jesus/ontoref
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ontoref/justfiles/build.just
Jesús Pérez 82a358f18d
Some checks failed
Nickel Type Check / Nickel Type Checking (push) Has been cancelled
Details
Rust CI / Security Audit (push) Has been cancelled
Details
Rust CI / Check + Test + Lint (push) Has been cancelled
Details
feat: #[onto_mcp_tool] catalog, OCI credential vault layer, validate ADR-018 mode hierarchy 
ontoref-derive: #[onto_mcp_tool] attribute macro registers MCP tool unit-structs in
  the catalog at link time via inventory::submit!; annotated item is emitted unchanged,
  ToolBase/AsyncTool impls stay on the struct. All 34 tools migrated from manual wiring
  (net +5: ontoref_list_projects, ontoref_search, ontoref_describe,
  ontoref_list_ontology_extensions, ontoref_get_ontology_extension).

  validate modes (ADR-018): reads level_hierarchy from workflow.ncl and checks every
  .ncl mode for level declared, strategy declared, delegate chain coherent, compose
  extends valid. mode resolve <id> shows which hierarchy level handles a mode and why.
  --self-test generates synthetic fixtures in a temp dir for CI smoke-testing.

  validate run-cargo: two-step Cargo.toml resolution — workspace layout first
  (crates/<check.crate>/Cargo.toml), single-crate fallback by package name or repo
  basename. Lets the same ADR constraint shape apply to workspace and single-crate repos.

  ontology/schemas/manifest.ncl: registry_topology_type contract — multi-registry
  coordination, push targets, participant scopes, per-namespace capability.

  reflection/requirements/base.ncl: oras ≥1.2.0, cosign ≥2.0.0, sops ≥3.9.0, age
  ≥1.1.0, restic declared as Hard/Soft requirements with version_min, check_cmd, and
  install_hint (ADR-017 toolchain surface).

  ADR-019: per-file recipient routing for tenant isolation without multi-vault. Schema
  additions: sops.recipient_groups + sops.recipient_rules in ontoref-project.ncl.
  secrets-bootstrap generates .sops.yaml from project.ncl in declarative mode. Three
  new secrets-audit checks: recipient-routing-coherent, recipient-routing-coverage,
  no-multi-vault. Adoption templates: single-team/, multi-tenant/, agent-first/.
  Integration templates: domain-producer/, mode-producer/, mode-consumer/.

  UI: project_picker surfaces registry badge (⟳ participant) and vault badge
  (⛁ vault_id · N, green=declarative / amber=legacy) per project card. Expanded panel
  adds collapsible Registry section with namespace, endpoint, and push/pull capability.
  manage.html gains Runtime Services card — MCP and GraphQL toggleable without restart
  via HTMX POST /ui/manage/services/{service}/toggle.

  describe.nu: capabilities JSON includes registry_topology and vault_state per project.
  sync.nu: drift check extended to detect //! absence on newly registered crates.
  qa.ncl: six entries — credential-vault-best-practice (layered data-flow diagram),
  credential-vault-templates (paths A/B/C), credential-vault-troubleshooting (15 named
  errors), integration-what-and-why (ADR-042 OCI federation), integration-how-to-implement,
  integration-troubleshooting.

  on+re: core.ncl + manifest.ncl updated to reflect OCI, MCP, and mode-hierarchy nodes.
  Deleted stale presentation assets (2026-02 slides + voice notes).
2026-05-12 04:46:15 +01:00

51 lines
1.8 KiB
Text
Raw Blame History

# Build Module — Core build operations for ontoref
# =================================================
# Build all crates (all targets, all features)
build-all:
@echo "Building all targets..."
cargo build --all-targets
# Build ontoref-daemon in release mode and install
build-daemon: build-css
cargo build --release -p ontoref-daemon --features "db,nats,ui,mcp,graphql"
nu install/install.nu
# Build UnoCSS bundle for the daemon UI
build-css:
cd assets/css && pnpm install && pnpm run build
# Build without stratumiops dependencies (standalone)
build-standalone:
cargo build -p ontoref-ontology
cargo build -p ontoref-daemon --no-default-features
# Check all crates compile (fast feedback, no codegen)
check:
cargo check --all-targets --all-features
# Generate a new GraphQL read token and print its Argon2id hash.
# Copy the TOKEN value to use in API calls; copy the HASH into config.ncl graphql.read_token_hash.
generate-graphql-token:
#!/usr/bin/env bash
set -euo pipefail
TOKEN=$(openssl rand -base64 18 | tr -d '=/+' | head -c 24)
HASH=$(ontoref-daemon --hash-password "$TOKEN")
echo "TOKEN: $TOKEN"
echo "HASH: $HASH"
echo ""
echo "Add to ~/.config/ontoref/config.ncl:"
echo " graphql = { read_token_hash | String = \"$HASH\" },"
# Generate a new admin key-pair and print the Argon2id hash for config.ncl.
# Use ontoref-daemon --gen-keys for full key-pair generation with role assignment.
generate-admin-key:
#!/usr/bin/env bash
set -euo pipefail
TOKEN=$(openssl rand -base64 18 | tr -d '=/+' | head -c 24)
HASH=$(ontoref-daemon --hash-password "$TOKEN")
echo "TOKEN: $TOKEN"
echo "HASH: $HASH"
echo ""
echo "Add to your project keys[] in config.ncl:"
echo " { role = 'admin, hash = \"$HASH\", label = \"admin\" },"
Reference in a new issue View git blame Copy permalink