Add support for profiles from URL, including git and raw file (#65)

* feat: add support for adding profiles from a URL, including git repo and raw file URLs

* bump version

* feat: enhance profile addition from URLs to support multiple file types and improve error handling

Author: 8bitAlex

CLAUDE.md

@@ -6,6 +6,8 @@ Layout: main.go→src/cmd. src/cmd/raid.go=root cmd+subcommand registration+vers
 
 Config: raid.yaml=per-repo (environments+tasks: Shell|Script|HTTP|Wait|Template|Group|Git|Prompt|Confirm|Set|Print). profile.raid.yml=user profile (tracked repos, global settings).
 
+Versioning: version in src/resources/app.properties. Bump second position (minor) for feature/large changes; bump third position (patch) for small changes or bug fixes.
+
 Non-obvious:
 - applyConfigFlag in src/cmd/raid.go scans os.Args for --config/-c BEFORE Cobra parses, because config must load before subcommand registration
 - Async version check goroutine on every invocation; info cmds (help/version/completion) wait up to 1.5s, others non-blocking
@@ -19,6 +21,7 @@ Non-obvious:
 - Cross-process mutation lock at ~/.raid/.lock via gofrs/flock. raid.WithMutationLock(fn) wraps the lock+release; every mutating cobra entry point and every MCP mutating handler must call it so CLI usage and the MCP server serialize against each other. Read paths don't acquire the lock. Tests must redirect lib.LockPathOverride (alongside RecentPathOverride) in any setup helper that exercises a mutating path; cmd/context tests use a TestMain to do this once for the whole package.
 - Cobra commands: prefer RunE over Run on read commands so enc.Encode errors and arg-validation errors propagate to the root error handler instead of being silently swallowed. Use cmd.OutOrStdout()/cmd.OutOrStderr() (not fmt.Println / os.Stdout) so tests can capture output via root.SetOut(&buf). When changing Run → RunE, also update any test that calls Command.Run(...) directly to Command.RunE(...).
 - JSON output is public CLI contract: --json field names and types are breaking-change surface. Use camelCase tags consistent with `raid context --json`; severities/enums encode as strings ("ok"/"warn"/"error", not ints). Renaming or removing a field needs a whats-new entry.
+- `raid profile add <url>` accepts HTTP/HTTPS/git@ URLs. URL type detection in src/cmd/profile/fetch.go: git@ prefix or .git suffix → clone; .yaml/.yml/.json extension → raw HTTP download; otherwise probed live with sys.DetectGitDefaultBranch. Profiles are copied to ~/<name>.raid.yaml (home dir root, not ~/.raid/). detectGitURL/gitCloneFunc/httpGetFunc are package-level vars for test injection; tests must set detectGitURL to avoid live network probes.
 
 CI: .github/workflows/ — build.yml (build+test), deploy.yml (release), preview.yml (preview releases), codecov.yml (coverage), docs.yml (deploy Pages from site/), docs-build.yml (PR build check for site/)
 

llms.txt

@@ -28,7 +28,7 @@ Raid is written in Go, distributed as a single self-contained binary, and publis
 
 - [raid install](https://raidcli.dev/docs/usage/install): Clone repositories and run install tasks across your profile
 - [raid env](https://raidcli.dev/docs/usage/env): Switch between development, staging, and production environments
-- [raid profile](https://raidcli.dev/docs/usage/profile): Add, list, switch, and remove profiles
+- [raid profile](https://raidcli.dev/docs/usage/profile): Add profiles from a git repo URL, raw file URL, or local path; list, switch, and remove profiles
 - [Custom commands](https://raidcli.dev/docs/usage/custom): Define and invoke `raid <cmd>` team workflows
 - [raid doctor](https://raidcli.dev/docs/usage/doctor): Diagnose profile and repo configuration issues
 - [raid root command](https://raidcli.dev/docs/usage/raid): Global flags and top-level invocation

site/docs/features/profiles.mdx

@@ -51,6 +51,23 @@ commands:
         path: "~/dev/frontend"
 ```
 
+## Adding profiles from a URL
+
+`raid profile add` accepts a git repo URL, a raw file URL, or a local path:
+
+```bash
+# Shallow-clone a repo and import *.raid.yaml, *.raid.yml, and profile.json files found at the root
+raid profile add https://github.com/my-org/raid-profiles
+
+# Download a single profile file directly
+raid profile add https://raw.githubusercontent.com/my-org/repo/main/team.raid.yaml
+
+# Register a local file
+raid profile add ./team.raid.yaml
+```
+
+Raid auto-detects the argument type. Git URLs (including `git@` and `.git`-suffix URLs) are cloned; HTTP URLs ending with `.yaml`, `.yml`, or `.json` are downloaded directly; ambiguous HTTP URLs are probed with `git ls-remote`. Downloaded profiles are saved to `~/<name>.raid.yaml` before registration.
+
 ## Top-level fields
 
 | Field | Required | Description |

site/docs/usage/profile.mdx

@@ -28,13 +28,21 @@ Create a new profile interactively:
 raid profile create
 ```
 
-Register your team's shared profile from a URL:
+Add a profile from a git repository (raid shallow-clones it and looks for `*.raid.yaml`, `*.raid.yml`, and `profile.json` files at the repo root):
+
+```bash
+raid profile add https://github.com/my-org/raid-profiles
+raid profile add git@github.com:my-org/raid-profiles.git
+```
+
+Add a profile from a raw URL pointing directly to a YAML or JSON file:
 
 ```bash
 raid profile add https://example.com/team-profile.yaml
+raid profile add https://raw.githubusercontent.com/my-org/repo/main/team.raid.yaml
 ```
 
-Register a local file:
+The profile is saved to `~/<name>.raid.yaml` and registered automatically. If the argument has no URL scheme it is treated as a local file path:
 
 ```bash
 raid profile add ./my-profile.yaml

site/docs/whats-new.mdx

@@ -11,6 +11,8 @@ User-visible changes per release, latest first. For full commit history see the
 
 ## 0.7.0 — upcoming
 
+**Add profiles from a URL.** `raid profile add` now accepts a git repo URL or a direct file URL in addition to a local path. Pass a GitHub (or any git host) URL and raid shallow-clones the repo, finds `*.raid.yaml`, `*.raid.yml`, or `profile.json` files at the root, and saves them to `~/<name>.raid.yaml`. Pass a raw HTTPS URL ending in `.yaml`/`.yml`/`.json` and raid downloads and registers it directly. Ambiguous HTTPS URLs are probed with `git ls-remote` to determine the right strategy automatically.
+
 **MCP server.** `raid context serve` runs raid as a [Model Context Protocol](https://modelcontextprotocol.io) server over stdio, so MCP-aware hosts (Claude Code, Cursor, Cline) can read the active workspace as resources and invoke raid tools (`raid_install`, `raid_env_switch`, `raid_run_task`, `raid_list_profiles`, `raid_list_repos`, `raid_describe_repo`) directly. Output from mutating tools is captured into the tool result so it doesn't corrupt JSON-RPC framing on stdout. See [Context → MCP server](/docs/usage/context).
 
 **Set variables reach subprocesses.** Variables defined by a `Set` task are now exported as environment variables to Script and Shell task subprocesses, so a script's source can reference `$VAR` directly without raid pre-expanding the script body. Raid values take precedence over OS-environment variables of the same name.

src/cmd/profile/add.go

@@ -36,6 +36,9 @@ var AddProfileCmd = &cobra.Command{
 // Extracted from AddProfileCmd.Run so tests can observe the exit code
 // without os.Exit terminating the test process.
 func runAddProfile(path string) int {
+	if isURL(path) {
+		return runAddProfileFromURL(path)
+	}
 	path = sys.ExpandPath(path)
 
 	if !sys.FileExists(path) {

src/cmd/profile/fetch.go

@@ -0,0 +1,270 @@
+package profile
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+
+	sys "github.com/8bitalex/raid/src/internal/sys"
+	"github.com/8bitalex/raid/src/raid"
+	pro "github.com/8bitalex/raid/src/raid/profile"
+)
+
+// Injectable for testing.
+var (
+	gitCloneFunc = func(repoURL, dir string) error {
+		return exec.Command("git", "clone", "--depth", "1", repoURL, dir).Run()
+	}
+	httpGetFunc = func(rawURL string) ([]byte, error) {
+		client := &http.Client{Timeout: 30 * time.Second}
+		resp, err := client.Get(rawURL) //nolint:gosec
+		if err != nil {
+			return nil, err
+		}
+		defer resp.Body.Close()
+		if resp.StatusCode != http.StatusOK {
+			return nil, fmt.Errorf("HTTP %d from %s", resp.StatusCode, rawURL)
+		}
+		const maxBytes = 10 * 1024 * 1024
+		data, err := io.ReadAll(io.LimitReader(resp.Body, maxBytes+1))
+		if err != nil {
+			return nil, err
+		}
+		if int64(len(data)) > maxBytes {
+			return nil, fmt.Errorf("response from %s exceeds 10 MB limit", rawURL)
+		}
+		return data, nil
+	}
+	// detectGitURL is injectable so tests can skip the live git ls-remote probe.
+	detectGitURL = isGitURL
+	getHomeDir   = sys.GetHomeDir
+)
+
+// isURL reports whether s is an HTTP, HTTPS, or git SSH URL.
+func isURL(s string) bool {
+	return strings.HasPrefix(s, "http://") ||
+		strings.HasPrefix(s, "https://") ||
+		strings.HasPrefix(s, "git@")
+}
+
+// isGitURL reports whether rawURL points to a clonable git repository.
+// git@ and .git-suffix URLs are always git. HTTP URLs with a recognised file
+// extension (.yaml/.yml/.json) are raw files; all others are probed with ls-remote.
+func isGitURL(rawURL string) bool {
+	if strings.HasPrefix(rawURL, "git@") || strings.HasSuffix(rawURL, ".git") {
+		return true
+	}
+	u, err := url.Parse(rawURL)
+	if err != nil {
+		return false
+	}
+	switch strings.ToLower(filepath.Ext(u.Path)) {
+	case ".yaml", ".yml", ".json":
+		return false
+	}
+	return sys.DetectGitDefaultBranch(rawURL) != ""
+}
+
+// runAddProfileFromURL is the entry point when the add argument is a URL.
+func runAddProfileFromURL(rawURL string) int {
+	if detectGitURL(rawURL) {
+		return addProfilesFromGitURL(rawURL)
+	}
+	return addProfilesFromHTTPURL(rawURL)
+}
+
+func addProfilesFromGitURL(repoURL string) int {
+	tmpDir, err := os.MkdirTemp("", "raid-profile-*")
+	if err != nil {
+		fmt.Printf("Failed to create temp directory: %v\n", err)
+		return 1
+	}
+	defer os.RemoveAll(tmpDir)
+
+	fmt.Printf("Cloning %s...\n", repoURL)
+	if err := gitCloneFunc(repoURL, tmpDir); err != nil {
+		fmt.Printf("Failed to clone repository: %v\n", err)
+		return 1
+	}
+
+	paths := findProfileFilesInDir(tmpDir)
+	if len(paths) == 0 {
+		fmt.Println("No profile files found in repository")
+		return 1
+	}
+
+	return processProfileFiles(paths)
+}
+
+func addProfilesFromHTTPURL(rawURL string) int {
+	data, err := httpGetFunc(rawURL)
+	if err != nil {
+		fmt.Printf("Failed to download profile: %v\n", err)
+		return 1
+	}
+
+	u, err := url.Parse(rawURL)
+	if err != nil {
+		fmt.Printf("Invalid URL: %v\n", err)
+		return 1
+	}
+	ext := strings.ToLower(filepath.Ext(u.Path))
+	if ext == "" {
+		ext = ".yaml"
+	}
+
+	tmpFile, err := os.CreateTemp("", "raid-profile-*"+ext)
+	if err != nil {
+		fmt.Printf("Failed to create temp file: %v\n", err)
+		return 1
+	}
+	tmpPath := tmpFile.Name()
+	defer os.Remove(tmpPath)
+
+	if _, err := tmpFile.Write(data); err != nil {
+		tmpFile.Close()
+		fmt.Printf("Failed to write temp file: %v\n", err)
+		return 1
+	}
+	tmpFile.Close()
+
+	return processProfileFiles([]string{tmpPath})
+}
+
+// findProfileFilesInDir returns profile YAML/JSON files found at the root of dir.
+// Priority: profile.raid.yaml/yml first, then any *.raid.yaml/yml, then profile.json.
+func findProfileFilesInDir(dir string) []string {
+	seen := map[string]bool{}
+	var found []string
+
+	add := func(name string) {
+		if seen[name] {
+			return
+		}
+		seen[name] = true
+		if full := filepath.Join(dir, name); sys.FileExists(full) {
+			found = append(found, full)
+		}
+	}
+
+	add("profile.raid.yaml")
+	add("profile.raid.yml")
+
+	entries, rdErr := os.ReadDir(dir)
+	if rdErr != nil {
+		fmt.Fprintf(os.Stderr, "warning: failed to read directory %q: %v\n", dir, rdErr)
+	}
+	for _, e := range entries {
+		if e.IsDir() {
+			continue
+		}
+		name := e.Name()
+		lower := strings.ToLower(name)
+		ext := filepath.Ext(lower)
+		stem := strings.TrimSuffix(lower, ext)
+		if (ext == ".yaml" || ext == ".yml") && strings.HasSuffix(stem, ".raid") {
+			add(name)
+		}
+	}
+
+	add("profile.json")
+
+	return found
+}
+
+// processProfileFiles validates, saves, and registers profiles from the given local paths.
+func processProfileFiles(paths []string) int {
+	type pending struct {
+		p       pro.Profile
+		srcPath string
+	}
+
+	var queued []pending
+	var existingNames []string
+	seenQueued := map[string]bool{}
+
+	for _, srcPath := range paths {
+		if err := proValidate(srcPath); err != nil {
+			fmt.Printf("Skipping %s: invalid profile (%v)\n", filepath.Base(srcPath), err)
+			continue
+		}
+		profiles, err := proUnmarshal(srcPath)
+		if err != nil {
+			fmt.Printf("Skipping %s: could not read profiles (%v)\n", filepath.Base(srcPath), err)
+			continue
+		}
+		for _, p := range profiles {
+			if err := sys.ValidateFileName(p.Name); err != nil {
+				fmt.Printf("Skipping profile with invalid name %q: %v\n", p.Name, err)
+				continue
+			}
+			if proContains(p.Name) {
+				existingNames = append(existingNames, p.Name)
+				continue
+			}
+			if seenQueued[p.Name] {
+				fmt.Printf("Skipping duplicate profile name %q\n", p.Name)
+				continue
+			}
+			seenQueued[p.Name] = true
+			queued = append(queued, pending{p: p, srcPath: srcPath})
+		}
+	}
+
+	if len(existingNames) > 0 {
+		fmt.Printf("Profiles already exist with names:\n\t%s\n\n", strings.Join(existingNames, ",\n\t"))
+	}
+
+	if len(queued) == 0 {
+		fmt.Println("No new profiles found")
+		return 0
+	}
+
+	// Copy each profile to a stable home-dir path before registering.
+	home := getHomeDir()
+	var toRegister []pro.Profile
+	var destPaths []string
+	for _, q := range queued {
+		destPath := filepath.Join(home, q.p.Name+".raid.yaml")
+		if err := sys.CopyFile(q.srcPath, destPath); err != nil {
+			fmt.Printf("Failed to save profile '%s': %v\n", q.p.Name, err)
+			continue
+		}
+		q.p.Path = destPath
+		toRegister = append(toRegister, q.p)
+		destPaths = append(destPaths, destPath)
+	}
+
+	if len(toRegister) == 0 {
+		fmt.Println("No new profiles found")
+		return 0
+	}
+
+	writeErr := raid.WithMutationLock(func() error {
+		if err := proAddAll(toRegister); err != nil {
+			return fmt.Errorf("save: %w", err)
+		}
+		if proGet().IsZero() {
+			if err := proSet(toRegister[0].Name); err != nil {
+				return fmt.Errorf("set active: %w", err)
+			}
+			fmt.Printf("Profile '%s' set as active\n", toRegister[0].Name)
+		}
+		return nil
+	})
+	if writeErr != nil {
+		fmt.Printf("Failed to save profiles: %v\n", writeErr)
+		return 1
+	}
+
+	for i, p := range toRegister {
+		fmt.Printf("Profile '%s' added from URL, saved to %s\n", p.Name, destPaths[i])
+	}
+	return 0
+}