mosaicstack/stack

Fork 0

Files

History

Jason Woltje 6ad96c37cd

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/push/ci Pipeline was successful

Details

feat(framework): P1+P2 — public sanitization + blocking CI gate

Adds tools/quality/scripts/verify-sanitized.sh (two-class, self-tested) wired
blocking in .woodpecker/ci.yml; sanitizes operator identity from the public
framework package so the gate is green.

- purge jarvis/jason/woltje/PDA across 26 files -> generic
- delete jarvis-loop.json overlay; add neutral examples/{personas,overlays}
- relocate maintainer AUDIT to docs/audits/; delete 2 jarvis-brain rule blocks
- neutralize SOUL persona; strip "(Policy: Jason ...)" keeping universal rule
- test fixtures jason.woltje -> ci-bot (both git tests pass)

Deferred (tracked): private third-party host (uscllc) genericization.

Refs #542, closes #571

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-20 20:57:08 -05:00

admin-status.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

app-list.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

auth-token.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

flow-list.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

group-list.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

README.md

feat(framework): P1+P2 — public sanitization + blocking CI gate

2026-06-20 20:57:08 -05:00

user-create.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

user-list.sh

feat: integrate framework files into monorepo under packages/mosaic/framework/

2026-04-01 21:19:21 -05:00

README.md

Authentik Tool Suite

Manage Authentik identity provider (SSO, users, groups, applications, flows) via CLI.

Prerequisites

jq installed
Authentik credentials in ~/.config/mosaic/credentials.json (or $MOSAIC_CREDENTIALS_FILE)
Required fields: authentik.url, authentik.username, authentik.password

Authentication

Scripts use auth-token.sh to auto-authenticate via username/password and cache the API token at ~/.cache/mosaic/authentik-token. The token is validated on each use and refreshed automatically when expired.

For better security, create a long-lived API token in Authentik admin (Directory > Tokens) and set $AUTHENTIK_TOKEN in your environment — the scripts will use it directly.

Scripts

Script	Purpose
`auth-token.sh`	Authenticate and cache API token
`user-list.sh`	List users (search, filter by group)
`user-create.sh`	Create user with optional group assignment
`group-list.sh`	List groups
`app-list.sh`	List OAuth/SAML applications
`flow-list.sh`	List authentication flows
`admin-status.sh`	System health and version info

Common Options

All scripts support:

-f json — JSON output (default: table)
-h — Show help

API Reference

Base URL: https://auth.diversecanvas.com
API prefix: /api/v3/
OpenAPI schema: /api/v3/schema/
Auth: Bearer token in Authorization header

Examples

# List all users
~/.config/mosaic/tools/authentik/user-list.sh

# Search for a user
~/.config/mosaic/tools/authentik/user-list.sh -s "alice"

# Create a user in the admins group
~/.config/mosaic/tools/authentik/user-create.sh -u newuser -n "New User" -e new@example.com -g admins

# List OAuth applications as JSON
~/.config/mosaic/tools/authentik/app-list.sh -f json

# Check system health
~/.config/mosaic/tools/authentik/admin-status.sh