Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: openbootdotdev/openboot
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8b30520
Choose a base ref
...
head repository: openbootdotdev/openboot
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 7a91db8
Choose a head ref
  • 5 commits
  • 39 files changed
  • 1 contributor

Commits on Jun 1, 2026

  1. docs: sync CLAUDE.md with go 1.25, add doctor and logging to layout (#… 

    …116)
    @fullstackjam
    fullstackjam authored Jun 1, 2026
    Configuration menu
    Copy the full SHA
    2605784 View commit details
    Browse the repository at this point in the history

  2. Harden HTTP, dry-run, and command guardrails (#117) 

    * Harden HTTP, dry-run, and command guardrails

* fix: remove unused backward-compat wrappers flagged by lint
    @fullstackjam
    fullstackjam authored Jun 1, 2026
    Configuration menu
    Copy the full SHA
    24afdcd View commit details
    Browse the repository at this point in the history

  3. ci: stop skipped-job emails from drift-to-issue workflow (#119) 

    * fix: replace log.Fatalf with panic in config init() functions

log.Fatal calls os.Exit(1) which skips all deferred cleanup. The embedded
YAML cannot fail at runtime (compiled-in), so these are effectively startup
assertions — panic is the right primitive here. Also removes the unused
log import from both files.

* ci: stop skipped-job emails from drift-to-issue workflow

When Harness succeeds, the drift-to-issue job was skipped entirely
(job-level if: condition). GitHub treats a workflow where all jobs
are skipped as conclusion=skipped, not success, which triggers
failure notification emails even though nothing is wrong.

Move the condition to the step level so the job always runs and
concludes as success — the actual issue-filing step only fires when
Harness truly fails.
    @fullstackjam
    fullstackjam authored Jun 1, 2026
    Configuration menu
    Copy the full SHA
    cbd9c21 View commit details
    Browse the repository at this point in the history

  4. feat: clone external oh-my-zsh plugins on snapshot restore (#120) 

    OpenBoot only wrote plugin names into .zshrc's plugins=() array but never
cloned external plugins (zsh-autosuggestions, zsh-syntax-highlighting, ...)
into $ZSH_CUSTOM/plugins, so those plugins silently failed to load on a
restored machine.

Add a curated embedded catalog (internal/config/data/zsh-plugins.yaml,
mirroring the screen-recording-packages.yaml precedent) mapping known
external plugin names to https git repos. On RestoreFromSnapshot, any
plugin present in the catalog is git-cloned into $ZSH_CUSTOM/plugins before
plugins=() is written; built-in and unknown names are left untouched.

- Snapshot/contract unchanged: plugins stays []string, URL never persisted
  to .zshrc and never enters the snapshot.
- The only exec stays in internal/system via a cloneRunner seam, so no new
  no-direct-exec violation (baseline diff is a line shift from the import).
- cfg.DryRun gated, https-only, idempotent skip-if-exists, non-fatal clone.

Baseline edits are line-number shifts only (import added one line); the
hand-authored reason annotations are preserved.
    @fullstackjam
    fullstackjam authored Jun 1, 2026
    Configuration menu
    Copy the full SHA
    d917270 View commit details
    Browse the repository at this point in the history

  5. fix: audit and eliminate 23 of 25 dryrun baseline exemptions (#118) 

    * fix: audit and eliminate 23 of 25 dryrun baseline exemptions

Two categories of fix:

1. Real dry-run bugs (state written despite --dry-run):
   - install.go: saveSyncSourceIfRemote called unconditionally after
     installer.RunContext succeeds; gate with !installCfg.DryRun
   - install.go: updateSyncedAt called in the "already up to date" path
     before the dry-run check; gate identically

2. Structural: add dryRun bool to helper functions so the archtest can
   see the guard mechanically, removing the need for baseline entries:
   - dotfiles: backupConflicts, backupFile, restoreFile
   - shell: patchZshrcBlock
   - snapshot/local: SaveLocal
   - sync/source: SaveSource, DeleteSource

For the remaining two exemptions (doctor.go read-only diagnostic probes)
and the seven capture.go + one diff.go read-only system probes, the
latter group is now handled by adding those files to dryRunExemptFiles
(all their RunCommandOutput calls are read-only queries). The doctor
entries are kept in the baseline with explicit audit comments.

Baseline: 25 entries → 2 (only doctor read-only probes remain).

* fix: gofmt alignment in dryRunExemptFiles slice literal

* fix: restore no-raw-http baseline reason comments

The dry-run baseline regeneration (ARCHTEST_UPDATE_BASELINE=1) stripped the
hand-authored exemption reasons from no-raw-http.txt as a side effect. That
file is unrelated to this PR's dry-run audit, so revert it to main: the
two entries and line numbers are unchanged, only the audit-trail comments
explaining why each raw-http site is exempt are restored.
    @fullstackjam
    fullstackjam authored Jun 1, 2026
    Configuration menu
    Copy the full SHA
    7a91db8 View commit details
    Browse the repository at this point in the history
Loading