sjat
568729e7bd
- broken-path-ref: skip template/generated-report paths — a placeholder (<service>) immediately following the match, a YYYY-MM-DD date token, or a path under a generated-report reviews/ dir (14 -> 0 on the current tree). - marker: skip numbered-backlog references (TODO 8.2, TODO-3.1, TODO (2.2, TODO item 16) which point at the backlog, not code markers (35 -> 2; the remaining two are literal "TODO:" strings in a plan doc). Real code markers (TODO:, FIXME, etc.) still caught — verified with a synthetic fixture. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| capacity-scan.py | ||
| check-vault-encrypted.sh | ||
| README.md | ||
| repo-scan.py | ||
| tf_to_inventory.py | ||
| vault-pass-client.sh | ||
scripts/
Small helper scripts. Python standard library only — no third-party dependencies (keeps them runnable anywhere without a venv).
tf_to_inventory.py— readsterraform output -jsonon stdin and writes an Ansiblehosts.yml. Invoked bymake tf-inventory. Data contract: ADR-009.vault-pass-client.sh— fetches the master vault password from Vaultwarden viarbw. Wired asvault_password_file(ADR-002).check-vault-encrypted.sh— pre-commit guard: fails if avault.ymlholds plaintext secrets.repo-scan.py— Phase-0 deterministic scan for/review-repo(markers, broken refs, unencrypted vaults, inventory).capacity-scan.py— deterministic capacity facts for/capacity-review: parses the machine-readable tables indocs/hardware/reference.md, computes per-node allocated-vs-physical rollups, and cross-checks workload hostnames against Terraform output / Ansible inventory for drift. Emits JSON. See ADR-012.