inceptionstack · royosherove · May 5, 2026 · May 5, 2026 · chatgpt-codex-connector · May 5, 2026
diff --git a/deploy/README.md b/deploy/README.md
@@ -39,7 +39,7 @@ All three methods create the same architecture:
 | `BedrockRegion` | `us-east-1` | Region for Bedrock API calls |
 | `SSHAllowedCidr` | `127.0.0.1/32` | SSH access CIDR (disabled by default — use SSM) |
 | `LiteLLMBaseUrl` | *(empty)* | LiteLLM proxy URL (only when `ModelMode=litellm`) |
-| `PackName` | `openclaw` | Agent pack to deploy (`openclaw`, `claude-code`, `hermes`, `pi`, `ironclaw`, `nemoclaw`, `kiro-cli`, `codex-cli`) |
+| `PackName` | `openclaw` | Agent pack to deploy (`openclaw`, `claude-code`, `hermes`, `pi`, `ironclaw`, `nemoclaw`, `kiro-cli`, `codex-cli`, `roundhouse`) |
 | `EnableSecurityHub` | `true` | AWS Security Hub aggregates security findings. (~$0.001 per finding/month) |
 | `EnableGuardDuty` | `true` | Amazon GuardDuty threat detection via CloudTrail, VPC Flow Logs, DNS. (~$4/million events) |
 | `EnableInspector` | `true` | Amazon Inspector vulnerability scanning. (~$0.01-$1.25 per resource/month) |

diff --git a/deploy/terraform/main.tf b/deploy/terraform/main.tf
@@ -617,21 +617,23 @@ resource "aws_instance" "main" {
   }
 
   user_data_base64 = base64encode(templatefile("${path.module}/userdata.sh.tpl", {
-    acct_id          = data.aws_caller_identity.current.account_id
-    region           = data.aws_region.current.name
-    environment_name = var.environment_name
-    pack_name        = var.pack_name
-    profile_name     = var.profile_name
-    default_model    = var.default_model
-    bedrock_region   = var.bedrock_region
-    gw_port          = var.openclaw_gateway_port
-    model_mode       = var.model_mode
-    litellm_base_url = var.litellm_base_url
-    litellm_api_key  = var.litellm_api_key
-    litellm_model    = var.litellm_model
-    provider_api_key = var.provider_api_key
-    kiro_from_secret = var.kiro_from_secret
-    repo_branch      = var.repo_branch
+    acct_id                   = data.aws_caller_identity.current.account_id
+    region                    = data.aws_region.current.name
+    environment_name          = var.environment_name
+    pack_name                 = var.pack_name
+    profile_name              = var.profile_name
+    default_model             = var.default_model
+    bedrock_region            = var.bedrock_region
+    gw_port                   = var.openclaw_gateway_port
+    model_mode                = var.model_mode
+    litellm_base_url          = var.litellm_base_url
+    litellm_api_key           = var.litellm_api_key
+    litellm_model             = var.litellm_model
+    provider_api_key          = var.provider_api_key
+    kiro_from_secret          = var.kiro_from_secret
+    telegram_bot_token_secret = var.telegram_bot_token_secret
+    telegram_user             = var.telegram_user
+    repo_branch               = var.repo_branch
   }))
 
   tags = merge(local.loki_tags, {

diff --git a/deploy/terraform/userdata.sh.tpl b/deploy/terraform/userdata.sh.tpl
@@ -11,6 +11,8 @@ export LITELLM_API_KEY="${litellm_api_key}"
 export LITELLM_MODEL="${litellm_model}"
 export PROVIDER_API_KEY="${provider_api_key}"
 export KIRO_FROM_SECRET="${kiro_from_secret}"
+export TELEGRAM_BOT_TOKEN_SECRET="${telegram_bot_token_secret}"
+export TELEGRAM_USER="${telegram_user}"
 export PACK_NAME="${pack_name}"
 export PROFILE_NAME="${profile_name}"
 
@@ -47,4 +49,6 @@ bash /tmp/loki-agent/deploy/bootstrap.sh \
   --litellm-api-key "$LITELLM_API_KEY" \
   --litellm-model "$LITELLM_MODEL" \
   --provider-api-key "$PROVIDER_API_KEY" \
-  --kiro-from-secret "$KIRO_FROM_SECRET"
+  --kiro-from-secret "$KIRO_FROM_SECRET" \
+  --telegram-bot-token-secret "$TELEGRAM_BOT_TOKEN_SECRET" \
+  --telegram-user "$TELEGRAM_USER"
diff --git a/deploy/terraform/variables.tf b/deploy/terraform/variables.tf
@@ -21,12 +21,12 @@ variable "profile_name" {
 }
 
 variable "pack_name" {
-  description = "Agent pack to deploy (openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, or codex-cli)"
+  description = "Agent pack to deploy (openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, codex-cli, or roundhouse)"
   type        = string
   default     = "openclaw"
   validation {
-    condition     = contains(["openclaw", "claude-code", "hermes", "pi", "ironclaw", "nemoclaw", "kiro-cli", "codex-cli"], var.pack_name)
-    error_message = "pack_name must be openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, or codex-cli."
+    condition     = contains(["openclaw", "claude-code", "hermes", "pi", "ironclaw", "nemoclaw", "kiro-cli", "codex-cli", "roundhouse"], var.pack_name)
+    error_message = "pack_name must be openclaw, claude-code, hermes, pi, ironclaw, nemoclaw, kiro-cli, codex-cli, or roundhouse."
   }
 }
 
@@ -169,6 +169,18 @@ variable "kiro_from_secret" {
   description = "AWS Secrets Manager secret id/arn whose SecretString is the Kiro API key (kiro-cli pack, headless mode). The raw key is NOT stored in Terraform state — the instance resolves the secret at install time via its IAM role."
 }
 
+variable "telegram_bot_token_secret" {
+  type        = string
+  default     = ""
+  description = "AWS Secrets Manager secret id/arn containing the Telegram bot token (roundhouse pack only). The instance resolves the secret at install time via its IAM role."
+}
+
+variable "telegram_user" {
+  type        = string
+  default     = ""
+  description = "Telegram username for bot pairing (roundhouse pack only, without @ prefix)."
+}
+
 variable "request_quota_increases" {
   type        = string
   default     = "false"

diff --git a/deploy/test-templates.sh b/deploy/test-templates.sh
@@ -64,7 +64,7 @@ echo ""
 
 # ── Terraform main.tf ────────────────────────────────────────────────────────
 echo -e "${BOLD}Terraform (deploy/terraform/main.tf)${NC}"
-check_contains "$TF_MAIN" "pack_name        = var.pack_name" "TF main: pack_name passed to userdata template"
+check_contains "$TF_MAIN" "pack_name                 = var.pack_name" "TF main: pack_name passed to userdata template"
 check_contains "$TF_MAIN" '"loki:pack"' "TF main: loki:pack in loki_tags"
 
 echo ""

diff --git a/install.sh b/install.sh
@@ -559,7 +559,7 @@ _telem_pack() {
   case "$v" in
     builder|personal-assistant|account-assistant|essential|optional\
     |personal_assistant|account_assistant|openclaw|claude-code|codex-cli\
-    |kiro-cli|nemoclaw|hermes|pi|ironclaw)
+    |kiro-cli|nemoclaw|hermes|pi|ironclaw|roundhouse)
       printf '%s' "$v" ;;
   esac
 }
@@ -704,6 +704,18 @@ while [[ $# -gt 0 ]]; do
         exit 1
       fi
       KIRO_FROM_SECRET="$2"; shift 2 ;;
+    --telegram-bot-token-secret)
+      if [[ $# -lt 2 || "$2" == --* ]]; then
+        echo -e "\033[0;31m✗\033[0m --telegram-bot-token-secret requires a Secrets Manager id or arn" >&2
+        exit 1
+      fi
+      TELEGRAM_BOT_TOKEN_SECRET="$2"; shift 2 ;;
+    --telegram-user)
+      if [[ $# -lt 2 || "$2" == --* ]]; then
+        echo -e "\033[0;31m✗\033[0m --telegram-user requires a Telegram username" >&2
+        exit 1
+      fi
+      TELEGRAM_USER="$2"; shift 2 ;;
     --debug-in-repo) DEBUG_IN_REPO=true; shift ;;
     --test|--dry-run) TEST_MODE=true; shift ;;
     --auto-rename-account-enabled) AUTO_RENAME_ACCOUNT=true; shift ;;
@@ -719,12 +731,18 @@ Options:
   --simple                       Force simple install mode
   --advanced                     Force advanced install mode
   --pack <name>                  Agent pack (openclaw, claude-code, codex-cli,
-                                 kiro-cli, nemoclaw, hermes, pi, ironclaw)
+                                 kiro-cli, nemoclaw, hermes, pi, ironclaw,
+                                 roundhouse)
   --profile <name>               Permission profile (builder,
                                  account_assistant, personal_assistant)
   --method <cfn|terraform|tf>    Deploy method (default: cfn)
   --kiro-from-secret <id|arn>    Secrets Manager id/arn for Kiro API key
                                  (kiro-cli headless mode)
+  --telegram-bot-token-secret <id|arn>
+                                 Secrets Manager id/arn for Telegram bot token
+                                 (roundhouse pack)
+  --telegram-user <username>     Telegram username for bot pairing
+                                 (roundhouse pack, without @)
   --debug-in-repo                Dev-only: run installer from cwd
   --test, --dry-run              Run installer end-to-end without
                                  provisioning AWS resources. Telemetry
@@ -1864,8 +1882,8 @@ collect_security_config() {
 # Parameter source-of-truth: single mapping for CFN Console, CFN CLI, Terraform
 # ============================================================================
 # ⚠ KEEP THESE THREE ARRAYS IN SYNC — same order, same count
-PARAM_CFN_NAMES=(EnvironmentName PackName ProfileName InstanceType DefaultModel ModelMode BedrockRegion LokiWatermark EnableBedrockForm EnableSecurityHub EnableGuardDuty EnableInspector EnableAccessAnalyzer EnableConfigRecorder ExistingVpcId ExistingSubnetId RepoBranch KiroFromSecret)
-PARAM_TF_NAMES=(environment_name pack_name profile_name instance_type default_model model_mode bedrock_region loki_watermark enable_bedrock_form enable_security_hub enable_guardduty enable_inspector enable_access_analyzer enable_config_recorder existing_vpc_id existing_subnet_id repo_branch kiro_from_secret)
+PARAM_CFN_NAMES=(EnvironmentName PackName ProfileName InstanceType DefaultModel ModelMode BedrockRegion LokiWatermark EnableBedrockForm EnableSecurityHub EnableGuardDuty EnableInspector EnableAccessAnalyzer EnableConfigRecorder ExistingVpcId ExistingSubnetId RepoBranch KiroFromSecret TelegramBotTokenSecret TelegramUser)
+PARAM_TF_NAMES=(environment_name pack_name profile_name instance_type default_model model_mode bedrock_region loki_watermark enable_bedrock_form enable_security_hub enable_guardduty enable_inspector enable_access_analyzer enable_config_recorder existing_vpc_id existing_subnet_id repo_branch kiro_from_secret telegram_bot_token_secret telegram_user)
 PARAM_VALUES=()  # populated by build_deploy_params()
 
 # Per-pack default model (passed to CFN DefaultModel / bootstrap.sh --model).
@@ -1910,6 +1928,8 @@ build_deploy_params() {
     "${EXISTING_SUBNET_ID:-}"
     "$REPO_BRANCH"
     "${KIRO_FROM_SECRET:-}"
+    "${TELEGRAM_BOT_TOKEN_SECRET:-}"
+    "${TELEGRAM_USER:-}"
   )
   # Validate parallel arrays are in sync
   [[ ${#PARAM_CFN_NAMES[@]} -eq ${#PARAM_VALUES[@]} ]] \
@@ -2961,6 +2981,28 @@ run_config_and_review() {
   fi
 
   build_deploy_params
+
+  # Pack-specific parameter collection (after build_deploy_params so we can amend)
+  if [[ "${PACK_NAME:-}" == "roundhouse" ]]; then
+    if [[ -z "${TELEGRAM_BOT_TOKEN_SECRET:-}" ]]; then
+      echo ""
+      echo -e "  ${BOLD}Roundhouse requires a Telegram bot token.${NC}"
+      echo -e "  Store it in AWS Secrets Manager and provide the secret id/arn."
+      echo ""
+      prompt "Secrets Manager id for Telegram bot token" TELEGRAM_BOT_TOKEN_SECRET ""
+      if [[ -z "${TELEGRAM_BOT_TOKEN_SECRET:-}" ]]; then
+        fail "Telegram bot token secret is required for roundhouse pack"
+      fi
+    fi
+    if [[ -z "${TELEGRAM_USER:-}" ]]; then
+      prompt "Telegram username (without @)" TELEGRAM_USER ""
+      if [[ -z "${TELEGRAM_USER:-}" ]]; then
+        fail "Telegram username is required for roundhouse pack"
+      fi
+    fi
+    # Rebuild params with telegram values now set
+    build_deploy_params
+  fi
   show_summary || {
     # User chose "Change settings" → re-run in advanced mode with current values as preselects
     PRESELECT_PACK="$PACK_NAME"

diff --git a/packs/registry.json b/packs/registry.json
@@ -147,7 +147,10 @@
       "brain": false,
       "claude_code": false,
       "experimental": false,
-      "requires_telegram_token": true
+      "requires_telegram_token": true,
+      "compatible_profiles": [
+        "builder"
+      ]
     }
   }
 }
diff --git a/packs/registry.yaml b/packs/registry.yaml
@@ -141,3 +141,5 @@ packs:
     claude_code: false
     experimental: false
     requires_telegram_token: true
+    compatible_profiles:
+      - builder