* feat(help): Add CLI help command
Fixes#136
* chore: remove binary
* feat(mcp): Add TCP transport
Fixes#126
* feat(io): Migrate pkg/mcp to use Medium abstraction
Fixes#103
* chore(io): Migrate internal/cmd/docs/* to Medium abstraction
Fixes#113
* chore(io): Migrate internal/cmd/dev/* to Medium abstraction
Fixes#114
* chore(io): Migrate internal/cmd/setup/* to Medium abstraction
* chore(io): Complete migration of internal/cmd/dev/* to Medium abstraction
* chore(io): Migrate internal/cmd/sdk, pkgcmd, and workspace to Medium abstraction
* style: fix formatting in internal/variants
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(io): simplify local Medium implementation
Rewrote to match the simpler TypeScript pattern:
- path() sanitizes and returns string directly
- Each method calls path() once
- No complex symlink validation
- Less code, less attack surface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(mcp): update sandboxing tests for simplified Medium
The simplified io/local.Medium implementation:
- Sanitizes .. to . (no error, path is cleaned)
- Allows absolute paths through (caller validates if needed)
- Follows symlinks (no traversal blocking)
Update tests to match this simplified behavior.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(updater): resolve PkgVersion duplicate declaration
Remove var PkgVersion from updater.go since go generate creates
const PkgVersion in version.go. Track version.go in git to ensure
builds work without running go generate first.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(io): add pkg/io with symlink-safe path validation
- Add pkg/io with Medium interface for filesystem abstraction
- Add pkg/io/local with sandboxed filesystem implementation
- Add symlink-safe path validation to prevent bypass attacks
- Add sentinel errors (ErrPathTraversal, ErrSymlinkTraversal)
- Add NewSandboxed() for creating sandboxed Medium instances
- Add MockMedium for testing
Closes#169
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(io): extend Medium interface with Delete, Rename, List, Stat operations
Add missing filesystem operations to Medium interface:
- Delete(path) - removes file or empty directory
- DeleteAll(path) - removes path and contents recursively
- Rename(old, new) - moves or renames files/directories
- Exists(path) - checks if path exists
- IsDir(path) - checks if path is a directory
- List(path) - returns directory contents as []os.DirEntry
- Stat(path) - returns file info as os.FileInfo
Implements both local.Medium and MockMedium with full support.
Closes#102
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(io): MockMedium.Read returns os.ErrNotExist for consistency
Ensures os.IsNotExist(err) works with MockMedium like with real filesystem.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
* feat(mcp): add workspace root validation to prevent path traversal
- Add workspaceRoot field to Service for restricting file operations
- Add WithWorkspaceRoot() option for configuring the workspace directory
- Add validatePath() helper to check paths are within workspace
- Apply validation to all file operation handlers
- Default to current working directory for security
- Add comprehensive tests for path validation
Closes#82
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: move CLI commands from pkg/ to internal/cmd/
- Move 18 CLI command packages to internal/cmd/ (not externally importable)
- Keep 16 library packages in pkg/ (externally importable)
- Update all import paths throughout codebase
- Cleaner separation between CLI logic and reusable libraries
CLI commands moved: ai, ci, dev, docs, doctor, gitcmd, go, monitor,
php, pkgcmd, qa, sdk, security, setup, test, updater, vm, workspace
Libraries remaining: agentic, build, cache, cli, container, devops,
errors, framework, git, i18n, io, log, mcp, process, release, repos
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(mcp): use pkg/io Medium for sandboxed file operations
Replace manual path validation with pkg/io.Medium for all file operations.
This delegates security (path traversal, symlink bypass) to the sandboxed
local.Medium implementation.
Changes:
- Add io.NewSandboxed() for creating sandboxed Medium instances
- Refactor MCP Service to use io.Medium instead of direct os.* calls
- Remove validatePath and resolvePathWithSymlinks functions
- Update tests to verify Medium-based behaviour
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: correct import path and workflow references
- Fix pkg/io/io.go import from core-gui to core
- Update CI workflows to use internal/cmd/updater path
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(security): address CodeRabbit review issues for path validation
- pkg/io/local: add symlink resolution and boundary-aware containment
- Reject absolute paths in sandboxed Medium
- Use filepath.EvalSymlinks to prevent symlink bypass attacks
- Fix prefix check to prevent /tmp/root matching /tmp/root2
- pkg/mcp: fix resolvePath to validate and return errors
- Changed resolvePath from (string) to (string, error)
- Update deleteFile, renameFile, listDirectory, fileExists to handle errors
- Changed New() to return (*Service, error) instead of *Service
- Properly propagate option errors instead of silently discarding
- pkg/io: wrap errors with E() helper for consistent context
- Copy() and MockMedium.Read() now use coreerr.E()
- tests: rename to use _Good/_Bad/_Ugly suffixes per coding guidelines
- Fix hardcoded /tmp in TestPath to use t.TempDir()
- Add TestResolvePath_Bad_SymlinkTraversal test
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix gofmt formatting
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix gofmt formatting across all files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Move all Wails-dependent packages to core-gui repo:
- pkg/core, pkg/display, pkg/docs, pkg/help, pkg/ide
- pkg/runtime, pkg/webview, pkg/workspace, pkg/ws
- pkg/plugin, pkg/config, pkg/i18n, pkg/module
- pkg/crypt, pkg/io, pkg/process
Add pkg/errors with simple E() helper for error wrapping.
Update go.work to only include CLI-relevant packages.
CLI now builds with CGO_ENABLED=0 - no linker warnings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move Go module from github.com/Snider/Core to github.com/host-uk/core
to match the new repository location under the host-uk organization.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor: Remove unused packages and flatten project structure
Removes the following unused packages:
- pkg/crypt
- pkg/workspace
- pkg/io
Moves the remaining packages (core, e, runtime) to the top level of the project.
Updates all import paths to reflect the new structure.
* refactor: Remove unused packages and flatten project structure
Removes the following unused packages:
- pkg/crypt
- pkg/workspace
- pkg/io
Moves the remaining packages (core, e, runtime) to the top level of the project.
Updates all import paths to reflect the new structure.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
