Skip to content
Open

Dev #189

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
78 commits
Select commit Hold shift + click to select a range
14468a9
adjust separator width, keep static for now
robotizeit Jun 1, 2026
c78352a
bump version to v0.2.9
robotizeit Jun 1, 2026
5803237
New preflight in src/cli/install_runner.rs:
robotizeit Jun 4, 2026
4217cf3
site update, compose volumes fix
robotizeit Jun 5, 2026
698c6d6
merge main
robotizeit Jun 5, 2026
1631a35
new cli cmd aliases, stacker list, stacker agent list
robotizeit Jun 5, 2026
eb46704
replace irrelevant link, added server id to status output
robotizeit Jun 5, 2026
d80b199
Vendor profile
Jun 12, 2026
281a0c1
Merge branch 'main' into dev
Jun 12, 2026
5683ae4
protoc fixes
Jun 12, 2026
596323a
created_at, rating for vendor profile
Jun 12, 2026
53f6f55
template rating
Jun 12, 2026
b964a53
template rating
Jun 12, 2026
b0b773e
Stripe/Payout provider implemented
Jun 13, 2026
cde1e6b
vendor profile spec for UI
Jun 13, 2026
f414e5f
PayoutProvider security hardening, Stripe webhook secret is now requ…
Jun 13, 2026
4406d3e
find marketplace app using cli, install command
Jun 13, 2026
10c968d
show current subscription plan info
robotizeit Jun 15, 2026
19e3118
fixed origin fix regression. stacker explain env, status panel link w…
robotizeit Jun 15, 2026
6691e8e
stacker install <slug> can reuse part of stacker.yml as deploy context.
robotizeit Jun 16, 2026
e35dfe3
stacker install <app> --domain=<>, commonDomain = base_domain is capt…
robotizeit Jun 16, 2026
4896e0c
doc update
robotizeit Jun 16, 2026
2696bcc
config parser install.inputs
robotizeit Jun 16, 2026
7439e02
filter by slug
robotizeit Jun 16, 2026
7cd1602
UserProfile now includes id, user identity across services
robotizeit Jun 16, 2026
07fbb18
defaults on install
robotizeit Jun 17, 2026
871129d
do not show extra debug info if not requested with DEBUG=true
robotizeit Jun 17, 2026
de8b2f9
server-side fix, cloud token automatic pick up if not specified in st…
robotizeit Jun 17, 2026
91cd947
reuse saved token when using cli
robotizeit Jun 17, 2026
32c2748
stacker config setup server, deploy to own server in the local network
robotizeit Jun 18, 2026
89d8872
deploy to intranet server, agent install to intranet server
robotizeit Jun 19, 2026
e96627d
setsid nohup status, when deploy to intranet server
robotizeit Jun 20, 2026
ece6184
vendor profile, creator_user_id
robotizeit Jun 21, 2026
7ab402c
new update_vendor_public_profile() function that
robotizeit Jun 21, 2026
b26f591
tests fix
robotizeit Jun 21, 2026
684c2da
casbin rules for vendor profile patch
robotizeit Jun 22, 2026
6aa01c8
test fix
robotizeit Jun 22, 2026
af8319b
find vendor by id also
robotizeit Jun 22, 2026
159880e
get_vendor_profile
robotizeit Jun 22, 2026
6bbd158
edit vendor profile, casbin rules
robotizeit Jun 22, 2026
9477dd5
vendor slug from template
robotizeit Jun 22, 2026
5ee2692
fix: case-insensitive JOIN on creator_user_id, match vendor by public…
robotizeit Jun 22, 2026
2ef58e4
fix: case-insensitive JOIN on creator_user_id, match vendor by public…
robotizeit Jun 22, 2026
b3af2f0
exclude local files
robotizeit Jun 23, 2026
e9c2133
local files must be removed
robotizeit Jun 23, 2026
0c16a21
fix: update test for vendor lookup by creator_user_id, update .gitignore
robotizeit Jun 23, 2026
2ec186a
feat(admin): GET /api/admin/vendors lists all vendor profiles
robotizeit Jun 23, 2026
cf48ecf
fix(casbin): add GET /api/admin/vendors policy for group_admin and ad…
robotizeit Jun 23, 2026
3954df5
redact.rs for template_definitions
robotizeit Jun 23, 2026
356ef7c
redact tests
robotizeit Jun 23, 2026
608ea6e
redact yaml string, remove json redaction for stack definitions
robotizeit Jun 24, 2026
fc4c44d
yaml string into JSONB
robotizeit Jun 24, 2026
cb09162
fix(payouts): refuse mock provider in production, warn in dev
robotizeit Jun 25, 2026
3b5669a
vault mTLS: add mTLS client cert support to Vault clients
robotizeit Jun 26, 2026
92ae1f6
mTLS, stacker templates command and aliases to list all available tem…
robotizeit Jun 27, 2026
237285b
Merge pull request #187 from trydirect/mTLS
vsilent Jun 27, 2026
054c12c
Update DEFAULT_VAULT_URL to :8443 for mTLS
robotizeit Jun 28, 2026
fabc9af
Merge pull request #188 from trydirect/mTLS
vsilent Jun 28, 2026
c50b209
plan re-check
robotizeit Jun 28, 2026
ed8f10b
re-check
robotizeit Jun 28, 2026
f88c6a0
remove duplicate get_user_profile
robotizeit Jun 29, 2026
1a6cb46
fix import
robotizeit Jun 29, 2026
8f42035
client rs pool_max_idle_per_host(0) fix attempt
robotizeit Jun 29, 2026
bf21311
check template availability
robotizeit Jun 29, 2026
6addf96
handle yaml
robotizeit Jun 29, 2026
3976b12
install <stack> tests
robotizeit Jun 29, 2026
c9ec626
install from marketplace
robotizeit Jun 29, 2026
af8d7ad
Security-audit: initial stage
robotizeit Jun 30, 2026
2079f20
stacker install <template> fixed. stack_definition conversion
robotizeit Jul 1, 2026
7a05122
cloud ip/local ip fix
robotizeit Jul 1, 2026
c92c2a1
The fix uses container-only ports (8080 — no host binding) so parse_c…
robotizeit Jul 1, 2026
ce6d704
public_ports
robotizeit Jul 2, 2026
3094726
M2 residual , H1 policy decision security fixes
robotizeit Jul 2, 2026
0cf4773
both occurrences of content.to_lowercase() for miner pattern matching…
robotizeit Jul 2, 2026
29d8c1b
security fix: HookPolicy
robotizeit Jul 2, 2026
5daa73f
Auto-configure cloud firewall
robotizeit Jul 2, 2026
1f6e888
proto
robotizeit Jul 2, 2026
93e4e80
security validator fixes: validator patterns, sanitizer, path/content…
robotizeit Jul 2, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .claude/settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"enabledPlugins": {
"frontend-design@claude-plugins-official": true
}
}
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@ docs/*.sql
config-to-validate.yaml
*.bak
.claude/settings.local.json

plan/
.stacker
done.txt
post-deploy-ran.txt
67 changes: 66 additions & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ actix = "0.13.5"
actix-web-actors = "4.3.1"
chrono = { version = "0.4.39", features = ["serde", "clock"] }
config = "0.13.4"
reqwest = { version = "0.11.23", features = ["json", "blocking", "stream"] }
reqwest = { version = "0.11.23", features = ["json", "blocking", "stream", "native-tls"] }
serde = { version = "1.0.195", features = ["derive"] }
tokio = { version = "1.28.1", features = ["full"] }
tracing = { version = "0.1.40", features = ["log"] }
Expand Down Expand Up @@ -118,6 +118,7 @@ indexmap = ["dep:indexmap"]
explain = ["actix-casbin-auth/explain", "actix-casbin-auth/logging"]

[build-dependencies]
protoc-bin-vendored = "3"
tonic-build = "0.11"

[dev-dependencies]
Expand Down
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,10 @@ The end-user tool. No server required for local deploys.
| `stacker status` | Show running containers and health |
| `stacker logs` | View container logs (`--follow`, `--service`, `--tail`) |
| `stacker secrets` | Manage local `.env` secrets or remote Vault-backed `service` / `server` secrets |
| `stacker list deployments` | List deployments on the Stacker server |
| `stacker list deployments` / `stacker deployments` | List deployments on the Stacker server |
| `stacker list servers` / `stacker servers` | List saved servers |
| `stacker list clouds` / `stacker clouds` | List saved cloud credentials |
| `stacker list ssh-keys` / `stacker ssh-keys` | List per-server SSH key status |
| `stacker destroy` | Tear down the deployed stack |
| `stacker config validate` | Validate `stacker.yml` syntax |
| `stacker config show` | Show resolved configuration |
Expand All @@ -181,6 +184,8 @@ The end-user tool. No server required for local deploys.
| `stacker service list` | List available service templates (20+ built-in) |
| `stacker agent health` | Check Status Panel agent connectivity and health |
| `stacker agent status` | Display agent snapshot — containers, versions, uptime |
| `stacker agent list apps` / `stacker agent apps` | List apps for the target deployment |
| `stacker agent list containers` / `stacker agent containers` | List containers on the target server |
| `stacker agent logs <app>` | Retrieve container logs from the remote agent |
| `stacker agent restart <app>` | Restart a container via the agent |
| `stacker agent deploy-app` | Deploy or update an app container on the target server. `--runtime kata\|runc` selects container runtime; `--env <name>` selects the deploy environment/profile |
Expand All @@ -202,6 +207,7 @@ The end-user tool. No server required for local deploys.
| `stacker pipe replay <exec-id>` | Re-run a previous pipe execution |
| `stacker target [local\|cloud\|server]` | Switch deployment target mode |
| `stacker env [local\|dev\|prod]` | Show or persist the active deploy environment/profile used by app-only updates |
| `stacker whoami` | Show the active login, subscription plan, and current project deployment context |
| `stacker submit` | Package current stack and submit to marketplace for review |
| `stacker marketplace status` | Check submission status for your marketplace templates |
| `stacker marketplace logs <name>` | Show review comments and history for a submission |
Expand Down
30 changes: 27 additions & 3 deletions build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@ use std::process::Command;

fn main() -> Result<(), Box<dyn std::error::Error>> {
emit_git_short_hash();
configure_protoc()?;

let proto_includes = collect_proto_include_paths();
let proto_includes = collect_proto_include_paths()?;

tonic_build::configure()
.build_server(false)
Expand All @@ -15,9 +16,32 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
Ok(())
}

fn collect_proto_include_paths() -> Vec<PathBuf> {
fn configure_protoc() -> Result<(), Box<dyn std::error::Error>> {
if env::var_os("PROTOC").is_none() {
env::set_var("PROTOC", protoc_bin_vendored::protoc_bin_path()?);
}

if env::var_os("PROTOC_INCLUDE").is_none() {
env::set_var("PROTOC_INCLUDE", protoc_bin_vendored::include_path()?);
}

println!("cargo:rerun-if-env-changed=PROTOC");
println!("cargo:rerun-if-env-changed=PROTOC_INCLUDE");

Ok(())
}

fn collect_proto_include_paths() -> Result<Vec<PathBuf>, Box<dyn std::error::Error>> {
let mut includes = vec![PathBuf::from("proto")];

let vendored_include = PathBuf::from(protoc_bin_vendored::include_path()?);
if vendored_include
.join("google/protobuf/struct.proto")
.exists()
{
includes.push(vendored_include);
}

for candidate in [
PathBuf::from("/usr/include"),
PathBuf::from("/usr/local/include"),
Expand All @@ -28,7 +52,7 @@ fn collect_proto_include_paths() -> Vec<PathBuf> {
}
}

includes
Ok(includes)
}

fn emit_git_short_hash() {
Expand Down
14 changes: 14 additions & 0 deletions configuration.yaml.dist
Original file line number Diff line number Diff line change
Expand Up @@ -71,13 +71,27 @@ connectors:
# USER_SERVICE_AUTH_TOKEN, PAYMENT_SERVICE_AUTH_TOKEN
# STACKER_AUTH_REQUEST_TIMEOUT_SECS, STACKER_AUTH_CONNECT_TIMEOUT_SECS
# DEFAULT_DEPLOY_DIR - Base directory for deployments (default: /home/trydirect)
# STACKER_PAYOUT_PROVIDER=mock|stripe_connect
# STRIPE_SECRET_KEY or PAYOUT_STRIPE_SECRET_KEY
# STRIPE_WEBHOOK_SECRET or PAYOUT_STRIPE_WEBHOOK_SECRET
# PAYOUT_ONBOARDING_RETURN_URL, PAYOUT_ONBOARDING_REFRESH_URL

# Deployment settings
# deployment:
# # Base path for app config files on the deployment server
# # Can also be set via DEFAULT_DEPLOY_DIR environment variable
# config_base_path: /home/trydirect

# Vendor payout provider. Defaults to mock for local/dev/test.
# For production Stripe Connect, set provider: stripe_connect and provide STRIPE_SECRET_KEY
# via environment variable rather than committing it here.
# payouts:
# provider: mock
# stripe_api_base_url: https://api.stripe.com
# onboarding_return_url: https://stacker.try.direct/marketplace/vendor/onboarding/return
# onboarding_refresh_url: https://stacker.try.direct/marketplace/vendor/onboarding/refresh
# timeout_secs: 15

# Marketplace asset storage (Hetzner Object Storage / S3-compatible)
# marketplace_assets:
# enabled: true
Expand Down
3 changes: 3 additions & 0 deletions docker-compose.dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ services:
# Vault — must point to the real Vault service in the TryDirect network
- VAULT_ADDRESS=https://vault.try.direct
- VAULT_TOKEN=${STACKER_VAULT_TOKEN:-change-me}
# mTLS client cert for Vault — inline PEMs
- VAULT_CLIENT_CERT=${VAULT_CLIENT_CERT:-}
- VAULT_CLIENT_KEY=${VAULT_CLIENT_KEY:-}
depends_on:
stackerdb:
condition: service_healthy
Expand Down
44 changes: 17 additions & 27 deletions docker/dev/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "2.2"

volumes:
stackerdb:
driver: local
Expand All @@ -8,30 +6,28 @@ volumes:
driver: local

networks:
backend:
trydirect_default:
driver: bridge
name: backend
external: true
trydirect-network:
external: true
name: trydirect-network


services:

stacker:
image: trydirect/stacker:0.0.8
build: .
image: trydirect/stacker:latest
#image: trydirect/stacker:test
container_name: stacker
restart: always
volumes:
- ./stacker/files:/app/files
- ./.env:/app/.env
- ./configuration.yaml:/app/configuration.yaml
- ./access_control.conf:/app/access_control.conf
- ./migrations:/app/migrations
- ./.env:/app/.env
- ./stacker/ansible:/ansible/roles:ro
ports:
- "8000:8000"
- "8001:8000"
env_file:
- ./.env
environment:
Expand All @@ -41,33 +37,27 @@ services:
stackerdb:
condition: service_healthy
networks:
- backend
- trydirect_default


stacker_queue:
image: trydirect/stacker:0.0.7
container_name: stacker_queue
stackermq:
image: trydirect/stacker:latest
#image: trydirect/stacker:test # for testing mcp
container_name: stackermq
restart: always
volumes:
- ./configuration.yaml:/app/configuration.yaml
- ./.env:/app/.env
environment:
- RUST_LOG=debug
- RUST_BACKTRACE=1
- AMQP_HOST=rabbitmq
- AMQP_PORT=5672
- AMQP_USERNAME=guest
- AMQP_PASSWORD=guest
env_file:
- ./.env
depends_on:
stackerdb:
condition: service_healthy
entrypoint: /app/console mq listen
networks:
- backend
- trydirect-network

- trydirect_default

stackerdb:
container_name: stackerdb
Expand All @@ -76,17 +66,17 @@ services:
interval: 10s
timeout: 5s
retries: 5
image: postgres:18.3
image: postgres:16.0
restart: always
ports:
- 5432
- 5434:5432
env_file:
- ./.env
volumes:
- stackerdb:/var/lib/postgresql/data
- ./postgresql.conf:/etc/postgresql/postgresql.conf
networks:
- backend
- trydirect_default

stackerredis:
container_name: stackerredis
Expand All @@ -105,5 +95,5 @@ services:
options:
max-size: "10m"
tag: "container_{{.Name}}"


networks:
- trydirect_default
Loading
Loading