Add Ehwrj clean-room live map

scripts/bootstrap-ubuntu.sh

@@ -0,0 +1,116 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+APT_UPDATED=0
+
+usage() {
+  cat <<'EOF'
+Usage:
+  scripts/bootstrap-ubuntu.sh [--no-install]
+
+Installs the Ubuntu packages needed to build Ehwrj, then runs the full
+Release verification and Windows x64 publish pipeline.
+
+Options:
+  --no-install   Skip apt installs and only run the verification/publish step.
+EOF
+}
+
+NO_INSTALL=0
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --no-install)
+      NO_INSTALL=1
+      shift
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "error: unknown argument: $1" >&2
+      usage >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [[ -r /etc/os-release ]]; then
+  # shellcheck disable=SC1091
+  . /etc/os-release
+else
+  echo "error: /etc/os-release not found; this script expects Ubuntu." >&2
+  exit 1
+fi
+
+if [[ "${ID:-}" != "ubuntu" ]]; then
+  echo "error: this bootstrap script expects Ubuntu, got '${ID:-unknown}'." >&2
+  exit 1
+fi
+
+run_as_root() {
+  if [[ "$(id -u)" -eq 0 ]]; then
+    "$@"
+    return
+  fi
+
+  if ! command -v sudo >/dev/null 2>&1; then
+    echo "error: sudo is required when not running as root." >&2
+    exit 1
+  fi
+
+  sudo "$@"
+}
+
+apt_install() {
+  if [[ "$NO_INSTALL" -eq 1 ]]; then
+    return
+  fi
+
+  if [[ "$APT_UPDATED" -eq 0 ]]; then
+    run_as_root apt-get update
+    APT_UPDATED=1
+  fi
+
+  run_as_root apt-get install -y "$@"
+}
+
+has_dotnet_8_sdk() {
+  command -v dotnet >/dev/null 2>&1 && dotnet --list-sdks | awk '{print $1}' | grep -q '^8\.'
+}
+
+missing=()
+
+if ! has_dotnet_8_sdk; then
+  missing+=(dotnet-sdk-8.0)
+fi
+
+if ! command -v rg >/dev/null 2>&1; then
+  missing+=(ripgrep)
+fi
+
+if [[ "${#missing[@]}" -gt 0 ]]; then
+  if [[ "$NO_INSTALL" -eq 1 ]]; then
+    echo "error: missing required tools: ${missing[*]}" >&2
+    exit 1
+  fi
+
+  apt_install "${missing[@]}"
+fi
+
+if ! has_dotnet_8_sdk; then
+  echo "error: dotnet 8 SDK is still unavailable after package installation." >&2
+  exit 1
+fi
+
+if ! command -v rg >/dev/null 2>&1; then
+  echo "error: ripgrep is still unavailable after package installation." >&2
+  exit 1
+fi
+
+"$ROOT_DIR/scripts/publish-win-x64.sh"
+
+echo
+echo "Published Windows build:"
+echo "  $ROOT_DIR/src/Ehwrj.App/bin/Release/net8.0/win-x64/publish/Ehwrj.exe"

scripts/capture-local-api.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+OUT_DIR="${1:-}"
+
+if [[ -n "$OUT_DIR" ]]; then
+  dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.Capture/Ehwrj.Tools.Capture.csproj" -c Release -- --out "$OUT_DIR"
+else
+  dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.Capture/Ehwrj.Tools.Capture.csproj" -c Release
+fi
+

scripts/package-win-x64.sh

@@ -0,0 +1,80 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+PUBLISH_DIR="$ROOT_DIR/src/Ehwrj.App/bin/Release/net8.0/win-x64/publish"
+ARTIFACT_DIR="$ROOT_DIR/artifacts"
+PACKAGE_DIR="$ARTIFACT_DIR/ehwrj-win-x64"
+ZIP_PATH="$ARTIFACT_DIR/ehwrj-win-x64.zip"
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --publish-dir)
+      PUBLISH_DIR="$2"
+      shift 2
+      ;;
+    --zip)
+      ZIP_PATH="$2"
+      ARTIFACT_DIR="$(dirname "$ZIP_PATH")"
+      PACKAGE_DIR="$ARTIFACT_DIR/ehwrj-win-x64"
+      shift 2
+      ;;
+    -h|--help)
+      cat <<'EOF'
+Usage:
+  scripts/package-win-x64.sh [--publish-dir path] [--zip path]
+
+Creates a portable Windows x64 ZIP containing Ehwrj.exe, native DLLs,
+README, SECURITY, LICENSE, RUNNING.txt, and SHA256SUMS.txt.
+EOF
+      exit 0
+      ;;
+    *)
+      echo "error: unknown argument: $1" >&2
+      exit 2
+      ;;
+  esac
+done
+
+if [[ ! -x "$PUBLISH_DIR/Ehwrj.exe" ]]; then
+  echo "error: missing published Ehwrj.exe; run scripts/publish-win-x64.sh first." >&2
+  exit 1
+fi
+
+rm -rf "$PACKAGE_DIR"
+mkdir -p "$PACKAGE_DIR"
+
+cp "$PUBLISH_DIR/Ehwrj.exe" "$PACKAGE_DIR/"
+cp "$PUBLISH_DIR"/*.dll "$PACKAGE_DIR/"
+cp "$ROOT_DIR/README.md" "$PACKAGE_DIR/README.md"
+cp "$ROOT_DIR/SECURITY.md" "$PACKAGE_DIR/SECURITY.md"
+cp "$ROOT_DIR/LICENSE" "$PACKAGE_DIR/LICENSE"
+
+cat > "$PACKAGE_DIR/RUNNING.txt" <<'EOF'
+Ehwrj portable Windows x64 build
+
+1. Start War Thunder.
+2. Confirm the local map is available at http://127.0.0.1:8111/map_info.json.
+3. Run Ehwrj.exe.
+4. Use "Show overlay" in the left panel to enable the click-through overlay.
+
+Network scope:
+- Ehwrj only reads the loopback War Thunder local API.
+- It does not contact external hosts.
+
+Settings:
+- Saved under %LOCALAPPDATA%\Ehwrj\settings.json.
+EOF
+
+(
+  cd "$PACKAGE_DIR"
+  sha256sum * > SHA256SUMS.txt
+)
+
+rm -f "$ZIP_PATH"
+(
+  cd "$ARTIFACT_DIR"
+  zip -qr "$(basename "$ZIP_PATH")" "$(basename "$PACKAGE_DIR")"
+)
+
+echo "$ZIP_PATH"

scripts/publish-win-x64.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+
+dotnet restore "$ROOT_DIR/Ehwrj.sln"
+dotnet format "$ROOT_DIR/Ehwrj.sln" --no-restore --verify-no-changes --verbosity minimal
+dotnet build "$ROOT_DIR/Ehwrj.sln" -c Release --no-restore
+dotnet run --project "$ROOT_DIR/tests/Ehwrj.Tests/Ehwrj.Tests.csproj" -c Release --no-build
+"$ROOT_DIR/scripts/verify-safety.sh"
+dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.LocalApiStub/Ehwrj.Tools.LocalApiStub.csproj" -c Release --no-build -- --help >/dev/null
+dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.Capture/Ehwrj.Tools.Capture.csproj" -c Release --no-build -- --help >/dev/null
+dotnet publish "$ROOT_DIR/src/Ehwrj.App/Ehwrj.App.csproj" \
+  -c Release \
+  -r win-x64 \
+  --self-contained true \
+  -p:PublishSingleFile=true
+"$ROOT_DIR/scripts/package-win-x64.sh" >/dev/null

scripts/run-local-api-stub.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+PORT="${1:-8111}"
+FIXTURE_DIR="${2:-}"
+
+if [[ -n "$FIXTURE_DIR" ]]; then
+  dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.LocalApiStub/Ehwrj.Tools.LocalApiStub.csproj" -c Release -- --port "$PORT" --fixture-dir "$FIXTURE_DIR"
+else
+  dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.LocalApiStub/Ehwrj.Tools.LocalApiStub.csproj" -c Release -- --port "$PORT"
+fi

scripts/validate-capture.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+CAPTURE_DIR="${1:-captures/smoke}"
+
+dotnet run --project "$ROOT_DIR/tools/Ehwrj.Tools.Capture/Ehwrj.Tools.Capture.csproj" -c Release -- --validate "$CAPTURE_DIR"

scripts/verify-safety.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+SEARCH_ROOTS=(
+  "$ROOT_DIR/src"
+  "$ROOT_DIR/tests"
+  "$ROOT_DIR/tools"
+  "$ROOT_DIR/scripts"
+)
+URL_SEARCH_ROOTS=(
+  "$ROOT_DIR/src"
+  "$ROOT_DIR/tools"
+  "$ROOT_DIR/scripts"
+)
+RG_COMMON=(--glob '!verify-safety.sh' --glob '!**/bin/**' --glob '!**/obj/**')
+
+DISALLOWED_PATTERN='SetClipboard|OpenClipboard|GetClipboardData|AddClipboardFormatListener|UpdateResource|BeginUpdateResource|EndUpdateResource|SHGetSpecialFolderPath|CreateMutex|WindowsUpdate|zip_work|TARGET_PATH|--merge-env|CryptUnprotectData|Login Data|wallet\.dat'
+
+if rg "${RG_COMMON[@]}" -n "$DISALLOWED_PATTERN" "${SEARCH_ROOTS[@]}"; then
+  echo "error: disallowed malware-adjacent capability found" >&2
+  exit 1
+fi
+
+URL_PATTERN='https?://[^"[:space:]]+'
+if rg "${RG_COMMON[@]}" --glob '!*.axaml' -n "$URL_PATTERN" "${URL_SEARCH_ROOTS[@]}" \
+  | rg -v 'http://(127\.0\.0\.1|localhost)(:[0-9]+)?(/[^"[:space:]]*)?' \
+  | rg -v 'http://\{'; then
+  echo "error: non-loopback URL literal found" >&2
+  exit 1
+fi
+
+echo "Safety scan passed."