core/go - Lethean Network

core/go

Fork 0

generated from lthn/LEM

Commit graph

Author	SHA1	Message	Date
Vi	d2ae87b108	fix: restore packages accidentally deleted during PR #313 rebase (#333 ) Some checks failed Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run Details Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run Details Release: Tag Push / release (push) Blocked by required conditions Details Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s Details Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s Details During conflict resolution for PR #313 (streaming API), the agent incorrectly assumed that modify/delete conflicts meant the PR intended to remove these packages. This was wrong - PR #313 was only about adding streaming API to pkg/io. Restored packages: - pkg/workspace - workspace management service - pkg/unifi - UniFi controller client - pkg/gitea - Gitea API client - pkg/crypt/openpgp - OpenPGP encryption service - internal/cmd/gitea - Gitea CLI commands - internal/cmd/unifi - UniFi CLI commands Also restored: - Various test files (bench_test.go, integration_test.go, etc.) - pkg/framework/core/interfaces.go (Workspace/Crypt interfaces) - pkg/log/errors.go (error helpers) - Documentation (faq.md, user-guide.md) This allows PR #297 (MCP daemon mode) to proceed as it depends on pkg/workspace. Co-authored-by: Claude <developers@lethean.io> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-05 11:16:23 +00:00
Snider	bfa5353205	Add streaming API to pkg/io and optimize agentic context gathering (#313 ) Some checks failed Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run Details Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run Details Release: Tag Push / release (push) Blocked by required conditions Details Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s Details Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s Details * feat(io): add streaming API to Medium interface and optimize agentic context - Added ReadStream and WriteStream to io.Medium interface. - Implemented streaming methods in local and mock mediums. - Updated pkg/agentic/context.go to use streaming I/O with LimitReader. - Added 5000-byte truncation limit for all AI context file reads to reduce memory usage. - Documented when to use streaming vs full-file APIs in io.Medium. * feat(io): optimize streaming API and fix PR feedback - Fixed resource leak in agentic context by using defer for closing file streams. - Improved truncation logic in agentic context to handle multibyte characters correctly by checking byte length before string conversion. - Added comprehensive documentation to ReadStream and WriteStream in local medium. - Added unit tests for ReadStream and WriteStream in local medium. - Applied formatting and fixed auto-merge CI configuration. * feat(io): add streaming API and fix CI failures (syntax fix) - Introduced ReadStream and WriteStream to io.Medium interface. - Implemented streaming methods in local and mock mediums. - Optimized agentic context with streaming reads and truncation logic. - Fixed syntax error in local client tests by overwriting the file. - Fixed auto-merge CI by adding checkout and repository context. - Applied formatting fixes.	2026-02-05 11:00:49 +00:00
Snider	5af736a155	Remove StrictHostKeyChecking=no from SSH commands (#315 ) * Remove StrictHostKeyChecking=no and implement proper host key verification This commit addresses security concerns from the OWASP audit by enforcing strict host key verification for all SSH and SCP commands. Key changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops. - Removed insecure host key verification from pkg/ansible SSH client. - Implemented a synchronous host key discovery mechanism during VM boot using ssh-keyscan to populate ~/.core/known_hosts. - Updated the devops Boot lifecycle to wait until the host key is verified. - Ensured pkg/ansible correctly handles missing known_hosts files. - Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort. - Added CORE_SKIP_SSH_SCAN environment variable for test environments. * Remove StrictHostKeyChecking=no and implement proper host key verification Addresses security concerns from OWASP audit by enforcing strict host key verification. Changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops. - Removed insecure host key verification from pkg/ansible. - Added synchronous host key discovery using ssh-keyscan during VM boot. - Updated Boot lifecycle to wait for host key verification. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. - Fixed formatting issues identified by QA check. * Secure SSH commands and fix auto-merge CI failure Addresses OWASP security audit by enforcing strict host key verification and fixes a CI failure in the auto-merge workflow. Key changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops. - Removed insecure host key verification from pkg/ansible. - Implemented synchronous host key discovery using ssh-keyscan during VM boot. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. - Added pkg/ansible/ssh_test.go to verify SSH client initialization. - Fixed formatting in pkg/io/local/client.go. - Fixed auto-merge.yml by inlining the script and providing repository context to 'gh' command, resolving the "not a git repository" error in CI. * Secure SSH, fix CI auto-merge, and resolve merge conflicts This commit addresses the OWASP security audit by enforcing strict host key verification and resolves persistent CI issues. Security Changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops. - Removed insecure host key verification from pkg/ansible. - Implemented synchronous host key discovery using ssh-keyscan during VM boot. - Updated Boot lifecycle to wait for host key verification. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. CI and Maintenance: - Fixed auto-merge.yml by inlining the script and adding repository context to 'gh' command, resolving the "not a git repository" error in CI. - Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch. - Added pkg/ansible/ssh_test.go for SSH client verification. - Fixed formatting in pkg/io/local/client.go to pass QA checks. * Secure SSH and TLS connections, and fix CI issues Addresses security concerns from OWASP audit and CodeQL by enforcing strict host key verification and TLS certificate verification. Security Changes: - Enforced strict SSH host key checking in pkg/container and devops. - Removed insecure SSH host key verification from pkg/ansible. - Added synchronous host key discovery during VM boot using ssh-keyscan. - Updated UniFi client to enforce TLS certificate verification by default. - Added --insecure flag and config option for UniFi to allow opt-in to skipping TLS verification for self-signed certificates. CI and Maintenance: - Fixed auto-merge workflow by providing repository context to 'gh' command. - Resolved merge conflicts in .github/workflows/auto-merge.yml. - Added unit tests for secured Ansible SSH client. - Fixed formatting issues identified by QA checks. * fix: gofmt alignment in cmd_config.go Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * Secure connections, fix CI auto-merge, and resolve formatting Addresses OWASP security audit and CodeQL security alerts by enforcing secure defaults for SSH and TLS connections. Key changes: - Enforced strict SSH host key checking (StrictHostKeyChecking=yes). - Implemented synchronous host key verification during VM boot using ssh-keyscan. - Updated UniFi client to enforce TLS certificate verification by default. - Added --insecure flag and config option for UniFi to allow opt-in to skipping TLS verification. - Fixed auto-merge workflow by providing repository context to 'gh' command. - Resolved merge conflicts in .github/workflows/auto-merge.yml. - Fixed formatting in internal/cmd/unifi/cmd_config.go and pkg/io/local/client.go. - Added unit tests for secured Ansible SSH client. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Claude <developers@lethean.io>	2026-02-05 07:09:34 +00:00

Author

SHA1

Message

Date

d2ae87b108

fix: restore packages accidentally deleted during PR #313 rebase (#333 )

Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run

Details

Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run

Details

Release: Tag Push / release (push) Blocked by required conditions

Details

Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s

Details

Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s

Details

During conflict resolution for PR #313 (streaming API), the agent
incorrectly assumed that modify/delete conflicts meant the PR intended
to remove these packages. This was wrong - PR #313 was only about
adding streaming API to pkg/io.

Restored packages:
- pkg/workspace - workspace management service
- pkg/unifi - UniFi controller client
- pkg/gitea - Gitea API client
- pkg/crypt/openpgp - OpenPGP encryption service
- internal/cmd/gitea - Gitea CLI commands
- internal/cmd/unifi - UniFi CLI commands

Also restored:
- Various test files (bench_test.go, integration_test.go, etc.)
- pkg/framework/core/interfaces.go (Workspace/Crypt interfaces)
- pkg/log/errors.go (error helpers)
- Documentation (faq.md, user-guide.md)

This allows PR #297 (MCP daemon mode) to proceed as it depends on
pkg/workspace.

Co-authored-by: Claude <developers@lethean.io>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-05 11:16:23 +00:00

Snider

bfa5353205

Add streaming API to pkg/io and optimize agentic context gathering (#313 )

Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run

Details

Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run

Details

Release: Tag Push / release (push) Blocked by required conditions

Details

Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s

Details

Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s

Details

* feat(io): add streaming API to Medium interface and optimize agentic context

- Added ReadStream and WriteStream to io.Medium interface.
- Implemented streaming methods in local and mock mediums.
- Updated pkg/agentic/context.go to use streaming I/O with LimitReader.
- Added 5000-byte truncation limit for all AI context file reads to reduce memory usage.
- Documented when to use streaming vs full-file APIs in io.Medium.

* feat(io): optimize streaming API and fix PR feedback

- Fixed resource leak in agentic context by using defer for closing file streams.
- Improved truncation logic in agentic context to handle multibyte characters correctly by checking byte length before string conversion.
- Added comprehensive documentation to ReadStream and WriteStream in local medium.
- Added unit tests for ReadStream and WriteStream in local medium.
- Applied formatting and fixed auto-merge CI configuration.

* feat(io): add streaming API and fix CI failures (syntax fix)

- Introduced ReadStream and WriteStream to io.Medium interface.
- Implemented streaming methods in local and mock mediums.
- Optimized agentic context with streaming reads and truncation logic.
- Fixed syntax error in local client tests by overwriting the file.
- Fixed auto-merge CI by adding checkout and repository context.
- Applied formatting fixes.

2026-02-05 11:00:49 +00:00

Snider

5af736a155

Remove StrictHostKeyChecking=no from SSH commands (#315 )

* Remove StrictHostKeyChecking=no and implement proper host key verification

This commit addresses security concerns from the OWASP audit by enforcing
strict host key verification for all SSH and SCP commands.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible SSH client.
- Implemented a synchronous host key discovery mechanism during VM boot
  using ssh-keyscan to populate ~/.core/known_hosts.
- Updated the devops Boot lifecycle to wait until the host key is verified.
- Ensured pkg/ansible correctly handles missing known_hosts files.
- Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort.
- Added CORE_SKIP_SSH_SCAN environment variable for test environments.

* Remove StrictHostKeyChecking=no and implement proper host key verification

Addresses security concerns from OWASP audit by enforcing strict host key
verification.

Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Added synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Fixed formatting issues identified by QA check.

* Secure SSH commands and fix auto-merge CI failure

Addresses OWASP security audit by enforcing strict host key verification
and fixes a CI failure in the auto-merge workflow.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible.
- Implemented synchronous host key discovery using ssh-keyscan during VM boot.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Added pkg/ansible/ssh_test.go to verify SSH client initialization.
- Fixed formatting in pkg/io/local/client.go.
- Fixed auto-merge.yml by inlining the script and providing repository context
  to 'gh' command, resolving the "not a git repository" error in CI.

* Secure SSH, fix CI auto-merge, and resolve merge conflicts

This commit addresses the OWASP security audit by enforcing strict host key
verification and resolves persistent CI issues.

Security Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Implemented synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.

CI and Maintenance:
- Fixed auto-merge.yml by inlining the script and adding repository context
  to 'gh' command, resolving the "not a git repository" error in CI.
- Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch.
- Added pkg/ansible/ssh_test.go for SSH client verification.
- Fixed formatting in pkg/io/local/client.go to pass QA checks.

* Secure SSH and TLS connections, and fix CI issues

Addresses security concerns from OWASP audit and CodeQL by enforcing strict
host key verification and TLS certificate verification.

Security Changes:
- Enforced strict SSH host key checking in pkg/container and devops.
- Removed insecure SSH host key verification from pkg/ansible.
- Added synchronous host key discovery during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
  skipping TLS verification for self-signed certificates.

CI and Maintenance:
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Added unit tests for secured Ansible SSH client.
- Fixed formatting issues identified by QA checks.

* fix: gofmt alignment in cmd_config.go

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Secure connections, fix CI auto-merge, and resolve formatting

Addresses OWASP security audit and CodeQL security alerts by enforcing
secure defaults for SSH and TLS connections.

Key changes:
- Enforced strict SSH host key checking (StrictHostKeyChecking=yes).
- Implemented synchronous host key verification during VM boot using ssh-keyscan.
- Updated UniFi client to enforce TLS certificate verification by default.
- Added --insecure flag and config option for UniFi to allow opt-in to
  skipping TLS verification.
- Fixed auto-merge workflow by providing repository context to 'gh' command.
- Resolved merge conflicts in .github/workflows/auto-merge.yml.
- Fixed formatting in internal/cmd/unifi/cmd_config.go and pkg/io/local/client.go.
- Added unit tests for secured Ansible SSH client.

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Claude <developers@lethean.io>

2026-02-05 07:09:34 +00:00

3 commits