@sibyllinesoft/smith-installer 0.1.1

package/dist/lib.js

@@ -0,0 +1,265 @@
+import { existsSync, readFileSync, readdirSync, statSync } from "fs";
+import { resolve, join } from "path";
+export function parseArgs(argv) {
+    const args = {
+        nonInteractive: false,
+        provider: "anthropic",
+        model: "claude-sonnet-4-20250514",
+        thinkingLevel: "medium",
+        force: false,
+        help: false,
+    };
+    for (let i = 2; i < argv.length; i++) {
+        switch (argv[i]) {
+            case "--non-interactive":
+                args.nonInteractive = true;
+                break;
+            case "--provider":
+                args.provider = argv[++i];
+                break;
+            case "--model":
+                args.model = argv[++i];
+                break;
+            case "--thinking":
+                args.thinkingLevel = argv[++i];
+                break;
+            case "--step":
+                args.step = argv[++i];
+                break;
+            case "--force":
+                args.force = true;
+                break;
+            case "--repo":
+                args.repo = argv[++i];
+                break;
+            case "--help":
+            case "-h":
+                args.help = true;
+                break;
+            default:
+                throw new Error(`Unknown option: ${argv[i]} (try --help)`);
+        }
+    }
+    return args;
+}
+export function findSmithRoot(startDir) {
+    let dir = resolve(startDir);
+    const root = resolve("/");
+    while (dir !== root) {
+        const looksLikeRepoRoot = existsSync(join(dir, "Cargo.toml")) &&
+            existsSync(join(dir, "docker-compose.yaml")) &&
+            existsSync(join(dir, "justfile")) &&
+            existsSync(join(dir, "installer", "package.json"));
+        if (looksLikeRepoRoot) {
+            return dir;
+        }
+        dir = resolve(dir, "..");
+    }
+    return null;
+}
+export function loadSkills(skillsDir) {
+    const skills = [];
+    let entries;
+    try {
+        entries = readdirSync(skillsDir);
+    }
+    catch {
+        return skills;
+    }
+    for (const entry of entries) {
+        const skillDir = join(skillsDir, entry);
+        const skillFile = join(skillDir, "SKILL.md");
+        try {
+            if (!statSync(skillDir).isDirectory())
+                continue;
+            const content = readFileSync(skillFile, "utf8");
+            // Extract description from frontmatter
+            const match = content.match(/^---\s*\ndescription:\s*(.+)\n---/);
+            const description = match?.[1] ?? entry;
+            skills.push({ name: entry, description, content });
+        }
+        catch {
+            // Skip skills without SKILL.md
+        }
+    }
+    return skills;
+}
+export function buildSystemPrompt(opts) {
+    let prompt = "You are the Smith Core installer and configuration agent.\n\n";
+    prompt += `smith-core repo root: ${opts.smithRoot}\n`;
+    if (process.platform === "darwin") {
+        prompt +=
+            "\nThis host is macOS. Ensure Gondolin-backed persistent VM sessions are enabled by setting:\n" +
+                "- SMITH_EXECUTOR_VM_POOL_ENABLED=true\n" +
+                "- SMITH_EXECUTOR_VM_METHOD=gondolin\n" +
+                "- SMITH_EXECUTOR_GONDOLIN_COMMAND=gondolin\n" +
+                "- SMITH_EXECUTOR_GONDOLIN_ARGS=exec,--\n";
+    }
+    if (opts.step) {
+        prompt += `\nThe user wants to run installer step '${opts.step}' only.\n`;
+    }
+    const configSteps = ["configure-policy", "policy"];
+    if (opts.step && configSteps.includes(opts.step.toLowerCase())) {
+        prompt += "You are in configuration mode (not bootstrapping). " +
+            "Focus on inspecting and configuring the policy system. " +
+            "Do not run build or infrastructure setup commands.\n";
+    }
+    if (opts.force) {
+        prompt += "--force is set — recreate infrastructure before bootstrapping.\n";
+    }
+    if (opts.securityWarnings && opts.securityWarnings.length > 0) {
+        prompt +=
+            "\nLocal security posture warnings were detected. These are non-blocking, " +
+                "but you must present them clearly before continuing:\n";
+        for (const warning of opts.securityWarnings) {
+            prompt += `- ${warning}\n`;
+        }
+        prompt +=
+            "Explicitly warn when deployment is not on a private network and recommend " +
+                "VPN/tunnel controls (for example Cloudflare Tunnel or Tailscale).\n";
+    }
+    return prompt;
+}
+function parseEnvFile(path) {
+    const vars = {};
+    const content = readFileSync(path, "utf8");
+    for (const rawLine of content.split("\n")) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith("#"))
+            continue;
+        const eq = line.indexOf("=");
+        if (eq <= 0)
+            continue;
+        const key = line.slice(0, eq).trim();
+        let value = line.slice(eq + 1).trim();
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        vars[key] = value;
+    }
+    return vars;
+}
+function hasNonEmpty(vars, keys) {
+    return keys.some((key) => (vars[key] ?? "").trim().length > 0);
+}
+function looksLikeWeakSecret(value, weakValues) {
+    const normalized = value.trim();
+    return normalized.length === 0 || weakValues.includes(normalized);
+}
+function isLikelyLoopbackListen(value) {
+    const v = value.trim().toLowerCase();
+    return (v.includes("127.0.0.1") ||
+        v.includes("localhost") ||
+        v.includes("[::1]") ||
+        v === "::1" ||
+        v.startsWith("::1:"));
+}
+export function evaluateInstallerSecurity(smithRoot) {
+    const envPath = join(smithRoot, ".env");
+    const envExamplePath = join(smithRoot, ".env.example");
+    const sourceFile = existsSync(envPath)
+        ? envPath
+        : existsSync(envExamplePath)
+            ? envExamplePath
+            : null;
+    if (!sourceFile) {
+        return {
+            sourceFile: null,
+            warnings: [
+                {
+                    id: "missing-env",
+                    message: "No .env or .env.example was found to evaluate security posture.",
+                    recommendation: "Create .env from .env.example and review secrets plus network exposure settings.",
+                },
+            ],
+        };
+    }
+    const vars = parseEnvFile(sourceFile);
+    const warnings = [];
+    const weakSecrets = [
+        [
+            "POSTGRES_PASSWORD",
+            ["smith-dev", "postgres", "password", "changeme"],
+            "Set POSTGRES_PASSWORD to a unique, high-entropy value.",
+        ],
+        [
+            "CLICKHOUSE_PASSWORD",
+            ["observability-dev", "clickhouse", "password", "changeme"],
+            "Set CLICKHOUSE_PASSWORD to a unique, high-entropy value.",
+        ],
+        [
+            "GRAFANA_ADMIN_PASSWORD",
+            ["admin", "grafana", "password", "changeme"],
+            "Set GRAFANA_ADMIN_PASSWORD to a unique, high-entropy value.",
+        ],
+    ];
+    for (const [key, weakValues, recommendation] of weakSecrets) {
+        const value = (vars[key] ?? "").trim();
+        if (looksLikeWeakSecret(value, weakValues)) {
+            warnings.push({
+                id: `weak-${key.toLowerCase()}`,
+                message: `${key} is empty or set to a known weak default.`,
+                recommendation,
+            });
+        }
+    }
+    const mcpToken = (vars.MCP_INDEX_API_TOKEN ?? "").trim();
+    if (mcpToken.length < 24) {
+        warnings.push({
+            id: "weak-mcp-index-token",
+            message: "MCP_INDEX_API_TOKEN is missing or too short; MCP index APIs may be unauthenticated or weakly protected.",
+            recommendation: "Set MCP_INDEX_API_TOKEN to a long random secret (at least 24 characters).",
+        });
+    }
+    const capabilityDigest = (vars.AGENTD_CAPABILITY_DIGEST ?? "").trim();
+    if (!/^[a-fA-F0-9]{64}$/.test(capabilityDigest)) {
+        warnings.push({
+            id: "invalid-capability-digest",
+            message: "AGENTD_CAPABILITY_DIGEST is missing or not a valid 64-character hex digest.",
+            recommendation: "Set AGENTD_CAPABILITY_DIGEST to the intended capability bundle digest before production use.",
+        });
+    }
+    else if (/^0{64}$/.test(capabilityDigest)) {
+        warnings.push({
+            id: "zero-capability-digest",
+            message: "AGENTD_CAPABILITY_DIGEST is all zeros and will be rejected by secure defaults.",
+            recommendation: "Set AGENTD_CAPABILITY_DIGEST to a real digest, or only allow zero in local development overrides.",
+        });
+    }
+    const cloudflareKeys = [
+        "CLOUDFLARED_TUNNEL_TOKEN",
+        "CLOUDFLARE_TUNNEL_TOKEN",
+        "CLOUDFLARE_TUNNEL_ID",
+        "CLOUDFLARE_TUNNEL_HOSTNAME",
+        "CLOUDFLARE_TUNNEL_E2E_URL",
+        "CF_TUNNEL_TOKEN",
+        "TUNNEL_TOKEN",
+    ];
+    const tailscaleKeys = [
+        "TAILSCALE_AUTHKEY",
+        "TS_AUTHKEY",
+        "TAILSCALE_OAUTH_CLIENT_ID",
+        "TAILSCALE_HOSTNAME",
+        "TAILSCALE_TUNNEL_E2E_URL",
+    ];
+    const hasCloudflare = hasNonEmpty(vars, cloudflareKeys);
+    const hasTailscale = hasNonEmpty(vars, tailscaleKeys);
+    if (!hasCloudflare && !hasTailscale) {
+        warnings.push({
+            id: "missing-private-network-indicator",
+            message: "No Cloudflare Tunnel or Tailscale configuration indicators were found.",
+            recommendation: "Use a private network path (VPN/tunnel), and avoid exposing management endpoints directly to public networks.",
+        });
+    }
+    const grpcListen = (vars.AGENTD_GRPC_LISTEN ?? "").trim();
+    if (grpcListen && !isLikelyLoopbackListen(grpcListen)) {
+        warnings.push({
+            id: "agentd-grpc-non-loopback",
+            message: `AGENTD_GRPC_LISTEN is set to a non-loopback address (${grpcListen}).`,
+            recommendation: "Keep AGENTD_GRPC_LISTEN on loopback or enforce network controls before exposing it beyond trusted private networks.",
+        });
+    }
+    return { sourceFile, warnings };
+}
+//# sourceMappingURL=lib.js.map

package/dist/lib.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lib.js","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAoDrC,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,IAAI,GAAY;QACpB,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE,WAA4B;QACtC,KAAK,EAAE,0BAA0B;QACjC,aAAa,EAAE,QAAyB;QACxC,KAAK,EAAE,KAAK;QACZ,IAAI,EAAE,KAAK;KACZ,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,QAAQ,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,mBAAmB;gBACtB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC3B,MAAM;YACR,KAAK,YAAY;gBACf,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,EAAE,CAAC,CAAmB,CAAC;gBAC5C,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,EAAE,CAAC,CAAE,CAAC;gBACxB,MAAM;YACR,KAAK,YAAY;gBACf,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,EAAE,CAAC,CAAmB,CAAC;gBACjD,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAE,CAAC;gBACvB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAE,CAAC;gBACvB,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;gBACjB,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,IAAI,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAE1B,OAAO,GAAG,KAAK,IAAI,EAAE,CAAC;QACpB,MAAM,iBAAiB,GACrB,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YACnC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YACjC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;QAErD,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,GAAG,CAAC;QACb,CAAC;QACD,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,MAAM,MAAM,GAAY,EAAE,CAAC;IAE3B,IAAI,OAAiB,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QAE7C,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE;gBAAE,SAAS;YAChD,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAEhD,uCAAuC;YACvC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACjE,MAAM,WAAW,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;YAExC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;QACrD,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAsB;IACtD,IAAI,MAAM,GAAG,+DAA+D,CAAC;IAC7E,MAAM,IAAI,yBAAyB,IAAI,CAAC,SAAS,IAAI,CAAC;IAEtD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,MAAM;YACJ,+FAA+F;gBAC/F,yCAAyC;gBACzC,uCAAuC;gBACvC,8CAA8C;gBAC9C,0CAA0C,CAAC;IAC/C,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,IAAI,2CAA2C,IAAI,CAAC,IAAI,WAAW,CAAC;IAC5E,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,IAAI,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,qDAAqD;YAC7D,yDAAyD;YACzD,sDAAsD,CAAC;IAC3D,CAAC;IAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,kEAAkE,CAAC;IAC/E,CAAC;IACD,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9D,MAAM;YACJ,2EAA2E;gBAC3E,wDAAwD,CAAC;QAC3D,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,OAAO,IAAI,CAAC;QAC7B,CAAC;QACD,MAAM;YACJ,4EAA4E;gBAC5E,qEAAqE,CAAC;IAC1E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC3C,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5C,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,EAAE,IAAI,CAAC;YAAE,SAAS;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACpB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAC,IAA4B,EAAE,IAAc;IAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa,EAAE,UAAoB;IAC9D,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAChC,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAa;IAC3C,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO,CACL,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;QACvB,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;QACvB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;QACnB,CAAC,KAAK,KAAK;QACX,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CACrB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,SAAiB;IACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAEvD,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC;QACpC,CAAC,CAAC,OAAO;QACT,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC;YAC1B,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,IAAI,CAAC;IAEX,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE;gBACR;oBACE,EAAE,EAAE,aAAa;oBACjB,OAAO,EAAE,iEAAiE;oBAC1E,cAAc,EACZ,kFAAkF;iBACrF;aACF;SACF,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IACtC,MAAM,QAAQ,GAA+B,EAAE,CAAC;IAEhD,MAAM,WAAW,GAAsC;QACrD;YACE,mBAAmB;YACnB,CAAC,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC;YACjD,wDAAwD;SACzD;QACD;YACE,qBAAqB;YACrB,CAAC,mBAAmB,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,CAAC;YAC3D,0DAA0D;SAC3D;QACD;YACE,wBAAwB;YACxB,CAAC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC;YAC5C,6DAA6D;SAC9D;KACF,CAAC;IAEF,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,cAAc,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,IAAI,mBAAmB,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,QAAQ,GAAG,CAAC,WAAW,EAAE,EAAE;gBAC/B,OAAO,EAAE,GAAG,GAAG,2CAA2C;gBAC1D,cAAc;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACzD,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,sBAAsB;YAC1B,OAAO,EACL,yGAAyG;YAC3G,cAAc,EACZ,2EAA2E;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,gBAAgB,GAAG,CAAC,IAAI,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtE,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,2BAA2B;YAC/B,OAAO,EACL,6EAA6E;YAC/E,cAAc,EACZ,8FAA8F;SACjG,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,wBAAwB;YAC5B,OAAO,EAAE,gFAAgF;YACzF,cAAc,EACZ,mGAAmG;SACtG,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG;QACrB,0BAA0B;QAC1B,yBAAyB;QACzB,sBAAsB;QACtB,4BAA4B;QAC5B,2BAA2B;QAC3B,iBAAiB;QACjB,cAAc;KACf,CAAC;IACF,MAAM,aAAa,GAAG;QACpB,mBAAmB;QACnB,YAAY;QACZ,2BAA2B;QAC3B,oBAAoB;QACpB,0BAA0B;KAC3B,CAAC;IACF,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IAEtD,IAAI,CAAC,aAAa,IAAI,CAAC,YAAY,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,mCAAmC;YACvC,OAAO,EACL,wEAAwE;YAC1E,cAAc,EACZ,+GAA+G;SAClH,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1D,IAAI,UAAU,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,0BAA0B;YAC9B,OAAO,EAAE,wDAAwD,UAAU,IAAI;YAC/E,cAAc,EACZ,qHAAqH;SACxH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC"}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@sibyllinesoft/smith-installer",
+  "version": "0.1.1",
+  "description": "AI-guided Smith platform installer powered by pi-agent",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sibyllinesoft/smith-core.git",
+    "directory": "installer"
+  },
+  "homepage": "https://smithcore.dev",
+  "bugs": {
+    "url": "https://github.com/sibyllinesoft/smith-core/issues"
+  },
+  "type": "module",
+  "bin": {
+    "smith-install": "./dist/cli.js"
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "agents.md",
+    "skills"
+  ],
+  "scripts": {
+    "build": "rm -rf dist && tsc",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "engines": {
+    "node": ">=22"
+  },
+  "dependencies": {
+    "@mariozechner/pi-coding-agent": "^0.52.0",
+    "@mariozechner/pi-ai": "^0.52.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.4.0",
+    "vitest": "^2.0.0"
+  }
+}

package/skills/build-client/SKILL.md

@@ -0,0 +1,49 @@
+---
+description: Build Node workspaces required by installer and bridge services
+---
+# Build Client
+
+Run:
+
+```bash
+npm install
+npm run build --workspaces --if-present
+```
+
+## What It Does
+
+This skill builds TypeScript/Node workspace packages used by Smith Core.
+
+1. Installs workspace dependencies.
+2. Builds workspaces that expose a `build` script.
+3. Verifies installer and bridge artifacts compile.
+4. Ensures runtime JS entrypoints exist before launch.
+
+## Prerequisites
+
+- Node.js 22+.
+- npm available.
+- Internet access for package installation.
+
+## Expected Output
+
+- `npm install` completes without fatal errors.
+- Build runs for `@smith/pi-bridge` and `@sibyllinesoft/smith-installer`.
+
+## Reading Results
+
+- TypeScript compile failures indicate code/config drift.
+- Missing workspace build output blocks installer CLI execution.
+
+## Common Failures
+
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| npm install fails | Network/auth/registry issues | Fix npm connectivity and retry |
+| TypeScript errors in build | Source mismatch | Fix TS errors before bootstrap |
+| Wrong Node version | Node < 22 | Upgrade Node runtime |
+| Workspace not built | Missing `build` script | Add or correct workspace script |
+
+## Notes
+
+Use this before running installer commands that depend on `dist/` outputs.

package/skills/choose-deployment/SKILL.md

@@ -0,0 +1,48 @@
+---
+description: Choose deployment profile for Smith Core installation
+---
+# Choose Deployment
+
+Run:
+
+```bash
+export SMITH_DEPLOYMENT_MODE=local
+```
+
+## What It Does
+
+This skill sets deployment intent for the installer session.
+
+1. Selects local-first deployment for open-source Smith Core.
+2. Keeps infrastructure on local Docker networking.
+3. Avoids assumptions about external managed tunnel services.
+4. Ensures follow-up commands target local endpoints.
+
+## Prerequisites
+
+- User decision on local vs externally exposed deployment.
+
+## Expected Output
+
+Environment reflects local mode:
+
+```text
+SMITH_DEPLOYMENT_MODE=local
+```
+
+## Reading Results
+
+- `local` means services run via `docker compose` on this machine.
+- Any external ingress should be configured separately after bootstrap.
+
+## Common Failures
+
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| Variable not visible in later commands | Exported in another shell | Export in the active shell/session |
+| Confusion about cloud mode | Legacy docs mention tunnels | Use local mode for core OSS bootstrap |
+| External access needed | Out-of-scope for default installer | Configure reverse proxy separately |
+
+## Notes
+
+Current installer implementation validates and bootstraps local development flows.

package/skills/configure-agentd/SKILL.md

@@ -0,0 +1,74 @@
+---
+description: Configure environment and path defaults used by agentd and bridge components
+---
+# Configure Agentd
+
+Run:
+
+```bash
+cp -n .env.example .env || true
+
+if [ "$(uname -s)" = "Darwin" ]; then
+  command -v gondolin >/dev/null
+  grep -q '^SMITH_EXECUTOR_VM_POOL_ENABLED=' .env || echo 'SMITH_EXECUTOR_VM_POOL_ENABLED=true' >> .env
+  grep -q '^SMITH_EXECUTOR_VM_METHOD=' .env || echo 'SMITH_EXECUTOR_VM_METHOD=gondolin' >> .env
+  grep -q '^SMITH_EXECUTOR_GONDOLIN_COMMAND=' .env || echo 'SMITH_EXECUTOR_GONDOLIN_COMMAND=gondolin' >> .env
+  grep -q '^SMITH_EXECUTOR_GONDOLIN_ARGS=' .env || echo 'SMITH_EXECUTOR_GONDOLIN_ARGS=exec,--' >> .env
+fi
+```
+
+## What It Does
+
+This skill establishes baseline environment configuration for local runs.
+
+1. Creates `.env` from `.env.example` when missing.
+2. Ensures key URLs and credentials are available for local services.
+3. Makes bridge and stack configuration explicit and reproducible.
+4. Avoids hidden machine-specific defaults.
+5. On macOS, enables Gondolin-backed persistent VM sessions by default.
+
+## Prerequisites
+
+- Repository root writable.
+- `.env.example` present.
+
+## Expected Output
+
+- `.env` exists at repository root.
+- Variables for NATS/Postgres/Grafana/stack endpoints are present.
+- On macOS, Gondolin VM defaults are present:
+  - `SMITH_EXECUTOR_VM_POOL_ENABLED=true`
+  - `SMITH_EXECUTOR_VM_METHOD=gondolin`
+  - `SMITH_EXECUTOR_GONDOLIN_COMMAND=gondolin`
+  - `SMITH_EXECUTOR_GONDOLIN_ARGS=exec,--`
+
+## Reading Results
+
+Review and customize at minimum:
+
+- `POSTGRES_PASSWORD`
+- `GRAFANA_ADMIN_PASSWORD`
+- `MCP_INDEX_API_TOKEN`
+- `AGENTD_CONFIG`
+- `SMITH_NATS_URL`
+- `SMITH_DATABASE_URL`
+- `AGENTD_URL`
+- `SMITH_EXECUTOR_VM_POOL_ENABLED` (set to `true` on macOS)
+- `SMITH_EXECUTOR_VM_METHOD` (set to `gondolin` on macOS)
+
+If this system is not isolated to a private network, set up a private access path
+(for example Cloudflare Tunnel or Tailscale) before exposing services.
+
+## Common Failures
+
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| `.env` not created | Permission/path issue | Create file manually and retry |
+| Service auth failures | Password mismatch with compose | Align `.env` values and restart stack |
+| Bridge cannot reach agentd | Bad `AGENTD_URL` | Set reachable URL and rerun |
+| Unexpected defaults used | Variable unset | Populate `.env` explicitly |
+| `gondolin` not found on macOS | Gondolin missing from PATH | Install Gondolin and retry |
+
+## Notes
+
+There is no generated `agentd.toml` workflow in the current installer path.

package/skills/configure-policy/SKILL.md

@@ -0,0 +1,134 @@
+---
+description: Inspect and configure OPA security policies for agentd intent evaluation and gateway authorization
+---
+# Configure Policy
+
+Run these read-only inspection commands to understand the current policy state:
+
+```bash
+# Query opa_policies table for active policy records
+docker compose exec -T postgres psql -U smith -d smith -c "SELECT id, name, updated_at FROM opa_policies ORDER BY updated_at DESC;"
+
+# View tool-access policy data (most commonly edited artifact)
+docker compose exec -T postgres psql -U smith -d smith -c "SELECT data FROM opa_policies WHERE name = 'tool_access';"
+
+# Check OPA server health (Docker-internal only, port 8181 is not published to host)
+docker compose exec -T opa-management wget -qO- http://localhost:8181/health
+
+# List loaded OPA policies
+docker compose exec -T opa-management wget -qO- http://localhost:8181/v1/policies
+
+# Show executor.policy section from agentd config
+grep -A 20 '^\[executor\.policy\]' agent/agentd/config/agentd.toml || echo "No [executor.policy] section found"
+
+# List Rego policy files
+ls -la agent/agentd/policy/*.rego 2>/dev/null || echo "No .rego files found"
+```
+
+## What It Does
+
+This skill inspects and configures the OPA (Open Policy Agent) security policy system that governs agentd intent evaluation and gateway authorization.
+
+### Security Profiles
+
+Smith Core ships three security profiles:
+
+1. **Permissive** (workstation) — broad tool access; suitable for local development.
+2. **Strict** (server) — restricted tool set; requires explicit allowlisting.
+3. **Paranoid** (max security) — minimal defaults; every tool must be individually approved.
+
+### Architecture
+
+- 10 Rego policy files live at `agent/agentd/policy/*.rego`.
+- Policy data is stored in PostgreSQL (`opa_policies` table) and synced to the OPA management server.
+- Sync flow: **PostgreSQL** -> **admission service** -> **OPA server (8181)** -> **Envoy ext_authz (9292)**.
+- Separately, agentd evaluates policies in-process via the `regorus` embedded Rego engine using `[executor.policy]` config in `agentd.toml`.
+
+### Important: OPA is Docker-internal only
+
+OPA uses `expose: ["8181"]` in docker-compose (no `ports:` mapping), so `curl localhost:8181` will **not** work from the host. All OPA API commands must use `docker compose exec -T opa-management` to reach the OPA API.
+
+## Mutation Commands
+
+These commands modify policy state. Use them interactively after inspecting current state:
+
+### Edit tool-access policy data
+
+```bash
+docker compose exec -T postgres psql -U smith -d smith -c "UPDATE opa_policies SET data = '<new-json>' WHERE name = 'tool_access';"
+```
+
+### Build policy bundle
+
+```bash
+bash agent/agentd/scripts/build-policy-bundle.sh
+```
+
+### Validate Rego files (requires OPA CLI on host)
+
+```bash
+opa check agent/agentd/policy/
+```
+
+### Force re-sync from PostgreSQL to OPA
+
+```bash
+docker compose restart opa-management
+```
+
+## Prerequisites
+
+- Docker stack running (`docker compose ps` shows `postgres` and `opa-management` healthy).
+- `opa_policies` table populated (happens during initial `start-stack` phase).
+- `agent/agentd/config/agentd.toml` present.
+
+## Expected Output
+
+- `opa_policies` table lists active policy records with timestamps.
+- OPA health endpoint returns `{"status": "ok"}` or similar.
+- Rego files are listed at `agent/agentd/policy/*.rego`.
+- `[executor.policy]` config section is visible in `agentd.toml`.
+
+## Common Failures
+
+| Symptom | Cause | Fix |
+|---------|-------|-----|
+| `psql` connection refused | Postgres container not running | `docker compose up -d postgres` |
+| OPA health check fails | `opa-management` container not running | `docker compose up -d opa-management` |
+| Empty `opa_policies` table | Policies not seeded | Re-run `start-stack` skill or seed manually |
+| `regorus` evaluation errors in agentd logs | Rego syntax error in policy files | Run `opa check agent/agentd/policy/` to validate |
+| Changes not reflected in authorization | Sync lag or stale cache | `docker compose restart opa-management` |
+
+## Notes
+
+### Tool-Access Policy Data Structure
+
+The `tool_access` policy record in `opa_policies` stores a JSON document with the following structure:
+
+```json
+{
+  "default": "permissive",
+  "exceptions": {
+    "strict": {
+      "allowed_tools": ["shell_exec", "file_read", "file_write"],
+      "denied_tools": ["network_raw", "kernel_module"]
+    },
+    "paranoid": {
+      "allowed_tools": ["file_read"],
+      "denied_tools": ["*"]
+    }
+  },
+  "source_restrictions": {
+    "untrusted": {
+      "untrusted_allowed_tools": ["file_read", "shell_exec"]
+    }
+  }
+}
+```
+
+- **`default`**: The active security profile name (`permissive`, `strict`, or `paranoid`).
+- **`exceptions`**: Per-profile overrides that define `allowed_tools` and `denied_tools` lists.
+- **`source_restrictions`**: Controls which tools are available to untrusted request sources.
+- **`untrusted_allowed_tools`**: Subset of tools that untrusted callers may invoke regardless of profile.
+
+To change the active profile, update the `default` field. To customize tool access within a profile, modify the corresponding entry in `exceptions`.