mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
Files
e46f0641f672e5aa7438b4a3c774d53844be9a7a
stack/packages/mosaic/framework/tools/authentik/README.md
Jason Woltje b38cfac760
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
feat: integrate framework files into monorepo under packages/mosaic/framework/ 
Moves all Mosaic framework runtime files from the separate bootstrap repo
into the monorepo as canonical source. The @mosaic/mosaic npm package now
ships the complete framework — bin scripts, runtime configs, tools, and
templates — enabling standalone installation via npm install.

Structure:
  packages/mosaic/framework/
  ├── bin/          28 CLI scripts (mosaic, mosaic-doctor, mosaic-sync-skills, etc.)
  ├── runtime/      Runtime adapters (claude, codex, opencode, pi, mcp)
  ├── tools/        Shell tooling (git, prdy, orchestrator, quality, etc.)
  ├── templates/    Agent and repo templates
  ├── defaults/     Default identity files (AGENTS.md, STANDARDS.md, SOUL.md, etc.)
  ├── install.sh    Legacy bash installer
  └── remote-install.sh  One-liner remote installer

Key files with Pi support and recent fixes:
- bin/mosaic: launch_pi() with skills-local loop
- bin/mosaic-doctor: --fix auto-wiring for all 4 harnesses
- bin/mosaic-sync-skills: Pi as 4th link target, symlink-aware find
- bin/mosaic-link-runtime-assets: Pi settings.json patching
- bin/mosaic-migrate-local-skills: Pi skill roots, symlink find
- runtime/pi/RUNTIME.md + mosaic-extension.ts

Package ships 251 framework files in the npm tarball (278KB compressed).
2026-04-01 21:19:21 -05:00

2.0 KiB
Raw Blame History

Authentik Tool Suite

Manage Authentik identity provider (SSO, users, groups, applications, flows) via CLI.

Prerequisites

  • jq installed
  • Authentik credentials in ~/src/jarvis-brain/credentials.json (or $MOSAIC_CREDENTIALS_FILE)
  • Required fields: authentik.url, authentik.username, authentik.password

Authentication

Scripts use auth-token.sh to auto-authenticate via username/password and cache the API token at ~/.cache/mosaic/authentik-token. The token is validated on each use and refreshed automatically when expired.

For better security, create a long-lived API token in Authentik admin (Directory > Tokens) and set $AUTHENTIK_TOKEN in your environment — the scripts will use it directly.

Scripts

Script Purpose
auth-token.sh Authenticate and cache API token
user-list.sh List users (search, filter by group)
user-create.sh Create user with optional group assignment
group-list.sh List groups
app-list.sh List OAuth/SAML applications
flow-list.sh List authentication flows
admin-status.sh System health and version info

Common Options

All scripts support:

  • -f json — JSON output (default: table)
  • -h — Show help

API Reference

  • Base URL: https://auth.diversecanvas.com
  • API prefix: /api/v3/
  • OpenAPI schema: /api/v3/schema/
  • Auth: Bearer token in Authorization header

Examples

# List all users
~/.config/mosaic/tools/authentik/user-list.sh

# Search for a user
~/.config/mosaic/tools/authentik/user-list.sh -s "jason"

# Create a user in the admins group
~/.config/mosaic/tools/authentik/user-create.sh -u newuser -n "New User" -e new@example.com -g admins

# List OAuth applications as JSON
~/.config/mosaic/tools/authentik/app-list.sh -f json

# Check system health
~/.config/mosaic/tools/authentik/admin-status.sh
Reference in New Issue View Git Blame Copy Permalink