diff --git a/.cursorrules b/.cursorrules index 9c22fe3..9579b10 100644 --- a/.cursorrules +++ b/.cursorrules @@ -20,10 +20,3 @@ All contributors must read `.github/AGENTS.md` for complete guidelines. If any r 2. **Why It Was Necessary** 3. **Testing Performed** 4. **Impact / Risk** - -## Dependency Management -- Manage modules with `magex tidy` after import changes. - -## Security Reporting -- Do not open public issues for vulnerabilities. -- Follow `SECURITY.md` for responsible disclosure. diff --git a/.github/.env.base b/.github/.env.base index ccd77c1..d81ade4 100644 --- a/.github/.env.base +++ b/.github/.env.base @@ -150,7 +150,7 @@ GO_COVERAGE_PROVIDER=internal CODECOV_TOKEN_REQUIRED=false # Go Coverage Tool Version -GO_COVERAGE_VERSION=v1.1.16 # https://github.com/mrz1836/go-coverage/releases +GO_COVERAGE_VERSION=v1.1.17 # https://github.com/mrz1836/go-coverage/releases GO_COVERAGE_USE_LOCAL=false # Use local version for development # Core Coverage Settings @@ -235,7 +235,7 @@ REDIS_CACHE_FORCE_PULL=false # Force pull Redis images even when cache # πŸͺ„ MAGE-X CONFIGURATION # ================================================================================================ -MAGE_X_VERSION=v1.10.3 # https://github.com/mrz1836/mage-x/releases +MAGE_X_VERSION=v1.11.0 # https://github.com/mrz1836/mage-x/releases MAGE_X_USE_LOCAL=false # Use local version for development MAGE_X_CI_SKIP_STEP_SUMMARY=true # Skip duplicate test results in step summary (already in test validation summary) MAGE_X_AUTO_DISCOVER_BUILD_TAGS=true # Enable auto-discovery of build tags @@ -308,7 +308,7 @@ NANCY_VERSION=v1.0.52 # https://github.com/sonatype-nexus-commu # ================================================================================================ # Pre-Commit System -GO_PRE_COMMIT_VERSION=v1.4.5 # https://github.com/mrz1836/go-pre-commit/releases +GO_PRE_COMMIT_VERSION=v1.4.6 # https://github.com/mrz1836/go-pre-commit/releases GO_PRE_COMMIT_USE_LOCAL=false # Use local version for development # System Settings diff --git a/.github/AGENTS.md b/.github/AGENTS.md index 0d174d3..3d1bf7e 100644 --- a/.github/AGENTS.md +++ b/.github/AGENTS.md @@ -4,7 +4,7 @@ This file defines the **baseline standards, workflows, and structure** for *all contributors and AI agents* operating within this repository. It serves as the root authority for engineering conduct, coding conventions, and collaborative norms. -It is designed to help AI assistants (e.g., Codex, Claude, Cursor, Sweep AI) and human developers alike understand our practices, contribute clean and idiomatic code, and navigate the codebase confidently and effectively. +It is designed to help AI assistants (e.g., Codex, Claude, Gemini) and human developers alike understand our practices, contribute clean and idiomatic code, and navigate the codebase confidently and effectively. > Whether reading, writing, testing, or committing code, **you must adhere to the rules in this document.** @@ -28,23 +28,22 @@ Our technical standards are organized into focused, portable documents in the `. ### Project Management & Infrastructure * **[Labeling Conventions](tech-conventions/labeling-conventions.md)** - GitHub label system -* **[CI & Validation](tech-conventions/ci-validation.md)** - Continuous integration and automated checks * **[Dependency Management](tech-conventions/dependency-management.md)** - Go modules and security * **[Security Practices](tech-conventions/security-practices.md)** - Vulnerability reporting and secure coding * **[GitHub Workflows Development](tech-conventions/github-workflows.md)** - Actions workflow best practices -### Build & Project Setup -* **[Governance Documents](tech-conventions/governance-documents.md)** - Project governance and community standards - > πŸ’‘ **Start with [tech-conventions/README.md](tech-conventions/README.md)** for a complete index with descriptions.

## πŸ“ Directory Structure -| Directory | Description | -|------------------|-----------------------------------------------------------------------------------| -| `.github/` | Issue templates, workflows, and community documentation | -| `.vscode/` | VS Code settings and extensions for development | -| `examples/` | Example program demonstrating package usage | -| `.` (root) | Source files and tests for the local package | +| Directory | Description | +|-----------------------------|---------------------------------------------------------| +| `.github/` | Issue templates, workflows, and community documentation | +| `.github/actions/` | GitHub composite actions for CI/CD and automation | +| `.github/ISSUE_TEMPLATE/` | Issue and pull request templates | +| `.github/tech-conventions/` | Technical conventions and standards for development | +| `.github/workflows/` | GitHub Actions workflows for CI/CD | +| `.vscode/` | VS Code settings and extensions for development | +| `.` (root) | Source files and tests for the local package | diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a27372e..0e84b92 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,5 @@ # ──────────────────────────────────────────────────────────────── # Dependabot Configuration -# Repo: mrz1836/ # # Purpose: # β€’ Keep Go modules, GitHub Actions and DevContainer images/features diff --git a/.github/sweep.yaml b/.github/sweep.yaml deleted file mode 100644 index a1217dc..0000000 --- a/.github/sweep.yaml +++ /dev/null @@ -1,13 +0,0 @@ -gha_enabled: true -blocked_dirs: [] -draft: false -description: | - Sweep AI must follow the repository guidelines in .github/AGENTS.md. -rules: - - "Read .github/AGENTS.md first; it overrides these rules." - - "Format code with magex format:fix" - - "Lint with 'magex lint'" - - "Run 'magex test' before committing" - - "Commit messages refer to AGENTS.md" - - "Run 'magex deps:tidy' after import changes" - - "Report vulnerabilities privately following SECURITY.md" diff --git a/.github/tech-conventions/README.md b/.github/tech-conventions/README.md index ee00359..eb8498f 100644 --- a/.github/tech-conventions/README.md +++ b/.github/tech-conventions/README.md @@ -1,7 +1,5 @@ # Technical Conventions -> This directory contains modular, portable technical conventions that can be adopted across projects. Each file focuses on a specific aspect of software development. -

## πŸ“š Convention Categories @@ -37,13 +35,14 @@ Semantic versioning practices, release tooling with goreleaser, changelog manage **[Labeling Conventions](labeling-conventions.md)** GitHub label system for categorizing issues and PRs, including standard labels, usage guidelines, and automated labeling. +### πŸ€– AI Usage & Assistant Guidelines +**[AI Compliance](ai-compliance.md)** +Guide to AI assistant configuration files and where to find standards for AI-assisted development. +

### πŸ”§ Infrastructure & Quality -**[CI & Validation](ci-validation.md)** -Continuous integration setup, automated checks, required status checks, and troubleshooting CI failures. - **[Dependency Management](dependency-management.md)** Go modules management, security scanning, version control practices, and maintaining healthy dependencies. @@ -61,59 +60,4 @@ Creating and maintaining GitHub Actions workflows with security, reliability, an ### πŸ—οΈ Build & Project Setup **[MAGE-X Build Automation](mage-x.md)** -Zero-boilerplate build automation system with 240+ built-in commands that replaces Makefiles. Includes installation, configuration, command reference, and migration guide. - -**[Governance Documents](governance-documents.md)** -Essential project files including LICENSE, README, CODE_OF_CONDUCT, SECURITY, and other governance standards. - -

- -## 🎯 Using These Conventions - -### For New Projects -1. Copy this entire `tech-conventions` directory to your `.github` folder -2. Review each file and adjust project-specific details -3. Reference these conventions in your main documentation - -### For Existing Projects -1. Review current practices against these conventions -2. Adopt conventions incrementally -3. Update team documentation to reference relevant sections - -### Customization -* These conventions are designed to be forked and modified -* Maintain the structure and formatting for consistency -* Document any project-specific deviations - -

- -## πŸ“‹ Quick Reference - -| Need to... | See... | -|------------------------|-------------------------------------------------------------| -| Write Go code | [Go Essentials](go-essentials.md) | -| Create tests | [Testing Standards](testing-standards.md) | -| Document code | [Commenting & Documentation](commenting-documentation.md) | -| Make commits | [Commit & Branch Conventions](commit-branch-conventions.md) | -| Open a PR | [Pull Request Guidelines](pull-request-guidelines.md) | -| Tag a release | [Release Workflow & Versioning](release-versioning.md) | -| Label issues/PRs | [Labeling Conventions](labeling-conventions.md) | -| Fix CI issues | [CI & Validation](ci-validation.md) | -| Add dependencies | [Dependency Management](dependency-management.md) | -| Report security issues | [Security Practices](security-practices.md) | -| Create workflows | [GitHub Workflows Development](github-workflows.md) | -| Set up build automation| [MAGE-X Build Automation](mage-x.md) | -| Add governance docs | [Governance Documents](governance-documents.md) | - -

- -## 🀝 Contributing - -These conventions evolve with best practices. To propose changes: - -1. Fork the repository -2. Create a feature branch (`feat/improve-testing-standards`) -3. Make your changes with clear reasoning -4. Submit a PR with the "documentation" label - -Remember: Good conventions are discovered through practice, not prescribed in theory. +Zero-boilerplate build automation system with 150+ built-in commands that replaces Makefiles. Includes installation, configuration, command reference, and migration guide. diff --git a/.github/tech-conventions/ai-compliance.md b/.github/tech-conventions/ai-compliance.md new file mode 100644 index 0000000..d312f92 --- /dev/null +++ b/.github/tech-conventions/ai-compliance.md @@ -0,0 +1,9 @@ +# AI Usage & Assistant Guidelines + +This project documents expectations for AI assistants using a few dedicated files: + +- [AGENTS.md](../AGENTS.md) β€” canonical rules for coding style, workflows, and pull requests used by [Codex](https://chatgpt.com/features/codex). +- [CLAUDE.md](../CLAUDE.md) β€” quick checklist for the [Claude](https://www.anthropic.com/product) agent. +- [.cursorrules](../../.cursorrules) β€” machine-readable subset of the policies for [Cursor](https://www.cursor.so/) and similar tools. + +Edit `AGENTS.md` first when adjusting these policies, and keep the other files in sync within the same pull request. diff --git a/.github/tech-conventions/ci-validation.md b/.github/tech-conventions/ci-validation.md deleted file mode 100644 index 0edb4a6..0000000 --- a/.github/tech-conventions/ci-validation.md +++ /dev/null @@ -1,220 +0,0 @@ -# CI & Validation - -> Continuous Integration ensures code quality, security, and consistency across all contributions. - -

- -## 🧩 Automated Checks - -CI automatically runs on every PR to verify: - -* Formatting (use `magex format:fix` which runs: `go fmt` and `goimports` and `gofumpt`) -* Linting (`magex lint`) -* Tests (`magex test`) -* Fuzz tests (if applicable) (`magex test:fuzz`) -* This codebase uses GitHub Actions; test workflows reside in `.github/workflows/fortress.yml` and `.github/workflows/fortress-test-suite.yml`. -* Pin each external GitHub Action to a **full commit SHA** (e.g., `actions/checkout@2f3b4a2e0e471e13e2ea2bc2a350e888c9cf9b75`) as recommended by GitHub's [security hardening guidance](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-pinned-actions). Dependabot will track and update these pinned versions automatically. - -Failing PRs will be blocked. AI agents should iterate until CI passes. - -

- -## πŸ”„ CI Pipeline Overview - -### PR Validation Pipeline -1. **Code Quality Checks** - - Format validation (gofmt, goimports, gofumpt) - - Linting with 60+ linters via golangci-lint - - YAML formatting with Prettier - -2. **Testing Suite** - - Unit tests with coverage reporting - - Race condition detection - - Integration tests (if applicable) - - Fuzz tests for critical paths - -3. **Security Scanning** - - Vulnerability scanning with govulncheck - - Static analysis with CodeQL - - OSSAR security checks - - Dependency vulnerability alerts - -4. **Build Validation** - - Multi-platform builds (Linux, macOS, Windows) - - Binary artifact generation - - Docker image builds (if configured) - -

- -## βœ… Required Status Checks - -All PRs must pass these checks before merge: - -| Check Name | Description | Required | -|-----------------|-----------------------------|----------| -| `lint` | Code formatting and linting | βœ… Yes | -| `test` | Unit tests with coverage | βœ… Yes | -| `test-race` | Race condition detection | βœ… Yes | -| `security-scan` | Vulnerability scanning | βœ… Yes | -| `build` | Multi-platform builds | βœ… Yes | -| `codeql` | Static security analysis | βœ… Yes | - -

- -## πŸš€ CI Performance - -### Optimization Strategies -* **Parallel execution** of independent jobs -* **Caching** for Go modules and build artifacts -* **Matrix builds** for multi-platform testing -* **Conditional runs** to skip unnecessary checks - -### Cache Management -```yaml -- uses: actions/cache@v3 - with: - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-go-${{ hashFiles('${{ $GO_SUM_FILE }}') }} -``` - -

- -## πŸ”§ Local CI Validation - -Run CI checks locally before pushing: - -```bash -# Individual checks -magex lint # Linting only -magex test # Tests only -magex test:race # Race detection -magex deps:audit # Security scan -``` - -

- -## πŸ“Š Coverage Requirements - -### Thresholds -* Minimum coverage: 80% (enforced) -* Target coverage: 90%+ (recommended) -* New code coverage: 95%+ (best practice) - -### Coverage Reports -* Generated on every PR -* Visible in PR comments -* Historical tracking via GitHub Pages -* Badge updates automatically - -

- -## πŸ›‘οΈ Security Checks - -### Automated Security Scanning -1. **govulncheck** - Go vulnerability database -2. **CodeQL** - Semantic code analysis -3. **OSSAR** - Open Source Security Analysis -4. **Dependabot** - Dependency updates - -### Security Workflow -```bash -# Local security check -magex deps:audit - -# Components checked: -# - Known CVEs in dependencies -# - Hard-coded secrets -# - SQL injection vulnerabilities -# - Path traversal risks -``` - -

- -## πŸ”„ CI Configuration - -### Workflow Files -* `.github/workflows/fortress.yml` - Main CI pipeline -* `.github/workflows/fortress-test-suite.yml` - Extended test suite -* `.github/workflows/codeql-analysis.yml` - Security analysis - -### Configuration Best Practices -* Use environment variables for configuration -* Pin action versions to commit SHAs -* Set appropriate timeouts -* Use concurrency controls -* Implement proper error handling - -

- -## 🚨 Troubleshooting CI Failures - -### Common Issues - -1. **Linting Failures** - ```bash - # Fix formatting - magex format:fix - - # Check specific linter - golangci-lint run --enable-only - ``` - -2. **Test Failures** - ```bash - # Run failing test locally - go test -v -run TestName ./package - - # Debug with more output - go test -v -race -count=1 ./... - ``` - -3. **Coverage Drops** - ```bash - # Generate coverage report - magex test:cover - - # Find uncovered lines - go tool cover -html=coverage.out - ``` - -4. **Security Vulnerabilities** - ```bash - # Check vulnerabilities - magex deps:audit - - # Update dependencies - magex deps:update - ``` - -

- -## πŸ”€ CI for Different Branches - -### Branch Protection Rules -* **main/master**: All checks required -* **release/***: Additional release checks -* **feature/***: Standard checks -* **dependabot/***: Security checks prioritized - -### Merge Requirements -1. All CI checks must pass -2. Code review approval required -3. Branch must be up to date -4. No merge conflicts - -

- -## πŸ“ˆ CI Metrics - -Monitor CI health through: -* Build duration trends -* Failure rate by check type -* Flaky test detection -* Coverage trends over time - -Access metrics via: -* GitHub Actions insights -* Repository analytics -* Custom dashboards (if configured) diff --git a/.github/tech-conventions/dependency-management.md b/.github/tech-conventions/dependency-management.md index 64cc2a1..8ce1a51 100644 --- a/.github/tech-conventions/dependency-management.md +++ b/.github/tech-conventions/dependency-management.md @@ -14,12 +14,24 @@ go mod tidy ``` +or via magex command: + + ```bash + magex deps:tidy + ``` + * Periodically refresh dependencies with: ```bash go get -u ./... ``` + or via magex command: + + ```bash + magex deps:update + ``` + > Avoid unnecessary upgrades near release windowsβ€”review major version bumps carefully for breaking changes.

diff --git a/.github/tech-conventions/github-workflows.md b/.github/tech-conventions/github-workflows.md index 87a8ef5..8c07838 100644 --- a/.github/tech-conventions/github-workflows.md +++ b/.github/tech-conventions/github-workflows.md @@ -269,7 +269,6 @@ permissions: ## πŸ“š Resources ### Internal -* [CI Validation](ci-validation.md) - CI/CD pipeline overview * [Security Practices](security-practices.md) - Security guidelines ### External diff --git a/.github/tech-conventions/governance-documents.md b/.github/tech-conventions/governance-documents.md deleted file mode 100644 index 9e0051b..0000000 --- a/.github/tech-conventions/governance-documents.md +++ /dev/null @@ -1,233 +0,0 @@ -# Governance Documents - -> Essential project governance files that establish community standards, contribution guidelines, and organizational structure. - -

- -## πŸ“š Document Overview - -Governance documents define how a project operates, who makes decisions, and how community members can contribute. These files should be present in every professional open source project. - -

- -## πŸ“ Directory Structure - -Most governance documents live in the repository root or `.github/` directory: - -``` -. -β”œβ”€β”€ .github/ -β”‚ β”œβ”€β”€ AGENTS.md # AI assistant guidelines -β”‚ β”œβ”€β”€ CODEOWNERS # Code ownership mapping -β”‚ β”œβ”€β”€ CODE_OF_CONDUCT.md # Community behavior standards -β”‚ β”œβ”€β”€ CODE_STANDARDS.md # Coding style and practices -β”‚ β”œβ”€β”€ CONTRIBUTING.md # Contribution guidelines -β”‚ β”œβ”€β”€ SECURITY.md # Security policy -β”‚ └── SUPPORT.md # Support resources -β”œβ”€β”€ LICENSE # Legal license terms -└── README.md # Project overview -``` - -

- -## πŸ“‹ Core Documents - -### LICENSE -**Purpose**: Legal terms for using, modifying, and distributing the project -**Location**: Repository root -**Required**: Yes - every project needs a license - -Common licenses: -* **MIT** - Simple, permissive -* **Apache 2.0** - Permissive with patent protection -* **GPL v3** - Copyleft, requires derivative works to be open source -* **BSD** - Similar to MIT with variations - -### README.md -**Purpose**: Project overview, quick start, and primary documentation -**Location**: Repository root -**Required**: Yes - first point of contact for users - -Essential sections: -* Project description and purpose -* Installation instructions -* Usage examples -* Contributing guidelines link -* License information - -### CODE_OF_CONDUCT.md -**Purpose**: Expected behavior and enforcement procedures -**Location**: `.github/` or root -**Required**: Recommended for community projects - -Standard templates: -* [Contributor Covenant](https://www.contributor-covenant.org/) -* [Citizen Code of Conduct](https://github.com/stumpsyn/policies/blob/master/citizen_code_of_conduct.md) -* Custom organization policies - -### CONTRIBUTING.md -**Purpose**: How to contribute code, report issues, and participate -**Location**: `.github/` or root -**Required**: Highly recommended - -Key topics: -* Development setup -* Coding standards -* Testing requirements -* Pull request process -* Issue reporting guidelines - -

- -## πŸ”’ Security & Compliance - -### SECURITY.md -**Purpose**: Vulnerability reporting and security policies -**Location**: `.github/` or root -**Required**: Yes for public projects - -Must include: -* Supported versions -* Reporting process (preferably private) -* Response timeline -* Disclosure policy -* Security acknowledgments - -Example structure: -```markdown -# Security Policy - -## Supported Versions -| Version | Supported | -| ------- | ------------------ | -| 5.1.x | :white_check_mark: | -| 5.0.x | :x: | - -## Reporting a Vulnerability -Please report vulnerabilities to security@example.com -``` - -### CODEOWNERS -**Purpose**: Automatically assign reviewers based on file ownership -**Location**: `.github/` or root -**Required**: Recommended for teams - -Format: -``` -# Global owners -* @default-owner - -# Frontend -/src/ui/ @frontend-team -*.css @design-team - -# Backend -/api/ @backend-team @api-specialist -``` - -

- -## πŸ“– Documentation Standards - -### CODE_STANDARDS.md -**Purpose**: Detailed coding conventions and best practices -**Location**: `.github/` -**Required**: Recommended for consistency - -Topics to cover: -* Language-specific conventions -* Formatting and linting rules -* Testing standards -* Documentation requirements -* Performance guidelines - -### SUPPORT.md -**Purpose**: Where to get help and ask questions -**Location**: `.github/` or root -**Required**: Helpful for larger projects - -Common sections: -* Documentation links -* Community forums -* Chat channels (Discord, Slack) -* Commercial support options -* FAQ section - -

- -## πŸ€– AI & Automation - -### AGENTS.md -**Purpose**: Guidelines for AI assistants and automated tools -**Location**: `.github/` -**Required**: Recommended for AI-assisted development - -Should define: -* Coding conventions for AI -* Commit message formats -* PR standards -* Testing requirements -* Documentation expectations - -### Related AI Files -* **CLAUDE.md** - Claude-specific instructions -* **.cursorrules** - Cursor IDE configuration -* **sweep.yaml** - Sweep bot configuration - -

- -## πŸ“Š Metadata Files - -### FUNDING.yml -**Purpose**: Display funding options on GitHub -**Location**: `.github/` -**Required**: If seeking sponsorship - -Example: -```yaml -github: [username] -patreon: username -open_collective: project-name -custom: ["https://example.com/donate"] -``` - -

- -## βœ… Best Practices - -### Document Maintenance -* **Keep documents current** - Review quarterly -* **Use templates** - Maintain consistency -* **Version documents** - Track major changes -* **Cross-reference** - Link between related docs -* **Be concise** - Respect readers' time - -### Community Building -* **Be welcoming** - Use inclusive language -* **Set clear expectations** - Define processes -* **Recognize contributors** - Maintain contributor lists -* **Provide examples** - Show, don't just tell -* **Iterate based on feedback** - Documents should evolve - -### Legal Considerations -* **Choose licenses carefully** - Consider dependencies -* **Protect trademarks** - Document usage rights -* **Credit appropriately** - Acknowledge contributions -* **Handle disputes** - Have clear processes -* **Consult lawyers** - For complex situations - -

- -## πŸ”— External Resources - -### Templates & Generators -* [Choose a License](https://choosealicense.com/) -* [GitHub Docs Templates](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions) -* [Open Source Guides](https://opensource.guide/) -* [REUSE Software](https://reuse.software/) - -### Standards & Specifications -* [Keep a Changelog](https://keepachangelog.com/) -* [Semantic Versioning](https://semver.org/) -* [Conventional Commits](https://www.conventionalcommits.org/) -* [Standard Readme](https://github.com/RichardLitt/standard-readme) diff --git a/.github/tech-conventions/mage-x.md b/.github/tech-conventions/mage-x.md index 632551e..3fc200f 100644 --- a/.github/tech-conventions/mage-x.md +++ b/.github/tech-conventions/mage-x.md @@ -1,6 +1,6 @@ # MAGE-X Build Automation -> Zero-boilerplate build automation for Go projects that replaces Makefiles with 190+ built-in commands and intelligent configuration. +> Zero-boilerplate build automation for Go projects that replaces Makefiles with 150+ built-in commands and intelligent configuration.

@@ -13,7 +13,7 @@ **"Write Once, Mage Everywhere: Production Build Automation for Go"** - **Zero Setup Required**: No magefile.go needed for basic operations -- **190+ Built-in Commands**: Complete build, test, lint, release, and deployment workflows +- **150+ Built-in Commands**: Complete build, test, lint, release, and deployment workflows - **Hybrid Execution**: Built-in commands execute directly; custom commands from optional magefile.go - **Smart Configuration**: Uses `.mage.yaml` for project-specific settings - **Parameter Support**: Modern parameter syntax: `magex command param=value` @@ -25,7 +25,7 @@ | Traditional Makefiles | MAGE-X | |-----------------------------------------------|-----------------------------------------| | Platform-specific (issues on Windows) | Cross-platform (Linux, macOS, Windows) | -| Requires writing boilerplate for each project | 190+ commands available instantly | +| Requires writing boilerplate for each project | 150+ commands available instantly | | Complex dependency management | Automatic dependency resolution | | Limited parameter support | Rich parameter syntax with validation | | No built-in testing/linting workflows | Production-ready quality workflows | @@ -262,7 +262,7 @@ magex deploy dry-run # Preview deployment actions ## πŸ›οΈ MAGE-X Namespace Architecture -MAGE-X organizes its 190+ commands into **37 specialized namespaces**, each focusing on specific aspects of Go development: +MAGE-X organizes its 150+ commands into **37 specialized namespaces**, each focusing on specific aspects of Go development: ### Core Development Namespaces @@ -627,7 +627,7 @@ magex --help # Global help and options and list all comma ### Official Documentation - **Main Repository**: [github.com/mrz1836/mage-x](https://github.com/mrz1836/mage-x) -- **Command Reference**: Complete documentation of all 190+ commands +- **Command Reference**: Complete documentation of all 150+ commands - **Configuration Guide**: Comprehensive `.mage.yaml` configuration options - **API Documentation**: Go package documentation for extensions @@ -648,7 +648,7 @@ magex --help # Global help and options and list all comma ## 🎯 Key Takeaways 1. **Zero Configuration**: Start using MAGE-X immediately without setup -2. **190+ Built-in Commands**: Comprehensive workflows available instantly +2. **150+ Built-in Commands**: Comprehensive workflows available instantly 3. **Hybrid Model**: Built-in commands for speed, custom commands for flexibility 4. **Cross-Platform**: Works consistently on Linux, macOS, and Windows 5. **Performance**: Significantly faster than traditional build tools diff --git a/.github/tech-conventions/pull-request-guidelines.md b/.github/tech-conventions/pull-request-guidelines.md index ffa76ba..38e7b3f 100644 --- a/.github/tech-conventions/pull-request-guidelines.md +++ b/.github/tech-conventions/pull-request-guidelines.md @@ -135,4 +135,4 @@ Before requesting review, ensure: * **Never force-push** to main/master branches * **Delete branches** after merging to keep the repository clean -> The merge strategy may vary by project. Check with maintainers if unsure.. +> The merge strategy may vary by project. Check with maintainers if unsure. diff --git a/.github/tech-conventions/release-versioning.md b/.github/tech-conventions/release-versioning.md index 3b82581..ad3f57b 100644 --- a/.github/tech-conventions/release-versioning.md +++ b/.github/tech-conventions/release-versioning.md @@ -29,11 +29,11 @@ We follow **Semantic Versioning (✧ SemVer)**: ## πŸ”„ Release Workflow -| Step | Command | Purpose | -|------|--------------------------|----------------------------------------------------------------------------------------------------| -| 1 | `magex release:snaphot` | Build & upload a **snapshot** (pre‑release) for quick CI validation. | +| Step | Command | Purpose | +|------|-------------------------------------------|----------------------------------------------------------------------------------------------------| +| 1 | `magex release:snapshot` | Build & upload a **snapshot** (pre‑release) for quick CI validation. | | 2 | `magex version:bump push=true bump=patch` | Create and push a signed Git tag. Triggers GitHub Actions to package the release | -| 3 | GitHub Actions | CI runs `goreleaser release` on the tag; artifacts and changelog are published to GitHub Releases. | +| 3 | GitHub Actions | CI runs `goreleaser release` on the tag; artifacts and changelog are published to GitHub Releases. | > **Note for AI Agents:** Do not create or push tags automatically. Only the repository [codeowners](../CODEOWNERS) are authorized to tag and publish official releases. @@ -65,12 +65,6 @@ For significant releases, you may want to add a manual summary: * Pre-release tags: `v1.2.3-rc.1`, `v1.2.3-beta.2` * Development snapshots: Generated automatically, not tagged -### Tag Signing -Production releases should be signed: -```bash -git tag -s v1.2.3 -m "Release version 1.2.3" -``` -

## πŸ“¦ Release Artifacts @@ -94,7 +88,6 @@ Before tagging a release: - [ ] All tests passing (`magex test`) - [ ] No security vulnerabilities (`magex deps:audit`) - [ ] Documentation updated -- [ ] CHANGELOG entries reviewed - [ ] Version bumped if needed - [ ] PR merged to main branch @@ -133,7 +126,7 @@ git log v1.2.2..v1.2.3 --oneline The release process is largely automated via GitHub Actions: * **Trigger**: Push of a tag matching `v*` -* **Workflow**: `.github/workflows/release.yml` +* **Workflow**: `.github/workflows/fortress-release.yml` * **Configuration**: `.goreleaser.yml` * **Permissions**: Requires `GITHUB_TOKEN` with release permissions diff --git a/.github/tech-conventions/security-practices.md b/.github/tech-conventions/security-practices.md index 6be6d6c..b718ed7 100644 --- a/.github/tech-conventions/security-practices.md +++ b/.github/tech-conventions/security-practices.md @@ -208,7 +208,6 @@ scorecard --repo=github.com/owner/repo ### Internal Resources * [`SECURITY.md`](../SECURITY.md) - Vulnerability reporting * [Dependency Management](dependency-management.md) - Supply chain security -* [CI Validation](ci-validation.md) - Automated security checks ### External Resources * [OWASP Top 10](https://owasp.org/Top10/) diff --git a/README.md b/README.md index 25cf557..55d71b3 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ - πŸ€– AI Compliance + πŸ€– AI Usage πŸ“ License @@ -165,7 +165,7 @@ magex help * **Instant Cloud Workspaces** via [Gitpod](https://gitpod.io/) – spin up a fully configured dev environment with automatic linting and tests. * **Out‑of‑the‑Box VS Code Happiness** with a preconfigured [Go](https://code.visualstudio.com/docs/languages/go) workspace and [`.vscode`](.vscode) folder with all the right settings. * **Optional Release Broadcasts** to your community via [Slack](https://slack.com), [Discord](https://discord.com), or [Twitter](https://twitter.com) – plug in your webhook. -* **AI Compliance Playbook** – machine‑readable guidelines ([AGENTS.md](.github/AGENTS.md), [CLAUDE.md](.github/CLAUDE.md), [.cursorrules](.cursorrules), [sweep.yaml](.github/sweep.yaml)) keep ChatGPT, Claude, Cursor & Sweep aligned with your repo's rules. +* **AI Playbook** – machine‑readable guidelines in [tech conventions](.github/tech-conventions/ai-compliance.md). * **Go-Pre-commit System** - [High-performance Go-native pre-commit hooks](https://github.com/mrz1836/go-pre-commit) with 17x faster executionβ€”run the same formatting, linting, and tests before every commit, just like CI. * **Zero Python Dependencies** - Pure Go implementation with environment-based configuration via [.env.base](.github/.env.base). * **DevContainers for Instant Onboarding** – Launch a ready-to-code environment in seconds with [VS Code DevContainers](https://containers.dev/) and the included [.devcontainer.json](.devcontainer.json) config. @@ -335,22 +335,15 @@ Read more about this Go project's [code standards](.github/CODE_STANDARDS.md).
-## πŸ€– AI Compliance -This project documents expectations for AI assistants using a few dedicated files: - -- [AGENTS.md](.github/AGENTS.md) β€” canonical rules for coding style, workflows, and pull requests used by [Codex](https://chatgpt.com/codex). -- [CLAUDE.md](.github/CLAUDE.md) β€” quick checklist for the [Claude](https://www.anthropic.com/product) agent. -- [.cursorrules](.cursorrules) β€” machine-readable subset of the policies for [Cursor](https://www.cursor.so/) and similar tools. -- [sweep.yaml](.github/sweep.yaml) β€” rules for [Sweep](https://github.com/sweepai/sweep), a tool for code review and pull request management. - -Edit `AGENTS.md` first when adjusting these policies, and keep the other files in sync within the same pull request. +## πŸ€– AI Usage & Assistant Guidelines +Read the [AI Usage & Assistant Guidelines](.github/tech-conventions/ai-compliance.md) for details on how AI is used in this project and how to interact with AI assistants.
## πŸ‘₯ Maintainers -| [MrZ](https://github.com/mrz1836) | [Siggi](https://github.com/icellan) | -|:-----------------------------------------------------------------------------------------------------------:|:--------------------------------------------------------------------------------------------------:| -| [MrZ](https://github.com/mrz1836) | [Siggi](https://github.com/icellan) | +| [Siggi](https://github.com/icellan) | [Galt](https://github.com/galt-tr) | [MrZ](https://github.com/mrz1836) | +|:--------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------------------:| +| [Siggi](https://github.com/icellan) | [Dylan](https://github.com/galt-tr) | [MrZ](https://github.com/mrz1836) |
diff --git a/go.mod b/go.mod index 3e740a3..357a270 100644 --- a/go.mod +++ b/go.mod @@ -5,17 +5,17 @@ go 1.24.3 toolchain go1.24.4 require ( - github.com/bsv-blockchain/go-bt/v2 v2.5.1 + github.com/bsv-blockchain/go-bt/v2 v2.5.2 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/stretchr/testify v1.11.1 ) require ( - github.com/bsv-blockchain/go-sdk v1.2.12 // indirect + github.com/bsv-blockchain/go-sdk v1.2.14 // indirect github.com/kr/text v0.2.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - golang.org/x/crypto v0.45.0 // indirect - google.golang.org/protobuf v1.36.10 // indirect + golang.org/x/crypto v0.46.0 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 194eec3..07d9f88 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ -github.com/bsv-blockchain/go-bt/v2 v2.5.1 h1:FM5JfBwzmBSlgrlR2vJPMZqbZ21uzQE3mT0irCZiOds= -github.com/bsv-blockchain/go-bt/v2 v2.5.1/go.mod h1:PRmOtffMuHE1LZyRrb5rWQQ6dEEct2x68cvnsS7ka/4= -github.com/bsv-blockchain/go-sdk v1.2.12 h1:t/50ONqCTgumJH82YbQ8iqdo30ezIACyuFgvyHbkX9A= -github.com/bsv-blockchain/go-sdk v1.2.12/go.mod h1:1FWCWH+x6xc1kH9r6tuyRQqUomfrLBOQfdPesJZK/1k= +github.com/bsv-blockchain/go-bt/v2 v2.5.2 h1:CIjW+7tvaOSUXlKSrBt0fgJBE/YyOTuHpbPHAFxhFZc= +github.com/bsv-blockchain/go-bt/v2 v2.5.2/go.mod h1:LA9r0UBe5BOyXxIS8oOGfPVmmvpOoxs0pxkFDHmeTSY= +github.com/bsv-blockchain/go-sdk v1.2.14 h1:Yhp/UIYByE5pC2OXqYPK1fe0d8cVPqywaWcfCb/oZ2o= +github.com/bsv-blockchain/go-sdk v1.2.14/go.mod h1:tP9RkD+1BKw2KSXSQwh2j/h01PoZ2FEuzN1z089iU+Y= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -19,10 +19,10 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= -golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= -google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= -google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=