refactor(cli): P4-E0-W3-S10-T01 deep audit + refactor (config defaults + godoc)#134
Open
acamarata wants to merge 9 commits into
Open
refactor(cli): P4-E0-W3-S10-T01 deep audit + refactor (config defaults + godoc)#134acamarata wants to merge 9 commits into
acamarata wants to merge 9 commits into
Conversation
…bsystem helpers P4-E0-W3-S10-T01 — cli deep audit + refactor (partial: highest-impact file). - internal/config/defaults.go: extract ApplyDefaults (was 761 lines, 1 function) into an orchestrator (~45 lines) + 30 private helpers (all ≤50 lines each). Subsystems: core, postgres, hasura (×2), auth, nginx, ssl, redis, minio (×2), mailpit, functions, mlflow, admin, search (×2), monitoring (×2), docker, startstop, plugins (×3), backup, email. Uses crypto/rand for secret generation (no hardcoded values). - tools/endpoint-auth-checker: add godoc to AnnotationFormat type and 3 stub middleware functions in testdata fixtures. go build ./... green. go test ./tools/endpoint-auth-checker/... → 16 passed. SDK go test ./... → 108 passed across 15 packages. CLI command surface (84 commands) and all SDK exported symbols unchanged.
requirePentestKit() now checks NSELF_PENTEST_KIT=true AND that the configured key carries an nself_max_/nself_ent_/nself_owner_ prefix (Business+ or higher), matching the tier gate described in the security doctrine. Free and Pro keys are rejected. Offline check — no network call. Adds pentest_test.go with 8 tests covering feature-flag off, flag=false, no key, Pro key denied, and Business+/Enterprise/Owner key accepted. All tests green. Closes P4-E1-W1-S02-T02.
watchdog status cmd used context.WithValue but did not import "context", causing the commands package to fail to build. Adds the import alongside the openCircuits exit-code-2 gate introduced for circuit-breaker status.
- Add `nself db list` command (runDBList) that queries pg_database and prints database names; registered in init() alongside shell/drop/reset - Add Long description to dbShellCmd documenting the Windows psql-in-PATH requirement (closes T08 acceptance: db shell Windows caveat documented) - Add TestDBMigrateUp_MigrationDirFlag_MissingDir and TestDBMigrateUp_MigrationDirFlag_EmptyDir unit tests exercising the --migration-dir flag path without requiring a live Postgres instance
- Add plugin_subcommands_test.go with 112 cobra-level tests covering all 23 plugin subcommands: flags audit, Args validators, exit-code contracts, inventory count gate (F06: 29 free + 112 paid = 141), and license-gate check - Add wiki pages for plugin dev/link/unlink/test/debug/logs (6 pages missing per acceptance criteria) - Update cmd-plugin.md with complete 23-subcommand table including links to all new pages - Cross-platform CI already covers all tests via ci.yml matrix (ubuntu/macOS/Windows)
Align comment whitespace on cmd.Flags().Set //nolint:errcheck lines so gofmt -l reports clean output — CI gate requirement. Fixes MEDIUM finding from CR-C (P4-E1-W3-S14-T14).
…ch to pnpm - Expand sdk-py-test.yml to full 3.9/3.10/3.11/3.12 matrix with ruff + mypy; removes dead sub-dir sdk-py-ci.yml that GitHub Actions never triggered - Add 6 happy-path tests to @nself/sdk (index.test.ts) covering health(), listPlugins(), adminSecret header, and baseUrl normalization - Add jest/ts-jest/@types/jest devDependencies to ts-sdk/package.json - Add isolatedModules:true to tsconfig.json (ts-jest v30 readiness) - Switch sdk-ts-sdk-publish.yml from npm to pnpm (ASI Policy 2 compliance) - Generate pnpm-lock.yaml for ts-sdk QA-A PASS: all 14 artifacts on disk QA-B PASS: Go SDK 73.5% coverage (>=70%), Python CI now full matrix QA-C PASS: tsc --noEmit clean, 6/6 jest tests pass, Go 135 tests pass
ping.nself.org/plugins/:name/download requires X-License-Key in the request header. Previously downloadFromURL never set this header for paid plugins, causing all pro plugin downloads to return 401. - add extraHeaders param to downloadFromURL - downloadPlugin now reads first available license key and passes it as X-License-Key for paid plugin requests - free plugin fallback path passes nil (no auth needed) Also updates plugin-claw wiki with accurate dependency list, Docker Hub image reference (nself/plugin-claw:latest), and Canvas A2UI docs. Closes P4-E4-W3-S08-T01 [11] CLI install gap
… implementation details (P4-E4-W3-S09-T01) Previous doc was stale — described Rust/port 3720/cron-pro name; actual plugin is Go, port 3713, named cron (pro tier). Updated with correct tables, Hasura permissions, API routes, Docker Hub image reference, and config vars.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
internal/config/defaults.gomonolithicApplyDefaultsfunction (761 lines, one function) into an orchestrator (~45 lines) + 30 private per-subsystem helpers, all ≤50 lines each. This is the single largest function violation in the repo.tools/endpoint-auth-checker/reporter.go(AnnotationFormattype) and 3 stub middleware testdata fixtures.baseline/audit-findings-cli.mddocumenting all 118 oversized file violations, estimated 345+ function violations, DRY patterns, quarantine review (no dead code found).baseline/quarantine-manifests/cli.tsvis header-only (no dead code confirmed for removal).Acceptance criteria status
go build ./...greengo test(config 148, tools 16, SDK go 108)Remaining work (follow-on tickets)
117 additional files exceed the 300-line cap (deploy.go 1423, db.go 1346, doctor.go 1258, start.go 1088, plugin.go 1023, + 112 more). Documented in §8 of the audit findings. Recommend follow-on W4 sprint.
Test plan
go build ./...from cli/ rootgo test ./internal/config/...— 148 testsgo test ./tools/endpoint-auth-checker/...— 16 testscd cli/sdk/go && go test ./...— 108 testsbaseline/sdk-surface-go.txtvs current — no changes