Skip to content

Commit f31ae56

Browse files
Dobbyclaude
Dobby
and
claude
committed
feat: rename VM Extensions → Cloud provider access; unify test output alignment
- Step [5/5]: 'VM Extensions' → 'Cloud provider access' (more user-friendly; keeps waagent/config diagnostics for debuggability) - All 5 steps: values align to column 16; long labels place value on next indented line - Version bump to v1.5.7 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 7cc6073 commit f31ae56

1 file changed

Lines changed: 21 additions & 16 deletions

File tree

privateclaw

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ set -e
55
# TEE verification and management for PrivateClaw CVMs.
66
# https://github.com/lunal-dev/privateclaw-cli (repo name unchanged)
77

8-
VERSION="v1.5.6"
8+
VERSION="v1.5.7"
99

1010
ATTEST_DIR="/etc/privateclaw"
1111
EVIDENCE_FILE="$ATTEST_DIR/evidence.json"
@@ -107,7 +107,7 @@ EOFEVIDENCE
107107
# 2. TPM Attestation — HCL report from vTPM NV index
108108
# 3. Host Key Binding — SSH host key hash matches boot-time record
109109
# 4. Inference Provider — endpoint reachable + attestation header
110-
# 5. Access Lockout — SSH keys + firewall + VM extensions
110+
# 5. Access Lockout — SSH keys + firewall + cloud provider access
111111
# ---------------------------------------------------------------------------
112112
cmd_verify() {
113113
# Parse flags: --verbose / -v shows the full diagnostic info (cert chains,
@@ -379,7 +379,7 @@ cmd_verify() {
379379
OC_CONFIG="$ADMIN_HOME/.openclaw/openclaw.json"
380380
if [ ! -f "$OC_CONFIG" ]; then
381381
[ "$VERBOSE" = "true" ] && echo " Config: not found at $OC_CONFIG"
382-
echo " Status: FAIL"
382+
echo " Status: FAIL"
383383
FAIL_COUNT=$((FAIL_COUNT + 1))
384384
echo ""
385385
else
@@ -632,7 +632,7 @@ PYEOF
632632
# headers. Treat as FAIL with no sub-checks.
633633
if [ -z "$UPSTREAM_LABEL" ] && [ -z "$GATEWAY_DETAIL" ] && [ -z "$INF_HEADERS" ]; then
634634
[ "$VERBOSE" = "true" ] && echo " Connection: could not reach inference endpoint"
635-
echo " Status: FAIL"
635+
echo " Status: FAIL"
636636
FAIL_COUNT=$((FAIL_COUNT + 1))
637637
echo ""
638638
else
@@ -644,28 +644,27 @@ PYEOF
644644
UPSTREAM_LABEL="Confidential AI:"
645645
UPSTREAM_DETAIL="Verification failed"
646646
fi
647-
# Label on its own line; value indented to column 15 on the next line.
647+
# Label on its own line; value indented to column 18 on the next line.
648648
# This keeps long upstream labels (e.g. "Redpill (failover):") and long
649649
# detail strings from colliding, and stays readable in narrow terminals.
650+
# The 17-space indent matches the "Status:" value column used elsewhere.
650651
printf " %s\n" "$UPSTREAM_LABEL"
651-
printf " %s\n" "$UPSTREAM_DETAIL"
652+
printf " %s\n" "$UPSTREAM_DETAIL"
652653
printf " %s\n" "PrivateClaw Gateway:"
653-
printf " %s\n" "$GATEWAY_DETAIL"
654+
printf " %s\n" "$GATEWAY_DETAIL"
654655

655656
# --- Roll up Status ---
656-
# Status stays on a single line (matches other steps), but uses a
657-
# narrower label width than the other checks so the sub-check values
658-
# above (indented to col 15) line up visually with the Status value.
657+
# Status stays on a single line (matches other steps); value at col 18.
659658
if [ "$UPSTREAM_OK" = "true" ] && [ "$GATEWAY_OK" = "true" ]; then
660659
if [ "$FAILOVER_ACTIVE" = "true" ]; then
661-
echo " Status: WARN (Redpill failover active)"
660+
echo " Status: WARN (Redpill failover active)"
662661
FAIL_COUNT=$((FAIL_COUNT + 1))
663662
else
664-
echo " Status: PASS"
663+
echo " Status: PASS"
665664
PASS_COUNT=$((PASS_COUNT + 1))
666665
fi
667666
else
668-
echo " Status: FAIL"
667+
echo " Status: FAIL"
669668
FAIL_COUNT=$((FAIL_COUNT + 1))
670669
fi
671670
echo ""
@@ -702,11 +701,17 @@ PYEOF
702701

703702
# PASS requires BOTH: waagent inactive AND config disables extensions.
704703
# Anything else is FAIL — no WARN state.
704+
# Label "Cloud provider access:" is too long to fit on a single line with
705+
# padding to col 18, so print label and value on separate lines (same
706+
# treatment as step [4/5]). Keep the "(waagent ..., config=...)" diagnostic
707+
# suffix visible so users can google these exact terms.
705708
if [ "$WAAGENT_STATUS" = "inactive" ] && [ "$EXTENSIONS_CONF" = "n" ]; then
706-
echo " VM Extensions: disabled (waagent $WAAGENT_STATUS, config=$EXTENSIONS_CONF)"
709+
echo " Cloud provider access:"
710+
echo " disabled (waagent $WAAGENT_STATUS, config=$EXTENSIONS_CONF)"
707711
EXTENSIONS_DISABLED="true"
708712
else
709-
echo " VM Extensions: FAIL — not fully locked out (waagent=$WAAGENT_STATUS, config=$EXTENSIONS_CONF)"
713+
echo " Cloud provider access:"
714+
echo " FAIL — not fully locked out (waagent=$WAAGENT_STATUS, config=$EXTENSIONS_CONF)"
710715
EXTENSIONS_DISABLED="false"
711716
fi
712717

@@ -715,7 +720,7 @@ PYEOF
715720
echo " Status: PASS"
716721
PASS_COUNT=$((PASS_COUNT + 1))
717722
elif [ "$KEY_COUNT" -le 1 ] && [ "$EXTENSIONS_DISABLED" = "false" ]; then
718-
echo " Status: FAIL (VM extensions not disabled)"
723+
echo " Status: FAIL (Cloud provider access not blocked)"
719724
FAIL_COUNT=$((FAIL_COUNT + 1))
720725
else
721726
echo " Status: FAIL ($KEY_COUNT SSH keys — expected 1)"

0 commit comments

Comments
 (0)