johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bd sync: 2025-12-25 19:55:25

Browse Source
This commit is contained in:
Steve Yegge
2025-12-25 19:55:25 -08:00
parent 488ec56938
commit 46b7f162cf
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.beads/issues.jsonl
View File

@@ -15,7 +15,7 @@
{"id":"bd-14v0","title":"Add Windows code signing for bd.exe releases","description":"## Context\n\nGo binaries (including bd.exe) are commonly flagged by antivirus software as false positives due to heuristic detection. See docs/ANTIVIRUS.md for full details.\n\n## Problem\n\nKaspersky and other AV software flag bd.exe as PDM:Trojan.Win32.Generic, causing it to be quarantined or deleted.\n\n## Solution\n\nImplement code signing for Windows releases using:\n1. An EV (Extended Validation) code certificate\n2. Integration with GoReleaser to sign Windows binaries during release\n\n## Benefits\n\n- Reduces false positive rates over time as the certificate builds reputation\n- Provides tamper verification for users\n- Improves SmartScreen trust rating on Windows\n- Professional appearance for enterprise users\n\n## Implementation Steps\n\n1. Acquire EV code signing certificate (annual cost ~$300-500)\n2. Set up signtool or osslsigncode in release pipeline\n3. Update .goreleaser.yml to sign Windows binaries\n4. Update checksums to include signed binary hashes\n5. Document signing verification in ANTIVIRUS.md\n\n## References\n\n- docs/ANTIVIRUS.md - Current documentation\n- bd-t4u1 - Original Kaspersky false positive report\n- https://github.com/golang/go/issues/16292 - Go project discussion","status":"closed","priority":3,"issue_type":"task","created_at":"2025-12-23T23:46:48.459177-08:00","updated_at":"2025-12-23T23:54:41.912141-08:00","closed_at":"2025-12-23T23:54:41.912141-08:00","close_reason":"Implemented Windows code signing infrastructure. Added signing script, GoReleaser hook, updated release workflow and documentation. Signing is gracefully degraded when certificate secrets are not configured - releases continue as unsigned. Certificate acquisition (EV cert) is still required to actually enable signing.","dependencies":[{"issue_id":"bd-14v0","depends_on_id":"bd-t4u1","type":"discovered-from","created_at":"2025-12-23T23:47:02.024159-08:00","created_by":"daemon"}]}
{"id":"bd-1dez","title":"Mol Mall: Formula marketplace using GitHub as backend","description":"Create a marketplace for sharing molecule formulas using GitHub repos as the hosting backend.\n\n## Architecture Update (Dec 2025)\n\n**Formulas are the sharing layer.** With ephemeral protos (bd-rciw), the architecture is:\n\n```\nFormulas ──cook──→ [ephemeral proto] ──pour/wisp──→ Mol/Wisp\n ↑ │\n └────────────────── distill ─────────────────────────┘\n```\n\n- **Formulas**: JSON source files (.formula.json) - the thing you share\n- **Protos**: Transient compilation artifacts - auto-deleted after use\n- **Mols/Wisps**: Execution instances - not shared directly\n\n**Key operations:**\n- `bd distill \u003cmol-id\u003e` → Extract formula from completed work\n- `bd mol publish \u003cformula\u003e` → Share to GitHub\n- `bd mol install \u003curl\u003e` → Fetch from GitHub\n- `bd pour \u003cformula\u003e` → Cook and spawn (proto is ephemeral)\n\n## Why GitHub?\n\nGitHub solves multiple problems at once:\n- **Hosting**: Raw file URLs for formula.json\n- **Versioning**: Git tags (v1.0.0, v1.2.0)\n- **Auth**: GitHub tokens for private formulas\n- **Discovery**: GitHub search, topics, stars\n- **Collaboration**: PRs for contributions, issues for bugs\n- **Organizations**: Natural scoping (@anthropic/, @gastown/)\n\n## URL Scheme\n\n```bash\n# Direct GitHub URL\nbd mol install github.com/anthropics/mol-code-review\n\n# With version tag\nbd mol install github.com/anthropics/mol-code-review@v1.2.0\n\n# Shorthand (via registry lookup)\nbd mol install @anthropic/mol-code-review\n```\n\n## Architecture\n\nEach formula lives in its own repo (like Go modules):\n```\ngithub.com/anthropics/mol-code-review/\n├── formula.json # The formula\n├── README.md # Documentation\n└── CHANGELOG.md # Version history\n```\n\n## ID Namespace\n\n| Entity | ID Format | Example |\n|--------|-----------|---------|\n| Formula (GitHub) | `github.com/org/repo` | `github.com/anthropics/mol-code-review` |\n| Installed formula | `mol-name` | `mol-code-review` |\n| Poured instance | `\u003cdb\u003e-mol-xxx` | `bd-mol-b8c` |","notes":"Deferred - focusing on Christmas launch first","status":"deferred","priority":2,"issue_type":"epic","created_at":"2025-12-25T12:05:17.666574-08:00","updated_at":"2025-12-25T18:42:12.969154-08:00"}
{"id":"bd-1dez.1","title":"bd distill: Extract formula from mol/epic","description":"Extract a formula from completed work (mol, wisp, or epic).\n\n**Key change**: Distill works on execution artifacts (mols/wisps/epics), not protos.\nProtos are ephemeral - they don't persist. Distillation extracts patterns from\nactual executed work.\n\n## Usage\n```bash\nbd distill bd-mol-xyz -o my-workflow.formula.json\nbd distill bd-epic-abc -o feature-workflow.formula.json\n```\n\n## Use Cases\n- **Emergent patterns**: Structured work manually, want to templatize it\n- **Modified execution**: Poured a formula, added custom steps, want to capture\n- **Learning from success**: Extract what made a complex mol succeed\n\n## Implementation\n1. Load mol/wisp/epic subgraph (root + all children)\n2. Convert to formula JSON structure\n3. Extract variables from patterns (titles, descriptions)\n4. Generate step IDs from issue titles (slugify)\n5. Write .formula.json file\n\n## Output Format\n```json\n{\n \"formula\": \"my-workflow\",\n \"description\": \"...\",\n \"version\": 1,\n \"vars\": { ... },\n \"steps\": [ ... ]\n}\n```\n\n## Architecture Note\nThis closes the formula lifecycle loop:\n Formulas ──cook──→ Mols ──distill──→ Formulas\n\nAll sharing happens via formulas. Mols contain execution context and aren't shared.","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-25T12:05:47.045105-08:00","updated_at":"2025-12-25T18:54:39.967765-08:00","closed_at":"2025-12-25T18:54:39.967765-08:00","close_reason":"Command already implemented; updated help text, added daemon support, and -o shorthand","dependencies":[{"issue_id":"bd-1dez.1","depends_on_id":"bd-1dez","type":"parent-child","created_at":"2025-12-25T12:05:47.045596-08:00","created_by":"daemon"}]}
{"id":"bd-1dez.2","title":"bd formula add: Import formula to local catalog","description":"Import a formula file to the local catalog (search path).\n\n**Replaces**: \"bd mol promote\" (proto-to-proto concept is obsolete with ephemeral protos)\n\n## Usage\n```bash\n# Add a formula file to project catalog\nbd formula add my-workflow.formula.json\n\n# Add to user-level catalog\nbd formula add my-workflow.formula.json --scope user\n\n# Add from URL\nbd formula add https://example.com/workflow.formula.json\n```\n\n## Implementation\n1. Parse the formula file (validate JSON structure)\n2. Determine target directory based on scope:\n - project: .beads/formulas/\n - user: ~/.beads/formulas/\n - town: ~/gt/.beads/formulas/\n3. Copy/download formula to target\n4. Verify it is loadable: bd formula show \u003cname\u003e\n\n## Flags\n- `--scope \u003clevel\u003e` - Where to add (project|user|town, default: project)\n- `--name \u003cname\u003e` - Override formula name (default: from file)\n\n## Note\nThis is for manually adding formulas. For GitHub-hosted formulas, use:\n bd mol install github.com/org/formula-name","status":"open","priority":2,"issue_type":"task","created_at":"2025-12-25T12:05:48.588283-08:00","updated_at":"2025-12-25T18:41:33.757656-08:00","dependencies":[{"issue_id":"bd-1dez.2","depends_on_id":"bd-1dez","type":"parent-child","created_at":"2025-12-25T12:05:48.590203-08:00","created_by":"daemon"},{"issue_id":"bd-1dez.2","depends_on_id":"bd-1dez.1","type":"blocks","created_at":"2025-12-25T12:07:06.745686-08:00","created_by":"daemon"}]}
{"id":"bd-1dez.2","title":"bd formula add: Import formula to local catalog","description":"Import a formula file to the local catalog (search path).\n\n**Replaces**: \"bd mol promote\" (proto-to-proto concept is obsolete with ephemeral protos)\n\n## Usage\n```bash\n# Add a formula file to project catalog\nbd formula add my-workflow.formula.json\n\n# Add to user-level catalog\nbd formula add my-workflow.formula.json --scope user\n\n# Add from URL\nbd formula add https://example.com/workflow.formula.json\n```\n\n## Implementation\n1. Parse the formula file (validate JSON structure)\n2. Determine target directory based on scope:\n - project: .beads/formulas/\n - user: ~/.beads/formulas/\n - town: ~/gt/.beads/formulas/\n3. Copy/download formula to target\n4. Verify it is loadable: bd formula show \u003cname\u003e\n\n## Flags\n- `--scope \u003clevel\u003e` - Where to add (project|user|town, default: project)\n- `--name \u003cname\u003e` - Override formula name (default: from file)\n\n## Note\nThis is for manually adding formulas. For GitHub-hosted formulas, use:\n bd mol install github.com/org/formula-name","status":"closed","priority":2,"issue_type":"task","created_at":"2025-12-25T12:05:48.588283-08:00","updated_at":"2025-12-25T19:54:35.242576-08:00","closed_at":"2025-12-25T19:54:35.242576-08:00","close_reason":"Implemented bd formula add command with scope and URL support","dependencies":[{"issue_id":"bd-1dez.2","depends_on_id":"bd-1dez","type":"parent-child","created_at":"2025-12-25T12:05:48.590203-08:00","created_by":"daemon"},{"issue_id":"bd-1dez.2","depends_on_id":"bd-1dez.1","type":"blocks","created_at":"2025-12-25T12:07:06.745686-08:00","created_by":"daemon"}]}
{"id":"bd-1dez.3","title":"bd mol install: Install formula from GitHub","description":"Download and cook a formula from a GitHub repository.\n\n## Usage\n```bash\n# Direct GitHub URL\nbd mol install github.com/anthropics/mol-code-review\n\n# With version tag \nbd mol install github.com/anthropics/mol-code-review@v1.2.0\n\n# Shorthand (future: via registry lookup)\nbd mol install @anthropic/mol-code-review\n```\n\n## Implementation\n1. Parse URL: extract org, repo, optional version tag\n2. Construct raw URL: `https://raw.githubusercontent.com/org/repo/[tag]/formula.json`\n3. Fetch formula.json via HTTP\n4. Validate formula structure\n5. Save to .beads/formulas/\n6. Run cook to create local proto\n7. Record in .beads/installed.json for update tracking\n\n## installed.json Format\n```json\n{\n \"mol-code-review\": {\n \"source\": \"github.com/anthropics/mol-code-review\",\n \"version\": \"v1.2.0\",\n \"installed_at\": \"2025-12-25T12:00:00Z\"\n }\n}\n```\n\n## Dependencies\n- Requires network access\n- Uses `gh` CLI or direct HTTP for auth (private repos)\n","status":"open","priority":2,"issue_type":"task","created_at":"2025-12-25T12:05:49.757336-08:00","updated_at":"2025-12-25T12:05:49.757336-08:00","dependencies":[{"issue_id":"bd-1dez.3","depends_on_id":"bd-1dez","type":"parent-child","created_at":"2025-12-25T12:05:49.759176-08:00","created_by":"daemon"},{"issue_id":"bd-1dez.3","depends_on_id":"bd-1dez.7","type":"blocks","created_at":"2025-12-25T12:07:06.825716-08:00","created_by":"daemon"}]}
{"id":"bd-1dez.4","title":"bd mol update: Check and update installed formulas","description":"Check for newer versions of installed formulas and update them.\n\n## Usage\n```bash\nbd mol update # Update all\nbd mol update mol-code-review # Update specific formula\nbd mol update --check # Just check, don't update\n```\n\n## Implementation\n1. Read .beads/installed.json\n2. For each installed formula:\n - Fetch latest tag from GitHub API\n - Compare with installed version\n - If newer: download, cook, update installed.json\n3. Report what was updated\n\n## Flags\n- `--check` - Only check for updates, don't install\n- `--force` - Reinstall even if up to date\n- `--json` - Machine-readable output\n","status":"open","priority":2,"issue_type":"task","created_at":"2025-12-25T12:05:50.952041-08:00","updated_at":"2025-12-25T12:05:50.952041-08:00","dependencies":[{"issue_id":"bd-1dez.4","depends_on_id":"bd-1dez","type":"parent-child","created_at":"2025-12-25T12:05:50.952584-08:00","created_by":"daemon"},{"issue_id":"bd-1dez.4","depends_on_id":"bd-1dez.3","type":"blocks","created_at":"2025-12-25T12:07:06.90486-08:00","created_by":"daemon"},{"issue_id":"bd-1dez.4","depends_on_id":"bd-1dez.8","type":"blocks","created_at":"2025-12-25T12:07:06.99578-08:00","created_by":"daemon"}]}
{"id":"bd-1dez.5","title":"bd mol search: Find formulas using GitHub API","description":"Search for formulas in the Mol Mall using GitHub's search API.\n\n## Usage\n```bash\nbd mol search \"code review\" # Free text search\nbd mol search --topic molecule # By GitHub topic\nbd mol search --org anthropics # By organization\nbd mol search --stars \"\u003e10\" # By popularity\n```\n\n## Implementation\n1. Use GitHub Search API: `/search/repositories`\n2. Filter by topic:mol-formula or naming convention\n3. Parse results, show name/description/stars/version\n4. Support pagination for large result sets\n\n## Output\n```\nNAME STARS DESCRIPTION\ngithub.com/anthropics/mol-code-review 42 AI-assisted code review workflow\ngithub.com/gastown/mol-polecat-work 12 Standard polecat work lifecycle\n```\n\n## Discovery Convention\nRepos should have:\n- Topic: `mol-formula` or `beads-molecule`\n- Name starting with `mol-`\n- formula.json in root\n","status":"open","priority":3,"issue_type":"task","created_at":"2025-12-25T12:06:40.019394-08:00","updated_at":"2025-12-25T12:06:40.019394-08:00","dependencies":[{"issue_id":"bd-1dez.5","depends_on_id":"bd-1dez","type":"parent-child","created_at":"2025-12-25T12:06:40.01989-08:00","created_by":"daemon"}]}