|
|
cbe1b79fbb
|
fix(forge_health_check): exclude caches/venvs and false-positive file types
Forge CI / smoke-and-build (pull_request) Failing after 3s
- Add EXCLUDED_PATH_SEGMENTS to skip .cache, __pycache__, .venv, venv,
site-packages, node_modules, .git, .tox
- Exclude .css files and secret_scan tooling from sensitive-file scan
- Reduces noise from 13,449 false positives to 3 real findings
|
2026-04-07 03:40:28 +00:00 |
|
|
|
89730e8e90
|
[BEZALEL] Add forge health check — artifact integrity and security scanner
Docker Build and Publish / build-and-push (pull_request) Failing after 7s
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 0s
Tests / test (pull_request) Failing after 2s
Adds scripts/forge_health_check.py to scan wizard environments for:
- Missing .py source files with orphaned .pyc bytecode (GOFAI artifact integrity)
- Burn script clutter in production paths
- World-readable sensitive files (keystores, tokens, .env)
- Missing required environment variables
Includes full test suite in tests/test_forge_health_check.py covering
orphaned bytecode detection, burn script clutter, permission auto-fix,
and environment variable validation.
Addresses Allegro formalization audit findings:
- GOFAI source files missing (only .pyc remains)
- Nostr keystore world-readable
- eg burn scripts cluttering /root
/assign @bezalel
|
2026-04-06 22:37:32 +00:00 |
|
