direxio-deployer 0.1.6 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -10
- package/README_zh.md +16 -10
- package/SKILL.md +67 -23
- package/package.json +1 -1
- package/references/agent-targets.md +1 -1
- package/references/deployment-lessons.md +5 -4
- package/references/deployment-optimization-audit.md +14 -10
- package/references/deployment-workflow.md +17 -10
- package/references/runtime-wiring.md +2 -2
- package/references/token-refresh.md +3 -1
- package/references/tooling.md +4 -1
- package/references/verification-recovery.md +9 -3
- package/scripts/json.mjs +2 -0
- package/scripts/lib/ops.sh +6 -2
- package/scripts/orchestrate.sh +2 -2
- package/scripts/phases/s6_wire_local.sh +23 -1
- package/scripts/update.sh +2 -10
package/README.md
CHANGED
|
@@ -58,10 +58,10 @@ Use the matching agent name for your runtime: `codex`, `claudecode`, `gemini`, `
|
|
|
58
58
|
direxio-deployer skill install --agent codex --scope project --project .
|
|
59
59
|
```
|
|
60
60
|
|
|
61
|
-
The installer writes `.direxio-skill-install.json` into the target directory and refuses to overwrite unmanaged existing content unless `--force` is provided.
|
|
61
|
+
The installer writes `.direxio-skill-install.json` into the target directory and refuses to overwrite unmanaged existing content unless `--force` is provided. Use `@latest` for normal installs and updates:
|
|
62
62
|
|
|
63
63
|
```bash
|
|
64
|
-
npm install -g direxio-deployer@
|
|
64
|
+
npm install -g direxio-deployer@latest
|
|
65
65
|
direxio-deployer skill update --agent codex
|
|
66
66
|
```
|
|
67
67
|
|
|
@@ -69,9 +69,10 @@ The CLI is implemented in Node and uses native paths for the host it runs on. On
|
|
|
69
69
|
|
|
70
70
|
## Minimal Command
|
|
71
71
|
|
|
72
|
-
Import and verify an AWS deployment profile from an AWS CSV.
|
|
73
|
-
|
|
74
|
-
|
|
72
|
+
Import and verify an AWS deployment profile from an AWS CSV. Root access keys
|
|
73
|
+
are the fastest first-deploy path but are highly privileged; save the CSV
|
|
74
|
+
securely and rotate or delete the key after deployment. A temporary
|
|
75
|
+
`DirexioDeployer` IAM user is safer but takes more AWS console steps:
|
|
75
76
|
|
|
76
77
|
```bash
|
|
77
78
|
bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
|
|
@@ -111,16 +112,15 @@ $env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
|
|
|
111
112
|
.\scripts\orchestrate.ps1
|
|
112
113
|
```
|
|
113
114
|
|
|
114
|
-
Recommendation-only local bridge wiring:
|
|
115
|
+
Recommendation-only local bridge and MCP wiring:
|
|
115
116
|
|
|
116
117
|
```bash
|
|
117
118
|
DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
|
|
118
119
|
```
|
|
119
120
|
|
|
120
|
-
Automatic local bridge install:
|
|
121
|
+
Automatic local bridge and MCP install is the default. Set runtime selectors only when auto-detection is ambiguous:
|
|
121
122
|
|
|
122
123
|
```bash
|
|
123
|
-
DIREXIO_AGENT_INSTALL=auto \
|
|
124
124
|
DIREXIO_AGENT_PLATFORM=auto \
|
|
125
125
|
DIREXIO_CC_CONNECT_AGENT=claudecode \
|
|
126
126
|
DIREXIO_AGENT_INSTALL_MODE=recommended \
|
|
@@ -158,9 +158,11 @@ Update an existing node without deleting data:
|
|
|
158
158
|
|
|
159
159
|
```bash
|
|
160
160
|
DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
|
|
161
|
-
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
162
161
|
```
|
|
163
162
|
|
|
163
|
+
Image refresh restarts the remote service only. It leaves local credentials,
|
|
164
|
+
`direxio-connect`, MCP artifacts, user confirmations, and runtime checks intact.
|
|
165
|
+
|
|
164
166
|
Reset application data while preserving EC2, DNS, fixed IP, and Caddy TLS:
|
|
165
167
|
|
|
166
168
|
```bash
|
|
@@ -168,6 +170,11 @@ DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
|
|
|
168
170
|
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
169
171
|
```
|
|
170
172
|
|
|
173
|
+
Application data reset clears server-side app volumes, so the follow-up
|
|
174
|
+
orchestrate run regenerates local credentials/MCP artifacts and automatically
|
|
175
|
+
reinstalls/restarts `direxio-connect` plus `direxio-mcp` unless explicitly
|
|
176
|
+
overridden with `DIREXIO_AGENT_INSTALL=recommend` or `skip`.
|
|
177
|
+
|
|
171
178
|
## Local Bridge
|
|
172
179
|
|
|
173
180
|
S6 writes these service-scoped files under `~/.direxio/nodes/<service_id>/`:
|
|
@@ -193,7 +200,8 @@ direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect
|
|
|
193
200
|
direxio-connect daemon status --service-name <service_id>
|
|
194
201
|
```
|
|
195
202
|
|
|
196
|
-
MCP
|
|
203
|
+
MCP is installed automatically during S6 when `DIREXIO_AGENT_INSTALL=auto`.
|
|
204
|
+
Manual recovery command:
|
|
197
205
|
|
|
198
206
|
```bash
|
|
199
207
|
npm install -g direxio-mcp@latest
|
package/README_zh.md
CHANGED
|
@@ -56,10 +56,10 @@ direxio-deployer skill update --agent codex
|
|
|
56
56
|
direxio-deployer skill install --agent codex --scope project --project .
|
|
57
57
|
```
|
|
58
58
|
|
|
59
|
-
安装器会在目标目录写入 `.direxio-skill-install.json`,并拒绝覆盖没有该 manifest 的既有目录,除非显式传入 `--force
|
|
59
|
+
安装器会在目标目录写入 `.direxio-skill-install.json`,并拒绝覆盖没有该 manifest 的既有目录,除非显式传入 `--force`。普通安装和更新使用 `@latest`:
|
|
60
60
|
|
|
61
61
|
```bash
|
|
62
|
-
npm install -g direxio-deployer@
|
|
62
|
+
npm install -g direxio-deployer@latest
|
|
63
63
|
direxio-deployer skill update --agent codex
|
|
64
64
|
```
|
|
65
65
|
|
|
@@ -67,8 +67,9 @@ direxio-deployer skill update --agent codex
|
|
|
67
67
|
|
|
68
68
|
## 最小命令
|
|
69
69
|
|
|
70
|
-
从 AWS CSV 导入并验证一个部署 profile
|
|
71
|
-
|
|
70
|
+
从 AWS CSV 导入并验证一个部署 profile。root access key 是首次部署最快路径,
|
|
71
|
+
但权限极高;请安全保存 CSV,部署后轮换或删除密钥。临时
|
|
72
|
+
`DirexioDeployer` IAM 用户更安全,但 AWS 控制台步骤更多:
|
|
72
73
|
|
|
73
74
|
```bash
|
|
74
75
|
bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
|
|
@@ -108,16 +109,15 @@ $env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
|
|
|
108
109
|
.\scripts\orchestrate.ps1
|
|
109
110
|
```
|
|
110
111
|
|
|
111
|
-
仅写入并推荐本地 bridge:
|
|
112
|
+
仅写入并推荐本地 bridge 和 MCP:
|
|
112
113
|
|
|
113
114
|
```bash
|
|
114
115
|
DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
|
|
115
116
|
```
|
|
116
117
|
|
|
117
|
-
|
|
118
|
+
默认会自动安装本地 bridge 和 MCP。只有自动检测不明确时才需要显式设置 runtime:
|
|
118
119
|
|
|
119
120
|
```bash
|
|
120
|
-
DIREXIO_AGENT_INSTALL=auto \
|
|
121
121
|
DIREXIO_AGENT_PLATFORM=auto \
|
|
122
122
|
DIREXIO_CC_CONNECT_AGENT=claudecode \
|
|
123
123
|
DIREXIO_AGENT_INSTALL_MODE=recommended \
|
|
@@ -155,9 +155,11 @@ service 目录。
|
|
|
155
155
|
|
|
156
156
|
```bash
|
|
157
157
|
DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
|
|
158
|
-
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
159
158
|
```
|
|
160
159
|
|
|
160
|
+
镜像刷新只重启远端服务,不重置本地 credentials、`direxio-connect`、MCP
|
|
161
|
+
配置、用户确认和 runtime checks。
|
|
162
|
+
|
|
161
163
|
重置应用数据但保留 EC2、DNS、固定 IP 和 Caddy TLS:
|
|
162
164
|
|
|
163
165
|
```bash
|
|
@@ -165,6 +167,10 @@ DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
|
|
|
165
167
|
P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
|
|
166
168
|
```
|
|
167
169
|
|
|
170
|
+
清理应用数据卷后,后续 orchestrate 会重新生成本地 credentials/MCP 配置,
|
|
171
|
+
并默认自动重新安装/重启 `direxio-connect` 和 `direxio-mcp`;如需只写文件,
|
|
172
|
+
显式设置 `DIREXIO_AGENT_INSTALL=recommend` 或 `skip`。
|
|
173
|
+
|
|
168
174
|
## 本地 Bridge
|
|
169
175
|
|
|
170
176
|
S6 会在 `~/.direxio/nodes/<service_id>/` 下写入:
|
|
@@ -190,10 +196,10 @@ direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect
|
|
|
190
196
|
direxio-connect daemon status --service-name <service_id>
|
|
191
197
|
```
|
|
192
198
|
|
|
193
|
-
MCP
|
|
199
|
+
默认 `DIREXIO_AGENT_INSTALL=auto` 时,S6 会自动安装 MCP。手动恢复命令:
|
|
194
200
|
|
|
195
201
|
```bash
|
|
196
|
-
npm install -g direxio-mcp
|
|
202
|
+
npm install -g direxio-mcp@latest
|
|
197
203
|
DIREXIO_CREDENTIALS_FILE=~/.direxio/nodes/<service_id>/credentials.json direxio-mcp doctor --json
|
|
198
204
|
```
|
|
199
205
|
|
package/SKILL.md
CHANGED
|
@@ -100,17 +100,28 @@ Step-by-step onboarding flow:
|
|
|
100
100
|
deployment?"
|
|
101
101
|
- If yes, ask only for the local CSV path or profile name, then verify it
|
|
102
102
|
with `aws sts get-caller-identity`.
|
|
103
|
-
- If no,
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
-
|
|
103
|
+
- If no, offer two credential paths and ask the user to choose:
|
|
104
|
+
1. **Root access key (default fastest path):** simpler to create for a
|
|
105
|
+
first deployment because it uses the account owner identity directly.
|
|
106
|
+
Explain that it is highly privileged, must be saved securely, must
|
|
107
|
+
never be pasted into chat or committed, and should be rotated or
|
|
108
|
+
deleted after deployment.
|
|
109
|
+
2. **Dedicated IAM deployment user:** safer because it avoids root keys,
|
|
110
|
+
but requires more AWS console steps. Explain in one sentence: "This
|
|
111
|
+
temporary user lets the deployment tool create and later destroy this
|
|
112
|
+
Direxio node; delete or disable it after deployment."
|
|
113
|
+
- If the user chooses the root path, guide only one or two clicks at a time:
|
|
114
|
+
1. Sign in to AWS as the root account owner.
|
|
115
|
+
2. Open the root user's **Security credentials** page.
|
|
116
|
+
3. In **Access keys**, choose **Create access key**.
|
|
117
|
+
4. Select **Command Line Interface (CLI)**, acknowledge AWS's root-key
|
|
118
|
+
warning, and create the key.
|
|
119
|
+
5. Download the `.csv` file, store it securely, and provide only the local
|
|
120
|
+
CSV path to the agent.
|
|
121
|
+
6. After deployment, rotate or delete the root access key unless the user
|
|
122
|
+
has a deliberate reason to keep it.
|
|
123
|
+
- If the user chooses the dedicated IAM deployment user path, guide only one
|
|
124
|
+
or two clicks at a time:
|
|
114
125
|
1. Open `https://console.aws.amazon.com/iam/home#/users/create`.
|
|
115
126
|
2. Create a user named `DirexioDeployer-YYYYMMDD` or `DirexioDeployer`.
|
|
116
127
|
3. Attach the AWS managed policy `AdministratorAccess`. State plainly
|
|
@@ -122,6 +133,10 @@ Step-by-step onboarding flow:
|
|
|
122
133
|
continue.
|
|
123
134
|
7. Choose `Create access key`, download the `.csv` file, and provide only
|
|
124
135
|
the local file path.
|
|
136
|
+
- Root access keys are allowed when the operator explicitly chooses them.
|
|
137
|
+
Do not block deployment only because `aws sts get-caller-identity` returns
|
|
138
|
+
an ARN ending in `:root`; report `root=true`, repeat the security warning
|
|
139
|
+
once, and continue if the user accepts that risk.
|
|
125
140
|
- After credentials are configured, run `aws sts get-caller-identity`,
|
|
126
141
|
report only the account, whether the identity is root, and the redacted
|
|
127
142
|
ARN.
|
|
@@ -361,19 +376,19 @@ DIREXIO_CC_CONNECT_AGENT=<optional connect agent>
|
|
|
361
376
|
DIREXIO_OPENCLAW_ACP_URL=<optional explicit OpenClaw gateway URL>
|
|
362
377
|
DIREXIO_OPENCLAW_ACP_TOKEN_FILE=<optional explicit OpenClaw gateway token file>
|
|
363
378
|
DIREXIO_OPENCLAW_ACP_SESSION=<optional OpenClaw ACP session; defaults to agent:main:main>
|
|
364
|
-
DIREXIO_AGENT_INSTALL=
|
|
379
|
+
DIREXIO_AGENT_INSTALL=auto
|
|
365
380
|
DIREXIO_AGENT_INSTALL_MODE=recommended
|
|
366
381
|
```
|
|
367
382
|
|
|
368
383
|
The only supported local conversation bridge is `direxio-connect`, installed from `direxio-connent@latest` by default or built from `https://github.com/YingSuiAI/direxio-connect.git`. S6 creates a Matrix session for `@agent:<server>`, writes `~/.direxio/nodes/<service_id>/cc-connect/config.toml`, and restricts the bridge to the real `agent_room_id`.
|
|
369
384
|
|
|
370
|
-
The local MCP tool surface is `direxio-mcp`, installed from `direxio-mcp@latest` by default
|
|
385
|
+
The local MCP tool surface is `direxio-mcp`, installed from `direxio-mcp@latest` by default when `DIREXIO_AGENT_INSTALL=auto`. S6 writes `mcp/codex.toml`, `mcp/openclaw.md`, `mcp/openclaw-server.json`, `mcp/hermes.mcp.json`, `mcp/mcp-servers.json`, and `mcp/env`; these artifacts point to `credentials.json` by `DIREXIO_CREDENTIALS_FILE`. OpenClaw must be configured through the generated `openclaw mcp set` command in `mcp/openclaw.md`; do not paste MCP JSON into `~/.openclaw/openclaw.json`. Keep this separate from cc-connect: cc-connect must use its direct Matrix config and must not use `DIREXIO_CREDENTIALS_FILE`.
|
|
371
386
|
|
|
372
387
|
`DIREXIO_CC_CONNECT_AGENT` is the preferred explicit selector. Supported values match connent/connect: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`. Detected OpenClaw and Hermes runtimes map to `cc_connect_agent=acp`; they are not native connect agent types. OpenClaw uses `cmd = "openclaw"` with args `["acp", "--session", "agent:main:main"]` by default, letting `openclaw acp` auto-discover the Gateway from `~/.openclaw/openclaw.json`. If the operator needs to force explicit Gateway settings, S6 requires all three real values from the current OpenClaw runtime after pairing: `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION`; do not guess these values or reuse old chat output. Hermes uses `cmd = "direxio-connect"` with `args = ["hermes-acp-adapter", "--", "hermes", "acp"]` so the Direxio compatibility layer can suppress Hermes reasoning text before it reaches the Matrix room. Use `DIREXIO_CC_CONNECT_AGENT_CMD`, `DIREXIO_<AGENT>_COMMAND`, and when needed `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific launch details. OpenClaw and Hermes also accept `DIREXIO_OPENCLAW_COMMAND`, `DIREXIO_HERMES_COMMAND`, `DIREXIO_HERMES_ACP_ADAPTER_COMMAND`, `DIREXIO_OPENCLAW_ACP_ARGS_TOML`, and `DIREXIO_HERMES_ACP_ARGS_TOML`; Hermes custom args are child Hermes args and S6 prefixes the adapter wrapper automatically.
|
|
373
388
|
|
|
374
389
|
`DIREXIO_AGENT_PLATFORM` describes the host runtime following the skill, while `DIREXIO_CC_CONNECT_AGENT` describes the local agent backend that `direxio-connect` should launch. Host runtimes such as Hermes or OpenClaw are not native cc-connect backend types; S6 maps them to the generic ACP backend by default and records `cc_connect_agent=acp`. Override `DIREXIO_CC_CONNECT_AGENT` only when the operator intentionally wants a different local backend.
|
|
375
390
|
|
|
376
|
-
`DIREXIO_AGENT_INSTALL` may be `skip`, `recommend`, or `auto
|
|
391
|
+
`DIREXIO_AGENT_INSTALL` may be `skip`, `recommend`, or `auto`; the default is `auto`. `auto` attempts to run `npm install -g direxio-connent@latest`, `direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force`, and `npm install -g direxio-mcp@latest`. `recommend` records and prints commands without mutating local daemon/package state. A cc-connect automatic install is reported as installed only when `direxio-connect daemon status --service-name <service_id>` returns `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise S6 records `agent_install_status=install_failed`. MCP automatic install records `mcp_install_status=installed` only when npm succeeds. S6 calls `agent.matrix_session.create` with `agent_token` and retries transient HTTP 000/404/408/409/425/429/5xx responses before failing, because the Matrix action can become reachable after `/healthz`; defaults are 12 attempts with exponential backoff capped by `DIREXIO_MATRIX_SESSION_RETRY_MAX_INTERVAL`.
|
|
377
392
|
|
|
378
393
|
Voice input is supported through `direxio-connect` speech-to-text. When `DIREXIO_SPEECH_API_KEY` or a provider-specific key such as `DIREXIO_SPEECH_QWEN_API_KEY`, `OPENAI_API_KEY`, `GROQ_API_KEY`, `DASHSCOPE_API_KEY`, `GEMINI_API_KEY`, or `GOOGLE_API_KEY` is present, S6 writes `[speech] enabled = true` into the generated config. Without an STT key, do not claim voice input is enabled.
|
|
379
394
|
|
|
@@ -574,9 +589,9 @@ for the current service before giving advice. The status output includes a
|
|
|
574
589
|
- Resume safety: whether rerunning the same command is safe, or whether the
|
|
575
590
|
operator must preserve `state.json` and continue with
|
|
576
591
|
`P2P_EXISTING_STATE_ACTION=continue`.
|
|
577
|
-
- Local refresh: if `agent_install_status=refresh_pending`,
|
|
578
|
-
cleared old credentials, user confirmations, runtime checks,
|
|
579
|
-
install proof; the next action is to rerun the deployment workflow to refresh S4-S7, local credentials, MCP snippets, and runtime checks.
|
|
592
|
+
- Local refresh: if `agent_install_status=refresh_pending`, reset/redeploy
|
|
593
|
+
cleared old credentials, user confirmations, runtime checks, bridge install
|
|
594
|
+
proof, and MCP install proof; the next action is to rerun the deployment workflow to refresh S4-S7, local credentials, MCP snippets, automatic installs, and runtime checks.
|
|
580
595
|
- Next action: the concrete diagnostic or user action for the current phase.
|
|
581
596
|
- Stop-loss: whether no cloud destroy is needed yet, or how to ask the agent to
|
|
582
597
|
run destroy / run `scripts/destroy.sh` on POSIX or `.\scripts\destroy.ps1` on
|
|
@@ -623,8 +638,10 @@ reminders, `billing.cost_estimate`, destroy read-back evidence when applicable,
|
|
|
623
638
|
`billing.destroy_cleanup_status`, `billing.possible_remaining_billable_resources`,
|
|
624
639
|
and secret-redaction evidence. It also records local refresh state:
|
|
625
640
|
`credentials.status`, `connect.install_status`, and `mcp.status` must show
|
|
626
|
-
`refresh_pending` after
|
|
627
|
-
write fresh evidence.
|
|
641
|
+
`refresh_pending` after reset/redeploy until S5/S6/S7 and runtime verification
|
|
642
|
+
write fresh evidence. Image-only update keeps existing local refresh state and
|
|
643
|
+
does not clear credentials, confirmations, runtime checks, or local install
|
|
644
|
+
evidence. User confirmation evidence is redacted before it is
|
|
628
645
|
written to the operation report, so initialization codes and tokens are not
|
|
629
646
|
copied into handoff artifacts.
|
|
630
647
|
If a destroy report lists possible remaining billable resources, tell the user
|
|
@@ -637,6 +654,33 @@ do next.
|
|
|
637
654
|
|
|
638
655
|
Use `scripts/destroy.sh` for teardown on POSIX shells and `.\scripts\destroy.ps1` from PowerShell on Windows. The Windows wrapper selects Git for Windows Bash for the Bash state machine, sets Windows-compatible local path mode, and converts explicit Windows state paths before invoking `scripts/destroy.sh`. Destroy first checks `direxio-connect daemon status --service-name <service_id>` and stops plus uninstalls only that named daemon when the reported `WorkDir` matches the current service directory, `~/.direxio/nodes/<service_id>/cc-connect`. After AWS resources are terminated and released, destroy reads AWS back and records `destroy.evidence` before removing the corresponding local service directory under `~/.direxio/nodes/<service_id>`. This prevents stale state, credentials, bridge files, and stale local service registrations from blocking or misleading the next deployment while still preserving a reportable AWS cleanup audit trail. It leaves unrelated node credential directories intact.
|
|
639
656
|
|
|
657
|
+
Before running destroy, warn the user that this is not merely "turning off the
|
|
658
|
+
server." Destroy removes the recorded cloud node and its application data. The
|
|
659
|
+
current app account, friends, channels, messages, Agent room/session, and login
|
|
660
|
+
state will no longer be usable. If the user later deploys again, even with the
|
|
661
|
+
same domain, treat it as a new Direxio node that needs a fresh app
|
|
662
|
+
initialization code, new account setup, new friends, and new channels.
|
|
663
|
+
|
|
664
|
+
For ordinary users, distinguish the available destructive levels before asking
|
|
665
|
+
for confirmation:
|
|
666
|
+
|
|
667
|
+
- Update deployment: keep accounts, friends, channels, messages, DNS, TLS, and
|
|
668
|
+
cloud resources; only refresh the service image and local credentials.
|
|
669
|
+
- Reset app data: keep EC2, public IP, DNS, and TLS storage, but delete app
|
|
670
|
+
accounts, friends, channels, messages, and Agent room state.
|
|
671
|
+
- Destroy resources: delete the recorded EC2/EBS/EIP/security group/key pair,
|
|
672
|
+
remove the deployer-managed DNS A record, stop the local bridge, and make the
|
|
673
|
+
current app data unavailable.
|
|
674
|
+
|
|
675
|
+
Require an explicit destructive confirmation before destroy when the user has
|
|
676
|
+
not already clearly confirmed this data loss. A suitable confirmation is:
|
|
677
|
+
|
|
678
|
+
```text
|
|
679
|
+
I confirm destroying this Direxio node and understand the current account,
|
|
680
|
+
friends, channels, messages, and Agent conversation will be lost; redeploying
|
|
681
|
+
later will create a new node/account.
|
|
682
|
+
```
|
|
683
|
+
|
|
640
684
|
Destroy uses the same AWS identity boundary as deployment: root AWS access-key
|
|
641
685
|
identity is allowed when the operator explicitly chose root credentials. Prefer
|
|
642
686
|
using the same temporary `DirexioDeployer` IAM user/profile for teardown when
|
|
@@ -657,15 +701,15 @@ When the user asks for a complete fresh start — "destroy everything", "start o
|
|
|
657
701
|
|
|
658
702
|
## Image Refresh And Data Reset
|
|
659
703
|
|
|
660
|
-
When the user only asks to pull a newer image on an existing EC2 instance, do not destroy cloud resources and do not delete application or TLS storage. Run `scripts/update.sh` against the current state. It SSHes to the existing node, optionally updates `MESSAGE_SERVER_IMAGE`, runs Docker Compose pull/up, reruns `/opt/p2p/init-tokens.sh
|
|
704
|
+
When the user only asks to pull a newer image on an existing EC2 instance, do not destroy cloud resources and do not delete application or TLS storage. Run `scripts/update.sh` against the current state. It SSHes to the existing node, optionally updates `MESSAGE_SERVER_IMAGE`, runs Docker Compose pull/up, reruns `/opt/p2p/init-tokens.sh` only when current bootstrap credentials are missing, leaves local credentials, user-confirmation/runtime-check evidence, cc-connect daemon state, MCP artifacts, and S4-S7 phase state unchanged, and writes a redacted `operation-report.json`.
|
|
661
705
|
|
|
662
|
-
When the user asks to reset application data on an existing EC2 instance, do not destroy EC2, public IPv4/EIP, DNS, or Caddy TLS storage. Run `scripts/reset-app-data.sh` only after explicit destructive confirmation with `DIREXIO_RESET_APP_DATA_CONFIRM=1`. It clears only the application volumes (`postgres-data`, `message-config`, `message-data`), generates a new backend password/init-code field, restarts the stack, reruns `/opt/p2p/init-tokens.sh`, clears stale local secret fields, clears old user-confirmation/runtime-check evidence, marks `agent_install_status=refresh_pending`, stops only the matching service-scoped direxio-connect daemon when its `WorkDir` matches this service, marks S4-S7 pending, and writes a redacted `operation-report.json`.
|
|
706
|
+
When the user asks to reset application data on an existing EC2 instance, do not destroy EC2, public IPv4/EIP, DNS, or Caddy TLS storage. Run `scripts/reset-app-data.sh` only after explicit destructive confirmation with `DIREXIO_RESET_APP_DATA_CONFIRM=1`. It clears only the application volumes (`postgres-data`, `message-config`, `message-data`), generates a new backend password/init-code field, restarts the stack, reruns `/opt/p2p/init-tokens.sh`, clears stale local secret fields, clears old user-confirmation/runtime-check evidence, marks `agent_install_status=refresh_pending` and `mcp_install_status=refresh_pending`, stops only the matching service-scoped direxio-connect daemon when its `WorkDir` matches this service, marks S4-S7 pending, and writes a redacted `operation-report.json`. The follow-up orchestrate run regenerates local credentials/MCP artifacts and, by default, reinstalls/restarts cc-connect plus direxio-mcp.
|
|
663
707
|
|
|
664
708
|
Current message-server images require `P2P_PORTAL_PASSWORD` and an explicit `portal.bootstrap`; `init-tokens.sh` owns that cloud-side bootstrap and creates a real Matrix `agent_room_id` when the backend credentials file does not already include one.
|
|
665
709
|
|
|
666
710
|
Do not delete caddy-data or caddy-config during an image-only refresh. Removing Caddy's ACME storage loses the existing production certificate and can trigger CA duplicate-certificate rate limits. Preserve `caddy-data` and `caddy-config`; clear only `postgres-data message-config message-data` when the requested reset needs a clean homeserver/database.
|
|
667
711
|
|
|
668
|
-
For repeated
|
|
712
|
+
For repeated data-reset refreshes, rerun `scripts/orchestrate.sh` normally after reset. S4-S7 will re-run from state, and S6 regenerates local credentials/MCP artifacts and automatically installs/restarts local packages unless `DIREXIO_AGENT_INSTALL=recommend` or `skip` is explicitly set. Image-only update does not require an orchestrate follow-up unless verification shows the service actually regenerated credentials.
|
|
669
713
|
|
|
670
714
|
## Minimal Invocation
|
|
671
715
|
|
|
@@ -679,7 +723,7 @@ MESSAGE_SERVER_IMAGE=direxio/message-server:latest \
|
|
|
679
723
|
bash scripts/orchestrate.sh
|
|
680
724
|
```
|
|
681
725
|
|
|
682
|
-
Use an `AWS_PROFILE` or temporary `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` for the selected AWS identity. Root access keys are allowed when the operator explicitly chooses them;
|
|
726
|
+
Use an `AWS_PROFILE` or temporary `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` for the selected AWS identity. Root access keys are allowed when the operator explicitly chooses them; they are the fastest first-deploy path but highly privileged and must be saved securely, never pasted, and rotated or deleted after deployment. A temporary `DirexioDeployer` IAM user is the safer path but takes more setup steps. Do not write AWS secrets, initialization codes, or agent tokens into skill files or the repository.
|
|
683
727
|
|
|
684
728
|
On Windows, prefer `.\scripts\orchestrate.ps1` and `.\scripts\destroy.ps1` from PowerShell. These wrappers select Git for Windows Bash for the Bash phases and write Windows-compatible local `direxio-connect` paths.
|
|
685
729
|
|
package/package.json
CHANGED
|
@@ -127,7 +127,7 @@ Use `mcp/codex.toml` for Codex and `mcp/hermes.mcp.json` for Hermes. For OpenCla
|
|
|
127
127
|
|
|
128
128
|
- `DIREXIO_AGENT_INSTALL=skip`: write credentials/env and cc-connect config only.
|
|
129
129
|
- `DIREXIO_AGENT_INSTALL=recommend`: write files, record state, and print the install command.
|
|
130
|
-
- `DIREXIO_AGENT_INSTALL=auto
|
|
130
|
+
- `DIREXIO_AGENT_INSTALL=auto` (default): run `npm install -g direxio-connent@latest`, `direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force`, and `npm install -g direxio-mcp@latest`. S6 records cc-connect as installed only after `direxio-connect daemon status --service-name <service_id>` reports `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise it records `agent_install_status=install_failed`. MCP records `mcp_install_status=installed` only when npm succeeds.
|
|
131
131
|
|
|
132
132
|
Prefer `DIREXIO_CC_CONNECT_AGENT=<agent>` to choose the local agent that `direxio-connect` should run. Keep `DIREXIO_AGENT_PLATFORM=<runtime>` for auto-detection overrides and legacy host-runtime naming. Use `DIREXIO_AGENT_INSTALL_MODE=cc-connect` only when overriding the default `recommended` mapping explicitly.
|
|
133
133
|
Use `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific options that cannot be represented by `work_dir` or `cmd`; for example `reasonix` requires `serve_url`, `tmux` requires `session`, and generic `acp` requires a command when `DIREXIO_CC_CONNECT_AGENT_CMD` is not enough.
|
|
@@ -102,10 +102,11 @@ reuse of an old deployment state.
|
|
|
102
102
|
|
|
103
103
|
## Credential Safety
|
|
104
104
|
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
105
|
+
Offer two credential paths for first-time deployment. Root access keys are the
|
|
106
|
+
fastest path but are highly privileged; report that the identity is root,
|
|
107
|
+
remind the operator to save the CSV securely, and rotate or remove the key when
|
|
108
|
+
it is no longer needed. A temporary `DirexioDeployer` IAM user or dedicated IAM
|
|
109
|
+
role is safer but requires more AWS console steps.
|
|
109
110
|
|
|
110
111
|
Do not store AWS AK/SK in skill files, docs, or committed repo files. Treat
|
|
111
112
|
`state.json`, `outputs.json`, and `~/.direxio/nodes/<service_id>/credentials.json` as local
|
|
@@ -30,9 +30,10 @@ Current best plan is the stricter plan now encoded in this branch:
|
|
|
30
30
|
whether to send a real message in the Agent chat box.
|
|
31
31
|
6. Keep update/reset/destroy as separate operations with separate receipts;
|
|
32
32
|
update/reset are now first-class scripts, not runbook-only manual actions.
|
|
33
|
-
7. Treat
|
|
34
|
-
old credentials, user confirmations, runtime checks,
|
|
35
|
-
proof, so the next action is to rerun S4-S7 and
|
|
33
|
+
7. Treat reset/redeploy follow-up as a Local refresh state: reset/redeploy
|
|
34
|
+
clears old credentials, user confirmations, runtime checks, bridge install
|
|
35
|
+
proof, and MCP install proof, so the next action is to rerun S4-S7 and
|
|
36
|
+
runtime checks. Image-only update keeps local state intact.
|
|
36
37
|
8. Keep Lightsail out of the current user-facing path. Lightsail remains
|
|
37
38
|
deferred until it has an independent resource model, pricing, state,
|
|
38
39
|
destroy, and test matrix.
|
|
@@ -132,14 +133,17 @@ Status: Deployer-side implemented.
|
|
|
132
133
|
|
|
133
134
|
Current evidence:
|
|
134
135
|
- `scripts/aws-credentials.sh import-csv|verify` imports local CSV credentials,
|
|
135
|
-
tightens file permissions,
|
|
136
|
-
|
|
136
|
+
tightens file permissions, allows root identity only with explicit operator
|
|
137
|
+
choice, and redacts identity output.
|
|
138
|
+
- `SKILL.md` documents both the fast root access-key path with security
|
|
139
|
+
warnings and the safer temporary `DirexioDeployer` IAM user path with
|
|
137
140
|
temporary `AdministratorAccess`, then cleanup.
|
|
138
141
|
- Reports and tests assert secrets are redacted and not written to reports.
|
|
139
142
|
|
|
140
143
|
Difference from the checklist:
|
|
141
|
-
- The current branch chooses the practical MVP path:
|
|
142
|
-
|
|
144
|
+
- The current branch chooses the practical MVP path: let the operator choose
|
|
145
|
+
fast root credentials or a safer temporary IAM admin user, with cleanup
|
|
146
|
+
guidance after deployment.
|
|
143
147
|
|
|
144
148
|
Remaining evidence:
|
|
145
149
|
- Long-term least-privilege IAM generation is still a future hardening task.
|
|
@@ -226,11 +230,11 @@ Current evidence:
|
|
|
226
230
|
- S5 refreshes bootstrap credentials from the server.
|
|
227
231
|
- S6 rewrites service-scoped `credentials.json`, `env`, cc-connect config, and
|
|
228
232
|
MCP snippets.
|
|
229
|
-
-
|
|
230
|
-
-
|
|
233
|
+
- Reset/redeploy mark S4-S7 pending and report refresh-pending status.
|
|
234
|
+
- Reset/redeploy stops only the matching service-scoped direxio-connect daemon
|
|
231
235
|
when its `WorkDir` matches the current service, so stale local bridge
|
|
232
236
|
processes do not keep using old credentials.
|
|
233
|
-
- `status` reports Local refresh when
|
|
237
|
+
- `status` reports Local refresh when reset/redeploy cleared old credentials, user confirmations, runtime checks, bridge install proof, and MCP install proof.
|
|
234
238
|
- Runtime checks fail closed when a stale service directory or wrong WorkDir is
|
|
235
239
|
detected.
|
|
236
240
|
|
|
@@ -36,10 +36,14 @@ P2P_EXISTING_STATE_ACTION=destroy
|
|
|
36
36
|
DOMAIN=<different-domain>
|
|
37
37
|
```
|
|
38
38
|
|
|
39
|
-
For first-time credentials,
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
39
|
+
For first-time credentials, offer the operator two paths before provisioning:
|
|
40
|
+
root access key or dedicated IAM deployment user. The root path is the fastest
|
|
41
|
+
because it uses the account owner identity directly, but it is highly
|
|
42
|
+
privileged; tell the operator to save the CSV securely, never paste or commit
|
|
43
|
+
it, and rotate or delete the root key after deployment. The dedicated
|
|
44
|
+
`DirexioDeployer` IAM user path is safer because it avoids root keys, but it
|
|
45
|
+
requires more AWS console steps. Import the selected AWS access-key CSV and
|
|
46
|
+
verify the identity before provisioning:
|
|
43
47
|
|
|
44
48
|
```bash
|
|
45
49
|
bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer <region>
|
|
@@ -149,19 +153,22 @@ reminders, `billing.cost_estimate`, destroy read-back evidence under
|
|
|
149
153
|
contain the initialization code, AWS secrets, access tokens, agent tokens, or
|
|
150
154
|
Matrix session tokens. User/runtime evidence is also scrubbed for
|
|
151
155
|
eight-or-more digit numeric strings because users may paste initialization
|
|
152
|
-
codes into confirmation notes. After
|
|
156
|
+
codes into confirmation notes. After reset/redeploy, the report must show
|
|
153
157
|
`credentials.status=refresh_pending`, `connect.install_status=refresh_pending`,
|
|
154
158
|
and `mcp.status=refresh_pending` until S5/S6/S7 and runtime checks refresh
|
|
155
|
-
local evidence.
|
|
159
|
+
local evidence. Image-only update does not clear local credentials,
|
|
160
|
+
confirmations, runtime checks, cc-connect state, or MCP artifacts.
|
|
156
161
|
|
|
157
162
|
When the user or runtime evidence confirms a manual product gate, write it back
|
|
158
163
|
to state before regenerating the report. Connect daemon status is a
|
|
159
164
|
service-scoped local bridge check, MCP doctor is a non-polluting runtime check,
|
|
160
165
|
MCP tools is stdio `tools/list` discovery, and MCP smoke is a read-only backend
|
|
161
|
-
call. In the
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
166
|
+
call. In the `DIREXIO_AGENT_INSTALL=recommend` path, `verify runtime` records
|
|
167
|
+
`connect_daemon=manual_pending` instead of failing the aggregate, because
|
|
168
|
+
daemon installation is an explicit operator action. The default
|
|
169
|
+
`DIREXIO_AGENT_INSTALL=auto` path expects cc-connect and direxio-mcp to be
|
|
170
|
+
installed automatically during S6. These checks are not the full runtime
|
|
171
|
+
product gate:
|
|
165
172
|
|
|
166
173
|
```bash
|
|
167
174
|
DOMAIN=__DOMAIN__ bash scripts/orchestrate.sh verify runtime
|
|
@@ -137,8 +137,8 @@ Defaults:
|
|
|
137
137
|
- `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` appends agent-specific options under `[projects.agent.options]`; use it for agents with required non-command options such as `reasonix` (`serve_url`) or `tmux` (`session`).
|
|
138
138
|
- OpenClaw Gateway ACP auto-detects the Gateway from `~/.openclaw/openclaw.json` when `DIREXIO_OPENCLAW_ACP_URL` and `DIREXIO_OPENCLAW_ACP_TOKEN_FILE` are unset. It uses `DIREXIO_OPENCLAW_ACP_SESSION` when provided, otherwise `agent:main:main`. To force explicit Gateway settings, complete OpenClaw pairing first and set all three real values: `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION`.
|
|
139
139
|
- `DIREXIO_OPENCLAW_ACP_ARGS_TOML` replaces the generated OpenClaw ACP args array, for example `["acp", "--url", "wss://gateway.example.test:18789", "--token-file", "$HOME/.openclaw/gateway.token", "--session", "agent:main:main"]`. `DIREXIO_HERMES_ACP_ARGS_TOML` supplies the child Hermes args; S6 prefixes `["hermes-acp-adapter", "--", "<hermes-command>"]` automatically.
|
|
140
|
-
- `DIREXIO_AGENT_INSTALL=
|
|
141
|
-
- `DIREXIO_AGENT_INSTALL=
|
|
140
|
+
- `DIREXIO_AGENT_INSTALL=auto` is the default. It runs `npm install -g direxio-connent@latest`, installs the `direxio-connect` daemon with the generated config and `--service-name <service_id>`, and runs `npm install -g direxio-mcp@latest`. cc-connect is recorded as installed only when `direxio-connect daemon status --service-name <service_id>` reports `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise S6 records `agent_install_status=install_failed`. MCP records `mcp_install_status=installed` only when npm succeeds.
|
|
141
|
+
- `DIREXIO_AGENT_INSTALL=recommend` prints and records commands only. `verify runtime` records the daemon check as `manual_pending` in this mode and still verifies MCP doctor/tools/smoke when the MCP command is available.
|
|
142
142
|
- `DIREXIO_AGENT_INSTALL_MODE=recommended` maps every supported local runtime to `cc-connect`.
|
|
143
143
|
- Speech defaults to `DIREXIO_SPEECH_PROVIDER=openai` and `DIREXIO_SPEECH_LANGUAGE=zh`. Provider-specific keys are also accepted: `DIREXIO_SPEECH_OPENAI_API_KEY` or `OPENAI_API_KEY`, `DIREXIO_SPEECH_GROQ_API_KEY` or `GROQ_API_KEY`, `DIREXIO_SPEECH_QWEN_API_KEY` or `DASHSCOPE_API_KEY`, and `DIREXIO_SPEECH_GEMINI_API_KEY`, `GEMINI_API_KEY`, or `GOOGLE_API_KEY`. Set `DIREXIO_SPEECH_ENABLED=false` to suppress speech config generation even when a key exists.
|
|
144
144
|
|
|
@@ -4,7 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
从服务端同步过来的 `password` 和 owner `access_token` 必须按一次性/易失凭据处理。`password` 是后端字段名,对用户展示时必须叫八位 App 初始化码。用户完成初始化或 token exchange 后,服务端可能立刻重置这些值;任何需要再次获取初始化码,或需要用 `access_token` 调 owner 身份 API/Matrix Client API,或需要用 `agent_token` 调 `agent.matrix_session.create` 的操作,都必须先重新从服务器拉取最新 `/opt/p2p/bootstrap.json`,再更新本地 `credentials.json`。不要复用聊天记录、旧 `state.json`、旧 `credentials.json` 或历史部署输出里的 password/access token。
|
|
6
6
|
|
|
7
|
-
现有节点执行 `scripts/update.sh`
|
|
7
|
+
现有节点执行 `scripts/update.sh` 只做镜像刷新和远端服务重启,不清理应用卷,也不重置本地 `password`、`access_token`、`agent_token`、`agent_room_id`、`user_confirmations`、`runtime_checks`、cc-connect daemon 状态或 MCP artifacts。除非验证发现远端确实重新生成了 bootstrap credentials,否则 update 后不要强制续跑 S4-S7。
|
|
8
|
+
|
|
9
|
+
执行 `scripts/reset-app-data.sh`、清理应用挂载卷或重新部署服务后,本地旧证据必须作废。脚本会清掉旧 `password`、`access_token`、`agent_token`、`agent_room_id`、`user_confirmations` 和 `runtime_checks`,把 `agent_install_status` 和 `mcp_install_status` 标成 `refresh_pending`,并只在 `WorkDir` 匹配当前 service 时停止对应的本地 bridge(stops only the matching service-scoped direxio-connect daemon),再把 S4-S7 标回 pending。这样旧的用户确认、MCP discovery、Agent runtime probe、旧 bridge 安装状态或 MCP 安装状态不会被误用到重置后的节点。后续必须续跑 `scripts/orchestrate.sh`,让 S5/S6/S7 重新生成本地 credentials/MCP snippets,并默认自动重新安装/重启 cc-connect 和 direxio-mcp,再通过 `verify runtime` 写入当前证据。
|
|
8
10
|
|
|
9
11
|
## 远端凭据
|
|
10
12
|
|
package/references/tooling.md
CHANGED
|
@@ -82,7 +82,10 @@ If distro packages are too old or missing, ask before using the official AWS CLI
|
|
|
82
82
|
|
|
83
83
|
## Credentials
|
|
84
84
|
|
|
85
|
-
|
|
85
|
+
For first-time setup, offer a root access key as the fastest path and a
|
|
86
|
+
temporary `DirexioDeployer` IAM user or role as the safer path. Root keys are
|
|
87
|
+
highly privileged; the operator must save the CSV securely, never paste or
|
|
88
|
+
commit it, and rotate or delete it after deployment. If the user provides an
|
|
86
89
|
AWS access-key CSV, import it through the repository helper so command output
|
|
87
90
|
stays redacted and the identity is marked as `root=true|false`:
|
|
88
91
|
|
|
@@ -72,13 +72,19 @@ remain outside automatic destroy scope.
|
|
|
72
72
|
|
|
73
73
|
## Update / Reset Follow-Up
|
|
74
74
|
|
|
75
|
-
After `scripts/
|
|
75
|
+
After `scripts/reset-app-data.sh`, rerun:
|
|
76
76
|
|
|
77
77
|
```bash
|
|
78
78
|
P2P_EXISTING_STATE_ACTION=continue DOMAIN=__DOMAIN__ bash scripts/orchestrate.sh
|
|
79
79
|
```
|
|
80
80
|
|
|
81
|
-
The
|
|
81
|
+
The reset script intentionally marks S4-S7 pending and clears stale local secret
|
|
82
82
|
fields. Do not copy old initialization codes or tokens from chat history,
|
|
83
83
|
`state.json`, or `credentials.json`; S5 must fetch fresh bootstrap data and S6
|
|
84
|
-
must rewrite service-scoped local credentials/MCP snippets
|
|
84
|
+
must rewrite service-scoped local credentials/MCP snippets and reinstall local
|
|
85
|
+
packages by default.
|
|
86
|
+
|
|
87
|
+
After `scripts/update.sh`, do not rerun S4-S7 just because the service was
|
|
88
|
+
restarted. Image-only update preserves local credentials, cc-connect daemon
|
|
89
|
+
state, MCP artifacts, confirmations, and runtime checks unless a separate
|
|
90
|
+
verification shows the server regenerated bootstrap credentials.
|
package/scripts/json.mjs
CHANGED
|
@@ -373,6 +373,7 @@ function cmdMutate(args) {
|
|
|
373
373
|
delete data[key];
|
|
374
374
|
}
|
|
375
375
|
data.agent_install_status = "refresh_pending";
|
|
376
|
+
data.mcp_install_status = "refresh_pending";
|
|
376
377
|
data.phase = startPhase;
|
|
377
378
|
if (!isObject(data.phases)) data.phases = {};
|
|
378
379
|
if (startPhase === "S4_BOOTSTRAP_STACK") {
|
|
@@ -513,6 +514,7 @@ function buildOperationReport(operation, status, stateFile, generatedAt, st) {
|
|
|
513
514
|
},
|
|
514
515
|
mcp: {
|
|
515
516
|
status: localRefreshStatus,
|
|
517
|
+
install_status: st.mcp_install_status || "",
|
|
516
518
|
package: st.mcp_npm_package || "direxio-mcp@latest",
|
|
517
519
|
server_name: st.mcp_server_name || "",
|
|
518
520
|
config_dir: st.mcp_config_dir || "",
|
package/scripts/lib/ops.sh
CHANGED
|
@@ -139,7 +139,6 @@ ops_stop_scoped_daemon() {
|
|
|
139
139
|
|
|
140
140
|
ops_update_remote_command() {
|
|
141
141
|
local image=${1:-} image_q remote_script
|
|
142
|
-
image_q=$(ops_sh_quote "$image")
|
|
143
142
|
remote_script=$(cat <<'EOF'
|
|
144
143
|
set -eu
|
|
145
144
|
cd /opt/p2p
|
|
@@ -179,7 +178,12 @@ else
|
|
|
179
178
|
fi
|
|
180
179
|
EOF
|
|
181
180
|
)
|
|
182
|
-
|
|
181
|
+
if [ -n "$image" ]; then
|
|
182
|
+
image_q=$(ops_sh_quote "$image")
|
|
183
|
+
printf 'sudo MESSAGE_SERVER_IMAGE=%s sh -lc %s\n' "$image_q" "$(ops_sh_quote "$remote_script")"
|
|
184
|
+
else
|
|
185
|
+
printf 'sudo sh -lc %s\n' "$(ops_sh_quote "$remote_script")"
|
|
186
|
+
fi
|
|
183
187
|
}
|
|
184
188
|
|
|
185
189
|
ops_reset_remote_command() {
|
package/scripts/orchestrate.sh
CHANGED
|
@@ -196,7 +196,7 @@ local_refresh_pending() {
|
|
|
196
196
|
|
|
197
197
|
status_local_refresh() {
|
|
198
198
|
if local_refresh_pending; then
|
|
199
|
-
echo "
|
|
199
|
+
echo "reset/redeploy cleared old credentials, user confirmations, runtime checks, bridge install proof, and MCP install proof"
|
|
200
200
|
fi
|
|
201
201
|
}
|
|
202
202
|
|
|
@@ -204,7 +204,7 @@ status_next_action() {
|
|
|
204
204
|
if local_refresh_pending; then
|
|
205
205
|
case "$1" in
|
|
206
206
|
S4_BOOTSTRAP_STACK|S5_INIT_TOKENS|S6_WIRE_LOCAL|S7_VERIFY_E2E|DONE)
|
|
207
|
-
echo "rerun the deployment workflow to refresh S4-S7, local credentials, MCP snippets, and runtime checks"
|
|
207
|
+
echo "rerun the deployment workflow to refresh S4-S7, local credentials, MCP snippets, automatic installs, and runtime checks"
|
|
208
208
|
return 0
|
|
209
209
|
;;
|
|
210
210
|
esac
|
|
@@ -362,7 +362,7 @@ _validate_agent_platform() {
|
|
|
362
362
|
}
|
|
363
363
|
|
|
364
364
|
_agent_install_policy() {
|
|
365
|
-
local policy=${DIREXIO_AGENT_INSTALL:-
|
|
365
|
+
local policy=${DIREXIO_AGENT_INSTALL:-auto}
|
|
366
366
|
case "$policy" in
|
|
367
367
|
skip|recommend|auto) printf '%s\n' "$policy" ;;
|
|
368
368
|
*) fail "DIREXIO_AGENT_INSTALL must be skip, recommend, or auto." ;;
|
|
@@ -1125,6 +1125,26 @@ _maybe_auto_install_cc_connect() {
|
|
|
1125
1125
|
fi
|
|
1126
1126
|
}
|
|
1127
1127
|
|
|
1128
|
+
_maybe_auto_install_mcp() {
|
|
1129
|
+
local policy=$1
|
|
1130
|
+
if [ "$policy" != "auto" ]; then
|
|
1131
|
+
state_set mcp_install_status "$policy" 2>/dev/null || true
|
|
1132
|
+
return 0
|
|
1133
|
+
fi
|
|
1134
|
+
if ! command -v npm >/dev/null 2>&1; then
|
|
1135
|
+
warn "DIREXIO_AGENT_INSTALL=auto requested, but npm is not on PATH. Install Node.js to install direxio-mcp automatically."
|
|
1136
|
+
state_set mcp_install_status "npm_missing" 2>/dev/null || true
|
|
1137
|
+
return 0
|
|
1138
|
+
fi
|
|
1139
|
+
if npm install -g "$(_mcp_npm_package)"; then
|
|
1140
|
+
state_set mcp_install_status "installed" 2>/dev/null || true
|
|
1141
|
+
ok "direxio-mcp installed from npm."
|
|
1142
|
+
else
|
|
1143
|
+
state_set mcp_install_status "install_failed" 2>/dev/null || true
|
|
1144
|
+
warn "direxio-mcp npm install failed. MCP config artifacts and install command are available for manual recovery."
|
|
1145
|
+
fi
|
|
1146
|
+
}
|
|
1147
|
+
|
|
1128
1148
|
_agent_skill_install_path() {
|
|
1129
1149
|
local runtime=$1
|
|
1130
1150
|
case "$runtime" in
|
|
@@ -1442,12 +1462,14 @@ run_phase() {
|
|
|
1442
1462
|
state_set agent_install_policy "$install_policy" 2>/dev/null || true
|
|
1443
1463
|
state_set agent_install_mode "$install_mode" 2>/dev/null || true
|
|
1444
1464
|
state_set agent_install_command "$install_command" 2>/dev/null || true
|
|
1465
|
+
state_set mcp_install_policy "$install_policy" 2>/dev/null || true
|
|
1445
1466
|
state_set agent_skill_install_path "$skill_path" 2>/dev/null || true
|
|
1446
1467
|
state_set agent_global_skill_install_path "$global_skill_path" 2>/dev/null || true
|
|
1447
1468
|
state_set direxio_agent_bridge "cc-connect" 2>/dev/null || true
|
|
1448
1469
|
_print_cc_connect_guidance "$runtime" "$asurl" "$node_cred" "$envfile" "$install_policy" "$install_mode" "$install_command" "$node_id" "$cc_config_local" "$cc_binary" "$cc_agent" "$cc_agent_cmd" "$service_id"
|
|
1449
1470
|
_print_mcp_guidance "$runtime" "$service_id" "$mcp_server_name" "$node_cred_local" "$mcp_dir_local" "$mcp_codex_config_local" "$mcp_openclaw_config_local" "$mcp_hermes_config_local" "$mcp_install_command" "$mcp_doctor_command"
|
|
1450
1471
|
_maybe_auto_install_agent "$install_policy" "$runtime" "$cc_agent" "$service_dir" "$cc_config" "$cc_binary" "$service_id"
|
|
1472
|
+
_maybe_auto_install_mcp "$install_policy"
|
|
1451
1473
|
|
|
1452
1474
|
phase_set S6_WIRE_LOCAL done "credentials.json written;node_id=$node_id;service_id=$service_id;env_file=$envfile;runtime=$runtime;install_policy=$install_policy;install_mode=$install_mode;cc_connect_config=$cc_config;mcp_config_dir=$mcp_dir;cc_connect_agent=$cc_agent"
|
|
1453
1475
|
return 0
|
package/scripts/update.sh
CHANGED
|
@@ -15,16 +15,8 @@ ops_require_state "$STATE_JSON"
|
|
|
15
15
|
|
|
16
16
|
remote_command=$(ops_update_remote_command "${MESSAGE_SERVER_IMAGE:-}")
|
|
17
17
|
ops_ssh "$STATE_JSON" "$remote_command"
|
|
18
|
-
|
|
19
|
-
if ops_stop_scoped_daemon "$STATE_JSON"; then
|
|
20
|
-
bridge_stop_message="Scoped local bridge daemon was stopped; rerun S6 to install fresh config."
|
|
21
|
-
else
|
|
22
|
-
bridge_stop_message="Scoped local bridge daemon stop was skipped or not needed."
|
|
23
|
-
fi
|
|
24
|
-
report=$(ops_write_report update update_remote_restart_complete_refresh_pending "$STATE_JSON")
|
|
18
|
+
report=$(ops_write_report update update_remote_restart_complete "$STATE_JSON")
|
|
25
19
|
|
|
26
20
|
echo "Update remote restart complete."
|
|
27
|
-
echo "
|
|
28
|
-
echo "$bridge_stop_message"
|
|
29
|
-
echo "Local S4-S7 gates were reset; rerun orchestrate with P2P_EXISTING_STATE_ACTION=continue to refresh credentials, MCP, and verification."
|
|
21
|
+
echo "Local credentials, cc-connect daemon state, MCP artifacts, confirmations, and runtime checks were left unchanged."
|
|
30
22
|
echo "operation report: $report"
|