diff --git a/.gitignore b/.gitignore index 7300a15..dc2c830 100644 --- a/.gitignore +++ b/.gitignore @@ -52,4 +52,3 @@ coverage/ /dashboard/.ai-workspace-build-commit *.textClipping -scripts/__pycache__/ diff --git a/docs/ai-workspace-runtime-delivery-plan.md b/docs/ai-workspace-runtime-delivery-plan.md index 5213c5a..eb4435c 100644 --- a/docs/ai-workspace-runtime-delivery-plan.md +++ b/docs/ai-workspace-runtime-delivery-plan.md @@ -4,8 +4,8 @@ > > 本文是落地前的详细规划(设计 + 变更清单 + 提交/部署/验收方案)。实现阶段严格按本文执行,不扩大修改范围、不做大规模重构、优先复用现有实现。 -- 状态:Linux 离线包链路与 macOS 本地校验链路已进入联调阶段;macOS 已越过多数 role 兼容性阻塞,当前重点是 LiteLLM 离线 runtime 接入、完整安装复跑和幂等验收 -- 影响仓库:`ai-workspace-infra/playbooks`、`ai-workspace-lab/xworkspace-console`、`ai-workspace-lab/xworkspace-core-skills`、`ai-workspace-services/qmd`、`ai-workspace-services/litellm` +- 状态:规划已定稿,待实现 +- 影响仓库:`ai-workspace-infra/playbooks`、`ai-workspace-lab/xworkspace-console`、`ai-workspace-lab/xworkspace-core-skills` - 目标主机:`root@acp-bridge.onwalk.net` - 对外默认域名(唯一公开服务):`acp-bridge.onwalk.net` @@ -14,12 +14,9 @@ - [x] 等待并核对 `xworkspace-console` 的离线包 GitHub Actions 发布链路,确认 `publish-release` 完整结束且 release 产物上传成功。 - [ ] 继续核对 `root@acp-bridge.onwalk.net` 的远程部署进度,确认 `setup-ai-workspace-all-in-one.sh` 最终完成并输出统一摘要。 - [x] `setup-ai-workspace-all-in-one.sh` 在目标主机上优先使用离线安装包加速部署,减少在线拉取与安装耗时。 -- [x] 为 LiteLLM 新增 runtime wheelhouse release workflow,供 all-in-one 离线包消费。 -- [ ] 验证 `ai-workspace-services/litellm` 的 runtime release 实际生成成功,并确认 console 离线包能下载 matching `litellm-runtime---.tar.gz`。 - [ ] 验证 `setup-ai-workspace-all-in-one.sh` 幂等性:同一主机连续执行两次均成功,复用凭据、离线包缓存与已导入镜像,并安全等待部署/APT 锁。 -- [ ] 完成 macOS 本地最终验收核对:Portal、Bridge、OpenClaw、QMD、Hermes、PostgreSQL、Vault、LiteLLM 状态正常,`http://localhost:8181/mcp` 和 LiteLLM health 可达。 -- [ ] 完成远程 Linux 最终验收核对:Bridge 对外可达、其余服务默认仅本地监听、`acp-codex` / `opencode` / `gemini` / `hermes` / `qmd` / `litellm` 状态正常。 -- [ ] 记录最终提交哈希、GitHub Actions run、release tag 与远端验证结果,回填到本计划的交付结果部分。 +- [ ] 完成最终验收核对:Bridge 对外可达、其余服务默认仅本地监听、`acp-codex` / `opencode` / `gemini` / `hermes` / `qmd` / `litellm` 状态正常。 +- [ ] 记录最终提交哈希与远端验证结果,回填到本计划的交付结果部分。 --- @@ -328,35 +325,6 @@ setup-ai-workspace-all-in-one.sh [repo: xworkspace-console/scripts] > 每个仓库**独立提交**,分别记录 Commit Hash 写入最终交付说明。 -### 6.1 当前实现进度(2026-06-22) - -| 仓库 | 已完成进展 | 已知待处理 | -|---|---|---| -| `ai-workspace-infra/playbooks` | OpenClaw doctor/restart 已拆分;QMD 已补 macOS LaunchAgent;OpenClaw `acpx` 兼容性 assert 已修;LiteLLM 已切 Python 3.13 venv、安装探测和 `.install-spec` 跳过重复安装 | 需要完整 macOS 复跑确认 `qmd :8181/mcp`、OpenClaw registry、LiteLLM health;需要确认 all-in-one 的 macOS patch 与 playbooks main 不再互相覆盖 | -| `ai-workspace-lab/xworkspace-console` | all-in-one 离线包链路已能消费 console/bridge/qmd/litellm runtime release;macOS 调试案例持续记录在 `docs/case/macos_compatibility_tests.md` | `uninstall purge` 仍需打印删除路径;需要清理离线包生成目录等非源码正式目录;需要确认 `install.svc.plus/ai-workspace` 发布入口同步到最新 main | -| `ai-workspace-services/qmd` | all-in-one 离线包脚本按 `qmd-runtime-linux-${ARCH}.tar.gz` 消费 release;playbooks 已补 QMD macOS LaunchAgent | 需要确认 latest runtime release 与 offline package 拉取路径持续可用;macOS 需实测 MCP endpoint | -| `ai-workspace-services/litellm` | 新增 `.github/workflows/offline-package-litellm-runtime.yaml`,产出 `litellm-runtime---.tar.gz`、wheelhouse、可选 portable Python、`metadata/runtime.env` | 需要触发 GitHub Actions 并确认 release asset 与 `SHA256SUMS`;需要确认 console 离线包使用 `latest-runtime` 能解析到该 release | -| `ai-workspace-lab/xworkspace-core-skills` | all-in-one 离线包仍按 core-skills repo/ref 打包 | 当前未发现新的 macOS 阻塞;最终验收仍需确认技能注入与 OpenClaw/QMD 可见 | - -### 6.2 近期关键提交 - -| 仓库 | Commit | 说明 | -|---|---|---| -| `ai-workspace-infra/playbooks` | `09a39e6` | `perf(openclaw): avoid unnecessary doctor repairs` | -| `ai-workspace-infra/playbooks` | `f01e0bb` | `fix(qmd): provision macOS LaunchAgent` | -| `ai-workspace-infra/playbooks` | `c11f51b` | `fix(openclaw): allow version-matched acpx plugin` | -| `ai-workspace-infra/playbooks` | `71ebe64` | `fix(litellm): isolate runtime in Python 3.13 venv` | -| `ai-workspace-infra/playbooks` | `6a2f05f` | `fix(litellm): skip redundant dependency installs` | -| `ai-workspace-services/litellm` | `51cde5e32` | `ci: add offline litellm runtime workflow` | - -### 6.3 当前最需要收口的问题 - -1. `LiteLLM`:在线 `pip install litellm[proxy]` 仍可能因大 wheel 下载中断失败;应以 runtime wheelhouse release 作为 all-in-one 默认加速路径,并保留在线路径为 fallback。 -2. `install.svc.plus/ai-workspace`:需要确认公开短链实际拉到的是 `xworkspace-console@main` 最新脚本,否则 macOS 仍可能运行旧 bootstrap。 -3. `uninstall purge`:需要输出将删除/已删除/不存在的路径,覆盖 macOS 与 Linux 的 token、Vault/OpenClaw 状态、临时部署目录、系统配置目录。 -4. 工作区清理:需要清理 `ai-workspace-all-in-one-offline-*` 等生成目录,避免离线包产物混入源码根目录。 -5. 最终验收:需要在 macOS 上做一次干净安装和一次重复安装,记录各服务端口、LaunchAgent/systemd 状态、health endpoint 与 changed 统计。 - --- ## 7. 部署与验证 @@ -430,8 +398,8 @@ ssh root@acp-bridge.onwalk.net \ 1. **所有 `npm -g` 共享同一 prefix → 必须 Phase 1 串行。** `roles/vhosts/nodejs` 设 `npm_config_prefix=/usr/local/lib/npm`;Agent CLI(opencode-ai / @google/gemini-cli / @openai/codex / @anthropic-ai/claude-code)、`yarn`、`openclaw@ver` 全部 `npm -g` 到该 prefix。并发会争用同一 `node_modules`/`.staging` 与 npm cache 锁 → **不可并发**。 -2. **LiteLLM 已改为独立 Python 3.13 venv,但依赖安装仍应串行收口**。它不再写系统 site-packages,但 `pip install litellm[proxy]` 依赖树大、网络失败率高,默认方向应是优先消费离线 wheelhouse,在线 venv 安装仅作 fallback。 -3. **真正安全的 Phase 2 候选是“外部 I/O 预取”**:git clone、二进制下载、docker pull、独立目录的前端 build、runtime release 下载。它们不碰 dpkg/npm-prefix/pip 全局锁,且写入各自独立路径。 +2. **LiteLLM 是全局 `pip install` → Phase 1 串行**(非项目内 venv,写系统 site-packages)。修正早期草案中“pip 可 async”的判断。 +3. **真正安全的 Phase 2 候选是“外部 I/O 预取”**:git clone、二进制下载、docker pull、独立目录的前端 build。它们不碰 dpkg/npm-prefix/pip 全局锁,且写入各自独立路径。 4. **跨 sub-playbook 的并发收益最大处在 Shell 预取层**:11 个步骤由 ansible 顺序导入,play 间难并发;把可并行的 I/O 上提到 bootstrap 的 Phase 2 fork 池(§10.5)预取,ansible 仅消费已就位产物,是收益/风险比最高的定制。 5. **离线包优先**(呼应 TODO):已有离线安装包/已导入镜像时,Phase 2 预取应短路跳过,直接复用缓存。 @@ -446,7 +414,7 @@ ssh root@acp-bridge.onwalk.net \ | 5 bridge + ACP | 同步 console;acp_server_* 的全局安装部分 | `xworkmate-go-core` 二进制下载/放置、acp 各自独立工作目录 prepare | 配置渲染、按依赖 `requires acp-*.service` 顺序启动、validation | | 6 vault | (systemd 基础准备) | `get_url` vault zip 下载、解压放置 | 配置渲染、systemd/init、health | | 7 postgres | Docker 安装、common 基础 | `docker pull` PG 镜像、初始化独立 data 目录 | compose 渲染、`compose up`、health | -| 8 litellm | apt/Homebrew Python 准备、Python 3.13 venv 创建、离线 wheelhouse 或 fallback pip 安装 | 下载 `litellm-runtime---.tar.gz`、校验 SHA256、准备 `packages/pip`/`metadata/runtime.env` | 配置渲染、Prisma client generate、systemd/launchd、health(`:4000/health`) | +| 8 litellm | apt python3-pip、**全局 pip install litellm** | — | 配置渲染、systemd、health(`:4000/health`) | | 9 qmd | (bun 运行时安装,全局) | 条件并发:qmd 拉取/`bun install`(隔离于 `~/.bun`,不碰 dpkg) | qmd.env/index.yml 渲染、systemd --user、health(`:8181`) | | 11 xfce(可选) | apt 桌面包/xrdp/chrome、`npm -g`/Playwright | — | xrdp 服务 enable/start、会话配置 | @@ -484,7 +452,7 @@ ssh root@acp-bridge.onwalk.net \ ``` - 收口铁律:任一 Phase 2 产物在**被 Phase 3 消费前**必须 `finished`。 -- dpkg/全局 npm/全局 pip **绝不** `async`;LiteLLM venv 安装虽然不再是全局 pip,也应在 wheelhouse 准备完成后串行执行,便于失败定位与重试(§10.2)。 +- dpkg/全局 npm/全局 pip **绝不** `async`(§10.2)。 ### 10.5 Shell 层动态 fork 并发(≤ CPU 核心数 × 2,预取层) @@ -537,7 +505,7 @@ pipelining = true - [ ] 优化前后 `ansible-playbook --list-tasks` 任务集合一致(无丢失/合并)。 - [ ] 每个 `async` 任务都有对应 `async_status` 收口,无悬挂 job。 -- [ ] Phase 1(apt/全局 npm/全局 pip/dpkg、LiteLLM venv 安装)与 Phase 3(daemon-reload/enable/start/health/摘要/清理)仍严格串行。 +- [ ] Phase 1(apt/全局 npm/全局 pip/dpkg)与 Phase 3(daemon-reload/enable/start/health/摘要/清理)仍严格串行。 - [ ] Phase 2 任务互不写同一文件、不抢同一锁;离线包存在时短路跳过。 - [ ] 连续两次执行均成功、`changed=0` 幂等行为不变;Shell fork 池失败子任务非零退出且日志可见。 diff --git a/docs/case/macos_compatibility_tests.md b/docs/case/macos_compatibility_tests.md index e1b1871..e0c1123 100644 --- a/docs/case/macos_compatibility_tests.md +++ b/docs/case/macos_compatibility_tests.md @@ -177,112 +177,6 @@ | **修复方案** | 改 `ansible.builtin.command: brew install python@3.13` + `environment.PATH` 前置 `/opt/homebrew/bin:/usr/local/bin` + `HOMEBREW_NO_AUTO_UPDATE=1`。真实仓库已改;clone 路径由 `patch_playbook_litellm_macos()` 同步补丁 | | **备注** | litellm 后续仍有 macOS 缺口待逐个处理:`/root` 派生的 salt/db 密钥 assert、`/etc/litellm` 配置目录、`become: true` + `become_user` 的 pip/prisma 任务(服务用户在 macOS 未创建)、DB provisioning 等 | -## 当前进展快照(2026-06-22) - -当前 macOS 调试入口仍以公开安装命令为准: - -```bash -curl -sfL https://install.svc.plus/ai-workspace | bash - -``` - -截至 2026-06-22,`xworkspace-console` 的 bootstrap 入口、`playbooks` 的 all-in-one role 链路、`ai-workspace-services/litellm` 的 runtime 发布链路已经形成三仓库协同。macOS 本地部署已越过早期路径、权限、Homebrew、Vault、PostgreSQL、OpenClaw、QMD 等阻塞点,当前主要剩余风险集中在 LiteLLM 依赖安装的网络稳定性、离线 runtime release 的产物验证,以及最终连续两次幂等部署。 - -已推送到 `ai-workspace-infra/playbooks` 的关键提交: - -| Commit | 主题 | 对 macOS 部署的影响 | -|---|---|---| -| `09a39e6` | `perf(openclaw): avoid unnecessary doctor repairs` | 将 OpenClaw doctor 与 restart 拆开,避免普通 restart 触发 `doctor --fix --force` | -| `f01e0bb` | `fix(qmd): provision macOS LaunchAgent` | 为 QMD 补用户级 LaunchAgent,支持 macOS 下启动 MCP 服务 | -| `c11f51b` | `fix(openclaw): allow version-matched acpx plugin` | 兼容版本匹配的 `acpx` 插件,避免插件注册表 assert 误杀 | -| `71ebe64` | `fix(litellm): isolate runtime in Python 3.13 venv` | LiteLLM 改为 Python 3.13 venv 隔离,避免 Python 3.13/3.14 混用 | -| `6a2f05f` | `fix(litellm): skip redundant dependency installs` | 增加包探测和安装标记,重复执行时跳过已满足的 LiteLLM 依赖安装 | - -已推送到 `ai-workspace-services/litellm` 的关键提交: - -| Commit | 主题 | 对 macOS/离线部署的影响 | -|---|---|---| -| `51cde5e32` | `ci: add offline litellm runtime workflow` | 新增 `.github/workflows/offline-package-litellm-runtime.yaml`,产出 `litellm-runtime---.tar.gz`,供 console 离线包脚本消费 | - -当前仍需用一次干净安装验证 `install.svc.plus` 指向的远端脚本是否已经包含最新 bootstrap 逻辑。如果失败点仍显示旧任务或旧路径,应先确认发布入口是否已经同步到 `ai-workspace-lab/xworkspace-console@main` 最新版本。 - -## TC-MAC-020: OpenClaw doctor 过重导致 handler 慢 - -| 项目 | 内容 | -|------|------| -| **触发文件** | `roles/vhosts/gateway_openclaw/handlers/main.yml` | -| **触发现象** | `RUNNING HANDLER [roles/vhosts/gateway_openclaw/ : Repair OpenClaw health findings (POSIX)]` 耗时约 5-6 秒;此前 restart 与 doctor 绑定,普通配置变化也可能触发 `openclaw doctor --fix --force --yes` | -| **根因** | handler 将“轻量 restart”和“doctor repair”耦合,且 `--fix --force` 默认做修复路径,适合真实健康问题,不适合每次部署收口都跑 | -| **修复方案** | `playbooks` 中已拆分 doctor 与 restart:日常只做 lightweight restart;只有 package/config/plugin 等实际变化才触发 doctor;优先使用较轻的检查/repair 模式,减少无关变化把 doctor 拉起来 | -| **验证状态** | 已提交 `09a39e6`。仍需在完整 macOS 部署中观察 OpenClaw handler 是否只在真实变更时触发 | - -## TC-MAC-021: QMD 缺 macOS LaunchAgent - -| 项目 | 内容 | -|------|------| -| **触发文件** | `roles/vhosts/qmd/` | -| **触发现象** | QMD MCP 端口 `http://localhost:8181/mcp` 需要作为 macOS 用户服务运行,但 role 缺少 launchd provisioning | -| **根因** | Linux/systemd 路径已有服务管理,macOS 缺少 `LaunchAgents/plus.svc.xworkspace.qmd.plist` 等用户级服务描述 | -| **修复方案** | 新增 QMD LaunchAgent:`plus.svc.xworkspace.qmd`,以 macOS 用户级服务方式启动 | -| **验证状态** | 已提交 `f01e0bb`。仍需在完整安装后验证 `launchctl` 状态与 `http://localhost:8181/mcp` 可达 | - -## TC-MAC-022: OpenClaw Codex 插件兼容性 assert 误杀 - -| 项目 | 内容 | -|------|------| -| **触发文件** | `roles/vhosts/gateway_openclaw/tasks/main.yml` | -| **触发报错** | `Assert OpenClaw Codex plugin matches gateway version` 失败,提示必须运行 `@openclaw/codex 2026.6.1` 与 `openclaw-multi-session-plugins 2026.6.1`,并且不得保留 stale global `@openclaw/acpx` | -| **根因** | assert 将 `acpx` 一律视为 stale,但当前 OpenClaw 插件注册表可能包含版本匹配的 `acpx`,应检查版本而非只检查存在性 | -| **修复方案** | 调整 assert:允许 version-matched `acpx`,仅拒绝 stale/global 不匹配版本 | -| **验证状态** | 已提交 `c11f51b`。仍需在全量部署中观察插件注册表刷新后 assert 结果 | - -## TC-MAC-023: LiteLLM Python 3.13/3.14 混用 - -| 项目 | 内容 | -|------|------| -| **触发文件** | `roles/vhosts/litellm/defaults/main.yml`、`roles/vhosts/litellm/tasks/main.yml` | -| **触发现象** | macOS 上 Homebrew Python 与系统/其它 Python 版本混用,LiteLLM 依赖可能被装进不一致的解释器或 site-packages,后续 `prisma generate` 与服务启动不稳定 | -| **根因** | 早期安装路径没有强制独立 venv,且 macOS 环境里可能同时存在 Python 3.13、3.14 | -| **修复方案** | LiteLLM runtime 固定使用 Python 3.13 创建隔离 venv:`~/.local/share/litellm/venv`;`pip`、`litellm`、`prisma` 均从该 venv 执行 | -| **验证状态** | 已提交 `71ebe64`。仍需完整部署验证服务启动和 `prisma generate` | - -## TC-MAC-024: LiteLLM 依赖安装慢且公网下载易中断 - -| 项目 | 内容 | -|------|------| -| **触发文件** | `roles/vhosts/litellm/tasks/main.yml`、`roles/vhosts/litellm/defaults/main.yml` | -| **触发报错** | `Ensure LiteLLM and DB dependencies are installed` 最长耗时约 581 秒,随后因 `IncompleteRead` / `curl 18` / GitHub archive 或 PyPI wheel 下载中断失败 | -| **根因** | `litellm[proxy]` 依赖树大,包含 `polars-runtime-32`、`cryptography`、`boto3`、`mcp` 等大量包;直接在线 `pip install` 既慢又依赖网络稳定性。将 `git+https` 改为 GitHub archive 后解决了 git clone EOF,但仍无法避免大 wheel 下载中断 | -| **已修复** | ① 默认安装源由 `git+https` 改为 GitHub archive;② 增加 `PIP_CACHE_DIR` 和更长 timeout;③ 安装前探测已装 `litellm/prisma/psycopg2-binary`,并用 `.install-spec` 标记跳过重复安装;④ 新增 `ai-workspace-services/litellm` 的 offline runtime workflow,预构建目标发行版 wheelhouse | -| **当前状态** | 在线安装路径已缓解但未根除网络风险;真正的长期解法是让 all-in-one 优先消费 `litellm-runtime---.tar.gz` 中的 wheelhouse | -| **待验证** | 需要触发并确认 `offline-package-litellm-runtime.yaml` 在 GitHub Actions 生成 release,且 `xworkspace-console/scripts/create-ai-workspace-offline-package.sh` 能拉取 `ai-workspace-services/litellm` 的 matching runtime asset | - -## TC-MAC-025: LiteLLM runtime release 与 all-in-one 离线包对接 - -| 项目 | 内容 | -|------|------| -| **触发文件** | `ai-workspace-services/litellm/.github/workflows/offline-package-litellm-runtime.yaml`、`xworkspace-console/scripts/create-ai-workspace-offline-package.sh`、`xworkspace-console/scripts/ai-workspace-offline-install.sh` | -| **契约** | console 离线包脚本会下载 `LITELLM_RUNTIME_RELEASE_REPO=ai-workspace-services/litellm` 下的 `litellm-runtime-${DISTRO_ID}-${DISTRO_VERSION}-${ARCH}.tar.gz`,解包后复制 `packages/pip`、可选 `packages/python`、`metadata/runtime.env` | -| **已完成** | `litellm` 仓库新增 workflow,矩阵覆盖 Debian 11/12/13 与 Ubuntu 22.04/24.04/26.04 的 amd64/arm64;Ubuntu 26.04 额外打包 portable Python 3.13.14;release 中合并 SHA256SUMS | -| **待处理** | 需要检查 GitHub Actions 实际 run 是否成功;需要确认 release tag 命名与 console 侧 `latest-runtime` 解析一致;需要在离线 all-in-one 包里实测 `metadata/litellm-runtime.env` 是否正确注入 `LITELLM_PACKAGE_SPEC` | - -## TC-MAC-026: uninstall purge 需要打印删除路径 - -| 项目 | 内容 | -|------|------| -| **触发命令** | `curl -sfL https://install.svc.plus/ai-workspace \| bash -s -- uninstall purge` | -| **需求** | purge 模式不仅删除本地状态,还要明确打印将删除/已删除的路径,便于用户确认清理范围 | -| **当前状态** | 已识别为待处理项;需要在 `setup-ai-workspace-all-in-one.sh` 的 uninstall/purge 分支中抽出统一 `purge_path` / `purge_matching_paths` helper,删除前输出存在路径,不存在时也输出 skipped/absent | -| **涉及路径** | macOS 至少包括 `~/.ai_workspace_auth_token`、`~/.vault_password`、`~/.openclaw`、`/tmp/xworkspace-core-skills`、`/tmp/xworkmate-bridge`、`/tmp/ai-workspace-deploy`;Linux 还包括 `/opt/ai-workspace`、`/etc/ai-workspace`、用户 systemd unit 等 | - -## TC-MAC-027: 非源码正式目录清理 - -| 项目 | 内容 | -|------|------| -| **触发现象** | 工作区出现类似 `ai-workspace-all-in-one-offline-ubuntu-22.04-amd64/` 的生成目录 | -| **根因** | 离线包构建/解包产物进入了开发工作区,容易被误认为源码目录 | -| **处理原则** | 不属于源码仓库正式目录的生成产物应从工作区清理;离线包输出应放在明确的 `dist/`、release artifact 或临时目录中,不应混入源码根目录 | -| **待处理** | 后续需要补一次仓库级清扫:确认 `xworkspace-console`、`playbooks`、`litellm` 各自 `git status --ignored`,清理未跟踪离线包目录,并按需要补 `.gitignore` | - --- ## 修复维度总结 @@ -299,9 +193,3 @@ curl -sfL https://install.svc.plus/ai-workspace | bash - | 包管理器绕过 (skip apt on Darwin) | TC-008, TC-010 | | 模板变量解耦 (remove nvm/nodejs_version) | TC-005 | | 路径空格兼容 (argv vs string) | TC-011 | -| Homebrew 模块绕过 (command brew + PATH) | TC-018, TC-019 | -| macOS launchd 用户服务 | TC-021 | -| handler 触发条件收敛 | TC-020 | -| Python venv 隔离与 pip 缓存 | TC-023, TC-024 | -| 离线 runtime wheelhouse | TC-025 | -| purge 可观测性 | TC-026 | diff --git a/scripts/patch-macos-playbooks.py b/scripts/patch-macos-playbooks.py index c5a9aef..e35dccb 100755 --- a/scripts/patch-macos-playbooks.py +++ b/scripts/patch-macos-playbooks.py @@ -316,43 +316,7 @@ def main(): for o, n in owner_subs: if o in text: text = text.replace(o, n, 1) - - # litellm[proxy] pulls large wheels (polars-runtime ~46MB, etc.) that - # frequently break mid-stream over slow/mirrored links with - # IncompleteRead, failing the whole deploy. Make the online install - # resilient: --retries reconnects and --resume-retries (pip >= 25.1, - # which the macOS python@3.13 venv already ships) continues a partial - # download instead of restarting it. Until the playbooks repo carries - # this in the role itself, the curl|bash clone path needs it injected. - pip_old = ( - ' executable: "{{ litellm_pip_executable }}"\n' - ' state: present\n' - ' environment:\n' - ' PIP_CACHE_DIR: "{{ litellm_pip_cache_dir }}"\n' - ' PIP_DEFAULT_TIMEOUT: "120"\n' - ) - pip_new = ( - ' executable: "{{ litellm_pip_executable }}"\n' - ' state: present\n' - ' extra_args: "--retries 5 --resume-retries 5"\n' - ' environment:\n' - ' PIP_CACHE_DIR: "{{ litellm_pip_cache_dir }}"\n' - ' PIP_DEFAULT_TIMEOUT: "180"\n' - ) - if pip_old in text and pip_new not in text: - text = text.replace(pip_old, pip_new, 1) - - # `default('{}')` does NOT replace an empty string (only an undefined - # value), so when the "Inspect installed LiteLLM dependency versions" - # task returns empty stdout (common on a re-run / partial venv), - # from_json('') raises and the set_fact fails with a confusing - # "args could not be converted to dict" error. Use default(..., true) - # so empty/falsy stdout falls back to '{}'. - text = text.replace( - "default('{}') | from_json", - "default('{}', true) | from_json", - ) - + path.write_text(text) # provision-database.yml runs psql with become_user postgres, which has no @@ -613,19 +577,9 @@ def main(): " mode: \"0644\"\n" " when: ansible_os_family != 'Darwin'" ) - # Idempotency: download_new contains download_old as a prefix, so a - # second pass over an already-patched tree would otherwise append a - # second `when:` line (duplicate mapping key -> invalid YAML). Only - # apply when the patched form is not already present. - if download_old in text and download_new not in text: + if download_old in text: text = text.replace(download_old, download_new, 1) - - # NOTE: this block must match the upstream Extract task verbatim, - # including the `creates:` line and the multi-item `notify:` list - # (`Run OpenClaw doctor` + `Restart openclaw`). If it drifts from - # upstream the substitution silently no-ops and the Darwin guard is - # never added, so the task tries to unarchive a tarball that is never - # downloaded on macOS and the OpenClaw step fails. + extract_old = ( "- name: Extract OpenClaw Multi-Session Plugins\n" " ansible.builtin.unarchive:\n" @@ -635,15 +589,23 @@ def main(): " owner: \"{{ gateway_openclaw_service_user }}\"\n" " group: \"{{ gateway_openclaw_service_group }}\"\n" " mode: \"0755\"\n" - " creates: \"{{ gateway_openclaw_home }}/.openclaw/extensions/openclaw-multi-session-plugins\"\n" " become: \"{{ ansible_os_family != 'Darwin' }}\"\n" - " notify:\n" - " - Run OpenClaw doctor\n" - " - Restart openclaw" + " notify: Restart openclaw" ) - extract_new = extract_old + "\n when: ansible_os_family != 'Darwin'" - # Same idempotency guard as the download task above. - if extract_old in text and extract_new not in text: + extract_new = ( + "- name: Extract OpenClaw Multi-Session Plugins\n" + " ansible.builtin.unarchive:\n" + " src: \"/tmp/openclaw-multi-session-plugins.tar.gz\"\n" + " dest: \"{{ gateway_openclaw_home }}/.openclaw/extensions\"\n" + " remote_src: true\n" + " owner: \"{{ gateway_openclaw_service_user }}\"\n" + " group: \"{{ gateway_openclaw_service_group }}\"\n" + " mode: \"0755\"\n" + " become: \"{{ ansible_os_family != 'Darwin' }}\"\n" + " notify: Restart openclaw\n" + " when: ansible_os_family != 'Darwin'" + ) + if extract_old in text: text = text.replace(extract_old, extract_new, 1) anchor = "- name: Ensure OpenClaw global plugin npm directory exists" diff --git a/scripts/setup-ai-workspace-all-in-one.sh b/scripts/setup-ai-workspace-all-in-one.sh index b9e6e72..68e01fa 100755 --- a/scripts/setup-ai-workspace-all-in-one.sh +++ b/scripts/setup-ai-workspace-all-in-one.sh @@ -7,6 +7,17 @@ set -euo pipefail # Usage: # curl -sfL https://raw.githubusercontent.com/ai-workspace-lab/xworkspace-console/main/scripts/setup-ai-workspace-all-in-one.sh | bash - # +# Subcommands (pass as the first argument, e.g. `... | bash -s -- uninstall`): +# uninstall Stop & remove all AI Workspace apps/services (launchd +# agents on macOS; systemd units + docker containers on +# Linux). Config, tokens and data under $HOME are KEPT. +# uninstall --purge Same teardown, then DELETE config/state/token/cache dirs +# (e.g. ~/.config/xworkspace, ~/.local/state/xworkspace, +# ~/.openclaw, ~/.ai_workspace_auth_token, /tmp/ai-workspace-deploy; +# plus /opt/ai-workspace & /etc/ai-workspace on Linux when +# root is available). Both forms print a plan up front and +# report each path as removed / absent. +# # Supported Environment Variables: # AI_WORKSPACE_SECURITY_LEVEL # LITELLM_API_CADDY_STRICT_WHITELIST @@ -1573,12 +1584,98 @@ if [ "${AI_WORKSPACE_LIBRARY_MODE:-false}" = "true" ]; then exit 0 fi +# --- Uninstall inventory (single source of truth for summary + teardown) ------ +# Kept as space-separated strings (none of the paths contain spaces) so the +# lists iterate cleanly under macOS' stock bash 3.2 as well as bash 5. +darwin_launch_services="api console litellm openclaw vault ttyd bridge qmd hermes" +linux_systemd_services="xworkspace-litellm xworkspace-qmd xworkspace-api xworkspace-console xworkspace-openclaw xworkmate-bridge xworkspace-ttyd vault postgresql xworkspace-hermes" +linux_docker_containers="vault litellm db ai-workspace-console xworkmate-bridge qmd openclaw hermes xworkspace-ttyd" + +# Paths deleted by --purge. common_* applies to both OSes; the linux_* entries +# are Linux-only (user systemd units glob + system dirs that need root). +uninstall_common_purge_paths="$HOME/.config/xworkspace $HOME/.local/state/xworkspace $HOME/.ai_workspace_auth_token $HOME/.vault_password $HOME/.openclaw /tmp/xworkspace-core-skills /tmp/xworkmate-bridge /tmp/ai-workspace-deploy" +uninstall_linux_user_purge_globs="$HOME/.config/systemd/user/plus.svc.xworkspace.*" +uninstall_linux_root_purge_paths="/opt/ai-workspace /etc/ai-workspace" + +# Delete $1 (a path or glob) if present, printing the action either way so the +# user can see exactly what purge touched. $2="root" routes rm through sudo. +purge_path() { + local target=$1 mode=${2:-user} found=false p + for p in $target; do + if [ -e "$p" ] || [ -L "$p" ]; then + found=true + info " removed: $p" + if [ "$mode" = "root" ]; then + run_as_root rm -rf "$p" >/dev/null 2>&1 || true + else + rm -rf "$p" || true + fi + fi + done + [ "$found" = "true" ] || info " absent (skipped): $target" +} + +# Pre-flight: report whether a purge target currently exists, without deleting. +print_path_status() { + local target=$1 found=false p + for p in $target; do + if [ -e "$p" ] || [ -L "$p" ]; then + found=true + info " [present] $p" + fi + done + [ "$found" = "true" ] || info " [absent] $target" +} + +# Print, before doing anything destructive, what uninstall will tear down and +# (when --purge is set) which paths it will delete. +print_uninstall_summary() { + local purge=$1 svc c p + info "================ AI Workspace uninstall plan ================" + if [ "$(detect_os)" = "darwin" ]; then + info "Target OS: macOS (launchd user agents under ~/Library/LaunchAgents)" + info "Apps/services to stop & remove (plus.svc.xworkspace..plist):" + for svc in $darwin_launch_services; do + info " - $svc" + done + info "Managed PIDs to stop: xworkspace-api, xworkspace-console" + else + info "Target OS: Linux (systemd units + docker containers)" + info "Systemd services to stop, disable & remove (user + system scope):" + for svc in $linux_systemd_services; do + info " - $svc" + done + info "Docker containers to stop & remove (when docker is present):" + for c in $linux_docker_containers; do + info " - $c" + done + fi + if [ "$purge" = "true" ]; then + info "--purge: the following paths will be DELETED (current status shown):" + for p in $uninstall_common_purge_paths; do + print_path_status "$p" + done + if [ "$(detect_os)" != "darwin" ]; then + print_path_status "$uninstall_linux_user_purge_globs" + for p in $uninstall_linux_root_purge_paths; do + print_path_status "$p" + done + fi + else + info "--purge NOT set: services are removed but config/tokens/data under" + info " \$HOME are KEPT. Re-run with 'uninstall --purge' to delete them too." + fi + info "============================================================" +} + uninstall_ai_workspace() { - local purge=false + local purge=false p if [ "${1:-}" = "--purge" ]; then purge=true fi + print_uninstall_summary "$purge" + info "Starting AI Workspace uninstallation..." if [ "$(detect_os)" = "darwin" ]; then @@ -1592,14 +1689,9 @@ uninstall_ai_workspace() { if [ "$purge" = "true" ]; then info "Purging AI Workspace data on macOS..." - rm -rf "$HOME/.config/xworkspace" - rm -rf "$HOME/.local/state/xworkspace" - rm -rf "$HOME/.ai_workspace_auth_token" - rm -rf "$HOME/.vault_password" - rm -rf "$HOME/.openclaw" - rm -rf "/tmp/xworkspace-core-skills" - rm -rf "/tmp/xworkmate-bridge" - rm -rf "/tmp/ai-workspace-deploy" + for p in $uninstall_common_purge_paths; do + purge_path "$p" + done fi else info "Stopping and removing Linux systemd services..." @@ -1632,18 +1724,14 @@ uninstall_ai_workspace() { if [ "$purge" = "true" ]; then info "Purging AI Workspace data on Linux..." - rm -rf "$HOME/.config/xworkspace" - rm -rf "$HOME/.local/state/xworkspace" - rm -rf "$HOME/.ai_workspace_auth_token" - rm -rf "$HOME/.vault_password" - rm -rf "$HOME/.openclaw" - rm -rf "/tmp/xworkspace-core-skills" - rm -rf "/tmp/xworkmate-bridge" - rm -rf "/tmp/ai-workspace-deploy" - rm -rf "$HOME/.config/systemd/user/plus.svc.xworkspace."* + for p in $uninstall_common_purge_paths; do + purge_path "$p" + done + purge_path "$uninstall_linux_user_purge_globs" if [ "$(id -u)" = "0" ] || sudo -n true 2>/dev/null; then - run_as_root rm -rf "/opt/ai-workspace" >/dev/null 2>&1 || true - run_as_root rm -rf "/etc/ai-workspace" >/dev/null 2>&1 || true + for p in $uninstall_linux_root_purge_paths; do + purge_path "$p" root + done fi fi fi