Skip to content

feat(api): Add setup wizard endpoints for installer #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nfebe wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(api): Add setup wizard endpoints for installer #70

nfebe wants to merge 1 commit into from

Conversation

@nfebe
Copy link
Contributor

@nfebe nfebe commented Feb 1, 2026

Add setup flow endpoints for the installer UI to configure:

  • System validation checks
  • Domain configuration
  • CORS/UI origin settings
  • Initial user creation

Note: Dynamic CORS middleware included but may be removed if installer UI is served from same origin.

@nfebe
feat(api): Add setup wizard endpoints for installer
06a2af8 
Add setup flow endpoints for the installer UI to configure:
- System validation checks
- Domain configuration
- CORS/UI origin settings
- Initial user creation

Note: Dynamic CORS middleware included but may be removed
if installer UI is served from same origin.

Signed-off-by: nfebe <fenn25.fn@gmail.com>
@sourceant
Copy link

sourceant bot commented Feb 1, 2026

Code Review Summary

This pull request introduces a comprehensive initial setup flow for the agent, encapsulated within the new internal/setup package. The changes include new API endpoints for managing setup status, domain configuration, CORS, user creation, and system validation. A dynamic CORS middleware has been integrated to support setup-specific origins. The underlying logic leverages an SQLite database for persistent state management and includes robust environment detection and system health checks.

🚀 Key Improvements

  • Comprehensive Setup Flow: A structured and secure initial setup process is now in place, guiding users through critical configurations.
  • Enhanced Security for Setup: The RequireSetupIncomplete middleware ensures that sensitive setup endpoints are only accessible before the agent is fully initialized, preventing unauthorized modifications.
  • Dynamic CORS Configuration: The agent can now dynamically adjust allowed CORS origins based on the setup state, improving flexibility and security during initial configuration.
  • Robust System Validation: New validation checks cover Docker, file system permissions, disk space, memory, and network connectivity, ensuring a healthy operating environment.

🚨 Critical Issues

  • Weak JWT Secret Fallback: The fallback mechanism in generateSecret for crypto/rand.Read failing uses low-entropy sources, which could lead to predictable JWT secrets under rare error conditions. This should be addressed to ensure strong randomness at all times.

sourceant[bot]
sourceant bot approved these changes Feb 1, 2026
View reviewed changes
Copy link

@sourceant sourceant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

internal/setup/manager.go
Comment on lines +438 to +445
bytes := make([]byte, length)
if _, err := rand.Read(bytes); err != nil {
fallback := make([]byte, length)
for i := range fallback {
fallback[i] = byte(os.Getpid()>>i) ^ byte(time.Now().UnixNano()>>i)
}
return hex.EncodeToString(fallback)
}
Copy link

@sourceant sourceant bot Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fallback for cryptoRand.Read in generateSecret uses os.Getpid() and time.Now().UnixNano(), which provide very low entropy. While cryptoRand.Read failing is rare, if it does, the generated JWT secret would be predictable, posing a significant security risk. It's generally better to let cryptoRand.Read fail and return an error for critical security functions like secret generation, rather than using a weak fallback.

Suggested change
bytes := make([]byte, length)
if _, err := rand.Read(bytes); err != nil {
fallback := make([]byte, length)
for i := range fallback {
fallback[i] = byte(os.Getpid()>>i) ^ byte(time.Now().UnixNano()>>i)
}
return hex.EncodeToString(fallback)
}
func generateSecret(length int) string {
bytes := make([]byte, length)
if _, err := rand.Read(bytes); err != nil {
// Log the error and potentially panic or return an empty string/error
// to prevent using a weak secret.
log.Fatalf("Failed to generate secure random bytes for JWT secret: %v", err)
return ""
}
return hex.EncodeToString(bytes)
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sourceant sourceant[bot] sourceant[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nfebe