Apply updated Codex repository kit
This commit is contained in:
MrSphay
36
docs/agent-handoff.md
Normal file
36
docs/agent-handoff.md
Normal file
@@ -0,0 +1,36 @@
|
||||
# Agent Handoff
|
||||
|
||||
Use this file when a task spans multiple sessions, has unresolved follow-up work, or changes release behavior.
|
||||
|
||||
## Current State
|
||||
|
||||
Modrinth Plus is a fork of the upstream Modrinth monorepo with an initial Connected Library feature.
|
||||
|
||||
## Changes Made
|
||||
|
||||
- Added Connected Library backend, Tauri commands, UI, and SQLite migration.
|
||||
- Added Gitea runner workflow for app frontend and Rust checks.
|
||||
- Added Codex repository baseline documentation.
|
||||
|
||||
## Verification
|
||||
|
||||
| Check | Result |
|
||||
| --- | --- |
|
||||
| `git diff --check` | Passes locally |
|
||||
| Gitea Actions | Must be polled after every workflow-triggering push |
|
||||
| Local `pnpm` checks | Depends on local toolchain availability |
|
||||
| Local `cargo` checks | Depends on local toolchain availability |
|
||||
|
||||
## Open Questions
|
||||
|
||||
- Final release artifact names and packaging flow are not fixed.
|
||||
- Private Connected Library repository authentication is out of scope for v1.
|
||||
|
||||
## Next Steps
|
||||
|
||||
- Keep the Gitea workflow loop running until the current pushed commit succeeds.
|
||||
- Expand Connected Library tests after local or CI toolchain issues are resolved.
|
||||
|
||||
## Risks
|
||||
|
||||
- Connected Library update semantics currently preserve local user state and may leave removed pack files in place until stricter sync behavior is designed.
|
||||
35
docs/release-checklist.md
Normal file
35
docs/release-checklist.md
Normal file
@@ -0,0 +1,35 @@
|
||||
# Release Checklist
|
||||
|
||||
## Version
|
||||
|
||||
- [ ] Version number updated.
|
||||
- [ ] Changelog updated.
|
||||
- [ ] Release notes updated.
|
||||
|
||||
## Quality
|
||||
|
||||
- [ ] Working tree is clean.
|
||||
- [ ] Gitea Actions build workflow succeeds.
|
||||
- [ ] Frontend lint passes.
|
||||
- [ ] Rust format and clippy pass.
|
||||
- [ ] Known skipped checks are documented.
|
||||
|
||||
## Security
|
||||
|
||||
- [ ] Security review is current.
|
||||
- [ ] No secrets are committed.
|
||||
- [ ] Connected Library external URLs are documented.
|
||||
- [ ] Private repo authentication remains disabled unless explicitly designed.
|
||||
|
||||
## Artifacts
|
||||
|
||||
- [ ] Desktop app artifact names are known.
|
||||
- [ ] Installer or archive output paths are documented.
|
||||
- [ ] Download links work if release artifacts are published.
|
||||
|
||||
## Release
|
||||
|
||||
- [ ] Git tag created only when explicitly requested.
|
||||
- [ ] Release notes written.
|
||||
- [ ] Release published only when explicitly requested.
|
||||
- [ ] Post-release install/update smoke test completed.
|
||||
30
docs/release-notes.md
Normal file
30
docs/release-notes.md
Normal file
@@ -0,0 +1,30 @@
|
||||
# Modrinth Plus Unreleased
|
||||
|
||||
## Downloads
|
||||
|
||||
Release artifacts are not published yet.
|
||||
|
||||
## Highlights
|
||||
|
||||
- Connected Library can track public Git-hosted modpack manifests.
|
||||
- Per-pack auto-update can be enabled after a pack is connected.
|
||||
- Gitea Actions are used as the verification runner.
|
||||
|
||||
## Security
|
||||
|
||||
- Dependency audit: pending runner/toolchain confirmation.
|
||||
- Secret handling: no tokens are stored by Connected Library v1.
|
||||
- External network calls: public HTTPS manifest and `.mrpack` downloads.
|
||||
|
||||
## Verification
|
||||
|
||||
| Check | Result |
|
||||
| --- | --- |
|
||||
| Gitea Actions build | Must pass before release |
|
||||
| Frontend lint | Covered by Gitea build workflow |
|
||||
| Rust clippy | Covered by Gitea build workflow |
|
||||
| Artifact download | Pending release packaging |
|
||||
|
||||
## Notes
|
||||
|
||||
This fork is not release-ready until packaging and artifact names are finalized.
|
||||
55
docs/security-review.md
Normal file
55
docs/security-review.md
Normal file
@@ -0,0 +1,55 @@
|
||||
# Security Review
|
||||
|
||||
## Scope
|
||||
|
||||
Project:
|
||||
|
||||
```text
|
||||
Modrinth Plus
|
||||
```
|
||||
|
||||
Reviewed version or commit:
|
||||
|
||||
```text
|
||||
main
|
||||
```
|
||||
|
||||
## Code Patterns Checked
|
||||
|
||||
- [ ] No `eval`.
|
||||
- [ ] No dynamic `Function` constructor.
|
||||
- [ ] No unsafe HTML injection.
|
||||
- [ ] No unexpected shell execution.
|
||||
- [x] External network calls documented for Connected Library.
|
||||
- [x] No private Connected Library credentials are persisted in v1.
|
||||
- [x] Connected Library requires HTTPS manifest and `.mrpack` URLs.
|
||||
|
||||
## Dependency Review
|
||||
|
||||
Command:
|
||||
|
||||
```bash
|
||||
pnpm --filter @modrinth/app-frontend run lint
|
||||
cargo clippy --package theseus
|
||||
```
|
||||
|
||||
Result:
|
||||
|
||||
```text
|
||||
Pending successful Gitea Actions run.
|
||||
```
|
||||
|
||||
## Runtime Review
|
||||
|
||||
- [x] Connected Library manifests are stored locally in SQLite.
|
||||
- [x] Connected Library auto-update is disabled by default.
|
||||
- [x] `GITEA_TOKEN` is only for local agent API checks, not runtime app use.
|
||||
- [ ] Full Tauri runtime permission review pending.
|
||||
|
||||
## Release Notes
|
||||
|
||||
Known residual risks:
|
||||
|
||||
```text
|
||||
Connected Library update behavior is conservative and does not yet implement strict removed-file sync.
|
||||
```
|
||||
Reference in New Issue
Block a user