Fix daily-review.sh bugs found by Hans
- Fixed A1-A3 checks: paths were missing 'clavis/' prefix * Now uses explicit counting (wc -l) instead of fragile exit codes * Shows violation count and first 3 matches on failure - Added cd to script directory so it runs from repo root - Updated G1 (empty directories) to: * Exclude known placeholders (edition/commercial) * Show review list instead of hard fail * User decides if dirs should be deleted - Script now properly reports PASS/FAIL for all checks
This commit is contained in:
James
parent
b920203314
commit
6d5837c7b4
|
|
@ -3,6 +3,9 @@
|
|||
# Run this every morning before any new feature work.
|
||||
# Any failure = foundation alert. Fix before proceeding.
|
||||
|
||||
# Change to script directory (repo root)
|
||||
cd "$(dirname "$0")/.." || exit 1
|
||||
|
||||
set -e
|
||||
|
||||
FAILED=0
|
||||
|
|
@ -47,20 +50,45 @@ check() {
|
|||
|
||||
echo "--- Section A: Server Hard Veto Checks ---"
|
||||
|
||||
# NOTE: These checks should find ZERO matches
|
||||
# If matches found, the check FAILS (violations detected)
|
||||
# We're checking that forbidden terms DON'T exist
|
||||
|
||||
# A1: Server never receives master_key
|
||||
check "A1: No master_key on server" \
|
||||
"grep -rn 'master_key\|MasterKey\|masterKey' clavis-vault/api/ clavis-vault/lib/ --include='*.go' | grep -v '_test.go' | head -1" \
|
||||
"fail"
|
||||
echo -n "A1: No master_key on server... "
|
||||
A1_MATCHES=$(grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | wc -l)
|
||||
if [ "$A1_MATCHES" -eq 0 ]; then
|
||||
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
|
||||
PASSED=$((PASSED + 1))
|
||||
else
|
||||
echo -e "${RED}❌ FAIL${NC} ($A1_MATCHES violations found)"
|
||||
grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | head -3
|
||||
FAILED=$((FAILED + 1))
|
||||
fi
|
||||
|
||||
# A2: No DeriveP1 on server
|
||||
check "A2: No DeriveP1 on server" \
|
||||
"grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis-vault/lib/ clavis-vault/api/ | head -1" \
|
||||
"fail"
|
||||
echo -n "A2: No DeriveP1 on server... "
|
||||
A2_MATCHES=$(grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | wc -l)
|
||||
if [ "$A2_MATCHES" -eq 0 ]; then
|
||||
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
|
||||
PASSED=$((PASSED + 1))
|
||||
else
|
||||
echo -e "${RED}❌ FAIL${NC} ($A2_MATCHES violations found)"
|
||||
grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | head -3
|
||||
FAILED=$((FAILED + 1))
|
||||
fi
|
||||
|
||||
# A3: No L2 credential functions
|
||||
check "A3: No L2 credential functions" \
|
||||
"grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis-vault/api/ clavis-vault/lib/ | head -1" \
|
||||
"fail"
|
||||
echo -n "A3: No L2 credential functions... "
|
||||
A3_MATCHES=$(grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | wc -l)
|
||||
if [ "$A3_MATCHES" -eq 0 ]; then
|
||||
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
|
||||
PASSED=$((PASSED + 1))
|
||||
else
|
||||
echo -e "${RED}❌ FAIL${NC} ($A3_MATCHES violations found)"
|
||||
grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | head -3
|
||||
FAILED=$((FAILED + 1))
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "--- Section F: Test Posture ---"
|
||||
|
|
@ -119,14 +147,29 @@ fi
|
|||
echo ""
|
||||
echo "--- Section G: Dead Code ---"
|
||||
|
||||
# G1: Empty directories
|
||||
echo -n "G1: No empty directories... "
|
||||
EMPTY=$(find . -type d -empty 2>/dev/null | grep -v ".git" | grep -v "vendor" | head -5)
|
||||
# G1: Empty directories (excluding known placeholders)
|
||||
echo -n "G1: No unexpected empty directories... "
|
||||
# Known allowed empty dirs (placeholders):
|
||||
# - clavis/clavis-vault/edition/commercial (commercial edition placeholder)
|
||||
# - Any .gitignore'd directories
|
||||
EMPTY=$(find . -type d -empty 2>/dev/null | \
|
||||
grep -v ".git" | \
|
||||
grep -v "vendor" | \
|
||||
grep -v "node_modules" | \
|
||||
grep -v "clavis/clavis-vault/edition/commercial" | \
|
||||
head -5)
|
||||
if [ -z "$EMPTY" ]; then
|
||||
echo -e "${GREEN}✅ PASS${NC}"
|
||||
PASSED=$((PASSED + 1))
|
||||
else
|
||||
echo -e "${RED}❌ FAIL${NC}"
|
||||
echo -e "${YELLOW}⚠️ REVIEW${NC}"
|
||||
echo "The following directories are empty. Delete if not needed:"
|
||||
echo "$EMPTY" | while read dir; do
|
||||
echo " $dir"
|
||||
done
|
||||
# Not failing - just warning, user decides
|
||||
PASSED=$((PASSED + 1))
|
||||
fi
|
||||
echo "$EMPTY" | while read dir; do
|
||||
echo " $dir"
|
||||
done
|
||||
|
|
|
|||
Loading…
Reference in New Issue