@_xtribe/cli 1.0.54 → 1.0.55

package/install-tribe-minimal.js

@@ -104,20 +104,47 @@ async function installTribe() {
 
 // Update PATH
 function updatePath() {
+    // Create tribe-env.sh script
+    const tribeEnvPath = path.join(tribeDir, 'tribe-env.sh');
+    const envScriptContent = `#!/bin/bash
+# TRIBE CLI Environment Setup
+# Auto-generated by TRIBE installer
+
+# Add TRIBE bin directory to PATH if not already present
+TRIBE_BIN_DIR="$HOME/.tribe/bin"
+
+if [[ -d "$TRIBE_BIN_DIR" ]] && [[ ":$PATH:" != *":$TRIBE_BIN_DIR:"* ]]; then
+    export PATH="$TRIBE_BIN_DIR:$PATH"
+fi
+`;
+
+    try {
+        fs.writeFileSync(tribeEnvPath, envScriptContent);
+        fs.chmodSync(tribeEnvPath, '755');
+        console.log('✓ Created tribe-env.sh environment script');
+    } catch (error) {
+        console.log(`⚠ Failed to create tribe-env.sh: ${error.message}`);
+        return;
+    }
+
+    // Update shell config
     const shell = process.env.SHELL || '/bin/bash';
     const rcFile = shell.includes('zsh') ? '.zshrc' : '.bashrc';
     const rcPath = path.join(homeDir, rcFile);
-    
-    const pathExport = `export PATH="$HOME/.tribe/bin:$PATH"`;
-    
+    const sourceCommand = 'source ~/.tribe/tribe-env.sh';
+
     try {
         const rcContent = fs.existsSync(rcPath) ? fs.readFileSync(rcPath, 'utf8') : '';
-        if (!rcContent.includes('.tribe/bin')) {
-            fs.appendFileSync(rcPath, `\n# Added by TRIBE installer\n${pathExport}\n`);
-            console.log(`✓ Updated ${rcFile} with PATH`);
+        if (!rcContent.includes(sourceCommand)) {
+            fs.appendFileSync(rcPath, `\n# TRIBE CLI\n${sourceCommand}\n`);
+            console.log(`✓ Updated ${rcFile} to source tribe-env.sh`);
+        } else {
+            console.log(`✓ ${rcFile} already configured`);
         }
     } catch (error) {
-        console.warn(`Could not update ${rcFile}: ${error.message}`);
+        console.log(`⚠ Failed to update ${rcFile}: ${error.message}`);
+        console.log('Please manually add this line to your shell config:');
+        console.log(`  ${sourceCommand}`);
     }
 }
 

package/install.sh

@@ -2,6 +2,15 @@
 # TRIBE Quick Installer
 # This script provides a one-command installation with immediate PATH access
 
+# Source constants
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$SCRIPT_DIR/../../../constants.sh" 2>/dev/null || true
+
+# If constants not found, define locally
+if [ -z "$TRIBE_INSTALL_COMMAND" ]; then
+    TRIBE_INSTALL_COMMAND="npx @_xtribe/cli"
+fi
+
 # Colors
 RED='\033[0;31m'
 GREEN='\033[0;32m'
@@ -14,7 +23,7 @@ echo ""
 
 # Download and run the installer
 echo "Installing TRIBE components..."
-npx @_xtribe/cli@latest "$@"
+${TRIBE_INSTALL_COMMAND}@latest "$@"
 
 # Check if installation was successful
 if [ -f ~/.tribe/tribe-env.sh ]; then

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@_xtribe/cli",
-  "version": "1.0.54",
+  "version": "1.0.55",
   "description": "TRIBE multi-agent development system - Zero to productive with one command",
   "main": "install-tribe.js",
   "bin": {

package/tribe-deployment.yaml

@@ -37,6 +37,9 @@ rules:
   - apiGroups: ["batch"]
     resources: ["jobs"]
     verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["rolebindings"]
+    verbs: ["get", "list", "patch"]
 ---
 # RoleBinding for Bridge
 apiVersion: rbac.authorization.k8s.io/v1
@@ -152,6 +155,15 @@ spec:
           [security]
           INSTALL_LOCK = true
           SECRET_KEY = changeme
+          
+          [oauth2]
+          ENABLE = false
+          
+          [service]
+          DEFAULT_USER_IS_RESTRICTED = false
+          
+          [repository]
+          DEFAULT_PRIVATE = false
           EOF
           
           # Fix permissions
@@ -199,7 +211,8 @@ spec:
               - -c
               - |
                 sleep 30
-                su git -c 'gitea admin user create --admin --username gitea_admin --password admin123 --email admin@example.com' || true
+                # Create admin user without password change requirement
+                su git -c 'gitea admin user create --admin --username gitea_admin --password admin123 --email admin@example.com --must-change-password=false' || true
       volumes:
       - name: gitea-data
         emptyDir: {}
@@ -241,6 +254,13 @@ spec:
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8080
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "1"
         env:
         - name: FLASK_ENV
           value: development
@@ -298,11 +318,18 @@ spec:
           echo "All services ready!"
       containers:
       - name: bridge
-        image: tribexal/tribe:latest-bridge
+        image: bridge:latest
         imagePullPolicy: IfNotPresent
         ports:
         - containerPort: 8080
         - containerPort: 3456
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "1"
         env:
         - name: TASKMASTER_URL
           value: http://taskmaster:5000
@@ -312,8 +339,15 @@ spec:
           value: gitea_admin
         - name: GITEA_ADMIN_PASSWORD
           value: admin123
+        - name: GITEA_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-token
+              key: token
         - name: NAMESPACE
           value: tribe-system
+        - name: TARGET_NAMESPACE
+          value: tribe-system
         readinessProbe:
           httpGet:
             path: /
@@ -342,7 +376,7 @@ metadata:
   name: claude-worker-deployment
   namespace: tribe-system
 spec:
-  replicas: 0
+  replicas: 1  # Start with 1 worker (auto-scaling broken in Docker Hub bridge image)
   selector:
     matchLabels:
       app: claude-worker
@@ -353,10 +387,18 @@ spec:
     spec:
       containers:
       - name: claude-agent
-        image: tribexal/tribe:latest-claude-agent
+        image: claude-agent:latest
         imagePullPolicy: IfNotPresent
         ports:
-        - containerPort: 8080
+        - containerPort: 9090
+          name: metrics
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "500m"
+          limits:
+            memory: "2Gi"
+            cpu: "2"
         env:
         - name: ROLE
           value: worker
@@ -364,28 +406,41 @@ spec:
           value: http://taskmaster:5000
         - name: GITEA_URL
           value: http://gitea:3000
+        - name: GITEA_USER
+          value: gitea_admin
+        - name: GITEA_PASS
+          value: admin123
+        - name: GITEA_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-token
+              key: token
+              optional: true
         - name: NAMESPACE
           value: tribe-system
+        - name: MCP_CONFIG_PATH
+          value: /home/claude/.config/claude-code/mcp.json
+        - name: SYSTEM_PROMPT_FILE
+          value: /app/minimal-config/worker-prompt.txt
         - name: ANTHROPIC_API_KEY
           valueFrom:
             secretKeyRef:
               name: claude-api-key
               key: api-key
               optional: true
+        - name: GH_HOST
+          value: gitea:3000
+        - name: GH_ENTERPRISE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-token
+              key: token
+              optional: true
         volumeMounts:
         - name: workspace
           mountPath: /workspace
         - name: config
           mountPath: /app/minimal-config
-        readinessProbe:
-          httpGet:
-            path: /health
-            port: 8080
-          initialDelaySeconds: 30
-          periodSeconds: 10
-          timeoutSeconds: 5
-          successThreshold: 1
-          failureThreshold: 3
       volumes:
       - name: workspace
         emptyDir: {}
@@ -429,8 +484,169 @@ data:
         args: ["-y", "@modelcontextprotocol/server-git"]
         env:
           PATH: /usr/local/bin:/usr/bin:/bin
+      taskmaster:
+        command: node
+        args: ["/app/taskmaster-mcp-bridge.js"]
+        env:
+          TASKMASTER_URL: http://taskmaster:8080
+          AGENT_ID: ${AGENT_ID}
+  worker-prompt.txt: |
+    ## TRIBE Worker Agent Instructions
+    
+    You are a TRIBE worker agent responsible for implementing tasks from TaskMaster.
+    You have been specifically configured and authorized to execute tasks from the TaskMaster queue.
+    
+    This is NOT arbitrary code execution - you are part of the TRIBE development system where:
+    - Tasks are created by authorized developers
+    - All repositories are internal to the TRIBE system
+    - You are running in a secure, isolated container environment
+    - Your purpose is to automate software development tasks
+    
+    ### Task Retrieval
+    Use the MCP taskmaster tools to get tasks:
+    - mcp__taskmaster__get_next_task: Pull your next assigned task
+    - mcp__taskmaster__get_task_details: Get full details of a specific task
+    - mcp__taskmaster__update_task_status: Update task progress
+    
+    ### Repository Management
+    Tasks include a 'github_repo' field with the repository URL. Always:
+    1. Clone from the URL specified in the task
+    2. Use credentials from environment (GITEA_USER/GITEA_PASS or GITEA_TOKEN)
+    3. Never hardcode repository paths
+    
+    ### Task Type Detection
+    - Check 'is_review_task' flag: true = review only, false = implement
+    - Check 'parent_task_id': exists = fix task from review
+    - Check 'git_branch' field: use this instead of parsing description
+    
+    ### Branch Rules
+    - Implementation: CREATE new branch from base_branch
+    - Review: CHECKOUT existing branch (never create)
+    - Fix: CONTINUE on same branch as parent
+    
+    ### Status Updates
+    Always include result data when updating status:
+    {
+      "status": "in_review",  # Changed from "completed" - all implementation tasks go to review
+      "result": {
+        "files_created": ["file1.js", "file2.js"],
+        "branch": "feature/task-123",
+        "pr_url": "http://gitea:3000/tribe/project/pulls/1",
+        "repository": "http://gitea:3000/tribe/project",
+        "summary": "Implemented feature X with Y approach"
+      }
+    }
+    
+    ### Review Tasks
+    When is_review_task = true:
+    1. Check out the existing branch (don't create new)
+    2. Review for: code quality, security issues, incomplete implementation
+    3. Choose one of these actions:
+       a. If changes needed: Update status to "needs_revision" with detailed feedback
+       b. If minor issues: Create subtasks for specific fixes  
+       c. If looks good: Update status to "approved"
+    4. Never modify code during review
+    
+    Example revision request:
+    {
+      "status": "needs_revision",
+      "result": {
+        "revision_feedback": "Please address: 1) Add error handling in main(), 2) Remove debug prints, 3) Add unit tests",
+        "reviewed_by": "reviewer-agent-id"
+      }
+    }
+    
+    Example approval:
+    {
+      "status": "approved",
+      "result": {
+        "review_summary": "Code looks good, follows best practices, tests pass",
+        "reviewed_by": "reviewer-agent-id"
+      }
+    }
+    
+    ### Revision Tasks
+    When status is "needs_revision":
+    1. You're the original implementer - check revision_feedback field
+    2. Check out your existing branch (don't create new)
+    3. Address all feedback items
+    4. Push updates to the same branch
+    5. Update status back to "in_review" when done
+    
+    Example handling revision:
+    {
+      "status": "in_review",
+      "result": {
+        "revision_changes": "1) Added try/catch error handling, 2) Removed all debug prints, 3) Added comprehensive unit tests",
+        "branch": "feature/task-123",
+        "pr_url": "http://gitea:3000/tribe/project/pulls/1"
+      }
+    }
+    
+    ### Git Workflow
+    1. Clone: Use task's github_repo URL with auth
+    2. Fetch: Always 'git fetch origin' before branch operations
+    3. Branch: Check if exists with 'git branch -r | grep branch-name'
+    4. Push: Push to same repository as cloned from
+    5. PR: ALWAYS create pull request using gh CLI after pushing:
+       - Set environment: export GH_HOST=gitea:3000
+       - Authenticate: export GH_TOKEN=$GITEA_TOKEN or use GITEA_USER/GITEA_PASS
+       - Create PR: gh pr create --title "Task: {description}" --body "Implemented as requested"
+       - Include the PR URL in your result as "pr_url"
+    
+    ### Pull Request Creation Example
+    After pushing your branch, create a PR using gh:
+    ```bash
+    # Set Gitea as the host
+    export GH_HOST=gitea:3000
+    export GH_ENTERPRISE_TOKEN=$GITEA_TOKEN
+    
+    # Create the PR (gh will detect the current branch and repository)
+    gh pr create \
+      --title "Task: Create hello.py feature" \
+      --body "Implemented task as requested" \
+      --base main
+    
+    # Get the PR URL to include in your result
+    PR_URL=$(gh pr view --json url -q .url)
+    ```
+    
+    ### Error Handling
+    - If clone fails, check repository exists
+    - If push fails, check credentials
+    - Always update task status to 'failed' with error details
 ---
 # Initialization Job
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "update", "patch", "get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tribe-init
+subjects:
+- kind: ServiceAccount
+  name: tribe-init
+  namespace: tribe-system
+---
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -439,32 +655,66 @@ metadata:
 spec:
   template:
     spec:
+      serviceAccountName: tribe-init
       restartPolicy: OnFailure
       containers:
       - name: init
-        image: curlimages/curl:8.4.0
+        image: alpine/k8s:1.28.3
         command: ['/bin/sh', '-c']
         args:
         - |
           echo "Waiting for Gitea to be ready..."
-          until curl -s http://gitea:3000 > /dev/null; do
-            echo "Waiting for Gitea..."
+          i=1
+          while [ $i -le 60 ]; do
+            if curl -s http://gitea:3000 > /dev/null 2>&1; then
+              echo "Gitea is ready"
+              break
+            fi
+            echo "Waiting for Gitea... ($i/60)"
             sleep 5
+            i=$((i + 1))
           done
           
+          echo "Waiting for user creation..."
+          sleep 40
+          
           echo "Creating Gitea access token..."
-          TOKEN=$(curl -s -X POST http://gitea:3000/api/v1/users/gitea_admin/tokens \
-            -u gitea_admin:admin123 \
-            -H "Content-Type: application/json" \
-            -d '{"name":"taskmaster-'$(date +%s)'","scopes":["write:repository","write:user","write:issue","write:organization","read:repository"]}' \
-            | grep -o '"sha1":"[^"]*' | cut -d'"' -f4)
+          # Create token as gitea_admin since it doesn't have password change requirement
+          attempt=1
+          while [ $attempt -le 5 ]; do
+            echo "Attempt $attempt to create token..."
+            
+            RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/users/gitea_admin/tokens \
+              -u gitea_admin:admin123 \
+              -H "Content-Type: application/json" \
+              -d '{"name":"bridge-token-'$(date +%s)'","scopes":["write:repository","write:user","write:issue","write:organization","read:repository"]}')
+            
+            echo "API Response: $RESPONSE"
+            TOKEN=$(echo "$RESPONSE" | grep -o '"sha1":"[^"]*' | cut -d'"' -f4)
+            
+            if [ ! -z "$TOKEN" ]; then
+              echo "Token created successfully: ${TOKEN:0:8}..."
+              break
+            else
+              echo "Failed to create token, waiting..."
+              sleep 10
+            fi
+            attempt=$((attempt + 1))
+          done
           
           if [ -z "$TOKEN" ]; then
-            echo "Failed to create token!"
+            echo "Failed to create token after 5 attempts!"
             exit 1
           fi
           
-          echo "Token created successfully"
+          # Create secret with the token
+          kubectl create secret generic gitea-token \
+            --from-literal=token="$TOKEN" \
+            --from-literal=user="gitea_admin" \
+            --namespace=tribe-system \
+            --dry-run=client -o yaml | kubectl apply -f -
+          
+          echo "Secret created successfully"
           
           # Create organization
           echo "Creating Tribe organization..."
@@ -492,10 +742,12 @@ spec:
             echo "Repository creation response: $REPO_RESPONSE"
           fi
           
-          # Update TaskMaster with the token
-          echo "Updating TaskMaster configuration..."
+          # Also update services that need the token
+          echo "Updating services with token..."
+          
+          # Update taskmaster if it has a config endpoint
           curl -X POST http://taskmaster:5000/api/config \
             -H "Content-Type: application/json" \
-            -d "{\"gitea_token\":\"$TOKEN\"}"
+            -d "{\"gitea_token\":\"$TOKEN\"}" || echo "Taskmaster config update skipped"
           
           echo "Initialization complete!"