From 3bb515172dfcaa4f2ffa0930d0b3824602db556a Mon Sep 17 00:00:00 2001 From: sol Date: Sun, 1 Mar 2026 07:29:55 +0000 Subject: [PATCH] policies: add standard docs policy files - Add .editorconfig, .prettierrc, .prettierignore, .gitignore - Add Makefile with fmt, fmt-check, secret-scan targets - Add package.json with prettier - Add tools/secret-scan.sh - Auto-format with prettier - make check passes clean --- .editorconfig | 9 ++++++ .gitignore | 1 + .prettierignore | 3 ++ .prettierrc | 6 ++++ Makefile | 17 +++++++++++ README.md | 29 ++++++++++--------- package-lock.json | 31 ++++++++++++++++++++ package.json | 9 ++++++ tools/secret-scan.sh | 69 ++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 161 insertions(+), 13 deletions(-) create mode 100644 .editorconfig create mode 100644 .gitignore create mode 100644 .prettierignore create mode 100644 .prettierrc create mode 100644 Makefile create mode 100644 package-lock.json create mode 100644 package.json create mode 100755 tools/secret-scan.sh diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..c6c8b36 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,9 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c2658d7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +node_modules/ diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..d5c6928 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,3 @@ +node_modules/ +*.sh +package-lock.json diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..383f607 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,6 @@ +{ + "singleQuote": true, + "trailingComma": "all", + "printWidth": 100, + "tabWidth": 2 +} diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..76d8daf --- /dev/null +++ b/Makefile @@ -0,0 +1,17 @@ +export NODE_ENV := development + +.PHONY: check install fmt fmt-check secret-scan + +check: install fmt-check secret-scan + +install: + npm install + +fmt: + npx prettier --write . + +fmt-check: + npx prettier --check . + +secret-scan: + bash tools/secret-scan.sh . diff --git a/README.md b/README.md index 41928e4..c5986af 100644 --- a/README.md +++ b/README.md @@ -12,13 +12,13 @@ One-command deployment of **Radicale CalDAV/CardDAV** on Ubuntu/Debian, pre-conf ## Prerequisites -| Requirement | Details | -|---|---| -| **OS** | Ubuntu 20.04+ / Debian 11+ | -| **Access** | Root (sudo) | -| **Ports** | 80 and 443 open to the internet | -| **DNS** | A record pointing your domain to this server's IP | -| **RAM** | 512 MB minimum | +| Requirement | Details | +| ----------- | ------------------------------------------------- | +| **OS** | Ubuntu 20.04+ / Debian 11+ | +| **Access** | Root (sudo) | +| **Ports** | 80 and 443 open to the internet | +| **DNS** | A record pointing your domain to this server's IP | +| **RAM** | 512 MB minimum | ## Quick Start @@ -32,6 +32,7 @@ sudo bash install.sh ``` The wizard will ask you for: + 1. **Domain name** (e.g. `cal.example.com`) 2. **Email** (for Let's Encrypt SSL) 3. **CalDAV username & password** @@ -41,11 +42,13 @@ The wizard will ask you for: ## Client Setup ### Apple Calendar (macOS / iOS) + 1. Settings → Accounts → Add Account → Other → CalDAV 2. Server: `https://YOUR_DOMAIN` 3. Username & password as configured ### Thunderbird / GNOME Calendar + - URL: `https://YOUR_DOMAIN/USERNAME/calendar.ics/` ## OpenClaw Integration @@ -90,12 +93,12 @@ docker compose ps ## Troubleshooting -| Issue | Fix | -|---|---| -| SSL cert failed | Verify DNS A record; check ports 80/443 are open | -| 401 Unauthorized | Check `config/users` file has the correct user entry | -| Container won't start | Check logs: `docker compose logs radicale` | -| Can't sync calendar | Ensure client URL ends with `/username/calendar.ics/` | +| Issue | Fix | +| --------------------- | ----------------------------------------------------- | +| SSL cert failed | Verify DNS A record; check ports 80/443 are open | +| 401 Unauthorized | Check `config/users` file has the correct user entry | +| Container won't start | Check logs: `docker compose logs radicale` | +| Can't sync calendar | Ensure client URL ends with `/username/calendar.ics/` | ## License diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..931ea7e --- /dev/null +++ b/package-lock.json @@ -0,0 +1,31 @@ +{ + "name": "openclaw-caldav", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "openclaw-caldav", + "version": "1.0.0", + "devDependencies": { + "prettier": "^3.2.0" + } + }, + "node_modules/prettier": { + "version": "3.8.1", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz", + "integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==", + "dev": true, + "license": "MIT", + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..54e770a --- /dev/null +++ b/package.json @@ -0,0 +1,9 @@ +{ + "name": "openclaw-caldav", + "version": "1.0.0", + "private": true, + "description": "OpenClaw CalDAV Integration", + "devDependencies": { + "prettier": "^3.2.0" + } +} diff --git a/tools/secret-scan.sh b/tools/secret-scan.sh new file mode 100755 index 0000000..c7e5efe --- /dev/null +++ b/tools/secret-scan.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash +# secret-scan.sh — Scans for private keys and high-entropy secrets +# Usage: bash tools/secret-scan.sh [directory] +# Uses .secret-scan-allowlist for false positives (one file path per line) + +set -e + +SCAN_DIR="${1:-.}" +ALLOWLIST=".secret-scan-allowlist" +FINDINGS=0 + +# Build find exclusions +EXCLUDES=(-not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/coverage/*" -not -path "*/dist/*") + +# Load allowlist +ALLOWLIST_PATHS=() +if [ -f "$ALLOWLIST" ]; then + while IFS= read -r line || [ -n "$line" ]; do + [[ "$line" =~ ^#.*$ || -z "$line" ]] && continue + ALLOWLIST_PATHS+=("$line") + done < "$ALLOWLIST" +fi + +is_allowed() { + local file="$1" + for allowed in "${ALLOWLIST_PATHS[@]}"; do + if [[ "$file" == *"$allowed"* ]]; then + return 0 + fi + done + return 1 +} + +echo "Scanning $SCAN_DIR for secrets..." + +# Scan for private keys +while IFS= read -r file; do + [ -f "$file" ] || continue + is_allowed "$file" && continue + if grep -qE '-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----' "$file" 2>/dev/null; then + echo "FINDING [private-key]: $file" + FINDINGS=$((FINDINGS + 1)) + fi +done < <(find "$SCAN_DIR" "${EXCLUDES[@]}" -type f) + +# Scan for high-entropy hex strings (40+ chars) +while IFS= read -r file; do + [ -f "$file" ] || continue + is_allowed "$file" && continue + if grep -qE '[0-9a-f]{40,}' "$file" 2>/dev/null; then + # Filter out common false positives (git SHAs in lock files, etc.) + BASENAME=$(basename "$file") + if [[ "$BASENAME" != "package-lock.json" && "$BASENAME" != "*.lock" ]]; then + MATCHES=$(grep -oE '[0-9a-f]{40,}' "$file" 2>/dev/null || true) + if [ -n "$MATCHES" ]; then + echo "FINDING [high-entropy-hex]: $file" + FINDINGS=$((FINDINGS + 1)) + fi + fi + fi +done < <(find "$SCAN_DIR" "${EXCLUDES[@]}" -type f -not -name "package-lock.json" -not -name "*.lock") + +if [ "$FINDINGS" -gt 0 ]; then + echo "secret-scan: $FINDINGS finding(s) — FAIL" + exit 1 +else + echo "secret-scan: clean — PASS" + exit 0 +fi -- 2.45.2