- Fix match arms with identical bodies by consolidating patterns
- Fix case-insensitive file extension comparisons using eq_ignore_ascii_case
- Fix unnecessary Debug formatting in log/format macros
- Fix clone_from usage instead of clone assignment
- Fix let...else patterns where appropriate
- Fix format! append to String using write! macro
- Fix unwrap_or with function calls to use unwrap_or_else
- Add missing fields to manual Debug implementations
- Fix duplicate code in if blocks
- Add type aliases for complex types
- Rename struct fields to avoid common prefixes
- Various other clippy warning fixes
Note: Some 'unused async' warnings remain for functions that are
called with .await but don't contain await internally - these are
kept async for API compatibility.
- Vault is automatically initialized with 5 keys, threshold 3
- Creates /opt/gbo/secrets/vault-unseal-keys with chmod 600
- Creates or appends to .env with VAULT_ADDR, VAULT_TOKEN, VAULT_UNSEAL_KEYS_FILE
- Vault is automatically unsealed after init
- No manual steps required for initial setup
- VAULT_UNSEAL_KEYS_FILE points to /opt/gbo/secrets/vault-unseal-keys
- Unseal keys stored in separate file with chmod 600
- Not in .env (which might be in git, logs, etc.)
- Output shows step-by-step setup instructions
- Wait for network before getting IP
- Try hostname -I as fallback for IP detection
- Add VAULT_UNSEAL_KEY_1/2/3 to .env output for auto-unseal
- botserver can auto-unseal Vault on startup using these keys
- Only Vault returns .env variables (VAULT_ADDR, VAULT_TOKEN)
- All other components show 'botserver vault put' commands to store credentials
- Added proper vault init/unseal instructions
- CLI now prints InstallResult with IP, ports, and connection info
- Vault download was failing because unzip was not installed
- Now all containers get wget, unzip, curl, ca-certificates as base packages
- Also added vault config.hcl generation in pre-install commands
- Make create_container_service work without DATABASE_URL from Vault
- Components like vault, vector_db that don't need DB can now install first
- DB_PASSWORD defaults to empty string when Vault is not available
- Try ubuntu:24.04, ubuntu:22.04, images:debian/12, images:debian/11 in order
- Clean up failed container attempts before trying next image
- Add install-dependencies.sh script for runtime library installation
- Fixes 404 error when LXD image server has outdated cached images
- Add masterkey field to gbo/directory secret in Vault during bootstrap
- Generate random 32-char masterkey if not exists
- Update Zitadel exec_cmd to read masterkey from Vault
- Remove hardcoded masterkey values
- Add BOTSERVER_INSTALLERS_PATH env var to use local installers without downloading
- Replace hardcoded ./botserver-stack paths with configurable stack_path
- Add stack_dir() and vault_bin() helper methods in BootstrapManager
- Add Port: 8300 to Zitadel config to fix port binding issue
- Start Directory service before setup_directory() call
- Add SKIP_LLM_SERVER env var to skip local LLM in tests
- Update template loading to check ../bottemplates and botserver-templates paths
- intent_compiler.rs: LLM-to-BASIC translation engine
- auto_task.rs: Auto-executing task data structures
- mcp_client.rs: Model Context Protocol server integration
- safety_layer.rs: Constraints, simulation, audit trail
- autotask_api.rs: HTTP API handlers for Auto Task UI
- Updated mod.rs with new modules and keyword list
- When Vault unseal fails, only restart Vault - NOT full bootstrap
- Preserve PostgreSQL, Redis, MinIO, etc. when Vault needs re-init
- Simplify shutdown message to 3 lines with pragmatismo.com.br
- Never kill all stack processes just for Vault issues
- Call kill_stack_processes() at the beginning of bootstrap()
- Add port-based killing using fuser for ports 8200, 5432, 9000, etc.
- Use -f (pattern match) instead of -x (exact) for process names
- Fix process names: 'vault server', 'llama-server' instead of 'vault', 'ollama'
- Increase wait time to 1 second for processes to terminate
This fixes issues on dev machines where old processes from a deleted
stack are still running and blocking ports.
Instead of downloading pre-built binaries (which may require AVX2),
compile llama.cpp from source during installation. This ensures:
- Works on older CPUs (Sandy Bridge, Haswell, etc.)
- Uses GGML_NATIVE=ON to optimize for the current CPU
- Binary path updated to build/bin/llama-server
Reverts the AVX2 detection that was incorrectly disabling LLM.
- Add cpu_supports_avx2() function to check /proc/cpuinfo for AVX2 flag
- Skip LLM binary download on CPUs without AVX2 (pre-built llama.cpp requires it)
- Add runtime check for llama-server binary compatibility (catches 'Illegal instruction')
- Provide helpful error messages about alternatives (compile from source or use external API)
- Sandy Bridge (2nd gen i7) and older CPUs now gracefully skip local LLM
- Fix create_conn/establish_pg_connection to return Result instead of panicking
- Fix AppConfig::from_env to not require database access (circular dependency)
- Add #[cfg(test)] to AppState Default impl to prevent accidental panic
- Add extensive debug logging for Vault startup troubleshooting
- Remove Stdio::null() from start() to allow shell redirections to work
- Add direct vault start test in bootstrap for debugging
- Make Vault setup failure fatal (was silently continuing)
When start_all() detects Vault init.json is missing (unseal fails),
it now:
1. Kills all stack processes
2. Cleans the stack directory
3. Runs full bootstrap()
4. Returns (bootstrap starts all services)
Also made SecretsManager init failure in start_all() a hard error
instead of a warning - if Vault is supposed to be working but
SecretsManager can't connect, that's a fatal error.
The core issue was that .env was written at the END of setup_vault(),
but other components needed Vault credentials BEFORE that.
Now:
1. Unseal Vault
2. Write .env with VAULT_ADDR and VAULT_TOKEN immediately
3. Re-initialize SecretsManager so it connects to Vault
4. THEN store secrets in Vault
This ensures SecretsManager is properly configured before any
code tries to use create_conn() or other Vault-dependent functions.
