feat: add collectors and rules

2025-12-27 00:59:13 +00:00
parent b654462586
commit d1980ec714
14 changed files with 493 additions and 32 deletions
--- a/20-collectors/collect_backup_restore_drill.sh
+++ b/20-collectors/collect_backup_restore_drill.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+OUT_DIR="${1:?usage: collect_backup_restore_drill.sh <out_dir>}"
+mkdir -p "$OUT_DIR"
+
+ROOT="../vm-skills"
+LATEST="$(find "$ROOT" -type f -name "*restore*drill*.json" 2>/dev/null | sort | tail -n 1 || true)"
+
+file_mtime_epoch() {
+  local file="$1"
+  if stat -c %Y "$file" >/dev/null 2>&1; then
+    stat -c %Y "$file"
+  else
+    stat -f %m "$file"
+  fi
+}
+
+file_mtime_iso() {
+  local file="$1"
+  local mtime
+  mtime="$(file_mtime_epoch "$file")"
+  if date -u -r "$file" "+%Y-%m-%dT%H:%M:%SZ" >/dev/null 2>&1; then
+    date -u -r "$file" "+%Y-%m-%dT%H:%M:%SZ"
+  elif date -u -d "@${mtime}" "+%Y-%m-%dT%H:%M:%SZ" >/dev/null 2>&1; then
+    date -u -d "@${mtime}" "+%Y-%m-%dT%H:%M:%SZ"
+  else
+    date -u "+%Y-%m-%dT%H:%M:%SZ"
+  fi
+}
+
+if [[ -n "$LATEST" && -f "$LATEST" ]]; then
+  TS="$(file_mtime_iso "$LATEST")"
+  cat > "$OUT_DIR/backup_restore_drill.json" <<JSON
+{"collected": true, "path": "$LATEST", "observed_at": "$TS"}
+JSON
+else
+  cat > "$OUT_DIR/backup_restore_drill.json" <<'JSON'
+{"collected": false, "reason": "no restore drill artifacts found"}
+JSON
+fi
--- a/20-collectors/collect_constitution_hash.sh
+++ b/20-collectors/collect_constitution_hash.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+OUT_DIR="${1:?usage: collect_constitution_hash.sh <out_dir>}"
+mkdir -p "$OUT_DIR"
+
+LOCK_PATH="../vm-mcp/governance/constitution.lock"
+
+hash_file() {
+  local file="$1"
+  if command -v sha256sum >/dev/null 2>&1; then
+    sha256sum "$file" | awk '{print $1}'
+  else
+    shasum -a 256 "$file" | awk '{print $1}'
+  fi
+}
+
+if [[ -f "$LOCK_PATH" ]]; then
+  HASH="$(hash_file "$LOCK_PATH")"
+  cat > "$OUT_DIR/constitution_hash.json" <<JSON
+{"collected": true, "path": "$LOCK_PATH", "sha256": "$HASH"}
+JSON
+else
+  cat > "$OUT_DIR/constitution_hash.json" <<'JSON'
+{"collected": false, "reason": "constitution.lock not found at expected path"}
+JSON
+fi
--- a/20-collectors/collect_ledger_verify.sh
+++ b/20-collectors/collect_ledger_verify.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+OUT_DIR="${1:?usage: collect_ledger_verify.sh <out_dir>}"
+mkdir -p "$OUT_DIR"
+
+if command -v ledger >/dev/null 2>&1; then
+  ledger verify --format json > "$OUT_DIR/ledger_verify.json"
+elif command -v ledger-cli >/dev/null 2>&1; then
+  ledger-cli verify --format json > "$OUT_DIR/ledger_verify.json"
+else
+  cat > "$OUT_DIR/ledger_verify.json" <<'JSON'
+{"collected": false, "reason": "ledger CLI not found"}
+JSON
+fi