This is the opt-in surface for the new go-gh aggressive caching
support. Setting GH_AGGRESSIVE_CACHING_TTL to a Go duration string
(e.g. 30s, 1m, 5m, 1h) enables process-wide TTL caching for cacheable
REST and GraphQL requests on the standard authenticated HTTP client.
Motivation: heavy users running multiple parallel agent harnesses
(e.g. several Codex agents in lockstep) issue duplicate identical
requests within seconds of each other, exhausting the GitHub primary
REST rate limit and tripping secondary limits. A short TTL (~30s)
dedupes the lockstep traffic without changing what gh fundamentally
is. The trade-off (bounded staleness) is acceptable when explicitly
opted into.
Wiring:
- api/http_client.go: NewHTTPClient reads GH_AGGRESSIVE_CACHING_TTL
after honoring caller-supplied EnableCache. The env var only
activates when:
- opts.EnableCache is not already true (caller config wins)
- opts.SkipDefaultHeaders is false (PlainHttpClient bypasses
defaults and must not opt into caching by env var)
Per-request X-GH-CACHE-TTL: 0 still bypasses for individual calls.
- parseAggressiveCachingTTL is silent on failure: empty, '0',
negative, or unparseable values disable the feature. Matches the
convention for other GH_* env vars and avoids stderr noise from
a transport layer. Users diagnose via the X-GH-Cache-Status
response header.
- help_topic.go: documents the env var, format, staleness caveat,
intended use case, observability hook, cleanup path
(gh config clear-cache), and explicit precedence rules.
Tests cover:
- parseAggressiveCachingTTL edge cases (empty, valid, zero,
negative, unparseable, missing unit, plain number).
- Env var with positive duration enables caching end-to-end
(miss -> hit pattern, network call only on first request).
- Env var unset or with invalid value leaves caching disabled.
- Caller-set EnableCache + CacheTTL takes precedence over env var.
- SkipDefaultHeaders (PlainHttpClient path) bypasses aggressive
caching even when env var is set.
- Per-request X-GH-CACHE-TTL: 0 hard-bypasses cache when env var
is set, and does not pollute the cached entry.
Manual smoke verified against live api.github.com:
- REST GET: miss -> hit transitions work, X-GH-Cache-Status
visible via 'gh api -i'.
- GraphQL query: same miss -> hit pattern works.
- Per-request opt-out: header returns no X-GH-Cache-Status,
confirming bypass.
- 'gh auth status', 'gh config clear-cache' continue to work.
Out of scope here:
- ETag / If-None-Match revalidation (planned follow-up that layers
on top of the same transport).
- Rewriting commands like 'gh pr checks --watch' to take advantage
of REST + ETag (separate decision, separate PR).
Depends on go-gh changes:
- 'Fix per-request cache opt-out when global TTL is configured'
- 'Restrict cacheable responses to 2xx'
- 'Skip caching of GraphQL mutations and subscriptions'
- 'Use atomic temp-file + rename for cache writes'
- 'Vary cache key by Accept-Encoding, X-GitHub-Api-Version, ...'
- 'Emit X-GH-Cache-Status response header for cache observability'
Related: cli/cli#13279, cli/cli#13293
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Opts in to the new PR screening features in the shared triage workflow:
- Instantly closes PRs with zero file changes
- Detects same-author resubmissions of recently closed PRs
- Fast-tracks small, well-described fixes to ready-for-review
- Accelerates closure of large unsolicited PRs (3 days vs 7)
Depends on desktop/gh-cli-and-desktop-shared-workflows#17
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The beforePasswordSendTimeout was set to 100 microseconds, which is
insufficient for huh to disable echo mode on the PTY in slow or
constrained environments (e.g. network-isolated build containers).
Increase to 100 milliseconds to avoid the race condition.
The four tests in this file (TestVerifyIntegration,
TestVerifyIntegrationCustomIssuer, TestVerifyIntegrationReusableWorkflow,
TestVerifyIntegrationReusableWorkflowSignerWorkflow) call
NewLiveSigstoreVerifier which requires network access to Sigstore and
GitHub TUF servers. Unlike the other integration test files in this
package (attestation_integration_test.go, sigstore_integration_test.go,
inspect_integration_test.go), this file was missing the //go:build
integration tag, causing these tests to run during a regular
'go test ./...' and fail in network-isolated build environments.
When a token (GitHub App, fine-grained PAT, or GITHUB_TOKEN) lacks the
project permission, querying projectItems on a PR or issue fails with
"Resource not accessible by integration" or "Resource not accessible by
personal access token". ProjectsV2IgnorableError did not match these
errors, causing commands like pr view, pr edit, and issue view to fail
entirely instead of gracefully omitting project data.
Add "Resource not accessible by" as an ignorable error prefix. This is
safe because ProjectsV2IgnorableError is only called in project-specific
code paths.
Closes#13280
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The review hint printed after `gh skill install --allow-hidden-dirs`
suggests `gh skill preview` commands. Those commands would fail for
hidden-dir skills because preview would filter them out. Pass the
flag through so the suggested commands work as-is.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Most agent clients (Claude Code, Copilot, etc.) only discover immediate
subdirectories of their skills folder. When a skill repository used
namespaced paths like skills/author/my-skill/, the installer created
nested directories (e.g. .claude/skills/author/my-skill/) that clients
could not find.
This separates the skill's identity (InstallName, used for lockfile keys,
search, filtering, display) from the filesystem path (Name, used for the
install directory). Skills are now always installed flat:
.claude/skills/my-skill/SKILL.md (not .claude/skills/author/my-skill/)
Changes:
- installer: use skill.Name for directory paths instead of InstallName
- install.go: use skill.Name for overwrite checks and prompts
- collisions: detect conflicts by Name since flat install means two
skills with the same Name but different Namespace values will collide
- update: clean up old namespaced directories when migrating to flat
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add support for the --allow-hidden-dirs flag in `gh skill preview`,
matching the existing pattern in `gh skill install`. This allows users
to preview skills located in hidden directories (e.g. .claude/skills/,
.agents/skills/).
Changes:
- Add AllowHiddenDirs field to PreviewOptions
- Register --allow-hidden-dirs flag on the preview command
- Switch from DiscoverSkills to DiscoverSkillsWithOptions to get all
skills including hidden-dir ones
- Add filterHiddenDirSkills to exclude hidden-dir skills by default,
showing a hint when they are found but excluded
- Print a warning when --allow-hidden-dirs is used and hidden skills
are present
- Return an error when only hidden-dir skills exist without the flag
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Widen ValidateSupportedHost to accept tenancy hosts (*.ghe.com) alongside
github.com. GHEC with data residency uses these domains, and all skill
subcommands (search, install, preview, publish, update) now allow them.
GitHub Enterprise Server remains unsupported and is explicitly rejected
with a clear error message.
Also fix the lockfile writer to use the actual host when constructing
SourceURL instead of hardcoding github.com.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The sample_rate common dimension was set once at service creation
time and never updated when SetSampleRate was called later. This
caused commands like 'gh skill publish' that override the sample
rate via PersistentPreRunE to report the wrong sample_rate in
telemetry events (e.g. 1 instead of 100).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
