fledge 0.15.2

Dev-lifecycle CLI — scaffolding, tasks, lanes, plugins, and more.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

---
spec: trust.spec.md
---

## Test Plan

### Unit Tests

Located in `src/trust.rs` under `#[cfg(test)] mod tests`:

- `official_shorthand``CorvidLabs/repo` classifies as `Official`
- `official_full_url``https://github.com/CorvidLabs/repo` classifies as `Official`
- `official_ssh_url``git@github.com:CorvidLabs/repo.git` classifies as `Official`
- `official_with_ref``CorvidLabs/repo@v1.0.0` classifies as `Official` (ref stripped before classification)
- `official_case_insensitive` — lowercase `corvidlabs/repo` classifies as `Official`
- `unverified_third_party``someuser/repo` classifies as `Unverified`
- `unverified_full_url``https://github.com/someuser/repo` classifies as `Unverified`
- `owner_based_official``determine_trust_tier_from_owner("CorvidLabs")` returns `Official`
- `owner_based_unverified``determine_trust_tier_from_owner("someuser")` returns `Unverified`
- `parse_source_ref_with_tag` — splits `someone/repo@v1.2.0` into `("someone/repo", Some("v1.2.0"))`
- `parse_source_ref_without_tag` — leaves `someone/repo` unsplit, ref `None`
- `parse_source_ref_full_url_with_tag` — splits `https://github.com/…/repo.git@v2.0.0` correctly
- `parse_source_ref_credential_url_no_split` — credential URL `https://user:token@github.com/…` does NOT split on credential `@`
- `labels``label()` returns `"official"`, `"community"`, `"unverified"`

### Integration Tests

Trust classification is exercised end-to-end through the consuming modules:

- `plugin list` / `plugin audit` — trust tier appears in output for each installed plugin (`tests/cli.rs` plugin tests)
- `search` / `lane search` — tier badge appears next to each discovered template/lane
- `init` — official template vs unverified template paths

No dedicated integration test file for `trust` itself — the API surface is pure functions over strings and is covered comprehensively by unit tests.

### Manual Testing

```bash
# Install from an official source and verify badge
fledge plugins install CorvidLabs/fledge-plugin-example
fledge plugins list          # expect green [official]
fledge plugins audit         # expect [official] in audit output

# Install from an unverified source
fledge plugins install someuser/fledge-plugin-example
fledge plugins list          # expect yellow [unverified]

# Search shows tier per result
fledge plugins search deploy
fledge search rust           # templates also show tier

# JSON output uses lowercase labels
fledge plugins list --json | jq '.[].trust_tier'
# -> "official" / "unverified"
```

### Regression Watch

- Adding a new consumer module: make sure it uses `determine_trust_tier` rather than re-implementing org matching
- Any change to `OFFICIAL_ORGS` or URL parsing logic must be covered by a new unit test before shipping
- Credential URL handling (`parse_source_ref_credential_url_no_split`) is the subtlest case — never remove that test without an explicit replacement