- Fix match arms with identical bodies by consolidating patterns
- Fix case-insensitive file extension comparisons using eq_ignore_ascii_case
- Fix unnecessary Debug formatting in log/format macros
- Fix clone_from usage instead of clone assignment
- Fix let...else patterns where appropriate
- Fix format! append to String using write! macro
- Fix unwrap_or with function calls to use unwrap_or_else
- Add missing fields to manual Debug implementations
- Fix duplicate code in if blocks
- Add type aliases for complex types
- Rename struct fields to avoid common prefixes
- Various other clippy warning fixes
Note: Some 'unused async' warnings remain for functions that are
called with .await but don't contain await internally - these are
kept async for API compatibility.
- Vault is automatically initialized with 5 keys, threshold 3
- Creates /opt/gbo/secrets/vault-unseal-keys with chmod 600
- Creates or appends to .env with VAULT_ADDR, VAULT_TOKEN, VAULT_UNSEAL_KEYS_FILE
- Vault is automatically unsealed after init
- No manual steps required for initial setup
- VAULT_UNSEAL_KEYS_FILE points to /opt/gbo/secrets/vault-unseal-keys
- Unseal keys stored in separate file with chmod 600
- Not in .env (which might be in git, logs, etc.)
- Output shows step-by-step setup instructions
- Wait for network before getting IP
- Try hostname -I as fallback for IP detection
- Add VAULT_UNSEAL_KEY_1/2/3 to .env output for auto-unseal
- botserver can auto-unseal Vault on startup using these keys
- Only Vault returns .env variables (VAULT_ADDR, VAULT_TOKEN)
- All other components show 'botserver vault put' commands to store credentials
- Added proper vault init/unseal instructions
- CLI now prints InstallResult with IP, ports, and connection info
- Vault download was failing because unzip was not installed
- Now all containers get wget, unzip, curl, ca-certificates as base packages
- Also added vault config.hcl generation in pre-install commands
- Make create_container_service work without DATABASE_URL from Vault
- Components like vault, vector_db that don't need DB can now install first
- DB_PASSWORD defaults to empty string when Vault is not available
- Try ubuntu:24.04, ubuntu:22.04, images:debian/12, images:debian/11 in order
- Clean up failed container attempts before trying next image
- Add install-dependencies.sh script for runtime library installation
- Fixes 404 error when LXD image server has outdated cached images
- Fix create_conn/establish_pg_connection to return Result instead of panicking
- Fix AppConfig::from_env to not require database access (circular dependency)
- Add #[cfg(test)] to AppState Default impl to prevent accidental panic
- Add extensive debug logging for Vault startup troubleshooting
- Remove Stdio::null() from start() to allow shell redirections to work
- Add direct vault start test in bootstrap for debugging
- Make Vault setup failure fatal (was silently continuing)
- Redirect Vault exec_cmd output to logs/vault.log
- Add stdout/stderr null pipes to component spawn in installer.rs
- Suppress output in run_commands() in facade.rs
- All component output now goes to respective log files in logs/
- Don't delete archive files from cache after tar/zip extraction
- Copy binaries from cache instead of moving them
- Cached files are now preserved for offline installation reuse
- Disable TLS on Vault for local development (HTTP instead of HTTPS)
- Fix bot_configuration id column type mismatch (TEXT -> UUID)
- Add migration 6.1.1 to convert config table id columns to UUID
- Fix sync_config_csv_to_db to use UUID binding for id column
- Make start_all async with proper Vault startup sequence
- Sync default.gbai config.csv to existing 'Default Bot' from migrations
- Add diagnostic logging for config loading
- Change default LLM/embedding URLs from https to http for local dev
- Add create_vault_config() function to generate config.hcl with mTLS settings
- Configure Vault to require client certificate verification
- Generate client certificate for botserver in bootstrap
- Update .env to include mTLS paths (VAULT_CACERT, VAULT_CLIENT_CERT, VAULT_CLIENT_KEY)
- Remove unused import in tls.rs
