fix: correct stale tar.gz and --tarball references after zip default#1779
Conversation
There was a problem hiding this comment.
Pull request overview
This PR cleans up stale .tar.gz / --tarball references after PR #1720 switched the default producer format to .zip, aligning docs and a few in-code strings/comments with the current packaging behavior.
Changes:
- Update publish/registry documentation to describe
.zipas the default archive and--zipas the override path. - Clarify the Registry HTTP API format expectations and backwards-compat acceptance for legacy tar.gz uploads.
- Rename/adjust a couple of in-code references from “tarball” to “archive” for accuracy.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
src/apm_cli/deps/registry/resolver.py |
Updates comment to reflect zip default + legacy tar.gz extraction support. |
src/apm_cli/deps/registry/extractor.py |
Renames sha256 mismatch message from “tarball” to “archive”. |
src/apm_cli/commands/publish.py |
Updates module docstring to refer to zip archive publish. |
packages/apm-guide/.apm/skills/apm-usage/workflow.md |
Documents .zip as default bundle format alongside legacy .tar.gz. |
packages/apm-guide/.apm/skills/apm-usage/package-authoring.md |
Updates registry publish packaging guidance to .zip / --zip. |
docs/src/content/docs/reference/registry-http-api.md |
Updates publish-format note and adds backwards-compat acceptance statement. |
docs/src/content/docs/reference/cli/publish.md |
Updates publish reference from tar.gz/--tarball to zip/--zip and ASCII punctuation. |
docs/src/content/docs/guides/registries.md |
Updates registry guide to reflect zip default and --zip. |
APM Review Panel:
|
| Persona | B | R | N | Takeaway |
|---|---|---|---|---|
| Python Architect | 0 | 2 | 1 | Three source changes are architecturally sound; resolver.py module docstring + 4 user-visible error strings still say 'registry tarball' -- same class of fix as extractor.py. |
| CLI Logging Expert | 0 | 1 | 1 | ASCII replacements are correct; one em-dash missed in a user-facing ClickException in the same file; four resolver error strings still say 'tarball'. |
| DevX UX Expert | 0 | 4 | 1 | Four UX gaps: broken inline help examples, missing zip-build guidance, no --tarball migration signal, and --package inferability anti-pattern. |
| Supply Chain Security Expert | 0 | 0 | 2 | All five security invariants hold; no regressions. Hash-before-extraction, path guards, and fail-closed on format mismatch are all intact across both formats. |
| OSS Growth Hacker | 0 | 2 | 2 | Strong cross-platform win; two contributor-funnel gaps: missing zip-creation guidance and no --tarball migration trail. |
| Doc Writer | 0 | 3 | 2 | Format references correctly updated site-wide; two Custom layouts examples omit required --package; build-step guidance removed without zip equivalent; one 'replay' word choice regresses clarity. |
| Test Coverage Expert | 0 | 0 | 1 | PR is safe -- no test asserts old message strings; rename cannot break CI. HashMismatchError path exercised at unit tier but message text undefended (nit only). |
B = blocking-severity findings, R = recommended, N = nits.
Counts are signal strength, not gates. The maintainer ships.
Top 5 follow-ups
- [Doc Writer] Add --package OWNER/REPO to all _PUBLISH_HELP examples and to Custom layouts examples in registries.md and package-authoring.md -- Three panelists confirmed: --package is required=True; every example that omits it fails immediately with 'Missing option --package'. Copy-paste-crash is the worst possible first-publisher experience and was introduced by this PR. Trivial fix with high user-impact.
- [Python Architect] Replace 'registry tarball for' with 'registry archive for' in resolver.py RegistryResolutionError strings at lines 98, 104, 363, 369 -- Three panelists independently flagged this. The PR correctly updated extractor.py and missed the identical fix pattern in resolver.py. User-visible on every package validation failure; inconsistent with the extractor.py fix this PR ships.
- [DevX UX Expert] Add a cross-platform zip-build example to the Custom layouts section (e.g.,
python -m zipfile -c ./build/my-skill.zip apm.yml .apm/or referenceapm pack --archive-format zip) -- Three panelists flagged the removal of the tar czf build step with no replacement. First-time publishers on Windows are stranded with no actionable guidance. - [OSS Growth Hacker] Add migration note '(renamed from --tarball in vX.Y)' to the --zip row in the publish.md flag table -- Two panelists flagged: CI pipelines using
apm publish --tarballwill break silently with 'No such option: --tarball'. A one-line breadcrumb prevents silent automation breakage for existing users. - [CLI Logging Expert] Replace em-dash with '--' in the Forbidden ClickException message in publish.py line 272 -- The PR fixed em-dashes in logger.info() calls in the same file but missed this user-visible error message on 403 responses. Trivial one-character fix.
Architecture
classDiagram
direction TB
class publish_cmd {
<<CLIEntryPoint>>
+registry_name str
+zip_path str
+dry_run bool
}
class RegistryPackageResolver {
<<DownloadCallback>>
-_registries dict
+download_package(dep_ref, target_path) PackageInfo
+download_from_lockfile(...) PackageInfo
}
class extract_archive {
<<Dispatcher>>
+data bytes
+content_type str
+returns str
}
class verify_sha256 {
<<SecurityGate>>
+data bytes
+expected_digest str
+returns str
}
class HashMismatchError {
<<Exception>>
}
class RegistryResolution {
<<ValueObject>>
+resolved_url str
+resolved_hash str
+version str
}
class RegistryClient {
<<IOBoundary>>
+publish_version(owner, repo, ver, bytes)
+download_archive(owner, repo, ver)
}
class CommandLogger {
+info(msg)
+success(msg)
}
note for extract_archive "Strategy: dispatches to extract_zip (zip, default) or extract_tarball (legacy) via Content-Type + magic-bytes detection"
note for verify_sha256 "Error message updated: 'archive sha256 mismatch' (format-agnostic)"
publish_cmd ..> CommandLogger : logs via
publish_cmd ..> RegistryClient : uploads via
RegistryPackageResolver ..> RegistryClient : downloads via
RegistryPackageResolver ..> extract_archive : calls
RegistryPackageResolver ..> RegistryResolution : produces
extract_archive ..> verify_sha256 : calls first
extract_archive ..> HashMismatchError : raises
verify_sha256 ..> HashMismatchError : raises
class publish_cmd:::touched
class RegistryPackageResolver:::touched
class verify_sha256:::touched
classDef touched fill:#fff3b0,stroke:#d47600
flowchart TD
A([apm publish]) --> B{zip_path provided?}
B -->|pre-built zip| C["read zip_path directly"]
B -->|auto-pack| D["_pack_archive: zipfile.ZipFile\napm.yml + .apm/ -> name-ver.zip"]
C --> E{dry_run?}
D --> E
E -->|dry run| F["logger: dry-run -- nothing uploaded"]
E -->|upload| G["RegistryClient.publish_version\nPUT /v1/.../versions/ver"]
H([apm install registry dep]) --> I["RegistryPackageResolver.download_package"]
I --> J["RegistryClient.list_versions"]
J --> K["_pick_version: semver best match"]
K --> L["RegistryClient.download_archive"]
L --> M["extract_archive dispatcher"]
M --> N{"_detect_format\nContent-Type then magic bytes"}
N -->|application/zip PK-magic default| O["extract_zip -> safe_extract_zip"]
N -->|application/gzip 1f8b-magic legacy| P["extract_tarball -> _safe_extract"]
O --> Q["verify_sha256\n'archive sha256 mismatch'"]
P --> Q
Q --> R["validate_apm_package -> RegistryResolution"]
Recommendation
PR #1779 is safe to merge: no blocking defects, security surfaces confirmed intact, and the core string-and-doc cleanup is correct and valuable. Ship it and open a follow-up PR -- or amend before merge if nadav-y is available -- that addresses the five items above. The --package-missing-in-examples fix and the four stale resolver error strings are the highest-priority items and are both trivial to patch. The --package optional-vs-required design question should be filed as a separate tracked issue, not held against this PR.
Full per-persona findings
Python Architect
-
[recommended] resolver.py module docstring (line 4) still says 'fetch its tarball' at
src/apm_cli/deps/registry/resolver.py:4
The PR correctly updated publish.py module docstring and extractor.py error string. The resolver.py module docstring line 4 still reads "fetch its tarball from the configured registry" -- the same class of stale reference. Misrepresents the wire format to maintainers reading the module header.
Suggested: Change to 'fetch its archive (zip by default, legacy tar.gz via Content-Type dispatch) from the configured registry' -
[recommended] Four user-visible RegistryResolutionError strings in resolver.py still say 'registry tarball for' at
src/apm_cli/deps/registry/resolver.py:98
Lines 98, 104, 363, 369 raise RegistryResolutionError with 'registry tarball for {repo!r} did not validate...'. Users who hit a package validation failure see this string. extractor.py was correctly updated from 'tarball' to 'archive'; the same reasoning applies here.
Suggested: Replace 'registry tarball for' with 'registry archive for' at lines 98, 104, 363, 369. -
[nit] resolver.py line 302 comment: 'registry serves the parent tarball' -- minor internal inconsistency at
src/apm_cli/deps/registry/resolver.py:302
Internal comment only; no user impact.
Suggested: Change 'registry serves the parent tarball' to 'registry serves the parent archive'
CLI Logging Expert
-
[recommended] Em-dash not replaced in Forbidden ClickException in publish.py at
src/apm_cli/commands/publish.py:272
The PR replaced em-dash in logger.info() calls (lines 116, 126) and the module docstring but missed the Forbidden ClickException message at line 272. User-visible on 403 errors.
Suggested: Change em-dash to '--' in the Forbidden ClickException message. -
[nit] resolver.py RegistryResolutionError messages still say 'registry tarball for' at
src/apm_cli/deps/registry/resolver.py
Four user-visible strings at lines 98, 104, 363, 369 inconsistent with extractor.py fix in this PR.
Suggested: Replace 'registry tarball for' with 'registry archive for'.
DevX UX Expert
-
[recommended] _PUBLISH_HELP inline examples omit --package but required=True causes them to crash at
src/apm_cli/commands/publish.py
publish.py lines 36-45 show four examples with no --package. Since --package is required=True, every one errors with 'Missing option --package'. The PR updated external docs but left _PUBLISH_HELP untouched.
Suggested: Update _PUBLISH_HELP to include --package in every example. -
[recommended] --package is required but inferrable from apm.yml name: field -- breaks npm/pip mental model at
docs/src/content/docs/reference/cli/publish.md
apm.yml already declares name: (e.g. acme/my-skill). npm, pip, cargo read identity from the manifest. Making --package required means the docs 'Auto-pack and publish' example requires an explicit flag that duplicates manifest data.
Suggested: Make --package optional; infer from apm.yml name: when parseable as owner/repo. File as a tracked issue if not fixing in this PR. -
[recommended] Custom layouts section says 'build the zip yourself' but removes all guidance on HOW at
docs/src/content/docs/guides/registries.md
Old example showed tar czf then publish. New example only shows the publish step. A user on Windows with no zip CLI is stranded.
Suggested: Addpython -m zipfile -c ./build/my-skill-0.0.1.zip apm.yml .apm/or referenceapm pack --archive-format zipas the cross-platform build step. -
[recommended] No migration signal for users whose scripts use --tarball at
docs/src/content/docs/reference/cli/publish.md
Users with CI pipelines runningapm publish --tarball PATHwill get 'No such option: --tarball' with zero hint the flag was renamed.
Suggested: Add '(renamed from --tarball in vX.Y)' to the --zip row in the publish.md flag table. -
[nit] --zip PATH reads as a format toggle, not a file path argument at
docs/src/content/docs/reference/cli/publish.md
--archive PATH would match the 'archive' prose used throughout the updated docs and avoid the boolean-flag mental model.
Supply Chain Security Expert
-
[nit] Test comment in test_resolver_e2e_http.py still says 'Tarball with sha256 mismatch' at
tests/unit/registry/test_resolver_e2e_http.py
No security risk (no test asserts on the message string). Minor inconsistency with the renamed error.
Suggested: Update comment to 'Archive with sha256 mismatch fails closed before any extraction'. -
[nit] extract_tarball does not catch tarfile.ReadError like extract_zip catches BadZipFile at
src/apm_cli/deps/registry/extractor.py
Pre-existing issue; fail-closed behavior is correct. Inconsistent error surface, not introduced by this PR.
Suggested: Wrap tarfile.open in extract_tarball withexcept tarfile.ReadError as exc: raise UnknownArchiveFormatError(...)to mirror the BadZipFile guard.
OSS Growth Hacker
-
[recommended] Custom layouts example drops the 'how to build the zip' step, leaving first-time publishers stranded at
docs/src/content/docs/reference/cli/publish.md
Old example showed full two-step flow: build archive then publish. New example only shows the publish step with a pre-built ./build/ path but no guidance on creating it.
Suggested: Addzip -r ./build/my-skill-0.0.1.zip apm.yml SKILL.mdorpython -m zipfileequivalent before theapm publish --zipcall. -
[recommended] No migration breadcrumb for --tarball users; automation breakage with no in-docs recovery path at
docs/src/content/docs/reference/cli/publish.md
Users with --tarball in CI scripts get 'unknown option' with zero guidance.
Suggested: Add '(renamed from --tarball in v0.x)' to the --zip row in the flag table. -
[nit] Dropped 'matching npm behaviour' anchor loses trust bridge for npm-native contributors at
docs/src/content/docs/guides/registries.md
Suggested: Restore 'matching npm's behaviour' after the symlinks-excluded clause. -
[nit] HTTP API ref update is a clean net-positive for 3rd-party registry implementers at
docs/src/content/docs/reference/registry-http-api.md
Worth amplifying in the next release post.
Auth Expert -- inactive
All changed files are documentation and cosmetic string updates with no contact with auth.py, token_manager.py, AuthResolver, credential resolution, host classification, or HTTP authorization headers.
Doc Writer
-
[recommended] Custom layouts examples missing required --package flag; commands fail at runtime at
docs/src/content/docs/guides/registries.md
registries.md and package-authoring.md Custom layouts examples omit --package OWNER/REPO which is required=True in publish.py. publish.md correctly includes --package on every invocation; the cross-page inconsistency was introduced by this PR.
Suggested: Add--package acme/my-skillto the Custom layouts example in registries.md and package-authoring.md. -
[recommended] Custom layouts section removes build-step example with no zip equivalent at
docs/src/content/docs/guides/registries.md
Old section showed tar czf to build a minimal archive from an explicit file list. New prose says 'build the zip yourself' but gives no example of how to do it.
Suggested: Addzip -j my-skill-0.0.1.zip apm.yml SKILL.mdorpython -m zipfileequivalent before theapm publish --zipstep. -
[recommended] publish.py _PUBLISH_HELP shows 'apm publish' without --package; help text fails if copy-pasted at
src/apm_cli/commands/publish.py
_PUBLISH_HELP shows four examples all without --package. Since --package is required=True, all crash with 'Missing option --package'.
Suggested: Update all _PUBLISH_HELP examples to include--package acme/my-skill. -
[nit] 'Servers store and replay' is non-idiomatic; 'return' was clearer at
docs/src/content/docs/reference/registry-http-api.md
'Replay' carries media/streaming connotation; 'return' is standard for HTTP GET semantics.
Suggested: Revert to 'Servers store and return whatever was uploaded'. -
[nit] Section 9.4 conformance test still says 'tarball' -- inconsistent with updated narrative at
docs/src/content/docs/reference/registry-http-api.md
registry-http-api.md section 9.4 reads 'PUT with a tarball missing apm.yml -> 422'. Updated to zip/archive elsewhere on the same page.
Suggested: Change 'PUT with a tarball missing apm.yml' to 'PUT with an archive missing apm.yml'.
Test Coverage Expert
- [nit] test_mismatch_raises has no match= on the error text; renamed message 'archive sha256 mismatch' has no regression trap at
tests/unit/registry/test_extractor.py
Probed tests/ with grep: zero hits for either 'tarball sha256 mismatch' or 'archive sha256 mismatch'. test_mismatch_raises carries onlypytest.raises(HashMismatchError)with nomatch=. The behavioral promise (fail closed on hash mismatch) IS fully covered; only the message label is undefended.
Proof (missing at unit):tests/unit/registry/test_extractor.py::TestVerifySha256::test_mismatch_raises-- proves: HashMismatchError raised with message text 'archive sha256 mismatch'
Performance Expert -- inactive
All 8 changed files are documentation, docstrings, log strings, or a single comment -- none touch cache layout, transport, resolve/fetch/materialize/verify logic, parallelism, or any hot path.
This panel is advisory. It does not block merge. Re-apply the
panel-review label after addressing feedback to re-run.
Generated by PR Review Panel for issue #1779 · sonnet46 11.4M · ◷
…default (microsoft#1779) apm publish and apm pack --archive now produce .zip by default (microsoft#1720). This commit cleans all remaining stale references and fixes five UX gaps surfaced in the post-merge panel review. Stale reference cleanup: - docs/reference/cli/publish.md: .tar.gz -> .zip, --tarball -> --zip, tarball root -> archive root, remove tar czf example, fix ASCII - docs/guides/registries.md: same fixes + add cross-platform zip-build example in Custom layouts section - docs/reference/registry-http-api.md: correct publish format note - packages/apm-guide/.apm/skills/apm-usage/package-authoring.md: .tar.gz -> .zip, tarball -> archive, --tarball -> --zip - packages/apm-guide/.apm/skills/apm-usage/workflow.md: .zip as default - src/apm_cli/commands/publish.py: module docstring + em dash + tarball - src/apm_cli/deps/registry/extractor.py: "tarball sha256 mismatch" -> "archive sha256 mismatch" - src/apm_cli/deps/registry/resolver.py: em dash + tar.gz default Panel review fixes (post-merge): - publish.py _PUBLISH_HELP: add --package to all four examples (required=True flag was missing from every example -- copy-paste crash) - publish.py line 272: replace em dash with -- in Forbidden ClickException (user-visible on 403 responses; prior commit missed this one) - resolver.py lines 98, 104, 363, 369: replace "registry tarball for" with "registry archive for" in RegistryResolutionError strings (same class of fix as extractor.py, missed in first pass) - package-authoring.md: add --package to all publish examples - registries.md Custom layouts: add --package + python -m zipfile build step (Windows users had no actionable guidance after tar czf example was removed) - publish.md --zip row: add "(renamed from --tarball in v0.20.0)" migration note so CI pipelines using --tarball get a recovery path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Review of APM Review Panel: ship_with_followups.
What was omitted and why:
|
When a default registry is configured (project registries.default or registry.<name>.default true in ~/.apm/config.json), plain owner/repo#ref shorthand entries in apm.yml route to that registry instead of probing GitHub. A version selector (#<ref>) is required; omitting it exits 1. Non-semver selectors (stable, main, a branch name, or any opaque string) are exact-matched against the registry's published version list. Use the git: URL form in apm.yml to force the GitHub path. Also fixes registry deps with non-semver version selectors reporting perpetual outdated -- the drift check now uses literal equality for non-semver registry pins rather than range comparison. Also corrects stale tar.gz/tarball refs and publish UX gaps after zip default (#1779): bundles now accept .zip (default) or legacy .tar.gz. Closes #1816 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…default (microsoft#1779) apm publish and apm pack --archive now produce .zip by default (microsoft#1720). This commit cleans all remaining stale references and fixes five UX gaps surfaced in the post-merge panel review. Stale reference cleanup: - docs/reference/cli/publish.md: .tar.gz -> .zip, --tarball -> --zip, tarball root -> archive root, remove tar czf example, fix ASCII - docs/guides/registries.md: same fixes + add cross-platform zip-build example in Custom layouts section - docs/reference/registry-http-api.md: correct publish format note - packages/apm-guide/.apm/skills/apm-usage/package-authoring.md: .tar.gz -> .zip, tarball -> archive, --tarball -> --zip - packages/apm-guide/.apm/skills/apm-usage/workflow.md: .zip as default - src/apm_cli/commands/publish.py: module docstring + em dash + tarball - src/apm_cli/deps/registry/extractor.py: "tarball sha256 mismatch" -> "archive sha256 mismatch" - src/apm_cli/deps/registry/resolver.py: em dash + tar.gz default Panel review fixes (post-merge): - publish.py _PUBLISH_HELP: add --package to all four examples (required=True flag was missing from every example -- copy-paste crash) - publish.py line 272: replace em dash with -- in Forbidden ClickException (user-visible on 403 responses; prior commit missed this one) - resolver.py lines 98, 104, 363, 369: replace "registry tarball for" with "registry archive for" in RegistryResolutionError strings (same class of fix as extractor.py, missed in first pass) - package-authoring.md: add --package to all publish examples - registries.md Custom layouts: add --package + python -m zipfile build step (Windows users had no actionable guidance after tar czf example was removed) - publish.md --zip row: add "(renamed from --tarball in v0.20.0)" migration note so CI pipelines using --tarball get a recovery path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a default registry is configured (project registries.default or registry.<name>.default true in ~/.apm/config.json), plain owner/repo#ref shorthand entries in apm.yml route to that registry instead of probing GitHub. A version selector (#<ref>) is required; omitting it exits 1. Non-semver selectors (stable, main, a branch name, or any opaque string) are exact-matched against the registry's published version list. Use the git: URL form in apm.yml to force the GitHub path. Also fixes registry deps with non-semver version selectors reporting perpetual outdated -- the drift check now uses literal equality for non-semver registry pins rather than range comparison. Also corrects stale tar.gz/tarball refs and publish UX gaps after zip default (#1779): bundles now accept .zip (default) or legacy .tar.gz. apm-spec-waiver: client-side routing heuristic, no new normative requirement on registries or producers; deferred to spec v0.2 registry-routing section Closes #1816 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a default registry is configured (project registries.default or registry.<name>.default true in ~/.apm/config.json), plain owner/repo#ref shorthand entries in apm.yml route to that registry instead of probing GitHub. A version selector (#<ref>) is required; omitting it exits 1. Non-semver selectors (stable, main, a branch name, or any opaque string) are exact-matched against the registry's published version list. Use the git: URL form in apm.yml to force the GitHub path. Also fixes registry deps with non-semver version selectors reporting perpetual outdated -- the drift check now uses literal equality for non-semver registry pins rather than range comparison. Also corrects stale tar.gz/tarball refs and publish UX gaps after zip default (#1779): bundles now accept .zip (default) or legacy .tar.gz. apm-spec-waiver: client-side routing heuristic, no new normative requirement on registries or producers; deferred to spec v0.2 registry-routing section Closes #1816 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ed (microsoft#1816) When a default registry is configured (project registries.default or registry.<name>.default true in ~/.apm/config.json), plain owner/repo#ref shorthand entries in apm.yml route to that registry instead of probing GitHub. A version selector (#<ref>) is required; omitting it exits 1. Non-semver selectors (stable, main, a branch name, or any opaque string) are exact-matched against the registry's published version list. Use the git: URL form in apm.yml to force the GitHub path. Also fixes registry deps with non-semver version selectors reporting perpetual outdated -- the drift check now uses literal equality for non-semver registry pins rather than range comparison. Also corrects stale tar.gz/tarball refs and publish UX gaps after zip default (microsoft#1779): bundles now accept .zip (default) or legacy .tar.gz. apm-spec-waiver: client-side routing heuristic, no new normative requirement on registries or producers; deferred to spec v0.2 registry-routing section Closes microsoft#1816 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Summary
docs/reference/cli/publish.md:{name}-{version}.tar.gz->.zip,--tarball->--zip,tarball root->archive root, removedtar czfexample, fixed ellipsis and em dashes to ASCIIdocs/guides/registries.md: same fixes in the registries guidedocs/reference/registry-http-api.md: corrected publish format note (was incorrectly citingapm packtar.gz; now citesapm publishzip with backwards-compat note)packages/apm-guide/.apm/skills/apm-usage/package-authoring.md:.tar.gz->.zip,tarball->archive,--tarball->--zippackages/apm-guide/.apm/skills/apm-usage/workflow.md: mention.zipas default alongside legacy.tar.gzsrc/apm_cli/commands/publish.py: module docstring (em dash + "tarball")src/apm_cli/deps/registry/extractor.py: "tarball sha256 mismatch" -> "archive sha256 mismatch"src/apm_cli/deps/registry/resolver.py: comment em dash + "tar.gz (default)"Context
PR #1720 switched
apm pack --archiveandapm publishto produce.zipby default and added--archive-format zip|tar.gz. These doc and source references were missed in that PR and still described the old.tar.gzdefault or the removed--tarballflag.Test plan
uv run --extra dev ruff check src/ tests/-- cleanuv run --extra dev ruff format --check src/ tests/-- cleanbash scripts/lint-auth-signals.sh-- cleanuv run pytest tests/unit tests/test_console.py-- 5358 passed, 1 pre-existing failure unrelated to this change