Remove banned imports (fmt, strings, os, errors, path/filepath) across all
production and test files, replace with core.* primitives, coreio.ReadStream,
and coreerr.E. Upgrade dappco.re/go/core v0.5.0 → v0.7.0 for core.PathBase
and core.Is. Fix isRepoScoped to exclude pr.* capabilities (enforcement is at
the forge layer, not the policy engine). Add Good/Bad/Ugly test coverage to
all packages missing the mandatory three-category naming convention.
Co-Authored-By: Virgil <virgil@lethean.io>
Update module path from forge.lthn.ai/core/go-crypt to
dappco.re/go/core/crypt. Migrate go-log, go-io, go-i18n imports to
their new dappco.re/go/core/* paths with updated versions (core v0.5.0,
log v0.1.0, io v0.2.0, i18n v0.2.0). Un-migrated modules (cli,
go-store, go-inference) remain at forge.lthn.ai paths.
Also fixes merge conflict marker and duplicate imports in
crypt/openpgp/service.go, and updates CLAUDE.md to reflect new paths.
Co-Authored-By: Virgil <virgil@lethean.io>
- auth: prevent legacy .lthn fallback when .hash file exists but is
unreadable or has unexpected format (security fix in verifyPassword
and Login)
- chachapoly: wrap raw error returns in Decrypt with coreerr.E()
- trust: reject trailing data in LoadPolicies JSON decoder
Co-Authored-By: Virgil <virgil@lethean.io>
- CLAUDE.md: update error convention from core.E() to coreerr.E() to
match actual codebase usage
- Standardise go-log import alias from `core` to `coreerr` across 6
files (crypt/symmetric.go, crypt/kdf.go, crypt/crypt.go, crypt/hash.go,
crypt/checksum.go, crypt/openpgp/service.go) for consistency with the
11 files already using `coreerr`
- Fix shortenPackageName to handle all forge.lthn.ai/core/* module
prefixes instead of only cli/ and gui/, fixing TestShortenPackageName
Co-Authored-By: Virgil <virgil@lethean.io>
Go 1.26 rsa.GenerateKey recovers from reader errors internally.
Test now verifies no panic instead of expecting an error.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace all fmt.Errorf/errors.New calls in auth/auth.go,
crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go,
and trust/trust.go with coreerr.E(op, msg, err) from go-log.
No stale pkg/framework imports found.
Co-Authored-By: Virgil <virgil@lethean.io>
Resolve stale forge.lthn.ai/core/cli v0.1.0 references (tag never existed,
earliest is v0.0.1) and regenerate go.sum via workspace-aware go mod tidy.
Co-Authored-By: Virgil <virgil@lethean.io>
Add go-devops build system configuration for standardised
build, test, and release workflows across the Go ecosystem.
Co-Authored-By: Virgil <virgil@lethean.io>
Add iter.Seq iterators for trust registry (ListSeq), audit log
(EventsSeq, QuerySeq), and approval store (PendingSeq). Use
slices.DeleteFunc in session store, slices.SortFunc in testcmd,
range-over-int in benchmarks.
Co-Authored-By: Gemini <noreply@google.com>
Co-Authored-By: Virgil <virgil@lethean.io>
Uses reusable workflows from core/go-devops for Go testing
(with race detector and coverage) and security scanning
(govulncheck, gitleaks, trivy).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update imports from forge.lthn.ai/core/go/pkg/cli to
forge.lthn.ai/core/cli/pkg/cli following CLI package split.
Co-Authored-By: Virgil <virgil@lethean.io>
Go 1.26 rejects non-semver version strings (like 'main') in go.mod.
Tags v0.0.1 now exist on all forge repos — workspace still overrides
for local development.
Co-Authored-By: Virgil <virgil@lethean.io>
Forge module versions now use main branch resolution via ~/Code/go.work
workspace. Removes local replace directives — the central go.work handles
all cross-repo resolution during development.
Co-Authored-By: Virgil <virgil@lethean.io>
Replace internal task tracking (TODO.md, FINDINGS.md) with structured
documentation in docs/. Trim CLAUDE.md to agent instructions only.
Co-Authored-By: Virgil <virgil@lethean.io>
