setup

package
v0.50.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2026 License: MIT Imports: 24 Imported by: 0

Documentation

Overview

Package setup - apikey.go: legacy Worker API Key credential persistence.

Legacy workers may authenticate using a long-lived Worker API Key instead of the PKCE device-code flow. The key is stored in credentials.json with auth_type="api_key" so CollectStatus can distinguish it from JWT tokens.

Package setup - credstore.go: Credential store interface and factory.

CredentialStore abstracts credential persistence behind a key-value interface. Backends include OS keychain and AES-256-GCM encrypted files.

Package setup - credstore_file.go: AES-256-GCM encrypted file backend.

Derives a key from machine-id + username via PBKDF2. Each credential is stored in its own file under the configured directory.

Package setup - credstore_keychain.go: OS keychain credential backend.

Uses github.com/zalando/go-keyring to store credentials in the platform's native keychain (macOS Keychain, Linux Secret Service).

Package setup - workerkey_create.go: creates a legacy Worker API Key via the backend REST API.

This path is kept for backward compatibility with older workers that still use acos_worker_ credentials instead of JWT/refresh token auth.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckNodeJS 

func CheckNodeJS() bool

CheckNodeJS returns true if node is available on PATH.

func CheckProviderAuth 

func CheckProviderAuth(name string) (authenticated bool, guide string)

CheckProviderAuth verifies whether a provider has valid credentials. Returns (true, "") if authenticated, or (false, guide) with instructions.

func ClearProgress 

func ClearProgress() error

ClearProgress removes the progress file.

func CreateWorkerAPIKey 

func CreateWorkerAPIKey(backendURL, jwtToken, workspaceID string) (string, error)

CreateWorkerAPIKey calls POST /api/v1/workspaces/:id/worker-keys with the JWT and returns the raw acos_worker_ key. The key is shown by the backend only once.

func DefaultCredentialsPath 

func DefaultCredentialsPath() string

DefaultCredentialsPath returns the path to ~/.config/autopus/credentials.json.

func DefaultMCPConfigPath 

func DefaultMCPConfigPath() string

DefaultMCPConfigPath returns the default path for worker-mcp.json.

func DefaultWorkerConfigPath 

func DefaultWorkerConfigPath() string

DefaultWorkerConfigPath returns the default path for worker.yaml.

func GeneratePKCE 

func GeneratePKCE() (verifier, challenge string, err error)

GeneratePKCE creates a PKCE code verifier and its S256 challenge. The verifier is 32 random bytes, base64url-encoded. The challenge is SHA256(verifier), base64url-encoded.

func HumanError 

func HumanError(err error) string

HumanError maps a technical error to a user-friendly message. Returns the original error text if no pattern matches.

func HumanErrorf 

func HumanErrorf(format string, err error) error

HumanErrorf wraps HumanError into a new error with the friendly message.

func InstallNodeJS 

func InstallNodeJS() error

InstallNodeJS attempts to install Node.js via Homebrew (macOS).

func InstallProvider 

func InstallProvider(name string) error

InstallProvider installs a provider via npm.

func LoadAPIKey 

func LoadAPIKey() (string, error)

LoadAPIKey reads the stored Worker API Key from credentials.json. Returns ("", nil) if no API key is configured.

func LoadAPIKeyFromPath 

func LoadAPIKeyFromPath(path string) (string, error)

LoadAPIKeyFromPath reads the stored Worker API Key from an explicit credentials path. Returns ("", nil) if no API key is configured.

func LoadAuthToken 

func LoadAuthToken() (string, error)

LoadAuthToken returns the bearer token for worker authentication. It reads credentials.json and returns the appropriate token based on auth_type:

  • auth_type="api_key" → returns the api_key field (legacy Worker API Key)
  • otherwise → returns the access_token field (JWT)

Returns ("", nil) if no credentials are configured.

func LoadAuthTokenFromPath 

func LoadAuthTokenFromPath(path string) (string, error)

LoadAuthTokenFromPath returns the bearer token from an explicit credentials path. When path is empty, it uses the default secure/default-path lookup chain.

func OpenBrowser 

func OpenBrowser(u string) error

OpenBrowser opens the given URL in the default browser.

func SaveAPIKeyCredentials 

func SaveAPIKeyCredentials(apiKey, backendURL string) error

SaveAPIKeyCredentials persists a Worker API Key to credentials.json. The key is stored in plaintext — it is treated like a long-lived password.

func SaveCredentials 

func SaveCredentials(creds map[string]any) error

SaveCredentials writes credentials to ~/.config/autopus/credentials.json.

func SaveProgress 

func SaveProgress(step int) error

SaveProgress writes the current step to disk with the current timestamp.

func SaveWorkerConfig 

func SaveWorkerConfig(cfg WorkerConfig) error

SaveWorkerConfig writes the config to ~/.config/autopus/worker.yaml.

func SelectMemoryAgentID 

func SelectMemoryAgentID(agents []WorkspaceAgent) string

SelectMemoryAgentID chooses the best default agent UUID for worker memory. The ADK worker acts as a development worker by default, so dev_worker is preferred.

func WriteMCPConfig 

func WriteMCPConfig(config *MCPConfig, path string) error

WriteMCPConfig writes the config to the specified path with atomic write. The file is created with 0600 permissions since it contains auth tokens.

Types

type CredentialStore 

type CredentialStore interface {
	// Save stores a credential value under the given service key.
	Save(service, value string) error
	// Load retrieves a credential value by service key.
	Load(service string) (string, error)
	// Delete removes a credential by service key.
	Delete(service string) error
}

CredentialStore is the interface for credential persistence backends. Each credential is identified by a service key (e.g. "autopus-worker").

func NewCredentialStore 

func NewCredentialStore(opts ...Option) (CredentialStore, string)

NewCredentialStore creates a CredentialStore, trying keychain first. Falls back to encrypted file if keychain is unavailable or force-file is set. Returns the store and a non-empty warning string when falling back.

func NewPathCredentialStore 

func NewPathCredentialStore(path string) CredentialStore

NewPathCredentialStore returns a plain file-backed credential store for an explicit credentials path override.

type DesktopSession 

type DesktopSession struct {
	Ready                  bool   `json:"ready"`
	Reason                 string `json:"reason,omitempty"`
	WorkspaceID            string `json:"workspace_id,omitempty"`
	BackendURL             string `json:"backend_url,omitempty"`
	AuthType               string `json:"auth_type,omitempty"`
	AccessToken            string `json:"access_token,omitempty"`
	CredentialBackend      string `json:"credential_backend,omitempty"`
	SecureStorageReady     bool   `json:"secure_storage_ready"`
	DesktopSessionReady    bool   `json:"desktop_session_ready"`
	RuntimeContractName    string `json:"runtime_contract_name"`
	RuntimeContractMajor   string `json:"runtime_contract_major"`
	SidecarProtocolName    string `json:"sidecar_protocol_name"`
	SidecarProtocolVersion string `json:"sidecar_protocol_version"`
}

DesktopSession is a read-only bootstrap payload for desktop shells.

func LoadDesktopSession 

func LoadDesktopSession() DesktopSession

LoadDesktopSession returns a fail-closed desktop bootstrap payload.

type DeviceCode 

type DeviceCode struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int    `json:"expires_in"`
	Interval                int    `json:"interval"`
}

DeviceCode holds the response from the device authorization endpoint.

func RequestDeviceCode 

func RequestDeviceCode(backendURL, codeVerifier string) (*DeviceCode, error)

RequestDeviceCode initiates the platform device authorization flow.

type EnsureResult 

type EnsureResult struct {
	Action string            `json:"action"` // "ready", "login_required", "starting_daemon", "error"
	Data   map[string]string `json:"data,omitempty"`
}

EnsureResult is the structured output from EnsureWorker.

func EnsureDesktopRuntime 

func EnsureDesktopRuntime(ctx context.Context, backendURL, workspaceID string) (*EnsureResult, error)

EnsureDesktopRuntime checks desktop runtime state and brings it to ready without starting the legacy local-host daemon.

func EnsureWorker 

func EnsureWorker(ctx context.Context, backendURL, workspaceID string) (*EnsureResult, error)

EnsureWorker checks worker state and takes action to bring it to ready. Returns an EnsureResult describing the current action.

Exit semantics (for CLI use):

  • action="ready" → exit 0
  • action="login_required" → exit 2 (human needed)
  • action="error" → exit 1
  • action="starting_daemon" → exit 0

type MCPConfig 

type MCPConfig struct {
	MCPServers map[string]MCPServerConfig `json:"mcpServers"`
}

MCPConfig is the top-level worker-mcp.json structure.

func GenerateMCPConfig 

func GenerateMCPConfig(opts MCPConfigOptions) (*MCPConfig, error)

GenerateMCPConfig builds an MCPConfig from the given options.

func LoadMCPConfig 

func LoadMCPConfig(path string) (*MCPConfig, error)

LoadMCPConfig reads an existing MCP config from the given path.

type MCPConfigOptions 

type MCPConfigOptions struct {
	BackendURL  string // e.g., "https://api.autopus.co"
	AuthToken   string // Bearer token
	WorkspaceID string // workspace identifier
	OutputPath  string // where to write worker-mcp.json (default: ~/.config/autopus/worker-mcp.json)
}

MCPConfigOptions holds input parameters for MCP config generation.

type MCPServerConfig 

type MCPServerConfig struct {
	Command   string            `json:"command,omitempty"`
	Args      []string          `json:"args,omitempty"`
	URL       string            `json:"url,omitempty"`
	Transport string            `json:"transport"`
	Headers   map[string]string `json:"headers,omitempty"`
}

MCPServerConfig represents a single MCP server entry in the config.

type Option 

type Option func(*storeOptions)

Option configures NewCredentialStore behavior.

func WithForceFileBackend 

func WithForceFileBackend(force bool) Option

WithForceFileBackend forces the encrypted file backend, skipping keychain.

func WithWarningFunc 

func WithWarningFunc(fn func(string)) Option

WithWarningFunc sets a callback invoked when a startup warning is emitted.

type ProviderStatus 

type ProviderStatus struct {
	Name      string
	Binary    string
	Installed bool
	Version   string
}

ProviderStatus describes the installation state of a CLI provider.

func DetectProviders 

func DetectProviders() []ProviderStatus

DetectProviders checks which CLI providers are installed on the system.

type SetupProgress 

type SetupProgress struct {
	Step      int       `json:"step"`
	Timestamp time.Time `json:"timestamp"`
}

SetupProgress tracks the current step in the setup wizard.

func LoadProgress 

func LoadProgress() (*SetupProgress, error)

LoadProgress reads the setup progress from disk. Returns nil without error if the file does not exist.

func (*SetupProgress) IsExpired 

func (p *SetupProgress) IsExpired() bool

IsExpired returns true if the progress is older than 1 hour.

type TokenResponse 

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
}

TokenResponse holds the OAuth token returned after successful authorization.

func PollForToken 

func PollForToken(ctx context.Context, backendURL, deviceCode, codeVerifier string, interval int) (*TokenResponse, error)

PollForToken polls the token endpoint until the user authorizes or the context is cancelled.

func RefreshToken 

func RefreshToken(ctx context.Context, backendURL, refreshToken string) (*TokenResponse, error)

RefreshToken exchanges a refresh token for a new access token via the backend.

type WorkerConfig 

type WorkerConfig struct {
	BackendURL        string   `yaml:"backend_url"`
	WorkspaceID       string   `yaml:"workspace_id"`
	Providers         []string `yaml:"providers"`
	WorkDir           string   `yaml:"work_dir"`
	WorktreeIsolation bool     `yaml:"worktree_isolation"`
	KnowledgeDir      string   `yaml:"knowledge_dir"`   // local knowledge root for search context (defaults to work_dir)
	MemoryAgentID     string   `yaml:"memory_agent_id"` // agent UUID for memory context/write-back
	A2AURL            string   `yaml:"a2a_url"`
	Concurrency       int      `yaml:"concurrency"`
}

WorkerConfig holds the worker's persistent configuration.

func LoadWorkerConfig 

func LoadWorkerConfig() (*WorkerConfig, error)

LoadWorkerConfig reads the worker config from the default path.

func LoadWorkerConfigFrom 

func LoadWorkerConfigFrom(path string) (*WorkerConfig, error)

LoadWorkerConfigFrom reads the worker config from the given path.

type WorkerStatus 

type WorkerStatus struct {
	Configured             bool   `json:"configured"`
	AuthValid              bool   `json:"auth_valid"`
	DaemonRunning          bool   `json:"daemon_running"`
	WorkspaceID            string `json:"workspace_id"`
	BackendURL             string `json:"backend_url"`
	AuthType               string `json:"auth_type"` // "jwt", "api_key", or "none"
	CredentialBackend      string `json:"credential_backend"`
	SecureStorageReady     bool   `json:"secure_storage_ready"`
	DesktopSessionReady    bool   `json:"desktop_session_ready"`
	RuntimeContractName    string `json:"runtime_contract_name"`
	RuntimeContractMajor   string `json:"runtime_contract_major"`
	SidecarProtocolName    string `json:"sidecar_protocol_name"`
	SidecarProtocolVersion string `json:"sidecar_protocol_version"`
}

WorkerStatus holds machine-readable worker readiness state.

func CollectStatus 

func CollectStatus() WorkerStatus

CollectStatus reads config files and daemon state to produce a WorkerStatus.

type Workspace 

type Workspace struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Workspace represents a user's workspace on the Autopus platform.

func FetchWorkspaces 

func FetchWorkspaces(backendURL, token string) ([]Workspace, error)

FetchWorkspaces retrieves the list of workspaces from the backend.

func FindWorkspaceByID 

func FindWorkspaceByID(backendURL, token, id string) (*Workspace, error)

FindWorkspaceByID fetches all workspaces and returns the one matching id. Used by non-interactive setup (--workspace flag) to validate the ID and get the name.

func SelectWorkspace 

func SelectWorkspace(workspaces []Workspace) (*Workspace, error)

SelectWorkspace picks the workspace to use. Auto-selects if only one is available. For multiple workspaces, prompts the user to select.

type WorkspaceAgent 

type WorkspaceAgent struct {
	ID     string `json:"id"`
	Name   string `json:"name"`
	Type   string `json:"type"`
	Tier   string `json:"tier"`
	Status string `json:"status"`
}

WorkspaceAgent is the subset of workspace agent fields needed during worker setup.

func FetchWorkspaceAgents 

func FetchWorkspaceAgents(backendURL, token, workspaceID string) ([]WorkspaceAgent, error)

FetchWorkspaceAgents retrieves all agents belonging to a workspace.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.