mkwheels: add gh source mode (pypi/gh subcommands)

Vendor GitHub source releases that are not on PyPI (e.g. NetExec, which
also pulls git deps). New flag-based CLI with pypi/gh mode selectors:

  mkwheels pypi --name PKG --ver VER [--epoch N]
  mkwheels gh   --repo OWNER/REPO --ver VER [--name PKG] [--tag TAG] [--epoch N]

gh mode downloads the tagged source and uses `pip wheel` to build the
project plus its whole dependency tree (PyPI + git deps) into wheels;
`pip download <dir>` is wrong for a local source since it only resolves
metadata. Epoch auto-derives from the release published_at. selftest now
covers both modes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

1 files changed, 9 insertions, 9 deletions

diff --git a/docs/superpowers/specs/2026-06-26-mkwheels-gh-source-mode-design.md b/docs/superpowers/specs/2026-06-26-mkwheels-gh-source-mode-design.md
index f2b6a7a..ecf3ae6 100644
--- a/docs/superpowers/specs/2026-06-26-mkwheels-gh-source-mode-design.md
+++ b/docs/superpowers/specs/2026-06-26-mkwheels-gh-source-mode-design.md
@@ -22,8 +22,8 @@ breaking change to the current positional interface; acceptable because the
 only consumer (the netexec SlackBuild) is not yet written.
 
 ```
-mkwheels --pypi --name PKG --ver VER [--epoch N]
-mkwheels --gh   --repo OWNER/REPO --ver VER [--name PKG] [--tag TAG] [--epoch N]
+mkwheels pypi --name PKG --ver VER [--epoch N]
+mkwheels gh   --repo OWNER/REPO --ver VER [--name PKG] [--tag TAG] [--epoch N]
 ```
 
 ### Normalization
@@ -32,13 +32,13 @@ mkwheels --gh   --repo OWNER/REPO --ver VER [--name PKG] [--tag TAG] [--epoch N]
 - The normalized version is what appears in the output filename, always
   without a leading `v`: `<name>-wheels-<version>.tar.gz`.
 
-### `--gh` defaults
+### `gh` defaults
 
 - `--name`  → repo basename, lowercased (e.g. `Pennyw0rth/NetExec` → `netexec`).
 - `--tag`   → the normalized `--ver`.
 - `--epoch` → auto-derived from the GitHub release `published_at` (below).
 
-## `--gh` flow
+## `gh` flow
 
 1. **Resolve the release / ref and epoch.**
    GET `https://api.github.com/repos/<owner/repo>/releases/tags/<tag>`.
@@ -57,16 +57,16 @@ mkwheels --gh   --repo OWNER/REPO --ver VER [--name PKG] [--tag TAG] [--epoch N]
    project's metadata, resolves PyPI deps, and clones+builds the git deps into
    wheels. This is the only step that differs from PyPI mode.
 
-4. **Emit outputs (shared with `--pypi`).**
+4. **Emit outputs (shared with `pypi`).**
    Generate the pinned, hashed `requirements.txt` from the wheels dir, pack the
    normalized reproducible tarball, print epoch + md5. Identical to the current
    path.
 
-## `--pypi` flow
+## `pypi` flow
 
 Unchanged behavior from the current tool: resolve `<name>==<ver>` via
 `pip download`, auto-derive epoch from PyPI `upload_time_iso_8601` when
-`--epoch` is omitted. Only the surface changes: gated behind the `--pypi`
+`--epoch` is omitted. Only the surface changes: gated behind the `pypi`
 selector and switched from positionals to `--name` / `--ver` / `--epoch`.
 
 ## Shared internals
@@ -80,8 +80,8 @@ input — the SlackBuild installs from the wheels via `--no-index --find-links`.
 
 ## Selftest
 
-Keep the existing `--pypi` reproducibility check (two builds at a fixed epoch
-must be byte-identical). Add a `--gh` reproducibility check against a small,
+Keep the existing `pypi` reproducibility check (two builds at a fixed epoch
+must be byte-identical). Add a `gh` reproducibility check against a small,
 pure-Python, GitHub-tagged package so the run stays fast. Two builds at a fixed
 epoch must be byte-identical.