Skip to content

Interactive installer#15

Merged
benvinegar merged 4 commits into
mainfrom
benvinegar/installer
Feb 17, 2026
Merged

Interactive installer#15
benvinegar merged 4 commits into
mainfrom
benvinegar/installer

Conversation

@benvinegar
Copy link
Copy Markdown
Member

@benvinegar benvinegar commented Feb 17, 2026

Single-command setup: sudo ~/hornet/install.sh

  • Detects distro (Ubuntu/Arch), installs prereqs
  • Clones repo or uses existing clone
  • Runs setup.sh (user, Node.js, firewall, permissions)
  • Walks through API keys interactively with validation + links
  • Writes .env with correct perms (600, owned by hornet_agent)
  • Offers to launch agent in tmux
  • README Quick Start updated to feature installer

Tested on fresh Ubuntu 24.04 and Arch Linux droplets.

@benvinegar
docs: add CI badges, requirements, interactive installer
340e768 
- CI and Integration status badges in README header
- Requirements table (OS, RAM, CPU, disk)
- Linux platform note (tested on Ubuntu 24.04 + Arch Linux)
- install.sh: interactive one-command installer
  - Detects distro (Ubuntu/Arch), installs prereqs
  - Clones repo or uses existing clone
  - Runs setup.sh automatically
  - Walks through secrets with validation + links
  - Writes .env with correct permissions
  - Offers to launch agent in tmux
- README Quick Start updated to feature installer
- Tested on fresh Ubuntu 24.04 and Arch Linux droplets
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Feb 17, 2026

Greptile Summary

Adds single-command interactive installer (install.sh) that automates distro detection, dependency installation, user setup, and API key collection. The installer handles Ubuntu/Arch detection, installs prerequisites via package managers, runs setup.sh, walks through secrets interactively with validation, writes .env with correct permissions, and optionally launches the agent in tmux. README updated to feature installer as primary setup method.

Key changes:

  • New 413-line install.sh script with distro detection and interactive prompts
  • Automated prerequisite installation (git, curl, tmux, iptables, docker, sudo)
  • Interactive secrets collection with prefix validation and help URLs
  • Auto-generation of HORNET_SECRET if not provided
  • Optional tmux session launch after setup
  • README Quick Start now leads with installer, manual setup moved to collapsible section

Issues found:

  • Command injection vulnerability: eval echo "~$ADMIN_USER" on line 112 (should use getent passwd instead)
  • Violates AGENTS.md:120 convention against distro-specific package manager calls (apt-get, pacman) - convention states these should be documented as prerequisites, not auto-installed

Confidence Score: 4/5

  • Safe to merge with one critical security fix needed
  • Score reflects a command injection vulnerability on line 112 that must be fixed before deployment, and a minor style guide violation regarding distro-specific package managers. The installer itself is well-structured with proper input validation, permission handling, and error checking throughout. The documentation updates are clean and improve user experience.
  • Pay close attention to install.sh:112 - command injection via eval must be fixed

Important Files Changed

Filename Overview
install.sh Interactive installer that automates system setup, API key collection, and agent deployment - violates AGENTS.md convention against distro-specific package managers
README.md Updated Quick Start section to feature the new installer as primary setup method, moved manual setup to collapsible section
AGENTS.md Added reference to installer in Development Workflow section

Flowchart

flowchart TD
    Start([sudo ~/hornet/install.sh]) --> CheckRoot{Root?}
    CheckRoot -->|No| Die1[Die: Must run as root]
    CheckRoot -->|Yes| CheckLinux{Linux?}
    CheckLinux -->|No| Die2[Die: Linux required]
    CheckLinux -->|Yes| DetectDistro[Detect distro from /etc/os-release]
    DetectDistro --> CheckDistro{Ubuntu or Arch?}
    CheckDistro -->|Unknown| Die3[Die: Unsupported distro]
    CheckDistro -->|Known| DetectAdmin[Detect admin user via SUDO_USER]
    DetectAdmin --> InstallPrereqs[Install prerequisites via apt/pacman]
    InstallPrereqs --> CloneRepo{Repo exists?}
    CloneRepo -->|Yes, in clone| UseExisting[Use existing clone]
    CloneRepo -->|Yes, at ~/hornet| PullLatest[git pull --ff-only]
    CloneRepo -->|No| GitClone[git clone to ~/hornet]
    UseExisting --> RunSetup[Run setup.sh]
    PullLatest --> RunSetup
    GitClone --> RunSetup
    RunSetup --> PromptSecrets[Interactive API key prompts]
    PromptSecrets --> ValidatePrefix{Prefix valid?}
    ValidatePrefix -->|No| WarnPrefix[Warn but save anyway]
    ValidatePrefix -->|Yes| SaveSecret[Add to ENV_VARS map]
    WarnPrefix --> SaveSecret
    SaveSecret --> MoreSecrets{More secrets?}
    MoreSecrets -->|Yes| PromptSecrets
    MoreSecrets -->|No| WriteEnv[Write .env with 600 perms]
    WriteEnv --> CheckRequired{All required secrets?}
    CheckRequired -->|No| SkipLaunch[Skip launch, show instructions]
    CheckRequired -->|Yes| AskLaunch{Start now?}
    AskLaunch -->|No| SkipLaunch
    AskLaunch -->|Yes| TmuxLaunch[tmux new-session -d hornet]
    TmuxLaunch --> CheckTmux{Session alive?}
    CheckTmux -->|Yes| Success[Agent is running ✓]
    CheckTmux -->|No| WarnManual[Warn: try manually]
    SkipLaunch --> Done([Installation complete])
    Success --> Done
    WarnManual --> Done
Loading

Last reviewed commit: 340e768

greptile-apps[bot]
greptile-apps Bot reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3 files reviewed, 3 comments

Edit Code Review Agent Settings | Greptile

Comment thread install.sh Outdated
Comment thread install.sh
Comment thread install.sh Outdated
@benvinegar
install: fix eval injection, update usage comments
01c15af 
- Replace eval echo ~user with getent passwd for home dir lookup
- Recommend clone+run as primary method over curl|bash
@benvinegar
ci: test install.sh instead of manual setup in integration tests
b63038c 
CI scripts now run install.sh with simulated input, then verify:
- .env written with correct perms (600) and owner (hornet_agent)
- Runtime deployed (start.sh, extensions)
- Required secrets present in .env
- All 5 test suites pass
@benvinegar
docs: add droplet testing guide to AGENTS.md
3232c55 
Practical instructions for using bin/ci/droplet.sh to spin up
ephemeral DO droplets for manual or scripted testing. Covers
create, SSH, upload, run, and cleanup.
@benvinegar benvinegar merged commit e82b435 into main Feb 17, 2026
8 checks passed
benvinegar added a commit that referenced this pull request Feb 17, 2026
@benvinegar
Interactive installer (#15)
24f772a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@benvinegar