@pleri/olam-cli 0.1.147 → 0.1.150

package/host-cp/k8s/manifests/mcp-auth-service/50-deployment.yaml

@@ -0,0 +1,117 @@
+# Deployment for olam-mcp-auth-service.
+#
+# Image: pinned to sha256 digest (not :latest or named tag) per T4 threat model.
+# Digest resolves to ghcr.io/pleri/olam-mcp-auth:latest (multi-arch index).
+# NOTE (B1): image name is olam-mcp-auth (NOT olam-mcp-auth-service) — matches the
+# actual GHCR package name published by release.yml publish-mcp-auth job.
+# To update: resolve the new tag's digest via:
+#   TOKEN=$(curl -s "https://ghcr.io/token?scope=repository:pleri/olam-mcp-auth:pull&service=ghcr.io" | jq -r .token)
+#   curl -sI -H "Authorization: Bearer $TOKEN" \
+#     -H "Accept: application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json" \
+#     https://ghcr.io/v2/pleri/olam-mcp-auth/manifests/<tag> | grep docker-content-digest
+# Or use: node scripts/refresh-manifest-digests.mjs
+#
+# securityContext: conservative defaults per T6/T7 threat model (runAsNonRoot,
+# readOnlyRootFilesystem). /tmp backed by emptyDir for transient write needs.
+#
+# D17 (LOAD-BEARING): mcp-auth-service MUST NOT mount /var/run/docker.sock.
+# Phase 2 architecture: k8s pods cannot reach docker.sock. No hostPath socket
+# mount here — mcp-auth-service authenticates MCP clients via JWT, not Docker.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: olam-mcp-auth-service
+  namespace: olam
+  labels:
+    app: olam-mcp-auth-service
+    olam.io/component: peripheral
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: olam-mcp-auth-service
+  template:
+    metadata:
+      labels:
+        app: olam-mcp-auth-service
+    spec:
+      serviceAccountName: olam-mcp-auth-service
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      initContainers:
+        - name: chown-data
+          # busybox:1.36 — sha256-pinned per T4 threat model.
+          image: busybox@sha256:73aaf090f3d85aa34ee199857f03fa3a95c8ede2ffd4cc2cdb5b94e566b11662
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 0
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+          command: ["chown", "-R", "1000:1000", "/data"]
+          volumeMounts:
+            - name: mcp-auth-data
+              mountPath: /data
+      containers:
+        - name: olam-mcp-auth-service
+          image: ghcr.io/pleri/olam-mcp-auth@sha256:7f5ffeea1a697e43fd1d4569d1e82c78086b80d3f331efa2ea166c0ef4f70826
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - name: http
+              containerPort: 9998
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: olam-mcp-auth-service-env
+            - secretRef:
+                name: olam-mcp-auth-service-secret
+          volumeMounts:
+            - name: mcp-auth-data
+              mountPath: /data
+            - name: tmp
+              mountPath: /tmp
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 9998
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 9998
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 5
+            failureThreshold: 3
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "128Mi"
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+      volumes:
+        - name: mcp-auth-data
+          persistentVolumeClaim:
+            claimName: olam-mcp-auth-data
+        - name: tmp
+          emptyDir: {}
+      # D17 (LOAD-BEARING): NO docker.sock volume or hostPath mount here.
+      # mcp-auth-service does not need Docker access in Phase 2 k8s architecture.

package/host-cp/k8s/manifests/mcp-auth-service/60-service.yaml

@@ -0,0 +1,21 @@
+# ClusterIP Service for olam-mcp-auth-service.
+# Port 9998 — consumed by other peripherals and host-cp via cluster-internal DNS.
+# Operator surfaces externally via:
+#   kubectl port-forward -n olam svc/olam-mcp-auth-service 9998:9998
+apiVersion: v1
+kind: Service
+metadata:
+  name: olam-mcp-auth-service
+  namespace: olam
+  labels:
+    app: olam-mcp-auth-service
+    olam.io/component: peripheral
+spec:
+  type: ClusterIP
+  selector:
+    app: olam-mcp-auth-service
+  ports:
+    - name: http
+      port: 9998
+      targetPort: 9998
+      protocol: TCP

package/host-cp/k8s/manifests/memory-service/10-serviceaccount.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: olam-memory-service
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral

package/host-cp/k8s/manifests/memory-service/20-rbac.yaml

@@ -0,0 +1,34 @@
+# Phase 1a Decision 19: Role scoped to resourceNames: ["olam-memory-service"] on
+# apps/v1 deployments. Without this scope, the in-cluster ServiceAccount
+# could patch ANY Deployment in the namespace. This is the load-bearing
+# security guardrail — preserve verbatim.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: olam-memory-service
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    resourceNames: ["olam-memory-service"]
+    verbs: ["get", "patch", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: olam-memory-service
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+subjects:
+  - kind: ServiceAccount
+    name: olam-memory-service
+    namespace: olam
+roleRef:
+  kind: Role
+  name: olam-memory-service
+  apiGroup: rbac.authorization.k8s.io

package/host-cp/k8s/manifests/memory-service/30-configmap.yaml

@@ -0,0 +1,20 @@
+# ConfigMap for olam-memory-service environment. Sensitive values live in
+# the Secret (see templates/memory-service-secret-template.yaml).
+# Operators apply the Secret separately before applying the manifests.
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: olam-memory-service-env
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+data:
+  # Port memory-service listens on. Must match 60-service.yaml targetPort.
+  OLAM_MEMORY_PORT: "3111"
+  # Data directory — backed by the PVC mounted at /data.
+  OLAM_MEMORY_DATA_PATH: "/data/memory"
+  # URL of auth-service (cluster-internal DNS). Override in non-k3d environments.
+  OLAM_AUTH_SERVICE_URL: "http://olam-auth-service.olam.svc.cluster.local:9999"
+  # Health path exposed at /agentmemory/livez (D15 — do not change).
+  OLAM_MEMORY_HEALTH_PATH: "/agentmemory/livez"

package/host-cp/k8s/manifests/memory-service/45-pvc.yaml

@@ -0,0 +1,25 @@
+# PersistentVolumeClaim for olam-memory-service /data volume.
+#
+# Why PVC instead of hostPath: see packages/host-cp/k8s/manifests/host-cp/45-pvc.yaml
+# for the full rationale (fsGroup, k3d node filesystem, etc.).
+#
+# local-path StorageClass ships with k3d by default (rancher/local-path-provisioner).
+# On non-k3d clusters, substitute storageClassName with your cluster's provisioner.
+# D24: storageClassName operator-editable — edit the field below for non-k3d substrates.
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: olam-memory-data
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+spec:
+  accessModes:
+    - ReadWriteOnce
+  # D24: operator-editable. k3d default is local-path. Change for non-k3d substrates.
+  storageClassName: local-path
+  resources:
+    requests:
+      # D25: memory-service PVC size 5Gi.
+      storage: 5Gi

package/host-cp/k8s/manifests/memory-service/50-deployment.yaml

@@ -0,0 +1,121 @@
+# Deployment for olam-memory-service.
+#
+# Image: pinned to sha256 digest (not :latest or named tag) per T4 threat model.
+# Digest resolves to ghcr.io/pleri/olam-memory-service:0.1.0 (multi-arch index).
+# To update: resolve the new tag's digest via:
+#   TOKEN=$(curl -s "https://ghcr.io/token?scope=repository:pleri/olam-memory-service:pull&service=ghcr.io" | jq -r .token)
+#   curl -sI -H "Authorization: Bearer $TOKEN" \
+#     -H "Accept: application/vnd.oci.image.index.v1+json,application/vnd.docker.distribution.manifest.list.v2+json" \
+#     https://ghcr.io/v2/pleri/olam-memory-service/manifests/<tag> | grep docker-content-digest
+#
+# securityContext: conservative defaults per T6/T7 threat model (runAsNonRoot,
+# readOnlyRootFilesystem). /tmp backed by emptyDir for transient write needs.
+#
+# D15 (LOAD-BEARING): readinessProbe and livenessProbe path MUST be
+# /agentmemory/livez (not /health). Source: DEFAULT_HEALTH_PATH in
+# packages/core/src/services-status/memory-probe.ts:18.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: olam-memory-service
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: olam-memory-service
+  template:
+    metadata:
+      labels:
+        app: olam-memory-service
+    spec:
+      serviceAccountName: olam-memory-service
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      initContainers:
+        - name: chown-data
+          # busybox:1.36 — sha256-pinned per T4 threat model.
+          image: busybox@sha256:73aaf090f3d85aa34ee199857f03fa3a95c8ede2ffd4cc2cdb5b94e566b11662
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsUser: 0
+            runAsNonRoot: false
+            allowPrivilegeEscalation: false
+          command: ["chown", "-R", "1000:1000", "/data"]
+          volumeMounts:
+            - name: memory-data
+              mountPath: /data
+      containers:
+        - name: olam-memory-service
+          # image first appears on GHCR after Phase B's publish-memory-service
+          # job fires on the first release post-merge. Remove the
+          # bootstrap-placeholder comment + run `npm run refresh:manifest-digests`
+          # once ghcr.io/pleri/olam-memory-service has a real published digest.
+          # bootstrap-placeholder: pre-publish; refresh after first release
+          image: ghcr.io/pleri/olam-memory-service@sha256:b4132f1d43335daaeebda2437e5eb78690ce6ef4accb8a830c92ec7acc6ee593
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+          ports:
+            - name: http
+              containerPort: 3111
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: olam-memory-service-env
+            - secretRef:
+                name: olam-memory-service-secret
+          volumeMounts:
+            - name: memory-data
+              mountPath: /data
+            - name: tmp
+              mountPath: /tmp
+          readinessProbe:
+            httpGet:
+              # D15 (LOAD-BEARING): memory-service health path is /agentmemory/livez.
+              # Source: DEFAULT_HEALTH_PATH in packages/core/src/services-status/memory-probe.ts:18.
+              # Do NOT change to /health — that endpoint does not exist on this service.
+              path: /agentmemory/livez
+              port: 3111
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 6
+          livenessProbe:
+            httpGet:
+              # D15 (LOAD-BEARING): same path as readinessProbe.
+              path: /agentmemory/livez
+              port: 3111
+            initialDelaySeconds: 30
+            periodSeconds: 20
+            timeoutSeconds: 5
+            failureThreshold: 3
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "256Mi"
+            limits:
+              cpu: "500m"
+              memory: "1Gi"
+      volumes:
+        - name: memory-data
+          persistentVolumeClaim:
+            claimName: olam-memory-data
+        - name: tmp
+          emptyDir: {}

package/host-cp/k8s/manifests/memory-service/60-service.yaml

@@ -0,0 +1,21 @@
+# ClusterIP Service for olam-memory-service.
+# Port 3111 — consumed by host-cp and agents via cluster-internal DNS.
+# Operator surfaces externally via:
+#   kubectl port-forward -n olam svc/olam-memory-service 3111:3111
+apiVersion: v1
+kind: Service
+metadata:
+  name: olam-memory-service
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+spec:
+  type: ClusterIP
+  selector:
+    app: olam-memory-service
+  ports:
+    - name: http
+      port: 3111
+      targetPort: 3111
+      protocol: TCP

package/host-cp/k8s/templates/auth-service-secret-template.yaml

@@ -0,0 +1,28 @@
+# Secret TEMPLATE for olam-auth-service.
+#
+# This file is a TEMPLATE — it MUST NOT be applied directly without substituting
+# the placeholder values. The placeholders are intentionally invalid; a raw
+# `kubectl apply` will result in auth failures rather than silently shipping
+# fake credentials.
+#
+# Preferred substitution (keeps secrets out of git):
+#   kubectl create secret generic olam-auth-service-secret -n olam \
+#     --from-literal=OLAM_AUTH_DB_SECRET=$(cat ~/.olam/auth-db-secret) \
+#     --dry-run=client -o yaml | kubectl apply -f -
+#
+# This template lives in packages/host-cp/k8s/templates/ (NOT manifests/)
+# so that `kubectl apply -f manifests/auth-service/` does NOT apply it —
+# operators must explicitly handle Secret provisioning before applying manifests.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: olam-auth-service-secret
+  namespace: olam
+  labels:
+    app: olam-auth-service
+    olam.io/component: peripheral
+type: Opaque
+stringData:
+  # Shared database encryption secret for the credential vault.
+  # Source: cat ~/.olam/auth-db-secret
+  OLAM_AUTH_DB_SECRET: "REPLACE_ME_FROM_HOME_DOTOLAM_AUTH_DB_SECRET"

package/host-cp/k8s/templates/kg-service-secret-template.yaml

@@ -0,0 +1,28 @@
+# Secret TEMPLATE for olam-kg-service.
+#
+# This file is a TEMPLATE — it MUST NOT be applied directly without substituting
+# the placeholder values. The placeholders are intentionally invalid; a raw
+# `kubectl apply` will result in auth failures rather than silently shipping
+# fake credentials.
+#
+# Preferred substitution (keeps secrets out of git):
+#   kubectl create secret generic olam-kg-service-secret -n olam \
+#     --from-literal=OLAM_KG_BEARER_TOKEN=$(cat ~/.olam/kg-bearer-token) \
+#     --dry-run=client -o yaml | kubectl apply -f -
+#
+# This template lives in packages/host-cp/k8s/templates/ (NOT manifests/)
+# so that `kubectl apply -f manifests/kg-service/` does NOT apply it —
+# operators must explicitly handle Secret provisioning before applying manifests.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: olam-kg-service-secret
+  namespace: olam
+  labels:
+    app: olam-kg-service
+    olam.io/component: peripheral
+type: Opaque
+stringData:
+  # Bearer token for in-cluster KG query authentication.
+  # Source: cat ~/.olam/kg-bearer-token
+  OLAM_KG_BEARER_TOKEN: "REPLACE_ME_FROM_HOME_DOTOLAM_KG_BEARER_TOKEN"

package/host-cp/k8s/templates/mcp-auth-service-secret-template.yaml

@@ -0,0 +1,28 @@
+# Secret TEMPLATE for olam-mcp-auth-service.
+#
+# This file is a TEMPLATE — it MUST NOT be applied directly without substituting
+# the placeholder values. The placeholders are intentionally invalid; a raw
+# `kubectl apply` will result in auth failures rather than silently shipping
+# fake credentials.
+#
+# Preferred substitution (keeps secrets out of git):
+#   kubectl create secret generic olam-mcp-auth-service-secret -n olam \
+#     --from-literal=OLAM_MCP_AUTH_JWT_SECRET=$(cat ~/.olam/mcp-auth-jwt-secret) \
+#     --dry-run=client -o yaml | kubectl apply -f -
+#
+# This template lives in packages/host-cp/k8s/templates/ (NOT manifests/)
+# so that `kubectl apply -f manifests/mcp-auth-service/` does NOT apply it —
+# operators must explicitly handle Secret provisioning before applying manifests.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: olam-mcp-auth-service-secret
+  namespace: olam
+  labels:
+    app: olam-mcp-auth-service
+    olam.io/component: peripheral
+type: Opaque
+stringData:
+  # JWT signing secret for MCP client authentication.
+  # Source: cat ~/.olam/mcp-auth-jwt-secret
+  OLAM_MCP_AUTH_JWT_SECRET: "REPLACE_ME_FROM_HOME_DOTOLAM_MCP_AUTH_JWT_SECRET"

package/host-cp/k8s/templates/memory-service-secret-template.yaml

@@ -0,0 +1,29 @@
+# Secret TEMPLATE for olam-memory-service.
+#
+# This file is a TEMPLATE — it MUST NOT be applied directly without substituting
+# the placeholder values. The placeholders are intentionally invalid; a raw
+# `kubectl apply` will result in auth failures rather than silently shipping
+# fake credentials.
+#
+# Preferred substitution (keeps secrets out of git):
+#   kubectl create secret generic olam-memory-service-secret -n olam \
+#     --from-literal=OLAM_MEMORY_BEARER_SECRET=$(cat ~/.olam/memory-bearer-secret) \
+#     --dry-run=client -o yaml | kubectl apply -f -
+#
+# This template lives in packages/host-cp/k8s/templates/ (NOT manifests/)
+# so that `kubectl apply -f manifests/memory-service/` does NOT apply it —
+# operators must explicitly handle Secret provisioning before applying manifests.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: olam-memory-service-secret
+  namespace: olam
+  labels:
+    app: olam-memory-service
+    olam.io/component: peripheral
+type: Opaque
+stringData:
+  # Bearer secret for the memory-service HTTP API (matches OLAM_MEMORY_BEARER_SECRET
+  # used by host-cp and agents that call the memory endpoints).
+  # Source: cat ~/.olam/memory-bearer-secret
+  OLAM_MEMORY_BEARER_SECRET: "REPLACE_ME_FROM_HOME_DOTOLAM_MEMORY_BEARER_SECRET"

package/host-cp/src/agent-runtime-trigger.mjs

@@ -31,11 +31,13 @@ import { spawnSync, spawn } from 'node:child_process';
 
 const SPAWN_TIMEOUT_MS = 10_000;
 
-// Default container-side path for the supervisor binary. The devbox image
-// COPYs `packages/intelligence/dist/agent-stream/` to this location during
-// build (devbox Dockerfile update lands alongside this PR or in a follow-up).
-// Compiled supervisor lives at /opt/olam/agent-stream/dist/agent-stream-launch.js
-// per the devbox runtime Dockerfile build-in-image step (tsc writes dist/).
+// Default container-side path for the supervisor binary.
+// In source-mode (OLAM_DEV=1): the operator's built host dist is bind-mounted
+// read-only at /opt/olam/agent-stream/dist (Phase B1, olam-world-bundle-freshness).
+// The mount overlays the image-baked dist, so this path always resolves to the
+// freshest available binary — no docker cp required.
+// In install-mode / cloud: the image-baked dist (devbox.runtime.glibc.Dockerfile
+// lines 263-287 bake step) is the fallback; the path is the same.
 const DEFAULT_SUPERVISOR_PATH = '/opt/olam/agent-stream/dist/agent-stream-launch.js';
 
 /**

package/host-cp/src/plan-chat-secret.mjs

@@ -5,14 +5,25 @@
 // hex string. Helpers generate, read, and rotate atomically. Rotation
 // writes to a tmpfile and renames; mid-rotation reads see either the old
 // or new value, never a partial write.
+//
+// Inside the Docker container, os.homedir() → /root, but compose.yaml mounts
+// ${HOME}/.olam → /data. Without an env override, the bearer would be written
+// to /root/.olam/plan-chat-secret (container ephemeral layer) and lost on
+// every `docker compose up --force-recreate` (i.e. every `olam upgrade`).
+// OLAM_PLAN_CHAT_SECRET_PATH is set to /data/plan-chat-secret in compose.yaml
+// and k8s/manifests/30-configmap.yaml so all reads/writes land in the
+// bind-mounted host directory. On bare-host installs (no container) the env
+// var is unset and the path falls back to ~/.olam/plan-chat-secret — no
+// behaviour change. Mirrors precedent commit 5b21d1f2 (PR #440) for plan.db.
 
 import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
 import crypto from 'node:crypto';
 
-export const SECRET_DIR = path.join(os.homedir(), '.olam');
-export const SECRET_PATH = path.join(SECRET_DIR, 'plan-chat-secret');
+export const SECRET_PATH =
+  process.env.OLAM_PLAN_CHAT_SECRET_PATH ?? path.join(os.homedir(), '.olam', 'plan-chat-secret');
+export const SECRET_DIR = path.dirname(SECRET_PATH);
 const SECRET_BYTES = 32; // 64 hex chars
 const SECRET_MODE = 0o600;