direxio-deployer 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2026 P2P-IM
3
+ Copyright (c) 2026 Direxio
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -69,9 +69,10 @@ The CLI is implemented in Node and uses native paths for the host it runs on. On
69
69
 
70
70
  ## Minimal Command
71
71
 
72
- Import and verify an AWS deployment profile from an AWS CSV. A temporary
73
- `DirexioDeployer` IAM user is recommended, but root access keys are allowed
74
- when the operator explicitly chooses them:
72
+ Import and verify an AWS deployment profile from an AWS CSV. Root access keys
73
+ are the fastest first-deploy path but are highly privileged; save the CSV
74
+ securely and rotate or delete the key after deployment. A temporary
75
+ `DirexioDeployer` IAM user is safer but takes more AWS console steps:
75
76
 
76
77
  ```bash
77
78
  bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
@@ -111,16 +112,15 @@ $env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
111
112
  .\scripts\orchestrate.ps1
112
113
  ```
113
114
 
114
- Recommendation-only local bridge wiring:
115
+ Recommendation-only local bridge and MCP wiring:
115
116
 
116
117
  ```bash
117
118
  DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
118
119
  ```
119
120
 
120
- Automatic local bridge install:
121
+ Automatic local bridge and MCP install is the default. Set runtime selectors only when auto-detection is ambiguous:
121
122
 
122
123
  ```bash
123
- DIREXIO_AGENT_INSTALL=auto \
124
124
  DIREXIO_AGENT_PLATFORM=auto \
125
125
  DIREXIO_CC_CONNECT_AGENT=claudecode \
126
126
  DIREXIO_AGENT_INSTALL_MODE=recommended \
@@ -158,16 +158,23 @@ Update an existing node without deleting data:
158
158
 
159
159
  ```bash
160
160
  DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
161
- P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
162
161
  ```
163
162
 
163
+ Image refresh restarts the remote service only. It leaves local credentials,
164
+ `direxio-connect`, MCP artifacts, user confirmations, and runtime checks intact.
165
+
164
166
  Reset application data while preserving EC2, DNS, fixed IP, and Caddy TLS:
165
167
 
166
168
  ```bash
167
169
  DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
168
- P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
170
+ DIREXIO_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
169
171
  ```
170
172
 
173
+ Application data reset clears server-side app volumes, so the follow-up
174
+ orchestrate run regenerates local credentials/MCP artifacts and automatically
175
+ reinstalls/restarts `direxio-connect` plus `direxio-mcp` unless explicitly
176
+ overridden with `DIREXIO_AGENT_INSTALL=recommend` or `skip`.
177
+
171
178
  ## Local Bridge
172
179
 
173
180
  S6 writes these service-scoped files under `~/.direxio/nodes/<service_id>/`:
@@ -193,7 +200,8 @@ direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect
193
200
  direxio-connect daemon status --service-name <service_id>
194
201
  ```
195
202
 
196
- MCP install and check:
203
+ MCP is installed automatically during S6 when `DIREXIO_AGENT_INSTALL=auto`.
204
+ Manual recovery command:
197
205
 
198
206
  ```bash
199
207
  npm install -g direxio-mcp@latest
package/README_zh.md CHANGED
@@ -67,8 +67,9 @@ direxio-deployer skill update --agent codex
67
67
 
68
68
  ## 最小命令
69
69
 
70
- 从 AWS CSV 导入并验证一个部署 profile。推荐使用临时 `DirexioDeployer` IAM
71
- 用户;如果操作者明确选择 root access key,也允许继续:
70
+ 从 AWS CSV 导入并验证一个部署 profile。root access key 是首次部署最快路径,
71
+ 但权限极高;请安全保存 CSV,部署后轮换或删除密钥。临时
72
+ `DirexioDeployer` IAM 用户更安全,但 AWS 控制台步骤更多:
72
73
 
73
74
  ```bash
74
75
  bash scripts/aws-credentials.sh import-csv /path/to/accessKeys.csv direxio-deployer us-east-1
@@ -108,16 +109,15 @@ $env:MESSAGE_SERVER_IMAGE = "direxio/message-server:latest"
108
109
  .\scripts\orchestrate.ps1
109
110
  ```
110
111
 
111
- 仅写入并推荐本地 bridge:
112
+ 仅写入并推荐本地 bridge 和 MCP
112
113
 
113
114
  ```bash
114
115
  DIREXIO_AGENT_INSTALL=recommend bash scripts/orchestrate.sh
115
116
  ```
116
117
 
117
- 自动安装本地 bridge:
118
+ 默认会自动安装本地 bridge 和 MCP。只有自动检测不明确时才需要显式设置 runtime
118
119
 
119
120
  ```bash
120
- DIREXIO_AGENT_INSTALL=auto \
121
121
  DIREXIO_AGENT_PLATFORM=auto \
122
122
  DIREXIO_CC_CONNECT_AGENT=claudecode \
123
123
  DIREXIO_AGENT_INSTALL_MODE=recommended \
@@ -155,16 +155,22 @@ service 目录。
155
155
 
156
156
  ```bash
157
157
  DOMAIN=<domain> MESSAGE_SERVER_IMAGE=direxio/message-server:latest bash scripts/update.sh
158
- P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
159
158
  ```
160
159
 
160
+ 镜像刷新只重启远端服务,不重置本地 credentials、`direxio-connect`、MCP
161
+ 配置、用户确认和 runtime checks。
162
+
161
163
  重置应用数据但保留 EC2、DNS、固定 IP 和 Caddy TLS:
162
164
 
163
165
  ```bash
164
166
  DIREXIO_RESET_APP_DATA_CONFIRM=1 DOMAIN=<domain> bash scripts/reset-app-data.sh
165
- P2P_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
167
+ DIREXIO_EXISTING_STATE_ACTION=continue DOMAIN=<domain> bash scripts/orchestrate.sh
166
168
  ```
167
169
 
170
+ 清理应用数据卷后,后续 orchestrate 会重新生成本地 credentials/MCP 配置,
171
+ 并默认自动重新安装/重启 `direxio-connect` 和 `direxio-mcp`;如需只写文件,
172
+ 显式设置 `DIREXIO_AGENT_INSTALL=recommend` 或 `skip`。
173
+
168
174
  ## 本地 Bridge
169
175
 
170
176
  S6 会在 `~/.direxio/nodes/<service_id>/` 下写入:
@@ -190,10 +196,10 @@ direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect
190
196
  direxio-connect daemon status --service-name <service_id>
191
197
  ```
192
198
 
193
- MCP 安装和检查:
199
+ 默认 `DIREXIO_AGENT_INSTALL=auto` 时,S6 会自动安装 MCP。手动恢复命令:
194
200
 
195
201
  ```bash
196
- npm install -g direxio-mcp
202
+ npm install -g direxio-mcp@latest
197
203
  DIREXIO_CREDENTIALS_FILE=~/.direxio/nodes/<service_id>/credentials.json direxio-mcp doctor --json
198
204
  ```
199
205
 
package/SKILL.md CHANGED
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: direxio-deployer
3
- description: Deploy, resume, verify, destroy, and locally wire a production P2P-IM Matrix server on AWS for any connent/connect-supported local agent runtime. Use when installing or updating this skill itself; install the versioned npm package `direxio-deployer` and use its CLI to place the skill in the runtime-specific global path from references/agent-targets.md unless the user explicitly asks for a project-local installation.
3
+ description: Deploy, resume, verify, destroy, and locally wire a production Direxio message server on AWS for any connent/connect-supported local agent runtime. Use when installing or updating this skill itself; install the versioned npm package `direxio-deployer` and use its CLI to place the skill in the runtime-specific global path from references/agent-targets.md unless the user explicitly asks for a project-local installation.
4
4
  ---
5
5
 
6
6
  # Direxio Deployer
@@ -49,7 +49,7 @@ when it is safe and does not overwrite local edits. If the clone has local
49
49
  changes, do not discard them; report the divergence and continue from the local
50
50
  copy unless the user approves a specific update action.
51
51
 
52
- Do not fall back to older P2P-IM skill repositories or unmanaged copied skill bundles unless the user explicitly asks for one of those repositories. Never print or commit AWS credentials, initialization codes, agent tokens, or local credential files while refreshing the Skill.
52
+ Do not fall back to older pre-Direxio skill repositories or unmanaged copied skill bundles unless the user explicitly asks for one of those repositories. Never print or commit AWS credentials, initialization codes, agent tokens, or local credential files while refreshing the Skill.
53
53
 
54
54
  ## Cloud Account And Domain Onboarding
55
55
 
@@ -100,17 +100,28 @@ Step-by-step onboarding flow:
100
100
  deployment?"
101
101
  - If yes, ask only for the local CSV path or profile name, then verify it
102
102
  with `aws sts get-caller-identity`.
103
- - If no, default to a temporary IAM administrator user for MVP deployment.
104
- Explain in one sentence: "This temporary user lets the deployment tool
105
- create and later destroy this Direxio node; delete or disable it after
106
- deployment."
107
- - Root access keys are allowed when the operator explicitly chooses them.
108
- Prefer a temporary `DirexioDeployer` IAM user for routine deployments, but
109
- do not block deployment only because `aws sts get-caller-identity` returns
110
- an ARN ending in `:root`. Warn once that root credentials are highly
111
- privileged and should be rotated or removed when no longer needed, then
112
- continue if the user accepts that risk.
113
- - Guide only one or two clicks at a time:
103
+ - If no, offer two credential paths and ask the user to choose:
104
+ 1. **Root access key (default fastest path):** simpler to create for a
105
+ first deployment because it uses the account owner identity directly.
106
+ Explain that it is highly privileged, must be saved securely, must
107
+ never be pasted into chat or committed, and should be rotated or
108
+ deleted after deployment.
109
+ 2. **Dedicated IAM deployment user:** safer because it avoids root keys,
110
+ but requires more AWS console steps. Explain in one sentence: "This
111
+ temporary user lets the deployment tool create and later destroy this
112
+ Direxio node; delete or disable it after deployment."
113
+ - If the user chooses the root path, guide only one or two clicks at a time:
114
+ 1. Sign in to AWS as the root account owner.
115
+ 2. Open the root user's **Security credentials** page.
116
+ 3. In **Access keys**, choose **Create access key**.
117
+ 4. Select **Command Line Interface (CLI)**, acknowledge AWS's root-key
118
+ warning, and create the key.
119
+ 5. Download the `.csv` file, store it securely, and provide only the local
120
+ CSV path to the agent.
121
+ 6. After deployment, rotate or delete the root access key unless the user
122
+ has a deliberate reason to keep it.
123
+ - If the user chooses the dedicated IAM deployment user path, guide only one
124
+ or two clicks at a time:
114
125
  1. Open `https://console.aws.amazon.com/iam/home#/users/create`.
115
126
  2. Create a user named `DirexioDeployer-YYYYMMDD` or `DirexioDeployer`.
116
127
  3. Attach the AWS managed policy `AdministratorAccess`. State plainly
@@ -122,6 +133,10 @@ Step-by-step onboarding flow:
122
133
  continue.
123
134
  7. Choose `Create access key`, download the `.csv` file, and provide only
124
135
  the local file path.
136
+ - Root access keys are allowed when the operator explicitly chooses them.
137
+ Do not block deployment only because `aws sts get-caller-identity` returns
138
+ an ARN ending in `:root`; report `root=true`, repeat the security warning
139
+ once, and continue if the user accepts that risk.
125
140
  - After credentials are configured, run `aws sts get-caller-identity`,
126
141
  report only the account, whether the identity is root, and the redacted
127
142
  ARN.
@@ -342,7 +357,7 @@ Use a Git clone only for development or local patching of this deployer, not as
342
357
 
343
358
  ## Agent Recognition
344
359
 
345
- Use this skill when the user asks to deploy, resume, verify, destroy, repair, or wire a P2P-IM Matrix server. The instructions are runtime-neutral and can be followed by any agent that can run shell commands and read files. The local bridge target must be one of the connent/connect agents unless the user explicitly supplies compatible custom TOML. OpenClaw and Hermes are host runtimes that S6 wires through the generic connent/connect `acp` agent.
360
+ Use this skill when the user asks to deploy, resume, verify, destroy, repair, or wire a Direxio message server. The instructions are runtime-neutral and can be followed by any agent that can run shell commands and read files. The local bridge target must be one of the connent/connect agents unless the user explicitly supplies compatible custom TOML. OpenClaw and Hermes are host runtimes that S6 wires through the generic connent/connect `acp` agent.
346
361
 
347
362
  For local agent integration after deployment, S6 writes service-specific credentials and environment files under `~/.direxio/nodes/<service_id>/`, where `service_id` is derived from the deployed domain. It also writes MCP client snippets under `~/.direxio/nodes/<service_id>/mcp/` for MCP-capable hosts such as Codex, OpenClaw, and Hermes. It does not write root-level compatibility credentials, shell profiles, Windows user environment variables, or mutate each host's global MCP config.
348
363
 
@@ -361,19 +376,19 @@ DIREXIO_CC_CONNECT_AGENT=<optional connect agent>
361
376
  DIREXIO_OPENCLAW_ACP_URL=<optional explicit OpenClaw gateway URL>
362
377
  DIREXIO_OPENCLAW_ACP_TOKEN_FILE=<optional explicit OpenClaw gateway token file>
363
378
  DIREXIO_OPENCLAW_ACP_SESSION=<optional OpenClaw ACP session; defaults to agent:main:main>
364
- DIREXIO_AGENT_INSTALL=recommend
379
+ DIREXIO_AGENT_INSTALL=auto
365
380
  DIREXIO_AGENT_INSTALL_MODE=recommended
366
381
  ```
367
382
 
368
383
  The only supported local conversation bridge is `direxio-connect`, installed from `direxio-connent@latest` by default or built from `https://github.com/YingSuiAI/direxio-connect.git`. S6 creates a Matrix session for `@agent:<server>`, writes `~/.direxio/nodes/<service_id>/cc-connect/config.toml`, and restricts the bridge to the real `agent_room_id`.
369
384
 
370
- The local MCP tool surface is `direxio-mcp`, installed from `direxio-mcp@latest` by default. S6 writes `mcp/codex.toml`, `mcp/openclaw.md`, `mcp/openclaw-server.json`, `mcp/hermes.mcp.json`, `mcp/mcp-servers.json`, and `mcp/env`; these artifacts point to `credentials.json` by `DIREXIO_CREDENTIALS_FILE`. OpenClaw must be configured through the generated `openclaw mcp set` command in `mcp/openclaw.md`; do not paste MCP JSON into `~/.openclaw/openclaw.json`. Keep this separate from cc-connect: cc-connect must use its direct Matrix config and must not use `DIREXIO_CREDENTIALS_FILE`.
385
+ The local MCP tool surface is `direxio-mcp`, installed from `direxio-mcp@latest` by default when `DIREXIO_AGENT_INSTALL=auto`. S6 writes `mcp/codex.toml`, `mcp/openclaw.md`, `mcp/openclaw-server.json`, `mcp/hermes.mcp.json`, `mcp/mcp-servers.json`, and `mcp/env`; these artifacts point to `credentials.json` by `DIREXIO_CREDENTIALS_FILE`. OpenClaw must be configured through the generated `openclaw mcp set` command in `mcp/openclaw.md`; do not paste MCP JSON into `~/.openclaw/openclaw.json`. Keep this separate from cc-connect: cc-connect must use its direct Matrix config and must not use `DIREXIO_CREDENTIALS_FILE`.
371
386
 
372
387
  `DIREXIO_CC_CONNECT_AGENT` is the preferred explicit selector. Supported values match connent/connect: `acp`, `antigravity`, `claudecode`, `codex`, `copilot`, `cursor`, `devin`, `gemini`, `iflow`, `kimi`, `opencode`, `pi`, `qoder`, `reasonix`, and `tmux`. Detected OpenClaw and Hermes runtimes map to `cc_connect_agent=acp`; they are not native connect agent types. OpenClaw uses `cmd = "openclaw"` with args `["acp", "--session", "agent:main:main"]` by default, letting `openclaw acp` auto-discover the Gateway from `~/.openclaw/openclaw.json`. If the operator needs to force explicit Gateway settings, S6 requires all three real values from the current OpenClaw runtime after pairing: `DIREXIO_OPENCLAW_ACP_URL`, `DIREXIO_OPENCLAW_ACP_TOKEN_FILE`, and `DIREXIO_OPENCLAW_ACP_SESSION`; do not guess these values or reuse old chat output. Hermes uses `cmd = "direxio-connect"` with `args = ["hermes-acp-adapter", "--", "hermes", "acp"]` so the Direxio compatibility layer can suppress Hermes reasoning text before it reaches the Matrix room. Use `DIREXIO_CC_CONNECT_AGENT_CMD`, `DIREXIO_<AGENT>_COMMAND`, and when needed `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific launch details. OpenClaw and Hermes also accept `DIREXIO_OPENCLAW_COMMAND`, `DIREXIO_HERMES_COMMAND`, `DIREXIO_HERMES_ACP_ADAPTER_COMMAND`, `DIREXIO_OPENCLAW_ACP_ARGS_TOML`, and `DIREXIO_HERMES_ACP_ARGS_TOML`; Hermes custom args are child Hermes args and S6 prefixes the adapter wrapper automatically.
373
388
 
374
389
  `DIREXIO_AGENT_PLATFORM` describes the host runtime following the skill, while `DIREXIO_CC_CONNECT_AGENT` describes the local agent backend that `direxio-connect` should launch. Host runtimes such as Hermes or OpenClaw are not native cc-connect backend types; S6 maps them to the generic ACP backend by default and records `cc_connect_agent=acp`. Override `DIREXIO_CC_CONNECT_AGENT` only when the operator intentionally wants a different local backend.
375
390
 
376
- `DIREXIO_AGENT_INSTALL` may be `skip`, `recommend`, or `auto`. Only `auto` attempts to run `npm install -g direxio-connent@latest` and `direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force`; the default `recommend` records and prints the command without mutating local daemon state. An automatic install is reported as installed only when `direxio-connect daemon status --service-name <service_id>` returns `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise S6 records `agent_install_status=install_failed`. S6 calls `agent.matrix_session.create` with `agent_token` and retries transient HTTP 000/404/408/409/425/429/5xx responses before failing, because the Matrix action can become reachable after `/healthz`; defaults are 12 attempts with exponential backoff capped by `DIREXIO_MATRIX_SESSION_RETRY_MAX_INTERVAL`.
391
+ `DIREXIO_AGENT_INSTALL` may be `skip`, `recommend`, or `auto`; the default is `auto`. `auto` attempts to run `npm install -g direxio-connent@latest`, `direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force`, and `npm install -g direxio-mcp@latest`. `recommend` records and prints commands without mutating local daemon/package state. A cc-connect automatic install is reported as installed only when `direxio-connect daemon status --service-name <service_id>` returns `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise S6 records `agent_install_status=install_failed`. MCP automatic install records `mcp_install_status=installed` only when npm succeeds. S6 calls `agent.matrix_session.create` with `agent_token` and retries transient HTTP 000/404/408/409/425/429/5xx responses before failing, because the Matrix action can become reachable after `/healthz`; defaults are 12 attempts with exponential backoff capped by `DIREXIO_MATRIX_SESSION_RETRY_MAX_INTERVAL`.
377
392
 
378
393
  Voice input is supported through `direxio-connect` speech-to-text. When `DIREXIO_SPEECH_API_KEY` or a provider-specific key such as `DIREXIO_SPEECH_QWEN_API_KEY`, `OPENAI_API_KEY`, `GROQ_API_KEY`, `DASHSCOPE_API_KEY`, `GEMINI_API_KEY`, or `GOOGLE_API_KEY` is present, S6 writes `[speech] enabled = true` into the generated config. Without an STT key, do not claim voice input is enabled.
379
394
 
@@ -573,10 +588,10 @@ for the current service before giving advice. The status output includes a
573
588
  and may still be billing.
574
589
  - Resume safety: whether rerunning the same command is safe, or whether the
575
590
  operator must preserve `state.json` and continue with
576
- `P2P_EXISTING_STATE_ACTION=continue`.
577
- - Local refresh: if `agent_install_status=refresh_pending`, update/reset
578
- cleared old credentials, user confirmations, runtime checks, and bridge
579
- install proof; the next action is to rerun the deployment workflow to refresh S4-S7, local credentials, MCP snippets, and runtime checks.
591
+ `DIREXIO_EXISTING_STATE_ACTION=continue`.
592
+ - Local refresh: if `agent_install_status=refresh_pending`, reset/redeploy
593
+ cleared old credentials, user confirmations, runtime checks, bridge install
594
+ proof, and MCP install proof; the next action is to rerun the deployment workflow to refresh S4-S7, local credentials, MCP snippets, automatic installs, and runtime checks.
580
595
  - Next action: the concrete diagnostic or user action for the current phase.
581
596
  - Stop-loss: whether no cloud destroy is needed yet, or how to ask the agent to
582
597
  run destroy / run `scripts/destroy.sh` on POSIX or `.\scripts\destroy.ps1` on
@@ -623,8 +638,10 @@ reminders, `billing.cost_estimate`, destroy read-back evidence when applicable,
623
638
  `billing.destroy_cleanup_status`, `billing.possible_remaining_billable_resources`,
624
639
  and secret-redaction evidence. It also records local refresh state:
625
640
  `credentials.status`, `connect.install_status`, and `mcp.status` must show
626
- `refresh_pending` after update/reset until S5/S6/S7 and runtime verification
627
- write fresh evidence. User confirmation evidence is redacted before it is
641
+ `refresh_pending` after reset/redeploy until S5/S6/S7 and runtime verification
642
+ write fresh evidence. Image-only update keeps existing local refresh state and
643
+ does not clear credentials, confirmations, runtime checks, or local install
644
+ evidence. User confirmation evidence is redacted before it is
628
645
  written to the operation report, so initialization codes and tokens are not
629
646
  copied into handoff artifacts.
630
647
  If a destroy report lists possible remaining billable resources, tell the user
@@ -637,12 +654,39 @@ do next.
637
654
 
638
655
  Use `scripts/destroy.sh` for teardown on POSIX shells and `.\scripts\destroy.ps1` from PowerShell on Windows. The Windows wrapper selects Git for Windows Bash for the Bash state machine, sets Windows-compatible local path mode, and converts explicit Windows state paths before invoking `scripts/destroy.sh`. Destroy first checks `direxio-connect daemon status --service-name <service_id>` and stops plus uninstalls only that named daemon when the reported `WorkDir` matches the current service directory, `~/.direxio/nodes/<service_id>/cc-connect`. After AWS resources are terminated and released, destroy reads AWS back and records `destroy.evidence` before removing the corresponding local service directory under `~/.direxio/nodes/<service_id>`. This prevents stale state, credentials, bridge files, and stale local service registrations from blocking or misleading the next deployment while still preserving a reportable AWS cleanup audit trail. It leaves unrelated node credential directories intact.
639
656
 
657
+ Before running destroy, warn the user that this is not merely "turning off the
658
+ server." Destroy removes the recorded cloud node and its application data. The
659
+ current app account, friends, channels, messages, Agent room/session, and login
660
+ state will no longer be usable. If the user later deploys again, even with the
661
+ same domain, treat it as a new Direxio node that needs a fresh app
662
+ initialization code, new account setup, new friends, and new channels.
663
+
664
+ For ordinary users, distinguish the available destructive levels before asking
665
+ for confirmation:
666
+
667
+ - Update deployment: keep accounts, friends, channels, messages, DNS, TLS, and
668
+ cloud resources; only refresh the service image and local credentials.
669
+ - Reset app data: keep EC2, public IP, DNS, and TLS storage, but delete app
670
+ accounts, friends, channels, messages, and Agent room state.
671
+ - Destroy resources: delete the recorded EC2/EBS/EIP/security group/key pair,
672
+ remove the deployer-managed DNS A record, stop the local bridge, and make the
673
+ current app data unavailable.
674
+
675
+ Require an explicit destructive confirmation before destroy when the user has
676
+ not already clearly confirmed this data loss. A suitable confirmation is:
677
+
678
+ ```text
679
+ I confirm destroying this Direxio node and understand the current account,
680
+ friends, channels, messages, and Agent conversation will be lost; redeploying
681
+ later will create a new node/account.
682
+ ```
683
+
640
684
  Destroy uses the same AWS identity boundary as deployment: root AWS access-key
641
685
  identity is allowed when the operator explicitly chose root credentials. Prefer
642
686
  using the same temporary `DirexioDeployer` IAM user/profile for teardown when
643
687
  that was used for provisioning.
644
688
 
645
- If an operator needs to preserve local state files for debugging, run destroy with `P2P_KEEP_WORKDIR=1` and explicitly report that the stale service directory remains.
689
+ If an operator needs to preserve local state files for debugging, run destroy with `DIREXIO_KEEP_WORKDIR=1` and explicitly report that the stale service directory remains.
646
690
 
647
691
  ### Full reset / "treat me as a brand new user"
648
692
 
@@ -657,15 +701,15 @@ When the user asks for a complete fresh start — "destroy everything", "start o
657
701
 
658
702
  ## Image Refresh And Data Reset
659
703
 
660
- When the user only asks to pull a newer image on an existing EC2 instance, do not destroy cloud resources and do not delete application or TLS storage. Run `scripts/update.sh` against the current state. It SSHes to the existing node, optionally updates `MESSAGE_SERVER_IMAGE`, runs Docker Compose pull/up, reruns `/opt/p2p/init-tokens.sh`, clears stale local secret fields, clears old user-confirmation/runtime-check evidence, marks `agent_install_status=refresh_pending`, stops only the matching service-scoped direxio-connect daemon when its `WorkDir` matches this service, marks S4-S7 pending, and writes a redacted `operation-report.json`.
704
+ When the user only asks to pull a newer image on an existing EC2 instance, do not destroy cloud resources and do not delete application or TLS storage. Run `scripts/update.sh` against the current state. It SSHes to the existing node, optionally updates `MESSAGE_SERVER_IMAGE`, runs Docker Compose pull/up, reruns `/opt/p2p/init-tokens.sh` only when current bootstrap credentials are missing, leaves local credentials, user-confirmation/runtime-check evidence, cc-connect daemon state, MCP artifacts, and S4-S7 phase state unchanged, and writes a redacted `operation-report.json`.
661
705
 
662
- When the user asks to reset application data on an existing EC2 instance, do not destroy EC2, public IPv4/EIP, DNS, or Caddy TLS storage. Run `scripts/reset-app-data.sh` only after explicit destructive confirmation with `DIREXIO_RESET_APP_DATA_CONFIRM=1`. It clears only the application volumes (`postgres-data`, `message-config`, `message-data`), generates a new backend password/init-code field, restarts the stack, reruns `/opt/p2p/init-tokens.sh`, clears stale local secret fields, clears old user-confirmation/runtime-check evidence, marks `agent_install_status=refresh_pending`, stops only the matching service-scoped direxio-connect daemon when its `WorkDir` matches this service, marks S4-S7 pending, and writes a redacted `operation-report.json`.
706
+ When the user asks to reset application data on an existing EC2 instance, do not destroy EC2, public IPv4/EIP, DNS, or Caddy TLS storage. Run `scripts/reset-app-data.sh` only after explicit destructive confirmation with `DIREXIO_RESET_APP_DATA_CONFIRM=1`. It clears only the application volumes (`postgres-data`, `message-config`, `message-data`), generates a new backend password/init-code field, restarts the stack, reruns `/opt/p2p/init-tokens.sh`, clears stale local secret fields, clears old user-confirmation/runtime-check evidence, marks `agent_install_status=refresh_pending` and `mcp_install_status=refresh_pending`, stops only the matching service-scoped direxio-connect daemon when its `WorkDir` matches this service, marks S4-S7 pending, and writes a redacted `operation-report.json`. The follow-up orchestrate run regenerates local credentials/MCP artifacts and, by default, reinstalls/restarts cc-connect plus direxio-mcp.
663
707
 
664
708
  Current message-server images require `P2P_PORTAL_PASSWORD` and an explicit `portal.bootstrap`; `init-tokens.sh` owns that cloud-side bootstrap and creates a real Matrix `agent_room_id` when the backend credentials file does not already include one.
665
709
 
666
710
  Do not delete caddy-data or caddy-config during an image-only refresh. Removing Caddy's ACME storage loses the existing production certificate and can trigger CA duplicate-certificate rate limits. Preserve `caddy-data` and `caddy-config`; clear only `postgres-data message-config message-data` when the requested reset needs a clean homeserver/database.
667
711
 
668
- For repeated test refreshes, rerun `scripts/orchestrate.sh` normally after update/reset. S4-S7 will re-run from state, and S6 only rewrites local credentials and environment files unless `DIREXIO_AGENT_INSTALL=auto` is explicitly set.
712
+ For repeated data-reset refreshes, rerun `scripts/orchestrate.sh` normally after reset. S4-S7 will re-run from state, and S6 regenerates local credentials/MCP artifacts and automatically installs/restarts local packages unless `DIREXIO_AGENT_INSTALL=recommend` or `skip` is explicitly set. Image-only update does not require an orchestrate follow-up unless verification shows the service actually regenerated credentials.
669
713
 
670
714
  ## Minimal Invocation
671
715
 
@@ -679,7 +723,7 @@ MESSAGE_SERVER_IMAGE=direxio/message-server:latest \
679
723
  bash scripts/orchestrate.sh
680
724
  ```
681
725
 
682
- Use an `AWS_PROFILE` or temporary `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` for the selected AWS identity. Root access keys are allowed when the operator explicitly chooses them; a temporary `DirexioDeployer` IAM user remains the recommended routine path. Do not write AWS secrets, initialization codes, or agent tokens into skill files or the repository.
726
+ Use an `AWS_PROFILE` or temporary `AWS_ACCESS_KEY_ID` / `AWS_SECRET_ACCESS_KEY` for the selected AWS identity. Root access keys are allowed when the operator explicitly chooses them; they are the fastest first-deploy path but highly privileged and must be saved securely, never pasted, and rotated or deleted after deployment. A temporary `DirexioDeployer` IAM user is the safer path but takes more setup steps. Do not write AWS secrets, initialization codes, or agent tokens into skill files or the repository.
683
727
 
684
728
  On Windows, prefer `.\scripts\orchestrate.ps1` and `.\scripts\destroy.ps1` from PowerShell. These wrappers select Git for Windows Bash for the Bash phases and write Windows-compatible local `direxio-connect` paths.
685
729
 
@@ -739,7 +783,7 @@ security : delete or disable any temporary DirexioDeployer access key after
739
783
  report : <operation-report.json path>
740
784
  ```
741
785
 
742
- Mention that AWS resources keep billing until destroyed. User-managed DNS and purchased domains are not removed by destroy. After destroy, report which `~/.direxio/nodes/<service_id>` service directory was removed or, if `P2P_KEEP_WORKDIR=1` was used, which local directory remains.
786
+ Mention that AWS resources keep billing until destroyed. User-managed DNS and purchased domains are not removed by destroy. After destroy, report which `~/.direxio/nodes/<service_id>` service directory was removed or, if `DIREXIO_KEEP_WORKDIR=1` was used, which local directory remains.
743
787
 
744
788
  If `DIREXIO_AGENT_INSTALL=auto` was not used, or if it recorded `install_failed`, give the manual command:
745
789
 
package/agents/README.md CHANGED
@@ -10,12 +10,12 @@ When an agent runtime supports skill metadata, point it at `SKILL.md` and use `s
10
10
 
11
11
  Recognition keywords:
12
12
 
13
- - deploy P2P-IM Matrix
14
- - resume P2P Matrix deployment
15
- - verify P2P Matrix server
16
- - destroy P2P Matrix AWS resources
13
+ - deploy Direxio
14
+ - resume Direxio deployment
15
+ - verify Direxio message server
16
+ - destroy Direxio AWS resources
17
17
  - wire Direxio MCP/plugin
18
- - refresh P2P agent token
18
+ - refresh Direxio agent token
19
19
 
20
20
  Required capabilities:
21
21
 
@@ -1,12 +1,12 @@
1
1
  display_name: Direxio Deployer
2
- short_description: Deploy, resume, verify, destroy, and wire Direxio MCP/plugin access for a production P2P-IM Matrix server on AWS.
3
- default_prompt: Deploy a P2P-IM Matrix server using my production domain, following SKILL.md and scripts/orchestrate.sh.
2
+ short_description: Deploy, resume, verify, destroy, and wire Direxio MCP/plugin access for a production Direxio message server on AWS.
3
+ default_prompt: Deploy a Direxio message server using my production domain, following SKILL.md and scripts/orchestrate.sh.
4
4
  entrypoint: ../SKILL.md
5
5
  runtime_notes:
6
6
  - Read SKILL.md before running deployment commands.
7
7
  - When installing or updating this skill itself, read references/agent-targets.md and use the runtime-specific project-local Git clone path before any global fallback.
8
8
  - Use scripts/orchestrate.sh from the repository root.
9
9
  - Use scripts/destroy.sh for teardown.
10
- - S6 writes DIREXIO_DOMAIN, DIREXIO_AGENT_TOKEN, and DIREXIO_AGENT_ROOM_ID, then records runtime-specific skill and MCP/config targets for direxio-mcp and P2P-IM/direxio-agent-plugins.
10
+ - S6 writes DIREXIO_DOMAIN, DIREXIO_AGENT_TOKEN, and DIREXIO_AGENT_ROOM_ID, then records runtime-specific skill and MCP/config targets for direxio-mcp and Direxio agent plugins.
11
11
  - Ask before mutating the current agent runtime's plugin or MCP configuration.
12
12
  - The instructions are compatible with Claude, Codex/OpenAI, Gemini, Cursor, Copilot, OpenClaw, Hermes, and other shell-capable agent runtimes.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "direxio-deployer",
3
- "version": "0.1.7",
3
+ "version": "0.1.9",
4
4
  "description": "Versioned Direxio deployer agent skill and portable deployment orchestration tools.",
5
5
  "type": "module",
6
6
  "bin": {
@@ -127,7 +127,7 @@ Use `mcp/codex.toml` for Codex and `mcp/hermes.mcp.json` for Hermes. For OpenCla
127
127
 
128
128
  - `DIREXIO_AGENT_INSTALL=skip`: write credentials/env and cc-connect config only.
129
129
  - `DIREXIO_AGENT_INSTALL=recommend`: write files, record state, and print the install command.
130
- - `DIREXIO_AGENT_INSTALL=auto`: run `npm install -g direxio-connent@latest` and then `direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force`. S6 records this as installed only after `direxio-connect daemon status --service-name <service_id>` reports `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise it records `agent_install_status=install_failed`.
130
+ - `DIREXIO_AGENT_INSTALL=auto` (default): run `npm install -g direxio-connent@latest`, `direxio-connect daemon install --config ~/.direxio/nodes/<service_id>/cc-connect/config.toml --service-name <service_id> --force`, and `npm install -g direxio-mcp@latest`. S6 records cc-connect as installed only after `direxio-connect daemon status --service-name <service_id>` reports `Status: Running` and recent daemon logs do not show ACP session initialization failure; otherwise it records `agent_install_status=install_failed`. MCP records `mcp_install_status=installed` only when npm succeeds.
131
131
 
132
132
  Prefer `DIREXIO_CC_CONNECT_AGENT=<agent>` to choose the local agent that `direxio-connect` should run. Keep `DIREXIO_AGENT_PLATFORM=<runtime>` for auto-detection overrides and legacy host-runtime naming. Use `DIREXIO_AGENT_INSTALL_MODE=cc-connect` only when overriding the default `recommended` mapping explicitly.
133
133
  Use `DIREXIO_CC_CONNECT_AGENT_OPTIONS_TOML` for agent-specific options that cannot be represented by `work_dir` or `cmd`; for example `reasonix` requires `serve_url`, `tmux` requires `session`, and generic `acp` requires a command when `DIREXIO_CC_CONNECT_AGENT_CMD` is not enough.
@@ -17,7 +17,7 @@ coturn -> TURN 3478 + 49160-49200/udp
17
17
  ```
18
18
 
19
19
  - **message-server**: `direxio/message-server:latest`,同时承载 Matrix homeserver 和 `/_p2p/query`/`/_p2p/command`。
20
- - **PostgreSQL 18**: Matrix 与 P2P 业务表共库持久化,compose 使用 `/var/lib/postgresql`。
20
+ - **PostgreSQL 18**: Matrix 与 Direxio 业务表共库持久化,compose 使用 `/var/lib/postgresql`。
21
21
  - **Caddy**: 唯一 HTTP/TLS 入口,自动签发 Let's Encrypt。
22
22
  - **coturn**: WebRTC TURN relay,Direxio message-server 通过 shared-secret 动态签发 TURN 凭证。
23
23
 
@@ -25,17 +25,17 @@ coturn -> TURN 3478 + 49160-49200/udp
25
25
 
26
26
  1. `postgres` healthy。
27
27
  2. `message-init` 生成 `/etc/direxio-message-server/message-server.yaml` 和 signing key,并写入 TURN 配置。
28
- 3. `message-server` 启动,加载 Matrix + P2P 业务,读取 `P2P_PORTAL_PASSWORD` 和 `P2P_PORTAL_CREDENTIALS_FILE`。
28
+ 3. `message-server` 启动,加载 Matrix + Direxio 业务,读取 `P2P_PORTAL_PASSWORD` 和 `P2P_PORTAL_CREDENTIALS_FILE`。
29
29
  4. `init-tokens.sh` 调用 `portal.bootstrap`,从容器复制凭据到宿主 `/opt/p2p/bootstrap.json`。如果最新服务端没有写入 `agent_room_id`,脚本会通过 Matrix Client API 创建真实 agent room、邀请并加入 `@agent:<server>`,再把 `agent_room_id` 回写到宿主和容器凭据文件。
30
30
  5. `init-tokens.sh` 生成 `/opt/p2p/wellknown/owner.json`。
31
- 6. `caddy` 对外服务 Matrix、P2P API 和 well-known。
31
+ 6. `caddy` 对外服务 Matrix、Direxio API 和 well-known。
32
32
 
33
33
  ## 凭据模型
34
34
 
35
35
  `/opt/p2p/bootstrap.json` 会包含:
36
36
 
37
37
  - `password`: 后端字段名;对用户展示时是八位 App 初始化码。
38
- - `access_token`: 当前用户的统一 bearer token,可用于 Matrix `/_matrix/client/*` 和需要用户身份的 P2P 调用。
38
+ - `access_token`: 当前用户的统一 bearer token,可用于 Matrix `/_matrix/client/*` 和需要用户身份的 Direxio 调用。
39
39
  - `agent_token`: 本地服务凭据中的 agent bearer token;`direxio-connect` 对话桥接使用 S6 创建的 `@agent:<server>` Matrix session。
40
40
  - `agent_room_id`: 真实 Matrix 房间 ID。部署脚本拒绝旧式 `!agent:<domain>` 伪房间。
41
41
 
@@ -3,12 +3,12 @@
3
3
  部署链路上所有真实踩过的坑。**已全部修进 `scripts/` 下的部署文件**,新部署不会再撞;
4
4
  列在这里是为了:① 理解每个设计决策的来由;② 若有人改坏了哪处,能快速定位回退点。
5
5
 
6
- ## p2p-matrix-as 仓库
6
+ ## Legacy pre-Direxio message-server 仓库
7
7
 
8
8
  ### AS PR #4 — 镜像多架构
9
9
  - **症状**:ARM 架构 EC2(t4g 系列)`docker pull` 后 `exec format error`。
10
10
  - **根因**:镜像只 build 了 amd64。
11
- - **修复**:CI 用 buildx 出 `amd64+arm64` 多架构镜像。`xuyanzu01/p2p-im-as:latest` 已是多架构。
11
+ - **修复**:CI 用 buildx 出 `amd64+arm64` 多架构镜像。legacy pre-Direxio AS 镜像已是多架构。
12
12
 
13
13
  ### AS PR #5 — 容器化体验
14
14
  - **卷权限**:命名卷默认 root:700,AS 降权到 asd(UID 10001)后打不开 sqlite → `SQLITE_CANTOPEN`。
@@ -15,7 +15,7 @@ S5_INIT_TOKENS failed: read bootstrap.json timed out
15
15
 
16
16
  Cause:
17
17
 
18
- Current `p2p-matrix-as` builds initialize on service startup and write
18
+ Current Direxio message-server builds initialize on service startup and write
19
19
  `/opt/p2p/bootstrap.json` with the login `password`, `agent_token`, and owner
20
20
  metadata. Calling the old bootstrap HTTP endpoint or scraping logs is no longer
21
21
  part of the deploy path.
@@ -80,7 +80,7 @@ Fix now in ops:
80
80
  the local `timeout` command is available.
81
81
  - If a deployment was interrupted, inspect `scripts/orchestrate.sh status`,
82
82
  stop only leftover local `orchestrate.sh`/`curl`/`ssh` children for that run,
83
- and resume with `P2P_EXISTING_STATE_ACTION=continue`.
83
+ and resume with `DIREXIO_EXISTING_STATE_ACTION=continue`.
84
84
  - If SSH to the instance is blocked but AWS access still works, attach a
85
85
  temporary SSM role and use SSM Run Command to read `/opt/p2p/bootstrap.json`
86
86
  without printing secrets. Remove or audit the temporary role after recovery.
@@ -94,7 +94,7 @@ resolves correctly. This avoids Caddy and Let's Encrypt racing DNS propagation.
94
94
  When rerunning after a resource was created, set:
95
95
 
96
96
  ```bash
97
- P2P_EXISTING_STATE_ACTION=continue
97
+ DIREXIO_EXISTING_STATE_ACTION=continue
98
98
  ```
99
99
 
100
100
  This is deliberate. It prevents accidental duplicate EC2/EIP creation or unsafe
@@ -102,10 +102,11 @@ reuse of an old deployment state.
102
102
 
103
103
  ## Credential Safety
104
104
 
105
- Prefer a temporary `DirexioDeployer` IAM user or dedicated IAM role for routine
106
- deployment. Root access keys are allowed when the operator explicitly chooses
107
- them; report that the identity is root and remind the operator to rotate or
108
- remove the key when it is no longer needed.
105
+ Offer two credential paths for first-time deployment. Root access keys are the
106
+ fastest path but are highly privileged; report that the identity is root,
107
+ remind the operator to save the CSV securely, and rotate or remove the key when
108
+ it is no longer needed. A temporary `DirexioDeployer` IAM user or dedicated IAM
109
+ role is safer but requires more AWS console steps.
109
110
 
110
111
  Do not store AWS AK/SK in skill files, docs, or committed repo files. Treat
111
112
  `state.json`, `outputs.json`, and `~/.direxio/nodes/<service_id>/credentials.json` as local
@@ -135,7 +136,7 @@ Fix procedure:
135
136
  2. Delegate those NS servers at the current registrar, or use the provider API
136
137
  if credentials are available.
137
138
  3. Wait for authoritative NS and A-record propagation.
138
- 4. Re-run `scripts/orchestrate.sh` with `P2P_EXISTING_STATE_ACTION=continue`.
139
+ 4. Re-run `scripts/orchestrate.sh` with `DIREXIO_EXISTING_STATE_ACTION=continue`.
139
140
 
140
141
  DNS propagation of new NS records can take minutes to hours. After the user
141
142
  confirms the change, verify with `nslookup -type=NS <DOMAIN>` or
@@ -185,7 +186,7 @@ Workaround (use when the health check is the only blocker and the rate limit is
185
186
 
186
187
  4. Resume orchestrate.sh with:
187
188
  ```bash
188
- P2P_EXISTING_STATE_ACTION=continue bash scripts/orchestrate.sh
189
+ DIREXIO_EXISTING_STATE_ACTION=continue bash scripts/orchestrate.sh
189
190
  ```
190
191
 
191
192
  5. **After deployment completes**, restore the original Caddyfile (remove `tls internal`) and restart Caddy. Caddy will retry the production Let's Encrypt cert when the rate limit resets. The self-signed cert is a temporary bridge; HTTPS will show a browser warning until the production cert is obtained.
@@ -30,9 +30,10 @@ Current best plan is the stricter plan now encoded in this branch:
30
30
  whether to send a real message in the Agent chat box.
31
31
  6. Keep update/reset/destroy as separate operations with separate receipts;
32
32
  update/reset are now first-class scripts, not runbook-only manual actions.
33
- 7. Treat update/reset follow-up as a Local refresh state: update/reset cleared
34
- old credentials, user confirmations, runtime checks, and bridge install
35
- proof, so the next action is to rerun S4-S7 and runtime checks.
33
+ 7. Treat reset/redeploy follow-up as a Local refresh state: reset/redeploy
34
+ clears old credentials, user confirmations, runtime checks, bridge install
35
+ proof, and MCP install proof, so the next action is to rerun S4-S7 and
36
+ runtime checks. Image-only update keeps local state intact.
36
37
  8. Keep Lightsail out of the current user-facing path. Lightsail remains
37
38
  deferred until it has an independent resource model, pricing, state,
38
39
  destroy, and test matrix.
@@ -132,14 +133,17 @@ Status: Deployer-side implemented.
132
133
 
133
134
  Current evidence:
134
135
  - `scripts/aws-credentials.sh import-csv|verify` imports local CSV credentials,
135
- tightens file permissions, blocks root identity, and redacts identity output.
136
- - `SKILL.md` documents the temporary `DirexioDeployer` IAM user path with
136
+ tightens file permissions, allows root identity only with explicit operator
137
+ choice, and redacts identity output.
138
+ - `SKILL.md` documents both the fast root access-key path with security
139
+ warnings and the safer temporary `DirexioDeployer` IAM user path with
137
140
  temporary `AdministratorAccess`, then cleanup.
138
141
  - Reports and tests assert secrets are redacted and not written to reports.
139
142
 
140
143
  Difference from the checklist:
141
- - The current branch chooses the practical MVP path: temporary IAM admin user,
142
- no root access keys, and cleanup guidance after deployment.
144
+ - The current branch chooses the practical MVP path: let the operator choose
145
+ fast root credentials or a safer temporary IAM admin user, with cleanup
146
+ guidance after deployment.
143
147
 
144
148
  Remaining evidence:
145
149
  - Long-term least-privilege IAM generation is still a future hardening task.
@@ -226,11 +230,11 @@ Current evidence:
226
230
  - S5 refreshes bootstrap credentials from the server.
227
231
  - S6 rewrites service-scoped `credentials.json`, `env`, cc-connect config, and
228
232
  MCP snippets.
229
- - Update/reset mark S4-S7 pending and report refresh-pending status.
230
- - Update/reset stops only the matching service-scoped direxio-connect daemon
233
+ - Reset/redeploy mark S4-S7 pending and report refresh-pending status.
234
+ - Reset/redeploy stops only the matching service-scoped direxio-connect daemon
231
235
  when its `WorkDir` matches the current service, so stale local bridge
232
236
  processes do not keep using old credentials.
233
- - `status` reports Local refresh when update/reset cleared old credentials, user confirmations, runtime checks, and bridge install proof.
237
+ - `status` reports Local refresh when reset/redeploy cleared old credentials, user confirmations, runtime checks, bridge install proof, and MCP install proof.
234
238
  - Runtime checks fail closed when a stale service directory or wrong WorkDir is
235
239
  detected.
236
240