skillshark 0.2.0 → 0.3.0

package/README.md

@@ -36,13 +36,15 @@ Requirements: Node ≥ 20. **Senders** also need the [GitHub CLI](https://cli.gi
 
 ## The four commands
 
-**share** — package a skill and get an unlisted link (auto-copied to your clipboard):
+**share** — package a skill and get an unlisted link. Your clipboard receives the full **paste-and-go install one-liner**, so the receiver just pastes it into any terminal:
 
 ```sh
 skillshark share /j
-# → https://gist.github.com/8a1bc94ef23d4b6a9c01e57f8d2a4b3c#fp=3f9a7c21
+# clipboard → npx skillshark install 'https://gist.github.com/8a1bc94…#fp=3f9a7c21'
 ```
 
+(`-q` still prints the bare URL for scripts; `--json` includes both `url` and `installCommand`.)
+
 Accepts a name (`j`, `/j` — resolved across `./.claude/skills`, `./.claude/commands`, and their `~/` equivalents) or any path. Useful flags: `--expires 30m|6h|24h|7d|30d` (advisory, default 7d), `--dry-run`, `--name`, `--force`, `--no-clipboard`, `-q` (print only the URL).
 
 **install** — download, verify, preview, confirm, copy:
@@ -102,6 +104,23 @@ Crossing agents **converts** the artifact: the instructions (frontmatter + body)
 
 Same-agent installs are always byte-verbatim — conversion only happens when you cross.
 
+## GitHub Enterprise (v0.3)
+
+If your company runs GitHub Enterprise (GHES or `*.ghe.com`), SkillShark works entirely inside it — nothing touches public github.com:
+
+```sh
+gh auth login --hostname ghe.corp.com        # once, sender and receivers alike
+skillshark share j --host ghe.corp.com       # gist lives on YOUR GitHub
+skillshark install 'https://ghe.corp.com/gist/<id>#fp=<hex>'
+```
+
+- **Links carry their host.** Receivers don't need `--host` — an enterprise URL routes itself. `GH_HOST` (or `SKILLSHARK_HOST`) sets the default for bare ids and `gh:owner/repo` sources.
+- **The privacy property:** enterprise links are fetched exclusively through the receiver's own `gh` auth. No anonymous request ever leaves for an enterprise host (enforced by tests), and unauthenticated users get a clear `gh auth login --hostname …` pointer instead of a leak.
+- **One honest limit:** the gists API truncates inline content at ~1 MB and enterprise receivers can't fetch around it anonymously, so enterprise *gist* shares are capped at ~900 KB encoded. Bigger skills: put them in a repo on your GHES and share `gh:owner/repo/path` with `--host`.
+- `revoke` remembers which host a share went to and deletes it there.
+
+Public github.com behavior is completely unchanged: receivers still need no account and the receive path still never invokes `gh`.
+
 ## Security model
 
 - **SkillShark never executes package content.** Install = copy files. No postinstall hooks, no scripts, ever.

package/bin/skillshark.js

@@ -33,10 +33,18 @@ GLOBAL OPTIONS
   -y, --yes        Skip prompts (non-interactive)
   -q, --quiet      Print only the essential result (URL or path)
       --json       Machine-readable output
+      --host <h>   GitHub Enterprise hostname (default github.com; also
+                   honors GH_HOST). Enterprise links carry their host, so
+                   receivers usually don't need this flag.
       --no-color   Disable color (NO_COLOR is also honored)
   -h, --help       Show help (try: skillshark help <command>)
   -V, --version    Show version
 
+ENTERPRISE (privacy)
+  skillshark share j --host ghe.corp.com    share on your GHES — never leaves it
+  Enterprise links are fetched through YOUR gh auth (gh auth login --hostname
+  ghe.corp.com); no anonymous request ever touches an enterprise host.
+
 EXAMPLES
   skillshark                                interactive: menus for everything below
   skillshark share /j                       share the "j" skill (secret gist)
@@ -111,6 +119,7 @@ const GLOBAL_FLAGS = {
   yes: { short: 'y', key: 'yes' },
   quiet: { short: 'q', key: 'quiet' },
   json: { key: 'json' },
+  host: { takesValue: true, key: 'host' },
   'no-color': { key: 'noColor' },
   help: { short: 'h', key: 'help' },
   version: { short: 'V', key: 'version' },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillshark",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Share agent skills like files — secret gists out, safe verified installs in. No server; GitHub is the backend.",
   "type": "module",
   "bin": {

package/src/gh.js

@@ -1,30 +1,46 @@
 // The gh helper — the ONLY module (besides the clipboard) that touches
-// child_process. Used exclusively by sender operations (share, revoke).
-// Receivers never come through here. execFile with argument arrays only;
-// user input is never interpolated into a shell string (hard rule 3).
+// child_process. Used by sender operations (share, revoke) and, for GitHub
+// Enterprise hosts, by the receive path too: enterprise links are private by
+// nature, so they ride the receiver's own gh auth — never anonymous HTTPS.
+// execFile with argument arrays only; user input is never interpolated into
+// a shell string (hard rule 3).
 import { execFile as execFileCb } from 'node:child_process';
 import { promisify } from 'node:util';
 import { CliError, MSG } from './errors.js';
+import { DEFAULT_HOST } from './source.js';
 
 const execFileP = promisify(execFileCb);
 
 // Default runner; tests inject their own to capture or forbid calls.
-export async function defaultGhRunner(args) {
-  const { stdout } = await execFileP('gh', args, { maxBuffer: 32 * 1024 * 1024 });
+// opts.binary returns a Buffer (repo tarballs); default is utf8 text.
+export async function defaultGhRunner(args, opts = {}) {
+  const { stdout } = await execFileP('gh', args, {
+    maxBuffer: 96 * 1024 * 1024,
+    encoding: opts.binary ? 'buffer' : 'utf8',
+  });
   return stdout;
 }
 
+// Extra args to aim gh at a GitHub Enterprise host.
+export function hostArgs(host) {
+  return host && host !== DEFAULT_HOST ? ['--hostname', host] : [];
+}
+
 // Run `gh api ...` and map the usual failure modes onto exit-code-2 guidance.
 export function makeGhApi(runner = defaultGhRunner) {
-  return async function ghApi(args) {
+  return async function ghApi(args, opts = {}) {
     try {
-      return await runner(['api', ...args]);
+      return await runner(['api', ...args], opts);
     } catch (err) {
       if (err instanceof CliError) throw err;
-      if (err?.code === 'ENOENT') throw new CliError(MSG.ghMissing, 2);
+      const hostIdx = args.indexOf('--hostname');
+      const host = hostIdx !== -1 ? args[hostIdx + 1] : null;
+      if (err?.code === 'ENOENT') {
+        throw new CliError(host ? enterpriseGhMsg(host) : MSG.ghMissing, 2);
+      }
       const stderr = String(err?.stderr ?? '');
       if (/not logged in|authentication|HTTP 401|gh auth login/i.test(stderr)) {
-        throw new CliError(MSG.ghMissing, 2);
+        throw new CliError(host ? enterpriseGhMsg(host) : MSG.ghMissing, 2);
       }
       if (/HTTP 404/.test(stderr)) throw new CliError('GitHub returned 404 for that id.', 1);
       const detail = stderr.trim().split('\n')[0] || err.message;
@@ -32,3 +48,10 @@ export function makeGhApi(runner = defaultGhRunner) {
     }
   };
 }
+
+export function enterpriseGhMsg(host) {
+  return (
+    `This needs the GitHub CLI authenticated against ${host} (GitHub Enterprise):\n` +
+    `  https://cli.github.com, then "gh auth login --hostname ${host}"`
+  );
+}

package/src/install.js

@@ -9,7 +9,7 @@ import { readFileSync, existsSync } from 'node:fs';
 import path from 'node:path';
 import os from 'node:os';
 import { CliError, MSG } from './errors.js';
-import { parseSource, formatSource } from './source.js';
+import { parseSource, formatSource, resolveHost } from './source.js';
 import { fetchGistPackage } from './transports/gist.js';
 import { fetchRepoTree } from './transports/repo.js';
 import { extractTarball, hashTree, readManifest, verifyTreeAgainstManifest, MANIFEST_NAME } from './pkg.js';
@@ -35,12 +35,13 @@ function classifyRepoTree(actual, subPath, repo) {
   return { type: 'bundle', agent: '' };
 }
 
-export async function fetchAndVerify(sourceStr, deps) {
-  const src = parseSource(sourceStr);
+export async function fetchAndVerify(sourceStr, deps, opts = {}) {
+  const defaultHost = resolveHost(opts, deps);
+  const src = parseSource(sourceStr, { defaultHost });
   const workDir = await mkdtemp(path.join(os.tmpdir(), 'skillshark-recv-'));
 
   if (src.kind === 'gist') {
-    const gist = await fetchGistPackage(src.id, { fetch: deps.fetch });
+    const gist = await fetchGistPackage(src.id, { fetch: deps.fetch, host: src.host, ghApi: deps.ghApi });
     await extractTarball(gist.tarball, workDir);
     const manifest = await readManifest(workDir);
     const actual = await hashTree(workDir);
@@ -55,13 +56,13 @@ export async function fetchAndVerify(sourceStr, deps) {
       fingerprint,
       sender: gist.owner,
       fpVerified: Boolean(src.fp),
-      sourceRecord: `gist:${src.id}@${gist.revision ?? 'unknown'}`,
+      sourceRecord: `${formatSource({ ...src })}@${gist.revision ?? 'unknown'}`,
     };
   }
 
   // repo: no manifest exists; run the share-side inference on the extracted
   // tree and synthesize one in memory. The commit SHA is the integrity.
-  const { sha } = await fetchRepoTree(src, workDir, { fetch: deps.fetch });
+  const { sha } = await fetchRepoTree(src, workDir, { fetch: deps.fetch, ghApi: deps.ghApi });
   const actual = await hashTree(workDir, { exclude: [] });
   if (actual.length === 0) {
     throw new CliError(`No files found at gh:${src.owner}/${src.repo}${src.path ? `/${src.path}` : ''}@${sha.slice(0, 7)}.`, 1);
@@ -379,7 +380,7 @@ export async function runInstall(sourceStr, opts, deps) {
   const interactive = deps.isTTY && !opts.yes;
   const loud = !opts.json && !opts.quiet;
   const ui = deps.ui;
-  const verified = await ui.spin('Fetching and verifying the package', () => fetchAndVerify(sourceStr, deps));
+  const verified = await ui.spin('Fetching and verifying the package', () => fetchAndVerify(sourceStr, deps, opts));
   const { workDir, manifest, fingerprint, sourceRecord } = verified;
 
   try {
@@ -615,8 +616,8 @@ function installTargetsLine(manifest) {
 export async function runInspect(sourceStr, opts, deps) {
   const ui = deps.ui;
   const verified = await (opts.json || opts.files
-    ? fetchAndVerify(sourceStr, deps)
-    : ui.spin('Fetching and verifying the package', () => fetchAndVerify(sourceStr, deps)));
+    ? fetchAndVerify(sourceStr, deps, opts)
+    : ui.spin('Fetching and verifying the package', () => fetchAndVerify(sourceStr, deps, opts)));
   const { workDir, manifest } = verified;
   try {
     if (opts.json) {

package/src/share.js

@@ -3,6 +3,7 @@
 import { readFile } from 'node:fs/promises';
 import path from 'node:path';
 import { CliError } from './errors.js';
+import { resolveHost, DEFAULT_HOST } from './source.js';
 import { resolveShareArg, collectFiles, inferMetadata, findExternalRefs } from './discover.js';
 import { buildTarball } from './pkg.js';
 import { treeFingerprint, fp8 } from './fingerprint.js';
@@ -153,15 +154,22 @@ export async function runShare(arg, opts, deps) {
     } catch { /* preview is optional */ }
   }
 
-  const { id, revision } = await ui.spin('Uploading as a secret gist', () =>
+  const host = resolveHost(opts, deps);
+  const { id, revision, htmlUrl } = await ui.spin('Uploading as a secret gist', () =>
     createGist({
       manifestJson,
       primaryDoc,
       tarballB64: b64,
       description: gistDescription({ name: manifest.name, agent: manifest.agent, type: manifest.type, fp8: shortFp }),
       ghApi: deps.ghApi,
+      host,
     }));
-  const url = `https://gist.github.com/${id}#fp=${shortFp}`;
+  // github.com gets the short canonical form; enterprise hosts keep the
+  // html_url GitHub handed back (subdomain isolation varies per install)
+  const base = host === DEFAULT_HOST ? `https://gist.github.com/${id}` : (htmlUrl ?? `https://${host}/gist/${id}`);
+  const url = `${base}#fp=${shortFp}`;
+  // the paste-and-go line: receivers run this with zero setup
+  const installCommand = `npx skillshark install '${url}'`;
 
   await addShareRecord(deps.configDir, {
     id,
@@ -169,37 +177,41 @@ export async function runShare(arg, opts, deps) {
     url,
     revision,
     expiresAt: manifest.expiresAt,
+    ...(host !== DEFAULT_HOST ? { host } : {}),
   });
 
   let copied = false;
   if (!opts.noClipboard && deps.clipboard) {
-    copied = await deps.clipboard(url);
+    copied = await deps.clipboard(installCommand);
   }
 
   if (opts.json) {
     ui.out(JSON.stringify({
       id,
       url,
+      installCommand,
       revision,
       expiresAt: manifest.expiresAt,
       fingerprint,
       size: manifest.totalSize,
       files: manifest.files.map((f) => f.path),
+      ...(host !== DEFAULT_HOST ? { host } : {}),
     }));
   } else if (opts.quiet) {
     ui.out(url);
   } else {
     ui.out('');
     ui.ok('Uploaded as a secret gist (unlisted — anyone with the link can read it)');
-    if (copied) ui.ok(`Link copied to clipboard · advisory expiry in ${expires.label}`);
+    if (copied) ui.ok(`Install one-liner copied to clipboard — they just paste it · advisory expiry in ${expires.label}`);
     else ui.out(`  Advisory expiry in ${expires.label}`);
     ui.out('');
-    ui.out(`  ${url}`);
+    ui.out(`  ${installCommand}`);
     ui.out('');
-    ui.out('  They run:   skillshark install <the link>     (no GitHub account needed)');
-    ui.out(`  Undo:       skillshark revoke ${manifest.name}               (deletes the gist)`);
+    const who = host === DEFAULT_HOST ? '(no GitHub account needed)' : `(needs gh auth on ${host})`;
+    ui.out(`  Link only:  ${url}   ${who}`);
+    ui.out(`  Undo:       skillshark revoke ${manifest.name}   (deletes the gist)`);
   }
-  return { status: 'shared', id, url, fingerprint };
+  return { status: 'shared', id, url, installCommand, fingerprint };
 }
 
 // --- revoke (§4.4) -----------------------------------------------------------
@@ -208,6 +220,7 @@ export async function runRevoke(idOrName, opts, deps) {
   const ui = deps.ui;
   let id = null;
   let label = idOrName;
+  let host = resolveHost(opts, deps);
   if (/^[0-9a-f]{20,32}$/.test(idOrName)) {
     id = idOrName;
   } else {
@@ -215,9 +228,14 @@ export async function runRevoke(idOrName, opts, deps) {
     if (rec) {
       id = rec.id;
       label = `${rec.name} (${rec.id})`;
+      if (rec.host) host = rec.host; // enterprise share → revoke on its host
     } else {
-      // cache miss → ask gh for our skillshark gists
-      const out = await deps.ghApi(['gists', '--paginate']);
+      // cache miss → ask gh for our skillshark gists (on the chosen host)
+      const out = await deps.ghApi([
+        ...(host !== DEFAULT_HOST ? ['--hostname', host] : []),
+        'gists',
+        '--paginate',
+      ]);
       let gists;
       try {
         gists = JSON.parse(out);
@@ -242,7 +260,7 @@ export async function runRevoke(idOrName, opts, deps) {
       return { status: 'cancelled' };
     }
   }
-  await deleteGist(id, { ghApi: deps.ghApi });
+  await deleteGist(id, { ghApi: deps.ghApi, host });
   await removeShareRecord(deps.configDir, id);
   if (opts.json) ui.out(JSON.stringify({ revoked: id }));
   else ui.ok(`Revoked — the gist ${id} is gone. Anyone holding the link now gets "deleted by the sender".`);

package/src/source.js

@@ -1,29 +1,51 @@
 // §7.3 — source parsing. Accepted forms:
 //   https://gist.github.com/<id>            (optionally <user>/<id>, optionally #fp=<hex>)
-//   <20-32 char hex gist id>
+//   https://gist.<ghes-host>/<id>           GitHub Enterprise, subdomain isolation
+//   https://<ghes-host>/gist/<id>           GitHub Enterprise, path form
+//   <20-32 char hex gist id>                (host from --host / GH_HOST, default github.com)
 //   gh:owner/repo[/deep/path][@ref]         (ref = branch, tag, or SHA; split on the LAST "@")
 import { CliError } from './errors.js';
 
+export const DEFAULT_HOST = 'github.com';
+
 const USAGE = `Unrecognized source. Accepted forms:
   https://gist.github.com/8a1bc94ef23d4b6a9c01e57f8d2a4b3c#fp=3f9a7c21
+  https://ghe.example.com/gist/8a1bc94ef23d4b6a9c01e57f8d2a4b3c#fp=3f9a7c21
   8a1bc94ef23d4b6a9c01e57f8d2a4b3c
   gh:owner/repo[/deep/path][@ref]`;
 
 const NAME_RE = /^[A-Za-z0-9_.-]+$/;
+const HOST_RE = /^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$/i;
+
+// The host a command should talk to: explicit flag → env → github.com.
+export function resolveHost(opts = {}, deps = {}) {
+  const host = opts.host || deps.env?.SKILLSHARK_HOST || deps.env?.GH_HOST || DEFAULT_HOST;
+  if (!HOST_RE.test(host)) throw new CliError(`Invalid --host "${host}".`, 2);
+  return host.toLowerCase();
+}
 
-export function parseSource(input) {
+export function parseSource(input, { defaultHost = DEFAULT_HOST } = {}) {
   const s = String(input ?? '').trim();
   if (!s) throw new CliError(USAGE, 2);
 
-  const gistUrl = s.match(
-    /^https:\/\/gist\.github\.com\/(?:([A-Za-z0-9-]+)\/)?([0-9a-f]{20,32})\/?(?:#fp=([0-9a-f]{8,64}))?$/,
+  // gist.<host>/<id> — github.com and GHES-with-subdomain-isolation alike
+  let m = s.match(
+    /^https:\/\/gist\.([a-z0-9.-]+)\/(?:([A-Za-z0-9-]+)\/)?([0-9a-f]{20,32})\/?(?:#fp=([0-9a-f]{8,64}))?$/i,
+  );
+  if (m) {
+    return { kind: 'gist', id: m[3], fp: m[4] ?? null, host: m[1].toLowerCase() };
+  }
+
+  // <host>/gist/<id> — GHES path form
+  m = s.match(
+    /^https:\/\/([a-z0-9.-]+)\/gist\/(?:([A-Za-z0-9-]+)\/)?([0-9a-f]{20,32})\/?(?:#fp=([0-9a-f]{8,64}))?$/i,
   );
-  if (gistUrl) {
-    return { kind: 'gist', id: gistUrl[2], fp: gistUrl[3] ?? null };
+  if (m && m[1].toLowerCase() !== 'github.com') {
+    return { kind: 'gist', id: m[3], fp: m[4] ?? null, host: m[1].toLowerCase() };
   }
 
   if (/^[0-9a-f]{20,32}$/.test(s)) {
-    return { kind: 'gist', id: s, fp: null };
+    return { kind: 'gist', id: s, fp: null, host: defaultHost };
   }
 
   if (s.startsWith('gh:')) {
@@ -43,6 +65,7 @@ export function parseSource(input) {
         repo: segs[1],
         path: segs.length > 2 ? segs.slice(2).join('/') : null,
         ref,
+        host: defaultHost,
       };
     }
   }
@@ -51,8 +74,9 @@ export function parseSource(input) {
 }
 
 export function formatSource(src) {
-  if (src.kind === 'gist') return `gist:${src.id}`;
+  const hostTag = src.host && src.host !== DEFAULT_HOST ? `${src.host}:` : '';
+  if (src.kind === 'gist') return `gist:${hostTag}${src.id}`;
   const p = src.path ? `/${src.path}` : '';
   const r = src.ref ? `@${src.ref}` : '';
-  return `gh:${src.owner}/${src.repo}${p}${r}`;
+  return `gh:${hostTag}${src.owner}/${src.repo}${p}${r}`;
 }

package/src/transports/gist.js

@@ -1,12 +1,19 @@
 // Gist transport. Share/revoke go through `gh` (the sender's auth); the
-// receive path is ANONYMOUS https only — it must never invoke gh (§0.3).
+// public github.com receive path is ANONYMOUS https only — it must never
+// invoke gh (§0.3). GitHub Enterprise links are the deliberate exception:
+// privacy means everything rides the receiver's own gh auth and no anonymous
+// request ever leaves for the enterprise host.
 import { mkdtemp, writeFile, rm } from 'node:fs/promises';
 import path from 'node:path';
 import os from 'node:os';
 import { CliError, MSG } from '../errors.js';
 import { USER_AGENT } from '../version.js';
+import { DEFAULT_HOST } from '../source.js';
 
 export const GIST_PAYLOAD_LIMIT = 5 * 1024 * 1024; // encoded bytes (§4.1)
+// the gists API truncates inline file content at ~1 MB; on enterprise hosts we
+// can't fall back to an anonymous raw_url fetch, so shares are capped honestly
+export const ENTERPRISE_INLINE_LIMIT = 900 * 1024;
 const FETCH_HEADERS = {
   Accept: 'application/vnd.github+json',
   'User-Agent': USER_AGENT,
@@ -22,9 +29,19 @@ export function gistDescription({ name, agent, type, fp8 }) {
   return `skillshark: ${name} (${kind}) · fp ${fp8}`;
 }
 
+function hostFlags(host) {
+  return host && host !== DEFAULT_HOST ? ['--hostname', host] : [];
+}
+
 // One `gh api gists --method POST --input <tmp.json>` call; a JSON body file
 // avoids every shell-escaping pitfall (hard rule 3).
-export async function createGist({ manifestJson, primaryDoc, tarballB64, description, ghApi }) {
+export async function createGist({ manifestJson, primaryDoc, tarballB64, description, ghApi, host = DEFAULT_HOST }) {
+  if (host !== DEFAULT_HOST && tarballB64.length > ENTERPRISE_INLINE_LIMIT) {
+    throw new CliError(
+      `That's too big for an enterprise gist share (~${Math.floor(ENTERPRISE_INLINE_LIMIT / 1024)} KB encoded cap — the API truncates larger files and enterprise receivers can't fetch around it anonymously). Put it in a repo on ${host} instead.`,
+      2,
+    );
+  }
   const files = { 'SKILLSHARK.json': { content: manifestJson } };
   if (primaryDoc && primaryDoc.content.trim()) {
     files[path.basename(primaryDoc.name)] = { content: primaryDoc.content };
@@ -36,7 +53,7 @@ export async function createGist({ manifestJson, primaryDoc, tarballB64, descrip
   const bodyFile = path.join(tmpDir, 'gist-body.json');
   try {
     await writeFile(bodyFile, JSON.stringify(body));
-    const stdout = await ghApi(['gists', '--method', 'POST', '--input', bodyFile]);
+    const stdout = await ghApi([...hostFlags(host), 'gists', '--method', 'POST', '--input', bodyFile]);
     let parsed;
     try {
       parsed = JSON.parse(stdout);
@@ -44,14 +61,14 @@ export async function createGist({ manifestJson, primaryDoc, tarballB64, descrip
       throw new CliError('Unexpected response from gh while creating the gist.', 1);
     }
     if (!parsed.id) throw new CliError('gh created no gist (no id in response).', 1);
-    return { id: parsed.id, revision: parsed.history?.[0]?.version ?? null };
+    return { id: parsed.id, revision: parsed.history?.[0]?.version ?? null, htmlUrl: parsed.html_url ?? null };
   } finally {
     await rm(tmpDir, { recursive: true, force: true });
   }
 }
 
-export async function deleteGist(id, { ghApi }) {
-  await ghApi(['--method', 'DELETE', `gists/${id}`]);
+export async function deleteGist(id, { ghApi, host = DEFAULT_HOST }) {
+  await ghApi([...hostFlags(host), '--method', 'DELETE', `gists/${id}`]);
 }
 
 // --- receive side (anonymous fetch, no gh — ever) ---------------------------
@@ -70,25 +87,50 @@ async function readBodyCapped(res, cap, what) {
   return Buffer.concat(chunks);
 }
 
-export async function fetchGistPackage(id, { fetch }) {
-  let res;
-  try {
-    res = await fetch(`https://api.github.com/gists/${id}`, { headers: FETCH_HEADERS });
-  } catch (e) {
-    throw new CliError(`Network error reaching GitHub: ${e.message}`, 1);
-  }
-  if (res.status === 404) throw new CliError(MSG.gistDeleted, 1);
-  if (res.status === 403 || res.status === 429) {
-    throw new CliError('GitHub rate limit hit (anonymous reads are 60/hour per IP). Try again in a bit.', 1);
+export async function fetchGistPackage(id, { fetch, host = DEFAULT_HOST, ghApi = null }) {
+  let data;
+  if (host !== DEFAULT_HOST) {
+    // GitHub Enterprise: private by nature. Everything goes through the
+    // receiver's own gh auth; no anonymous request touches the host.
+    if (!ghApi) throw new CliError(`Can't reach ${host} without gh.`, 2);
+    let stdout;
+    try {
+      stdout = await ghApi(['--hostname', host, `gists/${id}`]);
+    } catch (err) {
+      if (err instanceof CliError && /404/.test(err.message)) throw new CliError(MSG.gistDeleted, 1);
+      throw err;
+    }
+    try {
+      data = JSON.parse(stdout);
+    } catch {
+      throw new CliError(`Unexpected response from ${host} while fetching the gist.`, 1);
+    }
+  } else {
+    let res;
+    try {
+      res = await fetch(`https://api.github.com/gists/${id}`, { headers: FETCH_HEADERS });
+    } catch (e) {
+      throw new CliError(`Network error reaching GitHub: ${e.message}`, 1);
+    }
+    if (res.status === 404) throw new CliError(MSG.gistDeleted, 1);
+    if (res.status === 403 || res.status === 429) {
+      throw new CliError('GitHub rate limit hit (anonymous reads are 60/hour per IP). Try again in a bit.', 1);
+    }
+    if (!res.ok) throw new CliError(`GitHub API error fetching the gist (HTTP ${res.status}).`, 1);
+    data = await res.json();
   }
-  if (!res.ok) throw new CliError(`GitHub API error fetching the gist (HTTP ${res.status}).`, 1);
-  const data = await res.json();
 
   const pkgFile = data.files?.['package.tgz.b64'];
   if (!pkgFile) {
     throw new CliError('No package at that link (the gist has no package.tgz.b64 — not a SkillShark share).', 1);
   }
   let b64;
+  if (pkgFile.truncated && host !== DEFAULT_HOST) {
+    throw new CliError(
+      `This enterprise share is too large to fetch inline (the ${host} API truncates files past ~1 MB). Ask the sender to share it as a repo path on ${host} instead.`,
+      1,
+    );
+  }
   if (pkgFile.truncated) {
     let raw;
     try {

package/src/transports/repo.js

@@ -1,9 +1,12 @@
-// Repo transport (install-only in v0.1): gh:owner/repo[/path][@ref], fetched
-// anonymously from api.github.com + codeload. The one integrity anchor is the
-// commit SHA; #fp= does not apply here (§4.2).
+// Repo transport (install-only): gh:owner/repo[/path][@ref], fetched
+// anonymously from api.github.com + codeload for public github.com, or
+// entirely through the receiver's gh auth for GitHub Enterprise hosts —
+// no anonymous request ever leaves for an enterprise host. The integrity
+// anchor is the commit SHA; #fp= does not apply here (§4.2).
 import { CliError } from '../errors.js';
 import { USER_AGENT } from '../version.js';
 import { extractTarball } from '../pkg.js';
+import { DEFAULT_HOST } from '../source.js';
 
 export const REPO_TARBALL_LIMIT = 50 * 1024 * 1024;
 const FETCH_HEADERS = {
@@ -60,38 +63,68 @@ export function subtreeMapper(subPath) {
   };
 }
 
-// Resolve ref → commit SHA (pinned installs skip the API entirely), download
-// the codeload tarball, and extract just the subtree through the §7.2 guards.
-export async function fetchRepoTree({ owner, repo, path: subPath, ref }, destDir, { fetch }) {
+async function ghJson(ghApi, host, apiPath, what) {
+  let stdout;
+  try {
+    stdout = await ghApi(['--hostname', host, apiPath]);
+  } catch (err) {
+    if (err instanceof CliError && /404/.test(err.message)) {
+      throw new CliError(`${what} not found on ${host}.`, 1);
+    }
+    throw err;
+  }
+  try {
+    return JSON.parse(stdout);
+  } catch {
+    throw new CliError(`Unexpected response from ${host} for ${what}.`, 1);
+  }
+}
+
+// Resolve ref → commit SHA (pinned public installs skip the API entirely),
+// download the tarball, and extract just the subtree through the §7.2 guards.
+export async function fetchRepoTree({ owner, repo, path: subPath, ref, host = DEFAULT_HOST }, destDir, { fetch, ghApi = null }) {
+  const enterprise = host !== DEFAULT_HOST;
+  if (enterprise && !ghApi) throw new CliError(`Can't reach ${host} without gh.`, 2);
   let sha;
   if (ref && /^[0-9a-f]{40}$/.test(ref)) {
     sha = ref;
   } else {
     let resolvedRef = ref;
     if (!resolvedRef) {
-      const repoInfo = await getJson(fetch, `https://api.github.com/repos/${owner}/${repo}`, `Repository ${owner}/${repo}`);
+      const repoInfo = enterprise
+        ? await ghJson(ghApi, host, `repos/${owner}/${repo}`, `Repository ${owner}/${repo}`)
+        : await getJson(fetch, `https://api.github.com/repos/${owner}/${repo}`, `Repository ${owner}/${repo}`);
       resolvedRef = repoInfo.default_branch;
       if (!resolvedRef) throw new CliError(`Repository ${owner}/${repo} has no default branch.`, 1);
     }
-    const commit = await getJson(
-      fetch,
-      `https://api.github.com/repos/${owner}/${repo}/commits/${encodeURIComponent(resolvedRef)}`,
-      `Ref "${resolvedRef}" in ${owner}/${repo}`,
-    );
+    const commitPath = `repos/${owner}/${repo}/commits/${encodeURIComponent(resolvedRef)}`;
+    const commit = enterprise
+      ? await ghJson(ghApi, host, commitPath, `Ref "${resolvedRef}" in ${owner}/${repo}`)
+      : await getJson(fetch, `https://api.github.com/${commitPath}`, `Ref "${resolvedRef}" in ${owner}/${repo}`);
     sha = commit.sha;
     if (!sha) throw new CliError(`Could not resolve "${resolvedRef}" to a commit in ${owner}/${repo}.`, 1);
   }
 
-  let res;
-  try {
-    res = await fetch(`https://codeload.github.com/${owner}/${repo}/tar.gz/${sha}`, {
-      headers: { 'User-Agent': USER_AGENT },
-    });
-  } catch (e) {
-    throw new CliError(`Network error downloading the repo tarball: ${e.message}`, 1);
+  let tarball;
+  if (enterprise) {
+    // gh follows the tarball redirect and emits the bytes on stdout
+    tarball = await ghApi(['--hostname', host, `repos/${owner}/${repo}/tarball/${sha}`], { binary: true });
+    if (!Buffer.isBuffer(tarball)) tarball = Buffer.from(tarball);
+    if (tarball.length > REPO_TARBALL_LIMIT) {
+      throw new CliError(`The repo tarball exceeds the ${Math.floor(REPO_TARBALL_LIMIT / (1024 * 1024))} MB limit.`, 1);
+    }
+  } else {
+    let res;
+    try {
+      res = await fetch(`https://codeload.github.com/${owner}/${repo}/tar.gz/${sha}`, {
+        headers: { 'User-Agent': USER_AGENT },
+      });
+    } catch (e) {
+      throw new CliError(`Network error downloading the repo tarball: ${e.message}`, 1);
+    }
+    if (!res.ok) throw new CliError(`Could not download ${owner}/${repo}@${sha.slice(0, 7)} (HTTP ${res.status}).`, 1);
+    tarball = await readBodyCapped(res, REPO_TARBALL_LIMIT, 'The repo tarball');
   }
-  if (!res.ok) throw new CliError(`Could not download ${owner}/${repo}@${sha.slice(0, 7)} (HTTP ${res.status}).`, 1);
-  const tarball = await readBodyCapped(res, REPO_TARBALL_LIMIT, 'The repo tarball');
 
   await extractTarball(tarball, destDir, { transformPath: subtreeMapper(subPath) });
   return { sha };

package/src/version.js

@@ -1,2 +1,2 @@
-export const VERSION = '0.2.0';
+export const VERSION = '0.3.0';
 export const USER_AGENT = `skillshark/${VERSION}`;