* docs: gut the documentation bloat and remove dead files
The documentation had grown into the kind of sprawling mess where
the same feature gets explained three times in three different
files, none of which agree with each other. The main README alone
was 610 lines of duplicated sections, speculative roadmaps, and
verbose limitation disclaimers that nobody reads.
Remove 12 files that had no business existing: junk test files
(hello.cpp, hello.rs, test.py), duplicate agent configs, a 487-line
Podman testing manual, unused asciinema recordings, and 7MB of
unreferenced GIF files. Merge the useful bits from GITLAB_USAGE.md
into the main README where they belong.
Rewrite the main README from 610 lines down to ~170. Every feature
is mentioned once, in one place, with one example. The crate README
now actually lists all 14 crates instead of pretending secrets
doesn't exist.
Net result: 3,819 lines deleted, 197 added. The documentation now
fits in your head, which is the whole point.
* docs: update crate READMEs for latest features and trim secrets
The crate READMEs were quietly falling behind the actual code. The
executor README didn't mention --job, environment file read-back,
or job-level container directives. The UI README didn't mention job
selection mode or the tui feature flag. The evaluator README didn't
mention composite action input cross-checking.
Meanwhile, the secrets README was 387 lines of documentation for a
crate whose siblings average 25. It had full provider configuration
examples, rate limiting docs, input validation specs, and
benchmarking instructions — all of which belong in rustdoc, not a
README that's supposed to give you a quick overview.
Trim secrets to ~80 lines. Update executor, ui, evaluator, and
wrkflw READMEs to reflect features from PRs #77-#83.
Security Features:
- Implement secure emulation runtime with command sandboxing
- Add command validation, filtering, and dangerous pattern detection
- Block harmful commands like 'rm -rf /', 'sudo', 'dd', etc.
- Add resource limits (CPU, memory, execution time, process count)
- Implement filesystem isolation and access controls
- Add environment variable sanitization
- Support shell operators (&&, ||, |, ;) with proper parsing
New Runtime Mode:
- Add 'secure-emulation' runtime option to CLI
- Update UI to support new runtime mode with green security indicator
- Mark legacy 'emulation' mode as unsafe in help text
- Default to secure mode for local development safety
Documentation:
- Create comprehensive security documentation (README_SECURITY.md)
- Update main README with security mode information
- Add example workflows demonstrating safe vs dangerous commands
- Include migration guide and best practices
Testing:
- Add comprehensive test suite for sandbox functionality
- Include security demo workflows for testing
- Test dangerous command blocking and safe command execution
- Verify resource limits and timeout functionality
Code Quality:
- Fix all clippy warnings with proper struct initialization
- Add proper error handling and user-friendly security messages
- Implement comprehensive logging for security events
- Follow Rust best practices throughout
This addresses security concerns by preventing accidental harmful
commands while maintaining full compatibility with legitimate CI/CD
workflows. Users can now safely run untrusted workflows locally
without risk to their host system.
- Add comprehensive documentation for new --exit-code and --no-exit-code flags
- Include CI/CD integration examples showing script usage
- Document exit code behavior (0=success, 1=validation failure, 2=usage error)
- Update validation examples to show both success and failure cases
- Add GitLab CI validation examples
- Update feature list to highlight CI/CD integration capabilities
- Add documentation for --preserve-containers-on-failure flag
- Include usage examples for both CLI and TUI modes
- Explain when and how containers are preserved for debugging
- Add example of the helpful debugging message users will see
- Update CLI examples section to showcase the new feature
Add ability to trigger GitHub workflows with workflow_dispatch event from CLI.
This enables manual workflow triggering without using GitHub UI or custom bash
scripts.
Add trigger subcommand with branch and input parameters
Add list subcommand to show available workflows
Create GitHub API client for workflow dispatch events
Implement repo detection from git remote
Add User-Agent header for GitHub API requests
Update documentation with usage examples
