#!/bin/bash # Daily Review Script — Clavitor Agent Handbook Part 4 # Run this every morning before any new feature work. # Any failure = foundation alert. Fix before proceeding. # Change to script directory (repo root) cd "$(dirname "$0")/.." || exit 1 set -e FAILED=0 PASSED=0 # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color echo "=== Clavitor Daily Review ===" echo "Checking against CLAVITOR-AGENT-HANDBOOK.md Part 4" echo "" # Function to run a check check() { local name="$1" local cmd="$2" local expected="$3" echo -n "Checking $name... " if eval "$cmd" > /dev/null 2>&1; then if [ "$expected" = "fail" ]; then echo -e "${RED}❌ FAIL${NC} (should have failed but passed)" FAILED=$((FAILED + 1)) else echo -e "${GREEN}✅ PASS${NC}" PASSED=$((PASSED + 1)) fi else if [ "$expected" = "fail" ]; then echo -e "${GREEN}✅ PASS${NC} (correctly failed)" PASSED=$((PASSED + 1)) else echo -e "${RED}❌ FAIL${NC}" FAILED=$((FAILED + 1)) fi fi } echo "--- Section A: Server Hard Veto Checks ---" # NOTE: These checks should find ZERO matches # If matches found, the check FAILS (violations detected) # We're checking that forbidden terms DON'T exist # A1: Server never receives master_key echo -n "A1: No master_key on server... " A1_MATCHES=$(grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | wc -l) if [ "$A1_MATCHES" -eq 0 ]; then echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)" PASSED=$((PASSED + 1)) else echo -e "${RED}❌ FAIL${NC} ($A1_MATCHES violations found)" grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | head -3 FAILED=$((FAILED + 1)) fi # A2: No DeriveP1 on server echo -n "A2: No DeriveP1 on server... " A2_MATCHES=$(grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | wc -l) if [ "$A2_MATCHES" -eq 0 ]; then echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)" PASSED=$((PASSED + 1)) else echo -e "${RED}❌ FAIL${NC} ($A2_MATCHES violations found)" grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | head -3 FAILED=$((FAILED + 1)) fi # A3: No L2 credential functions echo -n "A3: No L2 credential functions... " A3_MATCHES=$(grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | wc -l) if [ "$A3_MATCHES" -eq 0 ]; then echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)" PASSED=$((PASSED + 1)) else echo -e "${RED}❌ FAIL${NC} ($A3_MATCHES violations found)" grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | head -3 FAILED=$((FAILED + 1)) fi echo "" echo "--- Section F: Test Posture ---" # F1: Tests pass echo -n "F1: Go tests pass... " cd clavis/clavis-vault if go test ./lib/... ./api/... > /tmp/test-output.log 2>&1; then echo -e "${GREEN}✅ PASS${NC}" PASSED=$((PASSED + 1)) else echo -e "${RED}❌ FAIL${NC}" echo " See: /tmp/test-output.log" FAILED=$((FAILED + 1)) fi cd ../.. # F2: Build succeeds echo -n "F2: Build succeeds... " cd clavis/clavis-vault if go build -o /tmp/clavitor-test ./cmd/clavitor/ > /tmp/build-output.log 2>&1; then echo -e "${GREEN}✅ PASS${NC}" PASSED=$((PASSED + 1)) else echo -e "${RED}❌ FAIL${NC}" echo " See: /tmp/build-output.log" FAILED=$((FAILED + 1)) fi cd ../.. # F3: Check for test files (basic check) echo -n "F3: Recent Go changes have tests... " # Get files changed in last commit CHANGED=$(git diff --name-only HEAD~1 2>/dev/null | grep '\.go$' | grep -v '_test.go' || true) if [ -z "$CHANGED" ]; then echo -e "${YELLOW}⚠️ SKIP${NC} (no Go changes in last commit)" else # Check each changed file has corresponding test MISSING_TESTS=0 for f in $CHANGED; do testfile="$(dirname $f)/$(basename $f .go)_test.go" if [ ! -f "$testfile" ]; then echo "" echo -e " ${YELLOW}⚠️ WARNING: $f has no test file${NC}" MISSING_TESTS=$((MISSING_TESTS + 1)) fi done if [ $MISSING_TESTS -eq 0 ]; then echo -e "${GREEN}✅ PASS${NC}" PASSED=$((PASSED + 1)) else echo -e "${YELLOW}⚠️ PARTIAL${NC} ($MISSING_TESTS files without tests)" fi fi echo "" echo "--- Section G: Dead Code ---" # G1: Empty directories (excluding known placeholders) echo -n "G1: No unexpected empty directories... " # Known allowed empty dirs (placeholders): # - clavis/clavis-vault/edition/commercial (commercial edition placeholder) # - Any .gitignore'd directories EMPTY=$(find . -type d -empty 2>/dev/null | \ grep -v ".git" | \ grep -v "vendor" | \ grep -v "node_modules" | \ grep -v "clavis/clavis-vault/edition/commercial" | \ head -5) if [ -z "$EMPTY" ]; then echo -e "${GREEN}✅ PASS${NC}" PASSED=$((PASSED + 1)) else echo -e "${YELLOW}⚠️ REVIEW${NC}" echo "The following directories are empty. Delete if not needed:" echo "$EMPTY" | while read dir; do echo " $dir" done # Not failing - just warning, user decides PASSED=$((PASSED + 1)) fi echo "$EMPTY" | while read dir; do echo " $dir" done FAILED=$((FAILED + 1)) fi # G2: No orphaned HTML (with exceptions) echo -n "G2: No orphaned production files... " # This is a simplified check - manual review still needed ORPHANED=0 echo -e "${YELLOW}⚠️ MANUAL${NC} (see handbook for full G2 check)" echo "" echo "=== Summary ===" echo -e "${GREEN}Passed: $PASSED${NC}" if [ $FAILED -gt 0 ]; then echo -e "${RED}Failed: $FAILED${NC}" echo "" echo -e "${RED}FOUNDATION ALERT: Fix failures before any new feature work.${NC}" exit 1 else echo -e "${GREEN}All checks passed. Ready for feature work.${NC}" exit 0 fi