Skip to content

Disable auth check for local-only skill flags#13173

Merged
SamMorrowDrums merged 1 commit intosm/add-skills-commandfrom
sammorrowdrums/disable-auth-check-local-flags
Apr 15, 2026
Merged

Disable auth check for local-only skill flags#13173
SamMorrowDrums merged 1 commit intosm/add-skills-commandfrom
sammorrowdrums/disable-auth-check-local-flags

Conversation

@SamMorrowDrums
Copy link
Copy Markdown
Contributor

Stacked on #13165.

Adds cmdutil.DisableAuthCheckFlag for two flags that don't require authentication:

  • --from-local on gh skill install — installs from a local directory, no GitHub API calls needed
  • --dry-run on gh skill publish — validates locally without publishing

This follows the same pattern used by attestation verify for its --bundle flag (verify.go#L231). Auth is only skipped when the flag is explicitly passed by the user; all other flows retain their auth requirements.

@SamMorrowDrums SamMorrowDrums requested a review from a team as a code owner April 15, 2026 21:36
@SamMorrowDrums SamMorrowDrums changed the base branch from trunk to sm/add-skills-command April 15, 2026 21:41
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Introduces the new gh skill command group (install/preview/search/update/publish) and supporting skills infrastructure, and adjusts auth-check behavior so explicitly local-only flags can bypass authentication.

Changes:

  • Adds gh skill top-level command wiring and new skills subcommands (notably search, preview, update).
  • Introduces internal skills plumbing (discovery, frontmatter metadata injection, registry, lockfile) plus cross-platform file locking.
  • Adds/extends unit + acceptance test coverage for the skills workflows.
Show a summary per file
File Description
pkg/cmd/skills/skills.go Adds the gh skill command group and registers skills subcommands.
pkg/cmd/root/root.go Wires skill(s) into the root command.
pkg/cmd/skills/search/search.go Implements skills search using GitHub Code Search + enrichment/ranking.
pkg/cmd/skills/search/search_test.go Unit tests for search behavior, ranking, JSON output, and rate-limit handling.
pkg/cmd/skills/preview/preview.go Implements skill preview (tree + pager rendering, interactive file browsing).
pkg/cmd/skills/preview/preview_test.go Unit tests for preview flows (interactive/non-interactive, file tree, caps).
pkg/cmd/skills/update/update.go Implements skill update scanning, remote comparison, and reinstall/update execution.
internal/skills/source/source.go Adds helpers for parsing/storing skill source repo metadata + host validation.
internal/skills/source/source_test.go Tests for source parsing/host validation.
internal/skills/registry/registry.go Defines agent host registry + install directory resolution.
internal/skills/registry/registry_test.go Tests for registry lookups, install dirs, scope labels, etc.
internal/skills/lockfile/lockfile.go Adds .skill-lock.json read/modify/write with inter-process locking.
internal/skills/lockfile/lockfile_test.go Tests lockfile creation/update + recovery behavior.
internal/skills/installer/installer.go Implements remote/local installs, metadata injection, and safe path writes.
internal/skills/installer/installer_test.go Tests installer behaviors (local copy, traversal protection, progress).
internal/skills/frontmatter/frontmatter.go Adds SKILL.md frontmatter parsing + GitHub/local metadata injection.
internal/skills/frontmatter/frontmatter_test.go Tests parsing + metadata injection/serialization.
internal/skills/discovery/discovery.go Adds repo skill discovery, ref resolution, blob fetching, file listing.
internal/skills/discovery/collisions.go Adds collision detection/formatting for install-name conflicts.
internal/skills/discovery/collisions_test.go Tests collision detection/formatting.
internal/flock/flock.go Adds an OS-agnostic lock sentinel error.
internal/flock/flock_unix.go Adds Unix implementation of non-blocking file locks.
internal/flock/flock_windows.go Adds Windows implementation of non-blocking file locks (x/sys).
internal/flock/flock_test.go Tests for file lock behavior.
git/client.go Adds git helpers used by skills flows (remote URL, ignore checks, short SHA).
git/client_test.go Adds tests for new git helper methods.
acceptance/acceptance_test.go Adds a dedicated acceptance test runner for the “skills” scripts.
acceptance/testdata/skills/* Adds acceptance coverage for install/search/preview/update/publish flows.
go.mod Promotes golang.org/x/sys to a direct dependency (used by Windows flock).
.gitignore Ignores a generated gh artifact.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0

Add cmdutil.DisableAuthCheckFlag for --from-local on install so that
installing from a local directory does not require authentication.
This follows the same pattern used by attestation verify for its
--bundle flag.

The --dry-run flag on publish is intentionally left with auth enabled
because dry-run validation includes remote repository checks (security
settings, tag protection, topics).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@SamMorrowDrums SamMorrowDrums force-pushed the sammorrowdrums/disable-auth-check-local-flags branch from 2cc2693 to f2d978d Compare April 15, 2026 21:49
@SamMorrowDrums SamMorrowDrums merged commit d4c6d61 into sm/add-skills-command Apr 15, 2026
8 checks passed
@SamMorrowDrums SamMorrowDrums deleted the sammorrowdrums/disable-auth-check-local-flags branch April 15, 2026 21:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants