@rizom/ops 0.2.0-alpha.8 → 0.2.0-alpha.81

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/README.md +7 -3
  2. package/dist/age-key-bootstrap.d.ts +17 -0
  3. package/dist/brains-ops.js +279 -156
  4. package/dist/cert-bootstrap.d.ts +3 -3
  5. package/dist/content-repo.d.ts +13 -0
  6. package/dist/default-user-runner.d.ts +1 -1
  7. package/dist/deploy.js +3 -170
  8. package/dist/entries/deploy.d.ts +2 -2
  9. package/dist/index.d.ts +4 -0
  10. package/dist/index.js +279 -156
  11. package/dist/load-registry.d.ts +22 -3
  12. package/dist/observed-status.d.ts +1 -1
  13. package/dist/onboard-user.d.ts +2 -2
  14. package/dist/origin-ca.d.ts +1 -1
  15. package/dist/parse-args.d.ts +2 -0
  16. package/dist/push-secrets.d.ts +1 -1
  17. package/dist/reconcile-all.d.ts +2 -2
  18. package/dist/reconcile-cohort.d.ts +2 -2
  19. package/dist/reconcile-lib.d.ts +4 -2
  20. package/dist/run-command.d.ts +1 -2
  21. package/dist/run-subprocess.d.ts +1 -0
  22. package/dist/schema.d.ts +107 -0
  23. package/dist/secrets-encrypt.d.ts +29 -0
  24. package/dist/secrets-push.d.ts +1 -1
  25. package/dist/ssh-key-bootstrap.d.ts +1 -1
  26. package/dist/user-add.d.ts +15 -0
  27. package/dist/user-runner.d.ts +5 -0
  28. package/dist/verify-user.d.ts +19 -0
  29. package/package.json +7 -3
  30. package/templates/rover-pilot/.env.schema +16 -2
  31. package/templates/rover-pilot/.github/workflows/build.yml +13 -5
  32. package/templates/rover-pilot/.github/workflows/deploy.yml +73 -20
  33. package/templates/rover-pilot/.github/workflows/reconcile.yml +16 -2
  34. package/templates/rover-pilot/README.md +6 -3
  35. package/templates/rover-pilot/deploy/scripts/decrypt-user-secrets.ts +78 -0
  36. package/templates/rover-pilot/deploy/scripts/provision-server.ts +1 -1
  37. package/templates/rover-pilot/deploy/scripts/resolve-deploy-handles.ts +15 -4
  38. package/templates/rover-pilot/deploy/scripts/resolve-user-config.ts +12 -12
  39. package/templates/rover-pilot/deploy/scripts/sync-content-repo.ts +179 -0
  40. package/templates/rover-pilot/deploy/scripts/update-dns.ts +14 -4
  41. package/templates/rover-pilot/docs/onboarding-checklist.md +40 -14
  42. package/templates/rover-pilot/docs/operator-playbook.md +129 -10
  43. package/templates/rover-pilot/docs/user-onboarding.md +182 -199
  44. package/templates/rover-pilot/package.json +3 -0
  45. package/templates/rover-pilot/pilot.yaml +3 -0
  46. package/templates/rover-pilot/users/alice.yaml +5 -1
  47. package/dist/user-secret-names.d.ts +0 -6
  48. package/templates/rover-pilot/.kamal/hooks/pre-deploy +0 -9
  49. package/templates/rover-pilot/deploy/Caddyfile +0 -66
  50. package/templates/rover-pilot/deploy/Dockerfile +0 -38
  51. package/templates/rover-pilot/deploy/kamal/deploy.yml +0 -40
package/README.md CHANGED
@@ -6,10 +6,14 @@ Operator CLI package for managing pilot brain fleet registry repos.
6
6
 
7
7
  - `brains-ops init <repo>`
8
8
  - `brains-ops render <repo>` — regenerates `views/users.md` and fills status columns from built-in live probes (`DNS`, `/health`, unauthenticated `/mcp`)
9
- - `brains-ops onboard <repo> <handle>`
9
+ - `brains-ops user:add <repo> <handle> --cohort <cohort>` — scaffolds a user file, per-user secrets template, and cohort membership
10
+ - `brains-ops onboard <repo> <handle>` — creates/seeds the user's content repo using `CONTENT_REPO_ADMIN_TOKEN` for GitHub repo administration and `GIT_SYNC_TOKEN` for git clone/push
11
+ - `brains-ops age-key:bootstrap <repo>`
10
12
  - `brains-ops ssh-key:bootstrap <repo>`
11
- - `brains-ops cert:bootstrap <repo> <handle>`
12
- - `brains-ops secrets:push <repo> <handle>`
13
+ - `brains-ops cert:bootstrap <repo>`
14
+ - `brains-ops secrets:push <repo>`
15
+ - `brains-ops secrets:encrypt <repo> <handle>`
16
+ - `brains-ops verify-user <repo> <handle>` — checks `/health`, unauthenticated `/mcp`, and default-preset browser/CMS routes
13
17
  - `brains-ops reconcile-cohort <repo> <cohort>`
14
18
  - `brains-ops reconcile-all <repo>`
15
19
 
package/dist/age-key-bootstrap.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import { type RunCommand } from "./run-subprocess";
2
+ export interface AgeKeyBootstrapOptions {
3
+ logger?: (message: string) => void;
4
+ pushTo?: string | undefined;
5
+ runCommand?: RunCommand | undefined;
6
+ }
7
+ export interface AgeKeyBootstrapResult {
8
+ createdLocalKey: boolean;
9
+ identityPath: string;
10
+ agePublicKey: string;
11
+ }
12
+ export declare function runPilotAgeKeyBootstrap(rootDir: string, options?: AgeKeyBootstrapOptions): Promise<{
13
+ success: boolean;
14
+ message?: string;
15
+ }>;
16
+ export declare function bootstrapPilotAgeKey(rootDir: string, options?: AgeKeyBootstrapOptions): Promise<AgeKeyBootstrapResult>;
17
+ export declare function extractAgeIdentity(contents: string): string;