- Download from /releases/latest/download/ URL
- Remove hardcoded version variable
- Simplify clone to use default branch
Related to host-uk/core#37
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix return value leakage in install-core.ps1 (suppressed with $null)
- Fix ACL -bor compatibility across PowerShell versions
- Handle unsigned/lightweight git tags in GPG verification
- Skip GPG verification for branch builds (main)
- Add explicit GOOS=windows for Go build
- Detect Windows syscall build errors with helpful message
- Add clone-repos.ps1 as Windows alternative to `core setup`
- Update CLAUDE.md with Windows-specific setup instructions
Closes#56 workaround documented
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add PowerShell 4.0+ version check at startup
- Add disk space check (100MB minimum) before install
- Add try/finally cleanup for download temp files (handles Ctrl+C)
- Fix PATH duplicate semicolons by trimming before append
- Update header with requirements documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
install-core.ps1:
- Add Test-SecureDirectory and New-SecureDirectory to mitigate TOCTOU races
- Add Test-GitTagSignature for GPG verification of git tags
- Make ACL failures fatal for temp directories with retry logic
- Use precise PATH matching instead of substring contains
- Add unique GUID suffix to temp file names
- Document security controls and known limitations in header
setup.bat:
- Validate LOCALAPPDATA is within USERPROFILE
- Reject paths with invalid shell characters
- Add symlink detection for install directory
- Use delayed expansion variables for path safety
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add SHA256 hash verification for downloaded binaries
- Pin to specific version (v0.1.0) instead of dev tag
- Validate LOCALAPPDATA is within user profile
- Detect symlink attacks on install directory
- Set restrictive ACL (owner-only) on temp build directories
- Validate PATH entries before modification
- Improve error handling with specific exception types
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Ensures Pop-Location is always called, even if Write-Err exits early.
Makes the cleanup pattern consistent and easier to maintain.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add git prerequisite check before cloning
- Check $LASTEXITCODE after git clone and go build
- Wrap build logic in try/finally for guaranteed temp cleanup
- Add error check after core setup command in batch file
- Show warning if core doctor reports issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use Join-Path for reliable path handling in PowerShell
- Replace fragile New-TemporaryFile with GetTempPath + GUID
- Enable delayed expansion in batch for reliable errorlevel checks
- Add call statements for proper subprocess error propagation
- Verify core.exe exists before running commands
- Update repo reference and build path
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Makefile for make-based workflow
- Add setup.sh / setup.bat for one-command bootstrap
- Add scripts/install-deps.sh for macOS/Linux dependencies
- Add scripts/install-deps.ps1 for Windows (Chocolatey)
- Add scripts/install-core.sh to build/download core CLI
- Add scripts/install-core.ps1 for Windows
- Update README with installation instructions
Developers can now run:
macOS/Linux: ./setup.sh (or make setup)
Windows: .\setup.bat (as Admin)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
