feat: marketplace maintainer UX (#722)

[sergio-sisternes-epam]

Description

First pass of the maintainer-side marketplace tooling tracked in #722. Builds on the foundations landing in #677 (semver engine, MarketplaceValidator skeleton, security advisories, publish skeleton).

Design context and the full UX proposal are captured in the discussion thread on the tracking issue: #722 (comment).

Hard rule driving this work

marketplace.json is Anthropic's standard, unaltered. APM emits the artifact byte-for-byte against Anthropic's schema; APM-only build inputs live in marketplace.yml and are stripped at compile time. A golden-file test enforces round-trip compatibility with Claude Code.

High-level scope

• apm marketplace init — scaffold marketplace.yml
• apm marketplace build — compile marketplace.yml -> Anthropic-compliant marketplace.json (concurrent ref resolution, diff output, dry-run)
• apm marketplace check — validation + freshness for CI (--strict, per-rule toggles)
• apm marketplace outdated — maintainer-side discovery of stale ranges
• apm marketplace publish — transactional add/update of a package entry (PR-first, --resume/--abort recovery)
• apm marketplace doctor — preflight probe for git / gh / tokens / ls-remote

Detailed plan, UX previews, and the 45-item UX-risk absorption map live in the session plan and will be distilled into a design doc / changelog entry during delivery.

Fixes #722

Type of change

• Bug fix
• New feature
• Documentation
• Maintenance / refactor

Testing

• Tested locally
• All existing tests pass
• Added tests for new functionality (if applicable)

---

Draft — work in progress. Please hold review until marked ready.

[sergio-sisternes-epam]

APM Expert Review Panel -- PR #790

Reviewers: Python Architect, CLI Logging Expert, DevX UX Expert, Supply Chain Security Expert, APM CEO, OSS Growth Hacker

Panel Verdict: Approve with conditions

This is APM's most significant feature since apm install. The marketplace authoring toolkit transforms APM from a consumer of curated registries into the toolchain that powers registry creation itself -- a capability no competitor (npm, cargo, homebrew) offers. The architecture is sound, the test coverage is excellent (1.5:1 test-to-code ratio, 4794 tests), and the feature is entirely additive with zero breaking changes.

Two conditions must be met before merge. Seven high-priority findings should be tracked for fast-follow.

---

Conditions for Merge

#	Condition	Owner	Rationale
C1	File a follow-up issue to extract commands/marketplace.py (1,835 LOC) into per-command modules under commands/marketplace/	Architect / CEO	God-files kill review velocity; this is APM's most complex command group
C2	Wire the authoring guide into the docs sidebar (astro.config.mjs) and add consumer-to-author cross-links	Growth	Without this, the feature ships invisible to 90%+ of docs visitors

---

Findings by Severity

Critical (4 findings)

#	Area	Finding	Reviewer
S1	Security	output field in marketplace.yml has no path traversal guard -- ../../.bashrc would be written outside the repo	Security
L1	Logging	publish state-file line crashes without Rich fallback (bare from rich.text import Text with no try/except)	Logging
L2	Logging	_helpers._get_console() never returns None -- all colorama fallback branches across 9 render functions are dead code	Logging
UX1	UX	validate and check are two confusingly overlapping validation commands with no clear differentiation	DevX

High / Important (14 findings)

#	Area	Finding	Reviewer
S2	Security	Token redaction regex misses http:// URLs and ?token= query params; copy-pasted in 3 files	Security
S3	Security	git ls-remote does not set GIT_TERMINAL_PROMPT=0 -- can hang on interactive credential prompt	Security
S4	Security	ConsumerTarget.repo and branch are not validated against injection patterns	Security
A1	Architecture	3 identical _atomic_write() implementations across builder, yml_editor, publisher	Architect
A2	Architecture	3 identical _redact_token() / _TOKEN_RE copies across ref_resolver, publisher, pr_integration	Architect
A3	Architecture	Builder.resolve() uses hidden state smuggling (self._resolve_errors) instead of returning a result object	Architect
A4	Architecture	Cross-module private import: yml_editor imports _SOURCE_RE from yml_schema	Architect
A5	Architecture	check command reimplements builder's ref-matching logic	Architect
L3	Logging	Stack traces swallowed in verbose mode -- all except Exception handlers print one-line error regardless of --verbose	Logging
L4	Logging	doctor hardcodes GITHUB_TOKEN/GH_TOKEN env var names instead of using AuthResolver	Logging
UX2	UX	Three different confirmation patterns across destructive commands; two hang in CI without --yes	DevX
UX3	UX	Docs list --marketplace-yml PATH option that doesn't exist in code	DevX
UX4	UX	plugin add doesn't enforce --version/--ref mutual exclusivity at CLI level	DevX
UX5	UX	outdated has no summary line on default path and no CI-friendly exit code	DevX

Notes (11 findings)

#	Area	Finding	Reviewer
S5	Security	version_pins.py fail-open design: deleted pin file silently disables ref-swap detection	Security
A6	Architecture	__init__.py eagerly imports all 40+ symbols, defeating lazy loading	Architect
A7	Architecture	locals().get("pr") anti-pattern in publish command	Architect
L5	Logging	18 bare click.echo() calls bypass logging infrastructure	Logging
L6	Logging	doctor doesn't use DiagnosticCollector (hand-rolls its own)	Logging
L7	Logging	Rich markup [dim]...[/dim] used directly in console.print() (markup injection precedent)	Logging
UX6	UX	Bare except Exception swallows actionable context in consumer commands	DevX
UX7	UX	publish confirmation uses hand-rolled prompt instead of click.confirm	DevX
UX8	UX	doctor doesn't check gh CLI presence despite docs claiming it does	DevX
UX9	UX	plugin subgroup missing list subcommand (incomplete CRUD)	DevX
G1	Growth	No consumer-to-author bridge in docs (consumer guide, first-package, README)	Growth

---

What's Done Well

The panel unanimously highlighted these strengths:

Area	Assessment
Error hierarchy	Clean MarketplaceError tree with actionable messages and suggested commands
Frozen dataclasses	Consistent frozen=True discipline across all domain models -- thread-safe by default
Security posture	yaml.safe_load everywhere, zero shell=True, token redaction on all error paths, path traversal guards on source/subdir fields
Injectable dependencies	PrIntegrator(runner=), Publisher(clock=, runner=), RefResolver -- composition over inheritance
Builder pipeline	Clean load -> resolve -> compose -> write with concurrent resolution and per-remote locks
Semver implementation	Dependency-free, correct prerelease ordering, AND-composition of ranges
Test coverage	1.5:1 test-to-code ratio; every module has dedicated unit + integration tests
Authoring guide	Quickstart in 4 commands, complete schema reference, troubleshooting table, recipes section
Scaffolding UX	init generates richly-commented YAML with inline docs, working examples, and next-steps panel

---

Strategic Assessment (CEO)

Positioning: This is APM's moat-defining feature. No competitor offers self-hosted marketplace authoring with semver resolution and cross-repo PR-driven publish. This is the npm publish moment for AI agent registries.

Naming: marketplace namespace and plugin subgroup ratified. Advisory: add one sentence bridging packages: (yml) vs plugin (CLI) naming in the authoring guide.

Dependency: ruamel.yaml addition justified -- no alternative for comment-preserving YAML editing. Correctly lazy-imported (only loaded on plugin add/set/remove).

Release: This merits a dedicated v0.9.0 minor release, not a patch. Story angle: "Build your own AI plugin registry in 4 commands."

---

Priority Fix Order

Priority	Findings	Effort
P0 -- before merge	S1 (output path traversal), C1 (file split issue), C2 (sidebar + cross-links)	Small-medium
P1 -- before merge	S3 (GIT_TERMINAL_PROMPT), A7 (locals().get), L1 (Rich crash)	Small
P2 -- fast follow	S2 (token regex), S4 (target validation), A1-A2 (DRY), L3 (verbose tracebacks)	Medium
P3 -- next iteration	A3 (state smuggling), A5 (check duplication), UX1 (validate vs check), UX9 (plugin list)	Medium-large
Backlog	All notes-severity findings	Small each

---

Panel composition and routing

Six specialist agents reviewed independently, with findings consolidated by the orchestrator:

• Python Architect: Module structure, design patterns, coupling, extensibility (11 findings)
• CLI Logging Expert: CommandLogger usage, Rich fallbacks, verbose mode, output structure (12 findings)
• DevX UX Expert: Command naming, help text, flags, interactive/CI patterns (10 findings)
• Supply Chain Security Expert: Token handling, path safety, YAML safety, injection vectors (8 findings)
• APM CEO: Positioning, naming, scope, dependency, release strategy (7 strategic assessments)
• OSS Growth Hacker: Discoverability, story angles, contributor funnel, README (10 findings)

Per panel protocol, specialists raised findings independently. The CEO arbitrated strategic calls (naming ratification, dependency approval, release framing). The Growth Hacker annotated discoverability gaps and escalated the sidebar registration as critical.

[sergio-sisternes-epam]

APM Expert Review Panel -- Round 2 (Fix Commit Validation)

Scope: 3 fix commits (7169bac, e0eb078, 092c6e4), 26 files, +620/-100
Review of: Fixes for all 16 findings from Round 1 (P0/P1/P2) + Round 2 action items

Panel Verdict: APPROVE (6/6 specialists)

Specialist	Verdict	Summary
Python Architect	APPROVE	DRY consolidation clean, aliasing pragmatic, no new anti-patterns
CLI Logging Expert	APPROVE	All logging fixes correct, verbose tracebacks well-placed
DevX UX Expert	APPROVE	UX fixes clean, exit-code convention correct
Supply Chain Security	APPROVE WITH NOTES	S1/S2/S4 solid; S3 gap in publisher _run_git() fixed in 092c6e4
OSS Growth Hacker	APPROVE WITH NOTES	Sidebar + cross-links correct, recommends exit-code docs
APM CEO	APPROVE	Both merge conditions satisfied. PR cleared for merge.

---

Merge Conditions -- Verified

• C1: Issue refactor: split commands/marketplace.py into per-command modules #821 filed for marketplace.py god-module split (labelled good first issue)
• C2: Authoring guide wired into docs sidebar + consumer-to-author cross-link added

---

Security Fixes -- Validated

ID	Fix	Security Review
S1	Output path traversal -- defence-in-depth (parse + resolve)	PASS -- both layers use sanctioned path_security.py guards
S2	Token regex consolidated -- covers https://, http://, ?token=	PASS -- 10 test vectors verified
S3	GIT_TERMINAL_PROMPT=0 on all git subprocesses	PASS -- ref_resolver + publisher _run_git() both hardened
S4	ConsumerTarget injection -- _SAFE_REPO_RE + _SHELL_META_RE	PASS -- 16 bypass vectors tested, shell=True never used

Architecture Fixes -- Validated

ID	Fix	Architecture Review
A1	3x _atomic_write consolidated to _io.py	PASS -- laser-focused module, __all__ declared
A2	3x _redact_token consolidated to _git_utils.py	PASS -- alias pattern pragmatic, zero call-site churn
A4	_SOURCE_RE made public as SOURCE_RE	PASS
A7	locals().get("pr") replaced with explicit variable	PASS

Logging + UX Fixes -- Validated

ID	Fix	Review
L1	Rich Text crash fallback	PASS -- click.echo fallback correct
L3	Verbose tracebacks in 5 error handlers	PASS -- well-placed, SystemExit re-raised
UX3	Phantom --marketplace-yml removed from docs	PASS
UX4	--version/--ref mutual exclusivity (plugin add + plugin set)	PASS
UX5	outdated summary line + exit code 1	PASS -- matches npm/pip convention
C2	Sidebar wiring for authoring guide	PASS
G1	Consumer-to-author cross-link	PASS

---

New Findings from Round 2 (Non-Blocking)

ID	Severity	Finding	Status
N1	Low	builder._atomic_write is now a pure passthrough -- can inline	Deferred
N2	Low	Stale _TOKEN_RE docstring references	Fixed (092c6e4)
N3	Low	Redundant (BuildError, Exception) catch tuple in outdated	Deferred
N4	Low	Error rows uncounted in outdated summary	Deferred
NEW-1	Medium	plugin set needs --version/--ref mutual exclusivity	Fixed (092c6e4)

---

Post-Merge Recommendations

1. Tag merge commit for v0.9.0 release notes
2. CHANGELOG lead: "Build your own AI plugin registry in 4 commands"
3. Monitor Issue refactor: split commands/marketplace.py into per-command modules #821 for community pickup (contributor funnel test)
4. Track version-pins fail-open (S5) as known-accepted risk with [security] label

---

Test Coverage

4825 tests passing (+31 new tests from fix commits), 0 failures.

Every security fix has corresponding test coverage:

• Path traversal: 4 tests (parse + resolve layers)
• Token redaction: 7 tests (including mixed patterns)
• Credential prompt suppression: 4 tests (ref_resolver + publisher)
• ConsumerTarget injection: 5 tests (repo + branch vectors)
• Mutual exclusivity: 2 tests (plugin add + plugin set)