feat(new-setup): wrap node/docker installs and add generic set-env step
Adds three allowlist-friendly setup helpers so /new-setup and /new-setup-2 don't hit unmatchable commands during a fresh install: - setup/install-node.sh — idempotent Node 22 install wrapper (macOS via brew, Linux via NodeSource + apt). Replaces the raw `curl | sudo -E bash -` flow whose stdin-consuming `bash -` segment can't be pre-approved. - setup/install-docker.sh — same pattern for Docker (brew --cask on macOS, get.docker.com on Linux + usermod). - setup/set-env.ts — generic `--step set-env` that writes KEY=VALUE to .env (and optionally syncs to data/env/env) so channel-install flows don't invent `grep && sed && rm` pipelines, which split at each && and can't be tightly allowlisted. new-setup-2's Telegram path now uses set-env for TELEGRAM_BOT_TOKEN and explicitly skips /add-telegram's Credentials section. new-setup step 1 and step 2 now call the install wrappers; the raw curl/apt entries are gone from the allowed-tools list. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Koshkoshinsk
committed by
exe.dev user
exe.dev user
parent
ccb676ae91
commit
712a0e1e01
56
setup/install-docker.sh
Executable file
56
setup/install-docker.sh
Executable file
@@ -0,0 +1,56 @@
|
||||
#!/usr/bin/env bash
|
||||
# Setup helper: install-docker — bundles Docker install into one idempotent
|
||||
# script so /new-setup can run it without needing `curl | sh` in the allowlist
|
||||
# (pipelines split at matching time, and `sh` receiving stdin can't be
|
||||
# pre-approved safely).
|
||||
#
|
||||
# The script itself is the allowlisted unit; the pipes and sudo live inside
|
||||
# it. Starting the daemon (after install) stays separate — `open -a Docker`
|
||||
# and `sudo systemctl start docker` are already in the allowlist.
|
||||
set -euo pipefail
|
||||
|
||||
echo "=== NANOCLAW SETUP: INSTALL_DOCKER ==="
|
||||
|
||||
if command -v docker >/dev/null 2>&1; then
|
||||
echo "STATUS: already-installed"
|
||||
echo "DOCKER_VERSION: $(docker --version 2>/dev/null || echo unknown)"
|
||||
echo "=== END ==="
|
||||
exit 0
|
||||
fi
|
||||
|
||||
case "$(uname -s)" in
|
||||
Darwin)
|
||||
echo "STEP: brew-install-docker"
|
||||
if ! command -v brew >/dev/null 2>&1; then
|
||||
echo "STATUS: failed"
|
||||
echo "ERROR: Homebrew not installed. Install brew first (https://brew.sh) then re-run."
|
||||
echo "=== END ==="
|
||||
exit 1
|
||||
fi
|
||||
brew install --cask docker
|
||||
;;
|
||||
Linux)
|
||||
echo "STEP: docker-get-script"
|
||||
curl -fsSL https://get.docker.com | sh
|
||||
echo "STEP: usermod-docker-group"
|
||||
sudo usermod -aG docker "$USER"
|
||||
echo "NOTE: you may need to log out and back in for docker group membership to take effect"
|
||||
;;
|
||||
*)
|
||||
echo "STATUS: failed"
|
||||
echo "ERROR: Unsupported platform: $(uname -s)"
|
||||
echo "=== END ==="
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
if ! command -v docker >/dev/null 2>&1; then
|
||||
echo "STATUS: failed"
|
||||
echo "ERROR: docker not found on PATH after install"
|
||||
echo "=== END ==="
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "STATUS: installed"
|
||||
echo "DOCKER_VERSION: $(docker --version 2>/dev/null || echo unknown)"
|
||||
echo "=== END ==="
|
||||
Reference in New Issue
Block a user