feat: Implement SSL Provider selection feature with tests and documentation

- Added functionality to select SSL Provider (Auto, Let's Encrypt, ZeroSSL) in the Caddy Manager.
- Updated the ApplyConfig method to handle different SSL provider settings and staging flags.
- Created unit tests for various SSL provider scenarios, ensuring correct behavior and backward compatibility.
- Enhanced frontend System Settings page to include SSL Provider dropdown with appropriate options and descriptions.
- Updated documentation to reflect new SSL Provider feature and its usage.
- Added QA report detailing testing outcomes and security verification for the SSL Provider implementation.

.github/agents/QA_Security.agent.md

@@ -10,7 +10,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t
 <context>
 - **Project**: Charon (Reverse Proxy)
 - **Priority**: Security, Input Validation, Error Handling.
-- **Tools**: `go test`, `trivy` (if available), manual edge-case analysis.
+- **Tools**: `go test`, `trivy` (if available), pre-commit, manual edge-case analysis.
 </context>
 
 <workflow>
@@ -26,7 +26,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t
 3.  **Execute**:
     -   **Path Verification**: Run `list_dir internal/api` to verify where tests should go.
     -   **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*.
-    -   **Run**: Execute `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run) and triage any findings.
+    -   **Run**: Execute `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run), pre-commit all files, and triage any findings.
     -   **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it.
 </workflow>
 

.github/workflows/auto-versioning.yml

@@ -17,18 +17,24 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Generate semantic version (fallback script)
+      - name: Calculate Semantic Version
         id: semver
-        run: |
-          # Ensure git tags are fetched
-          git fetch --tags --quiet || true
-          # Get latest tag or default to v0.0.0
-          TAG=$(git describe --abbrev=0 --tags 2>/dev/null || echo "v0.0.0")
-          echo "Detected latest tag: $TAG"
-          # Set outputs for downstream steps
-          echo "version=$TAG" >> $GITHUB_OUTPUT
-          echo "release_notes=Fallback: using latest tag only" >> $GITHUB_OUTPUT
-          echo "changed=false" >> $GITHUB_OUTPUT
+        uses: paulhatch/semantic-version@v5.4.0
+        with:
+          # The prefix to use to create tags
+          tag_prefix: "v"
+          # A string which, if present in the git log, indicates that a major version increase is required
+          major_pattern: "(MAJOR)"
+          # A string which, if present in the git log, indicates that a minor version increase is required
+          minor_pattern: "(feat)"
+          # Pattern to determine formatting
+          version_format: "${major}.${minor}.${patch}"
+          # If no tags are found, this version is used
+          version_from_branch: "0.0.0"
+          # This helps it search through history to find the last tag
+          search_commit_body: true
+          # Important: This enables the output 'changed' which your other steps rely on
+          enable_prerelease_mode: false
 
       - name: Show version
         run: |
@@ -96,7 +102,7 @@ jobs:
         with:
           tag_name: ${{ steps.determine_tag.outputs.tag }}
           name: Release ${{ steps.determine_tag.outputs.tag }}
-          body: ${{ steps.semver.outputs.release_notes }}
+          generate_release_notes: true
           make_latest: false
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}