direxio-deployer 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +92 -0
- package/LICENSE +21 -0
- package/README.md +221 -0
- package/README_zh.md +218 -0
- package/SKILL.md +722 -0
- package/agents/README.md +25 -0
- package/agents/openai.yaml +12 -0
- package/bin/direxio-deployer.mjs +375 -0
- package/package.json +28 -0
- package/references/agent-targets.md +128 -0
- package/references/architecture.md +44 -0
- package/references/bug-history.md +78 -0
- package/references/deployment-lessons.md +218 -0
- package/references/deployment-optimization-audit.md +317 -0
- package/references/deployment-workflow.md +341 -0
- package/references/iam-policy.json +52 -0
- package/references/runtime-wiring.md +209 -0
- package/references/state-machine.md +46 -0
- package/references/token-refresh.md +81 -0
- package/references/tooling.md +106 -0
- package/references/troubleshooting.md +26 -0
- package/references/user-journey.md +75 -0
- package/references/verification-recovery.md +84 -0
- package/references/voip-turn-runbook.md +154 -0
- package/references/windows-deployment-notes.md +119 -0
- package/scripts/aws-credentials.sh +195 -0
- package/scripts/cloud-init/Caddyfile +48 -0
- package/scripts/cloud-init/docker-compose.yml +125 -0
- package/scripts/cloud-init/init-tokens.sh +238 -0
- package/scripts/cloud-init/user-data.yaml +40 -0
- package/scripts/destroy.ps1 +77 -0
- package/scripts/destroy.sh +589 -0
- package/scripts/lib/aws.sh +73 -0
- package/scripts/lib/domain.sh +175 -0
- package/scripts/lib/operation_report.sh +240 -0
- package/scripts/lib/ops.sh +230 -0
- package/scripts/lib/paths.sh +35 -0
- package/scripts/lib/state.sh +137 -0
- package/scripts/mcp-tools-list.mjs +95 -0
- package/scripts/orchestrate.ps1 +112 -0
- package/scripts/orchestrate.sh +1126 -0
- package/scripts/phases/s0_prereq_aws.sh +39 -0
- package/scripts/phases/s1_preflight.sh +72 -0
- package/scripts/phases/s2_domain.sh +103 -0
- package/scripts/phases/s3_provision.sh +421 -0
- package/scripts/phases/s4_bootstrap_stack.sh +38 -0
- package/scripts/phases/s5_init_tokens.sh +118 -0
- package/scripts/phases/s6_wire_local.sh +1435 -0
- package/scripts/phases/s7_verify_e2e.sh +136 -0
- package/scripts/pricing-estimate.sh +256 -0
- package/scripts/render/render-userdata.sh +86 -0
- package/scripts/reset-app-data.sh +40 -0
- package/scripts/update.sh +30 -0
- package/tests/aws_credentials_test.sh +139 -0
- package/tests/connect_daemon_runtime_check_test.sh +120 -0
- package/tests/default_paths_test.sh +58 -0
- package/tests/destroy_local_bridge_test.sh +154 -0
- package/tests/destroy_root_identity_test.sh +91 -0
- package/tests/destroy_route53_zone_test.sh +80 -0
- package/tests/domain_authoritative_dns_test.sh +49 -0
- package/tests/mcp_doctor_runtime_check_test.sh +86 -0
- package/tests/mcp_smoke_runtime_check_test.sh +121 -0
- package/tests/mcp_tools_runtime_check_test.sh +123 -0
- package/tests/npm_skill_distribution_test.sh +95 -0
- package/tests/operation_report_test.sh +258 -0
- package/tests/orchestrate_status_recovery_test.sh +91 -0
- package/tests/phase_timeout_test.sh +88 -0
- package/tests/pricing_estimate_test.sh +159 -0
- package/tests/render_userdata_remote_nodes_test.sh +40 -0
- package/tests/root_volume_tracking_test.sh +41 -0
- package/tests/route53_overwrite_guard_test.sh +86 -0
- package/tests/route53_zone_auto_create_test.sh +66 -0
- package/tests/runtime_summary_check_test.sh +203 -0
- package/tests/s6_wire_local_test.sh +405 -0
- package/tests/skill_structure_test.sh +298 -0
- package/tests/update_reset_ops_test.sh +230 -0
- package/tests/user_confirmation_gates_test.sh +152 -0
package/AGENTS.md
ADDED
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
# AGENTS.md
|
|
2
|
+
|
|
3
|
+
`direxio-deployer` is a cross-platform deployment product and agent skill, not a Linux-only script collection. Maintain it as a portable orchestration layer that can be driven from Windows PowerShell, Git Bash/MSYS2, Linux, and macOS while deploying a Linux-based Direxio server.
|
|
4
|
+
|
|
5
|
+
## Product Scope
|
|
6
|
+
|
|
7
|
+
- Deploy, resume, verify, destroy, and locally wire a production Direxio message server.
|
|
8
|
+
- Treat `SKILL.md` as the agent-facing runbook and `scripts/` as implementation details behind stable entrypoints.
|
|
9
|
+
- The supported local conversation bridge is `direxio-connect` from `direxio-connent` or `YingSuiAI/direxio-connect`.
|
|
10
|
+
- Supported local agent targets are the connent/connect agent providers, treated as peers: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`.
|
|
11
|
+
- Do not reintroduce legacy local MCP/plugin/gateway installation flows or third-party chat platform wiring.
|
|
12
|
+
- Do not hard-code one developer's home directory, shell, agent executable path, AWS region, domain, node id, token, or password.
|
|
13
|
+
|
|
14
|
+
## Platform Law
|
|
15
|
+
|
|
16
|
+
Every deployer change must classify paths and commands by the platform that will consume them:
|
|
17
|
+
|
|
18
|
+
- **Remote server paths** are Linux paths inside EC2/cloud-init/Docker, such as `/opt/p2p` and `/var/direxio-message-server`.
|
|
19
|
+
- **Deployer execution paths** are used by the orchestration engine. Bash phase scripts can use POSIX paths, but PowerShell entrypoints must convert Windows paths before invoking Bash.
|
|
20
|
+
- **Local bridge paths** are consumed by `direxio-connect` and the local agent process. On Windows they must be Windows-compatible paths, not `/mnt/c/...` or Git Bash-only `/c/...` paths.
|
|
21
|
+
- **Documentation paths** must be portable examples using `$HOME`, `%USERPROFILE%`, `$env:USERPROFILE`, `<service_id>`, or `<domain>`, not machine-specific absolute paths.
|
|
22
|
+
|
|
23
|
+
If a change writes a path into `state.json`, `credentials.json`, `env`, `cc-connect/config.toml`, docs, or printed commands, verify which process will read that path and format it for that process.
|
|
24
|
+
|
|
25
|
+
## Entrypoints
|
|
26
|
+
|
|
27
|
+
- POSIX users run `bash scripts/orchestrate.sh`.
|
|
28
|
+
- Windows users run `.\scripts\orchestrate.ps1` from PowerShell. The wrapper may use Git Bash internally for existing Bash phases, but it must set Windows-local wiring variables such as `DIREXIO_LOCAL_PATH_STYLE=windows`.
|
|
29
|
+
- Do not tell Windows users to run WSL unless the user explicitly chooses WSL as the host runtime. WSL and Windows are different local runtimes with different home directories, PATH lookup, daemon process control, and agent executable paths.
|
|
30
|
+
- Keep `scripts/orchestrate.sh` and `scripts/orchestrate.ps1` behaviorally aligned for status, deploy/resume, and local bridge wiring.
|
|
31
|
+
|
|
32
|
+
## Script Architecture
|
|
33
|
+
|
|
34
|
+
- Keep the state-machine phases idempotent and resumable. A phase should be safe to rerun after token refresh, DNS wait, or partial local wiring.
|
|
35
|
+
- Shell phase files should expose `run_phase` and use `state_get`, `state_set`, and `phase_set` instead of ad hoc state edits.
|
|
36
|
+
- Prefer small helpers for platform conversion, command discovery, and output formatting. Do not scatter OS-specific path rewrites across phase bodies.
|
|
37
|
+
- Remote server commands may assume Linux because the EC2 host is Linux. Local commands must not assume Linux.
|
|
38
|
+
- Use PowerShell for Windows-native process and path behavior when the consumer is Windows-local, especially `direxio-connect.exe`, local agent executables, Windows user profile paths, or npm global binaries.
|
|
39
|
+
- When adding a new local runtime or agent executable, support explicit override env vars before detection. For connect this includes `DIREXIO_CC_CONNECT_AGENT`, `DIREXIO_CC_CONNECT_AGENT_CMD`, and runtime-specific aliases such as `DIREXIO_CODEX_COMMAND`, `DIREXIO_GEMINI_COMMAND`, or `DIREXIO_CLAUDE_CODE_COMMAND`.
|
|
40
|
+
- Do not make Codex, Claude, Gemini, Cursor, or any other provider the semantic default for an unknown runtime. Unknown or ambiguous detection should require an explicit `DIREXIO_CC_CONNECT_AGENT`.
|
|
41
|
+
|
|
42
|
+
## Direxio Connect Wiring
|
|
43
|
+
|
|
44
|
+
- S5/S6 must fail closed when `agent_room_id` is missing or uses a legacy pseudo id such as `!agent:<domain>`.
|
|
45
|
+
- S6 must create a Matrix session through `agent.matrix_session.create` and require `@agent:<server>` for the bridge. Returning `@owner:<server>` is a server-side compatibility failure.
|
|
46
|
+
- The generated cc-connect config must contain one Matrix platform and must restrict sync/replies to the real `agent_room_id`.
|
|
47
|
+
- The generated agent config must preserve the selected connect agent type and optional agent-specific TOML. Some providers require more than `cmd`; for example `reasonix` needs `serve_url`, `tmux` needs `session`, and generic `acp` may need command/args.
|
|
48
|
+
- `DIREXIO_AGENT_INSTALL=auto` may install/start `direxio-connect`; `recommend` must only write files and print commands.
|
|
49
|
+
- `direxio-connent` publishing and GitHub release assets are part of the install contract. Do not claim npm install works until the package and matching `direxio-connect` assets exist.
|
|
50
|
+
|
|
51
|
+
## Secrets And State
|
|
52
|
+
|
|
53
|
+
- Never print, commit, or paste AWS secrets, IM passwords, Matrix access tokens, `agent_token`, private keys, or full credential files.
|
|
54
|
+
- When verifying credentials, print booleans or identities only, such as `has_access_token=true`, `user_id`, `device_id`, and `homeserver`.
|
|
55
|
+
- `credentials.json`, Matrix session files, SSH keys, and generated env files must stay outside the repository and should be written with restrictive permissions when the platform supports it.
|
|
56
|
+
- Do not silently reuse stale `DIREXIO_AGENT_NODE_ID` across domains. Node ids must be scoped to the current deployment unless the operator explicitly forces an override.
|
|
57
|
+
|
|
58
|
+
## Documentation Rules
|
|
59
|
+
|
|
60
|
+
- Keep `README.md`, `README_zh.md`, `SKILL.md`, and `references/*` synchronized when changing deployment contracts, local bridge behavior, install commands, or platform support.
|
|
61
|
+
- Keep user-facing docs focused on operating the deployer. Put implementation details and edge cases in `references/`.
|
|
62
|
+
- Document Windows and POSIX examples separately when commands differ.
|
|
63
|
+
- Avoid saying "run bash" as the universal answer. Say which host runtime is intended and why.
|
|
64
|
+
|
|
65
|
+
## Validation
|
|
66
|
+
|
|
67
|
+
Run focused checks after every change:
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
bash tests/skill_structure_test.sh
|
|
71
|
+
bash tests/s6_wire_local_test.sh
|
|
72
|
+
bash tests/render_userdata_remote_nodes_test.sh
|
|
73
|
+
find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
|
|
74
|
+
git diff --check
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
On Windows-specific changes, also run or inspect:
|
|
78
|
+
|
|
79
|
+
```powershell
|
|
80
|
+
.\scripts\orchestrate.ps1 status
|
|
81
|
+
powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\orchestrate.ps1 status
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
If a validation cannot be run on the current host, record the reason and run the closest targeted static check.
|
|
85
|
+
|
|
86
|
+
## Change Discipline
|
|
87
|
+
|
|
88
|
+
- Prefer portable helpers over one-off fixes.
|
|
89
|
+
- When fixing a platform bug, search for the same assumption elsewhere before stopping.
|
|
90
|
+
- Keep unrelated deployment behavior untouched unless the same abstraction owns it.
|
|
91
|
+
- Self-review diffs before committing.
|
|
92
|
+
- Commit finished work on the active branch with a focused message. Do not stage generated credentials, local state, binaries, logs, `.codegraph/`, or machine-specific test artifacts.
|
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 P2P-IM
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
ADDED
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
# Direxio Deployer
|
|
2
|
+
|
|
3
|
+
[简体中文](README_zh.md)
|
|
4
|
+
|
|
5
|
+
`direxio-deployer` deploys a production Direxio message server and wires the local agent room through Direxio's Matrix bridge. The supported local bridge is `direxio-connect`, installed from the npm package `direxio-connent@latest` by default or built from `YingSuiAI/direxio-connect`. S6 also writes service-scoped MCP snippets for MCP-capable hosts such as Codex, OpenClaw, and Hermes.
|
|
6
|
+
|
|
7
|
+
## Contents
|
|
8
|
+
|
|
9
|
+
- `SKILL.md`: Agent entrypoint, confirmation rules, deployment/destroy flow, and delivery format.
|
|
10
|
+
- `scripts/`: State machine, AWS/EC2/DNS/cloud-init/verification/destroy scripts.
|
|
11
|
+
- `references/`: Tooling, deployment resume flow, cc-connect wiring, state machine, architecture, troubleshooting, and recovery notes.
|
|
12
|
+
- `agents/`: Runtime metadata and recognition notes for agent hosts.
|
|
13
|
+
|
|
14
|
+
## Before Deployment
|
|
15
|
+
|
|
16
|
+
- Prepare an AWS account, an AWS access key CSV or profile, and a real long-lived domain or subdomain.
|
|
17
|
+
- AWS resources created by this deployer can bill until they are destroyed.
|
|
18
|
+
- Use `SKILL.md` as the agent-facing runbook. It contains the detailed deployment rules, confirmation gates, runtime wiring behavior, and recovery procedures.
|
|
19
|
+
|
|
20
|
+
## Skill Installation And Updates
|
|
21
|
+
|
|
22
|
+
Install the deployer skill from npm, then place it into the current agent runtime's skill directory. Project-local installs are preferred because they keep the deployment skill scoped to the workspace that uses it.
|
|
23
|
+
|
|
24
|
+
POSIX shells:
|
|
25
|
+
|
|
26
|
+
```bash
|
|
27
|
+
npm install -g direxio-deployer@latest
|
|
28
|
+
direxio-deployer skill install --agent codex --scope project --project .
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
Windows PowerShell:
|
|
32
|
+
|
|
33
|
+
```powershell
|
|
34
|
+
npm install -g direxio-deployer@latest
|
|
35
|
+
direxio-deployer skill install --agent codex --scope project --project .
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Update the installed skill with the same host runtime:
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
npm install -g direxio-deployer@latest
|
|
42
|
+
direxio-deployer skill update --agent codex --scope project --project .
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Use the matching agent name for your runtime: `codex`, `claudecode`, `gemini`, `cursor`, `copilot`, `openclaw`, `hermes`, `opencode`, `qoder`, `reasonix`, or another target listed in `references/agent-targets.md`. Use `--scope global` only when you intentionally want a host-level skill install:
|
|
46
|
+
|
|
47
|
+
```bash
|
|
48
|
+
direxio-deployer skill install --agent codex --scope global
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
The installer writes `.direxio-skill-install.json` into the target directory and refuses to overwrite unmanaged existing content unless `--force` is provided. To pin a version, install that package version first:
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
npm install -g direxio-deployer@0.1.0
|
|
55
|
+
direxio-deployer skill update --agent codex --scope project --project .
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
The CLI is implemented in Node and uses native paths for the host it runs on. On Windows it writes Windows-compatible paths; on Linux, macOS, Git Bash, or WSL it writes paths for that runtime.
|
|
59
|
+
|
|
60
|
+
## Minimal Command
|
|
61
|
+
|
|
62
|
+
Import and verify an AWS deployment profile from an AWS CSV. A temporary
|
|
63
|
+
`DirexioDeployer` IAM user is recommended, but root access keys are allowed
|
|
64
|
+
when the operator explicitly chooses them:
|
|
65
|
+
|
|
66
|
+
```bash
|
|
67
|
+
bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
|
|
68
|
+
export AWS_PROFILE=direxio-deployer
|
|
69
|
+
bash scripts/aws-credentials.sh verify direxio-deployer
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
Run from the repository root:
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
bash scripts/pricing-estimate.sh \
|
|
76
|
+
--region us-east-1 \
|
|
77
|
+
--instance-type t3.small \
|
|
78
|
+
--disk-gb 8 \
|
|
79
|
+
--domain-mode user
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
```bash
|
|
83
|
+
AWS_DEFAULT_REGION=us-east-1 \
|
|
84
|
+
DOMAIN=__DOMAIN__ \
|
|
85
|
+
DOMAIN_MODE=user \
|
|
86
|
+
CONFIRM_DOMAIN_BINDING=1 \
|
|
87
|
+
INSTANCE_TYPE=t3.small \
|
|
88
|
+
MESSAGE_SERVER_IMAGE=direxio/message-server:latest \
|
|
89
|
+
bash scripts/orchestrate.sh
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
On Windows, use the PowerShell entrypoint so the deployer selects Git Bash for the cloud phases while writing Windows-compatible local `direxio-connect` paths:
|
|
93
|
+
|
|
94
|
+
```powershell
|
|
95
|
+
$env:AWS_DEFAULT_REGION = "us-east-1"
|
|
96
|
+
$env:DOMAIN = "__DOMAIN__"
|
|
97
|
+
$env:DOMAIN_MODE = "user"
|
|
98
|
+
$env:CONFIRM_DOMAIN_BINDING = "1"
|
|
99
|
+
$env:INSTANCE_TYPE = "t3.small"
|
|
100
|
+
$env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
|
|
101
|
+
.\scripts\orchestrate.ps1
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
Recommendation-only local bridge wiring:
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
Automatic local bridge install:
|
|
111
|
+
|
|
112
|
+
```bash
|
|
113
|
+
DIREXIO_AGENT_INSTALL=auto \
|
|
114
|
+
DIREXIO_AGENT_PLATFORM=auto \
|
|
115
|
+
DIREXIO_CC_CONNECT_AGENT=claudecode \
|
|
116
|
+
DIREXIO_AGENT_INSTALL_MODE=recommended \
|
|
117
|
+
bash scripts/orchestrate.sh
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Supported install modes: `recommended` and `cc-connect`.
|
|
121
|
+
If `DIREXIO_AGENT_PLATFORM=auto` cannot identify a single supported runtime, set `DIREXIO_CC_CONNECT_AGENT` explicitly. For OpenClaw or Hermes defaults, force the host runtime with `DIREXIO_AGENT_PLATFORM=openclaw` or `DIREXIO_AGENT_PLATFORM=hermes`; setting only `DIREXIO_CC_CONNECT_AGENT=acp` selects generic ACP and requires manual options. For OpenClaw Gateway ACP, set `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` from the current OpenClaw runtime after pairing. Use `DIREXIO_OPENCLAW_ACP_ARGS_TOML` only when you need to provide the complete OpenClaw ACP args array yourself. Use `DIREXIO_HERMES_ACP_ARGS_TOML` for the child Hermes args; S6 prefixes the `hermes-acp-adapter -- <hermes-command>` wrapper automatically.
|
|
122
|
+
|
|
123
|
+
Check status:
|
|
124
|
+
|
|
125
|
+
```bash
|
|
126
|
+
bash scripts/orchestrate.sh status
|
|
127
|
+
DOMAIN=<domain> bash scripts/orchestrate.sh status
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
Destroy recorded resources:
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
DOMAIN=<domain> bash scripts/destroy.sh
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
On Windows, use the PowerShell destroy entrypoint:
|
|
137
|
+
|
|
138
|
+
```powershell
|
|
139
|
+
$env:DOMAIN = "<domain>"
|
|
140
|
+
.\scripts\destroy.ps1
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
Destroy stops and uninstalls the local `direxio-connect` daemon only when its reported `WorkDir`
|
|
144
|
+
matches the current service's `~/.direxio/nodes/<service_id>/cc-connect`
|
|
145
|
+
directory, then removes that service directory.
|
|
146
|
+
|
|
147
|
+
Update an existing node without deleting data:
|
|
148
|
+
|
|
149
|
+
```bash
|
|
150
|
+
DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
|
|
151
|
+
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
Reset application data while preserving EC2, DNS, fixed IP, and Caddy TLS:
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
|
|
158
|
+
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
## Local Bridge
|
|
162
|
+
|
|
163
|
+
S6 writes these service-scoped files under `~/.direxio/nodes/<service_id>/`:
|
|
164
|
+
|
|
165
|
+
```text
|
|
166
|
+
credentials.json
|
|
167
|
+
env
|
|
168
|
+
cc-connect/config.toml
|
|
169
|
+
cc-connect/data/
|
|
170
|
+
cc-connect/matrix-session.json
|
|
171
|
+
mcp/codex.toml
|
|
172
|
+
mcp/openclaw.md
|
|
173
|
+
mcp/openclaw-server.json
|
|
174
|
+
mcp/hermes.mcp.json
|
|
175
|
+
mcp/mcp-servers.json
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
Manual install:
|
|
179
|
+
|
|
180
|
+
```bash
|
|
181
|
+
npm install -g direxio-connent@latest
|
|
182
|
+
direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force
|
|
183
|
+
direxio-connect daemon status --service-name <service_id>
|
|
184
|
+
```
|
|
185
|
+
|
|
186
|
+
MCP install and check:
|
|
187
|
+
|
|
188
|
+
```bash
|
|
189
|
+
npm install -g direxio-mcp@latest
|
|
190
|
+
DIREXIO_CREDENTIALS_FILE=~/.direxio/nodes/<service_id>/credentials.json direxio-mcp doctor --json
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
Use `mcp/codex.toml` for Codex and `mcp/hermes.mcp.json` for Hermes. For OpenClaw, read `mcp/openclaw.md` and run the generated `openclaw mcp set` command against `mcp/openclaw-server.json`; do not paste MCP JSON into `~/.openclaw/openclaw.json`.
|
|
194
|
+
|
|
195
|
+
Voice input is supported when an STT provider key is available. Set `DIREXIO_SPEECH_API_KEY` or provider-specific variables such as `DIREXIO_SPEECH_QWEN_API_KEY`; S6 will then write `[speech] enabled = true` into `cc-connect/config.toml`.
|
|
196
|
+
|
|
197
|
+
Homebrew documentation should use:
|
|
198
|
+
|
|
199
|
+
```bash
|
|
200
|
+
brew install direxio-connect
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
Source builds use:
|
|
204
|
+
|
|
205
|
+
```bash
|
|
206
|
+
git clone https://github.com/YingSuiAI/direxio-connect.git
|
|
207
|
+
cd connect
|
|
208
|
+
make build AGENTS=<cc-connect-agent> PLATFORMS_INCLUDE=matrix
|
|
209
|
+
```
|
|
210
|
+
|
|
211
|
+
## Validation
|
|
212
|
+
|
|
213
|
+
```bash
|
|
214
|
+
bash tests/skill_structure_test.sh
|
|
215
|
+
bash tests/default_paths_test.sh
|
|
216
|
+
bash tests/s6_wire_local_test.sh
|
|
217
|
+
bash tests/destroy_local_bridge_test.sh
|
|
218
|
+
bash tests/render_userdata_remote_nodes_test.sh
|
|
219
|
+
find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
|
|
220
|
+
git diff --check
|
|
221
|
+
```
|
package/README_zh.md
ADDED
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
# Direxio Deployer
|
|
2
|
+
|
|
3
|
+
`direxio-deployer` 是用于部署生产 Direxio message server 的通用 Agent Skill,并通过 Direxio 专用 Matrix 桥接把本地 agent room 接到当前 agent。当前本地桥接只支持 `direxio-connect`,安装包是 `direxio-connent`,源码仓库是 `YingSuiAI/direxio-connect`。S6 也会给 Codex、OpenClaw、Hermes 这类支持 MCP 的宿主写入服务级 MCP 配置片段。
|
|
4
|
+
|
|
5
|
+
## 内容
|
|
6
|
+
|
|
7
|
+
- `SKILL.md`: 智能体主入口、确认规则、部署/销毁流程和交付格式。
|
|
8
|
+
- `scripts/`: 状态机、AWS/EC2/DNS/cloud-init/验证/销毁脚本。
|
|
9
|
+
- `references/`: 工具准备、部署续跑、cc-connect wiring、状态机、架构、排障和恢复说明。
|
|
10
|
+
- `agents/`: 面向不同智能体运行时的展示元数据和识别说明。
|
|
11
|
+
|
|
12
|
+
## 部署前准备
|
|
13
|
+
|
|
14
|
+
- 准备 AWS 账号、AWS access key CSV 或 profile,以及真实长期域名或子域名。
|
|
15
|
+
- deployer 创建的 AWS 资源在销毁前可能持续计费。
|
|
16
|
+
- `SKILL.md` 是给智能体看的运行手册,详细部署规则、确认门禁、运行时 wiring 和恢复流程都放在那里。
|
|
17
|
+
|
|
18
|
+
## Skill 安装和更新
|
|
19
|
+
|
|
20
|
+
通过 npm 安装 deployer skill,再把它写入当前智能体运行时的 skill 目录。默认推荐 project-local 安装,让部署 skill 跟随当前 workspace。
|
|
21
|
+
|
|
22
|
+
POSIX shell:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
npm install -g direxio-deployer@latest
|
|
26
|
+
direxio-deployer skill install --agent codex --scope project --project .
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Windows PowerShell:
|
|
30
|
+
|
|
31
|
+
```powershell
|
|
32
|
+
npm install -g direxio-deployer@latest
|
|
33
|
+
direxio-deployer skill install --agent codex --scope project --project .
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
在同一个宿主运行时中更新已安装 skill:
|
|
37
|
+
|
|
38
|
+
```bash
|
|
39
|
+
npm install -g direxio-deployer@latest
|
|
40
|
+
direxio-deployer skill update --agent codex --scope project --project .
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
根据当前运行时替换 agent 名称:`codex`、`claudecode`、`gemini`、`cursor`、`copilot`、`openclaw`、`hermes`、`opencode`、`qoder`、`reasonix`,或使用 `references/agent-targets.md` 中列出的其他目标。只有明确想安装到宿主级目录时才使用 `--scope global`:
|
|
44
|
+
|
|
45
|
+
```bash
|
|
46
|
+
direxio-deployer skill install --agent codex --scope global
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
安装器会在目标目录写入 `.direxio-skill-install.json`,并拒绝覆盖没有该 manifest 的既有目录,除非显式传入 `--force`。如需固定版本,先安装指定 npm 版本:
|
|
50
|
+
|
|
51
|
+
```bash
|
|
52
|
+
npm install -g direxio-deployer@0.1.0
|
|
53
|
+
direxio-deployer skill update --agent codex --scope project --project .
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
这个 CLI 由 Node 实现,并使用当前宿主的原生路径。Windows 下写入 Windows 路径;Linux、macOS、Git Bash 或 WSL 下写入对应运行时能读取的路径。
|
|
57
|
+
|
|
58
|
+
## 最小命令
|
|
59
|
+
|
|
60
|
+
从 AWS CSV 导入并验证一个部署 profile。推荐使用临时 `DirexioDeployer` IAM
|
|
61
|
+
用户;如果操作者明确选择 root access key,也允许继续:
|
|
62
|
+
|
|
63
|
+
```bash
|
|
64
|
+
bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
|
|
65
|
+
export AWS_PROFILE=direxio-deployer
|
|
66
|
+
bash scripts/aws-credentials.sh verify direxio-deployer
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
在仓库根目录运行:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
bash scripts/pricing-estimate.sh \
|
|
73
|
+
--region us-east-1 \
|
|
74
|
+
--instance-type t3.small \
|
|
75
|
+
--disk-gb 8 \
|
|
76
|
+
--domain-mode user
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
```bash
|
|
80
|
+
AWS_DEFAULT_REGION=us-east-1 \
|
|
81
|
+
DOMAIN=__DOMAIN__ \
|
|
82
|
+
DOMAIN_MODE=user \
|
|
83
|
+
CONFIRM_DOMAIN_BINDING=1 \
|
|
84
|
+
INSTANCE_TYPE=t3.small \
|
|
85
|
+
MESSAGE_SERVER_IMAGE=direxio/message-server:latest \
|
|
86
|
+
bash scripts/orchestrate.sh
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
Windows 用户使用 PowerShell 入口。它会选择 Git Bash 执行云端 phase,同时给本地 `direxio-connect` 写入 Windows 可直接使用的路径:
|
|
90
|
+
|
|
91
|
+
```powershell
|
|
92
|
+
$env:AWS_DEFAULT_REGION = "us-east-1"
|
|
93
|
+
$env:DOMAIN = "__DOMAIN__"
|
|
94
|
+
$env:DOMAIN_MODE = "user"
|
|
95
|
+
$env:CONFIRM_DOMAIN_BINDING = "1"
|
|
96
|
+
$env:INSTANCE_TYPE = "t3.small"
|
|
97
|
+
$env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
|
|
98
|
+
.\scripts\orchestrate.ps1
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
仅写入并推荐本地 bridge:
|
|
102
|
+
|
|
103
|
+
```bash
|
|
104
|
+
DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
|
|
105
|
+
```
|
|
106
|
+
|
|
107
|
+
自动安装本地 bridge:
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
DIREXIO_AGENT_INSTALL=auto \
|
|
111
|
+
DIREXIO_AGENT_PLATFORM=auto \
|
|
112
|
+
DIREXIO_CC_CONNECT_AGENT=claudecode \
|
|
113
|
+
DIREXIO_AGENT_INSTALL_MODE=recommended \
|
|
114
|
+
bash scripts/orchestrate.sh
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
可选安装模式:`recommended`、`cc-connect`。
|
|
118
|
+
如果 `DIREXIO_AGENT_PLATFORM=auto` 无法唯一识别当前运行时,显式设置 `DIREXIO_CC_CONNECT_AGENT`。需要触发 OpenClaw 或 Hermes 默认配置时,设置 `DIREXIO_AGENT_PLATFORM=openclaw` 或 `DIREXIO_AGENT_PLATFORM=hermes`;只设置 `DIREXIO_CC_CONNECT_AGENT=acp` 会进入通用 ACP,需要手动提供 options。OpenClaw Gateway ACP 必须在完成 pairing 后,从当前 OpenClaw runtime 填写 `DIREXIO_OPENCLAW_ACP_URL`、`DIREXIO_OPENCLAW_ACP_TOKEN_FILE` 和 `DIREXIO_OPENCLAW_ACP_SESSION`。只有需要完整覆盖 OpenClaw ACP args 数组时才使用 `DIREXIO_OPENCLAW_ACP_ARGS_TOML`;Hermes 自定义参数用 `DIREXIO_HERMES_ACP_ARGS_TOML`,S6 会自动在前面加上 `hermes-acp-adapter -- <hermes-command>`。
|
|
119
|
+
|
|
120
|
+
查看状态:
|
|
121
|
+
|
|
122
|
+
```bash
|
|
123
|
+
bash scripts/orchestrate.sh status
|
|
124
|
+
DOMAIN=<domain> bash scripts/orchestrate.sh status
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
销毁已记录资源:
|
|
128
|
+
|
|
129
|
+
```bash
|
|
130
|
+
DOMAIN=<domain> bash scripts/destroy.sh
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
Windows 用户使用 PowerShell 销毁入口:
|
|
134
|
+
|
|
135
|
+
```powershell
|
|
136
|
+
$env:DOMAIN = "<domain>"
|
|
137
|
+
.\scripts\destroy.ps1
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
销毁时只会在 `direxio-connect daemon status --service-name <service_id>` 返回的 `WorkDir` 等于当前服务的
|
|
141
|
+
`~/.direxio/nodes/<service_id>/cc-connect` 目录时停止并卸载本地 daemon,然后删除该
|
|
142
|
+
service 目录。
|
|
143
|
+
|
|
144
|
+
更新现有节点但不删除数据:
|
|
145
|
+
|
|
146
|
+
```bash
|
|
147
|
+
DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
|
|
148
|
+
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
重置应用数据但保留 EC2、DNS、固定 IP 和 Caddy TLS:
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
|
|
155
|
+
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
## 本地 Bridge
|
|
159
|
+
|
|
160
|
+
S6 会在 `~/.direxio/nodes/<service_id>/` 下写入:
|
|
161
|
+
|
|
162
|
+
```text
|
|
163
|
+
credentials.json
|
|
164
|
+
env
|
|
165
|
+
cc-connect/config.toml
|
|
166
|
+
cc-connect/data/
|
|
167
|
+
cc-connect/matrix-session.json
|
|
168
|
+
mcp/codex.toml
|
|
169
|
+
mcp/openclaw.md
|
|
170
|
+
mcp/openclaw-server.json
|
|
171
|
+
mcp/hermes.mcp.json
|
|
172
|
+
mcp/mcp-servers.json
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
手动安装:
|
|
176
|
+
|
|
177
|
+
```bash
|
|
178
|
+
npm install -g direxio-connent
|
|
179
|
+
direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force
|
|
180
|
+
direxio-connect daemon status --service-name <service_id>
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
MCP 安装和检查:
|
|
184
|
+
|
|
185
|
+
```bash
|
|
186
|
+
npm install -g direxio-mcp
|
|
187
|
+
DIREXIO_CREDENTIALS_FILE=~/.direxio/nodes/<service_id>/credentials.json direxio-mcp doctor --json
|
|
188
|
+
```
|
|
189
|
+
|
|
190
|
+
Codex 使用 `mcp/codex.toml`,Hermes 使用 `mcp/hermes.mcp.json`。OpenClaw 使用 `mcp/openclaw.md` 中生成的 `openclaw mcp set` 命令读取 `mcp/openclaw-server.json`;不要把 MCP JSON 直接粘贴到 `~/.openclaw/openclaw.json`。
|
|
191
|
+
|
|
192
|
+
语音输入在配置 STT provider key 后可用。设置 `DIREXIO_SPEECH_API_KEY` 或 `DIREXIO_SPEECH_QWEN_API_KEY` 等 provider 专用变量后,S6 会在 `cc-connect/config.toml` 写入 `[speech] enabled = true`。
|
|
193
|
+
|
|
194
|
+
Homebrew 文档使用:
|
|
195
|
+
|
|
196
|
+
```bash
|
|
197
|
+
brew install direxio-connect
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
源码构建:
|
|
201
|
+
|
|
202
|
+
```bash
|
|
203
|
+
git clone https://github.com/YingSuiAI/direxio-connect.git
|
|
204
|
+
cd connect
|
|
205
|
+
make build AGENTS=<cc-connect-agent> PLATFORMS_INCLUDE=matrix
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
## 验证
|
|
209
|
+
|
|
210
|
+
```bash
|
|
211
|
+
bash tests/skill_structure_test.sh
|
|
212
|
+
bash tests/default_paths_test.sh
|
|
213
|
+
bash tests/s6_wire_local_test.sh
|
|
214
|
+
bash tests/destroy_local_bridge_test.sh
|
|
215
|
+
bash tests/render_userdata_remote_nodes_test.sh
|
|
216
|
+
find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
|
|
217
|
+
git diff --check
|
|
218
|
+
```
|