botserver/src/core/package_manager/mod.rs

pub mod cache;
pub mod component;
pub mod installer;
pub mod os;
pub mod setup;
pub mod alm_setup;
pub use cache::{CacheResult, DownloadCache};
pub use installer::PackageManager;
pub mod cli;
pub mod facade;
use serde::{Serialize, Deserialize};
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub enum InstallMode {
    Local,
    Container,
}
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum OsType {
    Linux,
    MacOS,
    Windows,
}
#[derive(Debug)]
pub struct ComponentInfo {
    pub name: &'static str,
    pub termination_command: &'static str,
}
pub fn get_all_components() -> Vec<ComponentInfo> {
    vec![
        ComponentInfo {
            name: "tables",
            termination_command: "postgres",
        },
        ComponentInfo {
            name: "cache",
            termination_command: "redis-server",
        },
        ComponentInfo {
            name: "drive",
            termination_command: "minio",
        },
        ComponentInfo {
            name: "llm",
            termination_command: "llama-server",
        },
    ]
}
pub use alm_setup::setup_alm;


/// Initialize Directory (Zitadel) with default admin user and OAuth application
/// This should be called after Zitadel has started and is responding
#[cfg(feature = "directory")]
pub async fn setup_directory() -> anyhow::Result<crate::core::package_manager::setup::DirectoryConfig> {
    use std::path::PathBuf;
    use std::collections::HashMap;

    let stack_path = std::env::var("BOTSERVER_STACK_PATH")
        .unwrap_or_else(|_| "./botserver-stack".to_string());

    let base_url = "http://localhost:8300".to_string();
    let config_path = PathBuf::from(&stack_path).join("conf/system/directory_config.json");

    // Check if config already exists in Vault first
    if let Ok(secrets_manager) = crate::core::secrets::SecretsManager::from_env() {
        if secrets_manager.is_enabled() {
            if let Ok(secrets) = secrets_manager.get_secret(crate::core::secrets::SecretPaths::DIRECTORY).await {
                if let (Some(client_id), Some(client_secret)) = (secrets.get("client_id"), secrets.get("client_secret")) {
                    // Validate that credentials are real, not placeholders
                    let is_valid = !client_id.is_empty()
                        && !client_secret.is_empty()
                        && client_secret != "..."
                        && client_id.contains('@') // OAuth client IDs contain @
                        && client_secret.len() > 10; // Real secrets are longer than placeholders

                    if is_valid {
                        log::info!("Directory already configured with OAuth client in Vault");
                        // Reconstruct config from Vault
                        let config = crate::core::package_manager::setup::DirectoryConfig {
                            base_url: base_url.clone(),
                            issuer_url: secrets.get("issuer_url").cloned().unwrap_or_else(|| base_url.clone()),
                            issuer: secrets.get("issuer").cloned().unwrap_or_else(|| base_url.clone()),
                            client_id: client_id.clone(),
                            client_secret: client_secret.clone(),
                            redirect_uri: secrets.get("redirect_uri").cloned().unwrap_or_else(|| "http://localhost:3000/auth/callback".to_string()),
                            project_id: secrets.get("project_id").cloned().unwrap_or_default(),
                            api_url: secrets.get("api_url").cloned().unwrap_or_else(|| base_url.clone()),
                            service_account_key: secrets.get("service_account_key").cloned(),
                        };
                        return Ok(config);
                    }
                }
            }
        }
    }

    // Check if config already exists with valid OAuth client in file
    if config_path.exists() {
        if let Ok(content) = std::fs::read_to_string(&config_path) {
            if let Ok(config) = serde_json::from_str::<crate::core::package_manager::setup::DirectoryConfig>(&content) {
                // Validate that credentials are real, not placeholders
                let is_valid = !config.client_id.is_empty()
                    && !config.client_secret.is_empty()
                    && config.client_secret != "..."
                    && config.client_id.contains('@')
                    && config.client_secret.len() > 10;

                if is_valid {
                    log::info!("Directory already configured with OAuth client");
                    return Ok(config);
                }
            }
        }
    }

    // Initialize directory with default credentials
    let mut directory_setup = crate::core::package_manager::setup::DirectorySetup::new(base_url.clone(), config_path.clone());
    let config = directory_setup.initialize().await
        .map_err(|e| anyhow::anyhow!("Failed to initialize directory: {}", e))?;

    // Store credentials in Vault
    if let Ok(secrets_manager) = crate::core::secrets::SecretsManager::from_env() {
        if secrets_manager.is_enabled() {
            let mut secrets = HashMap::new();
            secrets.insert("url".to_string(), config.base_url.clone());
            secrets.insert("issuer_url".to_string(), config.issuer_url.clone());
            secrets.insert("issuer".to_string(), config.issuer.clone());
            secrets.insert("client_id".to_string(), config.client_id.clone());
            secrets.insert("client_secret".to_string(), config.client_secret.clone());
            secrets.insert("redirect_uri".to_string(), config.redirect_uri.clone());
            secrets.insert("project_id".to_string(), config.project_id.clone());
            secrets.insert("api_url".to_string(), config.api_url.clone());
            if let Some(key) = &config.service_account_key {
                secrets.insert("service_account_key".to_string(), key.clone());
            }

            match secrets_manager.put_secret(crate::core::secrets::SecretPaths::DIRECTORY, secrets).await {
                Ok(_) => log::info!("Directory credentials stored in Vault"),
                Err(e) => log::warn!("Failed to store directory credentials in Vault: {}", e),
            }
        }
    }

    Ok(config)
}
feat: add offline installer cache and health endpoints - Add /health and /api/health endpoints for botui connectivity - Create 3rdparty.toml with all download URLs for offline bundles - Add botserver-installers/ cache directory for downloaded files - Implement DownloadCache module with: - Automatic cache lookup before downloading - Support for pre-populated offline bundles - SHA256 checksum verification (optional) - Cache management utilities (list, clear, size) - Update download_and_install to use cache system - Data files (models) also cached for reuse Cache behavior: - First run: downloads to botserver-installers/ - Subsequent runs: uses cached files - Delete botserver-stack/ without losing downloads - Pre-populate cache for fully offline installation 2025-12-08 14:08:49 -03:00			`pub mod cache;`
- Refactor folder as features. 2025-11-22 22:55:35 -03:00			`pub mod component;`
			`pub mod installer;`
			`pub mod os;`
			`pub mod setup;`
Fix tenant-org-bot relationship and CRM lead form 2026-03-12 18:19:18 -03:00			`pub mod alm_setup;`
feat: add offline installer cache and health endpoints - Add /health and /api/health endpoints for botui connectivity - Create 3rdparty.toml with all download URLs for offline bundles - Add botserver-installers/ cache directory for downloaded files - Implement DownloadCache module with: - Automatic cache lookup before downloading - Support for pre-populated offline bundles - SHA256 checksum verification (optional) - Cache management utilities (list, clear, size) - Update download_and_install to use cache system - Data files (models) also cached for reuse Cache behavior: - First run: downloads to botserver-installers/ - Subsequent runs: uses cached files - Delete botserver-stack/ without losing downloads - Pre-populate cache for fully offline installation 2025-12-08 14:08:49 -03:00			`pub use cache::{CacheResult, DownloadCache};`
- Refactor folder as features. 2025-11-22 22:55:35 -03:00			`pub use installer::PackageManager;`
			`pub mod cli;`
			`pub mod facade;`
Refactor: Split large files into modular subdirectories Split 20+ files over 1000 lines into focused subdirectories for better maintainability and code organization. All changes maintain backward compatibility through re-export wrappers. Major splits: - attendance/llm_assist.rs (2074→7 modules) - basic/keywords/face_api.rs → face_api/ (7 modules) - basic/keywords/file_operations.rs → file_ops/ (8 modules) - basic/keywords/hear_talk.rs → hearing/ (6 modules) - channels/wechat.rs → wechat/ (10 modules) - channels/youtube.rs → youtube/ (5 modules) - contacts/mod.rs → contacts_api/ (6 modules) - core/bootstrap/mod.rs → bootstrap/ (5 modules) - core/shared/admin.rs → admin_*.rs (5 modules) - designer/canvas.rs → canvas_api/ (6 modules) - designer/mod.rs → designer_api/ (6 modules) - docs/handlers.rs → handlers_api/ (11 modules) - drive/mod.rs → drive_handlers.rs, drive_types.rs - learn/mod.rs → types.rs - main.rs → main_module/ (7 modules) - meet/webinar.rs → webinar_api/ (8 modules) - paper/mod.rs → (10 modules) - security/auth.rs → auth_api/ (7 modules) - security/passkey.rs → (4 modules) - sources/mod.rs → sources_api/ (5 modules) - tasks/mod.rs → task_api/ (5 modules) Stats: 38,040 deletions, 1,315 additions across 318 files Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> 2026-02-12 21:09:30 +00:00			`use serde::{Serialize, Deserialize};`
			`#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]`
- Refactor folder as features. 2025-11-22 22:55:35 -03:00			`pub enum InstallMode {`
			`Local,`
			`Container,`
			`}`
Fix clippy warnings: match arms, async/await, Debug impls, formatting - Fix match arms with identical bodies by consolidating patterns - Fix case-insensitive file extension comparisons using eq_ignore_ascii_case - Fix unnecessary Debug formatting in log/format macros - Fix clone_from usage instead of clone assignment - Fix let...else patterns where appropriate - Fix format! append to String using write! macro - Fix unwrap_or with function calls to use unwrap_or_else - Add missing fields to manual Debug implementations - Fix duplicate code in if blocks - Add type aliases for complex types - Rename struct fields to avoid common prefixes - Various other clippy warning fixes Note: Some 'unused async' warnings remain for functions that are called with .await but don't contain await internally - these are kept async for API compatibility. 2025-12-26 08:59:25 -03:00			`#[derive(Debug, Clone, PartialEq, Eq)]`
- Refactor folder as features. 2025-11-22 22:55:35 -03:00			`pub enum OsType {`
			`Linux,`
			`MacOS,`
			`Windows,`
			`}`
			`#[derive(Debug)]`
			`pub struct ComponentInfo {`
			`pub name: &'static str,`
			`pub termination_command: &'static str,`
			`}`
			`pub fn get_all_components() -> Vec<ComponentInfo> {`
			`vec![`
			`ComponentInfo {`
			`name: "tables",`
			`termination_command: "postgres",`
			`},`
			`ComponentInfo {`
			`name: "cache",`
			`termination_command: "redis-server",`
			`},`
			`ComponentInfo {`
			`name: "drive",`
			`termination_command: "minio",`
			`},`
			`ComponentInfo {`
			`name: "llm",`
			`termination_command: "llama-server",`
			`},`
			`]`
			`}`
Fix tenant-org-bot relationship and CRM lead form 2026-03-12 18:19:18 -03:00			`pub use alm_setup::setup_alm;`
fix: OAuth client creation during bootstrap - Add password grant authentication support in DirectorySetup - Extract initial admin credentials from Zitadel log file - Fix race condition in Zitadel startup (wait for health check before starting) - Create parent directories before saving config - Add retry logic for OAuth client creation - Improve error handling with detailed messages Fixes authentication service not configured error after bootstrap. 2026-03-01 07:31:17 -03:00



feat(directory): read admin credentials from ~/.gb-setup-credentials - Updated setup_directory() to read credentials from saved file - Added read_saved_credentials() to parse ~/.gb-setup-credentials - Added get_admin_credentials() to try multiple sources - Removed default credentials approach (doesn't work) - Improved error messages with solution steps This matches the working approach from commit 86cfccc2 where credentials were saved during first bootstrap and reused for OAuth client creation on subsequent runs. 2026-03-01 10:06:30 -03:00
fix: OAuth client creation during bootstrap - Add password grant authentication support in DirectorySetup - Extract initial admin credentials from Zitadel log file - Fix race condition in Zitadel startup (wait for health check before starting) - Create parent directories before saving config - Add retry logic for OAuth client creation - Improve error handling with detailed messages Fixes authentication service not configured error after bootstrap. 2026-03-01 07:31:17 -03:00			`/// Initialize Directory (Zitadel) with default admin user and OAuth application`
			`/// This should be called after Zitadel has started and is responding`
			`#[cfg(feature = "directory")]`
			`pub async fn setup_directory() -> anyhow::Result<crate::core::package_manager::setup::DirectoryConfig> {`
			`use std::path::PathBuf;`
fix(zitadel): resolve OAuth client initialization timing issue - Fix PAT extraction timing with retry loop (waits up to 60s for PAT in logs) - Add sync command to flush filesystem buffers before extraction - Improve logging with progress messages and PAT verification - Refactor setup code into consolidated setup.rs module - Fix YAML indentation for PatPath and MachineKeyPath - Change Zitadel init parameter from --config to --steps The timing issue occurred because: 1. Zitadel writes PAT to logs at startup (~18:08:59) 2. Post-install extraction ran too early (~18:09:35) 3. PAT file wasn't created until ~18:10:38 (63s after installation) 4. OAuth client creation failed because PAT file didn't exist yet With the retry loop: - Waits for PAT to appear in logs with sync+grep check - Extracts PAT immediately when found - OAuth client creation succeeds - directory_config.json saved with valid credentials - Login flow works end-to-end Tested: Full reset.sh and login verification successful 2026-03-01 19:06:09 -03:00			`use std::collections::HashMap;`
fix: OAuth client creation during bootstrap - Add password grant authentication support in DirectorySetup - Extract initial admin credentials from Zitadel log file - Fix race condition in Zitadel startup (wait for health check before starting) - Create parent directories before saving config - Add retry logic for OAuth client creation - Improve error handling with detailed messages Fixes authentication service not configured error after bootstrap. 2026-03-01 07:31:17 -03:00
			`let stack_path = std::env::var("BOTSERVER_STACK_PATH")`
			`.unwrap_or_else(\|_\| "./botserver-stack".to_string());`

			`let base_url = "http://localhost:8300".to_string();`
			`let config_path = PathBuf::from(&stack_path).join("conf/system/directory_config.json");`

fix(zitadel): resolve OAuth client initialization timing issue - Fix PAT extraction timing with retry loop (waits up to 60s for PAT in logs) - Add sync command to flush filesystem buffers before extraction - Improve logging with progress messages and PAT verification - Refactor setup code into consolidated setup.rs module - Fix YAML indentation for PatPath and MachineKeyPath - Change Zitadel init parameter from --config to --steps The timing issue occurred because: 1. Zitadel writes PAT to logs at startup (~18:08:59) 2. Post-install extraction ran too early (~18:09:35) 3. PAT file wasn't created until ~18:10:38 (63s after installation) 4. OAuth client creation failed because PAT file didn't exist yet With the retry loop: - Waits for PAT to appear in logs with sync+grep check - Extracts PAT immediately when found - OAuth client creation succeeds - directory_config.json saved with valid credentials - Login flow works end-to-end Tested: Full reset.sh and login verification successful 2026-03-01 19:06:09 -03:00			`// Check if config already exists in Vault first`
			`if let Ok(secrets_manager) = crate::core::secrets::SecretsManager::from_env() {`
			`if secrets_manager.is_enabled() {`
			`if let Ok(secrets) = secrets_manager.get_secret(crate::core::secrets::SecretPaths::DIRECTORY).await {`
			`if let (Some(client_id), Some(client_secret)) = (secrets.get("client_id"), secrets.get("client_secret")) {`
			`// Validate that credentials are real, not placeholders`
			`let is_valid = !client_id.is_empty()`
			`&& !client_secret.is_empty()`
			`&& client_secret != "..."`
			`&& client_id.contains('@') // OAuth client IDs contain @`
			`&& client_secret.len() > 10; // Real secrets are longer than placeholders`

			`if is_valid {`
			`log::info!("Directory already configured with OAuth client in Vault");`
			`// Reconstruct config from Vault`
			`let config = crate::core::package_manager::setup::DirectoryConfig {`
			`base_url: base_url.clone(),`
			`issuer_url: secrets.get("issuer_url").cloned().unwrap_or_else(\|\| base_url.clone()),`
			`issuer: secrets.get("issuer").cloned().unwrap_or_else(\|\| base_url.clone()),`
			`client_id: client_id.clone(),`
			`client_secret: client_secret.clone(),`
			`redirect_uri: secrets.get("redirect_uri").cloned().unwrap_or_else(\|\| "http://localhost:3000/auth/callback".to_string()),`
			`project_id: secrets.get("project_id").cloned().unwrap_or_default(),`
			`api_url: secrets.get("api_url").cloned().unwrap_or_else(\|\| base_url.clone()),`
			`service_account_key: secrets.get("service_account_key").cloned(),`
			`};`
			`return Ok(config);`
			`}`
			`}`
			`}`
			`}`
			`}`

			`// Check if config already exists with valid OAuth client in file`
fix: OAuth client creation during bootstrap - Add password grant authentication support in DirectorySetup - Extract initial admin credentials from Zitadel log file - Fix race condition in Zitadel startup (wait for health check before starting) - Create parent directories before saving config - Add retry logic for OAuth client creation - Improve error handling with detailed messages Fixes authentication service not configured error after bootstrap. 2026-03-01 07:31:17 -03:00			`if config_path.exists() {`
			`if let Ok(content) = std::fs::read_to_string(&config_path) {`
			`if let Ok(config) = serde_json::from_str::<crate::core::package_manager::setup::DirectoryConfig>(&content) {`
fix(zitadel): resolve OAuth client initialization timing issue - Fix PAT extraction timing with retry loop (waits up to 60s for PAT in logs) - Add sync command to flush filesystem buffers before extraction - Improve logging with progress messages and PAT verification - Refactor setup code into consolidated setup.rs module - Fix YAML indentation for PatPath and MachineKeyPath - Change Zitadel init parameter from --config to --steps The timing issue occurred because: 1. Zitadel writes PAT to logs at startup (~18:08:59) 2. Post-install extraction ran too early (~18:09:35) 3. PAT file wasn't created until ~18:10:38 (63s after installation) 4. OAuth client creation failed because PAT file didn't exist yet With the retry loop: - Waits for PAT to appear in logs with sync+grep check - Extracts PAT immediately when found - OAuth client creation succeeds - directory_config.json saved with valid credentials - Login flow works end-to-end Tested: Full reset.sh and login verification successful 2026-03-01 19:06:09 -03:00			`// Validate that credentials are real, not placeholders`
			`let is_valid = !config.client_id.is_empty()`
			`&& !config.client_secret.is_empty()`
			`&& config.client_secret != "..."`
			`&& config.client_id.contains('@')`
			`&& config.client_secret.len() > 10;`

			`if is_valid {`
fix: OAuth client creation during bootstrap - Add password grant authentication support in DirectorySetup - Extract initial admin credentials from Zitadel log file - Fix race condition in Zitadel startup (wait for health check before starting) - Create parent directories before saving config - Add retry logic for OAuth client creation - Improve error handling with detailed messages Fixes authentication service not configured error after bootstrap. 2026-03-01 07:31:17 -03:00			`log::info!("Directory already configured with OAuth client");`
			`return Ok(config);`
			`}`
			`}`
			`}`
			`}`

fix(zitadel): resolve OAuth client initialization timing issue - Fix PAT extraction timing with retry loop (waits up to 60s for PAT in logs) - Add sync command to flush filesystem buffers before extraction - Improve logging with progress messages and PAT verification - Refactor setup code into consolidated setup.rs module - Fix YAML indentation for PatPath and MachineKeyPath - Change Zitadel init parameter from --config to --steps The timing issue occurred because: 1. Zitadel writes PAT to logs at startup (~18:08:59) 2. Post-install extraction ran too early (~18:09:35) 3. PAT file wasn't created until ~18:10:38 (63s after installation) 4. OAuth client creation failed because PAT file didn't exist yet With the retry loop: - Waits for PAT to appear in logs with sync+grep check - Extracts PAT immediately when found - OAuth client creation succeeds - directory_config.json saved with valid credentials - Login flow works end-to-end Tested: Full reset.sh and login verification successful 2026-03-01 19:06:09 -03:00			`// Initialize directory with default credentials`
			`let mut directory_setup = crate::core::package_manager::setup::DirectorySetup::new(base_url.clone(), config_path.clone());`
			`let config = directory_setup.initialize().await`
			`.map_err(\|e\| anyhow::anyhow!("Failed to initialize directory: {}", e))?;`

			`// Store credentials in Vault`
			`if let Ok(secrets_manager) = crate::core::secrets::SecretsManager::from_env() {`
			`if secrets_manager.is_enabled() {`
			`let mut secrets = HashMap::new();`
			`secrets.insert("url".to_string(), config.base_url.clone());`
			`secrets.insert("issuer_url".to_string(), config.issuer_url.clone());`
			`secrets.insert("issuer".to_string(), config.issuer.clone());`
			`secrets.insert("client_id".to_string(), config.client_id.clone());`
			`secrets.insert("client_secret".to_string(), config.client_secret.clone());`
			`secrets.insert("redirect_uri".to_string(), config.redirect_uri.clone());`
			`secrets.insert("project_id".to_string(), config.project_id.clone());`
			`secrets.insert("api_url".to_string(), config.api_url.clone());`
			`if let Some(key) = &config.service_account_key {`
			`secrets.insert("service_account_key".to_string(), key.clone());`
			`}`
feat(directory): read admin credentials from ~/.gb-setup-credentials - Updated setup_directory() to read credentials from saved file - Added read_saved_credentials() to parse ~/.gb-setup-credentials - Added get_admin_credentials() to try multiple sources - Removed default credentials approach (doesn't work) - Improved error messages with solution steps This matches the working approach from commit 86cfccc2 where credentials were saved during first bootstrap and reused for OAuth client creation on subsequent runs. 2026-03-01 10:06:30 -03:00
fix(zitadel): resolve OAuth client initialization timing issue - Fix PAT extraction timing with retry loop (waits up to 60s for PAT in logs) - Add sync command to flush filesystem buffers before extraction - Improve logging with progress messages and PAT verification - Refactor setup code into consolidated setup.rs module - Fix YAML indentation for PatPath and MachineKeyPath - Change Zitadel init parameter from --config to --steps The timing issue occurred because: 1. Zitadel writes PAT to logs at startup (~18:08:59) 2. Post-install extraction ran too early (~18:09:35) 3. PAT file wasn't created until ~18:10:38 (63s after installation) 4. OAuth client creation failed because PAT file didn't exist yet With the retry loop: - Waits for PAT to appear in logs with sync+grep check - Extracts PAT immediately when found - OAuth client creation succeeds - directory_config.json saved with valid credentials - Login flow works end-to-end Tested: Full reset.sh and login verification successful 2026-03-01 19:06:09 -03:00			`match secrets_manager.put_secret(crate::core::secrets::SecretPaths::DIRECTORY, secrets).await {`
			`Ok(_) => log::info!("Directory credentials stored in Vault"),`
			`Err(e) => log::warn!("Failed to store directory credentials in Vault: {}", e),`
			`}`
feat(directory): read admin credentials from ~/.gb-setup-credentials - Updated setup_directory() to read credentials from saved file - Added read_saved_credentials() to parse ~/.gb-setup-credentials - Added get_admin_credentials() to try multiple sources - Removed default credentials approach (doesn't work) - Improved error messages with solution steps This matches the working approach from commit 86cfccc2 where credentials were saved during first bootstrap and reused for OAuth client creation on subsequent runs. 2026-03-01 10:06:30 -03:00			`}`
			`}`

fix(zitadel): resolve OAuth client initialization timing issue - Fix PAT extraction timing with retry loop (waits up to 60s for PAT in logs) - Add sync command to flush filesystem buffers before extraction - Improve logging with progress messages and PAT verification - Refactor setup code into consolidated setup.rs module - Fix YAML indentation for PatPath and MachineKeyPath - Change Zitadel init parameter from --config to --steps The timing issue occurred because: 1. Zitadel writes PAT to logs at startup (~18:08:59) 2. Post-install extraction ran too early (~18:09:35) 3. PAT file wasn't created until ~18:10:38 (63s after installation) 4. OAuth client creation failed because PAT file didn't exist yet With the retry loop: - Waits for PAT to appear in logs with sync+grep check - Extracts PAT immediately when found - OAuth client creation succeeds - directory_config.json saved with valid credentials - Login flow works end-to-end Tested: Full reset.sh and login verification successful 2026-03-01 19:06:09 -03:00			`Ok(config)`
fix(directory): add .await to ensure_admin_token() calls Fixed compilation errors by adding .await to all ensure_admin_token() calls: - create_organization() - create_user() - save_config() The method was made async but the calls weren't updated. 2026-03-01 09:52:31 -03:00			`}`