feat: add Flutter getter rewrite spine

[xz-dev]

Summary

• Add the UpgradeAll rewrite architecture/docs, including canonical architecture ADRs, ADR-0007 for the Flutter/getter bridge contract, the package-centric CLI contract, migration notes, and coding-agent guardrails.
• Add the Flutter product shell under app_flutter/ with stable UI route/action/state keys and widget tests while keeping product logic behind a getter adapter boundary.
• Keep app_flutter as the product APK entry and Android/Kotlin as platform adapter glue only; Rust getter remains the owner of domain/storage/repository/Lua/migration/update/runtime decisions.
• Add production native bridge slices for legacy Room import/report listing, installed-autogen preview/apply, runtime operations, and best-effort bounded RuntimeNotification EventChannel delivery.
• Add typed Dart runtime/update APIs for registered-package update action issuance, opaque action_id submission, task query/control/user-result/remove/clean, typed runtime notifications, and read-only runtime task snapshot rendering on the Downloads route.
• Replace the native/product fake snapshot path with getter-backed read-model operations: readOperation now serves repository list, tracked package list, and getter-owned Lua package evaluation to MethodChannelGetterAdapter.loadSnapshot().
• Adopt ADR-0010 pin_version DTO terminology in Flutter-facing models; legacy ignored-version names are no longer parsed in Dart product DTOs.
• Retire the old persisted fake task DTO/API from product-facing Flutter adapters. The old fake downloader remains only as getter CLI development scaffolding under debug fake-task ...; CLI runtime coverage uses one-process getter runtime script.
• Update the reusable getter submodule gitlink to DUpdateSystem/getter@60a6515 and keep core-getter/src/main/rust/getter as a real git submodule, not vendored source.
• Document the current static Lua updates path as mock-provider scaffolding behind a getter-provider boundary; live provider/downloader/installer behavior remains deferred.
• Add/update just verification recipes and root rewrite validation GitHub Actions workflow.
• Align the Flutter/Android toolchain with current stable baselines: Flutter 3.44.4, Dart 3.12.2, Gradle 9.3.1, AGP 9.0.1, Kotlin Gradle Plugin 2.3.20, and Rust stable 1.96.0 locally validated.
• Restrict Telegram channel APK notifications to push events on master only.

Architecture

• Rust getter owns domain/storage/Lua/package/repository/migration/update/runtime/cache logic.
• Flutter remains UI/platform adapter only; Dart parses getter DTOs/envelopes and must not implement repository resolution, Lua/package semantics, update selection, migration mapping, cache invalidation, provider selection, action payload assembly, or task state machines.
• Product/native runtime task state is process-memory only per ADR-0011: no task SQLite persistence, no daemon, no restart recovery, and no cross-invocation CLI task memory.
• Product task submission uses getter-issued opaque action_id; Flutter returns only the action id and never constructs/echoes full action payloads.
• CliGetterAdapter is development/test infrastructure, not the Android production runtime host. Its typed runtime methods intentionally throw bridge.unsupported.
• core-getter/src/main/rust/getter remains a git submodule.
• Legacy Room migration, installed-autogen, read-model snapshot, and runtime/update operations go through getter-owned operation seams; Android only prepares raw platform facts, app-private data paths, or bridge plumbing.
• hub list remains compatibility-only and does not revive the old hub-app model.

Validation

Recent local validation on the current branch includes:

• cargo fmt
• cargo test -p getter-cli --lib
• cargo test -p getter-cli --test bdd_cli
• cargo test -p getter-core update
• cargo test -p getter-storage
• cargo test -p getter-providers
• cargo test -p getter-operations --features lua
• cargo test -p getter-operations --features lua runtime
• cargo test -p getter-operations --features lua read_model
• cargo check -p getter-core --no-default-features
• cargo check -p getter-operations
• cargo check -p getter-operations --features lua
• cargo test --manifest-path core-getter/src/main/rust/api_proxy/Cargo.toml --lib runtime_dispatcher
• cargo test --manifest-path core-getter/src/main/rust/api_proxy/Cargo.toml --lib read_operation
• cd app_flutter/android && ./gradlew --no-daemon :app:testDebugUnitTest --tests net.xzos.upgradeall.GetterBridgeRequestBuilderTest
• flutter analyze
• GETTER_CLI_BIN=/home/xz/Code/DUpdateSystem/UpgradeAll/core-getter/src/main/rust/getter/target/debug/getter-cli flutter test dev_test/cli_getter_adapter_test.dart test/native_getter_adapter_test.dart test/widget_test.dart
• git diff --check
• JAVA_HOME=/opt/android-studio/jbr ANDROID_NDK_HOME=/home/xz/.local/share/Google/Android/Sdk/ndk/29.0.14206865 just verify-workspace-skeleton

GitHub Actions last known green before the latest read-model/toolchain commits (25af79c0) were pushed:

• UpgradeAll Rewrite Validation / Rewrite validation: pass — https://github.com/DUpdateSystem/UpgradeAll/actions/runs/28154863066/job/83380862207
• Android CI / Build: pass — https://github.com/DUpdateSystem/UpgradeAll/actions/runs/28154862812/job/83380861266

gh act was also used locally to reproduce the CI environment. It confirmed the real failure before the last fix: LuaJIT's armv7 build uses host cc -m32 for minilua, so CI runners need 32-bit libc/multilib headers. Commit 7bcaa0b9 installs gcc-multilib g++-multilib in both workflows. After that fix, GitHub CI passed; local gh act can still hit intermittent Maven Central TLS handshake failures in the act container, which were not present in GitHub CI.

Deferred work / non-goals for this PR

• Live HTTP/provider execution as product default.
• Real downloader/background worker/restart/resume behavior.
• Android installer/SAF/FileProvider/Shizuku/root/system-notification semantics.
• Product-level full update/download/install BDD flows before those provider/background/installer ADRs are accepted.
• Magisk installed-inventory scanning.
• Product-complete Flutter UI beyond the current shell, migration/autogen/runtime snapshot slices, and stable test keys.

Eventual merge ordering (not the next milestone)

1. Merge getter PR feat!: rewrite getter as package-centric CLI core getter#54 first when the rewrite is ready for user testing.
2. If getter PR [skip ci]fix: CI shouldn't sign when pr #54 is squash-merged and the commit hash changes, update this PR's core-getter/src/main/rust/getter submodule gitlink before merging.
3. Merge this UpgradeAll PR.

Related

• Getter PR: feat!: rewrite getter as package-centric CLI core getter#54

Notes

• Commits on this branch are intentionally unsigned for the current stage.
• The existing legacy Android CI workflow remains; the rewrite workflow is additive.