claude-skills/tea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4aa0a903812fe453b827ee5081b3b64203406d8
tea/skills/login/SKILL.md
T
naudachu b3db734cd8 Restructure tea skill into a plugin with a mandatory-login guard 
Convert the standalone `tea` skill into a skills-dir plugin so commands are
namespaced and an enforcement hook can ship with it:

- /tea:login  — pin the project Gitea login into .claude/settings.local.json
- /tea:use    — tea CLI reference (was the old root SKILL.md), with the
                login rule slimmed since the hook now enforces it
- hooks/tea-guard.sh — PreToolUse(Bash) guard: blocks any `tea` command that
  touches Gitea unless it carries --login and $GITEA_LOGIN is set. Exempts
  `tea logins list` and `tea --version/--help` so /tea:login can bootstrap.

References moved under skills/use/references/. `claude plugin validate` passes;
guard unit-tested across allow/block cases.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 15:54:48 +05:00

2.0 KiB
Raw Blame History

name, description
name description
login Pin the Gitea login used by the tea CLI in this project. Run when $GITEA_LOGIN is unset, when the tea-guard hook blocks a command demanding a login, or when the user types /tea:login. Enumerates available logins, lets the user pick one, and persists it to .claude/settings.local.json.

/tea:login — pin the project Gitea login

Goal: select exactly one tea login for this project and persist it to .claude/settings.local.json under env.GITEA_LOGIN, so every later tea call can pass --login "$GITEA_LOGIN". The tea-guard hook blocks every Gitea-touching tea command until this is done — this command is the remediation it points to.

Steps

  1. Enumerate logins (allowed by the guard even without --login): tea logins list -o json
  2. No logins: stop and ask the user to run tea logins add themselves — it is interactive (prompts for URL/token). Do not run it for them.
  3. One login: propose pinning it; confirm with the user before writing.
  4. Several logins: use AskUserQuestion to let the user pick. Show each login's name, user, and url so the choice is unambiguous.
  5. Merge the chosen name into .claude/settings.local.json under env — do not clobber other keys: 
    { "env": { "GITEA_LOGIN": "<chosen-name>" } }
  6. Tell the user: the updated $GITEA_LOGIN is only exported into Bash after a session restart. Until they restart, pass the literal name explicitly: tea --login <chosen-name> ....

Hard rules (identity safety)

  • NEVER run commands that mutate logins or global login state: tea logins add/edit/delete/default, tea logout. Read-only tea logins list is the only allowed login command.
  • If a tea call fails with a permission/scope error, report it to the user. Do NOT try to fix it by switching to, or editing, a different login.
  • If you ever see no gitea login detected, falling back to login '...', treat it as a hard failure: stop, do not act on the result, surface it.
Reference in New Issue View Git Blame Copy Permalink