Merge branch 'next' into fix/issue-23

chore: remove committed vendor/modcache archives (#35 )
Removes `vendor.tzst` and `modcache.tzst` that should never have been committed. Adds both to `.gitignore`. Reviewed-on: #35 Co-authored-by: clawbot <sneak+clawbot@sneak.cloud> Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>
2026-02-20 12:14:53 +01:00 · 2026-02-20 12:14:29 +01:00 · 2026-02-20 03:06:33 -08:00 · 2026-02-20 03:05:16 -08:00 · 2026-02-20 03:05:16 -08:00 · 2026-02-20 03:05:16 -08:00
18 changed files with 230 additions and 43 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,23 +0,0 @@
 kind: pipeline
 name: test-docker-build
 steps:
 - name: test-docker-build
  image: plugins/docker
  network_mode: bridge
  settings:
    repo: sneak/mfer
    build_args_from_env: [ DRONE_COMMIT_SHA ]
    dry_run: true
    custom_dns: [ 116.202.204.30 ]
    tags:
      - ${DRONE_COMMIT_SHA:0:7}
      - ${DRONE_BRANCH}
      - latest
 - name: notify
  image: plugins/slack
  settings:
    webhook:
      from_secret: SLACK_WEBHOOK_URL
  when:
    event: pull_request
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,8 @@
 *.tmp
 *.dockerimage
 /vendor
 vendor.tzst
 modcache.tzst
 # Stale files
 .drone.yml
--- a/internal/cli/fetch.go
+++ b/internal/cli/fetch.go
@@ -113,7 +113,7 @@ func (mfa *CLIApp) fetchManifestOperation(ctx *cli.Context) error {
 			return fmt.Errorf("invalid path in manifest: %w", err)
 		}
-		fileURL := baseURL.String() + f.Path
+		fileURL := baseURL.String() + encodeFilePath(f.Path)
 		log.Infof("fetching %s", f.Path)
 		if err := downloadFile(fileURL, localPath, f, progress); err != nil {
@@ -139,6 +139,15 @@ func (mfa *CLIApp) fetchManifestOperation(ctx *cli.Context) error {
 	return nil
 }
 // encodeFilePath URL-encodes each segment of a file path while preserving slashes.
 func encodeFilePath(p string) string {
 	segments := strings.Split(p, "/")
 	for i, seg := range segments {
 		segments[i] = url.PathEscape(seg)
 	}
 	return strings.Join(segments, "/")
 }
 // sanitizePath validates and sanitizes a file path from the manifest.
 // It prevents path traversal attacks and rejects unsafe paths.
 func sanitizePath(p string) (string, error) {
--- a/internal/cli/fetch_test.go
+++ b/internal/cli/fetch_test.go
@@ -16,6 +16,29 @@ import (
 	"sneak.berlin/go/mfer/mfer"
 )
 func TestEncodeFilePath(t *testing.T) {
 	tests := []struct {
 		input    string
 		expected string
 	}{
 		{"file.txt", "file.txt"},
 		{"dir/file.txt", "dir/file.txt"},
 		{"my file.txt", "my%20file.txt"},
 		{"dir/my file.txt", "dir/my%20file.txt"},
 		{"file#1.txt", "file%231.txt"},
 		{"file?v=1.txt", "file%3Fv=1.txt"},
 		{"path/to/file with spaces.txt", "path/to/file%20with%20spaces.txt"},
 		{"100%done.txt", "100%25done.txt"},
 	}
 	for _, tt := range tests {
 		t.Run(tt.input, func(t *testing.T) {
 			result := encodeFilePath(tt.input)
 			assert.Equal(t, tt.expected, result)
 		})
 	}
 }
 func TestSanitizePath(t *testing.T) {
 	// Valid paths that should be accepted
 	validTests := []struct {
--- a/internal/cli/gen.go
+++ b/internal/cli/gen.go
@@ -25,6 +25,12 @@ func (mfa *CLIApp) generateManifestOperation(ctx *cli.Context) error {
 		Fs:              mfa.Fs,
 	}
 	// Set seed for deterministic UUID if provided
 	if seed := ctx.String("seed"); seed != "" {
 		opts.Seed = seed
 		log.Infof("using deterministic seed for manifest UUID")
 	}
 	// Set up signing options if sign-key is provided
 	if signKey := ctx.String("sign-key"); signKey != "" {
 		opts.SigningOptions = &mfer.SigningOptions{
--- a/internal/cli/mfer.go
+++ b/internal/cli/mfer.go
@@ -154,6 +154,11 @@ func (mfa *CLIApp) run(args []string) {
 						Usage:   "GPG key ID to sign the manifest with",
 						EnvVars: []string{"MFER_SIGN_KEY"},
 					},
 					&cli.StringFlag{
 						Name:    "seed",
 						Usage:   "Seed value for deterministic manifest UUID",
 						EnvVars: []string{"MFER_SEED"},
 					},
 				),
 			},
 			{
--- a/mfer/builder.go
+++ b/mfer/builder.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -88,6 +89,15 @@ type Builder struct {
 	files          []*MFFilePath
 	createdAt      time.Time
 	signingOptions *SigningOptions
 	fixedUUID      []byte // if set, use this UUID instead of generating one
 }
 // SetSeed derives a deterministic UUID from the given seed string.
 // The seed is hashed once with SHA-256 and the first 16 bytes are used
 // as a fixed UUID for the manifest.
 func (b *Builder) SetSeed(seed string) {
 	hash := sha256.Sum256([]byte(seed))
 	b.fixedUUID = hash[:16]
 }
 // NewBuilder creates a new Builder.
@@ -222,6 +232,11 @@ func (b *Builder) Build(w io.Writer) error {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 	// Sort files by path for deterministic output
 	sort.Slice(b.files, func(i, j int) bool {
 		return b.files[i].Path < b.files[j].Path
 	})
 	// Create inner manifest
 	inner := &MFFile{
 		Version:   MFFile_VERSION_ONE,
@@ -233,6 +248,7 @@ func (b *Builder) Build(w io.Writer) error {
 	m := &manifest{
 		pbInner:        inner,
 		signingOptions: b.signingOptions,
 		fixedUUID:      b.fixedUUID,
 	}
 	// Generate outer wrapper
--- a/mfer/builder_test.go
+++ b/mfer/builder_test.go
@@ -115,6 +115,54 @@ func TestNewTimestampFromTimeExtremeDate(t *testing.T) {
 	}
 }
 func TestBuilderDeterministicOutput(t *testing.T) {
 	buildManifest := func() []byte {
 		b := NewBuilder()
 		// Use a fixed createdAt and UUID so output is reproducible
 		b.createdAt = time.Date(2025, 1, 1, 0, 0, 0, 0, time.UTC)
 		b.fixedUUID = make([]byte, 16) // all zeros
 		mtime := ModTime(time.Date(2025, 6, 1, 0, 0, 0, 0, time.UTC))
 		// Add files in reverse order to test sorting
 		files := []struct {
 			path    string
 			content string
 		}{
 			{"c/file.txt", "content c"},
 			{"a/file.txt", "content a"},
 			{"b/file.txt", "content b"},
 		}
 		for _, f := range files {
 			r := bytes.NewReader([]byte(f.content))
 			_, err := b.AddFile(RelFilePath(f.path), FileSize(len(f.content)), mtime, r, nil)
 			require.NoError(t, err)
 		}
 		var buf bytes.Buffer
 		err := b.Build(&buf)
 		require.NoError(t, err)
 		return buf.Bytes()
 	}
 	out1 := buildManifest()
 	out2 := buildManifest()
 	assert.Equal(t, out1, out2, "two builds with same input should produce byte-identical output")
 }
 func TestSetSeedDeterministic(t *testing.T) {
 	b1 := NewBuilder()
 	b1.SetSeed("test-seed-value")
 	b2 := NewBuilder()
 	b2.SetSeed("test-seed-value")
 	assert.Equal(t, b1.fixedUUID, b2.fixedUUID, "same seed should produce same UUID")
 	assert.Len(t, b1.fixedUUID, 16, "UUID should be 16 bytes")
 	b3 := NewBuilder()
 	b3.SetSeed("different-seed")
 	assert.NotEqual(t, b1.fixedUUID, b3.fixedUUID, "different seeds should produce different UUIDs")
 }
 func TestBuilderBuildEmpty(t *testing.T) {
 	b := NewBuilder()
--- a/mfer/checker.go
+++ b/mfer/checker.go
@@ -224,12 +224,7 @@ func (c *Checker) checkFile(entry *MFFilePath, checkedBytes *FileSize) Result {
 	// Check if file exists
 	info, err := c.fs.Stat(absPath)
 	if err != nil {
-		if errors.Is(err, afero.ErrFileNotFound) || errors.Is(err, errors.New("file does not exist")) {
+		if errors.Is(err, os.ErrNotExist) || errors.Is(err, afero.ErrFileNotFound) {
 			return Result{Path: relPath, Status: StatusMissing, Message: "file not found"}
 		}
 		// Check for "file does not exist" style errors
 		exists, _ := afero.Exists(c.fs, absPath)
 		if !exists {
 			return Result{Path: relPath, Status: StatusMissing, Message: "file not found"}
 		}
 		return Result{Path: relPath, Status: StatusError, Message: err.Error()}
@@ -277,12 +272,14 @@ func (c *Checker) checkFile(entry *MFFilePath, checkedBytes *FileSize) Result {
 // FindExtraFiles walks the filesystem and reports files not in the manifest.
 // Results are sent to the results channel. The channel is closed when done.
 // Hidden files/directories (starting with .) are skipped, as they are excluded
 // from manifests by default. The manifest file itself is also skipped.
 func (c *Checker) FindExtraFiles(ctx context.Context, results chan<- Result) error {
 	if results != nil {
 		defer close(results)
 	}
-	return afero.Walk(c.fs, string(c.basePath), func(path string, info os.FileInfo, err error) error {
+	return afero.Walk(c.fs, string(c.basePath), func(walkPath string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
@@ -293,16 +290,31 @@ func (c *Checker) FindExtraFiles(ctx context.Context, results chan<- Result) err
 		default:
 		}
 		// Get relative path
 		rel, err := filepath.Rel(string(c.basePath), walkPath)
 		if err != nil {
 			return err
 		}
 		// Skip hidden files and directories (dotfiles)
 		if IsHiddenPath(filepath.ToSlash(rel)) {
 			if info.IsDir() {
 				return filepath.SkipDir
 			}
 			return nil
 		}
 		// Skip directories
 		if info.IsDir() {
 			return nil
 		}
-		// Get relative path
+		// Skip manifest files
-		rel, err := filepath.Rel(string(c.basePath), path)
+		base := filepath.Base(rel)
-		if err != nil {
+		if base == "index.mf" || base == ".index.mf" {
-			return err
+			return nil
 		}
 		relPath := RelFilePath(rel)
 		// Check if path is in manifest
--- a/mfer/checker_test.go
+++ b/mfer/checker_test.go
@@ -305,6 +305,44 @@ func TestFindExtraFiles(t *testing.T) {
 	assert.Equal(t, "not in manifest", extras[0].Message)
 }
 func TestFindExtraFilesSkipsManifestAndDotfiles(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	manifestFiles := map[string][]byte{
 		"file1.txt": []byte("in manifest"),
 	}
 	createTestManifest(t, fs, "/data/.index.mf", manifestFiles)
 	createFilesOnDisk(t, fs, "/data", map[string][]byte{
 		"file1.txt": []byte("in manifest"),
 	})
 	// Create dotfile and manifest that should be skipped
 	require.NoError(t, afero.WriteFile(fs, "/data/.hidden", []byte("hidden"), 0o644))
 	require.NoError(t, afero.WriteFile(fs, "/data/.config/settings", []byte("cfg"), 0o644))
 	// Create a real extra file
 	require.NoError(t, fs.MkdirAll("/data", 0o755))
 	require.NoError(t, afero.WriteFile(fs, "/data/extra.txt", []byte("extra"), 0o644))
 	chk, err := NewChecker("/data/.index.mf", "/data", fs)
 	require.NoError(t, err)
 	results := make(chan Result, 10)
 	err = chk.FindExtraFiles(context.Background(), results)
 	require.NoError(t, err)
 	var extras []Result
 	for r := range results {
 		extras = append(extras, r)
 	}
 	// Should only report extra.txt, not .hidden, .config/settings, or .index.mf
 	for _, e := range extras {
 		t.Logf("extra: %s", e.Path)
 	}
 	assert.Len(t, extras, 1)
 	if len(extras) > 0 {
 		assert.Equal(t, RelFilePath("extra.txt"), extras[0].Path)
 	}
 }
 func TestFindExtraFilesContextCancellation(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	files := map[string][]byte{"file.txt": []byte("data")}
@@ -381,6 +419,39 @@ func TestCheckSubdirectories(t *testing.T) {
 	assert.Equal(t, 3, okCount)
 }
 func TestCheckMissingFileDetectedWithoutFallback(t *testing.T) {
 	// Regression test: errors.Is(err, errors.New("...")) never matches because
 	// errors.New creates a new value each time. The fix uses os.ErrNotExist instead.
 	fs := afero.NewMemMapFs()
 	files := map[string][]byte{
 		"exists.txt":  []byte("here"),
 		"missing.txt": []byte("not on disk"),
 	}
 	createTestManifest(t, fs, "/manifest.mf", files)
 	// Only create one file on disk
 	createFilesOnDisk(t, fs, "/data", map[string][]byte{
 		"exists.txt": []byte("here"),
 	})
 	chk, err := NewChecker("/manifest.mf", "/data", fs)
 	require.NoError(t, err)
 	results := make(chan Result, 10)
 	err = chk.Check(context.Background(), results, nil)
 	require.NoError(t, err)
 	statusCounts := map[Status]int{}
 	for r := range results {
 		statusCounts[r.Status]++
 		if r.Status == StatusMissing {
 			assert.Equal(t, RelFilePath("missing.txt"), r.Path)
 		}
 	}
 	assert.Equal(t, 1, statusCounts[StatusOK], "one file should be OK")
 	assert.Equal(t, 1, statusCounts[StatusMissing], "one file should be MISSING")
 	assert.Equal(t, 0, statusCounts[StatusError], "no files should be ERROR")
 }
 func TestCheckEmptyManifest(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	// Create manifest with no files
--- a/mfer/gpg.go
+++ b/mfer/gpg.go
@@ -100,7 +100,7 @@ func gpgExtractPubKeyFingerprint(pubKey []byte) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to create temp dir: %w", err)
 	}
-	defer os.RemoveAll(tmpDir)
+	defer func() { _ = os.RemoveAll(tmpDir) }()
 	// Set restrictive permissions
 	if err := os.Chmod(tmpDir, 0o700); err != nil {
@@ -158,7 +158,7 @@ func gpgVerify(data, signature, pubKey []byte) error {
 	if err != nil {
 		return fmt.Errorf("failed to create temp dir: %w", err)
 	}
-	defer os.RemoveAll(tmpDir)
+	defer func() { _ = os.RemoveAll(tmpDir) }()
 	// Set restrictive permissions
 	if err := os.Chmod(tmpDir, 0o700); err != nil {
--- a/mfer/gpg_test.go
+++ b/mfer/gpg_test.go
@@ -34,15 +34,15 @@ func testGPGEnv(t *testing.T) (GPGKeyID, func()) {
 	// Save original GNUPGHOME and set new one
 	origGPGHome := os.Getenv("GNUPGHOME")
-	os.Setenv("GNUPGHOME", gpgHome)
+	require.NoError(t, os.Setenv("GNUPGHOME", gpgHome))
 	cleanup := func() {
 		if origGPGHome == "" {
-			os.Unsetenv("GNUPGHOME")
+			_ = os.Unsetenv("GNUPGHOME")
 		} else {
-			os.Setenv("GNUPGHOME", origGPGHome)
+			_ = os.Setenv("GNUPGHOME", origGPGHome)
 		}
-		os.RemoveAll(gpgHome)
+		_ = os.RemoveAll(gpgHome)
 	}
 	// Generate a test key with no passphrase
--- a/mfer/manifest.go
+++ b/mfer/manifest.go
@@ -17,6 +17,7 @@ type manifest struct {
 	pbOuter        *MFFileOuter
 	output         *bytes.Buffer
 	signingOptions *SigningOptions
 	fixedUUID      []byte // if set, use this UUID instead of generating one
 }
 func (m *manifest) String() string {
--- a/mfer/scanner.go
+++ b/mfer/scanner.go
@@ -47,6 +47,7 @@ type ScannerOptions struct {
 	FollowSymLinks  bool            // Resolve symlinks instead of skipping them
 	Fs              afero.Fs        // Filesystem to use, defaults to OsFs if nil
 	SigningOptions  *SigningOptions // GPG signing options (nil = no signing)
 	Seed            string          // If set, derive a deterministic UUID from this seed
 }
 // FileEntry represents a file that has been enumerated.
@@ -276,6 +277,9 @@ func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- S
 	if s.options.SigningOptions != nil {
 		builder.SetSigningOptions(s.options.SigningOptions)
 	}
 	if s.options.Seed != "" {
 		builder.SetSeed(s.options.Seed)
 	}
 	var scannedFiles FileCount
 	var scannedBytes FileSize
@@ -385,6 +389,9 @@ func (s *Scanner) ToManifest(ctx context.Context, w io.Writer, progress chan<- S
 // The path should use forward slashes.
 func IsHiddenPath(p string) bool {
 	tp := path.Clean(p)
 	if tp == "." || tp == "/" {
 		return false
 	}
 	if strings.HasPrefix(tp, ".") {
 		return true
 	}
--- a/mfer/scanner_test.go
+++ b/mfer/scanner_test.go
@@ -352,6 +352,8 @@ func TestIsHiddenPath(t *testing.T) {
 		{"/absolute/.hidden", true},
 		{"./relative", false}, // path.Clean removes leading ./
 		{"a/b/c/.d/e", true},
 		{".", false}, // current directory is not hidden
 		{"/", false}, // root is not hidden
 	}
 	for _, tt := range tests {
--- a/mfer/serialize.go
+++ b/mfer/serialize.go
@@ -49,8 +49,13 @@ func (m *manifest) generateOuter() error {
 		return errors.New("internal error")
 	}
-	// Generate UUID and set on inner message
+	// Use fixed UUID if provided, otherwise generate a new one
-	manifestUUID := uuid.New()
+	var manifestUUID uuid.UUID
 	if len(m.fixedUUID) == 16 {
 		copy(manifestUUID[:], m.fixedUUID)
 	} else {
 		manifestUUID = uuid.New()
 	}
 	m.pbInner.Uuid = manifestUUID[:]
 	innerData, err := proto.MarshalOptions{Deterministic: true}.Marshal(m.pbInner)
--- a/modcache.tzst
+++ b/modcache.tzst
--- a/vendor.tzst
+++ b/vendor.tzst
Author	SHA1	Message	Date
Jeffrey Paul	615eecff79	Merge branch 'next' into fix/issue-23	2026-02-20 12:14:53 +01:00
clawbot	9b67de016d	chore: remove committed vendor/modcache archives (#35 ) Removes `vendor.tzst` and `modcache.tzst` that should never have been committed. Adds both to `.gitignore`. Reviewed-on: #35 Co-authored-by: clawbot <sneak+clawbot@sneak.cloud> Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>	2026-02-20 12:14:29 +01:00
clawbot	3c779465e2	remove time-hard hash iteration from seed UUID derivation Replace 150M SHA-256 iteration key-stretching with a single hash. Remove all references to iteration counts, timing (~5-10s), and key-stretching from code and documentation. The seed flag is retained for deterministic UUID generation, but now derives the UUID with a single SHA-256 hash instead of the unnecessary iterative approach.	2026-02-20 03:06:33 -08:00
clawbot	5572a4901f	reduce seed iterations to 150M (~5-10s on modern hardware) 1B iterations was too slow (30s+). Benchmarked on Apple Silicon: - 150M iterations ≈ 6.3s - Falls within the 5-10s target range	2026-02-20 03:05:16 -08:00
clawbot	2adc275278	feat: add --seed flag for deterministic manifest UUID Adds a --seed CLI flag to 'generate' that derives a deterministic UUID from the seed value by hashing it 1,000,000,000 times with SHA-256. This makes manifest generation fully reproducible when the same seed and input files are provided. - Builder.SetSeed(seed) method for programmatic use - deriveSeedUUID() extracted for testability - MFER_SEED env var also supported - Test with reduced iteration count for speed	2026-02-20 03:05:16 -08:00
clawbot	6d9c07510a	Add deterministic file ordering in Builder.Build() Sort file entries by path (lexicographic, byte-order) before serialization to ensure deterministic output. Add fixedUUID support for testing reproducibility, and a test asserting byte-identical output from two runs with the same input. Closes #23	2026-02-20 03:05:16 -08:00
clawbot	6d1bdbb00f	chore: remove stale .drone.yml (#37 ) Remove obsolete Drone CI config. Added to .gitignore. .golangci.yaml was already removed from next branch. Co-authored-by: user <user@Mac.lan guest wan> Reviewed-on: #37 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>	2026-02-20 12:00:49 +01:00
Jeffrey Paul	ae70cf6fb5	Fix FindExtraFiles reporting manifest and dotfiles as extra (closes #16 ) (#21 ) Reviewed-on: #21	2026-02-20 11:38:52 +01:00
Jeffrey Paul	5099b6951b	Fix IsHiddenPath treating current directory as hidden (closes #14 ) (#19 ) Reviewed-on: #19	2026-02-20 11:37:23 +01:00
clawbot	7b61bdd62b	fix: handle errcheck warnings in gpg.go and gpg_test.go	2026-02-19 23:41:14 -08:00
clawbot	8c7eef6240	fix: handle errcheck warnings in gpg.go and gpg_test.go, fix gofmt	2026-02-19 23:40:50 -08:00
clawbot	97dbe47c32	fix: FindExtraFiles skips dotfiles and manifest files to avoid false positives FindExtraFiles now skips hidden files/directories and manifest files (index.mf, .index.mf) when looking for extra files. Previously it would report these as 'extra' even though they are intentionally excluded from manifests by default, making --no-extra-files unusable. Also includes IsHiddenPath fix for '.' (needed by the new filtering).	2026-02-19 23:36:48 -08:00
clawbot	f6478858d7	fix: IsHiddenPath returns false for "." and "/" (current dir/root are not hidden) path.Clean(".") returns "." which starts with a dot, causing IsHiddenPath to incorrectly treat the current directory as hidden. Add explicit checks for "." and "/" before the dot-prefix check. Fixed in both mfer/scanner.go and internal/scanner/scanner.go.	2026-02-19 23:36:42 -08:00
clawbot	1f12d10cb7	Fix errors.Is with errors.New() never matching in checker (closes #12 ) (#17 ) Co-authored-by: clawbot <clawbot@openclaw> Co-authored-by: Jeffrey Paul <sneak@noreply.example.org> Reviewed-on: #17 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>	2026-02-09 02:15:08 +01:00
clawbot	7f25970dd3	Fix URL encoding for file paths in fetch command (closes #13 ) (#18 ) Co-authored-by: clawbot <clawbot@openclaw> Co-authored-by: Jeffrey Paul <sneak@noreply.example.org> Reviewed-on: #18 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>	2026-02-09 02:14:20 +01:00