clawdforge

Author SHA1 Message Date

Author	SHA1	Message	Date
Kayos	9866e97977	clients/java: apply audit findings — true streaming upload + token redaction (`0d3ee26` → next) MEDIUM: - C1: multipart upload now actually streams via SequenceInputStream + Files.newInputStream. Code comment + README + javadoc updated to match reality. Test added uploading 10 MiB file with received-bytes assertion bounding envelope overhead. - S1: AppToken.toString() override redacts token (was leaking plaintext via record auto-toString). LOW: - C2: RunResult.result null/missing-field handling — canonical-constructor coerces null/NullNode to MissingNode, javadoc updated. - C3: HTTP timeout lower bound: Math.max(5L, n + 30L). - C4: ForgeClient implements AutoCloseable (no-op on JDK 17, documented). - S4: javadoc warning on uploadFile path traversal / symlink follow. Quality: - Q1: package-info.java added for com.clawdforge.exception (clears pom.xml dead exclude). - C7: @JsonInclude(NON_DEFAULT) on POST DTOs (drops wire "created_at": 0). Deps: - jackson-databind/core/annotations 2.17.2 → 2.18.2 (2.17 EOL'd Aug 2025). Tests: 14 → 23 (9 added). Audit: memory/clawdforge-audits/java-0d3ee26.md	2026-04-28 23:20:45 -07:00
Kayos	0d3ee26e24	clients/java: initial Java SDK for clawdforge - Java 17, Maven, JDK java.net.http.HttpClient, Jackson 2.x - ForgeClient (builder), records for RunResult / FileToken / AppToken / HealthStatus - ApiException / AuthException / TransportException all extend ForgeException (RuntimeException) — checked exceptions feel un-modern in Java 17 - Multipart upload streams from disk via BodyPublishers.ofByteArrays - 14 JUnit 5 tests against in-process com.sun.net.httpserver — zero test deps beyond JUnit - mvn package / mvn test / mvn javadoc:javadoc clean - snake_case wire format mapped to camelCase Java accessors via @JsonProperty	2026-04-28 22:49:06 -07:00

Kayos

9866e97977

clients/java: apply audit findings — true streaming upload + token redaction (0d3ee26 → next)

MEDIUM:
- C1: multipart upload now actually streams via SequenceInputStream + Files.newInputStream. Code comment + README + javadoc updated to match reality. Test added uploading 10 MiB file with received-bytes assertion bounding envelope overhead.
- S1: AppToken.toString() override redacts token (was leaking plaintext via record auto-toString).

LOW:
- C2: RunResult.result null/missing-field handling — canonical-constructor coerces null/NullNode to MissingNode, javadoc updated.
- C3: HTTP timeout lower bound: Math.max(5L, n + 30L).
- C4: ForgeClient implements AutoCloseable (no-op on JDK 17, documented).
- S4: javadoc warning on uploadFile path traversal / symlink follow.

Quality:
- Q1: package-info.java added for com.clawdforge.exception (clears pom.xml dead exclude).
- C7: @JsonInclude(NON_DEFAULT) on POST DTOs (drops wire "created_at": 0).

Deps:
- jackson-databind/core/annotations 2.17.2 → 2.18.2 (2.17 EOL'd Aug 2025).

Tests: 14 → 23 (9 added).

Audit: memory/clawdforge-audits/java-0d3ee26.md

2026-04-28 23:20:45 -07:00

Kayos

0d3ee26e24

clients/java: initial Java SDK for clawdforge

- Java 17, Maven, JDK java.net.http.HttpClient, Jackson 2.x
- ForgeClient (builder), records for RunResult / FileToken / AppToken / HealthStatus
- ApiException / AuthException / TransportException all extend ForgeException
  (RuntimeException) — checked exceptions feel un-modern in Java 17
- Multipart upload streams from disk via BodyPublishers.ofByteArrays
- 14 JUnit 5 tests against in-process com.sun.net.httpserver — zero test deps
  beyond JUnit
- mvn package / mvn test / mvn javadoc:javadoc clean
- snake_case wire format mapped to camelCase Java accessors via @JsonProperty

2026-04-28 22:49:06 -07:00

2 commits