stacklok / toolhive / 22954653034

coverage: 64.088% (+0.1%) from 63.963%
22954653034

push

github

web-flow 
Add gitresolver package for git:// skill references (#4051)

* Add gitresolver package for git:// skill references

Introduces pkg/skills/gitresolver with URL parsing, clone resolution,
host-scoped auth, and secure file writing for git-based skill install.
This is the foundation package — skillsvc integration follows in the
next PR.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address review feedback and harden gitresolver

Fixes all review comments from PR #4051:

- BUG-1: Detect semver-like refs (v1.0.0) and use Tag field instead of
  Branch to fix tag-based clones
- DUP-1/DUP-2: Reuse exported ValidatePathNoSymlinks, DirPermissions,
  and FilePermissionMask from pkg/skills/installer.go
- DUP-3: Reuse pkg/networking.IsPrivateIP and IsLocalhost for SSRF
  validation instead of reimplementing
- NEW-1: Move HeadCommitHash to Client interface for mockability
- NEW-3: Remove redundant filepath.Clean in writer.go
- NEW-5: Add debug log when fallback GIT_TOKEN is used for non-standard
  hosts
- NEW-6: Replace network-dependent context cancellation test with a
  blocking mock client
- MINOR-1: Fix isHex("") returning true
- Coverage: Add tests for tag refs, commit refs, branch refs, semver
  detection, and isHex edge cases

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Address code review findings from reviewer agent

- Anchor semver regex and require at least one dot (v1.0, not v1) to
  prevent misclassifying branch names like v1-beta-branch as tags
- Document DNS rebinding limitation in validateHost
- Add HeadCommitHash unit tests for nil inputs and valid repos
- Clarify collectFiles vs WriteFiles directory handling consistency
- Add regression tests for branch-like refs with v-prefix

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Consolidate file-writing logic and use atomic writes

The containment-check + write loop in gitresolver/writer.go was
near-identical to installer.go. Extract a shared WriteContainedFile
h... (continued)

281 of 328 new or added lines in 8 files covered. (85.67%)

11 existing lines in 5 files now uncovered.

48009 of 74911 relevant lines covered (64.09%)

73.72 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.79
/pkg/transport/proxy/httpsse/http_proxy.go


Source Not Available