bryan/cloverleaf-larry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4f1ea86051
cloverleaf-larry/MANIFEST
Bryan Johnson 31ffae6f36 v0.8.4: installer/updater detects HTML-sign-in-page responses and fails loud 
Hardens the installer + auto-updater against the Gitea private-repo trap
(Clover #5 diagnosis): an unauthenticated raw-file read of a sign-in-gated
Gitea returns the HTML Sign-In page at HTTP 200, which `curl -fsSL` treats as
success — so the old code parsed HTML as VERSION/MANIFEST/larry.sh content and
silently aborted (or overwrote real files with HTML). This stranded a work-box
at v0.7.3 until the REQUIRE_SIGNIN_VIEW=false flip.

- New lib/fetch-safe.sh: fetch_validate URL DEST KIND [MAX_TIME]. Detects the
  HTML-login trap (DOCTYPE/<html/"Sign In - Gitea"/<title>Sign In markers, or
  text/html Content-Type) and validates content shape per file type (semver
  VERSION, path-list MANIFEST, shebang larry.sh, non-HTML .sh). On failure:
  actionable error + non-zero, target file left untouched.
- install-larry.sh (curl|bash bootstrap) and larry.sh self_update() each carry
  a byte-identical inline copy (both run before lib/ can be sourced).
- Every remote-content fetch routed through the validator: install fetch();
  agent fetch; sync_from_manifest MANIFEST + per-file; _fetch_with_fallback.
- Optional LARRY_GITEA_TOKEN / GITEA_TOKEN env var adds Authorization: token
  <PAT> for authenticated fetch against private repos. Never hardcoded/logged.
  Documented in --help + MANUAL.md.

Co-Authored-By: Clover (Claude Opus 4.7) <noreply@anthropic.com>
2026-05-27 20:28:58 -07:00

86 lines
2.1 KiB
Plaintext
Raw Blame History

# larry-anywhere update manifest
# Format: one path per line, relative to the bundle root.
# Lines starting with '#' and blank lines are ignored.
# Every file listed here is auto-synced by larry.sh's self_update() each time
# the running larry.sh version changes (and on first launch of a new version).
#
# To add a new file to the auto-sync set: list it here and bump VERSION.
# Top-level scripts
larry.sh
larry-tunnel.sh
larry-auth.sh
larry-rollback.sh
install-larry.sh
# Metadata
VERSION
MANUAL.md
CHANGELOG.md
# Agent personas (system-prompt overlays)
agents/larry.md
agents/clover.md
agents/cloverleaf-cheatsheet.md
agents/regress.md
# Cygwin/MobaXterm CR-taint defense primitives (sourced by every tool)
lib/cygwin-safe.sh
# v0.8.4: content-validating fetch (HTML-sign-in-page trap detection + per-
# file-type shape checks) for the installer/auto-updater. Canonical home of the
# validators that install-larry.sh and larry.sh also carry inline (pre-source).
lib/fetch-safe.sh
# Auth implementation
lib/oauth.sh
# Secure SSH with ControlMaster (password hidden from Larry-the-LLM)
lib/ssh-helper.sh
# Logging / capture
lib/lessons.sh
lib/journal.sh
# HL7 utilities
lib/hl7-sanitize.sh
lib/hl7-desanitize.sh
lib/hl7-diff.sh
lib/hl7-field.sh
lib/hl7-schema.sh
# v0.8.2: Microsoft Presidio sidecar (optional, opt-in install).
# Closes V1 free-text PHI gap from Vera's audit. Requires Python 3.9+ and
# pip install presidio_analyzer + presidio_anonymizer + fastapi + uvicorn
# + spaCy en_core_web_sm. install-larry.sh offers to install on first run.
# Larry's tier-5 silently skips when sidecar is unreachable, so syncing
# these files is safe even on hosts where Python deps aren't installed.
lib/phi-presidio-sidecar.py
lib/phi-sidecar.sh
lib/phi-client.sh
# Generic helpers
lib/each.sh
lib/each-site.sh
lib/len2nl.sh
lib/csv-to-table.sh
lib/table-to-csv.sh
# NetConfig tooling
lib/nc-engine.sh
lib/nc-status.sh
lib/nc-table.sh
lib/nc-xlate.sh
lib/nc-smat-diff.sh
lib/nc-create-thread.sh
lib/nc-tclgen.sh
lib/nc-parse.sh
lib/nc-inbound.sh
lib/nc-make-jump.sh
lib/nc-msgs.sh
lib/nc-document.sh
lib/nc-diff-interface.sh
lib/nc-find.sh
lib/nc-insert-protocol.sh
lib/nc-regression.sh
Reference in New Issue View Git Blame Copy Permalink