Problem
Installing or reinstalling a Temper app (e.g., katagami-commons, katagami-curation) requires manually executing 5+ distinct API calls in the correct order, with fragile tooling at each step. There is no temper install-app <path> command.
Current manual steps to install an app:
- Load specs —
POST /api/specs/load-inline with all .ioa.toml and .csdl.xml files serialized into a JSON payload
- Deploy WASM modules — Separate
POST /api/wasm/modules/{name} for each .wasm binary
- Upload skill files —
PUT /tdata/Files('{id}')/$value for each skill markdown file, then PATCH skill entities to fix empty Path fields
- Create Cedar policies —
POST /api/tenants/{tenant}/policies/create for each policy needed to unblock agent operations
- Approve pending decisions —
POST /api/tenants/{tenant}/decisions/{id}/approve for any authorization decisions that block during installation
Specific issues encountered repeatedly:
load-inline EOF parsing errors: Piping JSON payloads to curl via | causes "EOF while parsing a value at line 1 column 0". Workaround: write payload to a temp file and use curl -d @file.json. This has bitten us on every reinstall.- Cedar blocks spec loading: First
load-inline call gets AuthorizationDenied. You have to find the pending decision, figure out the approval scope format, and approve it before retrying.
- No idempotency: If a deployment breaks (e.g., symlinked os-apps not in Docker image), reinstalling means repeating the entire manual process from scratch.
- Skill file path bug: App-installed skill files sometimes have empty
Path fields, requiring manual PATCH to fix (tracked separately but compounds the install pain).
- WASM modules deployed separately from specs: Nothing ties a WASM module to the app that needs it. You just have to know which modules to deploy.
What would help:
A single CLI command or API endpoint that takes an app directory and:
- Reads all
.ioa.toml, .csdl.xml specs and loads them
- Finds and deploys all WASM modules referenced by integrations
- Uploads skill files and links them correctly
- Applies Cedar policies from a
policies/ directory
- Is idempotent — safe to re-run on an already-installed app
- Reports what was installed/updated
Something like:
temper app install ./os-apps/katagami-commons --tenant default
temper app install ./os-apps/katagami-curation --tenant default
Or an API equivalent:
POST /api/apps/install
{ "tenant": "default", "app_path": "katagami-commons", "specs": {...}, "wasm": {...}, "policies": {...} }
Context
This has been a recurring issue across multiple Railway deployments of OpenPaw with Katagami apps. Each redeployment or recovery requires 30+ minutes of manual API calls to reinstall apps that should be declaratively defined and trivially re-deployable.
Problem
Installing or reinstalling a Temper app (e.g., katagami-commons, katagami-curation) requires manually executing 5+ distinct API calls in the correct order, with fragile tooling at each step. There is no
temper install-app <path>command.Current manual steps to install an app:
POST /api/specs/load-inlinewith all.ioa.tomland.csdl.xmlfiles serialized into a JSON payloadPOST /api/wasm/modules/{name}for each.wasmbinaryPUT /tdata/Files('{id}')/$valuefor each skill markdown file, then PATCH skill entities to fix emptyPathfieldsPOST /api/tenants/{tenant}/policies/createfor each policy needed to unblock agent operationsPOST /api/tenants/{tenant}/decisions/{id}/approvefor any authorization decisions that block during installationSpecific issues encountered repeatedly:
load-inlineEOF parsing errors: Piping JSON payloads to curl via|causes"EOF while parsing a value at line 1 column 0". Workaround: write payload to a temp file and usecurl -d @file.json. This has bitten us on every reinstall.load-inlinecall getsAuthorizationDenied. You have to find the pending decision, figure out the approval scope format, and approve it before retrying.Pathfields, requiring manual PATCH to fix (tracked separately but compounds the install pain).What would help:
A single CLI command or API endpoint that takes an app directory and:
.ioa.toml,.csdl.xmlspecs and loads thempolicies/directorySomething like:
Or an API equivalent:
Context
This has been a recurring issue across multiple Railway deployments of OpenPaw with Katagami apps. Each redeployment or recovery requires 30+ minutes of manual API calls to reinstall apps that should be declaratively defined and trivially re-deployable.