next #44

sneak · 2026-03-02T11:07:11+01:00

sneak commented

2026-03-02 11:07:11 +01:00

getting rid of next branch

sneak added 79 commits 2026-03-02 11:07:11 +01:00

latest

continuous-integration/drone/push Build is passing

Details

01bffc8388

remove gofumpt from linting

continuous-integration/drone/push Build is passing

Details

continuous-integration/drone/pr Build is failing

Details

13f39d598f

Add testable CLI with dependency injection and new scanner/checker packages dc2ea47f6a

Major changes:
- Refactor CLI to accept injected I/O streams and filesystem (afero.Fs)
  for testing without touching the real filesystem
- Add RunOptions struct and RunWithOptions() for configurable CLI execution
- Add internal/scanner package with two-phase manifest generation:
  - Phase 1 (Enumeration): walk directories, collect metadata
  - Phase 2 (Scan): read contents, compute hashes, write manifest
- Add internal/checker package for manifest verification with progress
  reporting and channel-based result streaming
- Add mfer/builder.go for incremental manifest construction
- Add --no-extra-files flag to check command to detect files not in manifest
- Add timing summaries showing file count, size, elapsed time, and throughput
- Add comprehensive tests using afero.MemMapFs (no real filesystem access)
- Add contrib/usage.sh integration test script
- Fix banner ASCII art alignment (consistent spacing)
- Fix verbosity levels so summaries display at default log level
- Update internal/log to support configurable output writers

Merge branch 'main' into next 155ebe9a78

Add godoc strings to all exported types, functions, and fields 79fc5cca6c

Documents:
- cli: NO_COLOR, RunOptions fields, CLIApp, VersionString
- checker: Result fields, Status constants, CheckStatus fields
- scanner: EnumerateStatus, ScanStatus, Options, FileEntry fields
- log: Level alias, DisableStyling, Init, Info/Debug functions,
  verbosity helpers, GetLogger, GetLevel, WithError
- mfer: ManifestScanOptions, New, NewFromPaths, NewFromFS, MAGIC

Add TODO section to README with prioritized task list 5e65b3a0fd

Add TODO: change FileProgress callback to channel-based f3be3eba84

Rename ManifestBuilder to Builder 48c3c09d85

remove golangci-lint config files 5d7c729efb

Remove generateInner, now handled by Builder fded1a0393

- Remove generateInner() from serialize.go
- Update generate() to error if pbInner not set
- Remove legacy tests that depended on old code path
- Update TODO item to reflect removal

Change FileProgress callback to channel-based progress c5ca3e2ced

Replace callback-based progress reporting in Builder.AddFile with
channel-based FileHashProgress for consistency with EnumerateStatus
and ScanStatus patterns. Update scanner.go to use the new channel API.

Add CLAUDE.md 531f460f87

Fix all linter errors 92bd13efde

- Add explicit error ignoring with _ = for Close/Remove calls
- Rename WriteTo to Write to avoid io.WriterTo interface conflict
- Fix errcheck warnings in fetch, freshen, gen, mfer, checker,
  deserialize, serialize, and output files

Add TODO.md with 1.0 release tasks 150bac82cf

Replace gzip with zstd compression 21028af9aa

Use zstd with SpeedBestCompression level for better compression
ratios. Remove gzip support entirely. Include generated protobuf
file to allow building without protoc.

Fix progress line not clearing before final status 45201509ff

Change operational log messages from Debug to Info e6cb906d35

Add verbose output for freshen showing M/A/D files with -v 6dc496fa9e

Exclude dotfiles by default, add --include-dotfiles flag 0e86562c09

Changed the default behavior to exclude dotfiles (files/dirs starting with .)
which is the more common use case. Added --include-dotfiles flag for when
hidden files need to be included in the manifest.

Add Verbose log level between Info and Debug 5523cb1595

Implemented full log level hierarchy: Fatal, Error, Warn, Info, Verbose, Debug.
- Verbose level (-v) shows detailed operations like file changes (M/A/D)
- Debug level (-vv) shows low-level tracing with caller info
- Quiet mode (-q) sets level to Error, suppressing Info messages
- Banner and summary output now use log levels for filtering

Fix pathIsHidden treating base directory as hidden, print banner to stdout 818358a8a1

- pathIsHidden(".") was returning true, causing freshen to skip entire
  directory tree when dotfiles excluded
- Banner now prints directly to stdout to avoid log prefix artifacts

Add version line after banner with release date 6edc798de0

Added mfer/constants.go with Version and ReleaseDate constants for
deterministic builds. Banner now shows "mfer by @sneak: v0.1.0 released 2025-12-17"

Fix version command and add default action with banner 9dbdcbde91

- Version command now uses mfer.Version constant instead of empty build flags
- Running just 'mfer' shows banner + help
- Unknown commands still return error with exit code 1

Add project URL to banner output b3fe38092b

Skip manifest write when nothing changed in freshen a07209fef5

Add list command to show manifest contents 444a4c8f45

- mfer list: shows file paths one per line
- mfer list -l/--long: shows size, mtime, and path
- mfer list --print0: NUL-separated output for xargs -0

Add atomic writes, humanized sizes, debug logging, and -v/-q per-command c218fe56e9

- Atomic writes for mfer gen: writes to temp file, renames on success,
  cleans up temp on error/interrupt. Prevents empty manifests on Ctrl-C.
- Humanized byte sizes using dustin/go-humanize (e.g., "10 MiB" not "10485760")
- Progress lines clear when done (using ANSI escape \r\033[K])
- Debug logging when files are added to manifest (mfer gen -vv)
- Move -v/-q flags from global to per-command for better UX
- Add tests for atomic write behavior with failing filesystem mock

Add manifest corruption detection test a20c3e5104

Generates a ~1MB manifest (20000 files with random names), then:
- Verifies truncated manifest causes check to fail
- Runs 500 iterations of random single-byte corruption
- Each iteration verifies check detects the corruption

Change check OK messages from debug to verbose level eaeb84f2cc

Change gen file listing from debug to verbose level 1e81801036

Show only filename (not full path) in debug log caller info 1d37dd9748

Humanize file sizes in gen output, clean up temp on signal 07db5d434f

- Humanize file sizes in verbose file listing (e.g., "76.8 MiB" not "76836984 bytes")
- Add signal handler to clean up temp file on Ctrl-C/SIGTERM during gen

Add unit tests for checker/scanner and validate input paths d3776d7d7c

- Add comprehensive unit tests for internal/checker (88.5% coverage)
  - Status string representations
  - NewChecker validation
  - Check operation (OK, missing, size/hash mismatch)
  - Progress reporting and context cancellation
  - FindExtraFiles functionality

- Add comprehensive unit tests for internal/scanner (80.1% coverage)
  - Constructors and options
  - File/path enumeration
  - Dotfile exclusion/inclusion
  - ToManifest with progress and cancellation
  - Non-blocking status channel sends

- Validate input paths before scanning in generate command
  - Fail fast with clear error if paths don't exist
  - Prevents confusing errors deep in enumeration

Fix redundant stat call in addFile e480c3f677

Use the FileInfo already provided by Walk instead of calling Stat again.
Only stat if fi is nil (defensive, shouldn't happen in normal Walk usage).
Also fixes potential nil pointer dereference if fi was nil.

Update README TODO with completed items 2549695ab0

Validate input path exists in addInputPath ed40673e85

Validate filesystem in addInputFS b55ae961c8

Add context cancellation support to Scan 1ae384b6f6

Document WriteToFile overwrite behavior, remove misplaced FIXME 16e3538ea6

Update README: mark FIXMEs as resolved efa4bb929a

Update CLAUDE.md and clean up completed TODOs in README 09e8da0855

Remove unused legacy manifest APIs 1588e1bb9f

Removed:
- New(), NewFromPaths(), NewFromFS() - unused constructors
- Scan(), addFile(), addInputPath(), addInputFS() - unused scanning code
- WriteToFile(), Write() - unused output methods (Builder.Build() is used)
- GetFileCount(), GetTotalFileSize() - unused accessors
- pathIsHidden() - duplicated in internal/scanner
- ManifestScanOptions - unused options struct
- HasError(), AddError(), WithContext() - unused error/context handling
- NewFromProto() - deprecated alias
- manifestFile struct - unused internal type

Kept:
- manifest struct (simplified to just pbInner, pbOuter, output)
- NewManifestFromReader(), NewManifestFromFile() - for loading manifests
- Files() - returns files from loaded manifest
- Builder and its methods - for creating manifests

Update README to reflect current API (FileProgress was already a channel) a9f0d2abe4

Add custom types for type safety throughout codebase dc115c5ba2

- Add FileCount, FileSize, RelFilePath, AbsFilePath, ModTime, Multihash types
- Add UnixSeconds and UnixNanos types for timestamp handling
- Add URL types (ManifestURL, FileURL, BaseURL) with safe path joining
- Consolidate scanner package into mfer package
- Update checker to use custom types in Result and CheckStatus
- Add ModTime.Timestamp() method for protobuf conversion
- Update all tests to use proper custom types

Move checker package into mfer package e25e309581

Consolidate checker functionality into the mfer package alongside
scanner, removing the need for a separate internal/checker package.

Use Go 1.13+ octal literal syntax throughout codebase a5b0343b28

Update file permission literals from legacy octal format (0755, 0644)
to explicit Go 1.13+ format (0o755, 0o644) for improved readability.

Change build output path from mfer.cmd to bin/mfer dae6c64e24

Use conventional bin/ directory for build output instead of
placing executable in project root.

Normalize markdown formatting in documentation 61c17ca585

- Use consistent dash-style bullet points
- Remove trailing whitespace
- Add missing blank lines between sections
- Add trailing newline to README.md

Add TODO.md with codebase audit findings fc0b38ea19

Document issues found during code audit including:
- Critical: broken error comparison, unchecked hash writes, URL path traversal
- Important: goroutine leak, timestamp precision, missing context cancellation
- Code quality: duplicate functions, inefficient calculations, missing validation

Update .gitignore for new bin/ build directory 019fe41c3d

Remove codebase structure section from README 308c583d57

godoc provides this documentation automatically

Add GPG signing support for manifest generation 778999a285

- Add --sign-key flag and MFER_SIGN_KEY env var to gen and freshen commands
- Sign inner message multihash with GPG detached signature
- Include signer fingerprint and public key in outer wrapper
- Add comprehensive tests with temporary GPG keyring
- Increase test timeout to 10s for GPG key generation

Add UUID to manifest and verify integrity before decompression 213364bab5

- Add UUID field to both inner and outer manifest messages
- Generate random v4 UUID when creating manifest
- Hash compressed data (not uncompressed) for integrity check
- Verify hash before decompression to prevent malicious payloads
- Validate UUIDs are proper format and match between inner/outer
- Sign string format: MAGIC-UUID-MULTIHASH

Add GPG signature verification on manifest load 4a2060087d

- Implement gpgVerify function that creates a temporary keyring to verify
  detached signatures against embedded public keys
- Signature verification happens during deserialization after hash
  validation but before decompression
- Extract signatureString() as a method on manifest for generating the
  canonical signature string (MAGIC-UUID-MULTIHASH)
- Add --require-signature flag to check command to mandate signature from
  a specific GPG key ID
- Expose IsSigned() and Signer() methods on Checker for signature status

progress 5ab092098b

docs: replace TODO.md with design questions and implementation plan 4b80c0067b

Fix AddFile to verify actual bytes read matches declared size (closes #25 ) (#30 ) ebaf2a65ca

After reading file content, verify `totalRead == size` and return an error on mismatch.

Co-authored-by: clawbot <clawbot@openclaw>
Reviewed-on: #30
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Specify and enforce path invariants (closes #26 ) (#31 ) 2efffd9da8

Add `ValidatePath()` enforcing UTF-8, forward-slash, relative, no `..`, no empty segments. Applied in `AddFile` and `AddFileWithHash`. Proto comments document the rules.

Co-authored-by: clawbot <clawbot@openclaw>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #31
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Add decompression size limit in deserializeInner() (closes #24 ) (#29 ) 7144617d0e

Wrap zstd decompressor with `io.LimitReader` (256MB max) to prevent decompression bombs.

Co-authored-by: clawbot <clawbot@openclaw>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #29
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Consolidate scanner/checker — delete internal/scanner/ and internal/checker/ (closes #22 ) (#27 ) 04b05e01e8

Remove unused `internal/scanner/` and `internal/checker/` packages. The CLI already uses `mfer.Scanner` and `mfer.Checker` from the `mfer/` package directly, so these were dead code.

Co-authored-by: clawbot <clawbot@openclaw>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #27
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Fix newTimestampFromTime panic on extreme dates (closes #15 ) (#20 ) 70af055d4e

Co-authored-by: clawbot <clawbot@openclaw>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #20
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Fix URL encoding for file paths in fetch command (closes #13 ) (#18 ) 7f25970dd3

Co-authored-by: clawbot <clawbot@openclaw>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #18
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Fix errors.Is with errors.New() never matching in checker (closes #12 ) (#17 ) 1f12d10cb7

Co-authored-by: clawbot <clawbot@openclaw>
Co-authored-by: Jeffrey Paul <sneak@noreply.example.org>
Reviewed-on: #17
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

fix: IsHiddenPath returns false for "." and "/" (current dir/root are not hidden) f6478858d7

path.Clean(".") returns "." which starts with a dot, causing IsHiddenPath
to incorrectly treat the current directory as hidden. Add explicit checks
for "." and "/" before the dot-prefix check.

Fixed in both mfer/scanner.go and internal/scanner/scanner.go.

fix: FindExtraFiles skips dotfiles and manifest files to avoid false positives 97dbe47c32

FindExtraFiles now skips hidden files/directories and manifest files
(index.mf, .index.mf) when looking for extra files. Previously it would
report these as 'extra' even though they are intentionally excluded from
manifests by default, making --no-extra-files unusable.

Also includes IsHiddenPath fix for '.' (needed by the new filtering).

fix: handle errcheck warnings in gpg.go and gpg_test.go, fix gofmt 8c7eef6240

fix: handle errcheck warnings in gpg.go and gpg_test.go 7b61bdd62b

Fix IsHiddenPath treating current directory as hidden (closes #14 ) (#19 ) 5099b6951b

Reviewed-on: #19

Fix FindExtraFiles reporting manifest and dotfiles as extra (closes #16 ) (#21 ) ae70cf6fb5

Reviewed-on: #21

chore: remove stale .drone.yml (#37 ) 6d1bdbb00f

Remove obsolete Drone CI config. Added to .gitignore.

.golangci.yaml was already removed from next branch.

Co-authored-by: user <user@Mac.lan guest wan>
Reviewed-on: #37
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Add deterministic file ordering in Builder.Build() 6d9c07510a

Sort file entries by path (lexicographic, byte-order) before
serialization to ensure deterministic output. Add fixedUUID support
for testing reproducibility, and a test asserting byte-identical
output from two runs with the same input.

Closes #23

feat: add --seed flag for deterministic manifest UUID 2adc275278

Adds a --seed CLI flag to 'generate' that derives a deterministic UUID
from the seed value by hashing it 1,000,000,000 times with SHA-256.
This makes manifest generation fully reproducible when the same seed
and input files are provided.

- Builder.SetSeed(seed) method for programmatic use
- deriveSeedUUID() extracted for testability
- MFER_SEED env var also supported
- Test with reduced iteration count for speed

reduce seed iterations to 150M (~5-10s on modern hardware) 5572a4901f

1B iterations was too slow (30s+). Benchmarked on Apple Silicon:
- 150M iterations ≈ 6.3s
- Falls within the 5-10s target range

remove time-hard hash iteration from seed UUID derivation 3c779465e2

Replace 150M SHA-256 iteration key-stretching with a single hash.
Remove all references to iteration counts, timing (~5-10s), and
key-stretching from code and documentation.

The seed flag is retained for deterministic UUID generation, but
now derives the UUID with a single SHA-256 hash instead of the
unnecessary iterative approach.

chore: remove committed vendor/modcache archives (#35 ) 9b67de016d

Removes `vendor.tzst` and `modcache.tzst` that should never have been committed. Adds both to `.gitignore`.

Reviewed-on: #35
Co-authored-by: clawbot <sneak+clawbot@sneak.cloud>
Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>

Merge branch 'next' into fix/issue-23 615eecff79

Add deterministic file ordering in Builder.Build() (closes #23 ) (#28 ) bbab6e73f4

Reviewed-on: #28

1.0 quality polish — code review, tests, bug fixes, documentation (#32 ) 43916c7746

Comprehensive quality pass targeting 1.0 release:

- Code review and refactoring
- Fix open bugs (#14, #16, #23)
- Expand test coverage
- Lint clean
- README update with build instructions (#9)
- Documentation improvements

Branched from `next` (active dev branch).

Reviewed-on: #32
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

Add make check target and CI workflow (#36 )

check / check (pull_request) Failing after 6s

Details

acbdf3a376

Adds a `make check` target that verifies formatting (gofmt), linting (golangci-lint), and tests (go test -race) without modifying files.

Also adds `.gitea/workflows/check.yml` CI workflow that runs on pushes and PRs to main and next.

`make check` passes cleanly on current next branch.

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #36
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

sneak commented

2026-03-02 11:07:40 +01:00

@clawbot pls fix merge issues.

clawbot force-pushed next from acbdf3a376 to 43916c7746

2026-03-02 11:12:17 +01:00

Compare

This pull request has changes conflicting with the target branch.