-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathoperator-workstation.env
More file actions
194 lines (177 loc) · 10.4 KB
/
operator-workstation.env
File metadata and controls
194 lines (177 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# AgentKeys operator-workstation env file — source this on YOUR LAPTOP.
#
# Companion to scripts/broker.env (which is for the broker host).
#
# Scope: shell vars used by AWS admin tooling + the demo walkthrough in
# docs/stage7-demo-and-verification.md (§0 prerequisites + §4 isolation
# proof + §16 live walkthrough). The broker process itself reads NONE
# of these — they exist for `aws s3 ls`, `aws sts assume-role-with-web-identity`,
# `scripts/inspect-inbound-email.sh`, and any other workstation-side
# admin command that needs to address the AWS account.
#
# Usage:
# awsp agentkeys-admin # switch to the admin profile
# set -a; source ./operator-workstation.env; set +a
#
# After sourcing, $BUCKET / $ACCOUNT_ID / $BROKER_HOST / $OIDC_ISSUER /
# $OIDC_PROVIDER_ARN / $REGION are all set, and the demo guide's bash
# blocks copy-paste cleanly.
#
# This file commits as-is — only the public account ID + role/bucket
# names live here. No secrets.
# AWS account that owns agentkeys-data-role + agentkeys-mail-* bucket
# (cloud-setup.md §3.1 / §3.2).
ACCOUNT_ID=429071895007
# Region for STS + S3.
REGION=us-east-1
# AWS_REGION mirrors $REGION so AWS SDK consumers (agentkeys CLI, boto3,
# aws-sdk-rust) pick up us-east-1 regardless of the local AWS_PROFILE's
# default region. Without this, AWS_PROFILE=agentkeys-admin (whose
# profile defaults to us-west-2 per CLAUDE.md "Per-profile default
# region is NOT uniform" trap) makes the agentkeys CLI's S3 GetObject
# resolve against us-west-2, producing a misleading "Backend
# unreachable: GetObject: service error" instead of NotFound.
# Set as an explicit alias so $REGION stays the single source of truth.
AWS_REGION=$REGION
AWS_DEFAULT_REGION=$REGION
# The broker's public hostname. Used for SSH targets, OIDC issuer
# byte-for-byte matching, and as the host for $OIDC_ISSUER.
BROKER_HOST=broker.litentry.org
# Parent DNS zone owning BROKER_HOST + MAIL_DOMAIN + the service-worker
# subdomains (audit.${ZONE}, signer.${ZONE}, …). Used by
# scripts/setup-cloud.sh + dns-upsert-workers.sh.
ZONE=litentry.org
# Route 53 hosted zone ID for $ZONE. Discover via:
# aws route53 list-hosted-zones --query 'HostedZones[?Name==`'"$ZONE"'.`].Id' --output text
PARENT_ZONE_ID=Z09723983CFJOHAE3VC65
# S3 bucket holding inbound mail (cloud-setup.md §2.2). Used by the
# demo's S3 isolation proof and inspect-inbound-email.sh.
BUCKET=agentkeys-mail-${ACCOUNT_ID}
# OIDC issuer URL — must match the URL passed to
# `aws iam create-open-id-connect-provider --url` (cloud-setup.md §4.2)
# byte-for-byte. The broker's BROKER_OIDC_ISSUER on the broker host is
# this same string.
OIDC_ISSUER=https://${BROKER_HOST}
# IAM OIDC provider ARN, derived from $ACCOUNT_ID + $BROKER_HOST.
OIDC_PROVIDER_ARN=arn:aws:iam::${ACCOUNT_ID}:oidc-provider/${BROKER_HOST}
# Federated role ARN — used by the daemon-side
# `aws sts assume-role-with-web-identity` calls in the demo. The daemon
# fetches an OIDC JWT from /v1/mint-oidc-jwt and does
# AssumeRoleWithWebIdentity client-side (issue #71 Option A; issue #72
# retired the broker-side /v1/mint-aws-creds aggregator).
#
# Stage-1 v2 split per arch.md §17.2 (per-bucket IAM role):
# - DATA_ROLE_ARN → email subsystem (inbound/sent paths). Legacy name
# kept until email-service migrates in stage 2.
# - VAULT_ROLE_ARN → credentials subsystem (bots/<actor_omni>/credentials/*).
# Provisioned by scripts/provision-vault-role.sh.
# - MEMORY_ROLE_ARN → memory subsystem (bots/<actor_omni>/memory/*).
# Provisioned by scripts/provision-memory-role.sh
# (added in issue #90 Q3 follow-up).
DATA_ROLE_ARN=arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-data-role
VAULT_ROLE_ARN=arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-vault-role
MEMORY_ROLE_ARN=arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-memory-role
# Dedicated per-data-class bucket for stored credentials per arch.md §17
# (creds + email MUST live in separate buckets; sharing collapses
# encryption/lifecycle/CloudTrail blast radii). Provisioned by
# scripts/provision-vault-bucket.sh. Used by `agentkeys store/read` via
# AGENTKEYS_BUCKET=$VAULT_BUCKET in the orchestrator. The mail bucket
# ($MAIL_BUCKET, below) is no longer used for credentials.
VAULT_BUCKET=agentkeys-vault-${ACCOUNT_ID}
# Dedicated bucket for long-term agent memory blobs per arch.md §17.2.
# Distinct from VAULT_BUCKET (credentials) — different blast radius,
# different lifecycle policy. Provisioned by scripts/provision-memory-bucket.sh.
MEMORY_BUCKET=agentkeys-memory-${ACCOUNT_ID}
# ─── Signer (dev_key_service, issue #74 step 1b) ─────────────────────────────
# The dedicated signer listener (`agentkeys-signer.service`, :8092 loopback)
# is fronted publicly by nginx at a separate hostname under the same parent
# zone as the broker. Convention: `signer.<zone>` where <zone> is the broker's
# parent (broker.litentry.org → signer.litentry.org).
#
# Co-located with the broker today — same EC2 host, same IP, same nginx,
# same systemd box. `setup-broker-host.sh` provisions both. The split into a
# separate hostname (vs path-on-broker) is what lets us migrate the signer
# to a different machine (or TEE worker) later without changing the public
# API: clients keep talking to `https://signer.<zone>`, only the A record
# moves. See `cloud-setup.md §1.3` (DNS+TLS) and `docs/spec/architecture.md`
# §1 + §10 for the deployment topology.
#
# Used by:
# - agentkeys CLI: `agentkeys signer derive/sign --signer-url $AGENTKEYS_SIGNER_URL`
# - agentkeys-daemon: `--signer-url $AGENTKEYS_SIGNER_URL`
# - the demo walkthrough §0.2 / §3 / §6 in stage7-demo-and-verification.md
SIGNER_HOST=signer.${BROKER_HOST#*.}
AGENTKEYS_SIGNER_URL=https://${SIGNER_HOST}
# Legacy alias kept so older copy-paste blocks (BACKEND_URL) keep working.
# New code should reference $AGENTKEYS_SIGNER_URL directly.
BACKEND_URL=${AGENTKEYS_SIGNER_URL}
# ─── Service workers (dev co-location on the broker host, issue #90) ─────────
# All four service workers (audit / email / credentials / memory) live on
# the same EC2 box as the broker today — co-location is dev-only per
# CLAUDE.md ("for production, we will isolate all the services for the
# security issue"). The per-worker hostnames are the migration seam: when
# a worker moves to its own machine, only the A record changes.
#
# `setup-broker-host.sh` provisions all four nginx vhosts + systemd units
# on the broker host. Operator laptop only needs the URLs for CLI tooling
# (e.g. `agentkeys audit query …` → $AGENTKEYS_WORKER_AUDIT_URL).
WORKER_AUDIT_HOST=audit.${BROKER_HOST#*.}
WORKER_EMAIL_HOST=email.${BROKER_HOST#*.}
WORKER_CRED_HOST=cred.${BROKER_HOST#*.}
WORKER_MEMORY_HOST=memory.${BROKER_HOST#*.}
AGENTKEYS_WORKER_AUDIT_URL=https://${WORKER_AUDIT_HOST}
AGENTKEYS_WORKER_EMAIL_URL=https://${WORKER_EMAIL_HOST}
AGENTKEYS_WORKER_CRED_URL=https://${WORKER_CRED_HOST}
AGENTKEYS_WORKER_MEMORY_URL=https://${WORKER_MEMORY_HOST}
# ─── CLI session storage ─────────────────────────────────────────────────────
# Force the `agentkeys` CLI to read/write the session JWT in a regular file
# (`~/.agentkeys/master/session.json`) instead of the macOS Keychain. Without
# this the CLI defaults to `KeyringMode::Auto` (per
# crates/agentkeys-core/src/session_store.rs:86), which:
# 1. Prompts for keychain access on every read (interactive blocker in
# automated demo scripts; if the operator denies/dismisses, the CLI's
# fallback path is non-obvious and can pick up a stale entry from
# prior dev runs).
# 2. Returns `SIGNER_UNAUTHORIZED: invalid session JWT: InvalidToken`
# from `agentkeys signer derive` if a stale Keychain entry exists,
# even when `~/.agentkeys/master/session.json` has a fresh valid token.
#
# `file` mode keeps the demo Keychain-free end-to-end. To re-enable
# Keychain on a fresh machine, comment this line out and re-run
# `agentkeys init` — the CLI will write to the Keychain instead.
AGENTKEYS_SESSION_STORE=file
# ─── SES sender (Pass 1 of Option B — real email-link delivery) ──────────────
# Email subdomain — the SES domain identity verified per cloud-setup.md §1.1
# (DKIM/SPF/DMARC) AND the recipient root for the SES inbound receipt rule
# from §2.1 (any *@$MAIL_DOMAIN lands in s3://$BUCKET/inbound/). Distinct
# from $BROKER_HOST's zone — the operator may host the broker under a
# different parent domain than the email subdomain.
MAIL_DOMAIN=bots.litentry.org
MAIL_BUCKET=agentkeys-mail-${ACCOUNT_ID}
# The verified SES per-address identity the broker (and the integration test
# in crates/agentkeys-broker-server/tests/ses_email_flow.rs) uses as the FROM
# of magic-link emails. Must be registered + verified BEFORE first use:
#
# bash scripts/ses-verify-sender.sh # one-shot: create-identity → poll S3
# # for verification mail → click link
#
# Same env var name (BROKER_EMAIL_FROM_ADDRESS) the broker reads at runtime
# (per crates/agentkeys-broker-server/src/env.rs:143). Setting it here means
# the test + the broker share one source of truth.
BROKER_EMAIL_FROM_ADDRESS=noreply-test@${MAIL_DOMAIN}
SCOPE_CONTRACT_ADDRESS_HEIMA_PASEO=0x0000000000000000000000000000000000000001
SIDECAR_REGISTRY_ADDRESS_HEIMA_PASEO=0x0000000000000000000000000000000000000002
K3_EPOCH_COUNTER_ADDRESS_HEIMA_PASEO=0x0000000000000000000000000000000000000003
CREDENTIAL_AUDIT_ADDRESS_HEIMA_PASEO=0x0000000000000000000000000000000000000004
HEIMA_PASEO_DEPLOYER_ADDR=0xeBdE9E5F8c0495e87a871BF4f17Fb85e1bFE827F
SCOPE_CONTRACT_ADDRESS_HEIMA=0xd44b375daefc65768f417d0f0125b68d5ba7df3b
SIDECAR_REGISTRY_ADDRESS_HEIMA=0x1Ac62f1C2D828476a5D784e850a700dC1f17e0bE
K3_EPOCH_COUNTER_ADDRESS_HEIMA=0x6c9e675c699a06acefbc156afdee6bfbfe32ccb3
CREDENTIAL_AUDIT_ADDRESS_HEIMA=0x63c4545ac01c77cc74044f25b8edea3880224577
HEIMA_DEPLOYER_ADDR_HEIMA=0xdE644936D5B7d5d42032fd08bbA42Fbbfd6663Bc
HEIMA_DEPLOYER_ADDR_HEIMA_PASEO=0xdE644936D5B7d5d42032fd08bbA42Fbbfd6663Bc
P256_VERIFIER_ADDRESS_HEIMA=0xda5b772f9d6c09abe80414eea908612df9b54749
K11_VERIFIER_ADDRESS_HEIMA=0x5a441431f08e0f5f5ed10659620cb4e0e814e627
# EC2 + EIP wiring lives in scripts/broker.env (the broker-machine env file)
# — those values identify the broker host, not operator-account identifiers.
# setup-cloud.sh sources broker.env after operator-workstation.env.