Skip to content

✨ Add unified seed engine, remove secrets vault subgroup#17

Merged
bdsoha merged 2 commits into
mainfrom
feature/unified-seed-engine
Jun 30, 2026
Merged

✨ Add unified seed engine, remove secrets vault subgroup#17
bdsoha merged 2 commits into
mainfrom
feature/unified-seed-engine

Conversation

@bdsoha

@bdsoha bdsoha commented Jun 30, 2026

Copy link
Copy Markdown
Member

Introduce ws-cli seed — a Go-native declarative projection engine that supersedes the q2-55 Ansible seed tier and the standalone secrets vault. Part of q2-59 (cli × lockstep-ws-cli); the workspace PR pins this tag.

internals/seed/

  • version: v1 destination-keyed manifest (top-level secrets: map + seeds: SeedOp).
  • Two tiers via a single resolved plan: bare files = FS-rooted mirror copied verbatim; seeds: = behavior overlay (manifest wins per dest; one write per dest — no raw-projection-then-skip leak).
  • Ops copy/merge/append/prepend; merge deep-merges JSON/YAML/TOML (format inferred from the dest extension, lists replace, scalar-vs-map conflict = hard error, dest left byte-unchanged).
  • Closed-var + ${secrets.NAME} templating; unknown token fails loud.
  • Ownership boundary: st_uid == geteuid() on the nearest existing ancestor; no system gate, no sudo. Else skip + warn.
  • os.Root TOCTOU-safe atomic writer (sibling O_EXCL temp → ChmodRename) with final-component symlink refusal.
  • Secret-bearing output → 0600, cleartext never logged; master key resolved lazily and per-entry fail-closed (a secrets-free manifest needs no key).

cmd/seed/

ws-cli seed apply [dest...] [--force] (boot hook = no-arg) + ws-cli seed ls.

Removals (breaking, no migrate)

Delete cmd/secrets/vault/ and the orphaned internals/secrets/vault.go (+ test). Keep crypto.go/key.go and secrets {encrypt,decrypt,generate}.

Misc

Add github.com/pelletier/go-toml/v2 v2.4.2. Bump version 0.0.66 → 0.0.67.

Tests: full internals/seed + cmd/seed matrix (mirror/merge/template/secrets/ownership/os.Root-symlink/precedence/force) green; go vet clean; live binary round-trip verified.

@bdsoha bdsoha force-pushed the feature/unified-seed-engine branch 2 times, most recently from c06a87f to b7b2e14 Compare June 30, 2026 09:24
Introduce `ws-cli seed` — a Go-native declarative projection engine that
supersedes the q2-55 Ansible seed tier and the standalone secrets vault.

internals/seed/:
- version:v1 dest-keyed manifest (top-level `secrets:` map + `seeds:` SeedOp)
- two tiers via a single resolved plan: bare FS-mirror verbatim copy +
  manifest behavior overlay (manifest wins per dest; one write per dest)
- ops copy/merge/append/prepend; merge deep-merges json/yaml/toml
  (format inferred from dest extension, lists replace, scalar-vs-map = error)
- closed-var + ${secrets.NAME} templating, unknown token fails loud
- ownership-boundary allow-list (st_uid==geteuid() on nearest existing
  ancestor; no system gate) + non-blocking consumed-dir notice
- os.Root TOCTOU-safe atomic writer with final-symlink refusal
- secret-bearing -> 0600, lazy/per-entry fail-closed master key

cmd/seed/: `seed apply [dest...] [--force]` (boot hook = no-arg) + `seed ls`.

Remove `cmd/secrets/vault/` and orphaned `internals/secrets/vault.go`
(+ test); keep crypto.go/key.go and `secrets {encrypt,decrypt,generate}`.
Add github.com/pelletier/go-toml/v2 v2.4.2. Bump version 0.0.66 -> 0.0.67.
@bdsoha bdsoha force-pushed the feature/unified-seed-engine branch from b7b2e14 to 53fc1dd Compare June 30, 2026 09:38
Add a `blockinfile`-style managed marker block op (markers auto-inserted,
body replaced idempotently, force-gate bypass, fixed `>>> ws-seed >>>`
text with a tunable `comment:` prefix, fail-closed on malformed markers).

Fold in code-review fixes: preserve an existing dest's mode on in-place
ops, count inline `content` as a behavior, return nonzero on failure
(`SilenceUsage` on apply), zero the cached master key at run end,
propagate the real source-read error, fix the consumed-dir notice
ordering and report `force:false` skips, and disable JSON HTML escaping
on merge.
@bdsoha bdsoha merged commit 9544658 into main Jun 30, 2026
3 checks passed
@bdsoha bdsoha deleted the feature/unified-seed-engine branch July 2, 2026 07:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant