Blame
|
1 | # Prerequisites — Human Setup Before Phase 0 |
||||||
| 2 | ||||||||
| 3 | These are things that require human action (account creation, credentials, billing decisions) before agent work can begin. Check each off as completed. |
|||||||
| 4 | ||||||||
| 5 | ## AWS |
|||||||
| 6 | ||||||||
|
7 | - [x] IAM user `wikibot-admin` with `AdministratorAccess` + `WikibotPermissionsBoundary` |
||||||
| 8 | - [x] Permissions boundary denies: EC2/RDS/Redshift/SageMaker/EKS/ECS/ElastiCache instances, IAM user/key creation, organizations access, non-us-east-1 regional services |
|||||||
| 9 | - [x] API keys in `~/.aws/credentials` under `[wikibot]` profile |
|||||||
| 10 | - [x] Region: us-east-1 |
|||||||
| 11 | - [x] Budget alarm: $50/mo |
|||||||
| 12 | - [x] Pulumi state bucket: `s3://wikibot-pulumi-state` (versioning enabled) |
|||||||
|
13 | |||||||
| 14 | ## Pulumi |
|||||||
| 15 | ||||||||
|
16 | - [x] `pulumi` CLI installed (`brew install pulumi`) |
||||||
| 17 | - [x] State backend: `pulumi login s3://wikibot-pulumi-state` |
|||||||
|
18 | |||||||
|
19 | ## WorkOS (deferred — only needed for P0 Track B, P0-6 onward) |
||||||
|
20 | |||||||
|
21 | - [x] WorkOS account created |
||||||
|
22 | - [x] Google OAuth provider configured |
||||||
| 23 | - [x] GitHub OAuth provider configured |
|||||||
| 24 | - [x] Apple OAuth provider configured |
|||||||
|
25 | - [x] API key stored in Pulumi config (`pulumi config set --secret workos_api_key`) |
||||||
| 26 | - [x] Client ID stored in Pulumi config (`pulumi config set workos_client_id`) |
|||||||
|
27 | |||||||
| 28 | ## DNS |
|||||||
| 29 | ||||||||
|
30 | - [x] `wikibot.io` domain registered |
||||||
| 31 | - [x] Route 53 hosted zone: `Z00731461A60YEWXMD1ZE` |
|||||||
| 32 | - [x] Spaceship nameservers delegated to Route 53 |
|||||||
|
33 | |||||||
| 34 | ## Repositories |
|||||||
| 35 | ||||||||
|
36 | - [x] `wikibot-io` private repo created (GitHub) |
||||||
|
37 | - [x] Agent has push access (via SSH key mounted by packnplay) |
||||||
|
38 | |||||||
| 39 | ## Local Dev Environment |
|||||||
| 40 | ||||||||
|
41 | - [x] Docker + docker-compose running (for dev wiki) |
||||||
|
42 | - [x] Dev wiki running at localhost:8180 |
||||||
| 43 | - [x] MCP server running at localhost:8190 |
|||||||
|
44 | |||||||
| 45 | ## Agent Container (packnplay) |
|||||||
| 46 | ||||||||
| 47 | Agents run inside [packnplay](https://github.com/obra/packnplay) containers with `--dangerously-skip-permissions`. packnplay mounts `~/.claude`, handles credentials, creates worktrees, and preserves host paths. |
|||||||
| 48 | ||||||||
|
49 | **Note:** macOS Python venvs must be destroyed and recreated inside the container (Linux x86_64). Agents should always create fresh venvs. |
||||||
| 50 | ||||||||
|
51 | - [x] packnplay installed (`brew install obra/tap/packnplay`) |
||||||
|
52 | - [x] packnplay smoke test passed (`packnplay run --aws-creds --ssh-creds claude --version`) |
||||||
|
53 | - [x] Dev wiki MCP accessible from container — configure MCP endpoint as `http://host.docker.internal:8190/mcp` (not `localhost`) since container `localhost` is the container itself |
||||||
| 54 | - [x] Verify MCP works from inside container |
|||||||
|
55 | - [x] Agent launch command: `AWS_PROFILE=wikibot packnplay run --aws-creds --ssh-creds --worktree=<phase> claude --dangerously-skip-permissions` |
||||||