Fix review findings #2: template escaping, ops.sh on node, fee NaN guard

1. Escape ${i} bash loop vars in TypeScript template literal (provisioner.ts) - Four occurrences: Bitcoin RPC wait, LND REST wait, macaroon wait, LNbits wait - Changed ${i}x5s → \${i}x5s so TypeScript doesn't try to resolve 'i' - Confirmed: tsc reports no errors in provisioner.ts after fix 2. Install minimal ops.sh on provisioned node via cloud-init (provisioner.ts) - Cloud-init step 15 writes /opt/timmy-node/ops.sh with sync/lnd/lnbits/logs cmds - Uses single-quoted heredoc (<<'OPSSH') to prevent bash expanding ops.sh's own $CMD / ${1:-help} / ${2:-bitcoin} variables during cloud-init execution - chmod +x applied after write - sync command: docker exec bitcoin bitcoin-cli getblockchaininfo | jq summary - lnd, lnbits, logs subcommands also included 3. Update nextSteps to reference installed ops.sh (bootstrap.ts) - "Monitor Bitcoin sync (takes 1-2 weeks to reach 100%): bash /opt/timmy-node/ops.sh sync" - All other nextSteps reference files/URLs actually present on the node 4. Harden BOOTSTRAP_FEE_SATS parsing against NaN (pricing.ts) - parseInt on empty/invalid env var → NaN - Added Number.isFinite(rawFee) && rawFee > 0 guard → falls back to 10_000 - Same pattern could be applied to other numeric env vars as follow-up End-to-end verified: POST → pay → provisioning → ready with correct nextSteps
2026-03-18 19:04:03 +00:00
parent 4162ef0edc
commit 2cab3ef907
2 changed files with 37 additions and 6 deletions
--- a/artifacts/api-server/src/lib/provisioner.ts
+++ b/artifacts/api-server/src/lib/provisioner.ts
@@ -240,7 +240,7 @@ echo "[timmy] Waiting for Bitcoin RPC..."
 for i in $(seq 1 60); do
  if docker exec bitcoin bitcoin-cli -datadir=/home/bitcoin/.bitcoin \
       -rpcuser=satoshi -rpcpassword=$RPC_PASS getblockchaininfo >/dev/null 2>&1; then
-    echo "[timmy] Bitcoin RPC ready (${i}x5s)"
+    echo "[timmy] Bitcoin RPC ready (\${i}x5s)"
    break
  fi
  sleep 5
@@ -253,7 +253,7 @@ echo "[timmy] LND started"
 echo "[timmy] Waiting for LND REST API..."
 for i in $(seq 1 72); do
  if curl -sk https://localhost:8080/v1/state >/dev/null 2>&1; then
-    echo "[timmy] LND REST ready (${i}x5s)"
+    echo "[timmy] LND REST ready (\${i}x5s)"
    break
  fi
  sleep 5
@@ -275,7 +275,7 @@ echo "[timmy] Wallet init: $(echo "$INIT_RESP" | jq -r 'if .admin_macaroon then
 echo "[timmy] Waiting for admin macaroon..."
 for i in $(seq 1 60); do
  if [[ -f /data/lnd/data/chain/bitcoin/mainnet/admin.macaroon ]]; then
-    echo "[timmy] Admin macaroon ready (${i}x5s)"
+    echo "[timmy] Admin macaroon ready (\${i}x5s)"
    break
  fi
  sleep 5
@@ -288,13 +288,44 @@ echo "[timmy] LNbits started"
 echo "[timmy] Waiting for LNbits..."
 for i in $(seq 1 36); do
  if curl -s http://localhost:3000/health >/dev/null 2>&1; then
-    echo "[timmy] LNbits ready (${i}x5s)"
+    echo "[timmy] LNbits ready (\${i}x5s)"
    break
  fi
  sleep 5
 done

-# ── 15. Save credentials ──────────────────────────────────────
+# ── 15. Install ops helper ────────────────────────────────────
+cat > /opt/timmy-node/ops.sh <<'OPSSH'
+#!/bin/bash
+CMD=\${1:-help}
+case "\$CMD" in
+  sync)
+    echo "=== Bitcoin Sync Status ==="
+    docker exec bitcoin bitcoin-cli -datadir=/home/bitcoin/.bitcoin getblockchaininfo 2>&1 \
+      | jq '{chain, blocks, headers, progress: (.verificationprogress*100|round|tostring+"%"), pruned}'
+    ;;
+  lnd)
+    docker exec lnd lncli --network=mainnet getinfo 2>&1
+    ;;
+  lnbits)
+    curl -s http://localhost:3000/health && echo ""
+    ;;
+  logs)
+    docker logs --tail 80 "\${2:-bitcoin}"
+    ;;
+  help|*)
+    echo "Usage: bash /opt/timmy-node/ops.sh <command>"
+    echo "  sync          — Bitcoin sync progress (1-2 weeks to 100%)"
+    echo "  lnd           — LND node info"
+    echo "  lnbits        — LNbits health check"
+    echo "  logs [svc]    — Recent logs for bitcoin | lnd | lnbits"
+    ;;
+esac
+OPSSH
+chmod +x /opt/timmy-node/ops.sh
+echo "[timmy] ops.sh installed at /opt/timmy-node/ops.sh"
+
+# ── 16. Save credentials ──────────────────────────────────────
 NODE_IP=$(curl -4s https://ifconfig.me 2>/dev/null || echo "unknown")
 cat > /root/node-credentials.txt <<CREDS
 # Timmy Node Credentials — KEEP THIS FILE SAFE, NEVER SHARE IT
--- a/artifacts/api-server/src/routes/bootstrap.ts
+++ b/artifacts/api-server/src/routes/bootstrap.ts
@@ -169,7 +169,7 @@ router.get("/bootstrap/:id", async (req: Request, res: Response) => {
          nextSteps: [
            `SSH into your node using the private key above: ssh -i <key_file> root@${job.nodeIp ?? "<nodeIp>"}`,
            "Read your node credentials: cat /root/node-credentials.txt",
-            "Monitor Bitcoin sync (takes 1-2 weeks): docker exec bitcoin bitcoin-cli getblockchaininfo",
+            "Monitor Bitcoin sync (takes 1-2 weeks to reach 100%): bash /opt/timmy-node/ops.sh sync",
            "Once sync is complete, fund your LND wallet, then open LNbits to create your wallet and get the API key",
            "Set LNBITS_URL and LNBITS_API_KEY in your Timmy deployment to enable payment processing",
          ],