wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
4111ea4f9ff0bb1ad3a05b0cd7e24bc23c6bcb92
awoooi/scripts/setup-guardrails.sh
Your Name 4111ea4f9f
All checks were successful
Code Review / ai-code-review (push) Successful in 12s
Details
CD Pipeline / tests (push) Successful in 1m13s
Details
CD Pipeline / build-and-deploy (push) Successful in 3m36s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m20s
Details
fix(ai): remove 188 ollama provider
2026-05-06 14:34:48 +08:00

139 lines
4.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# =============================================================================
# AWOOOI Guardrails Setup Script
# =============================================================================
# Phase 5: 全自動防禦網安裝腳本
#
# Usage: ./scripts/setup-guardrails.sh
#
# This script:
# 1. Installs pre-commit if not present
# 2. Installs Git hooks
# 3. Creates secrets baseline
# 4. Verifies Ollama connection
# =============================================================================
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
echo ""
echo "============================================================"
echo "🛡️ AWOOOI Guardrails Setup"
echo "============================================================"
echo ""
cd "$PROJECT_ROOT"
# -----------------------------------------------------------------------------
# Step 1: Check Python
# -----------------------------------------------------------------------------
echo "📦 Step 1: Checking Python environment..."
if ! command -v python3 &> /dev/null; then
echo "❌ Python 3 not found. Please install Python 3.11+"
exit 1
fi
PYTHON_VERSION=$(python3 --version | cut -d' ' -f2)
echo " Python version: $PYTHON_VERSION"
# -----------------------------------------------------------------------------
# Step 2: Install pre-commit
# -----------------------------------------------------------------------------
echo ""
echo "📦 Step 2: Installing pre-commit..."
if command -v pre-commit &> /dev/null; then
echo " pre-commit already installed: $(pre-commit --version)"
else
pip3 install pre-commit
echo " pre-commit installed: $(pre-commit --version)"
fi
# -----------------------------------------------------------------------------
# Step 3: Install httpx for AI reviewer
# -----------------------------------------------------------------------------
echo ""
echo "📦 Step 3: Installing httpx (for AI reviewer)..."
pip3 install httpx --quiet
echo " httpx installed"
# -----------------------------------------------------------------------------
# Step 4: Install Git hooks
# -----------------------------------------------------------------------------
echo ""
echo "🔗 Step 4: Installing Git hooks..."
pre-commit install
pre-commit install --hook-type commit-msg
echo " Git hooks installed"
# -----------------------------------------------------------------------------
# Step 5: Create secrets baseline
# -----------------------------------------------------------------------------
echo ""
echo "🔒 Step 5: Creating secrets baseline..."
if [ ! -f ".secrets.baseline" ]; then
pip3 install detect-secrets --quiet
detect-secrets scan > .secrets.baseline
echo " .secrets.baseline created"
else
echo " .secrets.baseline already exists"
fi
# -----------------------------------------------------------------------------
# Step 6: Verify Ollama connection
# -----------------------------------------------------------------------------
echo ""
echo "🤖 Step 6: Verifying Ollama connection..."
OLLAMA_URL="${OLLAMA_URL:-http://192.168.0.111:11434/api/tags}"
if curl -s --connect-timeout 5 "$OLLAMA_URL" > /dev/null 2>&1; then
echo " ✅ Ollama reachable at ${OLLAMA_URL}"
# Check if llama3.2:8b is available
MODELS=$(curl -s "$OLLAMA_URL" | grep -o '"name":"[^"]*"' || echo "")
if echo "$MODELS" | grep -q "llama3.2:8b"; then
echo " ✅ Model llama3.2:8b available"
else
echo " ⚠️ Model llama3.2:8b not found. AI review will fail-open."
fi
else
echo " ⚠️ Cannot reach Ollama. AI review will fail-open."
echo " (This is OK - AI review is optional)"
fi
# -----------------------------------------------------------------------------
# Step 7: Summary
# -----------------------------------------------------------------------------
echo ""
echo "============================================================"
echo "✅ Guardrails Setup Complete!"
echo "============================================================"
echo ""
echo "Installed components:"
echo " 📌 Ruff (Python linting) - Configured in pyproject.toml"
echo " 📌 ESLint (TypeScript) - Configured in packages/eslint-config"
echo " 📌 pre-commit hooks - .pre-commit-config.yaml"
echo " 📌 AI Code Reviewer - scripts/ai_code_reviewer.py"
echo " 📌 Secrets detection - .secrets.baseline"
echo ""
echo "How it works:"
echo " 1. On 'git commit', pre-commit runs automatically"
echo " 2. Ruff checks Python code style"
echo " 3. ESLint checks TypeScript code style"
echo " 4. detect-secrets scans for leaked credentials"
echo " 5. AI reviewer (Ollama) checks for architecture violations"
echo ""
echo "Commands:"
echo " pre-commit run --all-files # Run all checks manually"
echo " pre-commit autoupdate # Update hook versions"
echo " pre-commit uninstall # Remove hooks"
echo ""
Reference in New Issue View Git Blame Copy Permalink