88 lines
2.8 KiB
Makefile
88 lines
2.8 KiB
Makefile
SHELL := /bin/bash
|
|
.ONESHELL:
|
|
.SHELLFLAGS := -euo pipefail -c
|
|
|
|
PYTHON ?= python3
|
|
REPO_ROOT := $(shell pwd)
|
|
|
|
INBOUND_CORE := infra/volumes/handoff/inbound-to-core
|
|
QUARANTINE := infra/volumes/handoff/quarantine
|
|
TOOLREQ_DIR := infra/volumes/tool-exec/requests_in
|
|
TOOLRES_DIR := infra/volumes/tool-exec/results_out
|
|
|
|
.PHONY: help
|
|
help:
|
|
@cat <<'EOF'
|
|
ThreeGate Makefile targets
|
|
|
|
Core validation:
|
|
make validate-packets Validate Research Packets (inbound-to-core)
|
|
make validate-tool-requests Validate Tool Requests (requests_in)
|
|
make validate-tool-results Validate Tool Results (results_out -> inbound-to-core)
|
|
|
|
Tool-exec example:
|
|
make tool-exec-example Run the hello-python Tool Request via ERA wrapper
|
|
|
|
Infra:
|
|
make compose-up Start docker-compose stack (skeleton images)
|
|
make compose-down Stop docker-compose stack
|
|
|
|
Firewall:
|
|
make firewall-apply Apply DOCKER-USER egress policy (requires sudo)
|
|
|
|
Setup:
|
|
make perms chmod +x scripts
|
|
|
|
Notes:
|
|
- Validators are intentionally conservative; rejects go to quarantine.
|
|
- tool-exec-example requires ERA 'agent' CLI installed and accessible.
|
|
EOF
|
|
|
|
.PHONY: perms
|
|
perms:
|
|
chmod +x tools/*.py tools/*.sh tool-exec/era/*.sh tool-exec/era/*.py infra/firewall/*.sh || true
|
|
|
|
.PHONY: validate-packets
|
|
validate-packets: perms
|
|
IN_DIR="$(INBOUND_CORE)" QUAR_DIR="$(QUARANTINE)" VALIDATOR="./tools/validate_research_packet.py" \
|
|
./tools/validate_and_quarantine_packets.sh
|
|
|
|
.PHONY: validate-tool-requests
|
|
validate-tool-requests: perms
|
|
REQ_DIR="$(TOOLREQ_DIR)" QUAR_DIR="$(QUARANTINE)" VALIDATOR="./tools/validate_tool_request.py" \
|
|
./tools/validate_and_quarantine_tool_requests.sh
|
|
|
|
.PHONY: validate-tool-results
|
|
validate-tool-results: perms
|
|
RES_DIR="$(TOOLRES_DIR)" CORE_IN_DIR="$(INBOUND_CORE)" QUAR_DIR="$(QUARANTINE)" VALIDATOR="./tools/validate_tool_result.py" \
|
|
./tools/validate_and_quarantine_tool_results.sh
|
|
|
|
.PHONY: tool-exec-example
|
|
tool-exec-example: perms
|
|
@mkdir -p "$(TOOLRES_DIR)"
|
|
PYTHONPATH="$(REPO_ROOT)" $(PYTHON) tool-exec/era/run_tool_request.py \
|
|
--request tool-exec/examples/TR-hello-python.md \
|
|
--results-dir "$(TOOLRES_DIR)"
|
|
|
|
.PHONY: compose-up
|
|
compose-up:
|
|
@echo "NOTE: images are placeholders; build/pin images before real use."
|
|
cd infra && docker compose up -d
|
|
|
|
.PHONY: compose-down
|
|
compose-down:
|
|
cd infra && docker compose down
|
|
|
|
.PHONY: firewall-apply
|
|
firewall-apply:
|
|
@echo "Applying DOCKER-USER egress policy (edit env vars as needed)..."
|
|
@echo "You may want to pin IPAM subnets + PROXY_IP first."
|
|
sudo LLMNET_SUBNET="$${LLMNET_SUBNET:-172.18.0.0/16}" \
|
|
FETchnet_SUBNET="$${FETchnet_SUBNET:-172.19.0.0/16}" \
|
|
EGRESSNET_SUBNET="$${EGRESSNET_SUBNET:-172.20.0.0/16}" \
|
|
PROXY_IP="$${PROXY_IP:-}" \
|
|
DNS_1="$${DNS_1:-1.1.1.1}" \
|
|
DNS_2="$${DNS_2:-8.8.8.8}" \
|
|
./infra/firewall/docker-user-chain.sh
|
|
|