9 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Snider
|
774d98a9cf
|
Migrate pkg/repos to Medium abstraction (#291)
Some checks failed
Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run
Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run
Release: Tag Push / release (push) Blocked by required conditions
Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s
Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s
* chore(io): Migrate pkg/repos to Medium abstraction - Modified Registry and Repo structs in pkg/repos/registry.go to include io.Medium. - Updated LoadRegistry, FindRegistry, and ScanDirectory signatures to accept io.Medium. - Migrated all internal file operations in pkg/repos/registry.go to use the Medium interface instead of io.Local or os package. - Updated dozens of call sites across internal/cmd/ to pass io.Local to the updated repos functions. - Ensured consistent use of io.Medium for repo existence and git checks. * chore(io): Fix undefined io errors in repos migration - Fixed "undefined: io" compilation errors by using the correct 'coreio' alias in internal commands. - Corrected FindRegistry and LoadRegistry calls in cmd_file_sync.go, cmd_install.go, and cmd_search.go. - Verified fix with successful project-wide build. * chore(io): Final fixes for repos Medium migration - Fixed formatting issue in internal/cmd/setup/cmd_github.go by using 'coreio' alias for consistency. - Ensured all callers use the 'coreio' alias when referring to the io package. - Verified project-wide build completes successfully. * chore(io): Complete migration of pkg/repos to io.Medium - Migrated pkg/repos/registry.go to use io.Medium abstraction for all file operations. - Updated all callers in internal/cmd/ to pass io.Local, with proper alias handling. - Fixed formatting issues in cmd_github.go that caused previous CI failures. - Added unit tests in pkg/repos/registry_test.go using io.MockMedium. - Verified project-wide build and new unit tests pass. * chore(io): Address PR feedback for Medium migration - Made pkg/repos truly medium-agnostic by removing local filepath.Abs calls. - Restored Medium abstraction in pkg/cli/daemon.go (PIDFile and Daemon). - Restored context cancellation checks in pkg/container/linuxkit.go. - Updated pkg/cli/daemon_test.go to use MockMedium. - Documented FindRegistry's local filesystem dependencies. - Verified project-wide build and tests pass. * chore(io): Fix merge conflicts and address PR feedback - Resolved merge conflicts with latest dev branch. - Restored Medium abstraction in pkg/cli/daemon.go and context checks in pkg/container/linuxkit.go. - Refactored pkg/repos/registry.go to be truly medium-agnostic (removed filepath.Abs). - Updated pkg/cli/daemon_test.go to use MockMedium. - Verified all builds and tests pass locally. * chore(io): Complete pkg/repos Medium migration and PR feedback - Refactored pkg/repos to use io.Medium abstraction, removing local filesystem dependencies. - Updated all call sites in internal/cmd to pass io.Local/coreio.Local. - Restored Medium abstraction in pkg/cli/daemon.go and context checks in pkg/container/linuxkit.go. - Updated pkg/cli/daemon_test.go to use MockMedium for better test isolation. - Fixed merge conflicts and code formatting issues. - Verified project-wide build and tests pass. * fix(lint): handle error return values in registry tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Snider
|
90facd9fbe
|
Migrate pkg/container to io.Medium abstraction (#292)
Some checks failed
Release: Tag Push / release (push) Blocked by required conditions
Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run
Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run
Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s
Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s
* chore(io): migrate pkg/container to Medium abstraction Migrated State, Templates, and LinuxKitManager in pkg/container to use the io.Medium abstraction for storage operations. - Introduced TemplateManager struct to handle template logic with injected medium. - Updated State struct to use injected medium for persistence. - Updated LinuxKitManager to hold and use an io.Medium instance. - Updated all internal callers in internal/cmd/vm and pkg/devops to use new APIs. - Adapted and maintained comprehensive test coverage in linuxkit_test.go. - Fixed naming collision with standard io package by aliasing it as goio. * chore(io): migrate pkg/container to Medium abstraction (v2) - Migrated State, Templates, and LinuxKitManager in pkg/container to use io.Medium. - Introduced TemplateManager struct for dependency injection. - Updated all call sites in internal/cmd/vm and pkg/devops. - Restored and adapted comprehensive test suite in linuxkit_test.go. - Fixed naming collisions and followed project test naming conventions. * chore(io): address PR feedback for container Medium migration - Added Open method to io.Medium interface to support log streaming. - Implemented Open in local.Medium and MockMedium. - Fixed extension inconsistency in GetTemplate (.yml vs .yaml). - Refactored TemplateManager to use configurable WorkingDir and HomeDir. - Reused TemplateManager instance in cmd_templates.go. - Updated LinuxKitManager to use medium.Open for log access. - Maintained and updated all tests to verify these improvements. |
||
|
Snider
|
418e9dfef3
|
feat(io): Migrate pkg/mcp to use Medium abstraction (#289)
Some checks failed
Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run
Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run
Release: Tag Push / release (push) Blocked by required conditions
Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 2s
Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 2s
* feat(io): Migrate pkg/mcp to use Medium abstraction - Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing. - Updated `mcp.Service` to use `io.Medium` for all file operations. - Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`. - Simplified `fileExists` handler to use `IsFile` and `IsDir` methods. - Removed redundant Issue 103 comments. - Updated tests to verify symlink blocking. This change ensures consistent path security across the codebase and simplifies the MCP server implementation. * feat(io): Migrate pkg/mcp to use Medium abstraction and enhance security - Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing. - Updated `mcp.Service` to use `io.Medium` interface for all file operations. - Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`. - Simplified `fileExists` handler to use `IsFile` and `IsDir` methods. - Removed redundant Issue 103 comments. - Updated tests to verify symlink blocking and type compatibility. This change ensures consistent path security across the codebase and simplifies the MCP server implementation. * feat(io): Migrate pkg/mcp to use Medium abstraction and enhance security - Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing. - Updated `mcp.Service` to use `io.Medium` interface for all file operations. - Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`. - Simplified `fileExists` handler to use `IsFile` and `IsDir` methods. - Removed redundant Issue 103 comments. - Updated tests to verify symlink blocking and type compatibility. Confirmed that CI failure `org-gate` is administrative and requires manual label. Local tests pass. * feat(io): Migrate pkg/mcp to use Medium abstraction and enhance security - Replaced custom path validation in `pkg/mcp` with `local.Medium` sandboxing. - Updated `mcp.Service` to use `io.Medium` interface for all file operations. - Enhanced `local.Medium` security by implementing robust symlink escape detection in `validatePath`. - Optimized `fileExists` handler to use a single `Stat` call for improved efficiency. - Cleaned up outdated comments and removed legacy validation logic. - Updated tests to verify symlink blocking and correct sandboxing of absolute paths. This change ensures consistent path security across the codebase and simplifies the MCP server implementation. |
||
|
Snider
|
2e6a0f4ef3
|
chore(io): Migrate pkg/cli to Medium abstraction (#285)
Some checks failed
Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run
Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run
Release: Tag Push / release (push) Blocked by required conditions
Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s
Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s
* chore(io): Migrate pkg/cli to Medium abstraction - Update `PIDFile` struct to include `io.Medium` field. - Update `NewPIDFile` signature to accept `io.Medium`. - Update `PIDFile` methods to use injected medium instead of `io.Local`. - Add `Medium` field to `DaemonOptions`. - Update `NewDaemon` to default to `io.Local` if no medium is provided. - Update `pkg/cli/daemon_test.go` to reflect changes and add mock medium tests. * chore(io): Migrate pkg/cli to Medium abstraction - Update `PIDFile` struct to include `io.Medium` field. - Update `NewPIDFile` signature to accept `io.Medium`. - Update `PIDFile` methods to use injected medium instead of `io.Local`. - Add `Medium` field to `DaemonOptions`. - Update `NewDaemon` to default to `io.Local` if no medium is provided. - Update `pkg/cli/daemon_test.go` to reflect changes and add mock medium tests. - Fix flaky test `TestLinuxKitManager_Stop_Good_ContextCancelled` by checking context at the start of `Stop`. - Add fail-fast context checks to all `LinuxKitManager` methods taking a context. |
||
|
Snider
|
9bd0b09e3b
|
refactor(core): decompose Core into serviceManager + messageBus (#282)
Some checks failed
Release: Tag Push / build (amd64, windows, windows-latest) (push) Waiting to run
Release: Tag Push / build (arm64, darwin, macos-latest) (push) Waiting to run
Release: Tag Push / release (push) Blocked by required conditions
Release: Tag Push / build (amd64, linux, ubuntu-latest) (push) Failing after 1s
Release: Tag Push / build (arm64, linux, ubuntu-latest) (push) Failing after 1s
* refactor(core): decompose Core into serviceManager + messageBus (#215) Extract two focused, unexported components from the Core "god object": - serviceManager: owns service registry, lifecycle tracking (startables/ stoppables), and service lock - messageBus: owns IPC action dispatch, query handling, and task handling All public API methods on Core become one-line delegation wrappers. Zero consumer changes — no files outside pkg/framework/core/ modified. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(core): remove unused fields from test struct Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(core): address review feedback from Gemini and Copilot - Move locked check inside mutex in registerService to fix TOCTOU race - Add mutex guards to enableLock and applyLock methods - Replace fmt.Errorf with errors.Join in action() for correct error aggregation (consistent with queryAll and lifecycle methods) - Add TestMessageBus_Action_Bad for error aggregation coverage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): bump host-uk/build from v3 to v4 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): replace Wails build with Go CLI build The build action doesn't yet support Wails v3. Comment out the GUI build step and use host-uk/build/actions/setup/go for Go toolchain setup with a plain `go build` for the CLI binary. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(container): check context before select in Stop to fix flaky test Stop() now checks ctx.Err() before entering the select block. When a pre-cancelled context is passed, the select could non-deterministically choose <-done over <-ctx.Done() if the process had already exited, causing TestLinuxKitManager_Stop_Good_ContextCancelled to fail on CI. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): trim CodeQL matrix to valid languages Remove javascript-typescript and actions from CodeQL matrix — this repo contains only Go and Python. Invalid languages blocked SARIF upload and prevented merge. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(go): add `core go fuzz` command and wire into QA - New `core go fuzz` command discovers Fuzz* targets and runs them with configurable --duration (default 10s per target) - Fuzz added to default QA checks with 5s burst duration - Seed fuzz targets for core package: FuzzE (error constructor), FuzzServiceRegistration, FuzzMessageDispatch Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(codeql): add workflow_dispatch trigger for manual runs Allows manual triggering of CodeQL when the automatic pull_request trigger doesn't fire. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(codeql): remove workflow in favour of default setup CodeQL default setup is now enabled via repo settings for go and python. The workflow-based approach uploaded results as "code quality" rather than "code scanning", which didn't satisfy the code_scanning ruleset requirement. Default setup handles this natively. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): add explicit permissions to all workflows - agent-verify: add issues: write (was missing, writes comments/labels) - ci: add contents: read (explicit least-privilege) - coverage: add contents: read (explicit least-privilege) All workflows now declare permissions explicitly. Repo default is read-only, so workflows without a block silently lacked write access. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): replace inline logic with org reusable workflow callers agent-verify.yml and auto-project.yml now delegate to centralised reusable workflows in host-uk/.github, reducing per-repo duplication. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Snider
|
03c9188d79
|
feat: infrastructure packages and lint cleanup (#281)
* ci: consolidate duplicate workflows and merge CodeQL configs Remove 17 duplicate workflow files that were split copies of the combined originals. Each family (CI, CodeQL, Coverage, PR Build, Alpha Release) had the same job duplicated across separate push/pull_request/schedule/manual trigger files. Merge codeql.yml and codescan.yml into a single codeql.yml with a language matrix covering go, javascript-typescript, python, and actions — matching the previous default setup coverage. Remaining workflows (one per family): - ci.yml (push + PR + manual) - codeql.yml (push + PR + schedule, all languages) - coverage.yml (push + PR + manual) - alpha-release.yml (push + manual) - pr-build.yml (PR + manual) - release.yml (tag push) - agent-verify.yml, auto-label.yml, auto-project.yml Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: add collect, config, crypt, plugin packages and fix all lint issues Add four new infrastructure packages with CLI commands: - pkg/config: layered configuration (defaults → file → env → flags) - pkg/crypt: crypto primitives (Argon2id, AES-GCM, ChaCha20, HMAC, checksums) - pkg/plugin: plugin system with GitHub-based install/update/remove - pkg/collect: collection subsystem (GitHub, BitcoinTalk, market, papers, excavate) Fix all golangci-lint issues across the entire codebase (~100 errcheck, staticcheck SA1012/SA1019/ST1005, unused, ineffassign fixes) so that `core go qa` passes with 0 issues. Closes #167, #168, #170, #250, #251, #252, #253, #254, #255, #256 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Snider
|
a2db3989e1
|
docs(audit): add dependency security audit report (#248)
* feat(devops): migrate filesystem operations to io.Local abstraction Migrate config.go: - os.ReadFile → io.Local.Read Migrate devops.go: - os.Stat → io.Local.IsFile Migrate images.go: - os.MkdirAll → io.Local.EnsureDir - os.Stat → io.Local.IsFile - os.ReadFile → io.Local.Read - os.WriteFile → io.Local.Write Migrate test.go: - os.ReadFile → io.Local.Read - os.Stat → io.Local.IsFile Migrate claude.go: - os.Stat → io.Local.IsDir Updated tests to reflect improved behavior: - Manifest.Save() now creates parent directories - hasFile() correctly returns false for directories Part of #101 (io.Medium migration tracking issue). Closes #107 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore(io): migrate remaining packages to io.Local abstraction Migrate filesystem operations to use the io.Local abstraction for improved security, testability, and consistency: - pkg/cache: Replace os.ReadFile, WriteFile, Remove, RemoveAll with io.Local equivalents. io.Local.Write creates parent dirs automatically. - pkg/agentic: Migrate config.go and context.go to use io.Local for reading config files and gathering file context. - pkg/repos: Use io.Local.Read, Exists, IsDir, List for registry operations and git repo detection. - pkg/release: Use io.Local for config loading, existence checks, and artifact discovery. - pkg/devops/sources: Use io.Local.EnsureDir for CDN download. All paths are converted to absolute using filepath.Abs() before calling io.Local methods to handle relative paths correctly. Closes #104, closes #106, closes #108, closes #111 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore(io): migrate pkg/cli and pkg/container to io.Local abstraction Continue io.Medium migration for the remaining packages: - pkg/cli/daemon.go: PIDFile Acquire/Release now use io.Local.Read, Delete, and Write for managing daemon PID files. - pkg/container/state.go: LoadState and SaveState use io.Local for JSON state persistence. EnsureLogsDir uses io.Local.EnsureDir. - pkg/container/templates.go: Template loading and directory scanning now use io.Local.IsFile, IsDir, Read, and List. - pkg/container/linuxkit.go: Image validation uses io.Local.IsFile, log file check uses io.Local.IsFile. Streaming log file creation (os.Create) remains unchanged as io.Local doesn't support streaming. Closes #105, closes #107 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(audit): add dependency security audit report Complete security audit of all project dependencies: - Run govulncheck: No vulnerabilities found - Run go mod verify: All modules verified - Document 15 direct dependencies and 161 indirect - Assess supply chain risks: Low risk overall - Verify lock files are committed with integrity hashes - Provide CI integration recommendations Closes #185 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): build core CLI from source instead of downloading release The workflows were trying to download from a non-existent release URL. Now builds the CLI directly using `go build` with version injection. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: trigger CI with updated workflow * chore(ci): add workflow_dispatch trigger for manual runs --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Snider
|
fdc108c69e
|
feat: git command, build improvements, and go fmt git-aware (#74)
* feat(go): make go fmt git-aware by default - By default, only check changed Go files (modified, staged, untracked) - Add --all flag to check all files (previous behaviour) - Reduces noise when running fmt on large codebases Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(build): minimal output by default, add missing i18n - Default output now shows single line: "Success Built N artifacts (dir)" - Add --verbose/-v flag to show full detailed output - Add all missing i18n translations for build commands - Errors still show failure reason in minimal mode Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: add root-level `core git` command - Create pkg/gitcmd with git workflow commands as root menu - Export command builders from pkg/dev (AddCommitCommand, etc.) - Commands available under both `core git` and `core dev` for compatibility - Git commands: health, commit, push, pull, work, sync, apply - GitHub orchestration stays in dev: issues, reviews, ci, impact Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(qa): add docblock coverage checking Implement docblock/docstring coverage analysis for Go code: - New `core qa docblock` command to check coverage - Shows compact file:line list when under threshold - Integrate with `core go qa` as a default check - Add --docblock-threshold flag (default 80%) The checker uses Go AST parsing to find exported symbols (functions, types, consts, vars) without documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address CodeRabbit review feedback - Fix doc comment: "status" → "health" in gitcmd package - Implement --check flag for `core go fmt` (exits non-zero if files need formatting) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: add docstrings for 100% coverage Add documentation comments to all exported symbols: - pkg/build: ProjectType constants - pkg/cli: LogLevel, RenderStyle, TableStyle - pkg/framework: ServiceFor, MustServiceFor, Core.Core - pkg/git: GitError.Error, GitError.Unwrap - pkg/i18n: Handler Match/Handle methods - pkg/log: Level constants - pkg/mcp: Tool input/output types - pkg/php: Service constants, QA types, service methods - pkg/process: ServiceError.Error - pkg/repos: RepoType constants - pkg/setup: ChangeType, ChangeCategory constants - pkg/workspace: AddWorkspaceCommands Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * chore: standardize line endings to LF Add .gitattributes to enforce LF line endings for all text files. Normalize all existing files to use Unix-style line endings. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address CodeRabbit review feedback - cmd_format.go: validate --check/--fix mutual exclusivity, capture stderr - cmd_docblock.go: return error instead of os.Exit(1) for proper error handling Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address CodeRabbit review feedback (round 2) - linuxkit.go: propagate state update errors, handle cmd.Wait() errors in waitForExit - mcp.go: guard against empty old_string in editDiff to prevent runaway edits - cmd_docblock.go: log parse errors instead of silently skipping Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Snider
|
3bd9f9bc3d |
feat(container): implement LinuxKit container runtime
Add pkg/container for running LinuxKit VMs: - Manager interface with Run, Stop, List, Logs, Exec - Hypervisor abstraction (QEMU, Hyperkit) - Auto-detect available hypervisor and image format - State persistence in ~/.core/containers.json - Log management in ~/.core/logs/ CLI commands: - core run <image> - run LinuxKit image (-d for detach) - core ps - list containers (-a for all) - core stop <id> - stop container - core logs <id> - view logs (-f to follow) - core exec <id> <cmd> - execute via SSH Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |