@_xtribe/cli 2.0.3 → 2.0.5

package/tribe-deployment.yaml

@@ -0,0 +1,761 @@
+---
+# TRIBE Complete Deployment - Bundled with NPM Package
+# This file is automatically deployed by 'npx @_xtribe/cli'
+#
+# IMPORTANT: This deployment uses PUBLIC Docker Hub images from tribexal/tribe
+# - tribexal/tribe:latest-taskmaster
+# - tribexal/tribe:latest-bridge
+# - tribexal/tribe:latest-claude-agent
+#
+# DO NOT change these to local image names for the npm package!
+# ⚠️ CRITICAL WARNING: DATA PROTECTION ⚠️
+# BEFORE APPLYING THIS MANIFEST:
+# 1. Run: /Users/almorris/TRIBE/0zen/scripts/data-safety-check.sh
+# 2. Check for existing PVCs: kubectl get pvc -n tribe-system
+# 3. NEVER delete PVCs - they contain your data!
+# 
+# This manifest will CREATE resources if they don't exist
+# or UPDATE them if they do. PVCs are NEVER deleted.
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tribe-system
+---
+# ServiceAccount for Bridge
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: bridge
+  namespace: tribe-system
+---
+# Role for Bridge
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: bridge-role
+  namespace: tribe-system
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "services", "pods/exec", "pods/log", "configmaps", "secrets", "namespaces"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: ["apps"]
+    resources: ["deployments", "replicasets"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: ["batch"]
+    resources: ["jobs"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["rolebindings"]
+    verbs: ["get", "list", "patch"]
+---
+# RoleBinding for Bridge
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: bridge-rolebinding
+  namespace: tribe-system
+subjects:
+  - kind: ServiceAccount
+    name: bridge
+    namespace: tribe-system
+roleRef:
+  kind: Role
+  name: bridge-role
+  apiGroup: rbac.authorization.k8s.io
+---
+# PostgreSQL
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  namespace: tribe-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      containers:
+      - name: postgres
+        image: postgres:15
+        env:
+        - name: POSTGRES_DB
+          value: gitea
+        - name: POSTGRES_USER
+          value: gitea
+        - name: POSTGRES_PASSWORD
+          value: gitea
+        ports:
+        - containerPort: 5432
+        readinessProbe:
+          exec:
+            command:
+            - pg_isready
+            - -U
+            - gitea
+          initialDelaySeconds: 5
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: tribe-system
+spec:
+  selector:
+    app: postgres
+  ports:
+  - port: 5432
+---
+# Gitea
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: tribe-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        app: gitea
+    spec:
+      securityContext:
+        fsGroup: 1000
+      initContainers:
+      - name: wait-for-db
+        image: busybox:1.35
+        command: ['sh', '-c', 'until nc -z postgres 5432; do echo waiting for db; sleep 2; done']
+      - name: init-gitea
+        image: gitea/gitea:1.20.5
+        command: ['/bin/bash', '-c']
+        args:
+        - |
+          # Create app.ini
+          mkdir -p /data/gitea/conf
+          cat > /data/gitea/conf/app.ini << 'EOF'
+          APP_NAME = Gitea
+          RUN_MODE = prod
+          
+          [database]
+          DB_TYPE = postgres
+          HOST = postgres:5432
+          NAME = gitea
+          USER = gitea
+          PASSWD = gitea
+          
+          [server]
+          DOMAIN = gitea
+          ROOT_URL = http://gitea:3000/
+          HTTP_PORT = 3000
+          
+          [service]
+          DISABLE_REGISTRATION = true
+          
+          [security]
+          INSTALL_LOCK = true
+          SECRET_KEY = changeme
+          
+          [oauth2]
+          ENABLE = false
+          
+          [service]
+          DEFAULT_USER_IS_RESTRICTED = false
+          
+          [repository]
+          DEFAULT_PRIVATE = false
+          EOF
+          
+          # Fix permissions
+          chown -R 1000:1000 /data
+        env:
+        - name: USER_UID
+          value: "1000"
+        - name: USER_GID
+          value: "1000"
+        - name: GITEA_WORK_DIR
+          value: /data
+        - name: GITEA_CUSTOM
+          value: /data/gitea
+        volumeMounts:
+        - name: gitea-data
+          mountPath: /data
+      containers:
+      - name: gitea
+        image: gitea/gitea:1.20.5
+        ports:
+        - containerPort: 3000
+        env:
+        - name: USER_UID
+          value: "1000"
+        - name: USER_GID
+          value: "1000"
+        - name: GITEA_WORK_DIR
+          value: /data
+        - name: GITEA_CUSTOM
+          value: /data/gitea
+        volumeMounts:
+        - name: gitea-data
+          mountPath: /data
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 3000
+          initialDelaySeconds: 30
+          periodSeconds: 10
+        lifecycle:
+          postStart:
+            exec:
+              command:
+              - /bin/bash
+              - -c
+              - |
+                sleep 30
+                # Create admin user without password change requirement
+                su git -c 'gitea admin user create --admin --username gitea_admin --password admin123 --email admin@example.com --must-change-password=false' || true
+      volumes:
+      - name: gitea-data
+        emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+  namespace: tribe-system
+spec:
+  selector:
+    app: gitea
+  ports:
+  - port: 3000
+---
+# TaskMaster
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: taskmaster
+  namespace: tribe-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: taskmaster
+  template:
+    metadata:
+      labels:
+        app: taskmaster
+    spec:
+      initContainers:
+      - name: wait-for-db
+        image: busybox:1.35
+        command: ['sh', '-c', 'until nc -z postgres 5432; do echo waiting for db; sleep 2; done']
+      containers:
+      - name: taskmaster
+        image: tribexal/tribe:latest-taskmaster
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8080
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "1"
+        env:
+        - name: FLASK_ENV
+          value: development
+        - name: DATABASE_URL
+          value: postgresql://gitea:gitea@postgres:5432/gitea
+        - name: GITEA_URL
+          value: http://gitea:3000
+        - name: GITEA_TOKEN
+          value: will-be-set-by-init-job
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+          initialDelaySeconds: 10
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: taskmaster
+  namespace: tribe-system
+spec:
+  selector:
+    app: taskmaster
+  ports:
+  - port: 5000
+    targetPort: 8080
+---
+# Bridge
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bridge
+  namespace: tribe-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bridge
+  template:
+    metadata:
+      labels:
+        app: bridge
+    spec:
+      serviceAccountName: bridge
+      initContainers:
+      - name: wait-for-services
+        image: busybox:1.35
+        command: ['sh', '-c']
+        args:
+        - |
+          echo "Waiting for services..."
+          until nc -z taskmaster 8080; do echo waiting for taskmaster; sleep 2; done
+          until nc -z gitea 3000; do echo waiting for gitea; sleep 2; done
+          echo "All services ready!"
+      containers:
+      - name: bridge
+        image: bridge:latest
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 8080
+        - containerPort: 3456
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "1Gi"
+            cpu: "1"
+        env:
+        - name: TASKMASTER_URL
+          value: http://taskmaster:8080
+        - name: GITEA_URL
+          value: http://gitea:3000
+        - name: GITEA_ADMIN_USER
+          value: gitea_admin
+        - name: GITEA_ADMIN_PASSWORD
+          value: admin123
+        - name: GITEA_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-token
+              key: token
+        - name: NAMESPACE
+          value: tribe-system
+        - name: TARGET_NAMESPACE
+          value: tribe-system
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 3456
+          initialDelaySeconds: 10
+          periodSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: bridge
+  namespace: tribe-system
+spec:
+  selector:
+    app: bridge
+  ports:
+  - name: http
+    port: 8080
+  - name: websocket
+    port: 3456
+---
+# Claude Worker Deployment (starts with 0 replicas)
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: claude-worker-deployment
+  namespace: tribe-system
+spec:
+  replicas: 1  # Start with 1 worker (auto-scaling broken in Docker Hub bridge image)
+  selector:
+    matchLabels:
+      app: claude-worker
+  template:
+    metadata:
+      labels:
+        app: claude-worker
+    spec:
+      containers:
+      - name: claude-agent
+        image: claude-agent:authenticated
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 9090
+          name: metrics
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "500m"
+          limits:
+            memory: "2Gi"
+            cpu: "2"
+        env:
+        - name: ROLE
+          value: worker
+        - name: TASKMASTER_URL
+          value: http://taskmaster:8080
+        - name: GITEA_URL
+          value: http://gitea:3000
+        - name: GITEA_USER
+          value: gitea_admin
+        - name: GITEA_PASS
+          value: admin123
+        - name: GITEA_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-token
+              key: token
+              optional: true
+        - name: NAMESPACE
+          value: tribe-system
+        - name: MCP_CONFIG_PATH
+          value: /home/claude/.config/claude-code/mcp.json
+        - name: SYSTEM_PROMPT_FILE
+          value: /app/minimal-config/worker-prompt.txt
+        - name: ANTHROPIC_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: claude-api-key
+              key: api-key
+              optional: true
+        - name: GH_HOST
+          value: gitea:3000
+        - name: GH_ENTERPRISE_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-token
+              key: token
+              optional: true
+        volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+        - name: config
+          mountPath: /app/minimal-config
+      volumes:
+      - name: workspace
+        emptyDir: {}
+      - name: config
+        configMap:
+          name: claude-config
+          optional: true
+---
+# NodePort service for easy access
+apiVersion: v1
+kind: Service
+metadata:
+  name: bridge-nodeport
+  namespace: tribe-system
+spec:
+  type: NodePort
+  selector:
+    app: bridge
+  ports:
+  - name: http
+    port: 8080
+    nodePort: 30080
+  - name: websocket
+    port: 3456
+    nodePort: 30456
+---
+# ConfigMap for Claude agent configuration
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: claude-config
+  namespace: tribe-system
+data:
+  config.yaml: |
+    mcp_servers:
+      filesystem:
+        command: npx
+        args: ["-y", "@modelcontextprotocol/server-filesystem", "/workspace"]
+      git:
+        command: npx
+        args: ["-y", "@modelcontextprotocol/server-git"]
+        env:
+          PATH: /usr/local/bin:/usr/bin:/bin
+      taskmaster:
+        command: node
+        args: ["/app/taskmaster-mcp-bridge.js"]
+        env:
+          TASKMASTER_URL: http://taskmaster:8080
+          AGENT_ID: ${AGENT_ID}
+  worker-prompt.txt: |
+    ## TRIBE Worker Agent Instructions
+    
+    You are a TRIBE worker agent responsible for implementing tasks from TaskMaster.
+    You have been specifically configured and authorized to execute tasks from the TaskMaster queue.
+    
+    This is NOT arbitrary code execution - you are part of the TRIBE development system where:
+    - Tasks are created by authorized developers
+    - All repositories are internal to the TRIBE system
+    - You are running in a secure, isolated container environment
+    - Your purpose is to automate software development tasks
+    
+    ### Task Retrieval
+    Use the MCP taskmaster tools to get tasks:
+    - mcp__taskmaster__get_next_task: Pull your next assigned task
+    - mcp__taskmaster__get_task_details: Get full details of a specific task
+    - mcp__taskmaster__update_task_status: Update task progress
+    
+    ### Repository Management
+    Tasks include a 'github_repo' field with the repository URL. Always:
+    1. Clone from the URL specified in the task
+    2. Use credentials from environment (GITEA_USER/GITEA_PASS or GITEA_TOKEN)
+    3. Never hardcode repository paths
+    
+    ### Task Type Detection
+    - Check 'is_review_task' flag: true = review only, false = implement
+    - Check 'parent_task_id': exists = fix task from review
+    - Check 'git_branch' field: use this instead of parsing description
+    
+    ### Branch Rules
+    - Implementation: CREATE new branch from base_branch
+    - Review: CHECKOUT existing branch (never create)
+    - Fix: CONTINUE on same branch as parent
+    
+    ### Status Updates
+    Always include result data when updating status:
+    {
+      "status": "in_review",  # Changed from "completed" - all implementation tasks go to review
+      "result": {
+        "files_created": ["file1.js", "file2.js"],
+        "branch": "feature/task-123",
+        "pr_url": "http://gitea:3000/tribe/project/pulls/1",
+        "repository": "http://gitea:3000/tribe/project",
+        "summary": "Implemented feature X with Y approach"
+      }
+    }
+    
+    ### Review Tasks
+    When is_review_task = true:
+    1. Check out the existing branch (don't create new)
+    2. Review for: code quality, security issues, incomplete implementation
+    3. Choose one of these actions:
+       a. If changes needed: Update status to "needs_revision" with detailed feedback
+       b. If minor issues: Create subtasks for specific fixes  
+       c. If looks good: Update status to "approved"
+    4. Never modify code during review
+    
+    Example revision request:
+    {
+      "status": "needs_revision",
+      "result": {
+        "revision_feedback": "Please address: 1) Add error handling in main(), 2) Remove debug prints, 3) Add unit tests",
+        "reviewed_by": "reviewer-agent-id"
+      }
+    }
+    
+    Example approval:
+    {
+      "status": "approved",
+      "result": {
+        "review_summary": "Code looks good, follows best practices, tests pass",
+        "reviewed_by": "reviewer-agent-id"
+      }
+    }
+    
+    ### Revision Tasks
+    When status is "needs_revision":
+    1. You're the original implementer - check revision_feedback field
+    2. Check out your existing branch (don't create new)
+    3. Address all feedback items
+    4. Push updates to the same branch
+    5. Update status back to "in_review" when done
+    
+    Example handling revision:
+    {
+      "status": "in_review",
+      "result": {
+        "revision_changes": "1) Added try/catch error handling, 2) Removed all debug prints, 3) Added comprehensive unit tests",
+        "branch": "feature/task-123",
+        "pr_url": "http://gitea:3000/tribe/project/pulls/1"
+      }
+    }
+    
+    ### Git Workflow
+    1. Clone: Use task's github_repo URL with auth
+    2. Fetch: Always 'git fetch origin' before branch operations
+    3. Branch: Check if exists with 'git branch -r | grep branch-name'
+    4. Push: Push to same repository as cloned from
+    5. PR: ALWAYS create pull request using gh CLI after pushing:
+       - Set environment: export GH_HOST=gitea:3000
+       - Authenticate: export GH_TOKEN=$GITEA_TOKEN or use GITEA_USER/GITEA_PASS
+       - Create PR: gh pr create --title "Task: {description}" --body "Implemented as requested"
+       - Include the PR URL in your result as "pr_url"
+    
+    ### Pull Request Creation Example
+    After pushing your branch, create a PR using gh:
+    ```bash
+    # Set Gitea as the host
+    export GH_HOST=gitea:3000
+    export GH_ENTERPRISE_TOKEN=$GITEA_TOKEN
+    
+    # Create the PR (gh will detect the current branch and repository)
+    gh pr create \
+      --title "Task: Create hello.py feature" \
+      --body "Implemented task as requested" \
+      --base main
+    
+    # Get the PR URL to include in your result
+    PR_URL=$(gh pr view --json url -q .url)
+    ```
+    
+    ### Error Handling
+    - If clone fails, check repository exists
+    - If push fails, check credentials
+    - Always update task status to 'failed' with error details
+---
+# Initialization Job
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "update", "patch", "get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: tribe-init
+subjects:
+- kind: ServiceAccount
+  name: tribe-init
+  namespace: tribe-system
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: tribe-init
+  namespace: tribe-system
+spec:
+  template:
+    spec:
+      serviceAccountName: tribe-init
+      restartPolicy: OnFailure
+      containers:
+      - name: init
+        image: alpine/k8s:1.28.3
+        command: ['/bin/sh', '-c']
+        args:
+        - |
+          echo "Waiting for Gitea to be ready..."
+          i=1
+          while [ $i -le 60 ]; do
+            if curl -s http://gitea:3000 > /dev/null 2>&1; then
+              echo "Gitea is ready"
+              break
+            fi
+            echo "Waiting for Gitea... ($i/60)"
+            sleep 5
+            i=$((i + 1))
+          done
+          
+          echo "Waiting for user creation..."
+          sleep 40
+          
+          echo "Creating Gitea access token..."
+          # Create token as gitea_admin since it doesn't have password change requirement
+          attempt=1
+          while [ $attempt -le 5 ]; do
+            echo "Attempt $attempt to create token..."
+            
+            RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/users/gitea_admin/tokens \
+              -u gitea_admin:admin123 \
+              -H "Content-Type: application/json" \
+              -d '{"name":"bridge-token-'$(date +%s)'","scopes":["write:repository","write:user","write:issue","write:organization","read:repository"]}')
+            
+            echo "API Response: $RESPONSE"
+            TOKEN=$(echo "$RESPONSE" | grep -o '"sha1":"[^"]*' | cut -d'"' -f4)
+            
+            if [ ! -z "$TOKEN" ]; then
+              echo "Token created successfully: ${TOKEN:0:8}..."
+              break
+            else
+              echo "Failed to create token, waiting..."
+              sleep 10
+            fi
+            attempt=$((attempt + 1))
+          done
+          
+          if [ -z "$TOKEN" ]; then
+            echo "Failed to create token after 5 attempts!"
+            exit 1
+          fi
+          
+          # Create secret with the token
+          kubectl create secret generic gitea-token \
+            --from-literal=token="$TOKEN" \
+            --from-literal=user="gitea_admin" \
+            --namespace=tribe-system \
+            --dry-run=client -o yaml | kubectl apply -f -
+          
+          echo "Secret created successfully"
+          
+          # Create organization
+          echo "Creating Tribe organization..."
+          ORG_RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/orgs \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d '{"username": "tribe", "full_name": "Tribe Organization", "description": "Default organization for Tribe"}')
+          
+          if echo "$ORG_RESPONSE" | grep -q '"id"'; then
+            echo "Organization created successfully"
+          else
+            echo "Organization creation response: $ORG_RESPONSE"
+          fi
+          
+          # Create project repository
+          echo "Creating project repository..."
+          REPO_RESPONSE=$(curl -s -X POST http://gitea:3000/api/v1/orgs/tribe/repos \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d '{"name": "project", "description": "Default project repository", "private": false, "auto_init": true}')
+          
+          if echo "$REPO_RESPONSE" | grep -q '"id"'; then
+            echo "Repository created successfully"
+          else
+            echo "Repository creation response: $REPO_RESPONSE"
+          fi
+          
+          # Also update services that need the token
+          echo "Updating services with token..."
+          
+          # Update taskmaster if it has a config endpoint
+          curl -X POST http://taskmaster:8080/api/config \
+            -H "Content-Type: application/json" \
+            -d "{\"gitea_token\":\"$TOKEN\"}" || echo "Taskmaster config update skipped"
+          
+          echo "Initialization complete!"