johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/scripts/daily-review.sh

197 lines
6.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Daily Review Script — Clavitor Agent Handbook Part 4
# Run this every morning before any new feature work.
# Any failure = foundation alert. Fix before proceeding.
# Change to script directory (repo root)
cd "$(dirname "$0")/.." || exit 1
set -e
FAILED=0
PASSED=0
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
echo "=== Clavitor Daily Review ==="
echo "Checking against CLAVITOR-AGENT-HANDBOOK.md Part 4"
echo ""
# Function to run a check
check() {
local name="$1"
local cmd="$2"
local expected="$3"
echo -n "Checking $name... "
if eval "$cmd" > /dev/null 2>&1; then
if [ "$expected" = "fail" ]; then
echo -e "${RED}❌ FAIL${NC} (should have failed but passed)"
FAILED=$((FAILED + 1))
else
echo -e "${GREEN}✅ PASS${NC}"
PASSED=$((PASSED + 1))
fi
else
if [ "$expected" = "fail" ]; then
echo -e "${GREEN}✅ PASS${NC} (correctly failed)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC}"
FAILED=$((FAILED + 1))
fi
fi
}
echo "--- Section A: Server Hard Veto Checks ---"
# NOTE: These checks should find ZERO matches
# If matches found, the check FAILS (violations detected)
# We're checking that forbidden terms DON'T exist
# A1: Server never receives master_key
echo -n "A1: No master_key on server... "
A1_MATCHES=$(grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | wc -l)
if [ "$A1_MATCHES" -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC} ($A1_MATCHES violations found)"
grep -rn 'master_key\|MasterKey\|masterKey' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ --include='*.go' 2>/dev/null | grep -v '_test.go' | head -3
FAILED=$((FAILED + 1))
fi
# A2: No DeriveP1 on server
echo -n "A2: No DeriveP1 on server... "
A2_MATCHES=$(grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | wc -l)
if [ "$A2_MATCHES" -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC} ($A2_MATCHES violations found)"
grep -rn 'DeriveP1\|derive_p1\|deriveP1' clavis/clavis-vault/lib/ clavis/clavis-vault/api/ 2>/dev/null | head -3
FAILED=$((FAILED + 1))
fi
# A3: No L2 credential functions
echo -n "A3: No L2 credential functions... "
A3_MATCHES=$(grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | wc -l)
if [ "$A3_MATCHES" -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC} (0 matches, no violations)"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC} ($A3_MATCHES violations found)"
grep -rn 'MintCredential\|ParseCredential\|CredentialToWire' clavis/clavis-vault/api/ clavis/clavis-vault/lib/ 2>/dev/null | head -3
FAILED=$((FAILED + 1))
fi
echo ""
echo "--- Section F: Test Posture ---"
# F1: Tests pass
echo -n "F1: Go tests pass... "
cd clavis/clavis-vault
if go test ./lib/... ./api/... > /tmp/test-output.log 2>&1; then
echo -e "${GREEN}✅ PASS${NC}"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC}"
echo " See: /tmp/test-output.log"
FAILED=$((FAILED + 1))
fi
cd ../..
# F2: Build succeeds
echo -n "F2: Build succeeds... "
cd clavis/clavis-vault
if go build -o /tmp/clavitor-test ./cmd/clavitor/ > /tmp/build-output.log 2>&1; then
echo -e "${GREEN}✅ PASS${NC}"
PASSED=$((PASSED + 1))
else
echo -e "${RED}❌ FAIL${NC}"
echo " See: /tmp/build-output.log"
FAILED=$((FAILED + 1))
fi
cd ../..
# F3: Check for test files (basic check)
echo -n "F3: Recent Go changes have tests... "
# Get files changed in last commit
CHANGED=$(git diff --name-only HEAD~1 2>/dev/null | grep '\.go$' | grep -v '_test.go' || true)
if [ -z "$CHANGED" ]; then
echo -e "${YELLOW}⚠️ SKIP${NC} (no Go changes in last commit)"
else
# Check each changed file has corresponding test
MISSING_TESTS=0
for f in $CHANGED; do
testfile="$(dirname $f)/$(basename $f .go)_test.go"
if [ ! -f "$testfile" ]; then
echo ""
echo -e " ${YELLOW}⚠️ WARNING: $f has no test file${NC}"
MISSING_TESTS=$((MISSING_TESTS + 1))
fi
done
if [ $MISSING_TESTS -eq 0 ]; then
echo -e "${GREEN}✅ PASS${NC}"
PASSED=$((PASSED + 1))
else
echo -e "${YELLOW}⚠️ PARTIAL${NC} ($MISSING_TESTS files without tests)"
fi
fi
echo ""
echo "--- Section G: Dead Code ---"
# G1: Empty directories (excluding known placeholders)
echo -n "G1: No unexpected empty directories... "
# Known allowed empty dirs (placeholders):
# - clavis/clavis-vault/edition/commercial (commercial edition placeholder)
# - Any .gitignore'd directories
EMPTY=$(find . -type d -empty 2>/dev/null | \
grep -v ".git" | \
grep -v "vendor" | \
grep -v "node_modules" | \
grep -v "clavis/clavis-vault/edition/commercial" | \
head -5)
if [ -z "$EMPTY" ]; then
echo -e "${GREEN}✅ PASS${NC}"
PASSED=$((PASSED + 1))
else
echo -e "${YELLOW}⚠️ REVIEW${NC}"
echo "The following directories are empty. Delete if not needed:"
echo "$EMPTY" | while read dir; do
echo " $dir"
done
# Not failing - just warning, user decides
PASSED=$((PASSED + 1))
fi
echo "$EMPTY" | while read dir; do
echo " $dir"
done
FAILED=$((FAILED + 1))
fi
# G2: No orphaned HTML (with exceptions)
echo -n "G2: No orphaned production files... "
# This is a simplified check - manual review still needed
ORPHANED=0
echo -e "${YELLOW}⚠️ MANUAL${NC} (see handbook for full G2 check)"
echo ""
echo "=== Summary ==="
echo -e "${GREEN}Passed: $PASSED${NC}"
if [ $FAILED -gt 0 ]; then
echo -e "${RED}Failed: $FAILED${NC}"
echo ""
echo -e "${RED}FOUNDATION ALERT: Fix failures before any new feature work.${NC}"
exit 1
else
echo -e "${GREEN}All checks passed. Ready for feature work.${NC}"
exit 0
fi
Reference in New Issue View Git Blame Copy Permalink