docs: improve the generic format & upstream documentation#335

Open

apoclyps wants to merge 1 commit intomainfrom

kyleharrison/eng-10907/generic-docs

Contributor

apoclyps commented Feb 13, 2026

What's Changed

Based on feedback from Customers, the generic documentation isn't clear enough and needs improved clarify.

The following changes attempts to remove ambiguity and provide explicit clear examples to follow.


          refactor: improve the generic format & upstream documentation

b58dbba

apoclyps self-assigned this

apoclyps added the documentation label

Copilot AI review requested due to automatic review settings

February 13, 2026 17:12

vercel bot commented Feb 13, 2026 •

edited

Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cloudsmith-docs	Ready	Preview, Comment	Feb 13, 2026 5:14pm

apoclyps changed the title ~~refactor: improve the generic format & upstream documentation~~ docs: improve the generic format & upstream documentation

Copilot started reviewing on behalf of apoclyps

February 13, 2026 17:12

vercel bot deployed to Preview

February 13, 2026 17:14

View deployment

Copilot AI reviewed

View reviewed changes

Contributor

Copilot AI left a comment

Pull request overview

This PR updates Cloudsmith documentation around the Generic repository format (and its relationship to signing keys) to reduce ambiguity and provide clearer, more explicit examples—especially around upstream prefixes and download/auth flows.

Changes:

Updates Generic format documentation with revised identifier tables, upload/download examples, upstream proxying explanation, and a concrete upstream example.
Adjusts Generic “Key Signing Support” messaging to make lack of signing explicit and points to Raw format for signed artifacts.
Aligns signing-keys matrix styling for Generic to match other “Not Supported by Format” entries.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
`src/content/supply-chain-security/signing-keys.mdx`	Updates Generic row styling to reflect “Not Supported by Format” consistently.
`src/content/formats/generic-repository.mdx`	Refines Generic format docs: examples, upstream prefix explanation, download/auth guidance, and signing support messaging.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/content/formats/generic-repository.mdx

Comment on lines 101 to 105

               Example `curl` commands to download a generic package from a public repository:
               ```shell
-              curl -sLf -O 'https://generic.cloudsmith.io/public/OWNER/REPOSITORY/path/to/file.tar.gz'
-              ```
-              With upstream prefix:
-              ```shell
-              curl -sLf -O 'https://generic.cloudsmith.io/public/OWNER/REPOSITORY/node_distributions/latest/node-v4.9.1.tar.gz'
+              curl -sLf -O "https://generic.cloudsmith.io/OWNER/REPOSITORY/UPSTREAM_PREFIX/path/to/file.tar.gz"
               ```

Copilot AI Feb 13, 2026

The public download example hard-codes UPSTREAM_PREFIX into the URL, but upstream prefixes only apply to upstream-cached content; directly uploaded files won't have that segment. Add a direct-upload URL example (no prefix) and a separate upstream-cached example (with prefix) to avoid implying the prefix is always required.

Copilot uses AI. Check for mistakes.

src/content/formats/generic-repository.mdx

Comment on lines 113 to 117

               Using Entitlement Token authentication:
               ```shell
-              curl -sLf -O 'https://generic.cloudsmith.io/TOKEN/OWNER/REPOSITORY/FILEPATH'
-              ```
-              With upstream prefix:
-              ```shell
-              curl -sLf -O 'https://generic.cloudsmith.io/TOKEN/OWNER/REPOSITORY/UPSTREAM_PREFIX/FILEPATH'
-              ```
-              Using HTTP Basic authentication:
-              ```shell
-              curl -sLf -u "USERNAME:PASSWORD" -O 'https://generic.cloudsmith.io/basic/OWNER/REPOSITORY/FILEPATH'
+              curl -sLf -u "token:TOKEN" -O "https://generic.cloudsmith.io/OWNER/REPOSITORY/UPSTREAM_PREFIX/path/to/file.tar.gz"
               ```

Copilot AI Feb 13, 2026

The headings/wording imply “Entitlement Token authentication” is distinct from “HTTP Basic authentication”, but the shown curl commands use -u (HTTP Basic) in both cases with username token and the token/API key as the password. Consider rewording to describe this as HTTP Basic auth with different credentials (and add a USERNAME/PASSWORD example only if it’s supported for Generic).

Copilot uses AI. Check for mistakes.

src/content/formats/generic-repository.mdx

Comment on lines 109 to 112

               <Note variant="note" headline="Private Repositories">
               Private Cloudsmith repositories require authentication. You can choose between Entitlement Token Authentication or HTTP Basic Authentication. The setup method will differ depending on what authentication type you choose to use.
               </Note>

Copilot AI Feb 13, 2026

The prior “Secrets management” warning about treating entitlement tokens and API keys as secrets was removed. Other format docs include this warning (e.g., Go registry), and removing it increases the risk of users committing credentials into source control; consider re-adding a short warning note here.

Copilot uses AI. Check for mistakes.

src/content/formats/generic-repository.mdx

-              | FILEPATH      | The repository path where the file will be stored (e.g., `path/to/file.tar.gz`)          |
-              | UPSTREAM_PREFIX | Upstream prefix (e.g., `node_distributions/`) for files cached from upstreams |
+              | Identifier      | Description                                                                                                        |
+              |-:---------------|-:------------------------------------------------------------------------------------------------------------------|

Copilot AI Feb 13, 2026

The table alignment row uses |-:...|-:...|, which isn't valid Markdown table syntax and likely won't render correctly. Use standard alignment markers (e.g., | :--- | :--- | for left alignment or | ---: | --- | as needed).

Suggested change

      
            |-:---------------|-:------------------------------------------------------------------------------------------------------------------|
          
            | :------------- | :------------------------------------------------------------------------------------------------------------------ |

Copilot uses AI. Check for mistakes.

src/content/formats/generic-repository.mdx

+              | REPOSITORY      | Your Cloudsmith Repository name (also called "slug")                                                               |
+              | TOKEN           | Your Cloudsmith Entitlement Token (see [Entitlements](/software-distribution/entitlement-tokens) for more details) |
+              | API-KEY         | Your Cloudsmith API Key                                                                                            |
+              | UPSTREAM_PREFIX | Upstream prefix (e.g., `node_distributions/`) for files cached from upstreams                                      |

Copilot AI Feb 13, 2026

UPSTREAM_PREFIX is described with a trailing slash (node_distributions/), but later examples treat it as a path segment without a trailing slash. This can lead to double slashes in constructed URLs; consider documenting the prefix without a trailing slash and stating it is inserted as a single path segment.

Suggested change

      
            | UPSTREAM_PREFIX | Upstream prefix (e.g., `node_distributions/`) for files cached from upstreams                                      |
          
            | UPSTREAM_PREFIX | Upstream prefix (e.g., `node_distributions`, without a trailing slash) used as a single path segment for files cached from upstreams |

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels