ops-jrz1/scripts/validate-sanitization.sh

#!/usr/bin/env bash
#
# Validation script for sanitized files
# Checks that all personal information has been removed
#
# Usage: ./scripts/validate-sanitization.sh <directory-to-check>

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Check arguments
if [ $# -ne 1 ]; then
    echo "Usage: $0 <directory-to-check>"
    echo "Example: $0 modules/"
    exit 1
fi

CHECK_DIR="$1"

if [ ! -d "$CHECK_DIR" ]; then
    echo -e "${RED}✗ Error: Directory $CHECK_DIR does not exist${NC}"
    exit 1
fi

echo "==> Validating sanitization in $CHECK_DIR"
echo ""

VALIDATION_FAILED=0

# Check for personal domains
echo "Checking for personal domains..."
if rg 'clarun\.xyz|talu\.uno' "$CHECK_DIR" --type nix --type md 2>/dev/null; then
    echo -e "${RED}✗ FAIL: Found personal domains (clarun.xyz or talu.uno)${NC}"
    VALIDATION_FAILED=1
else
    echo -e "${GREEN}✓ PASS: No personal domains found${NC}"
fi
echo ""

# Check for personal IPs
echo "Checking for personal IP addresses..."
if rg '192\.168\.1\.|45\.77\.205\.49' "$CHECK_DIR" --type nix 2>/dev/null; then
    echo -e "${RED}✗ FAIL: Found personal IP addresses${NC}"
    VALIDATION_FAILED=1
else
    echo -e "${GREEN}✓ PASS: No personal IP addresses found${NC}"
fi
echo ""

# Check for personal paths
echo "Checking for personal paths..."
if rg '/home/dan' "$CHECK_DIR" 2>/dev/null; then
    echo -e "${RED}✗ FAIL: Found personal paths (/home/dan)${NC}"
    VALIDATION_FAILED=1
else
    echo -e "${GREEN}✓ PASS: No personal paths found${NC}"
fi
echo ""

# Check for hostname jrz1
echo "Checking for personal hostname..."
if rg '\bjrz1\b' "$CHECK_DIR" --type nix --type md 2>/dev/null; then
    echo -e "${RED}✗ FAIL: Found personal hostname (jrz1)${NC}"
    VALIDATION_FAILED=1
else
    echo -e "${GREEN}✓ PASS: No personal hostname found${NC}"
fi
echo ""

# Check for personal email
echo "Checking for personal email..."
if rg 'dlei@duck\.com' "$CHECK_DIR" 2>/dev/null; then
    echo -e "${RED}✗ FAIL: Found personal email (dlei@duck.com)${NC}"
    VALIDATION_FAILED=1
else
    echo -e "${GREEN}✓ PASS: No personal email found${NC}"
fi
echo ""

# Check for Matrix access tokens (if gitleaks available)
if command -v gitleaks &> /dev/null; then
    echo "Running gitleaks secret scan..."
    if gitleaks detect --no-git --source "$CHECK_DIR" --quiet 2>/dev/null; then
        echo -e "${GREEN}✓ PASS: No secrets detected by gitleaks${NC}"
    else
        echo -e "${RED}✗ FAIL: gitleaks detected secrets${NC}"
        echo "Run: gitleaks detect --no-git --source $CHECK_DIR"
        VALIDATION_FAILED=1
    fi
    echo ""
else
    echo -e "${YELLOW}⚠ WARNING: gitleaks not installed, skipping secret scan${NC}"
    echo "Install with: nix-env -iA nixpkgs.gitleaks"
    echo ""
fi

# Summary
echo "==> Validation Summary"
if [ $VALIDATION_FAILED -eq 0 ]; then
    echo -e "${GREEN}✓ All validation checks passed${NC}"
    echo ""
    echo "Next steps:"
    echo "1. Manual review: Check comments for personal context"
    echo "2. Build validation: nix flake check"
    echo "3. Commit changes: git add && git commit"
    exit 0
else
    echo -e "${RED}✗ Validation failed - personal information still present${NC}"
    echo ""
    echo "Actions required:"
    echo "1. Review the failures above"
    echo "2. Manually fix remaining personal references"
    echo "3. Re-run this script"
    exit 1
fi