Package Visibility
Three visibility levels
Section intitulée « Three visibility levels »MecaPy packages have three visibility levels — like GitLab projects:
| Value | Who can see / execute |
|---|---|
| private | Only the package owner. |
| internal | All members of the owner’s organization. Requires the package to be attached to an organization. |
| public | Anyone authenticated can execute. Anyone (even unauthenticated) can browse read-only. |
private is the default when creating a new package.
Transition rules
Section intitulée « Transition rules »- Personal packages (no organization): owner can toggle between
privateandpublic. - Organization packages owned by a User: owner can toggle between
privateandinternal. An Admin of the organization is required to publish the package. - Organization packages owned by an Admin: free choice among all three.
Setting visibility
Section intitulée « Setting visibility »At deploy time
Section intitulée « At deploy time »Declare it in mecapy.yml. Visibility lives inside the package: block of
the v1 manifest:
version: "1"
package: name: my-package version: 1.0.0 visibility: internal # private (default) | internal | public organization: acme-corp # required when visibility=internal
functions: calc: handler: module:calcCoherence rules enforced by the manifest parser:
visibility: internalrequiresorganization(the slug of the org whose members can read the package).visibility: privateforbidsorganization(a private package is owner-only).visibility: publicmakesorganizationoptional — when present, an Admin of that org is needed to publish, and the org name surfaces as attribution in the marketplace.
The organization is read straight from the manifest at deploy time; no query parameter is needed:
curl -X POST "https://api.mecapy.com/packages/from-git" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"git_url": "...", "git_ref": "main", "changelog": "Initial release"}'After deployment
Section intitulée « After deployment »Use the visibility selector on the package detail page (/packages/[id])
or the PATCH /packages/{id}/visibility endpoint. Switching to internal
will check that the package is attached to an organization; switching a
package owned by a User to public requires an Admin of the organization.
Migration note
Section intitulée « Migration note »Packages existing before this feature was rolled out are automatically set to
private (secure by default). Owners can re-publish them via the UI if desired.