style: normalize indentation from tabs to spaces

- Converted tab indentation to spaces across multiple files for consistency
- Updated Go version to 1.25.3 and refreshed dependency versions
- Replaced fmt.Errorf with errors.New for static error messages without formatting

Author: CodeMonkeyCybersecurity

cmd/create/repo.go

@@ -35,18 +35,22 @@ Examples:
 }
 
 func init() {
-	CreateCmd.AddCommand(createRepoCmd)
+    CreateCmd.AddCommand(createRepoCmd)
 
 	createRepoCmd.Flags().StringP("name", "n", "", "Repository name (default: directory name)")
 	createRepoCmd.Flags().StringP("description", "d", "", "Repository description")
 	createRepoCmd.Flags().BoolP("private", "p", false, "Make repository private")
 	createRepoCmd.Flags().StringP("org", "o", "", "Create repository under an organization")
 	createRepoCmd.Flags().String("remote", "origin", "Git remote name to use")
 	createRepoCmd.Flags().String("branch", "main", "Default branch name")
-	createRepoCmd.Flags().Bool("no-push", false, "Do not push to the remote after creation")
-	createRepoCmd.Flags().Bool("dry-run", false, "Show planned actions without applying changes")
-	createRepoCmd.Flags().Bool("non-interactive", false, "Disable interactive prompts")
-	createRepoCmd.Flags().Bool("save-config", false, "Persist answers for future runs in .eos/create-repo.yaml")
+    createRepoCmd.Flags().Bool("no-push", false, "Do not push to the remote after creation")
+    createRepoCmd.Flags().Bool("dry-run", false, "Show planned actions without applying changes")
+    createRepoCmd.Flags().Bool("non-interactive", false, "Disable interactive prompts")
+    createRepoCmd.Flags().Bool("save-config", false, "Persist answers for future runs in .eos/create-repo.yaml")
+    createRepoCmd.Flags().String("auth", "ssh", "Preferred auth for git remote: ssh or https")
+    createRepoCmd.Flags().Bool("auto-fix-ownership", false, "If run with sudo, chown the repo to the original user")
+    createRepoCmd.Flags().Bool("ssh-generate-key", true, "Generate an SSH key if missing when --auth=ssh")
+    createRepoCmd.Flags().Bool("configure-credential-helper", true, "Configure git credential.helper for HTTPS when --auth=https")
 }
 
 func runCreateRepo(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []string) error {
@@ -164,28 +168,36 @@ func runCreateRepo(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []string)
 
 	name, _ := cmd.Flags().GetString("name")
 	description, _ := cmd.Flags().GetString("description")
-	private, _ := cmd.Flags().GetBool("private")
-	org, _ := cmd.Flags().GetString("org")
-	remote, _ := cmd.Flags().GetString("remote")
-	branch, _ := cmd.Flags().GetString("branch")
-	noPush, _ := cmd.Flags().GetBool("no-push")
-	dryRun, _ := cmd.Flags().GetBool("dry-run")
-	// nonInteractive already parsed above for preflight checks
-	saveConfig, _ := cmd.Flags().GetBool("save-config")
-
-	opts := &repository.RepoOptions{
-		Path:           absPath,
-		Name:           name,
-		Description:    description,
-		Private:        private,
-		Organization:   org,
-		Remote:         remote,
-		Branch:         branch,
-		DryRun:         dryRun,
-		NoPush:         noPush,
-		NonInteractive: nonInteractive,
-		SaveConfig:     saveConfig,
-	}
+    private, _ := cmd.Flags().GetBool("private")
+    org, _ := cmd.Flags().GetString("org")
+    remote, _ := cmd.Flags().GetString("remote")
+    branch, _ := cmd.Flags().GetString("branch")
+    noPush, _ := cmd.Flags().GetBool("no-push")
+    dryRun, _ := cmd.Flags().GetBool("dry-run")
+    // nonInteractive already parsed above for preflight checks
+    saveConfig, _ := cmd.Flags().GetBool("save-config")
+    auth, _ := cmd.Flags().GetString("auth")
+    autoFixOwnership, _ := cmd.Flags().GetBool("auto-fix-ownership")
+    sshGenKey, _ := cmd.Flags().GetBool("ssh-generate-key")
+    cfgCredHelper, _ := cmd.Flags().GetBool("configure-credential-helper")
+
+    opts := &repository.RepoOptions{
+        Path:           absPath,
+        Name:           name,
+        Description:    description,
+        Private:        private,
+        Organization:   org,
+        Remote:         remote,
+        Branch:         branch,
+        DryRun:         dryRun,
+        NoPush:         noPush,
+        NonInteractive: nonInteractive,
+        SaveConfig:     saveConfig,
+        Auth:               strings.ToLower(strings.TrimSpace(auth)),
+        AutoFixOwnership:   autoFixOwnership,
+        SSHGenerateKey:     sshGenKey,
+        ConfigureCredHelper: cfgCredHelper,
+    }
 
 	prefsPath := repository.PreferencesPath(absPath)
 	prefs, err := repository.LoadRepoPreferences(prefsPath)

cmd/read/consul_token.go

@@ -80,17 +80,18 @@ func runConsulTokenRead(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []st
 
 	// ASSESS - Get Vault client
 	vaultClient, err := vault.GetVaultClient(rc)
-	if err != nil {
-		return eos_err.NewUserError(
-			"Failed to connect to Vault.\n\n" +
-				"The Consul bootstrap token is stored in Vault at:\n" +
-				"  secret/consul/bootstrap-token\n\n" +
-				"Remediation:\n" +
-				"  - Ensure Vault is installed: eos create vault\n" +
-				"  - Ensure Vault is unsealed: vault status\n" +
-				"  - Check Vault agent is running: systemctl status vault-agent-eos\n\n" +
-				fmt.Sprintf("Error: %v", err))
-	}
+    if err != nil {
+        return eos_err.NewUserError(
+            "Failed to connect to Vault.\n\n"+
+                "The Consul bootstrap token is stored in Vault at:\n"+
+                "  secret/consul/bootstrap-token\n\n"+
+                "Remediation:\n"+
+                "  - Ensure Vault is installed: eos create vault\n"+
+                "  - Ensure Vault is unsealed: vault status\n"+
+                "  - Check Vault agent is running: systemctl status vault-agent-eos\n\n"+
+                "Error: %v",
+            err)
+    }
 
 	// Discover environment from Consul (required for Vault path)
 	env, err := consulenv.DiscoverFromConsul(rc)
@@ -113,15 +114,16 @@ func runConsulTokenRead(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []st
 	logger.Info("Retrieving Consul bootstrap token from Vault")
 
 	token, err := consulacl.GetBootstrapTokenFromVault(rc, vaultClient, env)
-	if err != nil {
-		return eos_err.NewUserError(
-			"Failed to retrieve Consul bootstrap token from Vault.\n\n" +
-				"The token may not exist yet. Bootstrap ACLs first:\n" +
-				"  eos update consul --bootstrap-token\n\n" +
-				"Or check if token exists in Vault:\n" +
-				"  vault kv get secret/consul/bootstrap-token\n\n" +
-				fmt.Sprintf("Error: %v", err))
-	}
+    if err != nil {
+        return eos_err.NewUserError(
+            "Failed to retrieve Consul bootstrap token from Vault.\n\n"+
+                "The token may not exist yet. Bootstrap ACLs first:\n"+
+                "  eos update consul --bootstrap-token\n\n"+
+                "Or check if token exists in Vault:\n"+
+                "  vault kv get secret/consul/bootstrap-token\n\n"+
+                "Error: %v",
+            err)
+    }
 
 	if token == "" {
 		return eos_err.NewUserError(

cmd/update/consul.go

@@ -278,18 +278,18 @@ func runConsulUpdate(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []strin
 			return fmt.Errorf("failed to check existing environment in Consul: %w", err)
 		}
 
-		if existing != nil {
-			existingEnv := string(existing.Value)
-			return eos_err.NewUserError(
-				fmt.Sprintf("Environment already set to '%s' for node '%s'\n\n"+
-					"Changing environment requires privilege escalation for security.\n"+
-					"This prevents accidental environment changes that could expose production secrets.\n\n"+
-					"To change environment:\n"+
-					"  1. Delete existing key: consul kv delete %s\n"+
-					"  2. Re-run: eos update consul --environment %s\n\n"+
-					"WARNING: This is a security-critical operation. Ensure you understand the implications.",
-					existingEnv, hostname, kvPath, consulEnvironment))
-		}
+        if existing != nil {
+            existingEnv := string(existing.Value)
+            return eos_err.NewUserError(
+                "Environment already set to '%s' for node '%s'\n\n"+
+                    "Changing environment requires privilege escalation for security.\n"+
+                    "This prevents accidental environment changes that could expose production secrets.\n\n"+
+                    "To change environment:\n"+
+                    "  1. Delete existing key: consul kv delete %s\n"+
+                    "  2. Re-run: eos update consul --environment %s\n\n"+
+                    "WARNING: This is a security-critical operation. Ensure you understand the implications.",
+                existingEnv, hostname, kvPath, consulEnvironment)
+        }
 
 		// Confirm production changes
 		if consulEnvironment == string(sharedvault.EnvironmentProduction) {

go.mod

@@ -1,6 +1,6 @@
 module github.com/CodeMonkeyCybersecurity/eos
 
-go 1.25
+go 1.25.3
 
 require (
 	code.gitea.io/sdk/gitea v0.22.1
@@ -12,7 +12,7 @@ require (
 	github.com/charmbracelet/bubbletea v1.3.10
 	github.com/charmbracelet/lipgloss v1.1.0
 	github.com/cockroachdb/errors v1.12.0
-	github.com/docker/docker v28.5.1+incompatible
+	github.com/docker/docker v28.5.2+incompatible
 	github.com/docker/go-connections v0.6.0
 	github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6
 	github.com/emersion/go-smtp v0.24.0
@@ -28,7 +28,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-version v1.7.0
 	github.com/hashicorp/hcl/v2 v2.24.0
-	github.com/hashicorp/nomad/api v0.0.0-20251104073108-6235838dbf30
+	github.com/hashicorp/nomad/api v0.0.0-20251105172100-f20a01eda06e
 	github.com/hashicorp/terraform-exec v0.24.0
 	github.com/hashicorp/vault/api v1.22.0
 	github.com/hashicorp/vault/api/auth/approle v0.11.0
@@ -37,7 +37,7 @@ require (
 	github.com/joho/godotenv v1.5.1
 	github.com/lib/pq v1.10.9
 	github.com/olekukonko/tablewriter v1.1.0
-	github.com/open-policy-agent/opa v1.10.0
+	github.com/open-policy-agent/opa v1.10.1
 	github.com/redis/go-redis/v9 v9.16.0
 	github.com/sashabaranov/go-openai v1.41.2
 	github.com/shirou/gopsutil/v4 v4.25.10