npm - omegon - Versions diffs - 0.6.20 → 0.6.22 - Mend

omegon 0.6.20 → 0.6.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/extensions/01-auth/auth.ts +74 -0
package/extensions/bootstrap/deps.ts +48 -20
package/package.json +1 -1

package/extensions/01-auth/auth.ts CHANGED Viewed

@@ -317,6 +317,79 @@ const ociProvider: AuthProvider = {
 	},
 };
+const vaultProvider: AuthProvider = {
+	id: "vault",
+	name: "Vault",
+	cli: "vault",
+	tokenEnvVar: "VAULT_TOKEN",
+	refreshCommand: "vault login",
+	async check(pi, signal) {
+		// 1. Check CLI is installed
+		const which = await pi.exec("which", ["vault"], { signal, timeout: 3_000 });
+		if (which.code !== 0) {
+			return { provider: this.id, status: "missing", detail: "vault CLI not installed" };
+		}
+		// 2. Check VAULT_ADDR is configured — without it, no meaningful check is possible
+		const addr = process.env["VAULT_ADDR"];
+		if (!addr) {
+			return {
+				provider: this.id,
+				status: "none",
+				detail: "VAULT_ADDR not set",
+				refresh: this.refreshCommand,
+				secretHint: "VAULT_ADDR",
+			};
+		}
+		// 3. Run vault token lookup — read-only, returns token metadata (never the token itself)
+		// VAULT_TOKEN is read by the vault CLI from the environment; we never access it directly.
+		const result = await pi.exec("vault", ["token", "lookup", "-format=json"], { signal, timeout: 10_000 });
+		if (result.code === 0) {
+			try {
+				const data = JSON.parse(result.stdout.trim());
+				const tokenData = data?.data ?? {};
+				// Extract safe metadata — policies and expiry only, never the token value
+				const policies: string[] = tokenData.policies ?? [];
+				const displayName: string = tokenData.display_name ?? "";
+				const expireTime: string = tokenData.expire_time ?? "";
+				// Build a human-readable detail string
+				const parts: string[] = [];
+				if (displayName) parts.push(displayName);
+				if (policies.length > 0) parts.push(`policies: ${policies.filter(p => p !== "default").join(", ") || "default"}`);
+				if (expireTime) parts.push(`expires: ${expireTime.split("T")[0]}`);
+				else parts.push("no expiry");
+				return {
+					provider: this.id,
+					status: "ok",
+					detail: parts.join(" · ") || "authenticated",
+					refresh: this.refreshCommand,
+				};
+			} catch {
+				// JSON parse failed but command succeeded — still authenticated
+				return { provider: this.id, status: "ok", detail: "authenticated", refresh: this.refreshCommand };
+			}
+		}
+		// 4. Diagnose failure — truncate to 300 chars, never log token values
+		const output = (result.stdout + "\n" + result.stderr).trim();
+		const diag = diagnoseError(output);
+		return {
+			provider: this.id,
+			status: diag.status,
+			detail: `${addr} — ${diag.reason}`,
+			error: output.slice(0, 300),
+			refresh: this.refreshCommand,
+			secretHint: "VAULT_TOKEN",
+		};
+	},
+};
 // ─── Provider Registry ───────────────────────────────────────────
 /** All providers, ordered by typical check priority. */
@@ -327,6 +400,7 @@ export const ALL_PROVIDERS: AuthProvider[] = [
 	awsProvider,
 	kubernetesProvider,
 	ociProvider,
+	vaultProvider,
 ];
 export function findProvider(idOrName: string): AuthProvider | undefined {

package/extensions/bootstrap/deps.ts CHANGED Viewed

@@ -133,11 +133,21 @@ function hasCmd(cmd: string): boolean {
 /** Get the best install command for the current platform */
 export function bestInstallCmd(dep: Dep): string | undefined {
 	const plat = process.platform === "darwin" ? "darwin" : "linux";
-	return (
-		dep.install.find((o) => o.platform === plat)?.cmd ??
-		dep.install.find((o) => o.platform === "any")?.cmd ??
-		dep.install[0]?.cmd
-	);
+	const candidates = dep.install.filter((o) => o.platform === plat || o.platform === "any");
+	if (candidates.length === 0) return dep.install[0]?.cmd;
+	// If nix is available, prefer nix commands. Otherwise prefer brew.
+	const hasNix = hasCmd("nix");
+	const hasBrew = hasCmd("brew");
+	if (hasNix) {
+		const nix = candidates.find((o) => o.cmd.startsWith("nix "));
+		if (nix) return nix.cmd;
+	}
+	if (hasBrew) {
+		const brew = candidates.find((o) => o.cmd.startsWith("brew "));
+		if (brew) return brew.cmd;
+	}
+	return candidates[0]?.cmd;
 }
 /** Get all install options formatted for display */
@@ -154,28 +164,22 @@ export function installHints(dep: Dep): string[] {
  * Order matters: displayed in this order during bootstrap.
  */
 export const DEPS: Dep[] = [
-	// --- Core: most users want these ---
+	// --- Core: package manager + essential tools ---
 	{
 		id: "nix",
 		name: "Nix",
 		purpose: "Universal package manager — installs all other dependencies on any OS",
 		usedBy: ["bootstrap"],
 		tier: "core",
-		check: () => hasCmd("nix"),
-		install: [
-			// Immutable ostree-based Linux (Bazzite, Silverblue, Bluefin, etc.)
-			// needs root.transient enabled and --persistence=/var/lib/nix so the
-			// nix store lives on a writable partition. The upstream installer uses
-			// the ostree planner automatically when it detects ostree.
-			{ platform: "linux", cmd: isOstree()
-				? "curl -sSfL https://install.determinate.systems/nix | sh -s -- install --no-confirm --persistence=/var/lib/nix"
-				: "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm" },
-			{ platform: "darwin", cmd: "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm" },
-		],
+		// Either nix or brew satisfies this — we just need a working package manager
+		check: () => hasCmd("nix") || hasCmd("brew"),
+		install: isOstree()
+			? [{ platform: "linux", cmd: '/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' }]
+			: [
+				{ platform: "any", cmd: "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm" },
+				{ platform: "any", cmd: '/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' },
+			],
 		url: "https://zero-to-nix.com",
-		// On ostree systems, root.transient must be enabled first for /nix to be created.
-		// preflight returns instructions if the system isn't ready.
-		preflight: isOstree() ? checkOstreeReadyForNix : undefined,
 	},
 	{
 		id: "ollama",
@@ -187,6 +191,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#ollama" },
+			{ platform: "any", cmd: "brew install ollama" },
 		],
 		url: "https://ollama.com",
 	},
@@ -200,6 +205,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#d2" },
+			{ platform: "any", cmd: "brew install d2" },
 		],
 		url: "https://d2lang.com",
 	},
@@ -215,6 +221,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#gh" },
+			{ platform: "any", cmd: "brew install gh" },
 		],
 		url: "https://cli.github.com",
 	},
@@ -228,6 +235,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#pandoc" },
+			{ platform: "any", cmd: "brew install pandoc" },
 		],
 		url: "https://pandoc.org",
 	},
@@ -240,6 +248,7 @@ export const DEPS: Dep[] = [
 		check: () => hasCmd("cargo"),
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#rustup && rustup default stable" },
+			{ platform: "any", cmd: "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" },
 		],
 		url: "https://rustup.rs",
 	},
@@ -268,6 +277,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#librsvg" },
+			{ platform: "any", cmd: "brew install librsvg" },
 		],
 	},
 	{
@@ -280,6 +290,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#poppler_utils" },
+			{ platform: "any", cmd: "brew install poppler" },
 		],
 	},
 	{
@@ -292,6 +303,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#uv" },
+			{ platform: "any", cmd: "brew install uv" },
 		],
 		url: "https://docs.astral.sh/uv/",
 	},
@@ -305,6 +317,7 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#awscli2" },
+			{ platform: "any", cmd: "brew install awscli" },
 		],
 	},
 	{
@@ -317,7 +330,22 @@ export const DEPS: Dep[] = [
 		requires: ["nix"],
 		install: [
 			{ platform: "any", cmd: "nix profile install nixpkgs#kubectl" },
+			{ platform: "any", cmd: "brew install kubectl" },
+		],
+	},
+	{
+		id: "vault",
+		name: "Vault CLI",
+		purpose: "HashiCorp Vault authentication status checking and secret management",
+		usedBy: ["01-auth"],
+		tier: "optional",
+		check: () => hasCmd("vault"),
+		requires: ["nix"],
+		install: [
+			{ platform: "any", cmd: "nix profile install nixpkgs#vault" },
+			{ platform: "any", cmd: "brew install hashicorp/tap/vault" },
 		],
+		url: "https://developer.hashicorp.com/vault/install",
 	},
 ];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "omegon",
-	"version": "0.6.20",
+	"version": "0.6.22",
 	"description": "Omegon — an opinionated distribution of pi (by Mario Zechner) with extensions for lifecycle management, memory, orchestration, and visualization",
 	"bin": {
 		"omegon": "bin/omegon.mjs",