mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
added repro subcommand
This commit is contained in:
elipeter
parent
c1fa6a87cf
commit
8a7d2b8010
9 changed files with 656 additions and 36 deletions
37
docs/cli.md
37
docs/cli.md
|
|
@ -220,6 +220,43 @@ nyx scan . --max-low 50 --max-low-per-file 5
|
|||
|
||||
---
|
||||
|
||||
## `nyx repro`
|
||||
|
||||
Replay a dynamic repro bundle for a confirmed finding.
|
||||
|
||||
```
|
||||
nyx repro (--finding <ID> | --spec-hash <HASH> | --bundle <DIR>) [OPTIONS]
|
||||
```
|
||||
|
||||
Nyx writes repro bundles under the platform cache directory and keys them by
|
||||
`spec_hash`. The browser UI and scan output show `finding_id`, so
|
||||
`--finding` scans cached bundle manifests and replays the newest match.
|
||||
|
||||
| Flag | Description |
|
||||
|------|-------------|
|
||||
| `--finding <ID>` | Find the newest cached bundle whose manifest carries this stable finding ID |
|
||||
| `--spec-hash <HASH>` | Replay an exact cache bundle by spec hash |
|
||||
| `--bundle <DIR>` | Replay an explicit bundle directory |
|
||||
| `--docker` | Run the bundle's Docker replay path (`./reproduce.sh --docker`) |
|
||||
| `--print-path` | Print the resolved bundle path and exit without replaying |
|
||||
| `--list` | With `--finding`, list all matching cached bundles newest first |
|
||||
|
||||
Examples:
|
||||
|
||||
```bash
|
||||
nyx repro --finding b9caa35df2213040
|
||||
nyx repro --finding b9caa35df2213040 --docker
|
||||
nyx repro --finding b9caa35df2213040 --print-path
|
||||
nyx repro --spec-hash 8bca7f8e0311d6c9
|
||||
nyx repro --bundle /path/to/repro/8bca7f8e0311d6c9
|
||||
```
|
||||
|
||||
Exit codes mirror `reproduce.sh`: `0` pass, `1` replay mismatch, `2` Docker
|
||||
unavailable, `3` process-backend toolchain mismatch. Any other script exit is
|
||||
passed through.
|
||||
|
||||
---
|
||||
|
||||
## `nyx index`
|
||||
|
||||
Manage the SQLite file index.
|
||||
|
|
|
|||
|
|
@ -224,18 +224,34 @@ fails.
|
|||
|
||||
## Repro artifacts
|
||||
|
||||
Confirmed findings write a hermetic bundle:
|
||||
Confirmed findings write a hermetic bundle under Nyx's platform cache
|
||||
directory:
|
||||
|
||||
```text
|
||||
~/.cache/nyx/dynamic/repro/<spec_hash>/
|
||||
<cache-dir>/nyx/dynamic/repro/<spec_hash>/
|
||||
```
|
||||
|
||||
On Linux this is usually `~/.cache/nyx/dynamic/repro/<spec_hash>/`; on macOS
|
||||
it is usually `~/Library/Caches/nyx/dynamic/repro/<spec_hash>/`.
|
||||
|
||||
The bundle carries the harness spec, payload, expected output, trace, and a
|
||||
`reproduce.sh`. When the toolchain is pinned in `tools/image-builder/images.toml`
|
||||
it also writes a `docker_pull.sh`.
|
||||
|
||||
The easiest replay path starts from the finding id shown in scan output or the
|
||||
browser UI:
|
||||
|
||||
```bash
|
||||
cd ~/.cache/nyx/dynamic/repro/<spec_hash>
|
||||
nyx repro --finding <finding_id>
|
||||
nyx repro --finding <finding_id> --docker
|
||||
```
|
||||
|
||||
You can also replay an exact bundle by spec hash, or inspect the shell script
|
||||
directly:
|
||||
|
||||
```bash
|
||||
nyx repro --spec-hash <spec_hash>
|
||||
cd <cache-dir>/nyx/dynamic/repro/<spec_hash>
|
||||
./reproduce.sh
|
||||
./reproduce.sh --docker
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue