Merge branch 'next' into fix/issue-15

time.UnixNano() panics for dates outside ~1678-2262. The Nanosecond()
method returns just the nanosecond component (0-999999999) and is safe
for all dates. This matches the pattern already used in ModTime.Timestamp().

internal/cli/fetch.go

@@ -113,7 +113,7 @@ func (mfa *CLIApp) fetchManifestOperation(ctx *cli.Context) error {
 			return fmt.Errorf("invalid path in manifest: %w", err)
 		}
 
-		fileURL := baseURL.String() + encodeFilePath(f.Path)
+		fileURL := baseURL.String() + f.Path
 		log.Infof("fetching %s", f.Path)
 
 		if err := downloadFile(fileURL, localPath, f, progress); err != nil {
@@ -139,15 +139,6 @@ func (mfa *CLIApp) fetchManifestOperation(ctx *cli.Context) error {
 	return nil
 }
 
-// encodeFilePath URL-encodes each segment of a file path while preserving slashes.
-func encodeFilePath(p string) string {
-	segments := strings.Split(p, "/")
-	for i, seg := range segments {
-		segments[i] = url.PathEscape(seg)
-	}
-	return strings.Join(segments, "/")
-}
-
 // sanitizePath validates and sanitizes a file path from the manifest.
 // It prevents path traversal attacks and rejects unsafe paths.
 func sanitizePath(p string) (string, error) {

internal/cli/fetch_test.go

@@ -16,29 +16,6 @@ import (
 	"sneak.berlin/go/mfer/mfer"
 )
 
-func TestEncodeFilePath(t *testing.T) {
-	tests := []struct {
-		input    string
-		expected string
-	}{
-		{"file.txt", "file.txt"},
-		{"dir/file.txt", "dir/file.txt"},
-		{"my file.txt", "my%20file.txt"},
-		{"dir/my file.txt", "dir/my%20file.txt"},
-		{"file#1.txt", "file%231.txt"},
-		{"file?v=1.txt", "file%3Fv=1.txt"},
-		{"path/to/file with spaces.txt", "path/to/file%20with%20spaces.txt"},
-		{"100%done.txt", "100%25done.txt"},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.input, func(t *testing.T) {
-			result := encodeFilePath(tt.input)
-			assert.Equal(t, tt.expected, result)
-		})
-	}
-}
-
 func TestSanitizePath(t *testing.T) {
 	// Valid paths that should be accepted
 	validTests := []struct {