keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/web-install.sh
KeiSei84 742822a499 feat: opt-in hook packs + stack profiles + public-prep repoint (#44) 
Mirror of keigit main — Phase 2 (abae256c) + public-prep repoint (518d95df).

Phase 2: safety on by default, discipline packs opt-in; stack profiles
(minimal/web/ml/systems/mobile) pull packs + agent sets; SSoT in
_primitives/hook-packs.toml; filter+prune via lib-hooks.sh; re-runnable
via `kei configure`; 8 hooks gated via _lib/gate.sh.

Public-prep: .gitmodules + README clone + plugin homepage + web-install.sh
repointed to github.com/KeiSeiLab. ADR in DECISIONS.md 2026-05-25.
2026-05-26 13:26:09 +07:00

117 lines
6.3 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env bash
# web-install.sh — curl-pipeable bootstrapper for KeiSeiKit.
#
# Designed to be served as a static file (e.g. install.keisei.app) and run
# from a fresh machine via:
#
# curl -fsSL https://install.keisei.app | bash
# curl -fsSL https://install.keisei.app | bash -s -- --profile=dev --yes
#
# This script's ONLY job is: prereq → clone → delegate to ./bootstrap.sh.
# All real work lives in the kit's existing bootstrap.sh (prereqs, profile,
# install.sh wrap). Two scripts, one source of truth — DO NOT duplicate
# logic here.
#
# Env / args:
# KEISEI_ROOT install dir (default: $HOME/.local/share/keisei)
# KEISEI_REPO git URL (default: https://github.com/KeiSeiLab/KeiSeiKit-1.0.git)
# KEISEI_REF branch/tag/sha (default: main)
# --profile=NAME passed through to ./bootstrap.sh
# --yes passed through to ./bootstrap.sh
# --ref=REF override KEISEI_REF
# --root=DIR override KEISEI_ROOT
set -euo pipefail
KEISEI_ROOT="${KEISEI_ROOT:-$HOME/.local/share/keisei}"
KEISEI_REPO="${KEISEI_REPO:-https://github.com/KeiSeiLab/KeiSeiKit-1.0.git}"
KEISEI_REF="${KEISEI_REF:-main}"
PASS_THROUGH=()
for arg in "$@"; do
case "$arg" in
--ref=*) KEISEI_REF="${arg#--ref=}" ;;
--root=*) KEISEI_ROOT="${arg#--root=}" ;;
-h|--help) sed -n '1,22p' "$0" | sed 's|^# \{0,1\}||'; exit 0 ;;
*) PASS_THROUGH+=("$arg") ;;
esac
done
LOG="$HOME/.keisei-install.log"
mkdir -p "$(dirname "$LOG")"
# chmod 600 чтобы Forgejo admin creds в логе не были world-readable
# (security MEDIUM audit 2026-05-18).
( umask 077 && : > "$LOG" )
chmod 600 "$LOG" 2>/dev/null || true
exec > >(tee -a "$LOG") 2>&1
say() { printf "\033[1;36m[web-install]\033[0m %s\n" "$*"; }
die() { printf "\033[1;31m[err]\033[0m %s\n" "$*" >&2; exit 1; }
# ── splash ──────────────────────────────────────────────────────────────────
cat <<'EOF'
╔═════════════════════════════════════════════════════╗
║ KeiSeiKit · Exobrain installer ║
║ Portable Rust agent substrate for AI coding tools ║
╚═════════════════════════════════════════════════════╝
EOF
say "log: $LOG"
# ── prereq: git (the only thing bootstrap.sh can't self-install) ───────────
command -v git >/dev/null || die "missing: git (brew install git / apt install git)"
# ── auth probe for private repo ─────────────────────────────────────────────────────────
case "$KEISEI_REPO" in
git@github.com:*)
say "checking GitHub SSH auth"
if ! ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new -T git@github.com 2>&1 \
| grep -qE "successfully authenticated"; then
die "GitHub SSH key not authorised. Add your public key at https://github.com/settings/keys, then re-run."
fi
;;
esac
# ── clone or pull (idempotent) ────────────────────────────────────────────────────────────
mkdir -p "$(dirname "$KEISEI_ROOT")"
if [ -d "$KEISEI_ROOT/.git" ]; then
say "pulling $KEISEI_REF in $KEISEI_ROOT"
git -C "$KEISEI_ROOT" fetch --depth=1 origin "$KEISEI_REF"
# reset --hard discards ANY local edits in this managed clone. It's a managed
# dir (don't hand-edit it — change the repo + push instead), but warn loudly
# so a manual tweak isn't lost silently.
if ! git -C "$KEISEI_ROOT" diff --quiet 2>/dev/null \
|| ! git -C "$KEISEI_ROOT" diff --cached --quiet 2>/dev/null; then
say " ⚠ local changes in $KEISEI_ROOT will be DISCARDED by reset --hard"
fi
git -C "$KEISEI_ROOT" reset --hard "origin/$KEISEI_REF"
else
say "cloning $KEISEI_REPO ($KEISEI_REF) → $KEISEI_ROOT"
git clone --depth=1 --branch "$KEISEI_REF" "$KEISEI_REPO" "$KEISEI_ROOT"
fi
git -C "$KEISEI_ROOT" submodule update --init --recursive 2>/dev/null || true
# ── delegate to kit's own bootstrap.sh ────────────────────────────────────────────────
[ -x "$KEISEI_ROOT/bootstrap.sh" ] || die "kit's bootstrap.sh not found in $KEISEI_ROOT"
say "delegating to $KEISEI_ROOT/bootstrap.sh ${PASS_THROUGH[*]:-}"
cd "$KEISEI_ROOT"
# curl|bash сценарий: stdin = pipe от curl, поэтому wizard'у read нечего читать.
# Если /dev/tty реально ОТКРЫВАЕТСЯ (сессия интерактивная), запускаем bootstrap
# со stdin = терминал — иначе onboarding/whiptail падают на первом prompt.
# ВАЖНО #1: `[ -r /dev/tty ]` недостаточно — путь может stat'иться readable, но
# `exec < /dev/tty` падает с "No such device or address" когда нет управляющего
# терминала (ssh non-interactive, CI, cron). Поэтому пробуем реально открыть его
# через `{ : < /dev/tty; }` и реаттачим ТОЛЬКО при успехе.
# ВАЖНО #2: bash читает ЭТОТ скрипт из трубы curl ПОБАЙТНО. Отдельный
# `exec < /dev/tty` заставил бы bash читать СЛЕДУЮЩУЮ строку (сам запуск
# bootstrap) уже с клавиатуры → вечный висяк после "delegating". Поэтому редирект
# и exec ОБЯЗАНЫ быть ОДНОЙ командой: подменили stdin и сразу заменили процесс —
# bash больше не читает ни байта скрипта из (уже не той) трубы.
# audit 2026-05-18 bug #4; non-TTY e2e fix 2026-05-21; curl|bash hang fix 2026-05-22.
if [ ! -t 0 ] && { : < /dev/tty; } 2>/dev/null; then
exec ./bootstrap.sh "${PASS_THROUGH[@]}" < /dev/tty
fi
exec ./bootstrap.sh "${PASS_THROUGH[@]}"
Reference in a new issue View git blame Copy permalink