mosaicstack/stack
1
0
Fork 0
Code Issues 23 Pull Requests 3 Actions Packages Projects Releases 14 Wiki Activity
Files
b0b2c20da09e30c8064fe6d58d5519eea780a711
stack/packages/mosaic
History
Hermes Agent b0b2c20da0
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/push/ci Pipeline was successful
Details
fix(framework/tools): eval injection, broken JSON, tmpfile leak (#548) 
F-01 (HIGH): issue-edit.sh and issue-assign.sh used string interpolation
+ eval to build CLI commands. Replace all eval sites with Bash arrays so
user-supplied values (title, body, labels) are never shell-expanded.
For the Gitea path, replace get_gitea_repo_args() (which emits %q-escaped
strings designed for eval) with get_repo_slug() + get_gitea_login() so
repo/login are passed as properly-quoted array elements.

F-07 (MED): milestone-create.sh built the GitHub API JSON payload by
string interpolation — a title containing " or $ broke the JSON. Rebuild
with jq -n --arg so all values are safely serialised. Optional description
key is omitted when empty, preserving existing behaviour.

F-13 (LOW): pr-metadata.sh created a mktemp tmpfile inside
curl_gitea_pull() but only removed it in success paths. Add
trap 'rm -f "$body_file"' EXIT immediately after mktemp so early-exit
paths (set -e, SIGINT) also clean up.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Kt2D8TsnDwhtzEAPijsNmR
2026-06-18 13:51:18 -05:00
..
__tests__
feat(mosaic): drill-down main menu + provider-first flow + quick start (#446)
2026-04-06 00:15:23 +00:00
framework
fix(framework/tools): eval injection, broken JSON, tmpfile leak (#548)
2026-06-18 13:51:18 -05:00
src
Fix Gitea wrapper login resolution (#538)
2026-06-12 02:34:18 +00:00
package.json
release(mosaic): bump @mosaicstack/mosaic 0.0.30 -> 0.0.31 (#534)
2026-06-11 19:55:43 +00:00
README.md
feat: wizard remediation — password mask, hooks preview, headless (IUH-M02) (#431)
2026-04-05 17:47:53 +00:00
tsconfig.json
feat(mosaic): merge @mosaic/cli into @mosaic/mosaic
2026-04-04 20:07:27 -05:00
vitest.config.ts
feat(P0-001): scaffold monorepo structure (#60)
2026-03-13 01:11:46 +00:00

README.md

@mosaicstack/mosaic

CLI package for the Mosaic self-hosted AI agent platform.

Usage

mosaic wizard           # First-run setup wizard
mosaic gateway install  # Install the gateway daemon
mosaic config show      # View current configuration
mosaic config hooks list  # Manage Claude hooks

Headless / CI Installation

Set MOSAIC_ASSUME_YES=1 (or ensure stdin is not a TTY) to skip all interactive prompts. The following environment variables control the install:

Gateway configuration (mosaic gateway install)

Variable Default Required
MOSAIC_STORAGE_TIER local No
MOSAIC_GATEWAY_PORT 14242 No
MOSAIC_DATABASE_URL (none) Yes if tier=team
MOSAIC_VALKEY_URL (none) Yes if tier=team
MOSAIC_ANTHROPIC_API_KEY (none) No
MOSAIC_CORS_ORIGIN http://localhost:3000 No

Admin user bootstrap

Variable Default Required
MOSAIC_ADMIN_NAME (none) Yes (headless)
MOSAIC_ADMIN_EMAIL (none) Yes (headless)
MOSAIC_ADMIN_PASSWORD (none) Yes (headless)

MOSAIC_ADMIN_PASSWORD must be at least 8 characters. In headless mode a missing or too-short password causes a non-zero exit.

Example: Docker / CI install

export MOSAIC_ASSUME_YES=1
export MOSAIC_ADMIN_NAME="Admin"
export MOSAIC_ADMIN_EMAIL="admin@example.com"
export MOSAIC_ADMIN_PASSWORD="securepass123"

mosaic gateway install

Hooks management

After running mosaic wizard, Claude hooks are installed in ~/.claude/hooks-config.json.

mosaic config hooks list              # Show all hooks and enabled/disabled status
mosaic config hooks disable PostToolUse  # Disable a hook (reversible)
mosaic config hooks enable PostToolUse   # Re-enable a disabled hook

Set CLAUDE_HOME to override the default ~/.claude directory.

Reference in New Issue View Git Blame Copy Permalink