feat(setup): kontext setup / --uninstall for self-serve managed observe#277
Open
michiosw wants to merge 1 commit into
Open
feat(setup): kontext setup / --uninstall for self-serve managed observe#277michiosw wants to merge 1 commit into
michiosw wants to merge 1 commit into
Conversation
Contributor
Author
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
michiosw
force-pushed
the
selfserve-setup-command
branch
3 times, most recently
from
d1f8aa7 to
3acdc06
Compare
Greptile SummaryThis PR adds a self-serve macOS setup and uninstall flow for managed observe. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Reviews (3): Last reviewed commit: "feat(setup): kontext setup / --uninstall..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
michiosw
force-pushed
the
selfserve-paths-foundations
branch
from
1ba7ba8 to
55ae7c5
Compare
michiosw
force-pushed
the
selfserve-setup-command
branch
from
3acdc06 to
4c34bc7
Compare
Contributor
Author
brew-installed Macs connect to an org without MDM: - validates the dashboard-minted install token against GET /api/v1/authorization-ledger/ping before writing any state - stores the raw token in the login keychain via 'security -i' stdin (never argv; go-keyring unusable — its darwin Set base64-prefixes the value the daemon reads raw), deletes stale same-service items first, and verifies via the daemon's actual read path - writes user-scope managed.json (round-tripped through the daemon's parser) + installation identity; device label from scutil ComputerName - merges the five managed hooks into ~/.claude/settings.json (backup, foreign content preserved) - renders a user LaunchAgent (KeepAlive, 30s throttle, logs under ~/Library/Logs/Kontext) and bootout/bootstrap/kickstarts it in the gui domain — no sudo anywhere - refuses MDM-managed Macs (system /Library config always outranks user scope, so setup there would produce ignored artifacts) - --uninstall reverses everything but keeps installation.json so a re-setup reports the same endpoint Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
michiosw
force-pushed
the
selfserve-paths-foundations
branch
from
55ae7c5 to
8d585d0
Compare
michiosw
force-pushed
the
selfserve-setup-command
branch
from
4c34bc7 to
706dd46
Compare
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
kontext setup/kontext setup --uninstall(ENG-442) — the self-serve install path that replaces pkg+MDM. Same managed-observe daemon, sameAuthorization: Beareringest as enterprise; only the provisioning differs (the user pastes a dashboard key instead of MDM injecting it). Builds on #276.setupdoes, in order: darwin-only gate -> refuse if anyKONTEXT_MANAGED_CONFIGis set or a system/Libraryconfig exists ("managed by your IT admin") -> validate the token viaGET /ping(learns the org id; fails fast on a bad/revoked key) -> write the keychain item via/usr/bin/security -istdin (never argv) and read it back through the daemon's own path so a write/read mismatch fails here, not silently under launchd -> write usermanaged.json(org id from ping) -> ensure installation identity -> merge~/.claude/settings.jsonhooks -> install + bootstrap + kickstart the LaunchAgent -> probe the socket.--uninstallreverses it (bootout by plist path, remove hooks keeping foreign + Guard hooks, delete keychain item, remove managed.json) and keepsinstallation.jsonso re-running setup reuses the same device identity.The token is validated raw (no trimming): leading/trailing whitespace or control chars fail loudly rather than being silently rewritten, so the stored credential is byte-identical to the dashboard's and can never smuggle a second line into the
security -istream.How to review / test — without brew (no CLI release needed)
The logic is fully unit-tested behind seams (
execCommand/readPassword/isTerminal/keychain/launchctl/systemConfigPath/goosare function vars), so you can verify the whole flow with no real keychain, launchctl, or network:To exercise the real daemon path against the local stack — build from the branch and run the binary directly (this is the brew-less equivalent of the published flow):
Note: a machine with an existing
/Librarymanaged.json will (correctly) refuse — move it aside to test the happy path.Security notes for the reviewer
security -iquoting is injection-safe for everything that passes the shape check.managed.jsonis0600; settings.json writes preserve mode; the keychain delete loop purges only same-service items before writing exactly one.Part of the ENG-442 kontext-cli stack: #276 -> #277 -> #278.