dataforge/agents_and_robots
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
dd2fa05f87bb7bc1720d9ce62359eb22d67a4cd4
agents_and_robots/dev-scripts/agent/verify.sh
T
egutierrez 6858a5f13e refactor: reorganizar dev-scripts en subdirectorios server/ y agent/ 
Se separan los scripts de gestión en dos categorías claras:
- dev-scripts/server/ — operaciones del launcher (start, stop, restart, ps, logs, dashboard)
- dev-scripts/agent/ — operaciones de agentes (new, register, verify, avatar, remove, list)

Se añade create-full.sh como script unificado que ejecuta scaffold + build + register + verify.
Se incluyen READMEs en cada subdirectorio documentando los scripts disponibles.
Los scripts originales en la raíz de dev-scripts/ se eliminan.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 21:53:19 +00:00

168 lines
5.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# verify.sh — (re)verifica dispositivos E2EE de agentes Matrix
#
# Genera/sube cross-signing keys y firma el device de cada agente.
# Usa el MISMO crypto store que el agente para que las keys queden disponibles.
#
# Uso:
# ./dev-scripts/agent/verify.sh # verifica todos los habilitados con E2EE
# ./dev-scripts/agent/verify.sh assistant-bot # verifica uno específico
source "$(dirname "$0")/../_common.sh"
load_env
TARGET="${1:-}"
# ── YAML helpers (simple grep-based, no deps) ────────────────────────────
yaml_val() {
# Extract a simple YAML value: yaml_val file "key"
# Handles both quoted and unquoted values.
local file="$1" key="$2"
grep -m1 "^\s*${key}:" "$file" 2>/dev/null \
| sed 's/^[^:]*:\s*//' \
| tr -d '"' \
| tr -d "'" \
| xargs
}
# ── Verify a single agent ────────────────────────────────────────────────
verify_agent() {
local cfg="$1"
local agent_id; agent_id="$(yaml_val "$cfg" "id")"
local agent_dir; agent_dir="$(dirname "$cfg")"
# Check E2EE is enabled
local enc_enabled; enc_enabled="$(yaml_val "$cfg" "enabled")"
# The first "enabled" is agent.enabled; we need encryption.enabled specifically
enc_enabled="$(grep -A5 'encryption:' "$cfg" | grep -m1 'enabled:' | awk '{print $2}')"
if [[ "$enc_enabled" != "true" ]]; then
dim " $agent_id — E2EE deshabilitado, saltando"
return 0
fi
# Extract config values
local user_id; user_id="$(yaml_val "$cfg" "user_id")"
local username; username="$(echo "$user_id" | sed 's/@\([^:]*\):.*/\1/')"
local token_env; token_env="$(yaml_val "$cfg" "access_token_env")"
local pickle_env; pickle_env="$(yaml_val "$cfg" "pickle_key_env")"
local recovery_env; recovery_env="$(yaml_val "$cfg" "recovery_key_env")"
local store_path; store_path="$(grep -A5 'encryption:' "$cfg" | grep -m1 'store_path:' | sed 's/^[^:]*:\s*//' | tr -d '"' | xargs)"
local token="${!token_env:-}"
local pickle_key="${!pickle_env:-}"
# Find password — convention: MATRIX_PASSWORD_<NORMALIZED>
local norm; norm="$(echo "$username" | tr '-' '_' | tr '[:lower:]' '[:upper:]')"
local pass_env="MATRIX_PASSWORD_${norm}"
local password="${!pass_env:-}"
# Validate required values
if [[ -z "$token" ]]; then
fail " $agent_id$token_env no está en .env"
return 1
fi
if [[ -z "$password" ]]; then
warn " $agent_id$pass_env no está en .env, intentando sin password..."
fi
info "$agent_id — verificando device..."
dim " user: $username"
dim " store: $store_path"
dim " pickle_env: $pickle_env"
dim " token_env: $token_env"
# Stop agent if running (crypto store can't be shared)
local was_running=false
if is_running "$agent_id"; then
was_running=true
info " Deteniendo $agent_id antes de verificar..."
"$REPO_ROOT/dev-scripts/server/stop.sh" "$agent_id"
sleep 1
fi
# Build verify command
local verify_bin="$REPO_ROOT/bin/verify"
if [[ ! -x "$verify_bin" ]] || [[ "$(find ./cmd/verify -newer "$verify_bin" 2>/dev/null | head -1)" ]]; then
info " Compilando cmd/verify..."
mkdir -p "$(dirname "$verify_bin")"
"$GO" build -tags goolm -o "$verify_bin" ./cmd/verify || {
fail " No se pudo compilar cmd/verify"
return 1
}
fi
# Run verification
local verify_args=(
--homeserver "$MATRIX_HOMESERVER"
--username "$username"
--token "$token"
--store "$store_path"
)
if [[ -n "$password" ]]; then
verify_args+=(--password "$password")
fi
if [[ -n "$pickle_key" ]]; then
verify_args+=(--pickle-key "$pickle_key")
fi
local output
if output=$("$verify_bin" "${verify_args[@]}" 2>&1); then
ok "$agent_id — verificación exitosa"
# Extract recovery key from output if present
local new_rk
new_rk="$(echo "$output" | grep "^SSSS_RECOVERY_KEY_" | cut -d= -f2-)"
if [[ -n "$new_rk" && -n "$recovery_env" ]]; then
# Update .env with new recovery key (quoted — keys contain spaces)
local quoted_rk="\"${new_rk}\""
if grep -q "^${recovery_env}=" "$REPO_ROOT/.env"; then
sed -i "s|^${recovery_env}=.*|${recovery_env}=${quoted_rk}|" "$REPO_ROOT/.env"
ok " Recovery key actualizada en .env ($recovery_env)"
else
echo "${recovery_env}=${quoted_rk}" >> "$REPO_ROOT/.env"
ok " Recovery key añadida a .env ($recovery_env)"
fi
fi
else
warn "$agent_id — verify output:"
echo "$output"
# If it says keys already exist, that's usually fine
if echo "$output" | grep -q "signed with cross-signing key"; then
ok "$agent_id — device firmado con keys existentes"
else
warn "$agent_id — puede necesitar atención manual"
fi
fi
echo "$output" | sed 's/^/ /'
# Restart agent if it was running
if [[ "$was_running" == "true" ]]; then
info " Reiniciando $agent_id..."
"$REPO_ROOT/dev-scripts/server/start.sh" "$agent_id"
fi
echo
}
# ── Main ──────────────────────────────────────────────────────────────────
echo
info "Verificación E2EE de agentes Matrix"
echo
if [[ -n "$TARGET" ]]; then
cfg="$(config_path_for "$TARGET")"
[[ -n "$cfg" ]] || fail "Agente '$TARGET' no encontrado"
verify_agent "$cfg"
else
while IFS='|' read -r id version enabled desc cfg; do
[[ "$enabled" == "true" ]] || continue
verify_agent "$cfg"
done < <(list_agents_raw)
fi
ok "Verificación completada"
Reference in New Issue View Git Blame Copy Permalink