feat: replace profiles with kubernetes-style secrets

Replace the confused Profile abstraction with a dedicated Secret resource following Kubernetes conventions. Servers now have env entries with inline values or secretRef references. Env vars are resolved and passed to containers at startup (fixes existing gap). - Add Secret CRUD (model, repo, service, routes, CLI commands) - Server env: {name, value} or {name, valueFrom: {secretRef: {name, key}}} - Add env-resolver utility shared by instance startup and config generation - Remove all profile-related code (models, services, routes, CLI, tests) - Update backup/restore for secrets instead of profiles - describe secret masks values by default, --show-values to reveal Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 18:40:58 +00:00
parent ede9e10990
commit 6d9a9f572c
77 changed files with 1014 additions and 1931 deletions
--- a/src/db/prisma/schema.prisma
+++ b/src/db/prisma/schema.prisma
@@ -61,12 +61,11 @@ model McpServer {
  command       Json?
  containerPort Int?
  replicas      Int             @default(1)
-  envTemplate   Json            @default("[]")
+  env           Json            @default("[]")
  version       Int             @default(1)
  createdAt     DateTime        @default(now())
  updatedAt     DateTime        @updatedAt

-  profiles  McpProfile[]
  instances McpInstance[]

  @@index([name])
@@ -78,23 +77,17 @@ enum Transport {
  STREAMABLE_HTTP
 }

-// ── MCP Profiles ──
+// ── Secrets ──

-model McpProfile {
-  id          String   @id @default(cuid())
-  name        String
-  serverId    String
-  permissions Json     @default("[]")
-  envOverrides Json    @default("{}")
-  version     Int      @default(1)
-  createdAt   DateTime @default(now())
-  updatedAt   DateTime @updatedAt
+model Secret {
+  id        String   @id @default(cuid())
+  name      String   @unique
+  data      Json     @default("{}")
+  version   Int      @default(1)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt

-  server   McpServer            @relation(fields: [serverId], references: [id], onDelete: Cascade)
-  projects ProjectMcpProfile[]
-
-  @@unique([name, serverId])
-  @@index([serverId])
+  @@index([name])
 }

 // ── Projects ──
@@ -109,27 +102,11 @@ model Project {
  updatedAt   DateTime @updatedAt

  owner    User                 @relation(fields: [ownerId], references: [id], onDelete: Cascade)
-  profiles ProjectMcpProfile[]

  @@index([name])
  @@index([ownerId])
 }

-// ── Project <-> Profile join table ──
-
-model ProjectMcpProfile {
-  id        String @id @default(cuid())
-  projectId String
-  profileId String
-
-  project Project    @relation(fields: [projectId], references: [id], onDelete: Cascade)
-  profile McpProfile @relation(fields: [profileId], references: [id], onDelete: Cascade)
-
-  @@unique([projectId, profileId])
-  @@index([projectId])
-  @@index([profileId])
-}
-
 // ── MCP Instances (running containers) ──

 model McpInstance {