Skip to content

fix: restore CODEOWNERS template comments#5

Open
KooshaPari wants to merge 49 commits into
nanovms:mainfrom
KooshaPari:fix/codeowners-template
Open

fix: restore CODEOWNERS template comments#5
KooshaPari wants to merge 49 commits into
nanovms:mainfrom
KooshaPari:fix/codeowners-template

Conversation

@KooshaPari
Copy link
Copy Markdown

@KooshaPari KooshaPari commented May 28, 2026

Summary

  • Restore the CODEOWNERS template structure (default owner + comments) that was in the original local commit, after upstream merged a minimal version
  • The extra comments improve maintainability for future CODEOWNERS additions

Test plan

  • Review CODEOWNERS diff

🤖 Generated with Claude Code

KooshaPari and others added 30 commits April 24, 2026 12:52
@KooshaPari
ci(security): bootstrap CodeQL + trufflehog (audit #129) (#3)
a593ddc 
Co-authored-by: Forge <forge@phenotype.local>
@KooshaPari @claude
chore: add Phenotype fork attribution NOTICE to README (#1)
f2655c0 
Document this repo as a Phenotype-org fork of nanovms/ops-mcp, preserve
upstream README below the NOTICE, point to the tracked `upstream` remote,
and record fork rationale (MCP-first nanoVMs bridge, extension points
for phenotype-nanovms-client integration). Apache-2.0 license preserved.

Co-authored-by: Forge <forge@phenotype.dev>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@KooshaPari @claude
feat(manifest): add --dump-tools flag + tools.json + CI drift check (#2)
7ef0b22 
Introduces a canonical machine-readable manifest of every MCP tool this
server exposes so downstream consumers (agents, registries, doc sites) can
discover the surface without reading main.go.

Changes:
- Add --dump-tools (and --dump-tools-path) flags to main.go. When set, the
  binary writes tools.json to disk and exits 0 without starting the server.
- Centralize tool registration in a toolRegistrations() slice that is the
  single source of truth for both server.RegisterTool() calls and the
  manifest generator.
- Emit tools.json with the MCP tools/list shape: name, description,
  inputSchema (JSON Schema). Schemas are reflected from the handler
  argument structs via invopop/jsonschema (already transitively depended
  on by the SDK; promoted to a direct require).
- Add .github/workflows/manifest-check.yml which regenerates tools.json on
  every PR and fails via `git diff --exit-code` if the committed manifest
  drifts from the code.
- Document the manifest and CI drift check in README.md.
- Seed the initial tools.json (3.8 KB, 5 tools: pkg_load, instance_logs,
  instance_create, list_instances, list_images).

SDK limitation noted: metoro-io/mcp-golang@v0.13.0 stores registered tools
in an unexported field on *Server and exposes no ListTools()/Tools()
accessor. Rather than hand-authoring the manifest, we own the registration
list locally and re-run the same jsonschema reflector the SDK uses
internally, which keeps the manifest honest and derivable. A future
upstream PR adding a public accessor would let us drop the
toolRegistrations() indirection.

Refs #127 (MCP manifest bootstrap audit), #118 (tool discovery findings).

Co-authored-by: Forge <forge@phenotype.dev>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@KooshaPari
chore(ci): pin floating external actions to SHAs in secrets-scan.yml (#4
135ef0d 
)
@KooshaPari
chore: add OpenSSF Scorecard workflow (audit #256) (#5)
40ef196
@KooshaPari
fix(tools.json): align field names with handler params (longitude → i…
24c14ca 
…mage_name) (#6)

The InstanceArguments struct had a JSON tag 'longitude' which is semantically
incorrect and confusing. The field should map to 'image_name' to match the
actual purpose (specifying the image name for instance operations).

This fixes schema drift between tools.json and the Go handler implementation,
making the API contract clearer for MCP clients.

Affected tools:
- instance_logs: 'longitude' → 'image_name'
- instance_create: 'longitude' → 'image_name'

Note: After this change, run 'go run main.go -dump-tools' to regenerate
tools.json with the corrected field names.
@dependabot
chore(deps): bump golang.org/x/crypto from 0.37.0 to 0.45.0 (#7)
d572d95 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.37.0 to 0.45.0.
- [Commits](golang/crypto@v0.37.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 (#10)
093d468 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.36.0 to 1.41.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.36.0...v1.41.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.41.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#11)
b1672d7 
Bumps [github.com/buger/jsonparser](https://github.com/buger/jsonparser) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@KooshaPari @codex
chore(deps): group conflicted Go dependency bumps (#15)
a32d82c 
Combines the remaining Dependabot go.mod/go.sum updates that conflicted after the first dependency merge wave.

Validation: go test ./...

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari
chore(ci): adopt phenotype-tooling quality-gate + fr-coverage
4bae80f
@KooshaPari
test(smoke): seed minimal smoke test — proves harness works
75d6f96
@claude @KooshaPari
chore(governance): adopt CLAUDE.md + governance framework
5f824b6 
Enable AgilePlus spec tracking, FR traceability, and standard project conventions. Wave-5 governance push.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@KooshaPari
docs(changelog): seed retroactive CHANGELOG from git history via git-…
4ad1d0e 
…cliff
@KooshaPari
docs(readme): expand [wave-3 hygiene]
891bae7
@KooshaPari
docs(worklog): bootstrap worklog scaffolding (org-wide gap closure)
82a287c
@KooshaPari @claude
fix(deps): bump vulnerable Go modules (#16)
fc78332 
* chore(ci): adopt phenotype-tooling quality-gate + fr-coverage

* test(smoke): seed minimal smoke test — proves harness works

* chore(governance): adopt CLAUDE.md + governance framework

Enable AgilePlus spec tracking, FR traceability, and standard project conventions. Wave-5 governance push.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(changelog): seed retroactive CHANGELOG from git history via git-cliff

* docs(readme): expand [wave-3 hygiene]

* docs(worklog): bootstrap worklog scaffolding (org-wide gap closure)

---------

Co-authored-by: Forge <forge@phenotype.dev>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@KooshaPari @codex
fix(deps): update ops and docker modules
2cf7ba8 
Bump github.com/docker/docker to the latest published v28 module and update github.com/nanovms/ops to the matching upstream revision that supports the newer Docker API surface. This addresses the remaining installable Docker advisory path while preserving buildability.

Validation:
- go test ./...
- go vet ./...
- go build ./...

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Merge pull request #17 from KooshaPari/fix/deps-2026-04-27
55985fe 
fix(deps): update ops and docker modules

Local validation:
- go test ./...
- go vet ./...
- go build ./...

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
ci: harden workflow permissions and action pins
1b362c6 
Add explicit read-only token permissions to lightweight workflows and pin GitHub Actions dependencies by commit SHA with version comments. This targets the actionable CodeQL/Scorecard workflow governance alerts without changing runtime code.

Validation:
- python3 YAML parse for .github/workflows/*.yml
- actionlint .github/workflows/*.yml
- git diff --check

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Merge pull request #18 from KooshaPari/fix/workflow-permissions-score…
86c7eed 
…card

ci: harden workflow permissions and action pins

Local validation:
- python3 YAML parse for .github/workflows/*.yml
- actionlint .github/workflows/*.yml
- git diff --check

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Add Renovate base config
fcc117d 
Co-authored-by: Codex <noreply@openai.com>
@KooshaPari
Merge pull request #19 from KooshaPari/codex/add-renovate-config
209340c 
Add Renovate base config
@KooshaPari
add taskfile (#20)
4e0d51b
@KooshaPari @codex
Add Go Taskfile common tasks (#21)
e1a68d6 
Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Refine Go Taskfile common tasks (#22)
547830c 
Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
codex/taskfile common go tasks (#23)
fe51396 
* Refine Taskfile lint task

Co-authored-by: Codex <noreply@openai.com>

* Keep Taskfile lint scoped to go vet

Co-authored-by: Codex <noreply@openai.com>

---------

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Refine Taskfile Go cache handling (#24)
387ca73 
Keep Go build and temporary artifacts under a repo-local cache directory so the common Taskfile tasks avoid leaking transient files into the worktree root.

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Add Go Taskfile lint formatting check (#25)
bde0c35 
Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Fix Taskfile lint source selection (#26)
c519f49 
Limit gofmt checks to tracked Go source files so local Go build cache output under .cache does not break lint after running Taskfile tasks.

Co-authored-by: Codex <noreply@openai.com>
KooshaPari and others added 18 commits April 28, 2026 11:36
@KooshaPari @codex
Harden Go Taskfile caches
ec200a0 
Keep Go build, module, and temporary caches under the Taskfile cache tree, and make clean handle read-only Go module cache contents before deleting generated cache files.

Validation:
- git diff --check
- task --list
- task clean
- task build/test/lint attempted locally but blocked by /tmp disk exhaustion during Go dependency compilation

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @codex
Refine Taskfile Go cache setup (#28)
6ed7bec 
Centralize repo-local Go cache directory preparation behind an internal task used by build, test, and lint.

Co-authored-by: Codex <noreply@openai.com>
@KooshaPari @claude
docs: bootstrap SECURITY.md
a02380b 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@KooshaPari
Merge pull request #29 from KooshaPari/security/bootstrap
0769a39 
docs: bootstrap SECURITY.md
@KooshaPari @claude
chore: add standard issue templates (#30)
a5fc7b4 
* chore: add standard issue templates

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore: add standard issue templates

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore: add standard issue templates

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore: add standard issue templates

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
@KooshaPari
chore: bootstrap CLAUDE.md
67bd2f5
@KooshaPari
chore: bootstrap CLAUDE.md (merge with existing)
0c24659
@KooshaPari
docs: add journey-traceability + iconography implementation (#32)
124493f 
Co-authored-by: Phenotype Agent <agent@phenotype.ai>
@claude
ci: SHA-pin GitHub Actions (normalize to canonical SHAs)
fecc9e4 
Pin all action refs to immutable SHAs across workflow files:
- checkout@v4 → @11bd71901bbe5b1630ceea73d27597364c9af683
- checkout@v6 → @de0fac2e4500dabe0009e67214ff5f5447ce83dd
- setup-node@v4/v5, setup-python@v4/v5, setup-go@v5
- upload-artifact@v4/v7, download-artifact@v4
- cache@v3/v4, github-script@v7
- configure-pages@v5/v6, deploy-pages@v4/v5
- upload-pages-artifact@v3/v5, dependency-review-action@v4

Fixes version-tag normalization (add v4/v5 tags where missing).
Fixes double-SHA corruption artifacts from prior patching rounds.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@KooshaPari
Add Dependabot configuration for gitsubmodule and github-actions (#33)
16c7851
@KooshaPari @codex
docs: add phenotype-ops-mcp sladge badge (#31)
56c3b87 
Co-authored-by: Codex <noreply@openai.com>
@KooshaPari
chore: bootstrap trufflehog secrets scan [skip ci] (#34)
b2f0971
@KooshaPari
chore: add AGENTS.md and FUNDING.yml governance files [skip ci] (#35)
808a406 
* chore: add AGENTS.md governance file [skip ci]

* chore: add FUNDING.yml governance file [skip ci]
chore: add CODEOWNERS
c944d1a
chore: commit untracked infrastructure files
d944b48
@claude
ci(repo): add push/PR CI workflow
a31da33 
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@KooshaPari
docs: add CODEOWNERS and SECURITY.md (#36)
68011b3
@claude
fix: restore CODEOWNERS template comments
e4f0c45 
Upstream merged a minimal CODEOWNERS; restore the template structure
that was in the original local commit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 28, 2026 10:52
Copilot AI reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@KooshaPari