Aller au contenu

Package Visibility

MecaPy packages have three visibility levels — like GitLab projects:

ValueWho can see / execute
privateOnly the package owner.
internalAll members of the owner’s organization. Requires the package to be attached to an organization.
publicAnyone authenticated can execute. Anyone (even unauthenticated) can browse read-only.

private is the default when creating a new package.

  • Personal packages (no organization): owner can toggle between private and public.
  • Organization packages owned by a User: owner can toggle between private and internal. An Admin of the organization is required to publish the package.
  • Organization packages owned by an Admin: free choice among all three.

Declare it in mecapy.yml. Visibility lives inside the package: block of the v1 manifest:

version: "1"
package:
name: my-package
version: 1.0.0
visibility: internal # private (default) | internal | public
organization: acme-corp # required when visibility=internal
functions:
calc:
handler: module:calc

Coherence rules enforced by the manifest parser:

  • visibility: internal requires organization (the slug of the org whose members can read the package).
  • visibility: private forbids organization (a private package is owner-only).
  • visibility: public makes organization optional — when present, an Admin of that org is needed to publish, and the org name surfaces as attribution in the marketplace.

The organization is read straight from the manifest at deploy time; no query parameter is needed:

Fenêtre de terminal
curl -X POST "https://api.mecapy.com/packages/from-git" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"git_url": "...", "git_ref": "main", "changelog": "Initial release"}'

Use the visibility selector on the package detail page (/packages/[id]) or the PATCH /packages/{id}/visibility endpoint. Switching to internal will check that the package is attached to an organization; switching a package owned by a User to public requires an Admin of the organization.

Packages existing before this feature was rolled out are automatically set to private (secure by default). Owners can re-publish them via the UI if desired.