greentic-setup 0.5.1

End-to-end bundle setup engine for the Greentic platform — pack discovery, QA-driven configuration, secrets persistence, and bundle lifecycle management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327

# greentic-setup

`greentic-setup` helps you take a Greentic bundle from "I have some packs" to
"this bundle is configured and ready to run".

This repository is for people who want a clear, practical setup tool:

- programmers who are new to Greentic
- product builders who are comfortable editing JSON but do not want to learn
  every internal runtime detail first
- team members who need to understand what setup changes are being made to a
  bundle

If you are a coding agent or are working with one, read
[Coding Agents Guide](docs/coding-agents.md) before changing code or debugging
cross-repo workflows.

## What This Project Does

`greentic-setup` is responsible for bundle setup.

In simple terms, that means it can:

- read a bundle and discover the packs inside it
- ask setup questions, either interactively or from an answers file
- persist provider configuration and secrets
- write tenant and team access rules
- prepare the local bundle state that the runtime expects

It is not the runtime itself, and it is not the bundle authoring tool.

## The Big Picture

If you are new to the Greentic toolchain, this is the easiest way to think
about it:

1. `greentic-pack` builds individual `.gtpack` files.
2. `greentic-bundle` or `gtc wizard apply` creates a bundle workspace and
   records which app packs and provider packs belong in it.
3. `greentic-setup` configures that bundle for a tenant, team, and environment.
4. `greentic-start` runs the configured bundle.
5. `gtc` is the main user-facing command that can call the other tools for you.

You usually use `gtc`.

You come to this repository when:

- setup is behaving strangely
- the wrong secrets or answers are being written
- tenant or team scoping looks wrong
- a bundle config step succeeds or fails unexpectedly

## Who Should Read What

Start with this `README.md` if you want:

- a plain-language explanation of the repo
- a short path to common commands
- a clear mental model of what setup owns

Read [docs/admin-api.md](docs/admin-api.md) if you want:

- the mTLS admin contract
- runtime-facing request and response shapes

Read [docs/extension-pack-ingress-http.md](docs/extension-pack-ingress-http.md)
if you want:

- details about `public_base_url`
- how HTTP ingress expectations flow from packs into runtime setup

Read [docs/coding-agents.md](docs/coding-agents.md) if you are:

- modifying code in this repo
- debugging workflows that span `gtc`, `greentic-bundle`, `greentic-pack`,
  `greentic-start`, `greentic-dev`, or the runner

## What A Bundle Looks Like

Modern Greentic bundle workspaces use `bundle.yaml` at the root.

You will commonly see directories such as:

- `bundle.yaml`: the authored bundle definition
- `bundle.lock.json`: normalized lock metadata
- `packs/`: app packs that live directly in the bundle
- `providers/`: extension or provider packs
- `tenants/`: tenant and team access rules
- `state/config/`: setup answers and persisted config artifacts
- `state/resolved/`: generated runtime-ready manifests
- `resolved/`: copied resolved manifests used by start flows

You do not need to memorize all of this to use the tool. It helps mostly when
you are debugging.

## What Setup Owns

`greentic-setup` owns things like:

- loading answers from JSON or YAML
- prompting for missing setup values
- honoring `--tenant`, `--team`, and `--env`
- writing setup answers and provider config
- persisting dev secrets in the local bundle state
- writing gmap tenant and team access rules
- preparing local resolved outputs that runtime startup expects

`greentic-setup` does not own every step in the full developer workflow.

For example:

- building `.gtpack` files belongs to `greentic-pack`
- materializing bundle composition from authored app-pack references belongs to
  `greentic-bundle`
- starting and running the bundle belongs to `greentic-start`
- top-level orchestration for users usually belongs to `gtc`

That separation matters when you are debugging. A setup symptom is not always a
setup bug.

## Common Human Workflows

### 1. Check the CLI

```bash
greentic-setup --help
greentic-setup bundle --help
```

### 2. Configure an Existing Bundle Interactively

```bash
greentic-setup ./my-bundle
```

This is the simplest mode.

It will:

- inspect the bundle
- ask setup questions
- show a plan
- apply the setup

### 3. Preview Setup Without Changing Anything

```bash
greentic-setup --dry-run ./my-bundle
```

Use this when you want to see what would happen before writing files.

### 4. Generate an Answers Template

```bash
greentic-setup --dry-run --emit-answers answers.json ./my-bundle
```

This is useful when:

- you want a repeatable setup process
- you want to review the expected fields with another teammate
- you want to check the exact provider questions without running setup yet

### 5. Apply a Saved Answers File

```bash
greentic-setup --answers answers.json ./my-bundle
```

This is the most common non-interactive path.

### 6. Run Advanced Bundle Commands

```bash
greentic-setup bundle init ./my-bundle --name "My Bundle"
greentic-setup bundle add ./some-pack.gtpack --bundle ./my-bundle
greentic-setup bundle status --bundle ./my-bundle
greentic-setup bundle setup --bundle ./my-bundle --answers answers.json
greentic-setup bundle update --bundle ./my-bundle --answers answers.json
greentic-setup bundle remove messaging-telegram --bundle ./my-bundle --force
```

These commands are more explicit and are useful for scripting or debugging.

## A Simple Answers File

This is a small example, not a complete one:

```json
{
  "tenant": "demo",
  "team": "default",
  "env": "dev",
  "platform_setup": {
    "static_routes": {
      "public_web_enabled": true,
      "public_base_url": "http://127.0.0.1:8080",
      "public_surface_policy": "enabled",
      "default_route_prefix_policy": "pack_declared",
      "tenant_path_policy": "pack_declared"
    }
  },
  "setup_answers": {
    "messaging-webchat-gui": {
      "public_base_url": "http://127.0.0.1:8080"
    }
  }
}
```

You do not need every field for every bundle.

The actual questions depend on the packs inside the bundle.

## A Friendly Mental Model For Tenants

If you are not used to tenant-aware systems, here is the simplest way to think
about it:

- a tenant is the main customer or logical workspace
- a team is a smaller group inside that tenant
- setup answers and secrets may be written with tenant and team scope

If you pass:

```bash
greentic-setup --tenant demo --team default ./my-bundle
```

then you should expect setup output and persisted state to reflect:

- `tenant=demo`
- `team=default`

If the CLI header says one tenant but the persisted secrets land under another,
that is a real bug worth investigating.

## When Something Looks Wrong

Here are a few simple checks that help a lot:

### Check the bundle metadata

```bash
sed -n '1,200p' bundle.yaml
jq . bundle.lock.json
```

### Check resolved setup state

```bash
find state/config -maxdepth 3 -type f | sort
find state/resolved -maxdepth 3 -type f | sort
```

### Check the dev secrets store

```bash
sed -n '1,80p' .greentic/dev/.dev.secrets.env
```

### Check tenant and team rules

```bash
find tenants -maxdepth 4 -type f | sort
```

## Troubleshooting Questions

### "Why did setup ask me for values I thought were already in the bundle?"

Usually because:

- the bundle contains packs with setup questions but no saved answers yet
- the answers file is missing some fields
- the existing state is for a different tenant, team, or environment

### "Why does a runtime problem sometimes turn out not to be a setup bug?"

Because setup is only one phase.

The full path often looks like this:

1. author or build a pack
2. assemble a bundle
3. configure the bundle
4. start the runtime

If the wrong app pack is missing from `packs/`, that may be a bundle
materialization problem, not a setup persistence problem.

### "Should I use `gtc` or `greentic-setup` directly?"

Use `gtc` for normal day-to-day work.

Use `greentic-setup` directly when:

- you are debugging setup behavior itself
- you want to isolate a bug away from higher-level orchestration
- you are writing or fixing tests in this repository

## For Coding Agents

If you are making code changes here, do not rely on this `README.md` alone.

Read [docs/coding-agents.md](docs/coding-agents.md) first. It explains:

- which tool owns which phase
- how the runner relates to `gtc`, `greentic-dev`, `greentic-pack`,
  `greentic-bundle`, and `greentic-start`
- which bugs belong in this repo and which belong elsewhere
- how to run useful local checks without confusing setup with runtime

## Current Documentation Set

The current maintained documents in this repo are:

- `README.md`
- `docs/coding-agents.md`
- `docs/admin-api.md`
- `docs/extension-pack-ingress-http.md`
- `docs/adaptive-cards.md`
- `docs/mtls-setup.md`

Older demo walkthroughs and stale checklist docs were removed so the repo has a
smaller, more trustworthy surface.