arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(skills,cli): dolibarr-sandbox-checkpoint — manage the sandbox iso-prod checkpoint

Browse Source 
A skill + CLI group to drive the ADR-0003 sandbox lifecycle, instead of the manual
kubectl/deno/.env dance:

  arcodange sandbox checkpoint status       # liveness + is the write agent armed?
  arcodange sandbox checkpoint refresh --yes # re-seed iso-prod (DESTRUCTIVE, gated)
  arcodange sandbox checkpoint provision     # re-create ai_agent_sandbox (Playwright) + relink
  arcodange sandbox checkpoint relink-env    # rewrite write skill .env from the key + verify

- refresh wraps ops/sandbox/sandbox-lifecycle.sh; requires --yes (it wipes the agent
  too, since iso-prod overwrites llx_user). --db-only skips the documents sync.
- provision runs test/provisionSandbox.ts (you do the admin login — PROD creds,
  iso-prod) then auto-relinks; relink-env writes .env mode 600 and verifies via
  GET /users/info.
- scripts resolve the repo root from ARCO_ROOT (set by bin/arcodange) or their own
  path, so they work via the CLI or standalone.

Tested: status reports armed/not-armed correctly; refresh refuses without --yes
(exit 3); relink-env errors with no key (exit 1); help/usage wired.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Gabriel Radureau
2026-06-30 07:19:59 +02:00
parent d31e995acd
commit 275a59b478
6 changed files with 224 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.claude/skills/dolibarr-sandbox-checkpoint/scripts/checkpoint-status.sh Executable file
View File

@@ -0,0 +1,32 @@
#!/usr/bin/env bash
# Report the erp-sandbox checkpoint state: HTTP liveness + whether the write agent
# (ai_agent_sandbox) is armed (its key authenticates). Read-only, no cluster access.
set -uo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT="${ARCO_ROOT:-$(cd "${SCRIPT_DIR}/../../../.." && pwd)}"
SB_URL="${DOLIBARR_SANDBOX_URL:-https://erp-sandbox.arcodange.lab}"
WRITE_ENV="${ROOT}/.claude/skills/dolibarr-sandbox-write/.env"
DOLW="${ROOT}/.claude/skills/dolibarr-sandbox-write/scripts/dol-write.sh"
KEY="${ROOT}/test/.ai_agent_sandbox.key"
echo "erp-sandbox checkpoint status"
code=$(curl -s -o /dev/null -w '%{http_code}' --max-time 10 "${SB_URL}/" 2>/dev/null || echo "---")
echo " HTTP : ${code} (${SB_URL})"
echo " agent key file : $([ -s "${KEY}" ] && echo "present" || echo "absent (provision needed)")"
if [[ -f "${WRITE_ENV}" ]]; then
echo " write .env : present"
printf ' write agent : '
"${DOLW}" GET /users/info 2>/dev/null | python3 -c "import json,sys
try:
d = json.load(sys.stdin)
except Exception:
print('NOT armed — no/invalid response'); sys.exit(0)
if isinstance(d, dict) and d.get('login'):
print('ARMED — login=%s id=%s' % (d['login'], d.get('id')))
else:
msg = d.get('error', {}).get('message', '?') if isinstance(d, dict) else 'unexpected'
print('NOT armed — %s' % msg[:80])"
else
echo " write .env : ABSENT"
echo " write agent : not linked — run 'arcodange sandbox checkpoint relink-env' after provisioning"
fi