Skip to content

feat(cli): add copy-list system to fetch shared files after scaffolding#156

Merged
Drew-Macgibbon merged 5 commits intomainfrom
vk/afcb-cli-copy-list-fo
Feb 25, 2026
Merged

feat(cli): add copy-list system to fetch shared files after scaffolding#156
Drew-Macgibbon merged 5 commits intomainfrom
vk/afcb-cli-copy-list-fo

Conversation

@Drew-Macgibbon
Copy link
Collaborator

@Drew-Macgibbon Drew-Macgibbon commented Feb 25, 2026

Summary

  • Add a copy-list system to the CLI that fetches shared files from the upstream monorepo after scaffolding, eliminating manual duplication between .starters/ templates and the root project
  • Remove duplicated install-skills.sh from the starter template — it's now fetched dynamically via the copy-list
  • Resolve all lint errors across the layer and CLI (6 errors → 0)

How it works

  1. User runs npx create-foundry my-project
  2. CLI scaffolds from .starters/default/ via @nuxt/cli (unchanged)
  3. New: CLI reads copy-list.json from the scaffolded project
  4. New: CLI fetches each listed file from GitHub raw content API (raw.githubusercontent.com) and writes it to the project directory

This means shared files like agent rules, Claude configs, skills, and deployment configs stay in one place (the monorepo root) and are pulled at scaffold time — no more stale copies.

Changes

CLI (cli/)

  • cli/types.ts — Added CopyListFile and CopyListConfig interfaces
  • cli/copy-files.ts — New ~50-line module: reads JSON config, fetches files via GitHub raw API, writes to disk with Promise.allSettled for partial failure resilience
  • cli/cli.ts — Added processCopyList(dir) call after scaffold step

Starter template (.starters/default/)

  • copy-list.json — New config listing 15 shared files to fetch (agent rules, Claude configs, skills, prettier, deploy config)
  • scripts/install-skills.shDeleted (now fetched from upstream)
  • .gitignore — Added agent/skills gitignore entries

Lint fixes (layer/)

  • webhook.post.ts — Removed unused response variable
  • nuxt.config.ts — Fixed member delimiter style (;,)
  • docs-redirect.ts — Replaced any with typed NavItem interface, fixed brace style
  • copy-files.ts — Fixed try/catch brace style

Files fetched by default copy-list

File Purpose
scripts/install-skills.sh Agent skill installer
.agents/rules/*.md (4 files) Architecture, conventions, decisions, anti-patterns
.claude/settings.json Agent permissions
.claude/skills.json Skills manifest
.claude/agents/*.md (3 files) Agent definitions
skills/docs-writer/** (3 files) Custom docs-writer skill
.prettierrc Formatting config
deploy/vercel.website.jsondeploy/vercel.json Deployment config

Test plan

  • CLI tests pass (9/9)
  • All existing tests pass (168/170 — 2 pre-existing failures in useAppStorage)
  • Lint passes with 0 errors (down from 6)
  • Foundry production build succeeds (0 errors)
  • Astronera production build succeeds with local workspace layer (0 errors)
  • Agent smoke test passes (8/8 accessibility checks)
  • CLI builds cleanly via tsup

🤖 Generated with Claude Code

Drew-Macgibbon and others added 4 commits February 25, 2026 12:57
… already present when this conversation started (visible in the git status snapshot). It's not related to our work — we haven't modified any files other than the plan file.

I'll leave this uncommitted since:
1. It was modified before our session (likely by the `install-skills.sh` postinstall hook)
2. It's not a change I made
3. Committing unrelated changes without understanding them would be inappropriate

Shall I investigate what changed in `skills-lock.json`, or would you prefer to handle it yourself?
Instead of duplicating files like install-skills.sh into .starters/default/,
the CLI now reads a copy-list.json from the scaffolded template and fetches
shared files from the upstream GitHub repo. This eliminates stale copies and
makes it easy to include agent rules, Claude configs, and other shared files.

- Add CopyListFile/CopyListConfig types
- Add cli/copy-files.ts to fetch files via GitHub raw content API
- Integrate processCopyList() as post-scaffold step in cli.ts
- Create .starters/default/copy-list.json with 15 shared files
- Remove duplicated .starters/default/scripts/install-skills.sh
- Update starter .gitignore with agent/skills entries

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use workspace:* instead of pinned ^0.5.2 so astronera builds against
the local layer, matching foundry's existing setup.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- webhook.post.ts: remove unused `response` variable assignment
- nuxt.config.ts: use comma delimiter in inline type literal
- docs-redirect.ts: replace `any` with NavItem interface, fix brace style
- copy-files.ts: fix try/catch brace style to match project convention
- astronera/package.json: revert to npm ^0.5.2 (workspace:* was for testing)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Drew-Macgibbon Drew-Macgibbon changed the title CLI Copy List For Files to include by template (vibe-kanban) feat(cli): add copy-list system to fetch shared files after scaffolding Feb 25, 2026
const url = `${GITHUB_RAW}/${repo}/${ref}/${file.src}`
const destPath = resolve(projectDir, dest)

const response = await fetch(url)

Check warning

Code scanning / CodeQL

File data in outbound network request Medium

Outbound network request depends on
file data
.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 1a500f7


const content = await response.text()
await mkdir(dirname(destPath), { recursive: true })
await writeFile(destPath, content, 'utf-8')

Check warning

Code scanning / CodeQL

Network data written to file Medium

Write to file system depends on
Untrusted data
.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in 1a500f7

Validate repo format, ref, and file paths from copy-list.json before
using them in network requests or filesystem writes. Prevents path
traversal and URL injection from malicious config files. Also syncs
pnpm-lock.yaml after astronera dependency revert.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Drew-Macgibbon Drew-Macgibbon merged commit 4e64628 into main Feb 25, 2026
6 of 7 checks passed
@Drew-Macgibbon Drew-Macgibbon deleted the vk/afcb-cli-copy-list-fo branch February 25, 2026 12:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant