* docs: add Architecture Decision Records (ADRs)
Established a system for documenting architectural decisions.
- Created docs/adr directory
- Added ADR template (0000-template.md)
- Established ADR process in docs/adr/README.md
- Documented 4 key existing decisions (0001-0004)
- Integrated ADRs into mkdocs.yml and docs/index.md
* docs: add Architecture Decision Records (ADRs)
Established a system for documenting architectural decisions.
- Created docs/adr directory
- Added ADR template (0000-template.md)
- Established ADR process in docs/adr/README.md
- Documented 4 key existing decisions (0001-0004)
- Integrated ADRs into mkdocs.yml and docs/index.md
- Fixed formatting in pkg/io/local/client.go
* docs: add ADRs and fix auto-merge CI
- Added Architecture Decision Records (ADRs) to docs/adr/
- Integrated ADRs into mkdocs.yml and docs/index.md
- Localized .github/workflows/auto-merge.yml to fix "fatal: not a git repository" error in the reusable workflow by adding explicit --repo context.
* feat(cli): wire release command and add installer scripts
- Wire up `core build release` subcommand (was orphaned)
- Wire up `core monitor` command (missing import in full variant)
- Add installer scripts for Unix (.sh) and Windows (.bat)
- setup: Interactive with variant selection
- ci: Minimal for CI/CD environments
- dev: Full development variant
- go/php/agent: Targeted development variants
- All scripts include security hardening:
- Secure temp directories (mktemp -d)
- Architecture validation
- Version validation after GitHub API call
- Proper cleanup on exit
- PowerShell PATH updates on Windows (avoids setx truncation)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): add tar.xz support and unified installer scripts
- Add tar.xz archive support using Borg's compress package
- ArchiveXZ() and ArchiveWithFormat() for configurable compression
- Better compression ratio than gzip for release artifacts
- Consolidate 12 installer scripts into 2 unified scripts
- install.sh and install.bat with BunnyCDN edge variable support
- Subdomains: setup.core.help, ci.core.help, dev.core.help, etc.
- MODE and VARIANT transformed at edge based on subdomain
- Installers prefer tar.xz with automatic fallback to tar.gz
- Fixed CodeRabbit issues: HTTP status patterns, tar error handling,
verify_install params, VARIANT validation, CI PATH persistence
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: add build and release config files
- .core/build.yaml - cross-platform build configuration
- .core/release.yaml - release workflow configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: move plans from docs/ to tasks/
Consolidate planning documents in tasks/plans/ directory.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(install): address CodeRabbit review feedback
- Add curl timeout (--max-time) to prevent hanging on slow networks
- Rename TMPDIR to WORK_DIR to avoid clobbering system env var
- Add chmod +x to ensure binary has execute permissions
- Add error propagation after subroutine calls in batch file
- Remove System32 install attempt in CI mode (use consistent INSTALL_DIR)
- Fix HTTP status regex for HTTP/2 compatibility
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(rag): add Go RAG implementation with Qdrant + Ollama
Add RAG (Retrieval Augmented Generation) tools for storing documentation
in Qdrant vector database and querying with semantic search. This replaces
the Python tools/rag implementation with a native Go solution.
New commands:
- core rag ingest [directory] - Ingest markdown files into Qdrant
- core rag query [question] - Query vector database with semantic search
- core rag collections - List and manage Qdrant collections
Features:
- Markdown chunking by sections and paragraphs with overlap
- UTF-8 safe text handling for international content
- Automatic category detection from file paths
- Multiple output formats: text, JSON, LLM context injection
- Environment variable support for host configuration
Dependencies:
- github.com/qdrant/go-client (gRPC client)
- github.com/ollama/ollama/api (embeddings API)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(deploy): add pure-Go Ansible executor and Coolify API integration
Implement infrastructure deployment system with:
- pkg/ansible: Pure Go Ansible executor
- Playbook/inventory parsing (types.go, parser.go)
- Full execution engine with variable templating, loops, blocks,
conditionals, handlers, and fact gathering (executor.go)
- SSH client with key/password auth and privilege escalation (ssh.go)
- 35+ module implementations: shell, command, copy, template, file,
apt, service, systemd, user, group, git, docker_compose, etc. (modules.go)
- pkg/deploy/coolify: Coolify API client wrapping Python swagger client
- List/get servers, projects, applications, databases, services
- Generic Call() for any OpenAPI operation
- pkg/deploy/python: Embedded Python runtime for swagger client integration
- internal/cmd/deploy: CLI commands
- core deploy servers/projects/apps/databases/services/team
- core deploy call <operation> [params-json]
This enables Docker-free infrastructure deployment with Ansible-compatible
playbooks executed natively in Go.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(deploy): address linter warnings and build errors
- Fix fmt.Sprintf format verb error in ssh.go (remove unused stat command)
- Fix errcheck warnings by explicitly ignoring best-effort operations
- Fix ineffassign warning in cmd_ansible.go
All golangci-lint checks now pass for deploy packages.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style(deploy): fix gofmt formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(deploy): use known_hosts for SSH host key verification
Address CodeQL security alert by using the user's known_hosts file
for SSH host key verification when available. Falls back to accepting
any key only when known_hosts doesn't exist (common in containerized
or ephemeral environments).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ai,security,ide): add agentic MVP, security jobs, and Core IDE desktop app
Wire up AI infrastructure with unified pkg/ai package (metrics JSONL,
RAG integration), move RAG under `core ai rag`, add `core ai metrics`
command, and enrich task context with Qdrant documentation.
Add `--target` flag to all security commands for external repo scanning,
`core security jobs` for distributing findings as GitHub Issues, and
consistent error logging across scan/deps/alerts/secrets commands.
Add Core IDE Wails v3 desktop app with Angular 20 frontend, MCP bridge
(loopback-only HTTP server), WebSocket hub, and Claude Code bridge.
Production-ready with Lethean CIC branding, macOS code signing support,
and security hardening (origin validation, body size limits, URL scheme
checks, memory leak prevention, XSS mitigation).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address PR review comments from CodeRabbit, Copilot, and Gemini
Fixes across 25 files addressing 46+ review comments:
- pkg/ai/metrics.go: handle error from Close() on writable file handle
- pkg/ansible: restore loop vars after loop, restore become settings,
fix Upload with become=true and no password (use sudo -n), honour
SSH timeout config, use E() helper for contextual errors, quote git
refs in checkout commands
- pkg/rag: validate chunk config, guard negative-to-uint64 conversion,
use E() helper for errors, add context timeout to Ollama HTTP calls
- pkg/deploy/python: fix exec.ExitError type assertion (was os.PathError),
handle os.UserHomeDir() error
- pkg/build/buildcmd: use cmd.Context() instead of context.Background()
for proper Ctrl+C cancellation
- install.bat: add curl timeouts, CRLF line endings, use --connect-timeout
for archive downloads
- install.sh: use absolute path for version check in CI mode
- tools/rag: fix broken ingest.py function def, escape HTML in query.py,
pin qdrant-client version, add markdown code block languages
- internal/cmd/rag: add chunk size validation, env override handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(build): make release dry-run by default and remove darwin/amd64 target
Replace --dry-run (default false) with --we-are-go-for-launch (default
false) so `core build release` is safe by default. Remove darwin/amd64
from default build targets (arm64 only for macOS). Fix cmd_project.go
to use command context instead of context.Background().
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Design for moving cmd/ into self-registering packages in pkg/:
- RegisterCommands() pattern like RegisterLocales()
- rootCmd stored in core.App
- Build variants via import files with build tags
- Smaller attack surface through selective compilation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add pkg/process for spawning, monitoring, and orchestrating external
processes with Core ACTION integration:
- Service with framework.ServiceRuntime integration
- ACTION messages: ProcessStarted, ProcessOutput, ProcessExited
- RingBuffer for output capture
- Runner for orchestration (RunAll, RunSequential, RunParallel)
- Dependency graph support for QA pipelines
- Global convenience functions following i18n patterns
Also add docs/pkg/PACKAGE_STANDARDS.md defining how to create Core
packages, using pkg/i18n as the reference implementation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documents the four dispatch patterns (ACTION, QUERY, QUERYALL, PERFORM),
worker bundle architecture, and permissions-through-presence model.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove inline YAML from all index.md files
- Add fragment links to corresponding example.md sections
- Create ai/example.md for workflow examples
- Add missing configs to example.md files (test.yaml, php.yaml, etc)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- php: comprehensive rewrite with all 20+ subcommands documented
- pkg: added full documentation with flags and examples
- vm: added examples and detail for all commands
- TODO.md: updated to show current coverage (12/13 at 100%)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create docs/cmd/ai/index.md with full task management documentation
- Add ai command to main docs/cmd/index.md command list
- Update docs/cmd/dev/index.md to point to ai for task commands
- Update TODO.md to reflect current documentation state
Task commands (tasks, task, task:update, task:complete, task:commit, task:pr)
have moved from dev to ai package.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Move CLI commands into subdirectories matching command hierarchy:
dev/, go/, php/, build/, ci/, sdk/, pkg/, vm/, docs/, setup/, doctor/, test/, ai/
- Create shared/ package for common styles and utilities
- Add new `core ai` root command with claude subcommand
- Update package declarations and imports across all files
- Create commands.go entry points for each package
- Remove GUI-related files (moved to core-gui repo)
This makes the filesystem structure match the CLI command structure,
improving context capture and code organization.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- php: add serve flags, packages subcommands, all commands
- pkg: fix description (GitHub repos not Go modules), add --add flag
- setup: replace --path/--ssh with --dry-run/--only
- doctor: add --verbose flag
- test: full documentation with all flags and JSON output
- Cleaned up TODO.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Generated by comparing `core --help` output against docs.
Lists missing commands, flags, and discrepancies.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Multi-repo commands are under 'core dev':
- core dev work, core dev health, core dev commit, etc.
Not root-level commands.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- dev is for portable LinuxKit environment, not multi-repo commands
- Multi-repo commands (work, health, commit, etc.) are root-level
- Added See Also link to work/ for multi-repo docs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Commands documented inline don't need directory links.
Only link to directories that actually exist.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update docs/index.md with correct directory links
- Fix relative path errors in subcommand docs
- Update core release → core ci references
- Expand vm/index.md with full command documentation
- Fix See Also sections across all docs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Each command directory now has both index.md (reference) and
example.md (usage examples and configuration samples).
Also adds exception for docs/cmd/build in .gitignore.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add example.md alongside index.md for config/usage samples
- Add ci subcommands: init, changelog, version
- Fix ci/index.md to reference correct commands (was release)
- Update references from config.md to example.md
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
S3.4 - Add `core release --target sdk` to generate SDKs as a
separate release target with breaking change detection.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
13 tasks with TDD approach:
- Package structure and config
- Image sources (GitHub, CDN)
- ImageManager with manifest tracking
- Boot/Stop/Status
- Shell (SSH + serial console)
- Test detection and execution
- Serve with project mounting
- Claude sandbox with auth forwarding
- CLI commands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Design for portable dev environment commands:
- core dev install/boot/shell/serve/test/update/status/stop
- core dev claude - sandboxed AI session with auth forwarding
- Image sources: GitHub Releases, Container Registry, CDN
- Mount & serve with auto-detection
- Test config via .core/test.yaml
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add sdk-full.yaml example showing full SDK generation configuration
including spec path, languages, package naming, diff detection,
and publish settings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
