Skip to content

T026: DRY worker config, archive stale scripts, tighten audit regex #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
grobomo merged 1 commit into from
Apr 4, 2026
Merged

T026: DRY worker config, archive stale scripts, tighten audit regex #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion hooks/PostToolUse/shtd_audit-logger.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module.exports = function(input) {
audit.logEvent('spec_created', { file: path.basename(filePath) });
} else if (/specs\/.*tasks\.md/i.test(filePath)) {
audit.logEvent('tasks_defined', { file: path.basename(filePath) });
} else if (/test/i.test(filePath) && !/node_modules/.test(filePath)) {
} else if (/[\/\\]tests?[\/\\]/i.test(filePath) && !/node_modules/.test(filePath)) {
audit.logEvent('test_created', { file: path.basename(filePath) });
}
}
Expand Down
10 changes: 4 additions & 6 deletions scripts/check-worker-install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,11 @@
set -euo pipefail

WORKER="${1:-1}"
KEY_DIR="$HOME/.ssh/ccc-keys"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"

declare -A IPS=([1]="18.219.224.145" [2]="18.223.188.176" [3]="3.143.229.17" [4]="52.14.228.211")
IP="${IPS[$WORKER]:-}"
[ -z "$IP" ] && echo "Unknown worker: $WORKER" && exit 1
KEY="$KEY_DIR/worker-${WORKER}.pem"
SSH_OPTS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -i $KEY"
source "$SCRIPT_DIR/worker-config.sh"
IP=$(resolve_worker "$WORKER")
SSH_OPTS=$(ssh_opts_for "$WORKER")

echo "=== Worker $WORKER ($IP) — Installation Check ==="
echo ""
Expand Down
5 changes: 3 additions & 2 deletions scripts/deploy-to-all-workers.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@
set -uo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
source "$SCRIPT_DIR/worker-config.sh"

for w in 1 2 3 4; do
for w in $ALL_WORKERS; do
echo ""
echo "========================================="
echo " Deploying to Worker $w"
Expand All @@ -19,7 +20,7 @@ echo "========================================="
echo " Deployment complete — verifying all"
echo "========================================="

for w in 1 2 3 4; do
for w in $ALL_WORKERS; do
echo ""
echo "--- Worker $w ---"
bash "$SCRIPT_DIR/check-worker-install.sh" "$w" 2>&1 | grep -E "\[OK\]|\[FAIL\]|not found|error" | head -5
Expand Down
9 changes: 3 additions & 6 deletions scripts/deploy-to-worker.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,10 @@ set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
WORKER="${1:-1}"
KEY_DIR="$HOME/.ssh/ccc-keys"

declare -A IPS=([1]="18.219.224.145" [2]="18.223.188.176" [3]="3.143.229.17" [4]="52.14.228.211")
IP="${IPS[$WORKER]:-}"
[ -z "$IP" ] && echo "Unknown worker: $WORKER" && exit 1
KEY="$KEY_DIR/worker-${WORKER}.pem"
SSH_OPTS="-o StrictHostKeyChecking=no -o ConnectTimeout=10 -i $KEY"
source "$SCRIPT_DIR/worker-config.sh"
IP=$(resolve_worker "$WORKER")
SSH_OPTS=$(ssh_opts_for "$WORKER")

echo "=== Deploying SHTD Flow to Worker $WORKER ($IP) ==="

Expand Down
85 changes: 0 additions & 85 deletions scripts/deploy-to-workers.sh
View file
Open in desktop

This file was deleted.

76 changes: 76 additions & 0 deletions scripts/test/test-T026-code-review.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
#!/usr/bin/env bash
# Test T026: Code review fixes — DRY worker config, no stale scripts, audit regex tightened
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
PASS=0; FAIL=0

pass() { echo " PASS: $1"; ((PASS++)) || true; }
fail() { echo " FAIL: $1"; ((FAIL++)) || true; }

echo "=== T026: Code Review Fixes ==="
echo ""

# 1. worker-config.sh exists and is sourceable
echo "--- 1. Shared worker config ---"
if [ -f "$PROJECT_DIR/scripts/worker-config.sh" ]; then
# Source it and check that WORKER_IPS is populated
(
source "$PROJECT_DIR/scripts/worker-config.sh"
if [ "${#WORKER_IPS[@]}" -eq 4 ]; then
exit 0
else
exit 1
fi
) && pass "worker-config.sh has 4 worker IPs" || fail "worker-config.sh missing IPs"
else
fail "worker-config.sh not found"
fi

# 2. Scripts that use worker IPs source from worker-config.sh (no hardcoded IPs)
echo ""
echo "--- 2. No hardcoded IPs in worker scripts ---"
for script in deploy-to-worker.sh deploy-to-all-workers.sh check-worker-install.sh; do
if [ -f "$PROJECT_DIR/scripts/$script" ]; then
if grep -q 'worker-config.sh' "$PROJECT_DIR/scripts/$script"; then
pass "$script sources worker-config.sh"
else
fail "$script doesn't source worker-config.sh"
fi
# Should NOT have its own declare -A IPS or WORKER_IPS
if grep -q 'declare -A.*IPS' "$PROJECT_DIR/scripts/$script"; then
fail "$script has hardcoded IP array"
else
pass "$script has no hardcoded IP array"
fi
fi
done

# 3. Stale scripts archived
echo ""
echo "--- 3. Stale scripts archived ---"
for stale in deploy-to-workers.sh verify-worker.sh; do
if [ -f "$PROJECT_DIR/scripts/$stale" ]; then
fail "$stale still in scripts/ (should be archived)"
else
pass "$stale archived"
fi
done

# 4. Audit logger regex tightened (no bare /test/i)
echo ""
echo "--- 4. Audit logger regex ---"
AUDIT_LOGGER="$PROJECT_DIR/hooks/PostToolUse/shtd_audit-logger.js"
if [ -f "$AUDIT_LOGGER" ]; then
# Should NOT have bare /test/i (without path separators)
if grep -P '\/test\/i' "$AUDIT_LOGGER" | grep -qv '[\/\\\\]'; then
fail "audit-logger.js still uses bare /test/i regex"
else
pass "audit-logger.js regex is path-bounded"
fi
fi

echo ""
echo "=== Results: $PASS passed, $FAIL failed ==="
[ "$FAIL" -eq 0 ] && exit 0 || exit 1
14 changes: 0 additions & 14 deletions scripts/verify-worker.sh
View file
Open in desktop

This file was deleted.

29 changes: 29 additions & 0 deletions scripts/worker-config.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/usr/bin/env bash
# Shared worker configuration — single source of truth for CCC worker IPs and SSH settings.
# Source this from any worker script: source "$(dirname "$0")/worker-config.sh"

KEY_DIR="${HOME}/.ssh/ccc-keys"

declare -A WORKER_IPS=(
[1]="18.219.224.145"
[2]="18.223.188.176"
[3]="3.143.229.17"
[4]="52.14.228.211"
)

ALL_WORKERS="1 2 3 4"

ssh_opts_for() {
local w="$1"
echo "-o StrictHostKeyChecking=no -o ConnectTimeout=10 -i ${KEY_DIR}/worker-${w}.pem"
}

resolve_worker() {
local w="$1"
local ip="${WORKER_IPS[$w]:-}"
if [ -z "$ip" ]; then
echo "Unknown worker: $w" >&2
return 1
fi
echo "$ip"
}
Loading