feat: replace profiles with kubernetes-style secrets

Replace the confused Profile abstraction with a dedicated Secret resource following Kubernetes conventions. Servers now have env entries with inline values or secretRef references. Env vars are resolved and passed to containers at startup (fixes existing gap). - Add Secret CRUD (model, repo, service, routes, CLI commands) - Server env: {name, value} or {name, valueFrom: {secretRef: {name, key}}} - Add env-resolver utility shared by instance startup and config generation - Remove all profile-related code (models, services, routes, CLI, tests) - Update backup/restore for secrets instead of profiles - describe secret masks values by default, --show-values to reveal Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 18:40:58 +00:00
parent 02254f2aac
commit ca02340a4c
77 changed files with 1014 additions and 1931 deletions
--- a/src/mcpd/tests/mcp-server-flow.test.ts
+++ b/src/mcpd/tests/mcp-server-flow.test.ts
@@ -44,7 +44,7 @@ function createInMemoryServerRepo(): IMcpServerRepository {
        command: data.command ?? null,
        containerPort: data.containerPort ?? null,
        replicas: data.replicas ?? 1,
-        envTemplate: data.envTemplate ?? [],
+        env: data.env ?? [],
        version: 1,
        createdAt: new Date(),
        updatedAt: new Date(),
@@ -347,8 +347,8 @@ describe('MCP server full flow', () => {
          transport: 'STREAMABLE_HTTP',
          externalUrl: `http://localhost:${fakeMcpPort}`,
          containerPort: 3000,
-          envTemplate: [
-            { name: 'HOMEASSISTANT_TOKEN', description: 'HA token', isSecret: true },
+          env: [
+            { name: 'HOMEASSISTANT_TOKEN', value: 'placeholder' },
          ],
        },
      });
@@ -463,9 +463,9 @@ describe('MCP server full flow', () => {
          transport: 'STREAMABLE_HTTP',
          containerPort: 3000,
          command: ['python', '-c', 'print("hello")'],
-          envTemplate: [
-            { name: 'HOMEASSISTANT_URL', description: 'HA URL' },
-            { name: 'HOMEASSISTANT_TOKEN', description: 'HA token', isSecret: true },
+          env: [
+            { name: 'HOMEASSISTANT_URL', value: 'http://localhost:8123' },
+            { name: 'HOMEASSISTANT_TOKEN', valueFrom: { secretRef: { name: 'ha-secrets', key: 'token' } } },
          ],
        },
      });