direxio-deployer 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +17 -9
- package/README_zh.md +15 -9
- package/SKILL.md +73 -29
- package/agents/README.md +5 -5
- package/agents/openai.yaml +3 -3
- package/package.json +1 -1
- package/references/agent-targets.md +1 -1
- package/references/architecture.md +4 -4
- package/references/bug-history.md +2 -2
- package/references/deployment-lessons.md +10 -9
- package/references/deployment-optimization-audit.md +14 -10
- package/references/deployment-workflow.md +29 -22
- package/references/iam-policy.json +1 -1
- package/references/runtime-wiring.md +2 -2
- package/references/state-machine.md +1 -1
- package/references/token-refresh.md +3 -1
- package/references/tooling.md +6 -3
- package/references/user-journey.md +1 -1
- package/references/verification-recovery.md +11 -5
- package/references/voip-turn-runbook.md +2 -2
- package/scripts/cloud-init/docker-compose.yml +7 -7
- package/scripts/cloud-init/init-tokens.sh +4 -4
- package/scripts/destroy.ps1 +3 -3
- package/scripts/destroy.sh +9 -9
- package/scripts/json.mjs +2 -0
- package/scripts/lib/paths.sh +1 -3
- package/scripts/lib/state.sh +9 -9
- package/scripts/orchestrate.ps1 +3 -3
- package/scripts/orchestrate.sh +18 -19
- package/scripts/phases/s2_domain.sh +4 -4
- package/scripts/phases/s3_provision.sh +6 -6
- package/scripts/phases/s5_init_tokens.sh +1 -1
- package/scripts/phases/s6_wire_local.sh +23 -1
- package/scripts/reset-app-data.sh +1 -1
- package/scripts/update.sh +2 -10
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env bash
|
|
2
2
|
# S2 DOMAIN_DECISION — validate the production Matrix server_name.
|
|
3
3
|
#
|
|
4
|
-
#
|
|
4
|
+
# Direxio production deployments require a real, long-lived domain. Temporary
|
|
5
5
|
# sslip.io/public-IP domains are intentionally not part of this interface.
|
|
6
6
|
#
|
|
7
7
|
# Supported modes:
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
# DOMAIN_MODE=route53 Route53 hosted zone; ops manages the A record
|
|
10
10
|
#
|
|
11
11
|
# If DOMAIN_MODE is omitted but DOMAIN is present, user mode is assumed.
|
|
12
|
-
#
|
|
12
|
+
# DIREXIO_ASSUME_DEFAULTS never chooses a domain.
|
|
13
13
|
|
|
14
14
|
S2_PHASE_DIR=$(cd "$(dirname "${BASH_SOURCE[0]:-$0}")/.." && pwd)
|
|
15
15
|
source "$S2_PHASE_DIR/lib/domain.sh"
|
|
@@ -24,7 +24,7 @@ run_phase() {
|
|
|
24
24
|
if [ -n "$domain" ]; then
|
|
25
25
|
mode=user
|
|
26
26
|
elif [ -t 0 ]; then
|
|
27
|
-
warn "
|
|
27
|
+
warn "Direxio requires a production domain as the Matrix server_name."
|
|
28
28
|
warn "Changing the domain is effectively a new homeserver identity; temporary sslip.io defaults are not supported."
|
|
29
29
|
printf "Enter the final domain (for example __DOMAIN__): " >&2
|
|
30
30
|
read -r domain
|
|
@@ -36,7 +36,7 @@ run_phase() {
|
|
|
36
36
|
mode=user
|
|
37
37
|
else
|
|
38
38
|
phase_set S2_DOMAIN waiting_user "waiting for production domain"
|
|
39
|
-
warn "Deployment blocked: DOMAIN is missing.
|
|
39
|
+
warn "Deployment blocked: DOMAIN is missing. Direxio no longer supports temporary sslip.io defaults."
|
|
40
40
|
warn "Prepare a production domain such as __DOMAIN__. Matrix server_name binds to that domain; changing it later is effectively a new homeserver identity."
|
|
41
41
|
warn "Example:"
|
|
42
42
|
warn " DOMAIN=__DOMAIN__ DOMAIN_MODE=user CONFIRM_DOMAIN_BINDING=1 bash scripts/orchestrate.sh"
|
|
@@ -18,7 +18,7 @@ run_phase() {
|
|
|
18
18
|
if [ -z "$instance_type" ]; then
|
|
19
19
|
instance_type=${INSTANCE_TYPE:-}
|
|
20
20
|
if [ -z "$instance_type" ]; then
|
|
21
|
-
if [ "${
|
|
21
|
+
if [ "${DIREXIO_ASSUME_DEFAULTS:-0}" = "1" ]; then
|
|
22
22
|
instance_type=t3.small
|
|
23
23
|
elif [ -t 0 ]; then
|
|
24
24
|
warn "Default EC2 instance type is t3.small (2 vCPU / 2GB). Do you need a larger instance?"
|
|
@@ -50,10 +50,10 @@ run_phase() {
|
|
|
50
50
|
vpc=$(res_get vpc_id)
|
|
51
51
|
local message_server_image
|
|
52
52
|
message_server_image=${MESSAGE_SERVER_IMAGE:-direxio/message-server:latest}
|
|
53
|
-
local scripts_dir=${
|
|
53
|
+
local scripts_dir=${DIREXIO_INSTALL_SCRIPTS_DIR:-${HERE:-$S3_PHASE_DIR}}
|
|
54
54
|
|
|
55
55
|
# 1) Key pair (idempotent).
|
|
56
|
-
local keyfile="$
|
|
56
|
+
local keyfile="$DIREXIO_WORKDIR/${name}.pem"
|
|
57
57
|
if [ -z "$(res_get key_name)" ]; then
|
|
58
58
|
log "Creating key pair $name ..."
|
|
59
59
|
aws ec2 create-key-pair --key-name "$name" --query KeyMaterial --output text > "$keyfile"
|
|
@@ -69,7 +69,7 @@ run_phase() {
|
|
|
69
69
|
warn "Security group opens 22/80/443, TURN 3478 tcp/udp, and 49160-49200/udp to 0.0.0.0/0."
|
|
70
70
|
warn "Keep the SSH private key, AWS credentials, and password secure."
|
|
71
71
|
sg=$(aws ec2 create-security-group --group-name "$name" \
|
|
72
|
-
--description "
|
|
72
|
+
--description "direxio $name" --vpc-id "$vpc" --query GroupId --output text)
|
|
73
73
|
res_set sg_id "$sg"
|
|
74
74
|
local p
|
|
75
75
|
for p in 22 80 443; do
|
|
@@ -95,7 +95,7 @@ run_phase() {
|
|
|
95
95
|
warn "S3 requires a production DOMAIN. Complete S2_DOMAIN first."
|
|
96
96
|
return 2
|
|
97
97
|
fi
|
|
98
|
-
local userdata="$
|
|
98
|
+
local userdata="$DIREXIO_WORKDIR/user-data.yaml"
|
|
99
99
|
log "Rendering cloud-init (domain_mode=$domain_mode)..."
|
|
100
100
|
bash "$scripts_dir/render/render-userdata.sh" \
|
|
101
101
|
--domain "$domain" \
|
|
@@ -215,7 +215,7 @@ _upsert_route53_record() {
|
|
|
215
215
|
change_file=$(mktemp)
|
|
216
216
|
cat > "$change_file" <<EOF
|
|
217
217
|
{
|
|
218
|
-
"Comment": "
|
|
218
|
+
"Comment": "Direxio deployment",
|
|
219
219
|
"Changes": [
|
|
220
220
|
{
|
|
221
221
|
"Action": "UPSERT",
|
|
@@ -8,7 +8,7 @@ run_phase() {
|
|
|
8
8
|
domain=$(state_get domain)
|
|
9
9
|
pubip=$(res_get public_ip)
|
|
10
10
|
keyfile=$(res_get key_file)
|
|
11
|
-
local out="$
|
|
11
|
+
local out="$DIREXIO_WORKDIR/outputs.json" raw
|
|
12
12
|
raw=$(mktemp)
|
|
13
13
|
trap 'rm -f "${raw:-}"; trap - RETURN' RETURN
|
|
14
14
|
|
|
@@ -362,7 +362,7 @@ _validate_agent_platform() {
|
|
|
362
362
|
}
|
|
363
363
|
|
|
364
364
|
_agent_install_policy() {
|
|
365
|
-
local policy=${DIREXIO_AGENT_INSTALL:-
|
|
365
|
+
local policy=${DIREXIO_AGENT_INSTALL:-auto}
|
|
366
366
|
case "$policy" in
|
|
367
367
|
skip|recommend|auto) printf '%s\n' "$policy" ;;
|
|
368
368
|
*) fail "DIREXIO_AGENT_INSTALL must be skip, recommend, or auto." ;;
|
|
@@ -1125,6 +1125,26 @@ _maybe_auto_install_cc_connect() {
|
|
|
1125
1125
|
fi
|
|
1126
1126
|
}
|
|
1127
1127
|
|
|
1128
|
+
_maybe_auto_install_mcp() {
|
|
1129
|
+
local policy=$1
|
|
1130
|
+
if [ "$policy" != "auto" ]; then
|
|
1131
|
+
state_set mcp_install_status "$policy" 2>/dev/null || true
|
|
1132
|
+
return 0
|
|
1133
|
+
fi
|
|
1134
|
+
if ! command -v npm >/dev/null 2>&1; then
|
|
1135
|
+
warn "DIREXIO_AGENT_INSTALL=auto requested, but npm is not on PATH. Install Node.js to install direxio-mcp automatically."
|
|
1136
|
+
state_set mcp_install_status "npm_missing" 2>/dev/null || true
|
|
1137
|
+
return 0
|
|
1138
|
+
fi
|
|
1139
|
+
if npm install -g "$(_mcp_npm_package)"; then
|
|
1140
|
+
state_set mcp_install_status "installed" 2>/dev/null || true
|
|
1141
|
+
ok "direxio-mcp installed from npm."
|
|
1142
|
+
else
|
|
1143
|
+
state_set mcp_install_status "install_failed" 2>/dev/null || true
|
|
1144
|
+
warn "direxio-mcp npm install failed. MCP config artifacts and install command are available for manual recovery."
|
|
1145
|
+
fi
|
|
1146
|
+
}
|
|
1147
|
+
|
|
1128
1148
|
_agent_skill_install_path() {
|
|
1129
1149
|
local runtime=$1
|
|
1130
1150
|
case "$runtime" in
|
|
@@ -1442,12 +1462,14 @@ run_phase() {
|
|
|
1442
1462
|
state_set agent_install_policy "$install_policy" 2>/dev/null || true
|
|
1443
1463
|
state_set agent_install_mode "$install_mode" 2>/dev/null || true
|
|
1444
1464
|
state_set agent_install_command "$install_command" 2>/dev/null || true
|
|
1465
|
+
state_set mcp_install_policy "$install_policy" 2>/dev/null || true
|
|
1445
1466
|
state_set agent_skill_install_path "$skill_path" 2>/dev/null || true
|
|
1446
1467
|
state_set agent_global_skill_install_path "$global_skill_path" 2>/dev/null || true
|
|
1447
1468
|
state_set direxio_agent_bridge "cc-connect" 2>/dev/null || true
|
|
1448
1469
|
_print_cc_connect_guidance "$runtime" "$asurl" "$node_cred" "$envfile" "$install_policy" "$install_mode" "$install_command" "$node_id" "$cc_config_local" "$cc_binary" "$cc_agent" "$cc_agent_cmd" "$service_id"
|
|
1449
1470
|
_print_mcp_guidance "$runtime" "$service_id" "$mcp_server_name" "$node_cred_local" "$mcp_dir_local" "$mcp_codex_config_local" "$mcp_openclaw_config_local" "$mcp_hermes_config_local" "$mcp_install_command" "$mcp_doctor_command"
|
|
1450
1471
|
_maybe_auto_install_agent "$install_policy" "$runtime" "$cc_agent" "$service_dir" "$cc_config" "$cc_binary" "$service_id"
|
|
1472
|
+
_maybe_auto_install_mcp "$install_policy"
|
|
1451
1473
|
|
|
1452
1474
|
phase_set S6_WIRE_LOCAL done "credentials.json written;node_id=$node_id;service_id=$service_id;env_file=$envfile;runtime=$runtime;install_policy=$install_policy;install_mode=$install_mode;cc_connect_config=$cc_config;mcp_config_dir=$mcp_dir;cc_connect_agent=$cc_agent"
|
|
1453
1475
|
return 0
|
|
@@ -36,5 +36,5 @@ echo "Application data reset complete on the existing node."
|
|
|
36
36
|
echo "Caddy TLS storage was preserved."
|
|
37
37
|
echo "Old user confirmations and runtime checks were cleared."
|
|
38
38
|
echo "$bridge_stop_message"
|
|
39
|
-
echo "Local S4-S7 gates were reset; rerun orchestrate with
|
|
39
|
+
echo "Local S4-S7 gates were reset; rerun orchestrate with DIREXIO_EXISTING_STATE_ACTION=continue."
|
|
40
40
|
echo "operation report: $report"
|
package/scripts/update.sh
CHANGED
|
@@ -15,16 +15,8 @@ ops_require_state "$STATE_JSON"
|
|
|
15
15
|
|
|
16
16
|
remote_command=$(ops_update_remote_command "${MESSAGE_SERVER_IMAGE:-}")
|
|
17
17
|
ops_ssh "$STATE_JSON" "$remote_command"
|
|
18
|
-
|
|
19
|
-
if ops_stop_scoped_daemon "$STATE_JSON"; then
|
|
20
|
-
bridge_stop_message="Scoped local bridge daemon was stopped; rerun S6 to install fresh config."
|
|
21
|
-
else
|
|
22
|
-
bridge_stop_message="Scoped local bridge daemon stop was skipped or not needed."
|
|
23
|
-
fi
|
|
24
|
-
report=$(ops_write_report update update_remote_restart_complete_refresh_pending "$STATE_JSON")
|
|
18
|
+
report=$(ops_write_report update update_remote_restart_complete "$STATE_JSON")
|
|
25
19
|
|
|
26
20
|
echo "Update remote restart complete."
|
|
27
|
-
echo "
|
|
28
|
-
echo "$bridge_stop_message"
|
|
29
|
-
echo "Local S4-S7 gates were reset; rerun orchestrate with P2P_EXISTING_STATE_ACTION=continue to refresh credentials, MCP, and verification."
|
|
21
|
+
echo "Local credentials, cc-connect daemon state, MCP artifacts, confirmations, and runtime checks were left unchanged."
|
|
30
22
|
echo "operation report: $report"
|