fix(testkit): macOS compat + fix test 8c ordering (#24)

scripts/bitcoin-ln-node/get-lnbits-key.sh

@@ -1,106 +1,209 @@
 #!/usr/bin/env bash
 # =============================================================================
 # Timmy node — fetch LNbits admin API key
-# Run this after LNbits is up and has been configured.
-# Prints the LNBITS_API_KEY to add to Replit secrets.
+#
+# Run this after LNbits is up and your LND wallet is initialised.
+# Prints LNBITS_URL and LNBITS_API_KEY to paste into Replit secrets.
+#
+# Compatibility:
+#   LNbits < 0.12  — auto-creates a wallet via superuser API
+#   LNbits >= 0.12 — superuser API removed; walks you through the Admin UI
 # =============================================================================
 set -euo pipefail
 
 LNBITS_LOCAL="http://127.0.0.1:5000"
 LNBITS_DATA_DIR="$HOME/.lnbits-data"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+SECRETS_FILE="$SCRIPT_DIR/.node-secrets"
 
 GREEN='\033[0;32m'; CYAN='\033[0;36m'; YELLOW='\033[1;33m'; RED='\033[0;31m'; NC='\033[0m'
 info() { echo -e "${CYAN}[keys]${NC} $*"; }
-ok()   { echo -e "${GREEN}[ok]${NC} $*"; }
+ok()   { echo -e "${GREEN}[ok]${NC}   $*"; }
 warn() { echo -e "${YELLOW}[warn]${NC} $*"; }
 die()  { echo -e "${RED}[error]${NC} $*" >&2; exit 1; }
 
-# Check LNbits is up
-curl -sf "$LNBITS_LOCAL/api/v1/health" &>/dev/null \
-  || die "LNbits not reachable at $LNBITS_LOCAL. Run 'bash start.sh' first."
+# ─── Helpers ─────────────────────────────────────────────────────────────────
 
-# ─── Try to get super user from env file ─────────────────────────────────────
-SUPER_USER=""
-if [[ -f "$LNBITS_DATA_DIR/.env" ]]; then
-  SUPER_USER=$(grep LNBITS_SUPER_USER "$LNBITS_DATA_DIR/.env" | cut -d= -f2 | tr -d '"' || true)
-fi
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-SECRETS_FILE="$SCRIPT_DIR/.node-secrets"
-[[ -f "$SECRETS_FILE" ]] && source "$SECRETS_FILE"
-SUPER_USER="${SUPER_USER:-${LNBITS_SUPER_USER:-}}"
-
-if [[ -z "$SUPER_USER" ]]; then
-  # LNbits auto-generates a superuser on first run — find it in the SQLite DB
-  DB_FILE=$(find "$LNBITS_DATA_DIR" -name "*.sqlite3" 2>/dev/null | head -1 || true)
-  if [[ -n "$DB_FILE" ]] && command -v sqlite3 &>/dev/null; then
-    SUPER_USER=$(sqlite3 "$DB_FILE" "SELECT id FROM accounts WHERE is_super_user=1 LIMIT 1;" 2>/dev/null || true)
+# Return 0 (true) if $1 >= $2 (semver comparison, macOS/BSD-safe)
+# Uses python3 when available (already required for JSON parsing elsewhere),
+# otherwise falls back to pure-bash numeric major.minor.patch comparison.
+version_gte() {
+  local v1="$1" v2="$2"
+  if command -v python3 &>/dev/null; then
+    python3 - "$v1" "$v2" <<'PYEOF'
+import sys
+def parse(v):
+    parts = v.strip().split(".")
+    return [int(x) for x in (parts + ["0","0","0"])[:3]]
+sys.exit(0 if parse(sys.argv[1]) >= parse(sys.argv[2]) else 1)
+PYEOF
+  else
+    # Pure-bash fallback: split on dots, compare numerically
+    local IFS=.
+    # shellcheck disable=SC2206
+    local a=($v1) b=($v2)
+    for i in 0 1 2; do
+      local av="${a[$i]:-0}" bv="${b[$i]:-0}"
+      if (( av > bv )); then return 0; fi
+      if (( av < bv )); then return 1; fi
+    done
+    return 0  # equal
   fi
-fi
+}
 
-if [[ -z "$SUPER_USER" ]]; then
-  # Last resort: check LNbits log for the first-run superuser line
-  LOG_FILE="$HOME/Library/Logs/timmy-node/lnbits.log"
-  if [[ -f "$LOG_FILE" ]]; then
-    SUPER_USER=$(grep -oE "super user id: [a-f0-9]+" "$LOG_FILE" | tail -1 | awk '{print $4}' || true)
-  fi
-fi
+# Print the export template the operator needs to paste into Replit Secrets
+print_export_template() {
+  local api_key="${1:-<paste-admin-key-here>}"
+  echo ""
+  echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+  echo -e "${GREEN}  Paste these into Replit Secrets:${NC}"
+  echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
+  echo ""
+  echo "  export LNBITS_URL=\"http://bore.pub:<PORT>\"   ← bore port from expose.sh"
+  echo "  export LNBITS_API_KEY=\"${api_key}\""
+  echo ""
+}
 
-if [[ -z "$SUPER_USER" ]]; then
-  warn "Could not auto-detect LNbits super user ID."
+# ─── Step 1: Confirm LNbits is reachable ─────────────────────────────────────
+
+info "Checking LNbits at $LNBITS_LOCAL …"
+HEALTH_JSON="$(curl -sf --max-time 6 "$LNBITS_LOCAL/api/v1/health" 2>/dev/null || true)"
+
+if [[ -z "$HEALTH_JSON" ]]; then
+  warn "LNbits is not reachable at $LNBITS_LOCAL (is it running?)."
+  warn "Showing manual setup instructions — run this script again once LNbits is up."
   echo ""
-  echo "  Visit: $LNBITS_LOCAL"
-  echo "  1. Create a wallet"
-  echo "  2. Go to Wallet → API Info"
-  echo "  3. Copy the Admin key"
+  echo "  Start LNbits, then re-run:"
+  echo "    bash $SCRIPT_DIR/get-lnbits-key.sh"
   echo ""
-  echo "  Then add to Replit:"
-  echo "  LNBITS_URL = http://bore.pub:<PORT>"
-  echo "  LNBITS_API_KEY = <admin-key>"
+  print_export_template
   exit 0
 fi
 
-info "Super user: $SUPER_USER"
+# ─── Step 2: Detect LNbits version ───────────────────────────────────────────
 
-# Create a wallet for Timmy via superuser API
-WALLET_RESPONSE=$(curl -sf -X POST "$LNBITS_LOCAL/api/v1/wallet" \
-  -H "Content-Type: application/json" \
-  -H "X-Api-Key: $SUPER_USER" \
-  -d '{"name":"Timmy"}' 2>/dev/null || true)
-
-if [[ -n "$WALLET_RESPONSE" ]]; then
-  ADMIN_KEY=$(echo "$WALLET_RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('adminkey',''))" 2>/dev/null || true)
-  INKEY=$(echo "$WALLET_RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('inkey',''))" 2>/dev/null || true)
-  WALLET_ID=$(echo "$WALLET_RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || true)
-
-  if [[ -n "$ADMIN_KEY" ]]; then
-    ok "Timmy wallet created (ID: $WALLET_ID)"
-    echo ""
-    echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
-    echo -e "${GREEN}  Add these to Replit secrets:${NC}"
-    echo -e "${GREEN}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
-    echo ""
-    echo "  LNBITS_URL      = http://bore.pub:<PORT>  ← from expose.sh"
-    echo "  LNBITS_API_KEY  = $ADMIN_KEY"
-    echo ""
-    echo "  Invoice key (read-only): $INKEY"
-    echo ""
-    # Save to secrets file
-    cat >> "$SECRETS_FILE" <<EOF
-LNBITS_WALLET_ID="$WALLET_ID"
-LNBITS_ADMIN_KEY="$ADMIN_KEY"
-LNBITS_INVOICE_KEY="$INKEY"
-EOF
-    ok "Keys saved to $SECRETS_FILE"
-    return 0 2>/dev/null || true
-  fi
+LNBITS_VERSION=""
+if command -v python3 &>/dev/null; then
+  LNBITS_VERSION="$(echo "$HEALTH_JSON" \
+    | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('server_version',''))" \
+    2>/dev/null || true)"
 fi
 
-# Fallback: just print the wallet URL
-warn "Could not create wallet automatically."
-echo ""
-echo "  Visit $LNBITS_LOCAL in your browser:"
-echo "  1. Create an account / wallet named 'Timmy'"
-echo "  2. Wallet → API Info → copy Admin key"
-echo "  3. Add to Replit: LNBITS_API_KEY = <admin key>"
-echo ""
+if [[ -z "$LNBITS_VERSION" ]]; then
+  warn "Could not parse server_version from health endpoint — assuming modern LNbits (>= 0.12)."
+  LNBITS_VERSION="0.12.0"
+fi
+
+info "LNbits version: ${LNBITS_VERSION}"
+
+# ─── Step 3: Version-branched key retrieval ───────────────────────────────────
+
+if version_gte "$LNBITS_VERSION" "0.12.0"; then
+  # ── LNbits >= 0.12 ─────────────────────────────────────────────────────────
+  # The superuser wallet API (POST /api/v1/wallet with X-Api-Key: <superuser>)
+  # was removed in 0.12. Use the Admin UI instead.
+
+  echo ""
+  warn "LNbits ${LNBITS_VERSION} — superuser API removed. Use the Admin UI:"
+  echo ""
+  echo "  1. Open the LNbits Admin UI in your browser:"
+  echo "       ${LNBITS_LOCAL}/admin"
+  echo ""
+  echo "  2. In the Admin UI sidebar, click Users → Create User"
+  echo "       Name: Timmy"
+  echo "       This creates a new user with a default wallet."
+  echo ""
+  echo "  3. Click on the Timmy user → open their wallet."
+  echo ""
+  echo "  4. In the wallet page, click the key icon (API Info)."
+  echo "       Copy the Admin key (not the Invoice key)."
+  echo ""
+  echo "  5. Paste the Admin key into Replit Secrets as LNBITS_API_KEY."
+  echo ""
+  print_export_template
+
+else
+  # ── LNbits < 0.12 ──────────────────────────────────────────────────────────
+  # Superuser API available — try to auto-create a Timmy wallet.
+
+  info "LNbits ${LNBITS_VERSION} — attempting automatic wallet creation…"
+
+  # Locate the super user ID (env file or secrets file)
+  SUPER_USER=""
+
+  if [[ -f "$LNBITS_DATA_DIR/.env" ]]; then
+    SUPER_USER="$(grep LNBITS_SUPER_USER "$LNBITS_DATA_DIR/.env" \
+      | cut -d= -f2 | tr -d '"' || true)"
+  fi
+
+  [[ -f "$SECRETS_FILE" ]] && source "$SECRETS_FILE"
+  SUPER_USER="${SUPER_USER:-${LNBITS_SUPER_USER:-}}"
+
+  if [[ -z "$SUPER_USER" ]]; then
+    # Last resort: grep the startup log for the first-run superuser line
+    LOG_FILE="$HOME/Library/Logs/timmy-node/lnbits.log"
+    if [[ -f "$LOG_FILE" ]]; then
+      SUPER_USER="$(grep -oE "super user id: [a-f0-9]+" "$LOG_FILE" \
+        | tail -1 | awk '{print $4}' || true)"
+    fi
+  fi
+
+  if [[ -z "$SUPER_USER" ]]; then
+    warn "Could not locate LNbits super user ID automatically."
+    echo ""
+    echo "  Visit ${LNBITS_LOCAL} and:"
+    echo "  1. Create a wallet"
+    echo "  2. Go to Wallet → API Info"
+    echo "  3. Copy the Admin key"
+    echo ""
+    print_export_template
+    exit 0
+  fi
+
+  info "Super user ID: ${SUPER_USER}"
+
+  # Create the Timmy wallet via superuser API
+  WALLET_RESPONSE="$(curl -sf -X POST "$LNBITS_LOCAL/api/v1/wallet" \
+    -H "Content-Type: application/json" \
+    -H "X-Api-Key: $SUPER_USER" \
+    -d '{"name":"Timmy"}' 2>/dev/null || true)"
+
+  if [[ -n "$WALLET_RESPONSE" ]]; then
+    ADMIN_KEY="$(echo "$WALLET_RESPONSE" \
+      | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('adminkey',''))" \
+      2>/dev/null || true)"
+    INKEY="$(echo "$WALLET_RESPONSE" \
+      | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('inkey',''))" \
+      2>/dev/null || true)"
+    WALLET_ID="$(echo "$WALLET_RESPONSE" \
+      | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" \
+      2>/dev/null || true)"
+
+    if [[ -n "$ADMIN_KEY" ]]; then
+      ok "Timmy wallet created (ID: ${WALLET_ID})"
+      echo "  Invoice key (read-only): ${INKEY}"
+
+      # Append to secrets file so future runs can skip this step
+      cat >> "$SECRETS_FILE" <<EOF
+LNBITS_WALLET_ID="${WALLET_ID}"
+LNBITS_ADMIN_KEY="${ADMIN_KEY}"
+LNBITS_INVOICE_KEY="${INKEY}"
+EOF
+      ok "Keys saved to ${SECRETS_FILE}"
+      print_export_template "$ADMIN_KEY"
+      exit 0
+    fi
+  fi
+
+  # Wallet API call failed even though super user was found
+  warn "Wallet creation API call failed."
+  echo ""
+  echo "  Visit ${LNBITS_LOCAL} and:"
+  echo "  1. Create a wallet named 'Timmy'"
+  echo "  2. Wallet → API Info → copy Admin key"
+  echo ""
+  print_export_template
+
+fi
+
+exit 0

scripts/bitcoin-ln-node/setup.sh

@@ -328,6 +328,11 @@ echo "  1. Create your LND wallet:  lncli --lnddir=$LND_DIR create"
 echo "  2. Check sync status:       bash $SCRIPT_DIR/status.sh"
 echo "  3. Once synced, get key:    bash $SCRIPT_DIR/get-lnbits-key.sh"
 echo ""
+echo "  LNbits key retrieval (get-lnbits-key.sh):"
+echo "  • LNbits < 0.12  — auto-creates a wallet via the superuser API"
+echo "  • LNbits >= 0.12 — superuser API removed; script walks you through"
+echo "                     the Admin UI at http://localhost:5000/admin"
+echo ""
 echo "  Secrets are in: $SECRETS_FILE"
 echo "  Logs are in:    $LOG_DIR/"
 echo ""

scripts/push-to-gitea.sh

@@ -0,0 +1,155 @@
+#!/usr/bin/env bash
+# =============================================================================
+# push-to-gitea.sh — Push current branch to local Gitea via bore tunnel
+#
+# Usage:
+#   bash scripts/push-to-gitea.sh [PORT]
+#
+# PORT is the bore.pub port shown when bore starts on your Mac:
+#   bore local 3000 --to bore.pub
+#   → "listening at bore.pub:NNNNN"
+#
+# If PORT is supplied it is saved to .bore-port for future calls.
+# If PORT is omitted the script tries (in order):
+#   1. .bore-port file in repo root
+#   2. Port embedded in the current 'gitea' remote URL
+# =============================================================================
+set -euo pipefail
+
+GITEA_HOST="bore.pub"
+GITEA_USER="${GITEA_USER:-replit}"
+
+# ─── Load token ───────────────────────────────────────────────────────────────
+# Token is never hard-coded. Resolution order:
+#   1. GITEA_TOKEN env var (export before running, or set in shell profile)
+#   2. .gitea-credentials file in repo root (gitignored, one line: the token)
+REPO_ROOT="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
+CREDS_FILE="$REPO_ROOT/.gitea-credentials"
+
+if [[ -z "${GITEA_TOKEN:-}" && -f "$CREDS_FILE" ]]; then
+  GITEA_TOKEN="$(tr -d '[:space:]' < "$CREDS_FILE")"
+fi
+
+if [[ -z "${GITEA_TOKEN:-}" ]]; then
+  echo -e "\033[0;31m[error]\033[0m GITEA_TOKEN is not set." >&2
+  echo "" >&2
+  echo "  Set it in one of two ways:" >&2
+  echo "" >&2
+  echo "  a) Export in your shell:" >&2
+  echo "       export GITEA_TOKEN=<your-token>" >&2
+  echo "" >&2
+  echo "  b) Save to a gitignored credentials file:" >&2
+  echo "       echo <your-token> > .gitea-credentials" >&2
+  echo "" >&2
+  echo "  Get your token from: http://bore.pub:<PORT>/user/settings/applications" >&2
+  exit 1
+fi
+
+BORE_PORT_FILE="$REPO_ROOT/.bore-port"
+
+RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'; CYAN='\033[0;36m'; NC='\033[0m'
+info() { echo -e "${CYAN}[gitea]${NC} $*"; }
+ok()   { echo -e "${GREEN}[ok]${NC}    $*"; }
+warn() { echo -e "${YELLOW}[warn]${NC}  $*"; }
+die()  { echo -e "${RED}[error]${NC} $*" >&2; exit 1; }
+
+# ─── 1. Resolve bore port ────────────────────────────────────────────────────
+
+PORT=""
+
+if [[ -n "${1:-}" ]]; then
+  PORT="$1"
+  echo "$PORT" > "$BORE_PORT_FILE"
+  info "Port $PORT saved to .bore-port for future calls."
+
+elif [[ -f "$BORE_PORT_FILE" ]]; then
+  PORT="$(tr -d '[:space:]' < "$BORE_PORT_FILE")"
+  info "Using port $PORT from .bore-port"
+
+else
+  # Fall back to whatever port is currently in the gitea remote URL
+  CURRENT_REMOTE="$(git -C "$REPO_ROOT" remote get-url gitea 2>/dev/null || true)"
+  if [[ "$CURRENT_REMOTE" =~ :([0-9]{4,6})/ ]]; then
+    PORT="${BASH_REMATCH[1]}"
+    warn "No .bore-port file — trying last-known port $PORT from git remote."
+  fi
+fi
+
+if [[ -z "$PORT" ]]; then
+  die "Cannot determine bore port.
+
+  Start bore on your Mac:
+    bore local 3000 --to bore.pub
+    → note the port shown (e.g. 61049)
+
+  Then either:
+    Pass the port once:   bash scripts/push-to-gitea.sh <PORT>
+    Or save it manually:  echo <PORT> > .bore-port"
+fi
+
+# ─── 2. Verify Gitea is reachable ────────────────────────────────────────────
+
+GITEA_BASE="http://${GITEA_HOST}:${PORT}"
+info "Checking Gitea at ${GITEA_BASE} …"
+
+if ! curl -sf --max-time 6 "${GITEA_BASE}/api/v1/version" -o /dev/null 2>/dev/null; then
+  die "Gitea is not reachable at ${GITEA_BASE}.
+
+  If the bore port changed, pass the new port:
+    bash scripts/push-to-gitea.sh <NEW_PORT>
+
+  If bore is not running on your Mac, start it:
+    bore local 3000 --to bore.pub"
+fi
+
+ok "Gitea reachable at ${GITEA_BASE}"
+
+# ─── 3. Detect repo and branch ───────────────────────────────────────────────
+
+# Prefer the repo name from the existing gitea remote URL — the Replit
+# workspace directory name ('workspace') does not match the Gitea repo name.
+EXISTING_REMOTE="$(git -C "$REPO_ROOT" remote get-url gitea 2>/dev/null || true)"
+if [[ "$EXISTING_REMOTE" =~ /([^/]+)\.git$ ]]; then
+  REPO_NAME="${BASH_REMATCH[1]}"
+else
+  REPO_NAME="$(basename "$REPO_ROOT")"
+fi
+
+BRANCH="$(git -C "$REPO_ROOT" rev-parse --abbrev-ref HEAD)"
+
+if [[ "$BRANCH" == "HEAD" ]]; then
+  die "Detached HEAD state — check out a branch before pushing."
+fi
+
+REMOTE_URL="${GITEA_BASE}/${GITEA_USER}/${REPO_NAME}.git"
+REMOTE_URL_WITH_CREDS="http://${GITEA_USER}:${GITEA_TOKEN}@${GITEA_HOST}:${PORT}/${GITEA_USER}/${REPO_NAME}.git"
+
+info "Repo:   ${REPO_NAME}"
+info "Branch: ${BRANCH}"
+
+# ─── 4. Update (or add) the gitea remote ─────────────────────────────────────
+
+if git -C "$REPO_ROOT" remote get-url gitea &>/dev/null; then
+  git -C "$REPO_ROOT" remote set-url gitea "$REMOTE_URL_WITH_CREDS"
+else
+  git -C "$REPO_ROOT" remote add gitea "$REMOTE_URL_WITH_CREDS"
+  info "Added 'gitea' remote."
+fi
+
+# ─── 5. Push ─────────────────────────────────────────────────────────────────
+
+info "Pushing ${BRANCH} → gitea …"
+echo ""
+
+if git -C "$REPO_ROOT" push gitea "HEAD:${BRANCH}"; then
+  echo ""
+  ok "Pushed ${BRANCH} successfully."
+  echo ""
+  echo "  Branch:  ${GITEA_BASE}/${GITEA_USER}/${REPO_NAME}/src/branch/${BRANCH}"
+  echo "  Open PR: ${GITEA_BASE}/${GITEA_USER}/${REPO_NAME}/compare/main...${BRANCH}"
+  echo ""
+else
+  EXIT_CODE=$?
+  echo ""
+  die "git push failed (exit ${EXIT_CODE}). See error above."
+fi