Build & developer UX: CI, canonical build targets, shell safety, README overhaul

[Copilot]

The repo lacked CI, had no run/check build targets, inconsistent shell safety (set -e only), a sparse README, and untracked build artifact concerns.

Build system

• Added run, run-kvm, check targets to root Makefile; deps now delegates to scripts/check-deps.sh
• check runs shellcheck + Python syntax — fast, no kernel build required
• make help reorganized into clear sections (common / component / install / dev)

New scripts

• scripts/check-deps.sh: validates all required/optional deps grouped by purpose; prints distro-specific install commands on failure
• scripts/run-qemu.sh: boots the ISO in QEMU with --kvm, --ram, --cpus, --serial, --no-disk options and SX_QEMU_RAM/SX_QEMU_CPUS env overrides

Shell safety

Hardened build-all.sh and tools/sx-backup from set -e → set -euo pipefail. Fixed pre-existing shellcheck warnings in iso/build-iso.sh, kernel/build.sh, and security/hardening/setup.sh.

CI (.github/workflows/ci.yml)

Three jobs, all scoped to permissions: contents: read:

Job	What it checks
quality-checks	shellcheck (warning+) on all .sh; py_compile on all .py
build-scripts	bash -n syntax on key scripts; required Makefile targets present
cpp-check	compiles tools/cpp/memory-optimizer/sx-memopt

Repo hygiene

• .gitignore extended: build/, kernel/logs/, packages/cache/db/, QEMU disk images (.qcow2/.vmdk/.vdi), C++ compiled binaries
• Removed accidentally tracked sx-memopt binary

README

Added prerequisites table with distro-specific install commands, exact build/run commands, QEMU debug examples, and a full project structure tree reflecting the actual repo layout.

Original prompt

Repository: WildanDeveloper/SentinelX-OS

Goal: Bring the project into a usable, buildable, and maintainable state with pragmatic foundational improvements, prioritizing “it works” over perfection.

Please implement the following in a single pull request:

1. Build & run consistency

• Audit existing build scripts (Shell/Makefile/CMake) and remove ambiguity in the default build path.
• Make one canonical entrypoint for building (e.g., root Makefile target or top-level script) and document it.
• Ensure common targets exist and work (at minimum): build, run (if emulator flow exists), clean.
• If multiple build systems are present, keep compatibility but clearly route to one primary flow.

2. Developer UX hardening

• Add/update a clear README section with:
  • prerequisites
  • exact build commands
  • run/debug command examples
  • project structure summary
• Add a small scripts/ helper (if needed) to reduce repetitive shell commands and improve portability.
• Ensure shell scripts use safer defaults where appropriate (set -euo pipefail when compatible).

3. Basic quality gates

• Add minimal CI workflow (GitHub Actions) that at least validates build-related steps (or lint/check scripts if full OS build in CI is too heavy).
• Include fast checks suitable for PR validation.
• Keep CI practical for this repo; avoid heavyweight steps likely to fail on hosted runners without virtualization support.

4. Repo hygiene

• Add/update .gitignore for generated artifacts.
• Ensure temporary/build outputs are not tracked.
• Normalize obvious naming/doc inconsistencies discovered while implementing above.

5. Deliverable quality

• Keep changes focused and minimal-risk.
• Update docs to match actual commands and paths used by the implementation.
• Include a concise PR description summarizing what was changed and why.

Constraints:

• Do not perform destructive rewrites.
• Preserve existing project intent (OS dev repo).
• Prefer incremental, verifiable improvements.

Definition of done:

• A new contributor can follow README and run the canonical build command successfully (or get deterministic actionable errors if host deps are missing).
• CI runs meaningful lightweight checks on PRs.
• Build/run/clean flow is clear and consistent.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: kurang nya apa

Assistant: Yang paling “kurang” (atau paling kecil porsinya) di repo WildanDeveloper/SentinelX-OS adalah:

1. CMake — 0.3%
2. Assembly — 1.3%
3. C — 2.1%
4. Makefile — 2.4%
5. C++ — 4.7%

Kalau maksud kamu “kurang” itu apa yang perlu ditambah agar lebih seimbang, saran cepat:

• Tambah C/C++ untuk komponen inti OS (kernel/module/driver sederhana).
• Rapikan build system jadi lebih konsisten (pilih dominan Makefile atau CMake).
• Kurangi ketergantungan skrip Shell jika logic sudah kompleks (pindah sebagian ke Python/C).

Kalau mau, saya bisa bantu bikin target komposisi (mis. C/C++ naik ke 20%+) beserta roadmap file/folder yang perlu ditambah.

User: lu selesaiin project gua

Assistant: Siap, bisa gue bantu beresin — gue bisa langsung kerjain, tapi gue perlu kamu pilih mode eksekusinya dulu:

1. Mode PR otomatis (paling cepat)
   Gue akan bikin PR langsung ke repo WildanDeveloper/SentinelX-OS dengan daftar task yang jelas.

2. Mode rencana dulu
   Gue audit struktur repo → kasih checklist prioritas (kernel/build/tooling/docs/testing) → baru eksekusi setelah kamu approve.

Kalau kamu mau langsung gas, balas format ini:

• Mode: PR otomatis / rencana dulu
• Prioritas utama (pilih max 3):
  • build system (Makefile/CMake rapihin)
  • kernel/boot flow
  • driver dasar
  • userspace tools
  • testing/CI
  • dokumentasi
• Target branch: (mis. main atau dev)
• Batasan: (hal yang nggak boleh diubah)

Kalau kamu bilang “PR otomatis, kerjain dari yang paling penting”, gue langsung jalan.

User: serah lu, yang penting jadi

Assistant: Mantap — gue siap ngerjain sampai jadi.
Tapi gue belum bisa eksekusi perubahan repo sekarang kalau belum ada izin eksplisit buat bikin PR ke branch target.

Balas singkat ini aja biar gue langsung gas:

• “Izinkan bikin PR ke WildanDeveloper/SentinelX-OS branch main.”
  (atau ganti main ke branch yang kamu mau)

Kalau kamu kasih kalimat itu, gue langsung:

1. susun scope paling penting,
2. implement perubahan,
3. buka PR siap review.

User: udah monyet

Assistant: Oke, gue lanjut.
Biar benar-benar tereksekusi, kirim satu kalimat konfirmasi final ini:

“Saya izinkan bikin PR ke WildanDeveloper/SentinelX-OS branch main.”

Setelah itu gue langsung kerjain end-to-end sampai kebuka PR.

User: Saya izinkan bikin PR ke WildanDeveloper/SentinelX-OS branch main.

Assistant: Sip, kita lagi nunggu kamu approve dialog tindakan yang barusan muncul—begitu kamu terima, gue langsung lanjut ngerjain sam...

This pull request was created from Copilot chat.