go-scm/manifest/loader.go

// SPDX-License-Identifier: EUPL-1.2

package manifest

import (
	"crypto/ed25519"
	filepath "dappco.re/go/core/scm/internal/ax/filepathx"

	"dappco.re/go/core/io"
	coreerr "dappco.re/go/core/log"
	"gopkg.in/yaml.v3"
)

const manifestPath = ".core/manifest.yaml"

// MarshalYAML serializes a manifest to YAML bytes.
func MarshalYAML(m *Manifest) ([]byte, error) {
	return yaml.Marshal(m)
}

// Load reads and parses a .core/manifest.yaml from the given root directory.
func Load(medium io.Medium, root string) (*Manifest, error) {
	path := filepath.Join(root, manifestPath)
	data, err := medium.Read(path)
	if err != nil {
		return nil, coreerr.E("manifest.Load", "read failed", err)
	}
	return Parse([]byte(data))
}

// LoadVerified reads, parses, and verifies the ed25519 signature.
func LoadVerified(medium io.Medium, root string, pub ed25519.PublicKey) (*Manifest, error) {
	m, err := Load(medium, root)
	if err != nil {
		return nil, err
	}
	ok, err := Verify(m, pub)
	if err != nil {
		return nil, coreerr.E("manifest.LoadVerified", "verification error", err)
	}
	if !ok {
		return nil, coreerr.E("manifest.LoadVerified", "signature verification failed for "+m.Code, nil)
	}
	return m, nil
}
chore(ax): normalize SPDX header identifier 2026-03-30 00:54:20 +00:00			`// SPDX-License-Identifier: EUPL-1.2`
refactor(ax): align code with AX principles 2026-03-29 23:59:48 +00:00
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00			`package manifest`

			`import (`
			`"crypto/ed25519"`
refactor(ax): align code with AX principles 2026-03-29 23:59:48 +00:00			`filepath "dappco.re/go/core/scm/internal/ax/filepathx"`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00
chore: migrate to dappco.re vanity import path Change module path from forge.lthn.ai/core/go-scm to dappco.re/go/core/scm. Update all Go source imports for migrated packages: - go-log -> dappco.re/go/core/log - go-io -> dappco.re/go/core/io - go-i18n -> dappco.re/go/core/i18n - go-ws -> dappco.re/go/core/ws - api -> dappco.re/go/core/api Non-migrated packages (cli, config) left on forge.lthn.ai paths. Replace directives use local paths (../go, ../go-io, etc.) until the dappco.re vanity URL server resolves these modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-21 23:54:23 +00:00			`"dappco.re/go/core/io"`
refactor(ax): align code with AX principles 2026-03-29 23:59:48 +00:00			`coreerr "dappco.re/go/core/log"`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00			`"gopkg.in/yaml.v3"`
			`)`

feat: add DaemonSpec to manifest, rename path to .core/manifest.yaml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-09 14:42:32 +00:00			`const manifestPath = ".core/manifest.yaml"`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00
			`// MarshalYAML serializes a manifest to YAML bytes.`
			`func MarshalYAML(m *Manifest) ([]byte, error) {`
			`return yaml.Marshal(m)`
			`}`

feat: add DaemonSpec to manifest, rename path to .core/manifest.yaml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-09 14:42:32 +00:00			`// Load reads and parses a .core/manifest.yaml from the given root directory.`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00			`func Load(medium io.Medium, root string) (*Manifest, error) {`
			`path := filepath.Join(root, manifestPath)`
			`data, err := medium.Read(path)`
			`if err != nil {`
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 20:37:25 +00:00			`return nil, coreerr.E("manifest.Load", "read failed", err)`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00			`}`
			`return Parse([]byte(data))`
			`}`

			`// LoadVerified reads, parses, and verifies the ed25519 signature.`
			`func LoadVerified(medium io.Medium, root string, pub ed25519.PublicKey) (*Manifest, error) {`
			`m, err := Load(medium, root)`
			`if err != nil {`
			`return nil, err`
			`}`
			`ok, err := Verify(m, pub)`
			`if err != nil {`
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 20:37:25 +00:00			`return nil, coreerr.E("manifest.LoadVerified", "verification error", err)`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00			`}`
			`if !ok {`
refactor: replace fmt.Errorf/errors.New with coreerr.E() Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-16 20:37:25 +00:00			`return nil, coreerr.E("manifest.LoadVerified", "signature verification failed for "+m.Code, nil)`
feat: add manifest, marketplace, plugin, repos subpackages Extracted from core/go pkg/{manifest,marketplace,plugin,repos}. Also swapped agentci/forge/gitea config imports to go-config. These packages handle package manifests, marketplace installation, plugin lifecycle, and multi-repo registry management. Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-06 13:20:12 +00:00			`}`
			`return m, nil`
			`}`