rMax.ai DotSlash Files

How DotSlash Works

DotSlash turns executable files into lightweight JSON manifests that fetch the actual binary on demand. It uses a special shebang line:

#!/usr/bin/env dotslash

When executed, the DotSlash workflow is simple and secure:

1. Inspect: Reads the JSON manifest.
2. Fetch: Downloads the artifact from the specified URL.
3. Verify: Checks the sha256 hash to ensure integrity.
4. Cache: Stores the artifact locally for future runs.
5. Exec: Runs the binary with arguments forwarded transparently.

Repository Overview

This repository acts as the central registry for DotSlash manifests and support scripts used across the rMax.ai ecosystem.

CLI Usage Highlights

Common commands for interacting with DotSlash utilities:

• dotslash parse - Validate manifest syntax.
• dotslash fetch - Download artifacts without running.
• dotslash run - Execute a manifest explicitly.
• dotslash sha256 - Calculate hashes for artifacts.

Installer Features

Designed for flexibility and ease of use, the installer plan includes:

• Directory Resolution: Smart defaults for installation paths.
• Interactive Selection: Fuzzy search for available tools.
• Wrapper Creation: Automatically generates executable wrappers.
• PATH Handling: Updates shell configuration if needed.
• Robustness: Comprehensive flags, exit codes, and self-tests.

Security & Best Practices

Security is core to the DotSlash design.

• Hash Verification: Every artifact is verified against a sha256 hash before execution.
• Immutable Caches: Fetched binaries are stored securely in a local cache.
• No Script Execution: DotSlash executes binaries, not arbitrary scripts, reducing attack surface.

Getting Involved

We welcome contributions! Here is how you can help:

1. Add a new manifest to the bin/ directory.
2. Validate it using the dotslash tool.
3. Open a Pull Request.

Running Tests:

make shim-tests   # Test the shim wrapper
make bin-tests    # Test manifest files
make install-tests # Test the installer script