Make installer interactive for credential source selection
This commit is contained in:
95
.agents/skills/lemana-vpn-testing/SKILL.md
Normal file
95
.agents/skills/lemana-vpn-testing/SKILL.md
Normal file
@@ -0,0 +1,95 @@
|
||||
---
|
||||
name: lemana-vpn-testing
|
||||
description: Use when testing, validating, reviewing, or preparing release/update notes for lemana-vpn shell scripts, Swift app code, installer behavior, SSO patches, or live VPN changes.
|
||||
---
|
||||
|
||||
# Lemana VPN Testing
|
||||
|
||||
## Overview
|
||||
|
||||
Use a ladder: static checks first, isolated smoke tests second, Swift build third, live VPN only when the changed behavior requires it. Never use live reconnect as a default smoke test.
|
||||
|
||||
## Non-Live Verification
|
||||
|
||||
Run the smallest relevant set, expanding with risk:
|
||||
|
||||
```sh
|
||||
sh -n install.sh
|
||||
sh -n uninstall.sh
|
||||
bash -n bin/vpn-lemanapro.sh
|
||||
sh -n tests/smoke.sh
|
||||
tests/smoke.sh
|
||||
swift build -c release --package-path app
|
||||
git diff --check
|
||||
```
|
||||
|
||||
`tests/smoke.sh` is the main repo smoke test. It uses temporary homes and fake `openconnect-lite` sources for patch checks, and it asserts status JSON, install dry-run output, uninstall dry-run output, app wiring, manual/auto flags, no-tty credential behavior, and autofill patch invariants.
|
||||
|
||||
## Status Checks
|
||||
|
||||
For source-script behavior:
|
||||
|
||||
```sh
|
||||
bin/vpn-lemanapro.sh --status
|
||||
bin/vpn-lemanapro.sh --status --json
|
||||
```
|
||||
|
||||
For the installed user setup:
|
||||
|
||||
```sh
|
||||
vpn --status
|
||||
vpn --status --json
|
||||
```
|
||||
|
||||
Prefer installed status when verifying what the menu-bar app will see, because `VPNManager.swift` calls `~/bin/vpn-lemanapro.sh`.
|
||||
|
||||
## Live VPN Checks
|
||||
|
||||
Live checks are appropriate only for changes to connection start/stop, reconnect, SSO/autofill, Bitwarden/Keychain, `openconnect-lite` patching, status JSON consumed by the app, or DNS cleanup.
|
||||
|
||||
Before a live check:
|
||||
|
||||
```sh
|
||||
vpn --status
|
||||
```
|
||||
|
||||
If already connected, connecting, or reconnecting, do not start another session. Use logs/status and report that live reconnect was skipped to avoid disturbing the current tunnel.
|
||||
|
||||
When SSO/autofill changed, prefer:
|
||||
|
||||
```sh
|
||||
vpn --manual
|
||||
```
|
||||
|
||||
Only use automatic mode after manual mode proves the form is filled correctly:
|
||||
|
||||
```sh
|
||||
vpn
|
||||
```
|
||||
|
||||
Use debug only for diagnosis:
|
||||
|
||||
```sh
|
||||
vpn-debug
|
||||
tail -f ~/Library/Logs/LemanaVPN-openconnect-lite.log
|
||||
```
|
||||
|
||||
## Installer/Uninstaller Checks
|
||||
|
||||
Use dry-runs before real install/uninstall:
|
||||
|
||||
```sh
|
||||
sh install.sh --dry-run --non-interactive --minimal
|
||||
sh uninstall.sh --dry-run
|
||||
```
|
||||
|
||||
Real install can modify Homebrew packages, pipx packages, sudoers, `/usr/local/sbin`, `~/.zshrc`, LaunchAgents, Keychain prompts, and the menu-bar app. Real uninstall can stop `LemanaVPN.app`. Be explicit in the answer when those were not run.
|
||||
|
||||
## Final Report
|
||||
|
||||
Report exact commands and results. Always include:
|
||||
|
||||
- Run: command to use the changed repo/app.
|
||||
- Check: command to verify state or behavior.
|
||||
- Update: `sh install.sh` from checkout or the remote `curl ... | sh`.
|
||||
- Not run: especially any skipped live VPN reconnect, real install, or real uninstall.
|
||||
Reference in New Issue
Block a user