Tags:[/dim] {', '.join(str(t) for t in tags)}")
cat_name = info.get("_catalog_name", "")
install_allowed = info.get("_install_allowed", True)
if cat_name:
install_note = "" if install_allowed else " [yellow](discovery only)[/yellow]"
console.print(f" [dim]Source catalog:[/dim] {cat_name}{install_note}")
if info.get("repository"):
console.print(f" [dim]Repository:[/dim] {info['repository']}")
if integration_id == installed_key:
console.print("\n [green]✓ Installed[/green] (currently active)")
elif integration_id in INTEGRATION_REGISTRY:
console.print("\n [dim]Built-in integration (not currently active)[/dim]")
return
if integration_id in INTEGRATION_REGISTRY:
integration = INTEGRATION_REGISTRY[integration_id]
cfg = integration.config or {}
name = cfg.get("name", integration_id)
console.print(f"\n[bold cyan]{name}[/bold cyan] ({integration_id})")
console.print(" [dim]Built-in integration (not listed in catalog)[/dim]")
if integration_id == installed_key:
console.print("\n [green]✓ Installed[/green] (currently active)")
if catalog_error:
console.print(f"\n[yellow]Catalog unavailable:[/yellow] {catalog_error}")
return
if catalog_error:
console.print(f"[red]Error:[/red] Could not query integration catalog: {catalog_error}")
if isinstance(catalog_error, IntegrationValidationError):
console.print(
"\nCheck the configuration file path shown above "
"(.specify/integration-catalogs.yml or ~/.specify/integration-catalogs.yml), "
"or use a built-in integration ID directly."
)
elif os.environ.get("SPECKIT_INTEGRATION_CATALOG_URL", "").strip():
console.print(
"\nCheck whether SPECKIT_INTEGRATION_CATALOG_URL is set correctly and reachable, "
"or unset it to use the configured catalog files, or use a built-in integration ID directly."
)
else:
console.print("\nTry again when online, or use a built-in integration ID directly.")
else:
console.print(f"[red]Error:[/red] Integration '{integration_id}' not found")
console.print("\nTry: specify integration search")
raise typer.Exit(1)
@integration_catalog_app.command("list")
def integration_catalog_list():
"""List configured integration catalog sources."""
from .integrations.catalog import IntegrationCatalog, IntegrationCatalogError
project_root = _require_specify_project()
catalog = IntegrationCatalog(project_root)
env_override = os.environ.get("SPECKIT_INTEGRATION_CATALOG_URL", "").strip()
try:
if env_override:
project_configs = None
configs = catalog.get_catalog_configs()
else:
project_configs = catalog.get_project_catalog_configs()
configs = project_configs if project_configs is not None else catalog.get_catalog_configs()
except IntegrationCatalogError as exc:
console.print(f"[red]Error:[/red] {exc}")
raise typer.Exit(1)
console.print("\n[bold cyan]Integration Catalog Sources:[/bold cyan]\n")
if env_override:
console.print(
" SPECKIT_INTEGRATION_CATALOG_URL is set; it supersedes configured catalog files."
)
console.print(
" Project/user catalog sources are not active while the env override is set.\n"
)
console.print("[bold]Active catalog source from environment (non-removable here):[/bold]\n")
elif project_configs is None:
console.print(" No project-level catalog sources configured.\n")
console.print("[bold]Active catalog sources (non-removable here):[/bold]\n")
else:
console.print("[bold]Project catalog sources (removable):[/bold]\n")
for i, cfg in enumerate(configs):
install_status = (
"[green]install allowed[/green]"
if cfg.get("install_allowed")
else "[yellow]discovery only[/yellow]"
)
raw_name = cfg.get("name")
display_name = str(raw_name).strip() if raw_name is not None else ""
if not display_name:
display_name = f"catalog-{i + 1}"
if env_override or project_configs is None:
console.print(f" - [bold]{display_name}[/bold] — {install_status}")
else:
console.print(f" [{i}] [bold]{display_name}[/bold] — {install_status}")
console.print(f" {cfg.get('url', '')}")
if cfg.get("description"):
console.print(f" [dim]{cfg['description']}[/dim]")
console.print()
@integration_catalog_app.command("add")
def integration_catalog_add(
url: str = typer.Argument(
...,
help=(
"Catalog URL to add (HTTPS required, except http://localhost, "
"http://127.0.0.1, or http://[::1] for local testing)"
),
),
name: Optional[str] = typer.Option(None, "--name", help="Catalog name"),
):
"""Add an integration catalog source to the project config."""
from .integrations.catalog import IntegrationCatalog, IntegrationCatalogError
project_root = _require_specify_project()
catalog = IntegrationCatalog(project_root)
# Normalize once here so the success message reflects what was actually
# stored. ``IntegrationCatalog.add_catalog`` strips again defensively.
normalized_url = url.strip()
try:
catalog.add_catalog(normalized_url, name)
except IntegrationCatalogError as exc:
# Covers both URL validation (base class) and config-file validation
# (IntegrationValidationError subclass).
console.print(f"[red]Error:[/red] {exc}")
raise typer.Exit(1)
console.print(f"[green]✓[/green] Catalog source added: {normalized_url}")
@integration_catalog_app.command("remove")
def integration_catalog_remove(
index: int = typer.Argument(..., help="Catalog index to remove (from 'catalog list')"),
):
"""Remove an integration catalog source by 0-based index."""
from .integrations.catalog import IntegrationCatalog, IntegrationCatalogError
project_root = _require_specify_project()
catalog = IntegrationCatalog(project_root)
try:
removed_name = catalog.remove_catalog(index)
except IntegrationCatalogError as exc:
console.print(f"[red]Error:[/red] {exc}")
raise typer.Exit(1)
console.print(f"[green]✓[/green] Catalog source '{removed_name}' removed")
# ===== Preset Commands =====

View File

@@ -0,0 +1,80 @@
"""Shared GitHub-authenticated HTTP helpers.
Used by both ExtensionCatalog and PresetCatalog to attach
GITHUB_TOKEN / GH_TOKEN credentials to requests targeting
GitHub-hosted domains, while preventing token leakage to
third-party hosts on redirects.
"""
import os
import urllib.request
from urllib.parse import urlparse
from typing import Dict
# GitHub-owned hostnames that should receive the Authorization header.
# Includes codeload.github.com because GitHub archive URL downloads
# (e.g. /archive/refs/tags/<tag>.zip) redirect there and require auth
# for private repositories.
GITHUB_HOSTS = frozenset({
"raw.githubusercontent.com",
"github.com",
"api.github.com",
"codeload.github.com",
})
def build_github_request(url: str) -> urllib.request.Request:
"""Build a urllib Request, adding a GitHub auth header when available.
Reads GITHUB_TOKEN or GH_TOKEN from the environment and attaches an
``Authorization: Bearer <value>`` header when the target hostname is one
of the known GitHub-owned domains. Non-GitHub URLs are returned as plain
requests so credentials are never leaked to third-party hosts.
"""
headers: Dict[str, str] = {}
github_token = (os.environ.get("GITHUB_TOKEN") or "").strip()
gh_token = (os.environ.get("GH_TOKEN") or "").strip()
token = github_token or gh_token or None
hostname = (urlparse(url).hostname or "").lower()
if token and hostname in GITHUB_HOSTS:
headers["Authorization"] = f"Bearer {token}"
return urllib.request.Request(url, headers=headers)
class _StripAuthOnRedirect(urllib.request.HTTPRedirectHandler):
"""Redirect handler that drops the Authorization header when leaving GitHub.
Prevents token leakage to CDNs or other third-party hosts that GitHub
may redirect to (e.g. S3 for release asset downloads, objects.githubusercontent.com).
Auth is preserved as long as the redirect target remains within GITHUB_HOSTS.
"""
def redirect_request(self, req, fp, code, msg, headers, newurl):
original_auth = req.get_header("Authorization")
new_req = super().redirect_request(req, fp, code, msg, headers, newurl)
if new_req is not None:
hostname = (urlparse(newurl).hostname or "").lower()
if hostname in GITHUB_HOSTS:
if original_auth:
new_req.add_unredirected_header("Authorization", original_auth)
else:
new_req.headers.pop("Authorization", None)
new_req.unredirected_hdrs.pop("Authorization", None)
return new_req
def open_github_url(url: str, timeout: int = 10):
"""Open a URL with GitHub auth, stripping the header on cross-host redirects.
When the request carries an Authorization header, a custom redirect
handler drops that header if the redirect target is not a GitHub-owned
domain, preventing token leakage to CDNs or other third-party hosts
that GitHub may redirect to (e.g. S3 for release asset downloads).
"""
req = build_github_request(url)
if not req.get_header("Authorization"):
return urllib.request.urlopen(req, timeout=timeout)
opener = urllib.request.build_opener(_StripAuthOnRedirect)
return opener.open(req, timeout=timeout)

View File

@@ -139,12 +139,18 @@ class ExtensionManifest:
def _load_yaml(self, path: Path) -> dict:
"""Load YAML file safely."""
try:
with open(path, 'r') as f:
with open(path, 'r', encoding='utf-8') as f:
data = yaml.safe_load(f)
except yaml.YAMLError as e:
raise ValidationError(f"Invalid YAML in {path}: {e}")
except FileNotFoundError:
raise ValidationError(f"Manifest not found: {path}")
except UnicodeDecodeError as e:
raise ValidationError(
f"Manifest is not valid UTF-8: {path} ({e.reason} at byte {e.start})"
)
except OSError as e:
raise ValidationError(f"Could not read manifest {path}: {e}")
if not isinstance(data, dict):
raise ValidationError(
f"Manifest must be a YAML mapping, got {type(data).__name__}: {path}"
@@ -956,29 +962,40 @@ class ExtensionManager:
return written
def _unregister_extension_skills(self, skill_names: List[str], extension_id: str) -> None:
def _unregister_extension_skills(
self,
skill_names: List[str],
extension_id: str,
skills_dir: Optional[Path] = None,
) -> None:
"""Remove SKILL.md directories for extension skills.
Called during extension removal to clean up skill files that
were created by ``_register_extension_skills()``.
If ``_get_skills_dir()`` returns ``None`` (e.g. the user removed
init-options.json or toggled ai_skills after installation), we
fall back to scanning all known agent skills directories so that
orphaned skill directories are still cleaned up. In that case
each candidate directory is verified against the SKILL.md
``metadata.source`` field before removal to avoid accidentally
deleting user-created skills with the same name.
If *skills_dir* is not provided and ``_get_skills_dir()`` returns
``None`` (e.g. the user removed init-options.json or toggled
ai_skills after installation), we fall back to scanning all known
agent skills directories so that orphaned skill directories are
still cleaned up. In that case each candidate directory is
verified against the SKILL.md ``metadata.source`` field before
removal to avoid accidentally deleting user-created skills with
the same name.
Args:
skill_names: List of skill names to remove.
extension_id: Extension ID used to verify ownership during
fallback candidate scanning.
skills_dir: Optional explicit skills directory to use instead
of resolving via ``_get_skills_dir()``. Useful when the
caller needs to target a specific agent's skills directory
regardless of the currently-active agent in init-options.
"""
if not skill_names:
return
skills_dir = self._get_skills_dir()
if skills_dir is None:
skills_dir = self._get_skills_dir()
if skills_dir:
# Fast path: we know the exact skills directory
@@ -1102,7 +1119,7 @@ class ExtensionManager:
raise CompatibilityError(
f"Extension requires spec-kit {required}, "
f"but {speckit_version} is installed.\n"
f"Upgrade spec-kit with: uv tool install specify-cli --force"
f"Upgrade spec-kit with: {REINSTALL_COMMAND}"
)
except InvalidSpecifier:
raise CompatibilityError(f"Invalid version specifier: {required}")
@@ -1326,6 +1343,156 @@ class ExtensionManager:
return True
@staticmethod
def _valid_name_list(value: Any) -> List[str]:
"""Return string entries from a registry list, ignoring corrupt values."""
if not isinstance(value, list):
return []
return [item for item in value if isinstance(item, str)]
def unregister_agent_artifacts(self, agent_name: str) -> None:
"""Remove extension files registered for a specific agent.
Extension command files are tracked per agent in ``registered_commands``.
Extension skills are scoped to the provided *agent_name*; they are removed
from that agent's skills directory (resolved via its integration config)
and the registry field is cleared.
Skips cleanup when *agent_name* is not a supported agent to avoid
losing registry entries while leaving orphaned files on disk.
"""
if not agent_name:
return
registrar = CommandRegistrar()
if agent_name not in registrar.AGENT_CONFIGS:
return
# Resolve the skills directory for the specific agent so cleanup is
# agent-scoped and does not depend on the currently-active agent in
# init-options. Use the same helper that extension install uses.
from . import _get_skills_dir as resolve_skills_dir
agent_skills_dir = resolve_skills_dir(self.project_root, agent_name)
for ext_id, metadata in self.registry.list().items():
updates: Dict[str, Any] = {}
registered_commands = metadata.get("registered_commands", {})
if isinstance(registered_commands, dict) and agent_name in registered_commands:
command_names = self._valid_name_list(registered_commands.get(agent_name))
if command_names:
registrar.unregister_commands({agent_name: command_names}, self.project_root)
new_registered = copy.deepcopy(registered_commands)
new_registered.pop(agent_name, None)
updates["registered_commands"] = new_registered
registered_skills = self._valid_name_list(metadata.get("registered_skills", []))
if registered_skills:
# Only pass the resolved skills_dir when it actually exists.
# Otherwise let _unregister_extension_skills fall back to
# scanning all known agent skills directories, which is useful
# for cleaning up stale entries created by earlier installs.
skills_dir = agent_skills_dir if agent_skills_dir.is_dir() else None
self._unregister_extension_skills(
registered_skills, ext_id, skills_dir=skills_dir
)
# Only reconcile registry state when cleanup was scoped to a
# specific existing directory. When skills_dir is None,
# _unregister_extension_skills falls back to scanning multiple
# candidate directories, so agent_skills_dir cannot be used to
# infer what was removed. When skills_dir is set,
# _unregister_extension_skills may intentionally skip deletion
# when ownership cannot be verified (e.g., corrupted/missing
# SKILL.md or mismatching metadata.source). Only drop registry
# entries for skill directories that were actually removed so
# future cleanup attempts can still find skipped ones.
if skills_dir is not None:
remaining_skills = [
skill_name
for skill_name in registered_skills
if (skills_dir / skill_name).is_dir()
]
if remaining_skills != registered_skills:
updates["registered_skills"] = remaining_skills
if updates:
self.registry.update(ext_id, updates)
def register_enabled_extensions_for_agent(self, agent_name: str) -> None:
"""Register installed, enabled extensions for ``agent_name``.
This is intended to be called after switching integrations. Command
registration is scoped to the explicit ``agent_name`` argument, but some
behavior still depends on the current init-options state (for example,
skills-mode handling uses the active ``ai`` / ``ai_skills`` settings).
Callers should therefore pass the agent that has just been made active
in init-options; in normal use, ``agent_name`` is expected to match the
current ``ai`` value. This mirrors extension install behavior while
avoiding stale default-mode command directories when that active agent
is running in skills mode (notably Copilot ``--skills``).
"""
if not agent_name:
return
from . import load_init_options
registrar = CommandRegistrar()
agent_config = registrar.AGENT_CONFIGS.get(agent_name)
init_options = load_init_options(self.project_root)
if not isinstance(init_options, dict):
init_options = {}
active_agent = init_options.get("ai")
skills_mode_active = (
active_agent == agent_name
and bool(init_options.get("ai_skills"))
and bool(agent_config)
and agent_config.get("extension") != "/SKILL.md"
)
for ext_id, metadata in self.registry.list().items():
if not metadata.get("enabled", True):
continue
manifest = self.get_extension(ext_id)
if manifest is None:
continue
ext_dir = self.extensions_dir / ext_id
updates: Dict[str, Any] = {}
if agent_config and not skills_mode_active:
registered = registrar.register_commands_for_agent(
agent_name, manifest, ext_dir, self.project_root
)
registered_commands = metadata.get("registered_commands", {})
if not isinstance(registered_commands, dict):
registered_commands = {}
new_registered = copy.deepcopy(registered_commands)
if registered:
new_registered[agent_name] = registered
else:
# Registration returned empty list (e.g., corrupted
# manifest pointing at missing command files). Clear
# stale entry so later cleanup doesn't try to remove
# files that were never written.
new_registered.pop(agent_name, None)
if new_registered != registered_commands:
updates["registered_commands"] = new_registered
registered_skills = self._register_extension_skills(manifest, ext_dir)
if registered_skills:
existing_skills = self._valid_name_list(metadata.get("registered_skills", []))
merged_skills = list(dict.fromkeys(existing_skills + registered_skills))
updates["registered_skills"] = merged_skills
if updates:
self.registry.update(ext_id, updates)
def list_installed(self) -> List[Dict[str, Any]]:
"""List all installed extensions with metadata.
@@ -1539,6 +1706,22 @@ class ExtensionCatalog:
if not parsed.netloc:
raise ValidationError("Catalog URL must be a valid URL with a host.")
def _make_request(self, url: str):
"""Build a urllib Request, adding a GitHub auth header when available.
Delegates to :func:`specify_cli._github_http.build_github_request`.
"""
from specify_cli._github_http import build_github_request
return build_github_request(url)
def _open_url(self, url: str, timeout: int = 10):
"""Open a URL with GitHub auth, stripping the header on cross-host redirects.
Delegates to :func:`specify_cli._github_http.open_github_url`.
"""
from specify_cli._github_http import open_github_url
return open_github_url(url, timeout)
def _load_catalog_config(self, config_path: Path) -> Optional[List[CatalogEntry]]:
"""Load catalog stack configuration from a YAML file.
@@ -1695,7 +1878,6 @@ class ExtensionCatalog:
Raises:
ExtensionError: If catalog cannot be fetched or has invalid format
"""
import urllib.request
import urllib.error
# Determine cache file paths (backward compat for default catalog)
@@ -1729,7 +1911,7 @@ class ExtensionCatalog:
# Fetch from network
try:
with urllib.request.urlopen(entry.url, timeout=10) as response:
with self._open_url(entry.url, timeout=10) as response:
catalog_data = json.loads(response.read())
if "schema_version" not in catalog_data or "extensions" not in catalog_data:
@@ -1843,10 +2025,9 @@ class ExtensionCatalog:
catalog_url = self.get_catalog_url()
try:
import urllib.request
import urllib.error
with urllib.request.urlopen(catalog_url, timeout=10) as response:
with self._open_url(catalog_url, timeout=10) as response:
catalog_data = json.loads(response.read())
# Validate catalog structure
@@ -1957,7 +2138,6 @@ class ExtensionCatalog:
Raises:
ExtensionError: If extension not found or download fails
"""
import urllib.request
import urllib.error
# Get extension info from catalog
@@ -1997,7 +2177,7 @@ class ExtensionCatalog:
# Download the ZIP file
try:
with urllib.request.urlopen(download_url, timeout=60) as response:
with self._open_url(download_url, timeout=60) as response:
zip_data = response.read()
zip_path.write_bytes(zip_data)

View File

@@ -56,6 +56,7 @@ def _register_builtins() -> None:
from .codex import CodexIntegration
from .copilot import CopilotIntegration
from .cursor_agent import CursorAgentIntegration
from .devin import DevinIntegration
from .forge import ForgeIntegration
from .gemini import GeminiIntegration
from .generic import GenericIntegration
@@ -86,6 +87,7 @@ def _register_builtins() -> None:
_register(CodexIntegration())
_register(CopilotIntegration())
_register(CursorAgentIntegration())
_register(DevinIntegration())
_register(ForgeIntegration())
_register(GeminiIntegration())
_register(GenericIntegration())

View File

@@ -16,7 +16,7 @@ import re
from dataclasses import dataclass
from datetime import datetime, timezone
from pathlib import Path
from typing import Any, Dict, List, Optional
from typing import Any, Dict, List, Optional, Tuple
import yaml
from packaging import version as pkg_version
@@ -30,6 +30,10 @@ class IntegrationCatalogError(Exception):
"""Raised when a catalog operation fails."""
class IntegrationValidationError(IntegrationCatalogError):
"""Validation error for catalog config or catalog management operations."""
class IntegrationDescriptorError(Exception):
"""Raised when an integration.yml descriptor is invalid."""
@@ -96,28 +100,36 @@ class IntegrationCatalog:
Returns None when the file does not exist.
Raises:
IntegrationCatalogError: on invalid content
IntegrationValidationError: on any local-config / YAML problem
(parse failures, wrong shape, missing/invalid fields,
invalid catalog URLs, etc.). This is a subclass of
:class:`IntegrationCatalogError`, so any caller that already
catches ``IntegrationCatalogError`` keeps working — but
callers that want to distinguish *local config* problems
from *remote/network* problems can match the subclass.
"""
if not config_path.exists():
return None
try:
data = yaml.safe_load(config_path.read_text(encoding="utf-8")) or {}
data = yaml.safe_load(config_path.read_text(encoding="utf-8"))
except (yaml.YAMLError, OSError, UnicodeError) as exc:
raise IntegrationCatalogError(
raise IntegrationValidationError(
f"Failed to read catalog config {config_path}: {exc}"
)
) from exc
if data is None:
data = {}
if not isinstance(data, dict):
raise IntegrationCatalogError(
raise IntegrationValidationError(
f"Invalid catalog config {config_path}: expected a YAML mapping at the root"
)
catalogs_data = data.get("catalogs", [])
if not isinstance(catalogs_data, list):
raise IntegrationCatalogError(
f"Invalid catalog config: 'catalogs' must be a list, "
raise IntegrationValidationError(
f"Invalid catalog config {config_path}: 'catalogs' must be a list, "
f"got {type(catalogs_data).__name__}"
)
if not catalogs_data:
raise IntegrationCatalogError(
raise IntegrationValidationError(
f"Catalog config {config_path} exists but contains no 'catalogs' entries. "
f"Remove the file to use built-in defaults, or add valid catalog entries."
)
@@ -125,31 +137,52 @@ class IntegrationCatalog:
skipped: List[int] = []
for idx, item in enumerate(catalogs_data):
if not isinstance(item, dict):
raise IntegrationCatalogError(
f"Invalid catalog entry at index {idx}: "
raise IntegrationValidationError(
f"Invalid catalog config {config_path}: catalog entry at index {idx}: "
f"expected a mapping, got {type(item).__name__}"
)
url = str(item.get("url", "")).strip()
if not url:
skipped.append(idx)
continue
self._validate_catalog_url(url)
try:
priority = int(item.get("priority", idx + 1))
except (TypeError, ValueError):
raise IntegrationCatalogError(
self._validate_catalog_url(url)
except IntegrationCatalogError as exc:
# ``_validate_catalog_url`` raises the base class for direct
# callers (e.g. ``add_catalog`` validating user input); when
# the bad URL came from a local config file, surface it as a
# validation error so CLI handlers can route it accordingly.
raise IntegrationValidationError(
f"Invalid catalog URL in {config_path} at index {idx}: {exc}"
) from exc
raw_priority = item.get("priority", idx + 1)
if isinstance(raw_priority, bool):
raise IntegrationValidationError(
f"Invalid catalog config {config_path}: "
f"Invalid priority for catalog '{item.get('name', idx + 1)}': "
f"expected integer, got {item.get('priority')!r}"
f"expected integer, got {raw_priority!r}"
)
try:
priority = int(raw_priority)
except (TypeError, ValueError):
raise IntegrationValidationError(
f"Invalid catalog config {config_path}: "
f"Invalid priority for catalog '{item.get('name', idx + 1)}': "
f"expected integer, got {raw_priority!r}"
)
raw_install = item.get("install_allowed", False)
if isinstance(raw_install, str):
install_allowed = raw_install.strip().lower() in ("true", "yes", "1")
else:
install_allowed = bool(raw_install)
raw_name = item.get("name")
name = str(raw_name).strip() if raw_name is not None else ""
if not name:
name = f"catalog-{len(entries) + 1}"
entries.append(
IntegrationCatalogEntry(
url=url,
name=str(item.get("name", f"catalog-{idx + 1}")),
name=name,
priority=priority,
install_allowed=install_allowed,
description=str(item.get("description", "")),
@@ -157,7 +190,7 @@ class IntegrationCatalog:
)
entries.sort(key=lambda e: e.priority)
if not entries:
raise IntegrationCatalogError(
raise IntegrationValidationError(
f"Catalog config {config_path} contains {len(catalogs_data)} "
f"entries but none have valid URLs (entries at indices {skipped} "
f"were skipped). Each catalog entry must have a 'url' field."
@@ -196,12 +229,12 @@ class IntegrationCatalog:
)
]
project_cfg = self.project_root / ".specify" / "integration-catalogs.yml"
project_cfg = self.project_root / ".specify" / self.CONFIG_FILENAME
catalogs = self._load_catalog_config(project_cfg)
if catalogs is not None:
return catalogs
user_cfg = Path.home() / ".specify" / "integration-catalogs.yml"
user_cfg = Path.home() / ".specify" / self.CONFIG_FILENAME
catalogs = self._load_catalog_config(user_cfg)
if catalogs is not None:
return catalogs
@@ -408,6 +441,288 @@ class IntegrationCatalog:
for f in self.cache_dir.glob(pattern):
f.unlink(missing_ok=True)
# -- Catalog-source management ----------------------------------------
CONFIG_FILENAME = "integration-catalogs.yml"
def get_catalog_configs(self) -> List[Dict[str, Any]]:
"""Return the active catalog stack as a list of dicts.
Thin adapter over :meth:`get_active_catalogs` that yields plain dicts
suitable for CLI rendering and JSON-like consumers.
"""
return [
{
"name": e.name,
"url": e.url,
"priority": e.priority,
"install_allowed": e.install_allowed,
"description": e.description,
}
for e in self.get_active_catalogs()
]
def get_project_catalog_configs(self) -> Optional[List[Dict[str, Any]]]:
"""Return removable project-level catalog config entries, if configured."""
config_path = self.project_root / ".specify" / self.CONFIG_FILENAME
entries = self._load_catalog_config(config_path)
if entries is None:
return None
return [
{
"name": e.name,
"url": e.url,
"priority": e.priority,
"install_allowed": e.install_allowed,
"description": e.description,
}
for e in entries
]
def add_catalog(self, url: str, name: Optional[str] = None) -> None:
"""Add a catalog source to the project-level config file.
The URL is normalized (whitespace stripped) and validated before being
written. Duplicate URLs are rejected, including near-duplicates that
differ only by surrounding whitespace. Priority is derived as
``max(existing) + 1`` so the new entry sorts last in the resolution
order unless the user edits the file manually.
"""
url = url.strip()
if not url:
raise IntegrationValidationError("Catalog URL must be non-empty.")
self._validate_catalog_url(url)
config_path = self.project_root / ".specify" / self.CONFIG_FILENAME
data: Dict[str, Any] = {"catalogs": []}
if config_path.exists():
try:
raw = yaml.safe_load(config_path.read_text(encoding="utf-8"))
except (yaml.YAMLError, OSError, UnicodeError) as exc:
raise IntegrationValidationError(
f"Failed to read catalog config {config_path}: {exc}"
) from exc
if raw is None:
raw = {}
if not isinstance(raw, dict):
raise IntegrationValidationError(
f"Catalog config file {config_path} is corrupted "
"(expected a mapping)."
)
data = raw
catalogs = data.get("catalogs", [])
if not isinstance(catalogs, list):
raise IntegrationValidationError(
f"Catalog config {config_path} has invalid 'catalogs' value: "
"must be a list."
)
# Validate each existing entry before mutating anything. Fail fast so
# we don't silently preserve a corrupt sibling entry or derive a new
# priority from a bogus value.
existing_priorities: List[int] = []
valid_catalog_count = 0
for idx, cat in enumerate(catalogs):
if not isinstance(cat, dict):
raise IntegrationValidationError(
f"Invalid catalog entry at index {idx} in {config_path}: "
f"expected a mapping, got {type(cat).__name__}."
)
existing_url = str(cat.get("url", "")).strip()
if not existing_url:
continue
# Re-run the same URL validation used when loading, so a corrupt
# entry surfaces here instead of at the next `integration` call.
try:
self._validate_catalog_url(existing_url)
except IntegrationCatalogError as exc:
raise IntegrationValidationError(
f"Invalid catalog entry at index {idx} in {config_path}: {exc}"
) from exc
if existing_url == url:
raise IntegrationValidationError(
f"Catalog URL already configured: {url}"
)
valid_catalog_count += 1
if "priority" in cat:
raw_priority = cat.get("priority")
if isinstance(raw_priority, bool):
raise IntegrationValidationError(
f"Invalid catalog entry at index {idx} in {config_path}: "
f"'priority' must be an integer, got "
f"{type(raw_priority).__name__}."
)
try:
normalized_priority = int(raw_priority)
except (TypeError, ValueError):
raise IntegrationValidationError(
f"Invalid catalog entry at index {idx} in {config_path}: "
f"'priority' must be an integer, got "
f"{raw_priority!r}."
) from None
existing_priorities.append(normalized_priority)
else:
# Match `_load_catalog_config()`'s defaulting rule so the new
# entry still sorts after implicit-priority siblings.
existing_priorities.append(idx + 1)
max_priority = max(existing_priorities, default=0)
normalized_name = str(name).strip() if name is not None else ""
generated_name = f"catalog-{valid_catalog_count + 1}"
catalogs.append(
{
"name": normalized_name or generated_name,
"url": url,
"priority": max_priority + 1,
"install_allowed": True,
"description": "",
}
)
data["catalogs"] = catalogs
config_path.parent.mkdir(parents=True, exist_ok=True)
with open(config_path, "w", encoding="utf-8") as f:
yaml.dump(
data,
f,
default_flow_style=False,
sort_keys=False,
allow_unicode=True,
)
def remove_catalog(self, index: int) -> str:
"""Remove a catalog source by 0-based index.
``index`` is interpreted in the same display order shown by
``integration catalog list`` (i.e. sorted ascending by priority,
with missing priority defaulting to ``yaml_index + 1``, matching
``_load_catalog_config()``). This way, the index a user sees in
``catalog list`` is the index they pass to ``catalog remove``,
even if the underlying YAML lists entries in a different order
from how they sort by priority.
Returns the removed catalog's name.
"""
config_path = self.project_root / ".specify" / self.CONFIG_FILENAME
if not config_path.exists():
raise IntegrationValidationError("No catalog config file found.")
try:
data = yaml.safe_load(config_path.read_text(encoding="utf-8"))
except (yaml.YAMLError, OSError, UnicodeError) as exc:
raise IntegrationValidationError(
f"Failed to read catalog config {config_path}: {exc}"
) from exc
if data is None:
data = {}
if not isinstance(data, dict):
raise IntegrationValidationError(
f"Catalog config file {config_path} is corrupted "
"(expected a mapping)."
)
catalogs = data.get("catalogs", [])
if not isinstance(catalogs, list):
raise IntegrationValidationError(
f"Catalog config {config_path} has invalid 'catalogs' value: "
"must be a list."
)
if not catalogs:
# An empty list is the kind of state that only happens if the
# user hand-edited the file; our own `remove_catalog` deletes
# the file when the last entry is popped. Surface a clear
# message instead of `out of range (0--1)`.
raise IntegrationValidationError(
"Catalog config contains no catalog entries."
)
# Map displayed index -> raw YAML index using the same priority
# defaulting as ``_load_catalog_config``. We deliberately stay
# tolerant here (no new validation errors) because the goal is
# only to mirror the order shown by ``catalog list``; entries
# that ``_load_catalog_config`` would have rejected outright
# would have failed ``catalog list`` already.
def _is_removable_catalog_entry(item: Any) -> bool:
if not isinstance(item, dict):
return False
raw_url = item.get("url")
if raw_url is None:
return False
return bool(str(raw_url).strip())
priority_pairs: List[Tuple[int, int]] = []
for yaml_idx, item in enumerate(catalogs):
if not _is_removable_catalog_entry(item):
continue
raw_priority = item.get("priority", yaml_idx + 1)
if isinstance(raw_priority, bool):
priority = yaml_idx + 1
else:
try:
priority = int(raw_priority)
except (TypeError, ValueError):
priority = yaml_idx + 1
priority_pairs.append((priority, yaml_idx))
if not priority_pairs:
raise IntegrationValidationError(
"Catalog config contains no removable catalog entries."
)
# Stable sort: ties keep their YAML order, matching list-view ordering.
priority_pairs.sort(key=lambda p: p[0])
display_order: List[int] = [yaml_idx for _, yaml_idx in priority_pairs]
if index < 0 or index >= len(display_order):
raise IntegrationValidationError(
f"Catalog index {index} out of range (0-{len(display_order) - 1})."
)
target_yaml_idx = display_order[index]
removed = catalogs.pop(target_yaml_idx)
if any(_is_removable_catalog_entry(item) for item in catalogs):
data["catalogs"] = catalogs
with open(config_path, "w", encoding="utf-8") as f:
yaml.dump(
data,
f,
default_flow_style=False,
sort_keys=False,
allow_unicode=True,
)
else:
# Removing the final entry: delete the config file rather than
# leaving behind an empty `catalogs:` list. `_load_catalog_config`
# treats an empty list as an error, so leaving the file would
# break every subsequent `integration` command until the user
# manually deletes `.specify/integration-catalogs.yml`.
# Deleting the file lets the project fall back to built-in
# defaults, which matches the behavior before any
# `catalog add` was ever run.
try:
config_path.unlink(missing_ok=True)
except OSError as exc:
raise IntegrationValidationError(
f"Failed to delete catalog config {config_path}: {exc}"
) from exc
fallback_name = f"catalog-{index + 1}"
if isinstance(removed, dict):
removed_name = removed.get("name")
if removed_name is not None:
normalized_name = str(removed_name).strip()
if normalized_name:
return normalized_name
removed_url = removed.get("url")
if removed_url is not None:
normalized_url = str(removed_url).strip()
if normalized_url:
return normalized_url
return fallback_name
# ---------------------------------------------------------------------------
# IntegrationDescriptor (integration.yml)

View File

@@ -0,0 +1,65 @@
"""Devin for Terminal integration — skills-based agent.
Devin uses the ``.devin/skills/speckit-<name>/SKILL.md`` layout and
reads project context from ``AGENTS.md`` at the repo root. The CLI
binary is ``devin`` and skills are invoked via ``/<name>`` inside an
interactive ``devin`` session.
See: https://cli.devin.ai/docs/extensibility/skills/overview
"""
from __future__ import annotations
from ..base import IntegrationOption, SkillsIntegration
class DevinIntegration(SkillsIntegration):
"""Integration for Cognition AI's Devin for Terminal."""
key = "devin"
config = {
"name": "Devin for Terminal",
"folder": ".devin/",
"commands_subdir": "skills",
"install_url": "https://cli.devin.ai/docs",
"requires_cli": True,
}
registrar_config = {
"dir": ".devin/skills",
"format": "markdown",
"args": "$ARGUMENTS",
"extension": "/SKILL.md",
}
context_file = "AGENTS.md"
def build_exec_args(
self,
prompt: str,
*,
model: str | None = None,
output_json: bool = True,
) -> list[str] | None:
"""Build non-interactive CLI args for Devin for Terminal.
Devin supports ``devin -p <prompt>`` for single-turn execution
and ``--model`` for model selection, but its CLI has no flag
for structured JSON output. When ``output_json`` is requested,
Devin is still dispatched normally and returns plain-text
stdout instead of structured JSON. ``requires_cli=True`` is
kept on the integration for tool detection.
"""
args = [self.key, "-p", prompt]
if model:
args.extend(["--model", model])
return args
@classmethod
def options(cls) -> list[IntegrationOption]:
return [
IntegrationOption(
"--skills",
is_flag=True,
default=True,
help="Install as agent skills (default for Devin)",
),
]

View File

@@ -19,3 +19,27 @@ class OpencodeIntegration(MarkdownIntegration):
"extension": ".md",
}
context_file = "AGENTS.md"
def build_exec_args(
self,
prompt: str,
*,
model: str | None = None,
output_json: bool = True,
) -> list[str] | None:
args = [self.key, "run"]
message = prompt
if prompt.startswith("/"):
command, _, remainder = prompt[1:].partition(" ")
if command:
args.extend(["--command", command])
message = remainder
if model:
args.extend(["-m", model])
if output_json:
args.extend(["--format", "json"])
if message:
args.append(message)
return args

View File

@@ -27,7 +27,7 @@ import yaml
from packaging import version as pkg_version
from packaging.specifiers import SpecifierSet, InvalidSpecifier
from .extensions import ExtensionRegistry, normalize_priority
from .extensions import REINSTALL_COMMAND, ExtensionRegistry, normalize_priority
def _substitute_core_template(
@@ -136,12 +136,25 @@ class PresetManifest:
def _load_yaml(self, path: Path) -> dict:
"""Load YAML file safely."""
try:
with open(path, 'r') as f:
return yaml.safe_load(f) or {}
with open(path, 'r', encoding='utf-8') as f:
data = yaml.safe_load(f)
except yaml.YAMLError as e:
raise PresetValidationError(f"Invalid YAML in {path}: {e}")
except FileNotFoundError:
raise PresetValidationError(f"Manifest not found: {path}")
except UnicodeDecodeError as e:
raise PresetValidationError(
f"Manifest is not valid UTF-8: {path} ({e.reason} at byte {e.start})"
)
except OSError as e:
raise PresetValidationError(f"Could not read manifest {path}: {e}")
if data is None:
return {}
if not isinstance(data, dict):
raise PresetValidationError(
f"Manifest must be a YAML mapping, got {type(data).__name__}: {path}"
)
return data
def _validate(self):
"""Validate manifest structure and required fields."""
@@ -563,7 +576,7 @@ class PresetManager:
raise PresetCompatibilityError(
f"Preset requires spec-kit {required}, "
f"but {speckit_version} is installed.\n"
f"Upgrade spec-kit with: uv tool install specify-cli --force"
f"Upgrade spec-kit with: {REINSTALL_COMMAND}"
)
except InvalidSpecifier:
raise PresetCompatibilityError(
@@ -1831,6 +1844,22 @@ class PresetCatalog:
"Catalog URL must be a valid URL with a host."
)
def _make_request(self, url: str):
"""Build a urllib Request, adding a GitHub auth header when available.
Delegates to :func:`specify_cli._github_http.build_github_request`.
"""
from specify_cli._github_http import build_github_request
return build_github_request(url)
def _open_url(self, url: str, timeout: int = 10):
"""Open a URL with GitHub auth, stripping the header on cross-host redirects.
Delegates to :func:`specify_cli._github_http.open_github_url`.
"""
from specify_cli._github_http import open_github_url
return open_github_url(url, timeout)
def _load_catalog_config(self, config_path: Path) -> Optional[List[PresetCatalogEntry]]:
"""Load catalog stack configuration from a YAML file.
@@ -2013,10 +2042,7 @@ class PresetCatalog:
pass
try:
import urllib.request
import urllib.error
with urllib.request.urlopen(entry.url, timeout=10) as response:
with self._open_url(entry.url, timeout=10) as response:
catalog_data = json.loads(response.read())
if (
@@ -2109,10 +2135,7 @@ class PresetCatalog:
pass
try:
import urllib.request
import urllib.error
with urllib.request.urlopen(catalog_url, timeout=10) as response:
with self._open_url(catalog_url, timeout=10) as response:
catalog_data = json.loads(response.read())
if (
@@ -2231,7 +2254,6 @@ class PresetCatalog:
Raises:
PresetError: If pack not found or download fails
"""
import urllib.request
import urllib.error
pack_info = self.get_pack_info(pack_id)
@@ -2283,7 +2305,7 @@ class PresetCatalog:
zip_path = target_dir / zip_filename
try:
with urllib.request.urlopen(download_url, timeout=60) as response:
with self._open_url(download_url, timeout=60) as response:
zip_data = response.read()
zip_path.write_bytes(zip_data)

View File

@@ -183,7 +183,7 @@ Given that feature description, do this:
c. **Handle Validation Results**:
- **If all items pass**: Mark checklist complete and proceed to step 7
- **If all items pass**: Mark checklist complete and proceed to step 8
- **If items fail (excluding [NEEDS CLARIFICATION])**:
1. List the failing items and specific issues

View File

@@ -112,7 +112,7 @@ class TestInitIntegrationFlag:
assert "--ai" in normalized_output
assert "deprecated" in normalized_output
assert "no longer be available" in normalized_output
assert "1.0.0" in normalized_output
assert "0.10.0" in normalized_output
assert "--integration copilot" in normalized_output
assert normalized_output.index("Deprecation Warning") < normalized_output.index("Next Steps")
assert (project / ".github" / "agents" / "speckit.plan.agent.md").exists()
@@ -446,6 +446,33 @@ class TestGitExtensionAutoInstall:
ext_dir = project / ".specify" / "extensions" / "git"
assert not ext_dir.exists(), "git extension should not be installed with --no-git"
def test_no_git_emits_deprecation_warning(self, tmp_path):
"""Using --no-git emits a visible deprecation warning."""
from typer.testing import CliRunner
from specify_cli import app
project = tmp_path / "no-git-warn"
project.mkdir()
old_cwd = os.getcwd()
try:
os.chdir(project)
runner = CliRunner()
result = runner.invoke(app, [
"init", "--here", "--ai", "claude", "--script", "sh",
"--no-git", "--ignore-agent-tools",
], catch_exceptions=False)
finally:
os.chdir(old_cwd)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 0, result.output
assert "--no-git" in normalized_output
assert "deprecated" in normalized_output
assert "0.10.0" in normalized_output
assert "specify extension" in normalized_output
assert "will be removed" in normalized_output
assert "git extension will no longer be enabled by default" in normalized_output
def test_git_extension_commands_registered(self, tmp_path):
"""Git extension commands are registered with the agent during init."""
from typer.testing import CliRunner
@@ -601,3 +628,550 @@ class TestSharedInfraCommandRefs:
assert "/speckit-plan" in content, "Copilot --skills should use /speckit-plan"
assert "/speckit.plan" not in content, "dot-notation leaked into Copilot skills page template"
assert "__SPECKIT_COMMAND_" not in content
class TestIntegrationCatalogDiscoveryCLI:
"""End-to-end CLI tests for `integration search`, `info`, and `catalog …`.
All tests patch `IntegrationCatalog._get_merged_integrations` so no network
or on-disk cache is touched. Adds #2344 coverage without affecting any
existing integration install/switch/uninstall/upgrade behavior.
"""
FAKE_INTEGRATIONS = [
{
"id": "acme-coder",
"name": "Acme Coder",
"version": "2.0.0",
"description": "Community integration for Acme Coder",
"author": "acme-org",
"tags": ["cli", "acme"],
"_catalog_name": "community",
"_install_allowed": False,
},
{
"id": "stellar-agent",
"name": "Stellar Agent",
"version": "1.3.0",
"description": "First-party Stellar agent integration",
"author": "stellar-labs",
"tags": ["ide"],
"_catalog_name": "default",
"_install_allowed": True,
},
]
def _make_project(self, tmp_path):
project = tmp_path / "proj"
project.mkdir()
(project / ".specify").mkdir()
return project
def _patch_catalog(self, monkeypatch, integrations=None):
"""Return a stubbed `_get_merged_integrations` that yields *integrations*."""
from specify_cli.integrations.catalog import IntegrationCatalog
data = list(integrations if integrations is not None else self.FAKE_INTEGRATIONS)
def fake_merged(self, force_refresh=False):
return data
monkeypatch.setattr(IntegrationCatalog, "_get_merged_integrations", fake_merged)
def _invoke(self, argv, cwd):
from typer.testing import CliRunner
from specify_cli import app
runner = CliRunner()
old = os.getcwd()
try:
os.chdir(cwd)
return runner.invoke(app, argv, catch_exceptions=False)
finally:
os.chdir(old)
# -- Project guard -----------------------------------------------------
def test_search_requires_specify_project(self, tmp_path):
project = tmp_path / "bare"
project.mkdir()
result = self._invoke(["integration", "search"], project)
assert result.exit_code == 1
assert "Not a spec-kit project" in result.output
def test_catalog_list_requires_specify_project(self, tmp_path):
project = tmp_path / "bare"
project.mkdir()
result = self._invoke(["integration", "catalog", "list"], project)
assert result.exit_code == 1
assert "Not a spec-kit project" in result.output
# -- search ------------------------------------------------------------
def test_search_lists_all(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(["integration", "search"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 0, result.output
assert "Found 2 integration(s)" in result.output
assert "acme-coder" in result.output
assert "stellar-agent" in result.output
assert "specify integration install stellar-agent" not in normalized_output
assert "Only built-in integration IDs can be installed" in normalized_output
def test_search_validates_integration_json_before_catalog_lookup(
self, tmp_path, monkeypatch
):
project = self._make_project(tmp_path)
(project / ".specify" / "integration.json").write_text(
"{bad json\n", encoding="utf-8"
)
from specify_cli.integrations.catalog import IntegrationCatalog
def fail_search(self, **kwargs):
raise AssertionError("catalog search should not be called")
monkeypatch.setattr(IntegrationCatalog, "search", fail_search)
result = self._invoke(["integration", "search"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 1
assert "contains invalid JSON" in normalized_output
assert "integration.json" in normalized_output
def test_search_filters_by_tag(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(["integration", "search", "--tag", "acme"], project)
assert result.exit_code == 0, result.output
assert "Found 1 integration(s)" in result.output
assert "acme-coder" in result.output
assert "stellar-agent" not in result.output
def test_search_filters_by_author(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(
["integration", "search", "--author", "stellar-labs"], project
)
assert result.exit_code == 0, result.output
assert "Found 1 integration(s)" in result.output
assert "stellar-agent" in result.output
def test_search_no_match_hint(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(
["integration", "search", "--tag", "nope"], project
)
assert result.exit_code == 0, result.output
assert "No integrations found" in result.output
assert "specify integration search" in result.output
def test_search_marks_discovery_only_entry(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(["integration", "search", "acme"], project)
assert result.exit_code == 0, result.output
# acme-coder is flagged _install_allowed=False, so we should warn
assert "Not directly installable" in result.output
# -- info --------------------------------------------------------------
def test_info_found(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(
["integration", "info", "stellar-agent"], project
)
assert result.exit_code == 0, result.output
assert "Stellar Agent" in result.output
assert "stellar-agent" in result.output
assert "v1.3.0" in result.output
def test_info_not_found(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
self._patch_catalog(monkeypatch)
result = self._invoke(
["integration", "info", "does-not-exist"], project
)
assert result.exit_code == 1
assert "not found" in result.output
def test_info_builtin_not_in_catalog(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
# Empty catalog, but copilot is a registered built-in.
self._patch_catalog(monkeypatch, integrations=[])
result = self._invoke(["integration", "info", "copilot"], project)
assert result.exit_code == 0, result.output
assert "Built-in integration" in result.output
# -- validation vs network guidance ------------------------------------
def test_search_local_config_error_shows_local_config_tip(
self, tmp_path, monkeypatch
):
"""`integration search` must point at .specify/integration-catalogs.yml
for local-config errors (not the generic 'temporarily unavailable')."""
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
# Corrupt YAML to drive _load_catalog_config -> IntegrationValidationError.
cfg = project / ".specify" / "integration-catalogs.yml"
invalid_yaml = "catalogs:\n - [bad\n"
cfg.write_text(invalid_yaml, encoding="utf-8")
result = self._invoke(["integration", "search"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 1, result.output
assert "configuration file path shown above" in normalized_output
assert ".specify/integration-catalogs.yml" in normalized_output
assert "~/.specify/integration-catalogs.yml" in normalized_output
assert "temporarily unavailable" not in normalized_output
def test_search_invalid_env_catalog_url_shows_env_tip(
self, tmp_path, monkeypatch
):
project = self._make_project(tmp_path)
monkeypatch.setenv(
"SPECKIT_INTEGRATION_CATALOG_URL",
"http://insecure.example.com/catalog.json",
)
result = self._invoke(["integration", "search"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 1, result.output
assert "SPECKIT_INTEGRATION_CATALOG_URL environment variable" in normalized_output
assert "unset it to use the configured catalog files" in normalized_output
assert ".specify/integration-catalogs.yml" in normalized_output
assert "~/.specify/integration-catalogs.yml" in normalized_output
assert "temporarily unavailable" not in normalized_output
def test_search_whitespace_env_catalog_url_uses_generic_catalog_tip(
self, tmp_path, monkeypatch
):
project = self._make_project(tmp_path)
monkeypatch.setenv("SPECKIT_INTEGRATION_CATALOG_URL", " ")
from specify_cli.integrations.catalog import (
IntegrationCatalog,
IntegrationCatalogError,
)
def fail_search(self, **kwargs):
raise IntegrationCatalogError("catalog offline")
monkeypatch.setattr(IntegrationCatalog, "search", fail_search)
result = self._invoke(["integration", "search"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 1, result.output
assert "temporarily unavailable" in normalized_output
assert (
"SPECKIT_INTEGRATION_CATALOG_URL environment variable"
not in normalized_output
)
def test_info_unknown_with_local_config_error_shows_local_config_tip(
self, tmp_path, monkeypatch
):
"""`integration info <unknown>` falls back to the catalog-error branch
and must show local-config guidance, not 'Try again when online'."""
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
cfg = project / ".specify" / "integration-catalogs.yml"
invalid_yaml = "catalogs:\n - [bad\n"
cfg.write_text(invalid_yaml, encoding="utf-8")
result = self._invoke(
["integration", "info", "definitely-not-real"], project
)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 1, result.output
assert "configuration file path shown above" in normalized_output
assert ".specify/integration-catalogs.yml" in normalized_output
assert "~/.specify/integration-catalogs.yml" in normalized_output
assert "Try again when online" not in normalized_output
def test_info_unknown_with_invalid_env_catalog_url_shows_env_tip(
self, tmp_path, monkeypatch
):
project = self._make_project(tmp_path)
monkeypatch.setenv(
"SPECKIT_INTEGRATION_CATALOG_URL",
"http://insecure.example.com/catalog.json",
)
result = self._invoke(
["integration", "info", "definitely-not-real"], project
)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 1, result.output
assert "SPECKIT_INTEGRATION_CATALOG_URL" in normalized_output
assert "unset it to use the configured catalog files" in normalized_output
assert "Try again when online" not in normalized_output
# -- catalog list / add / remove ---------------------------------------
def test_catalog_list_shows_builtin_defaults(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
result = self._invoke(["integration", "catalog", "list"], project)
assert result.exit_code == 0, result.output
assert "Integration Catalog Sources" in result.output
assert "No project-level catalog sources configured" in result.output
assert "Active catalog sources" in result.output
assert "non-removable" in result.output
assert "default" in result.output
assert "community" in result.output
# Built-in defaults are active, but not removable project entries.
assert "[0]" not in result.output
assert "[1]" not in result.output
def test_catalog_add_then_remove_roundtrip(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
add_result = self._invoke(
[
"integration",
"catalog",
"add",
"https://new.example.com/catalog.json",
"--name",
"mine",
],
project,
)
assert add_result.exit_code == 0, add_result.output
assert "Catalog source added" in add_result.output
cfg_path = project / ".specify" / "integration-catalogs.yml"
assert cfg_path.exists()
list_result = self._invoke(["integration", "catalog", "list"], project)
assert list_result.exit_code == 0, list_result.output
assert "Project catalog sources" in list_result.output
assert "[0]" in list_result.output
assert "mine" in list_result.output
assert "default" not in list_result.output
assert "community" not in list_result.output
remove_result = self._invoke(
["integration", "catalog", "remove", "0"], project
)
assert remove_result.exit_code == 0, remove_result.output
assert "'mine' removed" in remove_result.output
def test_catalog_list_normalizes_blank_project_catalog_names(
self, tmp_path, monkeypatch
):
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
cfg_path = project / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": "https://null-name.example.com/catalog.json",
"name": None,
},
{
"url": "https://blank-name.example.com/catalog.json",
"name": " ",
},
]
}
),
encoding="utf-8",
)
result = self._invoke(["integration", "catalog", "list"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 0, result.output
assert "[0] catalog-1" in normalized_output
assert "[1] catalog-2" in normalized_output
assert "None" not in normalized_output
def test_catalog_list_env_override_supersedes_project_config(
self, tmp_path, monkeypatch
):
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.setenv(
"SPECKIT_INTEGRATION_CATALOG_URL",
"https://env.example.com/catalog.json",
)
cfg_path = project / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": "https://project.example.com/catalog.json",
"name": "project",
"priority": 1,
}
]
}
),
encoding="utf-8",
)
result = self._invoke(["integration", "catalog", "list"], project)
normalized_output = _normalize_cli_output(result.output)
assert result.exit_code == 0, result.output
assert "SPECKIT_INTEGRATION_CATALOG_URL is set" in normalized_output
assert "supersedes configured catalog files" in normalized_output
assert "non-removable" in normalized_output
assert "https://env.example.com/catalog.json" in normalized_output
assert "https://project.example.com/catalog.json" not in normalized_output
assert "[0]" not in normalized_output
def test_catalog_add_strips_whitespace_in_success_output_and_storage(
self, tmp_path, monkeypatch
):
"""Surrounding whitespace in the URL must not appear in the success
message or be persisted to the YAML config."""
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
padded_url = " https://padded.example.com/catalog.json "
clean_url = "https://padded.example.com/catalog.json"
add_result = self._invoke(
[
"integration",
"catalog",
"add",
padded_url,
"--name",
"padded",
],
project,
)
assert add_result.exit_code == 0, add_result.output
assert clean_url in add_result.output
assert padded_url not in add_result.output
cfg_path = project / ".specify" / "integration-catalogs.yml"
import yaml as _yaml
data = _yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
urls = [c["url"] for c in data["catalogs"]]
assert clean_url in urls
assert padded_url not in urls
def test_catalog_add_rejects_invalid_url(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
result = self._invoke(
[
"integration",
"catalog",
"add",
"http://insecure.example.com/catalog.json",
],
project,
)
assert result.exit_code == 1
assert "HTTPS" in result.output
def test_catalog_add_rejects_duplicate(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
url = "https://dup.example.com/catalog.json"
first = self._invoke(
["integration", "catalog", "add", url], project
)
assert first.exit_code == 0, first.output
second = self._invoke(
["integration", "catalog", "add", url], project
)
assert second.exit_code == 1
assert "already configured" in second.output
def test_catalog_remove_out_of_range(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
# Need a config file for remove to attempt an index lookup
self._invoke(
[
"integration",
"catalog",
"add",
"https://only.example.com/catalog.json",
],
project,
)
result = self._invoke(
["integration", "catalog", "remove", "9"], project
)
assert result.exit_code == 1
assert "out of range" in result.output
def test_catalog_remove_without_config(self, tmp_path, monkeypatch):
project = self._make_project(tmp_path)
result = self._invoke(
["integration", "catalog", "remove", "0"], project
)
assert result.exit_code == 1
assert "No catalog config" in result.output
def test_catalog_remove_final_entry_restores_defaults(
self, tmp_path, monkeypatch
):
"""End-to-end: add → remove-last-entry → list should not error.
Regression for the flow where a user adds a catalog, removes it, then
runs any follow-up integration command. Without the fix the config
file would be left as `catalogs: []` and every subsequent
`integration` call would fail with "contains no 'catalogs' entries".
"""
project = self._make_project(tmp_path)
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
add = self._invoke(
[
"integration",
"catalog",
"add",
"https://only.example.com/catalog.json",
"--name",
"only",
],
project,
)
assert add.exit_code == 0, add.output
remove = self._invoke(
["integration", "catalog", "remove", "0"], project
)
assert remove.exit_code == 0, remove.output
assert "'only' removed" in remove.output
cfg_path = project / ".specify" / "integration-catalogs.yml"
assert not cfg_path.exists(), (
"config file should be deleted when the final catalog is removed"
)
# Follow-up command must succeed and show the built-in defaults,
# not error out on "contains no 'catalogs' entries".
listing = self._invoke(["integration", "catalog", "list"], project)
assert listing.exit_code == 0, listing.output
assert "default" in listing.output
assert "community" in listing.output

View File

@@ -12,6 +12,7 @@ from specify_cli.integrations.catalog import (
IntegrationCatalogError,
IntegrationDescriptor,
IntegrationDescriptorError,
IntegrationValidationError,
)
@@ -115,8 +116,45 @@ class TestActiveCatalogs:
cfg = specify / "integration-catalogs.yml"
cfg.write_text(yaml.dump({"catalogs": []}))
cat = IntegrationCatalog(tmp_path)
with pytest.raises(IntegrationCatalogError, match="no 'catalogs' entries"):
with pytest.raises(IntegrationCatalogError, match="no 'catalogs' entries") as exc_info:
cat.get_active_catalogs()
assert str(cfg) in str(exc_info.value)
def test_empty_config_file_raises_no_catalogs(self, tmp_path, monkeypatch):
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
specify = tmp_path / ".specify"
specify.mkdir()
cfg = specify / "integration-catalogs.yml"
cfg.write_text("", encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="no 'catalogs' entries"
) as exc_info:
cat.get_active_catalogs()
assert str(cfg) in str(exc_info.value)
@pytest.mark.parametrize("config_content", ["[]\n", "false\n", "0\n", "''\n"])
def test_load_catalog_config_rejects_falsy_non_mapping_roots(
self, tmp_path, monkeypatch, config_content
):
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
specify = tmp_path / ".specify"
specify.mkdir()
cfg = specify / "integration-catalogs.yml"
cfg.write_text(config_content, encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError,
match="expected a YAML mapping at the root",
) as exc_info:
cat.get_active_catalogs()
assert str(cfg) in str(exc_info.value)
# ---------------------------------------------------------------------------
@@ -654,3 +692,838 @@ class TestIntegrationUpgrade:
os.chdir(old)
assert result.exit_code == 0
assert "Nothing to upgrade" in result.output
# ---------------------------------------------------------------------------
# IntegrationCatalog — catalog source management (get_catalog_configs / add / remove)
# ---------------------------------------------------------------------------
class TestCatalogSourceManagement:
"""Unit tests for add_catalog / remove_catalog / get_catalog_configs."""
def _isolate(self, tmp_path, monkeypatch):
"""Point HOME at tmp_path and clear the env override so we read built-ins."""
monkeypatch.setenv("HOME", str(tmp_path))
monkeypatch.setenv("USERPROFILE", str(tmp_path))
monkeypatch.delenv("SPECKIT_INTEGRATION_CATALOG_URL", raising=False)
(tmp_path / ".specify").mkdir()
def test_get_catalog_configs_returns_builtin_stack(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
configs = cat.get_catalog_configs()
assert [c["name"] for c in configs] == ["default", "community"]
assert all(isinstance(c["url"], str) and c["url"] for c in configs)
assert configs[0]["install_allowed"] is True
assert configs[1]["install_allowed"] is False
def test_add_catalog_creates_config_file(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://new.example.com/catalog.json", name="mine")
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
assert cfg_path.exists()
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert data["catalogs"] == [
{
"name": "mine",
"url": "https://new.example.com/catalog.json",
"priority": 1,
"install_allowed": True,
"description": "",
}
]
# Round-trip: active catalogs should now come from the config file.
active = cat.get_active_catalogs()
assert [e.name for e in active] == ["mine"]
def test_add_catalog_recovers_from_empty_config_file(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text("", encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://example.com/catalog.json")
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert data["catalogs"] == [
{
"name": "catalog-1",
"url": "https://example.com/catalog.json",
"priority": 1,
"install_allowed": True,
"description": "",
}
]
@pytest.mark.parametrize("config_content", ["[]\n", "false\n", "0\n", "''\n"])
def test_add_catalog_rejects_falsy_non_mapping_config_roots(
self, tmp_path, monkeypatch, config_content
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(config_content, encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError,
match="corrupted.*expected a mapping",
) as exc_info:
cat.add_catalog("https://example.com/catalog.json")
assert str(cfg_path) in str(exc_info.value)
def test_add_catalog_auto_derives_name_and_priority(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://a.example.com/catalog.json")
cat.add_catalog("https://b.example.com/catalog.json")
data = yaml.safe_load(
(tmp_path / ".specify" / "integration-catalogs.yml").read_text(encoding="utf-8")
)
entries = data["catalogs"]
assert [e["name"] for e in entries] == ["catalog-1", "catalog-2"]
assert [e["priority"] for e in entries] == [1, 2]
def test_add_catalog_normalizes_name(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://a.example.com/catalog.json", name=" mine ")
cat.add_catalog("https://b.example.com/catalog.json", name=" ")
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
entries = data["catalogs"]
assert [e["name"] for e in entries] == ["mine", "catalog-2"]
def test_add_catalog_rejects_duplicate_url(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://dup.example.com/catalog.json")
with pytest.raises(IntegrationValidationError, match="already configured"):
cat.add_catalog("https://dup.example.com/catalog.json")
def test_add_catalog_rejects_invalid_url(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(IntegrationCatalogError, match="HTTPS"):
cat.add_catalog("http://insecure.example.com/catalog.json")
assert not (tmp_path / ".specify" / "integration-catalogs.yml").exists()
def test_add_catalog_rejects_empty_url(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(IntegrationValidationError, match="must be non-empty"):
cat.add_catalog(" ")
assert not (tmp_path / ".specify" / "integration-catalogs.yml").exists()
def test_remove_catalog_without_config_errors(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(IntegrationValidationError, match="No catalog config"):
cat.remove_catalog(0)
def test_remove_catalog_happy_path(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://a.example.com/catalog.json", name="a")
cat.add_catalog("https://b.example.com/catalog.json", name="b")
removed = cat.remove_catalog(0)
assert removed == "a"
data = yaml.safe_load(
(tmp_path / ".specify" / "integration-catalogs.yml").read_text(encoding="utf-8")
)
assert [e["name"] for e in data["catalogs"]] == ["b"]
def test_remove_catalog_index_out_of_range(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://a.example.com/catalog.json", name="a")
with pytest.raises(IntegrationValidationError, match="out of range"):
cat.remove_catalog(5)
with pytest.raises(IntegrationValidationError, match="out of range"):
cat.remove_catalog(-1)
def test_corrupt_config_rejected_on_add(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text("- just\n- a\n- list\n", encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(IntegrationValidationError, match="corrupted") as exc_info:
cat.add_catalog("https://new.example.com/catalog.json")
assert str(cfg_path) in str(exc_info.value)
def test_add_catalog_rejects_non_list_catalogs_with_config_path(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump({"catalogs": "not-a-list"}), encoding="utf-8"
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="invalid 'catalogs' value"
) as exc_info:
cat.add_catalog("https://new.example.com/catalog.json")
assert str(cfg_path) in str(exc_info.value)
def test_add_catalog_rejects_non_mapping_entry_with_config_path(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump({"catalogs": ["not-a-mapping"]}), encoding="utf-8"
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="Invalid catalog entry at index 0"
) as exc_info:
cat.add_catalog("https://new.example.com/catalog.json")
message = str(exc_info.value)
assert str(cfg_path) in message
assert "expected a mapping" in message
def test_add_catalog_skips_blank_url_entries(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": " ", "name": "blank", "priority": 99},
{
"url": "https://a.example.com/catalog.json",
"name": "a",
"priority": 5,
},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://b.example.com/catalog.json", name="b")
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert data["catalogs"][-1]["name"] == "b"
assert data["catalogs"][-1]["priority"] == 6
def test_add_catalog_default_name_ignores_blank_url_entries(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump({"catalogs": [{"url": " ", "name": "blank"}]}),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://example.com/catalog.json")
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert data["catalogs"][-1]["name"] == "catalog-1"
def test_add_catalog_rejects_non_integer_priority(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": "https://a.example.com/catalog.json",
"name": "a",
"priority": "first",
}
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError,
match="'priority' must be an integer, got 'first'",
):
cat.add_catalog("https://b.example.com/catalog.json")
def test_add_catalog_accepts_numeric_string_priority(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": "https://a.example.com/catalog.json",
"name": "a",
"priority": "10",
}
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://b.example.com/catalog.json", name="b")
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert data["catalogs"][-1]["name"] == "b"
assert data["catalogs"][-1]["priority"] == 11
@pytest.mark.parametrize(
("bad_url", "reason"),
[
("http://insecure.example.com/catalog.json", "HTTPS"),
(123, "HTTPS"),
],
)
def test_add_catalog_rejects_existing_entry_with_bad_url(
self, tmp_path, monkeypatch, bad_url, reason
):
"""A sibling entry with an http:// URL should block a new add."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": bad_url,
"name": "bad",
}
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(IntegrationValidationError) as exc_info:
cat.add_catalog("https://good.example.com/catalog.json")
message = str(exc_info.value)
assert str(cfg_path) in message
assert "index 0" in message
assert reason in message
def test_add_catalog_wraps_yaml_parse_errors(self, tmp_path, monkeypatch):
"""Invalid YAML on disk surfaces as IntegrationValidationError, not a raw YAMLError."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
invalid_yaml = "catalogs:\n - url: 'https://a.example.com/cat.json'\n - [bad\n"
cfg_path.write_text(invalid_yaml, encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="Failed to read catalog config"
):
cat.add_catalog("https://b.example.com/catalog.json")
def test_remove_catalog_wraps_yaml_parse_errors(self, tmp_path, monkeypatch):
"""Invalid YAML on disk surfaces as IntegrationValidationError from remove_catalog too."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
invalid_yaml = "catalogs:\n - url: 'https://a.example.com/cat.json'\n - [bad\n"
cfg_path.write_text(invalid_yaml, encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="Failed to read catalog config"
):
cat.remove_catalog(0)
def test_add_catalog_defaults_missing_priority_to_index_plus_one(
self, tmp_path, monkeypatch
):
"""Existing entries without `priority` should be treated as idx + 1.
Matches the rule in `_load_catalog_config()`: a valid catalog entry
without an explicit `priority` sorts at `idx + 1`, so the new entry
should get `max(...) + 1` from those derived values.
"""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
# No explicit priority → should be treated as 1
{"url": "https://a.example.com/cat.json", "name": "a"},
# No explicit priority → should be treated as 2
{"url": "https://b.example.com/cat.json", "name": "b"},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://c.example.com/cat.json", name="c")
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
new_entry = data["catalogs"][-1]
assert new_entry["name"] == "c"
# max(implicit [1, 2]) + 1 == 3
assert new_entry["priority"] == 3
def test_add_catalog_strips_whitespace_in_url(self, tmp_path, monkeypatch):
"""Whitespace around the incoming URL should be normalized before write."""
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog(" https://a.example.com/catalog.json\n", name="a")
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert data["catalogs"][0]["url"] == "https://a.example.com/catalog.json"
def test_add_catalog_rejects_whitespace_only_duplicate(self, tmp_path, monkeypatch):
"""A second add with only whitespace differences must be rejected as a duplicate."""
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://a.example.com/catalog.json", name="a")
with pytest.raises(IntegrationValidationError, match="already configured"):
cat.add_catalog(" https://a.example.com/catalog.json ")
def test_remove_catalog_wraps_unlink_oserror(self, tmp_path, monkeypatch):
"""An OSError from `Path.unlink` surfaces as IntegrationValidationError."""
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://only.example.com/catalog.json", name="only")
from pathlib import Path as _Path
def boom(self, *args, **kwargs):
raise OSError("simulated unlink failure")
monkeypatch.setattr(_Path, "unlink", boom)
with pytest.raises(
IntegrationValidationError, match="Failed to delete catalog config"
):
cat.remove_catalog(0)
def test_remove_catalog_ignores_missing_final_config_during_unlink(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://only.example.com/catalog.json", name="only")
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
from pathlib import Path as _Path
original_unlink = _Path.unlink
def delete_first_then_unlink(self, *args, **kwargs):
if self == cfg_path and self.exists():
original_unlink(self)
return original_unlink(self, *args, **kwargs)
monkeypatch.setattr(_Path, "unlink", delete_first_then_unlink)
assert cat.remove_catalog(0) == "only"
assert not cfg_path.exists()
def test_remove_catalog_empty_list_gives_clear_error(self, tmp_path, monkeypatch):
"""Hand-edited empty `catalogs:` produces a clear error, not '0--1'."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(yaml.dump({"catalogs": []}), encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="contains no catalog entries"
):
cat.remove_catalog(0)
def test_remove_catalog_empty_config_file_gives_clear_error(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text("", encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="contains no catalog entries"
):
cat.remove_catalog(0)
def test_remove_catalog_rejects_non_list_catalogs_with_config_path(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump({"catalogs": "not-a-list"}), encoding="utf-8"
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="invalid 'catalogs' value"
) as exc_info:
cat.remove_catalog(0)
assert str(cfg_path) in str(exc_info.value)
@pytest.mark.parametrize("config_content", ["[]\n", "false\n", "0\n", "''\n"])
def test_remove_catalog_rejects_falsy_non_mapping_config_roots(
self, tmp_path, monkeypatch, config_content
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(config_content, encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError,
match="corrupted.*expected a mapping",
) as exc_info:
cat.remove_catalog(0)
assert str(cfg_path) in str(exc_info.value)
def test_remove_last_catalog_deletes_file_and_restores_defaults(
self, tmp_path, monkeypatch
):
"""Removing the final catalog must not leave behind `catalogs: []`.
`_load_catalog_config` treats an empty `catalogs` list as an error,
so writing that file would break every subsequent `integration`
command. Removing the last entry should delete the config file so the
project falls back to built-in defaults.
"""
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cat.add_catalog("https://only.example.com/catalog.json", name="only")
assert cfg_path.exists()
assert [e.name for e in cat.get_active_catalogs()] == ["only"]
removed = cat.remove_catalog(0)
assert removed == "only"
assert not cfg_path.exists(), (
"remove_catalog should delete the config file when emptying it"
)
# Follow-up loads fall back to built-in defaults, not an error.
active = cat.get_active_catalogs()
assert [e.name for e in active] == ["default", "community"]
def test_load_catalog_config_raises_validation_error_for_invalid_yaml(
self, tmp_path, monkeypatch
):
"""Local-config problems must surface as IntegrationValidationError so
CLI handlers can route them to local-config (not network) guidance."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
invalid_yaml = "catalogs:\n - [bad\n"
cfg_path.write_text(invalid_yaml, encoding="utf-8")
cat = IntegrationCatalog(tmp_path)
# Subclass match: IntegrationValidationError (specifically), not the
# bare IntegrationCatalogError parent that callers used previously.
with pytest.raises(IntegrationValidationError, match="Failed to read catalog config"):
cat.get_active_catalogs()
def test_load_catalog_config_rejects_boolean_priority(self, tmp_path, monkeypatch):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": "https://a.example.com/catalog.json",
"name": "a",
"priority": True,
}
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError, match="Invalid priority|expected integer"
) as exc_info:
cat.get_active_catalogs()
assert str(cfg_path) in str(exc_info.value)
@pytest.mark.parametrize("raw_name", [None, " "])
def test_load_catalog_config_defaults_blank_names(
self, tmp_path, monkeypatch, raw_name
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{
"url": " ",
"name": "skipped",
},
{
"url": "https://example.com/catalog.json",
"name": raw_name,
}
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
assert [entry.name for entry in cat.get_active_catalogs()] == ["catalog-1"]
@pytest.mark.parametrize(
("raw_name", "expected"),
[
(None, "https://one.example.com/c.json"),
(" ", "https://one.example.com/c.json"),
(123, "123"),
],
)
def test_remove_catalog_normalizes_removed_display_name(
self, tmp_path, monkeypatch, raw_name, expected
):
self._isolate(tmp_path, monkeypatch)
cat = IntegrationCatalog(tmp_path)
cat.add_catalog("https://one.example.com/c.json", name="one")
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
data["catalogs"][0]["name"] = raw_name
cfg_path.write_text(yaml.dump(data), encoding="utf-8")
assert cat.remove_catalog(0) == expected
def test_remove_catalog_uses_display_order_with_explicit_priorities(
self, tmp_path, monkeypatch
):
"""`remove_catalog(index)` must remove the entry shown at that index by
`catalog list`, not the entry at that raw YAML position."""
self._isolate(tmp_path, monkeypatch)
# YAML order: alpha (priority=20), beta (priority=10), gamma (priority=15).
# Display (sorted by priority asc): beta (10), gamma (15), alpha (20).
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": "https://alpha.example.com/c.json", "name": "alpha", "priority": 20},
{"url": "https://beta.example.com/c.json", "name": "beta", "priority": 10},
{"url": "https://gamma.example.com/c.json", "name": "gamma", "priority": 15},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
# Display index 0 = beta (lowest priority), not alpha (raw YAML idx 0).
removed = cat.remove_catalog(0)
assert removed == "beta"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
remaining_names = [c["name"] for c in data["catalogs"]]
# YAML order is preserved for the survivors; only beta is gone.
assert remaining_names == ["alpha", "gamma"]
def test_remove_catalog_display_order_with_missing_priorities(
self, tmp_path, monkeypatch
):
"""Entries without `priority` default to `idx + 1` (matching
`_load_catalog_config`), so display order tracks YAML order and the
first display entry is the first YAML entry."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": "https://one.example.com/c.json", "name": "one"},
{"url": "https://two.example.com/c.json", "name": "two"},
{"url": "https://three.example.com/c.json", "name": "three"},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
# Implicit priorities: one=1, two=2, three=3 → display order matches YAML.
removed = cat.remove_catalog(0)
assert removed == "one"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert [c["name"] for c in data["catalogs"]] == ["two", "three"]
def test_remove_catalog_bool_priority_falls_back_to_yaml_index(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": "https://one.example.com/c.json", "name": "one"},
{
"url": "https://bool.example.com/c.json",
"name": "bool",
"priority": False,
},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
removed = cat.remove_catalog(0)
assert removed == "one"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert [c["name"] for c in data["catalogs"]] == ["bool"]
def test_remove_catalog_display_order_skips_blank_url_entries(
self, tmp_path, monkeypatch
):
"""Blank-url entries are not shown by catalog list, so remove skips them too."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": " ", "name": "blank", "priority": 0},
{"url": "https://one.example.com/c.json", "name": "one"},
{"url": "https://two.example.com/c.json", "name": "two"},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
removed = cat.remove_catalog(0)
assert removed == "one"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert [c["name"] for c in data["catalogs"]] == ["blank", "two"]
def test_remove_catalog_deletes_file_when_only_skipped_entries_remain(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": " ", "name": "blank", "priority": 0},
{"url": "https://one.example.com/c.json", "name": "one"},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
removed = cat.remove_catalog(0)
assert removed == "one"
assert not cfg_path.exists()
active = cat.get_active_catalogs()
assert [e.name for e in active] == ["default", "community"]
def test_remove_catalog_allows_numeric_url_entry_cleanup(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump({"catalogs": [{"name": "numeric-url", "url": 123}]}),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
removed = cat.remove_catalog(0)
assert removed == "numeric-url"
assert not cfg_path.exists()
def test_remove_catalog_errors_when_no_entries_are_removable(
self, tmp_path, monkeypatch
):
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": "", "name": "empty"},
{"name": "missing"},
"not-a-mapping",
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
with pytest.raises(
IntegrationValidationError,
match="no removable catalog entries",
):
cat.remove_catalog(0)
def test_remove_catalog_display_order_mixes_explicit_and_default(
self, tmp_path, monkeypatch
):
"""An explicit low priority should sort ahead of default-priority
siblings, even if it appears later in the YAML."""
self._isolate(tmp_path, monkeypatch)
cfg_path = tmp_path / ".specify" / "integration-catalogs.yml"
cfg_path.parent.mkdir(parents=True, exist_ok=True)
# Defaults: a=1, b=2 (implicit). Explicit c=0 → display: c, a, b.
# The blank name should fall back to the removed URL, not raw YAML idx.
cfg_path.write_text(
yaml.dump(
{
"catalogs": [
{"url": "https://a.example.com/c.json", "name": "a"},
{"url": "https://b.example.com/c.json", "name": "b"},
{
"url": "https://c.example.com/c.json",
"name": " ",
"priority": 0,
},
]
}
),
encoding="utf-8",
)
cat = IntegrationCatalog(tmp_path)
removed = cat.remove_catalog(0)
assert removed == "https://c.example.com/c.json"
data = yaml.safe_load(cfg_path.read_text(encoding="utf-8"))
assert [c["name"] for c in data["catalogs"]] == ["a", "b"]

View File

@@ -0,0 +1,75 @@
"""Tests for DevinIntegration."""
from .test_integration_base_skills import SkillsIntegrationTests
class TestDevinIntegration(SkillsIntegrationTests):
KEY = "devin"
FOLDER = ".devin/"
COMMANDS_SUBDIR = "skills"
REGISTRAR_DIR = ".devin/skills"
CONTEXT_FILE = "AGENTS.md"
class TestDevinBuildExecArgs:
"""Regression tests for DevinIntegration.build_exec_args.
Devin's CLI has no --output-format flag, so build_exec_args must
omit it regardless of the output_json argument. The integration
must also remain dispatchable (must not return None, which is the
codebase's IDE-only sentinel checked by CommandStep).
"""
def test_returns_args_not_none_for_dispatch(self):
"""Devin is CLI-dispatchable; build_exec_args must not return None."""
from specify_cli.integrations.devin import DevinIntegration
impl = DevinIntegration()
args = impl.build_exec_args("test prompt")
assert args is not None, (
"DevinIntegration.build_exec_args must not return None. "
"None is the codebase sentinel for IDE-only integrations "
"(see WindsurfIntegration); Devin is dispatchable via 'devin -p'."
)
assert args[:3] == ["devin", "-p", "test prompt"]
def test_output_json_does_not_emit_output_format_flag(self):
"""Devin has no --output-format flag; output_json=True must not add it."""
from specify_cli.integrations.devin import DevinIntegration
impl = DevinIntegration()
args_json = impl.build_exec_args("hello", output_json=True)
args_text = impl.build_exec_args("hello", output_json=False)
assert "--output-format" not in args_json
assert "json" not in args_json[3:]
# The two should be identical: output_json is documented as having
# no effect on the command line for Devin (plain-text stdout).
assert args_json == args_text
def test_model_flag_passed_through(self):
"""--model is supported and should appear when provided."""
from specify_cli.integrations.devin import DevinIntegration
impl = DevinIntegration()
args = impl.build_exec_args("hi", model="claude-sonnet-4")
assert args == ["devin", "-p", "hi", "--model", "claude-sonnet-4"]
class TestDevinAutoPromote:
"""--ai devin auto-promotes to integration path."""
def test_ai_devin_without_ai_skills_auto_promotes(self, tmp_path):
"""--ai devin should work the same as --integration devin."""
from typer.testing import CliRunner
from specify_cli import app
runner = CliRunner()
target = tmp_path / "test-proj"
result = runner.invoke(
app,
["init", str(target), "--ai", "devin", "--no-git", "--ignore-agent-tools", "--script", "sh"],
)
assert result.exit_code == 0, f"init --ai devin failed: {result.output}"
assert (target / ".devin" / "skills" / "speckit-plan" / "SKILL.md").exists()

View File

@@ -1,5 +1,7 @@
"""Tests for OpencodeIntegration."""
from specify_cli.integrations import get_integration
from .test_integration_base_markdown import MarkdownIntegrationTests
@@ -9,3 +11,49 @@ class TestOpencodeIntegration(MarkdownIntegrationTests):
COMMANDS_SUBDIR = "command"
REGISTRAR_DIR = ".opencode/command"
CONTEXT_FILE = "AGENTS.md"
def test_build_exec_args_uses_run_command_dispatch(self):
integration = get_integration(self.KEY)
args = integration.build_exec_args(
"/speckit.specify build a login page",
output_json=False,
)
assert args == [
"opencode",
"run",
"--command",
"speckit.specify",
"build a login page",
]
assert "-p" not in args
assert "--output-format" not in args
def test_build_exec_args_maps_model_and_json_flags(self):
integration = get_integration(self.KEY)
args = integration.build_exec_args(
"/speckit.plan add OAuth",
model="anthropic/claude-sonnet-4",
output_json=True,
)
assert args == [
"opencode",
"run",
"--command",
"speckit.plan",
"-m",
"anthropic/claude-sonnet-4",
"--format",
"json",
"add OAuth",
]
def test_build_exec_args_keeps_plain_prompt_dispatch(self):
integration = get_integration(self.KEY)
args = integration.build_exec_args("explain this repository", output_json=False)
assert args == ["opencode", "run", "explain this repository"]

View File

@@ -31,6 +31,16 @@ def _init_project(tmp_path, integration="copilot"):
return project
def _run_in_project(project, args):
"""Run a CLI command from inside a generated project."""
old_cwd = os.getcwd()
try:
os.chdir(project)
return runner.invoke(app, args, catch_exceptions=False)
finally:
os.chdir(old_cwd)
# ── list ─────────────────────────────────────────────────────────────
@@ -334,6 +344,142 @@ class TestIntegrationSwitch:
data = json.loads((project / ".specify" / "integration.json").read_text(encoding="utf-8"))
assert data["integration"] == "copilot"
def test_switch_migrates_extension_commands(self, tmp_path):
"""Switching should migrate extension commands to the new agent directory."""
project = _init_project(tmp_path, "kimi")
# Install the bundled git extension
result = _run_in_project(project, ["extension", "add", "git"])
assert result.exit_code == 0, f"extension add failed: {result.output}"
# Verify git extension skills exist for kimi
kimi_git_feature = project / ".kimi" / "skills" / "speckit-git-feature" / "SKILL.md"
assert kimi_git_feature.exists(), "Git extension skill should exist for kimi"
result = _run_in_project(project, [
"integration", "switch", "opencode",
"--script", "sh",
])
assert result.exit_code == 0, result.output
# Git extension commands should exist for opencode
opencode_git_feature = project / ".opencode" / "command" / "speckit.git.feature.md"
assert opencode_git_feature.exists(), "Git extension command should exist for opencode"
# Old kimi extension skills should be removed
assert not kimi_git_feature.exists(), "Old kimi extension skill should be removed"
# Extension registry should be updated
registry = json.loads(
(project / ".specify" / "extensions" / ".registry").read_text(encoding="utf-8")
)
registered_commands = registry["extensions"]["git"]["registered_commands"]
assert "opencode" in registered_commands
assert "kimi" not in registered_commands
# Switch to claude
result = _run_in_project(project, [
"integration", "switch", "claude",
"--script", "sh",
])
assert result.exit_code == 0, result.output
# Git extension skills should exist for claude
claude_git_feature = project / ".claude" / "skills" / "speckit-git-feature" / "SKILL.md"
assert claude_git_feature.exists(), "Git extension skill should exist for claude"
# Old opencode extension commands should be removed
assert not opencode_git_feature.exists(), "Old opencode extension command should be removed"
# Extension registry should be updated
registry = json.loads(
(project / ".specify" / "extensions" / ".registry").read_text(encoding="utf-8")
)
registered_commands = registry["extensions"]["git"]["registered_commands"]
assert "claude" in registered_commands
assert "opencode" not in registered_commands
def test_switch_migrates_copilot_skills_extension_commands(self, tmp_path):
"""Copilot --skills should receive extension skills, not .agent.md files."""
project = _init_project(tmp_path, "opencode")
result = _run_in_project(project, ["extension", "add", "git"])
assert result.exit_code == 0, f"extension add failed: {result.output}"
result = _run_in_project(project, [
"integration", "switch", "copilot",
"--script", "sh",
"--integration-options", "--skills",
])
assert result.exit_code == 0, result.output
copilot_git_feature = project / ".github" / "skills" / "speckit-git-feature" / "SKILL.md"
copilot_agent_file = project / ".github" / "agents" / "speckit.git.feature.agent.md"
assert copilot_git_feature.exists(), "Git extension skill should exist for Copilot skills mode"
assert not copilot_agent_file.exists(), "Copilot skills mode should not create extension .agent.md files"
# Verify Copilot-specific frontmatter: mode field should map from
# skill name (speckit-git-feature) back to dot notation (speckit.git-feature)
skill_content = copilot_git_feature.read_text(encoding="utf-8")
assert "mode: speckit.git-feature" in skill_content, (
"Copilot skill frontmatter should contain mode mapped from skill name"
)
registry = json.loads(
(project / ".specify" / "extensions" / ".registry").read_text(encoding="utf-8")
)
git_meta = registry["extensions"]["git"]
assert "speckit-git-feature" in git_meta["registered_skills"]
assert "copilot" not in git_meta["registered_commands"]
result = _run_in_project(project, [
"integration", "switch", "opencode",
"--script", "sh",
])
assert result.exit_code == 0, result.output
opencode_git_feature = project / ".opencode" / "command" / "speckit.git.feature.md"
assert opencode_git_feature.exists(), "Git extension command should exist for opencode"
assert not copilot_git_feature.exists(), "Old Copilot extension skill should be removed"
registry = json.loads(
(project / ".specify" / "extensions" / ".registry").read_text(encoding="utf-8")
)
git_meta = registry["extensions"]["git"]
assert git_meta["registered_skills"] == []
assert "opencode" in git_meta["registered_commands"]
assert "copilot" not in git_meta["registered_commands"]
def test_switch_does_not_register_disabled_extensions(self, tmp_path):
"""Disabled extensions should stay disabled and should not migrate commands."""
project = _init_project(tmp_path, "opencode")
result = _run_in_project(project, ["extension", "add", "git"])
assert result.exit_code == 0, f"extension add failed: {result.output}"
result = _run_in_project(project, ["extension", "disable", "git"])
assert result.exit_code == 0, result.output
opencode_git_feature = project / ".opencode" / "command" / "speckit.git.feature.md"
assert opencode_git_feature.exists(), "Disabled extension command remains until integration switch"
result = _run_in_project(project, [
"integration", "switch", "claude",
"--script", "sh",
])
assert result.exit_code == 0, result.output
claude_git_feature = project / ".claude" / "skills" / "speckit-git-feature" / "SKILL.md"
assert not claude_git_feature.exists(), "Disabled extension should not be registered for new agent"
assert not opencode_git_feature.exists(), "Old disabled extension command should be removed on switch"
registry = json.loads(
(project / ".specify" / "extensions" / ".registry").read_text(encoding="utf-8")
)
git_meta = registry["extensions"]["git"]
assert git_meta["enabled"] is False
assert "claude" not in git_meta["registered_commands"]
assert "opencode" not in git_meta["registered_commands"]
def test_switch_preserves_shared_infra(self, tmp_path):
"""Switching preserves shared scripts, templates, and memory."""
project = _init_project(tmp_path, "claude")

View File

@@ -225,6 +225,35 @@ class TestExtensionManifest:
with pytest.raises(ValidationError, match="YAML mapping"):
ExtensionManifest(manifest_path)
def test_utf8_non_ascii_description_loads(self, temp_dir, valid_manifest_data):
"""Regression for #2325: non-ASCII (UTF-8) description loads on any platform.
On Windows, Python's default text-mode encoding is the locale codepage
(e.g. cp1252/GBK), which raises UnicodeDecodeError on UTF-8 bytes
outside the ASCII range. The loader must open with encoding='utf-8'.
"""
import yaml
valid_manifest_data["extension"]["description"] = "中文测试 — émojis 🚀"
manifest_path = temp_dir / "extension.yml"
# Write UTF-8 bytes explicitly so the test exercises the read path,
# not the (locale-dependent) write path.
manifest_path.write_bytes(
yaml.safe_dump(valid_manifest_data, allow_unicode=True).encode("utf-8")
)
manifest = ExtensionManifest(manifest_path)
assert manifest.description == "中文测试 — émojis 🚀"
def test_invalid_utf8_bytes_raises_validation_error(self, temp_dir):
"""Negative case: file containing invalid UTF-8 bytes raises ValidationError, not raw UnicodeDecodeError."""
manifest_path = temp_dir / "extension.yml"
# 0xFF/0xFE are not valid UTF-8 lead bytes.
manifest_path.write_bytes(b"\xff\xfe not valid utf-8 \xff\n")
with pytest.raises(ValidationError, match="not valid UTF-8"):
ExtensionManifest(manifest_path)
def test_invalid_extension_id(self, temp_dir, valid_manifest_data):
"""Test manifest with invalid extension ID format."""
import yaml
@@ -2416,6 +2445,215 @@ class TestExtensionCatalog:
assert not catalog.cache_file.exists()
assert not catalog.cache_metadata_file.exists()
# --- _make_request / GitHub auth ---
def _make_catalog(self, temp_dir):
project_dir = temp_dir / "project"
project_dir.mkdir()
(project_dir / ".specify").mkdir()
return ExtensionCatalog(project_dir)
def test_make_request_no_token_no_auth_header(self, temp_dir, monkeypatch):
"""Without a token, requests carry no Authorization header."""
monkeypatch.delenv("GITHUB_TOKEN", raising=False)
monkeypatch.delenv("GH_TOKEN", raising=False)
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert "Authorization" not in req.headers
def test_make_request_whitespace_only_github_token_ignored(self, temp_dir, monkeypatch):
"""A whitespace-only GITHUB_TOKEN is treated as unset."""
monkeypatch.setenv("GITHUB_TOKEN", " ")
monkeypatch.delenv("GH_TOKEN", raising=False)
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert "Authorization" not in req.headers
def test_make_request_whitespace_github_token_falls_back_to_gh_token(self, temp_dir, monkeypatch):
"""When GITHUB_TOKEN is whitespace-only, GH_TOKEN is used as fallback."""
monkeypatch.setenv("GITHUB_TOKEN", " ")
monkeypatch.setenv("GH_TOKEN", "ghp_fallback")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert req.get_header("Authorization") == "Bearer ghp_fallback"
def test_make_request_github_token_added_for_raw_githubusercontent(self, temp_dir, monkeypatch):
"""GITHUB_TOKEN is attached for raw.githubusercontent.com URLs."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
monkeypatch.delenv("GH_TOKEN", raising=False)
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert req.get_header("Authorization") == "Bearer ghp_testtoken"
def test_make_request_gh_token_fallback(self, temp_dir, monkeypatch):
"""GH_TOKEN is used when GITHUB_TOKEN is absent."""
monkeypatch.delenv("GITHUB_TOKEN", raising=False)
monkeypatch.setenv("GH_TOKEN", "ghp_ghtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://github.com/org/repo/releases/download/v1/ext.zip")
assert req.get_header("Authorization") == "Bearer ghp_ghtoken"
def test_make_request_github_token_takes_precedence_over_gh_token(self, temp_dir, monkeypatch):
"""GITHUB_TOKEN takes precedence over GH_TOKEN when both are set."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_primary")
monkeypatch.setenv("GH_TOKEN", "ghp_secondary")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://api.github.com/repos/org/repo")
assert req.get_header("Authorization") == "Bearer ghp_primary"
def test_make_request_token_not_added_for_non_github_url(self, temp_dir, monkeypatch):
"""Auth header is never attached to non-GitHub URLs to prevent credential leakage."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://internal.example.com/catalog.json")
assert "Authorization" not in req.headers
def test_make_request_token_not_added_for_github_lookalike_host(self, temp_dir, monkeypatch):
"""Auth header is not attached to hosts that include github.com as a suffix."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://github.com.evil.com/org/repo/releases/download/v1/ext.zip")
assert "Authorization" not in req.headers
def test_make_request_token_not_added_for_github_in_path(self, temp_dir, monkeypatch):
"""Auth header is not attached when github.com appears only in the URL path."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://evil.example.com/github.com/org/repo/releases/download/v1/ext.zip")
assert "Authorization" not in req.headers
def test_make_request_token_not_added_for_github_in_query(self, temp_dir, monkeypatch):
"""Auth header is not attached when github.com appears only in the query string."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://evil.example.com/download?source=https://github.com/org/repo/v1/ext.zip")
assert "Authorization" not in req.headers
def test_make_request_token_added_for_api_github_com(self, temp_dir, monkeypatch):
"""GITHUB_TOKEN is attached for api.github.com URLs."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://api.github.com/repos/org/repo/releases/assets/1")
assert req.get_header("Authorization") == "Bearer ghp_testtoken"
def test_make_request_token_added_for_codeload_github_com(self, temp_dir, monkeypatch):
"""GITHUB_TOKEN is attached for codeload.github.com URLs (GitHub archive redirects)."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
req = catalog._make_request("https://codeload.github.com/org/repo/zip/refs/tags/v1.0.0")
assert req.get_header("Authorization") == "Bearer ghp_testtoken"
def test_redirect_preserves_auth_for_github_to_codeload(self):
"""Auth header is preserved when GitHub redirects to codeload.github.com."""
from specify_cli._github_http import _StripAuthOnRedirect
from urllib.request import Request
import io
handler = _StripAuthOnRedirect()
original_url = "https://github.com/org/repo/archive/refs/tags/v1.zip"
redirect_url = "https://codeload.github.com/org/repo/zip/refs/tags/v1"
req = Request(original_url, headers={"Authorization": "Bearer ghp_test"})
fp = io.BytesIO(b"")
new_req = handler.redirect_request(req, fp, 302, "Found", {}, redirect_url)
assert new_req is not None
auth = new_req.get_header("Authorization") or new_req.unredirected_hdrs.get("Authorization")
assert auth == "Bearer ghp_test"
def test_redirect_strips_auth_for_github_to_external(self):
"""Auth header is stripped when GitHub redirects to a non-GitHub host."""
from specify_cli._github_http import _StripAuthOnRedirect
from urllib.request import Request
import io
handler = _StripAuthOnRedirect()
original_url = "https://github.com/org/repo/releases/download/v1/asset.zip"
redirect_url = "https://objects.githubusercontent.com/github-production-release-asset/12345"
req = Request(original_url, headers={"Authorization": "Bearer ghp_test"})
fp = io.BytesIO(b"")
new_req = handler.redirect_request(req, fp, 302, "Found", {}, redirect_url)
assert new_req is not None
auth_header = new_req.headers.get("Authorization")
auth_unredirected = new_req.unredirected_hdrs.get("Authorization")
assert auth_header is None
assert auth_unredirected is None
def test_fetch_single_catalog_sends_auth_header(self, temp_dir, monkeypatch):
"""_fetch_single_catalog passes Authorization header via opener for GitHub URLs."""
from unittest.mock import patch, MagicMock
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
catalog_data = {"schema_version": "1.0", "extensions": {}}
mock_response = MagicMock()
mock_response.read.return_value = json.dumps(catalog_data).encode()
mock_response.__enter__ = lambda s: s
mock_response.__exit__ = MagicMock(return_value=False)
captured = {}
mock_opener = MagicMock()
def fake_open(req, timeout=None):
captured["req"] = req
return mock_response
mock_opener.open.side_effect = fake_open
entry = CatalogEntry(
url="https://raw.githubusercontent.com/org/repo/main/catalog.json",
name="private",
priority=1,
install_allowed=True,
)
with patch("urllib.request.build_opener", return_value=mock_opener):
catalog._fetch_single_catalog(entry, force_refresh=True)
assert captured["req"].get_header("Authorization") == "Bearer ghp_testtoken"
def test_download_extension_sends_auth_header(self, temp_dir, monkeypatch):
"""download_extension passes Authorization header via opener for GitHub URLs."""
from unittest.mock import patch, MagicMock
import zipfile, io
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = self._make_catalog(temp_dir)
# Build a minimal valid ZIP in memory
zip_buf = io.BytesIO()
with zipfile.ZipFile(zip_buf, "w") as zf:
zf.writestr("extension.yml", "id: test-ext\nname: Test\nversion: 1.0.0\n")
zip_bytes = zip_buf.getvalue()
mock_response = MagicMock()
mock_response.read.return_value = zip_bytes
mock_response.__enter__ = lambda s: s
mock_response.__exit__ = MagicMock(return_value=False)
captured = {}
mock_opener = MagicMock()
def fake_open(req, timeout=None):
captured["req"] = req
return mock_response
mock_opener.open.side_effect = fake_open
ext_info = {
"id": "test-ext",
"name": "Test Extension",
"version": "1.0.0",
"download_url": "https://github.com/org/repo/releases/download/v1/test-ext.zip",
}
with patch.object(catalog, "get_extension_info", return_value=ext_info), \
patch("urllib.request.build_opener", return_value=mock_opener):
catalog.download_extension("test-ext", target_dir=temp_dir)
assert captured["req"].get_header("Authorization") == "Bearer ghp_testtoken"
# ===== CatalogEntry Tests =====

View File

@@ -160,6 +160,38 @@ class TestPresetManifest:
with pytest.raises(PresetValidationError, match="Invalid YAML"):
PresetManifest(bad_file)
def test_utf8_non_ascii_description_loads(self, temp_dir, valid_pack_data):
"""Regression for #2325: non-ASCII (UTF-8) description loads on any platform.
On Windows, Python's default text-mode encoding is the locale codepage
(e.g. cp1252/GBK), which raises UnicodeDecodeError on UTF-8 bytes
outside the ASCII range. The loader must open with encoding='utf-8'.
"""
valid_pack_data["preset"]["description"] = "中文测试 — émojis 🚀"
manifest_path = temp_dir / "preset.yml"
manifest_path.write_bytes(
yaml.safe_dump(valid_pack_data, allow_unicode=True).encode("utf-8")
)
manifest = PresetManifest(manifest_path)
assert manifest.description == "中文测试 — émojis 🚀"
def test_invalid_utf8_bytes_raises_validation_error(self, temp_dir):
"""Negative case: file containing invalid UTF-8 bytes raises PresetValidationError, not raw UnicodeDecodeError."""
manifest_path = temp_dir / "preset.yml"
manifest_path.write_bytes(b"\xff\xfe not valid utf-8 \xff\n")
with pytest.raises(PresetValidationError, match="not valid UTF-8"):
PresetManifest(manifest_path)
def test_non_mapping_yaml_raises_validation_error(self, temp_dir):
"""Manifest whose YAML root is a scalar or list raises PresetValidationError, not TypeError."""
manifest_path = temp_dir / "preset.yml"
for bad_content in ("42\n", "[1, 2]\n"):
manifest_path.write_text(bad_content, encoding="utf-8")
with pytest.raises(PresetValidationError, match="YAML mapping"):
PresetManifest(manifest_path)
def test_missing_schema_version(self, temp_dir, valid_pack_data):
"""Test missing schema_version field."""
del valid_pack_data["schema_version"]
@@ -1363,6 +1395,166 @@ class TestPresetCatalog:
catalog = PresetCatalog(project_dir)
assert catalog.get_catalog_url() == "https://custom.example.com/catalog.json"
# --- _make_request / GitHub auth ---
def test_make_request_no_token_no_auth_header(self, project_dir, monkeypatch):
"""Without a token, requests carry no Authorization header."""
monkeypatch.delenv("GITHUB_TOKEN", raising=False)
monkeypatch.delenv("GH_TOKEN", raising=False)
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert "Authorization" not in req.headers
def test_make_request_whitespace_only_github_token_ignored(self, project_dir, monkeypatch):
"""A whitespace-only GITHUB_TOKEN is treated as unset."""
monkeypatch.setenv("GITHUB_TOKEN", " ")
monkeypatch.delenv("GH_TOKEN", raising=False)
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert "Authorization" not in req.headers
def test_make_request_whitespace_github_token_falls_back_to_gh_token(self, project_dir, monkeypatch):
"""When GITHUB_TOKEN is whitespace-only, GH_TOKEN is used as fallback."""
monkeypatch.setenv("GITHUB_TOKEN", " ")
monkeypatch.setenv("GH_TOKEN", "ghp_fallback")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert req.get_header("Authorization") == "Bearer ghp_fallback"
def test_make_request_github_token_added_for_github_url(self, project_dir, monkeypatch):
"""GITHUB_TOKEN is attached for raw.githubusercontent.com URLs."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
monkeypatch.delenv("GH_TOKEN", raising=False)
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://raw.githubusercontent.com/org/repo/main/catalog.json")
assert req.get_header("Authorization") == "Bearer ghp_testtoken"
def test_make_request_gh_token_fallback(self, project_dir, monkeypatch):
"""GH_TOKEN is used when GITHUB_TOKEN is absent."""
monkeypatch.delenv("GITHUB_TOKEN", raising=False)
monkeypatch.setenv("GH_TOKEN", "ghp_ghtoken")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://github.com/org/repo/releases/download/v1/pack.zip")
assert req.get_header("Authorization") == "Bearer ghp_ghtoken"
def test_make_request_github_token_takes_precedence(self, project_dir, monkeypatch):
"""GITHUB_TOKEN takes precedence over GH_TOKEN when both are set."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_primary")
monkeypatch.setenv("GH_TOKEN", "ghp_secondary")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://api.github.com/repos/org/repo")
assert req.get_header("Authorization") == "Bearer ghp_primary"
def test_make_request_token_added_for_codeload_github_com(self, project_dir, monkeypatch):
"""GITHUB_TOKEN is attached for codeload.github.com URLs (GitHub archive redirects)."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://codeload.github.com/org/repo/zip/refs/tags/v1.0.0")
assert req.get_header("Authorization") == "Bearer ghp_testtoken"
def test_make_request_token_not_added_for_non_github_url(self, project_dir, monkeypatch):
"""Auth header is never attached to non-GitHub URLs to prevent credential leakage."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://internal.example.com/catalog.json")
assert "Authorization" not in req.headers
def test_make_request_token_not_added_for_github_lookalike_host(self, project_dir, monkeypatch):
"""Auth header is not attached to hosts that include github.com as a suffix."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://github.com.evil.com/org/repo/releases/download/v1/pack.zip")
assert "Authorization" not in req.headers
def test_make_request_token_not_added_for_github_in_path(self, project_dir, monkeypatch):
"""Auth header is not attached when github.com appears only in the URL path."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://evil.example.com/github.com/org/repo/releases/download/v1/pack.zip")
assert "Authorization" not in req.headers
def test_make_request_token_not_added_for_github_in_query(self, project_dir, monkeypatch):
"""Auth header is not attached when github.com appears only in the query string."""
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
req = catalog._make_request("https://evil.example.com/download?source=https://github.com/org/repo/v1/pack.zip")
assert "Authorization" not in req.headers
def test_fetch_single_catalog_sends_auth_header(self, project_dir, monkeypatch):
"""_fetch_single_catalog passes Authorization header via opener for GitHub URLs."""
from unittest.mock import patch, MagicMock
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
catalog_data = {"schema_version": "1.0", "presets": {}}
mock_response = MagicMock()
mock_response.read.return_value = json.dumps(catalog_data).encode()
mock_response.__enter__ = lambda s: s
mock_response.__exit__ = MagicMock(return_value=False)
captured = {}
mock_opener = MagicMock()
def fake_open(req, timeout=None):
captured["req"] = req
return mock_response
mock_opener.open.side_effect = fake_open
entry = PresetCatalogEntry(
url="https://raw.githubusercontent.com/org/repo/main/presets/catalog.json",
name="private",
priority=1,
install_allowed=True,
)
with patch("urllib.request.build_opener", return_value=mock_opener):
catalog._fetch_single_catalog(entry, force_refresh=True)
assert captured["req"].get_header("Authorization") == "Bearer ghp_testtoken"
def test_download_pack_sends_auth_header(self, project_dir, monkeypatch):
"""download_pack passes Authorization header via opener for GitHub URLs."""
from unittest.mock import patch, MagicMock
monkeypatch.setenv("GITHUB_TOKEN", "ghp_testtoken")
catalog = PresetCatalog(project_dir)
import io
zip_buf = io.BytesIO()
with zipfile.ZipFile(zip_buf, "w") as zf:
zf.writestr("preset.yml", "id: test-pack\nname: Test\nversion: 1.0.0\n")
zip_bytes = zip_buf.getvalue()
mock_response = MagicMock()
mock_response.read.return_value = zip_bytes
mock_response.__enter__ = lambda s: s
mock_response.__exit__ = MagicMock(return_value=False)
captured = {}
mock_opener = MagicMock()
def fake_open(req, timeout=None):
captured["req"] = req
return mock_response
mock_opener.open.side_effect = fake_open
pack_info = {
"id": "test-pack",
"name": "Test Pack",
"version": "1.0.0",
"download_url": "https://github.com/org/repo/releases/download/v1/test-pack.zip",
"_install_allowed": True,
}
with patch.object(catalog, "get_pack_info", return_value=pack_info), \
patch("urllib.request.build_opener", return_value=mock_opener):
catalog.download_pack("test-pack", target_dir=project_dir)
assert captured["req"].get_header("Authorization") == "Bearer ghp_testtoken"
# ===== Integration Tests =====