Skip to content

CLI & TUI improvements: charm v2 stack, fang, huh prompts, richer container browser#55

Merged
alexrf45 merged 6 commits into
mainfrom
dev-test
Jun 3, 2026
Merged

CLI & TUI improvements: charm v2 stack, fang, huh prompts, richer container browser#55
alexrf45 merged 6 commits into
mainfrom
dev-test

Conversation

@alexrf45

@alexrf45 alexrf45 commented Jun 3, 2026

Copy link
Copy Markdown
Owner

Summary

Modernizes SCRT's CLI and interactive TUI and refreshes the .claude tooling. Delivered in five focused phases (plus earlier reviewer/tooling cleanup), each independently green under make all (vet + -race tests + build).

CLI ergonomics

  • Wrap the cobra root with charm.land/fang/v2 → styled help/errors, --version, manpage generation, and shell completion.
  • Live container-name tab-completion on enter/stop/destroy.
  • import --repo is now a cobra-enforced required flag.

Interactive prompts (huh)

  • destroy confirmation, the pull tag picker, and a new config init setup wizard now use charm.land/huh/v2 (interactive on a TTY, accessible-mode stdin fallback). pull.go no longer depends on tview/tcell.

Richer container browser (scrt list)

  • / filter (by name/image/state, live), a toggleable 5s auto-refresh (race-free), l scrollable log viewer, u/g file upload/download — alongside the existing enter/stop/destroy/backup.

Backend / shared internals

  • New Manager.Logs (+ Backend.Logs): TTY-aware log streaming — raw for -it containers, stdcopy-demuxed otherwise.
  • Extracted tar pack/unpack + path validation into internal/container/transfer.go (TarFile, UntarTo, ValidateTransferPath), reused by both the TUI and the HTTP API (removes duplicated inline tar logic). UntarTo adds tar-slip protection and bounded extraction (io.CopyN), with owner-only perms (0600/0700).

Dependency / toolchain

  • Migrated the charm stack to the charm.land/* v2 modules (lipgloss/bubbletea/bubbles), which requires Go 1.25 (go.mod bumped; CI tracks it via go-version-file; README updated). An indirect lipgloss v1 remains transitively via charmbracelet/log (no v2 logger exists); project code imports only v2.

.claude tooling (earlier commits on this branch)

  • Refocused the security-reviewer and go-reviewer agents on Go/Docker security; removed local skills/agents now provided by installed plugins (accounts for the large deletion count).

Commits

  • 83e6424 feat(cli): migrate to charm v2 stack and add fang CLI polish
  • de06aa3 feat(tui): add huh prompts, pull picker, and config wizard
  • b3f7aff feat(tui): add container search/filter and live auto-refresh
  • 2e9abdd feat(tui): add in-browser log viewer and file copy
  • 20c3a49 chore(claude): remove local skills/agents superseded by plugins
  • 1d2443c docs(claude): refocus reviewers on Go security; tighten README intro

Test plan

Automated (done):

  • make allgo vet, go test -race, build — all green
  • New tests: cobra wiring + required-flag + completion guard; stripImageTag, nonEmpty, filterContainers; ValidateTransferPath, tar pack/unpack round-trip, tar-slip rejection
  • gosec reviewed (tightened extraction perms; remaining G304 is mitigated by safeJoin and documented)

Manual (recommended before merge — interactive paths can't run headless):

  • scrt list in a TTY: / filter, a auto-refresh, l logs, u upload, g download, e/s/d/b
  • scrt config init wizard writes a valid ~/.scrt.conf.json
  • scrt pull tag picker; scrt destroy <p> confirm (and --force bypass)
  • scrt completion zsh / bash / fish output is usable

alexrf45 added 6 commits June 2, 2026 21:46
@alexrf45
chore(claude): remove local skills/agents superseded by plugins
20c3a49 
Removes vendored .claude copies of skills (cli-developer, code-documenter,
golang-patterns, golang-pro, kubernetes-specialist) and agents
(code-reviewer, docs-lookup) now provided via installed plugins.
@alexrf45
docs(claude): refocus reviewers on Go security; tighten README intro
1d2443c 
- security-reviewer agent: rewrite from npm/node to Go (command/path
  injection, tar-slip, crypto, govulncheck) with SCRT Docker-wrapper
  specifics; drop dangling security-review skill reference
- go-reviewer agent: add SCRT project conventions (CS-5, CTX-1, ERR-1,
  CC-1) and Docker-wrapper review notes
- README: cut rule-of-three and promotional filler from the intro
@alexrf45
feat(cli): migrate to charm v2 stack and add fang CLI polish
83e6424 
Phase 0 — dependency groundwork:
- Adopt charm.land/{lipgloss,bubbletea,bubbles}/v2; Go directive bumped to
  1.25.0 (CI tracks go.mod via go-version-file). Port style.go and the
  spinner to v2 APIs (Model.View now returns tea.View).
- charmbracelet/log keeps an indirect lipgloss v1 (no v2 logger exists);
  project code imports only the v2 charm.land paths.

Phase 1 — CLI ergonomics:
- Wrap the cobra root with charm.land/fang/v2: styled help/errors,
  --version, manpage generation, and shell completion.
- Make import --repo a required flag (cobra-enforced).
- Add live container-name tab-completion to enter/stop/destroy.
- Extract buildRoot seam; add cmd/scrt tests (wiring, required flag,
  completion guard).

Docs: README "Go 1.24+" -> "1.25+"; libraries.md records the v2 paths and
the approved huh/fang additions. Root help text tightened.
@alexrf45
feat(tui): add huh prompts, pull picker, and config wizard
de06aa3 
- Replace the destroy y/N fmt.Scanln with tui.Confirm (huh interactive on
  a TTY, accessible-mode stdin fallback; user abort = cancel).
- Rewrite the pull tag dialog with huh Select + conditional Input,
  removing tview/tcell from pull.go.
- Add `config init`: a guided huh form over image/shell/workdir and the
  host-net/X11/GPU toggles, prefilled from the existing config and saved
  via config.Save. RunConfigWizard returns a new Config (immutable input).
- Add internal/tui tests for stripImageTag and the nonEmpty validator
  (package previously had none).

Adds charm.land/huh/v2; Go directive bumped to 1.25.8.
@alexrf45
feat(tui): add container search/filter and live auto-refresh
b3f7aff 
- Press '/' to open a filter bar that live-filters the container list by
  name, image, or state (case-insensitive). Enter keeps the filter, Esc
  clears it. A master list is retained so refreshes preserve the filter.
- Press 'a' to toggle a 5s background auto-refresh. The ticker only does
  timing; auto/busy state is read and written on the main goroutine inside
  QueueUpdateDraw, so it is race-free, and it refreshes silently to keep
  the hint bar intact. The ticker stops when the browser exits.
- Extract a shared scheduleHintRestore and a pure filterContainers helper;
  add a table-driven test for the latter.
@alexrf45
feat(tui): add in-browser log viewer and file copy
2e9abdd 
- Add Manager.Logs (and Backend.Logs): TTY-aware log streaming that
  returns the raw stream for -it containers and demuxes stdout/stderr via
  stdcopy for non-TTY ones.
- Extract the tar pack/unpack and path validation into a shared
  internal/container/transfer.go (TarFile, UntarTo, ValidateTransferPath).
  UntarTo guards against tar-slip and bounds extraction with io.CopyN;
  extracted files use owner-only perms (0600/0700). Refactor the HTTP API
  handlers to reuse these instead of inline tar building.
- Wire new list-browser actions: 'l' opens a scrollable log page, 'u'
  uploads a host file into the container, 'g' downloads a container path
  to the host. New list_logs.go and list_copy.go keep list.go focused.
- Move the transfer-path validation test to the container package and add
  pack/unpack round-trip and tar-slip rejection tests.

README: document the interactive browser and guided-setup features.
@alexrf45 alexrf45 merged commit c7bcea5 into main Jun 3, 2026
1 check passed
@alexrf45 alexrf45 deleted the dev-test branch June 3, 2026 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alexrf45