feat(deps): Improved dependency management

[dpup]

• Add smart version resolution for runtimes (Go, Node, Python) - specify go@1.22 and it resolves to the
  latest patch version automatically
• Add dynamic package manager support with npm:, pip:, uv:, cargo:, and go: prefixes for installing packages
  directly from package managers
• Expand the dependency registry with common dev tools (uv, ruff, golangci-lint, ripgrep, etc.) and
  meta-bundles (python-dev, go-extras)
• Fix OAuth token extraction when tokens wrap across multiple lines in terminal output
• Improve container firewall reliability with iptables -w flag and conntrack module

Details

Version Resolution

Previously, go@1.25 would fail because only exact versions were supported. Now version specs like go@1.22
resolve to the latest stable patch (e.g., 1.22.12) by querying official APIs:

• Go: go.dev/dl/?mode=json
• Node: nodejs.org/dist/index.json
• Python: Curated list of available Docker image versions

Resolutions are cached for 24 hours in ~/.moat/cache/versions.json.

Dynamic Package Managers

Install packages directly from package managers without pre-registering them:

  dependencies:
    - node@20
    - npm:eslint              # npm install -g eslint
    - python@3.12
    - pip:pytest              # pip install pytest
    - uv:ruff                 # uv tool install ruff
    - go@1.22
    - go:golang.org/x/tools/gopls  # go install ...@latest
    - cargo:ripgrep           # cargo install ripgrep

Registry Expansion

New first-class dependencies:

• Python: uv, ruff, black, mypy, pytest
• Go: golangci-lint, gofumpt, govulncheck, goreleaser
• CLI tools: jq, yq, fzf, ripgrep, fd, bat, delta, lazygit
• Meta-bundles: python-dev, go-extras, cli-essentials

Bug fixes

• Use iptables -w to wait for xtables lock (fixes intermittent exit code 4)
• Use conntrack module instead of state for better container compatibility
• Run iptables as root user explicitly
• Fix claude login when token wraps in terminal

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Smart Version Resolution and Dynamic Package Manager Support

This is a substantial feature addition that significantly improves the dependency management system. The implementation is well-designed with good separation of concerns, comprehensive testing, and thoughtful error handling.

Strengths

Architecture & Code Organization

• Excellent separation of concerns with dedicated version resolver packages
• Well-structured caching layer with 24-hour TTL
• Smart base image selection for official runtime images

Security Practices

• Thorough input validation to prevent shell injection
• Package name validation for each package manager type
• iptables improvements with -w flag and conntrack module
• OAuth token handling properly handles multi-line wrapping

Test Coverage

• Comprehensive unit tests (1,616+ lines)
• Version resolver tests for each runtime
• Edge cases well covered
• E2E tests added

Error Messages

• Actionable with suggestions
• Clear dependency requirements
• Context-aware version information

Issues & Concerns

1. Security: Command Injection Risk (internal/deps/install.go:246-301)
Package names in dynamic dependencies aren't shell-quoted. While validation helps, recommend using proper quoting for npm, pip, uv, cargo, and go install commands.

2. Error Handling: Silent Cache Failures (cache.go:92, 126)
Cache load/save errors are silently ignored. Recommend logging warnings so users know about permission issues or disk problems.

3. Reliability: HTTP Client Timeouts (go.go:141, node.go:156)
Custom HTTPClient might not have timeout set. Should enforce timeout even for custom clients to prevent hangs.

4. Race Condition: Cache Map Access (cache.go:142-154)
load() is called without mutex protection. Could race if multiple goroutines create caches concurrently. Add mutex.Lock() when updating entries.

5. Type Safety: Node.js LTS Field (node.go:141)
LTS field is 'any' type. Recommend adding type assertion for robustness.

6. Maintenance: Python Versions (python.go:24-36)
Hardcoded Python versions need manual updates. Add comment about update frequency.

Minor Issues

• Code duplication in architecture detection (extract helper)
• No validation for empty dependency lists
• Error messages could include URLs to check versions
• List() function sorts on every call (could cache)

Security Summary

Area	Status	Notes
Input validation	Good	Version strings validated
Package names	Minor issue	Need shell quoting
HTTP requests	Good	Timeouts configured
Firewall (iptables)	Excellent	-w flag and conntrack
OAuth tokens	Good	Multi-line handling

Recommendations

High Priority:

1. Add shell quoting to dynamic package commands (security)
2. Fix cache race condition with mutex (concurrency)

Medium Priority:
3. Log cache failures
4. Enforce HTTP timeouts for custom clients
5. Add type assertion for Node.js LTS

Low Priority:
6. Extract architecture detection helper
7. Document Python version update schedule
8. Enhance error messages with URLs

Conclusion

This PR represents high-quality work with excellent design, comprehensive testing, and good security practices. The issues are mostly minor and do not block merging.

Recommendation: Approve with minor fixes

The high-priority items (shell quoting, cache mutex) are straightforward fixes. Everything else can be addressed in follow-ups.

Great work on this feature!

[claude]

📦 Previous Review (superseded by newer review)

Code Review: Improved dependency management

This is a well-designed and comprehensive enhancement to moat's dependency system. The PR adds smart version resolution, dynamic package managers, and improved container reliability. The code quality is high with good test coverage and clean abstractions.

---

Strengths

Architecture & Design

• Clean separation of concerns: Version resolution is properly isolated in internal/deps/versions/ with a well-defined Resolver interface
• Caching strategy: 24-hour TTL on version resolutions prevents excessive API calls while staying reasonably fresh
• Extensible parser: The dynamic prefix system (npm:, pip:, etc.) is elegant and easy to extend
• Strong validation: Input validation in parser.go properly prevents shell injection by restricting version strings to alphanumeric + dots/hyphens/underscores (line 215-226)

Security

• Input sanitization: All package names and versions are validated against strict character sets before being interpolated into shell commands
• No arbitrary code execution: Dynamic dependencies still go through validation
• Firewall improvements: The iptables -w flag and conntrack module changes are solid fixes for container reliability

Code Quality

• Excellent test coverage: Unit tests for all three resolvers (Go, Node, Python) with mocked HTTP responses
• Good error messages: Following CLAUDE.md guidance - errors include actionable steps
• Documentation: Examples in examples/go-dev/ show real-world usage patterns

---

Issues & Suggestions

1. Security: OAuth token extraction (cmd/moat/cli/grant.go:417-437) - Severity: Medium

The isTokenContinuation function accepts ANY line containing only alphanumeric/underscore/hyphen characters as a token continuation. This could potentially concatenate unrelated lines if the terminal output format changes (e.g., a line like "Loading" or "1234567890").

Recommendation: Add a maximum length check or verify the concatenated result matches the expected token pattern incrementally.

2. Version resolution network failures (internal/deps/versions/*.go) - Severity: Low

The resolvers fetch from remote APIs but don't implement retry logic. In CI/CD environments with transient network issues, builds could fail unnecessarily. The cache helps, but fresh cache misses are vulnerable.

Recommendation: Consider adding retry logic or documenting that users should handle network failures externally.

3. Go version resolution edge case (internal/deps/versions/go.go:66-80) - Severity: Low

When matching Go versions, the code looks for both go1.22.X and go1.22 (exact match). If both exist, both are added to candidates. Sorting should handle this, but it's fragile.

Recommendation: Explicitly handle the .0 case or add a comment explaining why duplicates are safe.

4. Dynamic package version validation (internal/deps/parser.go:52-99) - Severity: Low

The parser validates package names but doesn't validate that versions follow semantic versioning patterns. This means npm:foo@../../etc/passwd would pass validation (though npm would reject it).

Recommendation: Consider validating semver/PEP440 patterns, or add a comment explaining defense-in-depth.

5. Python version list maintenance (internal/deps/versions/python.go:24-37) - Severity: Very Low

The hardcoded Python version list will require manual updates as new versions release.

Consider: Adding a comment with the last update date or a link to where to find new versions.

---

Test Coverage

Strong points:

• Unit tests for all three version resolvers with mock HTTP servers
• Parser tests cover scoped npm packages, Go module paths, edge cases
• Dynamic dependency implicit requirements tested

Missing coverage:

• No E2E tests for the actual version resolution flow
• Install command generation for dynamic dependencies not tested end-to-end
• Cache persistence/loading not tested (cache.go:142-174)

Recommendation: Add an E2E test that parses go@1.22, resolves to actual latest patch, generates Dockerfile, and verifies resolved version appears.

---

Performance Considerations

1. Cache file I/O: Every Set() call writes to disk (cache.go:125). For bulk operations, consider batch writes.
2. HTTP timeouts: 30-second timeout is reasonable
3. Regex compilation: Compiled at package init - good

---

Recommendations Summary

Must fix before merge: None (no blocking issues)

Should fix:

1. Strengthen OAuth token continuation validation (security defense-in-depth)
2. Add E2E test for version resolution flow

Nice to have:
3. Add retry logic or document network failure handling
4. Clarify Go version .0 handling
5. Add cache tests
6. Update Python version list with maintenance comment

---

Final Verdict

Approve with suggestions. This is high-quality work that significantly enhances moat's usability. The architecture is sound, testing is thorough, and the feature set is well-scoped. The identified issues are minor and can be addressed in follow-up PRs if desired.

The smart version resolution and dynamic package managers are exactly the kind of developer experience improvements that will make moat more practical for real-world use cases.

Great work!

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Improved dependency management

This is a comprehensive enhancement to moats dependency system, adding smart version resolution, dynamic package manager support, and an expanded registry.

Code Quality and Architecture

Strengths:

• Excellent separation of concerns with the new internal/deps/versions/ package
• Robust input validation prevents shell injection (parser.go:215-226)
• Well-implemented 24-hour TTL cache with proper concurrency control
• Comprehensive test coverage with 1000+ lines of tests

Minor Suggestions:

1. HTTP timeouts missing in version resolvers - add 10 second timeout
2. Error context could be improved in cache.go:158
3. UID 5000 magic number could be a named constant

Security Considerations

Well Handled:

• Shell injection prevention via validPackageName regex and shellQuote()
• Version string validation prevents injection
• OAuth token wrapping fix properly validates token format

Concerns:

• TOCTOU in cache file operations (likely safe for CLI tool)
• Container iptables changes look good (-w flag, conntrack module)

Performance

Good:

• Cache reduces API calls (24hr TTL reasonable)
• Concurrent-safe cache with RWMutex
• Dockerfile layer optimization

Suggestions:

• Memory allocation in node resolver could be optimized
• List() sorts on every call - consider caching

Test Coverage

Excellent coverage but missing:

1. Cache expiry test
2. Concurrent cache access test
3. More malicious input test cases

Summary

Verdict: Approve with minor suggestions

High-quality work that enhances the dependency system. Secure, well-tested, follows Go best practices.

Priority before merge:

1. Add HTTP timeouts to version resolvers
2. Verify Python version resolver matches design
3. Add cache TTL expiry test

Great work! This will significantly improve developer experience.

[claude]

📦 Previous Review (superseded by newer review)

Code Review: Improved Dependency Management

This is a substantial and well-executed PR that adds sophisticated dependency management features. The implementation is high quality with excellent test coverage and thoughtful security considerations.

Strengths

1. Excellent Test Coverage

• Comprehensive unit tests for all new functionality (parser, install, versions)
• Shell injection prevention tests (parser_test.go:131-138)
• Multi-architecture testing for GitHub binary downloads
• E2E tests for the full flow

2. Strong Security Posture

• Input validation prevents shell injection via version strings (parser.go:216-225)
• Package name validation for all dynamic dependency types (parser.go:118-212)
• Shell quoting for dynamic packages (install.go:21-27)
• Validates scoped npm packages correctly to prevent malformed input

3. Smart Architecture Decisions

• Version cache with 24h TTL prevents API rate limiting (versions/cache.go)
• Graceful fallback on cache load errors (cache.go:93-97)
• Separation of concerns: parser, resolver, installer are cleanly separated
• Context propagation for HTTP requests allows proper timeout handling

4. Code Quality

• Clear, descriptive error messages with actionable guidance
• Comprehensive inline documentation
• Follows Go conventions and project style guide
• Good use of Go idioms (e.g., orDefault helper, parseSemver extraction)

5. Bug Fixes

• OAuth token wrapping fix is well-designed with isTokenContinuation helper
• Firewall reliability improvements with -w flag and conntrack module
• Explicit --user root for iptables commands

Issues & Recommendations

Critical

1. HTTP Client Timeout Mutation (versions/go.go:142-149, versions/node.go:159-166)

The code mutates the timeout on custom HTTP clients:

} else if client.Timeout == 0 {
    // Enforce timeout even for custom clients to prevent hangs
    client = &http.Client{
        Transport:     client.Transport,
        CheckRedirect: client.CheckRedirect,
        Jar:           client.Jar,
        Timeout:       30 * time.Second,
    }
}

Issue: This creates a new client with the same underlying Transport, CheckRedirect, and Jar but different timeout. If the caller reuses Transport, they share state but have different timeouts - this is confusing.

Recommendation: Either document this behavior clearly or simplify to always use http.DefaultClient if a custom client is provided with zero timeout.

2. Missing Context Enforcement in Version Resolvers

The resolvers accept context.Context but don't enforce request cancellation when context is cancelled before the HTTP request is made.

Recommendation: Add context deadline checks or use context.WithTimeout to wrap operations.

High Priority

3. Error Handling: Silent Iptables Failures (container/docker.go:245, container/apple.go:361)

iptables -w -F OUTPUT 2>/dev/null || true

This silently ignores flush failures. If iptables is missing or malfunctioning, the container won't be firewalled properly, but setup will succeed.

Recommendation: Check if iptables exists before attempting firewall setup, or at minimum verify that at least one iptables rule was successfully created.

4. Cache File Race Condition (versions/cache.go:168-185)

The save() method is called while holding a write lock, but file I/O can be slow. This could block concurrent reads.

Recommendation: Write to a temp file and rename atomically, or release the lock before I/O.

5. Regex Validation Inconsistency (install.go:16)

var validPackageName = regexp.MustCompile(`^[@a-zA-Z0-9._/-]+([@=]+[a-zA-Z0-9._/-]+)?$`)

This allows = for Python-style version specifiers but [@=]+ requires at least one @ or =. This means pkg==1.0 works but pkg=1.0 doesn't.

Recommendation: If single = should be invalid, document why. Otherwise, change to [@=]* or [@=]?.

Medium Priority

6. Version Resolution: No Pre-release Handling

The version resolvers filter for "stable" releases but don't document what happens if a user explicitly requests a pre-release version like go@1.23rc1.

Recommendation: Document behavior or add support for pre-release versions via flag/syntax.

7. Python Version Handling (install.go:54-73)

The Python runtime installer has a hardcoded fallback to 3.10 and doesn't actually install the requested version for anything other than 3.10:

if version == "3.10" || version == "" {
    // installs python3
} else {
    // Also installs python3, ignoring requested version
}

Recommendation: Either implement multi-version Python support or error if a non-default version is requested. The current behavior is misleading.

8. Node Resolver: Partial Version Ambiguity (versions/node.go:42-64)

When resolving partial versions, if user specifies "20", the code treats it as major-only and finds the latest in that major line. But the error message says "invalid format" for invalid input without clarifying that partial versions are allowed.

Recommendation: Update error messages to indicate that both partial (20, 20.11) and full (20.11.0) versions are accepted.

Low Priority

9. Code Duplication

The iptables setup scripts in docker.go:243-261 and apple.go:359-377 are identical. Consider extracting to a shared function.

10. Test Gap: Version Cache Expiration

Tests for versions/cache.go verify basic get/set but don't test TTL expiration behavior.

Recommendation: Add a test that sets an entry, manipulates time, and verifies expiration.

11. Magic Numbers

• Port 53 for DNS hardcoded in firewall rules (container/docker.go:254)
• UID 5000 hardcoded for container user (dockerfile.go:53)

These are documented but could be constants for easier maintenance.

Performance Considerations

Version Resolution Caching: The 24-hour cache is appropriate for stable releases. Good job avoiding repeated API calls.

Dockerfile Layer Optimization: Dependencies are properly categorized (dockerfile.go:73-89) for optimal Docker layer caching.

Concurrent HTTP Requests: The resolvers could fetch multiple runtime versions in parallel during ParseAll, but this is probably premature optimization given caching.

Security Assessment

Shell Injection Prevention: Excellent validation and quoting. The test suite explicitly checks for common injection patterns.

Firewall Configuration: The iptables rules are well-designed. The use of unique ports per run and cryptographic tokens for Apple containers is a sound security model.

Credential Handling: The OAuth token extraction fix is security-neutral (doesn't weaken the model).

Documentation Quality

The code is well-documented with:

• Clear function comments explaining purpose and behavior
• Inline comments for non-obvious logic
• Error messages that guide users to solutions

The plan document (docs/plans/2026-01-22-dependency-handling-v2.md) provides good context.

Recommendations Summary

1. Fix HTTP client timeout mutation - clarify or simplify the custom client handling
2. Add iptables existence check - don't silently skip firewall setup
3. Fix Python version installer - implement or error on unsupported versions
4. Optimize cache file I/O - avoid holding locks during disk writes
5. Add cache TTL tests - verify expiration behavior
6. Extract duplicated iptables script - DRY principle

Conclusion

This is high-quality work that significantly enhances moat's dependency management. The architecture is sound, security is well-considered, and test coverage is excellent. The issues identified are mostly minor refinements rather than fundamental problems.

The PR is ready to merge after addressing the Python version installer issue (#7) and HTTP client timeout behavior (#1), as these could cause user confusion. The other items can be addressed in follow-up work.

Approval: ✅ with minor fixes recommended

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Improved dependency management

This is a well-structured PR that adds significant functionality. The implementation is solid with good test coverage and thoughtful design. Here's my detailed feedback:

Strengths

1. Excellent test coverage: ~1400 lines of tests for parsers, version resolvers, and installation logic
2. Security-conscious: Shell injection prevention via shellQuote() and input validation (internal/deps/install.go:10-31, parser.go:214-226)
3. Smart caching: 24-hour TTL with atomic file writes (versions/cache.go:186-201)
4. Good error messages: Helpful suggestions with actionable guidance (parser.go:348-378)
5. Firewall improvements: Fixes iptables reliability with -w flag and conntrack module

Potential Issues

1. OAuth token extraction (grant.go:440-460)
The multi-line concatenation has no length limit. Recommendation: Add token length check (break if len > 200).

2. HTTP timeout handling (versions/go.go:148-154)
Only adds timeout if parent has no deadline. A 5-minute parent deadline bypasses the 30s timeout. Recommendation: Use unconditional timeout or compare with parent.

3. Version comparison (versions/node.go:209-228)
Ignores strconv.Atoi errors, treating invalid parts as 0. Recommendation: Handle errors to prevent silent failures.

Security Concerns

1. iptables -w flag (container/*.go)
Great addition but waits indefinitely by default. Could hang on lock contention. Recommendation: Use -w 5 for 5-second timeout.

2. Firewall bypass risk (docker.go:224-230)
Relies on port uniqueness vs IP filtering. ANY host service on same random port could be accessed. Recommendation: Document limitation or add IP filtering for Docker.

3. Root execution
iptables runs as root (necessary but elevates injection risk). Current validation appears sufficient.

Performance

• Version resolution adds 1-3s latency (first run only, then cached for 24h)
• Consider progress indication for better UX
• Cache uses atomic operations (good for concurrency)

Documentation & Testing

• Excellent test coverage with positive/negative cases
• E2E tests included (395 lines)
• Good examples in examples/go-dev/
• Missing: Docs on version resolution behavior and caching

Recommendations

Must fix:

1. Add token length check in OAuth extraction
2. Fix timeout behavior with parent context deadlines

Should consider:
3. Add iptables timeout (-w 5)
4. Document firewall security trade-offs
5. Handle version comparison errors

Nice to have:
6. Progress indication for network calls
7. Configurable cache TTL
8. Documentation updates

Conclusion

High-quality work that significantly improves dependency management. Well-tested and security-conscious. Concerns are mostly edge cases vs critical flaws.

Recommendation: Approve with minor fixes for token length and iptables timeout.

Great work on this substantial feature!

[claude]

📦 Previous Review (superseded by newer review)

Code Review: Improved Dependency Management

This is a substantial and well-architected PR that significantly enhances moat's dependency management capabilities. The changes are well-structured, thoroughly tested, and follow good security practices. Here's my detailed feedback:

🎯 Strengths

1. Excellent Architecture & Design

• Clean separation of concerns with dedicated versions/ package for version resolution
• Well-designed caching layer with atomic file writes and proper TTL handling (internal/deps/versions/cache.go:186-200)
• Smart interface design for Resolver that's extensible for future runtimes
• Thoughtful fallback strategy for Python runtime installation (internal/deps/install.go:60-74)

2. Strong Security Practices

• Comprehensive shell injection protection via validPackageName regex and shellQuote function (internal/deps/install.go:10-31)
• Proper validation of package names for each package manager type (internal/deps/parser.go:118-212)
• Version strings validated to prevent command injection (internal/deps/parser.go:215-226)
• Good use of single-quote escaping for shell safety

3. Excellent Test Coverage

• Added 1,811 lines of test code across 7 test files
• Comprehensive unit tests for parsers, resolvers, and install commands
• E2E tests for real-world scenarios (internal/e2e/e2e_test.go)
• Tests cover edge cases like scoped npm packages, version resolution, and error handling

4. Good Bug Fixes

• Fixed OAuth token extraction for multiline wrapping (cmd/moat/cli/grant.go:428-462)
• Improved iptables reliability with -w flag and conntrack module (internal/container/docker.go:240-257)
• Running iptables as root user explicitly (line 273)

🔍 Issues & Concerns

1. HTTP Timeout Handling (Medium Priority)

In both go.go:142-154 and node.go:159-171, the timeout logic has a subtle issue:

if _, hasDeadline := ctx.Deadline(); !hasDeadline {
    var cancel context.CancelFunc
    ctx, cancel = context.WithTimeout(ctx, 30*time.Second)
    defer cancel()
}

The defer cancel() will only be called when fetchReleases returns, but the context is passed to http.NewRequestWithContext below. If the parent context already has a deadline, the child request could still hang.

Recommendation: Always create a timeout context regardless, using the minimum of the existing deadline and 30s, or document why inheriting indefinite contexts is acceptable.

2. Version Cache Potential Race Condition (Low Priority)

In cache.go:120-144, the Set method copies data outside the lock for persistence:

c.mu.Lock()
c.entries[key] = cacheEntry{...}
data, err = c.marshalLocked()
c.mu.Unlock()

if c.path != "" && err == nil {
    if err := c.saveData(data); err != nil {
        // logs warning
    }
}

If multiple goroutines call Set concurrently, the persisted cache could be inconsistent with memory (the last to acquire the lock wins in memory, but the last to call saveData wins on disk).

Recommendation: This is likely acceptable for a cache with 24h TTL, but consider either:

• Documenting that concurrent Set calls may result in cache inconsistency
• Adding a write-through queue for serialized persistence
• Using a sync.Once or similar for batch persistence

3. Error Message Consistency

Some error messages lack actionable guidance that the codebase emphasizes (per CLAUDE.md). For example:

• versions/go.go:55: "invalid Go version format" - could suggest valid formats
• versions/node.go:49: Similar issue

Recommendation: Add examples to error messages like:

return "", fmt.Errorf("invalid Go version format %q: expected X.Y or X.Y.Z (e.g., 1.22 or 1.22.5)", version)

4. Docker Firewall Security Model (Documentation)

The firewall setup in docker.go:231-242 intentionally doesn't filter by destination IP for the proxy. The comment explains this is because host.docker.internal resolves to different IPs. However, this means ANY service on the proxy port can be reached.

Recommendation: While the current approach is pragmatic, consider:

• Documenting this security trade-off more prominently (perhaps in proxy package docs)
• Exploring whether resolving host.docker.internal inside container at firewall setup time is feasible
• Noting that the random port assignment is the primary security boundary

5. Go Package Path Validation (Low)

In parser.go:208-209, the validation requires at least one slash:

if !strings.Contains(pkg, "/") {
    return fmt.Errorf("invalid Go package path %q: must be a full module path", pkg)
}

This will reject valid short packages like "fmt" or "io". While users shouldn't install standard library packages, the error message could be more helpful.

Recommendation: Clarify error message: "must be a full module path (e.g., github.com/user/repo), not a standard library package"

🚀 Nice-to-Haves

1. Version Resolution Caching
The cache implementation is solid, but consider adding metrics/logging for:

• Cache hit/miss rates
• Resolution latency (cached vs uncached)
  This would help tune the 24h TTL

2. Offline Mode
For go.go, node.go, python.go - consider graceful degradation when APIs are unreachable:

• Return cached versions even if expired?
• Provide a "strict mode" flag?

3. Dynamic Dependency Versioning
Currently npm:eslint@8.0.0 uses exact versions. Consider supporting semver ranges like npm:eslint@^8.0.0 by passing through to the package manager.

4. Registry YAML Validation
Consider adding a test that validates the registry.yaml structure at build time to catch malformed entries early.

📝 Minor Nitpicks

1. internal/deps/parser.go:104: Comment says "strip scope for display if desired" but then doesn't - either remove comment or implement
2. internal/deps/versions/resolver.go:43: Regex pattern could benefit from a comment explaining the semver format
3. internal/e2e/e2e_test.go:43: Comment says "macOS 26+" but should be "macOS 15+" based on the context

✅ What's Great (Keep Doing This!)

1. Comprehensive inline documentation explaining WHY, not just WHAT
2. Excellent use of table-driven tests throughout
3. Proper context propagation in HTTP calls
4. Good separation between parsing, validation, and installation logic
5. Thoughtful handling of edge cases (scoped npm packages, ARM64 binaries, etc.)
6. Following Conventional Commits format

🎬 Summary

This is high-quality work that substantially improves moat's usability. The smart version resolution, dynamic package manager support, and expanded registry will make agent development much smoother. The few issues I've identified are mostly minor and don't block merging.

Recommendation: Merge after addressing the HTTP timeout handling and considering documentation improvements for the firewall security model. The other issues can be addressed in follow-up PRs if desired.

Great work! 🎉

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Improved dependency management

This PR introduces significant enhancements to the dependency management system with smart version resolution, dynamic package managers, and improved container firewall reliability. Overall, this is a well-designed and well-tested feature addition. Here's my detailed review:

Code Quality & Architecture ⭐⭐⭐⭐½

Strengths:

• Excellent separation of concerns: The new versions package cleanly abstracts version resolution with a clear Resolver interface
• Strong type safety: Good use of enums for InstallType and clear domain modeling with Dependency struct
• Comprehensive testing: ~1,500 lines of new tests covering unit, integration, and E2E scenarios
• Clear documentation: Functions have good docstrings explaining behavior and edge cases
• Defense in depth: Multiple validation layers (parsing → validation → shell quoting)

Areas for improvement:

• The shellQuote function uses a regex-based allowlist (internal/deps/install.go:20-30), which is good, but consider whether the pattern fully covers all legitimate cases (e.g., pip extras with brackets, complex version specifiers)

Security Analysis ⭐⭐⭐⭐⭐

Excellent security posture:

1. Command injection prevention (install.go:10-31):

   • Multi-layered defense: validation at parse time + shell quoting at execution time
   • The validPackageName regex is appropriately restrictive
   • Versions are validated to prevent shell metacharacters (parser.go:216-227)
   • Good use of allowlist approach rather than blocklist

2. Version validation (parser.go:216-227):

   • Only allows alphanumeric, dots, hyphens, underscores
   • Prevents injection via version strings like 1.0; rm -rf /

3. OAuth token extraction fix (grant.go:430-477):

   • The multi-line token handling is well-designed
   • isTokenContinuation properly validates characters before concatenating
   • Final regex validation ensures token integrity

4. Firewall improvements (docker.go:241, 251-267):

   • Adding -w flag prevents race conditions with iptables lock
   • Using conntrack instead of state is more reliable
   • Running as root user explicitly is correct for iptables

Recommendations:

• Consider adding rate limiting or caching for external API calls to prevent DoS via repeated version resolution requests
• The pip version separator regex (install.go:20) allows ==, >=, <=, ~= but intentionally excludes single =. Document this choice more clearly or add validation at parse time

Performance Considerations ⭐⭐⭐⭐

Good performance design:

1. Caching strategy (cache.go):

   • 24-hour TTL is reasonable for version resolution
   • Atomic write-temp-rename pattern prevents corruption
   • Good use of RWMutex for concurrent access
   • Graceful degradation if cache persistence fails

2. HTTP timeouts (resolver.go:14):

   • 30-second timeout prevents hanging on network issues
   • Context-aware requests allow cancellation

Potential concerns:

1. Cache concurrency (cache.go:120-150):

   • The comment at line 122-126 acknowledges that concurrent Set() calls may cause file writes to interleave
   • While this is acceptable for a cache, consider using sync.Mutex on the file write path or a single background goroutine to serialize writes
   • Current approach: last write wins, which may waste I/O on concurrent writes

2. Version API calls:

   • Each runtime makes a full API call even when resolving a single version
   • For Go: fetches ?include=all which could be large
   • Consider: Could the API support querying for a specific version range?
   • Mitigation: The cache helps here, but initial cache misses could be slow

Recommendations:

• Add metrics/logging for cache hit rates to monitor effectiveness
• Consider batching version resolutions if multiple dependencies are resolved simultaneously
• For the Go API, consider filtering client-side earlier if possible to reduce JSON parsing overhead

Bug Risk Assessment ⭐⭐⭐⭐

Low risk of bugs due to:

• Comprehensive test coverage (E2E tests for each major feature)
• Clear error messages with actionable guidance
• Validation at multiple stages

Potential edge cases to verify:

1. Scoped npm packages (parser.go:62-79):

   • The logic for parsing @scope/name@version is complex
   • Test coverage appears good, but verify packages like @types/node@20.0.0 work correctly
   • Edge case: What about @@invalid or @scope/@nested/name?

2. Version comparison (node.go:205-224):

   • The compareVersions function assumes versions have 3 parts
   • What about versions like 20.0.0-rc1 or 20.0.0+build123?
   • Pre-release versions are mentioned as "not filtered out but not specially handled" (node.go:35)
   • Consider: Should these be explicitly rejected or documented as unsupported?

3. Go package validation (parser.go:198-213):

   • Requires at least one slash (line 209)
   • Good: prevents go:fmt (stdlib)
   • Edge case: What about golang.org/x/tools vs golang.org/x/tools/cmd/gopls?
   • Both are valid, but only the latter is installable. The validation allows both.

4. Multi-architecture detection (install.go:174-201):

   • Uses uname -m and shell conditionals
   • Platform-specific: assumes x86_64 vs anything else = ARM64
   • What about other architectures (i386, ppc64le, s390x)?
   • Recommendation: More explicit architecture checking or document assumptions

Test Coverage ⭐⭐⭐⭐⭐

Excellent test coverage:

• Unit tests for all parsers (parser_test.go, versions/*_test.go)
• E2E tests for each runtime and package type
• Tests for dynamic dependencies
• Tests for meta bundles
• Firewall/proxy security tests

Test quality observations:

• Tests use table-driven approach (good Go practice)
• E2E tests verify actual behavior, not just mocks
• Tests include both success and failure cases

Recommendations:

• Add fuzzing tests for the parser (especially Parse and shellQuote)
• Add tests for concurrent cache access to verify thread safety
• Consider property-based testing for version resolution (all resolved versions should exist in available versions)

Documentation & Error Messages ⭐⭐⭐⭐⭐

Exceptionally good error messages:

Examples from parser.go:

return fmt.Errorf("%s requires %s\n\n  Add '%s' to your dependencies:\n    dependencies:\n      - %s\n      - %s", ...)

This follows the CLAUDE.md guidance perfectly:

• "Good error messages are documentation"
• "Include actionable steps"
• Shows exact YAML syntax to fix the problem

Code comments:

• Clear function docstrings
• Complex logic is explained (e.g., token continuation, architecture detection)
• Security rationale documented (e.g., why conntrack vs state)

Breaking Changes & Backward Compatibility ⭐⭐⭐⭐⭐

No breaking changes:

• Purely additive features
• Existing dependencies continue to work
• New syntax is opt-in (dynamic prefixes like npm:, version specs like @1.22)

Specific Issues & Recommendations

Critical

None identified

High Priority

1. Cache file permissions (cache.go:202)

   • File is written with mode 0o644 (world-readable)
   • Directory created with 0o755
   • The cache contains resolved versions, not sensitive data, but consider 0o600 for defense in depth
   • Location: internal/deps/versions/cache.go:202

2. HTTP client reuse (go.go:17, node.go:18)

   • Each resolver can optionally take an HTTPClient
   • If nil, uses http.DefaultClient
   • Good: allows dependency injection for testing
   • Recommendation: Document that callers should reuse clients to benefit from connection pooling
   • Consider: Should CachedResolverFor create a shared client?

Medium Priority

3. Error wrapping consistency (various files)

   • Most errors use fmt.Errorf(...: %w, ...) for wrapping (good)
   • Some use fmt.Errorf(...: %v, ...) which doesn't support unwrapping
   • Recommendation: Standardize on %w for all error wrapping

4. Dependency type string representation (parser.go:393-397)

   • InstallType.String() just casts to string
   • Consider: Should this return a more user-friendly name?
   • Current: "dynamic-npm", User-facing: "npm:package"
   • May be fine for internal use, but verify all call sites

5. Dockerfile generation (install.go:326-345)

   • The FormatForDockerfile always adds rm -rf /var/lib/apt/lists/* for multi-command runs
   • This assumes apt was used, which may not be true for all install types
   • Recommendation: Only add cleanup if apt commands were actually run

Low Priority

6. Version cache location (cache.go:217)

   • Hardcoded to ~/.moat/cache/versions.json
   • Consider: Environment variable override for testing/CI?
   • Fallback to in-memory cache is good (line 214)

7. Package display names (parser.go:101-116)

   • For Go packages, shows only the binary name (last path component)
   • Example: golang.org/x/tools/gopls → gopls
   • Good for display, but may cause confusion if two packages have the same binary name
   • Consider: Adding a way to see the full package path in verbose output

8. Firewall script execution (docker.go:239-268, apple.go:355-383)

   • The iptables script is executed as a single bash command
   • If any command fails, the || true on flush means subsequent commands still run
   • Good: Won't fail on initial setup
   • Consider: Should we verify the rules were actually applied?

Performance Benchmarks

Recommendation: Add benchmarks for:

• Parse and ParseAll (parser performance)
• shellQuote (string operations)
• Resolve with mock HTTP responses (version resolution overhead)
• Cache Get/Set operations

Summary

This is a high-quality PR that significantly enhances the dependency management system. The code is well-designed, thoroughly tested, and follows security best practices. The multi-layered validation approach for command injection prevention is exemplary.

Key strengths:

• Excellent security posture with defense in depth
• Comprehensive test coverage including E2E tests
• Clear, actionable error messages
• Good separation of concerns and abstractions
• Zero breaking changes

Recommended actions before merge:

1. ✅ Review cache file permissions (consider 0o600)
2. ✅ Add documentation about HTTP client reuse
3. ⚠️ Consider adding fuzz tests for parser
4. ⚠️ Verify scoped npm package edge cases
5. ⚠️ Document architecture assumptions for multi-arch support

Overall assessment: ✅ Approve with minor recommendations

This PR is ready to merge. The identified issues are minor and can be addressed in follow-up PRs if desired.

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Improved Dependency Management

This PR introduces significant improvements to dependency management with smart version resolution, dynamic package managers, and reliability fixes. The implementation is well-structured with excellent test coverage.

Strengths

Architecture & Design

• Clean separation with dedicated version resolution packages
• Well-designed Resolver interface for runtime-specific implementations
• Thoughtful 24h cache reduces API calls
• Dynamic package manager prefixes provide excellent UX

Security

• Strong input validation prevents shell injection
• Proper shell quoting handles special characters
• OAuth token extraction handles multi-line wrapping correctly

Testing

• Excellent coverage across parser, install, and version resolution
• Unit tests cover edge cases
• E2E tests validate container runtime behavior

Error Handling

• Helpful error messages with actionable guidance
• Context timeouts prevent API hangs
• Clear error propagation

Documentation

• Inline comments explain complex logic
• Function docs clarify behavior
• Registry expansion well-documented

Areas for Improvement

Concurrency Safety (Minor)
internal/deps/versions/cache.go:120-150 - Set method has potential file write races with concurrent calls. Acceptable for 24h TTL cache but worth documenting more explicitly.

Python Version Maintenance (Minor)
internal/deps/versions/python.go - Hardcoded version list has good maintenance docs. Consider CI check to remind quarterly updates.

Firewall Security Model (Observation)
Firewall intentionally does not filter by destination IP, relying on random port and token auth. Well-documented pragmatic trade-off.

Version Resolution Failures (Edge Case)
Resolvers fetch from external APIs. Build fails if APIs are down. Current fail-fast behavior is reasonable.

Potential Issues

Version Substitution (Low Risk)
internal/deps/install.go:241-253 - substituteAll uses simple string replacement where order matters. Consider documenting this dependency.

Test Coverage

Excellent coverage:

• Parser tests for dynamic deps and validation
• Version resolver tests for all runtimes
• Install command generation for multi-arch
• E2E tests for proxy and firewall
• Dockerfile generation tests

Recommendations

Must Fix: None - no blocking issues

Should Consider:

1. Document cache persistence race condition
2. Add cache metrics for observability
3. Integration test for API failure fallback

Nice to Have:

1. Automated Python version updates
2. Benchmark tests for version resolution

Summary

High-quality work with solid architecture, excellent security practices, comprehensive test coverage, clear documentation, and well-justified trade-offs.

Recommendation: Approve - Ready to merge

Great work!

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Improved dependency management

This PR introduces significant improvements to dependency management with smart version resolution, dynamic package manager support, and an expanded registry. The implementation is well-structured with comprehensive test coverage. Here are my findings:

✅ Strengths

1. Excellent Architecture & Design

• Clean separation of concerns with dedicated versions package for resolution logic
• Well-designed Resolver interface with caching wrapper pattern
• Strategic use of 24-hour cache to balance freshness and performance
• Thoughtful handling of multi-arch binaries with both new (Targets) and legacy paths

2. Strong Security Practices

• Comprehensive input validation preventing shell injection (validateVersion, validatePackageName)
• Proper shell quoting in shellQuote() function with fallback to single-quote escaping
• Security-conscious regex patterns limiting allowed characters
• Good firewall improvements with -w flag and conntrack module

3. Comprehensive Test Coverage

• 7 new test files with 1,702 additions across test files
• Unit tests for all resolvers (Go, Node, Python)
• E2E tests for proxy binding behavior
• Mock HTTP servers for testing version resolution

4. Great Error Messages

• Helpful suggestions when dependencies not found (e.g., "Did you mean 'node'?")
• Actionable error messages explaining what to add and where
• Clear validation errors with specific constraints

🔍 Issues & Concerns

1. Critical: Cache Concurrency Bug (cache.go:120-150)

The Cache.Set() method has a race condition that could corrupt the persisted cache file. Multiple concurrent Set() calls can release the lock, then interleave their saveData() writes. The last write wins, potentially losing earlier updates.

Example scenario:

1. Goroutine A: resolves go@1.22 → writes file
2. Goroutine B: resolves node@20 → writes file
3. Final file only contains node@20 entry, go@1.22 is lost

Recommendation: While the comment acknowledges this as acceptable for a 24h cache, consider either:

• Option A: Serialize persistence with a separate mutex/channel
• Option B: Add an atomic write counter and log warnings when files diverge
• Option C: Document the specific acceptable failure modes more explicitly

2. Security: Token Wrapping Logic Needs Validation (grant.go:440-463)

The extractOAuthToken() function concatenates lines without bounds checking:

for j := i + 1; j < len(lines); j++ {
    nextLine := strings.TrimSpace(lines[j])
    if isTokenContinuation(nextLine) {
        token += nextLine  // No max length check!

Concerns:

• Could concatenate unrelated alphanumeric text if terminal output is malformed
• No maximum token length check (could theoretically build a massive string)
• The regex validation happens AFTER concatenation

Recommendation: Add bounds checking:

const maxTokenLength = 256  // OAuth tokens shouldn't exceed this

for j := i + 1; j < len(lines) && len(token) < maxTokenLength; j++ {
    // ... existing logic
}

3. Bug: shellQuote Regex Allows Single = (install.go:10-31)

The validPackageName regex comment says "Single = is intentionally not allowed" but the pattern [@~<>=][=]? actually allows it:

// Pattern: [@~<>=][=]?[a-zA-Z0-9._/-]+
// This matches: "pkg=1.0.0" (single =)

Fix:

// Change from: [@~<>=][=]?
// To explicitly list valid operators:
var validPackageName = regexp.MustCompile(`^[@a-zA-Z0-9._/-]+(@|==|>=|<=|~=)[a-zA-Z0-9._/-]+$`)

4. Potential Issue: Go Package Validation Too Strict (parser.go:207-212)

if !strings.Contains(pkg, "/") {
    return fmt.Errorf("invalid Go package path...")
}

This blocks installing binaries from single-component module paths. While rare, they exist (e.g., github.com/foo without /cmd/bar).

Recommendation: Consider allowing paths with at least one / but not requiring multiple components.

5. Error Message Inconsistency

In install.go:246, error says "container will not be firewalled" but the function returns an error, which will stop container creation. Message should reflect that the operation fails, not continues.

📊 Performance Considerations

1. HTTP Timeout Handling

The 30-second HTTP timeout (resolver.go:14) is reasonable, but resolver implementations override the caller's context:

// In go.go, node.go, python.go
ctx, cancel := context.WithTimeout(ctx, httpTimeout)

This creates a NEW timeout instead of respecting the caller's context. If caller passes a context with 5s timeout, this overrides it to 30s.

Fix: Use context deadline if shorter:

deadline, ok := ctx.Deadline()
timeout := httpTimeout
if ok && time.Until(deadline) < timeout {
    timeout = time.Until(deadline)
}
reqCtx, cancel := context.WithTimeout(ctx, timeout)

2. Cache Performance

File I/O happens on every Set(). For high-concurrency scenarios, consider debouncing writes.

🎯 Code Quality

Good Practices:

• Atomic file writes with temp-and-rename pattern (cache.go:193-206)
• Proper use of MarshalIndent for human-readable cache files
• Architecture detection done at build time, not hardcoded

Documentation:

• Excellent inline comments explaining design decisions
• Good use of code examples in comments
• Registry YAML is well-structured and readable

Test Quality:

• Mock HTTP servers properly simulate upstream APIs
• E2E tests verify both Docker and Apple container behavior
• Good use of build tags (//go:build e2e)

🔒 Security Assessment

Firewall Improvements (✅ Good)

• Using -w flag prevents race conditions with xtables lock
• Using conntrack instead of state is more reliable
• Running as root is necessary and properly documented
• Error output now captured for debugging

Dynamic Dependencies (⚠️ Needs attention)

• Input validation is strong overall
• Shell quoting logic is good but regex needs fix (see issue feat(audit): add tamper-proof audit logging with cryptographic verification #3)

📝 Minor Suggestions

1. Cache Key Format: Consider including resolution date to allow cache invalidation strategies
2. Dockerfile Refactoring: Consider extracting categorization logic for testability
3. Registry YAML: Consider adding deprecated field with migration paths
4. E2E Tests: Add test for concurrent version resolutions to validate cache behavior
5. Proxy Docs: The firewall security comment (proxy.go:28+) is excellent - consider extracting to SECURITY.md

🎓 Overall Assessment

This is a high-quality PR with thoughtful design, comprehensive testing, and significant user-facing value. Issues identified:

• 1 Critical: Cache concurrency (acceptable per comments, but risky)
• 2 High: Token extraction safety, shell quote regex bug
• 2 Medium: Go package validation strictness, error messages
• Several Minor: Performance optimizations, documentation improvements

Recommendation: Request changes to address the regex bug (#3) and token safety (#2). The cache concurrency issue (#1) is acceptable if the team is comfortable with eventual consistency semantics, but should be explicitly tested.

---

Action Items

Must Fix Before Merge:

1. Fix validPackageName regex to properly reject single =
2. Add bounds checking to extractOAuthToken() concatenation loop

Should Fix:
3. Document cache concurrency expectations or add test
4. Fix context timeout override in resolver implementations

Nice to Have:
5. Relax Go package validation to allow single-component paths
6. Improve iptables error message wording

[claude]

📦 Previous Review (superseded by newer review)

Code Review: Improved Dependency Management (PR #52)

This PR introduces significant improvements to moat's dependency handling system. The implementation is well-designed and follows good software engineering practices.

Summary

What Changed:

• Smart version resolution for runtimes (Go, Node, Python) with automatic patch version lookup
• Dynamic package manager support (npm:, pip:, uv:, cargo:, go: prefixes)
• Expanded dependency registry with 30+ new tools and meta-bundles
• Bug fixes for OAuth token extraction and container firewall reliability

Overall Assessment: ✅ Approve with minor suggestions

---

Strengths

1. Architecture & Design ⭐⭐⭐⭐⭐

• Clean separation of concerns with dedicated versions/ package
• Extensible design allows easy addition of new package managers
• Smart caching (24h TTL) balances freshness with performance
• Implicit requirement resolution (e.g., npm:eslint auto-requires node) is elegant

2. Test Coverage ⭐⭐⭐⭐⭐

• 1,581 lines of new tests across all components
• Comprehensive edge case coverage (scoped packages, multi-arch, token wrapping)
• Good use of table-driven tests

3. Security ⭐⭐⭐⭐

• Package name validation prevents shell injection
• Proper shell quoting with shellQuote()
• Container firewall improvements with -w flag and conntrack

4. Documentation ⭐⭐⭐⭐

• Detailed implementation plan in docs/plans/
• Clear code comments
• Good example in examples/go-dev/

---

Issues Found

High Priority

🐛 Bug: Dynamic Go Package Versioning (internal/deps/install.go:1996-2008)

case TypeDynamicGo:
    pkg := dep.Package
    if dep.Version != "" {
        pkg = pkg + "@" + dep.Version
    }
    return InstallCommands{
        Commands: []string{
            fmt.Sprintf("GOBIN=/usr/local/bin go install %s@latest", shellQuote(pkg)),
        },
    }

Issue: Always appends @latest even when version is in pkg, resulting in pkg@version@latest which doesn't work.
Fix: Use version when specified:

suffix := "@latest"
if dep.Version != "" {
    suffix = "@" + dep.Version
}
fmt.Sprintf("GOBIN=/usr/local/bin go install %s%s", shellQuote(dep.Package), suffix)

Medium Priority

1. Version Cache Invalidation
No way for users to force cache refresh. Consider adding --no-cache flag.

2. Architecture Detection Duplication
Multiple different patterns for arch detection across codebase. Should consolidate into helper function.

3. HTTP Retry Logic
Version API calls have 30s timeout but no retry logic for transient failures.

Low Priority

1. Cache File Permissions (internal/deps/versions/cache.go:162)
Uses 0644 (world-readable). Should use 0600 for security.

2. Token Extraction Edge Cases (cmd/moat/cli/grant.go:48)
Very permissive continuation detection. Consider adding length limits.

3. Registry Version Staleness
Some defaults are outdated (e.g., golangci-lint 1.55.2 vs current 1.62+)

---

Performance Considerations

✅ Good:

• Effective caching with 24h TTL
• Smart base image selection
• Categorized Dockerfile generation

Potential Improvements:

• Parallel version resolution for multiple runtimes
• Cache preloading on installation

---

Test Coverage

Excellent coverage across:

• Parser: 388 lines testing dynamic deps, scoped packages, validation
• Install: 466 lines testing all package managers, multi-arch
• Dockerfile: 309 lines testing categorization, base images
• Version resolvers: 542 lines combined
• E2E: 396 lines integration tests

Missing coverage:

• Cache expiration/TTL enforcement
• Concurrent cache access
• Network timeout scenarios
• Firewall failure recovery

---

Recommendations

Before Merge:

• ⚠️ Fix the Dynamic Go versioning bug (high priority)
• ✅ Verify all tests pass

Post-Merge:

• Add cache invalidation command
• Consolidate architecture detection
• Update registry versions
• Consider retry logic for version APIs

---

Conclusion

This is a high-quality PR with thoughtful design, comprehensive tests, and strong security practices. The one bug in Dynamic Go package versioning should be fixed before merge.

Recommendation: ✅ Approve after fixing Go versioning bug

Great work! This significantly improves moat's usability. 🎉

[claude]

📦 Previous Review (superseded by newer review)

Code Review: Improved Dependency Management

This is a substantial PR that adds significant functionality to moat's dependency system. The implementation is well-architected with good separation of concerns and comprehensive test coverage. Below are my findings organized by category.

Summary

Strengths:

• Well-designed version resolution system with proper caching
• Comprehensive test coverage for new functionality (2,300+ lines of tests)
• Good security practices (shell quoting, validation)
• Clear documentation and error messages
• Thoughtful handling of edge cases

Areas for Improvement:

• Version cache infrastructure not yet integrated
• Some thread safety optimizations could be enhanced
• Minor validation gaps in dynamic package handling

---

Code Quality & Architecture

Excellent Design Patterns:

1. Version Resolution System (internal/deps/versions/): Clean interface-based design with Resolver abstraction and CachedResolver wrapper. Each runtime (Go, Node, Python) has its own implementation.

2. Parser Refactoring (internal/deps/parser.go:2227-2428): The dynamic dependency prefix system is extensible

3. Shell Injection Protection (internal/deps/install.go:5301-5310): Proper shell quoting for dynamic packages

Good Error Messages: The PR follows CLAUDE.md guidance on actionable error messages.

---

Security Concerns

OAuth Token Extraction (cmd/moat/cli/grant.go:430-461)

✅ The fix for multi-line token wrapping is implemented correctly with proper validation
✅ Token is validated against regex pattern after reassembly
✅ Only token-like characters are accepted in continuation lines

Firewall Improvements (internal/container/docker.go:245-270, apple.go:357-383)

Three important fixes applied consistently:

1. -w flag: Waits for xtables lock instead of failing with exit code 4
2. conntrack module: More reliable than state module in containers
3. Root user: Explicitly runs iptables as root

These changes address real operational issues and improve reliability.

Shell Quoting for Dynamic Packages

All dynamic package commands properly quote inputs. However, there's a validation gap: The shellQuote function relies on validPackageName regex, but I couldn't locate where this is defined in the code.

❓ Question: Where is validPackageName regex defined? If it's missing, shellQuote will always fall back to quoting (which is safer but may indicate missing validation).

---

Potential Bugs & Issues

1. Version Cache Not Integrated

The caching system (internal/deps/versions/cache.go) is fully implemented but not used anywhere:

• No callers to CachedResolverFor(), NewCache(), or DefaultCache()
• Tests directly use resolvers without caching

Impact: Version resolution will hit external APIs on every build until cache is wired up.

❓ Question: Is this intentionally deferred to a follow-up PR? The infrastructure is solid, just needs integration.

2. Concurrent Cache Writes (cache.go:5514-5540)

The cache releases the lock before disk I/O to avoid blocking readers. If two goroutines call Set concurrently, the disk file may not reflect the final in-memory state. The code acknowledges this with a comment: "acceptable for a cache with 24h TTL."

Analysis: This is a reasonable trade-off for a cache. The comment explains it well. No action required.

3. Python Version Resolution

Uses a hardcoded list instead of an API. This requires manual maintenance when new Python versions release, but the code documents this limitation.

4. Dynamic Package Version Syntax

Different package managers use different version syntaxes (npm: @, pip: ==, go: @v, etc.). The implementation handles this correctly and tests verify each syntax.

✅ Good: Tests cover all package manager syntaxes

---

Performance Considerations

1. HTTP Timeout Handling

Good pattern with bounded contexts to prevent hangs. Verify httpTimeout is reasonable (10-30 seconds suggested).

2. Test Timeout Standardization

Changed from inconsistent timeouts (2, 5, 8 minutes) to standardized 10 minutes.

✅ Good: Addresses flaky tests from slow Docker image downloads

3. Parallel Test Execution

Registry URL validation tests run in parallel, speeding up the test suite.

4. Version Cache Design

24-hour TTL is appropriate for balancing freshness vs. performance.

---

Test Coverage

Excellent Coverage:

New test files add ~2,300 lines of tests:

• dockerfile_test.go: 309 lines
• install_test.go: 466 lines
• parser_test.go: 388 lines
• versions/*_test.go: ~800 lines combined
• e2e_test.go: +395 lines

Test Quality:

• Mock HTTP servers for version resolution tests
• Edge cases covered (scoped npm packages, token continuation, architecture detection)
• E2E tests for real container workflows

Gap: No visible tests for cache.go itself (TTL expiration, persistence, thread safety). The cache is tested indirectly, but explicit unit tests would be valuable.

---

Documentation

Good Examples:

• Comprehensive plan document (643 lines) with design rationale
• Well-commented security model in proxy.go
• Firewall design rationale in container files
• Cache concurrency notes

CLAUDE.md Compliance:

✅ Uses conventional commits format
✅ No Co-Authored-By lines
✅ Error messages are actionable
✅ Generic placeholder names in examples

---

Minor Issues

1. Unused Variable: Explicitly documented (API consistency, IP filtering not used) ✅
2. Registry YAML: Grew from 3 to 196 entries - consider schema validation
3. TagPrefix Field: Handles repos without "v" prefix ✅
4. Command Field: Handles tools where binary name differs from package name ✅
5. Container Remove: Now ignores "not found" errors ✅

---

Recommendations Summary

Must Address:

1. ❓ Verify validPackageName regex is defined for shellQuote function
2. 📝 Document that version cache is not yet integrated (or integrate it)

Should Consider:

1. Add unit tests specifically for cache.go (TTL, persistence, concurrency)
2. Document Python version list maintenance process
3. Consider serializing cache disk writes to prevent interleaving

Nice to Have:

1. Add schema validation for registry.yaml
2. Consider adding a moat deps check command to validate dependencies

---

Verdict

This is high-quality work that significantly improves moat's dependency system. The architecture is sound, test coverage is excellent, and security practices are good. The main concern is that the version cache infrastructure is built but not yet wired up - clarify whether that's intentional for this PR.

The firewall and OAuth token fixes address real operational issues and are implemented correctly.

Recommendation: Approve with minor clarifications on cache integration plan and validPackageName regex.

---

Questions for Author

1. Is the version cache intentionally not integrated yet? Should this PR include the integration, or is that tracked separately?

2. Where is validPackageName regex defined? I see it used in shellQuote() but couldn't locate the definition.

3. Have you considered making the Python version list fetch from an API, or is the maintenance burden acceptable?

4. Any plans for fuzzing the parser given it handles user input that becomes shell commands?

[claude]

📦 Previous Review (superseded by newer review)

Pull Request Review: Improved Dependency Management

This PR adds significant enhancements to moat's dependency management system. The changes are well-structured and demonstrate careful attention to security, reliability, and user experience. Below is my detailed review.

Strengths

1. Smart Version Resolution
The implementation of version resolution for Go, Node, and Python is well-designed:

• Clean abstraction with the Resolver interface
• Proper caching (24h TTL) to avoid repeated API calls
• Good error handling - falls back to user-specified version if resolution fails
• HTTP timeouts properly configured (30s)
• The resolver implementations properly handle semver matching

2. Security Considerations
Several security improvements are evident:

• Shell injection prevention: The shellQuote() function with validPackageName regex prevents command injection in dynamic dependencies (internal/deps/install.go:10-31)
• Package name validation: Comprehensive validation for each package manager type with clear error messages
• Firewall improvements: Added -w flag for iptables to prevent lock contention and switched to conntrack module for better container compatibility
• Explicit root user for iptables commands (previously implicit)

3. Test Coverage
Excellent test coverage across the board:

• Unit tests for parsers, validators, and version resolvers
• E2E tests for real container scenarios
• Tests for OAuth token extraction with wrapped lines (fixing a real bug)
• Tests cover edge cases like scoped npm packages, Go packages with slashes, etc.

4. Code Quality

• Clear separation of concerns with new packages (internal/deps/versions)
• Good documentation and comments explaining design decisions
• Proper use of Go idioms (contexts, errors, defer)
• The categorization refactoring in dockerfile.go improves maintainability

Issues & Concerns

1. Security: Shell Quoting Incomplete
In internal/deps/install.go:25-31, the shellQuote() function has a logic flaw:

func shellQuote(s string) string {
	if validPackageName.MatchString(s) {
		return s
	}
	// Escape single quotes...
	return "'" + strings.ReplaceAll(s, "'", "'\"'\"'") + "'"
}

The regex allows some special characters but returns them unquoted. For example, pkg>=1.0.0 passes the regex but contains >= which could be interpreted by the shell. While the current regex is reasonably safe, the pattern is concerning because future regex changes might introduce vulnerabilities.

Recommendation: Either always quote (even validated strings), or add an explicit comment explaining why unquoted validated strings are safe.

2. Error Handling: OAuth Token Extraction
In cmd/moat/cli/grant.go:433-463, the extractOAuthToken() function silently returns empty string if validation fails after concatenation. Consider logging or returning a more descriptive error when token format is invalid after reassembly.

3. Version Resolution: Silent Failures
In internal/deps/resolve.go:54-59, resolution errors are silently ignored. While this is documented, users might not realize their version specs are failing to resolve. Consider logging a warning.

4. Concurrency: Cache Write Race
In internal/deps/versions/cache.go:127-150, the Set() method has a documented race condition for the persisted file when multiple goroutines write concurrently. While acceptable for a cache with 24h TTL, the comment should also mention that in-memory reads during concurrent writes are safe (protected by mutex).

5. Firewall: Error Message Improvement
The firewall setup now checks for iptables existence (internal/container/docker.go:244-247), but the error message could be more actionable. Consider adding a suggestion about which base images support iptables.

Minor Issues

1. Code Duplication
The firewall setup script is duplicated between docker.go and apple.go with only minor differences. Consider extracting to a shared function.

2. Magic Numbers

• httpTimeout = 30 * time.Second - reasonable but undocumented why 30s
• Cache TTL of 24h - should be configurable via environment variable for testing

3. Test Reliability
The E2E test TestProxyBindsToLocalhostOnly uses time.Sleep(500 * time.Millisecond) to wait for proxy startup. Consider using a retry loop with timeout for more reliability.

Overall Assessment

This is a high-quality PR that significantly improves moat's dependency management. The code is well-structured, secure (with minor caveats), and thoroughly tested.

Recommendation: Approve with minor changes

The security concerns are minor and shouldn't block merging. However, I recommend addressing the shell quoting clarity before merging to production.

Specific Action Items

Before merging:

1. Add comment explaining why shellQuote() can return unquoted strings safely
2. Consider adding warning log when version resolution fails silently

Follow-up PRs (can be done after merge):

1. Deduplicate firewall setup between docker.go and apple.go
2. Add environment variable for cache TTL
3. Replace sleep with retry loop in E2E tests

---

Code Quality: ⭐⭐⭐⭐⭐ (5/5)
Test Coverage: ⭐⭐⭐⭐⭐ (5/5)
Security: ⭐⭐⭐⭐ (4/5)
Documentation: ⭐⭐⭐⭐ (4/5)
Overall: ⭐⭐⭐⭐½ (4.5/5)

Great work! This PR represents a significant improvement to the codebase.

[claude]

Pull Request Review: Improved dependency management

This PR introduces significant enhancements to dependency management with smart version resolution, dynamic package manager support, and important bug fixes. The implementation is well-architected with comprehensive test coverage. Here's my detailed feedback:

---

✅ Strengths

1. Architecture & Design

• Clean separation of concerns with the versions package handling resolution independently
• Well-designed Resolver interface allows easy addition of new runtimes
• Caching layer (CachedResolver) properly wraps resolvers without mixing concerns
• Dynamic dependency prefixes (npm:, pip:, etc.) provide excellent UX

2. Security

• Strong input validation in parser.go with character-level checks preventing shell injection
• validPackageName regex in install.go adds defense-in-depth
• Proper shell quoting with shellQuote() function
• Version validation prevents dangerous characters in shell commands (lines 217-227 in parser.go)

3. Test Coverage

• Comprehensive unit tests for all version resolvers (Go, Node, Python)
• Parser tests cover edge cases (scoped packages, version specs, invalid inputs)
• E2E tests validate the full integration
• Mock HTTP clients in tests allow deterministic testing

4. Error Messages

• Excellent actionable error messages (e.g., parser.go:294-296 shows exactly what to add)
• Helpful suggestions for typos (suggestDep function)
• Clear validation messages guide users to correct syntax

---

⚠️ Issues & Concerns

1. Critical: Cache Concurrency Issue (cache.go:120-150)

The Set() method has a race condition with file persistence:

func (c *Cache) Set(key, version string) {
    c.mu.Lock()
    c.entries[key] = cacheEntry{...}
    
    var data []byte
    var err error
    if c.path != "" {
        data, err = c.marshalLocked()
    }
    c.mu.Unlock()
    
    // Persist outside the lock to avoid blocking readers during I/O
    if c.path != "" && err == nil {
        if err := c.saveData(data); err != nil { ... }
    }
}

Problem: If two goroutines call Set() concurrently:

• Thread A locks, adds entry1, marshals, unlocks
• Thread B locks, adds entry2, marshals, unlocks
• Thread A writes file (missing entry2)
• Thread B writes file (has both entries)

This can lead to lost cache entries. While the comment acknowledges this (lines 122-127), it's problematic for a cache meant to improve performance - users may see unnecessary re-fetches.

Recommendation: Either:

1. Use a write-through cache with single-writer pattern, or
2. Batch writes with debouncing (e.g., write every 5 seconds), or
3. Document that this is acceptable and tune TTL accordingly

2. Error Handling: Silently Ignoring Resolution Failures (resolve.go:54-59)

resolved, err := resolver.Resolve(ctx, dep.Version)
if err != nil {
    // If resolution fails, keep the original version
    continue
}

This silently falls back to the original version. Users won't know if go@1.22 failed to resolve vs. succeeded.

Recommendation: At minimum, log the error at debug level. Consider adding a --strict flag to fail on resolution errors.

3. Potential Shell Injection in Dynamic Go Packages (install.go:403)

case TypeDynamicGo:
    pkg := dep.Package
    version := "latest"
    if dep.Version != "" {
        version = "v" + dep.Version
    }
    return InstallCommands{
        Commands: []string{
            fmt.Sprintf("GOBIN=/usr/local/bin go install %s@%s", 
                shellQuote(pkg), shellQuote(version)),
        },
    }

The version gets "v" prepended before validation/quoting. If someone bypassed earlier validation, version="v1.0; rm -rf /" would be quoted as a single string, which is safe. However, this pattern is fragile.

Recommendation: Either validate the version string again after prepending, or restructure to quote before concatenation.

4. Python Version Resolution Mismatch (versions/python.go)

The Python resolver uses a hardcoded list of versions, which will become stale. Unlike Go/Node which query live APIs, Python versions must be manually updated.

Recommendation:

• Document this limitation prominently in code comments
• Consider querying Docker Hub API for python tags, or
• Document the maintenance process for updating the version list

5. Iptables Exit Code Ignored (docker.go:237-278)

The firewall setup now checks for iptables existence (good!), but doesn't validate the exit code of the iptables commands themselves:

iptables -w -F OUTPUT 2>/dev/null || true
iptables -w -A OUTPUT -o lo -j ACCEPT
# ... etc

The first command has || true (correct - flushing non-existent rules is fine), but subsequent commands don't check errors. If -A OUTPUT fails, the container might not be firewalled as expected.

Recommendation: Check the exit code of the exec and at least log a warning if non-zero.

---

🔍 Code Quality Issues

6. Magic Number: httpTimeout (versions/resolver.go:14)

const httpTimeout = 30 * time.Second

30 seconds is quite long for version API queries. Consider 10s or make it configurable.

7. Inconsistent Error Wrapping

Some places use fmt.Errorf("... %w") (good), others use fmt.Errorf("...: %v"). For example:

• go.go:48 uses %w ✅
• node.go:41 uses %w ✅
• parser.go:44 uses %w ✅

Actually, this is mostly consistent. Good job! But double-check any stragglers.

8. Global Variable (resolve.go:12)

var versionCache *versions.Cache

Global mutable state can cause issues in tests or concurrent usage. The SetVersionCache() escape hatch is provided for tests, but consider passing cache as a parameter instead.

Recommendation: Consider making cache part of a DependencyResolver struct that gets instantiated.

---

🧪 Testing Gaps

9. Missing Tests for Dynamic Package Edge Cases

The parseDynamicDep function (parser.go:52-98) handles complex scoped npm packages like @anthropic-ai/claude-code@1.0.0, but I don't see tests for:

• Multiple @ symbols: npm:@scope/name@1.0.0@beta (should reject)
• Unicode in package names
• Maximum length validation

10. No Tests for Cache Persistence Failures

What happens if saveData() consistently fails (disk full, permissions)? The in-memory cache works, but the warning logs will spam. Consider:

• Testing that repeated save failures don't log excessively
• Possibly backing off on failed writes

---

📝 Documentation & Usability

11. OAuth Token Extraction Fix

The multi-line token handling (grant.go:429-453) is a solid fix for the wrapped token issue. Good defensive programming with isTokenContinuation() validation.

Suggestion: Add a comment explaining why tokens wrap (terminal width) to help future maintainers understand the context.

12. Registry Expansion

The expanded registry.yaml adds many useful tools. Well done! Minor suggestion: consider adding comments to group tools by category for easier navigation:

# === Runtimes ===
- name: go
  type: runtime
  ...

# === Python Tools ===
- name: uv
  type: uv-tool
  ...

13. Iptables Conntrack Change

The switch from -m state --state to -m conntrack --ctstate (docker.go, apple.go) is correct - conntrack is indeed more reliable. Good fix!

Concern: Does conntrack module exist in all base images? Consider adding a fallback or validation.

---

🎯 Performance Considerations

14. Version Cache TTL

24-hour TTL (cache.go:15) seems reasonable, but for Go/Node which release patches frequently, this might serve stale versions. Consider:

• Shorter TTL for production use (6-12 hours)
• Cache invalidation command: moat cache clear

15. HTTP Timeouts on Context Cancellation

The version resolvers properly create bounded contexts (good!), but they use httpTimeout = 30s even if the parent context has a tighter deadline.

In go.go:149:

ctx, cancel := context.WithTimeout(ctx, httpTimeout)

If parent context has 5s remaining, this will still wait up to 30s. Consider:

deadline, ok := ctx.Deadline()
timeout := httpTimeout
if ok {
    remaining := time.Until(deadline)
    if remaining < timeout {
        timeout = remaining
    }
}
ctx, cancel := context.WithTimeout(ctx, timeout)

---

✨ Minor Suggestions

16. Consider adding validate subcommand: moat validate agent.yaml to check syntax before building
17. The packageDisplayName function (parser.go:101-116) strips paths for Go packages - consider making this behavior configurable
18. Add Prometheus/StatsD metrics for cache hit rate
19. Consider rate limiting API calls to go.dev/nodejs.org to be a good citizen

---

🎉 Summary

This is a high-quality PR with thoughtful design and strong security practices. The main concerns are:

1. Cache concurrency (medium severity - won't cause crashes but may hurt performance)
2. Silent error handling in version resolution (low severity - UX issue)
3. Iptables error checking (low severity - logging improvement)

Recommendation: Approve with minor changes

Address the cache concurrency issue and consider adding debug logging for resolution failures. Everything else is optional polish.

Great work on the comprehensive testing and security-focused implementation!

---

Files Reviewed: 29 changed files (+5073/-172)
Key Files: versions/cache.go, deps/parser.go, deps/install.go, container/docker.go, container/apple.go