feat: 添加Linux部署脚本幂等性，更新README.md

[1oca1h0st]

Greptile Overview

Greptile Summary

Adds idempotency check to deploy.sh that prevents accidental reinstallation by detecting existing installations and requiring a --force flag for reinstalls. Updates README.md to clarify that the deploy script is for initial deployment only, with software updates requiring manual Docker Compose commands. The force reinstall functionality removes existing containers and deployment directories to enable clean reinstallation.

Confidence Score: 2/5

• Concerning data loss risk during force reinstall - existing credentials are not preserved
• The PR introduces a critical logic error in the force reinstall flow. When users run deploy.sh --force, the script deletes the deployment directory (line 302) containing the original .env file with credentials, then generates completely new random credentials (lines 860-862). This causes users to lose access to their existing database and admin panel. While the idempotency check itself is well-implemented and prevents accidental reinstalls, the force reinstall path has a data loss vulnerability. The README warning is helpful but has minor grammatical issues.
• scripts/deploy.sh requires attention for credential preservation during force reinstall

Important Files Changed

File Analysis

Filename	Score	Overview
scripts/deploy.sh	2/5	Adds idempotency check and force reinstall flag; missing preservation of existing credentials during force reinstall could cause data loss

Sequence Diagram

sequenceDiagram
    participant User
    participant Script as deploy.sh
    participant Check as Installation Check
    participant Docker
    participant System as File System

    User->>Script: "Execute deploy.sh [--force]"
    Script->>Script: "Parse arguments & detect OS"
    Script->>Check: "check_existing_installation()"
    Check->>System: "Check if $DEPLOY_DIR exists"
    Check->>Docker: "Check for claude-code-hub-* containers"
    
    alt Installation exists & no --force flag
        Check-->>User: "Error: Already installed + instructions"
        Note over User: Exit with management commands
    else Installation exists & --force flag
        Check->>Docker: "docker compose down -v"
        Check->>Docker: "Remove containers forcefully"
        Check->>System: "rm -rf $DEPLOY_DIR"
        Note over Check: WARNING: Credentials lost here!
        Check->>Script: "Continue with fresh install"
    else No installation found
        Check->>Script: "Proceed with installation"
    end
    
    Script->>Script: "Generate new ADMIN_TOKEN"
    Script->>Script: "Generate new DB_PASSWORD"
    Script->>System: "Create .env with new credentials"
    Script->>Docker: "docker compose up -d"
    Docker-->>User: "Services started"

Loading

[coderabbitai]

📝 Walkthrough

总体概述

README.md增加了关于部署脚本仅用于初始部署的信息说明。scripts/deploy.sh新增了现有安装检测函数、全局标志FORCE_REINSTALL和-f/--force命令行选项，支持强制重新安装流程，包括停止和删除现有容器及部署目录的能力。

变更

文件群组	变更摘要
文档更新 README.md	在"重要提示"部分新增说明，澄清部署脚本仅适用于初始部署，可能不支持软件更新；提及环境限制和Linux安装程序的幂等性特性。
部署脚本增强 scripts/deploy.sh	新增FORCE_REINSTALL全局标志、-f/--force命令行选项和check_existing_installation()函数。该函数检测现有部署（部署目录、docker-compose.yaml/.env文件）和运行中的容器。如果检测到现有安装且未设置强制标志，脚本会中止并提供管理指导；若设置强制标志，则停止/删除现有容器和部署目录后继续。主流程在docker检测前调用该检测函数。

代码审查工作量评估

🎯 2 (Simple) | ⏱️ ~12 分钟

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	拉取请求的标题准确总结了主要变更，涵盖了Linux部署脚本幂等性的添加以及README.md的更新，与实际代码变更相符。
Description check	✅ Passed	PR描述与变更集相关联，清晰说明了部署脚本幂等性检查和README更新的目的。

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @1oca1h0st, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此拉取请求通过为 deploy.sh 脚本引入幂等性，增强了 Linux 部署体验。它通过检测现有安装来防止意外的重新安装和配置覆盖。用户现在可以被告知现有设置，或者选择强制完全重新安装。此外，README.md 已更新，提供了关于软件更新和部署脚本幂等性范围的更清晰指导。

Highlights

• 部署脚本幂等性增强: deploy.sh 脚本现在具备幂等性，避免了重复部署时随机生成数据库密码覆盖原有配置的问题。
• 部署检测机制: deploy.sh 脚本新增了检测现有安装的功能，以防止意外的重新部署。
• 强制重新安装选项: 引入了新的 --force (-f) 命令行参数，允许用户选择强制移除现有安装并进行全新部署。
• README.md 更新: README.md 文件已更新，明确指出 deploy.sh 脚本仅用于首次部署，不用于软件更新，并说明目前幂等性仅限于 Linux 脚本。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

本次 Pull Request 为 deploy.sh 脚本增加了幂等性检查，这是一个非常实用的改进，可以防止意外覆盖现有部署，提升了脚本的健壮性和用户体验。同时，README.md 中也相应地增加了说明，引导用户正确地进行软件更新。代码实现思路清晰，通过 --force 标志来控制强制重装的逻辑也很合理。我提出了一些小的建议，旨在提高脚本的可维护性和文档的清晰度。总体来说，这是一次高质量的更新。

[gemini-code-assist]

当前的说明文字有些冗长，并且将操作指引和实现细节的备注混合在了一起，可能会让用户困惑。

建议将更新操作的指引和脚本幂等性的状态说明分开，使信息更清晰。同时，更新说明中引用的章节可以更精确地指向包含升级指南的 部署指南 章节，而不是 Docker Compose 启动章节。

Suggested change

	- ⚠️ 软件更新：请参考 `Docker Compose 启动章节`，deploy脚本仅用于首次部署，并不用于更新软件 (环境限制，目前仅暂在 Linux 安装脚本确保了部署幂等性，未覆盖 Powershell 脚本)
	- ⚠️ 软件更新：`deploy` 脚本主要用于首次部署。如需更新，请参考 `部署指南` 章节中的升级说明。 (注意：目前仅 Linux 脚本支持幂等性检查，Windows 的 PowerShell 脚本暂不支持。)

[gemini-code-assist]

cd "$DEPLOY_DIR" 会改变当前脚本的全局工作目录，这可能会对后续命令产生意料之外的影响。虽然目前脚本的其他部分似乎能够适应这个变化，但这是一种有风险的实践，降低了代码的可维护性。

建议使用子 shell (subshell) () 来隔离目录切换操作。这样可以确保 docker compose down 命令在正确的目录执行，同时不会影响脚本其余部分的执行环境，从而提高脚本的健壮性。

Suggested change

	cd "$DEPLOY_DIR"
	if docker compose version &> /dev/null; then
	docker compose down -v 2>/dev/null || true
	else
	docker-compose down -v 2>/dev/null || true
	fi
	(
	cd "$DEPLOY_DIR"
	if docker compose version &> /dev/null; then
	docker compose down -v 2>/dev/null || true
	else
	docker-compose down -v 2>/dev/null || true
	fi
	)

[github-actions]

Code Review Summary

No significant issues identified in this PR. The implementation adds idempotency checks to the deployment script, preventing accidental overwrites of existing installations. The code follows established patterns in the codebase.

PR Size: S

• Lines changed: 98
• Files changed: 2

Review Coverage

• Logic and correctness - Clean
• Security (OWASP Top 10) - Clean
• Error handling - Clean (uses established || true pattern for cleanup operations)
• Type safety - N/A (shell script)
• Documentation accuracy - Clean
• Test coverage - N/A (deployment script)
• Code clarity - Good

Notes

The implementation correctly:

1. Detects existing installations via deployment directory and Docker containers
2. Provides clear user guidance when an installation is detected
3. Offers a --force flag for intentional reinstallation
4. Updates help text and README documentation accordingly
5. Uses proper cleanup patterns with error suppression (|| true) that are standard in bash cleanup operations

---

Automated review by Claude AI

[github-actions]

Code Review Summary

No significant issues identified in this PR. The implementation adds idempotency checks to the deployment script, preventing accidental overwrites of existing installations. The code follows established patterns in the codebase.

PR Size: S

• Lines changed: 98
• Files changed: 2

Review Coverage

• Logic and correctness - Clean
• Security (OWASP Top 10) - Clean
• Error handling - Clean (uses established || true pattern for cleanup operations)
• Type safety - N/A (shell script)
• Documentation accuracy - Clean
• Test coverage - N/A (deployment script)
• Code clarity - Good

Notes

The implementation correctly:

1. Detects existing installations via deployment directory and Docker containers
2. Provides clear user guidance when an installation is detected
3. Offers a --force flag for intentional reinstallation
4. Updates help text and README documentation accordingly
5. Uses proper cleanup patterns with error suppression (|| true) that are standard in bash cleanup operations

---

Automated review by Claude AI

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @README.md:
- Line 152: Fix the wording in the README sentence that currently reads "目前仅暂在
Linux 安装脚本确保了部署幂等性，未覆盖 Powershell 脚本": remove the extra character "暂" so it
reads "目前仅在 Linux 安装脚本确保了部署幂等性，未覆盖 PowerShell 脚本"; also change "Powershell" to
"PowerShell", replace "deploy脚本" with "deploy 脚本" (add a space), and convert any
parentheses around that clause to full-width Chinese parentheses "（）" for
consistency.

In @scripts/deploy.sh:
- Around line 277-297: When FORCE_REINSTALL is true the script runs "docker
compose down -v" which will delete volumes and can drop DB data; before
stopping/removing containers (the block that checks existing_containers and
DEPLOY_DIR and runs "docker compose down -v" / "docker-compose down -v") add an
explicit confirmation step: if the script is running interactively (tty) prompt
the user to confirm destructive removal of volumes, and if non-interactive
require an explicit opt-in environment variable or flag (e.g.,
FORCE_REINSTALL_CONFIRM=yes or --confirm-delete-volumes) otherwise abort with a
clear log_warning that volumes (e.g., Postgres data) will be deleted; ensure the
check references FORCE_REINSTALL, existing_containers, DEPLOY_DIR and the exact
docker compose commands so the destructive down -v only runs after confirmation.

🧹 Nitpick comments (1)

scripts/deploy.sh (1)

306-308: 日志消息与条件逻辑不符。

else 分支仅在 installation_found 为 false 时执行，但此时不需要提示"Proceeding with fresh installation"，因为后续逻辑已经会继续执行。当前实现正确但略显冗余。

此外，建议将 Line 307 的日志级别从 log_success 改为 log_info，因为"未发现现有安装"并非一个成功操作。

♻️ 建议的改进

     else
-        log_success "No existing installation found. Proceeding with fresh installation..."
+        log_info "No existing installation found. Proceeding with fresh installation..."
     fi

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

📥 Commits

Reviewing files that changed from the base of the PR and between 3edd6b7 and bcb2fdd.

📒 Files selected for processing (2)

• README.md
• scripts/deploy.sh

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: pr-review
• GitHub Check: pr-description
• GitHub Check: pr-label

🔇 Additional comments (4)

scripts/deploy.sh (4)

50-50: LGTM!

全局变量 FORCE_REINSTALL 声明清晰，与其他 CLI 参数变量风格一致。

---

66-66: LGTM!

-f/--force 选项的帮助信息和参数解析实现正确，与现有参数处理风格保持一致。

Also applies to: 133-136

---

841-846: LGTM!

check_existing_installation 的调用位置正确——在 detect_os 设置默认部署目录和 validate_inputs 应用自定义目录覆盖之后执行，确保检查使用的是最终的 DEPLOY_DIR 值。

---

242-254: LGTM!

容器检测逻辑实现良好：

• 使用 docker ps -a 包含已停止的容器
• 使用 --filter "name=claude-code-hub-" 精确匹配项目容器
• 错误输出重定向到 /dev/null 避免 Docker 未安装时的错误信息

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

文案存在小笔误。

"目前仅暂在 Linux" 中的"暂"字应删除或改为"目前仅在"。

📝 建议的修改

-- ⚠️ 软件更新：请参考 `Docker Compose 启动章节`，deploy脚本仅用于首次部署，并不用于更新软件 (环境限制，目前仅暂在 Linux 安装脚本确保了部署幂等性，未覆盖 Powershell 脚本)
+- ⚠️ 软件更新：请参考 `Docker Compose 启动章节`，deploy 脚本仅用于首次部署，并不用于更新软件（环境限制，目前仅在 Linux 安装脚本确保了部署幂等性，未覆盖 PowerShell 脚本）

另外建议：

• "Powershell" → "PowerShell"（官方拼写）
• 括号使用中文全角括号 （） 以保持一致性
• deploy脚本 建议改为 deploy 脚本，增加空格提升可读性

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- ⚠️ 软件更新：请参考 `Docker Compose 启动章节`，deploy脚本仅用于首次部署，并不用于更新软件 (环境限制，目前仅暂在 Linux 安装脚本确保了部署幂等性，未覆盖 Powershell 脚本)
	- ⚠️ 软件更新：请参考 `Docker Compose 启动章节`，deploy 脚本仅用于首次部署，并不用于更新软件（环境限制，目前仅在 Linux 安装脚本确保了部署幂等性，未覆盖 PowerShell 脚本）

🤖 Prompt for AI Agents

In @README.md at line 152, Fix the wording in the README sentence that currently
reads "目前仅暂在 Linux 安装脚本确保了部署幂等性，未覆盖 Powershell 脚本": remove the extra character
"暂" so it reads "目前仅在 Linux 安装脚本确保了部署幂等性，未覆盖 PowerShell 脚本"; also change
"Powershell" to "PowerShell", replace "deploy脚本" with "deploy 脚本" (add a space),
and convert any parentheses around that clause to full-width Chinese parentheses
"（）" for consistency.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

数据丢失风险：--force 选项会删除数据库数据，建议添加确认提示。

docker compose down -v 会删除所有卷（包括 PostgreSQL 数据）。在非交互模式下使用 --force 可能导致用户意外丢失生产数据。

建议：在非交互模式下添加额外确认，或至少在帮助信息中明确警告数据会被删除。

🔧 建议的改进方案

     # If forcing reinstall, clean up existing installation
     if [[ "$installation_found" == true ]] && [[ "$FORCE_REINSTALL" == true ]]; then
+        if [[ "$NON_INTERACTIVE" != true ]]; then
+            echo ""
+            log_warning "This will DELETE all existing data including the database!"
+            read -p "Are you sure you want to continue? [y/N]: " confirm
+            if [[ "$confirm" != "y" ]] && [[ "$confirm" != "Y" ]]; then
+                log_info "Aborted by user."
+                exit 0
+            fi
+        else
+            log_warning "Force reinstall in non-interactive mode - all existing data will be deleted!"
+        fi
         log_warning "Force reinstall enabled. Removing existing installation..."

🤖 Prompt for AI Agents

In @scripts/deploy.sh around lines 277 - 297, When FORCE_REINSTALL is true the
script runs "docker compose down -v" which will delete volumes and can drop DB
data; before stopping/removing containers (the block that checks
existing_containers and DEPLOY_DIR and runs "docker compose down -v" /
"docker-compose down -v") add an explicit confirmation step: if the script is
running interactively (tty) prompt the user to confirm destructive removal of
volumes, and if non-interactive require an explicit opt-in environment variable
or flag (e.g., FORCE_REINSTALL_CONFIRM=yes or --confirm-delete-volumes)
otherwise abort with a clear log_warning that volumes (e.g., Postgres data) will
be deleted; ensure the check references FORCE_REINSTALL, existing_containers,
DEPLOY_DIR and the exact docker compose commands so the destructive down -v only
runs after confirmation.

[greptile-apps]

_{5 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

The --force reinstall removes the existing deployment directory without preserving credentials. This causes data loss of the admin token and database password from the original .env file. When users run --force, they'll lose access to their existing database and admin panel.

Issue: Lines 300-302 delete $DEPLOY_DIR which contains the .env file with original credentials, but lines 860-862 generate new random credentials. The new credentials won't match the existing database data in Docker volumes (if those volumes survive).

Fix: Before removing the directory, backup existing credentials from the .env file and restore them after cleanup. Extract the admin token and database password values, then modify generate_admin_token() and generate_db_password() functions to skip generation if values are already set from backup.