Merge pull request #25 from openfort-xyz/sync/upstream-2026-06-07

chore: sync upstream paradigmxyz/centaur (63 commits)

Author: jamalavedra

AGENTS.md

@@ -524,6 +524,12 @@ Tool credentials (e.g., `ANTHROPIC_API_KEY`, `AMP_API_KEY`) are never materializ
 
 For local development, infra secrets are stored in Kubernetes Secrets created by `just bootstrap-secrets`; application secrets continue to come from 1Password.
 
+### iron-control
+
+[iron-control](https://github.com/ironsh/iron-control) is an optional Rails control plane for authenticated API access and encrypted secret storage. It is off by default; enable it with `--set ironControl.enabled=true` (or set `ironControl.enabled: true` in a values file). When enabled, it runs against a dedicated `iron_control_production` database on the bundled Postgres (a separate logical DB so its Rails `schema_migrations` table never collides with the API's dbmate table), created by an idempotent init container.
+
+`just bootstrap-secrets` seeds the required keys into `centaur-infra-env`: the three ActiveRecord encryption keys, `SECRET_KEY_BASE`, and the initial admin password/API key are auto-generated (only when absent, never rotated in place). `IRON_CONTROL_DATABASE_URL` defaults to the bundled Postgres server with no database path (so Rails resolves each connection's database name from the image's `database.yml`); export it before running `just bootstrap-secrets` to point at an external server. Override the admin email with `IRON_CONTROL_INITIAL_USER_EMAIL` (default `admin@centaur.local`).
+
 ## Observability & Audit Logs
 
 ### Architecture

Justfile

@@ -5,6 +5,9 @@ release := env_var_or_default("CENTAUR_RELEASE", "centaur")
 source := env_var_or_default("CENTAUR_IMAGE_SOURCE", "local")
 chart := "contrib/chart"
 dev_values := "contrib/chart/values.dev.yaml"
+# Command used to import images into k3s's containerd. Override for rootless or
+# remote setups, e.g. CENTAUR_K3S_CTR="k3s ctr" or "ssh host sudo k3s ctr".
+k3s_ctr := env_var_or_default("CENTAUR_K3S_CTR", "sudo k3s ctr")
 
 default:
     just --list
@@ -61,6 +64,17 @@ _build-chatbot:
 _build-agent:
     docker build --target sandbox -t centaur-agent:latest -f services/sandbox/Dockerfile .
 
+# Import locally-built images into k3s's containerd. k3s uses containerd, not
+# the Docker daemon, so `docker build` images are otherwise invisible to it
+# (pods ImagePullBackOff on the :latest tags). Used by `just up k3s`.
+_import-k3s:
+    #!/usr/bin/env bash
+    set -euo pipefail
+    for img in centaur-api centaur-iron-proxy centaur-slackbot centaur-agent; do
+      echo "importing ${img}:latest into k3s containerd..."
+      docker save "${img}:latest" | {{k3s_ctr}} images import -
+    done
+
 bootstrap-secrets *args:
     contrib/scripts/bootstrap-k8s-secrets.sh --namespace {{namespace}} {{args}}
 
@@ -73,10 +87,10 @@ deploy:
       local) ;;
       ghcr)
         extra_args+=(
-          --set api.image.repository=ghcr.io/paradigmxyz/centaur-api
-          --set ironProxy.image.repository=ghcr.io/paradigmxyz/centaur-iron-proxy
-          --set slackbot.image.repository=ghcr.io/paradigmxyz/centaur-slackbot
-          --set sandbox.image.repository=ghcr.io/paradigmxyz/centaur-agent
+          --set api.image.repository=ghcr.io/paradigmxyz/centaur/centaur-api
+          --set ironProxy.image.repository=ghcr.io/paradigmxyz/centaur/centaur-iron-proxy
+          --set slackbot.image.repository=ghcr.io/paradigmxyz/centaur/centaur-slackbot
+          --set sandbox.image.repository=ghcr.io/paradigmxyz/centaur/centaur-agent
         )
         ;;
       *) echo "unknown source: {{source}} (expected local or ghcr)" >&2; exit 2 ;;
@@ -92,14 +106,28 @@ deploy:
         --set sandbox.extraEnv.CODEX_AUTH_MODE=${CODEX_AUTH_MODE}
       )
     fi
+    if [[ -n "${CLAUDE_CODE_AUTH_MODE:-}" ]]; then
+      extra_args+=(
+        --set sandbox.extraEnv.CLAUDE_CODE_AUTH_MODE=${CLAUDE_CODE_AUTH_MODE}
+      )
+    fi
     helm upgrade --install {{release}} {{chart}} -n {{namespace}} --create-namespace -f {{dev_values}} ${extra_args[@]+"${extra_args[@]}"}
 
-up:
+# Bring up the dev stack; pass `k3s` (just up k3s) to import local images into k3s's containerd.
+up import="":
     #!/usr/bin/env bash
     set -euo pipefail
+    if [[ -n "{{import}}" && "{{import}}" != "k3s" ]]; then
+      echo "unknown argument: {{import}} (expected nothing or 'k3s')" >&2; exit 2
+    fi
     just bootstrap-secrets
     case "{{source}}" in
-      local) just build ;;
+      local)
+        just build
+        if [[ "{{import}}" == "k3s" ]]; then
+          just _import-k3s
+        fi
+        ;;
       ghcr) ;;
       *) echo "unknown source: {{source}} (expected local or ghcr)" >&2; exit 2 ;;
     esac
@@ -163,28 +191,33 @@ cleanup-orphan-proxy-services mode="dry-run":
 shell component:
     kubectl exec -it -n {{namespace}} deploy/{{release}}-centaur-{{component}} -- sh
 
-smoke:
+smoke harness="codex":
     #!/usr/bin/env bash
     set -euo pipefail
     THREAD_KEY="smoke-$(date +%s)"
     API_DEPLOY="deploy/{{release}}-centaur-api"
+    SMOKE_HARNESS="{{harness}}"
+    api_curl() {
+      kubectl exec -n {{namespace}} "$API_DEPLOY" -c api -- \
+        sh -lc 'curl -s -H "x-api-key: ${SLACKBOT_API_KEY:?SLACKBOT_API_KEY is not set}" "$@"' sh "$@"
+    }
 
-    SPAWN=$(kubectl exec -n {{namespace}} "$API_DEPLOY" -- curl -s -X POST http://localhost:8000/agent/spawn \
+    SPAWN=$(api_curl -X POST http://localhost:8000/agent/spawn \
       -H "Content-Type: application/json" \
-      -d "{\"thread_key\":\"${THREAD_KEY}\"}")
+      -d "{\"thread_key\":\"${THREAD_KEY}\",\"harness\":\"${SMOKE_HARNESS}\"}")
     ASSIGNMENT_GENERATION=$(printf '%s' "$SPAWN" | jq -r '.assignment_generation')
 
-    kubectl exec -n {{namespace}} "$API_DEPLOY" -- curl -s -X POST http://localhost:8000/agent/message \
+    api_curl -X POST http://localhost:8000/agent/message \
       -H "Content-Type: application/json" \
       -d "{\"thread_key\":\"${THREAD_KEY}\",\"assignment_generation\":${ASSIGNMENT_GENERATION},\"role\":\"user\",\"parts\":[{\"type\":\"text\",\"text\":\"Reply with exactly PONG and nothing else.\"}]}" >/dev/null
 
-    EXECUTE=$(kubectl exec -n {{namespace}} "$API_DEPLOY" -- curl -s -X POST http://localhost:8000/agent/execute \
+    EXECUTE=$(api_curl -X POST http://localhost:8000/agent/execute \
       -H "Content-Type: application/json" \
       -d "{\"thread_key\":\"${THREAD_KEY}\",\"assignment_generation\":${ASSIGNMENT_GENERATION},\"delivery\":{\"platform\":\"dev\"}}")
     EXECUTION_ID=$(printf '%s' "$EXECUTE" | jq -r '.execution_id')
 
     for _ in $(seq 1 60); do
-      STATE=$(kubectl exec -n {{namespace}} "$API_DEPLOY" -- curl -s "http://localhost:8000/agent/executions/${EXECUTION_ID}")
+      STATE=$(api_curl "http://localhost:8000/agent/executions/${EXECUTION_ID}")
       STATUS=$(printf '%s' "$STATE" | jq -r '.status // empty')
       case "$STATUS" in
         completed)
@@ -200,6 +233,6 @@ smoke:
       sleep 2
     done
 
-    kubectl exec -n {{namespace}} "$API_DEPLOY" -- curl -s "http://localhost:8000/agent/executions/${EXECUTION_ID}" | jq
+    api_curl "http://localhost:8000/agent/executions/${EXECUTION_ID}" | jq
     echo "smoke timed out waiting for execution ${EXECUTION_ID}" >&2
     exit 1

contrib/chart/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: centaur
 description: Helm chart for the trusted Centaur control plane
 type: application
-version: 0.1.41
+version: 0.1.49
 appVersion: "0.1.0"
 dependencies:
   - name: connect

contrib/chart/templates/_helpers.tpl

@@ -141,6 +141,22 @@ registered refresh_token OAuthTokenSecrets by the API server at startup.
 {{- printf "http://%s:%v" (include "centaur.tokenBrokerHost" .) .Values.tokenBroker.service.httpPort -}}
 {{- end -}}
 
+{{- /*
+iron-control — Rails control plane for authenticated API access and encrypted
+secret storage. Flag-gated (ironControl.enabled), in-cluster ClusterIP Service.
+*/ -}}
+{{- define "centaur.ironControlName" -}}
+{{- include "centaur.componentName" (dict "root" . "component" "iron-control") -}}
+{{- end -}}
+
+{{- define "centaur.ironControlHost" -}}
+{{- include "centaur.ironControlName" . -}}
+{{- end -}}
+
+{{- define "centaur.ironControlUrl" -}}
+{{- printf "http://%s:%v" (include "centaur.ironControlHost" .) .Values.ironControl.service.httpPort -}}
+{{- end -}}
+
 {{- define "centaur.laminarNoProxyHosts" -}}
 {{- if .Values.laminar.enabled -}}
 {{- printf ",%s,%s,%s,%s,%s,%s" (include "centaur.componentName" (dict "root" . "component" "laminar-app-server")) (include "centaur.componentName" (dict "root" . "component" "laminar-frontend")) (include "centaur.componentName" (dict "root" . "component" "laminar-postgres")) (include "centaur.componentName" (dict "root" . "component" "laminar-clickhouse")) (include "centaur.componentName" (dict "root" . "component" "laminar-query-engine")) (include "centaur.componentName" (dict "root" . "component" "laminar-quickwit")) -}}

contrib/chart/templates/iron-control.yaml

@@ -0,0 +1,211 @@
+{{- if .Values.ironControl.enabled }}
+{{- $secretEnv := include "centaur.secretEnvName" . }}
+{{- $prefix := .Values.secretManager.envPrefix }}
+# iron-control — Rails control plane for authenticated API access and encrypted
+# secret storage. The chart owns the Deployment shape (image, port, env,
+# security context) so operators tune it via `helm upgrade`. It runs against a
+# dedicated `iron_control_production` database on the bundled Postgres (a separate logical
+# DB so its Rails schema_migrations table never collides with the API's dbmate
+# table); the create-db init container provisions that DB idempotently. All
+# secret material — the primary DB URL, the bootstrap user/API-key, the three
+# ActiveRecord encryption keys, and SECRET_KEY_BASE — comes from the shared
+# infra Secret via explicit secretKeyRefs (NOT envFrom, which would leak the
+# API's ai_v2 DATABASE_URL into iron-control's env).
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "centaur.ironControlName" . }}
+  labels:
+{{ include "centaur.componentLabels" (dict "root" . "component" "iron-control") | nindent 4 }}
+spec:
+  selector:
+{{ include "centaur.componentSelectorLabels" (dict "root" . "component" "iron-control") | nindent 4 }}
+  ports:
+    - name: http
+      port: {{ .Values.ironControl.service.httpPort }}
+      targetPort: {{ .Values.ironControl.service.httpPort }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "centaur.ironControlName" . }}
+  labels:
+{{ include "centaur.componentLabels" (dict "root" . "component" "iron-control") | nindent 4 }}
+spec:
+  replicas: {{ .Values.ironControl.replicaCount }}
+  selector:
+    matchLabels:
+{{ include "centaur.componentSelectorLabels" (dict "root" . "component" "iron-control") | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/infra-secrets: {{ include "centaur.infraSecretsChecksum" . }}
+      labels:
+{{ include "centaur.componentSelectorLabels" (dict "root" . "component" "iron-control") | nindent 8 }}
+    spec:
+      automountServiceAccountToken: false
+      {{- with .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml . | nindent 8 }}
+      {{- end }}
+      initContainers:
+        # Create the dedicated logical DB on the bundled Postgres. Idempotent:
+        # guarded by a pg_database existence check, and the CREATE tolerates a
+        # lost race against a concurrent replica. Connects as the admin (ai_v2)
+        # DSN, whose `tempo` superuser can create databases.
+        - name: create-db
+          image: {{ printf "%s:%s" .Values.postgres.image.repository .Values.postgres.image.tag | quote }}
+          imagePullPolicy: {{ .Values.postgres.image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -ec
+            - |
+              exists=$(psql "$ADMIN_DATABASE_URL" -tAc \
+                "SELECT 1 FROM pg_database WHERE datname = '$DB_NAME'")
+              if [ "$exists" != "1" ]; then
+                psql "$ADMIN_DATABASE_URL" -c "CREATE DATABASE \"$DB_NAME\"" || true
+              fi
+          env:
+            - name: ADMIN_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sDATABASE_URL" $prefix }}
+            - name: DB_NAME
+              value: {{ .Values.ironControl.database.name | quote }}
+          securityContext:
+{{ toYaml .Values.containerSecurityContext | nindent 12 }}
+            seccompProfile:
+              type: RuntimeDefault
+      containers:
+        - name: iron-control
+          image: {{ printf "%s:%s" .Values.ironControl.image.repository .Values.ironControl.image.tag | quote }}
+          imagePullPolicy: {{ .Values.ironControl.image.pullPolicy }}
+          env:
+            # Explicit secretKeyRefs only — never envFrom the shared Secret, or
+            # its DATABASE_URL (ai_v2) would leak into iron-control's env. Env
+            # var names match the IRON_CONTROL_* secret keys 1:1 (except
+            # SECRET_KEY_BASE, which Rails reads by its standard name). The DB
+            # URL carries connection info only (no database path) so each Rails
+            # connection's db name comes from the image's database.yml.
+            - name: IRON_CONTROL_DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_DATABASE_URL" $prefix }}
+            - name: IRON_CONTROL_INITIAL_USER_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_INITIAL_USER_EMAIL" $prefix }}
+            - name: IRON_CONTROL_INITIAL_USER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_INITIAL_USER_PASSWORD" $prefix }}
+            - name: IRON_CONTROL_INITIAL_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_INITIAL_API_KEY" $prefix }}
+            - name: IRON_CONTROL_AR_ENCRYPTION_PRIMARY_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_AR_ENCRYPTION_PRIMARY_KEY" $prefix }}
+            - name: IRON_CONTROL_AR_ENCRYPTION_DETERMINISTIC_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_AR_ENCRYPTION_DETERMINISTIC_KEY" $prefix }}
+            - name: IRON_CONTROL_AR_ENCRYPTION_KEY_DERIVATION_SALT
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_AR_ENCRYPTION_KEY_DERIVATION_SALT" $prefix }}
+            - name: SECRET_KEY_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $secretEnv }}
+                  key: {{ printf "%sIRON_CONTROL_SECRET_KEY_BASE" $prefix }}
+            - name: RAILS_ENV
+              value: {{ .Values.ironControl.railsEnv | quote }}
+            - name: PORT
+              value: {{ .Values.ironControl.service.httpPort | quote }}
+            - name: RAILS_LOG_TO_STDOUT
+              value: "1"
+            - name: RAILS_SERVE_STATIC_FILES
+              value: "1"
+          ports:
+            - containerPort: {{ .Values.ironControl.service.httpPort }}
+              name: http
+          startupProbe:
+            httpGet:
+              path: /up
+              port: http
+            failureThreshold: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /up
+              port: http
+            failureThreshold: 6
+            periodSeconds: 10
+            timeoutSeconds: 5
+          livenessProbe:
+            httpGet:
+              path: /up
+              port: http
+            failureThreshold: 6
+            periodSeconds: 10
+            timeoutSeconds: 5
+          securityContext:
+{{ toYaml .Values.containerSecurityContext | nindent 12 }}
+            # No readOnlyRootFilesystem — Rails writes to tmp/ at runtime.
+            seccompProfile:
+              type: RuntimeDefault
+          resources:
+{{ toYaml .Values.ironControl.resources | nindent 12 }}
+{{- if .Values.networkPolicy.enabled }}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ include "centaur.ironControlName" . }}
+  labels:
+{{ include "centaur.componentLabels" (dict "root" . "component" "iron-control") | nindent 4 }}
+spec:
+  podSelector:
+    matchLabels:
+{{ include "centaur.componentSelectorLabels" (dict "root" . "component" "iron-control") | nindent 6 }}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    # The API is the natural control-plane caller. Widen this when a concrete
+    # client integrates. (kubectl port-forward works regardless — it arrives
+    # via the kubelet, not pod-to-pod.)
+    - from:
+        - podSelector:
+            matchLabels:
+{{ include "centaur.componentSelectorLabels" (dict "root" . "component" "api") | nindent 14 }}
+      ports:
+        - protocol: TCP
+          port: {{ .Values.ironControl.service.httpPort }}
+  egress:
+{{- if .Values.postgres.enabled }}
+    - to:
+        - podSelector:
+            matchLabels:
+{{ include "centaur.componentSelectorLabels" (dict "root" . "component" "postgres") | nindent 14 }}
+      ports:
+        - protocol: TCP
+          port: 5432
+{{- end }}
+    # Outbound HTTPS (external DB DSNs, IdPs, etc.).
+    - ports:
+        - protocol: TCP
+          port: 443
+{{- end }}
+{{- end }}