Skip to content

Claude/convert to go worker 011 c ut ae x wm x5hpiu u qwy aqo #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CodeMonkeyCybersecurity merged 3 commits into from
Nov 8, 2025
+3,322 −2
Merged

Claude/convert to go worker 011 c ut ae x wm x5hpiu u qwy aqo #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
27421da
feat(moni): convert Python setup script to Go worker with --init flag
claude Nov 7, 2025
57d5f93
fix(moni): address P0/P1 security and reliability issues from adversa…
claude Nov 7, 2025
3ab26b0
fix(moni): address P0/P1 issues from second adversarial analysis
claude Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
141 changes: 139 additions & 2 deletions cmd/update/moni.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/CodeMonkeyCybersecurity/eos/pkg/bionicgpt/refresh"
eos "github.com/CodeMonkeyCybersecurity/eos/pkg/eos_cli"
"github.com/CodeMonkeyCybersecurity/eos/pkg/eos_io"
"github.com/CodeMonkeyCybersecurity/eos/pkg/moni"
"github.com/spf13/cobra"
"github.com/uptrace/opentelemetry-go-extra/otelzap"
"go.uber.org/zap"
Expand All @@ -28,6 +29,22 @@ var (
moniPostInstall bool
moniRotateAPIKeys bool
moniInstallDir string

// Moni init (worker) flags
moniInit bool
moniSkipSSL bool
moniSkipDatabase bool
moniSkipSecurity bool
moniSkipVerification bool
moniValidateCerts bool
moniFixCerts bool
moniVerifyDB bool
moniVerifyRLS bool
moniVerifyCSP bool
moniVerifySecurity bool
moniCleanupBackups bool
moniWorkDir string
moniForce bool
)

// MoniCmd is the command for Moni (BionicGPT) operations
Expand Down Expand Up @@ -112,6 +129,44 @@ Examples:
MoniCmd.Flags().StringVar(&moniInstallDir, "install-dir", "/opt/bionicgpt",
"Path to Moni installation directory")

// Moni init (worker) flags - full initialization
MoniCmd.Flags().BoolVar(&moniInit, "init", false,
"Run full Moni initialization (SSL, database, security)")

// Phase control flags
MoniCmd.Flags().BoolVar(&moniSkipSSL, "skip-ssl", false,
"Skip SSL certificate generation")
MoniCmd.Flags().BoolVar(&moniSkipDatabase, "skip-database", false,
"Skip database configuration")
MoniCmd.Flags().BoolVar(&moniSkipSecurity, "skip-security", false,
"Skip security hardening")
MoniCmd.Flags().BoolVar(&moniSkipVerification, "skip-verification", false,
"Skip security verification")

// Targeted action flags
MoniCmd.Flags().BoolVar(&moniValidateCerts, "validate-certs", false,
"Validate SSL certificate readability")
MoniCmd.Flags().BoolVar(&moniFixCerts, "fix-certs", false,
"Fix SSL certificate permissions")
MoniCmd.Flags().BoolVar(&moniVerifyDB, "verify-db", false,
"Verify database configuration")
MoniCmd.Flags().BoolVar(&moniVerifyRLS, "verify-rls", false,
"Verify Row Level Security (RLS)")
MoniCmd.Flags().BoolVar(&moniVerifyCSP, "verify-csp", false,
"Verify Content Security Policy (CSP)")
MoniCmd.Flags().BoolVar(&moniVerifySecurity, "verify-security", false,
"Run all security verifications (RLS + CSP)")
MoniCmd.Flags().BoolVar(&moniCleanupBackups, "cleanup-backups", false,
"Cleanup old .env backups")

// Work directory flag
MoniCmd.Flags().StringVar(&moniWorkDir, "work-dir", "/opt/moni",
"Working directory for Moni initialization (default: /opt/moni)")

// Force flag (skip confirmations for RLS breaking changes)
MoniCmd.Flags().BoolVar(&moniForce, "force", false,
"Skip confirmation prompts (use for automation/CI/CD)")

MoniCmd.AddCommand(refreshCmd)
}

Expand All @@ -120,17 +175,32 @@ Examples:
func runMoniOperations(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []string) error {
logger := otelzap.Ctx(rc.Ctx)

// Check which operation was requested
// Check which operation was requested (priority order)

// 1. Init/worker operations (new functionality)
if moniInit || moniValidateCerts || moniFixCerts || moniVerifyDB ||
moniVerifyRLS || moniVerifyCSP || moniVerifySecurity || moniCleanupBackups {
return runMoniInit(rc, cmd, args)
}

// 2. Post-install
if moniPostInstall {
return runMoniPostInstall(rc, cmd, args)
}

// 3. API key rotation
if moniRotateAPIKeys {
return runMoniRotateAPIKeys(rc, cmd, args)
}

// If no operation specified, show help
logger.Info("No operation specified. Use --post-install or --rotate-api-keys")
logger.Info("No operation specified")
logger.Info("Common operations:")
logger.Info(" --init # Full initialization (SSL, database, security)")
logger.Info(" --post-install # Post-installation configuration")
logger.Info(" --rotate-api-keys # Rotate API keys")
logger.Info(" --validate-certs # Validate SSL certificates")
logger.Info(" --verify-security # Security verification")
return cmd.Help()
}

Expand Down Expand Up @@ -224,3 +294,70 @@ func runMoniRefresh(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []string
logger.Info("Moni refresh completed successfully")
return nil
}

// runMoniInit handles the Moni initialization worker
// Orchestration layer: delegates to pkg/moni for business logic
func runMoniInit(rc *eos_io.RuntimeContext, cmd *cobra.Command, args []string) error {
logger := otelzap.Ctx(rc.Ctx)

// Build worker configuration
config := &moni.WorkerConfig{
SkipSSL: moniSkipSSL,
SkipDatabase: moniSkipDatabase,
SkipSecurity: moniSkipSecurity,
SkipVerification: moniSkipVerification,
ValidateCertsOnly: moniValidateCerts,
FixCertsOnly: moniFixCerts,
VerifyDBOnly: moniVerifyDB,
VerifyRLSOnly: moniVerifyRLS,
VerifyCSPOnly: moniVerifyCSP,
VerifySecurityOnly: moniVerifySecurity,
CleanupBackups: moniCleanupBackups,
WorkDir: moniWorkDir,
Force: moniForce,
}

// Log operation
if moniInit {
logger.Info("Starting Moni full initialization",
zap.String("work_dir", moniWorkDir))
} else if moniValidateCerts {
logger.Info("Validating SSL certificates")
} else if moniFixCerts {
logger.Info("Fixing SSL certificate permissions")
} else if moniVerifyDB {
logger.Info("Verifying database configuration")
} else if moniVerifyRLS {
logger.Info("Verifying Row Level Security")
} else if moniVerifyCSP {
logger.Info("Verifying Content Security Policy")
} else if moniVerifySecurity {
logger.Info("Running security verification")
} else if moniCleanupBackups {
logger.Info("Cleaning up old backups")
}

// Run worker
result, err := moni.RunWorker(rc, config)
if err != nil {
logger.Error("Moni worker failed", zap.Error(err))
return fmt.Errorf("moni worker failed: %w", err)
}

// Check result
if !result.Success {
logger.Error("Moni operation did not complete successfully")

if len(result.CriticalIssues) > 0 {
logger.Error("Critical issues detected:")
for _, issue := range result.CriticalIssues {
logger.Error(fmt.Sprintf(" • %s", issue))
}
}

return fmt.Errorf("moni operation failed")
}

logger.Info("Moni operation completed successfully")
return nil
}
Loading
Loading