yanis/html
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
da170ef31d6b54f82b815dce3e237d1cbe220c96
html/api/opus5-stub-promoter.php
opus 5ec2901c76 auto-sync-0250
2026-04-17 02:50:02 +02:00

71 lines
2.4 KiB
PHP
Raw Blame History

<?php
// OPUS5 STUB PROMOTER - execute les stubs opus4 PENDING_APPROVAL
// Restrictions sécurité : whitelist paths + pas de sudo + log complet
header('Content-Type: application/json');
$R = ['ts'=>date('c'), 'processed'=>0, 'results'=>[]];
$LOG = '/tmp/opus5-promoter.log';
function logp($m) { global $LOG; @file_put_contents($LOG, date('c')." $m\n", FILE_APPEND); }
// Whitelist commandes acceptables (pas sudo, pas chattr, pas rm -rf)
$SAFE_PREFIXES = ['echo ', 'curl ', 'php8.4 /var/www/html/api/', 'git log', 'git status', 'cat /var/log/', 'grep ', 'psql '];
$BLOCKED = ['sudo', 'chattr', 'rm -rf', 'dd ', 'mkfs', '> /dev', 'systemctl stop'];
function is_safe($cmd) {
global $SAFE_PREFIXES, $BLOCKED;
foreach ($BLOCKED as $b) if (stripos($cmd, $b) !== false) return false;
foreach ($SAFE_PREFIXES as $p) if (stripos($cmd, $p) === 0 || stripos($cmd, " $p") !== false) return true;
return false;
}
$stubs = glob('/var/www/html/api/wired-pending/intent-opus4-*.php') ?: [];
logp("START ".count($stubs)." stubs to evaluate");
foreach ($stubs as $s) {
$info = @include $s;
if (!is_array($info)) continue;
$name = $info['name'] ?? '?';
$cmd = $info['cmd'] ?? '';
$status = $info['status'] ?? '?';
$result = ['name' => $name, 'status_before' => $status, 'cmd' => substr($cmd, 0, 80)];
if ($status === 'PENDING_SECURITY_REVIEW') {
$result['action'] = 'SKIPPED (security review required)';
$R['results'][] = $result;
continue;
}
if (!is_safe($cmd)) {
$result['action'] = 'SKIPPED (unsafe command)';
$R['results'][] = $result;
continue;
}
// EXEC
$start = microtime(true);
$out = @shell_exec("timeout 15 $cmd 2>&1");
$ms = round((microtime(true) - $start) * 1000);
$result['action'] = 'EXECUTED';
$result['out_preview'] = substr(trim((string)$out), 0, 200);
$result['ms'] = $ms;
// Mise à jour status dans le stub (PROMOTED)
$info['status'] = 'EXECUTED';
$info['executed_at'] = date('c');
$info['out_preview'] = $result['out_preview'];
$info['ms'] = $ms;
$content = "<?php\n// OPUS5 PROMOTED ".date('c')."\nreturn " . var_export($info, true) . ";\n";
@file_put_contents($s, $content);
logp("EXEC name=$name ms=$ms status=$status");
$R['processed']++;
$R['results'][] = $result;
}
logp("END processed=".$R['processed']);
echo json_encode($R, JSON_PRETTY_PRINT|JSON_UNESCAPED_UNICODE);
Reference in New Issue View Git Blame Copy Permalink