diff --git a/deploy/README.md b/deploy/README.md index 862067c..fa40356 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -39,7 +39,7 @@ All three methods create the same architecture: | `BedrockRegion` | `us-east-1` | Region for Bedrock API calls | | `SSHAllowedCidr` | `127.0.0.1/32` | SSH access CIDR (disabled by default — use SSM) | | `LiteLLMBaseUrl` | *(empty)* | LiteLLM proxy URL (only when `ModelMode=litellm`) | -| `PackName` | `openclaw` | Agent pack to deploy (`openclaw`, `claude-code`, `hermes`, `pi`, `ironclaw`, `nemoclaw`, `kiro-cli`, `codex-cli`) | +| `PackName` | `openclaw` | Agent pack to deploy (`openclaw`, `claude-code`, `hermes`, `pi`, `ironclaw`, `nemoclaw`, `kiro-cli`, `codex-cli`, `roundhouse`) | | `EnableSecurityHub` | `true` | AWS Security Hub aggregates security findings. (~$0.001 per finding/month) | | `EnableGuardDuty` | `true` | Amazon GuardDuty threat detection via CloudTrail, VPC Flow Logs, DNS. (~$4/million events) | | `EnableInspector` | `true` | Amazon Inspector vulnerability scanning. (~$0.01-$1.25 per resource/month) | diff --git a/deploy/terraform/main.tf b/deploy/terraform/main.tf index 0cff82e..ea61b7d 100644 --- a/deploy/terraform/main.tf +++ b/deploy/terraform/main.tf @@ -617,21 +617,23 @@ resource "aws_instance" "main" { } user_data_base64 = base64encode(templatefile("${path.module}/userdata.sh.tpl", { - acct_id = data.aws_caller_identity.current.account_id - region = data.aws_region.current.name - environment_name = var.environment_name - pack_name = var.pack_name - profile_name = var.profile_name - default_model = var.default_model - bedrock_region = var.bedrock_region - gw_port = var.openclaw_gateway_port - model_mode = var.model_mode - litellm_base_url = var.litellm_base_url - litellm_api_key = var.litellm_api_key - litellm_model = var.litellm_model - provider_api_key = var.provider_api_key - kiro_from_secret = var.kiro_from_secret - repo_branch = var.repo_branch + acct_id = data.aws_caller_identity.current.account_id + region = data.aws_region.current.name + environment_name = var.environment_name + pack_name = var.pack_name + profile_name = var.profile_name + default_model = var.default_model + bedrock_region = var.bedrock_region + gw_port = var.openclaw_gateway_port + model_mode = var.model_mode + litellm_base_url = var.litellm_base_url + litellm_api_key = var.litellm_api_key + litellm_model = var.litellm_model + provider_api_key = var.provider_api_key + kiro_from_secret = var.kiro_from_secret + telegram_bot_token_secret = var.telegram_bot_token_secret + telegram_user = var.telegram_user + repo_branch = var.repo_branch })) tags = merge(local.loki_tags, { diff --git a/deploy/terraform/userdata.sh.tpl b/deploy/terraform/userdata.sh.tpl index 2bfd537..bf57a79 100644 --- a/deploy/terraform/userdata.sh.tpl +++ b/deploy/terraform/userdata.sh.tpl @@ -11,6 +11,8 @@ export LITELLM_API_KEY="${litellm_api_key}" export LITELLM_MODEL="${litellm_model}" export PROVIDER_API_KEY="${provider_api_key}" export KIRO_FROM_SECRET="${kiro_from_secret}" +export TELEGRAM_BOT_TOKEN_SECRET="${telegram_bot_token_secret}" +export TELEGRAM_USER="${telegram_user}" export PACK_NAME="${pack_name}" export PROFILE_NAME="${profile_name}" @@ -47,4 +49,6 @@ bash /tmp/loki-agent/deploy/bootstrap.sh \ --litellm-api-key "$LITELLM_API_KEY" \ --litellm-model "$LITELLM_MODEL" \ --provider-api-key "$PROVIDER_API_KEY" \ - --kiro-from-secret "$KIRO_FROM_SECRET" + --kiro-from-secret "$KIRO_FROM_SECRET" \ + --telegram-bot-token-secret "$TELEGRAM_BOT_TOKEN_SECRET" \ + --telegram-user "$TELEGRAM_USER" diff --git a/deploy/terraform/variables.tf b/deploy/terraform/variables.tf index a053cfd..c54be31 100644 --- a/deploy/terraform/variables.tf +++ b/deploy/terraform/variables.tf @@ -21,12 +21,12 @@ variable "profile_name" { } variable "pack_name" { - description = "Agent pack to deploy (openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, or codex-cli)" + description = "Agent pack to deploy (openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, codex-cli, or roundhouse)" type = string default = "openclaw" validation { - condition = contains(["openclaw", "claude-code", "hermes", "pi", "ironclaw", "nemoclaw", "kiro-cli", "codex-cli"], var.pack_name) - error_message = "pack_name must be openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, or codex-cli." + condition = contains(["openclaw", "claude-code", "hermes", "pi", "ironclaw", "nemoclaw", "kiro-cli", "codex-cli", "roundhouse"], var.pack_name) + error_message = "pack_name must be openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, codex-cli, or roundhouse." } } @@ -169,6 +169,18 @@ variable "kiro_from_secret" { description = "AWS Secrets Manager secret id/arn whose SecretString is the Kiro API key (kiro-cli pack, headless mode). The raw key is NOT stored in Terraform state — the instance resolves the secret at install time via its IAM role." } +variable "telegram_bot_token_secret" { + type = string + default = "" + description = "AWS Secrets Manager secret id/arn containing the Telegram bot token (roundhouse pack only). The instance resolves the secret at install time via its IAM role." +} + +variable "telegram_user" { + type = string + default = "" + description = "Telegram username for bot pairing (roundhouse pack only, without @ prefix)." +} + variable "request_quota_increases" { type = string default = "false" diff --git a/deploy/test-templates.sh b/deploy/test-templates.sh index c2eff39..17b0444 100644 --- a/deploy/test-templates.sh +++ b/deploy/test-templates.sh @@ -64,7 +64,7 @@ echo "" # ── Terraform main.tf ──────────────────────────────────────────────────────── echo -e "${BOLD}Terraform (deploy/terraform/main.tf)${NC}" -check_contains "$TF_MAIN" "pack_name = var.pack_name" "TF main: pack_name passed to userdata template" +check_contains "$TF_MAIN" "pack_name = var.pack_name" "TF main: pack_name passed to userdata template" check_contains "$TF_MAIN" '"loki:pack"' "TF main: loki:pack in loki_tags" echo "" diff --git a/install.sh b/install.sh index 6af2ddd..7690982 100755 --- a/install.sh +++ b/install.sh @@ -559,7 +559,7 @@ _telem_pack() { case "$v" in builder|personal-assistant|account-assistant|essential|optional\ |personal_assistant|account_assistant|openclaw|claude-code|codex-cli\ - |kiro-cli|nemoclaw|hermes|pi|ironclaw) + |kiro-cli|nemoclaw|hermes|pi|ironclaw|roundhouse) printf '%s' "$v" ;; esac } @@ -704,6 +704,18 @@ while [[ $# -gt 0 ]]; do exit 1 fi KIRO_FROM_SECRET="$2"; shift 2 ;; + --telegram-bot-token-secret) + if [[ $# -lt 2 || "$2" == --* ]]; then + echo -e "\033[0;31m✗\033[0m --telegram-bot-token-secret requires a Secrets Manager id or arn" >&2 + exit 1 + fi + TELEGRAM_BOT_TOKEN_SECRET="$2"; shift 2 ;; + --telegram-user) + if [[ $# -lt 2 || "$2" == --* ]]; then + echo -e "\033[0;31m✗\033[0m --telegram-user requires a Telegram username" >&2 + exit 1 + fi + TELEGRAM_USER="$2"; shift 2 ;; --debug-in-repo) DEBUG_IN_REPO=true; shift ;; --test|--dry-run) TEST_MODE=true; shift ;; --auto-rename-account-enabled) AUTO_RENAME_ACCOUNT=true; shift ;; @@ -719,12 +731,18 @@ Options: --simple Force simple install mode --advanced Force advanced install mode --pack Agent pack (openclaw, claude-code, codex-cli, - kiro-cli, nemoclaw, hermes, pi, ironclaw) + kiro-cli, nemoclaw, hermes, pi, ironclaw, + roundhouse) --profile Permission profile (builder, account_assistant, personal_assistant) --method Deploy method (default: cfn) --kiro-from-secret Secrets Manager id/arn for Kiro API key (kiro-cli headless mode) + --telegram-bot-token-secret + Secrets Manager id/arn for Telegram bot token + (roundhouse pack) + --telegram-user Telegram username for bot pairing + (roundhouse pack, without @) --debug-in-repo Dev-only: run installer from cwd --test, --dry-run Run installer end-to-end without provisioning AWS resources. Telemetry @@ -1864,8 +1882,8 @@ collect_security_config() { # Parameter source-of-truth: single mapping for CFN Console, CFN CLI, Terraform # ============================================================================ # ⚠ KEEP THESE THREE ARRAYS IN SYNC — same order, same count -PARAM_CFN_NAMES=(EnvironmentName PackName ProfileName InstanceType DefaultModel ModelMode BedrockRegion LokiWatermark EnableBedrockForm EnableSecurityHub EnableGuardDuty EnableInspector EnableAccessAnalyzer EnableConfigRecorder ExistingVpcId ExistingSubnetId RepoBranch KiroFromSecret) -PARAM_TF_NAMES=(environment_name pack_name profile_name instance_type default_model model_mode bedrock_region loki_watermark enable_bedrock_form enable_security_hub enable_guardduty enable_inspector enable_access_analyzer enable_config_recorder existing_vpc_id existing_subnet_id repo_branch kiro_from_secret) +PARAM_CFN_NAMES=(EnvironmentName PackName ProfileName InstanceType DefaultModel ModelMode BedrockRegion LokiWatermark EnableBedrockForm EnableSecurityHub EnableGuardDuty EnableInspector EnableAccessAnalyzer EnableConfigRecorder ExistingVpcId ExistingSubnetId RepoBranch KiroFromSecret TelegramBotTokenSecret TelegramUser) +PARAM_TF_NAMES=(environment_name pack_name profile_name instance_type default_model model_mode bedrock_region loki_watermark enable_bedrock_form enable_security_hub enable_guardduty enable_inspector enable_access_analyzer enable_config_recorder existing_vpc_id existing_subnet_id repo_branch kiro_from_secret telegram_bot_token_secret telegram_user) PARAM_VALUES=() # populated by build_deploy_params() # Per-pack default model (passed to CFN DefaultModel / bootstrap.sh --model). @@ -1910,6 +1928,8 @@ build_deploy_params() { "${EXISTING_SUBNET_ID:-}" "$REPO_BRANCH" "${KIRO_FROM_SECRET:-}" + "${TELEGRAM_BOT_TOKEN_SECRET:-}" + "${TELEGRAM_USER:-}" ) # Validate parallel arrays are in sync [[ ${#PARAM_CFN_NAMES[@]} -eq ${#PARAM_VALUES[@]} ]] \ @@ -2961,6 +2981,28 @@ run_config_and_review() { fi build_deploy_params + + # Pack-specific parameter collection (after build_deploy_params so we can amend) + if [[ "${PACK_NAME:-}" == "roundhouse" ]]; then + if [[ -z "${TELEGRAM_BOT_TOKEN_SECRET:-}" ]]; then + echo "" + echo -e " ${BOLD}Roundhouse requires a Telegram bot token.${NC}" + echo -e " Store it in AWS Secrets Manager and provide the secret id/arn." + echo "" + prompt "Secrets Manager id for Telegram bot token" TELEGRAM_BOT_TOKEN_SECRET "" + if [[ -z "${TELEGRAM_BOT_TOKEN_SECRET:-}" ]]; then + fail "Telegram bot token secret is required for roundhouse pack" + fi + fi + if [[ -z "${TELEGRAM_USER:-}" ]]; then + prompt "Telegram username (without @)" TELEGRAM_USER "" + if [[ -z "${TELEGRAM_USER:-}" ]]; then + fail "Telegram username is required for roundhouse pack" + fi + fi + # Rebuild params with telegram values now set + build_deploy_params + fi show_summary || { # User chose "Change settings" → re-run in advanced mode with current values as preselects PRESELECT_PACK="$PACK_NAME" diff --git a/packs/registry.json b/packs/registry.json index ed59a2d..0bb409f 100644 --- a/packs/registry.json +++ b/packs/registry.json @@ -147,7 +147,10 @@ "brain": false, "claude_code": false, "experimental": false, - "requires_telegram_token": true + "requires_telegram_token": true, + "compatible_profiles": [ + "builder" + ] } } } diff --git a/packs/registry.yaml b/packs/registry.yaml index 88dfacb..7eb2bb1 100644 --- a/packs/registry.yaml +++ b/packs/registry.yaml @@ -141,3 +141,5 @@ packs: claude_code: false experimental: false requires_telegram_token: true + compatible_profiles: + - builder