Skip to content

feat(api): Add setup wizard endpoints for installer#70

Closed
nfebe wants to merge 1 commit intomainfrom
feat/setup-wizard
Closed

feat(api): Add setup wizard endpoints for installer#70
nfebe wants to merge 1 commit intomainfrom
feat/setup-wizard

Conversation

@nfebe
Copy link
Contributor

@nfebe nfebe commented Feb 1, 2026

Add setup flow endpoints for the installer UI to configure:

  • System validation checks
  • Domain configuration
  • CORS/UI origin settings
  • Initial user creation

Note: Dynamic CORS middleware included but may be removed if installer UI is served from same origin.

@nfebe
feat(api): Add setup wizard endpoints for installer
06a2af8 
Add setup flow endpoints for the installer UI to configure:
- System validation checks
- Domain configuration
- CORS/UI origin settings
- Initial user creation

Note: Dynamic CORS middleware included but may be removed
if installer UI is served from same origin.

Signed-off-by: nfebe <fenn25.fn@gmail.com>
@sourceant
Copy link

sourceant bot commented Feb 1, 2026

Code Review Summary

This pull request introduces a comprehensive initial setup flow for the agent, encapsulated within the new internal/setup package. The changes include new API endpoints for managing setup status, domain configuration, CORS, user creation, and system validation. A dynamic CORS middleware has been integrated to support setup-specific origins. The underlying logic leverages an SQLite database for persistent state management and includes robust environment detection and system health checks.

🚀 Key Improvements

  • Comprehensive Setup Flow: A structured and secure initial setup process is now in place, guiding users through critical configurations.
  • Enhanced Security for Setup: The RequireSetupIncomplete middleware ensures that sensitive setup endpoints are only accessible before the agent is fully initialized, preventing unauthorized modifications.
  • Dynamic CORS Configuration: The agent can now dynamically adjust allowed CORS origins based on the setup state, improving flexibility and security during initial configuration.
  • Robust System Validation: New validation checks cover Docker, file system permissions, disk space, memory, and network connectivity, ensuring a healthy operating environment.

🚨 Critical Issues

  • Weak JWT Secret Fallback: The fallback mechanism in generateSecret for crypto/rand.Read failing uses low-entropy sources, which could lead to predictable JWT secrets under rare error conditions. This should be addressed to ensure strong randomness at all times.

sourceant[bot]
sourceant bot approved these changes Feb 1, 2026
View reviewed changes
Copy link

@sourceant sourceant bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

@nfebe
Copy link
Contributor Author

nfebe commented Mar 23, 2026

Relevant changes moved to : #98

@nfebe nfebe closed this Mar 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sourceant sourceant[bot] sourceant[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nfebe