feat: mosaic gateway CLI daemon management + admin token auth #369

Merged

jason.woltje merged 1 commits from feat/gateway-management into main 2026-04-04 18:03:13 +00:00

Conversation 0 Commits 1 Files Changed 16 +1325 -188

jason.woltje commented 2026-04-04 18:00:39 +00:00

Owner

Copy Link

Summary

• New mosaic gateway command family for daemon lifecycle: install, start, stop, restart, status, config, logs, uninstall
• Admin API token authentication (Bearer tokens) in AdminGuard alongside existing BetterAuth sessions
• Bootstrap endpoint (POST /api/bootstrap/setup) for first-user creation when zero users exist
• admin_tokens DB table with SHA-256 hashed tokens, expiry, usage tracking
• Gateway .env fallback from ~/.config/mosaic/gateway/.env for daemon mode
• CLI flags: --host -h, --port -p, --token -t for remote gateway connection
• --help only (no -h short) to free -h for --host

New Files

• apps/gateway/src/admin/admin-tokens.controller.ts — Token CRUD
• apps/gateway/src/admin/admin-tokens.dto.ts — Token DTOs
• apps/gateway/src/admin/bootstrap.controller.ts — First-user setup
• apps/gateway/src/admin/bootstrap.dto.ts — Bootstrap DTOs
• packages/cli/src/commands/gateway.ts — Command registration
• packages/cli/src/commands/gateway/daemon.ts — PID, process, health utils
• packages/cli/src/commands/gateway/install.ts — Install wizard
• packages/cli/src/commands/gateway/status.ts — Status display
• packages/cli/src/commands/gateway/config.ts — Config management
• packages/cli/src/commands/gateway/logs.ts — Log tailing
• packages/cli/src/commands/gateway/uninstall.ts — Clean removal

Modified Files

• packages/db/src/schema.ts — Added admin_tokens table
• packages/db/src/index.ts — Export count from drizzle-orm
• apps/gateway/src/admin/admin.guard.ts — Bearer token + session dual auth
• apps/gateway/src/admin/admin.module.ts — Register new controllers
• apps/gateway/src/main.ts — Daemon .env fallback loading
• packages/cli/src/commands/gateway.ts — Replaced stale @mosaic/config-based impl

Test plan

• Typecheck passes (new files have zero new errors)
• Lint passes
• Format check passes
• Manual: mosaic gateway install wizard flow
• Manual: mosaic gateway status output
• Manual: Bearer token auth on admin endpoints
• DB migration for admin_tokens table

## Summary - New `mosaic gateway` command family for daemon lifecycle: install, start, stop, restart, status, config, logs, uninstall - Admin API token authentication (Bearer tokens) in AdminGuard alongside existing BetterAuth sessions - Bootstrap endpoint (`POST /api/bootstrap/setup`) for first-user creation when zero users exist - `admin_tokens` DB table with SHA-256 hashed tokens, expiry, usage tracking - Gateway `.env` fallback from `~/.config/mosaic/gateway/.env` for daemon mode - CLI flags: `--host -h`, `--port -p`, `--token -t` for remote gateway connection - `--help` only (no `-h` short) to free `-h` for `--host` ## New Files - `apps/gateway/src/admin/admin-tokens.controller.ts` — Token CRUD - `apps/gateway/src/admin/admin-tokens.dto.ts` — Token DTOs - `apps/gateway/src/admin/bootstrap.controller.ts` — First-user setup - `apps/gateway/src/admin/bootstrap.dto.ts` — Bootstrap DTOs - `packages/cli/src/commands/gateway.ts` — Command registration - `packages/cli/src/commands/gateway/daemon.ts` — PID, process, health utils - `packages/cli/src/commands/gateway/install.ts` — Install wizard - `packages/cli/src/commands/gateway/status.ts` — Status display - `packages/cli/src/commands/gateway/config.ts` — Config management - `packages/cli/src/commands/gateway/logs.ts` — Log tailing - `packages/cli/src/commands/gateway/uninstall.ts` — Clean removal ## Modified Files - `packages/db/src/schema.ts` — Added `admin_tokens` table - `packages/db/src/index.ts` — Export `count` from drizzle-orm - `apps/gateway/src/admin/admin.guard.ts` — Bearer token + session dual auth - `apps/gateway/src/admin/admin.module.ts` — Register new controllers - `apps/gateway/src/main.ts` — Daemon .env fallback loading - `packages/cli/src/commands/gateway.ts` — Replaced stale @mosaic/config-based impl ## Test plan - [x] Typecheck passes (new files have zero new errors) - [x] Lint passes - [x] Format check passes - [ ] Manual: `mosaic gateway install` wizard flow - [ ] Manual: `mosaic gateway status` output - [ ] Manual: Bearer token auth on admin endpoints - [ ] DB migration for admin_tokens table

jason.woltje added 1 commit 2026-04-04 18:00:40 +00:00

feat: add mosaic gateway CLI commands and admin token auth ... 0e6f5eace0

Gateway daemon lifecycle management via the Mosaic CLI:
- install, start, stop, restart, status, config, logs, uninstall
- Admin API token auth (Bearer tokens) alongside existing session auth
- Bootstrap endpoint for first-user setup (POST /api/bootstrap/setup)
- admin_tokens table in DB schema with SHA-256 hashed tokens
- Gateway .env fallback loading from ~/.config/mosaic/gateway/.env
- CLI daemon management with PID file, log tailing, health checks

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

jason.woltje merged commit 39ccba95d0 into main 2026-04-04 18:03:13 +00:00

jason.woltje deleted branch feat/gateway-management 2026-04-04 18:03:13 +00:00

jason.woltje referenced this issue from a commit 2026-04-04 18:03:15 +00:00

feat: mosaic gateway CLI daemon management + admin token auth (#369)

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaicstack/stack#369