* feat(io): Migrate pkg/mcp to use Medium abstraction
- Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing.
- Updated `mcp.Service` to use `io.Medium` for all file operations.
- Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`.
- Simplified `fileExists` handler to use `IsFile` and `IsDir` methods.
- Removed redundant Issue 103 comments.
- Updated tests to verify symlink blocking.
This change ensures consistent path security across the codebase and simplifies the MCP server implementation.
* feat(io): Migrate pkg/mcp to use Medium abstraction and enhance security
- Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing.
- Updated `mcp.Service` to use `io.Medium` interface for all file operations.
- Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`.
- Simplified `fileExists` handler to use `IsFile` and `IsDir` methods.
- Removed redundant Issue 103 comments.
- Updated tests to verify symlink blocking and type compatibility.
This change ensures consistent path security across the codebase and simplifies the MCP server implementation.
* feat(io): Migrate pkg/mcp to use Medium abstraction and enhance security
- Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing.
- Updated `mcp.Service` to use `io.Medium` interface for all file operations.
- Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`.
- Simplified `fileExists` handler to use `IsFile` and `IsDir` methods.
- Removed redundant Issue 103 comments.
- Updated tests to verify symlink blocking and type compatibility.
Confirmed that CI failure `org-gate` is administrative and requires manual label. Local tests pass.
* feat(io): Migrate pkg/mcp to use Medium abstraction and enhance security
- Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing.
- Updated `mcp.Service` to use `io.Medium` interface for all file operations.
- Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`.
- Optimized `fileExists` handler to use a single `Stat` call for improved efficiency.
- Cleaned up outdated comments and removed legacy validation logic.
- Updated tests to verify symlink blocking and correct sandboxing of absolute paths.
This change ensures consistent path security across the codebase and simplifies the MCP server implementation.
* chore(io): Migrate pkg/cli to Medium abstraction
- Update `PIDFile` struct to include `io.Medium` field.
- Update `NewPIDFile` signature to accept `io.Medium`.
- Update `PIDFile` methods to use injected medium instead of `io.Local`.
- Add `Medium` field to `DaemonOptions`.
- Update `NewDaemon` to default to `io.Local` if no medium is provided.
- Update `pkg/cli/daemon_test.go` to reflect changes and add mock medium tests.
* chore(io): Migrate pkg/cli to Medium abstraction
- Update `PIDFile` struct to include `io.Medium` field.
- Update `NewPIDFile` signature to accept `io.Medium`.
- Update `PIDFile` methods to use injected medium instead of `io.Local`.
- Add `Medium` field to `DaemonOptions`.
- Update `NewDaemon` to default to `io.Local` if no medium is provided.
- Update `pkg/cli/daemon_test.go` to reflect changes and add mock medium tests.
- Fix flaky test `TestLinuxKitManager_Stop_Good_ContextCancelled` by checking context at the start of `Stop`.
- Add fail-fast context checks to all `LinuxKitManager` methods taking a context.
* feat(help): Add CLI help command
Fixes#136
* chore: remove binary
* feat(mcp): Add TCP transport
Fixes#126
* feat(io): Migrate pkg/mcp to use Medium abstraction
Fixes#103
* feat(io): batch implementation placeholder
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(cli): batch implementation placeholder
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(io): Migrate internal/cmd/docs/* to Medium abstraction
Fixes#113
* chore(io): Migrate internal/cmd/dev/* to Medium abstraction
Fixes#114
* chore(io): Migrate internal/cmd/setup/* to Medium abstraction
* chore(io): Complete migration of internal/cmd/dev/* to Medium abstraction
* feat(io): extend Medium interface with Delete, Rename, List, Stat operations
Adds the following methods to the Medium interface:
- Delete(path) - remove a file or empty directory
- DeleteAll(path) - recursively remove a file or directory
- Rename(old, new) - move/rename a file or directory
- List(path) - list directory entries (returns []fs.DirEntry)
- Stat(path) - get file information (returns fs.FileInfo)
- Exists(path) - check if path exists
- IsDir(path) - check if path is a directory
Implements these methods in both local.Medium (using os package)
and MockMedium (in-memory for testing). Includes FileInfo and
DirEntry types for mock implementations.
This enables migration of direct os.* calls to the Medium
abstraction for consistent path validation and testability.
Refs #101
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(io): Migrate internal/cmd/sdk, pkgcmd, and workspace to Medium abstraction
* chore(io): migrate internal/cmd/docs and internal/cmd/dev to Medium
- internal/cmd/docs: Replace os.Stat, os.ReadFile, os.WriteFile,
os.MkdirAll, os.RemoveAll with io.Local equivalents
- internal/cmd/dev: Replace os.Stat, os.ReadFile, os.WriteFile,
os.MkdirAll, os.ReadDir with io.Local equivalents
- Fix local.Medium to allow absolute paths when root is "/" for
full filesystem access (io.Local use case)
Refs #113, #114
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(io): migrate internal/cmd/setup to Medium abstraction
Migrated all direct os.* filesystem calls to use io.Local:
- cmd_repo.go: os.MkdirAll -> io.Local.EnsureDir, os.WriteFile -> io.Local.Write, os.Stat -> io.Local.IsFile
- cmd_bootstrap.go: os.MkdirAll -> io.Local.EnsureDir, os.Stat -> io.Local.IsDir/Exists, os.ReadDir -> io.Local.List
- cmd_registry.go: os.MkdirAll -> io.Local.EnsureDir, os.Stat -> io.Local.Exists
- cmd_ci.go: os.ReadFile -> io.Local.Read
- github_config.go: os.ReadFile -> io.Local.Read, os.Stat -> io.Local.Exists
Refs #116
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(io): migrate pkg/cli/daemon.go to Medium abstraction
Replaces direct os calls with io.Local:
- os.ReadFile -> io.Local.Read
- os.WriteFile -> io.Local.Write
- os.Remove -> io.Local.Delete
- os.MkdirAll -> io.Local.EnsureDir
Closes#107
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(io): address Copilot review feedback
- Fix MockMedium.Rename: collect keys before mutating maps during iteration
- Fix .git checks to use Exists instead of List (handles worktrees/submodules)
- Fix cmd_sync.go: use DeleteAll for recursive directory removal
Files updated:
- pkg/io/io.go: safe map iteration in Rename
- internal/cmd/setup/cmd_bootstrap.go: Exists for .git checks
- internal/cmd/setup/cmd_registry.go: Exists for .git checks
- internal/cmd/pkgcmd/cmd_install.go: Exists for .git checks
- internal/cmd/pkgcmd/cmd_manage.go: Exists for .git checks
- internal/cmd/docs/cmd_sync.go: DeleteAll for recursive delete
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(updater): resolve PkgVersion duplicate declaration
Remove var PkgVersion from updater.go since go generate creates
const PkgVersion in version.go. Track version.go in git to ensure
builds work without running go generate first.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: fix formatting in internal/variants
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* refactor(io): simplify local Medium implementation
Rewrote to match the simpler TypeScript pattern:
- path() sanitizes and returns string directly
- Each method calls path() once
- No complex symlink validation
- Less code, less attack surface
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(io): remove duplicate method declarations
Clean up the client.go file that had duplicate method declarations
from a bad cherry-pick merge. Now has 127 lines of simple, clean code.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(io): fix traversal test to match sanitization behavior
The simplified path() sanitizes .. to . without returning errors.
Update test to verify sanitization works correctly.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test(mcp): update sandboxing tests for simplified Medium
The simplified io/local.Medium implementation:
- Sanitizes .. to . (no error, path is cleaned)
- Allows absolute paths through (caller validates if needed)
- Follows symlinks (no traversal blocking)
Update tests to match this simplified behavior.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Implement the NO_COLOR standard (https://no-color.org/) for CLI output.
When NO_COLOR is set (to any value), ANSI color codes are disabled.
Changes:
- Add init() to check NO_COLOR and TERM=dumb environment variables
- Add ColorEnabled() to query current color state
- Add SetColorEnabled() to programmatically enable/disable colors
- Modify AnsiStyle.Render() to return plain text when colors disabled
- Update UseASCII() to also disable colors (consistent with ASCII mode)
- Add comprehensive tests for color enable/disable functionality
Usage:
NO_COLOR=1 core dev status # Runs without color output
TERM=dumb core dev status # Also disables colors
Closes#87
Co-authored-by: Claude <noreply@anthropic.com>
* feat(go): make go fmt git-aware by default
- By default, only check changed Go files (modified, staged, untracked)
- Add --all flag to check all files (previous behaviour)
- Reduces noise when running fmt on large codebases
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(build): minimal output by default, add missing i18n
- Default output now shows single line: "Success Built N artifacts (dir)"
- Add --verbose/-v flag to show full detailed output
- Add all missing i18n translations for build commands
- Errors still show failure reason in minimal mode
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat: add root-level `core git` command
- Create pkg/gitcmd with git workflow commands as root menu
- Export command builders from pkg/dev (AddCommitCommand, etc.)
- Commands available under both `core git` and `core dev` for compatibility
- Git commands: health, commit, push, pull, work, sync, apply
- GitHub orchestration stays in dev: issues, reviews, ci, impact
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(qa): add docblock coverage checking
Implement docblock/docstring coverage analysis for Go code:
- New `core qa docblock` command to check coverage
- Shows compact file:line list when under threshold
- Integrate with `core go qa` as a default check
- Add --docblock-threshold flag (default 80%)
The checker uses Go AST parsing to find exported symbols
(functions, types, consts, vars) without documentation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- Fix doc comment: "status" → "health" in gitcmd package
- Implement --check flag for `core go fmt` (exits non-zero if files need formatting)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs: add docstrings for 100% coverage
Add documentation comments to all exported symbols:
- pkg/build: ProjectType constants
- pkg/cli: LogLevel, RenderStyle, TableStyle
- pkg/framework: ServiceFor, MustServiceFor, Core.Core
- pkg/git: GitError.Error, GitError.Unwrap
- pkg/i18n: Handler Match/Handle methods
- pkg/log: Level constants
- pkg/mcp: Tool input/output types
- pkg/php: Service constants, QA types, service methods
- pkg/process: ServiceError.Error
- pkg/repos: RepoType constants
- pkg/setup: ChangeType, ChangeCategory constants
- pkg/workspace: AddWorkspaceCommands
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore: standardize line endings to LF
Add .gitattributes to enforce LF line endings for all text files.
Normalize all existing files to use Unix-style line endings.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback
- cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr
- cmd_docblock.go: return error instead of os.Exit(1) for proper error handling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix: address CodeRabbit review feedback (round 2)
- linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit
- mcp.go: guard against empty old_string in editDiff to prevent runaway edits
- cmd_docblock.go: log parse errors instead of silently skipping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
- Fix integer conversion in hexToRGB using 8-bit ParseUint instead of
64-bit ParseInt to avoid potential overflow on 32-bit systems
- Update npm dependencies to fix Angular XSRF, XSS and MCP SDK vulnerabilities
Resolves 3 CodeQL alerts and 8 npm high severity vulnerabilities.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Make AppVersion injectable via ldflags at build time
- Replace GoReleaser with simple GitHub Actions workflow
- Build for linux/darwin/windows on amd64/arm64
- Generate checksums.txt for integrity verification
- Inject version from git tag into binary
Fixes#37
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(docs): respect workspace.yaml packages_dir setting (fixes#46)
* fix(workspace): improve config loading logic (CR feedback)
- Expand ~ before resolving relative paths in cmd_registry
- Handle LoadWorkspaceConfig errors properly
- Update Repo.Path when PackagesDir overrides default
- Validate workspace config version
- Add unit tests for workspace config loading
* docs: add comments and increase test coverage (CR feedback)
- Add docstrings to exported functions in pkg/cli
- Add unit tests for Semantic Output (pkg/cli/output.go)
- Add unit tests for CheckBuilder (pkg/cli/check.go)
- Add unit tests for IPC Query/Perform (pkg/framework/core)
* fix(test): fix panics and failures in php package tests
- Fix panic in TestLookupLinuxKit_Bad by mocking paths
- Fix assertion errors in TestGetSSLDir_Bad and TestGetPackageInfo_Bad
- Fix formatting in test files
* fix(test): correct syntax in services_extended_test.go
* fix(ci): point coverage workflow to go.mod instead of go.work
* fix(ci): build CLI before running coverage
* fix(ci): run go generate for updater package in coverage workflow
* fix(github): allow dry-run publish without gh CLI authentication
Moves validation check after dry-run check so tests can verify dry-run behavior in CI environments.
- Replaces lipgloss/fmt with cli.* functions
- Adds unit tests for new cli components
- Fixes all build errors
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Check() fluent builder for check results
- Task() for task headers
- Section() for section headers
- Hint() for labelled hints
- Severity() for severity-styled output
- Result() for pass/fail results
Consuming packages now have zero display logic.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replaces lipgloss with internal ANSI styling
- Updates output functions to use new style and glyph system
- Removes external dependencies from strings.go and errors.go
- Fixes redeclarations in utils.go and runtime.go
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replaces lipgloss with ~100 lines of owned code.
Supports bold, dim, italic, underline, RGB/hex colors.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add cli.Fatal(err) that prints styled error and exits
- Change cli.Main() to handle errors internally via Fatal()
- Simplify main.go to just: cli.Main()
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Extract logging to pkg/log for use outside CLI:
- Logger with Debug/Info/Warn/Error levels
- Key-value pairs for structured logging
- Customisable styling and output
- Optional Core framework integration via Service
Enhance pkg/errors with:
- Wrap() and WrapCode() helpers
- Code() for error codes
- Op(), ErrCode(), Message(), Root() extractors
- Standard library wrappers (Is, As, New, Join)
Update pkg/cli/log.go to use pkg/log with CLI styling.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements defence in depth through build variants - only compiled code
exists in the binary. Commands now self-register via cli.RegisterCommands()
in their init() functions, mirroring the i18n.RegisterLocales() pattern.
Structure changes:
- cmd/{ai,build,ci,dev,docs,doctor,go,php,pkg,sdk,setup,test,vm}/ → pkg/*/cmd_*.go
- cmd/core_dev.go, cmd/core_ci.go → cmd/variants/{full,ci,php,minimal}.go
- Added pkg/cli/commands.go with RegisterCommands API
- Updated pkg/cli/runtime.go to attach registered commands
Build variants:
- go build → full (21MB, all 13 command groups)
- go build -tags ci → ci (18MB, build/ci/sdk/doctor)
- go build -tags php → php (14MB, php/doctor)
- go build -tags minimal → minimal (11MB, doctor only)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add i18n.SetDefault() in CLI service for global i18n.T() access
- Replace explicit cmd.php.qa.* keys with grammar-based composition
- Use i18n.Label(), i18n.ProgressSubject() for structured messages
- Use i18n.done.*, i18n.fail.*, i18n.count.* magic namespaces
- Simplify GetIssueMessage() to use grammar patterns
This reduces translation key explosion by composing messages from
grammar primitives rather than defining explicit keys for every phrase.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive daemon mode support to pkg/cli:
- Mode detection (Interactive/Pipe/Daemon) based on TTY and CORE_DAEMON env
- TTY helpers using golang.org/x/term (IsTTY, IsStdinTTY, IsStderrTTY)
- PIDFile for single-instance enforcement with stale PID detection
- HealthServer with /health and /ready endpoints for orchestration
- Daemon lifecycle manager combining PID, health, and graceful shutdown
- SIGHUP support for configuration reloading in runtime.go
- Fix i18n.go type references (MissingKey, OnMissingKey)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add i18n service wrapping pkg/i18n for translations via cli.T()
- Add log service with levels (quiet/error/warn/info/debug)
- Wire cli.Init() in cmd.Execute() with explicit service names
- Fix main.go to print errors to stderr and exit with code 1
- Update runtime.go to accept additional services via Options
Services use WithName() to avoid name collision since both are
defined in pkg/cli (WithService would auto-name both "cli").
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- cli.Success(), cli.Error(), etc. now print directly
- String-returning versions renamed to cli.FmtSuccess(), etc.
- Removes App() from common usage path
- Usage: cli.Success("done") instead of fmt.Println(cli.Success("done"))
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Moves shared utilities (styles, utils) from cmd/shared to pkg/cli.
Adds CLI runtime with global singleton pattern:
- cli.Init() initialises the runtime
- cli.App() returns the global instance
- OutputService for styled terminal printing
- SignalService for graceful shutdown handling
All cmd/ packages now import pkg/cli instead of cmd/shared.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
