2026-01-30 00:22:47 +00:00
|
|
|
package docs
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"io/fs"
|
|
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
|
|
|
|
"strings"
|
|
|
|
|
|
feat(mcp): add workspace root validation to prevent path traversal (#100)
* feat(mcp): add workspace root validation to prevent path traversal
- Add workspaceRoot field to Service for restricting file operations
- Add WithWorkspaceRoot() option for configuring the workspace directory
- Add validatePath() helper to check paths are within workspace
- Apply validation to all file operation handlers
- Default to current working directory for security
- Add comprehensive tests for path validation
Closes #82
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: move CLI commands from pkg/ to internal/cmd/
- Move 18 CLI command packages to internal/cmd/ (not externally importable)
- Keep 16 library packages in pkg/ (externally importable)
- Update all import paths throughout codebase
- Cleaner separation between CLI logic and reusable libraries
CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor,
php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace
Libraries remaining: agentic, build, cache, cli, container, devops,
errors, framework, git, i18n, io, log, mcp, process, release, repos
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(mcp): use pkg/io Medium for sandboxed file operations
Replace manual path validation with pkg/io.Medium for all file operations.
This delegates security (path traversal, symlink bypass) to the sandboxed
local.Medium implementation.
Changes:
- Add io.NewSandboxed() for creating sandboxed Medium instances
- Refactor MCP Service to use io.Medium instead of direct os.* calls
- Remove validatePath and resolvePathWithSymlinks functions
- Update tests to verify Medium-based behaviour
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: correct import path and workflow references
- Fix pkg/io/io.go import from core-gui to core
- Update CI workflows to use internal/cmd/updater path
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): address CodeRabbit review issues for path validation
- pkg/io/local: add symlink resolution and boundary-aware containment
- Reject absolute paths in sandboxed Medium
- Use filepath.EvalSymlinks to prevent symlink bypass attacks
- Fix prefix check to prevent /tmp/root matching /tmp/root2
- pkg/mcp: fix resolvePath to validate and return errors
- Changed resolvePath from (string) to (string, error)
- Update deleteFile, renameFile, listDirectory, fileExists to handle errors
- Changed New() to return (*Service, error) instead of *Service
- Properly propagate option errors instead of silently discarding
- pkg/io: wrap errors with E() helper for consistent context
- Copy() and MockMedium.Read() now use coreerr.E()
- tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines
- Fix hardcoded /tmp in TestPath to use t.TempDir()
- Add TestResolvePath_Bad_SymlinkTraversal test
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix gofmt formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix gofmt formatting across all files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 21:59:34 +00:00
|
|
|
"github.com/host-uk/core/internal/cmd/workspace"
|
2026-01-31 11:39:19 +00:00
|
|
|
"github.com/host-uk/core/pkg/cli"
|
feat(i18n): add translation keys to all CLI commands
Replace hardcoded strings with i18n.T() calls across all cmd/* packages:
- ai, build, ci, dev, docs, doctor, go, php, pkg, sdk, setup, test, vm
Adds 500+ translation keys to en.json for command descriptions,
flag descriptions, labels, messages, and error strings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 02:37:57 +00:00
|
|
|
"github.com/host-uk/core/pkg/i18n"
|
2026-02-02 04:20:18 +00:00
|
|
|
"github.com/host-uk/core/pkg/io"
|
2026-01-30 00:22:47 +00:00
|
|
|
"github.com/host-uk/core/pkg/repos"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// RepoDocInfo holds documentation info for a repo
|
|
|
|
|
type RepoDocInfo struct {
|
|
|
|
|
Name string
|
|
|
|
|
Path string
|
|
|
|
|
HasDocs bool
|
|
|
|
|
Readme string
|
|
|
|
|
ClaudeMd string
|
|
|
|
|
Changelog string
|
|
|
|
|
DocsFiles []string // All files in docs/ directory (recursive)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func loadRegistry(registryPath string) (*repos.Registry, string, error) {
|
|
|
|
|
var reg *repos.Registry
|
|
|
|
|
var err error
|
2026-02-01 01:59:27 +00:00
|
|
|
var registryDir string
|
2026-01-30 00:22:47 +00:00
|
|
|
|
|
|
|
|
if registryPath != "" {
|
2026-02-04 18:03:54 +00:00
|
|
|
reg, err = repos.LoadRegistry(io.Local, registryPath)
|
2026-01-30 00:22:47 +00:00
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return nil, "", cli.Wrap(err, i18n.T("i18n.fail.load", "registry"))
|
2026-01-30 00:22:47 +00:00
|
|
|
}
|
2026-02-01 01:59:27 +00:00
|
|
|
registryDir = filepath.Dir(registryPath)
|
2026-01-30 00:22:47 +00:00
|
|
|
} else {
|
2026-02-04 18:03:54 +00:00
|
|
|
registryPath, err = repos.FindRegistry(io.Local)
|
2026-01-30 00:22:47 +00:00
|
|
|
if err == nil {
|
2026-02-04 18:03:54 +00:00
|
|
|
reg, err = repos.LoadRegistry(io.Local, registryPath)
|
2026-01-30 00:22:47 +00:00
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return nil, "", cli.Wrap(err, i18n.T("i18n.fail.load", "registry"))
|
2026-01-30 00:22:47 +00:00
|
|
|
}
|
2026-02-01 01:59:27 +00:00
|
|
|
registryDir = filepath.Dir(registryPath)
|
2026-01-30 00:22:47 +00:00
|
|
|
} else {
|
|
|
|
|
cwd, _ := os.Getwd()
|
2026-02-04 18:03:54 +00:00
|
|
|
reg, err = repos.ScanDirectory(io.Local, cwd)
|
2026-01-30 00:22:47 +00:00
|
|
|
if err != nil {
|
2026-01-31 11:39:19 +00:00
|
|
|
return nil, "", cli.Wrap(err, i18n.T("i18n.fail.scan", "directory"))
|
2026-01-30 00:22:47 +00:00
|
|
|
}
|
2026-02-01 01:59:27 +00:00
|
|
|
registryDir = cwd
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Load workspace config to respect packages_dir
|
2026-02-01 02:07:26 +00:00
|
|
|
wsConfig, err := workspace.LoadConfig(registryDir)
|
2026-02-01 01:59:27 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, "", cli.Wrap(err, i18n.T("i18n.fail.load", "workspace config"))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
basePath := registryDir
|
|
|
|
|
|
2026-02-01 03:55:01 +00:00
|
|
|
if wsConfig != nil && wsConfig.PackagesDir != "" && wsConfig.PackagesDir != "./packages" {
|
2026-02-01 01:59:27 +00:00
|
|
|
pkgDir := wsConfig.PackagesDir
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 10:48:44 +00:00
|
|
|
|
2026-02-01 01:59:27 +00:00
|
|
|
// Expand ~
|
|
|
|
|
if strings.HasPrefix(pkgDir, "~/") {
|
|
|
|
|
home, _ := os.UserHomeDir()
|
|
|
|
|
pkgDir = filepath.Join(home, pkgDir[2:])
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !filepath.IsAbs(pkgDir) {
|
|
|
|
|
pkgDir = filepath.Join(registryDir, pkgDir)
|
|
|
|
|
}
|
|
|
|
|
basePath = pkgDir
|
|
|
|
|
|
|
|
|
|
// Update repo paths if they were relative to registry
|
|
|
|
|
// This ensures consistency when packages_dir overrides the default
|
|
|
|
|
reg.BasePath = basePath
|
|
|
|
|
for _, repo := range reg.Repos {
|
|
|
|
|
repo.Path = filepath.Join(basePath, repo.Name)
|
2026-01-30 00:22:47 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return reg, basePath, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func scanRepoDocs(repo *repos.Repo) RepoDocInfo {
|
|
|
|
|
info := RepoDocInfo{
|
|
|
|
|
Name: repo.Name,
|
|
|
|
|
Path: repo.Path,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for README.md
|
|
|
|
|
readme := filepath.Join(repo.Path, "README.md")
|
2026-02-02 04:20:18 +00:00
|
|
|
if io.Local.IsFile(readme) {
|
2026-01-30 00:22:47 +00:00
|
|
|
info.Readme = readme
|
|
|
|
|
info.HasDocs = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for CLAUDE.md
|
|
|
|
|
claudeMd := filepath.Join(repo.Path, "CLAUDE.md")
|
2026-02-02 04:20:18 +00:00
|
|
|
if io.Local.IsFile(claudeMd) {
|
2026-01-30 00:22:47 +00:00
|
|
|
info.ClaudeMd = claudeMd
|
|
|
|
|
info.HasDocs = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check for CHANGELOG.md
|
|
|
|
|
changelog := filepath.Join(repo.Path, "CHANGELOG.md")
|
2026-02-02 04:20:18 +00:00
|
|
|
if io.Local.IsFile(changelog) {
|
2026-01-30 00:22:47 +00:00
|
|
|
info.Changelog = changelog
|
|
|
|
|
info.HasDocs = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Recursively scan docs/ directory for .md files
|
|
|
|
|
docsDir := filepath.Join(repo.Path, "docs")
|
2026-02-02 04:20:18 +00:00
|
|
|
// Check if directory exists by listing it
|
|
|
|
|
if _, err := io.Local.List(docsDir); err == nil {
|
feat: infrastructure packages and lint cleanup (#281)
* ci: consolidate duplicate workflows and merge CodeQL configs
Remove 17 duplicate workflow files that were split copies of the
combined originals. Each family (CI, CodeQL, Coverage, PR Build,
Alpha Release) had the same job duplicated across separate
push/pull_request/schedule/manual trigger files.
Merge codeql.yml and codescan.yml into a single codeql.yml with
a language matrix covering go, javascript-typescript, python,
and actions — matching the previous default setup coverage.
Remaining workflows (one per family):
- ci.yml (push + PR + manual)
- codeql.yml (push + PR + schedule, all languages)
- coverage.yml (push + PR + manual)
- alpha-release.yml (push + manual)
- pr-build.yml (PR + manual)
- release.yml (tag push)
- agent-verify.yml, auto-label.yml, auto-project.yml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add collect, config, crypt, plugin packages and fix all lint issues
Add four new infrastructure packages with CLI commands:
- pkg/config: layered configuration (defaults → file → env → flags)
- pkg/crypt: crypto primitives (Argon2id, AES-GCM, ChaCha20, HMAC, checksums)
- pkg/plugin: plugin system with GitHub-based install/update/remove
- pkg/collect: collection subsystem (GitHub, BitcoinTalk, market, papers, excavate)
Fix all golangci-lint issues across the entire codebase (~100 errcheck,
staticcheck SA1012/SA1019/ST1005, unused, ineffassign fixes) so that
`core go qa` passes with 0 issues.
Closes #167, #168, #170, #250, #251, #252, #253, #254, #255, #256
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 11:34:43 +00:00
|
|
|
_ = filepath.WalkDir(docsDir, func(path string, d fs.DirEntry, err error) error {
|
2026-01-30 00:22:47 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
// Skip plans/ directory
|
|
|
|
|
if d.IsDir() && d.Name() == "plans" {
|
|
|
|
|
return filepath.SkipDir
|
|
|
|
|
}
|
|
|
|
|
// Skip non-markdown files
|
|
|
|
|
if d.IsDir() || !strings.HasSuffix(d.Name(), ".md") {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
// Get relative path from docs/
|
|
|
|
|
relPath, _ := filepath.Rel(docsDir, path)
|
|
|
|
|
info.DocsFiles = append(info.DocsFiles, relPath)
|
|
|
|
|
info.HasDocs = true
|
|
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return info
|
|
|
|
|
}
|