Skill publish slugs still collide globally despite publisher scoping

[Patrick-Erichsen]

Problem

Skill publishing still treats slug as globally unique in the write path, even though the schema now has publisher-scoped ownership/indexing.

A user publishing baoyu-diagram under their own publisher can be blocked by an existing /other-owner/baoyu-diagram row with:

Slug is already taken. Choose a different slug.

Current behavior

In convex/skills.ts, insertVersion first resolves the incoming slug with the global skills.by_slug index:

ctx.db.query("skills").withIndex("by_slug", (q) => q.eq("slug", normalizedSlug)).unique()

If that row belongs to a different ownerPublisherId, the code enters the owner-migration path and throws slug-taken unless the caller has source authority plus migrateOwner: true.

Why this matters

Publisher-scoped URLs imply that these should be separate publish targets:

• /alice/example-skill
• /bob/example-skill

But today, the first publisher to claim example-skill can block everyone else from publishing the same slug under their own publisher. This also creates a squatting problem for copied skills.

Expected behavior

Publishing should look up existing skills by (ownerPublisherId, slug) for normal version creation. A same-slug row owned by another publisher should not block publishing unless the caller is explicitly trying to reclaim/migrate that existing row.

Code pointers

• convex/schema.ts has by_owner_publisher_slug on skills.
• convex/skills.ts still uses global by_slug during insertVersion.
• The cross-publisher case currently falls into the migration guard and throws slug-taken.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 18, 2026, 4:12 PM ET / 20:12 UTC.

Summary
Keep open: current main now fixes the central skill-publish collision through the merged owner-scoped slug work, but this issue is collaborator-authored, so ClawSweeper should leave final closure to maintainers.

Reproducibility: no. Current main resolves skill publishes through an owner-scoped helper and has focused source coverage preventing the old global by_slug preflight path; I did not run a live Convex publish.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Include redacted logs or terminal output.

Next step
No new fix PR is needed; the remaining action is maintainer closure/release judgment for a collaborator-authored ownership-boundary issue.

Security
Cleared: Security-sensitive issue review cleared: current main keeps normal publishing owner-scoped while leaving cross-owner migration behind explicit authorized intent.

Review details

Best possible solution:

Keep the merged owner-scoped publish implementation as the source of truth and let a maintainer close this issue after confirming release/deploy expectations.

Do we have a high-confidence way to reproduce the issue?

No. Current main resolves skill publishes through an owner-scoped helper and has focused source coverage preventing the old global by_slug preflight path; I did not run a live Convex publish.

Is this the best way to solve the issue?

Yes. The merged implementation is the narrow maintainable shape: normal publish lookup is owner-scoped, while explicit source-owner migration remains guarded.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The fix is on current main and prod/deploy tags, but the latest numbered GitHub release v0.22.0 predates the merge.
• Because this is collaborator-authored and touches publisher namespace boundaries, final closure should be a maintainer action.

Codex review notes: model internal, reasoning high; reviewed against 22d3cd133cb6; fix evidence: commit 11ad31aa4e41, main fix timestamp 2026-06-17T15:31:40-07:00.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:not-repro-on-main: Current issue advisory state selects this label.
• remove clawsweeper:source-repro: Current issue advisory state no longer selects this label.
• remove clawsweeper:needs-product-decision: Current issue advisory state no longer selects this label.
• remove clawsweeper:needs-security-review: Current issue advisory state no longer selects this label.
• remove issue-rating: 🦞 diamond lobster: Current issue advisory state no longer selects this label.

Label justifications:

• P2: The original bug blocked legitimate same-slug publishing across publishers, but the affected surface is bounded to ClawHub publishing.
• impact:security: The issue concerns publisher ownership and namespace collision boundaries for skill publishing.

Evidence reviewed

What I checked:

• Current publish lookup is owner-scoped: insertVersion now resolves the destination skill with getSkillBySlugForPublisher and explicitly avoids using global slug matches to block unrelated owners. (convex/skills.ts:11666, 22d3cd133cb6)
• Scoped helper uses the publisher/slug index: getSkillBySlugForPublisher queries skills.by_owner_publisher_slug before falling back only to compatible legacy owner rows. (convex/lib/skills/slugResolution.ts:95, 22d3cd133cb6)
• Regression coverage guards against global publish lookup: The ownership test throws if publish preflight uses global by_slug and asserts the lookup constraints are by_owner_publisher_slug with the requested publisher id. (convex/skills.ownership.test.ts:156, 22d3cd133cb6)
• Git-history provenance for the fix: Blame attributes the owner-scoped insertVersion lookup and legacy compatibility comments to merge commit 11ad31a. (convex/skills.ts:11666, 11ad31aa4e41)
• Merged related implementation: GitHub reports feat: scope skill slugs by owner #2299 as merged at 2026-06-17T22:31:41Z with merge commit 11ad31a. (11ad31aa4e41)
• Release and deploy provenance: The latest GitHub release is still v0.22.0, which predates the fix; git tag --contains shows only prod/deploy tags containing the fix commit, so there is no numbered GitHub release containing it yet. (11ad31aa4e41)

Likely related people:

• Patrick-Erichsen: The merged owner-scoped slug implementation, current blame for the insertVersion owner-scoped lookup, and the new slug-resolution helper all trace to this person. (role: introduced current fix and recent area contributor; confidence: high; commits: 11ad31aa4e41, 911515194911; files: convex/skills.ts, convex/lib/skills/slugResolution.ts, convex/skills.ownership.test.ts)
• Jason: History includes nearby skill merge ownership and slug-reservation repair work across the same skill lifecycle area. (role: adjacent skill ownership contributor; confidence: medium; commits: b6875e60f64b; files: convex/skills.ts, convex/skills.ownership.test.ts, convex/schema.ts)
• steipete: History ties this person to the slug-routing contract and official extension alias routing that frame owner/slug namespace policy. (role: adjacent slug-routing contributor; confidence: medium; commits: 4f4d7dd563f2, 5aa4d1356047; files: specs/slug-routing.md, src/lib/openClawExtensionSlugs.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.