feat(plugin): external command discovery; remove stack refresh-db

[omattsson]

Summary

Adds external-command plugin discovery so users can extend stackctl with any executable named stackctl-<name> on their $PATH — same pattern as git, kubectl, and gh. Removes the Klaravik-specific stack refresh-db subcommand; it now ships as a plugin in kvk-devops-tools.

New

• cli/cmd/plugins.go — PATH-scan at Execute(), first-win semantics, built-in collision protection, exit-code propagation, stdin/stdout/stderr pass-through
• cli/pkg/output/ — pluggable output format registry (RegisterFormat / RegisterSingleFormat) alongside the built-in table / json / yaml
• Env-var injection for plugins: STACKCTL_INSECURE, STACKCTL_QUIET, STACKCTL_OUTPUT resolved from flags, plus the parent environment's STACKCTL_API_URL / STACKCTL_API_KEY
• EXTENDING.md — plugin authoring guide with 5-minute tutorial, bash/Python/Go recipes for the common action-invocation pattern, security notes, distribution strategies, troubleshooting

Removed (BREAKING)

• stackctl stack refresh-db <id> subcommand
• Client.RefreshDBStack() from pkg/client

Migration: install the stackctl-refresh-db plugin from the kvk-devops-tools repo onto your $PATH; stackctl refresh-db <id> then becomes available via external-command discovery. The subcommand is no longer nested under stack.

Reviewer notes

Code review cycle completed before this PR:

• Flag-to-env forwarding implemented (was promised in docs but not delivered)
• Plugin absolute path hidden from --help listings (was leaking $HOME in screenshots); still visible in stackctl help <plugin> Long text
• Nil FormatterFunc rejected at registration (not at render time)
• Plugin collision test strengthened (asserts exactly one command with the colliding name)
• Stdin-passthrough test added (previously untested production code path)
• Python recipe uses HTTPError/URLError handling + stderr warning on insecure mode

Test coverage

• cli/cmd/plugins_test.go — 10 tests: discovery, skip-non-executable, first-PATH-wins, subcommand registration, built-in collision (with count assertion), arg passthrough, Cobra routing, stdin passthrough, no-op on empty PATH
• cli/pkg/output/formatter_test.go — 9 tests: panic-on-built-in-override, panic-on-nil-func, custom format routing, single-formatter fallback, concurrent reads
• All 6 test packages green; go vet ./... clean

Test plan

• go test ./... -count=1 — all pass
• go vet ./... — clean
• Install plugin: install stackctl-refresh-db ~/.local/bin/; run stackctl --help — plugin appears, no path in listing
• stackctl refresh-db <id> against a live backend — full round-trip verified

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Adds external-command plugin discovery to extend stackctl via stackctl-<name> executables on $PATH, introduces a pluggable output-format registry, and removes the Klaravik-specific stack refresh-db command/client method in favor of a plugin-based workflow.

Changes:

• Discover and register external plugin commands at CLI startup, proxying execution with stdio passthrough and exit-code propagation.
• Add pkg/output registries to support custom output formats (list + optional single-item formatter).
• Remove stack refresh-db Cobra command and Client.RefreshDBStack() (and associated tests/docs updates).

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
cli/cmd/root.go	Registers external plugins during Execute() before Cobra dispatch.
cli/cmd/plugins.go	Implements PATH scanning, collision handling, env forwarding, and plugin command wrapper.
cli/cmd/plugins_test.go	Adds tests for plugin discovery/registration and I/O passthrough behavior.
cli/cmd/stack.go	Removes stack refresh-db subcommand and its flag wiring/registration.
cli/cmd/stack_test.go	Removes tests covering the deleted stack refresh-db command.
cli/pkg/client/client.go	Removes RefreshDBStack() API method.
cli/pkg/client/client_test.go	Removes tests for the deleted RefreshDBStack() method.
cli/pkg/output/output.go	Adds custom formatter registries and routes printer output through them.
cli/pkg/output/formatter_test.go	Adds unit tests for formatter registration/routing behavior.
README.md	Documents plugin mechanism and a quick “hello” example.
EXTENDING.md	Adds plugin authoring guide, recipes, and troubleshooting details.

[Copilot]

discoverPlugins stores full := filepath.Join(dir, name) without ensuring it’s absolute. If a user has relative PATH entries, this can produce a relative binaryPath, contradicting the comment/nolint about an “absolute path captured at discovery time” and making execution dependent on the current working directory. Consider resolving full to an absolute (and optionally symlink-evaluated) path before storing/execing it.

[Copilot]

The example stackctl --help | grep hello output includes the plugin’s absolute path, but newPluginCommand intentionally hides the path from the Short help text (it’s only in Long). Update the example output to match what the CLI now prints.

Suggested change

	# hello Plugin: hello (/Users/you/.local/bin/stackctl-hello)
	# hello Plugin: hello

[Copilot]

stackctl --help <name> is not a typical Cobra help invocation (the --help flag generally ignores extra args). Prefer documenting stackctl help <name> for detailed help, and stackctl <name> --help for plugin-delegated help.

Suggested change

	Whatever the user typed after `stackctl <name>`. `stackctl --help <name>` shows the plugin in the command list; `stackctl <name> --help` is delegated to the plugin's own help.
	Whatever the user typed after `stackctl <name>`. Use `stackctl help <name>` for detailed built-in help about a named command; `stackctl <name> --help` is delegated to the plugin's own help.

[Copilot]

The comment says “adds during rendering are racy”, but the registry is protected by an RWMutex, so concurrent registration/rendering is race-free from a Go data-race perspective. If the intent is “unsupported / may lead to inconsistent output”, please reword to avoid implying an actual data race.

Suggested change

	// any Printer is used concurrently — the registry is read-locked on every
	// render so adds during rendering are racy.
	// any Printer is used concurrently. The registry is synchronized, so
	// registering while rendering is not a Go data race, but doing so is
	// unsupported and may lead to inconsistent behavior across concurrent renders.

[Copilot]

NewPrinter normalizes format names to lowercase, but RegisterFormat/RegisterSingleFormat store keys as-is and the built-in collision check is case-sensitive. This can make registered formats unreachable (e.g. RegisterFormat("CSV", ...)), and can lead to surprising duplicates. Consider normalizing name (e.g., strings.ToLower(strings.TrimSpace(name))) consistently in registration and lookups, and performing built-in collision checks on the normalized value.

[Copilot]

This example help output includes the plugin’s absolute path, but the implementation sets Short: "Plugin: <name>" specifically to avoid leaking paths in --help output. Update the example output (or change the implementation) so docs and behavior match.

Suggested change

	# → hello Plugin: hello (/Users/you/.local/bin/stackctl-hello)
	# → hello Plugin: hello

[Copilot]

Docs claim plugins receive STACKCTL_API_URL/STACKCTL_API_KEY from “user env / stackctl config”, but the plugin env injection currently only forwards the existing process environment plus a few flag-derived vars (it doesn’t export resolved config values). Either update the docs to say these must already be present in the environment, or update plugin execution to inject resolved API URL/key from flags/env/config.

Suggested change

	### Environment variables (inherited + resolved)
	The plugin inherits **stackctl's entire environment** (same pattern as `git`,
	`kubectl`, `gh`). On top of that, stackctl resolves its persistent flags into
	env vars before exec so a plugin sees the same effective configuration it
	would if stackctl invoked a built-in command:
	| Variable | Source | Purpose |
	|---|---|---|
	| `STACKCTL_API_URL` | user env / stackctl config | Base URL of the k8s-stack-manager API |
	| `STACKCTL_API_KEY` | user env / stackctl config | API key (header `X-API-Key`) |
	| `STACKCTL_INSECURE` | `--insecure` flag OR user env | `1` to skip TLS verification |
	### Environment variables (inherited + flag-derived)
	The plugin inherits **stackctl's entire environment** (same pattern as `git`,
	`kubectl`, `gh`). In addition, stackctl exports a small set of variables
	derived from active CLI flags before `exec` so plugins can observe the user's
	requested output and TLS behavior. stackctl does **not** inject values resolved
	from `stackctl config`; if your plugin needs `STACKCTL_API_URL` or
	`STACKCTL_API_KEY`, they must already be present in the environment when
	`stackctl` is launched.
	| Variable | Source | Purpose |
	|---|---|---|
	| `STACKCTL_API_URL` | parent shell environment | Base URL of the k8s-stack-manager API, if already exported |
	| `STACKCTL_API_KEY` | parent shell environment | API key (header `X-API-Key`), if already exported |
	| `STACKCTL_INSECURE` | `--insecure` flag | `1` to skip TLS verification |

[Copilot]

Internal docs say the plugin is registered with Short: "Plugin: <name> (<absolute-path>)", but the code uses Short: "Plugin: <name>" and keeps the path only in Long. Update this section to match the actual command registration.

Suggested change

	- `Short: "Plugin: <name> (<absolute-path>)"`
	- `Short: "Plugin: <name>"`
	- `Long`: includes the plugin's absolute path

[Copilot]

Troubleshooting suggests stackctl config set api-url <url> then “re-export the env var”, but stackctl config is stored in ~/.stackmanager/config.yaml and does not automatically export STACKCTL_API_URL into the environment. Please clarify the expected workflow (e.g., explicitly export STACKCTL_API_URL=..., or recommend plugins read the config file, or have stackctl inject resolved config values when execing plugins).

Suggested change

	The user hasn't configured it. Either:
	- They should `stackctl config set api-url <url>` and re-export the env var
	- Your plugin should fall back to reading `~/.stackmanager/config.yaml` and then the active context's `api-url`
	Core stackctl commands do config resolution automatically; plugins are plain exec'd subprocesses, so env is all they get unless you parse the config yourself.
	The plugin process only sees environment variables that are already exported in the user's shell. `stackctl config set api-url <url>` writes `~/.stackmanager/config.yaml`; it does **not** export `STACKCTL_API_URL` for plugins.
	Pick one workflow and document it for your plugin users:
	- If your plugin expects env vars, have the user explicitly export them, for example: `export STACKCTL_API_URL="$(stackctl config get api-url)"` (and similarly `export STACKCTL_API_KEY=...` if needed)
	- Or have your plugin fall back to reading `~/.stackmanager/config.yaml` and resolving the active context's `api-url` itself
	Core stackctl commands do config resolution automatically; plugins are plain exec'd subprocesses, so they only inherit the caller's environment unless they parse the config themselves. `stackctl` does not inject resolved config values when execing plugins.

[Copilot]

discoverPlugins accepts any suffix after stackctl- as a Cobra command name. If the filename contains whitespace or starts with - (e.g. stackctl--help), Cobra parsing/help output can break or route unexpectedly. Consider validating pluginName against the documented allowed set (letters/digits/dashes) and skipping invalid names.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 9 comments.

[Copilot]

pluginEnv only appends STACKCTL_INSECURE=1 when the flag is true. If the user already has STACKCTL_INSECURE=1 in their environment and explicitly runs with --insecure=false, the plugin will still see insecure mode enabled (because the original env var is preserved). If the intent is "flag > env", consider checking whether the flag was explicitly set (PersistentFlags().Changed) and then forcing STACKCTL_INSECURE=0/1 accordingly.

[Copilot]

The tutorial snippet prints the API key value when STACKCTL_API_KEY is set: ${STACKCTL_API_KEY:+***configured***}${STACKCTL_API_KEY:-<not set>} expands to ***configured***<actual-key>. This encourages leaking credentials into terminals/logs. Update the example to never echo the key (only print a redacted marker like "configured" or "").

Suggested change

	API key: ${STACKCTL_API_KEY:+***configured***}${STACKCTL_API_KEY:-<not set>}
	API key: $( [ -n "${STACKCTL_API_KEY:-}" ] && printf '%s' '***configured***' || printf '%s' '<not set>' )

[Copilot]

“Don’t re-implement auth” says that if a stackctl context is configured, STACKCTL_API_URL/STACKCTL_API_KEY “pass through”, but earlier/later the guide states stackctl does NOT inject config-resolved values into the plugin env (only parent-shell env + flag-derived vars). This is contradictory and can mislead plugin authors; please align the wording (e.g., require explicit export or suggest stackctl config get ... export helpers).

[Copilot]

The guide states stackctl refresh-db <id> POSTs to /api/v1/stack-instances/:id/actions/refresh-db, but there are no /actions/ endpoints referenced anywhere in this codebase (client methods currently don’t use that path pattern). If this is meant as a server-side extension example, it would help to phrase it as “could POST to … (if your backend exposes it)” or otherwise ensure the documented endpoint matches the actual API/plugin you’re migrating to.

Suggested change

	- **Thin wrappers around actions.** `stackctl refresh-db <id>` POSTs to `/api/v1/stack-instances/:id/actions/refresh-db` and pretty-prints the result. Pairs with a webhook handler registered on the server side.
	- **Thin wrappers around actions.** `stackctl refresh-db <id>` could POST to `/api/v1/stack-instances/:id/actions/refresh-db` **if your backend exposes that endpoint**, then pretty-print the result. This pairs well with a webhook/action handler registered on the server side.

[Copilot]

NewPrinter normalizes the format name with strings.ToLower only, but the registry uses normalizeFormatName (TrimSpace + ToLower). This means values like " csv " (or other whitespace) won't match a registered custom formatter even though the registry contract is whitespace-tolerant. Consider using normalizeFormatName(format) here (and in the switch) so built-ins and custom formats are resolved consistently.

Suggested change

	name := strings.ToLower(format)
	name := normalizeFormatName(format)

[Copilot]

pluginNamePattern is documented as allowing ASCII letters/digits/dashes, but the regex only permits lowercase a-z. If uppercase plugin names should be supported, adjust the regex/normalization; if lowercase-only is intentional, update the comment/docs to make that constraint explicit so authors don’t get surprised by plugins being silently skipped.

Suggested change

	// pluginNamePattern restricts plugin names to ASCII letters, digits, and
	// dashes so they form valid Cobra command names. A name like
	// "stackctl- bad" (with whitespace) or "stackctl--help" breaks help
	// routing and is skipped at discovery time.
	// pluginNamePattern restricts plugin names to lowercase ASCII letters,
	// digits, and dashes so they form valid Cobra command names. Names with
	// whitespace, uppercase letters, or leading dashes (for example
	// "stackctl- bad", "stackctl-Foo", or "stackctl--help") break help
	// routing and are skipped at discovery time.

[Copilot]

Similar precedence issue for quiet/output: pluginEnv only sets STACKCTL_QUIET/STACKCTL_OUTPUT when the corresponding flag is true/non-empty, but it never overrides an existing env var when the user explicitly passes --quiet=false or --output=table (etc.). If these variables are meant to reflect the effective flag values, consider using PersistentFlags().Changed to decide when to force an explicit value into the plugin environment.

Suggested change

	func pluginEnv(cmd *cobra.Command) []string {
	env := os.Environ()
	// Resolve --insecure (flag > env > config). The config layer may not be
	// loaded yet for plugin commands because persistent pre-run depends on
	// the command name, so favor the flag value here.
	if cmd != nil {
	if insecure, err := cmd.Root().PersistentFlags().GetBool("insecure"); err == nil && insecure {
	env = append(env, "STACKCTL_INSECURE=1")
	}
	if quiet, err := cmd.Root().PersistentFlags().GetBool("quiet"); err == nil && quiet {
	env = append(env, "STACKCTL_QUIET=1")
	}
	if output, err := cmd.Root().PersistentFlags().GetString("output"); err == nil && output != "" {
	env = append(env, "STACKCTL_OUTPUT="+output)
	func setOrAppendEnv(env []string, key, value string) []string {
	prefix := key + "="
	entry := prefix + value
	for i, kv := range env {
	if strings.HasPrefix(kv, prefix) {
	env[i] = entry
	return env
	}
	}
	return append(env, entry)
	}
	func pluginEnv(cmd *cobra.Command) []string {
	env := os.Environ()
	// Resolve flags with explicit CLI precedence for plugin commands. The
	// config layer may not be loaded yet because persistent pre-run depends on
	// the command name, so when a persistent flag was explicitly set we force
	// that effective value into the plugin environment, including false/default
	// values that must override inherited STACKCTL_* vars.
	if cmd != nil {
	flags := cmd.Root().PersistentFlags()
	if flag := flags.Lookup("insecure"); flag != nil && flag.Changed {
	if insecure, err := flags.GetBool("insecure"); err == nil {
	if insecure {
	env = setOrAppendEnv(env, "STACKCTL_INSECURE", "1")
	} else {
	env = setOrAppendEnv(env, "STACKCTL_INSECURE", "0")
	}
	}
	}
	if flag := flags.Lookup("quiet"); flag != nil && flag.Changed {
	if quiet, err := flags.GetBool("quiet"); err == nil {
	if quiet {
	env = setOrAppendEnv(env, "STACKCTL_QUIET", "1")
	} else {
	env = setOrAppendEnv(env, "STACKCTL_QUIET", "0")
	}
	}
	}
	if flag := flags.Lookup("output"); flag != nil && flag.Changed {
	if output, err := flags.GetString("output"); err == nil {
	env = setOrAppendEnv(env, "STACKCTL_OUTPUT", output)
	}

[Copilot]

RegisterSingleFormat’s doc says it’s for an already-registered format, but the implementation doesn’t verify that a corresponding list formatter exists in formatRegistry. This can lead to silent misconfiguration (NewPrinter won’t select the format, so the single formatter is effectively unreachable). Either enforce the precondition (panic/return error when the base format isn’t registered) or update the doc/behavior accordingly.

[Copilot]

The comment claims "Windows: .exe suffix handling via PATHEXT is honoured", but the code only trims a literal ".exe" and does not consult PATHEXT (so .cmd/.bat/.com plugins won’t be discovered). Either implement PATHEXT-based suffix handling or adjust the comment to match the actual behavior.

Suggested change

	// Windows: .exe suffix handling via PATHEXT is honoured; the POSIX
	// executable-bit check is skipped because Windows represents executability
	// via extension, not permission bits.
	// Windows: only a literal .exe suffix is trimmed from discovered plugin
	// names; the POSIX executable-bit check is skipped because Windows
	// represents executability via extension, not permission bits.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 8 comments.

[Copilot]

In the internal "How it works" list, Short is described as including the absolute path, but the implementation intentionally keeps the path out of Short and puts it in Long. Please align this bullet list with the actual registration behavior to avoid confusing plugin authors.

Suggested change

	- `Short: "Plugin: <name> (<absolute-path>)"`
	- `Short: "Plugin: <name>"` (path kept out of the summary listing)
	- `Long`: includes the plugin's absolute path for `stackctl help <name>`

[Copilot]

This troubleshooting advice recommends parsing ~/.stackmanager/config.yaml directly, which contradicts the earlier guidance to avoid parsing the config file because the schema may change. Consider recommending shelling out to stackctl config get ... (or documenting a stable machine-readable command) instead of reading the YAML directly.

Suggested change

	- **Have the plugin fall back to reading the config file itself:**
	parse `~/.stackmanager/config.yaml` and resolve the active context's
	`api-url` + `api-key` if the env vars are empty. A ~30-line helper in
	any language.
	Core stackctl commands do config resolution automatically; plugins are plain exec'd subprocesses, so env is all they get unless you parse the config yourself. stackctl does **not** inject resolved config values when execing plugins.
	- **Have the plugin resolve config by shelling out to `stackctl`:**
	if the env vars are empty, run `stackctl config get api-url` and
	`stackctl config get api-key` from the plugin and use those results.
	This avoids depending on the internal `~/.stackmanager/config.yaml`
	schema, which may change.
	Core stackctl commands do config resolution automatically; plugins are plain exec'd subprocesses, so env is all they get unless they explicitly resolve config themselves. stackctl does **not** inject resolved config values when execing plugins.

[Copilot]

The quick example/output implies STACKCTL_API_URL will be populated after configuring stackctl, but plugins only inherit already-exported environment variables. Consider adding a short note here that users must export STACKCTL_API_URL/STACKCTL_API_KEY (or follow EXTENDING.md’s workflow) for plugins to see them.

Suggested change

The plugin inherits `STACKCTL_API_URL`, `STACKCTL_API_KEY`, and the rest of the user's environment. Built-in subcommands always win on name collisions (a safety feature — a malicious `stackctl-config` on PATH can't intercept credentials).

The plugin inherits exported environment variables such as `STACKCTL_API_URL`, `STACKCTL_API_KEY`, and the rest of the user's environment. Note that values saved with `stackctl config set` are not automatically exported to your shell, so if you want plugins to see them you must export `STACKCTL_API_URL` / `STACKCTL_API_KEY` yourself (or follow the workflow in `EXTENDING.md`). Built-in subcommands always win on name collisions (a safety feature — a malicious `stackctl-config` on PATH can't intercept credentials).

[Copilot]

On Windows, this will accept stackctl-foo files without a .exe suffix as plugins (since only the name is stripped), but exec.Command typically can't run extensionless files. This can lead to registering non-runnable plugins and confusing runtime errors. Consider requiring .exe on Windows (or using exec.LookPath/PATHEXT-aware resolution) and skipping entries that aren't actually runnable.

[Copilot]

The os.Exit(exitErr.ExitCode()) path (exit-code propagation) isn't covered by tests right now, but it’s a key part of the plugin contract. Consider adding a test that runs a failing plugin via a subprocess (e.g., invoking a small helper test binary) and asserts stackctl exits with the plugin’s exact exit code.

[Copilot]

RegisterFormat allows an empty/whitespace-only name (normalizes to ""), which can put a formatter under the empty key and makes it impossible to select via --output (since empty currently maps to table). Consider rejecting empty names with a panic/error to avoid silent misconfiguration.

[Copilot]

This recipe suggests running stackctl config set api-url ... will satisfy STACKCTL_API_URL, but plugins only see exported environment variables (not values stored in ~/.stackmanager/config.yaml). The hint should instead tell users to export STACKCTL_API_URL (e.g., export STACKCTL_API_URL="$(stackctl config get api-url)") or have the plugin shell out to stackctl config get.

Suggested change

	: "${STACKCTL_API_URL:?STACKCTL_API_URL not set — run 'stackctl config set api-url ...' first}"
	: "${STACKCTL_API_URL:?STACKCTL_API_URL not set — export it first, e.g. export STACKCTL_API_URL=\"$(stackctl config get api-url)\"}"

[Copilot]

The doc references stackctl config show -o json, but there is no config show subcommand in this repo (available commands are set/get/list/...). Update this to a real command (e.g., stackctl config get api-url / stackctl config get api-key) so plugin authors don’t copy/paste a non-existent invocation.

Suggested change

	2. **Shell out to `stackctl config show -o json`** and parse the result. Works without any env wiring, at the cost of one extra exec.
	2. **Shell out to real config commands** such as `stackctl config get api-url` and `stackctl config get api-key`, then capture those values individually. Works without any env wiring, at the cost of one extra exec per lookup.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.

[Copilot]

RegisterSingleFormat doesn’t validate an empty/whitespace-only format name (unlike RegisterFormat). With name=="" (or built-in names), the panic message currently misleadingly reports an ordering issue ("called before RegisterFormat") instead of a bad name. Add the same norm == "" guard (and ideally the built-in-name guard) as RegisterFormat so registration failures are explicit and consistent.

[Copilot]

This test runs with t.Parallel() and registers the format name csv, which is also used by TestNewPrinter_UsesCustomFormat. Because the registries are package-global, the two parallel tests can overwrite/delete each other’s registration, causing flaky failures. Use a unique format name per test (e.g. csv_case_insensitive) or remove t.Parallel() for the tests that share registry keys.

[Copilot]

This test registers the custom format name csv while running in parallel. TestRegisterFormat_CaseInsensitiveAndTrimmed also registers/cleans up the same csv key, so the two tests can interfere via the shared global registries and become flaky. Rename one of the formats to a unique key or avoid t.Parallel() for registry-mutating tests.

[Copilot]

STACKCTL_OUTPUT is exported to plugins using the raw --output flag value. Since stackctl itself normalizes output names case-insensitively (and trims whitespace) in output.NewPrinter, a user running --output JSON will get JSON output but plugins will see STACKCTL_OUTPUT=JSON, which is inconsistent. Normalize the value before exporting (lowercase + trim) so plugins see the effective format key stackctl will use.

Suggested change

	if output, err := flags.GetString("output"); err == nil {
	if output, err := flags.GetString("output"); err == nil {
	output = strings.ToLower(strings.TrimSpace(output))

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

[Copilot]

Plugin collision protection currently only considers commands already present in root.Commands(). Since stackctl doesn’t explicitly register Cobra’s default help command before calling registerPlugins(), a stackctl-help executable on PATH can be registered as stackctl help, effectively shadowing the built-in help UX. Consider reserving names like help (and potentially other Cobra-reserved commands) or explicitly initializing the default help command before computing existingCommandNames() so plugins cannot override it.

[Copilot]

On Windows, discovery strips only a lowercase .exe suffix. A plugin built/renamed with an uppercase .EXE (common on Windows filesystems) will not have the suffix removed and will fail the pluginNamePattern check, so it won’t be discovered. Consider using a case-insensitive .exe check/trim (e.g., via strings.EqualFold on filepath.Ext) before validating the plugin name.

Suggested change

	pluginName = strings.TrimSuffix(pluginName, ".exe")
	if ext := filepath.Ext(pluginName); strings.EqualFold(ext, ".exe") {
	pluginName = pluginName[:len(pluginName)-len(ext)]
	}

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

[Copilot]

registerPlugins iterates over the map returned by discoverPlugins; Go map iteration order is randomized, so the order plugins are added (and thus shown in stackctl --help) will be nondeterministic across runs. To keep help output stable, collect plugin names into a slice, sort it, then add commands in sorted order.

[Copilot]

On Windows, trimming the .exe suffix is case-sensitive (strings.TrimSuffix(pluginName, ".exe")), so a plugin named stackctl-foo.EXE (valid on Windows) will not be discovered because the suffix isn't removed and the regex check will fail. Consider normalizing the filename case for the extension check or using a case-insensitive .exe match.

[Copilot]

This test claims to verify the Cobra wrapper passes args/stdout through, but it executes the plugin binary directly via exec.Command(bin, ...) instead of invoking pluginCmd.RunE. As written, it doesn't exercise newPluginCommand's passthrough wiring; consider calling the registered Cobra command (and capturing root's output) or removing the redundant assertion.

[Copilot]

Pull request overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

[Copilot]

pluginEnv only injects STACKCTL_QUIET/STACKCTL_OUTPUT when the corresponding persistent flags were explicitly set (Flags().Changed). This means plugins may (a) see no STACKCTL_OUTPUT at all when the user relies on the default "table", and (b) accidentally inherit STACKCTL_QUIET/STACKCTL_OUTPUT from the parent shell even when the user did not request quiet/custom output for this invocation—diverging from stackctl’s own flag behavior. Consider always setting STACKCTL_QUIET and STACKCTL_OUTPUT from the resolved flag values for each invocation (and only preserving an existing env var for STACKCTL_INSECURE if that’s an intentional compatibility feature).

[Copilot]

TestRegisterPlugins_RunViaCobraRouting doesn’t currently exercise Cobra’s routing/Execute path as the comment describes: it manually finds the command and calls RunE, and the root.SetArgs(...) setup is unused. Either rename/adjust the test to reflect what it actually verifies (arg passthrough via RunE), or rework it to run root.Execute() in a way that can assert routing without terminating the test process.

[Copilot]

registerPlugins iterates over a map returned by discoverPlugins. Go map iteration order is randomized, so the order that plugin subcommands are added (and therefore the order they appear in stackctl --help) will be nondeterministic between runs. Consider collecting plugin names, sorting them, and then adding commands in sorted order for stable help output.