DSPX 2655 gemini simplified workflow

otdf-local/pyproject.toml

@@ -7,6 +7,7 @@ requires-python = ">=3.11"
 dependencies = [
     "httpx>=0.27.0",
     "pydantic-settings>=2.2.0",
+    "pyyaml>=6.0.3",
     "rich>=13.7.0",
     "ruamel.yaml>=0.18.0",
     "typer>=0.12.0",

otdf-local/src/otdf_local/ci.py

@@ -0,0 +1,223 @@
+"""CI-specific commands for otdf-local.
+
+These commands adapt the local environment management for GitHub Actions CI,
+where the platform is already started by an external action and we only need
+to start KAS instances as background processes.
+"""
+
+from __future__ import annotations
+
+import os
+import sys
+from pathlib import Path
+from typing import Annotated
+
+import typer
+
+from otdf_local.config.ports import Ports
+from otdf_local.config.settings import Settings
+from otdf_local.health.waits import WaitTimeoutError, wait_for_health
+from otdf_local.services import get_kas_manager
+from otdf_local.utils.console import (
+    print_error,
+    print_info,
+    print_success,
+    print_warning,
+)
+from otdf_local.utils.yaml import load_yaml, save_yaml, set_nested
+
+ci_app = typer.Typer(
+    name="ci",
+    help="CI-specific commands for GitHub Actions workflows.",
+    no_args_is_help=True,
+)
+
+
+def _emit_github_output(key: str, value: str) -> None:
+    """Write a key=value pair to $GITHUB_OUTPUT if available, else print to stdout."""
+    github_output = os.environ.get("GITHUB_OUTPUT")
+    if github_output:
+        with open(github_output, "a") as f:
+            f.write(f"{key}={value}\n")
+    else:
+        # Fallback for local testing
+        print(f"{key}={value}", file=sys.stdout)
+
+
+def _prepare_kas_template(
+    settings: Settings, root_key: str | None, ec_tdf_enabled: bool
+) -> None:
+    """Ensure the KAS template config has the right root key and EC TDF settings.
+
+    In CI, the platform config may have a root_key that differs from what
+    we want for additional KAS instances. This updates the platform config
+    in-place so that KASService._generate_config reads the correct root_key.
+    """
+    if root_key:
+        config = load_yaml(settings.platform_config)
+        set_nested(config, "services.kas.root_key", root_key)
+        if ec_tdf_enabled:
+            set_nested(config, "services.kas.preview.ec_tdf_enabled", True)
+        save_yaml(settings.platform_config, config)
+
+
+@ci_app.command("start-kas")
+def start_kas(
+    platform_dir: Annotated[
+        Path,
+        typer.Option(
+            "--platform-dir",
+            help="Path to the platform checkout (must contain opentdf-kas-mode.yaml)",
+            envvar="OTDF_LOCAL_PLATFORM_DIR",
+        ),
+    ],
+    root_key: Annotated[
+        str | None,
+        typer.Option(
+            "--root-key",
+            help="Root key for KAS instances (overrides platform config value)",
+            envvar="OT_ROOT_KEY",
+        ),
+    ] = None,
+    ec_tdf_enabled: Annotated[
+        bool,
+        typer.Option(
+            "--ec-tdf-enabled/--no-ec-tdf",
+            help="Enable EC TDF support",
+        ),
+    ] = True,
+    key_management: Annotated[
+        bool,
+        typer.Option(
+            "--key-management/--no-key-management",
+            help="Enable key management on km1/km2 instances",
+        ),
+    ] = False,
+    log_type: Annotated[
+        str,
+        typer.Option(
+            "--log-type",
+            help="Log format type (json, text)",
+        ),
+    ] = "json",
+    health_timeout: Annotated[
+        int,
+        typer.Option(
+            "--health-timeout",
+            help="Seconds to wait for each KAS instance to become healthy",
+        ),
+    ] = 60,
+    instances: Annotated[
+        str | None,
+        typer.Option(
+            "--instances",
+            help="Comma-separated KAS instance names (default: all)",
+        ),
+    ] = None,
+) -> None:
+    """Start KAS instances for CI and emit GitHub Actions outputs.
+
+    Expects the platform to already be running (started by start-up-with-containers).
+    Starts all 6 KAS instances (alpha, beta, gamma, delta, km1, km2) as background
+    processes, waits for each to pass health checks, and emits log file paths as
+    GitHub Actions step outputs.
+
+    Output keys (written to $GITHUB_OUTPUT):
+      kas-alpha-log-file, kas-beta-log-file, kas-gamma-log-file,
+      kas-delta-log-file, kas-km1-log-file, kas-km2-log-file
+    """
+    platform_dir = platform_dir.resolve()
+    if not platform_dir.is_dir():
+        print_error(f"Platform directory does not exist: {platform_dir}")
+        raise typer.Exit(1)
+
+    # Check for required template files
+    kas_template = platform_dir / "opentdf-kas-mode.yaml"
+    platform_config = platform_dir / "opentdf-dev.yaml"
+    if not kas_template.exists():
+        # Fall back to opentdf.yaml if opentdf-kas-mode.yaml doesn't exist
+        kas_template_alt = platform_dir / "opentdf.yaml"
+        if kas_template_alt.exists():
+            print_info(
+                f"Using {kas_template_alt} as KAS template (opentdf-kas-mode.yaml not found)"
+            )
+        else:
+            print_error(
+                f"Neither opentdf-kas-mode.yaml nor opentdf.yaml found in {platform_dir}"
+            )
+            raise typer.Exit(1)
+
+    if not platform_config.exists():
+        # Try opentdf.yaml as fallback
+        platform_config_alt = platform_dir / "opentdf.yaml"
+        if platform_config_alt.exists():
+            platform_config = platform_config_alt
+
+    # Build settings with CI-specific overrides
+    # We use a fresh xtest_root derived from this package's location
+    settings = Settings(
+        platform_dir=platform_dir,
+    )
+    settings.ensure_directories()
+
+    # Update root key in platform config if provided
+    if root_key:
+        _prepare_kas_template(settings, root_key, ec_tdf_enabled)
+
+    # Determine which instances to start
+    if instances:
+        kas_names = [n.strip() for n in instances.split(",")]
+        for name in kas_names:
+            if name not in Ports.all_kas_names():
+                print_error(f"Unknown KAS instance: {name}")
+                raise typer.Exit(1)
+    else:
+        kas_names = Ports.all_kas_names()
+
+    # Start KAS instances
+    print_info(f"Starting KAS instances: {', '.join(kas_names)}...")
+    kas_manager = get_kas_manager(settings)
+
+    failed = []
+    for name in kas_names:
+        kas = kas_manager.get(name)
+        if kas is None:
+            print_error(f"KAS instance {name} not found in manager")
+            failed.append(name)
+            continue
+        if not kas.start():
+            print_error(f"Failed to start KAS {name}")
+            failed.append(name)
+
+    if failed:
+        print_error(f"Failed to start: {', '.join(failed)}")
+        raise typer.Exit(1)
+
+    # Wait for health
+    print_info("Waiting for KAS health checks...")
+    unhealthy = []
+    for name in kas_names:
+        port = Ports.get_kas_port(name)
+        try:
+            wait_for_health(
+                f"http://localhost:{port}/healthz",
+                timeout=health_timeout,
+                service_name=f"KAS {name}",
+            )
+        except WaitTimeoutError as e:
+            print_warning(str(e))
+            unhealthy.append(name)
+
+    if unhealthy:
+        print_error(f"KAS instances failed health check: {', '.join(unhealthy)}")
+        raise typer.Exit(1)
+
+    print_success(f"All {len(kas_names)} KAS instances are healthy")
+
+    # Emit outputs
+    for name in kas_names:
+        log_path = settings.get_kas_log_path(name)
+        output_key = f"kas-{name}-log-file"
+        _emit_github_output(output_key, str(log_path))
+
+    print_success("CI KAS startup complete")

otdf-local/src/otdf_local/cli.py

@@ -11,6 +11,8 @@
 from rich.live import Live
 
 from otdf_local import __version__
+from otdf_local.ci import ci_app
+from otdf_local.suite.cli import suite_app
 from otdf_local.config.ports import Ports
 from otdf_local.config.settings import get_settings
 from otdf_local.health.waits import WaitTimeoutError, wait_for_health, wait_for_port
@@ -43,6 +45,9 @@
     pretty_exceptions_enable=sys.stderr.isatty(),
 )
 
+app.add_typer(ci_app, name="ci")
+app.add_typer(suite_app, name="suite")
+
 
 def _show_provision_error(result: ProvisionResult, target: str) -> None:
     """Display provisioning error with stderr details."""

otdf-local/src/otdf_local/config/settings.py

@@ -54,29 +54,76 @@
 def _find_platform_dir(xtest_root: Path) -> Path:
     """Find the platform directory by searching for a sibling of an ancestor.
 
-    Searches up the directory tree from xtest_root looking for a 'platform' directory
-    that has the expected shape (contains docker-compose.yaml and opentdf-dev.yaml).
+    Searches for a 'platform' directory in:
+    1. Ancestor siblings (for local development checkouts)
+    2. The otdf-sdk-mgr managed location (xtest/sdk/platform/src/main)
+    3. Last resort: attempts to checkout 'main' via otdf-sdk-mgr
 
     Raises:
         FileNotFoundError: If platform directory is not found with expected shape.
     """
-    # Start from xtest_root and walk up
+    # 1. Search for sibling 'platform' checkouts
     current = xtest_root
     while current != current.parent:
         # Check siblings at this level
         platform_candidate = current.parent / "platform"
         if platform_candidate.exists() and platform_candidate.is_dir():
             # Verify it has the expected shape
             has_compose = (platform_candidate / "docker-compose.yaml").exists()
-            has_config = (platform_candidate / "opentdf-dev.yaml").exists()
+            has_config = (platform_candidate / "opentdf-dev.yaml").exists() or (
+                platform_candidate / "opentdf.yaml"
+            ).exists()
             if has_compose and has_config:
                 return platform_candidate
         current = current.parent
 
+    # 2. Search in otdf-sdk-mgr managed location
+    managed_main = xtest_root / "sdk" / "platform" / "src" / "main"
+    if managed_main.exists() and managed_main.is_dir():
+        if (managed_main / "docker-compose.yaml").exists() and (
+            (managed_main / "opentdf-dev.yaml").exists()
+            or (managed_main / "opentdf.yaml").exists()
+        ):
+            return managed_main
+
+    # 3. Last resort: checkout 'main' via otdf-sdk-mgr
+    sdk_mgr_dir = xtest_root.parent / "otdf-sdk-mgr"
+    if sdk_mgr_dir.exists():
+        import subprocess
+
+        try:
+            # We use plain print to avoid circular imports or dependency on rich here
+            print(
+                "Platform not found. Attempting to checkout 'main' via otdf-sdk-mgr..."
+            )
+            subprocess.check_call(
+                [
+                    "uv",
+                    "run",
+                    "--project",
+                    str(sdk_mgr_dir),
+                    "otdf-sdk-mgr",
+                    "checkout",
+                    "platform",
+                    "main",
+                ],
+                cwd=sdk_mgr_dir,
+                stdout=subprocess.DEVNULL,
+                stderr=subprocess.DEVNULL,
+            )
+            if managed_main.exists() and managed_main.is_dir():
+                if (managed_main / "docker-compose.yaml").exists() and (
+                    managed_main / "opentdf-dev.yaml"
+                ).exists():
+                    return managed_main
+        except Exception:
+            # Fall through to FileNotFoundError
+            pass
+
     # If we get here, we didn't find it
     raise FileNotFoundError(
         f"Could not find platform directory with expected shape "
-        f"(docker-compose.yaml and opentdf-dev.yaml) searching from {xtest_root}"
+        f"(docker-compose.yaml and opentdf.yaml or opentdf-dev.yaml) searching from {xtest_root}"
     )
 
 
@@ -91,9 +138,18 @@
 
     # Directory paths - computed from xtest_root
     xtest_root: Path = Field(default_factory=_find_xtest_root)
-    platform_dir: Path = Field(
-        default_factory=lambda: _find_platform_dir(_find_xtest_root())
-    )
+    _platform_dir: Path | None = None
+
+    @property
+    def platform_dir(self) -> Path:
+        """Platform directory path."""
+        if self._platform_dir:
+            return self._platform_dir
+        return _find_platform_dir(self.xtest_root)
+
+    @platform_dir.setter
+    def platform_dir(self, value: Path) -> None:
+        self._platform_dir = value
 
     @property
     def logs_dir(self) -> Path:
@@ -113,12 +169,12 @@
     @property
     def platform_config(self) -> Path:
         """Platform config file path."""
-        return self.platform_dir / "opentdf-dev.yaml"
+        return self.platform_dir / "opentdf.yaml"
 
     @property
     def platform_template_config(self) -> Path:
         """Platform config template path."""
-        return self.platform_dir / "opentdf.yaml"
+        return self.platform_dir / "opentdf-dev.yaml"
 
     @property
     def kas_template_config(self) -> Path:

otdf-local/src/otdf_local/process/logs.py

@@ -61,6 +61,16 @@ def read_new(self) -> list[LogEntry]:
             self._position = f.tell()
         return entries
 
+    def seek_to_end(self) -> None:
+        """Move the read position to the end of the file."""
+        if not self.log_file.exists():
+            self._position = 0
+            return
+
+        with open(self.log_file) as f:
+            f.seek(0, 2)  # Seek to end
+            self._position = f.tell()
+
     def follow(self, poll_interval: float = 0.5) -> Iterator[LogEntry]:
         """Continuously yield new log entries."""
         while True:
@@ -182,6 +192,12 @@ def read_tail(
             key=lambda e: (e.timestamp is None, e.timestamp or datetime.max),
         )
 
+    def seek_to_end(self, services: list[str] | None = None) -> None:
+        """Seek all (or specified) readers to the end of their files."""
+        readers = self._get_readers(services)
+        for reader in readers:
+            reader.seek_to_end()
+
     def follow(
         self,
         services: list[str] | None = None,