d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76e2e64008c8b0dd38dcf5cb4731e8ee170c5d43
proxmox/scripts/omnl/fetch-kyt-vendor-report.sh
defiQUG 7ac74f432b chore: sync docs, config schemas, scripts, and meta task alignment 
- Institutional / JVMTM / reserve-provenance / GRU transport + standards JSON
- Validation and verify scripts (Blockscout labels, x402, GRU preflight, P1 local path)
- Wormhole wiring in AGENTS, MCP_SETUP, MASTER_INDEX, 04-configuration README
- Meta docs, integration gaps, live verification log, architecture updates
- CI validate-config workflow updates

Operator/LAN items, submodule working trees, and public token-aggregation edge
routes remain follow-up (see TODOS_CONSOLIDATED P1).

Made-with: Cursor
2026-03-31 22:31:39 -07:00

49 lines
1.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Fetch or refuse KYT vendor evidence. Does NOT fabricate PASS — regulators expect vendor traceability.
#
# Modes:
# 1) KYT_API_URL + KYT_API_KEY (optional KYT_API_HEADERS_JSON): GET or POST via curl, write body to OUT_JSON.
# 2) KYT_VENDOR_EXPORT_JSON: copy existing vendor export path into OUT_JSON (operator already downloaded).
#
# If none set: writes a REFUSED manifest and exits 2.
#
# Env:
# KYT_OUT_JSON — default output/jvmtm-evidence/validation/kyt-vendor-result.json
set -euo pipefail
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
OUT="${KYT_OUT_JSON:-${REPO_ROOT}/output/jvmtm-evidence/validation/kyt-vendor-result.json}"
mkdir -p "$(dirname "$OUT")"
if [[ -n "${KYT_VENDOR_EXPORT_JSON:-}" && -f "${KYT_VENDOR_EXPORT_JSON}" ]]; then
cp -a "${KYT_VENDOR_EXPORT_JSON}" "$OUT"
echo "Wrote $OUT from KYT_VENDOR_EXPORT_JSON" >&2
exit 0
fi
if [[ -z "${KYT_API_URL:-}" ]]; then
jq -n \
--arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
'{status: "REFUSED", reason: "No KYT_API_URL or KYT_VENDOR_EXPORT_JSON; vendor evidence not fabricated.", generated_at: $ts}' \
> "$OUT"
echo "REFUSED: wrote $OUT (exit 2)" >&2
exit 2
fi
TMP="$(mktemp)"
trap 'rm -f "$TMP"' EXIT
if [[ -n "${KYT_API_KEY:-}" ]]; then
curl -sS -H "Authorization: Bearer ${KYT_API_KEY}" "${KYT_API_URL}" -o "$TMP" || { echo "curl failed" >&2; exit 2; }
else
curl -sS "${KYT_API_URL}" -o "$TMP" || { echo "curl failed" >&2; exit 2; }
fi
if jq -e . "$TMP" &>/dev/null; then
jq --arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" '. + {fetched_at: $ts, source: "curl:KYT_API_URL"}' "$TMP" > "$OUT"
else
jq -n \
--arg ts "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--arg sha "$(sha256sum "$TMP" 2>/dev/null | awk '{print $1}')" \
'{status: "RAW", note: "non-JSON KYT response; store full body out-of-band", response_sha256: $sha, fetched_at: $ts}' > "$OUT"
fi
echo "Wrote $OUT from KYT_API_URL" >&2
exit 0
Reference in New Issue View Git Blame Copy Permalink