You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/remote-registry.md
+45-5Lines changed: 45 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,10 +10,12 @@ itself - accounts, token issuance, hosted storage - is not part of this reposito
10
10
[`registry-design.md`](registry-design.md).
11
11
12
12
Client status today: the [`config.json` fields](#registry-configuration) below are recognized
13
-
behind the flag (presence without `-Z remote-registry` fails the index load), and client-side token
13
+
behind the flag (presence without `-Z remote-registry` fails the index load), client-side token
14
14
handling is implemented - `cabin login` / `cabin logout` plus
15
-
[authenticated reads](#client-side-token-handling). The publish / yank commands land incrementally
16
-
on the same gate.
15
+
[authenticated reads](#client-side-token-handling) - and so is
16
+
[publishing](#publishing-from-the-client) (`cabin publish` against an HTTP index source). The
17
+
yank *route* has a typed client (`cabin-registry-api`), but a `cabin yank` command has not landed
18
+
yet.
17
19
18
20
## Registry configuration
19
21
@@ -34,7 +36,7 @@ A remote registry serves the same registry-root layout as the sparse HTTP index
34
36
| Field | Type | Default | Description |
35
37
| --- | --- | --- | --- |
36
38
|`auth-required`| bool |`false`| When `true`, **every** request to this registry - including `config.json` itself, package metadata, and artifact downloads - must carry `Authorization: Bearer <token>`. |
37
-
|`api`| string | absent | Absolute base URL of the registry web/API origin, e.g. `"https://dev-registry.cabinpkg.com"`. Non-`http(s)` schemes and URLs with `userinfo` credentials are rejected, mirroring the index-URL hygiene of the sparse HTTP client. When absent, the API origin defaults to the index origin. |
39
+
|`api`| string | absent | Absolute base URL of the registry web/API origin, e.g. `"https://dev-registry.cabinpkg.com"`. Non-`http(s)` schemes and URLs with `userinfo` credentials are rejected, mirroring the index-URL hygiene of the sparse HTTP client. The read routes never consult it. When absent, `cabin publish` fails with an error naming the field: mutation requests are only ever sent to an explicitly declared API origin. |
38
40
39
41
Both index parsers (the local `--index-path` loader and the sparse HTTP client) parse the fields
40
42
unconditionally, but *presence* of either field without `-Z remote-registry` fails the index load
@@ -157,7 +159,43 @@ Server-side behavior is part of the contract:
157
159
-**Idempotency.** Re-publishing a version with byte-identical metadata and archive succeeds with
158
160
`200` and body `{"ok":true,"no_op":true}`. Publishing the same version with *different* bytes is
159
161
rejected with `409`.
160
-
- A first-time publish succeeds with `200` and body `{"ok":true}`.
162
+
- A first-time publish succeeds with `201` and body `{"ok":true}`.
163
+
164
+
### Publishing from the client
165
+
166
+
`cabin publish` targets a remote registry when the effective index source is an HTTP URL
167
+
(`--index-url`, or the `[registry] index-url` setting in [`config.md`](config.md#registry)) and no
168
+
`--registry-dir` is given. Without `-Z remote-registry` that combination fails with the standard
169
+
experimental-feature error. The flow is log in once, publish, then resolve like any consumer:
0 commit comments