fix(review): address anti-gravity review feedback for Issue #11

- Change AuditEvent fields to *string to fix nullable scan bug
- Add --prune flag to nexus-cli to prevent accidental deletions
- Remove dead code and add TrimSpace in IP extraction logic
- Add GitHub Actions CI/CD workflow for nexus-cli plan/apply
- Verified STATE_KEY fatal-exit guard is present in both broker and gateway

Author: sangalo20

.github/workflows/nexus-cli.yml

@@ -0,0 +1,47 @@
+name: Nexus CLI Provider Reconciliation
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'nexus-cli/nexus-providers.yaml'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'nexus-cli/nexus-providers.yaml'
+
+jobs:
+  plan-or-apply:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./nexus-cli
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.21'
+          cache-dependency-path: ./nexus-cli/go.sum
+
+      - name: Build CLI
+        run: go build -o nexus-cli
+
+      - name: Plan (Pull Request)
+        if: github.event_name == 'pull_request'
+        env:
+          BROKER_BASE_URL: ${{ secrets.BROKER_BASE_URL }}
+          API_KEY: ${{ secrets.BROKER_API_KEY }}
+        run: ./nexus-cli plan
+
+      - name: Apply (Push to Main)
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        env:
+          BROKER_BASE_URL: ${{ secrets.BROKER_BASE_URL }}
+          API_KEY: ${{ secrets.BROKER_API_KEY }}
+        run: ./nexus-cli apply --prune <<< "yes"

nexus-broker/internal/audit/service.go

@@ -25,10 +25,7 @@ func (s *Service) Log(eventType string, connectionID *uuid.UUID, data map[string
 	if r != nil {
 		// Extract IP
 		if fwd := r.Header.Get("X-Forwarded-For"); fwd != "" {
-			ip := strings.Split(fwd, ",")[0]
-			if comma := strings.IndexByte(ip, ','); comma != -1 {
-				ip = strings.TrimSpace(ip[:comma])
-			}
+			ip := strings.TrimSpace(strings.Split(fwd, ",")[0])
 			ipVal = &ip
 		} else {
 			host, _, err := net.SplitHostPort(r.RemoteAddr)

nexus-broker/pkg/storage/pg.go

@@ -72,9 +72,9 @@ type AuditEvent struct {
 	ID           uuid.UUID  `db:"id" json:"id"`
 	ConnectionID *uuid.UUID `db:"connection_id" json:"connection_id,omitempty"`
 	EventType    string     `db:"event_type" json:"event_type"`
-	EventData    string     `db:"event_data" json:"event_data,omitempty"`
-	IPAddress    string     `db:"ip_address" json:"ip_address,omitempty"`
-	UserAgent    string     `db:"user_agent" json:"user_agent,omitempty"`
+	EventData    *string    `db:"event_data" json:"event_data,omitempty"`
+	IPAddress    *string    `db:"ip_address" json:"ip_address,omitempty"`
+	UserAgent    *string    `db:"user_agent" json:"user_agent,omitempty"`
 	CreatedAt    time.Time  `db:"created_at" json:"created_at"`
 }
 

nexus-cli/main.go

@@ -59,6 +59,7 @@ func main() {
 func runCommand(isPlanOnly bool) {
 	cmdFlags := flag.NewFlagSet(os.Args[1], flag.ExitOnError)
 	fileFlag := cmdFlags.String("file", "nexus-providers.yaml", "Path to the providers manifest file")
+	pruneFlag := cmdFlags.Bool("prune", false, "Delete providers not in the manifest")
 
 	if err := cmdFlags.Parse(os.Args[2:]); err != nil {
 		log.Fatalf("Failed to parse flags: %v", err)
@@ -145,9 +146,13 @@ func runCommand(isPlanOnly bool) {
 
 	for name, id := range liveProviderMap {
 		if _, exists := manifestProviderMap[name]; !exists {
-			toDelete = append(toDelete, id)
-			toDeleteNames = append(toDeleteNames, name)
-			fmt.Printf("- DELETE : %s\n", name)
+			if *pruneFlag {
+				toDelete = append(toDelete, id)
+				toDeleteNames = append(toDeleteNames, name)
+				fmt.Printf("- DELETE : %s\n", name)
+			} else {
+				fmt.Printf("! ORPHAN : %s (would be deleted if --prune was passed)\n", name)
+			}
 		}
 	}