feat(github): add matching and matching_regex asset options

[devnulled]

feat(github): add matching and matching_regex asset options

Implements the proposal in #10318. This is a step toward github-backend parity with ubi so ubi can eventually be retired (#7464).

Summary

• Adds matching (substring) and matching_regex (regex) asset filters to the github / gitlab / forgejo backends, ported from ubi.
• Applied as a pre-filter before platform autodetection, so one config stays portable across OS/arch, unlike asset_pattern, which replaces autodetection and forces you to template every platform's asset name by hand.
• The filter also scopes verification (checksums + SLSA provenance) so a multi-binary release can't verify one binary against another's digest.
• matching/matching_regex round-trip to the lockfile and are install-time keys, so a stale cached filter never silently overrides mise.toml.

[tools]
# oxc ships oxlint + oxfmt as separate per-platform assets; `matching` selects
# oxlint on every OS/arch without a platform-specific asset_pattern.
"github:oxc-project/oxc" = { version = "apps_v1.69.0", matching = "oxlint", rename_exe = "oxlint" }

Motivation

Some repos ship multiple binaries as separate per-platform assets in one release, none named after the repo, so neither the shortest-name tiebreak (#9358) nor the repo-name preference (#10008) can portably pick the one you want:

• oxc-project/oxc ships oxlint + oxfmt
• bazelbuild/buildtools ships buildifier + buildozer + unused_deps
• grpc-ecosystem/grpc-gateway ships protoc-gen-grpc-gateway + protoc-gen-openapiv2

asset_pattern can target one, but it discards autodetection so the config stops being portable. matching/matching_regex narrow the candidates and let autodetection still pick the right OS/arch, so the same config works everywhere.

Verification Consistency (Checksums + SLSA Provenance)

The filter also scopes verification, so a multi-binary release can't verify one binary against another's digest:

• Checksums and GitHub attestations already follow the selected asset's name/digest.
• SLSA provenance previously did not. pick_best_provenance scored provenance files by platform only, over all assets, so a release with per-binary *.intoto.jsonl files could attach the wrong one (the tiebreak is a stable sort with no name fallback, so the wrong pick was positional). This PR threads matching/matching_regex into the picker and all three pick_best_provenance call sites, with one exception: if the filter excludes every provenance file, it falls back to the full set. That keeps a single shared provenance file (goreleaser's multiple.intoto.jsonl), which attests every artifact but carries no binary name, in play instead of silently skipping verification.

The two "empty result" cases are handled differently so a bad pattern can't turn into a silently skipped verification:

• Invalid matching_regex: hard error on the binary path (the error names the pattern); the provenance picker returns None instead of falling back.
• Valid but over-narrow filter (excludes every provenance file): falls back to the full set, so a shared provenance file is used and verification still runs.

The regex is compiled once and cached on the picker, and both checks read that same cached result, so whether the pattern is valid can't differ between the binary and provenance paths. The install path that skips binary selection (when the release URL is already in the lockfile) validates the pattern up front via asset_matcher::validate_matching_regex — otherwise a bad pattern could reach the picker, get None, and be read as "no provenance found," silently skipping SLSA.

(SLSA provenance gap caught in review on #10318; thanks @jdx.)

Fail-closed on an invalid matching_regex

A syntactically invalid matching_regex is a hard error wherever the filter actually applies, so it can't silently degrade into the wrong asset or an empty result:

• Install fails up front, naming the pattern (as above).
• mise lock (cross-platform generation) is best-effort — a platform with no matching asset is skipped, not fatal. But resolve_lock_info caught the invalid-regex error the same way and returned an empty PlatformInfo, so the tool was written to the lockfile with its options but no url/checksum and miscounted as a successful entry. It now validates up front and fails closed, so the platform is skipped (nothing written) instead.
• Ignored when superseded: both validations are gated on asset_pattern being unset for the target. When asset_pattern is set it replaces the filter entirely, so an invalid matching_regex is silently ignored, not validated — mise doesn't error on an option it won't act on.

Backend Scope

github, gitlab, and forgejo share the implementation (common asset_matcher + three backend-specific resolve_*_asset_url_for_target functions reading through shared GitBackendOptions accessors). Provenance/attestation is GitHub-only: gitlab/forgejo bail before pick_best_provenance, so there's no provenance path to change there. test_matching_plumbing_parity_across_git_backends locks the three paths together so they can't drift.

Tool options are a flattened free-form map, so the rest of the CLI (parse, resolve, outdated/upgrade, doctor, schema) handles them generically. The only per-backend sites that hardcode option names for asset selection (install_time_option_keys, lockfile_options, the asset_pattern precedence guards) are exactly the three this PR touches.

Install-Path Keying

matching/matching_regex are lockfile + install-time keys but not part of the install directory (kept as tool name + version). The supported way to install multiple binaries from one repo is tool_alias: each alias is a distinct tool with its own install dir. There's one drawback: reusing the bare github:owner/repo string with two different matching values resolves to the same dir. That case is called out with a warning in the backend docs.

Testing

Two layers: fast unit tests for the asset-selection and provenance-picker logic (no network, driven by fixtures from real release JSON), plus e2e tests that install from real multi-binary releases across all three backends.

• Unit: 31 new tests (28 in asset_matcher, 3 in github.rs, including 6 for the SLSA provenance picker). Fixtures from real releases (oxc, bazel buildtools, grpc-gateway) cover happy path, cross-platform portability, AND semantics, autodetection still applied within the narrowed set, invalid-regex hard error, over-narrow fallback, shared-prefix ordering regression, lockfile round-trip, and the malformed-regex-returns-None provenance guard.
• E2E: 5 new test files. test_github_matching and test_github_tool_alias_matching run against real multi-binary releases (oxc@apps_v1.69.0, bazelbuild/buildtools@7.1.2). Each asserts the failure reason via an expected substring, so a test can't pass on an unrelated failure. The tool-alias test exercises the SLSA fix end-to-end and the lockfile round-trip. test_github_matching also asserts asset_pattern precedence over an invalid matching_regex (the install fails on the pattern path, not regex compilation — proving an ignored regex isn't validated), and test_github_matching_lock asserts mise lock skips a tool whose matching_regex is invalid instead of writing a url-less lockfile entry.
• test_gitlab_matching and test_forgejo_matching exercise the gitlab/forgejo resolve paths against their real fixtures. (forgejo is committed disabled like the existing test_forgejo, for known Forgejo API flakiness; the unit parity test covers it meanwhile.)

Note for reviewers: the only new external download dependency is oxc-project/oxc. (bazelbuild/buildtools is already used by the ubi test_upgrade.) Happy to drop the oxc assertions or add a synthetic multi-binary fixture to jdx/mise-test-fixtures if you'd prefer to minimize that surface.

Docs

New matching/matching_regex sections in the github backend docs (with the asset_pattern precedence rule and verification-consistency note), shared-options updates to gitlab/forgejo docs, and a migration note in the ubi docs.

Behavior & Semantics

A few decisions we made on purpose:

• Filter before autodetection, not after. ubi applies substring matching only as a tiebreaker after OS/arch filtering; we apply it before. This keeps one config portable across platforms and avoids the wrong-shared-prefix-binary problem from ubi #137 / mise #6611.
• matching and matching_regex are AND, and matching is case-sensitive. matching_regex supports inline (?i) if you want case-insensitive; if both options are set, an asset has to satisfy both.
• asset_pattern wins. When it's set, matching/matching_regex are ignored for both the binary and its provenance — silently, so even an invalid matching_regex is not validated or reported. That keeps a contradictory config from pointing provenance at a different binary than asset_pattern picked.

(Kept this short — happy to add more on any of it, like the full ubi comparison or why these options are top-level instead of per-platform.)

---

This PR was generated by an AI coding assistant.

Summary by CodeRabbit

• New Features

  • Added matching (substring) and matching_regex (regex) options for GitHub, GitLab, and Forgejo to narrow release asset candidates while preserving platform/OS/arch autodetection.

• Documentation

  • Expanded backend docs with usage examples, precedence rules (explicit asset_pattern wins), case/validation notes, migration guidance, and a warning about install-path/keying requiring distinct tool_alias to avoid overwrites.

• Bug Fixes

  • Invalid regexes now fail deterministically; lock generation skips unresolved entries.

• Tests

  • Added e2e tests for matching, regex, precedence, lockfile behavior, and multi-binary alias installs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 26e3463a-db01-4f08-9b6d-bd4c64f0da7a

📥 Commits

Reviewing files that changed from the base of the PR and between 9fe184b and 16ceffb.

📒 Files selected for processing (11)

• docs/dev-tools/backends/forgejo.md
• docs/dev-tools/backends/github.md
• docs/dev-tools/backends/gitlab.md
• docs/dev-tools/backends/ubi.md
• e2e/backend/test_forgejo_matching
• e2e/backend/test_github_matching
• e2e/backend/test_github_matching_lock
• e2e/backend/test_github_tool_alias_matching
• e2e/backend/test_gitlab_matching
• src/backend/asset_matcher.rs
• src/backend/github.rs

🚧 Files skipped from review as they are similar to previous changes (7)

• e2e/backend/test_forgejo_matching
• e2e/backend/test_github_matching
• e2e/backend/test_github_matching_lock
• e2e/backend/test_gitlab_matching
• e2e/backend/test_github_tool_alias_matching
• src/backend/asset_matcher.rs
• src/backend/github.rs

---

📝 Walkthrough

Walkthrough

Adds substring matching and regex matching_regex pre-filters to asset selection and provenance picking, threads them into GitHub/GitLab/Forgejo backends with lockfile serialization and early regex validation, updates docs, and adds unit and E2E tests verifying success and failure cases.

Changes

Multi-binary asset selection filtering

Layer / File(s)	Summary
Asset matcher filtering foundation src/backend/asset_matcher.rs	AssetPicker and AssetMatcher gain matching and matching_regex pre-filters (cached regex compile result with fail-closed semantics). apply_matching_filter ANDs substring and regex filters before scoring; validate_matching_regex provides hard validation. Unit tests cover filtering, invalid-regex handling, provenance alignment, and regressions.
Git backend matching wiring src/backend/github.rs	GitBackendOptions exposes matching/matching_regex and matching_for_provenance(target) (suppresses filters when asset_pattern is used). Options are serialized into lockfile/platform option maps and included in install-time keys. Regex validation runs early during install/lock resolution (unless asset_pattern is set). Provenance detection and verification build pickers with matching_for_provenance so provenance narrowing aligns with binary narrowing. Asset auto-detection branches thread filters while preserving asset_pattern precedence. Tests cover key inclusion, lockfile round-trip, suppression behavior, and cross-backend parity.
Backend documentation docs/dev-tools/backends/github.md, docs/dev-tools/backends/forgejo.md, docs/dev-tools/backends/gitlab.md, docs/dev-tools/backends/ubi.md	Docs updated to document matching/matching_regex usage (substring vs regex, case-sensitivity, AND semantics), CLI inline examples, asset_pattern precedence, provenance scoping, and the install-path keying caveat (reuse of same tool name/version with different matching overwrites unless tool_alias is used). UBI migration guidance added.
End-to-end validation e2e/backend/test_github_matching, e2e/backend/test_github_tool_alias_matching, e2e/backend/test_gitlab_matching, e2e/backend/test_forgejo_matching, e2e/backend/test_github_matching_lock	E2E scripts validate error cases (no-match, invalid regex), asset_pattern precedence over matching, successful installs and version checks, tool-alias multi-binary installs producing distinct directories and lockfile round-trips, GitLab parity, and a Forgejo script (disabled) documenting parity expectations. A lockfile regression test ensures invalid matching_regex does not write broken lock entries.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 I hop through release assets light,
I match and regex through the night,
GitHub, GitLab, Forgejo sing in tune,
Provenance aligned beneath the moon,
Aliases keep installs apart — hip-hop hooray!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: adding two new asset filter options (matching and matching_regex) to the GitHub backend, which is the primary feature introduced across all backend changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docs/dev-tools/backends/forgejo.md (1)

15-15: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove the duplicated bin= option in the example.

The inline command repeats the same key twice, which makes the example misleading and may break copy/paste usage.

🛠️ Suggested fix

-$ mise use -g forgejo:forgejo/runner[api_url=https://code.forgejo.org/api/v1,bin=forgejo-runner,bin=forgejo-runner]
+$ mise use -g forgejo:forgejo/runner[api_url=https://code.forgejo.org/api/v1,bin=forgejo-runner]

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/dev-tools/backends/forgejo.md` at line 15, The example command
duplicates the bin= option in the inline example (`$ mise use -g
forgejo:forgejo/runner[api_url=...,bin=forgejo-runner,bin=forgejo-runner]`);
remove the repeated `bin=forgejo-runner` so the bracketed options only include
each key once (e.g., keep `api_url=...` and a single `bin=forgejo-runner`) to
make the example correct and safe to copy/paste.

docs/dev-tools/backends/github.md (1)

61-183: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix the new anchor fragments in the docs.

The new intra-page links use hyphenated fragments like #asset-pattern and #matching-regex, but the corresponding headings are named with underscores (asset_pattern, matching_regex). markdownlint already flagged these, and they likely won’t resolve in the rendered docs. Please update the fragments consistently in GitHub, GitLab, and Forgejo.

🔧 Example fix

-[`matching_regex`](`#matching-regex`)
+[`matching_regex`](`#matching_regex`)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/dev-tools/backends/github.md` around lines 61 - 183, The intra-page
anchor fragments currently use hyphens (e.g. `#asset-pattern`, `#matching-regex`)
but the corresponding headings are named with underscores (asset_pattern,
matching_regex); update the documentation so anchors and headings match
consistently: either rename the headings to hyphenated forms (asset-pattern,
matching-regex) or change all fragment links to use underscores (`#asset_pattern`,
`#matching_regex`), and apply the same consistent fix for other headings mentioned
(e.g. version_prefix -> version-prefix if you choose hyphens) across GitHub,
GitLab, and Forgejo renderings to ensure links resolve.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/backend/github.rs`:
- Around line 516-521: The pre-validation call to
asset_matcher::validate_matching_regex runs even when install is using the
asset_pattern branch, causing installs to fail on ignored/invalid regex; change
UnifiedGitBackend::install_version_ (the function containing the current call to
asset_matcher::validate_matching_regex) to only validate matching_regex when
asset_pattern is not present (e.g., check opts.asset_pattern() / equivalent and
skip validate_matching_regex if an asset_pattern is supplied), and add a
regression test that exercises "asset_pattern + matching_regex=invalid" to
assert the install succeeds (or at least does not hard-fail) when asset_pattern
takes precedence.

---

Outside diff comments:
In `@docs/dev-tools/backends/forgejo.md`:
- Line 15: The example command duplicates the bin= option in the inline example
(`$ mise use -g
forgejo:forgejo/runner[api_url=...,bin=forgejo-runner,bin=forgejo-runner]`);
remove the repeated `bin=forgejo-runner` so the bracketed options only include
each key once (e.g., keep `api_url=...` and a single `bin=forgejo-runner`) to
make the example correct and safe to copy/paste.

In `@docs/dev-tools/backends/github.md`:
- Around line 61-183: The intra-page anchor fragments currently use hyphens
(e.g. `#asset-pattern`, `#matching-regex`) but the corresponding headings are named
with underscores (asset_pattern, matching_regex); update the documentation so
anchors and headings match consistently: either rename the headings to
hyphenated forms (asset-pattern, matching-regex) or change all fragment links to
use underscores (`#asset_pattern`, `#matching_regex`), and apply the same consistent
fix for other headings mentioned (e.g. version_prefix -> version-prefix if you
choose hyphens) across GitHub, GitLab, and Forgejo renderings to ensure links
resolve.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f36a5bb0-11bd-40be-a681-96827d370da2

📥 Commits

Reviewing files that changed from the base of the PR and between 234284e and d4ec110.

📒 Files selected for processing (10)

• docs/dev-tools/backends/forgejo.md
• docs/dev-tools/backends/github.md
• docs/dev-tools/backends/gitlab.md
• docs/dev-tools/backends/ubi.md
• e2e/backend/test_forgejo_matching
• e2e/backend/test_github_matching
• e2e/backend/test_github_tool_alias_matching
• e2e/backend/test_gitlab_matching
• src/backend/asset_matcher.rs
• src/backend/github.rs

[greptile-apps]

Greptile Summary

This PR adds matching (substring) and matching_regex (regex) pre-filter options to the GitHub, GitLab, and Forgejo backends, porting the feature from the ubi backend. The filters narrow the asset candidate set before platform autodetection, keeping a single config portable across OS/arch — unlike asset_pattern, which replaces autodetection entirely.

• Filters are threaded through all three resolve_*_asset_url_for_target functions and all three pick_best_provenance call sites, with asset_pattern taking precedence and suppressing the filters via matching_for_provenance.
• A previously-flagged issue where an invalid matching_regex in resolve_lock_info could write url-less lockfile entries is fixed: an early validate_matching_regex guard now propagates Err, causing the lock orchestration to skip the platform instead.
• 31 unit tests and 5 e2e test files (GitHub, GitLab, Forgejo) cover happy path, invalid-regex hard error, over-narrow fallback, lockfile round-trip, and asset_pattern precedence.

Confidence Score: 4/5

Safe to merge; the filter logic, precedence rules, and fail-closed error paths are well-exercised by unit and e2e tests.

The previously-flagged resolve_lock_info bug is correctly fixed. The remaining provenance-picker tie-break does not affect binary selection — only which of two identically-scored provenance files is used for SLSA verification — and the scenario requires two per-binary provenance files that both survive the matching filter, which is an uncommon release layout.

src/backend/asset_matcher.rs — the pick_best_provenance stable-sort + first() tie-break is the one spot that could produce a non-deterministic result when two filtered provenance files score identically.

Important Files Changed

Filename	Overview
src/backend/asset_matcher.rs	New matching/matching_regex pre-filter integrated into AssetPicker and AssetMatcher; provenance picker updated with fallback-on-empty logic; invalid regex fails closed on binary path and returns None on provenance path. Provenance tie-break remains positional after matching filter.
src/backend/github.rs	All three resolve functions (GitHub/GitLab/Forgejo) thread matching/matching_regex through AssetMatcher; install_version_ and resolve_lock_info both validate the regex up-front gated on asset_pattern precedence; all three pick_best_provenance call sites correctly suppress filters via matching_for_provenance when asset_pattern is set.
e2e/backend/test_github_matching	Well-structured e2e tests covering empty-filter failure, invalid regex hard-error, asset_pattern precedence (including precedence over an invalid matching_regex), and actual end-to-end install from real multi-binary releases.
e2e/backend/test_github_matching_lock	Regression test confirming that mise lock with an invalid matching_regex skips the platform (no url-less entry written) instead of silently producing a broken lockfile entry.
e2e/backend/test_github_tool_alias_matching	Tests multi-binary install via tool_alias + matching, lockfile round-trip, SLSA path exercise, and reinstall from lockfile for both oxc and buildtools repos.
docs/dev-tools/backends/github.md	Well-written docs adding matching/matching_regex sections, precedence rules, verification consistency note, and updated multiple-assets-from-the-same-release section with concrete oxc/buildtools examples.

_{Reviews (3): Last reviewed commit: "Merge branch 'main' into feat/github-mat..." | Re-trigger Greptile}

[coderabbitai]

🧹 Nitpick comments (1)

docs/dev-tools/backends/ubi.md (1)

6-9: ⚡ Quick win

Capitalize "GitHub" in prose references.

Lines 6 and 8 contain prose references to "github backend" that should follow standard English capitalization as "GitHub backend". Backend identifiers like github:owner/repo should remain lowercase, but narrative text should use the official "GitHub" capitalization.

📝 Proposed fix

-The github backend offers several advantages over ubi including provenance verification, download progress reports, and fewer dependencies. To migrate, replace `ubi:owner/repo` with `github:owner/repo` in your configuration files. The [`matching`](/dev-tools/backends/github.html#matching) and [`matching_regex`](/dev-tools/backends/github.html#matching-regex) options carry over. One behavioral difference is worth noting: ubi applies the substring `matching` only as a tiebreaker among assets that already match your OS/arch, and skips it when a single asset matches the platform. The github backend applies `matching` as a pre-filter before autodetection, so for multi-binary releases you get the binary your filter names, or a clear error naming the filter if it isn't published for your platform.
+The GitHub backend offers several advantages over ubi including provenance verification, download progress reports, and fewer dependencies. To migrate, replace `ubi:owner/repo` with `github:owner/repo` in your configuration files. The [`matching`](/dev-tools/backends/github.html#matching) and [`matching_regex`](/dev-tools/backends/github.html#matching-regex) options carry over. One behavioral difference is worth noting: ubi applies the substring `matching` only as a tiebreaker among assets that already match your OS/arch, and skips it when a single asset matches the platform. The GitHub backend applies `matching` as a pre-filter before autodetection, so for multi-binary releases you get the binary your filter names, or a clear error naming the filter if it isn't published for your platform.

-One migration gotcha: ubi folds `matching` into the install path, so you can install several binaries from one repo via separate `matching` values on the same `ubi:owner/repo` string. The github backend keeps the install path keyed by tool name + version only, so two `github:owner/repo` entries with different `matching` values resolve to the **same** directory and the second overwrites the first. If you rely on that ubi pattern, give each binary its own [`tool_alias`](/dev-tools/backends/github.html#multiple-assets-from-the-same-release) on github so each gets its own install directory.
+One migration gotcha: ubi folds `matching` into the install path, so you can install several binaries from one repo via separate `matching` values on the same `ubi:owner/repo` string. The GitHub backend keeps the install path keyed by tool name + version only, so two `github:owner/repo` entries with different `matching` values resolve to the **same** directory and the second overwrites the first. If you rely on that ubi pattern, give each binary its own [`tool_alias`](/dev-tools/backends/github.html#multiple-assets-from-the-same-release) on GitHub so each gets its own install directory.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/dev-tools/backends/ubi.md` around lines 6 - 9, Update prose references
of "github backend" to use the proper brand capitalization "GitHub backend"
while leaving inline code/identifiers like `github:owner/repo`, `matching`,
`matching_regex`, and `tool_alias` exactly as-is (lowercase/code spans).
Specifically, find the narrative mentions of "github backend" and change them to
"GitHub backend" (do not alter code-style or backtick-wrapped tokens such as
`github:owner/repo`).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/dev-tools/backends/ubi.md`:
- Around line 6-9: Update prose references of "github backend" to use the proper
brand capitalization "GitHub backend" while leaving inline code/identifiers like
`github:owner/repo`, `matching`, `matching_regex`, and `tool_alias` exactly
as-is (lowercase/code spans). Specifically, find the narrative mentions of
"github backend" and change them to "GitHub backend" (do not alter code-style or
backtick-wrapped tokens such as `github:owner/repo`).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a0889ebd-75b1-4a70-82ea-a4fa920e9ee6

📥 Commits

Reviewing files that changed from the base of the PR and between d4ec110 and 9fe184b.

📒 Files selected for processing (11)

• docs/dev-tools/backends/forgejo.md
• docs/dev-tools/backends/github.md
• docs/dev-tools/backends/gitlab.md
• docs/dev-tools/backends/ubi.md
• e2e/backend/test_forgejo_matching
• e2e/backend/test_github_matching
• e2e/backend/test_github_matching_lock
• e2e/backend/test_github_tool_alias_matching
• e2e/backend/test_gitlab_matching
• src/backend/asset_matcher.rs
• src/backend/github.rs

🚧 Files skipped from review as they are similar to previous changes (5)

• e2e/backend/test_gitlab_matching
• e2e/backend/test_github_matching
• e2e/backend/test_github_tool_alias_matching
• src/backend/github.rs
• src/backend/asset_matcher.rs

[devnulled]

Heads up: the failing e2e-0 / e2e-1 checks are unrelated to this PR — these are usage shell-completion tests, and this branch touches no completion code or mise.usage.kdl.

Root cause: mise.toml pins usage = "latest", and usage 3.5.0 changed zsh completion output (an extra tab when the description equals the value). e2e/tasks/test_task_completion and test_task_completion_global_cd still expect the single-tab format:

expected 'mise.toml\tmise.toml'
but got  'mise.toml\t\tmise.toml'

Since this branch is rebased onto current main and modifies no completion files, the failure reproduces independently of this change — it's the usage version, not this PR. main's CI was last green before usage 3.5.0 became the resolved latest, so a fresh run on main would hit the same thing.

The fix (update the completion-test expectations for usage 3.5, or pin usage) belongs on main rather than in this feature PR. Happy to open that separately if useful — otherwise I'll rebase here once it's resolved on main.

Comment posted by an AI coding assistant.

[devnulled]

Root cause found for the e2e-0 / e2e-1 failures (still unrelated to this PR — for whoever picks it up):

usage v3.5.0 intentionally changed its zsh completion output format (jdx/usage#666, release notes say it was "surfaced via jdx/mise tasks"):

The completion now builds its own display column and calls compadd directly … with descriptions padded for column alignment. Regenerate zsh completions to pick up the fix.

Concretely, completion lines went from value\tdescription to value\t\tdescription (an extra tab):

usage 3.5.0 emits:   mise.toml\t\tmise.toml
tests still expect:  mise.toml\tmise.toml

#10313 ("require usage 3.5") bumped the requirement and regenerated completions/_mise + mise.usage.kdl, but didn't update the inline expected strings in e2e/tasks/test_task_completion and e2e/tasks/test_task_completion_global_cd. Those tests install usage = "latest" (now 3.5.0) and assert the old single-tab format, so every assertion in both files fails.

Reproduces on a clean main checkout with usage 3.5.0 installed, so it's not introduced by this branch (which touches no completion code).

Likely fix: update the expected strings in those two test files to the new double-tab format (value\t\tdescription) — the same change applies to every assertion in both.

Comment posted by an AI coding assistant.