#!/bin/sh # Brig installer — downloads a prebuilt, checksum-verified binary for your OS/arch. # # curl -fsSL https://get.osnavi.com/brig/install.sh | sh # # It picks the right binary for macOS (Apple Silicon / Intel) and Linux # (x86_64 / arm64), verifies its SHA-256, and installs it onto your PATH. # No Rust toolchain required. # # Configurable via env: # BRIG_INSTALL_BASE base URL hosting the release artifacts (see CONFIGURE below) # BRIG_VERSION version to install (default: 0.1.0) # BRIG_BIN_DIR install dir (default: /usr/local/bin or ~/.local/bin) # # Security: the binary is checksum-verified and the install ABORTS on any # mismatch. Read this script before piping it to a shell — that's good hygiene # for any `curl | sh`, and doubly so for a security tool. set -eu # ── CONFIGURE: the release host. Replace with osnavi's real download host, or # override at run time with BRIG_INSTALL_BASE. (Placeholder until the first # release is published — see deploy/build-release.sh.) ─────────────────────── BASE="${BRIG_INSTALL_BASE:-https://get.osnavi.com/brig}" VERSION="${BRIG_VERSION:-0.1.0}" err() { printf 'brig install: %s\n' "$*" >&2; exit 1; } say() { printf '%s\n' "$*"; } # ── detect platform ─────────────────────────────────────────────────────────── os="$(uname -s)" arch="$(uname -m)" case "$os" in Darwin) os_t="apple-darwin" ;; Linux) os_t="unknown-linux-musl" ;; *) err "no prebuilt binary for OS '$os' yet — email hello@osnavi.com." ;; esac case "$arch" in arm64|aarch64) arch_t="aarch64" ;; x86_64|amd64) arch_t="x86_64" ;; *) err "no prebuilt binary for CPU '$arch' yet — email hello@osnavi.com." ;; esac triple="${arch_t}-${os_t}" asset="brig-${VERSION}-${triple}" url="${BASE}/${VERSION}/${asset}" # ── choose an install dir ────────────────────────────────────────────────────── if [ -n "${BRIG_BIN_DIR:-}" ]; then bindir="$BRIG_BIN_DIR" elif [ -d /usr/local/bin ] && [ -w /usr/local/bin ]; then bindir="/usr/local/bin" else bindir="$HOME/.local/bin" fi mkdir -p "$bindir" || err "cannot create install dir '$bindir'" tmp="$(mktemp -d)" trap 'rm -rf "$tmp"' EXIT # ── download binary + checksum ───────────────────────────────────────────────── say "→ downloading ${asset} (${VERSION})…" curl -fSL "$url" -o "$tmp/brig" || err "download failed: $url (is BRIG_INSTALL_BASE pointing at the real release host, and is a release published?)" curl -fSL "$url.sha256" -o "$tmp/brig.sha256" || err "checksum download failed: $url.sha256" # ── verify checksum (fail-closed) ────────────────────────────────────────────── say "→ verifying SHA-256…" expected="$(awk '{print $1}' "$tmp/brig.sha256")" if command -v sha256sum >/dev/null 2>&1; then actual="$(sha256sum "$tmp/brig" | awk '{print $1}')" elif command -v shasum >/dev/null 2>&1; then actual="$(shasum -a 256 "$tmp/brig" | awk '{print $1}')" else err "no SHA-256 tool found (need 'sha256sum' or 'shasum')." fi [ -n "$expected" ] && [ "$expected" = "$actual" ] || \ err "CHECKSUM MISMATCH — refusing to install. expected: $expected got: $actual" # ── install ──────────────────────────────────────────────────────────────────── chmod +x "$tmp/brig" mv "$tmp/brig" "$bindir/brig" say "✓ installed brig → $bindir/brig" case ":$PATH:" in *":$bindir:"*) : ;; *) say " ⚠ $bindir is not on your PATH — add it (e.g. export PATH=\"$bindir:\$PATH\")." ;; esac say "" say "next: brig --help # confirm it runs" say " brig init claude-code # wire it into your agent"