Goal
Make live verification prove that changed routes, assets, and security headers are actually deployed after a service restart.
Context
Current live checks focus on /health and /login, which can pass even if a changed route, template, static asset, or security header is stale. Vault 966’s iPad/live-service workflow needs a quick way to verify the affected surface after application changes.
Suggested Scope
- Extend
scripts/vault_service.sh verify or make codex.live to accept one or more route/asset paths.
- Check key security headers for HTML and API responses.
- Consider validating static asset fingerprints or content type for changed CSS/JS assets.
- Keep the default path fast for normal Codex turns.
- Make failure output actionable.
Files or Areas
scripts/vault_service.sh
scripts/codex_check.sh
Makefile
tests/test_vault_service_scripts.py
tests/test_health.py
README.md or AGENTS.md if command usage changes
Out of Scope
- Changing launchd service architecture
- Restarting or modifying a contributor’s live service during tests
- Uploading logs or local service paths to GitHub
- Full browser automation for every route
Acceptance Criteria
- Live verification can check an affected route or asset path in addition to
/health.
- Header regressions are caught for representative responses.
- Failure messages say which URL/path failed and why.
- Tests cover the script behavior without touching a real live service.
- Documentation explains when to use the expanded verification path.
Verification
pytest tests/test_vault_service_scripts.py
pytest tests/test_health.py
- Manual maintainer check on macOS service, if available:
scripts/vault_service.sh verify /ui/movies and one static asset path.
Contributor Notes
This is a good ops contribution for someone comfortable with shell tests. Please keep tests synthetic and avoid committing local logs, plist dumps, or app-support paths beyond documented examples.
Goal
Make live verification prove that changed routes, assets, and security headers are actually deployed after a service restart.
Context
Current live checks focus on
/healthand/login, which can pass even if a changed route, template, static asset, or security header is stale. Vault 966’s iPad/live-service workflow needs a quick way to verify the affected surface after application changes.Suggested Scope
scripts/vault_service.sh verifyormake codex.liveto accept one or more route/asset paths.Files or Areas
scripts/vault_service.shscripts/codex_check.shMakefiletests/test_vault_service_scripts.pytests/test_health.pyREADME.mdorAGENTS.mdif command usage changesOut of Scope
Acceptance Criteria
/health.Verification
pytest tests/test_vault_service_scripts.pypytest tests/test_health.pyscripts/vault_service.sh verify /ui/moviesand one static asset path.Contributor Notes
This is a good ops contribution for someone comfortable with shell tests. Please keep tests synthetic and avoid committing local logs, plist dumps, or app-support paths beyond documented examples.