~
. File visibility bug: buildSkillArchive (in bootstrap.go) only creates a tar.gz with SKILL.md! So Phabricator-bootstrapped skills only have SKILL.md visible. The StreamSkillContent function only fetches SKILL.md too. This is the core
bug explaining why "only SKILL.md is visible".
2. Microsoft OAuth: Currently only static token-based auth stub. Need proper MS OAuth.
3. Owner model: OwnerTokenHash is a single hash, not multi-owner. Need SkillOwner junction table.
4. Missing delete endpoint: No way to remove skills via API.
So my plan is to tackle the database redesign first—adding a User table and SkillOwner junction table to support multiple owners. Then I'll implement Microsoft OAuth with proper Azure AD integration, fix the file visibility issue by
making StreamSkillContent fetch the entire skill directory from Phabricator instead of just SKILL.md, and add the missing delete endpoint.
Looking at the actual implementation, the core problem is in bootstrap.go where StreamSkillContent only retrieves SKILL.md. I need to refactor it to use the directory-fetching logic from gitfetch.go so it pulls all files in the skill
directory. Before diving into the code changes, I should clarify the scope with the user and understand their priorities—this is a substantial refactor that touches the database layer, authentication, file handling, and API structure. I'm
seeing the core issues now: the Phabricator bootstrap only archives SKILL.md, so I need to either make StreamSkillContent fetch the full directory recursively or trigger a re-fetch when the editor opens. For the OAuth piece, I'll use Azure
AD with MSAL, storing the user's OID and email. The owner model should shift from a token hash to a junction table or JSON array of user OIDs. For the delete endpoint, I need to clean up the Repository, Manifests, Tags, and any orphaned
Blobs. Let me document all these changes in a plan.
o
sad
as
d
sad
sad
as
dsa
d
as
d
sad
sa
d
~
. 文件可见性错误:buildSkillArchive(位于 bootstrap.go 中)仅创建包含 SKILL.md 的 tar.gz 文件!因此,通过 Phabricator 引导的技能仅 SKILL.md 可见。StreamSkillContent 函数也仅获取 SKILL.md。这是解释“仅 SKILL.md 可见”的核心错误。
2. Microsoft OAuth:目前仅存在基于静态令牌的身份验证存根。需要实现完整的 MS OAuth。
3. 所有者模型:OwnerTokenHash 是单个哈希值,不支持多所有者。需要创建 SkillOwner 连接表。
4. 缺少删除端点:无法通过 API 删除技能。
因此,我的计划是首先进行数据库重新设计——添加 User 表和 SkillOwner 连接表以支持多所有者。然后,我将通过适当的 Azure AD 集成实现 Microsoft OAuth,通过让 StreamSkillContent 从 Phabricator 获取整个技能目录(而不仅仅是 SKILL.md)来修复文件可见性问题,并添加缺失的删除端点。
查看实际实现,核心问题在于 bootstrap.go 中 StreamSkillContent 仅检索 SKILL.md。我需要重构它,使用 gitfetch.go 中的目录获取逻辑,以便拉取技能目录中的所有文件。在深入代码更改之前,我应该与用户明确范围并了解他们的优先级——这是一次重大的重构,涉及数据库层、身份验证、文件处理和 API 结构。我现在看到了核心问题:Phabricator 引导仅归档 SKILL.md,因此我需要让 StreamSkillContent 递归获取完整目录,或者在编辑器打开时触发重新获取。对于 OAuth 部分,我将使用带有 MSAL 的 Azure AD,存储用户的 OID 和电子邮件。所有者模型应从令牌哈希转换为连接表或用户 OID 的 JSON 数组。对于删除端点,我需要清理仓库、清单、标签以及任何孤立的 Blob。让我将所有更改记录在一个计划中。
o
sad
as
d
sad
sad
as
dsa
d
as
d
sad
sa
d
