Skip to content

actions list/info: add trust level, publisher, paths, policies, and compatibility metadata#435

Draft
Copilot wants to merge 3 commits into
masterfrom
copilot/add-actions-list-and-info-commands
Draft

actions list/info: add trust level, publisher, paths, policies, and compatibility metadata#435
Copilot wants to merge 3 commits into
masterfrom
copilot/add-actions-list-and-info-commands

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 25, 2026
edited
Loading

actions list was missing publisher and actions info/show was missing several metadata fields called out in the PRD: trust level, pack path, compatibility, policies, and full security details.

Changes

actions list

  • publisher added to every row (text + --json)
  • search now also matches on publisher text

actions info / actions show

  • trust level — derived field (high/medium/low) from the manifest's security block:
    • high: leastPrivilegePermissions=true + pinThirdPartyActions=required + allowPullRequestTarget=false
    • medium: leastPrivilegePermissions=true + allowPullRequestTarget=false
    • low: anything else
  • pack pathCatalogEntry.packDir (absolute path to the pack on disk)
  • Compatibility section — providers, languages, package managers, frameworks
  • Policies section — installMode, managedComment, requiresReview
  • Security section — all four security fields, explicit
  • --json output now includes packDir and trustLevel

New export

export function deriveTrustLevel(security: ActionPackManifest['security']): TrustLevel

Tests — 5 new unit tests covering deriveTrustLevel logic and subcommand presence.

Example output (actions info node-pnpm-ci)

Node pnpm CI (node-pnpm-ci@1.0.0)
Least-privilege Node/TypeScript CI workflow using pnpm — install, typecheck, test.

publisher:    profullstack
visibility:   public
license:      MIT
categories:   ci, node, typescript
pricing:      free
trust level:  medium          ← green/yellow/red coloured
pack path:    /…/packages/actions/node-pnpm-ci

Compatibility
  providers: github
  languages: javascript, typescript
  package managers: pnpm
  frameworks: next, sveltekit, react

Policies
  install mode:     pull-request
  managed comment:  true
  requires review:  true

Security
  least-privilege permissions:  true
  pin third-party actions:      optional
  allow pull-request-target:    false
  default timeout (min):        15
…

@alwaysmeticulous
Copy link
Copy Markdown

alwaysmeticulous Bot commented May 25, 2026

Meticulous was unable to execute a test run for this PR because the most recent commit is associated with multiple PRs. To execute a test run, please try pushing up a new commit that is only associated with this PR.

Last updated for commit f505900. This comment will update as new commits are pushed.

Copilot AI linked an issue May 25, 2026 that may be closed by this pull request
Add actions list and actions info commands #427
Open
Copilot AI changed the title [WIP] Add actions list and actions info commands for sh1pt CLI actions list/info: add trust level, publisher, paths, policies, and compatibility metadata May 25, 2026
Copilot AI requested a review from ralyodio May 25, 2026 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ralyodio ralyodio Awaiting requested review from ralyodio

Assignees

@ralyodio ralyodio

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add actions list and actions info commands

2 participants

@ralyodio