direxio-deployer 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/AGENTS.md +92 -0
  2. package/LICENSE +21 -0
  3. package/README.md +221 -0
  4. package/README_zh.md +218 -0
  5. package/SKILL.md +722 -0
  6. package/agents/README.md +25 -0
  7. package/agents/openai.yaml +12 -0
  8. package/bin/direxio-deployer.mjs +375 -0
  9. package/package.json +28 -0
  10. package/references/agent-targets.md +128 -0
  11. package/references/architecture.md +44 -0
  12. package/references/bug-history.md +78 -0
  13. package/references/deployment-lessons.md +218 -0
  14. package/references/deployment-optimization-audit.md +317 -0
  15. package/references/deployment-workflow.md +341 -0
  16. package/references/iam-policy.json +52 -0
  17. package/references/runtime-wiring.md +209 -0
  18. package/references/state-machine.md +46 -0
  19. package/references/token-refresh.md +81 -0
  20. package/references/tooling.md +106 -0
  21. package/references/troubleshooting.md +26 -0
  22. package/references/user-journey.md +75 -0
  23. package/references/verification-recovery.md +84 -0
  24. package/references/voip-turn-runbook.md +154 -0
  25. package/references/windows-deployment-notes.md +119 -0
  26. package/scripts/aws-credentials.sh +195 -0
  27. package/scripts/cloud-init/Caddyfile +48 -0
  28. package/scripts/cloud-init/docker-compose.yml +125 -0
  29. package/scripts/cloud-init/init-tokens.sh +238 -0
  30. package/scripts/cloud-init/user-data.yaml +40 -0
  31. package/scripts/destroy.ps1 +77 -0
  32. package/scripts/destroy.sh +589 -0
  33. package/scripts/lib/aws.sh +73 -0
  34. package/scripts/lib/domain.sh +175 -0
  35. package/scripts/lib/operation_report.sh +240 -0
  36. package/scripts/lib/ops.sh +230 -0
  37. package/scripts/lib/paths.sh +35 -0
  38. package/scripts/lib/state.sh +137 -0
  39. package/scripts/mcp-tools-list.mjs +95 -0
  40. package/scripts/orchestrate.ps1 +112 -0
  41. package/scripts/orchestrate.sh +1126 -0
  42. package/scripts/phases/s0_prereq_aws.sh +39 -0
  43. package/scripts/phases/s1_preflight.sh +72 -0
  44. package/scripts/phases/s2_domain.sh +103 -0
  45. package/scripts/phases/s3_provision.sh +421 -0
  46. package/scripts/phases/s4_bootstrap_stack.sh +38 -0
  47. package/scripts/phases/s5_init_tokens.sh +118 -0
  48. package/scripts/phases/s6_wire_local.sh +1435 -0
  49. package/scripts/phases/s7_verify_e2e.sh +136 -0
  50. package/scripts/pricing-estimate.sh +256 -0
  51. package/scripts/render/render-userdata.sh +86 -0
  52. package/scripts/reset-app-data.sh +40 -0
  53. package/scripts/update.sh +30 -0
  54. package/tests/aws_credentials_test.sh +139 -0
  55. package/tests/connect_daemon_runtime_check_test.sh +120 -0
  56. package/tests/default_paths_test.sh +58 -0
  57. package/tests/destroy_local_bridge_test.sh +154 -0
  58. package/tests/destroy_root_identity_test.sh +91 -0
  59. package/tests/destroy_route53_zone_test.sh +80 -0
  60. package/tests/domain_authoritative_dns_test.sh +49 -0
  61. package/tests/mcp_doctor_runtime_check_test.sh +86 -0
  62. package/tests/mcp_smoke_runtime_check_test.sh +121 -0
  63. package/tests/mcp_tools_runtime_check_test.sh +123 -0
  64. package/tests/npm_skill_distribution_test.sh +95 -0
  65. package/tests/operation_report_test.sh +258 -0
  66. package/tests/orchestrate_status_recovery_test.sh +91 -0
  67. package/tests/phase_timeout_test.sh +88 -0
  68. package/tests/pricing_estimate_test.sh +159 -0
  69. package/tests/render_userdata_remote_nodes_test.sh +40 -0
  70. package/tests/root_volume_tracking_test.sh +41 -0
  71. package/tests/route53_overwrite_guard_test.sh +86 -0
  72. package/tests/route53_zone_auto_create_test.sh +66 -0
  73. package/tests/runtime_summary_check_test.sh +203 -0
  74. package/tests/s6_wire_local_test.sh +405 -0
  75. package/tests/skill_structure_test.sh +298 -0
  76. package/tests/update_reset_ops_test.sh +230 -0
  77. package/tests/user_confirmation_gates_test.sh +152 -0
package/AGENTS.md ADDED
@@ -0,0 +1,92 @@
1
+ # AGENTS.md
2
+
3
+ `direxio-deployer` is a cross-platform deployment product and agent skill, not a Linux-only script collection. Maintain it as a portable orchestration layer that can be driven from Windows PowerShell, Git Bash/MSYS2, Linux, and macOS while deploying a Linux-based Direxio server.
4
+
5
+ ## Product Scope
6
+
7
+ - Deploy, resume, verify, destroy, and locally wire a production Direxio message server.
8
+ - Treat `SKILL.md` as the agent-facing runbook and `scripts/` as implementation details behind stable entrypoints.
9
+ - The supported local conversation bridge is `direxio-connect` from `direxio-connent` or `YingSuiAI/direxio-connect`.
10
+ - Supported local agent targets are the connent/connect agent providers, treated as peers: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`.
11
+ - Do not reintroduce legacy local MCP/plugin/gateway installation flows or third-party chat platform wiring.
12
+ - Do not hard-code one developer's home directory, shell, agent executable path, AWS region, domain, node id, token, or password.
13
+
14
+ ## Platform Law
15
+
16
+ Every deployer change must classify paths and commands by the platform that will consume them:
17
+
18
+ - **Remote server paths** are Linux paths inside EC2/cloud-init/Docker, such as `/opt/p2p` and `/var/direxio-message-server`.
19
+ - **Deployer execution paths** are used by the orchestration engine. Bash phase scripts can use POSIX paths, but PowerShell entrypoints must convert Windows paths before invoking Bash.
20
+ - **Local bridge paths** are consumed by `direxio-connect` and the local agent process. On Windows they must be Windows-compatible paths, not `/mnt/c/...` or Git Bash-only `/c/...` paths.
21
+ - **Documentation paths** must be portable examples using `$HOME`, `%USERPROFILE%`, `$env:USERPROFILE`, `<service_id>`, or `<domain>`, not machine-specific absolute paths.
22
+
23
+ If a change writes a path into `state.json`, `credentials.json`, `env`, `cc-connect/config.toml`, docs, or printed commands, verify which process will read that path and format it for that process.
24
+
25
+ ## Entrypoints
26
+
27
+ - POSIX users run `bash scripts/orchestrate.sh`.
28
+ - Windows users run `.\scripts\orchestrate.ps1` from PowerShell. The wrapper may use Git Bash internally for existing Bash phases, but it must set Windows-local wiring variables such as `DIREXIO_LOCAL_PATH_STYLE=windows`.
29
+ - Do not tell Windows users to run WSL unless the user explicitly chooses WSL as the host runtime. WSL and Windows are different local runtimes with different home directories, PATH lookup, daemon process control, and agent executable paths.
30
+ - Keep `scripts/orchestrate.sh` and `scripts/orchestrate.ps1` behaviorally aligned for status, deploy/resume, and local bridge wiring.
31
+
32
+ ## Script Architecture
33
+
34
+ - Keep the state-machine phases idempotent and resumable. A phase should be safe to rerun after token refresh, DNS wait, or partial local wiring.
35
+ - Shell phase files should expose `run_phase` and use `state_get`, `state_set`, and `phase_set` instead of ad hoc state edits.
36
+ - Prefer small helpers for platform conversion, command discovery, and output formatting. Do not scatter OS-specific path rewrites across phase bodies.
37
+ - Remote server commands may assume Linux because the EC2 host is Linux. Local commands must not assume Linux.
38
+ - Use PowerShell for Windows-native process and path behavior when the consumer is Windows-local, especially `direxio-connect.exe`, local agent executables, Windows user profile paths, or npm global binaries.
39
+ - When adding a new local runtime or agent executable, support explicit override env vars before detection. For connect this includes `DIREXIO_CC_CONNECT_AGENT`, `DIREXIO_CC_CONNECT_AGENT_CMD`, and runtime-specific aliases such as `DIREXIO_CODEX_COMMAND`, `DIREXIO_GEMINI_COMMAND`, or `DIREXIO_CLAUDE_CODE_COMMAND`.
40
+ - Do not make Codex, Claude, Gemini, Cursor, or any other provider the semantic default for an unknown runtime. Unknown or ambiguous detection should require an explicit `DIREXIO_CC_CONNECT_AGENT`.
41
+
42
+ ## Direxio Connect Wiring
43
+
44
+ - S5/S6 must fail closed when `agent_room_id` is missing or uses a legacy pseudo id such as `!agent:<domain>`.
45
+ - S6 must create a Matrix session through `agent.matrix_session.create` and require `@agent:<server>` for the bridge. Returning `@owner:<server>` is a server-side compatibility failure.
46
+ - The generated cc-connect config must contain one Matrix platform and must restrict sync/replies to the real `agent_room_id`.
47
+ - The generated agent config must preserve the selected connect agent type and optional agent-specific TOML. Some providers require more than `cmd`; for example `reasonix` needs `serve_url`, `tmux` needs `session`, and generic `acp` may need command/args.
48
+ - `DIREXIO_AGENT_INSTALL=auto` may install/start `direxio-connect`; `recommend` must only write files and print commands.
49
+ - `direxio-connent` publishing and GitHub release assets are part of the install contract. Do not claim npm install works until the package and matching `direxio-connect` assets exist.
50
+
51
+ ## Secrets And State
52
+
53
+ - Never print, commit, or paste AWS secrets, IM passwords, Matrix access tokens, `agent_token`, private keys, or full credential files.
54
+ - When verifying credentials, print booleans or identities only, such as `has_access_token=true`, `user_id`, `device_id`, and `homeserver`.
55
+ - `credentials.json`, Matrix session files, SSH keys, and generated env files must stay outside the repository and should be written with restrictive permissions when the platform supports it.
56
+ - Do not silently reuse stale `DIREXIO_AGENT_NODE_ID` across domains. Node ids must be scoped to the current deployment unless the operator explicitly forces an override.
57
+
58
+ ## Documentation Rules
59
+
60
+ - Keep `README.md`, `README_zh.md`, `SKILL.md`, and `references/*` synchronized when changing deployment contracts, local bridge behavior, install commands, or platform support.
61
+ - Keep user-facing docs focused on operating the deployer. Put implementation details and edge cases in `references/`.
62
+ - Document Windows and POSIX examples separately when commands differ.
63
+ - Avoid saying "run bash" as the universal answer. Say which host runtime is intended and why.
64
+
65
+ ## Validation
66
+
67
+ Run focused checks after every change:
68
+
69
+ ```bash
70
+ bash tests/skill_structure_test.sh
71
+ bash tests/s6_wire_local_test.sh
72
+ bash tests/render_userdata_remote_nodes_test.sh
73
+ find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
74
+ git diff --check
75
+ ```
76
+
77
+ On Windows-specific changes, also run or inspect:
78
+
79
+ ```powershell
80
+ .\scripts\orchestrate.ps1 status
81
+ powershell -NoProfile -ExecutionPolicy Bypass -File .\scripts\orchestrate.ps1 status
82
+ ```
83
+
84
+ If a validation cannot be run on the current host, record the reason and run the closest targeted static check.
85
+
86
+ ## Change Discipline
87
+
88
+ - Prefer portable helpers over one-off fixes.
89
+ - When fixing a platform bug, search for the same assumption elsewhere before stopping.
90
+ - Keep unrelated deployment behavior untouched unless the same abstraction owns it.
91
+ - Self-review diffs before committing.
92
+ - Commit finished work on the active branch with a focused message. Do not stage generated credentials, local state, binaries, logs, `.codegraph/`, or machine-specific test artifacts.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 P2P-IM
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,221 @@
1
+ # Direxio Deployer
2
+
3
+ [简体中文](README_zh.md)
4
+
5
+ `direxio-deployer` deploys a production Direxio message server and wires the local agent room through Direxio's Matrix bridge. The supported local bridge is `direxio-connect`, installed from the npm package `direxio-connent@latest` by default or built from `YingSuiAI/direxio-connect`. S6 also writes service-scoped MCP snippets for MCP-capable hosts such as Codex, OpenClaw, and Hermes.
6
+
7
+ ## Contents
8
+
9
+ - `SKILL.md`: Agent entrypoint, confirmation rules, deployment/destroy flow, and delivery format.
10
+ - `scripts/`: State machine, AWS/EC2/DNS/cloud-init/verification/destroy scripts.
11
+ - `references/`: Tooling, deployment resume flow, cc-connect wiring, state machine, architecture, troubleshooting, and recovery notes.
12
+ - `agents/`: Runtime metadata and recognition notes for agent hosts.
13
+
14
+ ## Before Deployment
15
+
16
+ - Prepare an AWS account, an AWS access key CSV or profile, and a real long-lived domain or subdomain.
17
+ - AWS resources created by this deployer can bill until they are destroyed.
18
+ - Use `SKILL.md` as the agent-facing runbook. It contains the detailed deployment rules, confirmation gates, runtime wiring behavior, and recovery procedures.
19
+
20
+ ## Skill Installation And Updates
21
+
22
+ Install the deployer skill from npm, then place it into the current agent runtime's skill directory. Project-local installs are preferred because they keep the deployment skill scoped to the workspace that uses it.
23
+
24
+ POSIX shells:
25
+
26
+ ```bash
27
+ npm install -g direxio-deployer@latest
28
+ direxio-deployer skill install --agent codex --scope project --project .
29
+ ```
30
+
31
+ Windows PowerShell:
32
+
33
+ ```powershell
34
+ npm install -g direxio-deployer@latest
35
+ direxio-deployer skill install --agent codex --scope project --project .
36
+ ```
37
+
38
+ Update the installed skill with the same host runtime:
39
+
40
+ ```bash
41
+ npm install -g direxio-deployer@latest
42
+ direxio-deployer skill update --agent codex --scope project --project .
43
+ ```
44
+
45
+ Use the matching agent name for your runtime: `codex`, `claudecode`, `gemini`, `cursor`, `copilot`, `openclaw`, `hermes`, `opencode`, `qoder`, `reasonix`, or another target listed in `references/agent-targets.md`. Use `--scope global` only when you intentionally want a host-level skill install:
46
+
47
+ ```bash
48
+ direxio-deployer skill install --agent codex --scope global
49
+ ```
50
+
51
+ The installer writes `.direxio-skill-install.json` into the target directory and refuses to overwrite unmanaged existing content unless `--force` is provided. To pin a version, install that package version first:
52
+
53
+ ```bash
54
+ npm install -g direxio-deployer@0.1.0
55
+ direxio-deployer skill update --agent codex --scope project --project .
56
+ ```
57
+
58
+ The CLI is implemented in Node and uses native paths for the host it runs on. On Windows it writes Windows-compatible paths; on Linux, macOS, Git Bash, or WSL it writes paths for that runtime.
59
+
60
+ ## Minimal Command
61
+
62
+ Import and verify an AWS deployment profile from an AWS CSV. A temporary
63
+ `DirexioDeployer` IAM user is recommended, but root access keys are allowed
64
+ when the operator explicitly chooses them:
65
+
66
+ ```bash
67
+ bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
68
+ export AWS_PROFILE=direxio-deployer
69
+ bash scripts/aws-credentials.sh verify direxio-deployer
70
+ ```
71
+
72
+ Run from the repository root:
73
+
74
+ ```bash
75
+ bash scripts/pricing-estimate.sh \
76
+ --region us-east-1 \
77
+ --instance-type t3.small \
78
+ --disk-gb 8 \
79
+ --domain-mode user
80
+ ```
81
+
82
+ ```bash
83
+ AWS_DEFAULT_REGION=us-east-1 \
84
+ DOMAIN=__DOMAIN__ \
85
+ DOMAIN_MODE=user \
86
+ CONFIRM_DOMAIN_BINDING=1 \
87
+ INSTANCE_TYPE=t3.small \
88
+ MESSAGE_SERVER_IMAGE=direxio/message-server:latest \
89
+ bash scripts/orchestrate.sh
90
+ ```
91
+
92
+ On Windows, use the PowerShell entrypoint so the deployer selects Git Bash for the cloud phases while writing Windows-compatible local `direxio-connect` paths:
93
+
94
+ ```powershell
95
+ $env:AWS_DEFAULT_REGION = "us-east-1"
96
+ $env:DOMAIN = "__DOMAIN__"
97
+ $env:DOMAIN_MODE = "user"
98
+ $env:CONFIRM_DOMAIN_BINDING = "1"
99
+ $env:INSTANCE_TYPE = "t3.small"
100
+ $env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
101
+ .\scripts\orchestrate.ps1
102
+ ```
103
+
104
+ Recommendation-only local bridge wiring:
105
+
106
+ ```bash
107
+ DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
108
+ ```
109
+
110
+ Automatic local bridge install:
111
+
112
+ ```bash
113
+ DIREXIO_AGENT_INSTALL=auto \
114
+ DIREXIO_AGENT_PLATFORM=auto \
115
+ DIREXIO_CC_CONNECT_AGENT=claudecode \
116
+ DIREXIO_AGENT_INSTALL_MODE=recommended \
117
+ bash scripts/orchestrate.sh
118
+ ```
119
+
120
+ Supported install modes: `recommended` and `cc-connect`.
121
+ If `DIREXIO_AGENT_PLATFORM=auto` cannot identify a single supported runtime, set `DIREXIO_CC_CONNECT_AGENT` explicitly. For OpenClaw or Hermes defaults, force the host runtime with `DIREXIO_AGENT_PLATFORM=openclaw` or `DIREXIO_AGENT_PLATFORM=hermes`; setting only `DIREXIO_CC_CONNECT_AGENT=acp` selects generic ACP and requires manual options. For OpenClaw Gateway ACP, set `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION` from the current OpenClaw runtime after pairing. Use `DIREXIO_OPENCLAW_ACP_ARGS_TOML` only when you need to provide the complete OpenClaw ACP args array yourself. Use `DIREXIO_HERMES_ACP_ARGS_TOML` for the child Hermes args; S6 prefixes the `hermes-acp-adapter -- <hermes-command>` wrapper automatically.
122
+
123
+ Check status:
124
+
125
+ ```bash
126
+ bash scripts/orchestrate.sh status
127
+ DOMAIN=<domain> bash scripts/orchestrate.sh status
128
+ ```
129
+
130
+ Destroy recorded resources:
131
+
132
+ ```bash
133
+ DOMAIN=<domain> bash scripts/destroy.sh
134
+ ```
135
+
136
+ On Windows, use the PowerShell destroy entrypoint:
137
+
138
+ ```powershell
139
+ $env:DOMAIN = "<domain>"
140
+ .\scripts\destroy.ps1
141
+ ```
142
+
143
+ Destroy stops and uninstalls the local `direxio-connect` daemon only when its reported `WorkDir`
144
+ matches the current service's `~/.direxio/nodes/<service_id>/cc-connect`
145
+ directory, then removes that service directory.
146
+
147
+ Update an existing node without deleting data:
148
+
149
+ ```bash
150
+ DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
151
+ P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
152
+ ```
153
+
154
+ Reset application data while preserving EC2, DNS, fixed IP, and Caddy TLS:
155
+
156
+ ```bash
157
+ DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
158
+ P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
159
+ ```
160
+
161
+ ## Local Bridge
162
+
163
+ S6 writes these service-scoped files under `~/.direxio/nodes/<service_id>/`:
164
+
165
+ ```text
166
+ credentials.json
167
+ env
168
+ cc-connect/config.toml
169
+ cc-connect/data/
170
+ cc-connect/matrix-session.json
171
+ mcp/codex.toml
172
+ mcp/openclaw.md
173
+ mcp/openclaw-server.json
174
+ mcp/hermes.mcp.json
175
+ mcp/mcp-servers.json
176
+ ```
177
+
178
+ Manual install:
179
+
180
+ ```bash
181
+ npm install -g direxio-connent@latest
182
+ direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force
183
+ direxio-connect daemon status --service-name <service_id>
184
+ ```
185
+
186
+ MCP install and check:
187
+
188
+ ```bash
189
+ npm install -g direxio-mcp@latest
190
+ DIREXIO_CREDENTIALS_FILE=~/.direxio/nodes/<service_id>/credentials.json direxio-mcp doctor --json
191
+ ```
192
+
193
+ Use `mcp/codex.toml` for Codex and `mcp/hermes.mcp.json` for Hermes. For OpenClaw, read `mcp/openclaw.md` and run the generated `openclaw mcp set` command against `mcp/openclaw-server.json`; do not paste MCP JSON into `~/.openclaw/openclaw.json`.
194
+
195
+ Voice input is supported when an STT provider key is available. Set `DIREXIO_SPEECH_API_KEY` or provider-specific variables such as `DIREXIO_SPEECH_QWEN_API_KEY`; S6 will then write `[speech] enabled = true` into `cc-connect/config.toml`.
196
+
197
+ Homebrew documentation should use:
198
+
199
+ ```bash
200
+ brew install direxio-connect
201
+ ```
202
+
203
+ Source builds use:
204
+
205
+ ```bash
206
+ git clone https://github.com/YingSuiAI/direxio-connect.git
207
+ cd connect
208
+ make build AGENTS=<cc-connect-agent> PLATFORMS_INCLUDE=matrix
209
+ ```
210
+
211
+ ## Validation
212
+
213
+ ```bash
214
+ bash tests/skill_structure_test.sh
215
+ bash tests/default_paths_test.sh
216
+ bash tests/s6_wire_local_test.sh
217
+ bash tests/destroy_local_bridge_test.sh
218
+ bash tests/render_userdata_remote_nodes_test.sh
219
+ find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
220
+ git diff --check
221
+ ```
package/README_zh.md ADDED
@@ -0,0 +1,218 @@
1
+ # Direxio Deployer
2
+
3
+ `direxio-deployer` 是用于部署生产 Direxio message server 的通用 Agent Skill,并通过 Direxio 专用 Matrix 桥接把本地 agent room 接到当前 agent。当前本地桥接只支持 `direxio-connect`,安装包是 `direxio-connent`,源码仓库是 `YingSuiAI/direxio-connect`。S6 也会给 Codex、OpenClaw、Hermes 这类支持 MCP 的宿主写入服务级 MCP 配置片段。
4
+
5
+ ## 内容
6
+
7
+ - `SKILL.md`: 智能体主入口、确认规则、部署/销毁流程和交付格式。
8
+ - `scripts/`: 状态机、AWS/EC2/DNS/cloud-init/验证/销毁脚本。
9
+ - `references/`: 工具准备、部署续跑、cc-connect wiring、状态机、架构、排障和恢复说明。
10
+ - `agents/`: 面向不同智能体运行时的展示元数据和识别说明。
11
+
12
+ ## 部署前准备
13
+
14
+ - 准备 AWS 账号、AWS access key CSV 或 profile,以及真实长期域名或子域名。
15
+ - deployer 创建的 AWS 资源在销毁前可能持续计费。
16
+ - `SKILL.md` 是给智能体看的运行手册,详细部署规则、确认门禁、运行时 wiring 和恢复流程都放在那里。
17
+
18
+ ## Skill 安装和更新
19
+
20
+ 通过 npm 安装 deployer skill,再把它写入当前智能体运行时的 skill 目录。默认推荐 project-local 安装,让部署 skill 跟随当前 workspace。
21
+
22
+ POSIX shell:
23
+
24
+ ```bash
25
+ npm install -g direxio-deployer@latest
26
+ direxio-deployer skill install --agent codex --scope project --project .
27
+ ```
28
+
29
+ Windows PowerShell:
30
+
31
+ ```powershell
32
+ npm install -g direxio-deployer@latest
33
+ direxio-deployer skill install --agent codex --scope project --project .
34
+ ```
35
+
36
+ 在同一个宿主运行时中更新已安装 skill:
37
+
38
+ ```bash
39
+ npm install -g direxio-deployer@latest
40
+ direxio-deployer skill update --agent codex --scope project --project .
41
+ ```
42
+
43
+ 根据当前运行时替换 agent 名称:`codex`、`claudecode`、`gemini`、`cursor`、`copilot`、`openclaw`、`hermes`、`opencode`、`qoder`、`reasonix`,或使用 `references/agent-targets.md` 中列出的其他目标。只有明确想安装到宿主级目录时才使用 `--scope global`:
44
+
45
+ ```bash
46
+ direxio-deployer skill install --agent codex --scope global
47
+ ```
48
+
49
+ 安装器会在目标目录写入 `.direxio-skill-install.json`,并拒绝覆盖没有该 manifest 的既有目录,除非显式传入 `--force`。如需固定版本,先安装指定 npm 版本:
50
+
51
+ ```bash
52
+ npm install -g direxio-deployer@0.1.0
53
+ direxio-deployer skill update --agent codex --scope project --project .
54
+ ```
55
+
56
+ 这个 CLI 由 Node 实现,并使用当前宿主的原生路径。Windows 下写入 Windows 路径;Linux、macOS、Git Bash 或 WSL 下写入对应运行时能读取的路径。
57
+
58
+ ## 最小命令
59
+
60
+ 从 AWS CSV 导入并验证一个部署 profile。推荐使用临时 `DirexioDeployer` IAM
61
+ 用户;如果操作者明确选择 root access key,也允许继续:
62
+
63
+ ```bash
64
+ bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
65
+ export AWS_PROFILE=direxio-deployer
66
+ bash scripts/aws-credentials.sh verify direxio-deployer
67
+ ```
68
+
69
+ 在仓库根目录运行:
70
+
71
+ ```bash
72
+ bash scripts/pricing-estimate.sh \
73
+ --region us-east-1 \
74
+ --instance-type t3.small \
75
+ --disk-gb 8 \
76
+ --domain-mode user
77
+ ```
78
+
79
+ ```bash
80
+ AWS_DEFAULT_REGION=us-east-1 \
81
+ DOMAIN=__DOMAIN__ \
82
+ DOMAIN_MODE=user \
83
+ CONFIRM_DOMAIN_BINDING=1 \
84
+ INSTANCE_TYPE=t3.small \
85
+ MESSAGE_SERVER_IMAGE=direxio/message-server:latest \
86
+ bash scripts/orchestrate.sh
87
+ ```
88
+
89
+ Windows 用户使用 PowerShell 入口。它会选择 Git Bash 执行云端 phase,同时给本地 `direxio-connect` 写入 Windows 可直接使用的路径:
90
+
91
+ ```powershell
92
+ $env:AWS_DEFAULT_REGION = "us-east-1"
93
+ $env:DOMAIN = "__DOMAIN__"
94
+ $env:DOMAIN_MODE = "user"
95
+ $env:CONFIRM_DOMAIN_BINDING = "1"
96
+ $env:INSTANCE_TYPE = "t3.small"
97
+ $env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
98
+ .\scripts\orchestrate.ps1
99
+ ```
100
+
101
+ 仅写入并推荐本地 bridge:
102
+
103
+ ```bash
104
+ DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
105
+ ```
106
+
107
+ 自动安装本地 bridge:
108
+
109
+ ```bash
110
+ DIREXIO_AGENT_INSTALL=auto \
111
+ DIREXIO_AGENT_PLATFORM=auto \
112
+ DIREXIO_CC_CONNECT_AGENT=claudecode \
113
+ DIREXIO_AGENT_INSTALL_MODE=recommended \
114
+ bash scripts/orchestrate.sh
115
+ ```
116
+
117
+ 可选安装模式:`recommended`、`cc-connect`。
118
+ 如果 `DIREXIO_AGENT_PLATFORM=auto` 无法唯一识别当前运行时,显式设置 `DIREXIO_CC_CONNECT_AGENT`。需要触发 OpenClaw 或 Hermes 默认配置时,设置 `DIREXIO_AGENT_PLATFORM=openclaw` 或 `DIREXIO_AGENT_PLATFORM=hermes`;只设置 `DIREXIO_CC_CONNECT_AGENT=acp` 会进入通用 ACP,需要手动提供 options。OpenClaw Gateway ACP 必须在完成 pairing 后,从当前 OpenClaw runtime 填写 `DIREXIO_OPENCLAW_ACP_URL`、`DIREXIO_OPENCLAW_ACP_TOKEN_FILE` 和 `DIREXIO_OPENCLAW_ACP_SESSION`。只有需要完整覆盖 OpenClaw ACP args 数组时才使用 `DIREXIO_OPENCLAW_ACP_ARGS_TOML`;Hermes 自定义参数用 `DIREXIO_HERMES_ACP_ARGS_TOML`,S6 会自动在前面加上 `hermes-acp-adapter -- <hermes-command>`。
119
+
120
+ 查看状态:
121
+
122
+ ```bash
123
+ bash scripts/orchestrate.sh status
124
+ DOMAIN=<domain> bash scripts/orchestrate.sh status
125
+ ```
126
+
127
+ 销毁已记录资源:
128
+
129
+ ```bash
130
+ DOMAIN=<domain> bash scripts/destroy.sh
131
+ ```
132
+
133
+ Windows 用户使用 PowerShell 销毁入口:
134
+
135
+ ```powershell
136
+ $env:DOMAIN = "<domain>"
137
+ .\scripts\destroy.ps1
138
+ ```
139
+
140
+ 销毁时只会在 `direxio-connect daemon status --service-name <service_id>` 返回的 `WorkDir` 等于当前服务的
141
+ `~/.direxio/nodes/<service_id>/cc-connect` 目录时停止并卸载本地 daemon,然后删除该
142
+ service 目录。
143
+
144
+ 更新现有节点但不删除数据:
145
+
146
+ ```bash
147
+ DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
148
+ P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
149
+ ```
150
+
151
+ 重置应用数据但保留 EC2、DNS、固定 IP 和 Caddy TLS:
152
+
153
+ ```bash
154
+ DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
155
+ P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
156
+ ```
157
+
158
+ ## 本地 Bridge
159
+
160
+ S6 会在 `~/.direxio/nodes/<service_id>/` 下写入:
161
+
162
+ ```text
163
+ credentials.json
164
+ env
165
+ cc-connect/config.toml
166
+ cc-connect/data/
167
+ cc-connect/matrix-session.json
168
+ mcp/codex.toml
169
+ mcp/openclaw.md
170
+ mcp/openclaw-server.json
171
+ mcp/hermes.mcp.json
172
+ mcp/mcp-servers.json
173
+ ```
174
+
175
+ 手动安装:
176
+
177
+ ```bash
178
+ npm install -g direxio-connent
179
+ direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force
180
+ direxio-connect daemon status --service-name <service_id>
181
+ ```
182
+
183
+ MCP 安装和检查:
184
+
185
+ ```bash
186
+ npm install -g direxio-mcp
187
+ DIREXIO_CREDENTIALS_FILE=~/.direxio/nodes/<service_id>/credentials.json direxio-mcp doctor --json
188
+ ```
189
+
190
+ Codex 使用 `mcp/codex.toml`,Hermes 使用 `mcp/hermes.mcp.json`。OpenClaw 使用 `mcp/openclaw.md` 中生成的 `openclaw mcp set` 命令读取 `mcp/openclaw-server.json`;不要把 MCP JSON 直接粘贴到 `~/.openclaw/openclaw.json`。
191
+
192
+ 语音输入在配置 STT provider key 后可用。设置 `DIREXIO_SPEECH_API_KEY` 或 `DIREXIO_SPEECH_QWEN_API_KEY` 等 provider 专用变量后,S6 会在 `cc-connect/config.toml` 写入 `[speech] enabled = true`。
193
+
194
+ Homebrew 文档使用:
195
+
196
+ ```bash
197
+ brew install direxio-connect
198
+ ```
199
+
200
+ 源码构建:
201
+
202
+ ```bash
203
+ git clone https://github.com/YingSuiAI/direxio-connect.git
204
+ cd connect
205
+ make build AGENTS=<cc-connect-agent> PLATFORMS_INCLUDE=matrix
206
+ ```
207
+
208
+ ## 验证
209
+
210
+ ```bash
211
+ bash tests/skill_structure_test.sh
212
+ bash tests/default_paths_test.sh
213
+ bash tests/s6_wire_local_test.sh
214
+ bash tests/destroy_local_bridge_test.sh
215
+ bash tests/render_userdata_remote_nodes_test.sh
216
+ find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
217
+ git diff --check
218
+ ```