AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/scripts/run-local-dev.ps1
minasarustamyan 9de679c714
System plugins (schema v39) + marketplace UX polish + drop legacy pages (#241) 
* System plugin tier with mark/unmark fanout (schema v39)

Adds a mandatory plugin tier so admins can pin a small set of curated
plugins into every user's stack from day one. Marking a plugin via the
new toggle on /admin/marketplaces materializes resource_grants for every
group and user_plugin_optouts subscriptions for every user, so the
existing resolver pulls the plugin into every served set without a new
filter layer. Hooks on user-create (Google OAuth, magic-link, admin
POST, scheduler) and group-create propagate the same materialization to
new principals. UI locks: /admin/access disables the checkbox with a
SYSTEM pill; /marketplace cards swap the "In stack" green pill for an
amber "Required" badge with shield icon; the plugin detail install
button reads "Required by your org"; /my-ai-stack toggle is disabled.
Bypass paths return 409 (DELETE /api/admin/grants for system grants,
PUT /api/my-stack/curated/.../{enabled:false}, DELETE
/api/marketplace/curated/.../install). Unmark only flips the flag —
materialized rows persist so admins curate cleanup at their leisure
through the now-unlocked /admin/access checkboxes.

* Marketplace UX polish + drop legacy /store and /my-ai-stack pages

Two-part cleanup post-v39:

(1) Page deletion. /store and /my-ai-stack were already replaced by
/marketplace?tab=flea and /marketplace?tab=my respectively, but the
standalone routes lingered. Hard delete in dev mode — no redirects,
stale bookmarks 404. The /store/new upload wizard, the flea
detail/edit pages, the admin queue, and all /api/store/* +
/api/my-stack endpoints (CLI consumers) stay. Internal hardcoded
hrefs in the upload wizard's Cancel button and the advanced-setup
page repointed to the marketplace tabs.

(2) Detail-page install button rework. The single button that morphed
between "+ Add to my stack" and "✓ In your stack" did not
communicate uninstall affordance. The installed state now renders an
inline white status label *before* a separate red-bordered
"✕ Remove from stack" button on the same row, both at identical
height to avoid layout shift. System plugins keep their locked amber
"✓ Required by your org" pill (no Remove button — API refuses 409).
The post-action hint panel now fires on remove too with the title
flipped to "✓ Removed from your stack" — Claude Code needs the same
/update-agnes-plugins refresh either way.

Also: /admin/marketplaces Details modal "Mark as system" toggle
redesigned. The button was near-invisible (matched neutral row
metadata). It's now a balanced amber-toned chip with shield icon
and a structured confirm modal replacing the native confirm() dialog
that summarizes fanout consequences before commit.

* Move stack-hint inside hero with glass-on-gradient styling

The post-action hint card ("✓ Added to your stack" with the
/update-agnes-plugins recipe) used to live below the hero in
panel-what (gray card on white page body). Clicking add/remove
inserted/removed it between the hero and content, shifting the
panels below — a noticeable scroll jump.

The hint is now anchored inside the hero's top-right corner alongside
the install/remove buttons, both as flex children of an absolutely
positioned .actions container. The card uses a translucent
white-on-glass treatment that adopts the hero's kind color (blue for
plugin, green for skill, purple for agent) without per-kind branching.
Hero is always tall enough (160px photo) to contain the action+hint
stack without overflow, so toggling the hint visibility doesn't grow
the hero or shift body content.

The hero-head grid reserves a third 300px column for the absolute
actions overlay so meta gets the proper 1fr free space instead of
being squeezed by a padding-right hack. Responsive breakpoint at
1100px reflows the actions stack below hero-head when the viewport
isn't wide enough to keep meta + actions side-by-side comfortably.

* Add optional -DataPath bind mount to run-local-dev.ps1

When the operator wants to inspect DuckDB files (system.duckdb, extracts,
marketplaces, store/, …) directly from Windows Explorer, the named volume
inside the Docker Desktop WSL VM isn't reachable. The new -DataPath param
generates a transient compose override that rebinds /data on app, scheduler,
extract (and Caddy's /srv:ro mirror) to a Windows host folder.

Fully additive — when -DataPath is omitted everything behaves exactly as
before: no override file is generated, $composeFiles array is unchanged,
finally cleanup is a no-op. Existing positional invocations
(.\run-local-dev.ps1 up | down | logs) keep binding to $Action because
$DataPath is a named-only parameter with no Position attribute.

The override is written via [System.IO.File]::WriteAllText so the YAML is
BOM-less across PS 5.1 / 7+ — Compose rejects BOM-prefixed YAML on Windows.
The override file is unique per PID and removed in the script's finally
block so concurrent invocations and crashes don't leak files.

* factor mark_system fanout into UserCuratedSubscriptionsRepository

The endpoint imported UserCuratedSubscriptionsRepository, ignored it
(noqa: F841), then duplicated the user-side fanout SQL inline. Adds
fanout_system_for_plugin() symmetric to the existing
fanout_system_for_user() and routes mark_plugin_system through it —
removes the dead import + 14 lines of inline SQL, returns the same
`affected_users` delta count, no behavior change.

* drop customer-specific path from .ps1 example

Per CLAUDE.md vendor-agnostic OSS rule: replaced
C:\\Business\\Groupon\\Agnes\\agnes-data with the generic
C:\\Users\\<you>\\agnes-data placeholder so the docstring
example reads cleanly on any reviewer's box.

* release: 0.48.0 + parallelize Release-workflow pytest

Cuts the release shipped via #228 #230 #231 #232 #233 #234 #236 #237 #238
#239 #240 plus this PR (#241). Major changes:

- System plugin tier (schema v39) — admins mark a plugin mandatory; fans
  out RBAC grants + subscriptions to every existing user/group plus
  hooks for new principals
- BREAKING: removed standalone /store + /my-ai-stack page routes
  (replaced by /marketplace?tab=flea + /marketplace?tab=my)
- Setup-prompt + bootstrap recovery fixes (#240)
- DuckDB CHECKPOINT-on-shutdown + 60s compose grace (#235)
- Marketplace + flea-market UX polish, agnes-metadata.json enrichment

Bonus: switch release.yml test step to `-n auto` (matches ci.yml).
Single-threaded was 15-20 min and frequently the bottleneck on PR
mergeability — now ~6 min.

---------

Co-authored-by: Minas Arustamyan <arustamyan.minas@gmail.com>
Co-authored-by: ZdenekSrotyr <zdenek.srotyr@keboola.com>
2026-05-10 19:15:41 +00:00

196 lines
7.8 KiB
PowerShell
Raw Blame History

<#
.SYNOPSIS
Windows/PowerShell sibling of scripts/run-local-dev.sh.
.DESCRIPTION
Runs Agnes locally with auth bypass + dev-mode magic links. Stacks three compose files:
1. docker-compose.yml - base services
2. docker-compose.dev.yml - hot-reload + source bind mount
3. docker-compose.local-dev.yml - LOCAL_DEV_MODE=1, drops .env requirement
After startup visit http://localhost:8000 - you'll land on /dashboard logged in as
dev@localhost (role=admin). No login screen, no email delivery needed.
Source code is bind-mounted from the host, so Python changes are picked up by
uvicorn --reload. Rebuild is only needed when pyproject.toml or Dockerfile change
(e.g. after a `git pull` that adds deps). Use -Build for those cases.
.PARAMETER Action
up (default) docker compose up. The image is auto-built on first run.
down docker compose down (stop + remove containers; data volume preserved).
logs docker compose logs -f (tail).
.PARAMETER Build
Force --build on `up`. Use after pulling changes that touch pyproject.toml or
Dockerfile, or when you hit ModuleNotFoundError from a stale cached image.
.PARAMETER DataPath
Optional Windows folder to use as the /data mount inside the container.
When omitted, Compose falls back to the named volume `agnes-the-ai-analyst_data`
which lives inside the Docker Desktop WSL VM (not directly visible on the
host). When set, /data is bind-mounted to this folder so system.duckdb,
extracts, marketplaces, store/, etc. are reachable from Windows Explorer.
The folder is created if it doesn't exist; relative paths resolve against
the operator's current shell directory. NOTE: switching DataPath between
runs swaps the entire /data mount — the old named volume is preserved but
not used; system.duckdb on the new path starts fresh on first boot.
.NOTES
Anything else on the command line (e.g. -d, --remove-orphans) lands in
PowerShell's automatic $args variable and is forwarded to docker compose.
.EXAMPLE
.\scripts\run-local-dev.ps1
# up - fast path; reuses existing image (auto-builds if none exists yet)
.EXAMPLE
.\scripts\run-local-dev.ps1 -Build
# up --build - force rebuild after dep / Dockerfile changes
.EXAMPLE
.\scripts\run-local-dev.ps1 up -d
# detached
.EXAMPLE
.\scripts\run-local-dev.ps1 down
# stop + remove containers (data volume preserved)
.EXAMPLE
.\scripts\run-local-dev.ps1 logs
# tail logs from the running stack
.EXAMPLE
.\scripts\run-local-dev.ps1 -Build -DataPath C:\Users\<you>\agnes-data
# bind /data to a Windows folder so DuckDB files are reachable from Explorer
#>
# Deliberately keep this a SIMPLE (non-advanced) script — no [CmdletBinding()]
# and no [Parameter(...)] attributes. Both promote the script to an advanced
# function, which auto-injects the common parameters (-Debug, -Verbose,
# -ErrorAction, ...) that PowerShell binds via prefix match. Documented
# examples like `up -d` (detached) and `down -v` (remove volumes) would
# silently have `-d` / `-v` eaten by `-Debug` / `-Verbose` instead of reaching
# docker compose. [ValidateSet(...)] and [switch] do NOT promote and stay.
# Unbound positional args land in PowerShell's automatic $args variable in a
# non-advanced script; we forward them to docker compose.
param(
[ValidateSet('up', 'down', 'logs')]
[string]$Action = 'up',
[switch]$Build,
[string]$DataPath
)
$ErrorActionPreference = 'Stop'
# Resolve $DataPath against the caller's PWD BEFORE the Push-Location below;
# otherwise relative paths would resolve against the repo root rather than the
# operator's shell. Folder is created if it doesn't exist. The path is
# normalized to forward slashes — Compose's short-syntax bind mount parser
# occasionally trips on backslashes on Windows.
$dataPathHost = $null
if ($DataPath) {
if ([System.IO.Path]::IsPathRooted($DataPath)) {
$dataPathHost = $DataPath
} else {
$dataPathHost = Join-Path (Get-Location).Path $DataPath
}
if (-not (Test-Path $dataPathHost)) {
New-Item -ItemType Directory -Path $dataPathHost -Force | Out-Null
}
$dataPathHost = (Resolve-Path $dataPathHost).Path -replace '\\', '/'
}
# PowerShell scripts execute in the caller's runspace (unlike bash, which forks
# a child process), so Set-Location and $env:* assignments leak back into the
# user's shell after the script exits. Wrap the body in Push-Location /
# Pop-Location with try/finally and snapshot the LOCAL_DEV_GROUPS env-var so
# the operator's session is restored on any exit path (success, error, Ctrl+C
# during `up`/`logs`).
Push-Location (Split-Path -Parent $PSScriptRoot)
$localDevGroupsWasSet = Test-Path Env:LOCAL_DEV_GROUPS
$localDevGroupsOriginal = if ($localDevGroupsWasSet) { $env:LOCAL_DEV_GROUPS } else { $null }
$dataOverrideFile = $null
try {
# docker-compose.yml declares env_file: .env on several services. Compose
# validates that path even for profiled services that never start, so make
# sure it exists.
if (-not (Test-Path .env)) {
New-Item -ItemType File -Path .env -Force | Out-Null
}
# Default LOCAL_DEV_GROUPS so /profile and group-aware code see *something* on
# first boot. Mirrors scripts/run-local-dev.sh. Override/disable:
# $env:LOCAL_DEV_GROUPS = '[...]'; .\scripts\run-local-dev.ps1
# $env:LOCAL_DEV_GROUPS = ''; .\scripts\run-local-dev.ps1 # exercise no-groups path
# Test-Path on Env: distinguishes unset (apply default) from set-to-empty
# (honor operator intent) — same contract as the bash sibling.
if (-not $localDevGroupsWasSet) {
$env:LOCAL_DEV_GROUPS = '[{"id":"local-dev-engineers@example.com","name":"Local Dev Engineers"},{"id":"local-dev-admins@example.com","name":"Local Dev Admins"}]'
}
$composeFiles = @(
'-f', 'docker-compose.yml',
'-f', 'docker-compose.dev.yml',
'-f', 'docker-compose.local-dev.yml'
)
# When -DataPath is supplied, generate a transient compose override that
# rebinds /data from the named volume to a Windows host folder so DuckDB
# files are reachable from Explorer. Compose merges service.volumes by
# container target, so listing the same /data target replaces the
# named-volume mount inherited from docker-compose.yml. Caddy's /srv:ro
# readonly mirror is rebound the same way so the file_server keeps working.
if ($dataPathHost) {
$dataOverrideFile = Join-Path $env:TEMP "agnes-data-override-$PID.yml"
$overrideYaml = @"
services:
app:
volumes:
- ${dataPathHost}:/data
scheduler:
volumes:
- ${dataPathHost}:/data
extract:
volumes:
- ${dataPathHost}:/data
caddy:
volumes:
- ${dataPathHost}:/srv:ro
"@
# Use .NET WriteAllText so the file is BOM-less UTF-8 across PS 5.1 / 7+.
[System.IO.File]::WriteAllText($dataOverrideFile, $overrideYaml)
$composeFiles += @('-f', $dataOverrideFile)
Write-Host " /data is bind-mounted to host: $dataPathHost" -ForegroundColor Yellow
}
switch ($Action) {
'up' {
$cmd = @('up')
if ($Build) { $cmd += '--build' }
}
'down' {
$cmd = @('down')
}
'logs' {
$cmd = @('logs', '-f')
}
}
if ($args) { $cmd += $args }
Write-Host "> docker compose $($composeFiles + $cmd -join ' ')" -ForegroundColor Cyan
& docker compose @composeFiles @cmd
} finally {
Pop-Location
if ($localDevGroupsWasSet) {
$env:LOCAL_DEV_GROUPS = $localDevGroupsOriginal
} else {
Remove-Item Env:LOCAL_DEV_GROUPS -ErrorAction SilentlyContinue
}
if ($dataOverrideFile -and (Test-Path $dataOverrideFile)) {
Remove-Item $dataOverrideFile -Force -ErrorAction SilentlyContinue
}
}
exit $LASTEXITCODE
Reference in a new issue View git blame Copy permalink