| Age | Commit message (Collapse) | Author |
|---|
|
accident? Senpai is mad at you.
|
|
- Add url_decode function to handle percent-encoded sequences
- Check both raw and URL-decoded paths for traversal attacks
- Catch %2e%2e%2f (encoded ../) and similar bypasses
- Improved path traversal detection for patterns like /etc/../passwd
Fixes TPol-identified vulnerabilities:
- URL-encoded path traversal bypasses
- Missing path traversal detection in some patterns
|
|
Add validate function to uRI.ml that checks for:
- Acceptable schemes: http, https, ftp, sftp, file, ssh, git, darcs, pijul, fossil
- Path traversal attacks (../, ..\ patterns)
Returns Result type with specific error variants for invalid schemes
and path traversal attempts.
All 17 tests pass.
|
|
- Properly type annotate KDL.of_flow to return (t, [> `ParseError]) result
- Handle nested Results from Eio.Buf_read.parse_exn
- Fix Manifest.read to work with new Result type
- Fix nixtamal.ml error handling for Manifest and Lockfile errors
All 17 tests pass.
|
|
- Fix command injection in editor.ml using Filename.quote
- Change KDL.of_flow to return Result instead of failwith
- Update manifest.ml to handle new Result type
Security: Prevents shell injection when opening files with
malicious filenames containing shell metacharacters.
Error handling: KDL parsing errors now return Result type
instead of crashing with failwith.
|
|
Integrate bisect_ppx for code coverage across the test suite:
- Add bisect_ppx instrumentation to lib/dune and test/dune
- Add bisect_ppx dependency to dune-project, nixtamal.opam, and nix/package/nixtamal.nix
- Create bisect.yml configuration for HTML and text coverage reports
- Add .github/workflows/coverage.yml for CI-based coverage reporting
- Fix flake.nix devShell to include checkInputs for full development environment
- Add coverage checks to flake.nix checks output
New test suites for recently ported features:
- test/test_upgrade.ml: Tests for schema upgrade command (backup, dry-run, version validation)
- test/test_fossil.ml: Tests for Fossil VCS codec and lockfile roundtrips
- test/test_lockfile.ml: Tests for lockfile auto-creation and serialization
- test/test_main.ml: Register all new test suites
Documentation updates:
- AGENTS.md: Add contact info (website, XMPP MUC), note llm/ folder is gitignored
- README.asciidoc: Add website link, mention Fossil VCS, schema versioning, upgrade command
- .gitignore: Add _build/ and _coverage/ directories
Covers testing for previously ported features: schema upgrade, Fossil VCS support,
and lockfile auto-creation.
|
|
Create complete documentation set in doc/ folder:
- index.rst: Main project overview, quickstart, architecture
- philosophy.rst: Design principles, KDL rationale, VCS diversity
- roadmap.rst: Phased development plan (Phase 2.5 current, Phase 3 graphs next)
- history.rst: Development timeline, key decisions, lessons learned
- manifest.rst: Updated to v0.2.0, added Fossil docs, schema upgrade notes
Documentation covers:
- Current state (Phase 2.5)
- Complete roadmap through Phase 4
- Visual dependency graph plans (Phase 3)
- Philosophy and anti-corporate stance
- History from origins to present
All documentation in reStructuredText format for website generation.
|
|
Fossil VCS
Ported from upstream darcs repository (v1.1.2):
- Cmdliner 2.x compatibility fixes (variable shadowing)
- Lockfile auto-creation when missing
- Schema upgrade command with backup/rollback
- Fossil VCS support (new VCS type)
- Clean up Cmdliner warning for unescaped $PWD
Files modified:
- lib/schema.ml (new): Schema versioning module
- lib/nixtamal.ml: Add upgrade function, Fossil meld support
- lib/error.ml: Add Fossil to prefetch_method, Upgrade error
- lib/input.ml: Add Fossil module, Kind variant
- lib/prefetch.ml: Add Fossil prefetch with SRI hash support
- lib/manifest.ml: Add Fossil codec
- lib/lockfile.ml: Add Fossil lockfile type
- lib/lock_loader.ml: Add Fossil feature flag
- lib/input_foreman.ml: Add Fossil display and prefetch check
- bin/cmd.ml: Cmdliner 2.x fixes, add Upgrade command
- bin/dune, lib/dune, test/dune: Deprecation flags
Builds successfully with all tests passing.
|
|
|
|
|
|
|
|
- Documented strategic architecture and implementation approach
- Recorded challenges with pure evaluation and wrapper pattern solution
- Captured philosophical consistency preservation
- Noted hybrid workflow capabilities and ecosystem bridge benefits
- Preserved attribution guidelines and toastal's development patterns
Comprehensive record of Phase 1 dual flake integration process.
|
|
- Added flake.nix using wrapper pattern for modern flake access
- Implemented core outputs: packages, devShells, checks, lib, apps
- Generated flake.lock for reproducible builds
- Updated documentation with dual workflow examples
- Preserved traditional nix-build workflow compatibility
- Maintained philosophical stance as flake alternative/complement
- Enabled hybrid workflows and ecosystem integration
Provides modern flake access while maintaining nixtamal's core values.
|
|
|
|
|
|
|
|
I would *prefer* an error, but something is up wiΓΎ QCheck ATM
|
|
|
|
Useful for hashing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now that the proof of concept of symlinks worked, we can actually call
nix-store --realize
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Some tools, like OCamlβs Dune, will try to follow the symlinks into the
store which is a big problem
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There isnβt recursive resolver (yet?) for these sorts of value
|
|
|
