From af3299fb0b8a6056f25845c7b006de1b75fc8dde Mon Sep 17 00:00:00 2001 From: Snider Date: Tue, 17 Mar 2026 14:05:26 +0000 Subject: [PATCH 1/4] ci: add Core ecosystem CI workflow with CodeRabbit auto-fix Uses dAppCore/build actions for test, auto-fix on CodeRabbit changes, and auto-merge on CodeRabbit approval. Co-Authored-By: Virgil --- .github/workflows/ci.yml | 54 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..4963a87 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,54 @@ +name: CI + +on: + push: + branches: [main, dev] + pull_request: + branches: [main] + pull_request_review: + types: [submitted] + +jobs: + test: + if: github.event_name != 'pull_request_review' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dAppCore/build/actions/build/core@dev + with: + go-version: "1.26" + run-vet: "true" + + auto-fix: + if: > + github.event_name == 'pull_request_review' && + github.event.review.user.login == 'coderabbitai' && + github.event.review.state == 'changes_requested' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} + fetch-depth: 0 + - uses: dAppCore/build/actions/fix@dev + with: + go-version: "1.26" + + auto-merge: + if: > + github.event_name == 'pull_request_review' && + github.event.review.user.login == 'coderabbitai' && + github.event.review.state == 'approved' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v4 + - name: Merge PR + run: gh pr merge ${{ github.event.pull_request.number }} --merge --delete-branch + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 85e10f6f1acbe17114817c061f4b56e648e8a91f Mon Sep 17 00:00:00 2001 From: Snider Date: Tue, 17 Mar 2026 17:50:56 +0000 Subject: [PATCH 2/4] chore: sync dependencies for v0.1.5 Co-Authored-By: Virgil --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6fa2499..053253f 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,6 @@ module forge.lthn.ai/core/go-cache go 1.26.0 require ( - forge.lthn.ai/core/go-io v0.1.4 + forge.lthn.ai/core/go-io v0.1.6 forge.lthn.ai/core/go-log v0.0.4 ) diff --git a/go.sum b/go.sum index 45d4e4a..57302d0 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -forge.lthn.ai/core/go-io v0.1.4 h1:eHH8UIQg2NRM5kR9c6b7plVgrHagK/bq8FwROE0Np6I= -forge.lthn.ai/core/go-io v0.1.4/go.mod h1:FRtXSsi8W+U9vewCU+LBAqqbIj3wjXA4dBdSv3SAtWI= +forge.lthn.ai/core/go-io v0.1.6 h1:RByYeP829HFqR2yLg5iBM5dGHKzPFYc+udl/Y1DZIRs= +forge.lthn.ai/core/go-io v0.1.6/go.mod h1:3MSuQZuzhCi6aefECQ/LxhM8ooVLam1KgEvgeEjYZVc= forge.lthn.ai/core/go-log v0.0.4 h1:KTuCEPgFmuM8KJfnyQ8vPOU1Jg654W74h8IJvfQMfv0= forge.lthn.ai/core/go-log v0.0.4/go.mod h1:r14MXKOD3LF/sI8XUJQhRk/SZHBE7jAFVuCfgkXoZPw= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= From b449e7ec09399d084e41eabe8227774f25b84d23 Mon Sep 17 00:00:00 2001 From: Snider Date: Tue, 17 Mar 2026 17:54:58 +0000 Subject: [PATCH 3/4] chore: sync dependencies for v0.1.6 Co-Authored-By: Virgil --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 053253f..0bf43f0 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,6 @@ module forge.lthn.ai/core/go-cache go 1.26.0 require ( - forge.lthn.ai/core/go-io v0.1.6 + forge.lthn.ai/core/go-io v0.1.7 forge.lthn.ai/core/go-log v0.0.4 ) diff --git a/go.sum b/go.sum index 57302d0..6562a5f 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -forge.lthn.ai/core/go-io v0.1.6 h1:RByYeP829HFqR2yLg5iBM5dGHKzPFYc+udl/Y1DZIRs= -forge.lthn.ai/core/go-io v0.1.6/go.mod h1:3MSuQZuzhCi6aefECQ/LxhM8ooVLam1KgEvgeEjYZVc= +forge.lthn.ai/core/go-io v0.1.7 h1:Tdb6sqh+zz1lsGJaNX9RFWM6MJ/RhSAyxfulLXrJsbk= +forge.lthn.ai/core/go-io v0.1.7/go.mod h1:8lRLFk4Dnp5cR/Cyzh9WclD5566TbpdRgwcH7UZLWn4= forge.lthn.ai/core/go-log v0.0.4 h1:KTuCEPgFmuM8KJfnyQ8vPOU1Jg654W74h8IJvfQMfv0= forge.lthn.ai/core/go-log v0.0.4/go.mod h1:r14MXKOD3LF/sI8XUJQhRk/SZHBE7jAFVuCfgkXoZPw= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= From b36729e59261a80dce98baedeac5e94a17ce68b5 Mon Sep 17 00:00:00 2001 From: Snider Date: Sun, 22 Mar 2026 01:24:52 +0000 Subject: [PATCH 4/4] chore(cache): migrate to dappco.re vanity import path Update module path from forge.lthn.ai/core/go-cache to dappco.re/go/core/cache. Update dependencies to dappco.re/go/core/io v0.2.0 and dappco.re/go/core/log v0.1.0. Fix path traversal prefix collision in Cache.Path() and update package doc comment. Co-Authored-By: Virgil --- .gitignore | 4 +++- CLAUDE.md | 6 +++--- cache.go | 8 ++++---- cache_test.go | 4 ++-- go.mod | 8 +++++--- go.sum | 6 ++++-- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 815e1fa..cdc6f76 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ -.core/ .idea/ +.vscode/ +*.log +.core/ diff --git a/CLAUDE.md b/CLAUDE.md index 0695937..f7441a4 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co ## Project Overview -`go-cache` is a storage-agnostic, JSON-based caching library for Go. Module path: `forge.lthn.ai/core/go-cache`. The entire package is two files: `cache.go` and `cache_test.go`. +`go-cache` is a storage-agnostic, JSON-based caching library for Go. Module path: `dappco.re/go/core/cache`. The entire package is two files: `cache.go` and `cache_test.go`. ## Commands @@ -31,7 +31,7 @@ core go cov --open ## Key Architecture Details -- All I/O is delegated to the `io.Medium` interface from `forge.lthn.ai/core/go-io` — the cache never reads/writes files directly. This makes it backend-swappable (local FS, SQLite, S3, in-memory mock). +- All I/O is delegated to the `io.Medium` interface from `dappco.re/go/core/io` — the cache never reads/writes files directly. This makes it backend-swappable (local FS, SQLite, S3, in-memory mock). - `Cache.Path()` enforces path-traversal protection on every public method — keys like `../../etc/passwd` are rejected before any I/O occurs. - Expired entries are not eagerly deleted; they remain on disk until overwritten or explicitly removed. - The struct has no mutex. Concurrent reads are safe, but concurrent writes to the same key need external synchronization. @@ -49,5 +49,5 @@ Conventional commits: `feat(cache):`, `fix(cache):`, `refactor:`, etc. The relea ## Environment - Go 1.26+ -- Private modules: `GOPRIVATE=forge.lthn.ai/*` +- Private modules: `GOPRIVATE=dappco.re/*,forge.lthn.ai/*` - Licence: EUPL-1.2 diff --git a/cache.go b/cache.go index 5a547f3..f532b47 100644 --- a/cache.go +++ b/cache.go @@ -1,4 +1,4 @@ -// Package cache provides a file-based cache for GitHub API responses. +// Package cache provides a storage-agnostic, JSON-based cache backed by any io.Medium. package cache import ( @@ -9,8 +9,8 @@ import ( "strings" "time" - coreio "forge.lthn.ai/core/go-io" - coreerr "forge.lthn.ai/core/go-log" + coreio "dappco.re/go/core/io" + coreerr "dappco.re/go/core/log" ) // DefaultTTL is the default cache expiry time. @@ -78,7 +78,7 @@ func (c *Cache) Path(key string) (string, error) { return "", coreerr.E("cache.Path", "failed to get absolute path for key", err) } - if !strings.HasPrefix(absPath, absBase) { + if !strings.HasPrefix(absPath, absBase+string(filepath.Separator)) && absPath != absBase { return "", coreerr.E("cache.Path", "invalid cache key: path traversal attempt", nil) } diff --git a/cache_test.go b/cache_test.go index c630f2c..c33996e 100644 --- a/cache_test.go +++ b/cache_test.go @@ -4,8 +4,8 @@ import ( "testing" "time" - "forge.lthn.ai/core/go-cache" - coreio "forge.lthn.ai/core/go-io" + "dappco.re/go/core/cache" + coreio "dappco.re/go/core/io" ) func TestCache(t *testing.T) { diff --git a/go.mod b/go.mod index 0bf43f0..c7424fc 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,10 @@ -module forge.lthn.ai/core/go-cache +module dappco.re/go/core/cache go 1.26.0 require ( - forge.lthn.ai/core/go-io v0.1.7 - forge.lthn.ai/core/go-log v0.0.4 + dappco.re/go/core/io v0.2.0 + dappco.re/go/core/log v0.1.0 ) + +require forge.lthn.ai/core/go-log v0.0.4 // indirect diff --git a/go.sum b/go.sum index 6562a5f..76d01ec 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ -forge.lthn.ai/core/go-io v0.1.7 h1:Tdb6sqh+zz1lsGJaNX9RFWM6MJ/RhSAyxfulLXrJsbk= -forge.lthn.ai/core/go-io v0.1.7/go.mod h1:8lRLFk4Dnp5cR/Cyzh9WclD5566TbpdRgwcH7UZLWn4= +dappco.re/go/core/io v0.2.0 h1:zuudgIiTsQQ5ipVt97saWdGLROovbEB/zdVyy9/l+I4= +dappco.re/go/core/io v0.2.0/go.mod h1:1QnQV6X9LNgFKfm8SkOtR9LLaj3bDcsOIeJOOyjbL5E= +dappco.re/go/core/log v0.1.0 h1:pa71Vq2TD2aoEUQWFKwNcaJ3GBY8HbaNGqtE688Unyc= +dappco.re/go/core/log v0.1.0/go.mod h1:Nkqb8gsXhZAO8VLpx7B8i1iAmohhzqA20b9Zr8VUcJs= forge.lthn.ai/core/go-log v0.0.4 h1:KTuCEPgFmuM8KJfnyQ8vPOU1Jg654W74h8IJvfQMfv0= forge.lthn.ai/core/go-log v0.0.4/go.mod h1:r14MXKOD3LF/sI8XUJQhRk/SZHBE7jAFVuCfgkXoZPw= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=