Scripts
The scripts/ directory contains runnable entry points for local development, scan execution, database management, and AWS operations.
Script groups
Python scripts (local use)
| Script | What it does |
|---|---|
scripts/run-scan-worker.py |
Long-running worker: polls SQS, claims scans, launches runners |
scripts/run-scan-runner.py |
Runs one specific scan by ID — closest to what the ECS runner task does |
scripts/run-db-migrations.py |
Applies pending SQL migrations to the configured Postgres database |
scripts/run-maintenance.py |
Runs maintenance jobs (cleanup, artifact pruning) |
Shell scripts (local use)
| Script | What it does |
|---|---|
scripts/build-codex-runner-image.sh |
Builds the vega-codex-runner:latest Docker image for local Codex sandboxing |
scripts/codex-in-target-container.sh |
Entry point that runs Codex inside the sandbox container (used by v16) |
scripts/codex-in-target-container.py |
Constructs the full docker run command for the Codex container |
AWS deployment scripts
All live under scripts/aws/. See AWS Scripts for usage.
| Script | What it does |
|---|---|
scripts/aws/bootstrap-terraform-state.sh |
Creates S3 + DynamoDB for Terraform state (run once per environment) |
scripts/aws/terraform-plan.sh |
Plans infrastructure changes |
scripts/aws/terraform-apply.sh |
Applies infrastructure changes |
scripts/aws/build-images.sh |
Builds all service Docker images |
scripts/aws/push-images.sh |
Pushes images to ECR |
scripts/aws/deploy-services.sh |
Forces new ECS deployments |
scripts/aws/run-migrations.sh |
Runs database migrations via ECS maintenance task |
scripts/aws/smoke-test.sh |
Checks that the deployed API is healthy |
scripts/aws/lib.sh |
Shared helper functions for the AWS scripts |
Script design principles
Scripts follow a few conventions:
- Idempotent where possible — running the same script twice should be safe.
- Terraform outputs over hard-coded IDs — scripts read resource names from
terraform outputrather than having them baked in. - Loud failures — scripts fail with a clear error message if required tools or environment variables are missing.
- Environment as first argument — AWS scripts take
devorprodas their first argument, making it explicit which environment you're targeting.