Skip to content

Harden transfers, auth, mounts, and releases#6

Merged
ColinMario merged 2 commits into
mainfrom
codex/full-hardening-v0.3.0
Jul 14, 2026
Merged

Harden transfers, auth, mounts, and releases#6
ColinMario merged 2 commits into
mainfrom
codex/full-hardening-v0.3.0

Conversation

@ColinMario

Copy link
Copy Markdown
Owner

What changed

  • makes rclone transfers non-destructive by default and gates exact mirrors behind explicit confirmation, deletion limits, backups, source/root guards, and strict config validation
  • makes rclone config, auth/session, vault, state, and service updates atomic with rollback, including exact restoration of the prior Proton CLI secret-store state
  • hardens macOS authenticated WebDAV mounts, Linux systemd/OpenRC persistence, process identity checks, child environments, bootstrap downloads, and CLI argument handling
  • splits the former monolithic command implementation into focused modules and adds failure-path, race, integration, and migration coverage
  • refreshes Go dependencies and vendoring, completes GPL/notice/security/contribution documentation, and updates Flatpak metadata
  • adds Linux/macOS CI, quality/security scans, cross-builds, packaging validation, reproducible GoReleaser archives/native packages/SPDX SBOMs, Sigstore checksum bundles, and GitHub attestations

Why

The previous implementation could imply destructive rclone sync behavior, reported healthy status for some failed states, performed several multi-step mutations without full rollback, and lacked enough release, security, packaging, and failure-path verification for a data-management CLI.

User impact

Normal syncs preserve destination-only files. Destructive mirroring is explicit and bounded. Authentication/session exports, mounts, persistent services, bootstrap installs, and machine-readable status now fail closed with actionable errors. Existing version-less sync configs and legacy state/vault names migrate safely.

Validation

  • go test ./...
  • go test -race ./...
  • go vet ./...
  • 38.5% repository-wide statement coverage
  • Staticcheck, Gosec, and Govulncheck (zero called-package/symbol vulnerabilities)
  • Linux amd64/arm64, macOS amd64/arm64, FreeBSD amd64, and Windows amd64 cross-builds
  • Actionlint, GoReleaser config validation, module/vendor verification, XML/YAML validation
  • real rclone bcrypt WebDAV readiness test and real macOS mount_webdav mount/unmount
  • fresh checksum-verified bootstrap of Proton Drive CLI 0.5.0 and rclone 1.74.4
  • live Proton CLI 0.5 session-format import into an isolated temporary rclone config
  • two independent GoReleaser snapshots with identical checksums for all 12 archives, native packages, and SPDX SBOMs

@ColinMario ColinMario marked this pull request as ready for review July 14, 2026 15:19
@ColinMario ColinMario merged commit b6f0b0f into main Jul 14, 2026
7 checks passed
@ColinMario ColinMario deleted the codex/full-hardening-v0.3.0 branch July 14, 2026 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant