feat: migrate crypt and test commands from CLI

Co-Authored-By: Virgil <virgil@lethean.io>
2026-02-21 19:38:16 +00:00 · 2026-02-21 19:38:16 +00:00 · fde12e1539
commit fde12e1539
parent 9585da8e66
12 changed files with 880 additions and 0 deletions
--- a/cmd/crypt/cmd.go
+++ b/cmd/crypt/cmd.go
@ -0,0 +1,22 @@
+package crypt
+
+import "forge.lthn.ai/core/go/pkg/cli"
+
+func init() {
+	cli.RegisterCommands(AddCryptCommands)
+}
+
+// AddCryptCommands registers the 'crypt' command group and all subcommands.
+func AddCryptCommands(root *cli.Command) {
+	cryptCmd := &cli.Command{
+		Use:   "crypt",
+		Short: "Cryptographic utilities",
+		Long:  "Encrypt, decrypt, hash, and checksum files and data.",
+	}
+	root.AddCommand(cryptCmd)
+
+	addHashCommand(cryptCmd)
+	addEncryptCommand(cryptCmd)
+	addKeygenCommand(cryptCmd)
+	addChecksumCommand(cryptCmd)
+}
--- a/cmd/crypt/cmd_checksum.go
+++ b/cmd/crypt/cmd_checksum.go
@ -0,0 +1,61 @@
+package crypt
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"forge.lthn.ai/core/go/pkg/cli"
+	"forge.lthn.ai/core/go-crypt/crypt"
+)
+
+// Checksum command flags
+var (
+	checksumSHA512 bool
+	checksumVerify string
+)
+
+func addChecksumCommand(parent *cli.Command) {
+	checksumCmd := cli.NewCommand("checksum", "Compute file checksum", "", func(cmd *cli.Command, args []string) error {
+		return runChecksum(args[0])
+	})
+	checksumCmd.Args = cli.ExactArgs(1)
+
+	cli.BoolFlag(checksumCmd, &checksumSHA512, "sha512", "", false, "Use SHA-512 instead of SHA-256")
+	cli.StringFlag(checksumCmd, &checksumVerify, "verify", "", "", "Verify file against this hash")
+
+	parent.AddCommand(checksumCmd)
+}
+
+func runChecksum(path string) error {
+	var hash string
+	var err error
+
+	if checksumSHA512 {
+		hash, err = crypt.SHA512File(path)
+	} else {
+		hash, err = crypt.SHA256File(path)
+	}
+
+	if err != nil {
+		return cli.Wrap(err, "failed to compute checksum")
+	}
+
+	if checksumVerify != "" {
+		if hash == checksumVerify {
+			cli.Success(fmt.Sprintf("Checksum matches: %s", filepath.Base(path)))
+			return nil
+		}
+		cli.Error(fmt.Sprintf("Checksum mismatch: %s", filepath.Base(path)))
+		cli.Dim(fmt.Sprintf("  expected: %s", checksumVerify))
+		cli.Dim(fmt.Sprintf("  got:      %s", hash))
+		return cli.Err("checksum verification failed")
+	}
+
+	algo := "SHA-256"
+	if checksumSHA512 {
+		algo = "SHA-512"
+	}
+
+	fmt.Printf("%s  %s  (%s)\n", hash, path, algo)
+	return nil
+}
--- a/cmd/crypt/cmd_encrypt.go
+++ b/cmd/crypt/cmd_encrypt.go
@ -0,0 +1,115 @@
+package crypt
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"forge.lthn.ai/core/go/pkg/cli"
+	"forge.lthn.ai/core/go-crypt/crypt"
+)
+
+// Encrypt command flags
+var (
+	encryptPassphrase string
+	encryptAES        bool
+)
+
+func addEncryptCommand(parent *cli.Command) {
+	encryptCmd := cli.NewCommand("encrypt", "Encrypt a file", "", func(cmd *cli.Command, args []string) error {
+		return runEncrypt(args[0])
+	})
+	encryptCmd.Args = cli.ExactArgs(1)
+
+	cli.StringFlag(encryptCmd, &encryptPassphrase, "passphrase", "p", "", "Passphrase (prompted if not given)")
+	cli.BoolFlag(encryptCmd, &encryptAES, "aes", "", false, "Use AES-256-GCM instead of ChaCha20-Poly1305")
+
+	parent.AddCommand(encryptCmd)
+
+	decryptCmd := cli.NewCommand("decrypt", "Decrypt an encrypted file", "", func(cmd *cli.Command, args []string) error {
+		return runDecrypt(args[0])
+	})
+	decryptCmd.Args = cli.ExactArgs(1)
+
+	cli.StringFlag(decryptCmd, &encryptPassphrase, "passphrase", "p", "", "Passphrase (prompted if not given)")
+	cli.BoolFlag(decryptCmd, &encryptAES, "aes", "", false, "Use AES-256-GCM instead of ChaCha20-Poly1305")
+
+	parent.AddCommand(decryptCmd)
+}
+
+func getPassphrase() (string, error) {
+	if encryptPassphrase != "" {
+		return encryptPassphrase, nil
+	}
+	return cli.Prompt("Passphrase", "")
+}
+
+func runEncrypt(path string) error {
+	passphrase, err := getPassphrase()
+	if err != nil {
+		return cli.Wrap(err, "failed to read passphrase")
+	}
+	if passphrase == "" {
+		return cli.Err("passphrase cannot be empty")
+	}
+
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return cli.Wrap(err, "failed to read file")
+	}
+
+	var encrypted []byte
+	if encryptAES {
+		encrypted, err = crypt.EncryptAES(data, []byte(passphrase))
+	} else {
+		encrypted, err = crypt.Encrypt(data, []byte(passphrase))
+	}
+	if err != nil {
+		return cli.Wrap(err, "failed to encrypt")
+	}
+
+	outPath := path + ".enc"
+	if err := os.WriteFile(outPath, encrypted, 0o600); err != nil {
+		return cli.Wrap(err, "failed to write encrypted file")
+	}
+
+	cli.Success(fmt.Sprintf("Encrypted %s -> %s", path, outPath))
+	return nil
+}
+
+func runDecrypt(path string) error {
+	passphrase, err := getPassphrase()
+	if err != nil {
+		return cli.Wrap(err, "failed to read passphrase")
+	}
+	if passphrase == "" {
+		return cli.Err("passphrase cannot be empty")
+	}
+
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return cli.Wrap(err, "failed to read file")
+	}
+
+	var decrypted []byte
+	if encryptAES {
+		decrypted, err = crypt.DecryptAES(data, []byte(passphrase))
+	} else {
+		decrypted, err = crypt.Decrypt(data, []byte(passphrase))
+	}
+	if err != nil {
+		return cli.Wrap(err, "failed to decrypt")
+	}
+
+	outPath := strings.TrimSuffix(path, ".enc")
+	if outPath == path {
+		outPath = path + ".dec"
+	}
+
+	if err := os.WriteFile(outPath, decrypted, 0o600); err != nil {
+		return cli.Wrap(err, "failed to write decrypted file")
+	}
+
+	cli.Success(fmt.Sprintf("Decrypted %s -> %s", path, outPath))
+	return nil
+}
--- a/cmd/crypt/cmd_hash.go
+++ b/cmd/crypt/cmd_hash.go
@ -0,0 +1,74 @@
+package crypt
+
+import (
+	"fmt"
+
+	"forge.lthn.ai/core/go/pkg/cli"
+	"forge.lthn.ai/core/go-crypt/crypt"
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Hash command flags
+var (
+	hashBcrypt bool
+	hashVerify string
+)
+
+func addHashCommand(parent *cli.Command) {
+	hashCmd := cli.NewCommand("hash", "Hash a password with Argon2id or bcrypt", "", func(cmd *cli.Command, args []string) error {
+		return runHash(args[0])
+	})
+	hashCmd.Args = cli.ExactArgs(1)
+
+	cli.BoolFlag(hashCmd, &hashBcrypt, "bcrypt", "b", false, "Use bcrypt instead of Argon2id")
+	cli.StringFlag(hashCmd, &hashVerify, "verify", "", "", "Verify input against this hash")
+
+	parent.AddCommand(hashCmd)
+}
+
+func runHash(input string) error {
+	// Verify mode
+	if hashVerify != "" {
+		return runHashVerify(input, hashVerify)
+	}
+
+	// Hash mode
+	if hashBcrypt {
+		hash, err := crypt.HashBcrypt(input, bcrypt.DefaultCost)
+		if err != nil {
+			return cli.Wrap(err, "failed to hash password")
+		}
+		fmt.Println(hash)
+		return nil
+	}
+
+	hash, err := crypt.HashPassword(input)
+	if err != nil {
+		return cli.Wrap(err, "failed to hash password")
+	}
+	fmt.Println(hash)
+	return nil
+}
+
+func runHashVerify(input, hash string) error {
+	var match bool
+	var err error
+
+	if hashBcrypt {
+		match, err = crypt.VerifyBcrypt(input, hash)
+	} else {
+		match, err = crypt.VerifyPassword(input, hash)
+	}
+
+	if err != nil {
+		return cli.Wrap(err, "failed to verify hash")
+	}
+
+	if match {
+		cli.Success("Password matches hash")
+		return nil
+	}
+
+	cli.Error("Password does not match hash")
+	return cli.Err("hash verification failed")
+}
--- a/cmd/crypt/cmd_keygen.go
+++ b/cmd/crypt/cmd_keygen.go
@ -0,0 +1,55 @@
+package crypt
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+
+	"forge.lthn.ai/core/go/pkg/cli"
+)
+
+// Keygen command flags
+var (
+	keygenLength int
+	keygenHex    bool
+	keygenBase64 bool
+)
+
+func addKeygenCommand(parent *cli.Command) {
+	keygenCmd := cli.NewCommand("keygen", "Generate a random cryptographic key", "", func(cmd *cli.Command, args []string) error {
+		return runKeygen()
+	})
+
+	cli.IntFlag(keygenCmd, &keygenLength, "length", "l", 32, "Key length in bytes")
+	cli.BoolFlag(keygenCmd, &keygenHex, "hex", "", false, "Output as hex string")
+	cli.BoolFlag(keygenCmd, &keygenBase64, "base64", "", false, "Output as base64 string")
+
+	parent.AddCommand(keygenCmd)
+}
+
+func runKeygen() error {
+	if keygenHex && keygenBase64 {
+		return cli.Err("--hex and --base64 are mutually exclusive")
+	}
+	if keygenLength <= 0 || keygenLength > 1024 {
+		return cli.Err("key length must be between 1 and 1024 bytes")
+	}
+
+	key := make([]byte, keygenLength)
+	if _, err := rand.Read(key); err != nil {
+		return cli.Wrap(err, "failed to generate random key")
+	}
+
+	switch {
+	case keygenHex:
+		fmt.Println(hex.EncodeToString(key))
+	case keygenBase64:
+		fmt.Println(base64.StdEncoding.EncodeToString(key))
+	default:
+		// Default to hex output
+		fmt.Println(hex.EncodeToString(key))
+	}
+
+	return nil
+}
--- a/cmd/testcmd/cmd_commands.go
+++ b/cmd/testcmd/cmd_commands.go
@ -0,0 +1,18 @@
+// Package testcmd provides Go test running commands with enhanced output.
+//
+// Note: Package named testcmd to avoid conflict with Go's test package.
+//
+// Features:
+//   - Colour-coded pass/fail/skip output
+//   - Per-package coverage breakdown with --coverage
+//   - JSON output for CI/agents with --json
+//   - Filters linker warnings on macOS
+//
+// Flags: --verbose, --coverage, --short, --pkg, --run, --race, --json
+package testcmd
+
+import "forge.lthn.ai/core/go/pkg/cli"
+
+func init() {
+	cli.RegisterCommands(AddTestCommands)
+}
--- a/cmd/testcmd/cmd_main.go
+++ b/cmd/testcmd/cmd_main.go
@ -0,0 +1,58 @@
+// Package testcmd provides test running commands.
+//
+// Note: Package named testcmd to avoid conflict with Go's test package.
+package testcmd
+
+import (
+	"forge.lthn.ai/core/go/pkg/cli"
+	"forge.lthn.ai/core/go/pkg/i18n"
+	"github.com/spf13/cobra"
+)
+
+// Style aliases from shared
+var (
+	testHeaderStyle  = cli.RepoStyle
+	testPassStyle    = cli.SuccessStyle
+	testFailStyle    = cli.ErrorStyle
+	testSkipStyle    = cli.WarningStyle
+	testDimStyle     = cli.DimStyle
+	testCovHighStyle = cli.NewStyle().Foreground(cli.ColourGreen500)
+	testCovMedStyle  = cli.NewStyle().Foreground(cli.ColourAmber500)
+	testCovLowStyle  = cli.NewStyle().Foreground(cli.ColourRed500)
+)
+
+// Flag variables for test command
+var (
+	testVerbose  bool
+	testCoverage bool
+	testShort    bool
+	testPkg      string
+	testRun      string
+	testRace     bool
+	testJSON     bool
+)
+
+var testCmd = &cobra.Command{
+	Use:   "test",
+	Short: i18n.T("cmd.test.short"),
+	Long:  i18n.T("cmd.test.long"),
+	RunE: func(cmd *cobra.Command, args []string) error {
+		return runTest(testVerbose, testCoverage, testShort, testPkg, testRun, testRace, testJSON)
+	},
+}
+
+func initTestFlags() {
+	testCmd.Flags().BoolVar(&testVerbose, "verbose", false, i18n.T("cmd.test.flag.verbose"))
+	testCmd.Flags().BoolVar(&testCoverage, "coverage", false, i18n.T("common.flag.coverage"))
+	testCmd.Flags().BoolVar(&testShort, "short", false, i18n.T("cmd.test.flag.short"))
+	testCmd.Flags().StringVar(&testPkg, "pkg", "", i18n.T("cmd.test.flag.pkg"))
+	testCmd.Flags().StringVar(&testRun, "run", "", i18n.T("cmd.test.flag.run"))
+	testCmd.Flags().BoolVar(&testRace, "race", false, i18n.T("cmd.test.flag.race"))
+	testCmd.Flags().BoolVar(&testJSON, "json", false, i18n.T("cmd.test.flag.json"))
+}
+
+// AddTestCommands registers the 'test' command and all subcommands.
+func AddTestCommands(root *cobra.Command) {
+	initTestFlags()
+	root.AddCommand(testCmd)
+}
--- a/cmd/testcmd/cmd_output.go
+++ b/cmd/testcmd/cmd_output.go
@ -0,0 +1,211 @@
+package testcmd
+
+import (
+	"bufio"
+	"fmt"
+	"path/filepath"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+
+	"forge.lthn.ai/core/go/pkg/i18n"
+)
+
+type packageCoverage struct {
+	name     string
+	coverage float64
+	hasCov   bool
+}
+
+type testResults struct {
+	packages   []packageCoverage
+	passed     int
+	failed     int
+	skipped    int
+	totalCov   float64
+	covCount   int
+	failedPkgs []string
+}
+
+func parseTestOutput(output string) testResults {
+	results := testResults{}
+
+	// Regex patterns - handle both timed and cached test results
+	// Example: ok  	forge.lthn.ai/core/go-crypt/crypt	0.015s	coverage: 91.2% of statements
+	// Example: ok  	forge.lthn.ai/core/go-crypt/crypt	(cached)	coverage: 91.2% of statements
+	okPattern := regexp.MustCompile(`^ok\s+(\S+)\s+(?:[\d.]+s|\(cached\))(?:\s+coverage:\s+([\d.]+)%)?`)
+	failPattern := regexp.MustCompile(`^FAIL\s+(\S+)`)
+	skipPattern := regexp.MustCompile(`^\?\s+(\S+)\s+\[no test files\]`)
+	coverPattern := regexp.MustCompile(`coverage:\s+([\d.]+)%`)
+
+	scanner := bufio.NewScanner(strings.NewReader(output))
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		if matches := okPattern.FindStringSubmatch(line); matches != nil {
+			pkg := packageCoverage{name: matches[1]}
+			if len(matches) > 2 && matches[2] != "" {
+				cov, _ := strconv.ParseFloat(matches[2], 64)
+				pkg.coverage = cov
+				pkg.hasCov = true
+				results.totalCov += cov
+				results.covCount++
+			}
+			results.packages = append(results.packages, pkg)
+			results.passed++
+		} else if matches := failPattern.FindStringSubmatch(line); matches != nil {
+			results.failed++
+			results.failedPkgs = append(results.failedPkgs, matches[1])
+		} else if matches := skipPattern.FindStringSubmatch(line); matches != nil {
+			results.skipped++
+		} else if matches := coverPattern.FindStringSubmatch(line); matches != nil {
+			// Catch any additional coverage lines
+			cov, _ := strconv.ParseFloat(matches[1], 64)
+			if cov > 0 {
+				// Find the last package without coverage and update it
+				for i := len(results.packages) - 1; i >= 0; i-- {
+					if !results.packages[i].hasCov {
+						results.packages[i].coverage = cov
+						results.packages[i].hasCov = true
+						results.totalCov += cov
+						results.covCount++
+						break
+					}
+				}
+			}
+		}
+	}
+
+	return results
+}
+
+func printTestSummary(results testResults, showCoverage bool) {
+	// Print pass/fail summary
+	total := results.passed + results.failed
+	if total > 0 {
+		fmt.Printf("  %s %s", testPassStyle.Render("✓"), i18n.T("i18n.count.passed", results.passed))
+		if results.failed > 0 {
+			fmt.Printf("  %s %s", testFailStyle.Render("✗"), i18n.T("i18n.count.failed", results.failed))
+		}
+		if results.skipped > 0 {
+			fmt.Printf("  %s %s", testSkipStyle.Render("○"), i18n.T("i18n.count.skipped", results.skipped))
+		}
+		fmt.Println()
+	}
+
+	// Print failed packages
+	if len(results.failedPkgs) > 0 {
+		fmt.Printf("\n  %s\n", i18n.T("cmd.test.failed_packages"))
+		for _, pkg := range results.failedPkgs {
+			fmt.Printf("    %s %s\n", testFailStyle.Render("✗"), pkg)
+		}
+	}
+
+	// Print coverage
+	if showCoverage {
+		printCoverageSummary(results)
+	} else if results.covCount > 0 {
+		avgCov := results.totalCov / float64(results.covCount)
+		fmt.Printf("\n  %s %s\n", i18n.Label("coverage"), formatCoverage(avgCov))
+	}
+}
+
+func printCoverageSummary(results testResults) {
+	if len(results.packages) == 0 {
+		return
+	}
+
+	fmt.Printf("\n  %s\n", testHeaderStyle.Render(i18n.T("cmd.test.coverage_by_package")))
+
+	// Sort packages by name
+	sort.Slice(results.packages, func(i, j int) bool {
+		return results.packages[i].name < results.packages[j].name
+	})
+
+	// Find max package name length for alignment
+	maxLen := 0
+	for _, pkg := range results.packages {
+		name := shortenPackageName(pkg.name)
+		if len(name) > maxLen {
+			maxLen = len(name)
+		}
+	}
+
+	// Print each package
+	for _, pkg := range results.packages {
+		if !pkg.hasCov {
+			continue
+		}
+		name := shortenPackageName(pkg.name)
+		padLen := maxLen - len(name) + 2
+		if padLen < 0 {
+			padLen = 2
+		}
+		padding := strings.Repeat(" ", padLen)
+		fmt.Printf("    %s%s%s\n", name, padding, formatCoverage(pkg.coverage))
+	}
+
+	// Print average
+	if results.covCount > 0 {
+		avgCov := results.totalCov / float64(results.covCount)
+		avgLabel := i18n.T("cmd.test.label.average")
+		padLen := maxLen - len(avgLabel) + 2
+		if padLen < 0 {
+			padLen = 2
+		}
+		padding := strings.Repeat(" ", padLen)
+		fmt.Printf("\n    %s%s%s\n", testHeaderStyle.Render(avgLabel), padding, formatCoverage(avgCov))
+	}
+}
+
+func formatCoverage(cov float64) string {
+	s := fmt.Sprintf("%.1f%%", cov)
+	if cov >= 80 {
+		return testCovHighStyle.Render(s)
+	} else if cov >= 50 {
+		return testCovMedStyle.Render(s)
+	}
+	return testCovLowStyle.Render(s)
+}
+
+func shortenPackageName(name string) string {
+	// Remove common prefixes
+	prefixes := []string{
+		"forge.lthn.ai/core/cli/",
+		"forge.lthn.ai/core/gui/",
+	}
+	for _, prefix := range prefixes {
+		if strings.HasPrefix(name, prefix) {
+			return strings.TrimPrefix(name, prefix)
+		}
+	}
+	return filepath.Base(name)
+}
+
+func printJSONResults(results testResults, exitCode int) {
+	// Simple JSON output for agents
+	fmt.Printf("{\n")
+	fmt.Printf("  \"passed\": %d,\n", results.passed)
+	fmt.Printf("  \"failed\": %d,\n", results.failed)
+	fmt.Printf("  \"skipped\": %d,\n", results.skipped)
+	if results.covCount > 0 {
+		avgCov := results.totalCov / float64(results.covCount)
+		fmt.Printf("  \"coverage\": %.1f,\n", avgCov)
+	}
+	fmt.Printf("  \"exit_code\": %d,\n", exitCode)
+	if len(results.failedPkgs) > 0 {
+		fmt.Printf("  \"failed_packages\": [\n")
+		for i, pkg := range results.failedPkgs {
+			comma := ","
+			if i == len(results.failedPkgs)-1 {
+				comma = ""
+			}
+			fmt.Printf("    %q%s\n", pkg, comma)
+		}
+		fmt.Printf("  ]\n")
+	} else {
+		fmt.Printf("  \"failed_packages\": []\n")
+	}
+	fmt.Printf("}\n")
+}
--- a/cmd/testcmd/cmd_runner.go
+++ b/cmd/testcmd/cmd_runner.go
@ -0,0 +1,145 @@
+package testcmd
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"runtime"
+	"strings"
+
+	"forge.lthn.ai/core/go/pkg/i18n"
+)
+
+func runTest(verbose, coverage, short bool, pkg, run string, race, jsonOutput bool) error {
+	// Detect if we're in a Go project
+	if _, err := os.Stat("go.mod"); os.IsNotExist(err) {
+		return errors.New(i18n.T("cmd.test.error.no_go_mod"))
+	}
+
+	// Build command arguments
+	args := []string{"test"}
+
+	// Default to ./... if no package specified
+	if pkg == "" {
+		pkg = "./..."
+	}
+
+	// Add flags
+	if verbose {
+		args = append(args, "-v")
+	}
+	if short {
+		args = append(args, "-short")
+	}
+	if run != "" {
+		args = append(args, "-run", run)
+	}
+	if race {
+		args = append(args, "-race")
+	}
+
+	// Always add coverage
+	args = append(args, "-cover")
+
+	// Add package pattern
+	args = append(args, pkg)
+
+	// Create command
+	cmd := exec.Command("go", args...)
+	cmd.Dir, _ = os.Getwd()
+
+	// Set environment to suppress macOS linker warnings
+	cmd.Env = append(os.Environ(), getMacOSDeploymentTarget())
+
+	if !jsonOutput {
+		fmt.Printf("%s %s\n", testHeaderStyle.Render(i18n.Label("test")), i18n.ProgressSubject("run", "tests"))
+		fmt.Printf("  %s %s\n", i18n.Label("package"), testDimStyle.Render(pkg))
+		if run != "" {
+			fmt.Printf("  %s  %s\n", i18n.Label("filter"), testDimStyle.Render(run))
+		}
+		fmt.Println()
+	}
+
+	// Capture output for parsing
+	var stdout, stderr strings.Builder
+
+	if verbose && !jsonOutput {
+		// Stream output in verbose mode, but also capture for parsing
+		cmd.Stdout = io.MultiWriter(os.Stdout, &stdout)
+		cmd.Stderr = io.MultiWriter(os.Stderr, &stderr)
+	} else {
+		// Capture output for parsing
+		cmd.Stdout = &stdout
+		cmd.Stderr = &stderr
+	}
+
+	err := cmd.Run()
+	exitCode := 0
+	if err != nil {
+		if exitErr, ok := err.(*exec.ExitError); ok {
+			exitCode = exitErr.ExitCode()
+		}
+	}
+
+	// Combine stdout and stderr for parsing, filtering linker warnings
+	combined := filterLinkerWarnings(stdout.String() + "\n" + stderr.String())
+
+	// Parse results
+	results := parseTestOutput(combined)
+
+	if jsonOutput {
+		// JSON output for CI/agents
+		printJSONResults(results, exitCode)
+		if exitCode != 0 {
+			return errors.New(i18n.T("i18n.fail.run", "tests"))
+		}
+		return nil
+	}
+
+	// Print summary
+	if !verbose {
+		printTestSummary(results, coverage)
+	} else if coverage {
+		// In verbose mode, still show coverage summary at end
+		fmt.Println()
+		printCoverageSummary(results)
+	}
+
+	if exitCode != 0 {
+		fmt.Printf("\n%s %s\n", testFailStyle.Render(i18n.T("cli.fail")), i18n.T("cmd.test.tests_failed"))
+		return errors.New(i18n.T("i18n.fail.run", "tests"))
+	}
+
+	fmt.Printf("\n%s %s\n", testPassStyle.Render(i18n.T("cli.pass")), i18n.T("common.result.all_passed"))
+	return nil
+}
+
+func getMacOSDeploymentTarget() string {
+	if runtime.GOOS == "darwin" {
+		// Use deployment target matching current macOS to suppress linker warnings
+		return "MACOSX_DEPLOYMENT_TARGET=26.0"
+	}
+	return ""
+}
+
+func filterLinkerWarnings(output string) string {
+	// Filter out ld: warning lines that pollute the output
+	var filtered []string
+	scanner := bufio.NewScanner(strings.NewReader(output))
+	for scanner.Scan() {
+		line := scanner.Text()
+		// Skip linker warnings
+		if strings.HasPrefix(line, "ld: warning:") {
+			continue
+		}
+		// Skip test binary build comments
+		if strings.HasPrefix(line, "# ") && strings.HasSuffix(line, ".test") {
+			continue
+		}
+		filtered = append(filtered, line)
+	}
+	return strings.Join(filtered, "\n")
+}
--- a/cmd/testcmd/output_test.go
+++ b/cmd/testcmd/output_test.go
@ -0,0 +1,52 @@
+package testcmd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestShortenPackageName(t *testing.T) {
+	assert.Equal(t, "pkg/foo", shortenPackageName("forge.lthn.ai/core/go/pkg/foo"))
+	assert.Equal(t, "cli-php", shortenPackageName("forge.lthn.ai/core/cli-php"))
+	assert.Equal(t, "bar", shortenPackageName("github.com/other/bar"))
+}
+
+func TestFormatCoverageTest(t *testing.T) {
+	assert.Contains(t, formatCoverage(85.0), "85.0%")
+	assert.Contains(t, formatCoverage(65.0), "65.0%")
+	assert.Contains(t, formatCoverage(25.0), "25.0%")
+}
+
+func TestParseTestOutput(t *testing.T) {
+	output := `ok  	forge.lthn.ai/core/go/pkg/foo	0.100s	coverage: 50.0% of statements
+FAIL	forge.lthn.ai/core/go/pkg/bar
+?   	forge.lthn.ai/core/go/pkg/baz	[no test files]
+`
+	results := parseTestOutput(output)
+	assert.Equal(t, 1, results.passed)
+	assert.Equal(t, 1, results.failed)
+	assert.Equal(t, 1, results.skipped)
+	assert.Equal(t, 1, len(results.failedPkgs))
+	assert.Equal(t, "forge.lthn.ai/core/go/pkg/bar", results.failedPkgs[0])
+	assert.Equal(t, 1, len(results.packages))
+	assert.Equal(t, 50.0, results.packages[0].coverage)
+}
+
+func TestPrintCoverageSummarySafe(t *testing.T) {
+	// This tests the bug fix for long package names causing negative Repeat count
+	results := testResults{
+		packages: []packageCoverage{
+			{name: "forge.lthn.ai/core/go/pkg/short", coverage: 100, hasCov: true},
+			{name: "forge.lthn.ai/core/go/pkg/a-very-very-very-very-very-long-package-name-that-might-cause-issues", coverage: 80, hasCov: true},
+		},
+		passed:   2,
+		totalCov: 180,
+		covCount: 2,
+	}
+
+	// Should not panic
+	assert.NotPanics(t, func() {
+		printCoverageSummary(results)
+	})
+}
--- a/go.mod
+++ b/go.mod
@ -6,22 +6,43 @@ require (
 	forge.lthn.ai/core/go v0.0.0-20260221181337-58ca902320b6
 	forge.lthn.ai/core/go-store v0.1.1-0.20260220151120-0284110ccadf
 	github.com/ProtonMail/go-crypto v1.3.0
+	github.com/spf13/cobra v1.10.2
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/crypto v0.48.0
 )

 require (
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/charmbracelet/bubbletea v1.3.10 // indirect
+	github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc // indirect
+	github.com/charmbracelet/lipgloss v1.1.0 // indirect
+	github.com/charmbracelet/x/ansi v0.10.1 // indirect
+	github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd // indirect
+	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-localereader v0.0.1 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
+	github.com/muesli/cancelreader v0.2.2 // indirect
+	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/ncruces/go-strftime v1.0.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/spf13/pflag v1.0.10 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a // indirect
 	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/term v0.40.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.67.7 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
--- a/go.sum
+++ b/go.sum
@ -4,25 +4,56 @@ forge.lthn.ai/core/go-store v0.1.1-0.20260220151120-0284110ccadf h1:EDKI+OM0M+l4
 forge.lthn.ai/core/go-store v0.1.1-0.20260220151120-0284110ccadf/go.mod h1:FpUlLEX/ebyoxpk96F7ktr0vYvmFtC5Rpi9fi88UVqw=
 github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
 github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
+github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
+github.com/charmbracelet/bubbletea v1.3.10 h1:otUDHWMMzQSB0Pkc87rm691KZ3SWa4KUlvF9nRvCICw=
+github.com/charmbracelet/bubbletea v1.3.10/go.mod h1:ORQfo0fk8U+po9VaNvnV95UPWA1BitP1E0N6xJPlHr4=
+github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc h1:4pZI35227imm7yK2bGPcfpFEmuY1gc2YSTShr4iJBfs=
+github.com/charmbracelet/colorprofile v0.2.3-0.20250311203215-f60798e515dc/go.mod h1:X4/0JoqgTIPSFcRA/P6INZzIuyqdFY5rm8tb41s9okk=
+github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoFqR/noCY=
+github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
+github.com/charmbracelet/x/ansi v0.10.1 h1:rL3Koar5XvX0pHGfovN03f5cxLbCF2YvLeyz7D2jVDQ=
+github.com/charmbracelet/x/ansi v0.10.1/go.mod h1:3RQDQ6lDnROptfpWuUVIUG64bD2g2BgntdxH0Ya5TeE=
+github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd h1:vy0GVL4jeHEwG5YOXDmi86oYw2yuYUGqz6a8sLwg0X8=
+github.com/charmbracelet/x/cellbuf v0.0.13-0.20250311204145-2c3ea96c31dd/go.mod h1:xe0nKWGd3eJgtqZRaN9RjMtK7xUYchjzPr7q6kcvCCs=
+github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
+github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
 github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
 github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4=
+github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e h1:ijClszYn+mADRFY17kjQEVQ1XRhq2/JR1M3sGqeJoxs=
 github.com/google/pprof v0.0.0-20250317173921-a4b03ec1a45e/go.mod h1:boTsfXsheKC2y+lKOCMpSfarhxDeIzfZG1jqGcPl3cA=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
 github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
+github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4=
+github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI=
+github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
+github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
+github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
+github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
+github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
 github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
 github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@ -30,11 +61,23 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
+github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
+github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
+github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
 golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/exp v0.0.0-20260212183809-81e46e3db34a h1:ovFr6Z0MNmU7nH8VaX5xqw+05ST2uO1exVfZPVqRC5o=
@ -43,9 +86,14 @@ golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
 golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
 golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
 golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
+golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
 golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=