release v0.11.7: symlink resolution, simplified remote fetch

Packs in monorepos can now share content via symlinks (e.g.
rules/shared.md -> ../../shared/base.md). Symlinks are resolved to
regular files at install time. Targets must stay within the repository
boundary — absolute paths, .git traversal, and directory symlinks are
rejected.

Remote pack fetches for SSH URLs now use shallow clone universally,
matching the behavior of all non-GitHub URLs. This fixes content
discovery for packs that rely on directory-walking rather than explicit
manifest inventory.

Signed-off-by: David Foster <david.foster@oracle.com>
Signed-off-by: davidfos <david.d.foster@oracle.com>

Author: dfoster-oracle

CHANGELOG.md

@@ -6,6 +6,16 @@ The format is based on Keep a Changelog, and releases use semantic versioning ta
 
 ## Unreleased
 
+## [0.11.7]
+
+### Added
+
+- Symlinks in pack content are now resolved at install time when the target is within the source repository boundary. This enables packs in monorepos to share content via symlinks (e.g. `rules/shared.md -> ../../shared/base.md`). The installed pack always contains regular files. Symlinks that escape the repo boundary, point to directories, traverse `.git/`, or use absolute targets are rejected. The `--link` install method is unchanged.
+
+### Changed
+
+- Bitbucket Server SSH URLs (port 7999) now use shallow clone instead of `git archive --remote`. This fixes auto-discovery for packs with incomplete manifests and simplifies the install pipeline. Packs previously installed via archive will update via clone on next `pack update`.
+
 ## [0.11.6]
 
 ### Changed

VERSION

@@ -1 +1 @@
-0.11.6
+0.11.7

docs/aipack.md

@@ -65,14 +65,14 @@ aipack pack create ./path/to/dir --name custom-pack-name
 Installs a pack into `~/.config/aipack/packs/<name>/`. Supports three sources:
 
 - **Local path** (symlinked by default, `--copy` for full copy)
-- **URL** (`--url` — fetched via `git archive` with automatic fallback to shallow clone)
+- **URL** (`--url` — fetched via HTTP tarball for GitHub, shallow clone for everything else)
 - **Registry name** (bare name like `my-team-pack` — looked up in registry, then fetched)
 
 `aipack install` is a top-level alias for `aipack pack install`.
 
 With `-m`/`--missing`, installs all missing packs from the active profile by looking them up in the registry. This is the easiest way to catch up after setting a profile or after new packs are added to a shared profile.
 
-Remote packs are fetched using a two-phase process: first the manifest (`pack.json`) is retrieved to determine declared content, then only the declared files are fetched. This avoids downloading the full repository. When the remote doesn't support `git archive --remote` (e.g. GitHub), aipack falls back to a shallow clone automatically.
+Remote packs from GitHub HTTPS URLs are fetched as HTTP tarballs (no git binary required). All other URLs use a shallow clone (`git clone --depth 1`).
 
 Both HTTPS and SSH URLs are supported. SSH URLs (`git@host:path` or `ssh://`) avoid credential prompts.
 
@@ -108,7 +108,7 @@ aipack pack install ./my-pack --profile production
 
 ### pack list
 
-Lists all installed packs with name, install method (link/copy/clone/archive), version, origin, and broken-link status.
+Lists all installed packs with name, install method (link/copy/clone/http-tarball), version, origin, and broken-link status.
 
 ```bash
 aipack pack list
@@ -126,7 +126,7 @@ aipack pack show my-pack --json
 
 ### pack update
 
-Updates installed pack(s) to latest version from their origin. For archive-installed packs, re-fetches declared content and shows a file-level diff of changes. For git-cloned packs, runs `git pull`. For copied packs, re-copies from the recorded origin. For symlinked packs, re-validates the link target. Exactly one of `<name>` or `--all` is required.
+Updates installed pack(s) to latest version from their origin. For cloned packs, runs `git pull`. For HTTP-tarball packs, re-downloads and shows a file-level diff. For copied packs, re-copies from the recorded origin. For symlinked packs, re-validates the link target. Exactly one of `<name>` or `--all` is required.
 
 ```bash
 aipack pack update my-pack

docs/cli-spec.md

@@ -327,7 +327,7 @@ Always an array. Empty `[]` when no packs are installed.
   {
     "name": "essentials",
     "path": "/Users/x/.config/aipack/packs/essentials",
-    "method": "archive",
+    "method": "http-tarball",
     "version": "2026.03.07",
     "origin": "https://github.com/shrug-labs/packs.git",
     "is_link": false
@@ -354,7 +354,7 @@ Content ID arrays are always present (empty `[]`, never null).
   "name": "essentials",
   "version": "2026.03.07",
   "path": "/Users/x/.config/aipack/packs/essentials",
-  "method": "archive",
+  "method": "http-tarball",
   "origin": "https://github.com/shrug-labs/packs.git",
   "ref": "main",
   "commit_hash": "abc123def456",
@@ -497,7 +497,7 @@ Several flags follow a common resolution chain across commands:
 
 **Diff kinds:** `create` (file doesn't exist on disk), `identical` (desired matches on-disk), `managed` (on-disk matches ledger — safe to update), `conflict` (user-modified since last sync), `untracked` (exists on disk but not in ledger), `error` (classification failed)
 
-**Install methods:** `archive` (git archive fetch), `clone` (shallow git clone), `copy` (copied from local path), `link` (symlinked to local path), `local` (already in packs directory, registered in-place)
+**Install methods:** `clone` (shallow git clone), `http-tarball` (GitHub HTTP tarball), `copy` (copied from local path), `link` (symlinked to local path), `local` (already in packs directory, registered in-place), `archive` (legacy — treated as clone on update)
 
 **Finding categories:** `frontmatter`, `policy`, `consistency`, `inventory`
 

docs/configuration.md

@@ -53,7 +53,7 @@ defaults:
 installed_packs:          # managed by pack install/delete/update
   essentials:
     origin: "https://github.com/shrug-labs/packs.git"
-    method: archive
+    method: http-tarball
     installed_at: "2026-03-10T08:30:00Z"
     ref: main
     sub_path: essentials
@@ -91,7 +91,7 @@ Each entry records how a pack was installed. Keys are pack names.
 | Field | Type | Description |
 |-------|------|-------------|
 | `origin` | string | Absolute local path or remote URL |
-| `method` | string | `link`, `copy`, `clone`, or `archive` |
+| `method` | string | `link`, `copy`, `clone`, `http-tarball`, or `archive` (legacy) |
 | `installed_at` | string | RFC 3339 timestamp |
 | `ref` | string | Git ref used at install time (remote only) |
 | `sub_path` | string | Subdirectory within the repo (remote only) |
@@ -121,10 +121,10 @@ Packs live under `~/.config/aipack/packs/<name>/`. Four install methods produce
 | `link` | Symlink to source directory | Yes — edits at either location hit the same files | Re-validates symlink target |
 | `copy` | Full copy from local path | No — edits are local only | Re-copies from recorded origin |
 | `clone` | Shallow git clone | Yes (with `git pull`) | `git pull` in the clone |
-| `archive` | Extracted from `git archive` | No — edits are local only | Re-fetches via archive, shows file-level diff |
+| `http-tarball` | Downloaded from GitHub | No — edits are local only | Re-downloads tarball, shows file-level diff |
 | `local` | Pack already in packs directory | Yes — it's the source | Registered in-place, no fetch |
 
-`link` is the default for local installs and is the best choice for pack development — you edit the source and `sync --watch` picks up changes automatically. `archive` is the default for remote installs and is the most space-efficient for consumers.
+`link` is the default for local installs and is the best choice for pack development — you edit the source and `sync --watch` picks up changes automatically. `clone` is the default for SSH remote installs; `http-tarball` is used for GitHub HTTPS URLs.
 
 ### Integrity tracking
 

docs/pack-format.md

@@ -499,8 +499,8 @@ Without the override declaration, duplicate IDs across packs are treated as erro
 
 Packs are installed from git repositories. Two fetch strategies are supported:
 
-1. **Archive fetch** (preferred) — `git archive --remote` retrieves only declared content. Two phases: manifest first (to discover content), then declared files. Efficient for large repos where the pack is a subdirectory.
-2. **Shallow clone** (fallback) — used when the remote doesn't support `git archive` (e.g., GitHub). Performs a depth-1 clone.
+1. **HTTP tarball** — GitHub HTTPS URLs download a tarball directly (no git binary required).
+2. **Shallow clone** — all other URLs use `git clone --depth 1`.
 
 Both HTTPS and SSH URLs are supported. Packs can live in a subdirectory of a larger repository (common for team mono-repos).
 
@@ -560,7 +560,7 @@ aipack sync
 
 Pack versioning uses git refs. The `version` field in `pack.json` is informational. The authoritative version is the git ref (branch, tag, or commit) used at install time.
 
-For archive-installed packs, the commit hash at install time is recorded, enabling update detection.
+For remotely installed packs, the commit hash at install time is recorded, enabling update detection.
 
 ## 10. Harness Contract
 

internal/app/pack.go

@@ -1,9 +1,7 @@
 package app
 
 import (
-	"bytes"
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -58,7 +56,6 @@ type PackAddRequest struct {
 
 	// Test injection points:
 	RunGitFn      func(ctx context.Context, args ...string) error
-	ArchiveFn     func(ctx context.Context, repoURL, ref string, paths []string) ([]byte, error) // nil = config.GitArchiveFiles
 	HTTPTarballFn func(ctx context.Context, tarballURL, destDir, subPath string, opts config.ArchiveOpts) error
 	URLOKFn       func(ctx context.Context, raw string) (bool, error)
 	NowFn         func() time.Time
@@ -180,7 +177,8 @@ func packAddFromPath(req PackAddRequest, stdout io.Writer) error {
 			return fmt.Errorf("creating temp dir: %w", err)
 		}
 		defer os.RemoveAll(tmpDir)
-		if err := util.CopyDir(packDir, tmpDir); err != nil {
+		boundary := util.FindRepoRoot(packDir)
+		if err := util.CopyDirResolvingSymlinks(packDir, tmpDir, boundary); err != nil {
 			return fmt.Errorf("copying pack: %w", err)
 		}
 		packRemoveExisting(destDir, stdout)
@@ -297,8 +295,6 @@ func packAddFromURL(ctx context.Context, req PackAddRequest, stdout io.Writer) e
 	switch strategy {
 	case config.StrategyHTTPTarball:
 		result, err = packFetchHTTPTarball(ctx, req, info, packsDir, stdout)
-	case config.StrategyGitArchive:
-		result, err = packTryArchive(ctx, req, info, packsDir, stdout)
 	default:
 		result, err = packShallowClone(ctx, req, info, packsDir, stdout)
 	}
@@ -351,100 +347,6 @@ type packInstallResult struct {
 	commitHash string
 }
 
-// packTryArchive performs a two-phase git archive fetch (Bitbucket Server only).
-// Archive errors are terminal — no fallback to clone.
-func packTryArchive(ctx context.Context, req PackAddRequest, info config.PackURLInfo, packsDir string, stdout io.Writer) (packInstallResult, error) {
-	subPath := info.SubPath
-	archiveFn := req.ArchiveFn
-	if archiveFn == nil {
-		archiveFn = config.GitArchiveFiles
-	}
-
-	// Phase 1: fetch only pack.json via archive.
-	manifestRelPath := "pack.json"
-	if subPath != "" {
-		manifestRelPath = subPath + "/pack.json"
-	}
-
-	tarData, err := archiveFn(ctx, info.RepoURL, info.Ref, []string{manifestRelPath})
-	if err != nil {
-		return packInstallResult{}, fmt.Errorf("fetching manifest from %s: %w", info.RepoURL, err)
-	}
-
-	// Extract pack.json from the tar stream to parse manifest.
-	manifest, err := parseManifestFromTar(tarData, manifestRelPath)
-	if err != nil {
-		return packInstallResult{}, fmt.Errorf("parsing manifest from archive: %w", err)
-	}
-
-	name, err := resolvePackName(req.Name, manifest.Name)
-	if err != nil {
-		return packInstallResult{}, err
-	}
-
-	// Phase 2: compute content paths and fetch all declared files.
-	contentPaths := manifest.ContentPaths()
-	// Prepend subPath prefix if the pack lives in a subdirectory.
-	if subPath != "" {
-		for i, p := range contentPaths {
-			contentPaths[i] = subPath + "/" + p
-		}
-	}
-
-	tarData, err = archiveFn(ctx, info.RepoURL, info.Ref, contentPaths)
-	if err != nil {
-		if errors.Is(err, config.ErrArchivePathNotFound) {
-			return packInstallResult{}, fmt.Errorf("pack.json declares content not found in the repository — check that all listed rules/skills/workflows are committed: %w", err)
-		}
-		return packInstallResult{}, fmt.Errorf("fetching pack content from %s: %w", info.RepoURL, err)
-	}
-
-	// Extract into temp dir with safety validation.
-	archiveDir, err := makePackTempDir(req.ConfigDir, "archive-*")
-	if err != nil {
-		return packInstallResult{}, fmt.Errorf("creating temp dir: %w", err)
-	}
-	// Archive dir is always transient — clean it unconditionally.
-	defer os.RemoveAll(archiveDir)
-
-	if err := config.ExtractArchive(bytes.NewReader(tarData), archiveDir, config.ArchiveOpts{}); err != nil {
-		return packInstallResult{}, fmt.Errorf("extracting pack archive: %w", err)
-	}
-
-	// For subdirectory packs, the extracted content is under archiveDir/<subPath>/.
-	// Extract it into its own temp dir so we can install just the subtree.
-	installDir := archiveDir
-	packRoot := archiveDir
-	if subPath != "" {
-		subTmp, err := extractSubtree(packStagingDir(req.ConfigDir), archiveDir, subPath)
-		if err != nil {
-			return packInstallResult{}, err
-		}
-		defer func() {
-			if _, serr := os.Lstat(subTmp); serr == nil {
-				os.RemoveAll(subTmp)
-			}
-		}()
-		installDir = subTmp
-		packRoot = subTmp
-	}
-
-	// Verify pack.json exists in the extracted content.
-	if _, err := os.Stat(filepath.Join(packRoot, "pack.json")); err != nil {
-		return packInstallResult{}, fmt.Errorf("pack.json not found in extracted archive")
-	}
-
-	destDir := filepath.Join(packsDir, name)
-	packRemoveExisting(destDir, stdout)
-
-	if err := os.Rename(installDir, destDir); err != nil {
-		return packInstallResult{}, fmt.Errorf("moving archive to %s: %w", destDir, err)
-	}
-	fmt.Fprintf(stdout, "Installed: %s -> %s\n", req.URL, destDir)
-
-	return packInstallResult{name: name, destDir: destDir, method: config.MethodArchive, manifest: manifest}, nil
-}
-
 // packFetchHTTPTarball installs a pack by downloading a GitHub HTTP tarball.
 func packFetchHTTPTarball(ctx context.Context, req PackAddRequest, info config.PackURLInfo, packsDir string, stdout io.Writer) (packInstallResult, error) {
 	tarballURL, err := config.GitHubTarballURL(info.RepoURL, info.Ref)
@@ -563,6 +465,16 @@ func packShallowClone(ctx context.Context, req PackAddRequest, info config.PackU
 	if err := os.Rename(installDir, destDir); err != nil {
 		return packInstallResult{}, fmt.Errorf("moving clone to %s: %w", destDir, err)
 	}
+
+	// For root packs (no subPath extraction), the installed directory may
+	// contain symlinks from the cloned repo. Resolve them in-place so the
+	// installed pack contains only regular files.
+	if subPath == "" {
+		if err := util.ResolveSymlinksInDir(destDir); err != nil {
+			return packInstallResult{}, fmt.Errorf("resolving symlinks in clone: %w", err)
+		}
+	}
+
 	fmt.Fprintf(stdout, "Cloned: %s -> %s\n", req.URL, destDir)
 
 	return packInstallResult{name: name, destDir: destDir, method: config.MethodClone, manifest: manifest, commitHash: commitHash}, nil
@@ -588,17 +500,6 @@ func listClonePacks(dir string) string {
 	return strings.Join(packs, ", ")
 }
 
-// parseManifestFromTar extracts and parses pack.json from tar data.
-// The expectedPath is the relative path within the tar (e.g. "pack.json"
-// or "subdir/pack.json").
-func parseManifestFromTar(tarData []byte, expectedPath string) (config.PackManifest, error) {
-	data, err := config.ExtractSingleFileFromTar(tarData, expectedPath)
-	if err != nil {
-		return config.PackManifest{}, err
-	}
-	return config.ParsePackManifest(data)
-}
-
 // packProfileName returns the trimmed profile name, defaulting to "default".
 func packProfileName(raw string) string {
 	if p := strings.TrimSpace(raw); p != "" {
@@ -955,7 +856,7 @@ func extractSubtree(parentDir, cloneDir, subPath string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	if err := util.CopyDir(src, tmp); err != nil {
+	if err := util.CopyDirResolvingSymlinks(src, tmp, cloneDir); err != nil {
 		os.RemoveAll(tmp)
 		return "", fmt.Errorf("copying pack subtree: %w", err)
 	}
@@ -1112,10 +1013,9 @@ type PackUpdateRequest struct {
 	ConfigDir     string
 	Name          string // empty when All=true
 	All           bool
-	RunGitFn      func(ctx context.Context, args ...string) error                                // test injection; nil = real git
-	NowFn         func() time.Time                                                               // test injection; nil = time.Now
-	GitHashFn     func(ctx context.Context, dir string) (string, error)                          // test injection; nil = config.GitHeadHash
-	ArchiveFn     func(ctx context.Context, repoURL, ref string, paths []string) ([]byte, error) // test injection; nil = config.GitArchiveFiles
+	RunGitFn      func(ctx context.Context, args ...string) error       // test injection; nil = real git
+	NowFn         func() time.Time                                      // test injection; nil = time.Now
+	GitHashFn     func(ctx context.Context, dir string) (string, error) // test injection; nil = config.GitHeadHash
 	HTTPTarballFn func(ctx context.Context, tarballURL, destDir, subPath string, opts config.ArchiveOpts) error
 }
 
@@ -1174,7 +1074,6 @@ type packUpdateContext struct {
 	runGitFn      func(ctx context.Context, args ...string) error
 	nowFn         func() time.Time
 	gitHashFn     func(ctx context.Context, dir string) (string, error)
-	archiveFn     func(ctx context.Context, repoURL, ref string, paths []string) ([]byte, error)
 	httpTarballFn func(ctx context.Context, tarballURL, destDir, subPath string, opts config.ArchiveOpts) error
 	stdout        io.Writer
 }
@@ -1202,7 +1101,6 @@ func newPackUpdateContext(req PackUpdateRequest, sc config.SyncConfig, stdout io
 		runGitFn:      runGitFn,
 		nowFn:         nowFn,
 		gitHashFn:     req.GitHashFn,
-		archiveFn:     req.ArchiveFn,
 		httpTarballFn: req.HTTPTarballFn,
 		stdout:        stdout,
 	}
@@ -1374,7 +1272,6 @@ func packUpdateOne(ctx context.Context, name string, uctx packUpdateContext) Pac
 			Ref:           ref,
 			SubPath:       subPath,
 			Name:          name,
-			ArchiveFn:     uctx.archiveFn,
 			HTTPTarballFn: uctx.httpTarballFn,
 		}
 		addInfo := config.PackURLInfo{RepoURL: origin, Ref: ref, SubPath: subPath}
@@ -1383,7 +1280,7 @@ func packUpdateOne(ctx context.Context, name string, uctx packUpdateContext) Pac
 		if method == config.MethodHTTPTarball {
 			result, err = packFetchHTTPTarball(ctx, addReq, addInfo, uctx.packsDir, io.Discard)
 		} else {
-			result, err = packTryArchive(ctx, addReq, addInfo, uctx.packsDir, io.Discard)
+			result, err = packShallowClone(ctx, addReq, addInfo, uctx.packsDir, io.Discard)
 		}
 		if err != nil {
 			return PackUpdateResult{Name: name, Method: method, Status: "error", Message: err.Error()}