entire repo: visibility verb + fix get/mirror-get resolution#1531
Open
toothbrush wants to merge 4 commits into
Open
entire repo: visibility verb + fix get/mirror-get resolution#1531toothbrush wants to merge 4 commits into
toothbrush wants to merge 4 commits into
Conversation
`entire repo get/delete <name>` always failed with "no repo named" for every name (not just dotted ones). A name-filtered ListProjectRepos returns the match in the response's singular `repo` field, but resolveRepoRef read the `repos` page array, which is empty on a name query. The mock in the test populated `repos` too, so it never caught it. Read `out.Repo` and fix the mock to mirror the real server. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Refresh the OpenAPI spec from us.console (additive only: the
/repos/{repoId}/visibility endpoint, Repo.visibility, Cluster.apiUrl)
and add `entire repo visibility get|set <repo> [public|private]`.
`public` grants read-only (pull) to any authenticated Entire user via
the SpiceDB public_viewer wildcard; push/manage stay restricted to
grantees. `private` restricts to explicit grantees. set requires manage.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
`entire repo mirror get` only accepted a mirror ULID; passing the entire:// clone URL that `mirror list` prints sent the URL as a path segment, which the router 404'd with text/plain and the ogen client surfaced as "decode response: ... unexpected Content-Type: text/plain". Add resolveMirrorRef: a ULID still passes through; an entire://<cluster>/gh/<owner>/<repo> clone URL is resolved by listing the caller-visible mirrors for that (cluster, provider, owner) and matching the repo. The cluster in the URL disambiguates an upstream mirrored on multiple clusters. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds new entire repo visibility subcommands and fixes reference resolution for repo/mirror lookups so common user inputs (names and clone URLs) work consistently with the control-plane API.
Changes:
- Add
entire repo visibility get|setcommands backed by newGET/PUT /repos/{repoId}/visibilitycore API operations. - Fix
resolveRepoRefto correctly read name-filtered repo lookups from the singularrepofield rather than therepospage array. - Extend
entire repo mirror getto accept either a mirror ULID or anentire://<cluster>/gh/<owner>/<repo>clone URL viaresolveMirrorRef.
Reviewed changes
Copilot reviewed 7 out of 17 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| internal/coreapi/spec/core.openapi.json | Refresh OpenAPI spec to include repo visibility endpoint and new/updated schemas/fields. |
| internal/coreapi/spec/core.gen.json | Generated OpenAPI-derived JSON updated for visibility and schema tweaks. |
| internal/coreapi/oas_validators_gen.go | Generated validators for new visibility request/response types and enum validation. |
| internal/coreapi/oas_security_gen.go | Register security requirements for the new visibility operations. |
| internal/coreapi/oas_schemas_gen.go | Generated Go schema types updated (Cluster.apiUrl, Repo.visibility, visibility I/O structs). |
| internal/coreapi/oas_response_decoders_gen.go | Generated response decoders for get/set repo visibility endpoints. |
| internal/coreapi/oas_request_encoders_gen.go | Generated request encoder for SetRepoVisibility. |
| internal/coreapi/oas_parameters_gen.go | Generated parameter structs for visibility operations and updated query param docs. |
| internal/coreapi/oas_operations_gen.go | Generated operation name constants extended for visibility ops. |
| internal/coreapi/oas_json_gen.go | Generated JSON encode/decode for new types and Repo.visibility. |
| internal/coreapi/oas_client_gen.go | Generated client methods GetRepoVisibility and SetRepoVisibility. |
| cmd/entire/cli/resolveref.go | Fix repo name→ULID resolution to use ListProjectReposOutputBody.repo. |
| cmd/entire/cli/resolveref_test.go | Update repo resolution test to mock the correct singular repo field. |
| cmd/entire/cli/repo.go | Add repo visibility command group with get and set verbs; add parseVisibility. |
| cmd/entire/cli/repo_test.go | Add unit tests for parseVisibility. |
| cmd/entire/cli/repo_mirror.go | Allow mirror get to resolve clone URLs to mirror ULIDs; add URL parsing/resolution helpers. |
| cmd/entire/cli/repo_mirror_test.go | Add tests for parseMirrorCloneURL and resolveMirrorRef. |
Files not reviewed (9)
- internal/coreapi/oas_client_gen.go: Generated file
- internal/coreapi/oas_json_gen.go: Generated file
- internal/coreapi/oas_operations_gen.go: Generated file
- internal/coreapi/oas_parameters_gen.go: Generated file
- internal/coreapi/oas_request_encoders_gen.go: Generated file
- internal/coreapi/oas_response_decoders_gen.go: Generated file
- internal/coreapi/oas_schemas_gen.go: Generated file
- internal/coreapi/oas_security_gen.go: Generated file
- internal/coreapi/oas_validators_gen.go: Generated file
A URL pasted from `git remote -v` (entire://host/gh/owner/repo.git) now resolves the same as the bare clone URL, matching gitremote.ParseURL. Only the .git suffix is trimmed — GitHub repo names can contain dots. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://entire.io/gh/entireio/cli/trails/670
Three
entire repofixes. User impact first:What you can now do
Make a repo readable by anyone on Entire
publicgrants read-only (pull) to any authenticated Entire user; push/manage stay with grantees.privatereverts it. (Note: "any authenticated user" — the data plane still requires a token, so this is not anonymous/unauthenticated access.)entire repo get <name>actually worksPreviously
entire repo get <name> --project <p>(andrepo delete <name>) always failed withno repo named ...for every name — you had to pass a ULID. Now name resolution works.entire repo mirror getaccepts the clone URLPreviously only a mirror ULID worked; passing the
entire://...clone URL thatmirror listprints failed withdecode response: ... unexpected Content-Type: text/plain. Now:Why each broke
?name=query returns the match in the response's singularrepofield, but the CLI read the (empty)repospage array. The test mocked the wrong field too, so it never caught it.GetMirror(ULID)with no resolution; a clone URL became a path segment whose slashes the router 404'd as text/plain, which the generated client can't decode. Resolution now lists mirrors by (cluster, provider, owner) and matches the repo (no get-by-coords endpoint exists).Repo.visibility,Cluster.apiUrl) and added the verb.Tests
Unit coverage for all three:
parseVisibility, the correctedresolveRepoRefmock,parseMirrorCloneURL, andresolveMirrorRef(ULID short-circuit, URL→ULID match, no-match + unparseable-ref errors). Build/vet/gofmt/lint clean.🤖 Generated with Claude Code
Note
Medium Risk
Visibility set changes who can pull a repo (authorization-related), though it delegates to the existing server API; resolver fixes reduce broken CLI paths with limited blast radius.
Overview
Adds
entire repo visibility get|setso repos can be toggled public (read-only pull for any authenticated Entire user) or private, calling the refreshed control-planeGET/PUT /repos/{repoId}/visibilityclient.Fixes
resolveRepoReffor name lookups: a?name=response exposes the match in the singularrepofield, notrepos, soentire repo get/deleteby name (with--project) work again.entire repo mirror getnow accepts anentire://<cluster>/gh/<owner>/<repo>clone URL (or a ULID) viaresolveMirrorRef—list mirrors by cluster/provider/owner and match repo client-side.Regenerated
internal/coreapifor visibility APIs, optionalRepo.visibility, andCluster.apiUrl; unit tests cover visibility parsing and both resolvers.Reviewed by Cursor Bugbot for commit 8065b2b. Configure here.