trydirect
diff --git a/‎Cargo.lock‎
Lines changed: 40 additions & 0 deletions b/‎Cargo.lock‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 2 additions & 0 deletions b/‎Cargo.toml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎migrations/20251222160220_casbin_agent_rules.up.sql‎
Lines changed: 12 additions & 6 deletions b/‎migrations/20251222160220_casbin_agent_rules.up.sql‎
Lines changed: 12 additions & 6 deletions
diff --git a/‎migrations/20251222163632_casbin_command_rules.up.sql‎
Lines changed: 4 additions & 2 deletions b/‎migrations/20251222163632_casbin_command_rules.up.sql‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎migrations/20251229121000_casbin_marketplace_rules.up.sql‎
Lines changed: 9 additions & 9 deletions b/‎migrations/20251229121000_casbin_marketplace_rules.up.sql‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎migrations/20251230100000_add_marketplace_plans_rule.up.sql‎
Lines changed: 2 additions & 1 deletion b/‎migrations/20251230100000_add_marketplace_plans_rule.up.sql‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎migrations/20260102140000_casbin_categories_rules.up.sql‎
Lines changed: 3 additions & 3 deletions b/‎migrations/20260102140000_casbin_categories_rules.up.sql‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎migrations/20260103103000_casbin_marketplace_admin_creator_rules.up.sql‎
Lines changed: 4 additions & 4 deletions b/‎migrations/20260103103000_casbin_marketplace_admin_creator_rules.up.sql‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎migrations/20260105214000_casbin_dockerhub_rules.up.sql‎
Lines changed: 12 additions & 6 deletions b/‎migrations/20260105214000_casbin_dockerhub_rules.up.sql‎
Lines changed: 12 additions & 6 deletions
diff --git a/‎migrations/20260113120000_add_deployment_capabilities_acl.up.sql‎
Lines changed: 4 additions & 2 deletions b/‎migrations/20260113120000_add_deployment_capabilities_acl.up.sql‎
Lines changed: 4 additions & 2 deletions
@@ -65,6 +65,8 @@ serde_yaml = "0.9"
 lapin = { version = "2.3.1", features = ["serde_json"] }
 futures-lite = "2.2.0"
 clap = { version = "4.4.8", features = ["derive"] }
+clap_complete = "4"
+dialoguer = { version = "0.11", features = ["fuzzy-select"] }
 indicatif = "0.17"
 brotli = "3.4.0"
 serde_path_to_error = "0.1.14"
 
@@ -2,23 +2,29 @@
 
 -- Create agent role group (inherits from group_anonymous for health checks)
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) 
-VALUES ('g', 'agent', 'group_anonymous', '', '', '', '');
+VALUES ('g', 'agent', 'group_anonymous', '', '', '', '')
+ON CONFLICT DO NOTHING;
 
 -- Agent registration (anonymous, users, and admin can register agents)
 -- This allows agents to bootstrap themselves during deployment
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) 
-VALUES ('p', 'group_anonymous', '/api/v1/agent/register', 'POST', '', '', '');
+VALUES ('p', 'group_anonymous', '/api/v1/agent/register', 'POST', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) 
-VALUES ('p', 'group_user', '/api/v1/agent/register', 'POST', '', '', '');
+VALUES ('p', 'group_user', '/api/v1/agent/register', 'POST', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) 
-VALUES ('p', 'group_admin', '/api/v1/agent/register', 'POST', '', '', '');
+VALUES ('p', 'group_admin', '/api/v1/agent/register', 'POST', '', '', '')
+ON CONFLICT DO NOTHING;
 
 -- Agent long-poll for commands (only agents can do this)
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) 
-VALUES ('p', 'agent', '/api/v1/agent/commands/wait/:deployment_hash', 'GET', '', '', '');
+VALUES ('p', 'agent', '/api/v1/agent/commands/wait/:deployment_hash', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 -- Agent report command results (only agents can do this)
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) 
-VALUES ('p', 'agent', '/api/v1/agent/commands/report', 'POST', '', '', '');
+VALUES ('p', 'agent', '/api/v1/agent/commands/report', 'POST', '', '', '')
+ON CONFLICT DO NOTHING;
@@ -7,12 +7,14 @@ VALUES
     ('p', 'group_user', '/api/v1/commands', 'POST', '', '', ''),                          -- Create command
     ('p', 'group_user', '/api/v1/commands/:deployment_hash', 'GET', '', '', ''),          -- List commands for deployment
     ('p', 'group_user', '/api/v1/commands/:deployment_hash/:command_id', 'GET', '', '', ''), -- Get specific command
-    ('p', 'group_user', '/api/v1/commands/:deployment_hash/:command_id/cancel', 'POST', '', '', ''); -- Cancel command
+    ('p', 'group_user', '/api/v1/commands/:deployment_hash/:command_id/cancel', 'POST', '', '', '') -- Cancel command
+ON CONFLICT DO NOTHING;
 
 -- Admin permissions: inherit all user permissions + full access
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
 VALUES 
     ('p', 'group_admin', '/api/v1/commands', 'POST', '', '', ''),
     ('p', 'group_admin', '/api/v1/commands/:deployment_hash', 'GET', '', '', ''),
     ('p', 'group_admin', '/api/v1/commands/:deployment_hash/:command_id', 'GET', '', '', ''),
-    ('p', 'group_admin', '/api/v1/commands/:deployment_hash/:command_id/cancel', 'POST', '', '', '');
+    ('p', 'group_admin', '/api/v1/commands/:deployment_hash/:command_id/cancel', 'POST', '', '', '')
+ON CONFLICT DO NOTHING;
@@ -1,16 +1,16 @@
 -- Casbin rules for Marketplace endpoints
 
 -- Public read rules
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_anonymous', '/api/templates', 'GET', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_anonymous', '/api/templates/:slug', 'GET', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_anonymous', '/api/templates', 'GET', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_anonymous', '/api/templates/:slug', 'GET', '', '', '') ON CONFLICT DO NOTHING;
 
 -- Creator rules
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates', 'POST', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates/:id', 'PUT', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates/:id/submit', 'POST', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates/mine', 'GET', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates', 'POST', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates/:id', 'PUT', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates/:id/submit', 'POST', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/templates/mine', 'GET', '', '', '') ON CONFLICT DO NOTHING;
 
 -- Admin moderation rules
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/admin/templates', 'GET', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/admin/templates/:id/approve', 'POST', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/admin/templates/:id/reject', 'POST', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/admin/templates', 'GET', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/admin/templates/:id/approve', 'POST', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/admin/templates/:id/reject', 'POST', '', '', '') ON CONFLICT DO NOTHING;
@@ -1,3 +1,4 @@
 -- Casbin rule for admin marketplace plans endpoint
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_admin', '/admin/marketplace/plans', 'GET', '', '', '');
+VALUES ('p', 'group_admin', '/admin/marketplace/plans', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
@@ -1,6 +1,6 @@
 -- Casbin rules for Categories endpoint
 -- Categories are publicly readable for marketplace UI population
 
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_anonymous', '/api/categories', 'GET', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/categories', 'GET', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/categories', 'GET', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_anonymous', '/api/categories', 'GET', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_user', '/api/categories', 'GET', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/categories', 'GET', '', '', '') ON CONFLICT DO NOTHING;
@@ -1,6 +1,6 @@
 -- Allow admin service accounts (e.g., root) to call marketplace creator endpoints
 -- Admins previously lacked creator privileges which caused 403 responses
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates', 'POST', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/:id', 'PUT', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/:id/submit', 'POST', '', '', '');
-INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/mine', 'GET', '', '', '');
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates', 'POST', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/:id', 'PUT', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/:id/submit', 'POST', '', '', '') ON CONFLICT DO NOTHING;
+INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5) VALUES ('p', 'group_admin', '/api/templates/mine', 'GET', '', '', '') ON CONFLICT DO NOTHING;
@@ -1,17 +1,23 @@
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_user', '/dockerhub/namespaces', 'GET', '', '', '');
+VALUES ('p', 'group_user', '/dockerhub/namespaces', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_admin', '/dockerhub/namespaces', 'GET', '', '', '');
+VALUES ('p', 'group_admin', '/dockerhub/namespaces', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_user', '/dockerhub/:namespace/repositories', 'GET', '', '', '');
+VALUES ('p', 'group_user', '/dockerhub/:namespace/repositories', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_admin', '/dockerhub/:namespace/repositories', 'GET', '', '', '');
+VALUES ('p', 'group_admin', '/dockerhub/:namespace/repositories', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_user', '/dockerhub/:namespace/repositories/:repository/tags', 'GET', '', '', '');
+VALUES ('p', 'group_user', '/dockerhub/:namespace/repositories/:repository/tags', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_admin', '/dockerhub/:namespace/repositories/:repository/tags', 'GET', '', '', '');
+VALUES ('p', 'group_admin', '/dockerhub/:namespace/repositories/:repository/tags', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
@@ -1,5 +1,7 @@
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_user', '/api/v1/deployments/:deployment_hash/capabilities', 'GET', '', '', '');
+VALUES ('p', 'group_user', '/api/v1/deployments/:deployment_hash/capabilities', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;
 
 INSERT INTO public.casbin_rule (ptype, v0, v1, v2, v3, v4, v5)
-VALUES ('p', 'group_admin', '/api/v1/deployments/:deployment_hash/capabilities', 'GET', '', '', '');
+VALUES ('p', 'group_admin', '/api/v1/deployments/:deployment_hash/capabilities', 'GET', '', '', '')
+ON CONFLICT DO NOTHING;