Implemented Subdirectory Specification for Source

[daylamtayari]

Add a prompt to the init command to allow users to specify a subdirectory as the source, allowing users to be able to store their skills in a skills/ directory in their repo and not the root. Resolves #74

Changelog:

• Created useSourceSubdir function that prompts the user and returns a string that is non-empty if the user specified
• Joined the subdirectory specified to the existing source path and create the directory if it does not exist
• Movedd the configuration saving to after the subdir prompting as from what I can see, initGitIfNeeded and setupGitRemote do not rely on the configuration.

There is a caveat that this introduces where if a user already initialised but did not setup a repository and then runs skillshare init --remote REMOTEURL, it will initialise the git repository and remote in the subdirectory and not the parent directory. This is due to the program not having knowledge that it is a subdirectory and not the parent.
I think this is an acceptable edge case as for a user to perform that, they already did not follow the recommended guidance and then are establishing the remote after the fact and I would want to expect such a user to check that it is in the appropriate dir if they care about the skills being in the source subdir. The fix would also just be moving the .git/ directory up a level which is minimal effort.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the init command by introducing an option for users to define a subdirectory within their repository to store skills. This change allows for better organization of skill files, preventing them from cluttering the repository root and resolving issue #74.

Highlights

• Subdirectory Specification for Source: Introduced a new interactive prompt during the init command to allow users to specify a subdirectory for storing skills, enabling better organization within their repositories.
• New useSourceSubdir Function: Implemented a dedicated useSourceSubdir function to handle user input for the subdirectory name, returning the chosen name or an empty string if none is selected.
• Dynamic Source Path Update: Modified the initialization flow to dynamically update the source path to include the specified subdirectory and ensure its creation if provided by the user.
• Refactored Configuration Saving: Adjusted the timing of configuration saving to occur after Git initialization and subdirectory prompting, ensuring the saved configuration accurately reflects the final source path.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• cmd/skillshare/init.go
  • Created useSourceSubdir function that prompts the user and returns a string that is non-empty if the user specified.
  • Joined the subdirectory specified to the existing source path and create the directory if it does not exist.
  • Moved the configuration saving to after the subdir prompting as initGitIfNeeded and setupGitRemote do not rely on the configuration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a feature to allow specifying a subdirectory for skills during initialization. The changes involve adding a new prompt function useSourceSubdir, and adjusting the performFreshInit logic to handle the subdirectory and save the configuration after all paths are determined. The implementation is mostly correct, but I've found a potential security vulnerability in how user input for the subdirectory is handled. My review includes a suggestion to sanitize this input to prevent path traversal attacks and also improves input reading to be more robust.

[runkids]

Thanks for the PR! The subdirectory prompt is a great addition — merging this now.

I'll follow up with a few tweaks in a subsequent commit:

• Input validation (path traversal prevention, e.g. .., /)
• TTY check so it doesn't block in non-interactive/CI environments
• --subdir CLI flag for scriptable usage
• Align prompt style with the existing ui package helpers

Appreciate the contribution 🙏

[daylamtayari]

Good points on the cli flag and UI, will just say that I don't consider the path traversal as having real security risk as the only impact is the user intentionally shooting themselves in the foot.

[runkids]

That makes sense for the interactive prompt! Quick question — we're planning to add a --subdir CLI flag so it can be used in scripts/CI. In that case, would you recommend input validation since the value could come from untrusted sources?

[runkids]

That's a fair point — agreed that for an interactive prompt, path traversal isn't a real security concern since the user is only affecting their own environment. Following your suggestion, we won't be adding path traversal validation. #79 focuses on the other improvements: TTY guard, --subdir flag, consistent bufio.Reader, and ui helpers. Will get that ready to merge. Thanks again for the contribution!

[daylamtayari]

@runkids While you can if you want, and it definitely doesn't hurt, in the current state of the program, I cannot identify a threat scenario where this can be leveraged.
I did evaluate the local privilege escalation consideration but in every scenario I can think of, the user would require having existing elevated permissions and access.
Sounds good for the changes and of course, happy to contribute!

[runkids]

@daylamtayari Thanks for the thorough security assessment — it really helped us scope the follow-up in #79. Great collaborating with you! 🙌