Conversation
Reference: core/api/LICENCE. Co-Authored-By: Cladius Maximus <cladius@lethean.io>
…block) - git submodule update on external/* to current dev tips - go.work paths fixed for Phase 1 /go/ subtree layout where stale - go.work go-version bumped 1.26.0 → 1.26.2 to match submodule floor Workspace-mode build (`go build ./...`) is the verification path. Some repos may surface transitive dep issues (api/go.sum checksum drift, etc.) which are separate cascade tickets — not blocking this metadata refresh. Co-Authored-By: Cladius Maximus <cladius@lethean.io>
…-artifacts) Removes from git index: node_modules.bak/, .lintdeps/, .scannerwork/, .DS_Store, dist/, etc. — regenerable build/scan outputs that should never be tracked. Updates .gitignore with the canonical pattern set. Audit dimension `tracked-artifacts` (core/go commit 62aac07) flagged 1 entries. Same root-cause class as Mantis #1333 (gui ui/node_modules.bak/) — applying the structural fix ecosystem-wide. Co-Authored-By: Cladius Maximus <cladius@lethean.io>
go-build had no root .go file — the package was entirely in pkg/{api,
events,release,sdk,service,storage}. Athena's #1336 adjudication
(2026-05-10, 90% confidence) placed it in the "Option A: lift root
composer" cohort because the subpackages are layers of one product
(the dev/build orchestrator), not unrelated domains.
This commit lifts the root composer:
- /Users/snider/Code/core/go-build/go/build.go — package decl + Service
struct definition + package doc
- /Users/snider/Code/core/go-build/go/service.go — canonical NewService
+ Register surface
Service holds buildservice.Manager (the de-facto orchestrator from
pkg/service/manager.go), constructed via buildservice.NewManager() in
NewService. Manager is always wired (no credentials needed).
Note: NewService does NOT register the `core service` command tree —
that's servicecmd.AddServiceCommands(c)'s job and stays an explicit
caller responsibility (the build CLI has multiple cmd subdirs each
with its own AddXxxCommands, registered by the cmd binary, not the
library).
ServiceOptions is empty for v1 — the underlying buildservice.Manager
is config-driven via buildservice.ResolveConfig at command-execution
time, not at service-registration time.
Smoke verified:
- service.go + build.go themselves compile cleanly (correct imports,
matches reference shape)
- Package-wide vet blocked by pre-existing missing-dep failures in
pkg/release (signing) and cmd/build (installers, builders) —
unrelated to this change, present on pristine HEAD (verified by
stashing both files)
Co-Authored-By: Virgil <virgil@lethean.io>
The generated compliance triplets only asserted no-panic on one trivial input per predicate, leaving the reflect.Kind decision trees untested. Add behaviour tests driving typed-nil, map/slice/array containers, the convertible-vs-assignable map-key paths in Contains, and the order/length and fall-back-to-deep-equal paths in ElementsMatch. Co-Authored-By: Virgil <virgil@lethean.io>
Drive the real branches the generated triplets skipped: first-non-empty key selection in OptionString, native-bool and parseable-string coercion plus the parse-failure and missing-key fall-backs in OptionBoolDefault, multi-key lookup in OptionHas, and both result shapes of ResultFromError. Co-Authored-By: Virgil <virgil@lethean.io>
The existing suite drove only MemoryMedium, leaving every localstore method at 0%. Add temp-dir-backed behaviour tests for the full Medium surface (read/write/mode/ensure-dir/delete/rename/list/stat/open/create/ append/streams/exists), the MkdirAll-failure error branch via a file blocking a parent path, Copy across the real medium, and the fileinfo Size/ModTime/Sys accessors. Co-Authored-By: Virgil <virgil@lethean.io>
The recorder-based tests could not reach the gorilla upgrade path, so readLoop, writeLoop and removeClient sat at 0%. Add an httptest.Server + real DefaultDialer round-trip: connect, subscribe over the wire, receive a channel broadcast (exercising writeLoop timestamping), and verify client+channel pruning on disconnect. Race-clean. Uses core.TrimPrefix to honour the AX-6 banned-stdlib rule. Co-Authored-By: Virgil <virgil@lethean.io>
Drive the marker-counting branches directly: empty-marker rejection, absent-marker zero, exact single match, and split-boundary counting. The remaining uncovered statements are the assert helpers' t.Fatalf failure branches, which take testing.TB (a sealed interface) and Goexit rather than panic, so they are not unit-testable from outside testing. Co-Authored-By: Virgil <virgil@lethean.io>
Add environment-independent coverage that did not need an external SDK generator installed: the cancelled-context and blocked-output-dir error branches shared by all four Generate dispatchers, the full finalizeTypeScriptOutput pipeline (recursive copy, src-placement decisions, package.json synthesis incl. metadata defaults and merge of an existing manifest), the copy-helper stat/list failure branches, and the LanguagesIter early-break yield path. The remaining uncovered lines are the native-CLI/docker/npx execution branches, which require the real generator binaries and so are not unit-coverable in a clean sandbox. Co-Authored-By: Virgil <virgil@lethean.io>
Exercise the real banned-stdlib-wrapper branches the no-panic triplets skipped: JSON marshal/unmarshal failure paths, ResolveCommand fallback and all-missing paths, the nil-context and empty-command guards in runCommand, an actual subprocess happy path (/bin/echo), a non-zero exit (/usr/bin/false), the cancelled-context kill path (/bin/sleep), and the absolute-path short-circuit in resolveExecutable. DS/Getwd/FromSlash env overrides stay uncovered: Core seals DS and DIR_CWD in systemInfo with no exported setter in this module version, so t.Setenv cannot reach them. Co-Authored-By: Virgil <virgil@lethean.io>
…%->89%) Drive the real branches the no-panic triplets skipped: every DiffConfig.UnmarshalYAML node shape (scalar true/false, scalar decode error, expanded mapping with/without enabled, sequence default-branch failure), version-template resolution incl. the no-version and empty-version fall-backs, monorepo output-path composition via a publish path, config cloning isolation, language alias/dedup normalisation, all diffSummary level/severity combinations, and the scramble + configured + common-path branches of DetectSpec/detectScramble. The remaining gaps are the php-export and generator-execution paths that need external tools. Co-Authored-By: Virgil <virgil@lethean.io>
Add a failing io.Writer routed through SetStdout to reach the !written.OK early-return branches, plus a recording writer to assert the real output bytes of each helper on the success path. Co-Authored-By: Virgil <virgil@lethean.io>
The existing suite covered the Renderable optional-interface branch but not Streamable. Add a provider implementing Channels() and assert the channels entry is emitted in the Info map. Co-Authored-By: Virgil <virgil@lethean.io>
Add the stat-failure and real-binary fingerprint branches of dockerRuntimeCommandState, and the explicit-fallback-path and all-missing branches of the TypeScript native CLI resolver. npx is not tested via fabricated fallback because it is commonly present on PATH and would resolve there rather than via the fallback list. Co-Authored-By: Virgil <virgil@lethean.io>
…les) The go/ restructure (73debaa) moved pkg/ -> go/pkg/, but a global 'build/' gitignore silently excluded go/pkg/build/ during 'git add'. That commit recorded the deletion of the old pkg/build/ and never staged the new location, so the entire build engine (builders, signing, installers, apple, images, templates) vanished from the tree and disk. The module has not compiled since. Restored all 172 files from a8611a9 (parent of the restructure) into go/pkg/build/. Import paths and the v0.9.0 CoreGO pin matched, so the tree slots straight back in. Also reconstructed apple RunOptions + runWithOptions in builders/apple.go: referenced by the Apple builder's runner interface and call sites but never defined in any commit (the builder was mid-refactor when lost). Wired runWithOptions to ax.ExecWithEnv(ctx, dir, env, cmd, args...). Co-Authored-By: Virgil <virgil@lethean.io>
daemon.Run wired the build-event hub to /api/v1/build/events twice: once
engine-level via coreapi.WithWSPath/WithWSHandler(hub.Handler()), and again
through BuildProvider's /events route (streamEvents -> hub.HandleWebSocket).
gin panics on the duplicate GET registration, so Run() panicked on startup.
Removed the engine-level wiring; BuildProvider owns /events (and has a
nil-hub 503 guard the engine path lacked). Surfaced by the pkg/build
recovery — pkg/service couldn't compile while the engine was missing, so the
panic was latent. TestDaemon_Run_{Good,Bad,Ugly} now pass.
Co-Authored-By: Virgil <virgil@lethean.io>
Fast-forward external/go submodule to the v0.10.3 tag (b48b896 -> f7a84db, +60 commits, clean ancestor move) and repin go/go.mod. go mod tidy refreshed go.sum/go.work.sum; the /go.mod hash is unchanged from v0.9.0, confirming CoreGO stayed zero-dep across the bump. Workspace build + vet + full suite green (4190 pass). Co-Authored-By: Virgil <virgil@lethean.io>
go/cmd/build (build/apple/image/installers/project/pwa/release/sdk/service/ workflow commands + tests/examples) and go/tests/cli/build fixtures were untracked working-tree WIP. They import pkg/build, so they could not compile while the engine was missing; with pkg/build restored they build and their tests pass (part of the 4190-test green run). Tracking them protects against the same untracked-loss that swallowed pkg/build. Note: still carries the repo-wide error-wrap-antipattern (core.NewError( r.Error())); cleaned in the follow-up structural sweep. Co-Authored-By: Virgil <virgil@lethean.io>
Apply the CoreGO idiom (Option A): return the failed Result directly instead of re-wrapping via core.Fail(core.E(scope, msg, core.NewError(r.Error()))). Matches external/go's fs.go reference and the sites in this file that already propagated correctly. Repointed 4 tests that asserted on the dropped wrapper strings to assert the propagated inner messages (more specific): 'package name is required', 'permission denied', 'unknown project type', 'unsupported characters'. pkg/release green (445 tests). First file of the repo-wide error-wrap sweep. Co-Authored-By: Virgil <virgil@lethean.io>
…audit gaps The root dappco.re/go/build package (build.go Service + service.go NewService/Register/ServiceOptions) had no tests at all. Added meaningful Good/Bad/Ugly triplets (distinct cases with real assertions, not AssertNotPanics theatre) plus runnable examples, and the '// Usage example:' doc marker on service.go. Coverage 0.0% -> 100.0%. Clears 9 audit findings on these two files: ax7-triplet-gaps, example-gaps, missing-test-files, missing-example-files, service-usage-example (all now 0). Co-Authored-By: Virgil <virgil@lethean.io>
Replaced a pre-existing AssertNotPanics/counter theatre triplet with meaningful AX-7 triplets covering all cmd.go symbols. Tests assert on rendered CLI output (captured via cli.SetStdout) and core.Result.OK/.Error()/exit codes — diff exit codes 0/1/2, partial-registration failures, spec load errors. Distinct Good/Bad/Ugly cases (no theatre). Test files only; cmd.go untouched. Residual ~10% is the ax.Getwd() failure branch (DIR_CWD is init-frozen, not inducible in-test) + generator-availability-gated formatting — documented, not faked. Co-Authored-By: Virgil <virgil@lethean.io>
Replaced an AssertNotPanics/counter theatre triplet with meaningful AX-7 triplets for all cmd.go symbols + focused branch tests (every-step-can-fail, action wiring, config-load errors, absolute-output export). Drove install/start/stop/uninstall through the package's overridable seams (serviceGetwd, resolveServiceCfg, serviceManager via stubManager, exportService, runDaemon) + cli.SetStdout capture — no real kardianos/service controller or daemon loop started. Test files only. Residual 1.1% is runServiceExport's post-MkdirAll write-error branch (needs non-portable OS permission manipulation) — documented, not faked. Co-Authored-By: Virgil <virgil@lethean.io>
Replaced an AssertNotPanics theatre triplet with meaningful AX-7 triplets. latestTagWithContext(dir) covered 100% via hermetic temp git repos (git init + isolated identity + gpgsign=false, all under t.TempDir()). cwd-bound handlers (ax.Getwd reads init-frozen DIR_CWD, not redirectable) tested for deterministic side-effect-free invariants only: dry-run stops at 'dist/ not found' pre-network, version/changelog happy paths assert OK + rendered header, cancellation/invalid-ref fail deterministically. Test files only; tree confirmed clean post-run. Honestly skipped: runCIReleaseInit (writes .core/release.yaml into the real cwd = source tree; its logic is covered 100% via runCIReleaseInitInDir), runCIPublish post-publish success (needs real registries/artifacts, no injectable seam in cmd/ci), and unreachable ax.Getwd failure branches. Co-Authored-By: Virgil <virgil@lethean.io>
…ol seam) Replaced AssertNotPanics theatre triplets with meaningful AX-7 triplets. No injectable exec runner here (signers call ax.CombinedOutput/ResolveCommand directly), so the deterministic seam is fake #!/bin/sh tools written to a t.TempDir() + t.Setenv(PATH) — the resolvers find them and the real command-construction/exec paths run portably (gpg sign, codesign sign, the zip->notarytool->stapler notarise flow incl. args-aware xcrun). GOOS gated via t.Setenv (core.Env reads live env, unlike init-frozen DIR_CWD) to cover the macOS signer on any host. Test files only. Honestly skipped: signtool.Sign/Available (runtime.GOOS==windows, compile-time gated; covered naming/validation/guard branches), SignBinaries windows arm, and defensive post-Available tool-missing re-checks (unreachable via absolute fallback paths on a real macOS host). Co-Authored-By: Virgil <virgil@lethean.io>
request_test.go was entirely AssertNotPanics/counter theatre — 16 'passing' tests that asserted nothing, which is why coverage sat at 59.6%. Replaced with meaningful AX-7 triplets + 7 focused branch tests for FromOptions, LoadConfig, ApplyOverrides, ParseCSV: inject the getwd/resolve seams (explicit fn params) as stubs, assert decoded fields, auto-rebuild default-vs-set semantics, alias precedence, both duration-parse error branches, relative/absolute path joining, nil-config tolerance. 100% coverage, no skips, no fakery. Test file only. Co-Authored-By: Virgil <virgil@lethean.io>
…e, drive handlers) Replaced all AssertNotPanics/counter theatre triplets across the CLI layer with meaningful AX-7 triplets (172->240 tests). Drove command Action closures via c.Command(path).Run(opts) to deterministic outcomes (image --list, apple bundle_id-required, release config-not-found, pwa/from-path input validation); reused the service/release/installers override-var seams + temp dirs for copyDir, loadAppleBuildConfig, resolvePWAAppConfig, resolveReleaseWorkflowTargetPath, runServiceExport. Test files only. Honest skips (76% is the ceiling without integration infra): runReleaseWorkflow (writes .github/workflows into the init-frozen-cwd source tree; logic covered via runReleaseWorkflowInDir), and the heavy orchestration handlers that shell real go build / docker / linuxkit / nsis / Xcode (validation+error branches covered, real-compile success left to integration). Co-Authored-By: Virgil <virgil@lethean.io>
… execution Approved design (Approach A) for promoting AppleBuilder's credential-free operations (BuildWailsMacOS/CreateUniversal/CreateDMG) from sandbox-safe skeleton to real execution via the GoProcessAppleRunner seam: default the runner to executing, guard placeholder writes behind non-darwin, TDD command construction with a recording runner. Sign/Notarise/TestFlight/AppStore stay skeleton (credential-gated). Pre-implementation spec per superpowers brainstorming flow. Co-Authored-By: Virgil <virgil@lethean.io>
…xecution Bite-sized red-green-refactor plan (6 tasks): runner default -> executing + protect existing darwin tests; CreateDMG placeholder guard; CreateUniversal lipo command lock; BuildWailsMacOS OUTPUT_DIR + skeleton guard; optional skip-if-absent real-lipo smoke; full verify + audit. Hermetic recording-runner command-construction TDD throughout. Follows superpowers writing-plans. Co-Authored-By: Virgil <virgil@lethean.io>
NewAppleBuilder now seeds runner with GoProcessAppleRunner{} so darwin
hosts execute external Apple tooling through the existing runExternal
seam; non-darwin hosts still record-only.
Protect the BuildWailsMacOS skeleton triplets with WithAppleHostOS("linux")
so they no longer shell a real wails3 on darwin. Promote recordingAppleRunner
into apple_realexec_test.go with a configurable result and newRecordingAppleRunner
constructor, migrating existing bare literals to the constructor.
Co-Authored-By: Virgil <virgil@lethean.io>
Pin the lipo dispatch to exactly one call via AssertLen, drop the misleading Good/Bad/Ugly suffixes from the free-form default-runner behaviour tests (the off-darwin case is a by-design success, not a failure), and reword the recordingAppleRunner.Run doc comment so the primary flow reads correctly. Co-Authored-By: Virgil <virgil@lethean.io>
…nly off-darwin) CreateDMG previously wrote a skeleton placeholder over cfg.OutputPath unconditionally, clobbering the real hdiutil convert output on darwin. Guard the placeholder write behind a non-darwin host check so the genuine DMG survives on macOS while off-darwin lanes still receive a marker file. Protect the two pre-existing TestAppleDmg CreateDMG tests that asserted the placeholder-file behaviour: the _Ugly file-on-disk case now runs on linux (the placeholder path), and the _Good case stays on darwin to keep its four-call hdiutil assertion, dropping the file assertion now covered by the new off-darwin placeholder test. Co-Authored-By: Virgil <virgil@lethean.io>
Add darwin/off-darwin behaviour tests pinning the lipo invocation: exactly one -create call with the universal output binary plus both arch slices as args, runner-failure propagation, and records-only on non-darwin. No production change needed; the command construction was already correct. Co-Authored-By: Virgil <virgil@lethean.io>
…rwin Tell wails3 v3 where to emit the .app via the OUTPUT_DIR env, and skip the placeholder skeleton on darwin so the real wails3 output is the artifact rather than being shadowed by a stub executable. Off-darwin keeps the skeleton so downstream lanes still receive a bundle. Fix the TestAppleBuilder_Good end-to-end darwin test: with the skeleton now skipped on darwin and wails3 stubbed by the recording runner, the per-arch .app bundles no longer materialise, so CreateUniversal had no arm64/amd64 source to lipo. Seed the bundles the real wails3 would have produced before Build, preserving the full command-sequence assertion. Co-Authored-By: Virgil <virgil@lethean.io>
Prove the default executing runner (GoProcessAppleRunner -> ax.ExecWithEnv) drives a genuine lipo merge through CreateUniversal, with no recording runner injected. Stage two real thin slices extracted from a universal system binary, merge them, and assert the output is genuinely multi-arch. Reads the fixture's actual archs (modern macOS ships x86_64 + arm64e, not arm64) so the test stays robust across Macs. Skips cleanly on non-darwin, missing lipo, a non-fat fixture, or extraction failure, keeping CI/linux and credential-free machines green. Co-Authored-By: Virgil <virgil@lethean.io>
GOFLAGS is space-tokenised, so a value like '-ldflags=-X main.version=v'
shatters into non-flag tokens ('-w', 'main.version=v') and go aborts with
'parsing $GOFLAGS: non-flag', breaking every go invocation in a wails-v3
build (surfaced as TaskfileBuilder 'exit 201'). Drop -ldflags from the
GOFLAGS string in buildV3GoFlags; the ldflags + version stamp already ride
the quoted BUILD_FLAGS task var. Two tests asserted the broken GOFLAGS as
correct — corrected + added regression guards.
Co-Authored-By: Virgil <virgil@lethean.io>
…kage target `core build` already defers to a project's Taskfile (`task build`); `core build apple` did not — it ran go-build's own generic Apple pipeline, which hard- requires a Developer ID identity when sign is enabled and reimplements .app assembly the project's Taskfile already owns (ad-hoc/Dev-ID sign, engine bundling, LSUIElement plist). Make the two consistent: when the project ships a Taskfile with a `package` target, `core build apple` runs `task package` (mapping CertIdentity → SIGN_IDENTITY, so an empty identity takes the Taskfile's ad-hoc default — no Developer ID needed for a local build) and reports the .app it finds under the wails-convention bin/. Upload flows (notarise / TestFlight / App Store) still need the in-pipeline credential handling, so only plain build+sign delegates; everything else falls through to build.BuildApple unchanged. Verified end-to-end: `core build apple` on go-ai's lem-runtime now produces a fresh ad-hoc-signed LEM Runtime.app (Identifier ai.lthn.lem-runtime) instead of failing on the missing signing identity. Tests: target detection (incl. darwin:package ≠ bare package), upload-flow and no-target fall-through, and .app discovery by suffix. Co-Authored-By: Virgil <virgil@lethean.io>
… "0 artifacts") A wails v3 Taskfile writes its build product to the project's bin/ (the wails convention), not the dist/ OUTPUT_DIR go-build passes the task. So a successful `core build` on lem-runtime ran `task build`, produced bin/lem-runtime, then reported "Built 0 artifacts" because TaskfileBuilder only scanned OUTPUT_DIR. Add a fallback: when the OUTPUT_DIR scan is empty, look under bin/ then build/bin/ (relative to the project) for the executable and any .app bundle. Generic and safe — it only fires when OUTPUT_DIR yielded nothing, so projects that do write to dist/ are unaffected. Verified: `core build` on lem-runtime now reports the bin/lem-runtime artifact. Tests cover the executable, the .app bundle, the empty case, and that hidden files / loose non-executables in bin/ are not mistaken for products. Co-Authored-By: Virgil <virgil@lethean.io>
…t dir The build success line read "Built 1 artifacts (…/dist)" — wrong plural for a single artifact, and the dim label showed the configured OUTPUT_DIR even when the artifact actually landed in the project's bin/ (the wails Taskfile case). Pluralise the noun by count, and label the line with the directory the artifacts really landed in (relative to the project) rather than OUTPUT_DIR, falling back to OUTPUT_DIR only when there is no artifact to point at. Now: "Built 1 artifact (bin)". Co-Authored-By: Virgil <virgil@lethean.io>
Advance external/go workspace submodule to v0.10.4 so dev (GOWORK on) and standalone (GOWORK=off) builds resolve the same core/go. Co-Authored-By: Virgil <virgil@lethean.io>
Add the VZ guest LinuxKit definition and a resolve path that yields the kernel+initrd artefact directory core/agent's VZ dispatch boots from — the non-stopgap source for vzResolveImage (replaces the CORE_AGENT_VZ_IMAGE env stopgap). - pkg/build/images/core-dev-vz.yml: arm64 VZ guest def — virtio-vsock + virtio-fs kernel, an onboot step that mounts `mount -t virtiofs workspace /workspace`, and the cross-compiled vzagent baked as a service on vsock port 1024 (CAP_SYS_BOOT). Embedded via images/*.yml but kept OUT of linuxKitBaseCatalog so the legacy `core build image` pipeline ignores it. The full agent toolchain layer is defined in comments and marked build-host work (deferred). - pkg/build/linuxkit_resolve.go: build.LinuxKitResolve renders the def with the staged vzagent binary, builds the kernel+initrd format, then assembles the canonical kernel/initrd.img/cmdline names matching go-container's vzResolveGuestArtefacts contract. linuxkit emits a gzip kernel; resolve inflates it to a raw arm64 Image (VZLinuxBootLoader does no decompression), leaving the initrd gzipped. A signature over the rendered def + vzagent content guards a cache: an unchanged input set with kernel + initrd.img present skips the build. The linuxkit exec is an injectable package var. - cmd/build: `core build image-resolve --vzagent <path> --output <dir>` drives resolve and prints the artefact directory on the last stdout line — the machine-readable handle core/agent captures. - Tests: filename mapping, dir assembly, gzip-kernel decompression + raw pass-through, caching decision + invalidation, and validation failures, all with a mocked linuxkit exec. Verified against linuxkit v1.8.2: a real kernel+initrd build produces a decompressed arm64 Image kernel (magic at offset 56) + gzip initrd + cmdline in the artefact dir. Co-Authored-By: Virgil <virgil@lethean.io>
…ers/ Verified each design's work is present in source before removal; the docs are redundant replication guides. Future superpowers output stays local (gitignored). Co-Authored-By: Virgil <virgil@lethean.io>
|
Important Review skippedToo many files! This PR contains 248 files, which is 98 over the limit of 150. To get a review, narrow the scope: Upgrade to a paid plan to raise the limit. ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (3)
📒 Files selected for processing (248)
You can disable this status message by setting the Use the checkbox below for a quick retry:
Warning Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|



This pull request introduces the initial orchestration layer for the
go-buildsystem, establishing a Core-registerableServicethat composes the build orchestrator and provides a unified entry point for build management. It also adds licensing information and includes basic tests and CI output helpers. The most important changes are summarized below.Licensing and Compliance:
LICENCE), and applied SPDX license headers to all new Go files to ensure compliance. [1] [2] [3] [4]Core Service Orchestration:
build.Servicetype ingo/build.go, which composes the orchestrator manager and provides a Core-registerable service entry point for build orchestration.go/build_example_test.go) and a comprehensive test suite (go/build_test.go) to verify the construction and behavior of the root service and its manager. [1] [2]CI Output Helpers:
emitCIErrorAnnotationingo/cmd/build/ci_output.goand a corresponding test helper ingo/cmd/build/ci_output_test.goto format and emit CI error annotations, integrating with GitHub Actions. [1] [2]Dependency Management:
external/gosubmodule and added a checksum fordappco.re/go v0.10.3ingo.work.sumto support the new orchestration layer. [1] [2]