Home A - Z
Page Index 
# Prerequisites — Human Setup Before Phase 0

These are things that require human action (account creation, credentials, billing decisions) before agent work can begin. Check each off as completed.

## AWS

- [x] IAM user `wikibot-admin` with `AdministratorAccess` + `WikibotPermissionsBoundary`
- [x] Permissions boundary denies: EC2/RDS/Redshift/SageMaker/EKS/ECS/ElastiCache instances, IAM user/key creation, organizations access, non-us-east-1 regional services
- [x] API keys in `~/.aws/credentials` under `[wikibot]` profile
- [x] Region: us-east-1
- [x] Budget alarm: $50/mo
- [x] Pulumi state bucket: `s3://wikibot-pulumi-state` (versioning enabled)

## Pulumi

- [x] `pulumi` CLI installed (`brew install pulumi`)
- [x] State backend: `pulumi login s3://wikibot-pulumi-state`

## WorkOS (deferred — only needed for P0 Track B, P0-6 onward)

- [x] WorkOS account created
- [x] Google OAuth provider configured
- [x] GitHub OAuth provider configured
- [x] Apple OAuth provider configured
- [x] API key stored in Pulumi config (`pulumi config set --secret workos_api_key`)
- [x] Client ID stored in Pulumi config (`pulumi config set workos_client_id`)

## DNS

- [x] `wikibot.io` domain registered
- [x] Route 53 hosted zone: `Z00731461A60YEWXMD1ZE`
- [x] Spaceship nameservers delegated to Route 53

## Repositories

- [x] `wikibot-io` private repo created (GitHub)
- [x] Agent has push access (via SSH key mounted by packnplay)

## Local Dev Environment

- [x] Docker + docker-compose running (for dev wiki)
- [x] Dev wiki running at localhost:8180
- [x] MCP server running at localhost:8190

## Agent Container (packnplay)

Agents run inside [packnplay](https://github.com/obra/packnplay) containers with `--dangerously-skip-permissions`. packnplay mounts `~/.claude`, handles credentials, creates worktrees, and preserves host paths.

**Note:** macOS Python venvs must be destroyed and recreated inside the container (Linux x86_64). Agents should always create fresh venvs.

- [x] packnplay installed (`brew install obra/tap/packnplay`)
- [x] packnplay smoke test passed (`packnplay run --aws-creds --ssh-creds claude --version`)
- [x] Dev wiki MCP accessible from container — configure MCP endpoint as `http://host.docker.internal:8190/mcp` (not `localhost`) since container `localhost` is the container itself
- [x] Verify MCP works from inside container
- [x] Agent launch command: `AWS_PROFILE=wikibot packnplay run --aws-creds --ssh-creds --worktree=<phase> claude --dangerously-skip-permissions`
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9