Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: peczenyj/structalign
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.6.1
Choose a base ref
...
head repository: peczenyj/structalign
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.7.0
Choose a head ref
  • 17 commits
  • 42 files changed
  • 3 contributors

Commits on May 27, 2026

  1. Configuration menu
    Copy the full SHA
    0a92666 View commit details
    Browse the repository at this point in the history
  2. fix(ci): pin codeql action to its commit SHA, not the tag object (#63)

    github/codeql-action v4.36.0 is an annotated tag, so f52b05f was the tag
    object SHA — not a commit. That can't be used as a uses: ref and the OpenSSF
    Scorecard webapp rejected it as an "imposter commit", failing the analysis
    step's publish. Pin to the dereferenced commit 7211b7c (still v4.36.0).
    
    Closes #62
    
    Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
    peczenyj and claude authored May 27, 2026
    Configuration menu
    Copy the full SHA
    5d3d63f View commit details
    Browse the repository at this point in the history
  3. docs: refresh diff screenshot and drop redundant tag badge (#64)

    * docs: regenerate diff screenshot for the v0.6.1 header
    
    The diff header now reports absolute bytes saved ("saving 16 bytes"), so the
    README screenshot was stale. Regenerated via `task screenshot` against
    -type=Record; the default termenv palette renders identically.
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    * docs: drop redundant tag badge (duplicates Latest release)
    
    The `tag` (github/tag) and `Latest release` (github/release) badges both render
    the same version string, since every tag maps 1:1 to a GitHub release. Keep
    `Latest release` (links to /releases/latest) and the distinct Release Date
    badge; remove the duplicate tag badge.
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    * docs: move Latest release to the first badge
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
    peczenyj and claude authored May 27, 2026
    Configuration menu
    Copy the full SHA
    297c521 View commit details
    Browse the repository at this point in the history

Commits on May 28, 2026

  1. Pre-v0.7.0 Cleanup: Sorting, Efficiency, and Bug Fixes (#68)

    * refactor: modernize sorting and improve efficiency
    
    This PR addresses several pre-v0.7.0 improvements:
    - Modernize sorting using Go 1.25 slices package (closes #67)
    - Improve stripEggFlags efficiency by pre-allocating slice (closes #66)
    - Support -skip-cache-padded for anonymous structs (closes #65)
    - Polish README.md and refine indent helper
    
    * test: increase coverage for refactored code and edge cases
    peczenyj authored May 28, 2026
    Configuration menu
    Copy the full SHA
    7b197a1 View commit details
    Browse the repository at this point in the history
  2. Feat: Layered Configuration (Env Vars + .structalignrc) (#69)

    * feat: implement layered configuration (env vars + .structalignrc)
    
    This PR adds support for persistent defaults via environment variables and configuration files.
    
    - New internal/config package for RC file parsing and env derivation.
    - Support for STRUCTALIGN_<FLAG> environment variables.
    - Support for .structalignrc files in Home and CWD (CWD > Home).
    - New -no-rc flag to disable RC loading.
    - Precedence: CLI > Env > CWD RC > Home RC > Default.
    
    Documentation updated in README.md and AGENTS.md.
    
    * docs: add configuration reference table to README and AGENTS
    peczenyj authored May 28, 2026
    Configuration menu
    Copy the full SHA
    7d7556c View commit details
    Browse the repository at this point in the history
  3. Feat: JSON Output Support (-format=json) (#71)

    * feat: implement JSON output support (-format=json)
    
    This PR adds structured JSON output for both diff and inspect modes.
    
    - New -format enum flag (text|json).
    - Structured JSON document includes tool version, mode, findings/layouts, and summary.
    - Populated Package field in Finding and Layout DTOs.
    - Golden file tests for JSON output in internal/ui.
    - Integration tests in internal/app.
    - Documentation updated in README.md and AGENTS.md.
    
    * fix(json): honor -tags flag in inspect mode
    
    Make -tags a single global "include tags in output" toggle: previously
    inspect JSON always emitted the per-field `tag`, regardless of -tags
    (text inspect already gated it). Plumb keepTags into RenderJSON and
    clear the field when off; STRUCTALIGN_TAGS=true and `tags = true` in
    .structalignrc work via the existing config layer. Closes #73.
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
    peczenyj and claude authored May 28, 2026
    Configuration menu
    Copy the full SHA
    ddd3c49 View commit details
    Browse the repository at this point in the history
  4. fix(usage): list -no-rc in -h and document the theme eggs (#74)

    The -no-rc flag was registered only inside scanEarlyFlags, so it never
    appeared in -h and the only mention lived in README. It is a normal
    config flag (no different from -threshold or -tags), not an easter egg,
    so register it with the FlagSet and keep an early peek just to honor it
    before RC loading runs.
    
    Adds a tiny "Easter eggs" README section documenting -cga / -green /
    -amber as shortcuts for STRUCTALIGN_THEME, and folds the dangling
    -version / -no-rc lines into the indented flag block.
    
    Closes #72.
    peczenyj authored May 28, 2026
    Configuration menu
    Copy the full SHA
    db28141 View commit details
    Browse the repository at this point in the history

Commits on May 29, 2026

  1. test: implement Go native fuzz tests for match and ui packages (#85)

    Add native Go fuzz testing suites to protect parsers, alignment padding, and matching logic:
    
    - internal/match/fuzz_test.go: Add 'FuzzMatchAny' and 'FuzzSplitCSV' tests to fuzz the pattern matching and CSV parser
    - internal/ui/printer_fuzz_test.go: Add 'FuzzTruncPad' test to fuzz visual column truncation and padding logic against arbitrary strings and widths
    peczenyj authored May 29, 2026
    Configuration menu
    Copy the full SHA
    44f5f10 View commit details
    Browse the repository at this point in the history
  2. ci: configure Cosign release signing in GoReleaser (#84)

    Configure keyless cryptographic release signing for all built release archives:
    
    - .goreleaser.yaml: Add 'signs' block using cosign to sign the checksums file and generate a '.sigstore.json' Sigstore bundle
    - release.yml: Add 'Install Cosign' workflow step (sigstore/cosign-installer) so the binary is available during release builds
    peczenyj authored May 29, 2026
    Configuration menu
    Copy the full SHA
    127d763 View commit details
    Browse the repository at this point in the history
  3. ci: harden workflows, apply least privilege, and add scorecard annota…

    …tion (#83)
    
    Harden the GitHub workflow files to comply with OpenSSF Scorecard least privilege and pinning rules:
    
    - release.yml: Restrict top-level permissions to 'read-all' and declare contents/id-token/attestations write access at the job level (closes alert #4)
    - ci.yml: Pin gotestsum and go-consistent installations to exact versions (v1.13.0 and v0.6.2) instead of mutable '@latest' (closes alerts #2, #3)
    - scorecard.yml: Create a scorecard annotation file to document solo-maintainer Code-Review exclusion
    - docs/TODO.md: Add a TODO document outlining manual repository settings (branch protection, OpenSSF badge, OSS-Fuzz) for maintainers
    peczenyj authored May 29, 2026
    Configuration menu
    Copy the full SHA
    dde67b8 View commit details
    Browse the repository at this point in the history
  4. fix: address major bugs, unhandled AST aliases, and config issues on …

    …devel (#82)
    
    Address 7 high-priority issues identified during deep pre-release review of the 'devel' branch:
    
    - go.mod: Downgrade Go version directive to 1.24.0 (closes #75)
    - .golangci.yml: Rewrite to valid golangci-lint v2 schema, and configure exclude rules for fmt/revive (closes #81)
    - app.go: Prepend standard 'structalign: ' prefix to empty findings messages
    - printer: Inject stderr into Printer, and update RenderJSON signature to accept explicit inspect boolean to fix mode misidentification on empty results (closes #76)
    - app.go: Initialize noRC from STRUCTALIGN_NO_RC environment variable in scanEarlyFlags (closes #77)
    - layout: Unwrap types.Alias and traverse types.Interface in collectTypeParams to find nested type params (closes #78)
    - structfilter/align: Use types.Unalias to support CacheLinePad and typeParamNames checks on aliased types (closes #79)
    - relpath_test.go: Fix TestRelPath flakiness by dynamically constructing absolute paths outside CWD (closes #80)
    - app.go/nolint_block_test: Rename shadowed min variable and unused test parameter to fix revive linter errors
    peczenyj authored May 29, 2026
    Configuration menu
    Copy the full SHA
    619de91 View commit details
    Browse the repository at this point in the history
  5. fix: graceful RC keys, JSON encode-error stream, and docs (#87)

    * fix: graceful RC keys, JSON encode-error stream, and docs
    
    Follow-ups from the v0.7.0 batch code review:
    
    - app: skip .structalignrc keys that don't map to a flag (the documented
      theme exclusion and typos) instead of warning "no such flag"; a real
      flag given a bad value still warns.
    - ui: RenderJSON returns its encode error instead of writing to the real
      os.Stderr; app.Run reports it on App.Stderr and exits 2.
    - docs: document that the JSON diff document always carries the summary
      block and that -format=json ignores the text presentation flags.
    - test(align): replace the unfinished readSource bounds comment with a
      deliberate note on why the remaining guards are uncovered.
    
    Closes #86
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    * chore: add OpenSSF .bestpractices.json configuration file
    
    Add .bestpractices.json to the repository root containing all self-assertions and justifications for the project's security, quality, reporting, and licensing criteria. This allows the OpenSSF Best Practices portal to automatically parse and pre-populate the project's questionnaire, bypassing the need for manual form submission.
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
    peczenyj and claude authored May 29, 2026
    Configuration menu
    Copy the full SHA
    b4040c5 View commit details
    Browse the repository at this point in the history
  6. fix(align): strip field comments from both diff sides (#89)

    * fix(align): strip field comments from both diff sides
    
    Upstream fieldalignment clears each field's Doc/Comment when building the
    suggested-fix text (golang/go#20744), so the proposed side of the diff
    never carried comments while the original side — read from raw source —
    did. A pure reordering therefore looked like it also deleted the field
    comments.
    
    Normalize both sides through a shared reprint helper that drops comments
    (by parsing without ParseComments) and keeps tags only when -tags is set,
    so the side-by-side diff shows only the reordering.
    
    Closes #88
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    * docs: use Markdown image tag for the diff screenshot
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
    peczenyj and claude authored May 29, 2026
    Configuration menu
    Copy the full SHA
    4d12d6a View commit details
    Browse the repository at this point in the history
  7. chore(release): v0.7.0

    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    peczenyj and claude committed May 29, 2026
    Configuration menu
    Copy the full SHA
    08fc9e8 View commit details
    Browse the repository at this point in the history
  8. Configuration menu
    Copy the full SHA
    242a4c9 View commit details
    Browse the repository at this point in the history
  9. fix(ci): correct cosign-installer pinned commit SHA

    The v3.5.0 pin pointed at 59acb623... which does not exist in
    sigstore/cosign-installer, so the release workflow failed at job setup
    (first triggered for v0.7.0, since the Cosign step was added after
    v0.6.1 in #84). Repin to the real v3.5.0 commit 59acb6260d9c.
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    peczenyj and claude committed May 29, 2026
    Configuration menu
    Copy the full SHA
    656d243 View commit details
    Browse the repository at this point in the history
  10. fix(ci): bump cosign-installer to v4.1.2 (cosign v3.0.6)

    cosign-installer v3.5.0 installs cosign v2.2.x, which cannot read the
    newer Sigstore bundle format goreleaser-action uses to verify its own
    binary download (v2.16.0), failing with "bundle does not contain cert
    for verification". v4.1.2 ships cosign v3.0.6, which understands it.
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    peczenyj and claude committed May 29, 2026
    Configuration menu
    Copy the full SHA
    25f13cb View commit details
    Browse the repository at this point in the history
Loading