Skip to content

feat(registry): beta enablement + interactive wizards + active-profile fix#49

Merged
hi-lei merged 3 commits into
mainfrom
fix/registry-beta-ux
Jun 2, 2026
Merged

feat(registry): beta enablement + interactive wizards + active-profile fix#49
hi-lei merged 3 commits into
mainfrom
fix/registry-beta-ux

Conversation

@hi-lei
Copy link
Copy Markdown
Collaborator

@hi-lei hi-lei commented Jun 2, 2026

Summary

Promotes the verda registry command tree from an env-gated pre-release to beta, and brings every subcommand's TUI in line with the s3 command's interactive design. Driven by hands-on testing against a live VCR project — including diagnosing the credential permission model (robot creds can list repos + Docker v2 tags but are often denied Harbor's artifacts API).

What changed

Enablement & profiles

  • Remove the VERDA_REGISTRY_ENABLED gate — registry registers unconditionally and shows registry (beta) in verda --help via the shared cmdutil.TagAnnotation.
  • Active-profile resolution (resolveProfile: explicit --profile > VERDA_PROFILE/auth.profile > default) across all subcommands, so reads follow verda auth use like the rest of the CLI. Fixes the reported registry_credential_expired where configure wrote to the active profile but reads hardcoded default. --profile now defaults to "".

Interactive wizards (aligned with s3)

  • configure: profile picker + a manual credential-name + secret entry path (endpoint derived from vcr-{project_id}+name) alongside the docker-login paste path; wires --docker-config; overwrite-confirm guard when a profile already holds creds; trimmed Long help.
  • ls: action-menu drill-down (Get pull URL / Delete image(s)) with a filterable tag picker that prints the copy-pasteable pull reference; falls back to the Docker v2 tag list when Harbor's artifacts API returns access_denied; graceful access-denied handling instead of an error loop.
  • tags: interactive filterable tag picker on a TTY (table when piped / -o json); bare tags returns a friendly error pointing to tags <repo> / ls.
  • copy: interactive wizard (source → access → scope → destination → confirm) modeled on s3 cp, running the same pipeline as the flag path on confirm.
  • push: no-daemon fallback wizard (source type → path → repo/tag) instead of dead-ending with a JSON error.
  • delete: exits cleanly on access_denied instead of looping.
  • Rename loginconfigure-docker (alias login retained) for clarity.

Bug fixes

  • Interactive pickers use cmd.Context() rather than the short per-request --timeout, so prompts no longer get canceled mid-input.
  • --src-auth basic validates --src-username before reading stdin, so a one-shot piped secret isn't drained on the error path.

Testing

  • make test (go test + golangci-lint) green; pre-commit hooks (gofmt/goimports/golangci-lint/unit tests) pass.
  • Two adversarial review passes (/code-review, adversarial-branch-reviewer, Codex) — confirmed findings fixed.

Notes

  • Internal CLAUDE.md doc updates are intentionally excluded from this commit (kept local); the user-facing registry/README.md is included.

🤖 Generated with Claude Code

hi-lei and others added 3 commits June 2, 2026 18:26
@hi-lei @claude
feat(registry): beta enablement, active-profile resolution, interacti…
5cbf696 
…ve wizards

Promote the registry command tree from env-gated pre-release to beta:

- Remove the VERDA_REGISTRY_ENABLED gate; register unconditionally and mark
  "(beta)" in `verda --help` via the shared cmdutil.TagAnnotation.
- Resolve the active profile (resolveProfile: explicit --profile >
  VERDA_PROFILE/auth.profile > "default") across all subcommands, so reads
  follow `verda auth use` like the rest of the CLI; --profile defaults to "".
- configure: wizard profile picker + manual name/secret entry, wired
  --docker-config, overwrite-confirm guard, trimmed help.
- ls: action-menu drill-down (Get pull URL / Delete) with a filterable tag
  picker; falls back to the Docker v2 tag list when Harbor's artifacts API is
  denied; graceful access-denied handling.
- tags: interactive tag picker on a TTY (table when piped / -o json); bare
  `tags` points to `ls`.
- copy: interactive wizard (source/access/scope/destination/confirm).
- push: no-daemon fallback (source type -> path -> repo/tag) instead of erroring.
- delete: exit cleanly on access_denied instead of looping.
- Rename `login` -> `configure-docker` (alias `login`).

Fixes: interactive pickers use cmd.Context() not the per-request timeout (no
mid-prompt cancel); --src-auth basic validates --src-username before reading
stdin (no lost one-shot secret).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@hi-lei
update claude.md
dd3e059
@hi-lei @claude
test(registry): annotate G304 gosec false positive in configure_test
7b26b7e 
The docker-config read is from the test's own temp dir; same //nolint:gosec
pattern already used in s3/browse_test.go. Fixes the gosec CI job
(golangci-lint --no-config --default=none -E gosec ./...).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@hi-lei hi-lei merged commit 42a5d2d into main Jun 2, 2026
12 checks passed
@hi-lei hi-lei deleted the fix/registry-beta-ux branch June 2, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hi-lei