**retain_closets.py** — 90-day closet aging enforcement for #1083. Removes *.closet.json files older than --days (default 90) from the fleet palace. Supports --dry-run for safe preview. Wired into the weekly-audit workflow as a dry-run CI step; production cron guidance added to workflow comments. **tunnel_sync.py** — remote wizard wing pull client for #1078. Connects to a peer's fleet_api.py HTTP endpoint, discovers wings via /wings, and pulls core rooms via /search into local *.closet.json files. Zero new dependencies (stdlib urllib only). Supports --dry-run. This is the code side of the inter-wizard tunnel; infrastructure (second wizard VPS + fleet_api.py running) still required. **Tests:** 29 new tests, all passing. Total suite: 294 passing. Refs #1075, #1078, #1083
35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
name: Weekly Privacy Audit
|
|
|
|
# Runs every Monday at 05:00 UTC against a CI test fixture.
|
|
# On production wizards these same scripts should run via cron:
|
|
# 0 5 * * 1 python /opt/nexus/mempalace/audit_privacy.py /var/lib/mempalace/fleet
|
|
# 0 5 * * 1 python /opt/nexus/mempalace/retain_closets.py /var/lib/mempalace/fleet --days 90
|
|
#
|
|
# Refs: #1083, #1075
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 5 * * 1" # Monday 05:00 UTC
|
|
workflow_dispatch: {} # allow manual trigger
|
|
|
|
jobs:
|
|
privacy-audit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: "3.x"
|
|
|
|
- name: Run privacy audit against CI fixture
|
|
run: |
|
|
python mempalace/audit_privacy.py tests/fixtures/fleet_palace
|
|
|
|
- name: Dry-run retention enforcement against CI fixture
|
|
# Real enforcement runs on the live VPS; CI verifies the script runs cleanly.
|
|
run: |
|
|
python mempalace/retain_closets.py tests/fixtures/fleet_palace --days 90 --dry-run
|