Dark-Alex-17/loki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Integrated gman with Loki to create a vault and added flags to configure the Loki vault

Browse Source
This commit is contained in:
Alex Clarke
2025-10-14 18:00:11 -06:00
parent 316ebd6d25
commit 591f204b67
7 changed files with 2174 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/cli.rs → src/cli/mod.rs
+18
View File
@@ -1,3 +1,6 @@
mod secrets;
use crate::cli::secrets::secrets_completer;
use crate::client::{list_models, ModelType};
use crate::config::{list_agents, Config};
use anyhow::{Context, Result};
@@ -113,6 +116,21 @@ pub struct Cli {
/// Disable colored log output
#[arg(long, requires = "tail_logs")]
pub disable_log_colors: bool,
/// Add a secret to the Loki vault
#[arg(long, value_name = "SECRET_NAME", exclusive = true)]
pub add_secret: Option<String>,
/// Decrypt a secret from the Loki vault and print the plaintext
#[arg(long, value_name = "SECRET_NAME", exclusive = true, add = ArgValueCompleter::new(secrets_completer))]
pub get_secret: Option<String>,
/// Update an existing secret in the Loki vault
#[arg(long, value_name = "SECRET_NAME", exclusive = true, add = ArgValueCompleter::new(secrets_completer))]
pub update_secret: Option<String>,
/// Delete a secret from the Loki vault
#[arg(long, value_name = "SECRET_NAME", exclusive = true, add = ArgValueCompleter::new(secrets_completer))]
pub delete_secret: Option<String>,
/// List all secrets stored in the Loki vault
#[arg(long, exclusive = true)]
pub list_secrets: bool,
}
impl Cli {
src/cli/secrets.rs
+226
View File
@@ -0,0 +1,226 @@
use crate::cli::Cli;
use crate::config::{ensure_parent_exists, Config};
use anyhow::{anyhow, Context, Result};
use clap_complete::CompletionCandidate;
use gman::providers::local::LocalProvider;
use gman::providers::SecretProvider;
use inquire::validator::Validation;
use inquire::{min_length, required, Confirm, Password, PasswordDisplayMode, Text};
use std::ffi::OsStr;
use std::io;
use std::io::{IsTerminal, Read, Write};
use std::path::PathBuf;
use tokio::runtime::Handle;
impl Cli {
pub async fn handle_secret_flag(&self, mut config: Config) -> Result<()> {
ensure_password_file_initialized(&mut config)?;
let local_provider = match config.secrets_provider {
Some(lc) => lc,
None => {
return Err(anyhow!(
"Local secrets provider is not configured. Please ensure a password file is configured and try again."
))
}
};
if let Some(secret_name) = &self.add_secret {
let plaintext =
read_all_stdin().with_context(|| "unable to read plaintext from stdin")?;
local_provider
.set_secret(secret_name, plaintext.trim_end())
.await?;
println!("✓ Secret '{secret_name}' added to the vault.");
}
if let Some(secret_name) = &self.get_secret {
let secret = local_provider.get_secret(secret_name).await?;
println!("{}", secret);
}
if let Some(secret_name) = &self.update_secret {
let plaintext =
read_all_stdin().with_context(|| "unable to read plaintext from stdin")?;
local_provider
.update_secret(secret_name, plaintext.trim_end())
.await?;
println!("✓ Secret '{secret_name}' updated in the vault.");
}
if let Some(secret_name) = &self.delete_secret {
local_provider.delete_secret(secret_name).await?;
println!("✓ Secret '{secret_name}' deleted from the vault.");
}
if self.list_secrets {
let secrets = local_provider.list_secrets().await?;
if secrets.is_empty() {
println!("The vault is empty.");
} else {
for key in &secrets {
println!("{}", key);
}
}
}
Ok(())
}
}
fn ensure_password_file_initialized(config: &mut Config) -> Result<()> {
let secrets_password_file = config.secrets_password_file();
if secrets_password_file.exists() {
{
let file_contents = std::fs::read_to_string(&secrets_password_file)?;
if !file_contents.trim().is_empty() {
return Ok(());
}
}
let ans = Confirm::new(
format!(
"The configured password file '{}' is empty. Create a password?",
secrets_password_file.display()
)
.as_str(),
)
.with_default(true)
.prompt()?;
if !ans {
return Err(anyhow!("The configured password file '{}' is empty. Please populate it with a password and try again.", secrets_password_file.display()));
}
let password = Password::new("Enter a password to encrypt all vault secrets:")
.with_validator(required!())
.with_validator(min_length!(10))
.with_display_mode(PasswordDisplayMode::Masked)
.prompt();
match password {
Ok(pw) => {
std::fs::write(&secrets_password_file, pw.as_bytes())?;
load_secrets_provider(config);
println!(
"✓ Password file '{}' updated.",
secrets_password_file.display()
);
}
Err(_) => {
return Err(anyhow!(
"Failed to read password from input. Password file not updated."
));
}
}
} else {
let ans = Confirm::new("No password file configured. Do you want to create one now?")
.with_default(true)
.prompt()?;
if !ans {
return Err(anyhow!("A password file is required to utilize secrets. Please configure a password file in your config file and try again."));
}
let password_file: PathBuf = Text::new("Enter the path to the password file to create:")
.with_default(&secrets_password_file.display().to_string())
.with_validator(required!("Password file path is required"))
.with_validator(|input: &str| {
let path = PathBuf::from(input);
if path.exists() {
Ok(Validation::Invalid(
"File already exists. Please choose a different path.".into(),
))
} else if let Some(parent) = path.parent() {
if !parent.exists() {
Ok(Validation::Invalid(
"Parent directory does not exist.".into(),
))
} else {
Ok(Validation::Valid)
}
} else {
Ok(Validation::Valid)
}
})
.prompt()?
.into();
if password_file != secrets_password_file {
println!("Note: The default password file path is '{}'. You have chosen to create a different path: '{}'. Please ensure your configuration is updated accordingly.", secrets_password_file.display(), password_file.display());
}
ensure_parent_exists(&password_file)?;
let password = Password::new("Enter a password to encrypt all vault secrets:")
.with_display_mode(PasswordDisplayMode::Masked)
.with_validator(required!())
.with_validator(min_length!(10))
.prompt();
match password {
Ok(pw) => {
std::fs::write(&password_file, pw.as_bytes())?;
config.password_file = Some(password_file);
load_secrets_provider(config);
println!(
"✓ Password file '{}' created.",
secrets_password_file.display()
);
}
Err(_) => {
return Err(anyhow!(
"Failed to read password from input. Password file not created."
));
}
}
}
Ok(())
}
fn load_secrets_provider(config: &mut Config) {
let password_file = Some(config.secrets_password_file());
config.secrets_provider = Some(LocalProvider {
password_file,
git_branch: None,
..LocalProvider::default()
});
}
fn read_all_stdin() -> Result<String> {
if io::stdin().is_terminal() {
#[cfg(not(windows))]
eprintln!("Enter the text to encrypt, then press Ctrl-D twice to finish input");
#[cfg(windows)]
eprintln!("Enter the text to encrypt, then press Ctrl-Z to finish input");
io::stderr().flush()?;
}
let mut buf = String::new();
let stdin_tty = io::stdin().is_terminal();
let stdout_tty = io::stdout().is_terminal();
io::stdin().read_to_string(&mut buf)?;
if stdin_tty && stdout_tty && !buf.ends_with('\n') {
let mut out = io::stdout().lock();
out.write_all(b"\n")?;
out.flush()?;
}
Ok(buf)
}
pub fn secrets_completer(current: &OsStr) -> Vec<CompletionCandidate> {
let cur = current.to_string_lossy();
match Config::init_bare() {
Ok(config) => {
let local_provider = match config.secrets_provider {
Some(pc) => pc,
None => return vec![],
};
let h = Handle::current();
tokio::task::block_in_place(|| h.block_on(local_provider.list_secrets()))
.unwrap_or_default()
.into_iter()
.filter(|s| s.starts_with(&*cur))
.map(CompletionCandidate::new)
.collect()
}
Err(_) => vec![],
}
}
src/config/mod.rs
+51 -15
View File
@@ -25,6 +25,7 @@ use crate::mcp::{
McpRegistry, MCP_INVOKE_META_FUNCTION_NAME_PREFIX, MCP_LIST_META_FUNCTION_NAME_PREFIX,
};
use anyhow::{anyhow, bail, Context, Result};
use gman::providers::local::LocalProvider;
use indexmap::IndexMap;
use inquire::{list_option::ListOption, validator::Validation, Confirm, MultiSelect, Select, Text};
use log::LevelFilter;
@@ -120,6 +121,7 @@ pub struct Config {
pub editor: Option<String>,
pub wrap: Option<String>,
pub wrap_code: bool,
pub(crate) password_file: Option<PathBuf>,
pub function_calling: bool,
pub mapping_tools: IndexMap<String, String>,
@@ -160,6 +162,9 @@ pub struct Config {
pub clients: Vec<ClientConfig>,
#[serde(skip)]
pub secrets_provider: Option<LocalProvider>,
#[serde(skip)]
pub macro_flag: bool,
#[serde(skip)]
@@ -202,6 +207,7 @@ impl Default for Config {
editor: None,
wrap: None,
wrap_code: false,
password_file: None,
function_calling: true,
mapping_tools: Default::default(),
@@ -241,6 +247,8 @@ impl Default for Config {
clients: vec![],
secrets_provider: None,
macro_flag: false,
info_flag: false,
agent_variables: None,
@@ -304,6 +312,7 @@ impl Config {
config.working_mode = working_mode;
config.info_flag = info_flag;
config.load_secrets_provider();
let setup = async |config: &mut Self| -> Result<()> {
config.load_envs();
@@ -361,6 +370,16 @@ impl Config {
}
}
pub fn secrets_password_file(&self) -> PathBuf {
match &self.password_file {
Some(path) => match path.exists() {
true => path.clone(),
false => gman::config::Config::local_provider_password_file(),
},
None => gman::config::Config::local_provider_password_file(),
}
}
pub fn roles_dir() -> PathBuf {
match env::var(get_env_name("roles_dir")) {
Ok(value) => PathBuf::from(value),
@@ -1949,19 +1968,19 @@ impl Config {
pub fn editor(&self) -> Result<String> {
EDITOR.get_or_init(move || {
let editor = self.editor.clone()
.or_else(|| env::var("VISUAL").ok().or_else(|| env::var("EDITOR").ok()))
.unwrap_or_else(|| {
if cfg!(windows) {
"notepad".to_string()
} else {
"nano".to_string()
}
});
which::which(&editor).ok().map(|_| editor)
})
.clone()
.ok_or_else(|| anyhow!("Editor not found. Please add the `editor` configuration or set the $EDITOR or $VISUAL environment variable."))
let editor = self.editor.clone()
.or_else(|| env::var("VISUAL").ok().or_else(|| env::var("EDITOR").ok()))
.unwrap_or_else(|| {
if cfg!(windows) {
"notepad".to_string()
} else {
"nano".to_string()
}
});
which::which(&editor).ok().map(|_| editor)
})
.clone()
.ok_or_else(|| anyhow!("Editor not found. Please add the `editor` configuration or set the $EDITOR or $VISUAL environment variable."))
}
pub fn repl_complete(
@@ -2394,8 +2413,8 @@ impl Config {
None => String::new(),
};
let output = format!(
"# CHAT: {summary} [{now}]{scope}\n{raw_input}\n--------\n{tool_calls}{output}\n--------\n\n",
);
"# CHAT: {summary} [{now}]{scope}\n{raw_input}\n--------\n{tool_calls}{output}\n--------\n\n",
);
file.write_all(output.as_bytes())
.with_context(|| "Failed to save message")
}
@@ -2504,6 +2523,23 @@ impl Config {
Ok(config)
}
fn load_secrets_provider(&mut self) {
let secrets_password_file = self.secrets_password_file();
if !secrets_password_file.exists() {
eprintln!(
"Warning: secrets password file '{}' does not exist.",
secrets_password_file.display()
);
return;
}
self.secrets_provider = Some(LocalProvider {
password_file: Some(secrets_password_file),
git_branch: None,
..LocalProvider::default()
});
}
fn load_envs(&mut self) {
if let Ok(v) = env::var(get_env_name("model")) {
self.model_id = v;
src/main.rs
+12 -1
View File
@@ -14,7 +14,6 @@ mod parsers;
#[macro_use]
extern crate log;
use crate::cli::Cli;
use crate::client::{
call_chat_completions, call_chat_completions_streaming, list_models, ModelType,
};
@@ -26,6 +25,7 @@ use crate::render::render_error;
use crate::repl::Repl;
use crate::utils::*;
use crate::cli::Cli;
use anyhow::{bail, Result};
use clap::{CommandFactory, Parser};
use clap_complete::CompleteEnv;
@@ -67,7 +67,18 @@ async fn main() -> Result<()> {
|| cli.list_rags
|| cli.list_macros
|| cli.list_sessions;
let secrets_flags = cli.add_secret.is_some()
|| cli.get_secret.is_some()
|| cli.update_secret.is_some()
|| cli.delete_secret.is_some()
|| cli.list_secrets;
let log_path = setup_logger(working_mode.is_serve())?;
if secrets_flags {
return cli.handle_secret_flag(Config::init_bare()?).await;
}
let abort_signal = create_abort_signal();
let start_mcp_servers = cli.agent.is_none() && cli.role.is_none();
let config = Arc::new(RwLock::new(