Skip to content

Add charmbracelet packages used in ThunderID CLI#14

Merged
brionmario merged 1 commit into
wso2:mainfrom
brionmario:main
Jun 17, 2026
Merged

Add charmbracelet packages used in ThunderID CLI#14
brionmario merged 1 commit into
wso2:mainfrom
brionmario:main

Conversation

@brionmario

@brionmario brionmario commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Member

1. Purpose of Dependency

Please describe the core functionality of the requested dependency:
Ued by the ThunderID CLI (tools/cli) to provide its interactive terminal experience.

  • github.com/charmbracelet/bubbletea - the TUI runtime: event loop, keyboard/terminal input handling, and cross-platform rendering.
  • github.com/charmbracelet/bubbles - ready-made TUI components built on bubbletea: selection lists, text inputs, spinners, and the download progress bar.
  • github.com/charmbracelet/huh - declarative interactive forms and prompts (select menus, confirmations, text fields) used in the setup/onboarding flows.
  • github.com/charmbracelet/huh/spinner - companion spinner for running async actions behind a prompt; a nested Go module inside the huh repository with no independent release tags, hence the exact pseudo-version pin.
  • github.com/charmbracelet/lipgloss - terminal styling/layout (colors, borders, alignment) used for all CLI output, banners, and themes.

2. Technical Justification

The Go standard library provides no terminal UI capability. Building this in-house would mean reimplementing low-level terminal handling that is notoriously platform-sensitive and error-prone, with no product value.

3. Dependency Health & Security Validation

By checking the boxes below, you confirm that you have evaluated the dependency against WSO2 engineering standards:

  • Active Maintenance: The repository demonstrates active maintenance (e.g., recent commits, regular releases, and responsive maintainers).
  • License Compliance: The dependency utilizes an Apache 2.0-compatible open-source license (e.g., MIT, BSD, Apache 2.0).
  • Security Posture: I have verified that there are no known, unpatched vulnerabilities (CVEs) within this dependency or its transitive dependency tree.

@coderabbitai

coderabbitai Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This pull request adds five Charmbracelet Go module entries to the dependency registry: bubbles, bubbletea, huh, huh/spinner, and lipgloss. Each dependency entry includes a versions constraint specifying the minimum or equal version requirement and allowed_scopes: ["*"] permitting use across all scopes. The registry file remains functionally consistent with existing dependency entries and schema structure.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately and concisely describes the main change: adding charmbracelet packages to the dependency registry for ThunderID CLI.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The pull request description addresses all three required sections with detailed information about each dependency, technical justification, and confirmed security/maintenance checks.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions

github-actions Bot commented Jun 12, 2026

Copy link
Copy Markdown

Dependency Registry Analysis Report

Summary

Total Registry Entries Changed: 5
Added: 5 | Updated: 0 | Removed: 0
Security Status: All dependencies are secure with no active vulnerabilities
Licenses Found: MIT (Apache 2.0 compatible)

See detailed analysis for more information

github.com/charmbracelet/bubbles: >=v1.0.0 - New

Added Entry:

module: github.com/charmbracelet/bubbles
version: ">=v1.0.0"
allowed_scopes: ["*"]
  • License: MIT (Apache 2.0 compatible)
  • Version status: ⚠️ Outdated (Latest: v2.0.0-beta.1, released Mar 26, 2025; v1.0.0 released Feb 9, 2026)
  • Repository activity: Active (last release Feb 9, 2026)
  • Security: No known CVEs
  • Transitive Dependencies: 11 dependencies analyzed, all secure
References

github.com/charmbracelet/bubbletea: >=v1.3.10 - New

Added Entry:

module: github.com/charmbracelet/bubbletea
version: ">=v1.3.10"
allowed_scopes: ["*"]
  • License: MIT (Apache 2.0 compatible)
  • Version status: ⚠️ Outdated (Latest: v2.0.0-beta.6, released Oct 30, 2025; v1.3.10 released Sep 17, 2025)
  • Repository activity: Active (last release Oct 30, 2025)
  • Security: No known CVEs
  • Transitive Dependencies: 8 dependencies analyzed, all secure
References

github.com/charmbracelet/huh: >=v1.0.0 - New

Added Entry:

module: github.com/charmbracelet/huh
version: ">=v1.0.0"
allowed_scopes: ["*"]
  • License: MIT (Apache 2.0 compatible)
  • Version status: ⚠️ Outdated (Latest: v2 pre-release, released Oct 2, 2025; v1.0.0 released Mar 9, 2026)
  • Repository activity: Active (ongoing development)
  • Security: No known CVEs
  • Transitive Dependencies: 10 dependencies analyzed, all secure
References

github.com/charmbracelet/huh/spinner: =v0.0.0-20260223110133-9dc45e34a40b - New

Added Entry:

module: github.com/charmbracelet/huh/spinner
version: "=v0.0.0-20260223110133-9dc45e34a40b"
allowed_scopes: ["*"]
  • License: MIT (Apache 2.0 compatible)
  • Version status: ⚠️ Pre-release (pseudo-version, released Feb 23, 2026; no stable tagged release)
  • Repository activity: Part of active huh development
  • Security: No known CVEs
  • Transitive Dependencies: 9 dependencies analyzed, all secure
References

github.com/charmbracelet/lipgloss: >=v1.1.0 - New

Added Entry:

module: github.com/charmbracelet/lipgloss
version: ">=v1.1.0"
allowed_scopes: ["*"]
  • License: MIT (Apache 2.0 compatible)
  • Version status: ⚠️ Outdated (Latest: v2.0.0-beta.3, released Jul 10, 2025; v1.1.0 released Mar 12, 2025)
  • Repository activity: Active (last release Jul 10, 2025)
  • Security: No known CVEs
  • Transitive Dependencies: 9 dependencies analyzed, all secure
References

⚠️ Important Note: All five packages being added to this registry are currently on v1.x versions, but v2 major versions are now available for bubbles, bubbletea, huh, and lipgloss. Consider reviewing whether v2 versions should be added instead, as the Charm Bracelet ecosystem has migrated to v2 releases with updated module paths (charm.land namespace) and additional features. The constraint >=v1.0.0 will allow v2.x versions if they become available under the github.com namespace in the future.

Analysis completed on 2026-06-12
Analyzed PR #14 | Repository: wso2/engineering-governance

@brionmario brionmario mentioned this pull request Jun 12, 2026
Merged
12 tasks
@brionmario brionmario merged commit 078d4c8 into wso2:main Jun 17, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@isharak isharak isharak approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brionmario @isharak