ros/spec-kit
1
0
Fork 0
mirror of https://github.com/github/spec-kit.git synced 2026-03-21 12:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c3efd1fb71c15a57978655f8597dbef716903493
spec-kit/docs/upgrade.md
Manfred Riem bf33980426 feat(cli): embed core pack in wheel for offline/air-gapped deployment (#1803) 
* feat(cli): embed core pack in wheel + offline-first init (#1711, #1752)

Bundle templates, commands, and scripts inside the specify-cli wheel so
that `specify init` works without any network access by default.

Changes:
- pyproject.toml: add hatchling force-include for core_pack assets; bump
  version to 0.2.1
- __init__.py: add _locate_core_pack(), _generate_agent_commands() (Python
  port of generate_commands() shell function), and scaffold_from_core_pack();
  modify init() to scaffold from bundled assets by default; add --from-github
  flag to opt back in to the GitHub download path
- release.yml: build wheel during CI release job
- create-github-release.sh: attach .whl as a release asset
- docs/installation.md: add Enterprise/Air-Gapped Installation section
- README.md: add Option 3 enterprise install with accurate offline story

Closes #1711
Addresses #1752

* fix(tests): update kiro alias test for offline-first scaffold path

* feat(cli): invoke bundled release script at runtime for offline scaffold

- Embed release scripts (bash + PowerShell) in wheel via pyproject.toml
- Replace Python _generate_agent_commands() with subprocess invocation of
  the canonical create-release-packages.sh, guaranteeing byte-for-byte
  parity between 'specify init --offline' and GitHub release ZIPs
- Fix macOS bash 3.2 compat in release script: replace cp --parents,
  local -n (nameref), and mapfile with POSIX-safe alternatives
- Fix _TOML_AGENTS: remove qwen (uses markdown per release script)
- Rename --from-github to --offline (opt-in to bundled assets)
- Add _locate_release_script() for cross-platform script discovery
- Update tests: remove bash 4+/GNU coreutils requirements, handle
  Kimi directory-per-skill layout, 576 tests passing
- Update CHANGELOG and docs/installation.md

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix(offline): error out if --offline fails instead of falling back to network

- _locate_core_pack() docstring now accurately describes that it only
  finds wheel-bundled core_pack/; source-checkout fallback lives in callers
- init() --offline + no bundled assets now exits with a clear error
  (previously printed a warning and silently fell back to GitHub download)
- init() scaffold failure under --offline now exits with an error
  instead of retrying via download_and_extract_template

Addresses reviewer comment: https://github.com/github/spec-kit/pull/1803

* fix(offline): address PR review comments

- fix(shell): harden validate_subset against glob injection in case patterns
- fix(shell): make GENRELEASES_DIR overridable via env var for test isolation
- fix(cli): probe pwsh then powershell on Windows instead of hardcoding pwsh
- fix(cli): remove unreachable fallback branch when --offline fails
- fix(cli): improve --offline error message with common failure causes
- fix(release): move wheel build step after create-release-packages.sh
- fix(docs): add --offline to installation.md air-gapped example
- fix(tests): remove unused genreleases_dir param from _run_release_script
- fix(tests): rewrite parity test to run one agent at a time with isolated
  temp dirs, preventing cross-agent interference from rm -rf

* fix(offline): address second round of review comments

- fix(shell): replace case-pattern membership with explicit loop + == check
  for unambiguous glob-safety in validate_subset()
- fix(cli): require pwsh (PowerShell 7) only; drop powershell (PS5) fallback
  since the bundled script uses #requires -Version 7.0
- fix(cli): add bash and zip preflight checks in scaffold_from_core_pack()
  with clear error messages if either is missing
- fix(build): list individual template files in pyproject.toml force-include
  to avoid duplicating templates/commands/ in the wheel

* fix(offline): address third round of review comments

- Add 120s timeout to subprocess.run in scaffold_from_core_pack to prevent
  indefinite hangs during offline scaffolding
- Add test_pyproject_force_include_covers_all_templates to catch missing
  template files in wheel bundling
- Tighten kiro alias test to assert specific scaffold path (download vs offline)

* fix(offline): address Copilot review round 4

- fix(offline): use handle_vscode_settings() merge for --here --offline
  to prevent data loss on existing .vscode/settings.json
- fix(release): glob wheel filename in create-github-release.sh instead
  of hardcoding version, preventing upload failures on version mismatch
- docs(release): add comment noting pyproject.toml version is synced by
  release-trigger.yml before the tag is pushed

* fix(offline): address review round 5 + offline bundle ZIP

- fix(offline): pwsh-only, no powershell.exe fallback; clarify error message
- fix(offline): tighten _has_bundled to check scripts dir for source checkouts
- feat(release): build specify-bundle-v*.zip with all deps at release time
- feat(release): attach offline bundle ZIP to GitHub release assets
- docs: simplify air-gapped install to single ZIP download from releases
- docs: add Windows PowerShell 7+ (pwsh) requirement note

* fix(tests): session-scoped scaffold cache + timeout + dead code removal

- Add timeout=300 and returncode check to _run_release_script() to fail
  fast with clear output on script hangs or failures
- Remove unused import specify_cli, _SOURCE_TEMPLATES, bundled_project fixture
- Add session-scoped scaffolded_sh/scaffolded_ps fixtures that scaffold
  once per agent and reuse the output directory across all invariant tests
- Reduces test_core_pack_scaffold runtime from ~175s to ~51s (3.4x faster)
- Parity tests still scaffold independently for isolation

* fix(offline): remove wheel from release, update air-gapped docs to use pip download

* fix(tests): handle codex skills layout and iflow agent in scaffold tests

Codex now uses create_skills() with hyphenated separator (speckit-plan/SKILL.md)
instead of generate_commands(). Update _SKILL_AGENTS, _expected_ext, and
_list_command_files to handle both codex ('-') and kimi ('.') skill agents.
Also picks up iflow as a new testable agent automatically via AGENT_CONFIG.

* fix(offline): require wheel core_pack for --offline, remove source-checkout fallback

--offline now strictly requires _locate_core_pack() to find the wheel's
bundled core_pack/ directory. Source-checkout fallbacks are no longer
accepted at the init() level — if core_pack/ is missing, the CLI errors
out with a clear message pointing to the installation docs.

scaffold_from_core_pack() retains its internal source-checkout fallbacks
so parity tests can call it directly from a source checkout.

* fix(offline): remove stale [Unreleased] CHANGELOG section, scope httpx.Client to download path

- Remove entire [Unreleased] section — CHANGELOG is auto-generated at release
- Move httpx.Client into use_github branch with context manager so --offline
  path doesn't allocate an unused network client

* fix(offline): remove dead --from-github flag, fix typer.Exit handling, add page templates validation

- Remove unused --from-github CLI option and docstring example
- Add (typer.Exit, SystemExit) re-raise before broad except Exception
  to prevent duplicate error panel on offline scaffold failure
- Validate page templates directory exists in scaffold_from_core_pack()
  to fail fast on incomplete wheel installs
- Fix ruff lint: remove unused shutil import, remove f-prefix on
  strings without placeholders in test_core_pack_scaffold.py

* docs(offline): add v0.6.0 deprecation notice with rationale

- Help text: note bundled assets become default in v0.6.0
- Docstring: explain why GitHub download is being retired (no network
  dependency, no proxy/firewall issues, guaranteed version match)
- Runtime nudge: when bundled assets are available but user takes the
  GitHub download path, suggest --offline with rationale
- docs/installation.md: add deprecation notice with full rationale

* fix(offline): allow --offline in source checkouts, fix CHANGELOG truncation

- Simplify use_github logic: use_github = not offline (let
  scaffold_from_core_pack handle fallback to source-checkout paths)
- Remove hard-fail when core_pack/ is absent — scaffold_from_core_pack
  already falls back to repo-root templates/scripts/commands
- Fix truncated 'skill…' → 'skills' in CHANGELOG.md

* fix(offline): sandbox GENRELEASES_DIR and clean up on failure

- Pin GENRELEASES_DIR to temp dir in scaffold_from_core_pack() so a
  user-exported value cannot redirect output or cause rm -rf outside
  the sandbox
- Clean up partial project directory on --offline scaffold failure
  (same behavior as the GitHub-download failure path)

* fix(tests): use shutil.which for bash discovery, add ps parity tests

- _find_bash() now tries shutil.which('bash') first so non-standard
  install locations (Nix, custom CI images) are found
- Parametrize parity test over both 'sh' and 'ps' script types to
  ensure PowerShell variant stays byte-for-byte identical to release
  script output (353 scaffold tests, 810 total)

* fix(tests): parse pyproject.toml with tomllib, remove unused fixture

- Use tomllib to parse force-include keys from the actual TOML table
  instead of raw substring search (avoids false positives)
- Remove unused source_template_stems fixture from
  test_scaffold_command_dir_location

* fix: guard GENRELEASES_DIR against unsafe values, update docstring

- Add safety check in create-release-packages.sh: reject empty, '/',
  '.', '..' values for GENRELEASES_DIR before rm -rf
- Strip trailing slash to avoid path surprises
- Update scaffold_from_core_pack() docstring to accurately describe
  all failure modes (not just 'assets not found')

* fix: harden GENRELEASES_DIR guard, cache parity tests, safe iterdir

- Reject '..' path segments in GENRELEASES_DIR to prevent traversal
- Session-cache both scaffold and release-script results in parity
  tests — runtime drops from ~74s to ~45s (40% faster)
- Guard cmd_dir.iterdir() in assertion message against missing dirs

* fix(tests): exclude YAML frontmatter source metadata from path rewrite check

The codex and kimi SKILL.md files have 'source: templates/commands/...'
in their YAML frontmatter — this is provenance metadata, not a runtime
path that needs rewriting. Strip frontmatter before checking for bare
scripts/ and templates/ paths.

* fix(offline): surface scaffold failure detail in error output

When --offline scaffold fails, look up the tracker's 'scaffold' step
detail and print it alongside the generic error message so users see
the specific root cause (e.g. missing zip/pwsh, script stderr).

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-03-20 14:46:48 -05:00

13 KiB
Raw Blame History

Upgrade Guide

You have Spec Kit installed and want to upgrade to the latest version to get new features, bug fixes, or updated slash commands. This guide covers both upgrading the CLI tool and updating your project files.

Quick Reference

What to Upgrade Command When to Use
CLI Tool Only uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git@vX.Y.Z Get latest CLI features without touching project files
Project Files specify init --here --force --ai <your-agent> Update slash commands, templates, and scripts in your project
Both Run CLI upgrade, then project update Recommended for major version updates

Part 1: Upgrade the CLI Tool

The CLI tool (specify) is separate from your project files. Upgrade it to get the latest features and bug fixes.

If you installed with uv tool install

Upgrade to a specific release (check Releases for the latest tag):

uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git@vX.Y.Z

If you use one-shot uvx commands

Specify the desired release tag:

uvx --from git+https://github.com/github/spec-kit.git@vX.Y.Z specify init --here --ai copilot

Verify the upgrade

specify check

This shows installed tools and confirms the CLI is working.

Part 2: Updating Project Files

When Spec Kit releases new features (like new slash commands or updated templates), you need to refresh your project's Spec Kit files.

What gets updated?

Running specify init --here --force will update:

  • Slash command files (.claude/commands/, .github/prompts/, etc.)
  • Script files (.specify/scripts/)
  • Template files (.specify/templates/)
  • Shared memory files (.specify/memory/) - ⚠️ See warnings below

What stays safe?

These files are never touched by the upgrade—the template packages don't even contain them:

  • Your specifications (specs/001-my-feature/spec.md, etc.) - CONFIRMED SAFE
  • Your implementation plans (specs/001-my-feature/plan.md, tasks.md, etc.) - CONFIRMED SAFE
  • Your source code - CONFIRMED SAFE
  • Your git history - CONFIRMED SAFE

The specs/ directory is completely excluded from template packages and will never be modified during upgrades.

Update command

Run this inside your project directory:

specify init --here --force --ai <your-agent>

Replace <your-agent> with your AI assistant. Refer to this list of Supported AI Agents

Example:

specify init --here --force --ai copilot

Understanding the --force flag

Without --force, the CLI warns you and asks for confirmation:

Warning: Current directory is not empty (25 items)
Template files will be merged with existing content and may overwrite existing files
Proceed? [y/N]

With --force, it skips the confirmation and proceeds immediately.

Important: Your specs/ directory is always safe. The --force flag only affects template files (commands, scripts, templates, memory). Your feature specifications, plans, and tasks in specs/ are never included in upgrade packages and cannot be overwritten.

⚠️ Important Warnings

1. Constitution file will be overwritten

Known issue: specify init --here --force currently overwrites .specify/memory/constitution.md with the default template, erasing any customizations you made.

Workaround:

# 1. Back up your constitution before upgrading
cp .specify/memory/constitution.md .specify/memory/constitution-backup.md

# 2. Run the upgrade
specify init --here --force --ai copilot

# 3. Restore your customized constitution
mv .specify/memory/constitution-backup.md .specify/memory/constitution.md

Or use git to restore it:

# After upgrade, restore from git history
git restore .specify/memory/constitution.md

2. Custom template modifications

If you customized any templates in .specify/templates/, the upgrade will overwrite them. Back them up first:

# Back up custom templates
cp -r .specify/templates .specify/templates-backup

# After upgrade, merge your changes back manually

3. Duplicate slash commands (IDE-based agents)

Some IDE-based agents (like Kilo Code, Windsurf) may show duplicate slash commands after upgrading—both old and new versions appear.

Solution: Manually delete the old command files from your agent's folder.

Example for Kilo Code:

# Navigate to the agent's commands folder
cd .kilocode/rules/

# List files and identify duplicates
ls -la

# Delete old versions (example filenames - yours may differ)
rm speckit.specify-old.md
rm speckit.plan-v1.md

Restart your IDE to refresh the command list.

Common Scenarios

Scenario 1: "I just want new slash commands"

# Upgrade CLI (if using persistent install)
uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git

# Update project files to get new commands
specify init --here --force --ai copilot

# Restore your constitution if customized
git restore .specify/memory/constitution.md

Scenario 2: "I customized templates and constitution"

# 1. Back up customizations
cp .specify/memory/constitution.md /tmp/constitution-backup.md
cp -r .specify/templates /tmp/templates-backup

# 2. Upgrade CLI
uv tool install specify-cli --force --from git+https://github.com/github/spec-kit.git

# 3. Update project
specify init --here --force --ai copilot

# 4. Restore customizations
mv /tmp/constitution-backup.md .specify/memory/constitution.md
# Manually merge template changes if needed

Scenario 3: "I see duplicate slash commands in my IDE"

This happens with IDE-based agents (Kilo Code, Windsurf, Roo Code, etc.).

# Find the agent folder (example: .kilocode/rules/)
cd .kilocode/rules/

# List all files
ls -la

# Delete old command files
rm speckit.old-command-name.md

# Restart your IDE

Scenario 4: "I'm working on a project without Git"

If you initialized your project with --no-git, you can still upgrade:

# Manually back up files you customized
cp .specify/memory/constitution.md /tmp/constitution-backup.md

# Run upgrade
specify init --here --force --ai copilot --no-git

# Restore customizations
mv /tmp/constitution-backup.md .specify/memory/constitution.md

The --no-git flag skips git initialization but doesn't affect file updates.

Using --no-git Flag

The --no-git flag tells Spec Kit to skip git repository initialization. This is useful when:

  • You manage version control differently (Mercurial, SVN, etc.)
  • Your project is part of a larger monorepo with existing git setup
  • You're experimenting and don't want version control yet

During initial setup:

specify init my-project --ai copilot --no-git

During upgrade:

specify init --here --force --ai copilot --no-git

What --no-git does NOT do

Does NOT prevent file updates Does NOT skip slash command installation Does NOT affect template merging

It only skips running git init and creating the initial commit.

Working without Git

If you use --no-git, you'll need to manage feature directories manually:

Set the SPECIFY_FEATURE environment variable before using planning commands:

# Bash/Zsh
export SPECIFY_FEATURE="001-my-feature"

# PowerShell
$env:SPECIFY_FEATURE = "001-my-feature"

This tells Spec Kit which feature directory to use when creating specs, plans, and tasks.

Why this matters: Without git, Spec Kit can't detect your current branch name to determine the active feature. The environment variable provides that context manually.

Troubleshooting

"Slash commands not showing up after upgrade"

Cause: Agent didn't reload the command files.

Fix:

  1. Restart your IDE/editor completely (not just reload window)

  2. For CLI-based agents, verify files exist:

    ls -la .claude/commands/      # Claude Code
ls -la .gemini/commands/      # Gemini
ls -la .cursor/commands/      # Cursor
ls -la .pi/prompts/           # Pi Coding Agent

  3. Check agent-specific setup:

    • Codex requires CODEX_HOME environment variable
    • Some agents need workspace restart or cache clearing

"I lost my constitution customizations"

Fix: Restore from git or backup:

# If you committed before upgrading
git restore .specify/memory/constitution.md

# If you backed up manually
cp /tmp/constitution-backup.md .specify/memory/constitution.md

Prevention: Always commit or back up constitution.md before upgrading.

"Warning: Current directory is not empty"

Full warning message:

Warning: Current directory is not empty (25 items)
Template files will be merged with existing content and may overwrite existing files
Do you want to continue? [y/N]

What this means:

This warning appears when you run specify init --here (or specify init .) in a directory that already has files. It's telling you:

  1. The directory has existing content - In the example, 25 files/folders
  2. Files will be merged - New template files will be added alongside your existing files
  3. Some files may be overwritten - If you already have Spec Kit files (.claude/, .specify/, etc.), they'll be replaced with the new versions

What gets overwritten:

Only Spec Kit infrastructure files:

  • Agent command files (.claude/commands/, .github/prompts/, etc.)
  • Scripts in .specify/scripts/
  • Templates in .specify/templates/
  • Memory files in .specify/memory/ (including constitution)

What stays untouched:

  • Your specs/ directory (specifications, plans, tasks)
  • Your source code files
  • Your .git/ directory and git history
  • Any other files not part of Spec Kit templates

How to respond:

  • Type y and press Enter - Proceed with the merge (recommended if upgrading)

  • Type n and press Enter - Cancel the operation

  • Use --force flag - Skip this confirmation entirely:

    specify init --here --force --ai copilot

When you see this warning:

  • Expected when upgrading an existing Spec Kit project
  • Expected when adding Spec Kit to an existing codebase
  • ⚠️ Unexpected if you thought you were creating a new project in an empty directory

Prevention tip: Before upgrading, commit or back up your .specify/memory/constitution.md if you customized it.

"CLI upgrade doesn't seem to work"

Verify the installation:

# Check installed tools
uv tool list

# Should show specify-cli

# Verify path
which specify

# Should point to the uv tool installation directory

If not found, reinstall:

uv tool uninstall specify-cli
uv tool install specify-cli --from git+https://github.com/github/spec-kit.git

"Do I need to run specify every time I open my project?"

Short answer: No, you only run specify init once per project (or when upgrading).

Explanation:

The specify CLI tool is used for:

  • Initial setup: specify init to bootstrap Spec Kit in your project
  • Upgrades: specify init --here --force to update templates and commands
  • Diagnostics: specify check to verify tool installation

Once you've run specify init, the slash commands (like /speckit.specify, /speckit.plan, etc.) are permanently installed in your project's agent folder (.claude/, .github/prompts/, .pi/prompts/, etc.). Your AI assistant reads these command files directly—no need to run specify again.

If your agent isn't recognizing slash commands:

  1. Verify command files exist:

    # For GitHub Copilot
ls -la .github/prompts/

# For Claude
ls -la .claude/commands/

# For Pi
ls -la .pi/prompts/

  2. Restart your IDE/editor completely (not just reload window)

  3. Check you're in the correct directory where you ran specify init

  4. For some agents, you may need to reload the workspace or clear cache

Related issue: If Copilot can't open local files or uses PowerShell commands unexpectedly, this is typically an IDE context issue, not related to specify. Try:

  • Restarting VS Code
  • Checking file permissions
  • Ensuring the workspace folder is properly opened

Version Compatibility

Spec Kit follows semantic versioning for major releases. The CLI and project files are designed to be compatible within the same major version.

Best practice: Keep both CLI and project files in sync by upgrading both together during major version changes.

Next Steps

After upgrading:

  • Test new slash commands: Run /speckit.constitution or another command to verify everything works
  • Review release notes: Check GitHub Releases for new features and breaking changes
  • Update workflows: If new commands were added, update your team's development workflows
  • Check documentation: Visit github.io/spec-kit for updated guides