feat: Apache 2.0 license + CI infrastructure + unit tests#1
Merged
Conversation
Implement the verify package with: - VerifySession: validates attestations against policy - VerifyLatestSession: finds and verifies most recent session - ListSessions: enumerates available sessions with metadata - Post-hoc limit checking, attestation verification, data flow checks Wire up verify and status subcommands in main.go. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement MCP server (`aflock serve`) that provides: - get_identity: Derive agent identity from environment - get_policy: Return loaded .aflock policy - check_tool: Check if tool call is allowed by policy - bash: Execute commands with policy enforcement - read_file/write_file: File operations with policy checks - get_session: Current session metrics Also includes: - Fix glob matching for root-level files (**/*.go now matches main.go) - Integration test script for CLI hook testing - Claude Code hooks configuration for test-project Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add LICENSE file with Apache 2.0 license text - Update README.md license section - Update plugin.json license field Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
CI Infrastructure (multiclaude patterns): - Add GitHub Actions CI workflow (build, lint, test, coverage) - Add golangci-lint configuration with sensible exclusions - Add Makefile with pre-commit and check-all targets - Add pre-commit hook script Unit Tests: - Add policy evaluator tests (66.1% coverage) - Tool allow/deny list evaluation - File access patterns (allow, deny, read-only) - Domain access controls - Require approval patterns - Limit checking (fail-fast vs post-hoc) - Add pattern matcher tests - Glob pattern matching - Regex pattern matching - Tool pattern parsing - Add session state tests (84.5% coverage) - State CRUD operations - Metrics tracking - File tracking Code Quality: - Fix gofmt formatting issues - Fix errcheck linting issues - Fix staticcheck receiver name consistency Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add go-witness dependency to go.mod - Add internal/identity/discover.go for PID-based model discovery - Update go.sum with new dependencies Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds go-witness attestor integration including the GetGitTreeHash function required by internal/verify/verifier.go. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updates verify command to support --policy, --attestations, and --tree-hash flags - Downgrades Go version from 1.25.0 to 1.23 for CI compatibility - Fixes golangci-lint version compatibility error Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
go-witness v0.9.2 requires Go >= 1.25.0 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
v2.0.2 was built with Go 1.24 which is lower than our Go 1.25 target Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
License Change
CI Infrastructure
pre-commit,check-all,coveragetargetsmake pre-commitbefore commitsUnit Tests
internal/policyinternal/stateTest plan
make pre-commitpassesmake check-allpasses🤖 Generated with Claude Code