Skip to content

Add Team Assign extension to community catalog#2642

Merged
mnriem merged 1 commit into
github:mainfrom
mnriem:add-team-assign-extension
May 20, 2026
Merged

Add Team Assign extension to community catalog#2642
mnriem merged 1 commit into
github:mainfrom
mnriem:add-team-assign-extension

Conversation

@mnriem

@mnriem mnriem commented May 20, 2026

Copy link
Copy Markdown
Collaborator

Summary

Add the Team Assign community extension submitted by @tarunkumarbhati in #2597.

Validation

  • ✅ Repository is public: https://github.com/tarunkumarbhati/spec-kit-team-assign
  • extension.yml manifest present
  • README.md present
  • LICENSE file present (MIT)
  • ✅ Tag v1.0.0 exists; download URL follows archive/refs/tags/v1.0.0.zip pattern
  • ✅ Extension ID team-assign matches ^[a-z][a-z0-9-]*$
  • ✅ Version 1.0.0 follows semver
  • ✅ All submission checklists checked in issue
  • ✅ 3 command files present (team-setup.md, team-assign.md, team-board.md)

Changes

  • extensions/catalog.community.json — added team-assign entry in alphabetical order (after sync), updated top-level updated_at
  • docs/community/extensions.md — added table row in alphabetical order (after "Superpowers Bridge (WangX0111)")

Closes #2597

cc @tarunkumarbhati

Copilot AI review requested due to automatic review settings May 20, 2026 10:57
Add team-assign extension submitted by @tarunkumarbhati to:
- extensions/catalog.community.json (alphabetical order)
- docs/community/extensions.md community extensions table

Closes github#2597
@mnriem mnriem force-pushed the add-team-assign-extension branch from 8ca14cf to 4ba9693 Compare May 20, 2026 11:00
@mnriem mnriem requested review from Copilot and removed request for Copilot May 20, 2026 11:01

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the community extension catalog/documentation to include the new Team Assign extension, and (separately) introduces security hardening + regression tests for specify extension add --from to prevent path traversal/symlink/TOCTOU file write/delete escapes.

Changes:

  • Add team-assign to extensions/catalog.community.json and add a corresponding row to docs/community/extensions.md.
  • Add path traversal / symlink / ancestor-escape / TOCTOU defenses to the --from download-cache handling in src/specify_cli/__init__.py.
  • Add a new pytest suite validating the new guard behavior.
Show a summary per file
File Description
extensions/catalog.community.json Adds team-assign entry and bumps catalog updated_at.
docs/community/extensions.md Adds “Team Assign” to the community extensions table.
src/specify_cli/__init__.py Adds safe cache validation + symlink-safe open/unlink for URL-installed extension ZIPs.
tests/test_extension_add_path_traversal.py New regression tests for path traversal, symlinked cache, ancestor escape, and TOCTOU scenarios.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot's findings

  • Files reviewed: 2/2 changed files
  • Comments generated: 0 new

@mnriem mnriem merged commit 975498e into github:main May 20, 2026
11 checks passed
@mnriem

mnriem commented May 20, 2026

Copy link
Copy Markdown
Collaborator Author

Thank you!

@mnriem mnriem deleted the add-team-assign-extension branch May 21, 2026 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Extension]: Add Team Assign

2 participants