Documentation
¶
Overview ¶
Package setup implements `kontext setup`: connecting a single Mac to a Kontext organization without MDM. It produces the same managed-observe pipeline as an enterprise package install — managed config, installation identity, agent hooks, LaunchAgent running the daemon — but at user scope (~/Library, ~/.claude, ~/.codex) with the install token in the login keychain.
Index ¶
Constants ¶
const ( DefaultCloudURL = "https://api.kontext.security" // KeychainItemName is the generic-password service name. It MUST stay in // lockstep with the managed.json token ref below: the daemon reads the // token with `security find-generic-password -s <name> -w`. KeychainItemName = "kontext-install-token" )
const LaunchAgentLabel = managedobserve.DefaultLaunchdLabel
LaunchAgentLabel matches the enterprise LaunchAgent so the hook-side kickstart (managedobserve.Lifecycle) works identically for both install kinds. The refusal gate in Run keeps the two from coexisting on one Mac.
Variables ¶
This section is empty.
Functions ¶
func Run ¶
Run connects this Mac to the org owning the install token. Steps are ordered so every irreversible action happens after the token is proven valid, and re-running is always safe (token rotation restarts the agent).
func Uninstall ¶
Uninstall reverses Run in reverse order. Every step tolerates already-removed state so a partially-failed uninstall can simply be re-run.
Deliberately KEPT:
- installation.json — it holds only the random ins_* device identity; a later re-setup then reports the same endpoint to the dashboard instead of spawning a phantom second device.
- local data (guard.db, stream state) and logs — they are the user's records; locations are printed instead.
- the binary — brew owns it (`brew uninstall kontext`).