claude-skills/tea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restructure tea skill into a plugin with a mandatory-login guard

Browse Source 
Convert the standalone `tea` skill into a skills-dir plugin so commands are
namespaced and an enforcement hook can ship with it:

- /tea:login  — pin the project Gitea login into .claude/settings.local.json
- /tea:use    — tea CLI reference (was the old root SKILL.md), with the
                login rule slimmed since the hook now enforces it
- hooks/tea-guard.sh — PreToolUse(Bash) guard: blocks any `tea` command that
  touches Gitea unless it carries --login and $GITEA_LOGIN is set. Exempts
  `tea logins list` and `tea --version/--help` so /tea:login can bootstrap.

References moved under skills/use/references/. `claude plugin validate` passes;
guard unit-tested across allow/block cases.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
naudachu
2026-05-30 15:54:48 +05:00
parent bb4ad963ee
commit b3db734cd8
12 changed files with 217 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/use/references/tea/entities.md
+130
View File
@@ -0,0 +1,130 @@
# tea CLI — ENTITIES
See [`./index.md`](./index.md) for global options and common flags shared by all commands.
## `tea issues` (aliases: `issue`, `i`)
Without args lists issues; with `<index>` shows issue detail.
Shared filters: `--state {all|open|closed}` (default: open), `--kind {issues|pulls|all}`, `--keyword/-k`, `--labels/-L`, `--milestones/-m`, `--author/-A`, `--assignee/-a`, `--mentions/-M`, `--owner/--org`, `--from/-F`, `--until/-u`, `--comments`. Available fields: `index,state,kind,author,author-id,url,title,body,created,updated,deadline,assignees,milestone,labels,comments,owner,repo`.
Subcommands:
- `list, ls` — list (same filters as above).
- `create, c` — create an issue. Options: `--title/-t`, `--description/-d`, `--assignees/-a`, `--labels/-L`, `--milestone/-m`, `--deadline/-D`, `--referenced-version/-v` (commit hash or tag).
- `edit, e <idx>...` — edit. `--title`, `--description`, `--add-assignees/-a`, `--add-labels/-L`, `--remove-labels`, `--milestone`, `--deadline`, `--referenced-version`. To unset a value pass an empty string (`--milestone ""`).
- `reopen, open <idx>...`
- `close <idx>...`
## `tea pulls` (aliases: `pull`, `pr`)
Without args lists PRs; with `<index>` shows PR detail. Fields: `index,state,author,author-id,url,title,body,mergeable,base,base-commit,head,diff,patch,created,updated,deadline,assignees,milestone,labels,comments,ci`.
Subcommands:
- `list, ls` (`--state`)
- `checkout, co <idx>` — check out PR locally. `--branch/-b` creates a local branch if missing.
- `clean <idx>` — delete local and remote feature branches for a closed PR. `--ignore-sha` matches branch by name instead of commit hash.
- `create, c` — create a PR. `--head <user:branch>`, `--base/-b`, `--allow-maintainer-edits/--edits`, `--agit`, `--topic`, plus all issue-style fields (`--title`, `--description`, `--assignees`, `--labels`, `--milestone`, `--deadline`, `--referenced-version`).
- `close <idx>...`, `reopen, open <idx>...`
- `edit, e <idx>...` — like `issues edit` plus `--add-reviewers/-r`, `--remove-reviewers`.
- `review <idx>` — interactive review.
- `approve, lgtm, a <idx> [comment]`
- `reject <idx> <reason>`
- `merge, m <idx>``--style/-s {merge|rebase|squash|rebase-merge}` (default merge), `--title/-t`, `--message/-m`.
- `review-comments, rc <idx>` — list review comments. Fields: `id,body,reviewer,path,line,resolver,created,updated,url`.
- `resolve <comment-id>` / `unresolve <comment-id>`
## `tea labels` (alias: `label`)
- `list, ls``--save/-s` dumps labels to a file.
- `create, c``--name`, `--color`, `--description`, `--file` (bulk import from file).
- `update``--id`, `--name`, `--color`, `--description`.
- `delete, rm``--id`.
## `tea milestones` (aliases: `milestone`, `ms`)
Fields: `title,state,items_open,items_closed,items,duedate,description,created,updated,closed,id`.
- `list, ls` (`--state`)
- `create, c``--title/-t`, `--description/-d`, `--deadline/--expires/-x`, `--state`.
- `close <name>...``--force/-f` deletes instead of closing.
- `reopen, open <name>...`
- `delete, rm <name>`
- `issues, i <name>` — manage milestone contents:
- `add, a <name> <issue-idx>`
- `remove, r <name> <issue-idx>`
## `tea releases` (aliases: `release`, `r`)
- `list, ls`
- `create, c [<tag>]``--tag`, `--target` (branch/commit), `--title/-t`, `--note/-n`, `--note-file/-f`, `--draft/-d`, `--prerelease/-p`, `--asset/-a <path>` (repeatable).
- `edit, e <tag>...``--tag`, `--target`, `--title/-t`, `--note/-n`, `--draft/-d <bool>`, `--prerelease/-p <bool>`.
- `delete, rm <tag>...``--confirm/-y` required; `--delete-tag` also removes the git tag.
- `assets, asset, a` — manage release attachments:
- `list, ls <tag>`
- `create, c <tag> <asset>...`
- `delete, rm <tag> <attachment-name>...``--confirm/-y`.
## `tea times` (aliases: `time`, `t`)
Time tracking on issues/PRs. Fields: `id,created,repo,issue,user,duration`. Command-level: `--from/-f`, `--until/-u`, `--total/-t`, `--mine/-m`.
- `add, a <issue> <duration>` — e.g. `tea times add 1 1h25m`.
- `delete, rm <issue> <time-id>`
- `reset <issue>`
- `list, ls [username | #issue]` — username filters by user on the repo; `#N` filters by issue; `--mine` aggregates across all repos.
## `tea organizations` (aliases: `organization`, `org`)
- `list, ls`
- `create, c <name>``--full-name/-n`, `--description/-d`, `--website/-w`, `--location/-L`, `--visibility/-v`, `--repo-admins-can-change-team-access`.
- `delete, rm <name>`
## `tea repos` (alias: `repo`)
Fields: `description,forks,id,name,owner,stars,ssh,updated,url,permission,type`.
- `list, ls``--watched/-w`, `--starred/-s`, `--owner/-O`, `--type/-T {fork|mirror|source}`.
- `search, s [term]``--topic/-t`, `--type/-T`, `--owner/-O`, `--private {true|false}`, `--archived {true|false}`.
- `create, c``--name`, `--owner/-O`, `--private`, `--description/--desc`, `--init`, `--labels`, `--gitignores/--git`, `--license`, `--readme`, `--branch`, `--template`, `--trustmodel {committer|collaborator|collaborator+committer}`, `--object-format {sha1|sha256}`.
- `create-from-template, ct``--template/-t`, `--name/-n`, `--owner/-O`, `--private`, `--description/--desc`, copy toggles: `--content`, `--githooks`, `--avatar`, `--labels`, `--topics`, `--webhooks`.
- `fork, f``--owner/-O` (default: current user).
- `migrate, m``--name`, `--owner`, `--clone-url`, `--service {git|gitea|gitlab|gogs}`, `--mirror`, `--mirror-interval`, `--private`, `--template`, copy toggles: `--wiki`, `--issues`, `--labels`, `--pull-requests`, `--releases`, `--milestones`, `--lfs`, `--lfs-endpoint`, auth: `--auth-user`, `--auth-password`, `--auth-token`.
- `delete, rm``--name`, `--owner/-O`, `--force/-f`.
- `edit, e``--name`, `--description/--desc`, `--website`, `--private <bool>`, `--template <bool>`, `--archived <bool>`, `--default-branch`.
## `tea branches` (aliases: `branch`, `b`)
Fields: `name,protected,user-can-merge,user-can-push,protection`.
- `list, ls`
- `protect, P <branch>` — enable branch protection.
- `unprotect, U <branch>` — remove protection.
- `rename, rn <old> <new>`
## `tea actions` (alias: `action`)
CI management: secrets, variables, workflow definitions, workflow runs.
### `tea actions secrets` (alias: `secret`)
- `list, ls`
- `create, add, set <name> [value]``--file` or `--stdin` to read the value.
- `delete, remove, rm <name>``--confirm/-y`.
### `tea actions variables` (aliases: `variable`, `vars`, `var`)
- `list, ls``--name` to fetch a single variable.
- `set, create, update <name> [value]``--file`, `--stdin`.
- `delete, remove, rm <name>``--confirm/-y`.
### `tea actions runs` (alias: `run`)
- `list, ls``--status {success|failure|pending|queued|in_progress|skipped|canceled}`, `--branch`, `--event`, `--actor`, `--since`, `--until`.
- `view, show, get <run-id>``--jobs` prints the jobs table.
- `delete, remove, rm, cancel <run-id>``--confirm/-y`.
- `logs, log <run-id>``--job <id>`, `--follow/-f` (requires the job to be in progress).
### `tea actions workflows` (alias: `workflow`)
- `list, ls`
- `view, show, get <workflow-id>`
- `dispatch, trigger, run <workflow-id>``--ref/-r`, `--input/-i key=value` (repeatable), `--follow/-f`.
- `enable <workflow-id>`
- `disable <workflow-id>``--confirm/-y`.
## `tea webhooks` (aliases: `webhook`, `hooks`, `hook`)
Scope is selected by flag: `--repo`, `--org`, `--global`.
- `list, ls`
- `create, c <webhook-url>``--type {gitea|gogs|slack|discord|dingtalk|telegram|msteams|feishu|wechatwork|packagist}` (default: gitea), `--secret`, `--events` (default: push), `--active`, `--branch-filter`, `--authorization-header`.
- `update, edit, u <id>``--url`, `--secret`, `--events`, `--active` / `--inactive`, `--branch-filter`, `--authorization-header`.
- `delete, rm <id>``--confirm/-y`.
## `tea comment, c <issue/pr index> [body]`
Add a comment to an issue or PR. Body may be passed as an argument or supplied interactively.
skills/use/references/tea/helpers.md
+30
View File
@@ -0,0 +1,30 @@
# tea CLI — HELPERS
See [`./index.md`](./index.md) for global options and common flags shared by all commands.
## `tea open, o`
Open the current repository/context in a web browser.
## `tea notifications` (aliases: `notification`, `n`)
Defaults to the current repo; `--mine/-m` aggregates across all your repos. Fields: `id,status,updated,index,type,state,title,repository`. Filters: `--types/-t {issue|pull|repository|commit}`, `--states/-s {pinned|unread|read}` (default: `unread,pinned`).
- `ls, list`
- `read, r [all | <id>]`
- `unread, u [all | <id>]`
- `pin, p [all | <id>]`
- `unpin [all | <id>]`
## `tea clone, C <repo-slug> [target-dir]`
Clone without requiring a local git install. Accepts slug forms: `gitea/tea`, `tea`, `gitea.com/gitea/tea`, `git@gitea.com:gitea/tea`, `https://gitea.com/gitea/tea`, `ssh://gitea.com:22/gitea/tea`. A host in the slug overrides `--login`. Options: `--depth/-d`, `--login/-l`.
## `tea api <endpoint>`
Authenticated HTTP request to the Gitea API. Endpoints are auto-prefixed with `/api/v1/` unless they start with `/api/` or `http(s)://`. Placeholders `{owner}` and `{repo}` are filled from the repo context.
- `--method/-X {GET|POST|PUT|PATCH|DELETE}` (default GET; switches to POST automatically when a body is provided)
- `--field/-f key=value` — string field on body (repeatable).
- `--Field/-F key=value` — typed field (numbers, booleans, null, JSON arrays/objects); `@file` or `@-` (stdin); `"null"` forces literal string.
- `--data/-d` — raw JSON body (`@file` / `@-`). Incompatible with `-f`/`-F`.
- `--header/-H key:value` (repeatable)
- `--include/-i` — write status + response headers to stderr.
- `--output/-o <file>` — write response body to file (`-` = stdout).
- Quote the endpoint if it contains `?` or `&` to prevent shell expansion.
skills/use/references/tea/index.md
+36
View File
@@ -0,0 +1,36 @@
# tea CLI — Index
Version: `tea 0.14.1` (go-sdk v0.25.1). Source: recursive `--help` traversal. Upstream: https://gitea.com/gitea/tea
`tea` is a productivity helper for Gitea. It uses the current git repository context (`$PWD`) — owner/repo/login are auto-detected when inside a repo. Config is persisted in `$XDG_CONFIG_HOME/tea`.
## Global options
- `--debug, --vvv` — enable debug mode
- `--help, -h`, `--version, -v`
## Common flags (present on nearly every command)
| Flag | Purpose |
|---|---|
| `--login, -l <name>` | use a specific login from the config |
| `--repo, -r <owner/repo>` | override repository context (local path or slug) |
| `--remote, -R <name>` | discover login from this git remote |
| `--output, -o <fmt>` | output format: `simple, table, csv, tsv, yaml, json` |
| `--page, -p <n>` / `--limit, --lm <n>` | pagination (defaults 1 / 30) |
| `--fields, -f <list>` | which columns to print |
## Command categories
```
ENTITIES: issues, pulls, labels, milestones, releases, times,
organizations, repos, branches, actions, webhooks, comment
HELPERS: open, notifications, clone, api
MISC: whoami, admin
SETUP: logins, logout, ssh-keys
```
- [ENTITIES](./entities.md)
- [HELPERS](./helpers.md)
- [MISC](./misc.md)
- [SETUP](./setup.md)
skills/use/references/tea/misc.md
+17
View File
@@ -0,0 +1,17 @@
# tea CLI — MISCELLANEOUS
See [`./index.md`](./index.md) for global options and common flags shared by all commands.
## `tea whoami`
Show the currently logged in user.
## `tea admin, a`
Operations requiring admin access on the Gitea instance.
### `tea admin users` (alias: `u`)
Fields: `id,login,full_name,email,avatar_url,language,is_admin,restricted,prohibit_login,location,website,description,visibility,activated,lastlogin_at,created_at`.
- `list, ls`
- `create, add, new``--username/-u`, `--password/-p` / `--password-file` / `--password-stdin`, `--email/-e`, `--full-name`, `--admin`, `--restricted`, `--prohibit-login`, `--no-must-change-password`, `--visibility {public|limited|private}`.
- `edit, update, e, u <username>` — paired flags: `--password` (or `--password-file`/`--password-stdin`), `--email/-e`, `--full-name`, `--description`, `--website`, `--location`, `--admin`/`--no-admin`, `--restricted`/`--no-restricted`, `--prohibit-login`/`--allow-login`, `--active`/`--inactive`, `--no-must-change-password`, `--visibility`, `--max-repo-creation` (-1 = unlimited), `--allow-git-hook`/`--no-allow-git-hook`, `--allow-import-local`/`--no-allow-import-local`, `--allow-create-organization`/`--no-allow-create-organization`.
- `delete, rm, remove <username>``--confirm/-y`.
skills/use/references/tea/setup.md
+19
View File
@@ -0,0 +1,19 @@
# tea CLI — SETUP
See [`./index.md`](./index.md) for global options and common flags shared by all commands.
## `tea logins` (alias: `login`)
- `list, ls`
- `add` — interactive when called without args. `--name/-n`, `--url/-u` (`$GITEA_SERVER_URL`), `--token/-t` (`$GITEA_SERVER_TOKEN`), `--user` (`$GITEA_SERVER_USER`), `--password/--pwd` (`$GITEA_SERVER_PASSWORD`), `--otp` (`$GITEA_SERVER_OTP`), `--scopes` (`$GITEA_SCOPES`), `--ssh-key/-s`, `--ssh-agent-principal/-c`, `--ssh-agent-key/-a`, `--insecure/-i`, `--no-version-check/--nv`, `--helper/-j`, `--oauth/-o` (plus `--client-id`, `--redirect-url`).
- `edit, e` — interactive.
- `delete, rm <name>`
- `default [<login>]` — get or set the default login.
- `oauth-refresh [<login>]` — refresh an OAuth token (opens browser if the refresh token is also expired).
## `tea logout <name>`
Remove a stored login.
## `tea ssh-keys` (alias: `ssh-key`)
- `list, ls`
- `add <key-file>``--title/-t` (defaults to filename without extension).
- `delete, rm <key-id>``--confirm/-y`.