Jobs: don't silently drop bare-org alwaysInclude specs (fix empty repo dropdown)

[dhilgaertner]

Closes #516

Problem

In Settings → Jobs, creating a job for an org whose workspace config has a bare org name in alwaysInclude (e.g. SecurityScorecard's ["securityscorecard"]) showed "No repos found" with no explanation — you couldn't pick a repo, so you couldn't create the job.

The Jobs dropdown is populated by expanding alwaysInclude via ProviderManager.reposForSpecs → classifySpec. A bare token (no /, no *) classifies as .invalid and was silently skipped, so every entry got dropped and the single generic empty-state message couldn't explain why.

Fix

Rather than auto-coercing bare tokens to owner/* (which could mask a malformed owner/repo typo — those always contain a /), bare tokens stay .invalid but are now surfaced with an actionable hint.

• WorkspaceRepoListing (CrowCore, new): resolved repos + invalidSpecs, each with an optional suggested fix.
• reposForSpecs returns the listing, collecting invalid specs (with a "did you mean owner/*" suggestion for bare org names) instead of silently skipping. Whitespace-only entries are still dropped. classifySpec itself is unchanged.
• JobFormView distinguishes three empty states: nothing configured / invalid spec(s) (with the suggestion) / valid specs that returned nothing (e.g. gh/glab not authenticated).
• AppState, AppDelegate (incl. its repo cache), and SettingsView updated to the richer return type.

Tests

• classifySpecBareNameIsInvalid kept (behavior unchanged) with a clarifying comment.
• reposForSpecsKeepsExplicitSlugsSortedAndDeduped now also asserts the bare token is surfaced with a suggestion.
• Added reposForSpecsSurfacesBareOrgTokenWithSuggestion (the CROW-516 repro), reposForSpecsSkipsWhitespaceOnlySpecs, and suggestionForInvalidSpecGlobsBareOrgName.

make app builds clean; CrowProvider/CrowCore/CrowUI/Crow test suites pass. (The only failing tests are pre-existing CrowGit RebaseTests that need a global git identity in the sandbox — unrelated to this change.)

Notes / follow-ups

• Config workaround (separate): SecurityScorecard's alwaysInclude should be ["securityscorecard/*"]. Not changed here.
• Out of scope: a live gh repo list <org> / on-disk fallback when alwaysInclude yields nothing — flagged in Jobs settings: repo dropdown shows 'no repos found' — bare org name in alwaysInclude silently dropped #516 as a larger design call.

🤖 Generated with Claude Code

[dgershman]

Code & Security Review

Critical Issues

None.

Security Review

Strengths:

• User-provided spec strings flow only into SwiftUI.Text (no markup interpretation) and into ProviderManager classification — they never reach shell() as concatenated arguments. Invalid specs are short-circuited before any provider CLI call.
• The host / provider cache key (AppDelegate.swift:916-918) includes provider + host alongside alwaysInclude, so flipping provider/host within the TTL window won't return stale wrong-provider slugs. (Pre-existing — preserved here under the new listing type.)
• New WorkspaceRepoListing is Sendable + Equatable; static let empty is safe for the actor-boundary closure default.

Concerns:

• None.

Code Quality

• Clean refactor: [String] → WorkspaceRepoListing is threaded through every call site (AppState, AppDelegate, SettingsView, JobFormView) consistently, with .empty used as the closure default everywhere. No half-converted spots.
• classifySpec is intentionally unchanged — bare tokens stay .invalid rather than being coerced to owner/*, which (as the PR notes) would mask owner/repo typos. Good call; the typo-vs-bare-org distinction matters.
• The whitespace-only skip at ProviderManager.swift:252-253 prevents "'' isn't a valid spec" noise — and the suggestionForInvalidSpec tests pin that edge case down.
• The loadGeneration stale-result guard at JobFormView.swift:177-186 is preserved and applies cleanly to both repos and invalidSpecs.
• Test coverage on the new behavior is thorough: bare-org repro (securityscorecard), whitespace-only drop, mixed valid+invalid, suggestion edge cases (trailing *, /*, empty).
• Tests pass locally (swift test --filter ProviderManagerTests → 52/52). CrowCore builds clean.

Consider (non-blocking)

• The empty-state caption (JobFormView.swift:217) only renders when repoOptions.isEmpty. If a workspace's alwaysInclude is mixed (e.g. [\"securityscorecard\", \"myorg/myrepo\"]), the picker shows myrepo and the bare-org warning is silently swallowed — the user gets a working picker but no signal that one spec is malformed. The PR description scopes the fix to the empty case, so this is intentional, but a follow-up could surface invalid specs as a small caption alongside the populated picker for the mixed case.
• invalidSpecs is an Array (not a Set), so a duplicate bare token in alwaysInclude would render twice. Vanishingly unlikely in practice and arguably honest about what the user wrote — not worth changing.

Summary Table

Color	Meaning	Verdict effect
Red	Must fix	Request changes
Yellow	Should fix	Request changes
Green	Consider	Approve allowed

Recommendation: Approve — driven by [0 Red, 0 Yellow, 2 Green] findings. Clean fix for CROW-516; explicit scope, thorough tests, type-safe refactor through the call chain.

---

🐦‍⬛ Reviewed by Crow via Claude Code