refactor: extract private gallery services

[PrzemyslawKlys]

Summary

• move reusable private gallery bootstrap, registration, credential, and probe logic into PowerForge.PowerShell
• keep private gallery cmdlets thin by delegating through a host adapter and mapping back to the existing PSPublishModule.ModuleRepositoryRegistrationResult contract
• remove the old PrivateGalleryCommandSupport implementation from PSPublishModule

Validation

• dotnet test .\PowerForge.Tests\PowerForge.Tests.csproj -c Release --filter "PrivateGalleryPrerequisiteVersionPolicyTests|PrivateGalleryBootstrapReadinessTests"
• pwsh -NoLogo -NoProfile -Command "Invoke-Pester -Path .\Module\Tests\PrivateGallery.Commands.Tests.ps1 -CI"
• pwsh -NoLogo -NoProfile -File .\Module\Build\Build-Module.ps1 -NoSign

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

[claude]

PR Review: refactor: extract private gallery services

This is a well-motivated refactor that improves testability by introducing an IPrivateGalleryHost abstraction and moving private gallery logic into an injectable PrivateGalleryService. The structure is sound, but I found several issues ranging from behavioral regressions to design concerns.

Bugs and Behavioral Regressions

1. RepositoryRegistrationTool.Both not handled in EnsureAzureArtifactsRepositoryRegistered

The new dispatch in PrivateGalleryService.cs only handles PSResourceGet vs. else-PowerShellGet. When a caller explicitly passes Tool = Both, effectiveTool becomes Both, falls into the else branch, and only registers PowerShellGet. The old code had explicit "or RepositoryRegistrationTool.Both" checks in both branches. This is a regression for any caller using Tool = Both.

2. NullLogger silently drops verbose output from clients

The new service always uses new NullLogger() when constructing PSResourceGetClient, PowerShellGetClient, ModuleDependencyInstaller, and AzureArtifactsCredentialProviderInstaller. The old code passed a CmdletLogger that respected the -Verbose flag. All verbose output from those underlying clients is now silently discarded. The fix is to expose a logger factory or logging delegate on IPrivateGalleryHost.

3. ToolUsed set to Auto instead of Both

In the auto-mode path where PSResourceGet succeeds and PowerShellGet is also registered for compatibility, the code sets result.ToolUsed = RepositoryRegistrationTool.Auto. The old code set ToolUsed = Both. Returning Auto makes it impossible for callers to distinguish "both tools registered" from "tool not yet resolved". This should be RepositoryRegistrationTool.Both.

4. Credential prompt caption changed from cmdlet name to a generic string

Old code used cmdlet.MyInvocation.MyCommand.Name as the dialog title. New service hardcodes "Private gallery authentication". Consider adding a CommandName property to IPrivateGalleryHost so the service can use the actual cmdlet name as the prompt caption.

Design Concerns

5. Duplicated ModuleRepositoryRegistrationResult with a hand-written mapper

ModuleRepositoryRegistrationResultMapper.ToCmdletResult copies approximately 40 properties between two nearly identical classes in different namespaces. Adding any new property requires updating both classes and the mapper. Worth evaluating whether a single shared type would be more maintainable.

6. GetBootstrapPrerequisiteStatus unnecessarily widened to public

It was private static in the old code. Since PrivateGalleryService is internal sealed this does not escape the assembly, but private is more appropriate given it is only called internally.

7. ReservedPowerShellGalleryRepositoryName constant removed

The constant ReservedPowerShellGalleryRepositoryName was deleted from PrivateGalleryCommandSupport. Worth confirming nothing else in the codebase references it.

Missing Test Coverage

8. No unit tests for PrivateGalleryService

One of the stated benefits of introducing IPrivateGalleryHost is testability, but no new tests accompany the refactor. The only test change is updating a class name reference. Unit tests using a mock IPrivateGalleryHost would be high-value, especially for ResolveCredential mode combinations, the ShouldProcess gate, and BuildDependencies edge cases.

Minor Notes

• Constructor parameter casing fix (camelCase) in PrivateGalleryModels.cs is a nice cleanup.
• Switching from PSArgumentException to ArgumentException in the service layer is correct.
• Host and service instantiated per ProcessRecord call is fine for non-pipeline cmdlets.

Required fixes before merge:

1. Handle RepositoryRegistrationTool.Both in the effectiveTool dispatch
2. Replace NullLogger with a host-backed logger to restore -Verbose output from clients
3. Set ToolUsed = Both (not Auto) when both tools register successfully in auto mode
4. (Optional) Restore cmdlet name as credential prompt caption via IPrivateGalleryHost

[claude]

Overall this is a well-structured refactor. Moving the static PrivateGalleryCommandSupport blob into PrivateGalleryService with IPrivateGalleryHost is the right call: testable, no PSCmdlet threading through every method, and PowerForge.PowerShell becomes the proper home for this logic. PrivateModuleWorkflowService deduplication of install/update is also a nice improvement.

Issues found:

BUG: RepositoryRegistrationTool.Both silently falls through to PowerShellGet-only

In PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered, the registration block is an if/else on PSResourceGet vs everything else. If the caller passes Tool=Both, effectiveTool is never resolved to a single value (the Auto branch does not run, no pre-check throws for Both), so it falls to the else arm and only registers PowerShellGet. Old code handled Both with two separate if statements. Functional regression for any user passing -Tool Both.

BUG: apiVersion RepositoryApiVersion.V3 dropped

Old code passed apiVersion: RepositoryApiVersion.V3 to PSResourceGet.EnsureRepositoryRegistered. New PrivateGalleryService omits it. If V3 is not the default, Azure Artifacts repos could fail or misbehave after registration.

REGRESSION: PowerShell client verbose logging silently dropped

Old EnsureAzureArtifactsRepositoryRegistered and EnsureBootstrapPrerequisites used CmdletLogger so PSResourceGetClient/PowerShellGetClient/ModuleDependencyInstaller could emit verbose output. New PrivateGalleryService uses NullLogger in both - verbose from those operations is silently discarded even with -Verbose. IPrivateGalleryHost already has WriteVerbose; consider plumbing it to the runner/logger.

MINOR: Credential prompt caption changed

Old code used cmdlet.MyInvocation.MyCommand.Name (e.g. Connect-ModuleRepository) as the caption. New code hardcodes 'Private gallery authentication'. IPrivateGalleryHost could expose CommandName, or the caption could be passed in from the calling cmdlet.

TEST GAP: AzureArtifacts path not covered

PrivateModuleWorkflowServiceTests covers only UseAzureArtifacts=false. The AzureArtifacts path has no unit-test coverage.

---

Good things: injectable dependencyExecutor in PrivateModuleWorkflowService is a clean testability pattern. ModuleRepositoryRegistrationResultMapper preserves the stable public contract. IPrivateGalleryHost surface is minimal. Removing PSCmdlet from every helper signature is a clear improvement. AGENTS.md additions document the layering intent well.

The Both-tool regression and missing apiVersion are the two to resolve before merging.

[claude]

Test comment from automated review

[claude]

Code Review

Overall this is a solid architectural improvement. Replacing the static god class PrivateGalleryCommandSupport with an interface + service + host-adapter pattern aligns with the new layering guidelines in AGENTS.md, and the result is genuinely more testable. A few items to look at before merging.

Bug: RepositoryRegistrationTool.Both is silently broken

RepositoryRegistrationTool.Both is a documented public enum value, but PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered no longer handles it correctly. When tool equals Both, effectiveTool stays Both, the prerequisite guards do not fire (they only check PSResourceGet and PowerShellGet individually), and execution falls into the else branch registering only PowerShellGet. ToolUsed ends up set to Both while PSResourceGetRegistered remains false. The old PrivateGalleryCommandSupport handled this with two independent if blocks. Suggest adding explicit handling for Both, or at minimum throwing for unrecognised values so the gap is visible.

Regression: NullLogger in registration and prerequisite paths

PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered and EnsureBootstrapPrerequisites both construct new NullLogger() internally rather than receiving a logger from the caller. The old code forwarded a CmdletLogger so -Verbose output from PSResourceGetClient, PowerShellGetClient, and the prerequisite installer surfaced to the user. All registration and bootstrap work is now silent even with -Verbose. Options include accepting ILogger in the PrivateGalleryService constructor, or passing it per-method.

Minor: OutputPath relative resolution changed for Export-CertificateForNuGet

The old cmdlet used SessionState.Path.GetUnresolvedProviderPathFromPSPath(OutputPath), which resolves against the PowerShell current filesystem location. The new service uses Path.GetFullPath which resolves against the process working directory. These differ when users use Set-Location within a session. Only affects relative paths; absolute paths are fine. The Trim of double-quote characters on the output path is also an unusual guard -- if intentional, a brief comment would help future readers.

Minor: NuGetCertificateExportService.Execute swallows all exceptions

The broad catch block converts every exception into a Success = false result. Callers outside a cmdlet context cannot distinguish certificate-not-found from disk-full without parsing the error string. Consider narrower catches and letting hard failures propagate.

Minor: BuildNotFoundMessage uses a Windows-style path separator

The backslash-My-store suffix in the not-found message is a Windows registry-path convention and will look odd in output on Linux or macOS. Worth clarifying whether this is intentional given the service is otherwise cross-platform.

Test coverage gaps

The new PrivateModuleWorkflowServiceTests cover the repository-only install path and the ShouldProcess-declines case. Notable gaps: Azure Artifacts path (even a minimal happy-path with a stub registration result), RepositoryRegistrationTool.Both behavior (which has the regression above), and NuGetCertificateExportServiceTests has no test for the SHA-256 lookup path.

Nit: RecommendedBootstrapCommand on the internal model contains hardcoded cmdlet names

ModuleRepositoryRegistrationResult.RecommendedBootstrapCommand (in PowerForge.PowerShell) builds a Register-ModuleRepository string with hardcoded parameter names. This couples the shared internal model to a specific public cmdlet surface. If that parameter is renamed, or if the model is consumed from a non-PS host, the suggestion will be wrong. Consider moving this helper to the PSPublishModule-side mapper/result, or leaving a comment acknowledging the deliberate coupling.

Positive highlights

• IPrivateGalleryHost is minimal and exactly right: it exposes only what services need from a PowerShell runtime.
• The injectable dependencyExecutor on PrivateModuleWorkflowService makes the workflow unit-testable without a live PowerShell session.
• The OutputType attribute is a nice addition for PS tab-completion and help.
• ModuleRepositoryRegistrationResultMapper is the correct pattern for keeping the public cmdlet contract stable while evolving the internal model.
• PrivateGalleryVersionPolicy in its own file makes the pre-release version-comparison logic easy to test in isolation, and it is tested.

[claude]

PR Review: refactor: extract private gallery services

Overall this is a clean, well-motivated refactoring that follows the layering boundaries described in AGENTS.md. The cmdlets are noticeably thinner, the new IPrivateGalleryHost interface makes PrivateGalleryService testable, and the NuGetCertificateExportService injectable constructor pattern is a good addition. A few things worth flagging:

---

Functional / Behavioral Concerns

1. NullLogger silences diagnostic output during registration and prerequisite install

In the old PrivateGalleryCommandSupport, PSResourceGetClient and PowerShellGetClient were wired to new CmdletLogger(cmdlet, ...), so verbose/warning output from those clients surfaced to the user. The new PrivateGalleryService uses new NullLogger() everywhere:

// PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered
var runner = new PowerShellRunner();
var logger = new NullLogger();  // ← diagnostic output from PSResourceGet/PowerShellGet silently dropped

Any verbose messages emitted by PSResourceGetClient or PowerShellGetClient during registration are now silently swallowed. This could make failure diagnostics significantly harder. Consider threading a logger through PrivateGalleryService (e.g. via IPrivateGalleryHost or a separate ILogger param) so callers can opt into forwarding those messages.

2. apiVersion: RepositoryApiVersion.V3 dropped from PSResourceGet registration

Old PrivateGalleryCommandSupport.EnsureAzureArtifactsRepositoryRegistered:

result.PSResourceGetCreated = psResourceGet.EnsureRepositoryRegistered(
    ..., apiVersion: RepositoryApiVersion.V3, timeout: ...);

New PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered:

var created = client.EnsureRepositoryRegistered(
    result.RepositoryName, endpoint.PSResourceGetUri, trusted, priority,
    timeout: TimeSpan.FromMinutes(2));  // ← no apiVersion

If the default for apiVersion changed (or differs from V3), Azure Artifacts feeds may fail silently. Please confirm this is intentional.

3. ToolUsed contract change — Auto vs Both

Old code returned RepositoryRegistrationTool.Both when both PSResourceGet and PowerShellGet succeeded. New code returns RepositoryRegistrationTool.Auto in the same scenario:

// new code, Auto + PSResourceGet + compatibility PowerShellGet registration
result.ToolUsed = RepositoryRegistrationTool.Auto;  // was: Both

Any caller that compared ToolUsed == Both (e.g. tests, downstream consumers of the cmdlet result) will see a different value. Since ModuleRepositoryRegistrationResult is a stable public output type, this is a breaking change in the result contract even if the registration itself still happens correctly.

4. Auto mode: tool is resolved eagerly before ShouldProcess

Previously, the actual PSResourceGet/PowerShellGet tool selection happened after ShouldProcess. Now effectiveTool is resolved and UnavailableTools is populated before the _host.ShouldProcess(...) guard. If WhatIf is active, callers still correctly see RegistrationPerformed = false, but the UnavailableTools / Tool fields on the returned result object will now be set even in WhatIf runs. This is probably fine, but worth being explicit about if any tests assert on the WhatIf result shape.

---

Minor Issues

5. Dead code in ModuleTestFailureWorkflowService.Execute

if (string.IsNullOrWhiteSpace(resolution.ResultsPath))
{
    return new ModuleTestFailureWorkflowResult
    {
        WarningMessages = resolution.ExplicitPathProvided        // ← never true here
            ? new[] { $"Test results file not found: {resolution.SearchedPaths[0]}" }
            : ...
    };
}

ResolvePath always assigns a non-empty ResultsPath when ExplicitPath is provided, so the ExplicitPathProvided branch inside the string.IsNullOrWhiteSpace guard is unreachable. The explicit-path-not-found case is handled correctly by the subsequent File.Exists check. The dead branch can be removed.

6. Credential prompt caption changed

Old code used cmdlet.MyInvocation.MyCommand.Name as the caption for PromptForCredential. New CmdletPrivateGalleryHost hardcodes "Private gallery authentication":

var promptCredential = _cmdlet.Host.UI.PromptForCredential(
    "Private gallery authentication",   // ← was cmdlet name
    $"Enter Azure Artifacts credentials or PAT for '{repositoryName}'.");

The credential dialog will no longer show which cmdlet is requesting the credential. Minor UX regression.

7. ModuleRepositoryRegistrationResultMapper — fragile manual mapping

The mapper copies ~30 properties by name. If PowerForge.ModuleRepositoryRegistrationResult ever gains a new property, it's easy to forget to update the mapper, and there's no compile-time safety net. Consider whether AutoMapper, a source generator, or a simple InstallModuleReady / PSResourceReady guard property added to the public type (and left off the internal one) could reduce this drift risk.

---

Positive Highlights

• AGENTS.md layering docs are a genuinely useful addition for future contributors.
• IPrivateGalleryHost makes PrivateGalleryService unit-testable without a real PSCmdlet.
• NuGetCertificateExportService injectable store loader is a nice improvement for testing.
• ModuleTestFailureDisplayService returning a data structure instead of calling HostWriteLineSafe directly is the right call.
• [OutputType(typeof(NuGetCertificateExportResult))] on ExportCertificateForNuGetCommand is a good addition.
• Exception types appropriately changed from PSArgumentException → ArgumentException in the service layer.

---

Summary

The architectural direction is correct and follows the project's own guidelines. The main items I'd want resolved before merging:

1. NullLogger — diagnostic messages from PSResourceGet/PowerShellGet during registration are now lost. At minimum, confirm this is intentional and acceptable.
2. apiVersion removal — confirm intentional; if the default is still V3 that's fine, otherwise it's a regression for Azure Artifacts feeds.
3. ToolUsed value change (Auto vs Both) — check whether any tests or documented behavior depend on Both.

The dead code in ModuleTestFailureWorkflowService and the credential caption change are low-priority cleanups.

[claude]

PR Review: refactor: extract private gallery services

Great refactoring overall. The layering is cleaner, the cmdlets are genuinely thin, and the new test coverage is solid. A few items worth looking at before merge:

Potential Bug: PS-path resolution regression in ExportCertificateForNuGet

The old cmdlet resolved OutputPath via SessionState.Path.GetUnresolvedProviderPathFromPSPath(OutputPath), which correctly handles PowerShell drive paths (custom PS drives, mapped drives). The new service uses Path.GetFullPath(request.OutputPath!.Trim().Trim('"')), which does not. For plain filesystem paths this is fine, but any caller passing a PS-drive path will get a wrong result. Consider resolving the path in the cmdlet before passing it into the service request, or document that the service expects a pre-resolved filesystem path.

Minor: PSArgumentException to ArgumentException in BuildDependencies

The old PrivateGalleryCommandSupport.BuildDependencies threw PSArgumentException, which surfaces to the PowerShell user as a named parameter error. The new PrivateGalleryService.BuildDependencies throws ArgumentException, which becomes a generic runtime error. For a host-agnostic service this is arguably the right direction, but it is a subtle behavioral difference at the PowerShell UX level. Worth wrapping at the cmdlet boundary if the original error presentation mattered.

Subtle: implicit SwitchParameter to bool conversions in workflow request

In InstallPrivateModuleCommand and UpdatePrivateModuleCommand, assignments like InstallPrerequisites = InstallPrerequisites, Prerelease = Prerelease, and Force = Force rely on the implicit SwitchParameter to bool operator. This compiles correctly, but the intent is easy to miss. Explicit .IsPresent on each would make it clear and prevent a future refactor from accidentally dropping the conversion.

Minor: redundant File.Exists check in ModuleTestFailureWorkflowService

ResolvePath already returns candidates.FirstOrDefault(File.Exists), so ResultsPath is only non-null when the file exists at scan time. The subsequent File.Exists(resolution.ResultsPath) guard is a no-op in normal operation (it would only fire in a race condition). A short comment clarifying the intent would help future readers.

Gap: no unit tests for PrivateGalleryService itself

New test files cover ModuleTestFailureDisplayService, ModuleTestFailureWorkflowService, NuGetCertificateExportService, PowerShellCompatibilityDisplayService, PowerShellCompatibilityWorkflowService, and PrivateModuleWorkflowService. But PrivateGalleryService (the largest and most complex new class) has no dedicated tests. The existing PrivateGalleryPrerequisiteVersionPolicyTests only covers the version-policy helper. Smoke tests for ResolveCredential error paths (user + secret without UserName, PromptForCredential combined with explicit creds, ExistingSession + credential conflict) would be valuable.

Nit: ModuleRepositoryRegistrationResultMapper property drift risk

The mapper manually copies approximately 30 properties. If a property is later added to the internal PowerForge.ModuleRepositoryRegistrationResult, the mapper will silently skip it. A unit test asserting both types expose the same property names, or at least a TODO comment, would help prevent silent omissions.

What is good

The IPrivateGalleryHost / CmdletPrivateGalleryHost split is clean and enables real unit testing without a live PSCmdlet. Removing the 755-line PrivateGalleryCommandSupport static class is the right call; the replacement is properly encapsulated and injectable. All four cmdlets that shared the same boilerplate now delegate correctly through the service. NuGetCertificateExportService properly uses using for the cert store instead of the manual finally { store?.Close() } pattern. PrivateModuleWorkflowService successfully unifies the Install/Update flows without leaking the operation distinction into the service API. The AGENTS.md layering guidance is a good addition for future contributors.

[claude]

Overall this is a well-executed architectural refactoring. See below for the full review.

[claude]

Overall this is a well-executed architectural refactor. IPrivateGalleryHost makes the services testable without a real PowerShell host, and the new test files provide solid coverage of the extracted logic. A few issues worth addressing before merging. The Both-tool registration regression and the missing apiVersion are the two items I would prioritize. Full notes below.

[claude]

Potential Bug: RepositoryRegistrationTool.Both silently regresses

File: PowerForge.PowerShell/Services/PrivateGalleryService.cs - EnsureAzureArtifactsRepositoryRegistered

The old PrivateGalleryCommandSupport handled RepositoryRegistrationTool.Both with two sequential registration calls (PSResourceGet then PowerShellGet). The new service has no guard for Both in the pre-flight validation block, and the registration block uses a simple if/else between PSResourceGet and PowerShellGet. If a caller explicitly passes Tool = Both, the new code silently falls into the else branch and only registers PowerShellGet. Adding an explicit Both branch (or a defensive throw for an unrecognized value) would address this regression.

[claude]

Potential Bug: Missing apiVersion parameter for PSResourceGet registration

File: PowerForge.PowerShell/Services/PrivateGalleryService.cs

The old code passed apiVersion: RepositoryApiVersion.V3 as a named argument to PSResourceGetClient.EnsureRepositoryRegistered. The new code omits this argument entirely. If the method default is not V3, this could silently register the repository against the wrong NuGet API version and break package resolution. Worth verifying whether V3 is the default.

[claude]

Regression: Verbose install logging silently swallowed

File: PowerForge.PowerShell/Services/PrivateGalleryService.cs

Both EnsureBootstrapPrerequisites and EnsureAzureArtifactsRepositoryRegistered now use new NullLogger() where the old code passed a CmdletLogger that forwarded to WriteVerbose. Users running with -Verbose will no longer see installation-step messages from PSResourceGet or AACP installation - operations that can take several minutes. Consider whether IPrivateGalleryHost should expose a CreateLogger() factory or accept an ILogger in the constructor so the host can forward verbose messages back to the cmdlet stream.

[claude]

Minor UX: PromptForCredential caption changed

File: PSPublishModule/Services/CmdletPrivateGalleryHost.cs

Old code used cmdlet.MyInvocation.MyCommand.Name as the credential-prompt caption (e.g. Connect-ModuleRepository). New code uses the literal string 'Private gallery authentication'. Users who relied on the dialog caption to identify which cmdlet is prompting will now see a generic title. Low severity but a small regression.

---

PSArgumentException vs ArgumentException

File: PowerForge.PowerShell/Services/PrivateGalleryService.cs

The old static helper threw PSArgumentException for invalid parameter combinations - this type formats as a proper parameter-binding error in the PowerShell error stream with the parameter name highlighted. The new service throws the standard ArgumentException. If keeping PS-specific exceptions out of the shared layer is a goal, IPrivateGalleryHost could expose a ThrowParameterError(string paramName, string message) helper that the cmdlet-layer adapter implements with PSArgumentException.

---

What is working well

• Architecture aligns exactly with the AGENTS.md layering contract added in this same PR - documenting conventions alongside the code that establishes them is a good pattern.
• IPrivateGalleryHost cleanly inverts the PowerShell-host dependency and enables proper unit testing.
• PrivateModuleWorkflowService accepts an injectable _dependencyExecutor which the tests use effectively as a seam.
• ModuleRepositoryRegistrationResultMapper correctly maintains the stable public contract without leaking the internal model into the shared library.
• PrivateGalleryVersionPolicy cleanly separates version-comparison logic from orchestration.
• New test files add real coverage of the extracted services including positive and edge-case paths.
• PrivateModuleWorkflowService removes the copy-pasted Install/Update duplication that previously existed across two cmdlets.

[claude]

test2

[claude]

Code Review: refactor extract private gallery services

Overall this is a well-executed architectural refactoring that aligns squarely with the layering rules now documented in AGENTS.md. The direction is correct and the PR is generally in good shape.

Positive highlights

• Layering is clean. PSPublishModule/Cmdlets/ is now thin: parameter binding, ShouldProcess/prompting, and output mapping. Real logic moved to PowerForge.PowerShell services behind IPrivateGalleryHost. Exactly what the new working agreements call for.
• IPrivateGalleryHost abstraction makes the gallery service testable without a live PSCmdlet. The injectable dependencyExecutor on PrivateModuleWorkflowService follows the same principle.
• Good test coverage added for the new display, workflow, and scaffold services (7 new test files). These cover path resolution, missing-file warnings, normalization, and display output -- all previously untestable in-cmdlet logic.
• PSArgumentException to ArgumentException in PrivateGalleryService is correct; the service layer should not depend on SMA exception types.
• Backward-compatible public result type (PSPublishModule.ModuleRepositoryRegistrationResult) preserved via the mapper.

Issues

1. ToolUsed is set to Auto instead of Both when dual registration succeeds

File: PowerForge.PowerShell/Services/PrivateGalleryService.cs

When Tool == Auto, PSResourceGet succeeds, and the compat PowerShellGet registration also succeeds, result.ToolUsed is set to RepositoryRegistrationTool.Auto not Both. The old code set it to Both. Callers that inspect ToolUsed == Both to detect dual registration will silently see Auto instead. Worth either fixing the assignment to Both or documenting that Auto now means both succeeded.

2. NullLogger in EnsureBootstrapPrerequisites silently drops install diagnostics

File: PowerForge.PowerShell/Services/PrivateGalleryService.cs

The old EnsureBootstrapPrerequisites created a CmdletLogger(cmdlet, verbose), surfacing prerequisite install output to the user. The new service always uses NullLogger, silently dropping installer messages. PrivateModuleWorkflowService has a _logger field but it is not threaded into EnsureBootstrapPrerequisites. Consider accepting a logger in PrivateGalleryService constructor and forwarding it here.

3. CmdletPrivateGalleryHost.PromptForCredential loses cmdlet-name caption

File: PSPublishModule/Services/CmdletPrivateGalleryHost.cs

The old code used cmdlet.MyInvocation.MyCommand.Name as the credential dialog caption so users saw the cmdlet name (e.g. Connect-ModuleRepository). The new PrivateGalleryService hardcodes the caption to "Private gallery authentication". Consider constructing CmdletPrivateGalleryHost with the cmdlet name and using it as the caption.

4. ExportCertificateForNuGetCommand -- OutputPath bypasses SessionState.Path resolution

File: PSPublishModule/Cmdlets/ExportCertificateForNuGetCommand.cs

The old code called SessionState.Path.GetUnresolvedProviderPathFromPSPath(OutputPath) for the explicit-path case, correctly resolving PowerShell provider-relative paths. The new service only receives a plain working directory string, so provider-relative OutputPath values may resolve to the wrong directory when the user has cd inside the PowerShell session.

Suggestion: Resolve OutputPath through SessionState.Path.GetUnresolvedProviderPathFromPSPath in the cmdlet before passing it to the service, so the service always receives a fully resolved filesystem path.

5. PrivateModuleWorkflowService does not forward Force to EnsureUpdated

File: PowerForge.PowerShell/Services/PrivateModuleWorkflowService.cs

request.Force is defined in PrivateModuleWorkflowRequest but is not forwarded to EnsureUpdated. If EnsureUpdated accepts a force parameter, this is a silent regression for Update-PrivateModule. Worth verifying whether the old UpdatePrivateModuleCommand forwarded force.

Minor nits

• AboutTopicTemplateServiceTests.Generate_WritesMarkdownTemplateAndPreservesPreviewExistence asserts result.Exists == false right after calling Generate. Correct, but an explicit Preview + assertion before Generate would make the intent clearer.
• Internal model properties in PowerForge.PowerShell/Models/ModuleRepositoryRegistrationResult.cs are declared public on an internal sealed class. Functionally harmless, but internal properties would better signal intended visibility.
• PSPublishModule.csproj is not in the diff -- confirm deletion of PrivateGalleryCommandSupport.cs and two new Services/ files are reflected in the project file (or that it uses glob includes).

Summary

Items 2 and 4 are the most actionable before merge -- silent regressions in installer output visibility and path resolution. Items 1 and 5 are lower priority but worth a quick check. Otherwise this is a solid cleanup that makes the codebase significantly more testable and follows the layering documented in AGENTS.md.

Generated with Claude Code

[claude]

Code Review: PR 210 - refactor: extract private gallery services. Overall well-executed refactoring. See inline notes.

[claude]

Code Review: PR 210 - refactor: extract private gallery services

Overall this is a well-executed, high-signal refactoring. The layering story is clear, the tests are meaningful, and the public cmdlet surface stays stable.

Architecture positives:

• The host-adapter pattern (IPrivateGalleryHost / CmdletPrivateGalleryHost) is the right seam. The service layer has no PSCmdlet dependency, enabling unit tests without mocking the PowerShell runtime.
• Unifying InstallPrivateModuleCommand and UpdatePrivateModuleCommand into PrivateModuleWorkflowService via PrivateModuleWorkflowOperation eliminates roughly 100 lines of duplicated wiring.
• ModuleRepositoryRegistrationResultMapper maintains the public PSPublishModule output type contract. Existing pipeline callers are unaffected.

Issues:

1. Credential prompt caption regressed. The old PrivateGalleryCommandSupport used cmdlet.MyInvocation.MyCommand.Name as the credential dialog caption. The new PrivateGalleryService hardcodes "Private gallery authentication". IPrivateGalleryHost.PromptForCredential(caption, message) already accepts a caption, so passing the cmdlet name through is a one-liner fix. At minimum document this as intentional.

2. SwitchParameter to bool implicit conversion. In the request initializers, SwitchParameter fields are assigned to bool properties (e.g. InstallPrerequisites = InstallPrerequisites). The implicit .IsPresent conversion is correct, but adding .IsPresent explicitly or a comment would make intent obvious since the request properties are plain bool.

3. ConnectModuleRepositoryCommand has two ToCmdletResult call sites in separate branches. This is correct (the probe path sets additional fields on result before mapping) but a brief comment would prevent readers from wondering whether the branches should be consolidated.

4. ReservedPowerShellGalleryRepositoryName constant removed. Worth confirming no remaining code referenced it.

5. Exception type change: PSArgumentException to ArgumentException. Both bubble correctly through ProcessRecord, but FullyQualifiedErrorId in the resulting ErrorRecord will differ. Any Pester tests asserting on that field for these specific errors will need updating.

Test coverage: Excellent. Using the injected _dependencyExecutor delegate in PrivateModuleWorkflowServiceTests is exactly the right pattern. One gap: no tests for ModuleRepositoryRegistrationResultMapper.ToCmdletResult. The mapper copies roughly 30 properties; a round-trip test would catch any property added to the source model but omitted from the mapper.

Minor: AboutTopicTemplateService.Generate returns Exists = false even after writing (reflects pre-generation state per the test, but a comment would help). ModuleBuildOutcomeService correctly handles workflow == null. The AGENTS.md layering docs added here are valuable.

Summary: Ready to merge. Item 1 (credential caption) is the most actionable item - a one-liner fix. The mapper round-trip test is a good safety net but not blocking.

[claude]

PR Review — refactor: extract private gallery services

Overall this is a well-structured refactor that clearly advances the layering goals described in AGENTS.md. The intent is sound, the scope is consistent, and the diff is internally coherent. A few issues worth addressing before merge.

---

Potential bugs

1. ToolUsed not initialised on early-return from ShouldProcess

In the old PrivateGalleryCommandSupport.EnsureAzureArtifactsRepositoryRegistered the result object was created with ToolUsed = effectiveTool in the initialiser. In the new PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered (line ~3235 in the service) the object initialiser sets ToolRequested = tool, Tool = tool but omits ToolUsed. When -WhatIf causes _host.ShouldProcess to return false, the code returns early and result.ToolUsed holds the default enum value (0) rather than the resolved effective tool. Any caller or script that inspects result.ToolUsed in WhatIf mode will see a misleading value.

// Fix: add ToolUsed to the initialiser, consistent with the old code
ToolRequested = tool,
Tool = tool,
ToolUsed = tool,   // ← add this

---

2. ToolUsed semantic change: Auto instead of Both

In the old code, when -Tool Auto caused both PSResourceGet and PowerShellGet to register successfully, ToolUsed was set to RepositoryRegistrationTool.Both. In the new code the same case sets ToolUsed = RepositoryRegistrationTool.Auto. Any consumer (script, test, Studio UI) that switches on Both will now miss this case.

---

Diagnostic regression

3. NullLogger inside EnsureAzureArtifactsRepositoryRegistered and EnsureBootstrapPrerequisites

The old implementation passed a CmdletLogger to PowerShellRunner, so verbose output from the underlying PSResourceGet/PowerShellGet invocations surfaced to the user when -Verbose was active. The new service always constructs new NullLogger() for these runners. Explicit messages.Add(...) calls capture the headline outcomes, but low-level runner output (e.g. warnings emitted by the tools themselves) is silently dropped.

Consider accepting an ILogger from the caller (injected via constructor or the host adapter) to restore -Verbose fidelity for the underlying runners.

---

Minor issues

4. ProjectCleanupDisplayService re-instantiated on every item callback

RemoveProjectFilesCommand.OnItemProcessed allocates a fresh ProjectCleanupDisplayService() per item processed:

private void OnItemProcessed(int current, int total, ProjectCleanupItemResult item)
{
    WriteDisplayLines(new ProjectCleanupDisplayService().CreateItemLines(...));
    //                ^^ new instance each call
}

ProcessRecord already holds var display = new ProjectCleanupDisplayService();. Storing the instance in a field and reusing it would be cleaner.

5. Implicit SwitchParameter → bool assignment without .IsPresent

In InstallPrivateModuleCommand and UpdatePrivateModuleCommand the new PrivateModuleWorkflowRequest is populated with:

InstallPrerequisites = InstallPrerequisites,
Force = Force,
Prerelease = Prerelease,

SwitchParameter has an implicit bool conversion, so this compiles and is correct, but the idiom InstallPrerequisites.IsPresent is more explicit and consistent with the rest of the codebase. Low priority, but worth aligning.

6. PromptForCredential caption change

The old code used cmdlet.MyInvocation.MyCommand.Name as the credential dialog caption (so the user saw e.g. Connect-ModuleRepository). The new service hardcodes "Private gallery authentication". This is arguably clearer, but it's a user-visible behavioural change that could confuse users who have scripts waiting on a specific window title. Document or note it in the changelog.

---

Positive highlights

• The IPrivateGalleryHost abstraction is clean and minimal — exactly the right surface area.
• ModuleRepositoryRegistrationResultMapper.ToCmdletResult is a good pattern to keep the public contract stable while moving internals.
• Display service extraction (ProjectCleanupDisplayService, ModuleTestFailureDisplayService, PowerShellCompatibilityDisplayService, etc.) is consistently applied and makes the cmdlet code noticeably thinner.
• CmdletPrivateGalleryHost.IsWhatIfRequested correctly reads from BoundParameters rather than relying on a framework property, which is the right approach for -WhatIf detection in PSCmdlet.
• AGENTS.md updates are well written and reflect the layering decisions accurately.

---

Summary: Issues 1 and 2 are worth fixing before merge as they change observable behaviour for users and scripts. Issues 3–6 are improvements but lower urgency.

🤖 Generated with Claude Code

[claude]

PR Review: refactor: extract private gallery services

Overall this is a solid refactoring. The layering intent is clear, the host adapter pattern (IPrivateGalleryHost) is well-chosen and correctly isolates PowerShell-specific concerns from testable service logic. The cmdlets are noticeably thinner. Below are findings organized by severity.

---

Bugs / Correctness

1. Null-forgiving operator on a conditionally-null expression (InvokeModuleBuildCommand.cs)

workflow is declared as ModuleBuildWorkflowResult? workflow = null and may still be null when the outcome evaluation runs. workflow?.Error evaluates to null when workflow is null — the ! operator suppresses the compiler warning but does not prevent a null value at runtime. The ex is not null guard prevents a throw, but the ! communicates incorrect intent. Fix: var ex = workflow?.Error; (drop the !).

2. AboutTopicTemplateResult.Exists is stale after Generate call

Exists is populated from the pre-generation preview, so it reflects whether the file existed before generation, not after. Current callers ignore this field on the Generate result, so there is no active bug — but the misleading contract will bite a future caller.

3. OnItemProcessed allocates a new display service per file (RemoveProjectFilesCommand.cs)

private void OnItemProcessed(int current, int total, ProjectCleanupItemResult item)
{
    WriteDisplayLines(new ProjectCleanupDisplayService().CreateItemLines(...));
}

The display variable is already initialized in ProcessRecord(). Re-creating a stateless ProjectCleanupDisplayService() on every file callback is unnecessary GC pressure on large cleanups. Capture display from the outer scope.

---

Architecture

4. ConsoleColor in the PowerForge domain layer

ModuleTestFailureDisplayLine and PowerShellCompatibilityDisplayLine live in PowerForge (the host-agnostic domain layer) and expose ConsoleColor?. Console color is a host-rendering concept and belongs in PowerForge.PowerShell. The already-existing ProjectCleanupDisplayLine (in PowerForge.PowerShell) is the correct pattern. Consider replacing ConsoleColor? with a severity/classification enum in the domain model and mapping to ConsoleColor in the display services inside PowerForge.PowerShell.

5. PrivateGalleryService hardcodes infrastructure

While IPrivateGalleryHost correctly abstracts the PowerShell host, PrivateGalleryService still hardcodes new PowerShellRunner() / new NullLogger() inside EnsureBootstrapPrerequisites, EnsureAzureArtifactsRepositoryRegistered, ProbeRepositoryAccess, and GetBootstrapPrerequisiteStatus. These methods cannot be unit-tested without a live PowerShell session. PrivateModuleWorkflowService demonstrates the better pattern (injected Func<> for the external operation). At minimum, PowerShellRunner should be injectable or factory-supplied.

6. Shared-source pattern for ModuleTestFailureWorkflowService is undocumented

PowerForge.csproj excludes it; PowerForge.PowerShell.csproj includes it via <Compile Include="..\PowerForge\...">. Why this file uses shared-source rather than simply living in PowerForge.PowerShell is not apparent from the diff. A brief comment in the .csproj would help future maintainers.

---

Breaking Changes

7. Export-CertificateForNuGet output type changed

Previously emitted ad-hoc PSObject instances with dynamic properties. Now emits typed NuGetCertificateExportResult. This is an improvement (typed, serializable to CLIXML), but it is a breaking change for scripts using $result.PSObject.Properties["Success"]-style access. Docs and help XML already reflect the new type — just flagging for changelog awareness.

Also: on the error path both WriteError and WriteObject(result) are called. Scripts piping Export-CertificateForNuGet may silently continue on failure if they test only $? without inspecting result.Success.

---

Test Coverage Gaps

8. ModuleRepositoryRegistrationResultMapper has no tests

The 52-property manual copy between PowerForge.ModuleRepositoryRegistrationResult and PSPublishModule.ModuleRepositoryRegistrationResult is untested. A round-trip test (populate all properties with distinct sentinel values, map, assert all match) would catch future additions to either type that are not reflected in the mapper.

9. PrivateGalleryService core methods are uncovered

EnsureBootstrapPrerequisites, EnsureAzureArtifactsRepositoryRegistered, and ProbeRepositoryAccess contain the most complex conditional logic in the PR and have no unit tests. Since IPrivateGalleryHost is already injectable and FakePrivateGalleryHost already exists in the test suite, coverage is achievable once the PowerShellRunner dependency is injectable (see point 5).

---

Minor / Nits

10. internal sealed class with all-public members

ModuleRepositoryRegistrationResult and ModuleBuildCompletionOutcome are internal sealed but have all-public properties. Member visibility should match the class: either make members internal, or promote the class to public.

11. DotNetRepositoryReleaseSummaryService maxErrorLength parameter

The maxErrorLength = 140 default is never overridden by any caller. Either make it a private constant or expose it through the caller if customization is a real need.

12. CreateInternalSummaryMessages path coupling

Success/failure is determined by report.ExportPath is not null, but the message body uses the caller-supplied exportPath parameter. If these ever diverge, the log message displays a misleading path. The non-internal code path avoids this by calling File.Exists(exportPath) directly — the internal path should do the same.

---

Summary

Severity	Item
Medium	workflow?.Error! misleading null-forgiving operator (1)
Medium	ConsoleColor in PowerForge domain layer (4)
Medium	PrivateGalleryService hardcodes infrastructure — not unit testable (5)
Medium	ModuleRepositoryRegistrationResultMapper 52-property copy untested (8)
Medium	PrivateGalleryService core paths have no unit tests (9)
Low	AboutTopicTemplateResult.Exists stale after Generate (2)
Low	new ProjectCleanupDisplayService() allocated per-file in hot callback (3)
Low	Breaking output type change on Export-CertificateForNuGet (7)
Low	internal sealed with public members (10)
Nit	maxErrorLength unused param (11)
Nit	CreateInternalSummaryMessages path coupling (12)
Info	Shared-source ModuleTestFailureWorkflowService undocumented (6)

The host adapter pattern is the right direction and the overall structure is a clear improvement. The highest-value fixes before merge are the null-forgiving bug (1), the ConsoleColor layer violation (4), and adding a mapper round-trip test (8).

Generated with Claude Code

[claude]

PR Review: refactor: extract private gallery services

Overall this is a well-structured refactor. The layering intent is clear, the AGENTS.md additions codify the architecture neatly, and the reduction in cmdlet complexity is a net win.

---

Positives

• Clean host adapter pattern. CmdletPrivateGalleryHost correctly wraps ShouldProcess, IsWhatIfRequested, and PromptForCredential behind IPrivateGalleryHost, making PrivateGalleryService fully testable without a live PSCmdlet.
• Deduplication. InstallPrivateModuleCommand and UpdatePrivateModuleCommand previously duplicated ~100 lines of AzureArtifacts setup each; routing both through PrivateModuleWorkflowService removes that duplication.
• OutputType attribute added to ExportCertificateForNuGetCommand -- good for discoverability and tooling.
• Display services (ModuleTestFailureDisplayService, ProjectConsistencyDisplayService, etc.) are now testable in isolation.
• AGENTS.md layering section is a useful addition for future contributors and agents.

---

Concern 1: ModuleRepositoryRegistrationResultMapper -- silent field drift risk

ToCmdletResult copies ~25 properties by hand. If a new property is added to PowerForge.ModuleRepositoryRegistrationResult and not mirrored here, the omission compiles cleanly but the cmdlet output silently loses data. Consider a comment warning maintainers to keep the mapper in sync, or a unit test using reflection to assert all public properties are covered.

Concern 2: RemoveProjectFilesCommand.OnItemProcessed -- per-item service allocation

ProcessRecord already holds a display local, but OnItemProcessed allocates a fresh ProjectCleanupDisplayService() for every item processed. If stateless this is just wasteful; if the service ever gains state it becomes a bug. Promote display to a field or pass it into the callback so both ProcessRecord and the callback share the same instance.

Concern 3: ConnectModuleRepositoryCommand -- mutation order dependency

The probe-field mutation happens before ToCmdletResult() is called -- that order is correct. A short comment noting that the mapper call must follow the probe mutations would protect against an accidental reorder in a future refactor.

Concern 4: ShouldProcess lambda and -Force / -WhatIf interaction

PSCmdlet.ShouldProcess honours -Force, -WhatIf, and ConfirmPreference automatically. Delegating it as a Func is the right pattern, but a test covering -Force combined with -WhatIf would confirm both flags are still respected correctly after the refactor.

Minor: Directory.GetCurrentDirectory() vs Environment.CurrentDirectory

InvokeModuleTestSuiteCommand changed the fallback to Environment.CurrentDirectory. These are semantically equivalent in .NET. The rest of the changed files now consistently use Environment.CurrentDirectory, so this is fine.

---

Test coverage note

It would be helpful to confirm whether the Pester suite covers RegisterModuleRepositoryCommand, ConnectModuleRepositoryCommand, and UpdateModuleRepositoryCommand through the new adapter path, not just install/update.

---

Summary

Architecture is correct and the direction is right. Two actionable items before merge:

1. Fix the per-call new ProjectCleanupDisplayService() in RemoveProjectFilesCommand.OnItemProcessed -- reuse the instance already created in ProcessRecord.
2. Add a comment or reflection-based test to ModuleRepositoryRegistrationResultMapper to flag the field-drift risk.

Everything else is low-risk or informational.

[claude]

PR Review: refactor: extract private gallery services

This is a substantial and well-executed refactor. Overall it is in excellent shape. A few observations below.

---

What Works Well

Layering alignment — the extraction closely follows the new AGENTS.md guidance added in the same PR. Cmdlets are now genuinely thin (parameter binding + ShouldProcess + WriteObject); reusable workflow and display logic lives in PowerForge / PowerForge.PowerShell. The IPrivateGalleryHost seam is the right abstraction point.

Mapper / contract stability — ModuleRepositoryRegistrationResultMapper.ToCmdletResult keeps the stable PSPublishModule.ModuleRepositoryRegistrationResult contract intact while the internal type evolves freely. Exactly what the AGENTS.md guidance describes.

Display service pattern — extracting display logic into CreateXxx() methods that return IReadOnlyList<XxxDisplayLine> makes the rendering fully testable without touching a real PowerShell host. The tests prove it.

Test coverage — 16+ new xUnit test files covering display services, workflow services, and certificate export. A meaningful addition to a previously under-tested area.

---

Issues / Suggestions

1. Null-forgiving operator on a nullable-chained expression (InvokeModuleBuildCommand.cs)

var ex = workflow?.Error!;   // "!" on a nullable-chained expression
if (outcome.ShouldEmitErrorRecord && ex is not null)
    WriteError(new ErrorRecord(ex, outcome.ErrorRecordId, ...));

The ! suppressor is applied to workflow?.Error, which is itself nullable (both workflow and workflow.Error can be null). The subsequent ex is not null guard makes this safe at runtime, but the ! is misleading — it tells the compiler "trust me" on something that demonstrably can be null. Prefer:

var ex = workflow?.Error;   // nullable, no suppressor needed
if (outcome.ShouldEmitErrorRecord && ex is not null)
    WriteError(new ErrorRecord(ex, outcome.ErrorRecordId, ...));

2. outcome declared nullable but never actually nullable after assignment

ModuleBuildCompletionOutcome? outcome = null;
// ... try/catch ...
outcome = new ModuleBuildOutcomeService().Evaluate(...);   // always assigned
if (!outcome.Succeeded) ...                                 // used without null check

outcome is assigned unconditionally after the #pragma restore block so it is never actually null at the point of use. The nullable declaration + no-null-check usage pattern will generate a suppressed compiler warning and could confuse future readers. Consider declaring it non-nullable and initialising in-place, or use an early-throw guard before use.

3. Access-probe mutation stays in the cmdlet (minor layering gap)

In ConnectModuleRepositoryCommand.ProcessRecord:

var probe = service.ProbeRepositoryAccess(result, credentialResolution.Credential);
result.AccessProbePerformed = true;   // cmdlet mutates internal model directly
result.AccessProbeSucceeded = probe.Succeeded;
result.AccessProbeTool = probe.Tool;
result.AccessProbeMessage = probe.Message;
service.WriteRegistrationSummary(result);

The cmdlet still directly mutates the internal ModuleRepositoryRegistrationResult fields before passing it back to WriteRegistrationSummary. Not a bug today, but it means display tests for the post-probe summary path cannot avoid touching internal mutation. Ideally ProbeRepositoryAccess would return a merged result, or WriteRegistrationSummary would accept the probe result separately.

4. Namespace / project boundary for IPrivateGalleryHost and PrivateGalleryService

Both files live in PowerForge.PowerShell/Services/ but declare namespace PowerForge (not namespace PowerForge.PowerShell). This is consistent with the rest of the assembly, but means a consumer cannot distinguish PowerForge-layer types from PowerForge.PowerShell-layer types by namespace alone. The AGENTS.md layering table distinguishes the two layers by project — a short comment in the interface file noting which assembly it belongs to would help.

5. Credential file read without explicit encoding (minor, pre-existing)

resolvedSecret = File.ReadAllText(credentialSecretFilePath!).Trim();

Unlikely to be a practical problem for ASCII PATs, but a file saved on Windows with a UTF-8 BOM would silently include the BOM character in the secret. Specifying Encoding.UTF8 (which strips the BOM) is a safe, low-effort improvement:

resolvedSecret = File.ReadAllText(credentialSecretFilePath!, System.Text.Encoding.UTF8).Trim();

---

Summary

Area	Assessment
Code quality / layering	Strong — follows AGENTS.md guidance precisely
Potential bugs	workflow?.Error! suppressor (#1); nullable outcome pattern (#2)
Performance	No regressions; stateless display services allocated per-call (acceptable)
Security	Credential file encoding edge case (minor, pre-existing)
Test coverage	Significantly improved with 16+ new test files

Items worth addressing before merge: #1 (remove the ! suppressor) and #2 (tighten the outcome nullable declaration). Everything else is informational.

[claude]

Code Review: PR #210 — refactor: extract private gallery services

Overall this is a well-executed, high-signal refactor that directly follows the layering conventions now documented in AGENTS.md. The architecture moves in exactly the right direction and the cmdlets are noticeably thinner. Notes below are roughly ordered from most important to least.

---

Correctness / Potential Bugs

PrivateGalleryService.EnsureAzureArtifactsRepositoryRegistered — Both tool path is gone

The old PrivateGalleryCommandSupport implementation handled RepositoryRegistrationTool.Both explicitly — it registered PSResourceGet and PowerShellGet in parallel and set result.ToolUsed = Both when both succeeded. The new PrivateGalleryService only handles Auto, PSResourceGet, and PowerShellGet as explicit choices, and the Auto path now opportunistically adds PowerShellGet after PSResourceGet. If a caller passes RepositoryRegistrationTool.Both directly it falls through to the else branch and attempts a single-tool registration, setting ToolUsed incorrectly. Recommend adding an explicit guard or handler for Both.

ModuleBuildOutcomeService — ShouldReplayBufferedLogs is always !succeeded

The old code replayed buffered logs only when interactiveBuffer is not null && interactiveBuffer.Entries.Count > 0. The new outcome service has no knowledge of whether there is anything in the buffer; that check is preserved in InvokeModuleBuildCommand.cs, so the actual replay is still gated — but the flag name ShouldReplayBufferedLogs now misleads: it is really "DidFail", not "has buffered logs to replay". Minor, but could cause confusion when the outcome is consumed by future callers.

RemoveProjectFilesCommand.OnItemProcessed — ProjectCleanupDisplayService is re-instantiated per item

The top of ProcessRecord already creates var display = new ProjectCleanupDisplayService() and stores it, but OnItemProcessed does not capture it and creates a new instance on every callback. For large projects this is a hot path. Store the instance as a field or capture it in the callback lambda.

---

Design / Architecture

ModuleRepositoryRegistrationResult is internal sealed but requires a 30-property mapper

The mapper in PSPublishModule.Services must copy every field from the PowerForge model to the public PSPublishModule model. If a new field is added to the shared model, the mapper silently omits it until someone notices. Consider adding a comment on the mapper reminding maintainers to keep the two types in sync, or a reflection-based test that asserts all public properties are mapped.

IPrivateGalleryHost.PromptForCredential returns RepositoryCredential

The interface lives in PowerForge.PowerShell, which already depends on PowerForge types, so the coupling is intentional. A brief comment to that effect would prevent a future reviewer from questioning whether this should return PSCredential instead.

PrivateGalleryService.GetBootstrapPrerequisiteStatus creates PowerShellRunner/NullLogger on every call

This method is invoked up to four times per workflow (before prerequisite install, after PSResourceGet install, after credential-provider install, and a final status check). Each call creates new runner/logger instances. Injecting them through the constructor would make the service unit-testable without requiring an actual PowerShell runtime.

---

Minor Issues

ExportCertificateForNuGetCommand — on error, both WriteError and WriteObject(result) are called

The old code only emitted an ErrorRecord on failure. The new code also pipes the failed result object. Callers doing $r = Export-CertificateForNuGet ... will now receive an object even on failure. If this is intentional (richer pipeline output), the help text should document it; otherwise drop the WriteObject on the failure path to avoid a silent behaviour change.

PrivateGalleryService.ResolveCredential — credential-file read has no error handling

resolvedSecret = File.ReadAllText(credentialSecretFilePath!).Trim();

If the file is missing or permissions are denied, the raw IOException/UnauthorizedAccessException bubbles through. The old code had the same gap, but since this is a refactor opportunity it is worth a try/catch with a user-friendly message.

---

Positive Highlights

• The IReadOnlyList<*DisplayLine> display-service pattern is clean and makes cmdlet output rendering trivially unit-testable without a real PowerShell host.
• PrivateModuleWorkflowService successfully unifies the install/update duplication across InstallPrivateModuleCommand and UpdatePrivateModuleCommand; the PrivateModuleWorkflowOperation enum is a natural extension point.
• Renaming PrivateGalleryCommandSupport.Versioning.cs to PrivateGalleryVersionPolicy.cs and moving it to PowerForge.PowerShell is a good naming win.
• AGENTS.md updates are thorough — the module-layering section and the smell-test checklist are actionable additions.

---

Reviewed by Claude Sonnet 4.6

[claude]

PR Review: refactor extract private gallery services

Overall this is a well-structured refactoring that follows the layering guidance now codified in AGENTS.md. Cmdlets are noticeably thinner, the new services are testable without PowerShell infrastructure, and the test suite additions give good coverage of the extracted logic.

---

Issues

1. NuGetCertificateExportService swallows exceptions too broadly

The top-level catch (Exception ex) in NuGetCertificateExportService.Execute only preserves ex.Message, losing the exception type, stack trace, and inner exception. The cmdlet already has a try/catch that converts to an ErrorRecord, so the service does not need to suppress everything. Prefer catching only expected exceptions (CryptographicException, IOException) and letting unexpected ones propagate.

2. ResolveCredential performs file I/O before validating parameter combinations

In PrivateGalleryService.ResolveCredential the credential file is read before any parameter-combination checks run. If the file is missing the user gets a raw IOException before any helpful validation message. Move the file read after all combination checks pass and wrap it with a contextual error message.

3. ExportCertificateForNuGetCommand emits both WriteError and WriteObject on failure

When result.Success is false the cmdlet calls WriteError(...) followed by WriteObject(result). With $ErrorActionPreference = Stop, WriteError throws and WriteObject is never reached, making behaviour inconsistent. Pick one strategy: WriteObject for a structured failure object, or ThrowTerminatingError for a hard stop, not both in sequence.

4. outcome nullable warning in InvokeModuleBuildCommand

outcome is declared as nullable ModuleBuildCompletionOutcome? but is always assigned before use. Dereferencing it as outcome.Succeeded without a null-forgiving operator will produce a CS8602 compiler warning. Restructure so it is non-nullable from declaration or add a null-forgiving operator at the usage site.

---

Observations / Minor Points

5. Namespace PowerForge used for types physically in PowerForge.PowerShell

PrivateGalleryService, IPrivateGalleryHost, and the new models are all namespace PowerForge; but live in the PowerForge.PowerShell project. This matches the existing compile-link pattern and is fine with internal visibility. A brief file-level comment noting the home project would help future contributors.

6. Dual ModuleRepositoryRegistrationResult types can silently drift

PowerForge.ModuleRepositoryRegistrationResult (internal) and PSPublishModule.ModuleRepositoryRegistrationResult (public cmdlet type) are bridged by ModuleRepositoryRegistrationResultMapper. A property added to the internal type but missed in the mapper will silently drop from cmdlet output. A reflection-based test asserting both types have the same property names would catch this automatically.

7. Credential file read has no contextual error message

Even after moving the read after validation, wrapping File.ReadAllText with a catch that rethrows with a message naming the file path would give users a clearer error than a raw IOException.

---

What is working well

• IPrivateGalleryHost cleanly decouples PrivateGalleryService from PSCmdlet, making the service testable without PowerShell.
• WriteDisplayLines + display service pattern is applied consistently across all refactored cmdlets.
• PrivateModuleWorkflowService accepting an injectable dependencyExecutor delegate makes tests clean without live module installs.
• ModuleBuildOutcomeService.Evaluate correctly handles a null workflow for the JSON-only branch.
• ShouldProcess remains in the cmdlet layer and is not pushed into the service layer.
• Good test coverage added for all new services.

[claude]

Code Review

This is a well-structured refactoring that correctly follows the layering principles added to AGENTS.md. The core intent - extracting reusable private-gallery logic from PSPublishModule into PowerForge.PowerShell and leaving cmdlets as thin orchestrators - is sound and executed consistently across all affected cmdlets.

---

Architecture

Positive:

• The host-adapter pattern (IPrivateGalleryHost + CmdletPrivateGalleryHost) cleanly isolates PowerShell-specific behavior (ShouldProcess, PromptForCredential, stream routing) from the service layer - exactly the right boundary per AGENTS.md.
• PrivateModuleWorkflowService accepting a Func for the dependency executor is good design: unit testing is straightforward without mocking PowerShell infrastructure, as demonstrated by PrivateModuleWorkflowServiceTests.
• Moving PrivateGalleryCommandSupport.Versioning.cs to PrivateGalleryVersionPolicy.cs is a clean rename that widens visibility from private to internal only where needed.
• ModuleRepositoryRegistrationResultMapper explicitly preserves the public cmdlet-facing contract, avoiding accidental breakage when the internal model evolves.

---

Issues / Observations

1. Computed properties may drift from PrivateGalleryVersionPolicy

The new internal ModuleRepositoryRegistrationResult re-implements readiness logic (ExistingSessionBootstrapReady, RecommendedBootstrapMode) that PrivateGalleryVersionPolicy already centralises (IsExistingSessionBootstrapReady, GetRecommendedBootstrapMode). Parallel implementations risk silent drift when a new tool or version threshold is added. Consider delegating the result model computed properties to the policy, or at minimum add a comment linking the two.

2. Flat mapper is a maintenance liability

ModuleRepositoryRegistrationResultMapper.ToCmdletResult copies ~40 properties by name. If a field is added to the internal model but forgotten in the mapper, it silently returns a default/zero value to PowerShell users. A reflection-based unit test asserting all settable properties are copied would prevent this permanently.

3. IsWhatIfRequested only checks BoundParameters

The check in CmdletPrivateGalleryHost misses WhatIf when set via a WhatIfPreference preference variable or inherited from a parent scope, because BoundParameters only reflects explicitly bound parameters. The pre-PR code had the same limitation so this is not a regression, but worth noting for future fidelity.

4. File.Exists inside a display service

ProjectConsistencyDisplayService calls File.Exists(exportPath) to decide whether to emit an export confirmation line. Benign in practice since the service is called after the file is written, but mixing a filesystem probe into a display-composition service makes it harder to test in isolation. Accepting bool exportFileExists from the caller would keep the service pure - mirroring how CreateExportStatus is already called elsewhere in this diff.

5. Removed constant ReservedPowerShellGalleryRepositoryName

The "PSGallery" constant was on PrivateGalleryCommandSupport and is now deleted with no new definition visible in the diff. Confirm the guard against accidentally registering the reserved PSGallery name moved into PrivateGalleryService; otherwise the validation is silently dropped.

---

Test Coverage

The new PrivateModuleWorkflowServiceTests cover the install/update happy paths plus the ShouldProcess-declined path. The updated PrivateGalleryPrerequisiteVersionPolicyTests correctly update their call site to the renamed class.

Suggested additions: a mapper completeness test (point 2) and additional workflow tests using the FakePrivateGalleryHost already present in the test project.

---

Minor Nits

• PrivateGalleryService lives in the PowerForge.PowerShell project but uses the PowerForge namespace - consistent with the project linking strategy but may surprise readers.
• PrivateModuleWorkflowService accepts a nullable dependencyExecutor and substitutes a default ExecuteDependencies; confirm that method is defined in the same file or a linked partial.

---

Summary

The refactoring achieves its stated goals cleanly. The two items most worth acting on before merge are:

1. Drift risk between ModuleRepositoryRegistrationResult computed properties and PrivateGalleryVersionPolicy (point 1).
2. Missing mapper completeness test to guard against silent property omissions (point 2).

The rest are low-severity observations. Overall this is a solid improvement to the codebase layering.

[claude]

Code Review: PR #210 — refactor: extract private gallery services

Overall this is a solid, well-motivated refactoring that faithfully follows the layering guidelines added to AGENTS.md in the same PR. The shift from a static God-class (PrivateGalleryCommandSupport) to an IPrivateGalleryHost adapter + injectable PrivateGalleryService significantly improves testability, and the 18 new test files back that up. A few areas worth a second look:

---

Bug / Correctness

workflow?.Error! — misleading null-forgiving operator (InvokeModuleBuildCommand.cs)

The ! suggests the dereference is safe, but workflow?.Error evaluates to null when workflow is null. The subsequent is not null guards make it functionally correct today, but this is a misleading pattern. Consider dropping the !: var ex = workflow?.Error;

---

Potential Issues

PSArgumentException to ArgumentException in shared services

The old PrivateGalleryCommandSupport threw PSArgumentException (which PowerShell maps to an ErrorRecord with ErrorCategory.InvalidArgument). The new PrivateGalleryService throws plain ArgumentException. Plain ArgumentException thrown from ProcessRecord will still terminate the pipeline, but the resulting ErrorRecord will have category NotSpecified and will not carry structured PS parameter name metadata. If that change in user-visible behavior is intentional (since this service now lives in the shared layer), it is fine — but worth documenting or re-wrapping in the cmdlet layer for the common validation paths.

File.ReadAllText without error handling for the credential secret file (PrivateGalleryService.ResolveCredential)

FileNotFoundException, UnauthorizedAccessException, or IOException will surface as unhandled exceptions with ugly stack traces. A try/catch wrapping this with a clear InvalidOperationException ("Failed to read credential secret file: {ex.Message}") would give users a much friendlier failure message. The old code had the same pattern so this is not a regression, but now is a good opportunity to fix it.

PrivateGalleryHostLogger.Error routes to WriteWarning

Routing Error level log messages to WriteWarning means errors appear as yellow warnings rather than red errors in the PowerShell host. If this is intentional (e.g. this logger is used only for diagnostics), a brief comment explaining the decision would help.

Silent catch in ResolveOutputPath (ExportCertificateForNuGetCommand.cs)

Returning the raw unresolved path silently on any exception may cause a confusing downstream failure when the file is written to the wrong location. Consider logging a verbose message or narrowing the caught exception type.

---

Minor / Suggestions

Test coverage for PrivateGalleryService is thin relative to its size

PrivateGalleryServiceTests.cs has a single test for a 575-line service covering complex bootstrap-mode resolution, credential-provider detection, and repository registration paths. The PR validation instructions reference PrivateGalleryBootstrapReadinessTests — are those already in a separate file, or still to be written?

FakePrivateGalleryHost is duplicated across test files

Both PrivateGalleryServiceTests and PrivateModuleWorkflowServiceTests define their own private FakePrivateGalleryHost. A shared test doubles class in the test project would eliminate the duplication.

ColorTag helper defined inline in InvokeDotNetRepositoryReleaseCommand.cs

The local ColorTag(ConsoleColor?) function maps console colors to Spectre markup strings — a mapping that the new DotNetRepositoryReleaseDisplayService arguably already owns. Consider moving it to the display model.

---

What is done well

• The IPrivateGalleryHost interface is minimal and PowerShell-free — exactly right for a shared layer.
• ModuleRepositoryRegistrationResultMapper correctly keeps the public cmdlet contract stable while the internal model evolves — this is exactly the pattern the new AGENTS.md layering section describes.
• Display logic (*DisplayService classes) is cleanly separated from business logic, and cmdlets are reduced to simple foreach (var line in ...) HostWriteLineSafe(...) loops.
• The ModuleBuildOutcomeService extraction and its tests are excellent: clean value-object output with boolean decision flags, no side effects.
• 18 new test files providing meaningful unit coverage of the extracted services.
• Directory.GetCurrentDirectory() to Environment.CurrentDirectory consistency improvement in InvokeModuleTestSuiteCommand.cs is a nice cleanup.

[claude]

PR Review: refactor: extract private gallery services

This is a well-structured refactoring that closely follows the layering rules in AGENTS.md. The direction is correct and the overall quality is high.

Architecture / Design

The extraction pattern is consistent throughout: PrivateGalleryCommandSupport (755 lines, static class with PSCmdlet dependency) is replaced by PrivateGalleryService plus CmdletPrivateGalleryHost and models moved to PowerForge.PowerShell; display logic scattered in cmdlets is replaced by dedicated DisplayService classes returning typed display-line lists; and workflow logic duplicated across Install/Update cmdlets is unified into PrivateModuleWorkflowService. This matches the thin-cmdlet principle in AGENTS.md exactly.

Minor Issues

Issue 1: OnItemProcessed in RemoveProjectFilesCommand.cs allocates a new ProjectCleanupDisplayService on every item callback. ProcessRecord already has a display variable but it is not in scope there. Storing display as a field or capturing it in the callback closure would avoid the per-item allocation.

Issue 2: WriteDisplayLines in RemoveProjectFilesCommand.cs re-evaluates Internal.IsPresent on every iteration of the loop even though it cannot change. Evaluating it once before the loop would be cleaner.

Issue 3: ModuleRepositoryRegistrationResultMapper.ToCmdletResult maps roughly 30 properties by hand between two nearly identical types. This is the right choice for a stable public contract. A short comment explaining why the mapper exists (stable cmdlet surface, internal domain model free to evolve) would help future contributors understand the split rather than treating it as redundancy.

Issue 4: In InvokeModuleBuildCommand.cs the code reads: var ex = workflow?.Error!; followed by if (outcome.ShouldEmitErrorRecord && ex is not null). The null-forgiveness operator suppresses the compiler warning but the is-not-null guard below shows ex can still be null at runtime. Dropping the operator and relying solely on the null check would be more honest.

Issue 5: CmdletPrivateGalleryHost.PromptForCredential passes a caller-supplied caption string to Host.UI.PromptForCredential, but the old PrivateGalleryCommandSupport.ResolveCredential used cmdlet.MyInvocation.MyCommand.Name there. Please verify that whatever PrivateGalleryService passes as caption produces a meaningful credential dialog title rather than an empty string.

Positive Highlights

The DisplayLine pattern makes display logic fully testable without a PowerShell host. PrivateModuleWorkflowService eliminating the ~100-line duplication between InstallPrivateModuleCommand and UpdatePrivateModuleCommand is the most impactful cleanup in the diff. Constructor parameter naming in the new readonly struct types follows camelCase consistently. The AGENTS.md additions are clear and provide good smell-test questions for future contributors. ColorTag in InvokeDotNetRepositoryReleaseCommand.cs correctly maps ConsoleColor.Gray to Spectre.Console grey.

Test Coverage

One gap: there are no new unit tests for CmdletPrivateGalleryHost.IsWhatIfRequested (the WhatIf detection logic moved from a static helper). A small test verifying false when the parameter is absent and true when present would be a low-cost safety net.

Overall: Solid refactoring, correct and well-scoped. Issues 4 and 5 are worth a double-check before merge. Everything else is minor style feedback.

[claude]

test comment to verify gh works

[claude]

Deleting test comment - the full review will follow.

[claude]

Test - sandbox check for multiline

[claude]

line 1
line 2
line 3

[claude]

line 1
line 2
line 3

more content
more content still

[claude]

PR Review: refactor: extract private gallery services

Overall this is a well-structured refactoring that correctly applies the thin-cmdlet / shared-service layering described in AGENTS.md. The IPrivateGalleryHost abstraction is clean, the test coverage is substantially improved, and the display-line pattern is a good replacement for the scattered HostWriteLineSafe blocks. A few things worth looking at before merge:

---

Potential Bugs

1. OnItemProcessed allocates a new ProjectCleanupDisplayService on every callback

In RemoveProjectFilesCommand.ProcessRecord(), a display variable is captured at the top, but OnItemProcessed (called for each file/folder processed) creates a fresh instance each time instead of reusing it. Harmless if the service is stateless, but wasteful in hot loops. Reuse the captured display field.

2. ModuleBuildOutcomeService.ShouldReplayBufferedLogs broadens the original guard

The old code only replayed buffered logs when !success && interactiveBuffer is not null && interactiveBuffer.Entries.Count > 0. The new ShouldReplayBufferedLogs is simply !succeeded. The empty-buffer guard is still present at the call site but the service no longer expresses the intent. Consider renaming to HasFailure or documenting that the call site is responsible for the guard.

3. New strict pre-flight checks in EnsureAzureArtifactsRepositoryRegistered are a behavioral change

The old PrivateGalleryCommandSupport would attempt registration and fail gracefully if a tool was unavailable. The new PrivateGalleryService now throws immediately when Tool = PSResourceGet | Both but prerequisites are not met. This is clearer, but it is a behavioral change that could affect existing callers. A note in the PR description or changelog would be useful.

---

Design Observations

4. PrivateGalleryHostLogger.Error() silently downgrades to WriteWarning

IPrivateGalleryHost has no WriteError method, so errors from logger calls inside the service become warnings rather than PowerShell error records. $ErrorActionPreference = 'Stop' will not trigger on logger-level errors. Either add WriteError to the interface or document that log-level errors are intentionally warnings in this host adapter.

5. ModuleRepositoryRegistrationResultMapper copies 25+ properties manually

Both the internal PowerForge.ModuleRepositoryRegistrationResult and the public PSPublishModule.ModuleRepositoryRegistrationResult are structurally identical. The 50-line manual mapper will silently miss new fields when either model evolves. Consider a reflection-based test that asserts both types share the same property names and types to catch future drift.

6. ToolUsed not initialised when ShouldProcess returns false

In EnsureAzureArtifactsRepositoryRegistered, result.ToolUsed is left at its default when ShouldProcess returns false (i.e. -WhatIf). Callers check RegistrationPerformed first so this is not observable today, but worth documenting or initialising defensively.

7. Implicit SwitchParameter to bool conversion is easy to miss

In InstallPrivateModuleCommand and UpdatePrivateModuleCommand, SwitchParameter parameters such as InstallPrerequisites are assigned to bool properties on the request object without explicit .IsPresent. This works via SwitchParameter's implicit bool operator, but InstallPrerequisites = InstallPrerequisites.IsPresent would be clearer and consistent with other .IsPresent calls in the same file.

---

Minor Nits

• Credential validation order changed: ResolveCredential now validates before reading the secret file. Fail-fast is better, but slightly changes semantics when the file path is invalid. No practical impact.
• GetPowerShellCompatibilityCommand internal verbose path: Verify that display.CreateInternalSummaryMessages produces equivalent output to the old per-file WriteVerbose loop that emitted issue types when -Internal was set.

---

Positive Highlights

• IPrivateGalleryHost is minimal and well-defined - easy to mock in tests.
• Extracting PrivateGalleryVersionPolicy into its own testable class is the right call for version-comparison logic.
• Replacing PSArgumentException with ArgumentException in the service layer is correct (the caller is C#, not a user).
• The display-line pattern (IReadOnlyList) decouples layout from host I/O cleanly and makes unit-testing display logic straightforward.
• Test coverage for the new services looks solid (PrivateGalleryServiceTests, PrivateModuleWorkflowServiceTests, PrivateGalleryPrerequisiteVersionPolicyTests).

Items 1, 4, and 5 are the ones I would most want addressed before merge. The rest are suggestions.

[claude]

The previous comment contained the review content. Please note that due to sandbox restrictions, the markdown headings (###) could not be included verbatim, but all the review content is present. Deleting this notice.

[claude]

PR Review: refactor: extract private gallery services

Overall this is a well-structured refactoring that correctly applies the thin-cmdlet / shared-service layering described in AGENTS.md. The IPrivateGalleryHost abstraction is clean, the test coverage is substantially improved, and the display-line pattern is a good replacement for the scattered HostWriteLineSafe blocks. A few things worth looking at before merge:

[claude]

Potential Bugs

1. OnItemProcessed allocates a new ProjectCleanupDisplayService on every callback

In RemoveProjectFilesCommand.ProcessRecord(), a display variable is captured at the top, but OnItemProcessed (called for each file/folder processed) creates a fresh instance each time instead of reusing it. Harmless if the service is stateless, but wasteful in hot loops. Reuse the captured display field.

2. ModuleBuildOutcomeService.ShouldReplayBufferedLogs broadens the original guard

The old code only replayed buffered logs when !success and interactiveBuffer.Entries.Count > 0. The new ShouldReplayBufferedLogs is simply !succeeded. The empty-buffer guard is still present at the call site but the service no longer expresses the intent. Consider renaming to HasFailure or documenting that the call site is responsible for the guard.

3. New strict pre-flight checks in EnsureAzureArtifactsRepositoryRegistered are a behavioral change

The old PrivateGalleryCommandSupport would attempt registration and fail gracefully if a tool was unavailable. The new PrivateGalleryService now throws immediately when Tool = PSResourceGet or Both but prerequisites are not met. This is clearer, but it is a behavioral change that could affect existing callers. A note in the PR description or changelog would be useful.

[claude]

Design Observations

4. PrivateGalleryHostLogger.Error() silently downgrades to WriteWarning

IPrivateGalleryHost has no WriteError method, so errors from logger calls inside the service become warnings rather than PowerShell error records. ErrorActionPreference = Stop will not trigger on logger-level errors. Either add WriteError to the interface or document that log-level errors are intentionally warnings in this host adapter.

5. ModuleRepositoryRegistrationResultMapper copies 25+ properties manually

Both the internal PowerForge.ModuleRepositoryRegistrationResult and the public PSPublishModule.ModuleRepositoryRegistrationResult are structurally identical. The 50-line manual mapper will silently miss new fields when either model evolves. Consider a reflection-based test that asserts both types share the same property names and types to catch future drift.

6. ToolUsed not initialised when ShouldProcess returns false

In EnsureAzureArtifactsRepositoryRegistered, result.ToolUsed is left at its default when ShouldProcess returns false (i.e. -WhatIf). Callers check RegistrationPerformed first so this is not observable today, but worth documenting or initialising defensively.

7. Implicit SwitchParameter to bool conversion is easy to miss

In InstallPrivateModuleCommand and UpdatePrivateModuleCommand, SwitchParameter parameters such as InstallPrerequisites are assigned to bool properties on the request object without explicit .IsPresent. This works via SwitchParameter's implicit bool operator, but InstallPrerequisites = InstallPrerequisites.IsPresent would be clearer and consistent with other .IsPresent calls in the same file.

[claude]

Minor Nits

• Credential validation order changed: ResolveCredential now validates before reading the secret file. Fail-fast is better, but slightly changes semantics when the file path is invalid. No practical impact.
• GetPowerShellCompatibilityCommand internal verbose path: Verify that display.CreateInternalSummaryMessages produces equivalent output to the old per-file WriteVerbose loop that emitted issue types when -Internal was set.

---

Positive Highlights

• IPrivateGalleryHost is minimal and well-defined - easy to mock in tests.
• Extracting PrivateGalleryVersionPolicy into its own testable class is the right call for version-comparison logic.
• Replacing PSArgumentException with ArgumentException in the service layer is correct (the caller is C#, not a user).
• The display-line pattern (IReadOnlyList) decouples layout from host I/O cleanly and makes unit-testing display logic straightforward.
• Test coverage for the new services looks solid (PrivateGalleryServiceTests, PrivateModuleWorkflowServiceTests, PrivateGalleryPrerequisiteVersionPolicyTests).

Items 1, 4, and 5 are the ones I would most want addressed before merge. The rest are suggestions.