gitops-ai 1.2.1 → 1.2.3

package/README.md

@@ -16,48 +16,33 @@ GitOps-managed Kubernetes infrastructure for AI-powered applications powered by
 
 ## Quick Start
 
-On your Mac or Linux machine:
+If you already have **Node.js** on your Mac or Linux machine:
 
 ```bash
 npx gitops-ai bootstrap
 ```
 
-Or SSH into your server (or run locally on macOS) and run:
+If Node is not installed yet, use the helper script — it installs Node when missing (on macOS, [Homebrew](https://brew.sh) is required for that step), then starts the wizard:
 
 ```bash
-curl -sfL https://raw.githubusercontent.com/your-org/gitops-ai/main/install.sh | bash
-```
-
-Or, if you already have Node.js >= 18:
-
-```bash
-npx gitops-ai bootstrap
+curl -sfL https://raw.githubusercontent.com/GitOpsAI/gitops-ai-bootstrapper/refs/heads/main/install.sh | bash
 ```
 
 The interactive wizard will prompt for your Git provider (GitHub or GitLab), create or use a repository from the [GitOps AI Template](https://github.com/GitOpsAI/gitops-ai-template), and run the full bootstrap.
 
 ## Requirements
 
-| Resource    | Minimum                                       |
-|-------------|-----------------------------------------------|
-| **CPU**     | 2+ cores                                      |
-| **Memory**  | 4+ GB                                         |
-| **Disk**    | 20+ GB free                                   |
-| **OS**      | Ubuntu 25.04+ or macOS                        |
-| **Node.js** | 18+ (installed automatically by `install.sh`) |
+| Resource    | Minimum                                                  |
+|-------------|----------------------------------------------------------|
+| **CPU**     | 2+ cores                                                 |
+| **Memory**  | 4+ GB                                                    |
+| **Disk**    | 20+ GB free                                              |
+| **OS**      | Ubuntu 25.04+ or macOS                                   |
+| **Node.js** | 18+ (installed automatically by `install.sh`)            |
+| **Docker**  | macOS only — Docker Desktop; not used on Linux bootstrap |
 
 You will also need a [GitLab PAT](docs/prerequisites.md#1-gitlab-personal-access-token), a [Cloudflare API Token](docs/prerequisites.md#2-cloudflare-api-token) (if using automatic DNS/TLS), and an [OpenAI API Key](docs/prerequisites.md#3-openai-api-key) (if using OpenClaw). See [Prerequisites](docs/prerequisites.md) for full details.
 
-### Docker runtime (macOS only)
-
-macOS requires a Docker-compatible runtime for k3d. Install one of:
-
-- [Docker Desktop](https://www.docker.com/products/docker-desktop/)
-- [OrbStack](https://orbstack.dev/)
-- [Colima](https://github.com/abiosoft/colima)
-
-On Linux the bootstrap installs k3s directly -- no Docker required.
-
 ## Template Repository
 
 This CLI bootstraps clusters from the [GitOps AI Template](https://github.com/GitOpsAI/gitops-ai-template) -- a ready-made GitOps repository structure that Flux uses as the single source of truth for your cluster.
@@ -74,11 +59,11 @@ Keeping the template in a separate repository means:
 
 The upstream template (and your bootstrapped repo) is organised roughly as:
 
-| Path                     | Role                                                                                                                                                                                        |
-|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Path                     | Role                                                                                                            |
+|--------------------------|-----------------------------------------------------------------------------------------------------------------|
 | `templates/<category>/…` | Shared Helm bases and component manifests (e.g. `templates/system/`, `templates/ai/`, `templates/monitoring/`). |
-| `clusters/_template/`    | Prototype cluster layout; the CLI copies this to `clusters/<your-cluster-name>/` during bootstrap.            |
-| `clusters/<name>/`       | Your live cluster overlay (`cluster-sync.yaml`, `components/`, encrypted secrets).                                                                                                          |
+| `clusters/_template/`    | Prototype cluster layout; the CLI copies this to `clusters/<your-cluster-name>/` during bootstrap.              |
+| `clusters/<name>/`       | Your live cluster overlay (`cluster-sync.yaml`, `components/`, encrypted secrets).                              |
 
 See [Architecture](docs/architecture.md) for diagrams and a fuller tree.
 

package/dist/commands/bootstrap.js

@@ -8,9 +8,10 @@ import { header, log, summary, nextSteps, finish, handleCancel, withSpinner, for
 import { saveInstallPlan, loadInstallPlan, clearInstallPlan } from "../utils/config.js";
 import { execAsync, exec, execSafe, commandExists } from "../utils/shell.js";
 import { isMacOS, isCI } from "../utils/platform.js";
-import { ensureAll } from "../core/dependencies.js";
+import { ensureAll, ensureDockerDaemonReady } from "../core/dependencies.js";
 import { runBootstrap, stripTemplateGitHubDirectory } from "../core/bootstrap-runner.js";
 import * as k8s from "../core/kubernetes.js";
+import * as k8sApi from "../core/k8s-api.js";
 import * as flux from "../core/flux.js";
 import { getProvider, } from "../core/git-provider.js";
 import { COMPONENTS, REQUIRED_COMPONENT_IDS, DNS_TLS_COMPONENT_IDS, MONITORING_COMPONENT_IDS, OPTIONAL_COMPONENTS, SOURCE_TEMPLATE_HOST, SOURCE_PROJECT_PATH, } from "../schemas.js";
@@ -64,8 +65,11 @@ async function enrichWithUser(state, token, provider) {
 // ---------------------------------------------------------------------------
 // Wizard field definitions (Esc / Ctrl+C = go back one field)
 // ---------------------------------------------------------------------------
-function buildFields(detectedIp, hasSavedPlan) {
+function buildFields(detectedIp, hasSavedPlan, savedPlanRaw) {
     const saved = (state, key) => hasSavedPlan && !!state[key];
+    const skipAdditionalSettingsToggle = hasSavedPlan &&
+        savedPlanRaw != null &&
+        savedPlanRaw.enableAdditionalSettings !== undefined;
     return [
         // ── Setup Mode ──────────────────────────────────────────────────────
         {
@@ -343,64 +347,6 @@ function buildFields(detectedIp, hasSavedPlan) {
                 ? ["Local path", `./${state.repoLocalPath}`]
                 : ["Local repo path", resolve(state.repoLocalPath || ".")],
         },
-        {
-            id: "repoBranch",
-            section: "Git Repository",
-            skip: (state) => saved(state, "repoBranch"),
-            run: async (state) => {
-                const v = await p.text({
-                    message: pc.bold("Git branch for Flux"),
-                    placeholder: "main",
-                    defaultValue: state.repoBranch,
-                });
-                if (p.isCancel(v))
-                    return back();
-                return { ...state, repoBranch: v };
-            },
-            review: (state) => ["Branch", state.repoBranch],
-        },
-        {
-            id: "templateTag",
-            section: "Git Repository",
-            hidden: (state) => !isNewRepo(state),
-            skip: (state) => saved(state, "templateTag"),
-            run: async (state) => {
-                const tags = await fetchTemplateTags();
-                if (tags.length > 0) {
-                    const options = [
-                        ...tags.map((tag, i) => ({
-                            value: tag,
-                            label: tag,
-                            hint: i === 0 ? "latest" : undefined,
-                        })),
-                        {
-                            value: "__manual__",
-                            label: "Enter manually…",
-                            hint: "type a tag or branch name",
-                        },
-                    ];
-                    const v = await p.select({
-                        message: pc.bold("Template version (tag) to clone"),
-                        options,
-                        initialValue: state.templateTag || tags[0],
-                    });
-                    if (p.isCancel(v))
-                        return back();
-                    if (v !== "__manual__") {
-                        return { ...state, templateTag: v };
-                    }
-                }
-                const v = await p.text({
-                    message: pc.bold("Template tag or branch to clone"),
-                    placeholder: "main",
-                    defaultValue: state.templateTag || "main",
-                });
-                if (p.isCancel(v))
-                    return back();
-                return { ...state, templateTag: v };
-            },
-            review: (state) => ["Template tag", state.templateTag],
-        },
         // ── DNS & TLS ─────────────────────────────────────────────────────────
         {
             id: "manageDnsAndTls",
@@ -793,6 +739,87 @@ function buildFields(detectedIp, hasSavedPlan) {
             },
             review: (state) => ["Network", `${state.clusterPublicIp}  allowed: ${state.ingressAllowedIps}`],
         },
+        // ── Additional settings (last — rarely needed) ─────────────────────────
+        {
+            id: "enableAdditionalSettings",
+            section: "Additional settings",
+            skip: () => skipAdditionalSettingsToggle,
+            run: async (state) => {
+                const v = await p.confirm({
+                    message: pc.bold("Setup additional settings?") +
+                        `\n${pc.dim("Regularly not needed")}`,
+                    initialValue: state.enableAdditionalSettings,
+                });
+                if (p.isCancel(v))
+                    return back();
+                return { ...state, enableAdditionalSettings: v };
+            },
+            review: (state) => [
+                "Customize branch & template",
+                state.enableAdditionalSettings
+                    ? "Yes"
+                    : "No — defaults (main / main)",
+            ],
+        },
+        {
+            id: "repoBranch",
+            section: "Additional settings",
+            hidden: (state) => !state.enableAdditionalSettings,
+            skip: (state) => saved(state, "repoBranch"),
+            run: async (state) => {
+                const v = await p.text({
+                    message: pc.bold("Git branch for Flux"),
+                    placeholder: "main",
+                    defaultValue: state.repoBranch,
+                });
+                if (p.isCancel(v))
+                    return back();
+                return { ...state, repoBranch: v };
+            },
+            review: (state) => ["Flux Git branch", state.repoBranch],
+        },
+        {
+            id: "templateTag",
+            section: "Additional settings",
+            hidden: (state) => !isNewRepo(state) || !state.enableAdditionalSettings,
+            skip: (state) => saved(state, "templateTag"),
+            run: async (state) => {
+                const tags = await fetchTemplateTags();
+                if (tags.length > 0) {
+                    const options = [
+                        ...tags.map((tag, i) => ({
+                            value: tag,
+                            label: tag,
+                            hint: i === 0 ? "latest" : undefined,
+                        })),
+                        {
+                            value: "__manual__",
+                            label: "Enter manually…",
+                            hint: "type a tag or branch name",
+                        },
+                    ];
+                    const v = await p.select({
+                        message: pc.bold("Template version (tag) to clone"),
+                        options,
+                        initialValue: state.templateTag || tags[0],
+                    });
+                    if (p.isCancel(v))
+                        return back();
+                    if (v !== "__manual__") {
+                        return { ...state, templateTag: v };
+                    }
+                }
+                const v = await p.text({
+                    message: pc.bold("Template tag or branch to clone"),
+                    placeholder: "main",
+                    defaultValue: state.templateTag || "main",
+                });
+                if (p.isCancel(v))
+                    return back();
+                return { ...state, templateTag: v };
+            },
+            review: (state) => ["Template tag", state.templateTag],
+        },
     ];
 }
 // ---------------------------------------------------------------------------
@@ -902,7 +929,12 @@ export async function openclawPair() {
         handleCancel();
     log.step("Listing pending device requests");
     try {
-        await execAsync("kubectl exec -n openclaw deployment/openclaw -c main -- node dist/index.js devices list");
+        const kc = k8sApi.kubeConfigFromDefault();
+        const code = await k8sApi.execInDeploymentContainerTty(kc, "openclaw", "openclaw", "main", ["node", "dist/index.js", "devices", "list"]);
+        if (code !== 0) {
+            log.error("devices list failed");
+            return process.exit(1);
+        }
     }
     catch {
         log.error("Failed to list device requests");
@@ -918,7 +950,12 @@ export async function openclawPair() {
     if (p.isCancel(requestId))
         handleCancel();
     log.step(`Approving device ${requestId}`);
-    await execAsync(`kubectl exec -n openclaw deployment/openclaw -c main -- node dist/index.js devices approve "${requestId}"`);
+    const kcApprove = k8sApi.kubeConfigFromDefault();
+    const approve = await k8sApi.execInDeploymentContainer(kcApprove, "openclaw", "openclaw", "main", ["node", "dist/index.js", "devices", "approve", requestId]);
+    if (approve.exitCode !== 0) {
+        log.error(approve.stderr || "approve failed");
+        return process.exit(1);
+    }
     log.success("Device paired successfully");
 }
 // ---------------------------------------------------------------------------
@@ -937,17 +974,17 @@ export async function bootstrap() {
     console.log();
     const version = readPackageVersion();
     const logo = [
-        "  ▄█████▄ ",
-        "  ██ ◆ ██ ",
-        "  ██   ██ ",
-        "  ▀██ ██▀ ",
-        "    ▀█▀   ",
+        " ▄█████▄ ",
+        " ██ ◆ ██ ",
+        " ██   ██ ",
+        " ▀██ ██▀ ",
+        "   ▀█▀   ",
     ];
     const taglines = [
         "💅 Secure, isolated & flexible GitOps infrastructure",
         "🤖 Manage it yourself — or delegate to AI",
-        "🔐 Encrypted secrets, hardened containers,",
-        "   continuous delivery",
+        "🔐 Encrypted secrets, hardened containers, continuous delivery",
+        "",
         pc.dim(`v${version}`),
     ];
     const banner = logo
@@ -956,7 +993,8 @@ export async function bootstrap() {
     p.box(banner, pc.bold("Welcome to GitOps AI Bootstrapper"), {
         contentAlign: "left",
         titleAlign: "center",
-        rounded: true,
+        width: "auto",
+        rounded: false,
         formatBorder: (text) => pc.cyan(text),
     });
     // ── Load saved state ─────────────────────────────────────────────────
@@ -1019,6 +1057,13 @@ export async function bootstrap() {
             ...MONITORING_COMPONENT_IDS,
             ...OPTIONAL_COMPONENTS.map((c) => c.id),
         ];
+    const enableAdditionalFromPlan = prev.enableAdditionalSettings === "true" ||
+        (saved != null &&
+            prev.enableAdditionalSettings === undefined &&
+            ((prev.repoBranch != null && prev.repoBranch !== "" && prev.repoBranch !== "main") ||
+                (prev.templateTag != null &&
+                    prev.templateTag !== "" &&
+                    prev.templateTag !== "main")));
     const initialState = {
         gitProvider: prev.gitProvider ?? "github",
         setupMode: prev.setupMode ?? "new",
@@ -1029,6 +1074,7 @@ export async function bootstrap() {
         repoName: prev.repoName ?? "fluxcd_ai",
         repoLocalPath: prev.repoLocalPath ?? "",
         repoOwner: prev.repoOwner ?? "",
+        enableAdditionalSettings: enableAdditionalFromPlan,
         repoBranch: prev.repoBranch ?? "main",
         templateTag: prev.templateTag ?? "",
         letsencryptEmail: prev.letsencryptEmail ?? "",
@@ -1040,7 +1086,7 @@ export async function bootstrap() {
         ingressAllowedIps: prev.ingressAllowedIps ?? "0.0.0.0/0",
         clusterPublicIp: prev.clusterPublicIp ?? detectedIp,
     };
-    const wizard = await stepWizard(buildFields(detectedIp, !!saved), initialState);
+    const wizard = await stepWizard(buildFields(detectedIp, !!saved, saved), initialState);
     // ── Save config ─────────────────────────────────────────────────────
     saveInstallPlan({
         gitProvider: wizard.gitProvider,
@@ -1056,6 +1102,7 @@ export async function bootstrap() {
         repoName: wizard.repoName,
         repoLocalPath: wizard.repoLocalPath,
         repoOwner: wizard.repoOwner,
+        enableAdditionalSettings: String(wizard.enableAdditionalSettings),
         repoBranch: wizard.repoBranch,
         templateTag: wizard.templateTag,
         cloudflareApiToken: wizard.cloudflareApiToken,
@@ -1064,60 +1111,67 @@ export async function bootstrap() {
         selectedComponents: wizard.selectedComponents.join(","),
     });
     log.success("Configuration saved");
-    // ── Warn about CLI tools that will be installed ─────────────────────
+    // ── CLI tools: explain + confirm + install only when something is missing ──
     const toolDescriptions = [
         ["git", "Version control (repo operations)"],
-        ["kubectl", "Kubernetes CLI (cluster management)"],
-        ["helm", "Kubernetes package manager (chart installs)"],
-        ["flux-operator", "FluxCD Operator CLI (GitOps reconciliation)"],
+        ["flux-operator", "FluxCD Operator CLI (installs Flux into the cluster)"],
         ["sops", "Mozilla SOPS (secret encryption)"],
         ["age", "Age encryption (SOPS key backend)"],
     ];
+    if (isMacOS()) {
+        toolDescriptions.push([
+            "docker",
+            "Docker-compatible runtime for k3d",
+        ]);
+    }
     if (isMacOS() || isCI()) {
         toolDescriptions.push(["k3d", "Lightweight K3s in Docker (local cluster)"]);
     }
-    const toBeInstalled = toolDescriptions
-        .filter(([name]) => !commandExists(name));
-    const toolListFormatted = toolDescriptions
-        .map(([name, desc]) => {
-        const status = commandExists(name)
-            ? pc.green("installed")
-            : pc.yellow("will install");
-        return `  ${pc.bold(name.padEnd(16))} ${pc.dim(desc)}  [${status}]`;
-    })
-        .join("\n");
-    const uninstallMac = toolDescriptions
-        .map(([name]) => name)
-        .join(" ");
-    p.note(`${pc.bold("The following CLI tools are required and will be installed if missing:")}\n\n` +
-        toolListFormatted +
-        "\n\n" +
-        pc.dim("─".repeat(60)) + "\n\n" +
-        pc.bold("Why are these needed?\n") +
-        pc.dim("These tools are used to create and manage your Kubernetes cluster,\n") +
-        pc.dim(`deploy components via Helm/Flux, encrypt secrets, and interact with ${providerLabel(wizard.gitProvider)}.\n\n`) +
-        pc.bold("How to uninstall later:\n") +
-        (isMacOS()
-            ? `  ${pc.cyan(`brew uninstall ${uninstallMac}`)}\n`
-            : `  ${pc.cyan("sudo rm -f /usr/local/bin/{kubectl,helm,flux-operator,sops,age,age-keygen}")}\n` +
-                `  ${pc.cyan(`sudo apt remove -y git`)}  ${pc.dim("(if installed via apt)")}\n`) +
-        pc.dim("\nAlready-installed tools will be skipped. No system tools will be modified."), "Required CLI Tools");
-    const confirmMsg = toBeInstalled.length > 0
-        ? `Install ${toBeInstalled.length} missing tool(s) and continue?`
-        : "All tools are already installed. Continue?";
-    const proceed = await p.confirm({
-        message: pc.bold(confirmMsg),
-        initialValue: true,
-    });
-    if (p.isCancel(proceed) || !proceed) {
-        log.error("Aborted.");
-        return process.exit(1);
-    }
-    // ── Install all CLI tools upfront ───────────────────────────────────
-    if (toBeInstalled.length > 0) {
+    const missingToolNames = toolDescriptions
+        .filter(([name]) => !commandExists(name))
+        .map(([name]) => name);
+    if (missingToolNames.length > 0) {
+        const toolListFormatted = toolDescriptions
+            .map(([name, desc]) => {
+            const status = commandExists(name)
+                ? pc.green("installed")
+                : pc.yellow("will install");
+            return `  ${pc.bold(name.padEnd(16))} ${pc.dim(desc)}  [${status}]`;
+        })
+            .join("\n");
+        const uninstallMacFormulae = toolDescriptions
+            .map(([name]) => name)
+            .filter((n) => n !== "docker")
+            .join(" ");
+        const uninstallMac = isMacOS() && toolDescriptions.some(([n]) => n === "docker")
+            ? `brew uninstall ${uninstallMacFormulae} && brew uninstall --cask docker`
+            : `brew uninstall ${uninstallMacFormulae}`;
+        p.note(`${pc.bold("The following CLI tools are required and will be installed if missing:")}\n\n` +
+            toolListFormatted +
+            "\n\n" +
+            pc.dim("─".repeat(60)) + "\n\n" +
+            pc.bold("Why are these needed?\n") +
+            pc.dim("These tools are used to create and manage your Kubernetes cluster,\n") +
+            pc.dim(`install Flux via flux-operator, encrypt secrets, and interact with ${providerLabel(wizard.gitProvider)}.\n`) +
+            pc.bold("How to uninstall later:\n") +
+            (isMacOS()
+                ? `  ${pc.cyan(`brew uninstall ${uninstallMac}`)}\n`
+                : `  ${pc.cyan("sudo rm -f /usr/local/bin/{flux-operator,sops,age,age-keygen}")}\n` +
+                    `  ${pc.cyan(`sudo apt remove -y git`)}  ${pc.dim("(if installed via apt)")}\n`) +
+            pc.dim("\nAlready-installed tools will be skipped. No system tools will be modified."), "Required CLI Tools");
+        const proceed = await p.confirm({
+            message: pc.bold(`Install ${missingToolNames.length} missing tool(s) and continue?`),
+            initialValue: true,
+        });
+        if (p.isCancel(proceed) || !proceed) {
+            log.error("Aborted.");
+            return process.exit(1);
+        }
         log.step("Installing CLI tools");
-        const allToolNames = toolDescriptions.map(([name]) => name);
-        await ensureAll(allToolNames);
+        await ensureAll(missingToolNames);
+    }
+    if (isMacOS()) {
+        await ensureDockerDaemonReady();
     }
     // ── Repo creation phase (new mode only) ─────────────────────────────
     let repoRoot;
@@ -1158,15 +1212,9 @@ export async function bootstrap() {
             (isNewRepo(wizard) ? "main" : undefined),
     };
     // ── Check macOS prerequisites ────────────────────────────────────────
-    if (isMacOS()) {
-        if (!commandExists("brew")) {
-            log.error("Homebrew is required on macOS. Install from https://brew.sh");
-            return process.exit(1);
-        }
-        if (!commandExists("docker")) {
-            log.error("Docker is required on macOS (Docker Desktop, OrbStack, or Colima).");
-            return process.exit(1);
-        }
+    if (isMacOS() && !commandExists("brew")) {
+        log.error("Homebrew is required on macOS. Install from https://brew.sh");
+        return process.exit(1);
     }
     // ── Run bootstrap (cluster + flux + template + sops + git push) ─────
     try {
@@ -1224,8 +1272,15 @@ export async function bootstrap() {
     summary("Bootstrap Complete", summaryEntries);
     const finalSteps = [
         `All HelmReleases may take ${pc.yellow("~5 minutes")} to become ready.`,
-        `Check status: ${pc.cyan("kubectl get helmreleases -A")}`,
     ];
+    if (commandExists("kubectl")) {
+        finalSteps.push(`Check HelmRelease status: ${pc.cyan("kubectl get helmreleases -A")}`);
+    }
+    else {
+        finalSteps.push(`Install ${pc.bold("kubectl")} to check HelmRelease status: ${isMacOS()
+            ? pc.cyan("brew install kubectl")
+            : pc.cyan("https://kubernetes.io/docs/tasks/tools/")}`);
+    }
     if (!commandExists("k9s")) {
         finalSteps.push(`Install ${pc.bold("k9s")} for a terminal UI to monitor your cluster: ${isMacOS()
             ? pc.cyan("brew install derailed/k9s/k9s")