core/go-crypt
8
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions 2

[agent/claude:opus] Fix CodeRabbit findings. Verify each against current code, f... #4

Closed
Virgil wants to merge 0 commits from agent/fix-coderabbit-findings--verify-each-aga into dev
pull from: agent/fix-coderabbit-findings--verify-each-aga
merge into: core:dev
Conversation 1 Commits - Files changed - +43 -24
Virgil commented 2026-03-17 13:32:49 +00:00
Member
Copy link

Task

Fix CodeRabbit findings. Verify each against current code, fix if valid, run tests. Commit: fix(coderabbit): address review findings

  1. auth/auth.go:647-664 — verifyPassword falls back to legacy .lthn verification when .hash file exists but can't be read or isn't argon2id format. This is a security issue — if .hash exists, don't fall back to legacy.
  2. crypt/chachapoly/chachapoly.go:37 — Wrap raw error returns in Decrypt with coreerr.E() for consistency.
  3. trust/config.go:38-43 — JSON decoder decodes one value but ignores potential trailing data or additional values.

Agent: claude:opus
Commits: 1
Branch: agent/fix-coderabbit-findings--verify-each-aga

Auto-created by core-agent dispatch system.
Co-Authored-By: Virgil virgil@lethean.io

## Task Fix CodeRabbit findings. Verify each against current code, fix if valid, run tests. Commit: fix(coderabbit): address review findings 1. auth/auth.go:647-664 — verifyPassword falls back to legacy .lthn verification when .hash file exists but can't be read or isn't argon2id format. This is a security issue — if .hash exists, don't fall back to legacy. 2. crypt/chachapoly/chachapoly.go:37 — Wrap raw error returns in Decrypt with coreerr.E() for consistency. 3. trust/config.go:38-43 — JSON decoder decodes one value but ignores potential trailing data or additional values. **Agent:** claude:opus **Commits:** 1 **Branch:** `agent/fix-coderabbit-findings--verify-each-aga` --- Auto-created by core-agent dispatch system. Co-Authored-By: Virgil <virgil@lethean.io>
Virgil added 1 commit 2026-03-17 13:32:50 +00:00
fix(coderabbit): address review findings
Some checks failed
Security Scan / security (pull_request) Failing after 8s
Details
Test / test (pull_request) Failing after 4m46s
Details
36bf16b06e 
- auth: prevent legacy .lthn fallback when .hash file exists but is
  unreadable or has unexpected format (security fix in verifyPassword
  and Login)
- chachapoly: wrap raw error returns in Decrypt with coreerr.E()
- trust: reject trailing data in LoadPolicies JSON decoder

Co-Authored-By: Virgil <virgil@lethean.io>
Virgil commented 2026-03-17 13:33:28 +00:00
Author
Member
Copy link

Verification Failed

Command: go test ./...

ok  	forge.lthn.ai/core/go-crypt/auth	37.723s
?   	forge.lthn.ai/core/go-crypt/cmd/crypt	[no test files]
--- FAIL: TestShortenPackageName (0.00s)
    output_test.go:10: 
        	Error Trace:	/Users/snider/Code/host-uk/core/.core/workspace/go-crypt-1773753716/src/cmd/testcmd/output_test.go:10
        	Error:      	Not equal: 
        	            	expected: "pkg/foo"
        	            	actual  : "foo"
        	            	
        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -1 +1 @@
        	            	-pkg/foo
        	            	+foo
        	Test:       	TestShortenPackageName

  cmd.test.coverage_by_package
    a-very-very-very-very-very-long-package-name-that-might-cause-issues  80.0%
    short                                                                 100.0%

    cmd.test.label.average                                                90.0%
FAIL
FAIL	forge.lthn.ai/core/go-crypt/cmd/testcmd	0.406s
ok  	forge.lthn.ai/core/go-crypt/crypt	2.424s
ok  	forge.lthn.ai/core/go-crypt/crypt/chachapoly	0.654s
ok  	forge.lthn.ai/core/go-crypt/crypt/lthn	1.511s
ok  	forge.lthn.ai/core/go-crypt/crypt/openpgp	3.956s
ok  	forge.lthn.ai/core/go-crypt/crypt/pgp	3.744s
ok  	forge.lthn.ai/core/go-crypt/crypt/rsa	2.478s
ok  	forge.lthn.ai/core/go-crypt/trust	2.565s
FAIL

Exit code: 1

PR will not be auto-merged.

## Verification Failed **Command:** `go test ./...` ``` ok forge.lthn.ai/core/go-crypt/auth 37.723s ? forge.lthn.ai/core/go-crypt/cmd/crypt [no test files] --- FAIL: TestShortenPackageName (0.00s) output_test.go:10: Error Trace: /Users/snider/Code/host-uk/core/.core/workspace/go-crypt-1773753716/src/cmd/testcmd/output_test.go:10 Error: Not equal: expected: "pkg/foo" actual : "foo" Diff: --- Expected +++ Actual @@ -1 +1 @@ -pkg/foo +foo Test: TestShortenPackageName cmd.test.coverage_by_package a-very-very-very-very-very-long-package-name-that-might-cause-issues 80.0% short 100.0% cmd.test.label.average 90.0% FAIL FAIL forge.lthn.ai/core/go-crypt/cmd/testcmd 0.406s ok forge.lthn.ai/core/go-crypt/crypt 2.424s ok forge.lthn.ai/core/go-crypt/crypt/chachapoly 0.654s ok forge.lthn.ai/core/go-crypt/crypt/lthn 1.511s ok forge.lthn.ai/core/go-crypt/crypt/openpgp 3.956s ok forge.lthn.ai/core/go-crypt/crypt/pgp 3.744s ok forge.lthn.ai/core/go-crypt/crypt/rsa 2.478s ok forge.lthn.ai/core/go-crypt/trust 2.565s FAIL ``` **Exit code:** 1 PR will not be auto-merged.
Virgil changed target branch from main to dev 2026-03-24 11:12:16 +00:00
Virgil closed this pull request 2026-03-24 11:19:05 +00:00
Some checks failed
Security Scan / security (pull_request) Failing after 8s
Details
Test / test (pull_request) Failing after 4m46s
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
needs-review

   
needs-review
  
athena

Assign to Athena AI agent (M3 Ultra)

  
athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  
audit

Code audit task

  
clotho

Assign to Clotho AI agent for processing

  
clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  
codex

Dispatch to Codex CLI on gateway for analysis

  
darbs-claude

Dispatch to Claude on darbs (AU)

  
security

Security review task

  
wiki

Documentation/wiki update

No labels
needs-review
needs-review
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: core/go-crypt#4
No description provided.
Delete branch "agent/fix-coderabbit-findings--verify-each-aga"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?