feat: integrate framework files into monorepo under packages/mosaic/framework/
Moves all Mosaic framework runtime files from the separate bootstrap repo into the monorepo as canonical source. The @mosaic/mosaic npm package now ships the complete framework — bin scripts, runtime configs, tools, and templates — enabling standalone installation via npm install. Structure: packages/mosaic/framework/ ├── bin/ 28 CLI scripts (mosaic, mosaic-doctor, mosaic-sync-skills, etc.) ├── runtime/ Runtime adapters (claude, codex, opencode, pi, mcp) ├── tools/ Shell tooling (git, prdy, orchestrator, quality, etc.) ├── templates/ Agent and repo templates ├── defaults/ Default identity files (AGENTS.md, STANDARDS.md, SOUL.md, etc.) ├── install.sh Legacy bash installer └── remote-install.sh One-liner remote installer Key files with Pi support and recent fixes: - bin/mosaic: launch_pi() with skills-local loop - bin/mosaic-doctor: --fix auto-wiring for all 4 harnesses - bin/mosaic-sync-skills: Pi as 4th link target, symlink-aware find - bin/mosaic-link-runtime-assets: Pi settings.json patching - bin/mosaic-migrate-local-skills: Pi skill roots, symlink find - runtime/pi/RUNTIME.md + mosaic-extension.ts Package ships 251 framework files in the npm tarball (278KB compressed).
This commit is contained in:
Jason Woltje
95
packages/mosaic/framework/tools/authentik/auth-token.sh
Executable file
95
packages/mosaic/framework/tools/authentik/auth-token.sh
Executable file
@@ -0,0 +1,95 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# auth-token.sh — Obtain and cache Authentik API token
|
||||
#
|
||||
# Usage: auth-token.sh [-f] [-q] [-a instance]
|
||||
#
|
||||
# Returns a valid Authentik API token. Checks in order:
|
||||
# 1. Cached token at ~/.cache/mosaic/authentik-token-<instance> (if valid)
|
||||
# 2. Pre-configured token from credentials.json (authentik.<instance>.token)
|
||||
# 3. Fails with instructions to create a token in the admin UI
|
||||
#
|
||||
# Options:
|
||||
# -f Force re-validation (ignore cached token)
|
||||
# -q Quiet mode — only output the token
|
||||
# -a instance Authentik instance name (e.g. usc, mosaic)
|
||||
# -h Show this help
|
||||
#
|
||||
# Environment variables (or credentials.json):
|
||||
# AUTHENTIK_URL — Authentik instance URL
|
||||
# AUTHENTIK_TOKEN — Pre-configured API token (recommended)
|
||||
set -euo pipefail
|
||||
|
||||
MOSAIC_HOME="${MOSAIC_HOME:-$HOME/.config/mosaic}"
|
||||
source "$MOSAIC_HOME/tools/_lib/credentials.sh"
|
||||
|
||||
FORCE=false
|
||||
QUIET=false
|
||||
AK_INSTANCE=""
|
||||
|
||||
while getopts "fqa:h" opt; do
|
||||
case $opt in
|
||||
f) FORCE=true ;;
|
||||
q) QUIET=true ;;
|
||||
a) AK_INSTANCE="$OPTARG" ;;
|
||||
h) head -22 "$0" | grep "^#" | sed 's/^# \?//'; exit 0 ;;
|
||||
*) echo "Usage: $0 [-f] [-q] [-a instance]" >&2; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -n "$AK_INSTANCE" ]]; then
|
||||
load_credentials "authentik-${AK_INSTANCE}"
|
||||
else
|
||||
load_credentials authentik
|
||||
fi
|
||||
|
||||
CACHE_DIR="$HOME/.cache/mosaic"
|
||||
CACHE_FILE="$CACHE_DIR/authentik-token${AUTHENTIK_INSTANCE:+-$AUTHENTIK_INSTANCE}"
|
||||
|
||||
_validate_token() {
|
||||
local token="$1"
|
||||
local http_code
|
||||
http_code=$(curl -sk -o /dev/null -w "%{http_code}" \
|
||||
--connect-timeout 5 --max-time 10 \
|
||||
-H "Authorization: Bearer $token" \
|
||||
"${AUTHENTIK_URL}/api/v3/core/users/me/")
|
||||
[[ "$http_code" == "200" ]]
|
||||
}
|
||||
|
||||
# 1. Check cached token
|
||||
if [[ "$FORCE" == "false" ]] && [[ -f "$CACHE_FILE" ]]; then
|
||||
cached_token=$(cat "$CACHE_FILE")
|
||||
if [[ -n "$cached_token" ]] && _validate_token "$cached_token"; then
|
||||
[[ "$QUIET" == "false" ]] && echo "Using cached token (valid)" >&2
|
||||
echo "$cached_token"
|
||||
exit 0
|
||||
fi
|
||||
[[ "$QUIET" == "false" ]] && echo "Cached token invalid, checking credentials..." >&2
|
||||
fi
|
||||
|
||||
# 2. Use pre-configured token from credentials.json
|
||||
if [[ -n "${AUTHENTIK_TOKEN:-}" ]]; then
|
||||
if _validate_token "$AUTHENTIK_TOKEN"; then
|
||||
# Cache it for faster future access
|
||||
mkdir -p "$CACHE_DIR"
|
||||
echo "$AUTHENTIK_TOKEN" > "$CACHE_FILE"
|
||||
chmod 600 "$CACHE_FILE"
|
||||
[[ "$QUIET" == "false" ]] && echo "Token validated and cached at $CACHE_FILE" >&2
|
||||
echo "$AUTHENTIK_TOKEN"
|
||||
exit 0
|
||||
else
|
||||
echo "Error: Pre-configured AUTHENTIK_TOKEN is invalid (API returned non-200)" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# 3. No token available
|
||||
echo "Error: No Authentik API token configured" >&2
|
||||
echo "" >&2
|
||||
echo "To create one:" >&2
|
||||
echo " 1. Log into Authentik admin: ${AUTHENTIK_URL}/if/admin/#/core/tokens" >&2
|
||||
echo " 2. Click 'Create' → set identifier (e.g., 'mosaic-agent')" >&2
|
||||
echo " 3. Select 'API Token' intent, uncheck 'Expiring'" >&2
|
||||
echo " 4. Copy the key and add to credentials.json:" >&2
|
||||
echo " Add token to credentials.json under authentik.<instance>.token" >&2
|
||||
exit 1
|
||||
Reference in New Issue
Block a user