chore(install-remote): port logrotate, hook union-merge, Cellar layout from install#596
Merged
bakeb7j0 merged 1 commit intokahuna/581-wave-pattern-hardening-campaign-afrom May 5, 2026
Conversation
…t from install Resolves the kahuna→main trust-gate finding on Plan #581 PR #595: scripts/install-remote.sh (the curl | bash flow) was missing the three install-hardening features merged this campaign into install. This commit ports them so curl-bash users get the same on-disk shape. - #540 logrotate: --with-logrotate / --without-logrotate flags + Linux-gated install_logrotate_config + --check drift detection. - #556 hook union-merge: merge_settings() now union-merges matcher arrays for shared event keys, with --check reporting "missing matcher" drift. - #560 Cellar + symlink-farm: deploys to $CELLAR_DIR=~/.claude/scripts and farms top-level symlinks to ~/.local/bin/. Skill helpers namespaced under $CELLAR_DIR/skills/<skill_name>/<helper>. Portable find ... | sed 's|^\./||' pattern (no -printf — BSD/macOS). Closes #581 install-remote.sh parity.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves the kahuna→main trust-gate finding on Plan #581 PR #595:
scripts/install-remote.sh(the documentedcurl | bashflow) was missing the three install-hardening features merged this campaign intoinstall. This commit ports them so curl-bash users get the same on-disk shape.Three features ported
--with-logrotate/--without-logrotateflags + Linux-gatedinstall_logrotate_config+--checkdrift detection. Uses the same tri-state mode asinstall.merge_settings()now union-merges matcher arrays for shared event keys, with--checkreporting"missing matcher"drift. The jq pipeline is byte-equivalent toinstall's.$CELLAR_DIR=~/.claude/scripts/and farms top-level symlinks to~/.local/bin/. Skill helpers namespaced under$CELLAR_DIR/skills/<skill_name>/<helper>. Portablefind ... | sed 's|^\./||'pattern (no-printf— BSD/macOS).Reviewer pass — initial findings, addressed in rework
Initial review surfaced 2 findings, both fixed via amended commit:
--checksettings-drift stub (was just:with misleading comments). Replaced with explicit note pointing users to./install --checkfrom a checkout for full settings drift detection.Re-review post-rework: both findings addressed, no new issues introduced.
Verification
./scripts/ci/validate.sh: 126 passed, 0 failedshellcheck scripts/install-remote.sh: cleanpytest tests/test_install_remote_hardening.py -v: 10/10 passed-printffrominstall:690was replaced in this port (in install-remote.sh) with a portablewhile+-ntloop andstat -c '%y' || stat -f '%Sm'fallback — actually better than reference for macOS.Trust-gate context
Per WAVE_AXIOMS Axiom 5 (continuing cheaper than stopping), the gate-blocked PR #595 was kept open while this commit lands on kahuna. Once merged into kahuna, PR #595 will auto-update with this commit included; trust-gate code-reviewer signal should re-evaluate CLEAN.
🤖 Generated with Claude Code