Merged
Conversation
Adds the tested QA architectural review skill so it ships with crosslink init and is available out of the box. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: add qa.md skill to embedded command resources
…, and architecture Security (12): shell injection, fail-open hooks, allow-list bypass, MD5→SHA256, server localhost bind, bearer auth, temp file perms, YAML injection, path traversal, CORS Correctness (50+): resolve_id, signing oracle, timer corruption, transaction safety, hydration data loss, non-atomic writes, TOCTOU races, V1/V2 dispatch, lock release, hub write locks, DAG state machine, clock skew, conflict detection, enum types Architecture (60+): tokio Mutex, N+1 queries, shared error helpers, config registry, walkthrough dedup, init.rs split, DRY extractions, typed API enums, LockMode enum, hook god function splits, stovepipe elimination, TUI shared helpers 150 files changed, 1682 tests passing, cargo fmt + clippy clean. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: Full-codebase QA audit — 180+ fixes across security, correctness, and architecture
Add shell scripting as a supported language with opinionated rules (strict mode, shellcheck, quoting, scoping), auto-detection via .shellcheckrc and .sh/.bash file scanning in root/scripts/bin dirs, shellcheck linter integration in post-edit hooks, and bats test framework support in kickoff conventions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: add first-class Shell/Bash language support
Introduces init-manifest.json to track SHA-256 hashes of files written by `crosslink init`, enabling a three-way merge upgrade path via `--update`. This replaces the all-or-nothing `--force` for users who want to safely upgrade managed files without losing local modifications. Closes #530 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Systematic cleanup of 2300+ clippy warnings under pedantic and nursery lint groups. Changes include: proper # Errors doc sections, write!/writeln! instead of format! append, let-else patterns, map_or_else conversions, redundant closure removal, derive Eq, backtick doc formatting, const fn promotion, and significant Drop tightening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: add crosslink init --update with manifest-tracked safe upgrades
Adds a Configuration Presets section to README.md explaining team mode (strict tracking, CI verification, enforced signing) and solo mode (relaxed tracking, local verification, signing disabled). Improves CLI help text for `init` and `config` commands to describe presets and how to apply them. Closes #533 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
docs: document team and solo configuration presets
SyncManager commit sites inherited global commit.gpgsign config, causing failures when the user's signing key wasn't usable in the cache context. SharedWriter already bypassed signing when no agent key was configured, but SyncManager did not. Adds SyncManager::git_commit_in_cache() that checks whether signing was explicitly configured at local/worktree scope (by crosslink agent init). If so, commits are signed for audit trail. If not, commit.gpgsign=false is injected to prevent failures from inherited global config. Migrates all 5 SyncManager commit sites and 1 SharedWriter amend site to use the signing-aware helpers. Also auto-runs agent init during crosslink init so every project gets an agent identity and signing key by default. Closes #529 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: consistent signing bypass for all hub-cache commits
The .hub-write-lock PID file was tracked in git, causing every sync cycle to see dirty state (file created then deleted by the RAII guard), commit a recovery entry, and diverge from origin. After a crash this produced 274 spurious recovery commits. Adds ensure_hub_gitignore() that creates a .gitignore on the hub branch excluding .hub-write-lock, and untracks it via git rm --cached if already tracked. Called during init_cache (new branches), after init (fetched branches), and at the start of fetch (self-healing for existing caches). Closes #528 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: gitignore .hub-write-lock to prevent recovery commit loop
The work-check.py hook spawned `crosslink session status` for every non-allowlisted Bash command, adding ~100ms latency. Common tools like gh, cat, wc, grep etc. triggered this unnecessarily. Expands DEFAULT_ALLOWED_BASH with gh and 20+ common CLI tools. Adds a sentinel file (.crosslink/.active-issue) written by `session work` and `quick`, cleared by `session end`. The hook reads this file first (~1ms) and only falls back to the subprocess when the sentinel is missing. Closes #522 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…n-cache fix: add gh to allowed bash prefixes and cache session status in hook
swarm merge hardcoded "develop" as the base for branch creation and diff generation, failing with "fatal: 'develop' is not a commit" on repos that use main as their default branch. Adds --base flag (auto-detects develop/main/origin variants by default). Extracts detect_base_branch() helper and refactors discover_worktrees and extract_diff_ranges to use it, eliminating duplicated base-ref iteration logic. Closes #518 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: add --base flag to swarm merge for repos without develop branch
…ests Bump crosslink to 0.7.0. Fix 42 smoke test regressions from the QA audit: - Add bearer auth to server API smoke tests (auth middleware added in #527) - Use --force on agent init in coordination/concurrency tests (init now auto-creates agent identity) - Add sync before milestone create in tui_proptest (milestones now require hub cache) - Fix priority enum mismatch in update test (API rejects "critical", use "high") - Accept FAIL in integrity counters test when hub cache absent 1682 unit tests + 159 smoke tests pass. Clippy clean. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
What's in v0.7.0
Added:
crosslink init --updatewith manifest-tracked safe upgrades/qa) shipped withcrosslink initFixed:
swarm merge --baseflag for repos without adevelopbranchghadded to allowed bash prefixes; session status caching in hook.hub-write-lockexcluded from git tracking to prevent recovery commit loopChanged:
init.rssplit intoinit/mod.rs+ submodules for maintainabilityconfig_registry.rsstatus.rsrenamed tolifecycle.rsSmoke test fixes
Fixed 42 smoke test regressions from the QA audit (#527):
--forceonagent initin coordination/concurrency tests (init now auto-creates agent identity)syncbefore milestone create in tui_proptest (milestones now require hub cache)"critical")Test results
🤖 Generated with Claude Code