Merge branch 'main' into dependabot/go_modules/golang.org/x/sys-0.42.0

Author: CodeMonkeyCybersecurity

.githooks/pre-commit

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Pre-commit hook: fast gate (build + unit tests + race detection).
+# Full CI (integration, e2e, coverage thresholds) runs in CI pipeline.
+# Per DORA research: pre-commit should be <10s for fast feedback loops.
+
+set -euo pipefail
+
+echo "==> Pre-commit: build check"
+go build -o /dev/null ./cmd/
+
+echo "==> Pre-commit: unit tests with race detection"
+go test -race ./pkg/chatarchive/... ./internal/chatarchivecmd/...
+
+echo "Pre-commit checks passed."

.github/hooks/pre-commit

@@ -0,0 +1,78 @@
+name: Chat Archive Quality
+
+on:
+  pull_request:
+    paths:
+      - 'pkg/chatarchive/**'
+      - 'internal/chatarchivecmd/**'
+      - 'cmd/create/chat_archive.go'
+      - 'cmd/backup/chats.go'
+      - 'test/e2e/**'
+      - 'scripts/chatarchive-ci.sh'
+      - 'package.json'
+      - '.github/hooks/pre-commit'
+      - '.github/hooks/setup-hooks.sh'
+      - 'scripts/install-git-hooks.sh'
+      - '.github/workflows/chatarchive-quality.yml'
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'pkg/chatarchive/**'
+      - 'internal/chatarchivecmd/**'
+      - 'cmd/create/chat_archive.go'
+      - 'cmd/backup/chats.go'
+      - 'test/e2e/**'
+      - 'scripts/chatarchive-ci.sh'
+      - 'package.json'
+      - '.github/hooks/pre-commit'
+      - '.github/hooks/setup-hooks.sh'
+      - 'scripts/install-git-hooks.sh'
+      - '.github/workflows/chatarchive-quality.yml'
+
+jobs:
+  chatarchive-ci:
+    name: Chat Archive CI (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Download Go modules
+        run: go mod download
+        shell: bash
+
+      - name: Run chat archive CI
+        run: npm run ci
+        shell: bash
+
+      - name: Upload verification summary
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: chatarchive-summary-${{ matrix.os }}
+          path: outputs/chatarchive-ci/
+
+      - name: Publish job summary
+        if: always()
+        shell: bash
+        run: |
+          if [[ -f outputs/chatarchive-ci/summary.txt ]]; then
+            cat outputs/chatarchive-ci/summary.txt >> "$GITHUB_STEP_SUMMARY"
+          fi

.github/workflows/chatarchive-quality.yml

@@ -161,7 +161,7 @@ PY
         run: scripts/ci/preflight.sh
 
       - name: Install golangci-lint
-        run: go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.0.0
+        run: bash scripts/ci/install-golangci-lint.sh
 
       - name: Run lint lane
         env:
@@ -245,6 +245,10 @@ PY
         run: |
           test -f outputs/ci/unit/report.json && cat outputs/ci/unit/report.json || true
 
+      - name: Alert on unit lane report
+        if: always()
+        run: python3 scripts/ci/report-alert.py ci-unit outputs/ci/unit/report.json
+
   ci-deps-unit:
     name: ci-deps-unit
     runs-on: ubuntu-latest
@@ -295,6 +299,10 @@ PY
         run: |
           test -f outputs/ci/deps-unit/report.json && cat outputs/ci/deps-unit/report.json || true
 
+      - name: Alert on dependency-focused unit lane report
+        if: always()
+        run: python3 scripts/ci/report-alert.py ci-deps-unit outputs/ci/deps-unit/report.json
+
   ci-integration:
     name: ci-integration
     runs-on: ubuntu-latest
@@ -344,6 +352,10 @@ PY
         run: |
           test -f outputs/ci/integration/report.json && cat outputs/ci/integration/report.json || true
 
+      - name: Alert on integration lane report
+        if: always()
+        run: python3 scripts/ci/report-alert.py ci-integration outputs/ci/integration/report.json
+
   ci-e2e-smoke:
     name: ci-e2e-smoke
     runs-on: ubuntu-latest
@@ -391,6 +403,10 @@ PY
         run: |
           test -f outputs/ci/e2e-smoke/report.json && cat outputs/ci/e2e-smoke/report.json || true
 
+      - name: Alert on e2e smoke lane report
+        if: always()
+        run: python3 scripts/ci/report-alert.py ci-e2e-smoke outputs/ci/e2e-smoke/report.json
+
   ci-fuzz:
     name: ci-fuzz
     runs-on: ubuntu-latest
@@ -438,6 +454,10 @@ PY
         run: |
           test -f outputs/ci/fuzz/report.json && cat outputs/ci/fuzz/report.json || true
 
+      - name: Alert on fuzz lane report
+        if: always()
+        run: python3 scripts/ci/report-alert.py ci-fuzz outputs/ci/fuzz/report.json
+
   ci-e2e-full:
     name: ci-e2e-full
     if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
@@ -485,3 +505,7 @@ PY
         if: always()
         run: |
           test -f outputs/ci/e2e-full/report.json && cat outputs/ci/e2e-full/report.json || true
+
+      - name: Alert on e2e full lane report
+        if: always()
+        run: python3 scripts/ci/report-alert.py ci-e2e-full outputs/ci/e2e-full/report.json

.github/workflows/ci.yml

@@ -47,10 +47,10 @@ repos:
   # Local hooks for custom checks
   - repo: local
     hooks:
-      # Enforce local/CI parity lane via mage-compatible entrypoint
+      # Enforce local/CI parity lane via npm wrapper
       - id: ci-debug-parity
-        name: CI debug parity gate (magew ci:debug)
-        entry: ./magew ci:debug
+        name: CI debug parity gate (npm run ci:debug)
+        entry: npm run ci:debug --silent
         language: system
         pass_filenames: false
         require_serial: true
@@ -80,13 +80,13 @@ repos:
         pass_filenames: false
         description: Ensures code compiles successfully
 
-      # Verify E2E tests have build tags
-      - id: verify-e2e-build-tags
-        name: Verify E2E build tags
-        entry: bash -c 'for f in test/e2e/*_test.go; do head -1 "$f" | grep -q "//go:build e2e" || { echo "ERROR: $f missing //go:build e2e tag"; exit 1; }; done'
+      # Verify environment-dependent tests are build-tagged
+      - id: verify-test-build-tags
+        name: Verify test build tags
+        entry: bash scripts/ci/check-test-tags.sh
         language: system
         pass_filenames: false
-        description: Ensures all E2E tests have proper build tags
+        description: Ensures environment-dependent tests keep their explicit build tags
 
       # Check for deprecated benchmark pattern
       - id: check-benchmark-pattern

.pre-commit-config.yaml

@@ -0,0 +1,37 @@
+// cmd/create/chat_archive.go
+//
+// Thin orchestration layer for chat-archive. Business logic lives in
+// pkg/chatarchive/ per the cmd/ vs pkg/ enforcement rule.
+
+package create
+
+import (
+	"github.com/CodeMonkeyCybersecurity/eos/internal/chatarchivecmd"
+	eos "github.com/CodeMonkeyCybersecurity/eos/pkg/eos_cli"
+	"github.com/CodeMonkeyCybersecurity/eos/pkg/eos_io"
+	"github.com/spf13/cobra"
+)
+
+// CreateChatArchiveCmd copies and deduplicates chat transcripts.
+var CreateChatArchiveCmd = &cobra.Command{
+	Use:   "chat-archive",
+	Short: "Copy and deduplicate chat transcripts into a local archive",
+	Long: `Find transcript-like files (jsonl/json/html), copy unique files into one archive,
+and write an index manifest with duplicate mappings.
+
+Examples:
+  eos create chat-archive
+  eos create chat-archive --source ~/.claude --source ~/dev
+  eos create chat-archive --exclude conversation-api --exclude .cache
+  eos create chat-archive --dry-run`,
+	RunE: eos.Wrap(runCreateChatArchive),
+}
+
+func init() {
+	CreateCmd.AddCommand(CreateChatArchiveCmd)
+	chatarchivecmd.BindFlags(CreateChatArchiveCmd)
+}
+
+func runCreateChatArchive(rc *eos_io.RuntimeContext, cmd *cobra.Command, _ []string) error {
+	return chatarchivecmd.Run(rc, cmd)
+}

cmd/create/chat_archive.go

@@ -0,0 +1,50 @@
+*Last Updated: 2026-03-21*
+
+# pkg/inspect Follow-Up Issues
+
+Issues discovered during adversarial review of `pkg/inspect/docker.go`.
+
+## Issue 1: output.go / terraform_modular.go — 37 staticcheck warnings (P2)
+
+**Problem**: `WriteString(fmt.Sprintf(...))` should be `fmt.Fprintf(...)` throughout output.go and terraform_modular.go.
+**Impact**: Performance (unnecessary string allocation) and lint noise.
+**Fix**: Replace all `tf.WriteString(fmt.Sprintf(...))` with `fmt.Fprintf(tf, ...)`.
+**Files**: `pkg/inspect/output.go`, `pkg/inspect/terraform_modular.go`
+**Effort**: ~30 min mechanical refactor
+
+## Issue 2: services.go — unchecked filepath.Glob error (P2)
+
+**Problem**: `pkg/inspect/services.go:381` ignores `filepath.Glob` error.
+**Impact**: Silent failure when glob patterns are invalid.
+**Fix**: Check and log the error.
+**Effort**: 5 min
+
+## Issue 3: kvm.go — goconst violations (P3)
+
+**Problem**: String constants `"active"`, `"UUID"` repeated without named constants.
+**Impact**: Violates P0 Rule #12 (no hardcoded values).
+**Fix**: Extract to constants in `kvm.go` or a `constants.go` file.
+**Effort**: 15 min
+
+## Issue 4: Pre-existing lint issues across 30+ files on this branch (P1)
+
+**Problem**: `npm run ci` fails due to 165 lint issues across the branch.
+**Impact**: Cannot merge until resolved.
+**Root cause**: Accumulated tech debt from many feature PRs merged without lint cleanup.
+**Fix**: Dedicated lint cleanup pass before PR merge.
+**Effort**: 2-4 hours
+
+## Issue 5: Inspector lacks Docker SDK integration (P3)
+
+**Problem**: All Docker operations use shell commands instead of the Docker SDK.
+**Impact**: Fragile parsing, no type safety, extra process spawns.
+**Fix**: Migrate to `github.com/docker/docker/client` SDK for container/image/network/volume operations.
+**Rationale**: CLAUDE.md P1 states "ALWAYS use Docker SDK" for container operations.
+**Effort**: 1-2 days
+
+## Issue 6: Compose file search does not guard against TOCTOU (P3)
+
+**Problem**: Between `os.Stat` size check and `os.ReadFile`, the file could be replaced.
+**Impact**: Theoretical DoS via race condition on symlink swap.
+**Fix**: Read file first, then check size of bytes read (simpler and race-free).
+**Effort**: 15 min

docs/inspect-follow-up-issues-2026-03-21.md

@@ -37,7 +37,7 @@ require (
 	github.com/hetznercloud/hcloud-go/v2 v2.29.0
 	github.com/joho/godotenv v1.5.1
 	github.com/lib/pq v1.11.2
-	github.com/olekukonko/tablewriter v1.1.3
+	github.com/olekukonko/tablewriter v1.1.4
 	github.com/open-policy-agent/opa v1.14.0
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
 	github.com/redis/go-redis/v9 v9.18.0
@@ -105,9 +105,8 @@ require (
 	github.com/charmbracelet/x/cellbuf v0.0.15 // indirect
 	github.com/charmbracelet/x/exp/golden v0.0.0-20251023181713-f594ac034d6b // indirect
 	github.com/charmbracelet/x/term v0.2.2 // indirect
-	github.com/clipperhouse/displaywidth v0.9.0 // indirect
-	github.com/clipperhouse/stringish v0.1.1 // indirect
-	github.com/clipperhouse/uax29/v2 v2.5.0 // indirect
+	github.com/clipperhouse/displaywidth v0.10.0 // indirect
+	github.com/clipperhouse/uax29/v2 v2.6.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cockroachdb/apd/v3 v3.2.1 // indirect
 	github.com/cockroachdb/logtags v0.0.0-20241215232642-bb51bb14a506 // indirect
@@ -199,8 +198,8 @@ require (
 	github.com/muesli/termenv v0.16.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
-	github.com/olekukonko/errors v1.1.0 // indirect
-	github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0 // indirect
+	github.com/olekukonko/errors v1.2.0 // indirect
+	github.com/olekukonko/ll v0.1.6 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect

go.mod

@@ -91,12 +91,10 @@ github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSg
 github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
-github.com/clipperhouse/displaywidth v0.9.0 h1:Qb4KOhYwRiN3viMv1v/3cTBlz3AcAZX3+y9OLhMtAtA=
-github.com/clipperhouse/displaywidth v0.9.0/go.mod h1:aCAAqTlh4GIVkhQnJpbL0T/WfcrJXHcj8C0yjYcjOZA=
-github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs=
-github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA=
-github.com/clipperhouse/uax29/v2 v2.5.0 h1:x7T0T4eTHDONxFJsL94uKNKPHrclyFI0lm7+w94cO8U=
-github.com/clipperhouse/uax29/v2 v2.5.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g=
+github.com/clipperhouse/displaywidth v0.10.0 h1:GhBG8WuerxjFQQYeuZAeVTuyxuX+UraiZGD4HJQ3Y8g=
+github.com/clipperhouse/displaywidth v0.10.0/go.mod h1:XqJajYsaiEwkxOj4bowCTMcT1SgvHo9flfF3jQasdbs=
+github.com/clipperhouse/uax29/v2 v2.6.0 h1:z0cDbUV+aPASdFb2/ndFnS9ts/WNXgTNNGFoKXuhpos=
+github.com/clipperhouse/uax29/v2 v2.6.0/go.mod h1:Wn1g7MK6OoeDT0vL+Q0SQLDz/KpfsVRgg6W7ihQeh4g=
 github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg=
@@ -462,12 +460,12 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 h1:zrbMGy9YXpIeTnGj4EljqMiZsIcE09mmF8XsD5AYOJc=
 github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6/go.mod h1:rEKTHC9roVVicUIfZK7DYrdIoM0EOr8mK1Hj5s3JjH0=
-github.com/olekukonko/errors v1.1.0 h1:RNuGIh15QdDenh+hNvKrJkmxxjV4hcS50Db478Ou5sM=
-github.com/olekukonko/errors v1.1.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
-github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0 h1:jrYnow5+hy3WRDCBypUFvVKNSPPCdqgSXIE9eJDD8LM=
-github.com/olekukonko/ll v0.1.4-0.20260115111900-9e59c2286df0/go.mod h1:b52bVQRRPObe+yyBl0TxNfhesL0nedD4Cht0/zx55Ew=
-github.com/olekukonko/tablewriter v1.1.3 h1:VSHhghXxrP0JHl+0NnKid7WoEmd9/urKRJLysb70nnA=
-github.com/olekukonko/tablewriter v1.1.3/go.mod h1:9VU0knjhmMkXjnMKrZ3+L2JhhtsQ/L38BbL3CRNE8tM=
+github.com/olekukonko/errors v1.2.0 h1:10Zcn4GeV59t/EGqJc8fUjtFT/FuUh5bTMzZ1XwmCRo=
+github.com/olekukonko/errors v1.2.0/go.mod h1:ppzxA5jBKcO1vIpCXQ9ZqgDh8iwODz6OXIGKU8r5m4Y=
+github.com/olekukonko/ll v0.1.6 h1:lGVTHO+Qc4Qm+fce/2h2m5y9LvqaW+DCN7xW9hsU3uA=
+github.com/olekukonko/ll v0.1.6/go.mod h1:NVUmjBb/aCtUpjKk75BhWrOlARz3dqsM+OtszpY4o88=
+github.com/olekukonko/tablewriter v1.1.4 h1:ORUMI3dXbMnRlRggJX3+q7OzQFDdvgbN9nVWj1drm6I=
+github.com/olekukonko/tablewriter v1.1.4/go.mod h1:+kedxuyTtgoZLwif3P1Em4hARJs+mVnzKxmsCL/C5RY=
 github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
 github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
 github.com/open-policy-agent/opa v1.14.0 h1:sdG94h9GrZQQcTaH70fJhOuU+/C2FAeeAo8mSPssV/U=