@_xtribe/cli 2.0.1 → 2.0.3

package/tribe-deployment.yaml

@@ -1,753 +0,0 @@
----
-# TRIBE Complete Deployment - Bundled with NPM Package
-# This file is automatically deployed by 'npx @_xtribe/cli'
-#
-# IMPORTANT: This deployment uses PUBLIC Docker Hub images from tribexal/tribe
-# - tribexal/tribe:latest-taskmaster
-# - tribexal/tribe:latest-bridge
-# - tribexal/tribe:latest-claude-agent
-#
-# DO NOT change these to local image names for the npm package!
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: tribe-system
----
-# ServiceAccount for Bridge
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: bridge
-  namespace: tribe-system
----
-# Role for Bridge
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: bridge-role
-  namespace: tribe-system
-rules:
-  - apiGroups: [""]
-    resources: ["pods", "services", "pods/exec", "pods/log", "configmaps", "secrets", "namespaces"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: ["apps"]
-    resources: ["deployments", "replicasets"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: ["batch"]
-    resources: ["jobs"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: ["rbac.authorization.k8s.io"]
-    resources: ["rolebindings"]
-    verbs: ["get", "list", "patch"]
----
-# RoleBinding for Bridge
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: bridge-rolebinding
-  namespace: tribe-system
-subjects:
-  - kind: ServiceAccount
-    name: bridge
-    namespace: tribe-system
-roleRef:
-  kind: Role
-  name: bridge-role
-  apiGroup: rbac.authorization.k8s.io
----
-# PostgreSQL
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: postgres
-  namespace: tribe-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: postgres
-  template:
-    metadata:
-      labels:
-        app: postgres
-    spec:
-      containers:
-      - name: postgres
-        image: postgres:15
-        env:
-        - name: POSTGRES_DB
-          value: gitea
-        - name: POSTGRES_USER
-          value: gitea
-        - name: POSTGRES_PASSWORD
-          value: gitea
-        ports:
-        - containerPort: 5432
-        readinessProbe:
-          exec:
-            command:
-            - pg_isready
-            - -U
-            - gitea
-          initialDelaySeconds: 5
-          periodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: postgres
-  namespace: tribe-system
-spec:
-  selector:
-    app: postgres
-  ports:
-  - port: 5432
----
-# Gitea
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: gitea
-  namespace: tribe-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: gitea
-  template:
-    metadata:
-      labels:
-        app: gitea
-    spec:
-      securityContext:
-        fsGroup: 1000
-      initContainers:
-      - name: wait-for-db
-        image: busybox:1.35
-        command: ['sh', '-c', 'until nc -z postgres 5432; do echo waiting for db; sleep 2; done']
-      - name: init-gitea
-        image: gitea/gitea:1.20.5
-        command: ['/bin/bash', '-c']
-        args:
-        - |
-          # Create app.ini
-          mkdir -p /data/gitea/conf
-          cat > /data/gitea/conf/app.ini << 'EOF'
-          APP_NAME = Gitea
-          RUN_MODE = prod
-          
-          [database]
-          DB_TYPE = postgres
-          HOST = postgres:5432
-          NAME = gitea
-          USER = gitea
-          PASSWD = gitea
-          
-          [server]
-          DOMAIN = gitea
-          ROOT_URL = http://gitea:3000/
-          HTTP_PORT = 3000
-          
-          [service]
-          DISABLE_REGISTRATION = true
-          
-          [security]
-          INSTALL_LOCK = true
-          SECRET_KEY = changeme
-          
-          [oauth2]
-          ENABLE = false
-          
-          [service]
-          DEFAULT_USER_IS_RESTRICTED = false
-          
-          [repository]
-          DEFAULT_PRIVATE = false
-          EOF
-          
-          # Fix permissions
-          chown -R 1000:1000 /data
-        env:
-        - name: USER_UID
-          value: "1000"
-        - name: USER_GID
-          value: "1000"
-        - name: GITEA_WORK_DIR
-          value: /data
-        - name: GITEA_CUSTOM
-          value: /data/gitea
-        volumeMounts:
-        - name: gitea-data
-          mountPath: /data
-      containers:
-      - name: gitea
-        image: gitea/gitea:1.20.5
-        ports:
-        - containerPort: 3000
-        env:
-        - name: USER_UID
-          value: "1000"
-        - name: USER_GID
-          value: "1000"
-        - name: GITEA_WORK_DIR
-          value: /data
-        - name: GITEA_CUSTOM
-          value: /data/gitea
-        volumeMounts:
-        - name: gitea-data
-          mountPath: /data
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 3000
-          initialDelaySeconds: 30
-          periodSeconds: 10
-        lifecycle:
-          postStart:
-            exec:
-              command:
-              - /bin/bash
-              - -c
-              - |
-                sleep 30
-                # Create admin user without password change requirement
-                su git -c 'gitea admin user create --admin --username gitea_admin --password admin123 --email admin@example.com --must-change-password=false' || true
-      volumes:
-      - name: gitea-data
-        emptyDir: {}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: gitea
-  namespace: tribe-system
-spec:
-  selector:
-    app: gitea
-  ports:
-  - port: 3000
----
-# TaskMaster
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: taskmaster
-  namespace: tribe-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: taskmaster
-  template:
-    metadata:
-      labels:
-        app: taskmaster
-    spec:
-      initContainers:
-      - name: wait-for-db
-        image: busybox:1.35
-        command: ['sh', '-c', 'until nc -z postgres 5432; do echo waiting for db; sleep 2; done']
-      containers:
-      - name: taskmaster
-        image: tribexal/tribe:latest-taskmaster
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 8080
-        resources:
-          requests:
-            memory: "256Mi"
-            cpu: "250m"
-          limits:
-            memory: "1Gi"
-            cpu: "1"
-        env:
-        - name: FLASK_ENV
-          value: development
-        - name: DATABASE_URL
-          value: postgresql://gitea:gitea@postgres:5432/gitea
-        - name: GITEA_URL
-          value: http://gitea:3000
-        - name: GITEA_TOKEN
-          value: will-be-set-by-init-job
-        readinessProbe:
-          httpGet:
-            path: /health
-            port: 8080
-          initialDelaySeconds: 10
-          periodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: taskmaster
-  namespace: tribe-system
-spec:
-  selector:
-    app: taskmaster
-  ports:
-  - port: 5000
-    targetPort: 8080
----
-# Bridge
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: bridge
-  namespace: tribe-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: bridge
-  template:
-    metadata:
-      labels:
-        app: bridge
-    spec:
-      serviceAccountName: bridge
-      initContainers:
-      - name: wait-for-services
-        image: busybox:1.35
-        command: ['sh', '-c']
-        args:
-        - |
-          echo "Waiting for services..."
-          until nc -z taskmaster 8080; do echo waiting for taskmaster; sleep 2; done
-          until nc -z gitea 3000; do echo waiting for gitea; sleep 2; done
-          echo "All services ready!"
-      containers:
-      - name: bridge
-        image: bridge:latest
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 8080
-        - containerPort: 3456
-        resources:
-          requests:
-            memory: "256Mi"
-            cpu: "250m"
-          limits:
-            memory: "1Gi"
-            cpu: "1"
-        env:
-        - name: TASKMASTER_URL
-          value: http://taskmaster:8080
-        - name: GITEA_URL
-          value: http://gitea:3000
-        - name: GITEA_ADMIN_USER
-          value: gitea_admin
-        - name: GITEA_ADMIN_PASSWORD
-          value: admin123
-        - name: GITEA_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: gitea-token
-              key: token
-        - name: NAMESPACE
-          value: tribe-system
-        - name: TARGET_NAMESPACE
-          value: tribe-system
-        readinessProbe:
-          httpGet:
-            path: /
-            port: 3456
-          initialDelaySeconds: 10
-          periodSeconds: 5
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: bridge
-  namespace: tribe-system
-spec:
-  selector:
-    app: bridge
-  ports:
-  - name: http
-    port: 8080
-  - name: websocket
-    port: 3456
----
-# Claude Worker Deployment (starts with 0 replicas)
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: claude-worker-deployment
-  namespace: tribe-system
-spec:
-  replicas: 1  # Start with 1 worker (auto-scaling broken in Docker Hub bridge image)
-  selector:
-    matchLabels:
-      app: claude-worker
-  template:
-    metadata:
-      labels:
-        app: claude-worker
-    spec:
-      containers:
-      - name: claude-agent
-        image: claude-agent:authenticated
-        imagePullPolicy: IfNotPresent
-        ports:
-        - containerPort: 9090
-          name: metrics
-        resources:
-          requests:
-            memory: "512Mi"
-            cpu: "500m"
-          limits:
-            memory: "2Gi"
-            cpu: "2"
-        env:
-        - name: ROLE
-          value: worker
-        - name: TASKMASTER_URL
-          value: http://taskmaster:8080
-        - name: GITEA_URL
-          value: http://gitea:3000
-        - name: GITEA_USER
-          value: gitea_admin
-        - name: GITEA_PASS
-          value: admin123
-        - name: GITEA_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: gitea-token
-              key: token
-              optional: true
-        - name: NAMESPACE
-          value: tribe-system
-        - name: MCP_CONFIG_PATH
-          value: /home/claude/.config/claude-code/mcp.json
-        - name: SYSTEM_PROMPT_FILE
-          value: /app/minimal-config/worker-prompt.txt
-        - name: ANTHROPIC_API_KEY
-          valueFrom:
-            secretKeyRef:
-              name: claude-api-key
-              key: api-key
-              optional: true
-        - name: GH_HOST
-          value: gitea:3000
-        - name: GH_ENTERPRISE_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: gitea-token
-              key: token
-              optional: true
-        volumeMounts:
-        - name: workspace
-          mountPath: /workspace
-        - name: config
-          mountPath: /app/minimal-config
-      volumes:
-      - name: workspace
-        emptyDir: {}
-      - name: config
-        configMap:
-          name: claude-config
-          optional: true
----
-# NodePort service for easy access
-apiVersion: v1
-kind: Service
-metadata:
-  name: bridge-nodeport
-  namespace: tribe-system
-spec:
-  type: NodePort
-  selector:
-    app: bridge
-  ports:
-  - name: http
-    port: 8080
-    nodePort: 30080
-  - name: websocket
-    port: 3456
-    nodePort: 30456
----
-# ConfigMap for Claude agent configuration
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: claude-config
-  namespace: tribe-system
-data:
-  config.yaml: |
-    mcp_servers:
-      filesystem:
-        command: npx
-        args: ["-y", "@modelcontextprotocol/server-filesystem", "/workspace"]
-      git:
-        command: npx
-        args: ["-y", "@modelcontextprotocol/server-git"]
-        env:
-          PATH: /usr/local/bin:/usr/bin:/bin
-      taskmaster:
-        command: node
-        args: ["/app/taskmaster-mcp-bridge.js"]
-        env:
-          TASKMASTER_URL: http://taskmaster:8080
-          AGENT_ID: ${AGENT_ID}
-  worker-prompt.txt: |
-    ## TRIBE Worker Agent Instructions
-    
-    You are a TRIBE worker agent responsible for implementing tasks from TaskMaster.
-    You have been specifically configured and authorized to execute tasks from the TaskMaster queue.
-    
-    This is NOT arbitrary code execution - you are part of the TRIBE development system where:
-    - Tasks are created by authorized developers
-    - All repositories are internal to the TRIBE system
-    - You are running in a secure, isolated container environment
-    - Your purpose is to automate software development tasks
-    
-    ### Task Retrieval
-    Use the MCP taskmaster tools to get tasks:
-    - mcp__taskmaster__get_next_task: Pull your next assigned task
-    - mcp__taskmaster__get_task_details: Get full details of a specific task
-    - mcp__taskmaster__update_task_status: Update task progress
-    
-    ### Repository Management
-    Tasks include a 'github_repo' field with the repository URL. Always:
-    1. Clone from the URL specified in the task
-    2. Use credentials from environment (GITEA_USER/GITEA_PASS or GITEA_TOKEN)
-    3. Never hardcode repository paths
-    
-    ### Task Type Detection
-    - Check 'is_review_task' flag: true = review only, false = implement
-    - Check 'parent_task_id': exists = fix task from review
-    - Check 'git_branch' field: use this instead of parsing description
-    
-    ### Branch Rules
-    - Implementation: CREATE new branch from base_branch
-    - Review: CHECKOUT existing branch (never create)
-    - Fix: CONTINUE on same branch as parent
-    
-    ### Status Updates
-    Always include result data when updating status:
-    {
-      "status": "in_review",  # Changed from "completed" - all implementation tasks go to review
-      "result": {
-        "files_created": ["file1.js", "file2.js"],
-        "branch": "feature/task-123",
-        "pr_url": "http://gitea:3000/tribe/project/pulls/1",
-        "repository": "http://gitea:3000/tribe/project",
-        "summary": "Implemented feature X with Y approach"
-      }
-    }
-    
-    ### Review Tasks
-    When is_review_task = true:
-    1. Check out the existing branch (don't create new)
-    2. Review for: code quality, security issues, incomplete implementation
-    3. Choose one of these actions:
-       a. If changes needed: Update status to "needs_revision" with detailed feedback
-       b. If minor issues: Create subtasks for specific fixes  
-       c. If looks good: Update status to "approved"
-    4. Never modify code during review
-    
-    Example revision request:
-    {
-      "status": "needs_revision",
-      "result": {
-        "revision_feedback": "Please address: 1) Add error handling in main(), 2) Remove debug prints, 3) Add unit tests",
-        "reviewed_by": "reviewer-agent-id"
-      }
-    }
-    
-    Example approval:
-    {
-      "status": "approved",
-      "result": {
-        "review_summary": "Code looks good, follows best practices, tests pass",
-        "reviewed_by": "reviewer-agent-id"
-      }
-    }
-    
-    ### Revision Tasks
-    When status is "needs_revision":
-    1. You're the original implementer - check revision_feedback field
-    2. Check out your existing branch (don't create new)
-    3. Address all feedback items
-    4. Push updates to the same branch
-    5. Update status back to "in_review" when done
-    
-    Example handling revision:
-    {
-      "status": "in_review",
-      "result": {
-        "revision_changes": "1) Added try/catch error handling, 2) Removed all debug prints, 3) Added comprehensive unit tests",
-        "branch": "feature/task-123",
-        "pr_url": "http://gitea:3000/tribe/project/pulls/1"
-      }
-    }
-    
-    ### Git Workflow
-    1. Clone: Use task's github_repo URL with auth
-    2. Fetch: Always 'git fetch origin' before branch operations
-    3. Branch: Check if exists with 'git branch -r | grep branch-name'
-    4. Push: Push to same repository as cloned from
-    5. PR: ALWAYS create pull request using gh CLI after pushing:
-       - Set environment: export GH_HOST=gitea:3000
-       - Authenticate: export GH_TOKEN=$GITEA_TOKEN or use GITEA_USER/GITEA_PASS
-       - Create PR: gh pr create --title "Task: {description}" --body "Implemented as requested"
-       - Include the PR URL in your result as "pr_url"
-    
-    ### Pull Request Creation Example
-    After pushing your branch, create a PR using gh:
-    ```bash
-    # Set Gitea as the host
-    export GH_HOST=gitea:3000
-    export GH_ENTERPRISE_TOKEN=$GITEA_TOKEN
-    
-    # Create the PR (gh will detect the current branch and repository)
-    gh pr create \
-      --title "Task: Create hello.py feature" \
-      --body "Implemented task as requested" \
-      --base main
-    
-    # Get the PR URL to include in your result
-    PR_URL=$(gh pr view --json url -q .url)
-    ```
-    
-    ### Error Handling
-    - If clone fails, check repository exists
-    - If push fails, check credentials
-    - Always update task status to 'failed' with error details
----
-# Initialization Job
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: tribe-init
-  namespace: tribe-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: tribe-init
-  namespace: tribe-system
-rules:
-- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["create", "update", "patch", "get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: tribe-init
-  namespace: tribe-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: tribe-init
-subjects:
-- kind: ServiceAccount
-  name: tribe-init
-  namespace: tribe-system
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: tribe-init
-  namespace: tribe-system
-spec:
-  template:
-    spec:
-      serviceAccountName: tribe-init
-      restartPolicy: OnFailure
-      containers:
-      - name: init
-        image: alpine/k8s:1.28.3
-        command: ['/bin/sh', '-c']
-        args:
-        - |
-          echo "Waiting for Gitea to be ready..."
-          i=1
-          while [ $i -le 60 ]; do
-            if curl -s http://gitea:3000 > /dev/null 2>&1; then
-              echo "Gitea is ready"
-              break
-            fi
-            echo "Waiting for Gitea... ($i/60)"
-            sleep 5
-            i=$((i + 1))
-          done
-          
-          echo "Waiting for user creation..."
-          sleep 40
-          
-          echo "Creating Gitea access token..."
-          # Create token as gitea_admin since it doesn't have password change requirement
-          attempt=1
-          while [ $attempt -le 5 ]; do
-            echo "Attempt $attempt to create token..."
-            
-            RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/users/gitea_admin/tokens \
-              -u gitea_admin:admin123 \
-              -H "Content-Type: application/json" \
-              -d '{"name":"bridge-token-'$(date +%s)'","scopes":["write:repository","write:user","write:issue","write:organization","read:repository"]}')
-            
-            echo "API Response: $RESPONSE"
-            TOKEN=$(echo "$RESPONSE" | grep -o '"sha1":"[^"]*' | cut -d'"' -f4)
-            
-            if [ ! -z "$TOKEN" ]; then
-              echo "Token created successfully: ${TOKEN:0:8}..."
-              break
-            else
-              echo "Failed to create token, waiting..."
-              sleep 10
-            fi
-            attempt=$((attempt + 1))
-          done
-          
-          if [ -z "$TOKEN" ]; then
-            echo "Failed to create token after 5 attempts!"
-            exit 1
-          fi
-          
-          # Create secret with the token
-          kubectl create secret generic gitea-token \
-            --from-literal=token="$TOKEN" \
-            --from-literal=user="gitea_admin" \
-            --namespace=tribe-system \
-            --dry-run=client -o yaml | kubectl apply -f -
-          
-          echo "Secret created successfully"
-          
-          # Create organization
-          echo "Creating Tribe organization..."
-          ORG_RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/orgs \
-            -H "Authorization: token $TOKEN" \
-            -H "Content-Type: application/json" \
-            -d '{"username": "tribe", "full_name": "Tribe Organization", "description": "Default organization for Tribe"}')
-          
-          if echo "$ORG_RESPONSE" | grep -q '"id"'; then
-            echo "Organization created successfully"
-          else
-            echo "Organization creation response: $ORG_RESPONSE"
-          fi
-          
-          # Create project repository
-          echo "Creating project repository..."
-          REPO_RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/orgs/tribe/repos \
-            -H "Authorization: token $TOKEN" \
-            -H "Content-Type: application/json" \
-            -d '{"name": "project", "description": "Default project repository", "private": false, "auto_init": true}')
-          
-          if echo "$REPO_RESPONSE" | grep -q '"id"'; then
-            echo "Repository created successfully"
-          else
-            echo "Repository creation response: $REPO_RESPONSE"
-          fi
-          
-          # Also update services that need the token
-          echo "Updating services with token..."
-          
-          # Update taskmaster if it has a config endpoint
-          curl -X POST http://taskmaster:8080/api/config \
-            -H "Content-Type: application/json" \
-            -d "{\"gitea_token\":\"$TOKEN\"}" || echo "Taskmaster config update skipped"
-          
-          echo "Initialization complete!"