chore: merge pull request #305

Author: ntorga

.air.toml

@@ -3,7 +3,7 @@ root = "."
 tmp_dir = "tmp"
 
 [build]
-bin = "bin/os"
+entrypoint = ["bin/os"]
 cmd = "make build"
 delay = 1000
 exclude_dir = [".git", "bin", "logs", "tmp", "vendor", "src/devUtils"]

.augmentignore

@@ -4,7 +4,7 @@ PRIMARY_VHOST=
 # Required for dev only
 DUMMY_USER_ID=1000
 DUMMY_USER_NAME=dummy
-DUMMY_USER_PASS=example123
+DUMMY_USER_PASS=example123!
 
 # Auto generated by `os serve`
 ## Must be 32 bytes-key-before-base64-encoding if generated manually:

.env.example

@@ -5,3 +5,5 @@ logs/
 TODO.md
 *.db
 *_templ.go
+.agents/
+.memory/

.gitignore

@@ -0,0 +1,12 @@
+# AGENTS.md
+
+Read `.agents/README.md`.
+
+## Bug Reporting
+
+When a bug is reported, create a GitHub issue via `gh issue create` with:
+- How to reproduce it
+- What it affects
+- Which version of the project
+
+When the bug is fixed, close the issue via `gh issue close` with a comment mentioning the commit hash that fixed it.

AGENTS.md

@@ -1,6 +1,40 @@
 # Changelog
 
 ```log
+0.2.8 - 2026/03/XX
+chore: remove temporary echo-swagger replace directive and upgrade to v1.5.2
+fix(ssl): wrap SslPrivateKey around tk EnvelopedPrivateKey
+fix(ssl): repair altnames filter and add pagination to ssl listing
+feat(api): add swagger dto import for account endpoint
+feat(ui): add database user and alias shortcut buttons
+fix(files): handle root directory in file tree builder
+fix(database): use WeakPassword for database user creation
+fix(api): read operatorAccountId from echo context in file endpoints
+refactor(liaison): migrate manual pagination to tk PaginationParser
+refactor(cli): migrate to tk SimpleCliResponseRenderer
+refactor(api): migrate to tk LiaisonApiResponseEmitter
+refactor(liaison): migrate LiaisonOutput to tk LiaisonResponse
+fix: get key path via replace
+fix: show error on ssl list error
+fix: add primaryKeyColumn to PaginationQueryBuilder calls
+fix: sort services by name in ReadFirstInstalledItem
+refactor(valueObject): eliminate pure alias files with direct tk usage
+feat(files): add file privileges normalizer with ownership resolution
+fix(services): use name sort for installable services pagination
+refactor(infra): replace PaginationQueryBuilder alias with tk direct usage
+test(auth): add security tests with repo constructors
+feat(auth): add jwt v5 algorithm validation and api key hash security
+refactor: remove obsolete migrateOperatorAccountIdToSri
+refactor: use ActivityRecordLevelSecurity const and inline NewSriAccount
+refactor: delete presentation wrappers and use tk directly
+refactor: migrate infra consumers from wrappers to tk directly
+fix: replace panic with ResponseWrapper in files API controller
+refactor: add fileClerk field to repo structs for locality of behavior
+refactor: eliminate tk type aliases from all layers
+chore: add context to every src/ dir
+fix: use tk input reader for api
+chore: update go and deps
+
 0.2.7.1 - 2025/10/31
 fix: remove / from database and runtime hx-get/post to respect base href
 fix: add / to footer fragment

CHANGELOG.md

@@ -1,7 +1,7 @@
 daemon off;
 user nobody nogroup;
 pid /run/nginx.pid;
-worker_processes 1;
+worker_processes auto;
 worker_rlimit_nofile 65535;
 
 include /etc/nginx/modules-enabled/*.conf;
@@ -46,7 +46,7 @@ http {
     ssl_stapling_verify on;
     resolver 8.8.8.8 1.1.1.1 185.228.169.9 valid=60s ipv6=off;
     resolver_timeout 2s;
-    
+
     server_names_hash_bucket_size 128;
 
     include /app/conf/nginx/*.conf;

container/nginx/root/nginx.conf

@@ -39,7 +39,7 @@ echo "=> Replacing the standard binary with the development binary..."
 podman exec os /bin/bash -c 'rm -f os && ln -s bin/os os && supervisorctl restart os-api'
 
 echo "=> Creating a development account..."
-podman exec os /bin/bash -c 'os account create -u dev -p 123456 --is-super-admin false'
+podman exec os /bin/bash -c 'os account create -u dev -p abc123! --is-super-admin false'
 
 if [[ ${1} == "ssh" ]]; then
   echo "=> Installing OpenSSH..."

dev-build.sh

@@ -138,3 +138,13 @@ When the project is running, you can access the documentation at [`https://local
 The `src/devUtils` folder is not a Clean Architecture layer, it's there to help you during development. You can add any file you want there, but it's not recommended to add any file that is not related to development since the code there is meant to be ignored by the build process.
 
 For instance there you'll find a `testHelpers.go` file that is used to read the `.env` during tests.
+
+## Context Files
+
+Every directory under `src/` contains a `.context.md` file, and there is a `docs/FEATURE-MAP.md` at the project level. These files exist to orient anyone — human or AI agent — on what a given directory contains, what constraints apply there, and how features flow end-to-end through the codebase.
+
+All `.context.md` files follow a standard schema: a short prose summary, a `Constraints` block, and a `Guidance` block. When you make a structural change — moving files, adding a layer, renaming a package — update the relevant `.context.md` files in the same commit. Letting them drift defeats their purpose.
+
+## AI-Assisted Development
+
+If you are using an AI toolkit to assist with development, clone it into the project root as `.agents/`. That directory is already gitignored, so nothing in it will affect the repository.