Restructure tea skill into a plugin with a mandatory-login guard

Convert the standalone `tea` skill into a skills-dir plugin so commands are
namespaced and an enforcement hook can ship with it:

- /tea:login  — pin the project Gitea login into .claude/settings.local.json
- /tea:use    — tea CLI reference (was the old root SKILL.md), with the
                login rule slimmed since the hook now enforces it
- hooks/tea-guard.sh — PreToolUse(Bash) guard: blocks any `tea` command that
  touches Gitea unless it carries --login and $GITEA_LOGIN is set. Exempts
  `tea logins list` and `tea --version/--help` so /tea:login can bootstrap.

References moved under skills/use/references/. `claude plugin validate` passes;
guard unit-tested across allow/block cases.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

skills/use/SKILL.md

@@ -0,0 +1,102 @@
+---
+name: use
+description: Reference docs for the `tea` CLI — Gitea's command-line client. Load when the user asks about Gitea repos, issues, pulls, releases, actions, or other Gitea entities, to look up the right `tea` command and flags. Every tea call must carry --login "$GITEA_LOGIN" (enforced by the tea-guard hook; set it with /tea:login).
+---
+
+# /tea:use — tea CLI reference
+
+Reference material for the `tea` CLI (Gitea's official command-line client).
+Use these docs to look up commands, flags, filters, and output fields before
+running `tea` via Bash.
+
+## Login is mandatory (enforced)
+
+Every `tea` invocation that touches Gitea MUST include `--login "$GITEA_LOGIN"`
+(or `-l "$GITEA_LOGIN"`). This is enforced by the **`tea-guard`** PreToolUse
+hook — a `tea` command without `--login` is blocked before it runs. If
+`$GITEA_LOGIN` is unset, run **`/tea:login`** to pin one.
+
+Why: without `--login`, `tea` silently falls back to the machine's default
+login (possibly the user's personal account) and writes under the wrong
+identity. The login value is pinned per-project in `.claude/settings.local.json`
+under `env.GITEA_LOGIN`. Only `tea logins list` and `tea --version/--help` are
+exempt from the guard.
+
+## How to use
+
+1. Identify the entity in the request: issues, pulls, labels, milestones,
+   releases, times, repos, branches, actions, webhooks, comments,
+   notifications, etc.
+2. Find the matching command in the index below.
+3. Run it via Bash with the login, e.g.
+   `tea issues list --login "$GITEA_LOGIN" --repo owner/repo --state open`.
+
+`tea` auto-detects owner/repo from `$PWD` inside a git repo; otherwise pass
+`--repo owner/repo` (or `-r`). Login is **not** auto-detected — it is pinned
+per-project (see `/tea:login`). Config lives in `$XDG_CONFIG_HOME/tea`.
+
+## Index
+
+- [tea CLI overview](references/tea/index.md) — global flags, common options, output formats
+- [ENTITIES](references/tea/entities.md) — issues, pulls, labels, milestones, releases, times, repos, branches, actions, webhooks, comment
+- [HELPERS](references/tea/helpers.md) — open, notifications, clone, api
+- [MISC](references/tea/misc.md) — whoami, admin
+- [SETUP](references/tea/setup.md) — logins, logout, ssh-keys
+
+## Rich payloads — write to `$PWD/tmp/` first, then `tea api`
+
+Entity subcommands (`tea comment`, `tea issues create`, `tea pulls create`, …)
+are built for humans at a TTY. With a large or formatted body they can hang
+silently — an empty-looking positional arg triggers `$EDITOR` fallback, or a
+scope/confirm prompt waits on a TTY that doesn't exist. The harness eventually
+kills the process (e.g. exit 144 = 128 + SIGURG on macOS).
+
+**Rule:** for any non-trivial body (multi-line, or containing markdown / code
+fences / backticks / pipes / tables), bypass entity commands. Save the full
+request payload to `$PWD/tmp/` first, then POST via `tea api`.
+
+### Procedure
+
+1. Ensure the target dir exists: `mkdir -p tmp/{kind}` where `{kind}` is
+   `comment`, `issue`, `pull`, `release`, etc.
+2. Write the **complete request body as JSON** to `$PWD/tmp/{kind}/<slug>.json`.
+   One file = one request. Use a quoted heredoc to avoid shell expansion:
+   ```bash
+   mkdir -p tmp/comment
+   cat > tmp/comment/issue-60.json <<'EOF'
+   {"body": "## Heading\n\nMulti-line markdown with `code`, | tables |, and ```fences```."}
+   EOF
+   ```
+   Newlines inside the body must be encoded as `\n` in the JSON string. If
+   composing programmatically, pipe through
+   `jq -Rs '{body: .}' < body.md > tmp/comment/issue-60.json`.
+3. POST with `tea api`, passing the file with `-d @<path>`:
+   ```bash
+   tea api --login "$GITEA_LOGIN" \
+     -X POST -d @tmp/comment/issue-60.json \
+     repos/{owner}/{repo}/issues/60/comments
+   ```
+4. Keep the file. `tmp/` should be gitignored; the saved payload is useful for
+   retries, edits (`PATCH`), and debugging failed posts.
+
+### Common endpoints
+
+| Action | Method + endpoint |
+|---|---|
+| Comment on issue/PR | `POST repos/{owner}/{repo}/issues/{n}/comments` |
+| Edit comment | `PATCH repos/{owner}/{repo}/issues/comments/{id}` |
+| Create issue | `POST repos/{owner}/{repo}/issues` |
+| Edit issue/PR body or title | `PATCH repos/{owner}/{repo}/issues/{n}` |
+| Create PR | `POST repos/{owner}/{repo}/pulls` |
+| Create release | `POST repos/{owner}/{repo}/releases` |
+
+Short single-line bodies (e.g. `tea comment 42 "lgtm" --login "$GITEA_LOGIN"`)
+are still fine via entity commands.
+
+## Tips
+
+- Pass `-o json` for structured output when parsing programmatically.
+- Use `--fields, -f` to narrow columns.
+- Pagination: `--page, -p <n>` and `--limit, --lm <n>` (defaults 1 / 30).
+- If a `tea` command is blocked by `tea-guard`, you forgot `--login` or
+  `$GITEA_LOGIN` is unset — add the flag or run `/tea:login`.

skills/use/references/tea/entities.md

@@ -0,0 +1,130 @@
+# tea CLI — ENTITIES
+
+See [`./index.md`](./index.md) for global options and common flags shared by all commands.
+
+## `tea issues` (aliases: `issue`, `i`)
+Without args lists issues; with `<index>` shows issue detail.
+
+Shared filters: `--state {all|open|closed}` (default: open), `--kind {issues|pulls|all}`, `--keyword/-k`, `--labels/-L`, `--milestones/-m`, `--author/-A`, `--assignee/-a`, `--mentions/-M`, `--owner/--org`, `--from/-F`, `--until/-u`, `--comments`. Available fields: `index,state,kind,author,author-id,url,title,body,created,updated,deadline,assignees,milestone,labels,comments,owner,repo`.
+
+Subcommands:
+- `list, ls` — list (same filters as above).
+- `create, c` — create an issue. Options: `--title/-t`, `--description/-d`, `--assignees/-a`, `--labels/-L`, `--milestone/-m`, `--deadline/-D`, `--referenced-version/-v` (commit hash or tag).
+- `edit, e <idx>...` — edit. `--title`, `--description`, `--add-assignees/-a`, `--add-labels/-L`, `--remove-labels`, `--milestone`, `--deadline`, `--referenced-version`. To unset a value pass an empty string (`--milestone ""`).
+- `reopen, open <idx>...`
+- `close <idx>...`
+
+## `tea pulls` (aliases: `pull`, `pr`)
+Without args lists PRs; with `<index>` shows PR detail. Fields: `index,state,author,author-id,url,title,body,mergeable,base,base-commit,head,diff,patch,created,updated,deadline,assignees,milestone,labels,comments,ci`.
+
+Subcommands:
+- `list, ls` (`--state`)
+- `checkout, co <idx>` — check out PR locally. `--branch/-b` creates a local branch if missing.
+- `clean <idx>` — delete local and remote feature branches for a closed PR. `--ignore-sha` matches branch by name instead of commit hash.
+- `create, c` — create a PR. `--head <user:branch>`, `--base/-b`, `--allow-maintainer-edits/--edits`, `--agit`, `--topic`, plus all issue-style fields (`--title`, `--description`, `--assignees`, `--labels`, `--milestone`, `--deadline`, `--referenced-version`).
+- `close <idx>...`, `reopen, open <idx>...`
+- `edit, e <idx>...` — like `issues edit` plus `--add-reviewers/-r`, `--remove-reviewers`.
+- `review <idx>` — interactive review.
+- `approve, lgtm, a <idx> [comment]`
+- `reject <idx> <reason>`
+- `merge, m <idx>` — `--style/-s {merge|rebase|squash|rebase-merge}` (default merge), `--title/-t`, `--message/-m`.
+- `review-comments, rc <idx>` — list review comments. Fields: `id,body,reviewer,path,line,resolver,created,updated,url`.
+- `resolve <comment-id>` / `unresolve <comment-id>`
+
+## `tea labels` (alias: `label`)
+- `list, ls` — `--save/-s` dumps labels to a file.
+- `create, c` — `--name`, `--color`, `--description`, `--file` (bulk import from file).
+- `update` — `--id`, `--name`, `--color`, `--description`.
+- `delete, rm` — `--id`.
+
+## `tea milestones` (aliases: `milestone`, `ms`)
+Fields: `title,state,items_open,items_closed,items,duedate,description,created,updated,closed,id`.
+
+- `list, ls` (`--state`)
+- `create, c` — `--title/-t`, `--description/-d`, `--deadline/--expires/-x`, `--state`.
+- `close <name>...` — `--force/-f` deletes instead of closing.
+- `reopen, open <name>...`
+- `delete, rm <name>`
+- `issues, i <name>` — manage milestone contents:
+  - `add, a <name> <issue-idx>`
+  - `remove, r <name> <issue-idx>`
+
+## `tea releases` (aliases: `release`, `r`)
+- `list, ls`
+- `create, c [<tag>]` — `--tag`, `--target` (branch/commit), `--title/-t`, `--note/-n`, `--note-file/-f`, `--draft/-d`, `--prerelease/-p`, `--asset/-a <path>` (repeatable).
+- `edit, e <tag>...` — `--tag`, `--target`, `--title/-t`, `--note/-n`, `--draft/-d <bool>`, `--prerelease/-p <bool>`.
+- `delete, rm <tag>...` — `--confirm/-y` required; `--delete-tag` also removes the git tag.
+- `assets, asset, a` — manage release attachments:
+  - `list, ls <tag>`
+  - `create, c <tag> <asset>...`
+  - `delete, rm <tag> <attachment-name>...` — `--confirm/-y`.
+
+## `tea times` (aliases: `time`, `t`)
+Time tracking on issues/PRs. Fields: `id,created,repo,issue,user,duration`. Command-level: `--from/-f`, `--until/-u`, `--total/-t`, `--mine/-m`.
+
+- `add, a <issue> <duration>` — e.g. `tea times add 1 1h25m`.
+- `delete, rm <issue> <time-id>`
+- `reset <issue>`
+- `list, ls [username | #issue]` — username filters by user on the repo; `#N` filters by issue; `--mine` aggregates across all repos.
+
+## `tea organizations` (aliases: `organization`, `org`)
+- `list, ls`
+- `create, c <name>` — `--full-name/-n`, `--description/-d`, `--website/-w`, `--location/-L`, `--visibility/-v`, `--repo-admins-can-change-team-access`.
+- `delete, rm <name>`
+
+## `tea repos` (alias: `repo`)
+Fields: `description,forks,id,name,owner,stars,ssh,updated,url,permission,type`.
+
+- `list, ls` — `--watched/-w`, `--starred/-s`, `--owner/-O`, `--type/-T {fork|mirror|source}`.
+- `search, s [term]` — `--topic/-t`, `--type/-T`, `--owner/-O`, `--private {true|false}`, `--archived {true|false}`.
+- `create, c` — `--name`, `--owner/-O`, `--private`, `--description/--desc`, `--init`, `--labels`, `--gitignores/--git`, `--license`, `--readme`, `--branch`, `--template`, `--trustmodel {committer|collaborator|collaborator+committer}`, `--object-format {sha1|sha256}`.
+- `create-from-template, ct` — `--template/-t`, `--name/-n`, `--owner/-O`, `--private`, `--description/--desc`, copy toggles: `--content`, `--githooks`, `--avatar`, `--labels`, `--topics`, `--webhooks`.
+- `fork, f` — `--owner/-O` (default: current user).
+- `migrate, m` — `--name`, `--owner`, `--clone-url`, `--service {git|gitea|gitlab|gogs}`, `--mirror`, `--mirror-interval`, `--private`, `--template`, copy toggles: `--wiki`, `--issues`, `--labels`, `--pull-requests`, `--releases`, `--milestones`, `--lfs`, `--lfs-endpoint`, auth: `--auth-user`, `--auth-password`, `--auth-token`.
+- `delete, rm` — `--name`, `--owner/-O`, `--force/-f`.
+- `edit, e` — `--name`, `--description/--desc`, `--website`, `--private <bool>`, `--template <bool>`, `--archived <bool>`, `--default-branch`.
+
+## `tea branches` (aliases: `branch`, `b`)
+Fields: `name,protected,user-can-merge,user-can-push,protection`.
+
+- `list, ls`
+- `protect, P <branch>` — enable branch protection.
+- `unprotect, U <branch>` — remove protection.
+- `rename, rn <old> <new>`
+
+## `tea actions` (alias: `action`)
+CI management: secrets, variables, workflow definitions, workflow runs.
+
+### `tea actions secrets` (alias: `secret`)
+- `list, ls`
+- `create, add, set <name> [value]` — `--file` or `--stdin` to read the value.
+- `delete, remove, rm <name>` — `--confirm/-y`.
+
+### `tea actions variables` (aliases: `variable`, `vars`, `var`)
+- `list, ls` — `--name` to fetch a single variable.
+- `set, create, update <name> [value]` — `--file`, `--stdin`.
+- `delete, remove, rm <name>` — `--confirm/-y`.
+
+### `tea actions runs` (alias: `run`)
+- `list, ls` — `--status {success|failure|pending|queued|in_progress|skipped|canceled}`, `--branch`, `--event`, `--actor`, `--since`, `--until`.
+- `view, show, get <run-id>` — `--jobs` prints the jobs table.
+- `delete, remove, rm, cancel <run-id>` — `--confirm/-y`.
+- `logs, log <run-id>` — `--job <id>`, `--follow/-f` (requires the job to be in progress).
+
+### `tea actions workflows` (alias: `workflow`)
+- `list, ls`
+- `view, show, get <workflow-id>`
+- `dispatch, trigger, run <workflow-id>` — `--ref/-r`, `--input/-i key=value` (repeatable), `--follow/-f`.
+- `enable <workflow-id>`
+- `disable <workflow-id>` — `--confirm/-y`.
+
+## `tea webhooks` (aliases: `webhook`, `hooks`, `hook`)
+Scope is selected by flag: `--repo`, `--org`, `--global`.
+
+- `list, ls`
+- `create, c <webhook-url>` — `--type {gitea|gogs|slack|discord|dingtalk|telegram|msteams|feishu|wechatwork|packagist}` (default: gitea), `--secret`, `--events` (default: push), `--active`, `--branch-filter`, `--authorization-header`.
+- `update, edit, u <id>` — `--url`, `--secret`, `--events`, `--active` / `--inactive`, `--branch-filter`, `--authorization-header`.
+- `delete, rm <id>` — `--confirm/-y`.
+
+## `tea comment, c <issue/pr index> [body]`
+Add a comment to an issue or PR. Body may be passed as an argument or supplied interactively.

skills/use/references/tea/helpers.md

@@ -0,0 +1,30 @@
+# tea CLI — HELPERS
+
+See [`./index.md`](./index.md) for global options and common flags shared by all commands.
+
+## `tea open, o`
+Open the current repository/context in a web browser.
+
+## `tea notifications` (aliases: `notification`, `n`)
+Defaults to the current repo; `--mine/-m` aggregates across all your repos. Fields: `id,status,updated,index,type,state,title,repository`. Filters: `--types/-t {issue|pull|repository|commit}`, `--states/-s {pinned|unread|read}` (default: `unread,pinned`).
+
+- `ls, list`
+- `read, r [all | <id>]`
+- `unread, u [all | <id>]`
+- `pin, p [all | <id>]`
+- `unpin [all | <id>]`
+
+## `tea clone, C <repo-slug> [target-dir]`
+Clone without requiring a local git install. Accepts slug forms: `gitea/tea`, `tea`, `gitea.com/gitea/tea`, `git@gitea.com:gitea/tea`, `https://gitea.com/gitea/tea`, `ssh://gitea.com:22/gitea/tea`. A host in the slug overrides `--login`. Options: `--depth/-d`, `--login/-l`.
+
+## `tea api <endpoint>`
+Authenticated HTTP request to the Gitea API. Endpoints are auto-prefixed with `/api/v1/` unless they start with `/api/` or `http(s)://`. Placeholders `{owner}` and `{repo}` are filled from the repo context.
+
+- `--method/-X {GET|POST|PUT|PATCH|DELETE}` (default GET; switches to POST automatically when a body is provided)
+- `--field/-f key=value` — string field on body (repeatable).
+- `--Field/-F key=value` — typed field (numbers, booleans, null, JSON arrays/objects); `@file` or `@-` (stdin); `"null"` forces literal string.
+- `--data/-d` — raw JSON body (`@file` / `@-`). Incompatible with `-f`/`-F`.
+- `--header/-H key:value` (repeatable)
+- `--include/-i` — write status + response headers to stderr.
+- `--output/-o <file>` — write response body to file (`-` = stdout).
+- Quote the endpoint if it contains `?` or `&` to prevent shell expansion.

skills/use/references/tea/index.md

@@ -0,0 +1,36 @@
+# tea CLI — Index
+
+Version: `tea 0.14.1` (go-sdk v0.25.1). Source: recursive `--help` traversal. Upstream: https://gitea.com/gitea/tea
+
+`tea` is a productivity helper for Gitea. It uses the current git repository context (`$PWD`) — owner/repo/login are auto-detected when inside a repo. Config is persisted in `$XDG_CONFIG_HOME/tea`.
+
+## Global options
+
+- `--debug, --vvv` — enable debug mode
+- `--help, -h`, `--version, -v`
+
+## Common flags (present on nearly every command)
+
+| Flag | Purpose |
+|---|---|
+| `--login, -l <name>` | use a specific login from the config |
+| `--repo, -r <owner/repo>` | override repository context (local path or slug) |
+| `--remote, -R <name>` | discover login from this git remote |
+| `--output, -o <fmt>` | output format: `simple, table, csv, tsv, yaml, json` |
+| `--page, -p <n>` / `--limit, --lm <n>` | pagination (defaults 1 / 30) |
+| `--fields, -f <list>` | which columns to print |
+
+## Command categories
+
+```
+ENTITIES:   issues, pulls, labels, milestones, releases, times,
+            organizations, repos, branches, actions, webhooks, comment
+HELPERS:    open, notifications, clone, api
+MISC:       whoami, admin
+SETUP:      logins, logout, ssh-keys
+```
+
+- [ENTITIES](./entities.md)
+- [HELPERS](./helpers.md)
+- [MISC](./misc.md)
+- [SETUP](./setup.md)

skills/use/references/tea/misc.md

@@ -0,0 +1,17 @@
+# tea CLI — MISCELLANEOUS
+
+See [`./index.md`](./index.md) for global options and common flags shared by all commands.
+
+## `tea whoami`
+Show the currently logged in user.
+
+## `tea admin, a`
+Operations requiring admin access on the Gitea instance.
+
+### `tea admin users` (alias: `u`)
+Fields: `id,login,full_name,email,avatar_url,language,is_admin,restricted,prohibit_login,location,website,description,visibility,activated,lastlogin_at,created_at`.
+
+- `list, ls`
+- `create, add, new` — `--username/-u`, `--password/-p` / `--password-file` / `--password-stdin`, `--email/-e`, `--full-name`, `--admin`, `--restricted`, `--prohibit-login`, `--no-must-change-password`, `--visibility {public|limited|private}`.
+- `edit, update, e, u <username>` — paired flags: `--password` (or `--password-file`/`--password-stdin`), `--email/-e`, `--full-name`, `--description`, `--website`, `--location`, `--admin`/`--no-admin`, `--restricted`/`--no-restricted`, `--prohibit-login`/`--allow-login`, `--active`/`--inactive`, `--no-must-change-password`, `--visibility`, `--max-repo-creation` (-1 = unlimited), `--allow-git-hook`/`--no-allow-git-hook`, `--allow-import-local`/`--no-allow-import-local`, `--allow-create-organization`/`--no-allow-create-organization`.
+- `delete, rm, remove <username>` — `--confirm/-y`.

skills/use/references/tea/setup.md

@@ -0,0 +1,19 @@
+# tea CLI — SETUP
+
+See [`./index.md`](./index.md) for global options and common flags shared by all commands.
+
+## `tea logins` (alias: `login`)
+- `list, ls`
+- `add` — interactive when called without args. `--name/-n`, `--url/-u` (`$GITEA_SERVER_URL`), `--token/-t` (`$GITEA_SERVER_TOKEN`), `--user` (`$GITEA_SERVER_USER`), `--password/--pwd` (`$GITEA_SERVER_PASSWORD`), `--otp` (`$GITEA_SERVER_OTP`), `--scopes` (`$GITEA_SCOPES`), `--ssh-key/-s`, `--ssh-agent-principal/-c`, `--ssh-agent-key/-a`, `--insecure/-i`, `--no-version-check/--nv`, `--helper/-j`, `--oauth/-o` (plus `--client-id`, `--redirect-url`).
+- `edit, e` — interactive.
+- `delete, rm <name>`
+- `default [<login>]` — get or set the default login.
+- `oauth-refresh [<login>]` — refresh an OAuth token (opens browser if the refresh token is also expired).
+
+## `tea logout <name>`
+Remove a stored login.
+
+## `tea ssh-keys` (alias: `ssh-key`)
+- `list, ls`
+- `add <key-file>` — `--title/-t` (defaults to filename without extension).
+- `delete, rm <key-id>` — `--confirm/-y`.