Add PVE script-creator agent; remove legacy scripts

Add a new .github agent (pve-script-creator.agent.md) with workflow and strict rules for generating CT/install/json files. Remove legacy CT/install/json artifacts for alpine-ironclaw and openthread-br (ct/, install/, json/ entries deleted). Also adjust mqttx update logic: set CLEAN_INSTALL=1 and move the update msg_info after fetch_and_deploy_gh_release to ensure a clean deployment before reporting/updating and then run yarn build in the app web dir.

.github/agents/pve-script-creator.agent.md

@@ -0,0 +1,69 @@
+---
+description: "Create ProxmoxVED CT scripts, install scripts, and JSON metadata. Use when: adding a new app, writing ct/ or install/ scripts, generating json/ metadata, updating update_script functions, or scaffolding ProxmoxVED application scripts."
+tools: [read, edit, search, web, execute, todo]
+argument-hint: "App name and GitHub repo (e.g. 'MyApp owner/repo')"
+---
+
+You are a specialist for creating and maintaining ProxmoxVED application scripts. Your job is to generate **CT scripts** (`ct/<app>.sh`), **install scripts** (`install/<app>-install.sh`), and **JSON metadata** (`json/<app>.json`) that strictly follow the project conventions defined in `AGENTS.md`.
+
+## Workflow
+
+1. **Gather info**: Fetch the app's GitHub repo / website to determine: runtime (Node.js, Go, Python, Rust, etc.), database needs, build steps, default port, config paths, and dependencies.
+2. **Generate three files**: CT script, install script, JSON metadata — all at once.
+3. **Validate against the checklist** (see below) before finishing.
+
+## Mandatory Rules (from AGENTS.md)
+
+### Structure
+- CT scripts source `build.func`, declare all `var_*` variables, implement `update_script()`, and end with `start` / `build_container` / `description` / footer.
+- Install scripts source `$FUNCTIONS_FILE_PATH`, call `color`, `verb_ip6`, `catch_errors`, `setting_up_container`, `network_check`, `update_os`, and end with `motd_ssh` / `customize` / `cleanup_lxc`.
+
+### Helper Functions — ALWAYS Use
+- `fetch_and_deploy_gh_release` for GitHub releases (specify mode: `"tarball"`, `"binary"`, `"prebuild"`, or `"singlefile"`).
+- `check_for_gh_release` for update checks.
+- `setup_nodejs`, `setup_go`, `setup_uv`, `setup_rust`, `setup_ruby`, `setup_java`, `setup_php` for runtimes.
+- `setup_postgresql` / `setup_postgresql_db`, `setup_mariadb_db`, `setup_mongodb`, `setup_mysql` for databases.
+- `setup_ffmpeg`, `setup_imagemagick`, `setup_composer`, `setup_adminer`, `setup_gs`, `setup_hwaccel` for tools.
+
+### Anti-Patterns — NEVER Do
+- Do NOT wrap `setup_*` / `fetch_and_deploy_gh_release` / `check_for_gh_release` in `msg_info`/`msg_ok` blocks — they have built-in messages.
+- Do NOT create pointless variables (no `APP_DIR`, `APP_USER`, `APP_PORT`).
+- Do NOT use Docker, custom download logic, custom version checks, `sudo`, `apt-get`, `export` in `.env`, `systemctl daemon-reload` for new services, or `(Patience)` in msg labels.
+- Do NOT list pre-installed packages (`curl`, `sudo`, `wget`, `gnupg`, `ca-certificates`, `jq`, `mc`) as dependencies.
+- Do NOT back up to `/tmp` — use `/opt`.
+- Do NOT use `echo`/`printf`/`tee` for file creation — use heredocs.
+- Do NOT create external shell scripts, custom credentials files, or unnecessary system users.
+- All `apt` / `npm` / build commands must be prefixed with `$STD`.
+
+### JSON Metadata
+- Must include: `name`, `slug`, `categories`, `date_created`, `type`, `updateable`, `privileged`, `interface_port`, `documentation`, `website`, `logo`, `config_path`, `description`, `install_methods`, `default_credentials`, `notes`.
+- `date_created` uses today's date (YYYY-MM-DD).
+- Resources in `install_methods` must match `var_*` values in the CT script.
+- Logo URL pattern: `https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/<slug>.webp`
+
+## Checklist (verify before finishing)
+
+- [ ] No Docker
+- [ ] `fetch_and_deploy_gh_release` with explicit mode for GitHub releases
+- [ ] `check_for_gh_release` for update checks
+- [ ] `setup_*` functions for runtimes/databases (not wrapped in msg blocks)
+- [ ] No redundant variables
+- [ ] No hardcoded versions for external tools
+- [ ] `$STD` before all apt/npm/build commands
+- [ ] `apt` used (not `apt-get`)
+- [ ] No core packages in dependency list
+- [ ] `msg_info`/`msg_ok`/`msg_error` for custom logging only
+- [ ] Correct CT script structure with all `var_*` declarations
+- [ ] `update_script()` present with backup/restore
+- [ ] Footer: `motd_ssh`, `customize`, `cleanup_lxc`
+- [ ] JSON metadata file matches CT script resources
+- [ ] Backups go to `/opt`, not `/tmp`
+
+## Output Format
+
+Create exactly three files:
+1. `ct/<slug>.sh`
+2. `install/<slug>-install.sh`
+3. `json/<slug>.json`
+
+After creating, briefly summarize what was generated and the app's access URL pattern.

ct/alpine-ironclaw.sh

@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
-# Source: https://github.com/nearai/ironclaw
-
-APP="Alpine-IronClaw"
-var_tags="${var_tags:-ai;agent;alpine}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-alpine}"
-var_version="${var_version:-3.23}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /usr/local/bin/ironclaw ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
-    msg_info "Stopping Service"
-    rc-service ironclaw stop 2>/dev/null || true
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration"
-    cp /root/.ironclaw/.env /root/ironclaw.env.bak
-    msg_ok "Backed up Configuration"
-
-    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
-      "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
-    chmod +x /usr/local/bin/ironclaw
-
-    msg_info "Restoring Configuration"
-    cp /root/ironclaw.env.bak /root/.ironclaw/.env
-    rm -f /root/ironclaw.env.bak
-    msg_ok "Restored Configuration"
-
-    msg_info "Starting Service"
-    rc-service ironclaw start
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Complete setup by running:${CL}"
-echo -e "${TAB}${BGN}ironclaw onboard${CL}"
-echo -e "${INFO}${YW} Then start the service:${CL}"
-echo -e "${TAB}${BGN}rc-service ironclaw start${CL}"
-echo -e "${INFO}${YW} Access the Web UI at:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
-echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
-echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"

ct/openthread-br.sh

@@ -1,87 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
-# Source: https://openthread.io/guides/border-router
-
-APP="OpenThread-BR"
-var_tags="${var_tags:-thread;iot;border-router;matter}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-0}"
-var_tun="${var_tun:-yes}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/ot-br-posix ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  cd /opt/ot-br-posix
-  LOCAL_COMMIT=$(git rev-parse HEAD)
-  $STD git fetch --depth 1 origin main
-  REMOTE_COMMIT=$(git rev-parse origin/main)
-
-  if [[ "${LOCAL_COMMIT}" == "${REMOTE_COMMIT}" ]]; then
-    msg_ok "Already up to date (${LOCAL_COMMIT:0:7})"
-    exit
-  fi
-
-  msg_info "Stopping Services"
-  systemctl stop otbr-web
-  systemctl stop otbr-agent
-  msg_ok "Stopped Services"
-
-  msg_info "Updating Source"
-  $STD git reset --hard origin/main
-  $STD git submodule update --depth 1 --init --recursive
-  msg_ok "Updated Source"
-
-  msg_info "Rebuilding OpenThread Border Router (Patience)"
-  cd /opt/ot-br-posix/build
-  $STD cmake -GNinja \
-    -DBUILD_TESTING=OFF \
-    -DCMAKE_INSTALL_PREFIX=/usr \
-    -DOTBR_DBUS=ON \
-    -DOTBR_MDNS=openthread \
-    -DOTBR_REST=ON \
-    -DOTBR_WEB=ON \
-    -DOTBR_BORDER_ROUTING=ON \
-    -DOTBR_BACKBONE_ROUTER=ON \
-    -DOT_FIREWALL=ON \
-    -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
-    ..
-  $STD ninja
-  $STD ninja install
-  msg_ok "Rebuilt OpenThread Border Router"
-
-  msg_info "Starting Services"
-  systemctl start otbr-agent
-  systemctl start otbr-web
-  msg_ok "Started Services"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

install/alpine-ironclaw-install.sh

@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
-# Source: https://github.com/nearai/ironclaw
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apk add openssl
-msg_ok "Installed Dependencies"
-
-msg_info "Installing PostgreSQL"
-$STD apk add postgresql17 postgresql17-openrc postgresql-pgvector postgresql-common
-$STD rc-service postgresql setup
-$STD rc-update add postgresql default
-$STD rc-service postgresql start
-msg_ok "Installed PostgreSQL"
-
-msg_info "Setting up Database"
-PG_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
-$STD su -s /bin/sh postgres -c "psql -c \"CREATE ROLE ironclaw WITH LOGIN PASSWORD '${PG_PASS}';\""
-$STD su -s /bin/sh postgres -c "psql -c \"CREATE DATABASE ironclaw WITH OWNER ironclaw;\""
-$STD su -s /bin/sh postgres -c "psql -d ironclaw -c \"CREATE EXTENSION IF NOT EXISTS vector;\""
-msg_ok "Set up Database"
-
-fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
-  "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
-chmod +x /usr/local/bin/ironclaw
-
-msg_info "Configuring IronClaw"
-mkdir -p /root/.ironclaw
-GATEWAY_TOKEN=$(openssl rand -hex 32)
-cat <<EOF >/root/.ironclaw/.env
-DATABASE_URL=postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable
-GATEWAY_ENABLED=true
-GATEWAY_HOST=0.0.0.0
-GATEWAY_PORT=3000
-GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
-CLI_ENABLED=false
-AGENT_NAME=ironclaw
-RUST_LOG=ironclaw=info,tower_http=info
-EOF
-chmod 600 /root/.ironclaw/.env
-msg_ok "Configured IronClaw"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/init.d/ironclaw
-#!/sbin/openrc-run
-
-name="IronClaw"
-description="IronClaw AI Agent"
-command="/usr/local/bin/ironclaw"
-command_background=true
-pidfile="/run/ironclaw.pid"
-directory="/root"
-supervise_daemon_args="--env-file /root/.ironclaw/.env"
-
-depend() {
-  need net postgresql
-}
-EOF
-chmod +x /etc/init.d/ironclaw
-$STD rc-update add ironclaw default
-msg_ok "Created Service"
-
-motd_ssh
-customize

install/openthread-br-install.sh

@@ -1,94 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
-# Source: https://openthread.io/guides/border-router
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  cmake \
-  ninja-build \
-  pkg-config \
-  git \
-  iproute2 \
-  libreadline-dev \
-  libncurses-dev \
-  rsyslog \
-  dbus \
-  libdbus-1-dev \
-  libjsoncpp-dev \
-  iptables \
-  ipset \
-  bind9 \
-  libnetfilter-queue1 \
-  libnetfilter-queue-dev \
-  libprotobuf-dev \
-  protobuf-compiler \
-  socat
-msg_ok "Installed Dependencies"
-
-setup_nodejs
-
-msg_info "Cloning OpenThread Border Router"
-# git clone is needed to fetch submodules, fetch_and_deploy_gh_release doesn't support this. We use --depth 1 to minimize the amount of data cloned, but it still may take a while.
-$STD git clone --depth 1 https://github.com/openthread/ot-br-posix /opt/ot-br-posix
-cd /opt/ot-br-posix
-$STD git submodule update --depth 1 --init --recursive
-msg_ok "Cloned OpenThread Border Router"
-
-msg_info "Building OpenThread Border Router (Patience)"
-mkdir -p build && cd build
-$STD cmake -GNinja \
-  -DBUILD_TESTING=OFF \
-  -DCMAKE_INSTALL_PREFIX=/usr \
-  -DOTBR_DBUS=ON \
-  -DOTBR_MDNS=openthread \
-  -DOTBR_REST=ON \
-  -DOTBR_WEB=ON \
-  -DOTBR_BORDER_ROUTING=ON \
-  -DOTBR_BACKBONE_ROUTER=ON \
-  -DOT_FIREWALL=ON \
-  -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
-  ..
-$STD ninja
-$STD ninja install
-msg_ok "Built OpenThread Border Router"
-
-msg_info "Configuring Network"
-cat <<EOF >/etc/sysctl.d/99-otbr.conf
-net.ipv6.conf.all.forwarding=1
-net.ipv4.ip_forward=1
-EOF
-$STD sysctl -p /etc/sysctl.d/99-otbr.conf
-msg_ok "Configured Network"
-
-msg_info "Configuring Services"
-cat <<'EOF' >/etc/default/otbr-agent
-# USB example:
-#   OTBR_AGENT_OPTS="-I wpan0 -B eth0 --vendor-name OpenThread --model-name BorderRouter --rest-listen-address 0.0.0.0 --rest-listen-port 8081 spinel+hdlc+uart:///dev/ttyACM0"
-# TCP via socat (for network-attached RCP like SLZB-06/SLZB-MR3):
-
-#   OTBR_AGENT_OPTS="-I wpan0 -B eth0 --vendor-name OpenThread --model-name BorderRouter --rest-listen-address 0.0.0.0 --rest-listen-port 8081 spinel+hdlc+forkpty:///usr/bin/socat?forkpty-arg=-,rawer&forkpty-arg=tcp:IP:PORT trel://eth0"
-OTBR_AGENT_OPTS="-I wpan0 -B eth0 --vendor-name OpenThread --model-name BorderRouter --rest-listen-address 0.0.0.0 --rest-listen-port 8081 spinel+hdlc+uart:///dev/ttyACM0"
-EOF
-cat <<'EOF' >/etc/default/otbr-web
-OTBR_WEB_OPTS="-I wpan0 -a 0.0.0.0 -p 80"
-EOF
-systemctl enable -q dbus rsyslog otbr-agent otbr-web
-systemctl enable -q bind9 2>/dev/null || systemctl enable -q named 2>/dev/null || true
-systemctl start -q dbus rsyslog bind9
-msg_ok "Configured Services"
-
-motd_ssh
-customize
-cleanup_lxc

json/openthread-br.json

@@ -1,48 +0,0 @@
-{
-    "name": "OpenThread Border Router",
-    "slug": "openthread-br",
-    "categories": [
-        17
-    ],
-    "date_created": "2026-03-30",
-    "type": "ct",
-    "updateable": true,
-    "privileged": true,
-    "interface_port": 80,
-    "documentation": "https://openthread.io/guides/border-router",
-    "website": "https://openthread.io/",
-    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openthread.webp",
-    "config_path": "/etc/default/otbr-agent",
-    "description": "OpenThread Border Router (OTBR) connects a Thread network to other IP-based networks such as Wi-Fi or Ethernet, providing bidirectional connectivity, mDNS/SRP service discovery, NAT64, and external Thread commissioning.",
-    "install_methods": [
-        {
-            "type": "default",
-            "script": "ct/openthread-br.sh",
-            "resources": {
-                "cpu": 2,
-                "ram": 2048,
-                "hdd": 4,
-                "os": "Debian",
-                "version": "13"
-            }
-        }
-    ],
-    "default_credentials": {
-        "username": null,
-        "password": null
-    },
-    "notes": [
-        {
-            "text": "Requires a Thread Radio Co-Processor (RCP) device. USB: pass through to LXC (e.g. /dev/ttyACM0). TCP: use socat forkpty pattern (see `/etc/default/otbr-agent` for examples).",
-            "type": "warning"
-        },
-        {
-            "text": "Services are enabled but not started at install. Configure `/etc/default/otbr-agent` with your RCP device, then run: `systemctl restart otbr-agent otbr-web`",
-            "type": "info"
-        },
-        {
-            "text": "Home Assistant: Add 'OpenThread Border Router' integration with URL `http://<IP>:8081`. Web UI is on port 80.",
-            "type": "info"
-        }
-    ]
-}

tools/addon/mqttx.sh

@@ -105,8 +105,9 @@ function uninstall_mqttx() {
 
 function update_mqttx() {
   if check_for_gh_release "mqttx" "$REPO"; then
-    msg_info "Updating ${APP}"
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "mqttx" "$REPO" "tarball" "latest" "$APP_DIR"
+
+    msg_info "Updating ${APP}"
     cd "$APP_DIR/web"
     $STD yarn install --frozen-lockfile --ignore-engines
     $STD yarn build