v1.4.0#4
Merged
Merged
Conversation
Tunnel feature (new): - dashboard/tunnel.php: provider-agnostic tunnel UI with Cloudflare quick tunnel, manual URL management, recent URLs, uptime timer, auto-refresh polling, log viewer, browser notifications, and inline connectivity testing with result alerts - dashboard/index.php: tunnel API endpoints (start, stop, configure, test, logs, status) with cloudflared process lifecycle management - dashboard/start-dev.sh: cleanup trap to kill orphaned cloudflared on dashboard shutdown AWS reports backend (new): - dashboard/aws.php: AWS report execution backend and API handlers - dashboard/aws_ui.php: AWS reports UI with overview cards, tabbed results, cost analysis with inline bar visualization, rightsizing, security scanning, and CLI runner - lib/aws/_aws-common.sh: shared AWS auth and env loader - lib/aws/aws-costs.sh: Cost Explorer analysis script - lib/aws/aws-rightsizing.sh: CloudWatch rightsizing analysis - lib/aws/aws-security.sh: WAF, IAM, SG, S3, and secrets scan - lib/aws/aws-cli.sh: updated AWS CLI wrapper - .env.example: AWS credential template Dashboard UI improvements: - Shared CSS patterns: status badges, result alerts with slide-in animation, collapsible sections, focus-visible outlines - Tunnel page: full-width status hero card, click-to-copy URL, collapsible logs/notes/request details, result-alert test feedback - Main dashboard: terminal completion and stop alerts, sidebar running indicator with accent border, centered welcome state, consistent collapsible chevrons - AWS reports: hero treatment for total cost card, inline bar visualization in cost tables, active tab-to-card connection, last-run status line, overview card hover states - Cross-cutting: consistent back navigation text, icon-only theme toggles, button vertical centering fix, stop button disabled state neutralized, tunnel button with visible label
… and shared UI patterns
There was a problem hiding this comment.
Pull request overview
This PR releases v1.4.0 by expanding the DevEx dashboard with (1) a provider-agnostic tunnel management UI + API, and (2) an AWS “reports console” that can run cost/rightsizing/security scans and a wrapped AWS CLI/Terraform runner, alongside UI refreshes and AWS script refactors.
Changes:
- Added tunnel management page (Cloudflare quick tunnel + manual URLs) with new
/api/tunnel-*endpoints and dev cleanup. - Added AWS reports page + backend API to run AWS shell scripts and display formatted output.
- Introduced shared AWS
.env/auth loader and added new AWS cost/rightsizing/security scripts.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
lib/aws/_aws-common.sh |
Shared .env loading + AWS auth/profile setup for AWS scripts. |
lib/aws/aws-cli.sh |
Refactored AWS/Terraform wrapper to use shared auth loader and improved help/dispatch. |
lib/aws/aws-costs.sh |
New Cost Explorer summary + inventory snapshot script. |
lib/aws/aws-rightsizing.sh |
New CloudWatch-driven rightsizing advisor script across RDS/ECS/ALB/NAT/EC2/logs. |
lib/aws/aws-security.sh |
New read-only security posture scan script with findings summary. |
dashboard/index.php |
Added tunnel and AWS routes + tunnel process/log/test management endpoints. |
dashboard/frontend.php |
Added tunnel UI integration, shared UI patterns, and a link to AWS Reports. |
dashboard/tunnel.php |
New tunnel UI fragments (CSS/HTML/JS). |
dashboard/aws.php |
AWS reports API runner + report registry (and includes UI renderer). |
dashboard/start-dev.sh |
Added exit trap to kill orphaned cloudflared tunnel processes. |
.env.example |
Added AWS credential placeholders. |
CHANGELOG.md |
Documented v1.4.0 features and UI changes. |
Comment on lines
+459
to
+480
| function handleApiTunnelStart(): void | ||
| { | ||
| $existing = readTunnelState(); | ||
| if ($existing !== null && ($existing['provider'] ?? '') === 'cloudflare' && isset($existing['url'])) { | ||
| jsonResponse(tunnelStatusPayload($existing)); | ||
| return; | ||
| } | ||
|
|
||
| $cloudflared = findCloudflaredBinary(); | ||
| if ($cloudflared === null) { | ||
| jsonResponse(['error' => 'cloudflared is not installed or not on PATH'], 500); | ||
| return; | ||
| } | ||
|
|
||
| $body = getJsonBody(); | ||
| $target = trim((string) ($body['target'] ?? getDefaultTunnelTarget())); | ||
| if (filter_var($target, FILTER_VALIDATE_URL) === false) { | ||
| jsonResponse(['error' => 'Tunnel target must be a valid absolute URL'], 400); | ||
| return; | ||
| } | ||
|
|
||
| handleApiTunnelStop(true); |
Comment on lines
+452
to
+455
| $content = (string) file_get_contents($logFile); | ||
| if (strlen($content) > 4096) { | ||
| $content = substr($content, -4096); | ||
| } |
There was a problem hiding this comment.
Pull request overview
This PR delivers the v1.4.0 dashboard release, adding a tunnel management surface and an AWS “reports console”, plus supporting AWS CLI script refactors and shared UI patterns.
Changes:
- Adds a provider-agnostic tunnel UI + API (Cloudflare quick tunnel, manual URLs, logs, connectivity tests).
- Introduces an AWS reports page with a backend runner for cost/rightsizing/security/CLI reports.
- Refactors AWS shell tooling with a shared
.env/auth loader and more consistent wrappers.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
dashboard/index.php |
Adds tunnel API endpoints + routing for the AWS reports handler. |
dashboard/frontend.php |
Integrates tunnel UI into the main dashboard and adds shared UI patterns/alerts. |
dashboard/tunnel.php |
New tunnel UI fragments (CSS/HTML/JS) for the dashboard. |
dashboard/start-dev.sh |
Ensures cloudflared tunnel processes are cleaned up on exit. |
dashboard/aws.php |
AWS report registry + backend execution endpoint (/api/aws/run). |
dashboard/aws_ui.php |
AWS reports UI (tabs, caching last output, theming). |
lib/aws/_aws-common.sh |
New shared .env loader + auth/profile selection helpers for AWS scripts. |
lib/aws/aws-cli.sh |
Updates wrapper to use shared auth loading and adds Terraform handling. |
lib/aws/aws-costs.sh |
New Cost Explorer summary + inventory snapshot script. |
lib/aws/aws-rightsizing.sh |
New rightsizing advisor script pulling CloudWatch metrics. |
lib/aws/aws-security.sh |
New read-only security posture scan script. |
.env.example |
Adds AWS credential placeholders. |
CHANGELOG.md |
Documents v1.4.0 features and UI changes. |
Comment on lines
+78
to
+82
| if [[ "$_env_file_has_aws_session_token" == true ]]; then | ||
| export AWS_SESSION_TOKEN | ||
| else | ||
| unset AWS_SESSION_TOKEN 2>/dev/null || true | ||
| fi |
Comment on lines
+370
to
+393
| header('Content-Type: text/html; charset=UTF-8'); | ||
|
|
||
| $projectTitle = htmlspecialchars(PROJECT_NAME, ENT_QUOTES); | ||
| $envLabel = htmlspecialchars(ENV_NAME, ENT_QUOTES); | ||
| $envFilePath = SCRIPTS_DIR . '/.env'; | ||
| $envExamplePath = SCRIPTS_DIR . '/.env.example'; | ||
| $hasEnvFile = is_file($envFilePath); | ||
| $reportsJson = json_encode(getAwsReportRegistry(), JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE); | ||
| if (!is_string($reportsJson)) { | ||
| $reportsJson = '{}'; | ||
| } | ||
|
|
||
| echo '<!DOCTYPE html>'; | ||
| echo '<html lang="en" data-theme="light">'; | ||
| echo '<head>'; | ||
| echo '<meta charset="UTF-8">'; | ||
| echo '<meta name="viewport" content="width=device-width, initial-scale=1.0">'; | ||
| echo '<title>AWS Reports - ' . $projectTitle . '</title>'; | ||
| echo '<script>document.documentElement.setAttribute("data-theme", localStorage.getItem("devex_dash_theme") || "light");</script>'; | ||
| echo '<link rel="preconnect" href="https://fonts.googleapis.com">'; | ||
| echo '<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>'; | ||
| echo '<link href="https://fonts.googleapis.com/css2?family=Manrope:wght@500;600;700;800&family=IBM+Plex+Mono:wght@400;500&display=swap" rel="stylesheet">'; | ||
| echo <<<'CSS' | ||
| <style> |
Comment on lines
+344
to
+357
| clusters=$(aws ecs list-clusters --query 'clusterArns[*]' --output json 2>/dev/null) | ||
| while IFS= read -r cluster_arn; do | ||
| cluster_name=$(echo "$cluster_arn" | rev | cut -d'/' -f1 | rev) | ||
| services=$(aws ecs list-services --cluster "$cluster_name" --query 'serviceArns[*]' --output json 2>/dev/null) | ||
|
|
||
| while IFS= read -r service_arn; do | ||
| service_name=$(echo "$service_arn" | rev | cut -d'/' -f1 | rev) | ||
| service_info=$(aws ecs describe-services --cluster "$cluster_name" --services "$service_name" \ | ||
| --query 'services[0].{desired:desiredCount,running:runningCount,taskDef:taskDefinition}' --output json 2>/dev/null) | ||
| task_def=$(echo "$service_info" | jq -r '.taskDef') | ||
| desired=$(echo "$service_info" | jq -r '.desired') | ||
| running=$(echo "$service_info" | jq -r '.running') | ||
| task_spec=$(aws ecs describe-task-definition --task-definition "$task_def" \ | ||
| --query 'taskDefinition.{cpu:cpu,memory:memory,containers:containerDefinitions[*].name}' --output json 2>/dev/null) |
| echo -e "${BOLD}${CYAN} WAF WEB ACLs${NC}" | ||
| echo -e "${DIM} ─────────────────────────────────────────────────────────────${NC}" | ||
|
|
||
| waf_list=$(aws wafv2 list-web-acls --scope REGIONAL --output json 2>/dev/null) |
Comment on lines
+14
to
+15
| source "$SCRIPT_DIR/_aws-common.sh" | ||
|
|
Comment on lines
+459
to
+463
| function handleApiTunnelStart(): void | ||
| { | ||
| $existing = readTunnelState(); | ||
| if ($existing !== null && ($existing['provider'] ?? '') === 'cloudflare' && isset($existing['url'])) { | ||
| jsonResponse(tunnelStatusPayload($existing)); |
There was a problem hiding this comment.
Pull request overview
This PR releases v1.4.0 with major dashboard enhancements: a provider-agnostic tunnel management UI/API and an AWS operations console (costs, rightsizing, security scan, and an AWS CLI/Terraform runner). It also introduces a shared AWS shell helper for consistent .env loading and auth handling, plus several UI/UX refinements and a dev cleanup trap for Cloudflare tunnels.
Changes:
- Add tunnel management page (Cloudflare quick tunnels + manual URLs) with new dashboard API endpoints and dev-process cleanup.
- Add AWS reports backend + UI, along with new AWS analysis scripts and a refactored AWS CLI wrapper using shared auth/env helpers.
- Refresh dashboard UI patterns (badges/alerts/collapsibles/focus-visible) and update changelog +
.env.example.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
lib/aws/_aws-common.sh |
New shared AWS .env loader + auth-mode selection used by AWS scripts/wrapper. |
lib/aws/aws-cli.sh |
Refactors wrapper to use shared auth/env logic; supports AWS CLI + Terraform. |
lib/aws/aws-costs.sh |
New Cost Explorer summary + lightweight inventory report. |
lib/aws/aws-rightsizing.sh |
New CloudWatch-based rightsizing advisor across common AWS resources. |
lib/aws/aws-security.sh |
New read-only security posture scan across WAF/SG/IAM/S3/RDS/EBS/Secrets/CloudTrail. |
dashboard/tunnel.php |
Adds tunnel UI fragments (CSS/HTML/JS) for dashboard tunnel management. |
dashboard/index.php |
Adds tunnel and AWS routes/endpoints; improves JSON encoding robustness. |
dashboard/frontend.php |
Integrates tunnel UI, adds shared UI patterns, and updates styling/behaviors. |
dashboard/aws.php |
Adds AWS reports router + API runner and command parsing utilities. |
dashboard/start-dev.sh |
Adds exit trap to clean up orphaned Cloudflare tunnel processes. |
CHANGELOG.md |
Documents v1.4.0 features and UI changes. |
.env.example |
Adds AWS credential placeholders for easier setup. |
Comment on lines
+1
to
+23
| #!/usr/bin/env bash | ||
| # Shared helpers for AWS scripts. Source this file; do not execute it directly. | ||
|
|
||
| if [[ -n "${_AWS_COMMON_LOADED:-}" ]]; then | ||
| return 0 2>/dev/null || exit 0 | ||
| fi | ||
| _AWS_COMMON_LOADED=1 | ||
|
|
||
| RED='\033[0;31m' | ||
| GREEN='\033[0;32m' | ||
| YELLOW='\033[1;33m' | ||
| BLUE='\033[0;34m' | ||
| CYAN='\033[0;36m' | ||
| BOLD='\033[1m' | ||
| DIM='\033[2m' | ||
| NC='\033[0m' | ||
|
|
||
| AWS_COMMON_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" | ||
| PROJECT_ROOT="$( | ||
| git -C "$AWS_COMMON_DIR" rev-parse --show-toplevel 2>/dev/null \ | ||
| || (cd "$AWS_COMMON_DIR/../.." && pwd) | ||
| )" | ||
| ENV_FILE="$PROJECT_ROOT/.env" |
Comment on lines
+73
to
+82
| if [[ -n "${AWS_ACCESS_KEY_ID:-}" && -n "${AWS_SECRET_ACCESS_KEY:-}" ]]; then | ||
| export AWS_ACCESS_KEY_ID | ||
| export AWS_SECRET_ACCESS_KEY | ||
| export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-$AWS_REGION}" | ||
|
|
||
| if [[ "$_env_file_has_aws_session_token" == true ]]; then | ||
| export AWS_SESSION_TOKEN | ||
| else | ||
| unset AWS_SESSION_TOKEN 2>/dev/null || true | ||
| fi |
Comment on lines
+82
to
+92
| waf_list=$(aws wafv2 list-web-acls --scope REGIONAL --output json 2>/dev/null) | ||
| waf_count=$(echo "$waf_list" | jq '.WebACLs | length') | ||
|
|
||
| if [[ "$waf_count" -eq 0 ]]; then | ||
| echo "" | ||
| verdict "alert" "No WAF configured — web applications have no WAF protection" | ||
| add_finding "alert" "WAF" "WAF" "No WAF configured" | ||
| else | ||
| while IFS='|' read -r waf_name waf_arn waf_id; do | ||
| echo "" | ||
| echo -e " ${BOLD}$waf_name${NC}" |
There was a problem hiding this comment.
Pull request overview
This PR ships the v1.4.0 dashboard release, adding a new tunnel management surface and a full AWS reports console (backend + UI), plus shared UI components and AWS script/auth refactors to support these workflows.
Changes:
- Add provider-agnostic tunnel management UI + API (Cloudflare quick tunnel, manual URL storage, testing, logs, uptime, cleanup).
- Add AWS reports dashboard and report runner API (costs, rightsizing, security, and an AWS CLI/Terraform wrapper).
- Refactor/extend AWS shell scripts with shared env/auth loading, and update shared dashboard UI styling/patterns.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
dashboard/index.php |
Adds AWS and tunnel routing + new tunnel API endpoints and state management. |
dashboard/frontend.php |
Adds shared UI patterns, links to AWS + Tunnel, and injects tunnel UI/JS into the main dashboard shell. |
dashboard/tunnel.php |
New tunnel page UI fragments (CSS/HTML/JS) for status, start/stop, manual URLs, tests, logs, uptime. |
dashboard/start-dev.sh |
Adds exit trap cleanup to stop orphaned Cloudflare tunnel processes. |
dashboard/aws.php |
Adds AWS reports backend: registry, /api/aws/run handler, process execution, output capture + summarization. |
dashboard/aws_ui.php |
New AWS reports UI (tabbed console with persisted state and formatted output views). |
lib/aws/_aws-common.sh |
New shared AWS env/auth loader and common helpers for AWS scripts. |
lib/aws/aws-cli.sh |
Refactors AWS CLI/Terraform wrapper to use shared auth/env loader and improved help/command dispatch. |
lib/aws/aws-costs.sh |
New Cost Explorer summary + inventory snapshot script. |
lib/aws/aws-rightsizing.sh |
New rightsizing advisor script using CloudWatch metrics across key services. |
lib/aws/aws-security.sh |
New read-only security posture scan script across common AWS services. |
.env.example |
Adds AWS credential placeholders for local configuration. |
CHANGELOG.md |
Documents v1.4.0 feature set and UI/UX changes. |
Comment on lines
+80
to
+85
| // Merge stderr into stdout via a single pipe to avoid the classic | ||
| // deadlock where one pipe buffer fills while we block on the other. | ||
| $descriptors = [ | ||
| 1 => ['pipe', 'w'], | ||
| 2 => ['pipe', 'w'], | ||
| ]; |
Comment on lines
+130
to
+132
| echo "To fix this, either:" | ||
| echo " 1. Put AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in .env" | ||
| echo " 2. Run: aws sso login --profile ${AWS_PROFILE_NAME}" |
Comment on lines
+1
to
+6
| #!/usr/bin/env bash | ||
| # Shared helpers for AWS scripts. Source this file; do not execute it directly. | ||
| # | ||
| # Scripts that source this file (aws-costs.sh, aws-rightsizing.sh, aws-security.sh) | ||
| # are NOT standalone templates. If copying them to another project, also copy this | ||
| # file and preserve the relative path, or inline the helpers you need. |
Comment on lines
+917
to
+924
| navigator.clipboard.writeText(command).then(() => { | ||
| const original = btn.textContent; | ||
| btn.textContent = 'Copied'; | ||
| btn.classList.add('copied'); | ||
| setTimeout(() => { | ||
| btn.textContent = original; | ||
| btn.classList.remove('copied'); | ||
| }, 1400); |
There was a problem hiding this comment.
Pull request overview
This PR releases v1.4.0 by adding two major dashboard surfaces—tunnel management and an AWS operations console—along with shared UI patterns and supporting shell tooling for AWS auth/environment loading.
Changes:
- Adds a provider-agnostic tunnel system (Cloudflare quick tunnel + manual URL + testing/logs) with new UI fragments and API endpoints.
- Introduces an AWS reports console (costs, rightsizing, security, CLI runner) backed by new AWS scripts and a PHP execution API.
- Refactors AWS shell tooling to centralize
.envloading and credential selection, and refreshes dashboard UI patterns/styles.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
lib/aws/_aws-common.sh |
Shared .env loader + AWS auth/profile selection helpers for AWS scripts. |
lib/aws/aws-cli.sh |
Wrapper for aws/terraform using the shared auth loader and improved help/arg handling. |
lib/aws/aws-costs.sh |
Cost Explorer summary + inventory snapshot with month-range parsing. |
lib/aws/aws-rightsizing.sh |
CloudWatch-based utilisation review for RDS/ECS/ALB/NAT/EC2/log groups. |
lib/aws/aws-security.sh |
Read-only security posture scan across common AWS services with findings summary. |
dashboard/tunnel.php |
New tunnel page UI fragments (CSS/HTML/JS) for status, logs, manual URLs, and testing. |
dashboard/index.php |
Adds tunnel + AWS routes/APIs and new tunnel process/state helpers. |
dashboard/frontend.php |
Integrates tunnel UI into the main dashboard and adds shared UI patterns/styles. |
dashboard/aws.php |
AWS reports backend: registry, argument building, process execution, output formatting. |
dashboard/aws_ui.php |
AWS reports tabbed UI and client-side state/persistence for report results. |
dashboard/start-dev.sh |
Adds exit trap cleanup to kill orphaned Cloudflare tunnel processes. |
CHANGELOG.md |
Documents v1.4.0 features and UI/tooling changes. |
.env.example |
Adds AWS credential placeholders for local configuration. |
Comment on lines
+202
to
+205
| open_sgs=$(aws ec2 describe-security-groups \ | ||
| --filters "Name=ip-permission.cidr,Values=0.0.0.0/0" \ | ||
| --query 'SecurityGroups[*].{id:GroupId,name:GroupName,desc:Description,perms:IpPermissions}' \ | ||
| --output json 2>/dev/null || echo '[]') |
Comment on lines
+152
to
+155
| if [[ "$pct" -gt "$CPU_HIGH" ]]; then color="$RED" | ||
| elif [[ "$pct" -gt "$CPU_LOW" ]]; then color="$YELLOW" | ||
| fi | ||
|
|
Comment on lines
+236
to
+238
| } elseif ($uri === '/api/aws/run' && $method === 'POST') { | ||
| handleAwsDashboardRequest($method); | ||
| } elseif ($uri === '/api/tunnel-status' && $method === 'GET') { |
Comment on lines
+239
to
+244
| handleApiTunnelStatus(); | ||
| } elseif ($uri === '/api/tunnel-start' && $method === 'POST') { | ||
| handleApiTunnelStart(); | ||
| } elseif ($uri === '/api/tunnel-stop' && $method === 'POST') { | ||
| handleApiTunnelStop(); | ||
| } elseif ($uri === '/api/tunnel-configure' && $method === 'POST') { |
Comment on lines
+1005
to
+1011
| function updateUptimeDisplay() { | ||
| const el = document.getElementById('tpUptime'); | ||
| if (!el || !state.tunnel.active || !state.tunnel.started_at) { | ||
| if (el) el.textContent = ''; | ||
| return; | ||
| } | ||
| const started = new Date(state.tunnel.started_at.replace(' UTC', 'Z')); |
| exit 1 | ||
| require_cmd terraform "Install Terraform: https://developer.hashicorp.com/terraform/install" | ||
|
|
||
| if terraform_requires_aws_auth "${REST[@]}"; then |
| else | ||
| first=true | ||
| echo "$key_info" | jq -r '.AccessKeyMetadata[] | select(.Status == "Active") | "\(.AccessKeyId)|\(.CreateDate)"' | while IFS='|' read -r key_id created; do | ||
| created_epoch=$(date -d "$created" +%s 2>/dev/null || echo "0") |
Comment on lines
+80
to
+85
| // Capture stdout and stderr in separate pipes and read both concurrently | ||
| // to avoid the classic deadlock where one pipe buffer fills while we | ||
| // block on the other. | ||
| $descriptors = [ | ||
| 1 => ['pipe', 'w'], | ||
| 2 => ['pipe', 'w'], |
Comment on lines
+93
to
+99
|
|
||
| // Read both pipes concurrently to prevent buffer deadlocks. | ||
| $stdout = ''; | ||
| $stderr = ''; | ||
| if (is_resource($pipes[1] ?? null)) { | ||
| stream_set_blocking($pipes[1], false); | ||
| } |
…curity group output formatting
… variable declarations and section extraction
…tignore and SKILL.md for improved documentation
…patibility with jq and fallback methods
…patibility with jq and fallback methods
Comment on lines
+170
to
+197
| attempt_bats_auto_install() { | ||
| local installer_script="$REPO_ROOT/lib/tools/install-bats-core.sh" | ||
|
|
||
| if command -v bats &>/dev/null; then | ||
| return 0 | ||
| fi | ||
|
|
||
| BATS_AUTO_INSTALL_ATTEMPTED=true | ||
| echo -e " ${ARROW} Preparing bats-core${RESET} ${DIM}(not found; attempting auto-install)${RESET}" | ||
| echo "" | ||
|
|
||
| if [[ ! -x "$installer_script" ]]; then | ||
| BATS_AUTO_INSTALL_FAILED=true | ||
| warn "Installer not found or not executable: $installer_script" | ||
| echo "" | ||
| return 1 | ||
| fi | ||
|
|
||
| if "$installer_script"; then | ||
| echo "" | ||
| return 0 | ||
| fi | ||
|
|
||
| BATS_AUTO_INSTALL_FAILED=true | ||
| warn "Auto-install failed; falling back to skip" | ||
| echo "" | ||
| return 1 | ||
| } |
Comment on lines
+130
to
+136
| if is_write_command_for_path "$cmd" ".env"; then | ||
| BLOCK_REASON="direct writes to .env files are blocked" | ||
| return 1 | ||
| fi | ||
|
|
||
| if ! is_allowed_codegen_regeneration "$cmd" && is_write_command_for_path "$cmd" "docs/code-map.md"; then | ||
| BLOCK_REASON="docs/code-map.md must be regenerated via tooling" |
Comment on lines
+125
to
+128
| rate_rules=$(echo "$acl_detail" | jq '[.WebACL.Rules[] | select(.Statement.RateBasedStatement != null)] | length') | ||
|
|
||
| echo -e " ${DIM}Rules: $rule_count total ($managed_count managed, $custom_count custom${rate_rules:+, $rate_rules rate-based})${NC}" | ||
|
|
Comment on lines
+118
to
+124
| run_step "Root repo preflight" "$REPO_ROOT/preflight-checks.sh" | ||
| run_step "Extra shell syntax and shellcheck" check_additional_shell_files | ||
| run_step "Dashboard PHP lint" check_dashboard_php | ||
| run_step "Context validation" "$REPO_ROOT/scripts/context-validate.sh" | ||
| run_step "Dangerous-command policy self-test" "$REPO_ROOT/scripts/deny-dangerous.sh" --self-test | ||
| report_dependency_audit_scope | ||
| success "Codex workflow preflight passed" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces major new features and improvements to the dashboard, especially around tunnel management and AWS integration. It adds a provider-agnostic tunnel system with a modern UI, a comprehensive AWS reports backend and frontend, and shared UI patterns. It also refactors AWS CLI scripts for consistent authentication and environment loading, and improves process cleanup in development scripts.
Major feature additions:
dashboard/tunnel.php,dashboard/index.php,dashboard/start-dev.sh).dashboard/aws.php,dashboard/aws_ui.php,lib/aws/_aws-common.sh,lib/aws/aws-costs.sh,lib/aws/aws-rightsizing.sh,lib/aws/aws-security.sh). [1] [2]AWS CLI and authentication improvements:
lib/aws/aws-cli.shto source a new shared helper (_aws-common.sh) for consistent environment and credential loading, improved help output, and robust command handling for both AWS CLI and Terraform. [1] [2].env.exampleupdate: Adds AWS credential placeholders to.env.examplefor easier configuration.Development and process management:
dashboard/start-dev.shto ensure orphaned Cloudflare tunnel processes are killed on exit.Changelog and documentation: