arcodange-org/erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3f0586c77e6310c66e25626c6cde169a63891ca
erp/.claude/skills/dolibarr-sandbox-checkpoint/scripts/checkpoint-provision.sh
Gabriel Radureau 275a59b478 feat(skills,cli): dolibarr-sandbox-checkpoint — manage the sandbox iso-prod checkpoint 
A skill + CLI group to drive the ADR-0003 sandbox lifecycle, instead of the manual
kubectl/deno/.env dance:

  arcodange sandbox checkpoint status       # liveness + is the write agent armed?
  arcodange sandbox checkpoint refresh --yes # re-seed iso-prod (DESTRUCTIVE, gated)
  arcodange sandbox checkpoint provision     # re-create ai_agent_sandbox (Playwright) + relink
  arcodange sandbox checkpoint relink-env    # rewrite write skill .env from the key + verify

- refresh wraps ops/sandbox/sandbox-lifecycle.sh; requires --yes (it wipes the agent
  too, since iso-prod overwrites llx_user). --db-only skips the documents sync.
- provision runs test/provisionSandbox.ts (you do the admin login — PROD creds,
  iso-prod) then auto-relinks; relink-env writes .env mode 600 and verifies via
  GET /users/info.
- scripts resolve the repo root from ARCO_ROOT (set by bin/arcodange) or their own
  path, so they work via the CLI or standalone.

Tested: status reports armed/not-armed correctly; refresh refuses without --yes
(exit 3); relink-env errors with no key (exit 1); help/usage wired.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-30 07:19:59 +02:00

24 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Re-provision the ai_agent_sandbox write user after a refresh, then relink the
# write skill .env. Runs the Playwright POC (test/provisionSandbox.ts): it opens a
# browser — YOU complete the admin login.
#
# IMPORTANT: the sandbox is iso-prod, so log in with the PROD admin credentials.
# Those come from test/.env.sandbox (DOLI_ADMIN_LOGIN / DOLI_ADMIN_PASSWORD) — make
# sure they are prod's. The POC re-grants the agent's rights (incl. banque lire) and
# writes the new key to test/.ai_agent_sandbox.key.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT="${ARCO_ROOT:-$(cd "${SCRIPT_DIR}/../../../.." && pwd)}"
POC="${ROOT}/test/provisionSandbox.ts"
command -v deno >/dev/null || { echo "checkpoint-provision: deno not found (https://deno.land)" >&2; exit 1; }
[[ -f "${POC}" ]] || { echo "checkpoint-provision: missing ${POC}" >&2; exit 1; }
[[ -f "${ROOT}/test/.env.sandbox" ]] || echo "checkpoint-provision: WARN no test/.env.sandbox (admin creds) — login may fail" >&2
echo ">>> launching provisionSandbox.ts — complete the admin login in the browser (use PROD admin creds)"
( cd "${ROOT}/test" && deno run --allow-all provisionSandbox.ts )
echo ">>> provisioning finished; relinking the write skill .env"
exec "${SCRIPT_DIR}/checkpoint-relink-env.sh"
Reference in New Issue View Git Blame Copy Permalink