@vfarcic/dot-ai 0.103.0 → 0.105.0

package/prompts/map-intent-to-operation.md

@@ -0,0 +1,104 @@
+# Map User Intent to Platform Operation
+
+You are helping map natural language user intent to available Kubernetes platform operations.
+
+## User Intent
+```text
+{intent}
+```
+
+## Available Operations
+```json
+{operations}
+```
+
+## Your Task
+
+Analyze the user intent and find the **single best matching operation** from the available operations list.
+
+### Matching Guidelines
+
+1. **Keyword Matching**: Look for operation names, tool names, or descriptions that match intent keywords
+2. **Context Understanding**: Consider what the user is trying to accomplish
+3. **Semantic Matching**: Match based on meaning, not just exact words
+   - "Install X" → operation with "install", "apply", "setup" in name/description
+   - "Create cluster" → operation with "create" and "kubernetes"
+   - "Deploy X" → operation with "apply", "install"
+   - "Remove X" → operation with "delete", "uninstall"
+
+4. **Be Specific**:
+   - "Install database" → Match to actual database tool (CNPG for PostgreSQL), not schema migration tools
+   - "Install Argo CD" / "Install ArgoCD" → Match to ArgoCD installation
+   - Consider the primary purpose of each tool from its description
+
+### Response Format
+
+Return **ONLY** valid JSON (no markdown, no code blocks, no explanations):
+
+**If exact match found:**
+```json
+{
+  "matched": true,
+  "operation": {
+    "tool": "ArgoCD",
+    "operation": "install",
+    "command": ["apply", "argocd"],  // COPY THIS EXACTLY from operations data - do NOT modify
+    "description": "Installs ArgoCD with optional ingress and applications setup"
+  }
+}
+```
+
+**CRITICAL**: The `command` array MUST be copied **character-for-character** from the operations data. Do NOT infer, modify, or construct it based on the user's intent.
+
+**If no match found:**
+```json
+{
+  "matched": false,
+  "reason": "No operation matches the intent 'Install FooBarBaz'. Use stage: 'list' to see all available operations."
+}
+```
+
+### Important Rules
+
+- Return **only one operation** (the best match)
+- If no reasonable match exists, return `"matched": false` with helpful reason
+- Be confident in your matches - don't be overly conservative
+- Consider synonyms: "install" ≈ "setup" ≈ "deploy" ≈ "apply"
+- **CRITICAL**: Use the **EXACT command array** from the operations data - do NOT modify it
+  - User may say "cross plane" but if operation command is ["apply", "crossplane"], use that exactly
+  - User may say "external secrets" but if command is ["apply", "externalsecrets"], use that exactly
+  - Match by description/meaning, but return the exact command from operations data
+- Extract tool name from the operation name or description
+- Extract operation type from the command or description (e.g., "install" for apply commands)
+
+### Examples
+
+**Intent**: "Install Crossplane"
+**Operations**:
+```json
+[{
+  "name": "Crossplane",
+  "description": "Infrastructure management tool",
+  "operations": [{"name": "apply", "command": ["apply", "crossplane"]}]
+}]
+```
+→ Match to: `{"matched": true, "operation": {"tool": "Crossplane", "operation": "apply", "command": ["apply", "crossplane"], "description": "Infrastructure management tool"}}`
+
+**Intent**: "Create a kind cluster"
+**Operations**:
+```json
+[{
+  "name": "Kubernetes",
+  "description": "Kubernetes cluster management",
+  "operations": [{"name": "create", "command": ["create", "kubernetes", "kind"]}]
+}]
+```
+→ Match to: `{"matched": true, "operation": {"tool": "Kubernetes", "operation": "create", "command": ["create", "kubernetes", "kind"], "description": "Kubernetes cluster management"}}`
+
+**Intent**: "Install FooBarBaz"
+**Operations**: `[{...no matching operations...}]`
+→ No match: `{"matched": false, "reason": "No operation matches the intent 'Install FooBarBaz'. Use stage: 'list' to see all available operations."}`
+
+**REMEMBER**: Always copy the exact `command` array from the operations data!
+
+Now analyze the user intent and return the matching operation in JSON format.

package/prompts/parse-script-operations.md

@@ -0,0 +1,72 @@
+# Parse Nu Shell Script Operations
+
+You are a specialized parser that extracts available operations from Nushell script help output.
+
+## Input
+
+Here is the help output from a Nu shell script:
+
+```text
+{helpOutput}
+```
+
+## Task
+
+Parse this help output and extract all available tools/resources with their operations into a structured JSON array.
+
+## Rules
+
+1. Group operations by tool/resource (e.g., ArgoCD, Kubernetes cluster, Crossplane)
+2. For each tool/resource, identify available operations (apply, delete, create, destroy, build, configure, etc.)
+3. Extract:
+   - `name`: Tool/resource name (e.g., "ArgoCD", "Kubernetes cluster", "Crossplane")
+   - `description`: Description of what this tool/resource does
+   - `operations`: Array of operation objects, each with:
+     - `name`: Operation name extracted from help (e.g., "apply", "delete", "create")
+     - `command`: Array of command parts from help output (e.g., ["apply", "argocd"])
+4. **CRITICAL**: Extract command arrays EXACTLY as they appear in help - "dot.nu apply argocd" → `["apply", "argocd"]`
+5. Do NOT include internal utility commands like "get", "print", "packages"
+
+## Examples
+
+From help output like:
+```sh
+dot.nu apply argocd - Installs ArgoCD with optional ingress
+dot.nu delete argocd - Removes ArgoCD
+dot.nu create kubernetes - Creates a Kubernetes cluster
+dot.nu destroy kubernetes - Destroys a Kubernetes cluster
+```
+
+Extract:
+```json
+[
+  {
+    "name": "ArgoCD",
+    "description": "GitOps continuous delivery tool for Kubernetes",
+    "operations": [
+      {"name": "apply", "command": ["apply", "argocd"]},
+      {"name": "delete", "command": ["delete", "argocd"]}
+    ]
+  },
+  {
+    "name": "Kubernetes cluster",
+    "description": "Kubernetes cluster management",
+    "operations": [
+      {"name": "create", "command": ["create", "kubernetes"]},
+      {"name": "destroy", "command": ["destroy", "kubernetes"]}
+    ]
+  }
+]
+```
+
+## Output Format
+
+Return ONLY a JSON array with no additional text, markdown formatting, or explanation.
+
+## Important
+
+- Return ONLY the JSON array
+- NO markdown code blocks (no ```json)
+- NO explanations
+- NO additional text
+- Just the raw JSON array starting with [ and ending with ]

package/prompts/question-generation.md

@@ -17,6 +17,10 @@
 
 ## Instructions
 
+## ⚠️ CRITICAL: MANDATORY "name" FIELD REQUIREMENT
+
+**BEFORE GENERATING ANY QUESTIONS**: The REQUIRED section MUST include a question with `id: "name"`. This is non-negotiable and your response will be rejected if this field is missing or renamed to any variation like "cluster-name", "deployment-name", or "app-name".
+
 ## 🛡️ POLICY-AWARE QUESTION GENERATION (HIGHEST PRIORITY)
 
 **Policy Requirements Integration:**
@@ -52,9 +56,21 @@ Organize questions into three categories based on their importance and impact:
 ### REQUIRED Questions
 Essential information needed for basic functionality. These are mandatory fields or critical configuration that makes the difference between working and non-working deployments. Without answers to these questions, the manifests cannot be generated or will fail to deploy.
 
-**MANDATORY QUESTIONS**: You MUST always include these questions in the REQUIRED section:
-- `name`: Resource name (applies to metadata.name across all resources)
-- `namespace`: Target namespace (ONLY if any resource in the solution is namespace-scoped - check resource scope information)
+**🚨 CRITICAL MANDATORY REQUIREMENTS - NON-NEGOTIABLE 🚨**
+
+You MUST include these EXACT questions with these EXACT IDs in the REQUIRED section. DO NOT rename, replace, or substitute these with similar fields:
+
+1. **REQUIRED: `name` question (id: "name")**
+   - Question ID MUST be exactly: `"id": "name"`
+   - DO NOT use: "cluster-name", "deployment-name", "app-name", or any variation
+   - This is used for tracking and metadata - the manifest generator will apply it appropriately to resource-specific name fields
+   - Example: `{"id": "name", "question": "What is the name for this deployment?", "type": "text", ...}`
+
+2. **REQUIRED: `namespace` question (id: "namespace")**
+   - ONLY if any resource in the solution is namespace-scoped - check resource scope information
+   - Question ID MUST be exactly: `"id": "namespace"`
+
+**VALIDATION**: Your response will fail if the REQUIRED section does not contain a question with `"id": "name"`
 
 ### BASIC Questions  
 Common configuration options most users will want to set. These improve the deployment but aren't strictly required for basic functionality. They represent sensible customizations that enhance the deployment.
@@ -113,6 +129,17 @@ Return your response as JSON in this exact format:
 ```json
 {
   "required": [
+    {
+      "id": "name",
+      "question": "What is the name for this deployment?",
+      "type": "text",
+      "placeholder": "e.g., my-app",
+      "validation": {
+        "required": true,
+        "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
+      },
+      "suggestedAnswer": "example-app"
+    },
     {
       "id": "unique-kebab-case-id",
       "question": "User-friendly question text?",
@@ -143,6 +170,7 @@ Return your response as JSON in this exact format:
 
 ## Important Notes
 
+- **CRITICAL VALIDATION REQUIREMENT**: The REQUIRED section MUST contain a question with `"id": "name"` - responses without this will be rejected
 - **CRITICAL**: Only ask questions about properties explicitly defined in the provided resource schemas
 - **REQUIRED**: Each question must include a `suggestedAnswer` field with a valid example value that passes the validation rules
 - **Generate comprehensive questions** covering all meaningful configuration options available in the resource schemas

package/scripts/ack.nu

@@ -0,0 +1,195 @@
+#!/usr/bin/env nu
+
+# Installs and configures AWS Controllers for Kubernetes (ACK)
+#
+# Examples:
+# > main apply ack --cluster_name my-cluster --region us-west-2
+def --env "main apply ack" [
+    --cluster_name = "dot"
+    --region = "us-east-1"
+    --apply_irsa = true
+    --aws-access-key-id: string,      # AWS Access Key ID (optional, falls back to AWS_ACCESS_KEY_ID env var)
+    --aws-secret-access-key: string   # AWS Secret Access Key (optional, falls back to AWS_SECRET_ACCESS_KEY env var)
+] {
+
+    print $"\nApplying (ansi yellow_bold)ACK Controllers(ansi reset)...\n"
+
+    mut access_key = $aws_access_key_id
+    if ($access_key | is-empty) and ("AWS_ACCESS_KEY_ID" in $env) {
+        $access_key = $env.AWS_ACCESS_KEY_ID
+    } else if ($access_key | is-empty) {
+        error make { msg: "AWS Access Key ID required via --aws-access-key-id parameter or AWS_ACCESS_KEY_ID environment variable" }
+    }
+    $env.AWS_ACCESS_KEY_ID = $access_key
+    $"export AWS_ACCESS_KEY_ID=($env.AWS_ACCESS_KEY_ID)\n"
+        | save --append .env
+
+    mut secret_key = $aws_secret_access_key
+    if ($secret_key | is-empty) and ("AWS_SECRET_ACCESS_KEY" in $env) {
+        $secret_key = $env.AWS_SECRET_ACCESS_KEY
+    } else if ($secret_key | is-empty) {
+        error make { msg: "AWS Secret Access Key required via --aws-secret-access-key parameter or AWS_SECRET_ACCESS_KEY environment variable" }
+    }
+    $env.AWS_SECRET_ACCESS_KEY = $secret_key
+    $"export AWS_SECRET_ACCESS_KEY=($env.AWS_SECRET_ACCESS_KEY)\n"
+        | save --append .env
+
+    let password = (
+        aws ecr-public get-login-password --region us-east-1
+    )
+
+    (
+        helm registry login --username AWS --password $password 
+            public.ecr.aws
+    )
+
+    mut aws_account_id = ""
+    mut oidc_provider = ""
+
+    if $apply_irsa {
+
+        if AWS_ACCOUNT_ID in $env {
+            $aws_account_id = $env.AWS_ACCOUNT_ID
+        } else {
+            $aws_account_id = (
+                aws sts get-caller-identity --query "Account"
+                    --output text
+            )
+        }
+
+        if OIDC_PROVIDER in $env {
+            $oidc_provider = $env.OIDC_PROVIDER
+        } else {
+            $oidc_provider = (
+                aws eks describe-cluster --name $cluster_name
+                    --region $region
+                    --query "cluster.identity.oidc.issuer"
+                    --output text | str replace "https://" ""
+            )
+        }
+
+    }
+
+    let controllers = [
+        {name: "ec2", version: "1.3.7"},
+        {name: "rds", version: "1.4.14"},
+    ]
+    for controller in $controllers {
+
+        let ack_controller_iam_role = $"ack-($controller.name)-controller"
+
+        (
+            helm upgrade --install $ack_controller_iam_role
+                oci://public.ecr.aws/aws-controllers-k8s/($controller.name)-chart
+                $"--version=($controller.version)"
+                --create-namespace --namespace ack-system
+                --set aws.region=us-east-1
+        )
+
+        if $apply_irsa {
+
+            {
+                Version: "2012-10-17",
+                Statement: [
+                    {
+                        Effect: "Allow",
+                        Principal: {
+                            Federated: $"arn:aws:iam::($aws_account_id):oidc-provider/($oidc_provider)"
+                        },
+                        "Action": "sts:AssumeRoleWithWebIdentity",
+                        "Condition": {
+                            "StringEquals": {
+                                $"($oidc_provider):sub": $"system:serviceaccount:ack-system:($ack_controller_iam_role)"
+                            }
+                        }
+                    }
+                ]
+            } | to json | save trust.json --force
+
+            do --ignore-errors {(
+                aws iam create-role
+                    --role-name $ack_controller_iam_role
+                    --assume-role-policy-document file://trust.json
+                    --description $"IRSA role for ACK ($controller.name) controller deployment on EKS cluster using Helm charts"
+            )}
+
+            let policy_arns = (
+                get policy_arns --controller $controller.name
+            )
+
+            for policy_arn in $policy_arns {(
+                aws iam attach-role-policy
+                    --role-name $ack_controller_iam_role
+                    --policy-arn $policy_arn
+            )}
+
+            let role_arn = (
+                aws iam get-role --role-name $ack_controller_iam_role
+                    --query Role.Arn --output text
+            )
+
+            (
+                kubectl --namespace ack-system
+                    annotate serviceaccount $ack_controller_iam_role
+                    $"eks.amazonaws.com/role-arn=($role_arn)"
+            )
+
+            (
+                kubectl --namespace ack-system
+                    rollout restart deployment
+                    $"($ack_controller_iam_role)-($controller.name)-chart"
+            )
+
+            (
+                kubectl --namespace ack-system wait
+                    --for=condition=ready pods
+                    --selector $"app.kubernetes.io/instance=($ack_controller_iam_role)"
+            )
+
+        }
+
+    }
+
+}
+
+# Removes AWS Controllers for Kubernetes (ACK) and deletes associated IAM roles
+def --env "main delete ack" [] {
+
+    let controllers = [
+        "ec2",
+        "rds"
+    ]
+    for controller in $controllers {
+
+        let ack_controller_iam_role = $"ack-($controller)-controller"
+
+        let policy_arns = (
+            get policy_arns --controller $controller
+        )
+
+        for policy_arn in $policy_arns {
+            
+        do --ignore-errors {(
+            aws iam detach-role-policy
+                --role-name ($ack_controller_iam_role)
+                --policy-arn ($policy_arn)
+            )}
+        }
+
+        aws iam delete-role --role-name $ack_controller_iam_role
+
+    }
+
+}
+
+def "get policy_arns" [
+    --controller = "ec2"
+] {
+    
+    let base_url = $"https://raw.githubusercontent.com/aws-controllers-k8s/($controller)-controller/main"
+
+    let policy_arn_url = $"($base_url)/config/iam/recommended-policy-arn"
+
+    http get $policy_arn_url | lines
+
+}

package/scripts/anthropic.nu

@@ -0,0 +1,24 @@
+#!/usr/bin/env nu
+
+# Retrieves Anthropic token
+#
+# Parameters:
+# --anthropic-api-key: Anthropic API key (optional, falls back to ANTHROPIC_API_KEY env var)
+#
+# Returns:
+# A record with token, and saves values to .env file
+def --env "main get anthropic" [
+    --anthropic-api-key: string
+] {
+
+    mut key = $anthropic_api_key
+    if ($key | is-empty) and ("ANTHROPIC_API_KEY" in $env) {
+        $key = $env.ANTHROPIC_API_KEY
+    } else if ($key | is-empty) {
+        error make { msg: "Anthropic API key required via --anthropic-api-key parameter or ANTHROPIC_API_KEY environment variable" }
+    }
+    $"export ANTHROPIC_API_KEY=($key)\n" | save --append .env
+
+    {token: $key}
+
+}

package/scripts/argo-workflows.nu

@@ -0,0 +1,47 @@
+#!/usr/bin/env nu
+
+# Installs Argo Workflows with container registry credentials
+#
+# Examples:
+# > main apply argoworkflows my-user my-password user@example.com --registry ghcr.io
+def "main apply argoworkflows" [
+    registry_user: string     # Container image registry user
+    registry_password: string # Container image registry password
+    registry_email: string    # Container image registry email
+    --registry = "ghcr.io"    # Container image registry
+] {
+
+    kubectl create namespace argo
+
+    (
+        kubectl --namespace argo apply 
+            --filename "https://github.com/argoproj/argo-workflows/releases/download/v3.6.0/quick-start-minimal.yaml"
+    )
+
+    let auth = ( $"($registry_user):($registry_password)" | base64 )
+
+    let json = {
+        "auths": {
+            $"($registry)": {
+                "auth": $"($auth)"
+            }
+        }
+    } | to json
+
+    (
+        kubectl --namespace argo create secret
+            docker-registry regcred
+            $"--docker-server=($registry)"
+            --docker-username=($registry_user)
+            --docker-password=($registry_password)
+            --docker-email=($registry_email)
+    )
+    
+    (
+        kubectl --namespace argo create secret
+            generic registry-creds
+            --from-literal $"password=($registry_password)"
+            --from-literal $"config.json=($json)"
+    )
+
+}

package/scripts/argocd.nu

@@ -0,0 +1,85 @@
+#!/usr/bin/env nu
+
+# Installs ArgoCD with optional ingress and applications setup
+#
+# Examples:
+# > main apply argocd --host_name argocd.example.com --ingress_class_name nginx
+def "main apply argocd" [
+    --host-name = "",
+    --apply-apps = true,
+    --ingress-class-name = "traefik"
+] {
+
+    let git_url = git config --get remote.origin.url
+
+    {
+        configs: {
+            secret: {
+                argocdServerAdminPassword: "$2a$10$m3eTlEdRen0nS86c5Zph5u/bDFQMcWZYdG3NVdiyaACCqoxLJaz16"
+                argocdServerAdminPasswordMtime: "2021-11-08T15:04:05Z"
+            }
+            cm: {
+                application.resourceTrackingMethod: annotation
+                timeout.reconciliation: 60s
+            }
+            params: { "server.insecure": true }
+        }
+        server: {
+            ingress: {
+                enabled: true
+                ingressClassName: $ingress_class_name
+                hostname: $host_name
+            }
+            extraArgs: [
+                --insecure
+            ]
+        }
+    } | save argocd-values.yaml --force
+
+    helm repo add argo https://argoproj.github.io/argo-helm
+
+    helm repo update
+  
+    (
+        helm upgrade --install argocd argo/argo-cd
+            --namespace argocd --create-namespace
+            --values argocd-values.yaml --wait
+    )
+
+    mkdir argocd
+
+    {
+        apiVersion: argoproj.io/v1alpha1
+        kind: Application
+        metadata: {
+            name: apps
+            namespace: argocd
+        }
+        spec: {
+            project: default
+            source: {
+                repoURL: $git_url
+                targetRevision: HEAD
+                path: apps
+            }
+            destination: {
+                server: "https://kubernetes.default.svc"
+                namespace: a-team
+            }
+            syncPolicy: {
+                automated: {
+                    selfHeal: true
+                    prune: true
+                    allowEmpty: true
+                }
+            }
+        }
+    } | save argocd/app.yaml --force
+
+    if $apply_apps {
+        
+        kubectl apply --filename argocd/app.yaml
+
+    }
+
+}

package/scripts/aso.nu

@@ -0,0 +1,74 @@
+#!/usr/bin/env nu
+
+def --env "main apply aso" [
+    --namespace = "default"
+    --apply_creds = true
+    --sync_period = "1h"
+    --azure-tenant: string  # Azure Tenant ID (optional, falls back to AZURE_TENANT env var)
+] {
+
+    (
+        helm upgrade --install aso2 azure-service-operator
+            --repo https://raw.githubusercontent.com/Azure/azure-service-operator/main/v2/charts
+            --namespace=azureserviceoperator-system
+            --create-namespace
+            --set crdPattern='resources.azure.com/*;dbforpostgresql.azure.com/*'
+            --wait
+    )
+
+    if $apply_creds {
+
+        mut tenant = $azure_tenant
+        if ($tenant | is-empty) and ("AZURE_TENANT" in $env) {
+            $tenant = $env.AZURE_TENANT
+        } else if ($tenant | is-empty) {
+            error make { msg: "Azure Tenant ID required via --azure-tenant parameter or AZURE_TENANT environment variable" }
+        }
+        $"export AZURE_TENANT=($tenant)\n" | save --append .env
+
+        az login --tenant $tenant
+
+        let subscription_id = (az account show --query id -o tsv)
+
+        let azure_data = (
+            az ad sp create-for-rbac --sdk-auth --role Owner
+                --scopes $"/subscriptions/($subscription_id)" | from json
+        )
+
+        {
+            apiVersion: "v1"
+            kind: "Secret"
+            metadata: {
+                name: "aso-credential"
+                namespace: $namespace
+            }
+            stringData: {
+                AZURE_SUBSCRIPTION_ID: $azure_data.subscriptionId
+                AZURE_TENANT_ID: $azure_data.tenantId
+                AZURE_CLIENT_ID: $azure_data.clientId
+                AZURE_CLIENT_SECRET: $azure_data.clientSecret
+            }
+        } | to yaml | kubectl apply --filename -
+
+        {
+            apiVersion: "v1"
+            kind: "Secret"
+            metadata: {
+                name: "aso-controller-settings"
+                namespace: "azureserviceoperator-system"
+            }
+            stringData: {
+                MAX_CONCURRENT_RECONCILES: "1"
+                AZURE_SYNC_PERIOD: $sync_period
+            }
+        } | to yaml | kubectl apply --filename -
+
+        (
+            kubectl --namespace azureserviceoperator-system
+                rollout restart deployment
+                azureserviceoperator-controller-manager
+        )
+
+    }
+
+}

package/scripts/atlas.nu

@@ -0,0 +1,15 @@
+#!/usr/bin/env nu
+
+# Installs the Atlas Operator for database schema migrations
+def "main apply atlas" [] {
+
+    print $"\nInstalling (ansi yellow_bold)Atlas Operator(ansi reset)...\n"
+
+    (
+        helm upgrade --install atlas-operator 
+            oci://ghcr.io/ariga/charts/atlas-operator 
+            --namespace atlas-operator --create-namespace
+            --wait
+    )
+
+}