47 lines
1.6 KiB
YAML
47 lines
1.6 KiB
YAML
|
---
|
||
|
|
# =============================================================================
|
||
|
|
# golden_state/tasks — Deploy and enforce golden state provider chain
|
||
|
|
# =============================================================================
|
||
|
|
|
||
|
|
- name: "Backup current config before golden state deploy"
|
||
|
|
copy:
|
||
|
|
src: "{{ wizard_home }}/config.yaml"
|
||
|
|
dest: "{{ wizard_home }}/config.yaml.pre-golden-{{ ansible_date_time.epoch }}"
|
||
|
|
remote_src: true
|
||
|
|
when: golden_state_backup_before_deploy
|
||
|
|
ignore_errors: true
|
||
|
|
|
||
|
|
- name: "Deploy golden state wizard config"
|
||
|
|
template:
|
||
|
|
src: "../../wizard_base/templates/wizard_config.yaml.j2"
|
||
|
|
dest: "{{ wizard_home }}/config.yaml"
|
||
|
|
mode: "0644"
|
||
|
|
backup: true
|
||
|
|
notify:
|
||
|
|
- "Restart hermes agent (systemd)"
|
||
|
|
- "Restart hermes agent (launchctl)"
|
||
|
|
|
||
|
|
- name: "Scan for banned providers in all config files"
|
||
|
|
shell: |
|
||
|
|
FOUND=0
|
||
|
|
for f in {{ wizard_home }}/config.yaml {{ hermes_home }}/config.yaml; do
|
||
|
|
if [ -f "$f" ]; then
|
||
|
|
if grep -qi 'anthropic\|claude-sonnet\|claude-opus\|claude-haiku' "$f"; then
|
||
|
|
echo "BANNED PROVIDER in $f:"
|
||
|
|
grep -ni 'anthropic\|claude-sonnet\|claude-opus\|claude-haiku' "$f"
|
||
|
|
FOUND=1
|
||
|
|
fi
|
||
|
|
fi
|
||
|
|
done
|
||
|
|
exit $FOUND
|
||
|
|
register: provider_scan
|
||
|
|
changed_when: false
|
||
|
|
failed_when: provider_scan.rc != 0 and provider_ban_enforcement == 'strict'
|
||
|
|
|
||
|
|
- name: "Report golden state deployment"
|
||
|
|
debug:
|
||
|
|
msg: >
|
||
|
|
{{ wizard_name }} golden state deployed.
|
||
|
|
Provider chain: {{ golden_state_providers | map(attribute='name') | list | join(' → ') }}.
|
||
|
|
Banned provider scan: {{ 'CLEAN' if provider_scan.rc == 0 else 'VIOLATIONS FOUND' }}.
|