* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Fix loader to properly detect noun form objects by checking for
one/other structure before processing, preventing false positives
on objects that happen to be under gram.noun.* path
- Add comprehensive i18n strings for CLI commands including long
descriptions, flag help text, and status labels
- Add .claude/ project settings for Claude Code integration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(github): add issue templates and auto-labeler
- Add bug_report.yml and feature_request.yml templates
- Add config.yml for issue creation options
- Add auto-label.yml workflow to label issues based on content
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(php): add --json and --sarif flags to QA commands
Adds machine-readable output support to PHP quality assurance commands:
- test: --json flag for JUnit XML output
- fmt: --json flag for JSON formatted output from Pint
- stan: --json and --sarif flags for PHPStan output
- psalm: --json and --sarif flags for Psalm output
- qa: --json flag for JSON summary output
SARIF output enables integration with GitHub Security tab for
static analysis results.
Closes#51
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(php): address CodeRabbit review feedback
- Guard progress messages when JSON/SARIF output is enabled
- Guard success messages when JSON/SARIF output is enabled
- Guard QA results display when JSON output is enabled
- Rename misleading JSON field to JUnit in TestOptions (outputs JUnit XML)
- Add mutual exclusion validation for --json and --sarif flags
- Remove empty conditional block in auto-label workflow
- Add i18n translation for json_sarif_exclusive error
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(php): additional CodeRabbit fixes
- Rename test --json flag to --junit (outputs JUnit XML, not JSON)
- Add actual JSON marshaling for QA command JSON output
- Add JSON tags to QARunResult and QACheckRunResult structs
- Add i18n translation for junit flag
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(dev): add safe git operations for AI agents
Adds agent-safe commands to prevent common git mistakes:
- `core dev sync <file> --to="pattern"`: Sync files across repos
- Auto-pulls before copying (safe sync)
- Optional commit with --message
- Optional push with --push
- Dry-run mode with --dry-run
- `core dev apply --command="..."`: Run commands across repos
- Execute shell commands in each repo
- Execute scripts with --script
- Optional commit/push after changes
- Continue on error with --continue
- Filter repos with --repos
Safety features:
- Never force push
- Auto-pull before push on rejection
- Report failures without stopping other repos
- Dry-run support for previewing changes
Closes#53
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(dev): address CodeRabbit review feedback
- Use errors.E() for consistent error handling in cmd_apply.go and cmd_file_sync.go
- Add path traversal validation to reject ".." in source paths
- Execute scripts directly to honor shebangs (not via sh)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(php): add CI/CD pipeline command
Adds `core php ci` command for CI/CD integration:
- Runs all QA checks in optimal order (test, stan, psalm, fmt, audit, security)
- Generates combined reports in multiple formats:
- JSON (--json) for machine consumption
- Markdown summary (--summary) for PR comments
- SARIF (--sarif) for static analysis tools
- Uploads SARIF to GitHub Security tab (--upload-sarif)
- Configurable failure threshold (--fail-on=critical|high|warning)
Example usage:
core php ci # Run full pipeline
core php ci --json # Output JSON report
core php ci --summary # Output markdown for PR
core php ci --sarif --upload-sarif # Generate and upload SARIF
Closes#52
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(php): address CodeRabbit review feedback on CI command
- Remove unused --parallel flag
- Validate git SHA before SARIF upload
- Properly handle and validate SARIF generation output
- Exit with correct code when --json flag is used and pipeline fails
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(security): add core security command for vulnerability alerts
Adds `core security` command area to expose GitHub security data:
- `core security alerts` - aggregated view of all security alerts
- `core security deps` - Dependabot vulnerability alerts with upgrade paths
- `core security scan` - CodeQL and code scanning alerts
- `core security secrets` - secret scanning alerts
Features:
- Filter by --repo, --severity (critical,high,medium,low)
- JSON output with --json for AI agent consumption
- Aggregated summary with severity breakdown
- Shows patched versions for easy upgrades
Closes#48
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): address CodeRabbit review feedback
- Remove unused flattened fields from DependabotAlert struct
- Add Unknown field to AlertSummary for unrecognized severities
- Add doc comments for exported Add and String methods
- Use cli.Wrap for contextual error wrapping
- Fix secret scanning summary counting after filter
- Remove unused --vulnerable flag from deps command
- Fix JSON output to only include open alerts in secrets command
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): handle json.MarshalIndent errors
Address CodeRabbit review feedback by properly handling errors from
json.MarshalIndent in all security subcommands instead of ignoring them.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(monitor): add security findings aggregation command
Implements `core monitor` to aggregate security findings from GitHub:
- Code scanning alerts (Semgrep, Trivy, Gitleaks, CodeQL, etc.)
- Dependabot vulnerability alerts
- Secret scanning alerts
Features:
- Scan current repo, specific repo, or all repos via registry
- Filter by severity (--severity critical,high)
- JSON output for piping to other tools (--json)
- Grouped output by repo with severity highlighting
Closes#49
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(monitor): address CodeRabbit review feedback
- Fix DependabotAlert JSON parsing with proper nested struct for
dependency.manifest_path field
- Remove unnecessary --jq flag from code scanning API call
- Fix truncate() to use runes for proper UTF-8 handling
- Sort repo names for deterministic output ordering
- Document hardcoded org fallback behavior
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(monitor): improve error handling per CodeRabbit review
- Use errors.E() consistently instead of errors.Wrap()
- Pass underlying errors to errors.E() for better context
- Return errors from fetch functions instead of swallowing
- Distinguish expected conditions (feature not enabled) from real errors
- Display fetch warnings in non-JSON mode
- Continue scanning other repos even if one fails
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add qa watch command for CI monitoring (#47)
Implements `core qa watch` to monitor GitHub Actions after a push:
- Polls workflow runs for a commit until completion
- Shows live progress with pass/fail counts
- On failure, shows job name, failed step, and link to logs
- Exits with appropriate code (0 = passed, 1 = failed)
Usage:
core qa watch # Watch current repo's HEAD
core qa watch --repo X # Watch specific repo
core qa watch --timeout 5m # Custom timeout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): address CodeRabbit feedback on watch command
- Add length check before slicing commitSha to prevent panic on short SHAs
- Count all non-success conclusions as failures (cancelled, timed_out, etc.)
- Use errors.E/Wrap pattern for consistent error handling with operation context
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add context-aware commands and log parsing
- Use exec.CommandContext with timeout context for all gh invocations
so commands are cancelled when deadline expires
- Implement fetchErrorFromLogs using 'gh run view --log-failed'
to extract first meaningful error line from failed workflows
- Pass context through call chain for proper timeout propagation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add review command for PR status (#62)
Add `core qa review` command to show PR review status with actionable
next steps. Answers: "What do I need to do to get my PRs merged?"
and "What reviews am I blocking?"
Features:
- Shows your open PRs with merge status (CI, reviews, conflicts)
- Shows PRs where your review is requested
- Provides actionable suggestions (rebase, address feedback, etc.)
- Flags: --mine, --requested, --repo
Closes#62
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add review command for PR status (#62)
Add `core qa review` command to show PR review status with actionable
next steps. Answers: "What do I need to do to get my PRs merged?"
and "What reviews am I blocking?"
Features:
- Shows your open PRs with merge status (CI, reviews, conflicts)
- Shows PRs where your review is requested
- Provides actionable suggestions (rebase, address feedback, etc.)
- Flags: --mine, --requested, --repo
Closes#62
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): address CodeRabbit feedback on review command
- Fix truncate to use runes for UTF-8 safe string slicing
- Remove unused user parameter from showMyPRs and showRequestedReviews
- Remove unused getCurrentUser function
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): remove duplicate i18n block and improve error handling
- Remove duplicate cmd.qa block in en_GB.json
- Use errors.E consistently for error wrapping
- Require --repo flag when not in a git repository
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix(i18n): restore missing translation keys for health command
The locale consolidation in 39de3c2 removed keys still used by
cmd_health.go. Added back:
- cmd.dev.health.* keys (long, repos, to_push, to_pull, etc.)
- common.status.* keys (dirty, clean, synced, up_to_date)
- common.flag.registry
Also fixed workspace.LoadConfig() returning default PackagesDir
when no .core/workspace.yaml exists, which was overriding repo
paths from repos.yaml.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add nil checks for workspace.LoadConfig callers
LoadConfig now returns nil when no .core/workspace.yaml exists.
Added defensive nil checks to all callers to prevent panics.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: align workspace.LoadConfig error handling
Both call sites now gracefully ignore errors and fall back to defaults,
since workspace config is optional for setup commands.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add qa watch command for CI monitoring (#47)
Implements `core qa watch` to monitor GitHub Actions after a push:
- Polls workflow runs for a commit until completion
- Shows live progress with pass/fail counts
- On failure, shows job name, failed step, and link to logs
- Exits with appropriate code (0 = passed, 1 = failed)
Usage:
core qa watch # Watch current repo's HEAD
core qa watch --repo X # Watch specific repo
core qa watch --timeout 5m # Custom timeout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): address CodeRabbit feedback on watch command
- Add length check before slicing commitSha to prevent panic on short SHAs
- Count all non-success conclusions as failures (cancelled, timed_out, etc.)
- Use errors.E/Wrap pattern for consistent error handling with operation context
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add context-aware commands and log parsing
- Use exec.CommandContext with timeout context for all gh invocations
so commands are cancelled when deadline expires
- Implement fetchErrorFromLogs using 'gh run view --log-failed'
to extract first meaningful error line from failed workflows
- Pass context through call chain for proper timeout propagation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(setup): add github command for repo configuration (#45)
Implements `core setup github` to configure GitHub repos with org
standards including labels, webhooks, branch protection, and security
settings. Supports dry-run mode, per-repo or all-repos operation, and
selective sync of specific settings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(setup): address CodeRabbit feedback on github command
- Sort map keys for deterministic diff output in github_diff.go
- Preserve partial results by adding changes before continue on errors
- Reject conflicting --repo and --all flags with clear error message
- Allow empty webhook URLs (skip instead of error) for optional env vars
- Add content_type comparison in webhook sync
- Add required_status_checks comparison in branch protection sync
- Add DisableDependabotSecurityUpdates for bidirectional security control
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(setup): address additional CodeRabbit feedback
- Use filepath.Join for OS-portable path construction in github_config.go
- Fix stringSliceEqual to use frequency counting for proper duplicate handling
- Simplify change accumulation with variadic append
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Add i18n.RegisterLocales(fsys, dir) for packages to register translations
- Locales are automatically loaded when i18n.Init() is called
- Fix gram.word.* loading bug (strings were in wrong switch case)
- Fix loadJSON to merge messages instead of replacing
- Add common.* keys to base locale (labels, flags, progress, etc.)
- Add pkg/php/locales with PHP-specific translations
- pkg/php/i18n.go registers locales via init()
This enables the idiomatic pattern where packages register their
locale files and they're automatically loaded by the i18n system.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- LoadFS: Use path.Join instead of filepath.Join for fs.FS compatibility
- AddHandler: Document handler chain lock behavior
- getEffectiveFormality: Support string values ("formal", "informal")
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- service.go: Simplify Default() to just call Init() (sync.Once handles idempotency)
- service.go: Add nil check to SetDefault() with panic
- service.go: Add documentation for ModeStrict panic behavior
- loader.go: Add LanguagesErr() to expose directory scan errors
- loader.go: Use path.Join instead of filepath.Join for fs.FS compatibility
- transform.go: Add uint, uint8-64, int8, int16 support to type converters
- grammar.go: Replace deprecated strings.Title with unicode-aware implementation
- i18n_test.go: Add comprehensive concurrency tests with race detector
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- hooks.go: Use atomic.Value for missingKeyHandler global
- loader.go: Use sync.Once for FSLoader.Languages() caching
- service.go: Use atomic.Pointer[Service] for defaultService
All globals that could race between goroutines now use proper
synchronization primitives.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add NewWithLoader(loader, opts...) for custom storage backends
- Add Option type with WithFallback, WithFormality, WithHandlers,
WithDefaultHandlers, WithMode, WithDebug options
- Update New() and NewWithFS() to accept options
- Add loader field to Service struct
- Remove NewSubject() alias (use S() instead)
- Add tests for new options and NewWithLoader
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Article("") now returns "" for consistency with other grammar
functions (PastTense, Gerund, PluralForm, Label all return "")
- Add doc comment to getMessage() for consistency with other
internal helpers
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CurrentLanguage() now returns "en-GB" (fallback) instead of "" when
service is nil, consistent with other getters returning defaults
- Document why SetLanguage returns error (validates language tag) while
SetMode, SetFormality, SetDebug do not (just set values)
- Add "Does nothing if service not initialized" to Set* doc comments
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add explicit nil checks to toInt, toInt64, toFloat64 for consistency
- Standardize error messages to use %q for user-provided strings
- Export GetGrammarData for symmetry with SetGrammarData
- Standardize String() doc comments to "the TypeName" pattern
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add int32 and float32 handling to toInt() for consistency with
toInt64() and toFloat64()
- Remove unusable _() function (can't be called as i18n._())
- SetLanguage() now returns ErrServiceNotInitialized when service
is nil instead of silently succeeding
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove incorrect "Panics if called on nil receiver" from chainable
Subject methods (they actually return nil safely)
- Add Raw() as named alias for _() matching Service.Raw()
- Add package-level wrappers: SetLanguage(), CurrentLanguage(),
SetMode(), CurrentMode()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add CountString() to return count as string
- Fix FormalityString() to return string instead of Formality type
- Both Int and String getters now available for count field
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rename Subject getters from GetX() to idiomatic Go naming:
- GetCount → CountValue
- GetGender → GenderValue
- GetLocation → Location
- GetNoun → NounValue
- GetFormality → FormalityValue
Add comprehensive tests for checks.go and mutate.go functions
that will be useful for future CLDR plural category support.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove since this is a new package with no external users:
- SetActionHandler() - use OnMissingKey() instead
- MissingKeyAction type alias - use MissingKey instead
Update tests to use current API.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move all exported types to interfaces.go for consistent organisation.
Rename interface.go → interfaces.go.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move handler functions from mode.go to actions.go:
- OnMissingKey, SetActionHandler, dispatchMissingKey
mode.go now contains only Mode type and constants.
interface.go keeps all types/interfaces.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Consolidate all compose-related tests into a single file for better
organisation. The grammar composition tests that verify intent templates
now live alongside the Subject tests.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The "intents" concept is gone - this is now just test data for
verifying the grammar composition functions produce correct strings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add compose_intents_test.go with comprehensive tests that verify
the grammar engine can compose the same strings as intent templates
- Add irregular verbs: overwrite, reset, reboot
- Fix PastTense for words ending in -eed (proceed, succeed, exceed)
that were incorrectly treated as already being past tense
- Tests verify ActionResult, ActionFailed, Progress work for all
43 core intent verbs
- Demonstrates that semantic intents can be replaced by grammar
composition functions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
These are now redundant with the i18n.* namespace magic:
- P("fetch") → T("i18n.progress.fetch")
- PS("build", "x") → T("i18n.progress.build", "x")
- L("status") → T("i18n.label.status")
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move MissingKeyHandler, MissingKey, MissingKeyAction, and PluralRule
function types to interface.go for better discoverability.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move isVerbFormObject, isNounFormObject, hasPluralCategories,
isPluralObject to dedicated file.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move Service struct, methods, constructors, and singleton management
to dedicated file for better code organization.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add TimeAgo(t time.Time) for relative time strings
- Add FormatAgo(count, unit) for "N units ago" composition
- Add i18n.ago namespace pattern: T("i18n.ago", 5, "minute")
- Uses existing time.ago.{unit} keys with CLDR pluralization
- Remove local formatTimeAgo from cmd/php in favor of i18n.TimeAgo
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
