KeiSei84
3aff00290f
Some checks are pending
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / preflight (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / vps-smoke (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:frustration-matrix,kei-frustration-loop,kei-skill-importer,kei-projects-index,kei-projects-watcher,kei-gdrive-import,kei-leak-matrix,kei-skills,kei-gateway,kei-cron-scheduler,kei-export-trajectories,kei-backend-daytona,kei-d… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-compute-baremetal,kei-compute-vultr,kei-compute-linode,kei-compute-digitalocean,kei-svc-systemd,kei-llm-bridge-mlx name:hosted-sleep-compute]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-diff,kei-scheduler,kei-watch,kei-prune,kei-discover,kei-brain-view,kei-hibernate,kei-ledger-sign,kei-fork name:wave13-15]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-git-gitea,kei-git-forgejo,kei-git-gitlab,kei-git-bitbucket,kei-memory-sled,kei-memory-redis,kei-memory-postgres,kei-memory-sqlite,kei-auth-google,kei-auth-apple,kei-auth-magiclink,kei-auth-webauthn,kei-notify-slack,kei-n… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-ledger,kei-migrate,kei-changelog,kei-memory,kei-store,kei-conflict-scan,kei-refactor-engine,kei-graph-check,kei-shared,kei-dna-index,kei-pet name:core]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-machine-probe,kei-llm-ollama,kei-llm-llamacpp,kei-llm-mlx,kei-llm-router,kei-model name:llm-stack]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-router,kei-sage,kei-task,kei-chat-store,kei-crossdomain,kei-search-core,kei-content-store,kei-social-store,kei-curator,kei-auth,kei-artifact name:mcp-lbm]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:keisei,kei-forge,kei-runtime,kei-runtime-core,kei-atom-discovery,kei-agent-runtime,kei-capability,kei-provision,kei-entity-store,kei-pipe,kei-cache,kei-spawn,kei-replay name:atom-substrate]) (push) Blocked by required conditions
CRITICAL: lib-hooks.sh had an apostrophe ("user's") inside the jq
program's bash single-quote, closing the quote and producing a parse
error so EVERY install aborted at source time (install.sh:71). Caught
by a full minimal e2e (rc=2 then rc=0 after fix). Reworded the jq
comment to drop the apostrophe.
Audit blockers fixed:
- MANIFEST: drop cortex-ui (no such primitive) from 4 profiles + block;
lib-menu desc no longer references it. Profile resolution verified clean.
- lib-dev-hub-forgejo / -zoekt: source lib-launchd.sh (register_launchd
was undefined, so full-hub dev-hub install would fail at runtime).
- kei-message: portable 16-digit id. BSD date prints literal "N" for %N;
fall back to /dev/urandom. Verified numeric in both code paths.
- bootstrap non-TTY default cortex to minimal (matches install.sh; avoids
divergent curl-bash vs direct-install behaviour and 105-crate surprise).
- install.sh stamps ~/.claude/.kei-profile; bin/kei reads it (splash
showed "profile: ?" before, since .installed holds only primitive names).
- README hook count 38 to 54 (real: ls hooks star dot sh).
- web-install warns before it discards local edits in the managed clone.
Verified: 106 shell files bash -n clean; minimal e2e rc=0 (38 agents,
57 hooks, 69 skills, profile stamped, mailbox present).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
117 lines
6.1 KiB
Bash
Executable file
117 lines
6.1 KiB
Bash
Executable file
#!/usr/bin/env bash
|
||
# web-install.sh — curl-pipeable bootstrapper for KeiSeiKit.
|
||
#
|
||
# Designed to be served as a static file (e.g. install.keisei.app) and run
|
||
# from a fresh machine via:
|
||
#
|
||
# curl -fsSL https://install.keisei.app | bash
|
||
# curl -fsSL https://install.keisei.app | bash -s -- --profile=dev --yes
|
||
#
|
||
# This script's ONLY job is: prereq → clone → delegate to ./bootstrap.sh.
|
||
# All real work lives in the kit's existing bootstrap.sh (prereqs, profile,
|
||
# install.sh wrap). Two scripts, one source of truth — DO NOT duplicate
|
||
# logic here.
|
||
#
|
||
# Env / args:
|
||
# KEISEI_ROOT install dir (default: $HOME/.local/share/keisei)
|
||
# KEISEI_REPO git URL (default: https://keigit.com/keisei/KeiSeiKit-1.0.git)
|
||
# KEISEI_REF branch/tag/sha (default: main)
|
||
# --profile=NAME passed through to ./bootstrap.sh
|
||
# --yes passed through to ./bootstrap.sh
|
||
# --ref=REF override KEISEI_REF
|
||
# --root=DIR override KEISEI_ROOT
|
||
|
||
set -euo pipefail
|
||
|
||
KEISEI_ROOT="${KEISEI_ROOT:-$HOME/.local/share/keisei}"
|
||
KEISEI_REPO="${KEISEI_REPO:-https://keigit.com/keisei/KeiSeiKit-1.0.git}"
|
||
KEISEI_REF="${KEISEI_REF:-main}"
|
||
|
||
PASS_THROUGH=()
|
||
for arg in "$@"; do
|
||
case "$arg" in
|
||
--ref=*) KEISEI_REF="${arg#--ref=}" ;;
|
||
--root=*) KEISEI_ROOT="${arg#--root=}" ;;
|
||
-h|--help) sed -n '1,22p' "$0" | sed 's|^# \{0,1\}||'; exit 0 ;;
|
||
*) PASS_THROUGH+=("$arg") ;;
|
||
esac
|
||
done
|
||
|
||
LOG="$HOME/.keisei-install.log"
|
||
mkdir -p "$(dirname "$LOG")"
|
||
# chmod 600 чтобы Forgejo admin creds в логе не были world-readable
|
||
# (security MEDIUM audit 2026-05-18).
|
||
( umask 077 && : > "$LOG" )
|
||
chmod 600 "$LOG" 2>/dev/null || true
|
||
exec > >(tee -a "$LOG") 2>&1
|
||
|
||
say() { printf "\033[1;36m[web-install]\033[0m %s\n" "$*"; }
|
||
die() { printf "\033[1;31m[err]\033[0m %s\n" "$*" >&2; exit 1; }
|
||
|
||
# ── splash ─────────────────────────────────────────────────────────────────
|
||
cat <<'EOF'
|
||
|
||
╔═══════════════════════════════════════════════════════╗
|
||
║ KeiSeiKit · Exobrain installer ║
|
||
║ Portable Rust agent substrate for AI coding tools ║
|
||
╚═══════════════════════════════════════════════════════╝
|
||
|
||
EOF
|
||
say "log: $LOG"
|
||
|
||
# ── prereq: git (the only thing bootstrap.sh can't self-install) ───────────
|
||
command -v git >/dev/null || die "missing: git (brew install git / apt install git)"
|
||
|
||
# ── auth probe for private repo ────────────────────────────────────────────
|
||
case "$KEISEI_REPO" in
|
||
git@github.com:*)
|
||
say "checking GitHub SSH auth"
|
||
if ! ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new -T git@github.com 2>&1 \
|
||
| grep -qE "successfully authenticated"; then
|
||
die "GitHub SSH key not authorised. Add your public key at https://github.com/settings/keys, then re-run."
|
||
fi
|
||
;;
|
||
esac
|
||
|
||
# ── clone or pull (idempotent) ─────────────────────────────────────────────
|
||
mkdir -p "$(dirname "$KEISEI_ROOT")"
|
||
if [ -d "$KEISEI_ROOT/.git" ]; then
|
||
say "pulling $KEISEI_REF in $KEISEI_ROOT"
|
||
git -C "$KEISEI_ROOT" fetch --depth=1 origin "$KEISEI_REF"
|
||
# reset --hard discards ANY local edits in this managed clone. It's a managed
|
||
# dir (don't hand-edit it — change the repo + push instead), but warn loudly
|
||
# so a manual tweak isn't lost silently.
|
||
if ! git -C "$KEISEI_ROOT" diff --quiet 2>/dev/null \
|
||
|| ! git -C "$KEISEI_ROOT" diff --cached --quiet 2>/dev/null; then
|
||
say " ⚠ local changes in $KEISEI_ROOT will be DISCARDED by reset --hard"
|
||
fi
|
||
git -C "$KEISEI_ROOT" reset --hard "origin/$KEISEI_REF"
|
||
else
|
||
say "cloning $KEISEI_REPO ($KEISEI_REF) → $KEISEI_ROOT"
|
||
git clone --depth=1 --branch "$KEISEI_REF" "$KEISEI_REPO" "$KEISEI_ROOT"
|
||
fi
|
||
git -C "$KEISEI_ROOT" submodule update --init --recursive 2>/dev/null || true
|
||
|
||
# ── delegate to kit's own bootstrap.sh ─────────────────────────────────────
|
||
[ -x "$KEISEI_ROOT/bootstrap.sh" ] || die "kit's bootstrap.sh not found in $KEISEI_ROOT"
|
||
say "delegating to $KEISEI_ROOT/bootstrap.sh ${PASS_THROUGH[*]:-}"
|
||
cd "$KEISEI_ROOT"
|
||
|
||
# curl|bash сценарий: stdin = pipe от curl, поэтому wizard'у read нечего читать.
|
||
# Если /dev/tty реально ОТКРЫВАЕТСЯ (сессия интерактивная), запускаем bootstrap
|
||
# со stdin = терминал — иначе onboarding/whiptail падают на первом prompt.
|
||
# ВАЖНО #1: `[ -r /dev/tty ]` недостаточно — путь может stat'иться readable, но
|
||
# `exec < /dev/tty` падает с "No such device or address" когда нет управляющего
|
||
# терминала (ssh non-interactive, CI, cron). Поэтому пробуем реально открыть его
|
||
# через `{ : < /dev/tty; }` и реаттачим ТОЛЬКО при успехе.
|
||
# ВАЖНО #2: bash читает ЭТОТ скрипт из трубы curl ПОБАЙТНО. Отдельный
|
||
# `exec < /dev/tty` заставил бы bash читать СЛЕДУЮЩУЮ строку (сам запуск
|
||
# bootstrap) уже с клавиатуры → вечный висяк после "delegating". Поэтому редирект
|
||
# и exec ОБЯЗАНЫ быть ОДНОЙ командой: подменили stdin и сразу заменили процесс —
|
||
# bash больше не читает ни байта скрипта из (уже не той) трубы.
|
||
# audit 2026-05-18 bug #4; non-TTY e2e fix 2026-05-21; curl|bash hang fix 2026-05-22.
|
||
if [ ! -t 0 ] && { : < /dev/tty; } 2>/dev/null; then
|
||
exec ./bootstrap.sh "${PASS_THROUGH[@]}" < /dev/tty
|
||
fi
|
||
|
||
exec ./bootstrap.sh "${PASS_THROUGH[@]}"
|