Add convert-rules CLI and move rules module to lib/

dash14 · dash14 · commit aad7fb0a8d9e · 2026-03-01T15:09:05.000+09:00
Add setup/convert-rules.mjs so Makefile can accept wildcard syntax
instead of requiring hand-written regex. Move rules.mjs and its tests
into setup/lib/ for better organization.
diff --git a/Makefile b/Makefile
@@ -29,8 +29,8 @@ run_restrict_mode: ## Start in restrict mode
 	@echo "Starting buildcage in RESTRICT mode..."
 	@COMPOSE_FILE=$(COMPOSE_FILE) \
 	  PROXY_MODE=restrict \
-	  ALLOWED_HTTP_RULES="$${ALLOWED_HTTP_RULES:-}" \
-	  ALLOWED_HTTPS_RULES="$${ALLOWED_HTTPS_RULES:-^github\.com:443$$,^registry\.npmjs\.org:443$$,^api\.github\.com:443$$,^objects\.githubusercontent\.com:443$$,^httpbin\.org:443$$,^deb\.debian\.org:80$$,^.*\.githubusercontent\.com:443$$}" \
+	  ALLOWED_HTTP_RULES="$$(node setup/convert-rules.mjs "$${ALLOWED_HTTP_RULES:-}")" \
+	  ALLOWED_HTTPS_RULES="$$(node setup/convert-rules.mjs "$${ALLOWED_HTTPS_RULES:-github.com:443 registry.npmjs.org:443 api.github.com:443 objects.githubusercontent.com:443 httpbin.org:443 deb.debian.org:80 *.githubusercontent.com:443}")" \
 	  docker compose up -d --wait --build
 	@docker buildx rm buildcage 2>/dev/null || true
 	@echo "Creating buildx builder..."
@@ -68,4 +68,4 @@ test_audit_mode: ## Run audit mode tests
 
 .PHONY: test_unit
 test_unit: ## Run unit tests
-	@node --test setup/rules.test.mjs
+	@node --test setup/lib/rules.test.mjs
diff --git a/docs/development.md b/docs/development.md
@@ -94,8 +94,10 @@ Fields: `[timestamp] buildcage [status] "domain:port" reason`
 │   ├── compose.yml            # Compose config for GitHub Actions (with image tag)
 │   ├── main.mjs               # Setup entrypoint (rule generation, compose up)
 │   ├── post.mjs               # Post-action cleanup
-│   ├── rules.mjs              # Rule parser (wildcards, regex, ports)
-│   └── rules.test.mjs         # Unit tests for rules.mjs
+│   ├── convert-rules.mjs      # CLI: wildcard rules → regex (used by Makefile)
+│   └── lib/
+│       ├── rules.mjs          # Rule parser (wildcards, regex, ports)
+│       └── rules.test.mjs     # Unit tests for rules.mjs
 ├── report/
 │   ├── action.yml             # GitHub Action: dash14/buildcage/report@v1
 │   └── main.mjs               # Log analysis and Job Summary output
diff --git a/setup/convert-rules.mjs b/setup/convert-rules.mjs
@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * CLI wrapper for buildRules.
+ * Converts wildcard/regex rules to regex strings (space-separated).
+ *
+ * Usage: node setup/convert-rules.mjs "*.example.com:443 other.com:80"
+ */
+import { buildRules } from "./lib/rules.mjs";
+
+const input = process.argv[2] || "";
+console.log(buildRules(input).join(" "));
diff --git a/setup/lib/rules.mjs b/setup/lib/rules.mjs
diff --git a/setup/lib/rules.test.mjs b/setup/lib/rules.test.mjs
diff --git a/setup/main.mjs b/setup/main.mjs
@@ -2,7 +2,7 @@ import { execFileSync } from "node:child_process";
 import { appendFileSync } from "node:fs";
 import { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
-import { buildRules, buildLegacyRules } from "./rules.mjs";
+import { buildRules, buildLegacyRules } from "./lib/rules.mjs";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const composeFile = join(__dirname, "compose.yml");
