Readme fix#78
Conversation
- Add Kafka capture config and sandbox stub REST handlers with tests - Add kafkastub manager and transport for daemon-side Redpanda simulation - Add daemon Kafka orchestration and agent client integration - Add Redpanda e2e integration test and demo setup/reset scripts - Add customer logo images and LogoMarquee to landing page - Move original product demo to /product route; update scripted demo colors - Fix tickerMockStore to implement new Kafka store methods Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove unused wrapper functions (attachKafkaStubs, kafkaBrokerConfigForRequest, captureStatusToLocal/State) - Fix unchecked error returns on deferred Close calls throughout daemon, kafkastub, and integration tests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Rename all directories: fluid-cli→deer-cli, fluid-daemon→deer-daemon - Update all Go module paths to github.com/aspectrr/deer.sh - Fix proto go_package: fluid.sh/proto/gen/go/fluid/v1;fluidv1 → deer.sh/proto/gen/go/deer/v1;deerv1 - Regenerate all .pb.go files with buf generate (source paths now deer/v1/...) - Integrate Kafka/Redpanda demo from feature/local-kafka-demo branch: - demo/ directory: docker-compose, Logstash pipeline, Kibana setup, weather-producer, prepare-source - scripts/demo/start.sh and stop.sh with all fluid→deer replacements - Root Makefile with demo-start/stop/reset targets - Replace all fluid-demo→deer-demo, fluid-daemon→deer-daemon references in demo scripts - Update CI job names and working-directory paths throughout Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Change default model from claude-opus-4.6 to z-ai/glm-4.7 - Update context window from 1000000 to 203000 tokens - Change compact model to z-ai/glm-4.5-air:free - Update system prompt to position Deer as ELK-stack Consultant 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
- Rename "Fluid" to "Deer" throughout the codebase - Add comprehensive ELK-stack demo with weather pipeline - Implement chat logging and history tracking - Add macOS-native sandbox scripts and improvements - Update demo scripts and Logstash pipeline configurations - Add Redpanda caching and setup scripts - Update proto definitions with simple_kafka_broker support - Improve TUI and agent interactions - Add multiple data validation and transformation filters 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
- Update macOS native demo script - Regenerate route tree after changes 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
Fixes linter errors where defer Close() calls weren't checking return values. 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
…rand Bug fixes: - Fix missing SimpleKafkaBroker field in CreateSandboxStream (remote.go) - Fix unbounded blocking on network approval channel with context cancellation (agent.go) - Fix SourceVM field missing from error done message (agent.go) - Fix orchestrator panic on short sandbox IDs (orchestrator.go) - Fix unary CreateSandbox ignoring snapshot mode (daemon server.go) - Fix redaction highlight regex diverged from builtin patterns (redaction.go) - Fix keypress leaking between add/detail inputs in allowlist (allowlist.go) - Fix missing validation on kafka config update (kafka_handlers.go) - Fix sandbox ID validation in readiness server (readiness.go) - Fix product.tsx setTimeout not cleaned up on unmount Architecture fixes: - Fix TOCTOU race in gRPC SendAndWait - load stream inside mutex (stream.go) - Fix goroutine leak in kafkastub manager on rapid config updates (manager.go) - Fix time.Sleep not respecting context cancellation in IP discovery (ip.go) - Fix vmHostCache unbounded growth - clear before refresh (helpers.go) - Fix kafka hooks using context.Background() with no timeout (daemon/kafka.go, agent/kafka.go) - Fix chatlog logger swallowing errors + expensive fsync on every write (logger.go) Tests added: - chatlog/logger_test.go: 12 tests covering all methods + concurrent writes - kafka_handlers_test.go: 10 tests for GET/UPDATE/DELETE kafka configs Complete fluid→deer rebrand across all modules: - cloudinit.go: ~80 in-VM references (systemd units, scripts, paths, logs) - sourcevm/manager.go, helpers.go: fluid-readonly → deer-readonly SSH user - readonly/prepare.go, shell.go: fluid-readonly user/shell creation - sshkeys/manager.go: fluid-readonly principal - agent/client.go: temp dir name - config/config.go: variable rename fluidDir → deerDir - snapshotpull/: snapshot naming prefix - kafkastub/transport: group ID prefix - provider/lxc/: user creation and shell commands - Web docs: install commands, APT keys, bridge names, CA paths - SECURITY.md, AGENTS.md, RELEASING.md: all references updated 💘 Generated with Crush Assisted-by: GLM-5.1 via Crush <crush@charm.land>
Replace hero image with updated version and fix demo video URL. 💘 Generated with Crush Assisted-by: GLM-5.1 via Crush <crush@charm.land>
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 28773915 | Triggered | Generic High Entropy Secret | b7a4332 | fluid-cli/internal/tui/redaction.go | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR appears to be a broad rebrand/migration from fluid → deer across the CLI, daemon integration, and API, and also introduces new “skills” loading plus additional sandbox/source-host capabilities.
Changes:
- Rename modules/import paths, CLI binary names, docs, telemetry endpoints, and various strings from
fluidtodeer. - Add skills discovery/loading (embedded defaults + user config dir) and expose it via MCP tools (
list_skills,load_skill). - Add new sandbox/API surface (Kafka/ES stubs flags, doctor + host key scan plumbing, Kafka capture/stub store types, and new REST routes).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| deer-cli/internal/tui/confirm.go | Changes confirm styling/colors, updates readonly user name text, and adds a new source access approval TUI model and related message types. |
| deer-cli/internal/tui/ascii.go | Adds ASCII logo helpers and boxed text helper for the TUI. |
| deer-cli/internal/telemetry/telemetry_test.go | Updates config import path to deer module path. |
| deer-cli/internal/telemetry/telemetry.go | Updates telemetry docs/paths, imports, build-time ldflags string, and PostHog endpoint domain. |
| deer-cli/internal/store/sqlite/sqlite_test.go | Updates store import path and temp dir naming. |
| deer-cli/internal/store/sqlite/sqlite.go | Updates imports and documentation path from fluid to deer. |
| deer-cli/internal/source/service_test.go | Updates config import path to deer. |
| deer-cli/internal/source/service.go | Adds Provider interface, updates messaging/usernames, enhances readonly error message, and adds RunCommandElevated. |
| deer-cli/internal/source/prepare.go | Updates imports to deer module path. |
| deer-cli/internal/skill/skill.go | Adds skill parsing (simple frontmatter parsing) for SKILL.md. |
| deer-cli/internal/skill/lock.go | Adds skills lock file read/write helpers under config dir. |
| deer-cli/internal/skill/loader.go | Adds skill discovery from embedded defaults and filesystem directories, plus helpers for catalog/get/list. |
| deer-cli/internal/skill/defaults/security-detection-rule-management/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/security-case-management/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/security-alert-triage/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/observability-service-health/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/observability-logs-search/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/observability-llm-obs/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/log-aggregation/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/kibana-dashboards/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/kibana-connectors/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/kibana-audit/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/kibana-alerting-rules/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/kafka/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/find-skills/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/elasticsearch-file-ingest/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/elasticsearch-esql/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/elasticsearch-authz/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/elasticsearch-authn/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/skill/defaults/elasticsearch-audit/SKILL.md | Adds embedded default skill content. |
| deer-cli/internal/sandbox/types.go | Extends sandbox request/host info types (stubs flags, doctor results, host key info, source hosts list). |
| deer-cli/internal/sandbox/service.go | Extends sandbox service interface (stream create, doctor checks, host key scan). |
| deer-cli/internal/sandbox/noop.go | Implements newly added sandbox service methods in noop service and updates docs URL. |
| deer-cli/internal/redact/patterns.go | Updates daemon parallel path comment from fluid-daemon to deer-daemon. |
| deer-cli/internal/readonly/validate_test.go | Adds curl read/write tests and a new SubcommandRestrictions test. |
| deer-cli/internal/readonly/validate.go | Switches shared import path and adds SubcommandRestrictions wrapper returning sorted keys. |
| deer-cli/internal/readonly/shell_test.go | Updates temp file prefix and expands curl-related bypass/allow tests. |
| deer-cli/internal/readonly/shell.go | Renames restricted shell script strings and refines curl blocking patterns. |
| deer-cli/internal/paths/paths_test.go | Updates expected XDG/default directory names and migration expectations. |
| deer-cli/internal/paths/paths.go | Updates config/data directory names and docs from fluid to deer. |
| deer-cli/internal/paths/migrate.go | Updates migration logic/messages to use deer naming and paths. |
| deer-cli/internal/mcp/validate_test.go | Updates tests to use exported validation functions. |
| deer-cli/internal/mcp/validate.go | Exports validation helpers (ValidateShellArg, ValidateFilePath, CheckFileSize). |
| deer-cli/internal/mcp/server_test.go | Updates config import path. |
| deer-cli/internal/mcp/server.go | Adds skill loader integration, updates server naming, and registers new MCP tools. |
| deer-cli/internal/mcp/handlers_test.go | Updates config imports, adds mock service methods, renames shell escape API, and adjusts heredoc delimiter; comments out a VM test. |
| deer-cli/internal/mcp/handlers.go | Exports ShellEscape, adds sandbox stub flags wiring, adjusts list_vms output, uses exported validation helpers, switches heredoc delimiter, and adds skills MCP handlers. |
| deer-cli/internal/llm/tools_test.go | Updates expected tool lists to include tasks + skills + source access request. |
| deer-cli/internal/llm/openrouter.go | Increases HTTP client timeout and updates config import path. |
| deer-cli/internal/hostexec/hostexec.go | Renames readonly SSH user, adds SSH keepalive options, updates log tag strings. |
| deer-cli/internal/error/responderror.go | Updates internal json import path to deer. |
| deer-cli/internal/doctor/doctor_test.go | Renames daemon service/binary and paths from fluid to deer. |
| deer-cli/internal/doctor/doctor.go | Updates hostexec import path to deer. |
| deer-cli/internal/doctor/checks.go | Renames checks for deer-daemon, updates fix commands, and adjusts storage/config paths. |
| deer-cli/internal/config/config_test.go | Updates proxmox token examples and adds DaemonIdentityPubKey test coverage. |
| deer-cli/internal/chatlog/logger.go | Adds per-session JSONL chat logging utility under ~/.config/deer/chats/. |
| deer-cli/internal/ansible/playbook_test.go | Updates store import path to deer. |
| deer-cli/internal/ansible/playbook.go | Updates store import path to deer. |
| deer-cli/go.mod | Renames module path to github.com/aspectrr/deer.sh/deer-cli and updates dependencies/replaces. |
| deer-cli/cmd/deer/main_test.go | Updates config import path to deer. |
| deer-cli/Makefile | Renames CLI binary/path and updates ldflags injection path. |
| deer-cli/AGENTS.md | Updates product naming and adds a “communication style” section. |
| api/internal/telemetry/telemetry.go | Updates default PostHog endpoint domain. |
| api/internal/store/store.go | Adds Kafka capture/stub store types and store interface methods. |
| api/internal/rest/testhelpers_test.go | Updates imports and proto alias, expands mock store and host sender for new store APIs. |
| api/internal/rest/source_host_handlers_test.go | Updates store import path to deer. |
| api/internal/rest/source_host_handlers.go | Updates imports to deer. |
| api/internal/rest/source_handlers.go | Updates imports to deer. |
| api/internal/rest/server.go | Adds REST routes for Kafka capture configs and sandbox Kafka stubs. |
| api/internal/rest/sandbox_handlers_test.go | Updates imports and proto alias. |
| api/internal/rest/sandbox_handlers.go | Updates imports to deer. |
| api/internal/rest/playbook_handlers_test.go | Updates store import path to deer. |
| api/internal/rest/playbook_handlers.go | Updates imports to deer. |
| api/internal/rest/org_handlers_test.go | Updates store import path to deer. |
| api/internal/rest/org_handlers.go | Updates imports to deer. |
| api/internal/rest/host_handlers_test.go | Updates store import path to deer. |
| api/internal/rest/host_handlers.go | Updates imports to deer. |
| api/internal/rest/docs_progress.go | Updates imports to deer. |
| api/internal/rest/billing_handlers_test.go | Updates store import path to deer. |
| api/internal/rest/billing_handlers.go | Updates imports to deer. |
| api/internal/rest/auth_handlers_test.go | Updates imports to deer. |
| api/internal/rest/auth_handlers.go | Updates imports to deer. |
| api/internal/rest/agent_handlers_test.go | Updates store import path to deer. |
| api/internal/rest/agent_handlers.go | Updates imports to deer. |
| api/internal/registry/registry_test.go | Updates proto alias/type usage to deer. |
| api/internal/registry/registry.go | Updates proto alias/type usage to deer. |
| api/internal/orchestrator/types.go | Adds data source attachment request types and extends sandbox create request with data source fields. |
| api/internal/orchestrator/placement.go | Updates registry import path to deer. |
| api/internal/grpc/stream.go | Renames proto types, adjusts stream handler implementation types, and tightens SendAndWait locking. |
| api/internal/grpc/server.go | Updates proto registration and imports to deer. |
| api/internal/error/responderror.go | Updates json import path to deer. |
| api/internal/config/config.go | Updates default PostHog endpoint domain. |
| api/internal/billing/ticker_test.go | Updates imports/proto alias and adds required store interface methods for compilation. |
| api/internal/billing/ticker.go | Updates imports and renames meter key from fluid_daemons to deer_daemons. |
| api/internal/billing/meters.go | Updates imports to deer. |
| api/internal/auth/testhelpers_test.go | Adds required store interface methods for compilation with new Kafka store APIs. |
| api/internal/auth/session_test.go | Updates expected cookie name to deer_session. |
| api/internal/auth/session.go | Updates store import path and cookie name. |
| api/internal/auth/oauth.go | Updates OAuth state cookie name. |
| api/internal/auth/middleware_test.go | Updates store import path. |
| api/internal/auth/middleware.go | Updates imports to deer. |
| api/internal/auth/hostauth_test.go | Updates store import path. |
| api/internal/auth/hostauth.go | Updates store import path. |
| api/go.mod | Renames module path to github.com/aspectrr/deer.sh/api and updates dependency + replace. |
| api/docs/openapi.yaml | Updates server URL domain. |
| api/cmd/server/main.go | Updates imports and host annotation and renames startup log string to deer. |
| api/AGENTS.md | Updates product naming and adds a “communication style” section. |
| SECURITY.md | Updates product naming, paths, principals, and references from fluid to deer. |
| RELEASING.md | Updates go install module path/command. |
| CLAUDE.md | Updates top-level naming and project structure references. |
| AGENTS.md | Updates top-level naming and docker-compose command references. |
| .goreleaser.yaml | Renames project/build IDs, paths, package metadata, and release repo name. |
| .github/workflows/ci.yaml | Renames jobs/working dirs and build output paths for CLI/daemon and SDK path updates. |
| .gitattributes | Adds binary attribute for a CSV file to preserve BOM/CRLF. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
The PR title (“Readme fix”) and the PR template checkboxes are not aligned with the scope of changes (module rename, new features like skills loading, new API routes/types). Please update the PR title/description (and mark the appropriate checkboxes) to reflect the actual migration + feature additions; otherwise review/release notes/versioning may be incorrect.
There was a problem hiding this comment.
MaybeMigrate now looks for ~/.deer as the “legacy” directory, but the sentinel name still references .fluid and the intent of migration is unclear (historically this type of migration would be from ~/.fluid → XDG deer). This will likely prevent migrating real existing ~/.fluid installs and can also create a confusing migration sentinel. Consider: (1) keep oldDir as ~/.fluid and update messaging accordingly, or (2) if ~/.deer truly is the legacy location, rename sentinelName to match and update docs/comments to consistently describe what is being migrated.
There was a problem hiding this comment.
MaybeMigrate now looks for ~/.deer as the “legacy” directory, but the sentinel name still references .fluid and the intent of migration is unclear (historically this type of migration would be from ~/.fluid → XDG deer). This will likely prevent migrating real existing ~/.fluid installs and can also create a confusing migration sentinel. Consider: (1) keep oldDir as ~/.fluid and update messaging accordingly, or (2) if ~/.deer truly is the legacy location, rename sentinelName to match and update docs/comments to consistently describe what is being migrated.
There was a problem hiding this comment.
MaybeMigrate now looks for ~/.deer as the “legacy” directory, but the sentinel name still references .fluid and the intent of migration is unclear (historically this type of migration would be from ~/.fluid → XDG deer). This will likely prevent migrating real existing ~/.fluid installs and can also create a confusing migration sentinel. Consider: (1) keep oldDir as ~/.fluid and update messaging accordingly, or (2) if ~/.deer truly is the legacy location, rename sentinelName to match and update docs/comments to consistently describe what is being migrated.
There was a problem hiding this comment.
defaultSkills is an embedded fs.FS where paths are slash-separated regardless of OS. Using filepath.Join can introduce backslashes on Windows and break fs.ReadFile. Use path.Join (from the path package) when building embed/io/fs paths.
There was a problem hiding this comment.
RunCommandElevated claims to be an “elevated” execution path, but it still connects as deer-readonly (and will still be constrained by the server-side restricted shell for that user). That makes the “elevation” semantics misleading and may cause approved commands to still fail unexpectedly. Either (mandatory) rename/re-document this method and the UI copy to reflect “bypass client allowlist only”, or (if true elevation is intended) connect using a different principal/user that actually has expanded permissions and ensure that path is appropriately gated by approval.
There was a problem hiding this comment.
This test was commented out rather than updated/removed. That reduces coverage for handleListVMs output shape changes (especially important since the tool output fields were modified). Please either re-enable the test with updated expectations or delete it if it’s no longer relevant, and add/adjust assertions to cover the new contract.
| func TestHandleListVMs_Empty(t *testing.T) { | |
| srv := testServer() | |
| ctx := context.Background() | |
| result, err := srv.handleListVMs(ctx, newRequest("list_vms", nil)) | |
| require.NoError(t, err) | |
| m := parseJSON(t, result) | |
| assert.Equal(t, float64(0), m["count"]) | |
| require.Contains(t, m, "vms") | |
| vms, ok := m["vms"].([]any) | |
| require.True(t, ok, "expected vms to be a JSON array") | |
| assert.Len(t, vms, 0) | |
| } |
There was a problem hiding this comment.
Increasing the HTTP client timeout from 2 minutes to 10 minutes can cause long-hanging requests and tie up goroutines/resources under partial outages. Consider making this configurable (via config/env), and/or using per-request context.Context deadlines so callers can control cancellation behavior.
There was a problem hiding this comment.
The server URL was updated to api.deer.sh, but the API title still says “Fluid API”. To avoid confusing generated docs/clients, rename the title (and any other remaining “Fluid” references in the OpenAPI doc) to match the new branding.
| title: Deer API |
There was a problem hiding this comment.
This introduces a hard requirement on a specific “caveman skill” response style into developer documentation, which is unrelated to the CLI’s build/run/architecture guidance and may confuse contributors or automation. If this is intended for a specific assistant integration, consider moving it into a tool-specific doc (or a dedicated AI-assistant instructions file) rather than the general development guide, or scope it explicitly to the relevant tooling.
| If a specific assistant integration supports the caveman skill (`/caveman`), treat it as tool-specific and optional; it is not a general requirement for contributor or CLI documentation responses. |
Description
Type of Change
Checklist
Release Notes
Labels