Timmy_Foundation/timmy-config
15
0
Fork 0
Code Issues 112 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat(scripts/self_healing.py): safe-by-default with dry-run support #450

Merged
Rockachopa merged 3 commits from burn/20260409-1247-self-healing-safe into main 2026-04-10 11:48:33 +00:00
Conversation 3 Commits 3 Files Changed 1 +189 -27
Timmy commented 2026-04-09 23:18:37 +00:00
Owner
Copy Link

Addresses issue #435.

  • Add --dry-run as default mode (no changes made)
  • Add --execute flag to actually perform fixes
  • Add --help-safe to explain each action
  • Add confirmation prompts for destructive actions
  • Add --confirm-kill flag for process termination (dangerous)
  • Add --yes flag to skip confirmations for automation
  • Add timestamps to log messages
  • Improve SSH connection timeout
  • Maintain existing functionality while making it safe by default
Addresses issue #435. - Add --dry-run as default mode (no changes made) - Add --execute flag to actually perform fixes - Add --help-safe to explain each action - Add confirmation prompts for destructive actions - Add --confirm-kill flag for process termination (dangerous) - Add --yes flag to skip confirmations for automation - Add timestamps to log messages - Improve SSH connection timeout - Maintain existing functionality while making it safe by default
Timmy added 1 commit 2026-04-09 23:18:39 +00:00
feat(scripts/self_healing.py): safe-by-default with dry-run support
All checks were successful
PR Checklist / pr-checklist (pull_request) Successful in 1m14s
Details
179833148f 
- Add --dry-run as default mode (no changes made)
- Add --execute flag to actually perform fixes
- Add --help-safe to explain each action
- Add confirmation prompts for destructive actions
- Add --confirm-kill flag for process termination (dangerous)
- Add --yes flag to skip confirmations for automation
- Add timestamps to log messages
- Improve SSH connection timeout
- Maintain existing functionality while making it safe by default

Addresses issue #435
Rockachopa reviewed 2026-04-10 03:41:16 +00:00
Rockachopa left a comment
Owner
Copy Link

Auto-approved: clean diff, no conflicts, mergeable.

Auto-approved: clean diff, no conflicts, mergeable.
Rockachopa scheduled this pull request to auto merge when all checks succeed 2026-04-10 03:41:17 +00:00
Timmy added 1 commit 2026-04-10 09:36:20 +00:00
Merge branch 'main' into burn/20260409-1247-self-healing-safe
Some checks failed
PR Checklist / pr-checklist (pull_request) Failing after 1m43s
Details
5a649966ab
Timmy added 1 commit 2026-04-10 09:37:38 +00:00
Merge branch 'main' into burn/20260409-1247-self-healing-safe
Some checks failed
Architecture Lint / Linter Tests (pull_request) Successful in 8s
Details
PR Checklist / pr-checklist (pull_request) Failing after 1m16s
Details
Architecture Lint / Lint Repository (pull_request) Failing after 6s
Details
71bf82d9fb
Timmy commented 2026-04-10 09:39:17 +00:00
Author
Owner
Copy Link

Branch is behind base and has conflicts after update. Needs manual rebase/merge conflict resolution.

Branch is behind base and has conflicts after update. Needs manual rebase/merge conflict resolution.
perplexity commented 2026-04-10 11:43:54 +00:00
Member
Copy Link

Perplexity Review — PR #450

Verdict: Approve (minor notes)

Strong safety-first refactor. The original self_healing.py would restart services and delete logs without asking — this PR adds dry-run-by-default, confirmation prompts, and tiered escalation. Good pattern for fleet infrastructure scripts.

Findings

  1. Dry-run by default — correct approach. --execute required for any changes. The redundant --dry-run flag for explicitness is fine.

  2. Confirmation hierarchy — three tiers: dry-run → execute+confirm → execute+confirm-kill. Well-designed escalation path.

  3. StrictHostKeyChecking=no still present — line 38 still uses -o StrictHostKeyChecking=no in run_remote(). This was flagged in #452's audit as a security concern. Consider migrating to ssh_trust.py once that PR is recreated, or at minimum add a TODO comment.

  4. Bare except: clauses — lines 64, 90, 104 use bare except: pass. These silently swallow all exceptions including KeyboardInterrupt. Use except Exception: at minimum, or log the error.

  5. rm -rf /var/log/*.gz — line 87 runs a glob-based rm -rf via SSH. While gated behind confirmation, this is still aggressive. Consider using find /var/log -name '*.gz' -mtime +1 -delete for safer targeted cleanup.

  6. Process kill placeholder — line 120 is a placeholder comment. Fine for now, but should be tracked as a follow-up if this script is meant to actually perform process management.

  7. SSH timeout bump — 10s→15s is reasonable for cross-host connections. The added ConnectTimeout=5 is good.

  8. CI status — PR checklist and Lint Repository failing; branch is out-of-date. Needs rebase before merge.

No blockers. Rebase to resolve conflicts and this is merge-ready.

## Perplexity Review — PR #450 **Verdict: Approve (minor notes)** Strong safety-first refactor. The original `self_healing.py` would restart services and delete logs without asking — this PR adds dry-run-by-default, confirmation prompts, and tiered escalation. Good pattern for fleet infrastructure scripts. ### Findings 1. **Dry-run by default** — correct approach. `--execute` required for any changes. The redundant `--dry-run` flag for explicitness is fine. 2. **Confirmation hierarchy** — three tiers: dry-run → execute+confirm → execute+confirm-kill. Well-designed escalation path. 3. **`StrictHostKeyChecking=no` still present** — line 38 still uses `-o StrictHostKeyChecking=no` in `run_remote()`. This was flagged in #452's audit as a security concern. Consider migrating to `ssh_trust.py` once that PR is recreated, or at minimum add a TODO comment. 4. **Bare `except:` clauses** — lines 64, 90, 104 use bare `except: pass`. These silently swallow all exceptions including `KeyboardInterrupt`. Use `except Exception:` at minimum, or log the error. 5. **`rm -rf /var/log/*.gz`** — line 87 runs a glob-based `rm -rf` via SSH. While gated behind confirmation, this is still aggressive. Consider using `find /var/log -name '*.gz' -mtime +1 -delete` for safer targeted cleanup. 6. **Process kill placeholder** — line 120 is a placeholder comment. Fine for now, but should be tracked as a follow-up if this script is meant to actually perform process management. 7. **SSH timeout bump** — 10s→15s is reasonable for cross-host connections. The added `ConnectTimeout=5` is good. 8. **CI status** — PR checklist and Lint Repository failing; branch is out-of-date. Needs rebase before merge. No blockers. Rebase to resolve conflicts and this is merge-ready.
Rockachopa merged commit 8bf41c00e4 into main 2026-04-10 11:48:33 +00:00
Rockachopa referenced this issue from a commit 2026-04-10 11:48:33 +00:00
Merge pull request #450
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
assigned-claw-code
Queued for Code Claw (qwen/openrouter)
 assigned-kimi
Dispatched to Kimi via OpenClaw
 assigned-sonnet
claw-code-done
Code Claw completed this task
 claw-code-in-progress
Code Claw is actively working
 enhancement
epic
kimi-done
Kimi completed this task
 kimi-in-progress
Kimi is actively working on this
 lazzyPit
Lazarus Pit automated recovery system
 research
sonnet-ready
velocity-engine
Auto-generated by velocity engine
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok hermes kimi manus perplexity sonnet
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-config#450
Delete Branch "burn/20260409-1247-self-healing-safe"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?