Fill all 568 missing translation keys in en_GB.json (765→1357 lines):
- 97 --help description keys (collect, ci, docs, dev, php, pkg, sdk, vm)
- 471 runtime keys (labels, errors, hints, progress, status messages)
- Add common.flag.follow, common.flag.tag, common.prompt.abort
Add completeness_test.go that scans all T() calls in source code and
verifies every cmd.*/common.* key exists using ModeStrict (panics on
missing). Catches translation gaps at test time instead of showing raw
keys in the CLI.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Remove StrictHostKeyChecking=no and implement proper host key verification
This commit addresses security concerns from the OWASP audit by enforcing
strict host key verification for all SSH and SCP commands.
Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible SSH client.
- Implemented a synchronous host key discovery mechanism during VM boot
using ssh-keyscan to populate ~/.core/known_hosts.
- Updated the devops Boot lifecycle to wait until the host key is verified.
- Ensured pkg/ansible correctly handles missing known_hosts files.
- Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort.
- Added CORE_SKIP_SSH_SCAN environment variable for test environments.
* Remove StrictHostKeyChecking=no and implement proper host key verification
Addresses security concerns from OWASP audit by enforcing strict host key
verification.
Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Added synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Fixed formatting issues identified by QA check.
* Secure SSH commands and fix auto-merge CI failure
Addresses OWASP security audit by enforcing strict host key verification
and fixes a CI failure in the auto-merge workflow.
Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible.
- Implemented synchronous host key discovery using ssh-keyscan during VM boot.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Added pkg/ansible/ssh_test.go to verify SSH client initialization.
- Fixed formatting in pkg/io/local/client.go.
- Fixed auto-merge.yml by inlining the script and providing repository context
to 'gh' command, resolving the "not a git repository" error in CI.
* Secure SSH, fix CI auto-merge, and resolve merge conflicts
This commit addresses the OWASP security audit by enforcing strict host key
verification and resolves persistent CI issues.
Security Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Implemented synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
CI and Maintenance:
- Fixed auto-merge.yml by inlining the script and adding repository context
to 'gh' command, resolving the "not a git repository" error in CI.
- Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch.
- Added pkg/ansible/ssh_test.go for SSH client verification.
- Fixed formatting in pkg/io/local/client.go to pass QA checks.
* Secure SSH and TLS connections, and fix CI issues
Addresses security concerns from OWASP audit and CodeQL by enforcing strict
host key verification and TLS certificate verification.
Security Changes:
- Enforced strict SSH host key checking in pkg/container and devops.
- Removed insecure SSH host key verification from pkg/ansible.
- Added synchronous host key discovery during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
skipping TLS verification for self-signed certificates.
CI and Maintenance:
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Added unit tests for secured Ansible SSH client.
- Fixed formatting issues identified by QA checks.
* fix: gofmt alignment in cmd_config.go
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Secure connections, fix CI auto-merge, and resolve formatting
Addresses OWASP security audit and CodeQL security alerts by enforcing
secure defaults for SSH and TLS connections.
Key changes:
- Enforced strict SSH host key checking (StrictHostKeyChecking=yes).
- Implemented synchronous host key verification during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
skipping TLS verification.
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Fixed formatting in internal/cmd/unifi/cmd_config.go and pkg/io/local/client.go.
- Added unit tests for secured Ansible SSH client.
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Claude <developers@lethean.io>
* security: sanitize user input in execInContainer
This change implements command injection protection for the 'vm exec' command
by adding a command whitelist and robust shell argument escaping.
Changes:
- Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote
arguments for the remote shell.
- Updated `LinuxKitManager.Exec` to escape all command arguments before
passing them to SSH.
- Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`.
- Added i18n support for new security-related error messages.
- Added unit tests for escaping logic and whitelist validation.
Fixes findings from OWASP Top 10 Security Audit (PR #205).
* security: sanitize user input in execInContainer
This change implements command injection protection for the 'vm exec' command
by adding a command whitelist and robust shell argument escaping.
Changes:
- Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote
arguments for the remote shell.
- Updated `LinuxKitManager.Exec` to escape all command arguments before
passing them to SSH.
- Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`.
- Added i18n support for new security-related error messages.
- Added unit tests for escaping logic and whitelist validation.
- Fixed minor formatting issue in `pkg/io/local/client.go`.
Fixes findings from OWASP Top 10 Security Audit (PR #205).
* security: sanitize user input in execInContainer
This change implements command injection protection for the 'vm exec' command
by adding a command whitelist and robust shell argument escaping.
Changes:
- Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote
arguments for the remote shell (mitigates SSH command injection).
- Updated `LinuxKitManager.Exec` to escape all command arguments.
- Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`.
- Added i18n support for new security-related error messages in `en_GB.json`.
- Added unit tests for escaping logic and whitelist validation.
- Fixed a minor pre-existing formatting issue in `pkg/io/local/client.go`.
Note: The 'merge / auto-merge' CI failure was identified as an external
reusable workflow issue (missing repository context for the 'gh' CLI), and
has been left unchanged to maintain PR scope and security policies.
Fixes findings from OWASP Top 10 Security Audit (PR #205).
* feat(cli): wire release command and add installer scripts
- Wire up `core build release` subcommand (was orphaned)
- Wire up `core monitor` command (missing import in full variant)
- Add installer scripts for Unix (.sh) and Windows (.bat)
- setup: Interactive with variant selection
- ci: Minimal for CI/CD environments
- dev: Full development variant
- go/php/agent: Targeted development variants
- All scripts include security hardening:
- Secure temp directories (mktemp -d)
- Architecture validation
- Version validation after GitHub API call
- Proper cleanup on exit
- PowerShell PATH updates on Windows (avoids setx truncation)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): add tar.xz support and unified installer scripts
- Add tar.xz archive support using Borg's compress package
- ArchiveXZ() and ArchiveWithFormat() for configurable compression
- Better compression ratio than gzip for release artifacts
- Consolidate 12 installer scripts into 2 unified scripts
- install.sh and install.bat with BunnyCDN edge variable support
- Subdomains: setup.core.help, ci.core.help, dev.core.help, etc.
- MODE and VARIANT transformed at edge based on subdomain
- Installers prefer tar.xz with automatic fallback to tar.gz
- Fixed CodeRabbit issues: HTTP status patterns, tar error handling,
verify_install params, VARIANT validation, CI PATH persistence
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: add build and release config files
- .core/build.yaml - cross-platform build configuration
- .core/release.yaml - release workflow configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: move plans from docs/ to tasks/
Consolidate planning documents in tasks/plans/ directory.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(install): address CodeRabbit review feedback
- Add curl timeout (--max-time) to prevent hanging on slow networks
- Rename TMPDIR to WORK_DIR to avoid clobbering system env var
- Add chmod +x to ensure binary has execute permissions
- Add error propagation after subroutine calls in batch file
- Remove System32 install attempt in CI mode (use consistent INSTALL_DIR)
- Fix HTTP status regex for HTTP/2 compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(rag): add Go RAG implementation with Qdrant + Ollama
Add RAG (Retrieval Augmented Generation) tools for storing documentation
in Qdrant vector database and querying with semantic search. This replaces
the Python tools/rag implementation with a native Go solution.
New commands:
- core rag ingest [directory] - Ingest markdown files into Qdrant
- core rag query [question] - Query vector database with semantic search
- core rag collections - List and manage Qdrant collections
Features:
- Markdown chunking by sections and paragraphs with overlap
- UTF-8 safe text handling for international content
- Automatic category detection from file paths
- Multiple output formats: text, JSON, LLM context injection
- Environment variable support for host configuration
Dependencies:
- github.com/qdrant/go-client (gRPC client)
- github.com/ollama/ollama/api (embeddings API)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(deploy): add pure-Go Ansible executor and Coolify API integration
Implement infrastructure deployment system with:
- pkg/ansible: Pure Go Ansible executor
- Playbook/inventory parsing (types.go, parser.go)
- Full execution engine with variable templating, loops, blocks,
conditionals, handlers, and fact gathering (executor.go)
- SSH client with key/password auth and privilege escalation (ssh.go)
- 35+ module implementations: shell, command, copy, template, file,
apt, service, systemd, user, group, git, docker_compose, etc. (modules.go)
- pkg/deploy/coolify: Coolify API client wrapping Python swagger client
- List/get servers, projects, applications, databases, services
- Generic Call() for any OpenAPI operation
- pkg/deploy/python: Embedded Python runtime for swagger client integration
- internal/cmd/deploy: CLI commands
- core deploy servers/projects/apps/databases/services/team
- core deploy call <operation> [params-json]
This enables Docker-free infrastructure deployment with Ansible-compatible
playbooks executed natively in Go.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(deploy): address linter warnings and build errors
- Fix fmt.Sprintf format verb error in ssh.go (remove unused stat command)
- Fix errcheck warnings by explicitly ignoring best-effort operations
- Fix ineffassign warning in cmd_ansible.go
All golangci-lint checks now pass for deploy packages.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style(deploy): fix gofmt formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(deploy): use known_hosts for SSH host key verification
Address CodeQL security alert by using the user's known_hosts file
for SSH host key verification when available. Falls back to accepting
any key only when known_hosts doesn't exist (common in containerized
or ephemeral environments).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ai,security,ide): add agentic MVP, security jobs, and Core IDE desktop app
Wire up AI infrastructure with unified pkg/ai package (metrics JSONL,
RAG integration), move RAG under `core ai rag`, add `core ai metrics`
command, and enrich task context with Qdrant documentation.
Add `--target` flag to all security commands for external repo scanning,
`core security jobs` for distributing findings as GitHub Issues, and
consistent error logging across scan/deps/alerts/secrets commands.
Add Core IDE Wails v3 desktop app with Angular 20 frontend, MCP bridge
(loopback-only HTTP server), WebSocket hub, and Claude Code bridge.
Production-ready with Lethean CIC branding, macOS code signing support,
and security hardening (origin validation, body size limits, URL scheme
checks, memory leak prevention, XSS mitigation).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address PR review comments from CodeRabbit, Copilot, and Gemini
Fixes across 25 files addressing 46+ review comments:
- pkg/ai/metrics.go: handle error from Close() on writable file handle
- pkg/ansible: restore loop vars after loop, restore become settings,
fix Upload with become=true and no password (use sudo -n), honour
SSH timeout config, use E() helper for contextual errors, quote git
refs in checkout commands
- pkg/rag: validate chunk config, guard negative-to-uint64 conversion,
use E() helper for errors, add context timeout to Ollama HTTP calls
- pkg/deploy/python: fix exec.ExitError type assertion (was os.PathError),
handle os.UserHomeDir() error
- pkg/build/buildcmd: use cmd.Context() instead of context.Background()
for proper Ctrl+C cancellation
- install.bat: add curl timeouts, CRLF line endings, use --connect-timeout
for archive downloads
- install.sh: use absolute path for version check in CI mode
- tools/rag: fix broken ingest.py function def, escape HTML in query.py,
pin qdrant-client version, add markdown code block languages
- internal/cmd/rag: add chunk size validation, env override handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(build): make release dry-run by default and remove darwin/amd64 target
Replace --dry-run (default false) with --we-are-go-for-launch (default
false) so `core build release` is safe by default. Remove darwin/amd64
from default build targets (arm64 only for macOS). Fix cmd_project.go
to use command context instead of context.Background().
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Fix loader to properly detect noun form objects by checking for
one/other structure before processing, preventing false positives
on objects that happen to be under gram.noun.* path
- Add comprehensive i18n strings for CLI commands including long
descriptions, flag help text, and status labels
- Add .claude/ project settings for Claude Code integration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(github): add issue templates and auto-labeler
- Add bug_report.yml and feature_request.yml templates
- Add config.yml for issue creation options
- Add auto-label.yml workflow to label issues based on content
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(php): add --json and --sarif flags to QA commands
Adds machine-readable output support to PHP quality assurance commands:
- test: --json flag for JUnit XML output
- fmt: --json flag for JSON formatted output from Pint
- stan: --json and --sarif flags for PHPStan output
- psalm: --json and --sarif flags for Psalm output
- qa: --json flag for JSON summary output
SARIF output enables integration with GitHub Security tab for
static analysis results.
Closes#51
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(php): address CodeRabbit review feedback
- Guard progress messages when JSON/SARIF output is enabled
- Guard success messages when JSON/SARIF output is enabled
- Guard QA results display when JSON output is enabled
- Rename misleading JSON field to JUnit in TestOptions (outputs JUnit XML)
- Add mutual exclusion validation for --json and --sarif flags
- Remove empty conditional block in auto-label workflow
- Add i18n translation for json_sarif_exclusive error
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(php): additional CodeRabbit fixes
- Rename test --json flag to --junit (outputs JUnit XML, not JSON)
- Add actual JSON marshaling for QA command JSON output
- Add JSON tags to QARunResult and QACheckRunResult structs
- Add i18n translation for junit flag
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(dev): add safe git operations for AI agents
Adds agent-safe commands to prevent common git mistakes:
- `core dev sync <file> --to="pattern"`: Sync files across repos
- Auto-pulls before copying (safe sync)
- Optional commit with --message
- Optional push with --push
- Dry-run mode with --dry-run
- `core dev apply --command="..."`: Run commands across repos
- Execute shell commands in each repo
- Execute scripts with --script
- Optional commit/push after changes
- Continue on error with --continue
- Filter repos with --repos
Safety features:
- Never force push
- Auto-pull before push on rejection
- Report failures without stopping other repos
- Dry-run support for previewing changes
Closes#53
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(dev): address CodeRabbit review feedback
- Use errors.E() for consistent error handling in cmd_apply.go and cmd_file_sync.go
- Add path traversal validation to reject ".." in source paths
- Execute scripts directly to honor shebangs (not via sh)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(php): add CI/CD pipeline command
Adds `core php ci` command for CI/CD integration:
- Runs all QA checks in optimal order (test, stan, psalm, fmt, audit, security)
- Generates combined reports in multiple formats:
- JSON (--json) for machine consumption
- Markdown summary (--summary) for PR comments
- SARIF (--sarif) for static analysis tools
- Uploads SARIF to GitHub Security tab (--upload-sarif)
- Configurable failure threshold (--fail-on=critical|high|warning)
Example usage:
core php ci # Run full pipeline
core php ci --json # Output JSON report
core php ci --summary # Output markdown for PR
core php ci --sarif --upload-sarif # Generate and upload SARIF
Closes#52
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(php): address CodeRabbit review feedback on CI command
- Remove unused --parallel flag
- Validate git SHA before SARIF upload
- Properly handle and validate SARIF generation output
- Exit with correct code when --json flag is used and pipeline fails
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(security): add core security command for vulnerability alerts
Adds `core security` command area to expose GitHub security data:
- `core security alerts` - aggregated view of all security alerts
- `core security deps` - Dependabot vulnerability alerts with upgrade paths
- `core security scan` - CodeQL and code scanning alerts
- `core security secrets` - secret scanning alerts
Features:
- Filter by --repo, --severity (critical,high,medium,low)
- JSON output with --json for AI agent consumption
- Aggregated summary with severity breakdown
- Shows patched versions for easy upgrades
Closes#48
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): address CodeRabbit review feedback
- Remove unused flattened fields from DependabotAlert struct
- Add Unknown field to AlertSummary for unrecognized severities
- Add doc comments for exported Add and String methods
- Use cli.Wrap for contextual error wrapping
- Fix secret scanning summary counting after filter
- Remove unused --vulnerable flag from deps command
- Fix JSON output to only include open alerts in secrets command
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): handle json.MarshalIndent errors
Address CodeRabbit review feedback by properly handling errors from
json.MarshalIndent in all security subcommands instead of ignoring them.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(monitor): add security findings aggregation command
Implements `core monitor` to aggregate security findings from GitHub:
- Code scanning alerts (Semgrep, Trivy, Gitleaks, CodeQL, etc.)
- Dependabot vulnerability alerts
- Secret scanning alerts
Features:
- Scan current repo, specific repo, or all repos via registry
- Filter by severity (--severity critical,high)
- JSON output for piping to other tools (--json)
- Grouped output by repo with severity highlighting
Closes#49
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(monitor): address CodeRabbit review feedback
- Fix DependabotAlert JSON parsing with proper nested struct for
dependency.manifest_path field
- Remove unnecessary --jq flag from code scanning API call
- Fix truncate() to use runes for proper UTF-8 handling
- Sort repo names for deterministic output ordering
- Document hardcoded org fallback behavior
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(monitor): improve error handling per CodeRabbit review
- Use errors.E() consistently instead of errors.Wrap()
- Pass underlying errors to errors.E() for better context
- Return errors from fetch functions instead of swallowing
- Distinguish expected conditions (feature not enabled) from real errors
- Display fetch warnings in non-JSON mode
- Continue scanning other repos even if one fails
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add qa watch command for CI monitoring (#47)
Implements `core qa watch` to monitor GitHub Actions after a push:
- Polls workflow runs for a commit until completion
- Shows live progress with pass/fail counts
- On failure, shows job name, failed step, and link to logs
- Exits with appropriate code (0 = passed, 1 = failed)
Usage:
core qa watch # Watch current repo's HEAD
core qa watch --repo X # Watch specific repo
core qa watch --timeout 5m # Custom timeout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): address CodeRabbit feedback on watch command
- Add length check before slicing commitSha to prevent panic on short SHAs
- Count all non-success conclusions as failures (cancelled, timed_out, etc.)
- Use errors.E/Wrap pattern for consistent error handling with operation context
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add context-aware commands and log parsing
- Use exec.CommandContext with timeout context for all gh invocations
so commands are cancelled when deadline expires
- Implement fetchErrorFromLogs using 'gh run view --log-failed'
to extract first meaningful error line from failed workflows
- Pass context through call chain for proper timeout propagation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add review command for PR status (#62)
Add `core qa review` command to show PR review status with actionable
next steps. Answers: "What do I need to do to get my PRs merged?"
and "What reviews am I blocking?"
Features:
- Shows your open PRs with merge status (CI, reviews, conflicts)
- Shows PRs where your review is requested
- Provides actionable suggestions (rebase, address feedback, etc.)
- Flags: --mine, --requested, --repo
Closes#62
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add review command for PR status (#62)
Add `core qa review` command to show PR review status with actionable
next steps. Answers: "What do I need to do to get my PRs merged?"
and "What reviews am I blocking?"
Features:
- Shows your open PRs with merge status (CI, reviews, conflicts)
- Shows PRs where your review is requested
- Provides actionable suggestions (rebase, address feedback, etc.)
- Flags: --mine, --requested, --repo
Closes#62
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): address CodeRabbit feedback on review command
- Fix truncate to use runes for UTF-8 safe string slicing
- Remove unused user parameter from showMyPRs and showRequestedReviews
- Remove unused getCurrentUser function
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): remove duplicate i18n block and improve error handling
- Remove duplicate cmd.qa block in en_GB.json
- Use errors.E consistently for error wrapping
- Require --repo flag when not in a git repository
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* fix(i18n): restore missing translation keys for health command
The locale consolidation in 39de3c2 removed keys still used by
cmd_health.go. Added back:
- cmd.dev.health.* keys (long, repos, to_push, to_pull, etc.)
- common.status.* keys (dirty, clean, synced, up_to_date)
- common.flag.registry
Also fixed workspace.LoadConfig() returning default PackagesDir
when no .core/workspace.yaml exists, which was overriding repo
paths from repos.yaml.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: add nil checks for workspace.LoadConfig callers
LoadConfig now returns nil when no .core/workspace.yaml exists.
Added defensive nil checks to all callers to prevent panics.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: align workspace.LoadConfig error handling
Both call sites now gracefully ignore errors and fall back to defaults,
since workspace config is optional for setup commands.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add qa watch command for CI monitoring (#47)
Implements `core qa watch` to monitor GitHub Actions after a push:
- Polls workflow runs for a commit until completion
- Shows live progress with pass/fail counts
- On failure, shows job name, failed step, and link to logs
- Exits with appropriate code (0 = passed, 1 = failed)
Usage:
core qa watch # Watch current repo's HEAD
core qa watch --repo X # Watch specific repo
core qa watch --timeout 5m # Custom timeout
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(qa): address CodeRabbit feedback on watch command
- Add length check before slicing commitSha to prevent panic on short SHAs
- Count all non-success conclusions as failures (cancelled, timed_out, etc.)
- Use errors.E/Wrap pattern for consistent error handling with operation context
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add context-aware commands and log parsing
- Use exec.CommandContext with timeout context for all gh invocations
so commands are cancelled when deadline expires
- Implement fetchErrorFromLogs using 'gh run view --log-failed'
to extract first meaningful error line from failed workflows
- Pass context through call chain for proper timeout propagation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(setup): add github command for repo configuration (#45)
Implements `core setup github` to configure GitHub repos with org
standards including labels, webhooks, branch protection, and security
settings. Supports dry-run mode, per-repo or all-repos operation, and
selective sync of specific settings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(setup): address CodeRabbit feedback on github command
- Sort map keys for deterministic diff output in github_diff.go
- Preserve partial results by adding changes before continue on errors
- Reject conflicting --repo and --all flags with clear error message
- Allow empty webhook URLs (skip instead of error) for optional env vars
- Add content_type comparison in webhook sync
- Add required_status_checks comparison in branch protection sync
- Add DisableDependabotSecurityUpdates for bidirectional security control
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(setup): address additional CodeRabbit feedback
- Use filepath.Join for OS-portable path construction in github_config.go
- Fix stringSliceEqual to use frequency counting for proper duplicate handling
- Simplify change accumulation with variadic append
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Add i18n.RegisterLocales(fsys, dir) for packages to register translations
- Locales are automatically loaded when i18n.Init() is called
- Fix gram.word.* loading bug (strings were in wrong switch case)
- Fix loadJSON to merge messages instead of replacing
- Add common.* keys to base locale (labels, flags, progress, etc.)
- Add pkg/php/locales with PHP-specific translations
- pkg/php/i18n.go registers locales via init()
This enables the idiomatic pattern where packages register their
locale files and they're automatically loaded by the i18n system.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move grammar data (verbs, nouns, articles) from "common" to "gram"
namespace - a tribute to Gram (grandmother) and short for grammar.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rewrite i18n package to handle nested JSON natively
- Remove go-i18n dependency in favour of simple custom implementation
- Flatten nested keys to dot notation internally (cli.confirm.yes)
- Support pluralisation with one/other keys
- Template interpolation with {{.Var}} syntax
- Update tests for new API and nested structure
Nested JSON is the standard format for translation tools,
making it easier to manage with external translation services.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add pkg/framework/core with GUI-agnostic DI/service framework
(extracted from core-gui, Wails dependencies removed)
- Add pkg/agentic/prompts with embedded commit instructions
- Improve dev push: detect uncommitted changes, offer Claude commit
- Add claudeEditCommit for cases needing Write/Edit permissions
- Add i18n keys for diverged branches and uncommitted changes
- Fix infinite loop when only untracked files remain after commit
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When push fails due to non-fast-forward rejection (local and remote
have diverged), offer to pull with rebase and retry the push instead
of just failing.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rename en.json to en_GB.json (British English)
- Add en_US.json with American spellings (color, analyze, etc.)
- Add en_AU.json for Australian English
- Set BritishEnglish as the bundle default language
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace hardcoded strings with i18n.T() calls across all cmd/* packages:
- ai, build, ci, dev, docs, doctor, go, php, pkg, sdk, setup, test, vm
Adds 500+ translation keys to en.json for command descriptions,
flag descriptions, labels, messages, and error strings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Service with embedded locale files (en, de)
- Auto-detect system language from LANG/LC_* env vars
- Template support for interpolation and pluralization
- Extensible: GUI can load additional translations via LoadFS()
- Global default service with T() shorthand
- Thread-safe with sync.RWMutex
Designed to be extended by core-gui which can import this
package and add GUI-specific translations on top.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move all Wails-dependent packages to core-gui repo:
- pkg/core, pkg/display, pkg/docs, pkg/help, pkg/ide
- pkg/runtime, pkg/webview, pkg/workspace, pkg/ws
- pkg/plugin, pkg/config, pkg/i18n, pkg/module
- pkg/crypt, pkg/io, pkg/process
Add pkg/errors with simple E() helper for error wrapping.
Update go.work to only include CLI-relevant packages.
CLI now builds with CGO_ENABLED=0 - no linker warnings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Removes the following unused packages:
- pkg/config
- pkg/display
- pkg/i18n
Also removes the dependencies from pkg/runtime and cleans up the go.mod and go.sum files.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
