On this page

Prerequisites — Human Setup Before Phase 0 AWS Pulumi WorkOS (deferred — only needed for P0 Track B, P0-6 onward) DNS Repositories Local Dev Environment Agent Container (packnplay)

Page Index

Tasks
- E-2 CDN Read Path
- E-2 CDN Read Path ClientSide
- Emergent
- Launch Checklist
- P1-9 MCP OAuth Discovery Routing
- P1-9 MCP OAuth Routing
- Phase 0
- Phase 1
- Phase 2
- Phase 3
- Phase 4
- Prerequisites
- VPS Phases

Tasks
Prerequisites
69c9e1

Prerequisites — Human Setup Before Phase 0

These are things that require human action (account creation, credentials, billing decisions) before agent work can begin. Check each off as completed.

AWS

IAM user wikibot-admin with AdministratorAccess + WikibotPermissionsBoundary
Permissions boundary denies: EC2/RDS/Redshift/SageMaker/EKS/ECS/ElastiCache instances, IAM user/key creation, organizations access, non-us-east-1 regional services
API keys in ~/.aws/credentials under [wikibot] profile
Region: us-east-1
Budget alarm: $50/mo
Pulumi state bucket: s3://wikibot-pulumi-state (versioning enabled)

Pulumi

pulumi CLI installed (brew install pulumi)
State backend: pulumi login s3://wikibot-pulumi-state

WorkOS (deferred — only needed for P0 Track B, P0-6 onward)

WorkOS account created
Google OAuth provider configured
GitHub OAuth provider configured
Apple OAuth provider configured
API keys available as environment variables

DNS

wikibot.io domain registered
Route 53 hosted zone: Z00731461A60YEWXMD1ZE
Spaceship nameservers delegated to Route 53

Repositories

wikibot-io private repo created (GitHub)
Agent has push access (via SSH key mounted by packnplay)

Local Dev Environment

Docker + docker-compose running (for dev wiki)
Dev wiki running at localhost:8180
MCP server running at localhost:8190

Agent Container (packnplay)

Agents run inside packnplay containers with --dangerously-skip-permissions. packnplay mounts ~/.claude, handles credentials, creates worktrees, and preserves host paths.

Note: macOS Python venvs must be destroyed and recreated inside the container (Linux x86_64). Agents should always create fresh venvs.

packnplay installed (brew install obra/tap/packnplay)
packnplay smoke test passed (packnplay run --aws-creds --ssh-creds claude --version)
Dev wiki MCP accessible from container — configure MCP endpoint as http://host.docker.internal:8190/mcp (not localhost) since container localhost is the container itself
Verify MCP works from inside container
Agent launch command: AWS_PROFILE=wikibot packnplay run --aws-creds --ssh-creds --worktree=<phase> claude --dangerously-skip-permissions

On this page

Prerequisites — Human Setup Before Phase 0 AWS Pulumi WorkOS (deferred — only needed for P0 Track B, P0-6 onward) DNS Repositories Local Dev Environment Agent Container (packnplay)

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9