Skip to content

Overview

Package Manager OverviewLink

Sierra Dev's package manager provides APT-like functionality for installing, managing, and updating invoker scripts from GitHub repositories. It is designed to be robust, type-safe, and easy to use.

ArchitectureLink

The package manager consists of several modular components working together:

graph LR
    A[GitHub Repos] -->|registry.json| B[Repository Manager]
    B --> C[Package Registry]
    C --> D[Package Search]
    C --> E[Package Installer]
    E --> F[Type Validator]
    F --> G[Environment]

Core ComponentsLink

1. Repository ManagerLink

Manages GitHub repository sources for package discovery. It handles: - Adding/removing repository sources - Fetching and caching package registries - Managing source priorities - Validating repository structure

Python
1
2
3
4
from sierra.package_manager import RepositoryManager

repo_mgr = RepositoryManager(config_dir)
repo_mgr.add_source("https://github.com/xsyncio/sierra-invokers")

2. Package RegistryLink

The central registry for package metadata and search. It provides: - Fast search by name, description, or tags - Filtering by category and source - Version tracking and comparison - Metadata aggregation

Python
1
2
3
4
5
from sierra.package_manager import PackageRegistry

registry = PackageRegistry(repo_mgr)
registry.refresh()
packages = registry.search("osint", tag="email")

3. Package InstallerLink

Handles the lifecycle of packages on the local system: - Downloading scripts from GitHub - Resolving dependencies - Running type safety checks - Managing the installed packages manifest

Python
1
2
3
4
from sierra.package_manager import PackageInstaller

installer = PackageInstaller(repo_mgr, env_path)
installer.install("digital-footprint", registry)

4. Type ValidatorLink

Ensures that all installed scripts meet Sierra Dev's strict quality standards: - AST-based analysis: Checks code without executing it - Type annotations: Verifies arguments and return types - Safety checks: Detects unsafe patterns

Python
1
2
3
from sierra.package_manager import validate_invoker_script

is_valid, report = validate_invoker_script(script_path)

Repository StructureLink

A Sierra Dev repository on GitHub follows a strict structure to ensure compatibility:

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
sierra-invokers/
├── registry.json          # Master package index
├── invokers/              # Package directories
│   ├── digital-footprint/
│   │   ├── invoker.py    # The script itself
│   │   ├── metadata.json # Detailed metadata
│   │   └── README.md     # Documentation
│   └── crt-sh/
│       ├── invoker.py
│       └── metadata.json

registry.json ExampleLink

JSON
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
{
  "version": "1.0.0",
  "updated": "2024-11-26T10:00:00Z",
  "packages": {
    "digital-footprint": {
      "name": "digital-footprint",
      "version": "1.2.0",
      "description": "OSINT digital footprint analyzer",
      "author": "xsyncio",
      "tags": ["osint", "email", "breach"],
      "category": "reconnaissance",
      "path": "invokers/digital-footprint"
    }
  }
}

Local StorageLink

Sierra Dev maintains its state in the user's home directory (~/.sierra/):

  • sources.json: List of configured repositories and their priorities.
  • installed.json: Manifest of all installed packages and their versions.
  • cache/: Local cache of registries and downloaded files to speed up operations.

Key FeaturesLink

🔄 Auto-UpdatesLink

Sierra Dev can check for updates across all installed packages and upgrade them with a single command:

Bash
1
sierra-dev update --all

🛡️ Type SafetyLink

Every script is validated before installation. If a script lacks type hints or uses unsafe patterns, Sierra Dev will warn you or refuse installation (unless --force is used).

Search is fuzzy and context-aware. You can search by: - Keyword: sierra-dev search osint - Tag: sierra-dev search --tag email - Category: sierra-dev search --category recon

📦 Dependency ManagementLink

Packages can declare dependencies (e.g., Python libraries). Sierra Dev will notify you of required dependencies upon installation.

Next StepsLink