Code review: Security fixes, documentation overhaul, CI/CD repair (cortexlinux#208)

Comprehensive code review and improvement of the Cortex Linux repository.

- Added command validation in coordinator.py to prevent shell injection
- Expanded dangerous command patterns in sandbox_executor.py (20+ new patterns)
- Created cortex/utils/commands.py with secure command execution utilities

- Created ASSESSMENT.md with full code audit report
- Created ROADMAP.md with prioritized improvement plan
- Rewrote README.md with comprehensive documentation
- Updated CONTRIBUTING.md with detailed guidelines
- Created CHANGELOG.md following Keep a Changelog format

- Fixed automation.yml (wrong test directory tests/ → test/)
- Added Python version matrix (3.10, 3.11, 3.12)
- Added lint job (black, pylint)
- Added security job (bandit, safety)
- Added coverage reporting with Codecov

- Created root requirements.txt with core dependencies
- Created requirements-dev.txt with dev dependencies
- Updated setup.py to use root requirements.txt
- Standardized Python version to >=3.10

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Mike Morgan <[email protected]>
Co-authored-by: Claude <[email protected]>

Author: 3 people

.github/workflows/automation.yml

@@ -9,24 +9,82 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
-    
+    strategy:
+      matrix:
+        python-version: ['3.10', '3.11', '3.12']
+
     steps:
-    - uses: actions/checkout@v3
-    
-    - name: Set up Python
-      uses: actions/setup-python@v4
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
       with:
-        python-version: '3.11'
-    
+        python-version: ${{ matrix.python-version }}
+
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
-    
+        pip install -r requirements.txt
+        pip install pytest pytest-cov pytest-mock
+
     - name: Run tests
       run: |
-        if [ -d tests ]; then
-          python -m pytest tests/ || echo "Tests not yet implemented"
-        else
-          echo "No tests directory found"
-        fi
+        python -m pytest test/ -v --cov=cortex --cov-report=xml --cov-report=term-missing
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      if: matrix.python-version == '3.11'
+      with:
+        file: ./coverage.xml
+        fail_ci_if_error: false
+
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+
+    - name: Install linting tools
+      run: |
+        python -m pip install --upgrade pip
+        pip install black pylint mypy
+
+    - name: Check formatting with black
+      run: |
+        black --check cortex/ || echo "::warning::Code formatting issues found. Run 'black cortex/' to fix."
+
+    - name: Lint with pylint
+      run: |
+        pylint cortex/ --exit-zero --output-format=text | tee pylint-report.txt
+        score=$(tail -n 2 pylint-report.txt | head -n 1 | grep -oP '\d+\.\d+')
+        echo "Pylint score: $score"
+
+  security:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11'
+
+    - name: Install security tools
+      run: |
+        python -m pip install --upgrade pip
+        pip install bandit safety
+
+    - name: Run Bandit security linter
+      run: |
+        bandit -r cortex/ -ll -ii || echo "::warning::Security issues found. Please review."
+
+    - name: Check dependencies with safety
+      run: |
+        pip install -r requirements.txt
+        safety check --full-report || echo "::warning::Vulnerable dependencies found."