From 7b68355b9e9a5fdbfa74ab5f82d94a3086c87049 Mon Sep 17 00:00:00 2001
From: aitbc <aitbc@keisanki.net>
Date: Tue, 26 May 2026 07:59:03 +0200
Subject: [PATCH] fix: improve chain isolation verification to support
 comma-separated chains and bidirectional checks

- Change supported_chains validation from exact match to substring check for comma-separated values
- Add hostname detection to run appropriate checks based on current node (aitbc vs aitbc1)
- Add bidirectional remote node checking (aitbc checks aitbc1, aitbc1 checks aitbc)
- Update log messages to reflect "includes" rather than exact match semantics
- Add warning for unknown hostnames with fall
---
 scripts/monitoring/verify_chain_isolation.sh | 71 +++++++++++++++-----
 1 file changed, 53 insertions(+), 18 deletions(-)

diff --git a/scripts/monitoring/verify_chain_isolation.sh b/scripts/monitoring/verify_chain_isolation.sh
index d6121189..dae3e6a4 100755
--- a/scripts/monitoring/verify_chain_isolation.sh
+++ b/scripts/monitoring/verify_chain_isolation.sh
@@ -97,11 +97,12 @@ check_node_configuration() {
     
     supported_chains=$(grep "^supported_chains=" "$blockchain_env" | cut -d'=' -f2)
     
-    if [ "$supported_chains" != "$expected_chain" ]; then
-        log_error "$node_name supported_chains=$supported_chains (expected: $expected_chain)"
-        ((VIOLATION_COUNT++))
+    # Check if expected chain is in the supported chains list (handles comma-separated values)
+    if [[ ",$supported_chains," == *",$expected_chain,"* ]]; then
+        log_success "$node_name supported_chains=$supported_chains (includes $expected_chain)"
     else
-        log_success "$node_name supported_chains=$supported_chains"
+        log_error "$node_name supported_chains=$supported_chains (expected to include: $expected_chain)"
+        ((VIOLATION_COUNT++))
     fi
 }
 
@@ -109,22 +110,56 @@ check_node_configuration() {
 main() {
     log "=== Chain Isolation Verification Started ==="
     
-    # Check aitbc (mainnet) node
-    check_node_configuration "aitbc" "/etc/aitbc/blockchain.env" "ait-mainnet"
-    check_database_isolation "$DATA_DIR/ait-mainnet/chain.db" "ait-mainnet"
+    # Detect which node this script is running on
+    local hostname=$(hostname)
+    local expected_chain=""
     
-    # Check aitbc1 (testnet) node if accessible
-    if ssh aitbc1 test -f "/etc/aitbc/blockchain.env" 2>/dev/null; then
-        REMOTE_CHAINS=$(ssh aitbc1 'cat /etc/aitbc/blockchain.env | grep "^supported_chains=" | cut -d"=" -f2')
-        if [ "$REMOTE_CHAINS" != "ait-testnet" ]; then
-            log_error "aitbc1 supported_chains=$REMOTE_CHAINS (expected: ait-testnet)"
-            ((VIOLATION_COUNT++))
-        else
-            log_success "aitbc1 supported_chains=$REMOTE_CHAINS"
-        fi
-        check_database_isolation "$DATA_DIR/ait-testnet/chain.db" "ait-testnet"
+    if [ "$hostname" = "aitbc" ]; then
+        expected_chain="ait-mainnet"
+    elif [ "$hostname" = "aitbc1" ]; then
+        expected_chain="ait-testnet"
     else
-        log_warning "aitbc1 not accessible, skipping remote checks"
+        log_warning "Unknown hostname: $hostname, defaulting to ait-mainnet check"
+        expected_chain="ait-mainnet"
+    fi
+    
+    log "Running on node: $hostname (expected chain: $expected_chain)"
+    
+    # Check local node configuration
+    check_node_configuration "$hostname" "/etc/aitbc/blockchain.env" "$expected_chain"
+    check_database_isolation "$DATA_DIR/$expected_chain/chain.db" "$expected_chain"
+    
+    # Check remote node if accessible
+    if [ "$hostname" = "aitbc" ]; then
+        # On aitbc, check aitbc1 (testnet)
+        if ssh aitbc1 test -f "/etc/aitbc/blockchain.env" 2>/dev/null; then
+            REMOTE_CHAINS=$(ssh aitbc1 'cat /etc/aitbc/blockchain.env | grep "^supported_chains=" | cut -d"=" -f2')
+            # Check if expected chain is in the supported chains list (handles comma-separated values)
+            if [[ ",$REMOTE_CHAINS," == *",ait-testnet,"* ]]; then
+                log_success "aitbc1 supported_chains=$REMOTE_CHAINS (includes ait-testnet)"
+            else
+                log_error "aitbc1 supported_chains=$REMOTE_CHAINS (expected to include: ait-testnet)"
+                ((VIOLATION_COUNT++))
+            fi
+            check_database_isolation "$DATA_DIR/ait-testnet/chain.db" "ait-testnet"
+        else
+            log_warning "aitbc1 not accessible, skipping remote checks"
+        fi
+    elif [ "$hostname" = "aitbc1" ]; then
+        # On aitbc1, check aitbc (mainnet)
+        if ssh aitbc test -f "/etc/aitbc/blockchain.env" 2>/dev/null; then
+            REMOTE_CHAINS=$(ssh aitbc 'cat /etc/aitbc/blockchain.env | grep "^supported_chains=" | cut -d"=" -f2')
+            # Check if expected chain is in the supported chains list (handles comma-separated values)
+            if [[ ",$REMOTE_CHAINS," == *",ait-mainnet,"* ]]; then
+                log_success "aitbc supported_chains=$REMOTE_CHAINS (includes ait-mainnet)"
+            else
+                log_error "aitbc supported_chains=$REMOTE_CHAINS (expected to include: ait-mainnet)"
+                ((VIOLATION_COUNT++))
+            fi
+            check_database_isolation "$DATA_DIR/ait-mainnet/chain.db" "ait-mainnet"
+        else
+            log_warning "aitbc not accessible, skipping remote checks"
+        fi
     fi
     
     log "=== Chain Isolation Verification Completed ==="