Module bootstrap 

RedDB CLI argument parser.

Schema-driven CLI with tokenizer, router, help generation, and shell completion. Self-contained – no external dependencies on config or storage layers. red bootstrap — headless first-admin bootstrap for containers.

Designed for K8s Jobs / CI pipelines that mount a tmpfs secret with the admin password and need a one-shot binary that:

1. Opens (or creates) the database file at --path.
2. Opens the encrypted vault (requires REDDB_CERTIFICATE or REDDB_VAULT_KEY — typically via the _FILE companion).
3. Calls AuthStore::bootstrap once.
4. Prints the freshly-issued certificate so the operator can capture it (it is the ONLY way to unseal the vault later).

Exits non-zero on any failure (already bootstrapped, missing vault key, file open error, …).

Structs

BootstrapArgs

Parsed args for red bootstrap. Constructed by the bin dispatcher from the CLI flag map; kept as a plain struct so the unit tests don’t have to drag in a tokenizer.

BootstrapOutcome

Outcome rendered by run on success.

Functions

render_success

Render the outcome to stdout, honouring the requested format. This is the only place the dispatcher prints success output.

run

Execute the bootstrap subcommand. Caller is responsible for process exit; we return Result so the dispatcher can format errors in the requested envelope (text vs JSON).