@cyanautomation/kaseki-agent 1.28.0 → 1.29.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyanautomation/kaseki-agent",
-  "version": "1.28.0",
+  "version": "1.29.0",
   "description": "Admin/helper/doctor toolbox and local API client for Kaseki diagnostics, setup, and API-backed coding-agent task workflows",
   "type": "module",
   "license": "MIT",

package/scripts/docker-entrypoint.sh

@@ -1,6 +1,19 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+# === Docker Entrypoint for Kaseki Agent ===
+# Responsible for:
+#   1. Running init container (if applicable) to fix /agents permissions
+#   2. Running early startup checks
+#   3. Dispatching to the appropriate command handler (api, agent, setup, etc.)
+
+# Phase 1: Check if init container already ran (for debugging)
+# The init container is a separate service in docker-compose and runs before this.
+# If you're seeing permission errors here, the init container either:
+#   - Failed to fix permissions (expected in restricted environments)
+#   - Hasn't run yet (check depends_on conditions)
+#   - Ran but the issue is fundamental to the environment
+
 # Phase 2: Run early startup checks to catch permission and config issues
 # This runs before any kaseki operation to prevent silent failures
 if [ "${KASEKI_SKIP_STARTUP_CHECKS:-0}" != "1" ]; then

package/scripts/kaseki-init-container.sh

@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+#
+# kaseki-init-container.sh — Initialize /agents directory permissions for API service
+#
+# This script runs in an init container (before the main kaseki-api service)
+# to ensure the /agents directory is properly configured with correct ownership.
+#
+# Exit codes:
+#   0 = success (directory is ready or was fixed)
+#   1 = failure (directory not writable; manual intervention required)
+#
+# This approach allows graceful fallback: if init fails, the main API service
+# still starts but logs clear instructions for Dockhand/Portainer users.
+
+set -euo pipefail
+
+# Configuration
+KASEKI_ROOT="${KASEKI_ROOT:-/agents}"
+CONTAINER_UID="${CONTAINER_UID:-10000}"
+CONTAINER_GID="${CONTAINER_GID:-10000}"
+
+# Color codes for output
+RED='\033[0;31m'
+YELLOW='\033[0;33m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+NC='\033[0m'  # No Color
+
+# Logging functions
+log_pass() {
+  echo -e "${GREEN}✓${NC} $*" >&2
+}
+
+log_warn() {
+  echo -e "${YELLOW}⚠${NC} $*" >&2
+}
+
+log_error() {
+  echo -e "${RED}✗${NC} $*" >&2
+}
+
+log_info() {
+  echo -e "${BLUE}ℹ${NC} $*" >&2
+}
+
+# --- Main initialization logic ---
+
+main() {
+  log_info "Init container: Initializing $KASEKI_ROOT"
+  
+  # Check if /agents exists
+  if [ ! -d "$KASEKI_ROOT" ]; then
+    log_info "  Creating $KASEKI_ROOT..."
+    if mkdir -p "$KASEKI_ROOT" 2>/dev/null; then
+      log_pass "Created $KASEKI_ROOT"
+    else
+      log_error "Failed to create $KASEKI_ROOT (parent directory not writable)"
+      log_error "Fix: Run on host: sudo mkdir -p $KASEKI_ROOT"
+      return 1
+    fi
+  fi
+  
+  # Verify it's writable by container UID
+  if [ ! -w "$KASEKI_ROOT" ]; then
+    log_warn "$KASEKI_ROOT exists but is not writable by container"
+    log_info "  Attempting to fix permissions..."
+    
+    # Try to make it readable and executable for all (755)
+    if chmod 755 "$KASEKI_ROOT" 2>/dev/null; then
+      log_pass "Fixed permissions on $KASEKI_ROOT (chmod 755)"
+      return 0
+    else
+      log_error "Failed to fix permissions on $KASEKI_ROOT (chmod failed)"
+      log_error "This is expected in restricted environments (e.g., read-only volumes)"
+      log_error ""
+      log_error "Manual fix required. In your container platform (Dockhand/Portainer):"
+      log_error "  1. Run on the host: sudo chown $CONTAINER_UID:$CONTAINER_GID $KASEKI_ROOT"
+      log_error "  2. Run on the host: sudo chmod 755 $KASEKI_ROOT"
+      log_error "  3. Restart the kaseki-api service"
+      log_error ""
+      log_error "Alternative: Use init container with elevated privileges (not recommended)"
+      return 1
+    fi
+  fi
+  
+  log_pass "$KASEKI_ROOT is writable by container"
+  log_pass "Init complete. API service can now proceed."
+  return 0
+}
+
+# Execute main and report result
+if main; then
+  exit 0
+else
+  # Graceful failure: exit 1 but don't block the main API service from starting
+  # The main service will detect the issue via startup-checks.sh and provide
+  # actionable error messages to users
+  exit 1
+fi

package/scripts/startup-checks.sh

@@ -49,6 +49,98 @@ log_info() {
   echo -e "${BLUE}ℹ${NC} $*" >&2
 }
 
+# Check if we're running in a container managed by Docker (but not necessarily Docker Compose)
+is_in_container() {
+  [ -f /.dockerenv ] || [ -f /run/.containerenv ]
+}
+
+# Detect container management platform (Dockhand, Portainer, Kubernetes, etc.)
+detect_container_platform() {
+  if [ -S /var/run/docker.sock ] 2>/dev/null; then
+    # We have access to docker socket
+    if command -v docker &>/dev/null; then
+      # Check if running on Portainer (has specific env vars or config)
+      if [ -n "${PORTAINER_VERSION:-}" ] || [ -f /.portainer ]; then
+        echo "portainer"
+        return 0
+      fi
+      # Check for Dockhand patterns (typically running in restricted mode)
+      if grep -q "dockhand" /proc/self/cgroup 2>/dev/null || [ -n "${DOCKHAND_MODE:-}" ]; then
+        echo "dockhand"
+        return 0
+      fi
+    fi
+  fi
+  # Kubernetes detection
+  if [ -d /var/run/secrets/kubernetes.io ]; then
+    echo "kubernetes"
+    return 0
+  fi
+  echo "docker"
+  return 0
+}
+
+# Generate platform-specific remediation instructions
+suggest_platform_setup() {
+  local platform="${1:-docker}"
+  
+  case "$platform" in
+    portainer)
+      echo ""
+      echo "📦 Running on Portainer — Setup Instructions:"
+      echo ""
+      echo "  1. In Portainer UI, navigate to Stacks → kaseki-agent"
+      echo "  2. Edit the stack and modify the 'services' section:"
+      echo ""
+      echo "     Before docker-compose up, run on the HOST:"
+      echo "       sudo mkdir -p /agents"
+      echo "       sudo chown 10000:10000 /agents"
+      echo "       sudo chmod 755 /agents"
+      echo ""
+      echo "  3. Or, use an init container (already added in latest version)"
+      echo "     Wait 10 seconds after deploy for init container to complete"
+      echo ""
+      echo "  See: docs/DEPLOYMENT.md#container-management-platforms"
+      ;;
+    dockhand)
+      echo ""
+      echo "🔧 Running on Dockhand — Setup Instructions:"
+      echo ""
+      echo "  1. SSH into the Dockhand host"
+      echo "  2. Run the following commands:"
+      echo "       sudo mkdir -p /agents"
+      echo "       sudo chown 10000:10000 /agents"
+      echo "       sudo chmod 755 /agents"
+      echo ""
+      echo "  3. Restart the kaseki-api service in Dockhand UI"
+      echo ""
+      echo "  See: docs/DEPLOYMENT.md#container-management-platforms"
+      ;;
+    kubernetes)
+      echo ""
+      echo "☸️  Running on Kubernetes — Setup Instructions:"
+      echo ""
+      echo "  1. Ensure /agents PersistentVolume is properly mounted"
+      echo "  2. The PV must be writable by UID 10000"
+      echo ""
+      echo "  Example: kubectl patch pv agents-pv -p '{\"spec\":{\"owner\":\"10000:10000\"}}'"
+      echo ""
+      echo "  See: docs/DEPLOYMENT.md#kubernetes-deployment"
+      ;;
+    *)
+      echo ""
+      echo "💡 Setup Instructions:"
+      echo ""
+      echo "  Run on the host where /agents is mounted:"
+      echo "    sudo mkdir -p /agents"
+      echo "    sudo chown 10000:10000 /agents"
+      echo "    sudo chmod 755 /agents"
+      echo ""
+      echo "  Then restart the kaseki-api service."
+      ;;
+  esac
+}
+
 # Check if a directory is writable (even if it doesn't exist yet)
 is_writable_or_creatable() {
   local target_dir="$1"
@@ -102,6 +194,13 @@ check_kaseki_root() {
   if [ ! -w "$KASEKI_ROOT" ]; then
     log_error "$KASEKI_ROOT exists but is not writable by UID $CONTAINER_UID"
     log_error "Fix: Run on host: sudo chown $CONTAINER_UID:$CONTAINER_GID $KASEKI_ROOT"
+    
+    # Provide platform-specific instructions if in container
+    if is_in_container; then
+      local platform
+      platform=$(detect_container_platform)
+      suggest_platform_setup "$platform"
+    fi
     return 2
   fi