Skip to content

feat(skill): add UPLOADED status for PRIVATE skill lifecycle#290

Merged
XiaoSeS merged 2 commits intomainfrom
feat/oss-02-uploaded-status-semantic
Apr 13, 2026
Merged

feat(skill): add UPLOADED status for PRIVATE skill lifecycle#290
XiaoSeS merged 2 commits intomainfrom
feat/oss-02-uploaded-status-semantic

Conversation

@XiaoSeS
Copy link
Copy Markdown
Collaborator

@XiaoSeS XiaoSeS commented Apr 13, 2026

Summary

  • Add UPLOADED status for PRIVATE skills after security scan passes
  • PRIVATE skill owners can test before confirming publish or submitting for review
  • Rerelease now follows visibility rules (PRIVATE→UPLOADED, PUBLIC→PENDING_REVIEW)
  • Auto-withdraw changes status to UPLOADED (not DRAFT) to keep versions visible

Changes

  • SkillVersionStatus: Add UPLOADED enum value
  • SkillPublishService: PRIVATE skills go to UPLOADED after scan
  • SecurityScanService: Visibility-based status transition after scan
  • SkillGovernanceService: Withdraw→UPLOADED, delete allows UPLOADED
  • SkillQueryService: Include UPLOADED in version list filters
  • SkillReviewSubmitService: New service for submit-review and confirm-publish
  • SkillLifecycleController: Add submit-review and confirm-publish endpoints
  • Frontend: Add buttons, dialogs, and hooks for new operations

Workflow

  • PRIVATE: Publish → SCANNING → UPLOADED → confirm-publish → PUBLISHED
  • PUBLIC: Publish → SCANNING → PENDING_REVIEW → PUBLISHED

Test plan

  • Backend unit tests pass (339 tests)
  • Frontend tests pass (516 tests)
  • Manual testing with Playwright:
    • UPLOADED status version visible in version list
    • Confirm publish button works (UPLOADED → PUBLISHED)
    • Submit review button works
    • Rerelease follows visibility rules (PRIVATE → UPLOADED)
    • Multiple UPLOADED versions can be managed independently

Related

  • Implements OSS-02 semantic rules
  • Documents: docs/oss-01-core-contract-freeze.md, docs/oss-02-core-semantic-rules.md

@XiaoSeS
feat(skill): add UPLOADED status for PRIVATE skill lifecycle
f55c520 
## Summary
- Add UPLOADED status for PRIVATE skills after security scan passes
- PRIVATE skill owners can test before confirming publish or submitting for review
- Rerelease now follows visibility rules (PRIVATE→UPLOADED, PUBLIC→PENDING_REVIEW)
- Auto-withdraw changes status to UPLOADED (not DRAFT) to keep versions visible

## Changes
- SkillVersionStatus: Add UPLOADED enum value
- SkillPublishService: PRIVATE skills go to UPLOADED after scan
- SecurityScanService: Visibility-based status transition after scan
- SkillGovernanceService: Withdraw→UPLOADED, delete allows UPLOADED
- SkillQueryService: Include UPLOADED in version list filters
- SkillReviewSubmitService: New service for submit-review and confirm-publish
- SkillLifecycleController: Add submit-review and confirm-publish endpoints
- Frontend: Add buttons, dialogs, and hooks for new operations

## Workflow
- PRIVATE: Publish → SCANNING → UPLOADED → confirm-publish → PUBLISHED
- PUBLIC: Publish → SCANNING → PENDING_REVIEW → PUBLISHED
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 13, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@XiaoSeS
feat(review): add backward compatibility for DRAFT status
f70d09a 
Support both DRAFT (legacy) and UPLOADED (new flow) status in:
- SkillReviewSubmitService.submitForReview
- SkillReviewSubmitService.confirmPublish
- ReviewService.submitReview (both overloads)

This ensures existing data with DRAFT status continues to work
with the new visibility-based workflow introduced in OSS-02.
@XiaoSeS
Copy link
Copy Markdown
Collaborator Author

XiaoSeS commented Apr 13, 2026

PR 需求改动说明

背景

根据 OSS-02 语义规则,优化 PRIVATE 技能的发布流程,使其与 PUBLIC 技能区分处理,让用户在发布私有技能时有更好的体验。

核心改动

1. 新增 UPLOADED 状态

新增 UPLOADED 状态,表示技能包已上传并通过安全扫描,等待用户下一步操作。

状态流转规则:

技能可见性 发布后状态 用户操作 最终状态
PRIVATE UPLOADED 确认发布 PUBLISHED
PUBLIC / NAMESPACE_ONLY UPLOADED 提交审核 PENDING_REVIEW → PUBLISHED

2. PRIVATE 技能发布流程

  • 发布后进入 UPLOADED 状态,不会自动提交审核
  • 用户可在 UPLOADED 状态下测试技能
  • 用户确认发布后直接变为 PUBLISHED,无需审核

3. PUBLIC 技能发布流程

  • 发布后进入 UPLOADED 状态
  • 用户需手动"提交审核"才能进入 PENDING_REVIEW 状态
  • 审核通过后变为 PUBLISHED

4. 重新发布逻辑

重新发布遵循可见性规则:

  • PRIVATE 技能 → UPLOADED 状态
  • PUBLIC / NAMESPACE_ONLY 技能 → PENDING_REVIEW 状态

5. 自动撤回状态变更

自动撤回待审核版本时,状态改为 UPLOADED(而非 DRAFT),保持版本可见,用户可重新提交审核。

6. 向后兼容性

  • 提交审核接口同时支持 UPLOADEDDRAFT 状态
  • 确认发布接口同时支持 UPLOADEDDRAFT 状态
  • 存量 DRAFT 状态数据可正常使用

新增接口

接口 说明
POST /api/web/skills/{ns}/{slug}/versions/{v}/submit-review 提交 UPLOADED 版本进入审核队列
POST /api/web/skills/{ns}/{slug}/versions/{v}/confirm-publish 确认发布 PRIVATE 技能版本

安全保障

  • 已 PUBLISHED 状态的版本不能提交审核,无法直接变为 PUBLIC
  • 用户发布新版本时指定 PUBLIC 可见性,仍需进入审核流程
  • PRIVATE 技能变为 PUBLIC 的唯一路径:发布新版本 → 提交审核 → 审核通过

影响范围

  • 技能发布流程
  • 技能版本状态管理
  • 审核工作流
  • 前端技能详情页操作按钮逻辑

@XiaoSeS XiaoSeS merged commit 532d045 into main Apr 13, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dongmucat dongmucat dongmucat approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@XiaoSeS @CLAassistant @dongmucat