v0.2.0 fix(sim): escape $true in high_defender_tamper + add CI smoke test#23
Merged
Conversation
high_defender_tamper.sh crashed demo-fire.sh --populate with "line 31: true: unbound variable": the PowerShell literal $true sat inside an unquoted heredoc, so set -u treated it as an unset shell variable. Escaped to \$true so the payload carries the literal $true. All scenarios now build clean under set -u. Also adds CI for the public-facing simulator: - .github/workflows/simulator-ci.yml: sh -n + ShellCheck + smoke on push/PR; actions pinned to a full SHA, job runs contents:read only. - scripts/smoke.sh: hermetic signature-shape test (no ingestion server). - simulate.sh: BASH_SOURCE guard so sourcing (the smoke test) does not dispatch. Bump 0.1.0 -> 0.2.0 (also documents the demo-fire suite shipped in #21).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two genuinely-new deltas on top of current
main(the demo-fire scenario suite itself already landed in #21):Fixed
high_defender_tamper.shcrasheddemo-fire.sh --populatewithline 31: true: unbound variable. The PowerShell literal$truesat inside an unquoted heredoc, soset -utreated it as an unset shell variable and aborted the whole populate run. Escaped to\$trueso the payload carries the literal$true.mainstill has the bug; this fixes it. All scenarios now build clean underset -u.Added
.github/workflows/simulator-ci.yml) —sh -nsyntax check, ShellCheck (error severity), and a smoke test on every push/PR. Actions pinned to a full commit SHA; job runscontents: readonly.scripts/smoke.sh— hermetic signature-shape test (no ingestion server): builds a payload, signs it, asserts thesha256=<64-hex>HMAC-SHA256 wire shape.Changed
simulate.shonly dispatches when executed directly (aBASH_SOURCEguard) so the smoke test can source it to exercise the signer/payload builder without sending anything. (Surgical addition to the currentmainversion — no other simulate.sh changes.)The CHANGELOG
0.2.0entry also retroactively documents the demo-fire suite shipped in #21 (which landed without a changelog entry).Verification (the exact CI checks, run locally)
sh -nonsimulate.sh+ all scenarios +scripts/smoke.sh— cleanshellcheck --severity=error— cleanscripts/smoke.sh— PASS (valid JSON, 64-hex HMAC,sha256=header shape)Note
This replaces #22, which was built on a stale local
mainand would have reverted the #20 justfile fix and #19 em-dash purge. This branch is cut from currentorigin/mainand contains only the 5-file genuine delta.🤖 Generated with Claude Code