* ci(workflows): use host-uk/build@dev for releases
- Replace manual Go bootstrap with host-uk/build@dev action
- Add matrix builds for linux/amd64, linux/arm64, darwin/universal, windows/amd64
- Update README URLs from Snider/Core to host-uk/core
- Simplify artifact handling with merge-multiple
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs(mkdocs): update repo references to host-uk/core
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(coderabbit): disable auto-review, manual trigger only
Trigger with @coderabbitai review to control costs.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ci): implement semver release channels
- Rename dev-release.yml → alpha-release.yml
- Alpha builds: v0.0.4-alpha.{run_number} (prerelease)
- Add pr-build.yml for draft releases
- PR builds: v0.0.4-pr.{num}.bid.{id} (draft, not published)
- Add attestation permissions for SLSA compliance
- No more deleting/recreating dev tag
Versioning strategy:
- Draft: +pr.{NUM}.bid.{ID} (testable, not published)
- Alpha: -alpha.{N} (canary channel)
- Beta: -beta (quality scored)
- RC: -rc.{N} (release candidate)
- Stable: no suffix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(ci): use build@v3 and dot notation for versions
- Switch from host-uk/build@dev to host-uk/build@v3
- Use dots instead of + for build metadata (GitHub tag compatible)
- v0.0.4.pr.{num}.bid.{id} format for PR drafts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): update all actions to latest versions
- actions/setup-go: v5 → v6 (Go 1.25+ support)
- actions/upload-artifact: v4 → v6 (immutable artifacts)
- actions/download-artifact: v4 → v7 (attestations support)
- actions/github-script: v7 → v8 (Node 20)
- actions/checkout: standardized on v6
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci: temporarily use self-hosted runners
Testing build on local runners while GitHub hosted runners are backed up.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci: fix webkit dep for Ubuntu 20.04 runners
Fall back to libwebkit2gtk-4.0-dev on older Ubuntu.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: skip unwritable dir test when running as root
Docker self-hosted runners run as root, which can write anywhere.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci: revert to ubuntu-latest runners
Self-hosted runners need environment parity work (ARM64, root user, SDK tools).
Keep self-hosted for future local-llm integration tasks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(devops): migrate filesystem operations to io.Local abstraction
Migrate config.go:
- os.ReadFile → io.Local.Read
Migrate devops.go:
- os.Stat → io.Local.IsFile
Migrate images.go:
- os.MkdirAll → io.Local.EnsureDir
- os.Stat → io.Local.IsFile
- os.ReadFile → io.Local.Read
- os.WriteFile → io.Local.Write
Migrate test.go:
- os.ReadFile → io.Local.Read
- os.Stat → io.Local.IsFile
Migrate claude.go:
- os.Stat → io.Local.IsDir
Updated tests to reflect improved behavior:
- Manifest.Save() now creates parent directories
- hasFile() correctly returns false for directories
Part of #101 (io.Medium migration tracking issue).
Closes#107
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(io): migrate remaining packages to io.Local abstraction
Migrate filesystem operations to use the io.Local abstraction for
improved security, testability, and consistency:
- pkg/cache: Replace os.ReadFile, WriteFile, Remove, RemoveAll with
io.Local equivalents. io.Local.Write creates parent dirs automatically.
- pkg/agentic: Migrate config.go and context.go to use io.Local for
reading config files and gathering file context.
- pkg/repos: Use io.Local.Read, Exists, IsDir, List for registry
operations and git repo detection.
- pkg/release: Use io.Local for config loading, existence checks,
and artifact discovery.
- pkg/devops/sources: Use io.Local.EnsureDir for CDN download.
All paths are converted to absolute using filepath.Abs() before
calling io.Local methods to handle relative paths correctly.
Closes#104, closes#106, closes#108, closes#111
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(io): migrate pkg/cli and pkg/container to io.Local abstraction
Continue io.Medium migration for the remaining packages:
- pkg/cli/daemon.go: PIDFile Acquire/Release now use io.Local.Read,
Delete, and Write for managing daemon PID files.
- pkg/container/state.go: LoadState and SaveState use io.Local for
JSON state persistence. EnsureLogsDir uses io.Local.EnsureDir.
- pkg/container/templates.go: Template loading and directory scanning
now use io.Local.IsFile, IsDir, Read, and List.
- pkg/container/linuxkit.go: Image validation uses io.Local.IsFile,
log file check uses io.Local.IsFile. Streaming log file creation
(os.Create) remains unchanged as io.Local doesn't support streaming.
Closes#105, closes#107
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs(audit): add dependency security audit report
Complete security audit of all project dependencies:
- Run govulncheck: No vulnerabilities found
- Run go mod verify: All modules verified
- Document 15 direct dependencies and 161 indirect
- Assess supply chain risks: Low risk overall
- Verify lock files are committed with integrity hashes
- Provide CI integration recommendations
Closes#185
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(ci): build core CLI from source instead of downloading release
The workflows were trying to download from a non-existent release URL.
Now builds the CLI directly using `go build` with version injection.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: trigger CI with updated workflow
* chore(ci): add workflow_dispatch trigger for manual runs
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add workspace root validation to prevent path traversal
- Add workspaceRoot field to Service for restricting file operations
- Add WithWorkspaceRoot() option for configuring the workspace directory
- Add validatePath() helper to check paths are within workspace
- Apply validation to all file operation handlers
- Default to current working directory for security
- Add comprehensive tests for path validation
Closes#82
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: move CLI commands from pkg/ to internal/cmd/
- Move 18 CLI command packages to internal/cmd/ (not externally importable)
- Keep 16 library packages in pkg/ (externally importable)
- Update all import paths throughout codebase
- Cleaner separation between CLI logic and reusable libraries
CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor,
php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace
Libraries remaining: agentic, build, cache, cli, container, devops,
errors, framework, git, i18n, io, log, mcp, process, release, repos
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(mcp): use pkg/io Medium for sandboxed file operations
Replace manual path validation with pkg/io.Medium for all file operations.
This delegates security (path traversal, symlink bypass) to the sandboxed
local.Medium implementation.
Changes:
- Add io.NewSandboxed() for creating sandboxed Medium instances
- Refactor MCP Service to use io.Medium instead of direct os.* calls
- Remove validatePath and resolvePathWithSymlinks functions
- Update tests to verify Medium-based behaviour
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: correct import path and workflow references
- Fix pkg/io/io.go import from core-gui to core
- Update CI workflows to use internal/cmd/updater path
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): address CodeRabbit review issues for path validation
- pkg/io/local: add symlink resolution and boundary-aware containment
- Reject absolute paths in sandboxed Medium
- Use filepath.EvalSymlinks to prevent symlink bypass attacks
- Fix prefix check to prevent /tmp/root matching /tmp/root2
- pkg/mcp: fix resolvePath to validate and return errors
- Changed resolvePath from (string) to (string, error)
- Update deleteFile, renameFile, listDirectory, fileExists to handle errors
- Changed New() to return (*Service, error) instead of *Service
- Properly propagate option errors instead of silently discarding
- pkg/io: wrap errors with E() helper for consistent context
- Copy() and MockMedium.Read() now use coreerr.E()
- tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines
- Fix hardcoded /tmp in TestPath to use t.TempDir()
- Add TestResolvePath_Bad_SymlinkTraversal test
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix gofmt formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix gofmt formatting across all files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Add `core setup ci` command for generating installation scripts
- Supports bash, powershell, and GitHub Actions YAML output
- Configurable via .core/ci.yaml
- Auto-detects platform and uses Homebrew/Scoop/direct download
- Update all GitHub workflows to use global `core` binary:
- ci.yml: Uses `core go qa` for all quality checks
- coverage.yml: Uses `core go cov` for coverage
- release.yml: Uses `core build --ci` for cross-compilation
- dev-release.yml: Uses `core build --ci` for all targets
- Add .core/ci.yaml with default configuration
This ensures the CLI dogfoods itself across all CI operations,
validating the framework that the Web3 ecosystem builds from.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- ci.yml: Download latest dev release, run `core go qa`, build matrix
- release.yml: Use go-version-file, consistent artifact handling
- dev-release.yml: Add checksums, cleaner version string
- coverage.yml: Standardize setup-go version, add CLI verification
All workflows now use:
- go-version-file for consistent Go version
- upload-artifact@v4 / download-artifact@v4
- Proper version injection via ldflags
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(docs): respect workspace.yaml packages_dir setting (fixes#46)
* fix(workspace): improve config loading logic (CR feedback)
- Expand ~ before resolving relative paths in cmd_registry
- Handle LoadWorkspaceConfig errors properly
- Update Repo.Path when PackagesDir overrides default
- Validate workspace config version
- Add unit tests for workspace config loading
* docs: add comments and increase test coverage (CR feedback)
- Add docstrings to exported functions in pkg/cli
- Add unit tests for Semantic Output (pkg/cli/output.go)
- Add unit tests for CheckBuilder (pkg/cli/check.go)
- Add unit tests for IPC Query/Perform (pkg/framework/core)
* fix(test): fix panics and failures in php package tests
- Fix panic in TestLookupLinuxKit_Bad by mocking paths
- Fix assertion errors in TestGetSSLDir_Bad and TestGetPackageInfo_Bad
- Fix formatting in test files
* fix(test): correct syntax in services_extended_test.go
* fix(ci): point coverage workflow to go.mod instead of go.work
* fix(ci): build CLI before running coverage
* fix(ci): run go generate for updater package in coverage workflow
* fix(github): allow dry-run publish without gh CLI authentication
Moves validation check after dry-run check so tests can verify dry-run behavior in CI environments.
