gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34fe2dc26a
secubox-openwrt/secubox-tools/README.md
CyberMind-FR 4caf3c14bd feat: add module generation validation and pre-push hooks 
Comprehensive validation tooling for SecuBox module generation and git workflow.

New Tools:
-----------

1. validate-module-generation.sh
   - Deep validation of single module during/after generation
   - Checks 9 categories: Makefile, RPCD, ACL, Menu, JS Views, UCI, Permissions, Security, Docs
   - Validates RPCD naming (luci.* prefix) vs JavaScript ubus objects
   - Validates menu paths vs actual view file locations
   - Cross-checks RPC methods between JavaScript and RPCD
   - Security scans for hardcoded credentials and dangerous commands
   - Exit codes: 0=pass, 1=critical errors

2. pre-push-validation.sh
   - Git pre-push hook that blocks push if critical errors found
   - Validates all modules before allowing remote push
   - Detects modified modules and runs comprehensive checks
   - Prevents deployment of broken modules
   - Can be bypassed with --no-verify (not recommended)

3. install-git-hooks.sh
   - One-command installation of git hooks
   - Creates symlink from .git/hooks/pre-push to pre-push-validation.sh
   - Enables automatic validation before every push

Documentation:
--------------

4. VALIDATION-GUIDE.md
   - Complete guide to validation workflow
   - Critical naming convention rules with examples
   - Module generation checklist (5 phases)
   - Common validation errors and fixes
   - Best practices and troubleshooting
   - CI/CD integration examples

Updated:
--------

5. secubox-tools/README.md
   - Added descriptions for new validation tools
   - Added recommended workflows for module generation and modification
   - Organized tools into categories (Validation, Maintenance)

Key Validation Rules Enforced:
-------------------------------

✓ RPCD script name MUST match ubus object name (exact match with luci. prefix)
  Example: object: 'luci.cdn-cache' → file: luci.cdn-cache

✓ Menu paths MUST match view file locations (prevent HTTP 404)
  Example: "path": "cdn-cache/overview" → view/cdn-cache/overview.js

✓ All ubus objects MUST use luci.* prefix
   'luci.cdn-cache'  'cdn-cache'

✓ ACL permissions MUST cover all RPCD methods

✓ JavaScript RPC method calls MUST exist in RPCD implementation

✓ RPCD scripts MUST be executable (chmod +x)

✓ All JSON files MUST have valid syntax

✓ Security: No hardcoded credentials or dangerous commands

Benefits:
---------

- Prevents RPC errors (-32000: Object not found)
- Prevents HTTP 404 errors (view files not found)
- Catches naming mismatches before deployment
- Ensures ACL permissions are complete
- Enforces consistent naming conventions
- Blocks broken modules from being pushed
- Provides detailed error messages with fix suggestions

Usage:
------

# Validate new/modified module:
./secubox-tools/validate-module-generation.sh luci-app-cdn-cache

# Install git hooks (one-time):
./secubox-tools/install-git-hooks.sh

# After installation, validation runs automatically:
git push  # Pre-push validation blocks if errors found

# Manual pre-push validation:
./secubox-tools/pre-push-validation.sh

See VALIDATION-GUIDE.md for complete documentation and workflows.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-24 10:06:20 +01:00

5.7 KiB
Raw Blame History

SecuBox Development Tools

This directory contains utilities for validating, debugging, and maintaining SecuBox modules.

Tools Overview

Validation Tools

validate-modules.sh

Fast validation of all modules in the repository.

Usage:

./secubox-tools/validate-modules.sh

Checks performed:

  1. RPCD script names vs ubus objects - Ensures RPCD script filenames match JavaScript ubus object declarations
  2. Menu paths vs view files - Verifies menu.d JSON paths correspond to actual view files
  3. View files have menu entries - Checks that all view files are referenced in menus
  4. RPCD script permissions - Ensures scripts are executable
  5. JSON syntax validation - Validates all menu.d and acl.d JSON files
  6. ubus naming convention - Verifies all ubus objects use the luci. prefix

Exit codes:

  • 0 - All checks passed (or only warnings)
  • 1 - Critical errors found

Example output:

✓ luci-app-cdn-cache: RPCD script 'luci.cdn-cache' matches ubus object 'luci.cdn-cache'
✓ luci-app-cdn-cache: Menu path 'cdn-cache/overview' → file exists
❌ ERROR: luci-app-example: RPCD script 'example' does not match ubus object 'luci.example'

validate-module-generation.sh

NEW! Comprehensive validation for a single module during/after generation.

Usage:

./secubox-tools/validate-module-generation.sh luci-app-cdn-cache

Checks performed:

  • Makefile completeness (all required fields)
  • RPCD script naming convention (luci.* prefix)
  • RPCD script structure and handlers
  • ACL permissions coverage
  • Menu path validation
  • JavaScript view validation
  • RPC method declarations vs RPCD implementations
  • Security scans (hardcoded credentials, dangerous commands)
  • Documentation presence

When to use:

  • After generating a new module
  • Before committing changes to a module
  • When debugging module integration issues

pre-push-validation.sh

NEW! Git pre-push hook that validates all modules before allowing push.

Usage:

# Automatic (via git hook):
git push  # validation runs automatically

# Manual:
./secubox-tools/pre-push-validation.sh

Checks performed:

  • All validation from validate-modules.sh
  • Git staged changes analysis
  • Modified module detection
  • Comprehensive security scans
  • Full module validation on modified modules

Exit codes:

  • 0 - Push allowed
  • 1 - Push blocked (critical errors found)

Installation:

./secubox-tools/install-git-hooks.sh

Maintenance Tools

secubox-repair.sh

Auto-repair tool that fixes common issues in Makefiles and RPCD scripts.

Usage:

./secubox-tools/secubox-repair.sh

secubox-debug.sh

Validates individual package structure and dependencies on OpenWrt device.

Usage:

./secubox-tools/secubox-debug.sh luci-app-<module-name>

install-git-hooks.sh

NEW! Installs git hooks for automatic validation.

Usage:

./secubox-tools/install-git-hooks.sh

This creates a symbolic link from .git/hooks/pre-push to pre-push-validation.sh.

Recommended Workflow

When Generating a New Module

  1. Generate module files (use Claude with module-prompts.md)

  2. Validate the module:

    ./secubox-tools/validate-module-generation.sh luci-app-<module-name>

  3. Fix all ERRORS (critical)

  4. Review and fix WARNINGS (recommended)

  5. Commit changes:

    git add luci-app-<module-name>
git commit -m "feat: implement <module-name> module"
git push  # Pre-push validation runs automatically

When Modifying Existing Modules

  1. Make your changes

  2. Run quick validation:

    ./secubox-tools/validate-modules.sh

  3. For complex changes, run full validation:

    ./secubox-tools/validate-module-generation.sh luci-app-<module-name>

  4. Commit and push (validation runs automatically)

Before Committing Changes

Always run at least one validation tool before committing:

  1. Run validation (CRITICAL):

    ./secubox-tools/validate-modules.sh

  2. Fix any errors reported

  3. Run shellcheck on RPCD scripts:

    shellcheck luci-app-*/root/usr/libexec/rpcd/*

  4. Commit changes

Common Fixes

Fix RPCD naming mismatch

If validation reports RPCD script name doesn't match ubus object:

# Rename the script to include luci. prefix
cd luci-app-example/root/usr/libexec/rpcd
mv example luci.example

Fix menu path mismatch

If validation reports menu path doesn't match view file:

# Option 1: Update menu.d JSON to match file location
# Edit: root/usr/share/luci/menu.d/luci-app-example.json
# Change: "path": "example/view" → "path": "example-dashboard/view"

# Option 2: Move view files to match menu path
mv htdocs/luci-static/resources/view/example-dashboard \
   htdocs/luci-static/resources/view/example

Fix non-executable RPCD script

chmod +x luci-app-example/root/usr/libexec/rpcd/luci.example

Integration with CI/CD

The validation script can be integrated into GitHub Actions workflows:

- name: Validate modules
  run: |
    chmod +x secubox-tools/validate-modules.sh
    ./secubox-tools/validate-modules.sh

Critical Naming Rules

These rules are MANDATORY - violations will cause runtime errors:

  1. RPCD scripts must be named luci.<module-name>

    • luci.cdn-cache
    • cdn-cache

  2. Menu paths must match view file locations

    • Menu: "path": "cdn-cache/overview"
    • File: view/cdn-cache/overview.js

  3. ubus objects must use luci. prefix

    • object: 'luci.cdn-cache'
    • object: 'cdn-cache'

See CLAUDE.md for complete documentation.