Conversation
Greptile SummaryExtends Confidence Score: 5/5Safe to merge — changes are well-scoped, correctly guard all edge cases, and are covered by both unit tests and network-gated integration tests. No P0 or P1 findings. The alias-before-URL-derivation ordering is correct, the de-dupe scrub mirrors the workspace and registry paths exactly, and split_git_alias correctly handles protocol prefixes, scoped names, and trailing-slash URLs. All five new unit tests and three new bats tests pass per the test plan. No files require special attention. Important Files Changed
Reviews (5): Last reviewed commit: "fix(test): restore @pnpm.e2e/foo fixture..." | Re-trigger Greptile |
Benchmark changesPublic ratios: warm installs vs Bun 7x -> 10x; warm installs vs pnpm 11x -> 12x.
a56d92b vs c910bd8 | aube/bun/pnpm | 3 scenarios | 3 runs | 500mbit/50ms | generated by Codex. |
Contributor
Author
|
Addressed Greptile P1 / Cursor low-severity: Added a unit test for the alias-with-pathless-URL case. Validation: Written with Claude. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit e863be8. Configure here.
jdx
added a commit
that referenced
this pull request
May 2, 2026
The new "named update leaves shorthand alone" test calls `add_dist_tag '@pnpm.e2e/foo'` which mutates `test/registry/storage/@pnpm.e2e/foo/package.json` via jq, but the teardown's `git checkout` list didn't include that file. Subsequent runs would inherit the mutated dist-tag. Addresses Cursor review on PR #483. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Added |
This was referenced May 2, 2026
jdx
added a commit
that referenced
this pull request
May 2, 2026
`parse_git_pkg_spec` was calling `repo_name_from_clone_url` even when the user passed an alias, so a pathless URL like `my-alias@git+https://example.com/` would hard-fail with "pass an alias" — even though one was already passed. Reorder so the URL derivation only fires when alias is None. Adds a unit test asserting the alias-with-pathless-URL form succeeds. Addresses Greptile P1 + Cursor low-severity on PR #483. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jdx
added a commit
that referenced
this pull request
May 2, 2026
The new "named update leaves shorthand alone" test calls `add_dist_tag '@pnpm.e2e/foo'` which mutates `test/registry/storage/@pnpm.e2e/foo/package.json` via jq, but the teardown's `git checkout` list didn't include that file. Subsequent runs would inherit the mutated dist-tag. Addresses Cursor review on PR #483. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Extends parse_pkg_spec in aube/src/commands/add.rs to detect git specs via aube_lockfile::parse_git_spec and route them through a new non-packument branch: the verbatim spec is written to package.json and the resolver dispatches the git path on the next install. Recognized forms include bare GitHub shorthand (kevva/is-negative), github:/gitlab:/bitbucket: prefixes, and the full git+ssh / git+https URL family. The alias form (my-alias@kevva/is-negative) lands the user's alias as the manifest key. Manifest key derivation: when no alias is given, the repo segment of the clone URL is used (kevva/is-negative -> is-negative). Pass an alias when the package's package.json `name` differs from the repo segment. Restores the dropped kevva/is-negative assertions in the network-gated ports of update.ts:14, 143, 170, 197 in test/pnpm_update_slow.bats. PR #472 landed the parser branch and the update --latest skip-non-registry guard; this is the CLI-side counterpart so the four assertions can be exercised end-to-end. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
`parse_git_pkg_spec` was calling `repo_name_from_clone_url` even when the user passed an alias, so a pathless URL like `my-alias@git+https://example.com/` would hard-fail with "pass an alias" — even though one was already passed. Reorder so the URL derivation only fires when alias is None. Adds a unit test asserting the alias-with-pathless-URL form succeeds. Addresses Greptile P1 + Cursor low-severity on PR #483. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The new "named update leaves shorthand alone" test calls `add_dist_tag '@pnpm.e2e/foo'` which mutates `test/registry/storage/@pnpm.e2e/foo/package.json` via jq, but the teardown's `git checkout` list didn't include that file. Subsequent runs would inherit the mutated dist-tag. Addresses Cursor review on PR #483. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 2, 2026
jdx
added a commit
that referenced
this pull request
May 3, 2026
Adds a non-packument branch in `parse_pkg_spec` for `file:` and `link:` local-path specs (mirroring the workspace-spec fork). The verbatim spec is written to `package.json` and the resolver's existing local branch dispatches the install — `aube add file:./pkg` no longer 404s on the registry packument fetch. Manifest key is derived from the path basename when no alias is given (`file:./packages/foo` -> `foo`, `file:./bundle.tgz` -> `bundle`). Pass an alias when the upstream `package.json` `name` differs: `aube add my-pkg@file:./packages/foo`. Sibling to PR #483 (git specs). Closes the local-path-spec followup that #483's review surfaced. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jdx
added a commit
that referenced
this pull request
May 3, 2026
## Summary - Adds a non-packument branch in [parse_pkg_spec](crates/aube/src/commands/add.rs:175) for `file:` / `link:` local-path specs (`file:./pkg`, `link:../sibling`, `file:./bundle.tgz`). Sits alongside the workspace-spec fork; mirrors the structural shape of #483 (git specs). - Manifest-key derivation: alias when given (`my-alias@file:./pkg`), otherwise the basename of the path (with `.tgz` / `.tar.gz` stripped). Verbatim spec is written into `package.json` and the resolver's existing local branch ([is_non_registry_specifier](crates/aube-resolver/src/local_source.rs:185)) dispatches the install on next pass. - Skips packument fetch and catalog logic for local specs (catalogs are for registry deps). `aube add file:./pkg` no longer 404s on the registry. Sibling to PR #483 (git specs). Closes the local-path-spec followup that #483's review surfaced. The new branch is parallel to the git-spec branch in `parse_pkg_spec` — when #483 lands the two branches sit side-by-side without nesting. ## Test plan - [x] `cargo build --workspace` - [x] `cargo test --workspace` — 9 new unit tests in `commands::add::tests` cover `file:` / `link:` relative + absolute, tarball-basename derivation, alias forms, scoped/git non-collisions, and the bare `file:` + alias edge case - [x] `cargo clippy --all-targets -- -D warnings` — clean - [x] `cargo fmt --check` - [x] `mise run test:bats test/add.bats` — 28 tests pass (3 new offline tests for `file:` / `link:` / aliased `file:`) - [x] `mise run test:bats test/local_deps.bats` — regression check, 10 tests pass - [x] `mise run test:bats test/pnpm_install_misc.bats` — regression check, 30 tests pass <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Extends `aube add` parsing/routing to treat `file:`/`link:` (and scoped/aliased variants) as non-registry deps, which could impact how ambiguous specs are classified and when registry packument fetches are skipped. > > **Overview** > `aube add` now supports `file:` and `link:` local-path dependencies by routing them through the same *non-registry* flow as git specs: skip packument fetch/catalog logic and write the verbatim spec into `package.json` for the resolver to handle. > > This introduces local-spec parsing with basename-based manifest key derivation (including stripping `.tgz`/`.tar.gz`/`.tar`), supports alias and `@scope/alias@<spec>` forms for both git and local specs, updates the packument-fetch skip guards accordingly, and adds unit + bats coverage for the new behaviors. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit aba32ba. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
parse_pkg_specin crates/aube/src/commands/add.rs to detect git specs viaaube_lockfile::parse_git_specand route them through a new non-packument branch — verbatim spec written topackage.json, resolver dispatches the git path on next install. Recognized forms: bare GitHub shorthand (kevva/is-negative),github:/gitlab:/bitbucket:prefixes, fullgit+ssh/git+httpsURLs, and the alias form (my-alias@kevva/is-negative).kevva/is-negative→is-negative). 90% solution; pass an alias when the upstreampackage.jsonnamediffers from the repo segment.kevva/is-negativeassertions in the network-gated ports ofupdate.ts:14, 143, 170, 197in test/pnpm_update_slow.bats. PR fix(lockfile): parse bare user/repo as github shorthand #472 landed the parser branch and theupdate --latestskip-non-registry guard; this is the CLI-side counterpart so the four assertions can be exercised end-to-end.Test plan
cargo build --workspacecargo test --workspace— 365+ workspace tests pass; 5 new unit tests cover bare GitHub shorthand,github:protocol, git URL with slash-bearing fragment, alias form, and scoped-name non-git negative casecargo clippy --all-targets -- -D warnings— no warningscargo fmt --checkmise run test:bats test/pnpm_update.bats— pre-existing 17/22 results unchanged (3 unrelated<pkg>@latestfailures matchmainbaseline)mise run test:bats test/add.bats— all 25 tests passmise run test:bats test/update.bats,test/catalogs.bats— all passmise run test:bats test/pnpm_update_slow.bats— 4 tests properly gated, skip withoutAUBE_NETWORK_TESTS=1AUBE_NETWORK_TESTS=1🤖 Generated with Claude Code
Note
Medium Risk
Changes
aube add’s dependency parsing and manifest-writing flow to bypass registry resolution for git specs; mistakes here could misclassify specs or skip packument fetching, affecting added dependencies.Overview
aube addnow detects git dependency specifiers (bareuser/repo,github:/gitlab:/bitbucket:prefixes, and fullgit+...URLs, includingalias@<git-spec>), and routes them through a non-registry path.For git specs it skips packument fetch + catalog logic, derives a default manifest key from the repo URL when no alias is provided, and writes the user’s verbatim specifier into
package.jsonso the resolver handles git resolution on install.Adds unit tests for git spec parsing/edge cases and expands the network-gated
pnpm_update_slow.batsports to coveraube add kevva/is-negativeend-to-end; updates the pnpm test import tracking doc accordingly.Reviewed by Cursor Bugbot for commit a56d92b. Bugbot is set up for automated code reviews on this repo. Configure here.