bryan/cloverleaf-larry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47 Commits 1 Branch 0 Tags 7.9 MiB
fe2f67a1aa
Commit Graph

4 Commits

Author SHA1 Message Date
Bryan Johnson
fe2f67a1aa v0.8.13: $HCIROOT login-shell fix + both-mode detection + list_sites/sites + per-delta jq-fork slowness fix 
Root-cause fix for the live-session friction where "how many sites are on
qa?" stalled on repeated `export $HCIROOT` nags despite a working `qa` SSH
alias:

1. $HCIROOT login-shell fix: ssh-helper.sh `exec` now wraps remote commands in
   `bash -lc` so the Cloverleaf login profile sources and $HCIROOT/$HCISITE/PATH
   populate as for an interactive operator login. Escape hatch: NOLOGIN prefix
   or LARRY_SSH_NO_LOGIN=1. pull-smat find/sample use the same wrapper.
2. Both-mode detection: startup surfaces a MODE= line (LOCAL / REMOTE / UNKNOWN)
   and leads with what it found instead of asking for paths.
3. First-class list_sites tool + /sites [alias]: enumerates sites in both modes
   (hcisitelist fast-path, NetConfig-walk fallback) via new ssh-helper discover.
4. System-prompt de-nagging: agents/larry.md + env-diff/regression prompts no
   longer tell Larry to ask Bryan to export $HCIROOT for a reachable host.
5. Streaming slowness (dominant residual): new pure-bash _json_str_decode
   un-escapes the common escape-free delta with zero forks, halving per-turn
   jq forks on top of v0.8.12. Round-trip verified.
6. pull-smat path capture hardened (Vera Minor #1): resolved path now emitted
   behind a SMATDB_PATH: sentinel and selected by pattern not position, so a
   login-shell MOTD/banner on stdout can't be mistaken for the path; falls back
   to prior tail -1 when no sentinel present. Selection logic unit-verified.

Vera gate: PASS-WITH-NOTES (v0.8.13). bash -n clean on larry.sh + ssh-helper.sh;
MANIFEST regenerated (48 entries) and --check clean.

Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>
 2026-05-28 07:40:53 -07:00
Bryan Johnson
9dd5821436 v0.7.5: OAuth CR-taint fix + mouse opt-in + CR-safety sweep 
- Fix bash arithmetic crash on MobaXterm/Cygwin: $(date +%s) was
  returning CR-tainted values landing in $(( )) operands
- Mouse mode off by default; opt in via LARRY_MOUSE=1 or /mouse on
- Comprehensive CR-safety sweep across lib/*.sh and larry.sh — every
  command-substitution result, file read, and user input that feeds
  an arithmetic context, case dispatcher, or path/header is now
  CR-stripped at the source

New shared helper lib/cygwin-safe.sh defines three primitives:
  coerce_int VAL [DEFAULT]   — for arithmetic / integer-test operands
  strip_cr VAL               — for case patterns, regex tests, paths, headers
  read_clean VAR [PROMPT]    — read -r wrapper that strips CR pre-assign

Hardened call sites (14 files, 60+ patch points):
  - larry.sh:  status-line date/tput, 3 y/N approvals, auth menu, API key
  - lib/oauth.sh:  cmd_login + cmd_refresh date+%s captures
  - lib/nc-engine.sh:  5 y/N action prompts + find|wc arithmetic
  - lib/nc-msgs.sh:  parse_time_ms (4 date sites) + meta-TSV time + MSG_COUNT
  - lib/nc-regression.sh:  tr|wc count + hl7-diff ?-fallback arithmetic
  - lib/nc-smat-diff.sh:  A_COUNT/B_COUNT/DIFFS_TOTAL
  - lib/nc-insert-protocol.sh:  every awk-emitted line number → head/tail math
  - lib/journal.sh:  _next_seq wc -l arithmetic
  - lib/lessons.sh:  _next_id/_count + 2 y/N prompts
  - lib/hl7-sanitize.sh:  cmd_count + clear-table y/N
  - lib/ssh-helper.sh:  4 local+remote wc -c integer compares
  - lib/nc-find.sh, lib/nc-table.sh, lib/nc-document.sh, larry-rollback.sh

Reproduces the exact error Bryan hit:
  bash: ...: arithmetic syntax error: invalid arithmetic operator (error token is "")

lib/cygwin-safe.sh added to MANIFEST so it auto-syncs on next launch.

Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>
 2026-05-27 19:17:48 -07:00
Bryan Johnson
1709655a9c v0.6.8: cross-env Cloverleaf workflows over SSH ControlMaster 
Closes the gap between v0.6.7's ssh_exec/ssh_status primitives and the local
nc_* tools, so Bryan's two motivating workflows compose cleanly:

  1. "Compare the ADT site NetConfig on qa to dev"
  2. "Grab smat files from dev and bring to qa for regression testing"

ssh_pull, ssh_push (lib/ssh-helper.sh + larry.sh):
  scp via the existing ControlMaster socket — no second auth, no second TCP
  handshake. Master-not-open and missing-remote-file paths fail with explicit
  messages ("open the master with /ssh-setup <alias> first"). Pull caches to
  /tmp/larry-pulls/<alias>.<basename>.<hash-of-remote-path> when local_path is
  omitted, so repeat pulls of the same remote file are idempotent. Validates
  byte counts post-transfer to catch partial transfers.

ssh_pull_smat (lib/ssh-helper.sh + larry.sh):
  Cloverleaf-aware smatdb pull. Full mode scp's the entire .smatdb;
  sampled mode (days_back=N) runs sqlite3 server-side via ssh_exec to extract
  up to 1000 recent messages as TSV with base64-encoded MessageContent blobs
  (verified end-to-end with a synthetic smatdb fixture matching nc-msgs.sh's
  smat_msgs schema). Avoids transferring multi-GB archives when only N
  samples are needed.

nc_diff_interface tool (newly wired):
  Promotes lib/nc-diff-interface.sh into the LLM-callable tool surface. Used
  by the new /nc-diff-env slash command for workflow #1.

nc_regression cross-env (lib/nc-regression.sh + larry.sh):
  source_ssh_alias / target_ssh_alias args. Phase 1 (discovery) and Phase 2
  (sample) run via ssh_exec + ssh_pull / ssh_pull_smat against the source
  alias. Phase 3/4 (route_test) push inputs over and pull outputs back via
  ssh_push / ssh_pull. Phases 5/6 (diff + summary) stay local. Reports
  reference the SSH alias names rather than raw user@host strings.

/nc-diff-env and /nc-regression-env slash commands (larry.sh):
  Templated prompts to Larry-the-LLM that explicitly cite the motivating
  workflows, call out ssh_status / ssh_pull / nc_diff_interface and the
  nc_regression cross-env fields. Registered in _LARRY_SLASH_CMDS +
  _LARRY_SLASH_CMDS_DESC + /help per v0.6.7 patterns.

Bug fix unearthed during cross-env work:
  lib/nc-regression.sh phase_5 / phase_6 used printf 'FORMAT' where FORMAT
  begins with '- '. bash 3.2 (macOS default) reads the leading '-' as a bad
  option and emits nothing — silently dropping the entire "Configuration"
  section of regression-summary.md. Switched the affected lines to
  printf -- 'FORMAT' so the format string is unambiguous.

Tool/slash surface deltas vs v0.6.7:
  Tools: 31 → 35 (+ssh_pull, +ssh_push, +ssh_pull_smat, +nc_diff_interface)
  Slash commands: 34 → 36 (+/nc-diff-env, +/nc-regression-env)

Updated tool descriptions for read_file, grep_files, nc_msgs to point at
ssh_pull / ssh_pull_smat as the cross-env pre-step so Larry-the-LLM picks
the right chain on the first attempt.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-27 15:52:58 -07:00
Bryan Johnson
f58bcf711f v0.6.0: secure SSH ControlMaster — password hidden from Larry-the-LLM 
NEW lib/ssh-helper.sh implements the full SSH command surface:
  hosts/list                              show configured remote hosts
  add <alias> <user@host[:port]>          register a new host
  remove <alias>                          remove + clean cred + socket
  pass <alias>                            set/update password (hidden interactive)
  setup <alias>                           open long-lived ControlMaster
  close <alias>                           close ControlMaster
  status [alias]                          show open masters + cred presence
  exec <alias> <command...>               run command via master

Architecture:
  • $LARRY_HOME/.ssh-hosts.tsv      — alias \t user@host \t port (3-col)
  • $LARRY_HOME/.ssh-creds/<alias>  — raw password, mode 0600
  • $LARRY_HOME/.ssh-sockets/<alias>.sock — ControlMaster socket

The password is read from disk by sshpass via -f (file argument), so it
never lands in argv or environment. It is used ONCE to open the master;
all subsequent execs multiplex through the socket with no auth. Daily-
rotating passwords: just overwrite the cred file and re-run setup.

SLASH COMMANDS wired in larry.sh REPL: /ssh-hosts /ssh-add /ssh-remove
/ssh-pass /ssh-setup /ssh-close /ssh-status /ssh <alias> <cmd>.

LARRY TOOLS exposed to the LLM:
  ssh_status      — list aliases + open-master state
  ssh_exec        — run command on remote via the master socket
Both tool descriptions explicitly tell Larry the password is unreachable
and to ask Bryan to run /ssh-setup if a master is closed. Tool inputs
and outputs never contain the password. Output capped at max_lines
(default 500) with a "[ssh_exec: exit rc=N]" footer.

Bundle updated: MANIFEST + install-larry.sh both now include
lib/ssh-helper.sh. Auto-update will pull it on next launch.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-27 10:28:37 -07:00