direxio-deployer 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -2
- package/README_zh.md +10 -2
- package/SKILL.md +32 -8
- package/bin/direxio-deployer.mjs +1 -2
- package/package.json +2 -3
- package/references/agent-targets.md +7 -1
- package/references/deployment-lessons.md +5 -7
- package/references/deployment-workflow.md +8 -4
- package/references/runtime-wiring.md +5 -5
- package/references/tooling.md +11 -12
- package/references/user-journey.md +2 -2
- package/references/voip-turn-runbook.md +2 -2
- package/references/windows-deployment-notes.md +2 -1
- package/scripts/destroy.sh +24 -43
- package/scripts/json.mjs +841 -0
- package/scripts/lib/aws.sh +5 -1
- package/scripts/lib/json.sh +114 -0
- package/scripts/lib/operation_report.sh +8 -195
- package/scripts/lib/ops.sh +8 -21
- package/scripts/lib/state.sh +18 -44
- package/scripts/mcp-tools-list.mjs +66 -5
- package/scripts/orchestrate.sh +166 -249
- package/scripts/phases/s3_provision.sh +5 -10
- package/scripts/phases/s5_init_tokens.sh +7 -17
- package/scripts/phases/s6_wire_local.sh +22 -42
- package/scripts/phases/s7_verify_e2e.sh +5 -5
- package/scripts/pricing-estimate.sh +36 -80
- package/tests/aws_credentials_test.sh +0 -139
- package/tests/connect_daemon_runtime_check_test.sh +0 -120
- package/tests/default_paths_test.sh +0 -58
- package/tests/destroy_local_bridge_test.sh +0 -154
- package/tests/destroy_root_identity_test.sh +0 -91
- package/tests/destroy_route53_zone_test.sh +0 -80
- package/tests/domain_authoritative_dns_test.sh +0 -49
- package/tests/mcp_doctor_runtime_check_test.sh +0 -86
- package/tests/mcp_smoke_runtime_check_test.sh +0 -121
- package/tests/mcp_tools_runtime_check_test.sh +0 -123
- package/tests/npm_skill_distribution_test.sh +0 -95
- package/tests/operation_report_test.sh +0 -258
- package/tests/orchestrate_status_recovery_test.sh +0 -91
- package/tests/phase_timeout_test.sh +0 -88
- package/tests/pricing_estimate_test.sh +0 -159
- package/tests/render_userdata_remote_nodes_test.sh +0 -40
- package/tests/root_volume_tracking_test.sh +0 -41
- package/tests/route53_overwrite_guard_test.sh +0 -86
- package/tests/route53_zone_auto_create_test.sh +0 -66
- package/tests/runtime_summary_check_test.sh +0 -203
- package/tests/s6_wire_local_test.sh +0 -405
- package/tests/skill_structure_test.sh +0 -298
- package/tests/update_reset_ops_test.sh +0 -230
- package/tests/user_confirmation_gates_test.sh +0 -152
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
export HOME="$tmp/home"
|
|
9
|
-
mkdir -p "$HOME"
|
|
10
|
-
unset P2P_WORKDIR
|
|
11
|
-
unset DIREXIO_WORKDIR
|
|
12
|
-
export DOMAIN="IM.Example.test"
|
|
13
|
-
|
|
14
|
-
# shellcheck disable=SC1090
|
|
15
|
-
source "$ROOT/scripts/lib/state.sh"
|
|
16
|
-
|
|
17
|
-
[ "$P2P_WORKDIR" = "$HOME/.direxio/nodes/im.example.test" ]
|
|
18
|
-
[ "$STATE_JSON" = "$HOME/.direxio/nodes/im.example.test/state.json" ]
|
|
19
|
-
|
|
20
|
-
(
|
|
21
|
-
unset P2P_WORKDIR
|
|
22
|
-
export DIREXIO_WORKDIR="$HOME/.direxio/custom-workdir"
|
|
23
|
-
# shellcheck disable=SC1090
|
|
24
|
-
source "$ROOT/scripts/lib/state.sh"
|
|
25
|
-
[ "$P2P_WORKDIR" = "$HOME/.direxio/custom-workdir" ]
|
|
26
|
-
[ "$STATE_JSON" = "$HOME/.direxio/custom-workdir/state.json" ]
|
|
27
|
-
)
|
|
28
|
-
|
|
29
|
-
rm -rf "$HOME/.direxio"
|
|
30
|
-
(
|
|
31
|
-
unset DOMAIN P2P_WORKDIR DIREXIO_WORKDIR
|
|
32
|
-
HOME="$HOME" bash "$ROOT/scripts/orchestrate.sh" status >/dev/null 2>&1
|
|
33
|
-
)
|
|
34
|
-
[ ! -e "$HOME/.direxio/deploy" ]
|
|
35
|
-
[ ! -e "$HOME/.direxio/nodes/state.json" ]
|
|
36
|
-
|
|
37
|
-
mkdir -p "$HOME/.direxio/nodes/solo.example.test"
|
|
38
|
-
jq -n '{domain:"solo.example.test", phase:"S3_PROVISION", resources:{instance_id:"i-solo"}}' > "$HOME/.direxio/nodes/solo.example.test/state.json"
|
|
39
|
-
(
|
|
40
|
-
unset DOMAIN P2P_WORKDIR DIREXIO_WORKDIR
|
|
41
|
-
# shellcheck disable=SC1090
|
|
42
|
-
source "$ROOT/scripts/lib/state.sh"
|
|
43
|
-
[ "$P2P_WORKDIR" = "$HOME/.direxio/nodes" ]
|
|
44
|
-
[ "$STATE_JSON" = "$HOME/.direxio/nodes/state.json" ]
|
|
45
|
-
)
|
|
46
|
-
|
|
47
|
-
mkdir -p "$HOME/.direxio/nodes/second.example.test"
|
|
48
|
-
jq -n '{domain:"second.example.test", phase:"S6_WIRE_LOCAL", resources:{instance_id:"i-second"}}' > "$HOME/.direxio/nodes/second.example.test/state.json"
|
|
49
|
-
status_output=$(
|
|
50
|
-
unset DOMAIN P2P_WORKDIR DIREXIO_WORKDIR
|
|
51
|
-
HOME="$HOME" bash "$ROOT/scripts/orchestrate.sh" status
|
|
52
|
-
)
|
|
53
|
-
[[ "$status_output" == *"solo.example.test"* ]]
|
|
54
|
-
[[ "$status_output" == *"second.example.test"* ]]
|
|
55
|
-
[[ "$status_output" == *"i-solo"* ]]
|
|
56
|
-
[[ "$status_output" == *"i-second"* ]]
|
|
57
|
-
|
|
58
|
-
echo "default paths ok"
|
|
@@ -1,154 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
export HOME="$tmp/home"
|
|
9
|
-
mkdir -p "$HOME"
|
|
10
|
-
|
|
11
|
-
fakebin="$tmp/bin"
|
|
12
|
-
mkdir -p "$fakebin"
|
|
13
|
-
|
|
14
|
-
cat > "$fakebin/aws" <<'EOF'
|
|
15
|
-
#!/usr/bin/env bash
|
|
16
|
-
set -euo pipefail
|
|
17
|
-
printf 'aws' >> "$CALLS"
|
|
18
|
-
printf ' %q' "$@" >> "$CALLS"
|
|
19
|
-
printf '\n' >> "$CALLS"
|
|
20
|
-
|
|
21
|
-
case "${1:-} ${2:-}" in
|
|
22
|
-
"sts get-caller-identity")
|
|
23
|
-
case "$*" in
|
|
24
|
-
*"--query Arn"*) printf 'arn:aws:iam::123456789012:user/DirexioDeployer-Test\n' ;;
|
|
25
|
-
*"--query Account"*) printf '123456789012\n' ;;
|
|
26
|
-
*) printf '{"Account":"123456789012","Arn":"arn:aws:iam::123456789012:user/DirexioDeployer-Test"}\n' ;;
|
|
27
|
-
esac
|
|
28
|
-
;;
|
|
29
|
-
"ec2 terminate-instances") exit 0 ;;
|
|
30
|
-
"ec2 wait") exit 0 ;;
|
|
31
|
-
"ec2 release-address") exit 0 ;;
|
|
32
|
-
"ec2 delete-security-group") exit 0 ;;
|
|
33
|
-
"ec2 delete-key-pair") exit 0 ;;
|
|
34
|
-
*) exit 0 ;;
|
|
35
|
-
esac
|
|
36
|
-
EOF
|
|
37
|
-
chmod 700 "$fakebin/aws"
|
|
38
|
-
|
|
39
|
-
cat > "$fakebin/direxio-connect" <<'EOF'
|
|
40
|
-
#!/usr/bin/env bash
|
|
41
|
-
set -euo pipefail
|
|
42
|
-
printf 'direxio-connect' >> "$CALLS"
|
|
43
|
-
printf ' %q' "$@" >> "$CALLS"
|
|
44
|
-
printf '\n' >> "$CALLS"
|
|
45
|
-
if [ "${1:-}" = "daemon" ] && [ "${2:-}" = "status" ]; then
|
|
46
|
-
[ "${3:-}" = "--service-name" ]
|
|
47
|
-
[ -n "${4:-}" ]
|
|
48
|
-
cat <<STATUS
|
|
49
|
-
cc-connect daemon status
|
|
50
|
-
|
|
51
|
-
Status: Running
|
|
52
|
-
Platform: test
|
|
53
|
-
WorkDir: ${STATUS_WORK_DIR:-}
|
|
54
|
-
STATUS
|
|
55
|
-
fi
|
|
56
|
-
EOF
|
|
57
|
-
chmod 700 "$fakebin/direxio-connect"
|
|
58
|
-
|
|
59
|
-
write_state() {
|
|
60
|
-
local state=$1 domain=$2 service_dir=$3
|
|
61
|
-
mkdir -p "$(dirname "$state")" "$service_dir/cc-connect"
|
|
62
|
-
: > "$service_dir/cc-connect/config.toml"
|
|
63
|
-
jq -n \
|
|
64
|
-
--arg region "us-east-1" \
|
|
65
|
-
--arg domain "$domain" \
|
|
66
|
-
--arg service_dir "$service_dir" \
|
|
67
|
-
'{
|
|
68
|
-
region: $region,
|
|
69
|
-
domain_mode: "user",
|
|
70
|
-
domain: $domain,
|
|
71
|
-
as_url: ("https://" + $domain),
|
|
72
|
-
agent_service_dir: $service_dir,
|
|
73
|
-
agent_service_id: $domain,
|
|
74
|
-
resources: {
|
|
75
|
-
instance_id: "i-test",
|
|
76
|
-
eip_id: "eipalloc-test",
|
|
77
|
-
sg_id: "sg-test",
|
|
78
|
-
key_name: "direxio-test"
|
|
79
|
-
}
|
|
80
|
-
}' > "$state"
|
|
81
|
-
}
|
|
82
|
-
|
|
83
|
-
run_destroy() {
|
|
84
|
-
local state=$1 calls=$2 status_work_dir=$3
|
|
85
|
-
: > "$calls"
|
|
86
|
-
CALLS="$calls" STATUS_WORK_DIR="$status_work_dir" PATH="$fakebin:$PATH" bash "$ROOT/scripts/destroy.sh" "$state" >/dev/null
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
current_service="$HOME/.direxio/nodes/a5.direxio.ai"
|
|
90
|
-
current_state="$current_service/state.json"
|
|
91
|
-
current_calls="$tmp/current.calls"
|
|
92
|
-
write_state "$current_state" "a5.direxio.ai" "$current_service"
|
|
93
|
-
run_destroy "$current_state" "$current_calls" "$current_service/cc-connect"
|
|
94
|
-
|
|
95
|
-
grep -q '^direxio-connect daemon status --service-name a5.direxio.ai$' "$current_calls" || {
|
|
96
|
-
echo "destroy should query the current named daemon status" >&2
|
|
97
|
-
cat "$current_calls" >&2
|
|
98
|
-
exit 1
|
|
99
|
-
}
|
|
100
|
-
|
|
101
|
-
grep -q '^direxio-connect daemon stop --service-name a5.direxio.ai$' "$current_calls" || {
|
|
102
|
-
echo "destroy should stop the daemon when daemon status WorkDir matches the current service cc-connect dir" >&2
|
|
103
|
-
cat "$current_calls" >&2
|
|
104
|
-
exit 1
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
grep -q '^direxio-connect daemon uninstall --service-name a5.direxio.ai$' "$current_calls" || {
|
|
108
|
-
echo "destroy should uninstall the daemon after stopping the matching current service daemon" >&2
|
|
109
|
-
cat "$current_calls" >&2
|
|
110
|
-
exit 1
|
|
111
|
-
}
|
|
112
|
-
|
|
113
|
-
if [ -d "$current_service" ]; then
|
|
114
|
-
echo "destroy should remove the current service directory after stopping its daemon" >&2
|
|
115
|
-
exit 1
|
|
116
|
-
fi
|
|
117
|
-
|
|
118
|
-
other_service="$HOME/.direxio/nodes/b5.direxio.ai"
|
|
119
|
-
other_state="$other_service/state.json"
|
|
120
|
-
active_other_service="$HOME/.direxio/nodes/active-other"
|
|
121
|
-
other_calls="$tmp/other.calls"
|
|
122
|
-
mkdir -p "$active_other_service/cc-connect"
|
|
123
|
-
write_state "$other_state" "b5.direxio.ai" "$other_service"
|
|
124
|
-
run_destroy "$other_state" "$other_calls" "$active_other_service/cc-connect"
|
|
125
|
-
|
|
126
|
-
grep -q '^direxio-connect daemon status --service-name b5.direxio.ai$' "$other_calls" || {
|
|
127
|
-
echo "destroy should query the named daemon for the service being destroyed" >&2
|
|
128
|
-
cat "$other_calls" >&2
|
|
129
|
-
exit 1
|
|
130
|
-
}
|
|
131
|
-
|
|
132
|
-
if grep -q '^direxio-connect daemon stop' "$other_calls"; then
|
|
133
|
-
echo "destroy must not stop a daemon whose status WorkDir belongs to a different service" >&2
|
|
134
|
-
cat "$other_calls" >&2
|
|
135
|
-
exit 1
|
|
136
|
-
fi
|
|
137
|
-
|
|
138
|
-
if grep -q '^direxio-connect daemon uninstall' "$other_calls"; then
|
|
139
|
-
echo "destroy must not uninstall a daemon whose status WorkDir belongs to a different service" >&2
|
|
140
|
-
cat "$other_calls" >&2
|
|
141
|
-
exit 1
|
|
142
|
-
fi
|
|
143
|
-
|
|
144
|
-
if [ -d "$other_service" ]; then
|
|
145
|
-
echo "destroy should remove the current service directory even when another service daemon is active" >&2
|
|
146
|
-
exit 1
|
|
147
|
-
fi
|
|
148
|
-
|
|
149
|
-
if [ ! -d "$active_other_service" ]; then
|
|
150
|
-
echo "destroy must not remove another service directory" >&2
|
|
151
|
-
exit 1
|
|
152
|
-
fi
|
|
153
|
-
|
|
154
|
-
echo "destroy local bridge ok"
|
|
@@ -1,91 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
export HOME="$tmp/home"
|
|
9
|
-
mkdir -p "$HOME"
|
|
10
|
-
|
|
11
|
-
fakebin="$tmp/bin"
|
|
12
|
-
mkdir -p "$fakebin"
|
|
13
|
-
|
|
14
|
-
cat > "$fakebin/aws" <<'EOF'
|
|
15
|
-
#!/usr/bin/env bash
|
|
16
|
-
set -euo pipefail
|
|
17
|
-
printf 'aws' >> "$CALLS"
|
|
18
|
-
printf ' %q' "$@" >> "$CALLS"
|
|
19
|
-
printf '\n' >> "$CALLS"
|
|
20
|
-
|
|
21
|
-
case "${1:-} ${2:-}" in
|
|
22
|
-
"sts get-caller-identity")
|
|
23
|
-
case "$*" in
|
|
24
|
-
*"--query Arn"*) printf 'arn:aws:iam::123456789012:root\n' ;;
|
|
25
|
-
*"--query Account"*) printf '123456789012\n' ;;
|
|
26
|
-
*) printf '{"Account":"123456789012","Arn":"arn:aws:iam::123456789012:root"}\n' ;;
|
|
27
|
-
esac
|
|
28
|
-
;;
|
|
29
|
-
"ec2 terminate-instances"|"ec2 release-address"|"ec2 delete-security-group"|"ec2 delete-key-pair"|"route53 change-resource-record-sets")
|
|
30
|
-
exit 0
|
|
31
|
-
;;
|
|
32
|
-
*)
|
|
33
|
-
exit 0
|
|
34
|
-
;;
|
|
35
|
-
esac
|
|
36
|
-
EOF
|
|
37
|
-
chmod 700 "$fakebin/aws"
|
|
38
|
-
|
|
39
|
-
service_dir="$HOME/.direxio/nodes/root-destroy.example.test"
|
|
40
|
-
mkdir -p "$service_dir"
|
|
41
|
-
state="$service_dir/state.json"
|
|
42
|
-
jq -n \
|
|
43
|
-
--arg service_dir "$service_dir" \
|
|
44
|
-
'{
|
|
45
|
-
region: "us-east-1",
|
|
46
|
-
domain_mode: "user",
|
|
47
|
-
domain: "root-destroy.example.test",
|
|
48
|
-
agent_service_dir: $service_dir,
|
|
49
|
-
agent_service_id: "root-destroy.example.test",
|
|
50
|
-
resources: {
|
|
51
|
-
instance_id: "i-root-destroy",
|
|
52
|
-
eip_id: "eipalloc-root-destroy",
|
|
53
|
-
sg_id: "sg-root-destroy",
|
|
54
|
-
key_name: "direxio-root-destroy"
|
|
55
|
-
}
|
|
56
|
-
}' > "$state"
|
|
57
|
-
|
|
58
|
-
calls="$tmp/aws.calls"
|
|
59
|
-
: > "$calls"
|
|
60
|
-
set +e
|
|
61
|
-
CALLS="$calls" PATH="$fakebin:$PATH" bash "$ROOT/scripts/destroy.sh" "$state" > "$tmp/destroy.out" 2>&1
|
|
62
|
-
destroy_rc=$?
|
|
63
|
-
set -e
|
|
64
|
-
|
|
65
|
-
[ "$destroy_rc" -eq 0 ] || {
|
|
66
|
-
echo "destroy must allow root identity when the operator chose root credentials" >&2
|
|
67
|
-
cat "$tmp/destroy.out" >&2
|
|
68
|
-
exit 1
|
|
69
|
-
}
|
|
70
|
-
grep -q 'source = ' "$tmp/destroy.out"
|
|
71
|
-
|
|
72
|
-
for expected in 'ec2 terminate-instances' 'ec2 release-address' 'ec2 delete-security-group' 'ec2 delete-key-pair'; do
|
|
73
|
-
if ! grep -F "$expected" "$calls" >/dev/null; then
|
|
74
|
-
echo "destroy should process recorded AWS resource with root identity: $expected" >&2
|
|
75
|
-
cat "$calls" >&2
|
|
76
|
-
exit 1
|
|
77
|
-
fi
|
|
78
|
-
done
|
|
79
|
-
|
|
80
|
-
if grep -F 'route53 change-resource-record-sets' "$calls" >/dev/null; then
|
|
81
|
-
echo "destroy should not touch Route53 for DOMAIN_MODE=user" >&2
|
|
82
|
-
cat "$calls" >&2
|
|
83
|
-
exit 1
|
|
84
|
-
fi
|
|
85
|
-
|
|
86
|
-
if [ -d "$service_dir" ]; then
|
|
87
|
-
echo "destroy should remove local service state after processing resources" >&2
|
|
88
|
-
exit 1
|
|
89
|
-
fi
|
|
90
|
-
|
|
91
|
-
echo "destroy root identity allowed ok"
|
|
@@ -1,80 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
export HOME="$tmp/home"
|
|
9
|
-
mkdir -p "$HOME"
|
|
10
|
-
|
|
11
|
-
fakebin="$tmp/bin"
|
|
12
|
-
mkdir -p "$fakebin"
|
|
13
|
-
cat > "$fakebin/aws" <<'EOF'
|
|
14
|
-
#!/usr/bin/env bash
|
|
15
|
-
set -euo pipefail
|
|
16
|
-
printf 'aws' >> "$CALLS"
|
|
17
|
-
printf ' %q' "$@" >> "$CALLS"
|
|
18
|
-
printf '\n' >> "$CALLS"
|
|
19
|
-
|
|
20
|
-
case "${1:-} ${2:-}" in
|
|
21
|
-
"sts get-caller-identity")
|
|
22
|
-
case "$*" in
|
|
23
|
-
*"--query Arn"*) printf 'arn:aws:iam::123456789012:user/DirexioDeployer-Test\n' ;;
|
|
24
|
-
*"--query Account"*) printf '123456789012\n' ;;
|
|
25
|
-
*) printf '{"Account":"123456789012","Arn":"arn:aws:iam::123456789012:user/DirexioDeployer-Test"}\n' ;;
|
|
26
|
-
esac
|
|
27
|
-
;;
|
|
28
|
-
"route53 list-hosted-zones")
|
|
29
|
-
printf '{"HostedZones":[{"Id":"/hostedzone/ZCREATE","Name":"route53-destroy.example.test."}]}\n'
|
|
30
|
-
;;
|
|
31
|
-
"route53 change-resource-record-sets")
|
|
32
|
-
exit 0
|
|
33
|
-
;;
|
|
34
|
-
"route53 delete-hosted-zone")
|
|
35
|
-
exit 0
|
|
36
|
-
;;
|
|
37
|
-
"ec2 terminate-instances"|"ec2 wait"|"ec2 release-address"|"ec2 delete-security-group"|"ec2 delete-key-pair")
|
|
38
|
-
exit 0
|
|
39
|
-
;;
|
|
40
|
-
*)
|
|
41
|
-
exit 0
|
|
42
|
-
;;
|
|
43
|
-
esac
|
|
44
|
-
EOF
|
|
45
|
-
chmod 700 "$fakebin/aws"
|
|
46
|
-
|
|
47
|
-
service_dir="$HOME/.direxio/nodes/route53-destroy.example.test"
|
|
48
|
-
mkdir -p "$service_dir"
|
|
49
|
-
state="$service_dir/state.json"
|
|
50
|
-
jq -n \
|
|
51
|
-
--arg service_dir "$service_dir" \
|
|
52
|
-
'{
|
|
53
|
-
region: "us-east-1",
|
|
54
|
-
domain_mode: "route53",
|
|
55
|
-
domain: "route53-destroy.example.test",
|
|
56
|
-
agent_service_dir: $service_dir,
|
|
57
|
-
resources: {
|
|
58
|
-
public_ip: "203.0.113.99",
|
|
59
|
-
route53_zone_id: "ZCREATE",
|
|
60
|
-
route53_zone_name: "route53-destroy.example.test",
|
|
61
|
-
route53_zone_created_by_deployer: "true"
|
|
62
|
-
}
|
|
63
|
-
}' > "$state"
|
|
64
|
-
|
|
65
|
-
calls="$tmp/aws.calls"
|
|
66
|
-
CALLS="$calls" PATH="$fakebin:$PATH" bash "$ROOT/scripts/destroy.sh" "$state" >/dev/null
|
|
67
|
-
|
|
68
|
-
grep -q '^aws route53 change-resource-record-sets --hosted-zone-id ZCREATE' "$calls" || {
|
|
69
|
-
echo "destroy should delete the Route53 A record from the recorded zone" >&2
|
|
70
|
-
cat "$calls" >&2
|
|
71
|
-
exit 1
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
grep -q '^aws route53 delete-hosted-zone --id ZCREATE$' "$calls" || {
|
|
75
|
-
echo "destroy should delete a deployer-created hosted zone to stop Route53 hosted-zone billing" >&2
|
|
76
|
-
cat "$calls" >&2
|
|
77
|
-
exit 1
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
echo "destroy route53 zone ok"
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
fakebin="$tmp/bin"
|
|
9
|
-
mkdir -p "$fakebin"
|
|
10
|
-
cat > "$fakebin/dig" <<'EOF'
|
|
11
|
-
#!/usr/bin/env bash
|
|
12
|
-
set -euo pipefail
|
|
13
|
-
|
|
14
|
-
if [ "${1:-}" = "+short" ] && [ "${2:-}" = "A" ] && [ "${3:-}" = "app.example.test" ]; then
|
|
15
|
-
printf '203.0.113.88\n'
|
|
16
|
-
exit 0
|
|
17
|
-
fi
|
|
18
|
-
|
|
19
|
-
if [ "${1:-}" = "+short" ] && [ "${2:-}" = "NS" ] && [ "${3:-}" = "app.example.test" ]; then
|
|
20
|
-
exit 0
|
|
21
|
-
fi
|
|
22
|
-
|
|
23
|
-
if [ "${1:-}" = "+short" ] && [ "${2:-}" = "NS" ] && [ "${3:-}" = "example.test" ]; then
|
|
24
|
-
printf 'ns1.example.test.\n'
|
|
25
|
-
exit 0
|
|
26
|
-
fi
|
|
27
|
-
|
|
28
|
-
if [ "${1:-}" = "+short" ] && [ "${2:-}" = "@ns1.example.test" ] && [ "${3:-}" = "A" ] && [ "${4:-}" = "app.example.test" ]; then
|
|
29
|
-
printf '%s\n' "${AUTHORITATIVE_A:-198.51.100.10}"
|
|
30
|
-
exit 0
|
|
31
|
-
fi
|
|
32
|
-
|
|
33
|
-
echo "unexpected dig call: $*" >&2
|
|
34
|
-
exit 1
|
|
35
|
-
EOF
|
|
36
|
-
chmod 700 "$fakebin/dig"
|
|
37
|
-
|
|
38
|
-
PATH="$fakebin:$PATH"
|
|
39
|
-
# shellcheck disable=SC1091
|
|
40
|
-
source "$ROOT/scripts/lib/domain.sh"
|
|
41
|
-
|
|
42
|
-
if AUTHORITATIVE_A=198.51.100.10 domain_resolves_to_ip app.example.test 203.0.113.88; then
|
|
43
|
-
echo "recursive DNS alone must not pass when authoritative DNS still points at a different IP" >&2
|
|
44
|
-
exit 1
|
|
45
|
-
fi
|
|
46
|
-
|
|
47
|
-
AUTHORITATIVE_A=203.0.113.88 domain_resolves_to_ip app.example.test 203.0.113.88
|
|
48
|
-
|
|
49
|
-
echo "domain authoritative dns ok"
|
|
@@ -1,86 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
export HOME="$tmp/home"
|
|
9
|
-
mkdir -p "$HOME"
|
|
10
|
-
|
|
11
|
-
fakebin="$tmp/bin"
|
|
12
|
-
mkdir -p "$fakebin"
|
|
13
|
-
cat > "$fakebin/direxio-mcp" <<'EOF'
|
|
14
|
-
#!/usr/bin/env bash
|
|
15
|
-
set -euo pipefail
|
|
16
|
-
|
|
17
|
-
[ "${1:-}" = "doctor" ]
|
|
18
|
-
[ "${2:-}" = "--json" ]
|
|
19
|
-
[ "${DIREXIO_CREDENTIALS_FILE:-}" = "${EXPECTED_CREDENTIALS_FILE:-}" ]
|
|
20
|
-
|
|
21
|
-
cat <<JSON
|
|
22
|
-
{
|
|
23
|
-
"ok": true,
|
|
24
|
-
"domain": "mcp-check.example.test",
|
|
25
|
-
"agent_room_id": "!agent:mcp-check.example.test",
|
|
26
|
-
"token": "redacted"
|
|
27
|
-
}
|
|
28
|
-
JSON
|
|
29
|
-
EOF
|
|
30
|
-
chmod 700 "$fakebin/direxio-mcp"
|
|
31
|
-
|
|
32
|
-
service_dir="$HOME/.direxio/nodes/mcp-check.example.test"
|
|
33
|
-
mkdir -p "$service_dir"
|
|
34
|
-
credentials="$service_dir/credentials.json"
|
|
35
|
-
: > "$credentials"
|
|
36
|
-
expected_credentials="$credentials"
|
|
37
|
-
if command -v cygpath >/dev/null 2>&1; then
|
|
38
|
-
expected_credentials=$(cygpath -m "$expected_credentials")
|
|
39
|
-
fi
|
|
40
|
-
state="$service_dir/state.json"
|
|
41
|
-
jq -n \
|
|
42
|
-
--arg service_dir "$service_dir" \
|
|
43
|
-
--arg credentials "$credentials" \
|
|
44
|
-
'{
|
|
45
|
-
run_id: "mcp-doctor-test",
|
|
46
|
-
region: "ap-northeast-1",
|
|
47
|
-
domain_mode: "user",
|
|
48
|
-
domain: "mcp-check.example.test",
|
|
49
|
-
agent_service_id: "mcp-check.example.test",
|
|
50
|
-
agent_service_dir: $service_dir,
|
|
51
|
-
agent_credentials_file: $credentials,
|
|
52
|
-
mcp_credentials_file: $credentials,
|
|
53
|
-
mcp_command: "direxio-mcp",
|
|
54
|
-
phase: "S7_VERIFY_E2E",
|
|
55
|
-
phases: {
|
|
56
|
-
S0_PREREQ_AWS: {status: "done"},
|
|
57
|
-
S1_PREFLIGHT: {status: "done"},
|
|
58
|
-
S2_DOMAIN: {status: "done"},
|
|
59
|
-
S3_PROVISION: {status: "done"},
|
|
60
|
-
S4_BOOTSTRAP_STACK: {status: "done"},
|
|
61
|
-
S5_INIT_TOKENS: {status: "done"},
|
|
62
|
-
S6_WIRE_LOCAL: {status: "done"},
|
|
63
|
-
S7_VERIFY_E2E: {status: "done"}
|
|
64
|
-
},
|
|
65
|
-
resources: {}
|
|
66
|
-
}' > "$state"
|
|
67
|
-
|
|
68
|
-
verify_output=$(P2P_WORKDIR="$service_dir" PATH="$fakebin:$PATH" EXPECTED_CREDENTIALS_FILE="$expected_credentials" bash "$ROOT/scripts/orchestrate.sh" verify mcp_doctor)
|
|
69
|
-
printf '%s\n' "$verify_output" | grep -q 'verified runtime check: mcp_doctor'
|
|
70
|
-
|
|
71
|
-
jq -e '
|
|
72
|
-
.runtime_checks.mcp_doctor.status == "passed"
|
|
73
|
-
and .runtime_checks.mcp_doctor.domain == "mcp-check.example.test"
|
|
74
|
-
and .runtime_checks.mcp_doctor.agent_room_id == "!agent:mcp-check.example.test"
|
|
75
|
-
and .runtime_checks.mcp_doctor.token == "redacted"
|
|
76
|
-
and (.user_confirmations.agent_mcp_runtime | not)
|
|
77
|
-
' "$state" >/dev/null
|
|
78
|
-
|
|
79
|
-
report_output=$(P2P_WORKDIR="$service_dir" bash "$ROOT/scripts/orchestrate.sh" report new_deploy)
|
|
80
|
-
report_path=$(printf '%s\n' "$report_output" | sed -nE 's/^operation report: //p' | tail -n 1)
|
|
81
|
-
jq -e '
|
|
82
|
-
.runtime_checks.mcp_doctor.status == "passed"
|
|
83
|
-
and .gates.user_confirmation.agent_mcp_runtime == "pending_runtime_confirmation"
|
|
84
|
-
' "$report_path" >/dev/null
|
|
85
|
-
|
|
86
|
-
echo "mcp doctor runtime check ok"
|
|
@@ -1,121 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env bash
|
|
2
|
-
set -euo pipefail
|
|
3
|
-
|
|
4
|
-
ROOT=$(cd "$(dirname "$0")/.." && pwd)
|
|
5
|
-
tmp=$(mktemp -d)
|
|
6
|
-
trap 'rm -rf "$tmp"' EXIT
|
|
7
|
-
|
|
8
|
-
export HOME="$tmp/home"
|
|
9
|
-
mkdir -p "$HOME"
|
|
10
|
-
|
|
11
|
-
fakebin="$tmp/bin"
|
|
12
|
-
mkdir -p "$fakebin"
|
|
13
|
-
cat > "$fakebin/curl" <<'EOF'
|
|
14
|
-
#!/usr/bin/env bash
|
|
15
|
-
set -euo pipefail
|
|
16
|
-
|
|
17
|
-
printf '%s\n' "$*" >> "$CURL_CALLS"
|
|
18
|
-
|
|
19
|
-
want_url="https://mcp-smoke.example.test/_p2p/query"
|
|
20
|
-
case " $* " in
|
|
21
|
-
*" $want_url "*|*" $want_url")
|
|
22
|
-
;;
|
|
23
|
-
*)
|
|
24
|
-
echo "unexpected curl URL: $*" >&2
|
|
25
|
-
exit 1
|
|
26
|
-
;;
|
|
27
|
-
esac
|
|
28
|
-
|
|
29
|
-
case " $* " in
|
|
30
|
-
*"Authorization: Bearer AGENT_TOKEN_SMOKE"*) ;;
|
|
31
|
-
*)
|
|
32
|
-
echo "missing or wrong Authorization header: $*" >&2
|
|
33
|
-
exit 1
|
|
34
|
-
;;
|
|
35
|
-
esac
|
|
36
|
-
|
|
37
|
-
case " $* " in
|
|
38
|
-
*'"action":"mcp.messages.list"'*'"room_id":"!agent:mcp-smoke.example.test"'*) ;;
|
|
39
|
-
*)
|
|
40
|
-
echo "wrong smoke request body: $*" >&2
|
|
41
|
-
exit 1
|
|
42
|
-
;;
|
|
43
|
-
esac
|
|
44
|
-
|
|
45
|
-
body_path=""
|
|
46
|
-
write_code=0
|
|
47
|
-
while [ "$#" -gt 0 ]; do
|
|
48
|
-
case "$1" in
|
|
49
|
-
-o)
|
|
50
|
-
body_path=$2
|
|
51
|
-
shift 2
|
|
52
|
-
;;
|
|
53
|
-
-w)
|
|
54
|
-
write_code=1
|
|
55
|
-
shift 2
|
|
56
|
-
;;
|
|
57
|
-
*)
|
|
58
|
-
shift
|
|
59
|
-
;;
|
|
60
|
-
esac
|
|
61
|
-
done
|
|
62
|
-
|
|
63
|
-
payload='{"room_id":"!agent:mcp-smoke.example.test","messages":[]}'
|
|
64
|
-
if [ -n "$body_path" ]; then
|
|
65
|
-
printf '%s\n' "$payload" > "$body_path"
|
|
66
|
-
else
|
|
67
|
-
printf '%s\n' "$payload"
|
|
68
|
-
fi
|
|
69
|
-
[ "$write_code" -eq 1 ] && printf '200'
|
|
70
|
-
EOF
|
|
71
|
-
chmod 700 "$fakebin/curl"
|
|
72
|
-
|
|
73
|
-
service_dir="$HOME/.direxio/nodes/mcp-smoke.example.test"
|
|
74
|
-
mkdir -p "$service_dir"
|
|
75
|
-
state="$service_dir/state.json"
|
|
76
|
-
jq -n \
|
|
77
|
-
--arg service_dir "$service_dir" \
|
|
78
|
-
'{
|
|
79
|
-
run_id: "mcp-smoke-test",
|
|
80
|
-
region: "ap-northeast-1",
|
|
81
|
-
domain_mode: "user",
|
|
82
|
-
domain: "mcp-smoke.example.test",
|
|
83
|
-
as_url: "https://mcp-smoke.example.test",
|
|
84
|
-
agent_service_id: "mcp-smoke.example.test",
|
|
85
|
-
agent_service_dir: $service_dir,
|
|
86
|
-
agent_token: "AGENT_TOKEN_SMOKE",
|
|
87
|
-
agent_room_id: "!agent:mcp-smoke.example.test",
|
|
88
|
-
phase: "S7_VERIFY_E2E",
|
|
89
|
-
phases: {
|
|
90
|
-
S0_PREREQ_AWS: {status: "done"},
|
|
91
|
-
S1_PREFLIGHT: {status: "done"},
|
|
92
|
-
S2_DOMAIN: {status: "done"},
|
|
93
|
-
S3_PROVISION: {status: "done"},
|
|
94
|
-
S4_BOOTSTRAP_STACK: {status: "done"},
|
|
95
|
-
S5_INIT_TOKENS: {status: "done"},
|
|
96
|
-
S6_WIRE_LOCAL: {status: "done"},
|
|
97
|
-
S7_VERIFY_E2E: {status: "done"}
|
|
98
|
-
},
|
|
99
|
-
resources: {}
|
|
100
|
-
}' > "$state"
|
|
101
|
-
|
|
102
|
-
calls="$tmp/curl.calls"
|
|
103
|
-
verify_output=$(P2P_WORKDIR="$service_dir" PATH="$fakebin:$PATH" CURL_CALLS="$calls" bash "$ROOT/scripts/orchestrate.sh" verify mcp_smoke)
|
|
104
|
-
printf '%s\n' "$verify_output" | grep -q 'verified runtime check: mcp_smoke'
|
|
105
|
-
|
|
106
|
-
jq -e '
|
|
107
|
-
.runtime_checks.mcp_smoke.status == "passed"
|
|
108
|
-
and .runtime_checks.mcp_smoke.action == "mcp.messages.list"
|
|
109
|
-
and .runtime_checks.mcp_smoke.room_id == "!agent:mcp-smoke.example.test"
|
|
110
|
-
and .runtime_checks.mcp_smoke.response_messages_type == "array"
|
|
111
|
-
and (.user_confirmations.agent_mcp_runtime | not)
|
|
112
|
-
' "$state" >/dev/null
|
|
113
|
-
|
|
114
|
-
report_output=$(P2P_WORKDIR="$service_dir" bash "$ROOT/scripts/orchestrate.sh" report new_deploy)
|
|
115
|
-
report_path=$(printf '%s\n' "$report_output" | sed -nE 's/^operation report: //p' | tail -n 1)
|
|
116
|
-
jq -e '
|
|
117
|
-
.runtime_checks.mcp_smoke.status == "passed"
|
|
118
|
-
and .gates.user_confirmation.agent_mcp_runtime == "pending_runtime_confirmation"
|
|
119
|
-
' "$report_path" >/dev/null
|
|
120
|
-
|
|
121
|
-
echo "mcp smoke runtime check ok"
|