johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity

Fix daily-review.sh bugs found by Hans 

- Fixed A1-A3 checks: paths were missing 'clavis/' prefix
  * Now uses explicit counting (wc -l) instead of fragile exit codes
  * Shows violation count and first 3 matches on failure
- Added cd to script directory so it runs from repo root
- Updated G1 (empty directories) to:
  * Exclude known placeholders (edition/commercial)
  * Show review list instead of hard fail
  * User decides if dirs should be deleted
- Script now properly reports PASS/FAIL for all checks
This commit is contained in:
James 2026-04-09 01:14:36 -04:00
parent b920203314
commit 6d5837c7b4
1 changed files with 56 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
scripts/daily-review.sh
View File

@ -3,6 +3,9 @@
# Run this every morning before any new feature work. # Run this every morning before any new feature work.
# Any failure = foundation alert. Fix before proceeding. # Any failure = foundation alert. Fix before proceeding.
# Change to script directory (repo root)
cd "$(dirname "$0")/.." || exit 1
set -e set -e
FAILED=0 FAILED=0
@ -47,20 +50,45 @@ check() {
echo "--- Section A: Server Hard Veto Checks ---" echo "--- Section A: Server Hard Veto Checks ---"
# NOTE: These checks should find ZERO matches
# If matches found, the check FAILS (violations detected)
# We're checking that forbidden terms DON'T exist
# A1: Server never receives master_key # A1: Server never receives master_key
check "A1: No master_key on server" \ echo -n "A1: No master_key on server... "
"grep -rn 'master_key\|MasterKey\|masterKey' clavis-vault/api/ clavis-vault/lib/ --include='*.go' | grep -v '_test.go' | head -1" \ A1_MATCHES=$(grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | wc -l)
"fail" if [ "$A1_MATCHES" -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC} ($A1_MATCHES violations found)"
grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | head -3
FAILED=$((FAILED + 1))
fi
# A2: No DeriveP1 on server # A2: No DeriveP1 on server
check "A2: No DeriveP1 on server" \ echo -n "A2: No DeriveP1 on server... "
"grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis-vault/lib/ clavis-vault/api/ | head -1" \ A2_MATCHES=$(grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | wc -l)
"fail" if [ "$A2_MATCHES" -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC} ($A2_MATCHES violations found)"
grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | head -3
FAILED=$((FAILED + 1))
fi
# A3: No L2 credential functions # A3: No L2 credential functions
check "A3: No L2 credential functions" \ echo -n "A3: No L2 credential functions... "
"grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis-vault/api/ clavis-vault/lib/ | head -1" \ A3_MATCHES=$(grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | wc -l)
"fail" if [ "$A3_MATCHES" -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC} ($A3_MATCHES violations found)"
grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | head -3
FAILED=$((FAILED + 1))
fi
echo "" echo ""
echo "--- Section F: Test Posture ---" echo "--- Section F: Test Posture ---"
@ -119,14 +147,29 @@ fi
echo "" echo ""
echo "--- Section G: Dead Code ---" echo "--- Section G: Dead Code ---"
# G1: Empty directories # G1: Empty directories (excluding known placeholders)
echo -n "G1: No empty directories... " echo -n "G1: No unexpected empty directories... "
EMPTY=$(find . -type d -empty 2>/dev/null | grep -v ".git" | grep -v "vendor" | head -5) # Known allowed empty dirs (placeholders):
# - clavis/clavis-vault/edition/commercial (commercial edition placeholder)
# - Any .gitignore'd directories
EMPTY=$(find . -type d -empty 2>/dev/null | \
grep -v ".git" | \
grep -v "vendor" | \
grep -v "node_modules" | \
grep -v "clavis/clavis-vault/edition/commercial" | \
head -5)
if [ -z "$EMPTY" ]; then if [ -z "$EMPTY" ]; then
echo -e "${GREEN}✅ PASS${NC}" echo -e "${GREEN}✅ PASS${NC}"
PASSED=$((PASSED + 1)) PASSED=$((PASSED + 1))
else else
echo -e "${RED}❌ FAIL${NC}" echo -e "${YELLOW}⚠️ REVIEW${NC}"
echo "The following directories are empty. Delete if not needed:"
echo "$EMPTY" | while read dir; do
echo " $dir"
done
# Not failing - just warning, user decides
PASSED=$((PASSED + 1))
fi
echo "$EMPTY" | while read dir; do echo "$EMPTY" | while read dir; do
echo " $dir" echo " $dir"
done done