feat(cli): add copy-list system to fetch shared files after scaffolding#156
Merged
Drew-Macgibbon merged 5 commits intomainfrom Feb 25, 2026
Merged
feat(cli): add copy-list system to fetch shared files after scaffolding#156Drew-Macgibbon merged 5 commits intomainfrom
Drew-Macgibbon merged 5 commits intomainfrom
Conversation
… already present when this conversation started (visible in the git status snapshot). It's not related to our work — we haven't modified any files other than the plan file. I'll leave this uncommitted since: 1. It was modified before our session (likely by the `install-skills.sh` postinstall hook) 2. It's not a change I made 3. Committing unrelated changes without understanding them would be inappropriate Shall I investigate what changed in `skills-lock.json`, or would you prefer to handle it yourself?
Instead of duplicating files like install-skills.sh into .starters/default/, the CLI now reads a copy-list.json from the scaffolded template and fetches shared files from the upstream GitHub repo. This eliminates stale copies and makes it easy to include agent rules, Claude configs, and other shared files. - Add CopyListFile/CopyListConfig types - Add cli/copy-files.ts to fetch files via GitHub raw content API - Integrate processCopyList() as post-scaffold step in cli.ts - Create .starters/default/copy-list.json with 15 shared files - Remove duplicated .starters/default/scripts/install-skills.sh - Update starter .gitignore with agent/skills entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use workspace:* instead of pinned ^0.5.2 so astronera builds against the local layer, matching foundry's existing setup. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- webhook.post.ts: remove unused `response` variable assignment - nuxt.config.ts: use comma delimiter in inline type literal - docs-redirect.ts: replace `any` with NavItem interface, fix brace style - copy-files.ts: fix try/catch brace style to match project convention - astronera/package.json: revert to npm ^0.5.2 (workspace:* was for testing) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Drew-Macgibbon
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const url = `${GITHUB_RAW}/${repo}/${ref}/${file.src}` | ||
| const destPath = resolve(projectDir, dest) | ||
|
|
||
| const response = await fetch(url) |
Check warning
Code scanning / CodeQL
File data in outbound network request Medium
|
|
||
| const content = await response.text() | ||
| await mkdir(dirname(destPath), { recursive: true }) | ||
| await writeFile(destPath, content, 'utf-8') |
Check warning
Code scanning / CodeQL
Network data written to file Medium
Validate repo format, ref, and file paths from copy-list.json before using them in network requests or filesystem writes. Prevents path traversal and URL injection from malicious config files. Also syncs pnpm-lock.yaml after astronera dependency revert. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.starters/templates and the root projectinstall-skills.shfrom the starter template — it's now fetched dynamically via the copy-listHow it works
npx create-foundry my-project.starters/default/via@nuxt/cli(unchanged)copy-list.jsonfrom the scaffolded projectraw.githubusercontent.com) and writes it to the project directoryThis means shared files like agent rules, Claude configs, skills, and deployment configs stay in one place (the monorepo root) and are pulled at scaffold time — no more stale copies.
Changes
CLI (
cli/)cli/types.ts— AddedCopyListFileandCopyListConfiginterfacescli/copy-files.ts— New ~50-line module: reads JSON config, fetches files via GitHub raw API, writes to disk withPromise.allSettledfor partial failure resiliencecli/cli.ts— AddedprocessCopyList(dir)call after scaffold stepStarter template (
.starters/default/)copy-list.json— New config listing 15 shared files to fetch (agent rules, Claude configs, skills, prettier, deploy config)scripts/install-skills.sh— Deleted (now fetched from upstream).gitignore— Added agent/skills gitignore entriesLint fixes (
layer/)webhook.post.ts— Removed unusedresponsevariablenuxt.config.ts— Fixed member delimiter style (;→,)docs-redirect.ts— Replacedanywith typedNavIteminterface, fixed brace stylecopy-files.ts— Fixed try/catch brace styleFiles fetched by default copy-list
scripts/install-skills.sh.agents/rules/*.md(4 files).claude/settings.json.claude/skills.json.claude/agents/*.md(3 files)skills/docs-writer/**(3 files).prettierrcdeploy/vercel.website.json→deploy/vercel.jsonTest plan
useAppStorage)tsup🤖 Generated with Claude Code