11 commits

Author	SHA1	Message	Date
Virgil	ae0677a046	fix(security): harden installer, marketplace, and sync path handling ... Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-23 14:32:11 +00:00
Claude	2dcb86738a	chore: migrate to dappco.re vanity import path ... Change module path from forge.lthn.ai/core/go-scm to dappco.re/go/core/scm. Update all Go source imports for migrated packages: - go-log -> dappco.re/go/core/log - go-io -> dappco.re/go/core/io - go-i18n -> dappco.re/go/core/i18n - go-ws -> dappco.re/go/core/ws - api -> dappco.re/go/core/api Non-migrated packages (cli, config) left on forge.lthn.ai paths. Replace directives use local paths (../go, ../go-io, etc.) until the dappco.re vanity URL server resolves these modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-21 23:54:23 +00:00
Snider	10c9e23e04	fix(dx): repair build, update CLAUDE.md, add tests for untested paths ... - Fix cmd/forge build failure: remove extra locales.FS arg from RegisterCommands (signature takes single CommandRegistration) - Update CLAUDE.md error handling section to document coreerr.E() pattern (was outdated log.E/fmt.Errorf reference) - Add security_test.go for agentci: SanitizePath, EscapeShellArg, SecureSSHCommand, MaskToken (coverage 56% → 68%) - Add provider_handlers_test.go for pkg/api: category filter, nil guards, manifest/verify/sign bad requests (coverage 31% → 52%) - Audit confirms: no fmt.Errorf or os.ReadFile/WriteFile in production code (only in test files) Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 08:49:55 +00:00
Snider	9de597a8b0	refactor: pass locales via RegisterCommands, remove direct i18n import ... Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 01:38:51 +00:00
Snider	8367a5323c	feat: embed and load locale translations on init ... Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-17 00:45:34 +00:00
Snider	e9fc6902b1	refactor: replace fmt.Errorf/errors.New with coreerr.E() ... Replace all remaining fmt.Errorf and errors.New calls in production code with coreerr.E("caller.Method", "message", err) from go-log. This standardises error handling across 23 files using the structured error convention already established in the plugin package. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-16 20:37:25 +00:00
Snider	631ddd4887	feat(manifest): add compile step and marketplace index builder ... Add manifest compilation (.core/manifest.yaml → core.json) with build metadata (commit, tag, timestamp, signature) and marketplace index generation by crawling directories for compiled or source manifests. New files: - manifest/compile.go: CompiledManifest, Compile(), ParseCompiled(), WriteCompiled(), LoadCompiled(), MarshalJSON() - marketplace/builder.go: Builder.BuildFromDirs(), BuildFromManifests(), WriteIndex() - cmd/scm/: CLI commands — compile, index, export Tests: 26 new (12 manifest, 14 marketplace), all passing. Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-15 14:12:52 +00:00
Snider	89cedeac62	refactor: swap pkg/{io,log,i18n} imports to go-io/go-log/go-i18n ... Co-Authored-By: Virgil <virgil@lethean.io>	2026-03-06 12:35:42 +00:00
Claude	7ef7c3b107	chore: use %w for error wrapping ... Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-24 16:24:05 +00:00
Snider	d025f9c49b	refactor: migrate CLI imports from core/go to core/cli ... Update imports from forge.lthn.ai/core/go/pkg/cli to forge.lthn.ai/core/cli/pkg/cli following CLI package split. Co-Authored-By: Virgil <virgil@lethean.io>	2026-02-22 23:29:41 +00:00
Snider	7eb28df79d	feat: migrate collect, forge, gitea commands from CLI ... Co-Authored-By: Virgil <virgil@lethean.io>	2026-02-21 19:38:36 +00:00