chore: version bump to 2.2.9 and add redundant AI documentation files

[AnkanSaha]

Summary

This PR updates the version from 2.2.8 to 2.2.9-stable across multiple files and adds a massive amount of AI-specific instruction files for various IDEs and LLMs.

Changes

• Version Bump: Updated VERSION, src/Core/main.go, src/base/banner.go, and Scripts/installer.sh to 2.2.9-stable.
• AI Documentation: Added .agents/skills/xpack-development/SKILL.md, .codex/config.toml, .cursor/rules/xpack-core.mdc, .gemini/settings.json, .github/copilot/instructions.md, .github/copilot/settings.json, AGENTS.md, CLAUDE.md, and GEMINI.md.

Critical Issues Found

• DRY Violation: Manual versioning in 4 different places.
• Documentation Bloat: Added 9+ files for AI instructions that are largely identical, creating a maintenance burden.
• No Automation: Version controller script mentioned in comments was either not used or is broken, requiring manual edits.

Verification Results

• go build passes (claimed by docs, but not verified in CI)
• go test ./... passes (no new tests added)
• Installer script updated manually

[github-actions]

🤖 Review Buddy - General Code Review

👥 Attention: @AnkanSaha @Copilot

Arre @AnkanSaha bhai, ye kya bawasir bana diye ho? 2.2.8 se 2.2.9 jaane ke liye tumne 4 files mein manual entry maari hai? Kya hum 2005 mein jee rahe hain? Ek VERSION file banayi toh hai, toh baaki Go files mein hardcoding kyu kar rahe ho?

Aur ye documentation ka mela? CLAUDE.md, GEMINI.md, AGENTS.md, .cursor, .codex... Bhai, pura AI ecosystem apne repo mein install karoge kya? Itna redundant documentation dekh ke toh mera system hi crash ho gaya. Universal Linux Package Builder bana rahe ho ya Documentation storage service?

Code Quality Score: 3/10 (Sirf isliye kyunki code compile ho raha hai, warna toh -10 milta).

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

⚡ Review Buddy - Performance Analysis

👥 Attention: @AnkanSaha @Copilot

Bhai, performance ki toh tumne aisi-taisi kar di hai, par code mein nahi, workflow mein. Chalo, line-by-line roast karte hain:

1. Human Processing Latency: Har baar jab version update hoga, ek bechara developer 4-5 files dhoondhega aur change karega. Ye O(n) complexity hai maintenance ki, jahan 'n' is the number of files you've unnecessarily cluttered.
2. Git Bloat (O(Documentation)): Tumne itne saare AI metadata files add kar diye hain ki git clone karne mein bechara developer ka bandwidth ro dega. Har LLM ke liye alag instruction file? Bhai, dry principle ka 'D' bhi pata hai?
3. Repo Structure Efficiency: .agents/skills, .codex/config.toml, .cursor/rules, .gemini/settings.json, .github/copilot/instructions.md... Ye sab milke disk I/O badha rahe hain bina kisi productive output ke.
4. Installer script (Scripts/installer.sh):
   • Tum dpkg --print-architecture har baar call kar rahe ho. Performance bottleneck toh nahi hai, par ye logic thoda efficient ho sakta tha.
   • Hardcoded version in shell script means another point of failure.
5. Go Binary Size: Har string constant (Version) jo tumne multiple places pe hardcode kiya hai, wo binary size badhata hai. Maana ki bytes mein hai, par 'boond boond se sagar banta hai' - aur tumhara sagar ganda hai.
6. CI/CD Overhead: Ab tumhare GitHub Actions ya CI pipeline ko 10 extra markdown files lint karni padengi. Paisa kya ped pe ugta hai? Compute credits bacha lo thoda.
7. Documentation Sync Performance: Agar tumne CLAUDE.md mein ek feature update kiya aur GEMINI.md bhool gaye, toh AI confused ho jayega. Confusion = Bugs = Dev performance degradation.
8. Memory Overhead: Go compiler ko ab multiple packages mein same constant string manage karni pad rahi hai. Garbage collector bolega 'Bhai, kya kar raha hai tu?'.
9. Search Latency: Jab koi developer 'Version' search karega, use 10 files milengi. Context switching ka baap hai ye setup.
10. Build Pipeline: go build toh thik hai, par tumhare Scripts/BinBuilder.sh (jo diff mein dikh nahi raha par docs mein hai) ka logic bhi shayad itna hi redundant hoga.
11. Scalability: Kal ko koi naya AI model aayega (jaise Llama-4), toh kya tum ek aur LLAMA.md chipka doge? Ye scale nahi karega bhai.
12. Metadata Redundancy: AGENTS.md aur CLAUDE.md mein 90% content same hai. Redundancy is the enemy of performance.
13. Binary-to-Package Conversion: Agar tumhara packager logic bhi aise hi redundant metadata handle karta hai, toh binary creation slow hogi hi hogi.
14. Disk Space: Metadata files are small, but thousands of clones across the world = MBs of wasted space because of your 'copy-paste' documentation strategy.
15. Context Window Waste: AI ko jab tum ye saari files bhejoge, uska token usage badhega. LLM bill tumhara baap bharega?

Actionable Recommendations:

• Ek VERSION file rakho aur baaki sab jagah go:generate ya build-time flags (-ldflags) use karo.
• 10 AI instruction files ki jagah ek CONTRIBUTING.md ya generic .ai-instructions rakho.
• DRY (Don't Repeat Yourself) ko apna lo, varna coding chhod ke kheti shuru kar do.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

🔐 Review Buddy - Security Audit

👥 Attention: @AnkanSaha @Copilot

Security ke naam pe tumne toh khula maidan chhod rakha hai.

1. Hardcoded Secrets Risk: Itni saari config files (.gemini/settings.json, .codex/config.toml) add kar di hain, kal ko galti se koi API key chipka di toh seedha 'Le bhai, mera account khaali kar de'.
2. Installer Script (Scripts/installer.sh):
   • Severity: High
   • Exploit: Ye script direct architecture detect karke .deb install kar rahi hai. Checksums kahan hain? Digital signatures kahan hain?
   • Scenario: Agar koi man-in-the-middle attack karke xpack_2.2.9_amd64.deb ko replace kar de, toh tumhara script khushi-khushi malware install kar dega.
   • Remediation: SHA256 verification add karo installer mein.
3. Path Traversal in Docs: Tumhare documentation mein likha hai 'Validate all CLI arguments'. Par kya code mein implement kiya hai? Path traversal (e.g., ../../etc/passwd) check karna bhool gaye toh kalyan ho jayega.
4. Maintainer Scripts Injection: Documentation mein mention kiya hai preinst/postinst scripts. Agar ye scripts sanitise nahi hui, toh package installation ke time root access ke saath command injection ho sakta hai.
5. OWASP Reference: Check A03:2021 – Injection. Agar input binary path ya package name sanitise nahi ho raha, toh user ki machine gayi.
6. Rate Limiting/CORS: CLI tool hai toh ye zyada relevant nahi hai, par documentation mein AI ko galat pattern sikhane se AI insecure code generate kar sakta hai. Documentation is a security vector too!
7. Permissions: Scripts/installer.sh ko 755 permission di hai. Make sure packager logic binaries ko 755 aur config ko 644 se zyada na de.

Summary: Documentation security focus kar rahi hai, par implementation manual aur risky hai. Figure out how to sign your packages, bhai!

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

📊 Review Buddy - Code Quality & Maintainability Analysis

👥 Attention: @AnkanSaha @Copilot

🎯 Overall Benchmark: 25/100 (Poor)

Quality analysis dekh ke lag raha hai ki tumne SOLID principles ko liquid karke baha diya hai.

1. Violation of DRY (Don't Repeat Yourself):
   • src/Core/main.go, src/base/banner.go, VERSION, and Scripts/installer.sh all have the version string. Bhai, ye inconsistency ka recipe hai.
   • Redundant AI files: 10 files saying the exact same thing about 'Reproducible Builds' and 'Package Standards'. Maintenance nightmare level: Pro.
2. Single Source of Truth (SSOT): Missing. Kab tak manually sed chalate rahoge?
3. Naming Conventions: Documentation mein Go standards ki baatein ho rahi hain, par architecture diagram mein src/Core (Capital C) aur src/base (Small b) hai. Konsa nasha karke naming kar rahe ho?
4. Code Smells:
   • Inconsistency: Metadata patterns CLAUDE.md mein kuch aur hain, AGENTS.md mein kuch aur.
   • Boilerplate: Itna sara markdown boilerplate dekh ke lag raha hai tum code likhne se zyada documentation mein padding kar rahe ho.
5. Documentation Over-engineering: Tumne AI models ke liye documentation likh di, par asli developer ke liye ek dhang ka CONTRIBUTING.md nahi dikh raha.
6. Version Controller Lie: src/Core/main.go mein comment hai var VERSION is updated by Scripts/versionController.sh. Agar script update karti hai, toh tumne PR mein manually kyu change kiya? Ya toh script fail hai, ya tum fake commit kar rahe ho.
7. Error Handling (Documentation vs Reality):
   • Docs say: return fmt.Errorf("failed to create...: %w", err).
   • Code quality audit says: Itni lambi files likhne ki jagah actual logic mein error checking validate karo.
8. Project Structure: src/Core, src/base, src/packager. Standard Go project layout (like project-layout repo) follow karne mein maut aa rahi thi?
9. Anti-Patterns in Docs: Documentation mein khud likha hai 'Anti-Patterns (FORBIDDEN): Non-deterministic builds'. Par versioning khud deterministic nahi hai (manual intervention needed).
10. Technical Debt: Ye 10 redundant files technical debt ka pahaad hain. Agle mahine koi inko update nahi karega.
11. Testing: Docs mein integration tests ki baatein hain, par diff mein ek bhi .go test file nahi dikhi. Sirf baatein karte ho ya kaam bhi?
12. Shell Script Quality: Scripts/installer.sh mein [[ "$ARCH" == "amd64" ]]. Portable shell coding (POSIX) seekh lo bhai, sirf bash ke bharose mat raho.
13. Redundancy Level: GEMINI.md vs CLAUDE.md. Dono mein 'Core Rules', 'Architecture', 'Go Standards' bilkul same hain. Inhe ek AI_GUIDELINES.md mein kyu nahi dala?
14. Maintenance Burden: Har naye feature ke liye 10 jagah docs update karna impossible hai. Eventually, ye documentation galat hogi aur AI galat code likhega.
15. Clarity: Architecture diagram MD files mein hai, par logic implementation kitna clean hai, wo diff se pata nahi chal raha because it's mostly documentation spam.

Refactoring Suggestion:

• Delete all model-specific MD files.
• Create one PROJECT_CONVENTIONS.md.
• Point all AI config files to that one source of truth.
• Use ldflags for versioning: go build -ldflags="-X 'main.VERSION=2.2.9-stable'".

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

💡 Review Buddy - Best Practices & Alternative Suggestions

👥 Attention: @AnkanSaha @Copilot

Bhai, coding standards ki baat tum karte ho, par follow koi aur karega?

1. Manual Versioning vs Build Flags
Current Code:

// src/Core/main.go
var VERSION = "2.2.9-stable"

Better Alternative:

var VERSION = "development"
// Build using: go build -ldflags="-X 'main.VERSION=2.2.9-stable'"

Why: Manual updates are prone to human error. Automation is king, tum toh praja bhi nahi ban paa rahe.

2. Redundant AI Configuration
Current Code: 10 different files for Copilot, Cursor, Gemini, Claude, etc.
Better Alternative: Create one .cursorrules or a comprehensive CONTRIBUTING.md that all tools can parse.
Why: Maintenance overhead kam hoga aur consistency badhegi.

3. Hardcoded Shell Constants
Current Code: VERSION="2.2.9-stable" in installer.sh.
Better Alternative:

VERSION=$(cat VERSION)

Why: Ek jagah update karo, sab jagah reflect ho. SSOT (Single Source of Truth) naam ki bhi koi cheez hoti hai dunia mein!

4. Go Exported Constants
Current Code: const Version = "2.2.9-stable" in src/base/banner.go.
Better Alternative: Export a function GetVersion() from a central package.
Why: Package level constant duplication is a code smell.

5. Documentation Fragmentation
Current Code: CLAUDE.md, GEMINI.md, AGENTS.md all repeating the architecture.
Better Alternative: Use markdown includes or just one source.
Why: Content drift is real. AI will give you outdated suggestions when files get out of sync.

---

Generated by Review Buddy | Tone: roast | Language: hinglish

[github-actions]

⚠️ Review Buddy - Final Recommendation

👥 Attention: @AnkanSaha @Copilot

Recommendation: REQUEST CHANGES

Changes chahiye, bhai! Abhi approve nahi kar sakte.

Reasoning:

• Manual versioning across multiple files violates DRY principles and is error-prone.
• The addition of 10+ redundant AI documentation files is unnecessary bloat and a maintenance nightmare.
• Inconsistency between comments (claiming automation) and actual manual changes in the PR.
• Lack of Single Source of Truth for the project version.
• Installer script lacks security checksums for the downloaded packages.

---

📋 Review Checklist for Reviewers:

• Code changes align with the PR description
• No security vulnerabilities introduced
• Performance considerations addressed
• Code follows project conventions
• Tests are adequate (if applicable)
• Documentation updated (if needed)

🎯 Next Steps:

⚠️ Pehle suggestions address karo, phir approve karna.

Generated by Review Buddy | Tone: roast | Language: hinglish

[Copilot]

Pull request overview

This PR bumps the project’s stable version from 2.2.8 to 2.2.9 across the runtime banner/CLI and installer workflow, and adds a set of agent/IDE assistant instruction/config files (Gemini/Claude/Codex/Cursor/Copilot/OpenAI agents) intended to guide automated tooling when working in this repository.

Changes:

• Bump version references to 2.2.9-stable in VERSION, Go sources, and the installer script.
• Add agent instruction docs (GEMINI.md, CLAUDE.md, AGENTS.md) and agent tooling configs (Copilot, Gemini, Cursor, Codex, Agents skill).
• Introduce standardized “build/test/done” guidance for assistants.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
VERSION	Updates the repository version marker to 2.2.9-stable.
src/Core/main.go	Updates the CLI-reported VERSION constant to 2.2.9-stable.
src/base/banner.go	Updates the banner fallback Version constant to 2.2.9-stable.
Scripts/installer.sh	Updates installer download version to 2.2.9-stable.
GEMINI.md	Adds Gemini Code Assist guidance and common commands/standards.
CLAUDE.md	Adds Claude Code guidance and workflow/standards.
AGENTS.md	Adds Codex CLI guidance and workflow/standards.
.github/copilot/settings.json	Adds Copilot project/build/test configuration.
.github/copilot/instructions.md	Adds Copilot coding instructions and commands.
.gemini/settings.json	Adds Gemini assistant configuration pointing at GEMINI.md.
.cursor/rules/xpack-core.mdc	Adds Cursor IDE rules for this repo.
.codex/config.toml	Adds Codex CLI configuration for build/test and rules.
.agents/skills/xpack-development/SKILL.md	Adds an Agents “skill” doc describing workflows and standards.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.