Release infrastructure:
* .forgejo/workflows/release.yml: on v* tags, builds darwin-aarch64,
darwin-x86_64, linux-x86_64 tarballs, computes SHA256SUMS, uploads to
the Forgejo release, and writes a ready-to-commit fj.rb formula.
* dist/homebrew/fj.rb.tmpl + scripts/render-homebrew-formula.sh for
local rendering. Publishes into rasterandstate/homebrew-tap.
Issue + PR templates:
* .forgejo/issue_template/{bug,feature,api-gap}.md so triage isn't
guessing at the user's environment.
* .forgejo/pull_request_template.md with a fmt/clippy/test checklist
and a "what to update" surface-changes section.
README demo scaffolding:
* scripts/record-demo.sh drives asciinema through a representative
~30s session covering --version, repo view (auto-detect), issue/pr
list, api, --json-fields, browse.
* README has a commented-out asciicast embed waiting for the v0.1.0
recording.
Compatibility:
* docs/compatibility.md: tested Forgejo versions, caveats for older
Gitea (≤1.19), Forgejo-only endpoints we expose.
* `fj auth login` now probes /api/v1/version once and warns to stderr
when the server reports a pre-7.x version. Parser is pure-fn tested
(modern, old, unparseable cases).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Cargo.toml has always declared `license = "MIT"`, but the repo root was
missing the actual file. Required by most consumers (Homebrew, distros,
crates.io if we ever publish).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* README: new commands (milestone, search code, watch/star, edit-comment,
request-review) and the `--json-fields` / `--no-pager` globals.
* CLAUDE.md: layout includes json_filter and .forgejo/workflows; test
count updated to 75; HTTP retry, JSON projection, pager-on-Unix
conventions documented; setup-git hostname-validation invariant
called out; auth token TTY guard noted.
* docs/architecture.md: HTTP retry section now covers 429 / Retry-After
and Request::try_clone; new JSON projection section explains the
global --json-fields flow; test strategy mentions remote CI and
ignored env-mutating tests.
* docs/README.md: link to SECURITY.md and CHANGELOG.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bugs:
* Shell injection in `fj auth setup-git`: the hostname is now validated
against a strict DNS pattern and `git config` is invoked directly
(no `sh -c`). Added 4 unit tests covering shell metacharacters.
* Pager won't compile on Windows: the libc-based dup2 redirect lives
behind `#[cfg(unix)]`. Non-Unix gets a no-op stub.
Agent-focused Forgejo API gaps:
* `fj issue edit-comment ID` / `delete-comment ID`. Fix a wrong comment
after the fact (an agent's bread-and-butter).
* `fj search code "..." [-R owner/name]`. The most-requested missing
search dimension for codebase exploration.
* `fj pr request-review N user1 user2`, `unrequest-review N user`.
Distinct from `pr review` (your own approval/changes/comment).
* `fj repo watch / unwatch / star / unstar / starred`. Mark repos for
monitoring.
* `fj milestone {list,view,create,edit,close,reopen,delete,assign}`
with `assign N --milestone ID|none` to attach an issue/PR.
UX + stability:
* Global `--json-fields foo,bar` projection on top of any `--json`
output, gh-style. Dotted-path support (`--json-fields owner.login`).
* 429 / Retry-After honored in the retry loop with a 30 s cap.
* Clap `suggestions` feature for typo'd subcommands.
* `fj auth token` and `auth status --show-token` refuse to write to a
TTY by default (`--force` to override).
CI:
* `.forgejo/workflows/ci.yml` runs fmt/clippy/test/release-build on
every push and PR, mirroring the local pre-push hook.
Docs:
* `SECURITY.md` with threat model and known sharp edges.
* `docs/gh-to-fj.md` full command-by-command mapping.
* `docs/faq.md` covering tokens, hosts, debug, scripting, plugins.
Tests: 60 → 75 passing (2 ignored: editor and env-mutating tests that
fight the cargo test harness on macOS).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stability:
* `cli::run` now races command futures against `tokio::signal::ctrl_c()`.
On SIGINT the command future is dropped, which propagates to the
PagerGuard's Drop and restores stdout cleanly.
* Removed the unsafe `std::env::set_var("FJ_NO_PAGER")` in dispatch.
`--no-pager` is now threaded into `pager::maybe_start(force_disabled)`
as a parameter, no process-wide side effect.
* Replaced the panicking `.expect("token contains invalid header chars")`
in `auth_headers` with a typed error that names the host and tells the
user how to recover.
* Added 9 wiremock-backed integration tests covering: auth header
injection, retry-on-5xx for idempotent methods, no-retry for POST,
401 mapping to friendly error, custom header pass-through, null-body
list tolerance, `get_all` following Link rel=next, total_limit honored
on early break, malformed token rejection.
Optimization:
* Dropped unused reqwest features (stream, brotli) and unused crates
(indicatif, futures-util, is-terminal, textwrap, tempfile).
* `panic = "abort"` and `lto = "fat"` on the release profile.
* HTTP retry loop now builds the request once and uses
`reqwest::Request::try_clone` per attempt instead of rebuilding the
RequestBuilder (eliminates per-attempt HeaderMap + URL clones).
* Pulled debug-mode request logging behind a `#[cold]` helper so the
hot path stays small.
Binary: 5.94 MB → 4.15 MB stripped (-30%).
Tests: 51 → 60 (9 new integration tests).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* New `output::pager` module spawns `$FJ_PAGER` / `$PAGER` / `less -FRX`
when stdout is a TTY and dup2's our stdout onto its stdin. The
`PagerGuard` restores the original stdout and waits on the child on
drop so all output flushes before exit.
* Wired into the top-level dispatch: list/view/diff/api/search/status
output is now paged automatically. Short output passes through via
`less -F`. Global `--no-pager` flag and `FJ_NO_PAGER` env opt out.
* libc 0.2 added as a small dep (needed for dup/dup2/close).
* Pre-push hook now drains and closes stdin at the top, then runs every
step with `</dev/null`. Previously a test or build could in principle
inherit git push's stdin (the list of refs being pushed) and block
if it ever tried to read it. Adds CARGO_TERM_PROGRESS_WHEN=never so
the progress bar doesn't muddle non-TTY runs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* `fj repo branches`, `repo topics`, `repo edit`, `repo fork`, `repo sync`,
`repo archive`, `repo unarchive`, `repo mirror-sync` previously took only
a positional `repo` argument and rejected `-R/--repo`. Now they accept
both, with `-R` winning when both are given.
* Forgejo returns `null` for `labels`/`assignees` on issues and PRs when
empty. The Issue/Pull structs hit `expected a sequence` on every issue
create. Added a `deserialize_null_to_default` helper on the affected
fields so null is now coerced to an empty Vec.
* `get_page` similarly bailed when a list endpoint returned a bare `null`
body. Now treats null and empty body as `[]`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* `fj repo mirror <url>` does a full migrate (pull-mirror with `--mirror`,
one-shot import otherwise). `fj repo mirror-sync` triggers a refresh on
an existing pull-mirror.
* List endpoints transparently follow `Link: rel=next` when the caller
asks for more than the 50-per-page API cap. So `fj pr list -L 200`
or `fj issue list -L 100` now Just Works without manual paging.
* HTTP client retries idempotent requests (GET/HEAD/OPTIONS/PUT/DELETE)
up to 3 times with exponential backoff (200/400/800 ms) on transport
errors and 5xx responses. POST and PATCH are never retried.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* `fj auth token` prints the stored token for scripting.
* `fj auth refresh` re-verifies (or replaces) the stored token.
* `fj auth setup-git` installs a git credential helper that delegates
password lookup to `fj auth token`.
* New top-level `fj protect` group: list / view / set / delete branch
protection rules.
* New top-level `fj hook` group: webhook CRUD + test delivery.
* Global `--debug` (`FJ_DEBUG`) flag dumps every HTTP request fj makes
to stderr (method, URL, query, body preview, status).
* `fj man -o ./man` generates `clap_mangen` pages for fj and every
subcommand. Useful for downstream packaging.
* Fixed: several subcommand groups (hook, label, search, key, workflow
secrets/variables) were showing the flattened RepoFlag's doc string
in their --help summary line. Added explicit doc comments per variant.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* New top-level groups, each with full CRUD where the API supports it:
- release: list/view/create/edit/delete/upload/download
- label: list/create/edit/delete
- run: workflow runs (list/view/rerun/cancel)
- secret + variable: Actions secrets/vars (list/set/delete)
- search: cross-cutting (repos/issues/prs/users)
- browse: open repo/path on the web
- status: notifications inbox + mark-all-read
- org: list/view/teams
- ssh-key, gpg-key: list/add/delete on your account
- alias: user-defined shortcuts (e.g. `fj alias set co "pr checkout"`)
- config: local prefs (editor, pager, browser, etc.)
- extension: discover and run `fj-<name>` plugin binaries on PATH
- gist: thin wrapper over `gist-*` repos
* main.rs now expands aliases before clap and dispatches to plugins for
unknown subcommands (matching gh).
* New API modules: release, label, notification, search, org, workflow,
with the corresponding strongly-typed wrappers.
* Release asset upload uses reqwest multipart (feature flag added).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Multi-host auth (tokens in OS keychain), repo/issue/pr CRUD, and a
gh-style `api` escape hatch with -f/-F/-X/-q. Targets Forgejo 7.x via
the Gitea-compatible /api/v1 surface.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Stephen Way