Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .mole-cli-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.30.0
1.35.0
4 changes: 2 additions & 2 deletions MoleUI.xcodeproj/project.pbxproj
Original file line number Diff line number Diff line change
Expand Up @@ -383,7 +383,7 @@
"@executable_path/../Frameworks",
);
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 0.1.4;
MARKETING_VERSION = 0.1.5;
PRODUCT_BUNDLE_IDENTIFIER = com.qinfuyao.MoleUI;
PRODUCT_NAME = "Mole UI";
SDKROOT = macosx;
Expand Down Expand Up @@ -470,7 +470,7 @@
"@executable_path/../Frameworks",
);
MACOSX_DEPLOYMENT_TARGET = 14.0;
MARKETING_VERSION = 0.1.4;
MARKETING_VERSION = 0.1.5;
PRODUCT_BUNDLE_IDENTIFIER = com.qinfuyao.MoleUI;
PRODUCT_NAME = "Mole UI";
SDKROOT = macosx;
Expand Down
2 changes: 1 addition & 1 deletion MoleUI/.mole-cli-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.30.0
1.35.0
96 changes: 96 additions & 0 deletions Resources/mole/.githooks/pre-commit
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
#!/usr/bin/env bash
# Pre-commit hook: mirrors GitHub CI checks locally.
# Installed via: git config core.hooksPath .githooks
#
# Runs on every `git commit`. Catches format/lint/test failures before push.

set -euo pipefail

REPO_ROOT="$(git rev-parse --show-toplevel)"
cd "$REPO_ROOT"

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

_ok() { echo -e "${GREEN}✓${NC} $1"; }
_fail() { echo -e "${RED}✗${NC} $1"; }
_info() { echo -e "${YELLOW}→${NC} $1"; }

echo ""
_info "Running pre-commit checks (mirrors GitHub CI)..."
echo ""

# Only check staged shell/Go files to keep commits fast.
STAGED=$(git diff --cached --name-only --diff-filter=ACM)
HAS_SHELL=$(echo "$STAGED" | grep -E '\.sh$|^mole$|^bin/' || true)
HAS_GO=$(echo "$STAGED" | grep -E '\.go$' || true)

FAILED=0

# --- 1. Shell syntax check (fast, no tool required) ---
if [[ -n "$HAS_SHELL" ]]; then
_info "Shell syntax check..."
while IFS= read -r f; do
[[ -f "$f" ]] || continue
if ! bash -n "$f" 2>&1; then
_fail "Syntax error: $f"
FAILED=1
fi
done <<< "$HAS_SHELL"
[[ $FAILED -eq 0 ]] && _ok "Shell syntax clean"
fi

# --- 2. shfmt format check (if installed) ---
if [[ -n "$HAS_SHELL" ]] && command -v shfmt > /dev/null 2>&1; then
_info "shfmt format check..."
UNFORMATTED=""
while IFS= read -r f; do
[[ -f "$f" ]] || continue
if ! shfmt -i 4 -ci -sr -d "$f" > /dev/null 2>&1; then
UNFORMATTED="$UNFORMATTED $f"
fi
done <<< "$HAS_SHELL"
if [[ -n "$UNFORMATTED" ]]; then
_fail "shfmt: unformatted files:$UNFORMATTED"
_info "Fix with: ./scripts/check.sh --format"
FAILED=1
else
_ok "shfmt format clean"
fi
fi

# --- 3. shellcheck (if installed) ---
if [[ -n "$HAS_SHELL" ]] && command -v shellcheck > /dev/null 2>&1; then
_info "shellcheck..."
while IFS= read -r f; do
[[ -f "$f" ]] || continue
if ! shellcheck "$f" 2>&1; then
FAILED=1
fi
done <<< "$HAS_SHELL"
[[ $FAILED -eq 0 ]] && _ok "shellcheck clean"
fi

# --- 4. Go vet (if staged Go files) ---
if [[ -n "$HAS_GO" ]] && command -v go > /dev/null 2>&1; then
_info "go vet..."
if go vet ./cmd/... 2>&1; then
_ok "go vet clean"
else
_fail "go vet failed"
FAILED=1
fi
fi

echo ""
if [[ $FAILED -ne 0 ]]; then
_fail "Pre-commit checks failed. Fix the issues above before committing."
_info "Run './scripts/check.sh --format' to auto-fix formatting."
echo ""
exit 1
fi

_ok "All pre-commit checks passed."
echo ""
1 change: 1 addition & 0 deletions Resources/mole/.github/CODEOWNERS
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @tw93
2 changes: 2 additions & 0 deletions Resources/mole/.github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ assignees: ''

A clear and concise description of what the bug is. We suggest using English for better global understanding.

If you believe the issue may allow unsafe deletion, path validation bypass, privilege boundary bypass, or release/install integrity issues, do not file a public bug report. Report it privately using the contact details in `SECURITY.md`.

## Steps to reproduce

1. Run command: `mo ...`
Expand Down
3 changes: 3 additions & 0 deletions Resources/mole/.github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Private Security Report
url: mailto:hitw93@gmail.com?subject=Mole%20security%20report
about: Report a suspected vulnerability privately instead of opening a public issue
- name: Telegram Community
url: https://t.me/+GclQS9ZnxyI2ODQ1
about: Join our Telegram group for questions and discussions
Expand Down
10 changes: 10 additions & 0 deletions Resources/mole/.github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,18 @@ updates:
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"
reviewers:
- "tw93"
open-pull-requests-limit: 10

- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
labels:
- "dependencies"
reviewers:
- "tw93"
open-pull-requests-limit: 10
18 changes: 18 additions & 0 deletions Resources/mole/.github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
## Summary

- Describe the change.

## Safety Review

- Does this change affect cleanup, uninstall, optimize, installer, remove, analyze delete, update, or install behavior?
- Does this change affect path validation, protected directories, symlink handling, sudo boundaries, or release/install integrity?
- If yes, describe the new boundary or risk change clearly.

## Tests

- List the automated tests you ran.
- List any manual checks for high-risk paths or destructive flows.

## Safety-related changes

- None.
14 changes: 8 additions & 6 deletions Resources/mole/.github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Cache Homebrew
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
with:
path: |
~/Library/Caches/Homebrew
Expand All @@ -36,9 +36,9 @@ jobs:
run: brew install shfmt shellcheck golangci-lint

- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5
with:
go-version: '1.24.6'
go-version-file: go.mod

- name: Install goimports
run: go install golang.org/x/tools/cmd/goimports@latest
Expand Down Expand Up @@ -66,6 +66,8 @@ jobs:
name: Check
runs-on: macos-latest
needs: format
permissions:
contents: read

steps:
- name: Checkout
Expand All @@ -74,7 +76,7 @@ jobs:
ref: ${{ (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && github.head_ref) || github.ref }}

- name: Cache Homebrew
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
with:
path: |
~/Library/Caches/Homebrew
Expand All @@ -89,9 +91,9 @@ jobs:
run: brew install shfmt shellcheck golangci-lint

- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v5
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5
with:
go-version: '1.24.6'
go-version-file: go.mod

- name: Run check script
run: ./scripts/check.sh --no-format
52 changes: 52 additions & 0 deletions Resources/mole/.github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: CodeQL

on:
push:
branches: [main, dev]
pull_request:
branches: [main, dev]
schedule:
- cron: '17 3 * * 1'

permissions:
contents: read
security-events: write

jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- language: go
build-mode: manual
- language: actions
build-mode: none

steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4

- name: Set up Go
if: matrix.language == 'go'
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v5
with:
go-version-file: go.mod

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
queries: security-extended

- name: Build for CodeQL
if: matrix.build-mode == 'manual'
run: make build

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
Loading