direxio-deployer 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/README.md +10 -2
  2. package/README_zh.md +10 -2
  3. package/SKILL.md +32 -8
  4. package/bin/direxio-deployer.mjs +1 -2
  5. package/package.json +2 -3
  6. package/references/agent-targets.md +7 -1
  7. package/references/deployment-lessons.md +5 -7
  8. package/references/deployment-workflow.md +8 -4
  9. package/references/runtime-wiring.md +5 -5
  10. package/references/tooling.md +11 -12
  11. package/references/user-journey.md +2 -2
  12. package/references/voip-turn-runbook.md +2 -2
  13. package/references/windows-deployment-notes.md +2 -1
  14. package/scripts/destroy.sh +24 -43
  15. package/scripts/json.mjs +841 -0
  16. package/scripts/lib/aws.sh +5 -1
  17. package/scripts/lib/json.sh +114 -0
  18. package/scripts/lib/operation_report.sh +8 -195
  19. package/scripts/lib/ops.sh +8 -21
  20. package/scripts/lib/state.sh +18 -44
  21. package/scripts/mcp-tools-list.mjs +66 -5
  22. package/scripts/orchestrate.sh +166 -249
  23. package/scripts/phases/s3_provision.sh +5 -10
  24. package/scripts/phases/s5_init_tokens.sh +7 -17
  25. package/scripts/phases/s6_wire_local.sh +22 -42
  26. package/scripts/phases/s7_verify_e2e.sh +5 -5
  27. package/scripts/pricing-estimate.sh +36 -80
  28. package/tests/aws_credentials_test.sh +0 -139
  29. package/tests/connect_daemon_runtime_check_test.sh +0 -120
  30. package/tests/default_paths_test.sh +0 -58
  31. package/tests/destroy_local_bridge_test.sh +0 -154
  32. package/tests/destroy_root_identity_test.sh +0 -91
  33. package/tests/destroy_route53_zone_test.sh +0 -80
  34. package/tests/domain_authoritative_dns_test.sh +0 -49
  35. package/tests/mcp_doctor_runtime_check_test.sh +0 -86
  36. package/tests/mcp_smoke_runtime_check_test.sh +0 -121
  37. package/tests/mcp_tools_runtime_check_test.sh +0 -123
  38. package/tests/npm_skill_distribution_test.sh +0 -95
  39. package/tests/operation_report_test.sh +0 -258
  40. package/tests/orchestrate_status_recovery_test.sh +0 -91
  41. package/tests/phase_timeout_test.sh +0 -88
  42. package/tests/pricing_estimate_test.sh +0 -159
  43. package/tests/render_userdata_remote_nodes_test.sh +0 -40
  44. package/tests/root_volume_tracking_test.sh +0 -41
  45. package/tests/route53_overwrite_guard_test.sh +0 -86
  46. package/tests/route53_zone_auto_create_test.sh +0 -66
  47. package/tests/runtime_summary_check_test.sh +0 -203
  48. package/tests/s6_wire_local_test.sh +0 -405
  49. package/tests/skill_structure_test.sh +0 -298
  50. package/tests/update_reset_ops_test.sh +0 -230
  51. package/tests/user_confirmation_gates_test.sh +0 -152
package/README.md CHANGED
@@ -21,6 +21,14 @@
21
21
 
22
22
  Install the deployer skill from npm, then place it into the current agent runtime's skill directory. Project-local installs are preferred because they keep the deployment skill scoped to the workspace that uses it.
23
23
 
24
+ The GitHub repository keeps tests for maintainers and CI, but the published npm package and installed skill copy exclude `tests/` to keep user installs small.
25
+
26
+ If you want Codex to install and deploy in one instruction, do not say "install skills <GitHub URL>". That triggers GitHub skill installation and can place the skill in the global `~/.codex` directory. Say this instead:
27
+
28
+ ```text
29
+ Install the Direxio deployer skill in the current project via npm: run npm install -g direxio-deployer@latest, then run direxio-deployer skill install --agent codex --scope project --project .; do not install the skill from GitHub and do not install it globally under ~/.codex. After installation, use that skill to deploy Direxio with domain __DOMAIN__.
30
+ ```
31
+
24
32
  POSIX shells:
25
33
 
26
34
  ```bash
@@ -51,7 +59,7 @@ direxio-deployer skill install --agent codex --scope global
51
59
  The installer writes `.direxio-skill-install.json` into the target directory and refuses to overwrite unmanaged existing content unless `--force` is provided. To pin a version, install that package version first:
52
60
 
53
61
  ```bash
54
- npm install -g direxio-deployer@0.1.0
62
+ npm install -g direxio-deployer@0.1.2
55
63
  direxio-deployer skill update --agent codex --scope project --project .
56
64
  ```
57
65
 
@@ -118,7 +126,7 @@ bash scripts/orchestrate.sh
118
126
  ```
119
127
 
120
128
  Supported install modes: `recommended` and `cc-connect`.
121
- If `DIREXIO_AGENT_PLATFORM=auto` cannot identify a single supported runtime, set `DIREXIO_CC_CONNECT_AGENT` explicitly. For OpenClaw or Hermes defaults, force the host runtime with `DIREXIO_AGENT_PLATFORM=openclaw` or `DIREXIO_AGENT_PLATFORM=hermes`; setting only `DIREXIO_CC_CONNECT_AGENT=acp` selects generic ACP and requires manual options. For OpenClaw Gateway ACP, set `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` from the current OpenClaw runtime after pairing. Use `DIREXIO_OPENCLAW_ACP_ARGS_TOML` only when you need to provide the complete OpenClaw ACP args array yourself. Use `DIREXIO_HERMES_ACP_ARGS_TOML` for the child Hermes args; S6 prefixes the `hermes-acp-adapter -- <hermes-command>` wrapper automatically.
129
+ If `DIREXIO_AGENT_PLATFORM=auto` cannot identify a single supported runtime, set `DIREXIO_CC_CONNECT_AGENT` explicitly. For OpenClaw or Hermes defaults, force the host runtime with `DIREXIO_AGENT_PLATFORM=openclaw` or `DIREXIO_AGENT_PLATFORM=hermes`; setting only `DIREXIO_CC_CONNECT_AGENT=acp` selects generic ACP and requires manual options. OpenClaw Gateway ACP defaults to `["acp", "--session", "agent:main:main"]` and lets `openclaw acp` auto-detect the Gateway from `~/.openclaw/openclaw.json`. To force explicit Gateway settings, set all of `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` from the current OpenClaw runtime after pairing. Use `DIREXIO_OPENCLAW_ACP_ARGS_TOML` only when you need to provide the complete OpenClaw ACP args array yourself. Use `DIREXIO_HERMES_ACP_ARGS_TOML` for the child Hermes args; S6 prefixes the `hermes-acp-adapter -- <hermes-command>` wrapper automatically.
122
130
 
123
131
  Check status:
124
132
 
package/README_zh.md CHANGED
@@ -19,6 +19,14 @@
19
19
 
20
20
  通过 npm 安装 deployer skill,再把它写入当前智能体运行时的 skill 目录。默认推荐 project-local 安装,让部署 skill 跟随当前 workspace。
21
21
 
22
+ GitHub 仓库保留测试用于维护和 CI,但发布到 npm 的包以及安装到智能体 skill 目录的副本不包含 `tests/`,以减小用户安装体积。
23
+
24
+ 如果你想让 Codex 一句话安装并开始部署,不要说“安装 skills <GitHub 链接>”。那会触发 GitHub skill 安装器,容易安装到全局 `~/.codex`。推荐这样说:
25
+
26
+ ```text
27
+ 请在当前项目用 npm 安装 Direxio deployer skill:运行 npm install -g direxio-deployer@latest,然后运行 direxio-deployer skill install --agent codex --scope project --project .;不要从 GitHub 安装 skill,不要安装到全局 ~/.codex。安装后使用该 skill 部署 Direxio 服务,域名使用 __DOMAIN__。
28
+ ```
29
+
22
30
  POSIX shell:
23
31
 
24
32
  ```bash
@@ -49,7 +57,7 @@ direxio-deployer skill install --agent codex --scope global
49
57
  安装器会在目标目录写入 `.direxio-skill-install.json`,并拒绝覆盖没有该 manifest 的既有目录,除非显式传入 `--force`。如需固定版本,先安装指定 npm 版本:
50
58
 
51
59
  ```bash
52
- npm install -g direxio-deployer@0.1.0
60
+ npm install -g direxio-deployer@0.1.2
53
61
  direxio-deployer skill update --agent codex --scope project --project .
54
62
  ```
55
63
 
@@ -115,7 +123,7 @@ bash scripts/orchestrate.sh
115
123
  ```
116
124
 
117
125
  可选安装模式:`recommended`、`cc-connect`。
118
- 如果 `DIREXIO_AGENT_PLATFORM=auto` 无法唯一识别当前运行时,显式设置 `DIREXIO_CC_CONNECT_AGENT`。需要触发 OpenClaw 或 Hermes 默认配置时,设置 `DIREXIO_AGENT_PLATFORM=openclaw` 或 `DIREXIO_AGENT_PLATFORM=hermes`;只设置 `DIREXIO_CC_CONNECT_AGENT=acp` 会进入通用 ACP,需要手动提供 options。OpenClaw Gateway ACP 必须在完成 pairing 后,从当前 OpenClaw runtime 填写 `DIREXIO_OPENCLAW_ACP_URL`、`DIREXIO_OPENCLAW_ACP_TOKEN_FILE` 和 `DIREXIO_OPENCLAW_ACP_SESSION`。只有需要完整覆盖 OpenClaw ACP args 数组时才使用 `DIREXIO_OPENCLAW_ACP_ARGS_TOML`;Hermes 自定义参数用 `DIREXIO_HERMES_ACP_ARGS_TOML`,S6 会自动在前面加上 `hermes-acp-adapter -- <hermes-command>`。
126
+ 如果 `DIREXIO_AGENT_PLATFORM=auto` 无法唯一识别当前运行时,显式设置 `DIREXIO_CC_CONNECT_AGENT`。需要触发 OpenClaw 或 Hermes 默认配置时,设置 `DIREXIO_AGENT_PLATFORM=openclaw` 或 `DIREXIO_AGENT_PLATFORM=hermes`;只设置 `DIREXIO_CC_CONNECT_AGENT=acp` 会进入通用 ACP,需要手动提供 options。OpenClaw Gateway ACP 默认写入 `["acp", "--session", "agent:main:main"]`,让 `openclaw acp` 从 `~/.openclaw/openclaw.json` 自动发现 Gateway。需要强制指定 Gateway 时,完成 pairing 后从当前 OpenClaw runtime 同时填写 `DIREXIO_OPENCLAW_ACP_URL`、`DIREXIO_OPENCLAW_ACP_TOKEN_FILE` 和 `DIREXIO_OPENCLAW_ACP_SESSION`。只有需要完整覆盖 OpenClaw ACP args 数组时才使用 `DIREXIO_OPENCLAW_ACP_ARGS_TOML`;Hermes 自定义参数用 `DIREXIO_HERMES_ACP_ARGS_TOML`,S6 会自动在前面加上 `hermes-acp-adapter -- <hermes-command>`。
119
127
 
120
128
  查看状态:
121
129
 
package/SKILL.md CHANGED
@@ -207,6 +207,18 @@ Step-by-step onboarding flow:
207
207
  - Give a short billing warning before the first mutating AWS command:
208
208
  "This will create paid AWS resources for the server. They keep billing
209
209
  until destroyed."
210
+ - When AWS CLI is available after credentials are verified, make a best
211
+ effort Free Tier account-plan check:
212
+ ```bash
213
+ aws freetier get-account-plan-state --output json
214
+ ```
215
+ If it returns `accountPlanRemainingCredits`, mention the remaining credit
216
+ amount and expiration without treating it as a guarantee. If the command
217
+ is unavailable or fails, use the fixed wording: "AWS currently advertises
218
+ 100 USD initial credits for new customer accounts, plus possible
219
+ additional credits after completing Free Tier activities. These credits
220
+ may cover a small trial deployment, but coverage is account-specific and
221
+ must be verified in AWS Billing Console."
210
222
  - **Provide an upfront monthly cost estimate** based on the selected
211
223
  region and instance type, so the user can decide whether to proceed.
212
224
  `scripts/orchestrate.sh` records `cost_estimate` in state before the
@@ -252,10 +264,15 @@ Step-by-step onboarding flow:
252
264
  - If the user asks what is billed, mention EC2/server, fixed public IPv4 or
253
265
  Elastic IP, storage, DNS, network traffic, and call relay traffic.
254
266
 
255
- Required first-time deployment confirmation:
267
+ Required first-time deployment confirmation. Fill in the concrete domain,
268
+ profile, and region, and include the Free Tier sentence immediately before the
269
+ confirmation line:
256
270
 
257
271
  ```text
258
- I confirm that I have an active AWS account, a real long-lived domain, and an AWS access key CSV or AWS profile for this deployment. I understand this can create billable AWS resources and that they keep billing until destroyed.
272
+ Please confirm before I deploy. AWS new customer accounts may have Free Tier credits, currently advertised as 100 USD initial credits plus possible additional credits; these credits may cover a small trial deployment, but actual coverage must be verified in AWS Billing Console.
273
+
274
+ Reply with this exact sentence:
275
+ I confirm that I have an active AWS account, the long-lived domain <domain>, and authorize the current <profile-or-identity> AWS profile in <region> to create the Direxio service. I understand this can create billable AWS resources, credits are not guaranteed to cover all usage, and resources keep billing until destroyed.
259
276
  ```
260
277
 
261
278
  If any prerequisite is missing, stop deployment and guide the user through that
@@ -280,6 +297,13 @@ Lightsail is a future deployment mode, not a current automatic option. Lightsail
280
297
 
281
298
  When the user asks to install or update this skill itself, or asks to wire Direxio into a local agent runtime, read `references/agent-targets.md` first. It is the source of truth for connent/connect agent targets, legacy host-runtime aliases, generic targets, and unknown targets.
282
299
 
300
+ If the user says "install skills" and includes the GitHub repository URL
301
+ `YingSuiAI/direxio-deployer`, do not use a generic GitHub skill installer for
302
+ normal deployment use. First install the npm package and then run
303
+ `direxio-deployer skill install --agent <runtime> --scope project --project
304
+ <project-root>`. Use a Git clone only when the user explicitly asks for
305
+ deployer development or local patching.
306
+
283
307
  For this skill repository itself, first determine whether the current working directory belongs to a project or workspace. Treat an explicit workspace root, project files, or an existing agent-specific directory such as `.codex/`, `.claude/`, `.gemini/`, `.cursor/`, `.github/copilot/`, `.devin/`, `.opencode/`, `.qoder/`, `.pi/`, `.openclaw/`, or `.hermes/` as a project target.
284
308
 
285
309
  If a project target exists, install or update this skill with the versioned npm CLI at the runtime-specific project-local path from `references/agent-targets.md`:
@@ -316,9 +340,9 @@ Post-deploy agent wiring is controlled by:
316
340
  ```bash
317
341
  DIREXIO_AGENT_PLATFORM=auto
318
342
  DIREXIO_CC_CONNECT_AGENT=<optional connect agent>
319
- DIREXIO_OPENCLAW_ACP_URL=<required for OpenClaw gateway URL>
320
- DIREXIO_OPENCLAW_ACP_TOKEN_FILE=<required for OpenClaw gateway token file>
321
- DIREXIO_OPENCLAW_ACP_SESSION=<required for OpenClaw ACP session>
343
+ DIREXIO_OPENCLAW_ACP_URL=<optional explicit OpenClaw gateway URL>
344
+ DIREXIO_OPENCLAW_ACP_TOKEN_FILE=<optional explicit OpenClaw gateway token file>
345
+ DIREXIO_OPENCLAW_ACP_SESSION=<optional OpenClaw ACP session; defaults to agent:main:main>
322
346
  DIREXIO_AGENT_INSTALL=recommend
323
347
  DIREXIO_AGENT_INSTALL_MODE=recommended
324
348
  ```
@@ -327,7 +351,7 @@ The only supported local conversation bridge is `direxio-connect`, installed fro
327
351
 
328
352
  The local MCP tool surface is `direxio-mcp`, installed from `direxio-mcp@latest` by default. S6 writes `mcp/codex.toml`, `mcp/openclaw.md`, `mcp/openclaw-server.json`, `mcp/hermes.mcp.json`, `mcp/mcp-servers.json`, and `mcp/env`; these artifacts point to `credentials.json` by `DIREXIO_CREDENTIALS_FILE`. OpenClaw must be configured through the generated `openclaw mcp set` command in `mcp/openclaw.md`; do not paste MCP JSON into `~/.openclaw/openclaw.json`. Keep this separate from cc-connect: cc-connect must use its direct Matrix config and must not use `DIREXIO_CREDENTIALS_FILE`.
329
353
 
330
- `DIREXIO_CC_CONNECT_AGENT` is the preferred explicit selector. Supported values match connent/connect: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`. Detected OpenClaw and Hermes runtimes map to `cc_connect_agent=acp`; they are not native connect agent types. OpenClaw uses `cmd = "openclaw"` but S6 requires the current agent/operator to supply the real `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION`; do not guess these values or reuse old chat output. Hermes uses `cmd = "direxio-connect"` with `args = ["hermes-acp-adapter", "--", "hermes", "acp"]` so the Direxio compatibility layer can suppress Hermes reasoning text before it reaches the Matrix room. Use `DIREXIO_CC_CONNECT_AGENT_CMD`, `DIREXIO_<AGENT>_COMMAND`, and when needed `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific launch details. OpenClaw and Hermes also accept `DIREXIO_OPENCLAW_COMMAND`, `DIREXIO_HERMES_COMMAND`, `DIREXIO_HERMES_ACP_ADAPTER_COMMAND`, `DIREXIO_OPENCLAW_ACP_ARGS_TOML`, and `DIREXIO_HERMES_ACP_ARGS_TOML`; Hermes custom args are child Hermes args and S6 prefixes the adapter wrapper automatically.
354
+ `DIREXIO_CC_CONNECT_AGENT` is the preferred explicit selector. Supported values match connent/connect: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`. Detected OpenClaw and Hermes runtimes map to `cc_connect_agent=acp`; they are not native connect agent types. OpenClaw uses `cmd = "openclaw"` with args `["acp", "--session", "agent:main:main"]` by default, letting `openclaw acp` auto-discover the Gateway from `~/.openclaw/openclaw.json`. If the operator needs to force explicit Gateway settings, S6 requires all three real values from the current OpenClaw runtime after pairing: `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION`; do not guess these values or reuse old chat output. Hermes uses `cmd = "direxio-connect"` with `args = ["hermes-acp-adapter", "--", "hermes", "acp"]` so the Direxio compatibility layer can suppress Hermes reasoning text before it reaches the Matrix room. Use `DIREXIO_CC_CONNECT_AGENT_CMD`, `DIREXIO_<AGENT>_COMMAND`, and when needed `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific launch details. OpenClaw and Hermes also accept `DIREXIO_OPENCLAW_COMMAND`, `DIREXIO_HERMES_COMMAND`, `DIREXIO_HERMES_ACP_ADAPTER_COMMAND`, `DIREXIO_OPENCLAW_ACP_ARGS_TOML`, and `DIREXIO_HERMES_ACP_ARGS_TOML`; Hermes custom args are child Hermes args and S6 prefixes the adapter wrapper automatically.
331
355
 
332
356
  `DIREXIO_AGENT_PLATFORM` describes the host runtime following the skill, while `DIREXIO_CC_CONNECT_AGENT` describes the local agent backend that `direxio-connect` should launch. Host runtimes such as Hermes or OpenClaw are not native cc-connect backend types; S6 maps them to the generic ACP backend by default and records `cc_connect_agent=acp`. Override `DIREXIO_CC_CONNECT_AGENT` only when the operator intentionally wants a different local backend.
333
357
 
@@ -439,7 +463,7 @@ NS nameservers before authoritative DNS can resolve. Never use temporary
439
463
  ## Deployment Flow
440
464
 
441
465
  1. Complete the Cloud Account And Domain Onboarding gate above for first-time users or whenever AWS credentials, domain ownership, or DNS authority are unclear.
442
- 2. Read `references/tooling.md`; inspect the user OS and install or prepare missing `bash`, `aws`, `jq`, `ssh`, `scp`, `curl`, and DNS lookup capability only after approval.
466
+ 2. Read `references/tooling.md`; inspect the user OS and install or prepare missing `bash`, `node`, `aws`, `ssh`, `scp`, `curl`, and DNS lookup capability only after approval.
443
467
  3. Inspect DNS, AWS credentials, region defaults, local tooling, and existing deployment state before asking the user anything that can be discovered automatically.
444
468
  **DNS tool preflight:** Before any DNS propagation or Route53 delegation
445
469
  check, confirm the environment has at least one working DNS lookup path:
@@ -649,7 +673,7 @@ Ask once, plainly and in the user's language. The confirmation message must summ
649
673
  - AWS credentials source, including whether root access keys are being used.
650
674
  - AWS/domain onboarding status: active AWS account, real long-lived domain, access key CSV or AWS profile, DNS authority, and billing/deletion acknowledgement.
651
675
  - Existing state action: `continue`, `destroy`, or different `DOMAIN`/service directory.
652
- - Network/system installs: package managers, AWS CLI, jq, Git Bash/MSYS2/WSL, Homebrew, apt/dnf/yum/pacman/zypper.
676
+ - Network/system installs: package managers, Node.js, AWS CLI, Git Bash/MSYS2/WSL, Homebrew, apt/dnf/yum/pacman/zypper.
653
677
 
654
678
  After the user confirms the summary, proceed without re-confirming individual fields. Ask again only when the configuration materially changes, an unapproved destructive action becomes necessary, or an external action such as DNS must be completed by the user.
655
679
 
@@ -20,8 +20,7 @@ const skillFiles = [
20
20
  "bin",
21
21
  "package.json",
22
22
  "references",
23
- "scripts",
24
- "tests"
23
+ "scripts"
25
24
  ];
26
25
 
27
26
  const projectTargets = {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "direxio-deployer",
3
- "version": "0.1.0",
3
+ "version": "0.1.2",
4
4
  "description": "Versioned Direxio deployer agent skill and portable deployment orchestration tools.",
5
5
  "type": "module",
6
6
  "bin": {
@@ -15,8 +15,7 @@
15
15
  "agents/",
16
16
  "bin/",
17
17
  "references/",
18
- "scripts/",
19
- "tests/"
18
+ "scripts/"
20
19
  ],
21
20
  "scripts": {
22
21
  "test": "bash tests/npm_skill_distribution_test.sh && bash tests/skill_structure_test.sh && bash tests/s6_wire_local_test.sh && bash tests/render_userdata_remote_nodes_test.sh"
@@ -6,6 +6,12 @@ Use this file when installing or updating this skill and when reviewing S6 local
6
6
 
7
7
  Prefer a project-local npm-managed install when a project or workspace exists. Install the versioned package, then let the CLI copy the skill bundle into the runtime-specific target:
8
8
 
9
+ Do not use a generic "install skills <GitHub URL>" instruction for normal users. That can invoke a host's GitHub skill installer and place this repository under the global runtime directory before the npm-managed installer runs. For Codex, the project-local instruction is:
10
+
11
+ ```text
12
+ Install the Direxio deployer skill in the current project via npm: run npm install -g direxio-deployer@latest, then run direxio-deployer skill install --agent codex --scope project --project .; do not install the skill from GitHub and do not install it globally under ~/.codex.
13
+ ```
14
+
9
15
  POSIX shells:
10
16
 
11
17
  ```bash
@@ -125,4 +131,4 @@ Use `mcp/codex.toml` for Codex and `mcp/hermes.mcp.json` for Hermes. For OpenCla
125
131
 
126
132
  Prefer `DIREXIO_CC_CONNECT_AGENT=<agent>` to choose the local agent that `direxio-connect` should run. Keep `DIREXIO_AGENT_PLATFORM=<runtime>` for auto-detection overrides and legacy host-runtime naming. Use `DIREXIO_AGENT_INSTALL_MODE=cc-connect` only when overriding the default `recommended` mapping explicitly.
127
133
  Use `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific options that cannot be represented by `work_dir` or `cmd`; for example `reasonix` requires `serve_url`, `tmux` requires `session`, and generic `acp` requires a command when `DIREXIO_CC_CONNECT_AGENT_CMD` is not enough.
128
- For OpenClaw Gateway ACP, complete OpenClaw pairing first, then set `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` from the current OpenClaw runtime. S6 writes `["acp", "--url", <url>, "--token-file", <local path>, "--session", <session>]` and converts the token-file with `DIREXIO_LOCAL_PATH_STYLE`. `DIREXIO_OPENCLAW_ACP_ARGS_TOML` replaces the OpenClaw ACP args array only when the runtime needs a fully custom argument list. `DIREXIO_HERMES_ACP_ARGS_TOML` supplies the child Hermes args and keeps the Direxio adapter prefix.
134
+ For OpenClaw Gateway ACP, S6 defaults to `["acp", "--session", "agent:main:main"]` and lets `openclaw acp` auto-discover the Gateway from `~/.openclaw/openclaw.json`. To force an explicit Gateway, complete OpenClaw pairing first, then set all of `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` from the current OpenClaw runtime. S6 writes `["acp", "--url", <url>, "--token-file", <local path>, "--session", <session>]` and converts the token-file with `DIREXIO_LOCAL_PATH_STYLE`. `DIREXIO_OPENCLAW_ACP_ARGS_TOML` replaces the OpenClaw ACP args array only when the runtime needs a fully custom argument list. `DIREXIO_HERMES_ACP_ARGS_TOML` supplies the child Hermes args and keeps the Direxio adapter prefix.
@@ -39,7 +39,7 @@ Use a POSIX shell that actually runs the deployment scripts:
39
39
 
40
40
  ```powershell
41
41
  Get-Command bash.exe -All
42
- bash -lc 'echo ok; command -v aws; command -v jq; command -v ssh; command -v scp; command -v curl'
42
+ bash -lc 'echo ok; command -v node; command -v aws; command -v ssh; command -v scp; command -v curl'
43
43
  ```
44
44
 
45
45
  If `bash` prints the Windows Subsystem for Linux installation prompt or exits
@@ -47,11 +47,9 @@ before running `echo ok`, it is only the Windows WSL launcher and cannot run ops
47
47
  until a WSL distro is installed. Use another POSIX shell such as Git Bash, MSYS2,
48
48
  Cygwin, or a working WSL distro.
49
49
 
50
- The orchestrator now prepends workspace-local `.tools/bin` when present. This
51
- directory is an optional local tool cache that may be downloaded by the operator
52
- or system; it is not assumed to come from the original repo or from the skill.
53
- When `.tools/bin/jq.exe` exists, compatible Windows POSIX shells can discover it
54
- without manual PATH surgery.
50
+ The orchestrator uses the repository's Node.js JSON helper for local JSON
51
+ processing, so the POSIX shell that runs deployment scripts must be able to run
52
+ `node` against the same path style it passes to the scripts.
55
53
 
56
54
  Prefer the `ssh`/`scp` that belongs to the same POSIX environment used for
57
55
  `bash`. Windows OpenSSH can reject EC2 private keys because inherited ACLs make
@@ -132,7 +130,7 @@ Fix procedure:
132
130
 
133
131
  1. Read the created or reused zone details from `state.json`:
134
132
  ```bash
135
- jq '.resources | {route53_zone_id, route53_zone_name, route53_name_servers}' ~/.direxio/nodes/<service_id>/state.json
133
+ node scripts/json.mjs get ~/.direxio/nodes/<service_id>/state.json resources
136
134
  ```
137
135
  2. Delegate those NS servers at the current registrar, or use the provider API
138
136
  if credentials are available.
@@ -55,9 +55,13 @@ bash scripts/pricing-estimate.sh --state ~/.direxio/nodes/<service_id>/state.jso
55
55
  selection and refreshes it in S3 after the final EC2 instance type is known.
56
56
  The estimate includes EC2, gp3 storage, public IPv4, and Route53 hosted-zone
57
57
  cost when applicable. It excludes data transfer, TURN relay traffic, domain
58
- registration, taxes, and AWS credits. Credit coverage is not guaranteed; verify
59
- credits and actual charges in AWS Billing Console, and set an AWS Budget or
60
- billing alert before leaving the node running.
58
+ registration, taxes, and AWS credits. When available, check the Free Tier
59
+ account plan with `aws freetier get-account-plan-state --output json`;
60
+ otherwise tell the user that AWS currently advertises 100 USD initial credits
61
+ for new customer accounts plus possible additional credits after Free Tier
62
+ activities. Credit coverage is not guaranteed; verify credits and actual
63
+ charges in AWS Billing Console, and set an AWS Budget or billing alert before
64
+ leaving the node running.
61
65
 
62
66
  ## Destroy
63
67
 
@@ -282,7 +286,7 @@ If the domain is registered outside Route53, delegate the recorded nameservers
282
286
  at the current registrar or through a provider API:
283
287
 
284
288
  ```bash
285
- jq '.resources | {route53_zone_id, route53_zone_name, route53_name_servers}' ~/.direxio/nodes/<service_id>/state.json
289
+ node scripts/json.mjs get ~/.direxio/nodes/<service_id>/state.json resources
286
290
  ```
287
291
 
288
292
  After authoritative DNS returns the new IP, continue with the same state:
@@ -112,9 +112,9 @@ DIREXIO_<AGENT>_COMMAND=<optional agent-specific executable path>
112
112
  DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML=<optional extra TOML under projects.agent.options>
113
113
  DIREXIO_OPENCLAW_COMMAND=<optional OpenClaw executable path>
114
114
  DIREXIO_HERMES_COMMAND=<optional Hermes executable path>
115
- DIREXIO_OPENCLAW_ACP_URL=<required OpenClaw gateway URL>
116
- DIREXIO_OPENCLAW_ACP_TOKEN_FILE=<required OpenClaw ACP token file>
117
- DIREXIO_OPENCLAW_ACP_SESSION=<required OpenClaw ACP session>
115
+ DIREXIO_OPENCLAW_ACP_URL=<optional explicit OpenClaw gateway URL>
116
+ DIREXIO_OPENCLAW_ACP_TOKEN_FILE=<optional explicit OpenClaw ACP token file>
117
+ DIREXIO_OPENCLAW_ACP_SESSION=<optional OpenClaw ACP session; defaults to agent:main:main>
118
118
  DIREXIO_OPENCLAW_ACP_ARGS_TOML=<optional OpenClaw ACP TOML array>
119
119
  DIREXIO_HERMES_ACP_ARGS_TOML=<optional Hermes ACP TOML array>
120
120
  DIREXIO_CC_CONNECT_NPM_PACKAGE=direxio-connent@latest
@@ -131,11 +131,11 @@ DIREXIO_SPEECH_LANGUAGE=zh
131
131
  Defaults:
132
132
 
133
133
  - `DIREXIO_CC_CONNECT_AGENT` is the preferred explicit selector. It accepts every connent/connect agent: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`.
134
- - `DIREXIO_AGENT_PLATFORM=auto` detects the local agent runtime and maps it to a `direxio-connect` agent type only when it can identify one unambiguously. OpenClaw and Hermes map to the generic `acp` connect agent. OpenClaw requires explicit real ACP Gateway settings from the current runtime; Hermes uses the `direxio-connect hermes-acp-adapter -- hermes acp` compatibility wrapper by default.
134
+ - `DIREXIO_AGENT_PLATFORM=auto` detects the local agent runtime and maps it to a `direxio-connect` agent type only when it can identify one unambiguously. OpenClaw and Hermes map to the generic `acp` connect agent. OpenClaw uses `openclaw acp --session agent:main:main` by default and lets OpenClaw discover its Gateway config; Hermes uses the `direxio-connect hermes-acp-adapter -- hermes acp` compatibility wrapper by default.
135
135
  - `DIREXIO_LOCAL_PATH_STYLE=windows` writes Windows-compatible `data_dir`, `work_dir`, config paths, and install commands. `scripts/orchestrate.ps1` sets this automatically. Linux, macOS, and WSL Bash runs should leave the default `posix` style. Windows Git Bash/MSYS2 users who run `scripts/orchestrate.sh` directly must set `DIREXIO_LOCAL_PATH_STYLE=windows` when the local bridge is a Windows process.
136
136
  - `DIREXIO_CC_CONNECT_AGENT_CMD` writes `cmd = "<path>"` into `[projects.agent.options]`. Agent-specific forms such as `DIREXIO_CODEX_COMMAND`, `DIREXIO_CLAUDE_CODE_COMMAND`, `DIREXIO_GEMINI_COMMAND`, `DIREXIO_OPENCODE_COMMAND`, `DIREXIO_QODERCLI_COMMAND`, and `DIREXIO_OPENCLAW_COMMAND` are also accepted. For Hermes, `DIREXIO_HERMES_COMMAND` selects the child Hermes executable behind the adapter, while `DIREXIO_HERMES_ACP_ADAPTER_COMMAND` overrides the adapter command itself.
137
137
  - `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` appends agent-specific options under `[projects.agent.options]`; use it for agents with required non-command options such as `reasonix` (`serve_url`) or `tmux` (`session`).
138
- - OpenClaw Gateway ACP uses `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` to write `--url`, `--token-file`, and `--session`. Complete OpenClaw pairing first and use the real session that should receive Direxio messages; do not guess a default session or reuse old chat output.
138
+ - OpenClaw Gateway ACP auto-detects the Gateway from `~/.openclaw/openclaw.json` when `DIREXIO_OPENCLAW_ACP_URL` and `DIREXIO_OPENCLAW_ACP_TOKEN_FILE` are unset. It uses `DIREXIO_OPENCLAW_ACP_SESSION` when provided, otherwise `agent:main:main`. To force explicit Gateway settings, complete OpenClaw pairing first and set all three real values: `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION`.
139
139
  - `DIREXIO_OPENCLAW_ACP_ARGS_TOML` replaces the generated OpenClaw ACP args array, for example `["acp", "--url", "wss://gateway.example.test:18789", "--token-file", "$HOME/.openclaw/gateway.token", "--session", "agent:main:main"]`. `DIREXIO_HERMES_ACP_ARGS_TOML` supplies the child Hermes args; S6 prefixes `["hermes-acp-adapter", "--", "<hermes-command>"]` automatically.
140
140
  - `DIREXIO_AGENT_INSTALL=recommend` prints and records the command only.
141
141
  - `DIREXIO_AGENT_INSTALL=auto` runs `npm install -g direxio-connent@latest` and then installs the `direxio-connect` daemon with the generated config and `--service-name <service_id>`. It is recorded as installed only when `direxio-connect daemon status --service-name <service_id>` reports `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise S6 records `agent_install_status=install_failed`.
@@ -1,21 +1,21 @@
1
1
  # Tooling By OS
2
2
 
3
- Prepare `bash`, `aws`, `jq`, `ssh`, `scp`, `curl`, and at least one DNS lookup
3
+ Prepare `bash`, `node`, `aws`, `ssh`, `scp`, `curl`, and at least one DNS lookup
4
4
  tool. Always inspect first, then ask before installing or downloading.
5
5
 
6
6
  ## Detect
7
7
 
8
8
  ```bash
9
- command -v bash aws jq ssh scp curl
9
+ command -v bash node aws ssh scp curl
10
10
  command -v dig nslookup getent
11
+ node --version
11
12
  aws --version
12
- jq --version
13
13
  ```
14
14
 
15
15
  On Windows PowerShell:
16
16
 
17
17
  ```powershell
18
- Get-Command "C:\Program Files\Git\bin\bash.exe","C:\Program Files\Git\usr\bin\bash.exe",aws,jq,ssh,scp,curl,nslookup,Resolve-DnsName -ErrorAction SilentlyContinue
18
+ Get-Command "C:\Program Files\Git\bin\bash.exe","C:\Program Files\Git\usr\bin\bash.exe",node,aws,ssh,scp,curl,nslookup,Resolve-DnsName -ErrorAction SilentlyContinue
19
19
  ```
20
20
 
21
21
  ## Windows
@@ -29,15 +29,14 @@ Common system installs:
29
29
 
30
30
  ```powershell
31
31
  winget install --id Git.Git --exact
32
+ winget install --id OpenJS.NodeJS.LTS --exact
32
33
  winget install --id Amazon.AWSCLI --exact
33
- winget install --id jqlang.jq --exact
34
34
  ```
35
35
 
36
36
  Workspace-local fallback when package managers are unavailable:
37
37
 
38
38
  ```powershell
39
39
  New-Item -ItemType Directory -Force -Path .tools\bin | Out-Null
40
- Invoke-WebRequest -Uri https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-windows-amd64.exe -OutFile .tools\bin\jq.exe
41
40
  python -m venv .tools\awscli-venv
42
41
  .\.tools\awscli-venv\Scripts\python.exe -m pip install --upgrade pip awscli
43
42
  ```
@@ -61,7 +60,7 @@ Run ops from Git Bash:
61
60
  Preferred installs:
62
61
 
63
62
  ```bash
64
- brew install awscli jq
63
+ brew install node awscli
65
64
  ```
66
65
 
67
66
  If Homebrew is unavailable, ask before using the official AWS CLI pkg installer.
@@ -72,11 +71,11 @@ macOS already includes `ssh`, `scp`, `curl`, and `dig`.
72
71
  Choose the detected package manager:
73
72
 
74
73
  ```bash
75
- sudo apt-get update && sudo apt-get install -y awscli jq openssh-client curl dnsutils
76
- sudo dnf install -y awscli jq openssh-clients curl bind-utils
77
- sudo yum install -y awscli jq openssh-clients curl bind-utils
78
- sudo pacman -Sy --needed aws-cli jq openssh curl bind-tools
79
- sudo zypper install -y aws-cli jq openssh-clients curl bind-utils
74
+ sudo apt-get update && sudo apt-get install -y nodejs awscli openssh-client curl dnsutils
75
+ sudo dnf install -y nodejs awscli openssh-clients curl bind-utils
76
+ sudo yum install -y nodejs awscli openssh-clients curl bind-utils
77
+ sudo pacman -Sy --needed nodejs aws-cli openssh curl bind-tools
78
+ sudo zypper install -y nodejs aws-cli openssh-clients curl bind-utils
80
79
  ```
81
80
 
82
81
  If distro packages are too old or missing, ask before using the official AWS CLI zip installer.
@@ -13,7 +13,7 @@ Confirm these items before calling `scripts/orchestrate.sh`:
13
13
  1. The final Matrix domain is selected, for example `__DOMAIN__`.
14
14
  2. The user understands that Matrix `server_name` is bound to that domain.
15
15
  3. The user has confirmed `CONFIRM_DOMAIN_BINDING=1`.
16
- 4. AWS CLI v2, `jq`, `ssh`, `scp`, and `curl` are available.
16
+ 4. Node.js, AWS CLI v2, `ssh`, `scp`, and `curl` are available.
17
17
  5. AWS credentials are configured through `AWS_PROFILE` or environment variables.
18
18
  6. `AWS_DEFAULT_REGION` is explicit.
19
19
  7. `MESSAGE_SERVER_IMAGE` is selected, or the default `direxio/message-server:latest` is accepted.
@@ -23,7 +23,7 @@ On Windows, first verify that `bash` is a usable POSIX shell:
23
23
 
24
24
  ```powershell
25
25
  Get-Command bash.exe -All
26
- bash -lc 'echo ok; command -v aws; command -v jq; command -v ssh; command -v scp; command -v curl'
26
+ bash -lc 'echo ok; command -v node; command -v aws; command -v ssh; command -v scp; command -v curl'
27
27
  ```
28
28
 
29
29
  ## Domain Modes
@@ -118,10 +118,10 @@ TURN 端口直连 coturn,Caddyfile **不加** TURN 反代。仅在文件头注
118
118
  新增一项(用 password/agent_token 换 access_token 后查 turnServer):
119
119
  ```bash
120
120
  # 换统一 access_token
121
- at=$(curl -sk -X POST "https://$domain/_p2p/command" -H 'Content-Type: application/json' -d "{\"action\":\"portal.auth\",\"params\":{\"password\":\"$password\"}}" | jq -r '.access_token')
121
+ at=$(curl -sk -X POST "https://$domain/_p2p/command" -H 'Content-Type: application/json' -d "{\"action\":\"portal.auth\",\"params\":{\"password\":\"$password\"}}" | node scripts/json.mjs stdin-get access_token)
122
122
  # 查 turnServer 必须非空、有 turn: uris、有 username/password、ttl>0
123
123
  turn=$(curl -sk "https://$domain/_matrix/client/v3/voip/turnServer" -H "Authorization: Bearer $at")
124
- echo "$turn" | jq -e '.uris and (.uris|length>0) and (.uris[]|test("^turns?:")) and (.username!="") and (.password!="") and (.ttl>0)' >/dev/null \
124
+ echo "$turn" | node scripts/json.mjs stdin-assert turn-credentials >/dev/null \
125
125
  && ok " ✓ TURN turnServer 非空且有效" || { warn " ✗ TURN turnServer 无效:$turn"; fails=$((fails+1)); }
126
126
  ```
127
127
 
@@ -30,7 +30,8 @@ When running `orchestrate.sh` as a background process, bash may buffer stdout be
30
30
  Poll progress with:
31
31
 
32
32
  ```bash
33
- cat ~/.direxio/nodes/<service_id>/state.json | jq '{phase, phases}'
33
+ node scripts/json.mjs get ~/.direxio/nodes/<service_id>/state.json phase
34
+ node scripts/json.mjs get ~/.direxio/nodes/<service_id>/state.json phases
34
35
  ```
35
36
 
36
37
  For real-time tailing, use `stdbuf` when available:
@@ -27,20 +27,8 @@ destroy_now() {
27
27
  }
28
28
 
29
29
  destroy_evidence_set() {
30
- local key=$1 status=$2 detail=${3:-} tmp
31
- tmp="$SRC.tmp.destroy.$$"
32
- if jq --arg key "$key" \
33
- --arg status "$status" \
34
- --arg detail "$detail" \
35
- --arg checked_at "$(destroy_now)" \
36
- '.destroy_evidence[$key] = {
37
- status: $status,
38
- detail: $detail,
39
- checked_at: $checked_at
40
- }' "$SRC" > "$tmp"; then
41
- mv "$tmp" "$SRC"
42
- else
43
- rm -f "$tmp"
30
+ local key=$1 status=$2 detail=${3:-}
31
+ if ! json_mutate "$SRC" destroy-evidence "$key" "$status" "$detail" "$(destroy_now)"; then
44
32
  log " (failed to record destroy evidence for $key)"
45
33
  fi
46
34
  }
@@ -48,13 +36,7 @@ destroy_evidence_set() {
48
36
  route53_a_record_present() {
49
37
  local zone_id=$1 domain=$2 public_ip=$3 rrsets present
50
38
  rrsets=$(aws route53 list-resource-record-sets --hosted-zone-id "$zone_id" --output json 2>/dev/null) || return 2
51
- present=$(printf '%s\n' "$rrsets" | jq -r --arg name "$domain." --arg ip "$public_ip" '
52
- any(.ResourceRecordSets[]?;
53
- .Name == $name
54
- and .Type == "A"
55
- and any(.ResourceRecords[]?; .Value == $ip)
56
- )
57
- ' 2>/dev/null) || return 2
39
+ present=$(printf '%s\n' "$rrsets" | json_stdin_route53_a_present "$domain." "$public_ip" 2>/dev/null) || return 2
58
40
  [ "$present" = "true" ]
59
41
  }
60
42
 
@@ -187,26 +169,25 @@ fi
187
169
  [ -f "$SRC" ] || { echo "$SRC not found."; exit 1; }
188
170
  P2P_ROOT=$(cd "${DIREXIO_HOME:-$HOME/.direxio}" 2>/dev/null && pwd -P || printf '%s' "${DIREXIO_HOME:-$HOME/.direxio}")
189
171
 
190
- command -v jq >/dev/null 2>&1 || { echo "jq is required to parse state.json."; exit 1; }
191
- REGION=$(jq -r '.region // empty' "$SRC")
192
- INSTANCE_ID=$(jq -r '.resources.instance_id // empty' "$SRC")
193
- ROOT_VOLUME_ID=$(jq -r '.resources.root_volume_id // empty' "$SRC")
194
- EIP_ID=$(jq -r '.resources.eip_id // empty' "$SRC")
195
- SG_ID=$(jq -r '.resources.sg_id // empty' "$SRC")
196
- KEY_NAME=$(jq -r '.resources.key_name // empty' "$SRC")
197
- KEY_FILE=$(jq -r '.resources.key_file // empty' "$SRC")
198
- DOMAIN_MODE=$(jq -r '.domain_mode // empty' "$SRC")
199
- DOMAIN=$(jq -r '.domain // empty' "$SRC")
200
- AS_URL=$(jq -r '.as_url // empty' "$SRC")
201
- PUBLIC_IP=$(jq -r '.resources.public_ip // empty' "$SRC")
202
- ROUTE53_ZONE_ID=$(jq -r '.resources.route53_zone_id // empty' "$SRC")
203
- ROUTE53_ZONE_NAME=$(jq -r '.resources.route53_zone_name // empty' "$SRC")
204
- ROUTE53_ZONE_CREATED_BY_DEPLOYER=$(jq -r '.resources.route53_zone_created_by_deployer // empty' "$SRC")
205
- CC_CONNECT_CONFIG=$(jq -r '.cc_connect_config // empty' "$SRC")
206
- CC_CONNECT_BINARY=$(jq -r '.cc_connect_binary // empty' "$SRC")
207
- CC_CONNECT_RUNTIME_DIR=$(jq -r '.cc_connect_runtime_dir // empty' "$SRC")
208
- AGENT_SERVICE_DIR=$(jq -r '.agent_service_dir // empty' "$SRC")
209
- AGENT_SERVICE_ID=$(jq -r '.agent_service_id // empty' "$SRC")
172
+ REGION=$(json_get "$SRC" region)
173
+ INSTANCE_ID=$(json_get "$SRC" resources.instance_id)
174
+ ROOT_VOLUME_ID=$(json_get "$SRC" resources.root_volume_id)
175
+ EIP_ID=$(json_get "$SRC" resources.eip_id)
176
+ SG_ID=$(json_get "$SRC" resources.sg_id)
177
+ KEY_NAME=$(json_get "$SRC" resources.key_name)
178
+ KEY_FILE=$(json_get "$SRC" resources.key_file)
179
+ DOMAIN_MODE=$(json_get "$SRC" domain_mode)
180
+ DOMAIN=$(json_get "$SRC" domain)
181
+ AS_URL=$(json_get "$SRC" as_url)
182
+ PUBLIC_IP=$(json_get "$SRC" resources.public_ip)
183
+ ROUTE53_ZONE_ID=$(json_get "$SRC" resources.route53_zone_id)
184
+ ROUTE53_ZONE_NAME=$(json_get "$SRC" resources.route53_zone_name)
185
+ ROUTE53_ZONE_CREATED_BY_DEPLOYER=$(json_get "$SRC" resources.route53_zone_created_by_deployer)
186
+ CC_CONNECT_CONFIG=$(json_get "$SRC" cc_connect_config)
187
+ CC_CONNECT_BINARY=$(json_get "$SRC" cc_connect_binary)
188
+ CC_CONNECT_RUNTIME_DIR=$(json_get "$SRC" cc_connect_runtime_dir)
189
+ AGENT_SERVICE_DIR=$(json_get "$SRC" agent_service_dir)
190
+ AGENT_SERVICE_ID=$(json_get "$SRC" agent_service_id)
210
191
 
211
192
  export NO_PROXY="*"; export no_proxy="*"
212
193
  unset HTTP_PROXY HTTPS_PROXY http_proxy https_proxy 2>/dev/null || true
@@ -240,7 +221,7 @@ find_route53_zone() {
240
221
  fi
241
222
  ;;
242
223
  esac
243
- done < <(aws route53 list-hosted-zones --output json 2>/dev/null | jq -r '.HostedZones[] | [.Id, .Name] | @tsv')
224
+ done < <(aws route53 list-hosted-zones --output json 2>/dev/null | json_stdin_tsv HostedZones Id Name)
244
225
  [ -n "$best_id" ] && printf '%s\t%s\n' "$best_id" "$best_name"
245
226
  }
246
227
 
@@ -289,7 +270,7 @@ EOF
289
270
  || log " (Route53 A record may already be absent or changed; check DNS manually)"
290
271
  rm -f "$change_file"
291
272
  if [ -n "${change_json:-}" ]; then
292
- change_id=$(printf '%s\n' "$change_json" | jq -r '.ChangeInfo.Id // empty' 2>/dev/null)
273
+ change_id=$(printf '%s\n' "$change_json" | json_stdin_get ChangeInfo.Id 2>/dev/null)
293
274
  [ -n "$change_id" ] && aws route53 wait resource-record-sets-changed --id "$change_id" 2>/dev/null || true
294
275
  fi
295
276
  verify_route53_a_record_deleted "$zone_id" "$domain" "$public_ip"