-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathspawn-machine.sh
More file actions
executable file
·1197 lines (1082 loc) · 49.4 KB
/
spawn-machine.sh
File metadata and controls
executable file
·1197 lines (1082 loc) · 49.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#!/bin/bash
# =============================================================================
# Spawn Machine — Agent Factory CLI
#
# Spawn, configure, register, and manage AI agent desktop instances.
#
# Usage:
# spawn-machine.sh <command> [agent-name] [options]
#
# Commands:
# init <name> Create incubator directory + agent spec template
# configure <name> Generate env vars from agent spec
# register <name> Register agent in Guacamole Full
# validate <name> Run health checks on a deployed agent
# status [name] Show status of one or all agents
# list List all agents in the incubator
# =============================================================================
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
WORKSPACE="${WORKSPACE:-/home/developer/.openclaw/workspace}"
INCUBATOR_DIR="${WORKSPACE}/platform/incubator"
REGISTRY_FILE="${INCUBATOR_DIR}/registry.yaml"
# Load configs
GUACAMOLE_CREDS="${HOME}/.config/guacamole/config"
COOLIFY_CREDS="${HOME}/.config/coolify/config"
# =============================================================================
# Helpers
# =============================================================================
log() { echo "[spawn-machine] $*"; }
err() { echo "[spawn-machine] ERROR: $*" >&2; }
load_guacamole_creds() {
if [ ! -f "${GUACAMOLE_CREDS}" ]; then
err "Guacamole credentials not found at ${GUACAMOLE_CREDS}"
err "Create with: GUACAMOLE_URL, GUACAMOLE_USER, GUACAMOLE_PASS"
return 1
fi
source "${GUACAMOLE_CREDS}"
}
guacamole_token() {
local token
token=$(curl -s -X POST "${GUACAMOLE_URL}/api/tokens" \
-d "username=${GUACAMOLE_USER}&password=${GUACAMOLE_PASS}" | jq -r '.authToken')
if [ -z "${token}" ] || [ "${token}" = "null" ]; then
err "Failed to get Guacamole auth token"
return 1
fi
echo "${token}"
}
require_agent_name() {
if [ -z "${1:-}" ]; then
err "Agent name required. Usage: spawn-machine.sh $COMMAND <agent-name>"
exit 1
fi
}
# =============================================================================
# Commands
# =============================================================================
cmd_init() {
local name="$1"
local agent_dir="${INCUBATOR_DIR}/${name}"
if [ -d "${agent_dir}" ]; then
err "Agent '${name}' already exists at ${agent_dir}"
exit 1
fi
log "Initializing agent '${name}'..."
mkdir -p "${agent_dir}"
# Create agent spec from template
cat > "${agent_dir}/agent-spec.md" << SPEC
---
created: $(date -Iseconds)
status: INITIALIZED
agentName: ${name}
stepsCompleted: ['init']
---
# Agent Spec: ${name}
## Identity
- **Name:** ${name}
- **Purpose:** (to be defined)
- **Operator:** (to be defined)
- **Timezone:** CET
- **Specialties:** (to be defined)
- **Vibe:** (to be defined)
## Boundaries
(to be defined)
## Services
(use 'spawn-machine.sh configure ${name}' after filling in the spec)
## Environment
(generated by configure command)
SPEC
log "Created ${agent_dir}/agent-spec.md"
log "Next: Edit the agent spec, then run 'spawn-machine.sh configure ${name}'"
}
cmd_configure() {
local name="$1"
local agent_dir="${INCUBATOR_DIR}/${name}"
local spec="${agent_dir}/agent-spec.md"
if [ ! -f "${spec}" ]; then
err "Agent spec not found: ${spec}"
err "Run 'spawn-machine.sh init ${name}' first"
exit 1
fi
log "Generating env vars for '${name}'..."
cat > "${agent_dir}/env-vars.md" << ENV
# ${name} — Coolify Environment Variables
Generated: $(date -Iseconds)
## Coolify App Settings
- **Repo:** machine-machine/m2-desktop
- **Branch:** guacamole
- **Docker Compose Location:** /docker-compose.agent.yml
- **Consistent Container Name:** ${name}-desktop
## Environment Variables
| Variable | Value |
|----------|-------|
| AGENT_NAME | ${name} |
| AGENT_CONFIG_GENERATE | true |
| CLAWDBOT_HOME | /clawdbot_home |
| M2_VARIANT | guacamole |
| WORKSPACE | /home/developer/.openclaw/workspace |
| ANTHROPIC_API_KEY | (set in Coolify) |
| VNC_PASSWORD | $(openssl rand -base64 24 | tr -d '/+=') |
| AGENT_OPENCLAW_REPO | https://github.com/machine-machine/openclaw.git |
| AGENT_OPENCLAW_BRANCH | m2-custom |
| AGENT_BOOTSTRAP_REPO_URL | https://raw.githubusercontent.com/machine-machine/m2-desktop/guacamole/incubator/${name} |
| QDRANT_URL | http://memory-qdrant:6333 |
| EMBEDDINGS_URL | http://memory-embeddings:8000 |
| AGENT_ID | ${name} |
| COLLECTION_NAME | agent_memory |
| AGENT_STT_BASE_URL | http://speaches-l0w808o4k80k0gogg88s80cc:8000/v1 |
| AGENT_STT_MODEL | whisper-1 |
| AGENT_SKILLS | xfce-desktop,m2-memory |
| AGENT_BROWSER_ENABLED | true |
| AGENT_CPUS | 8 |
| AGENT_MEMORY | 8g |
| SHM_SIZE | 1gb |
## Guacamole Registration
| Setting | Value |
|---------|-------|
| Connection Name | ${name^} Desktop |
| Protocol | VNC |
| Hostname | ${name}-desktop |
| Port | 5900 |
| Password | (from VNC_PASSWORD above) |
ENV
log "Generated ${agent_dir}/env-vars.md"
log "Review the env vars, then set them in Coolify and deploy."
}
cmd_register() {
local name="$1"
local agent_dir="${INCUBATOR_DIR}/${name}"
load_guacamole_creds || exit 1
# Try to read VNC password from env-vars.md
local vnc_pass=""
if [ -f "${agent_dir}/env-vars.md" ]; then
vnc_pass=$(grep "VNC_PASSWORD" "${agent_dir}/env-vars.md" | grep -oP '\| \K[^|]+$' | xargs || true)
fi
if [ -z "${vnc_pass}" ] || [ "${vnc_pass}" = "(set in Coolify)" ]; then
read -rp "VNC password for ${name}-desktop: " vnc_pass
fi
log "Getting Guacamole auth token..."
local token
token=$(guacamole_token) || exit 1
log "Creating VNC connection for '${name}'..."
local response
response=$(curl -s -X POST "${GUACAMOLE_URL}/api/session/data/mysql/connections?token=${token}" \
-H "Content-Type: application/json" \
-d "{
\"name\": \"${name^} Desktop\",
\"protocol\": \"vnc\",
\"parentIdentifier\": \"ROOT\",
\"parameters\": {
\"hostname\": \"${name}-desktop\",
\"port\": \"5900\",
\"password\": \"${vnc_pass}\",
\"color-depth\": \"32\",
\"width\": \"1920\",
\"height\": \"1080\",
\"dpi\": \"96\"
},
\"attributes\": {}
}")
local conn_id
conn_id=$(echo "${response}" | jq -r '.identifier // empty')
if [ -n "${conn_id}" ]; then
log "Registered! Connection ID: ${conn_id}"
log "Access: ${GUACAMOLE_URL} → ${name^} Desktop"
else
err "Registration failed. Response: ${response}"
exit 1
fi
}
cmd_validate() {
local name="$1"
local container="${name}-desktop"
local pass=0
local fail=0
local skip=0
log "Validating agent '${name}'..."
echo ""
# Network reachability
printf " %-40s" "DNS resolution (${container})..."
if ping -c 1 -W 2 "${container}" &>/dev/null; then
echo "PASS"
((pass++))
else
echo "FAIL"
((fail++))
fi
printf " %-40s" "VNC port (5900)..."
if nc -z -w 2 "${container}" 5900 &>/dev/null; then
echo "PASS"
((pass++))
else
echo "FAIL"
((fail++))
fi
printf " %-40s" "OpenClaw gateway (18789)..."
if bash -c "</dev/tcp/${container}/18789" 2>/dev/null; then
echo "PASS"
((pass++))
else
echo "FAIL"
((fail++))
fi
# Memory system
printf " %-40s" "Qdrant reachable..."
if curl -s -o /dev/null -w '%{http_code}' http://memory-qdrant:6333/collections | grep -q "200"; then
echo "PASS"
((pass++))
else
echo "FAIL"
((fail++))
fi
printf " %-40s" "Embeddings reachable..."
if curl -s -o /dev/null -w '%{http_code}' http://memory-embeddings:8000/health 2>/dev/null | grep -q "200"; then
echo "PASS"
((pass++))
else
echo "SKIP (may not have /health)"
((skip++))
fi
echo ""
echo " Results: ${pass} passed, ${fail} failed, ${skip} skipped"
if [ "${fail}" -eq 0 ]; then
log "Validation PASSED"
else
log "Validation FAILED (${fail} issues)"
exit 1
fi
}
cmd_status() {
local name="${1:-}"
if [ -n "${name}" ]; then
local container="${name}-desktop"
printf " %-15s" "${name}"
if ping -c 1 -W 1 "${container}" &>/dev/null; then
if bash -c "</dev/tcp/${container}/18789" 2>/dev/null; then
echo "OPERATIONAL ${container}"
else
echo "UNHEALTHY ${container} (gateway not responding on 18789)"
fi
else
echo "UNREACHABLE ${container}"
fi
else
log "Agent Status:"
echo ""
for dir in "${INCUBATOR_DIR}"/*/; do
[ -d "${dir}" ] || continue
local agent_name
agent_name=$(basename "${dir}")
# Skip non-agent dirs
[ "${agent_name}" = "spawn-machine" ] && continue
cmd_status "${agent_name}" 2>/dev/null || true
done
fi
}
cmd_list() {
log "Agents in incubator:"
echo ""
for dir in "${INCUBATOR_DIR}"/*/; do
[ -d "${dir}" ] || continue
local agent_name
agent_name=$(basename "${dir}")
[ "${agent_name}" = "spawn-machine" ] && continue
local status="unknown"
if [ -f "${dir}/agent-spec.md" ]; then
status=$(grep "^status:" "${dir}/agent-spec.md" | head -1 | sed 's/status: *//' || echo "unknown")
fi
printf " %-15s %s\n" "${agent_name}" "${status}"
done
}
# =============================================================================
# Coolify helpers
# =============================================================================
COOLIFY_API="${COOLIFY_API_URL:-https://cool.machinemachine.ai/api/v1}"
COOLIFY_AUTH_TOKEN=""
coolify_token() {
if [ -f "${HOME}/.config/coolify/config" ]; then
source "${HOME}/.config/coolify/config"
COOLIFY_AUTH_TOKEN="${COOLIFY_TOKEN:-}"
fi
echo "${COOLIFY_AUTH_TOKEN}"
}
coolify_api() {
local method="$1" endpoint="$2" data="${3:-}"
local token; token=$(coolify_token)
if [ -n "${data}" ]; then
curl -sf -X "${method}" "${COOLIFY_API}/${endpoint}" \
-H "Authorization: Bearer ${token}" \
-H "Content-Type: application/json" \
-d "${data}"
else
curl -sf -X "${method}" "${COOLIFY_API}/${endpoint}" \
-H "Authorization: Bearer ${token}"
fi
}
coolify_set_env() {
local uuid="$1" key="$2" value="$3"
local json_val
json_val=$(echo -n "${value}" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))')
# POST first; if 409 (exists), DELETE then re-POST
local out code
out=$(curl -s -w '\n%{http_code}' -X POST "${COOLIFY_API}/applications/${uuid}/envs" \
-H "Authorization: Bearer $(coolify_token)" \
-H "Content-Type: application/json" \
-d "{\"key\":\"${key}\",\"value\":${json_val},\"is_preview\":false}")
code=$(echo "${out}" | tail -1)
if [ "${code}" = "409" ]; then
# Already exists — get its uuid and overwrite
local env_uuid
env_uuid=$(coolify_api GET "applications/${uuid}/envs" 2>/dev/null | \
python3 -c "import json,sys,os; envs=json.load(sys.stdin); e=[x for x in envs if x.get('key')=='${key}']; print(e[0]['uuid'] if e else '')" 2>/dev/null || echo "")
if [ -n "${env_uuid}" ]; then
curl -s -X DELETE "${COOLIFY_API}/applications/${uuid}/envs/${env_uuid}" \
-H "Authorization: Bearer $(coolify_token)" > /dev/null 2>&1 || true
curl -s -X POST "${COOLIFY_API}/applications/${uuid}/envs" \
-H "Authorization: Bearer $(coolify_token)" \
-H "Content-Type: application/json" \
-d "{\"key\":\"${key}\",\"value\":${json_val},\"is_preview\":false}" > /dev/null 2>&1 || true
fi
fi
return 0
}
# =============================================================================
# cmd_spawn — single command to spawn a new agent
# Usage: spawn-machine.sh spawn <name> <telegram_token> [options]
# Options:
# --anthropic-key KEY Per-agent Anthropic API key
# --openrouter-key KEY Per-agent OpenRouter API key
# --cerebras-key KEY Per-agent Cerebras API key
# --skills LIST Override default AGENT_SKILLS
# --no-deploy Create + configure but don't deploy yet
# =============================================================================
COOLIFY_PROJECT_UUID="q8w4cwskgwkgg0cg00k00coo"
COOLIFY_SERVER_UUID="vw8k84s4swgoc4w0sswkgwc4"
COOLIFY_GITHUB_APP_UUID="r00ooc0kw0csgsww0k8kso00"
FLEET_ENV_CONF="${HOME}/.config/spawn-machine/fleet-env.conf"
cmd_spawn() {
local name="${1:-}"
local telegram_token="${2:-}"
shift 2 || true
# Parse options
local anthropic_key="" openrouter_key="" cerebras_key="" custom_skills="" no_deploy=false session_id=""
while [[ $# -gt 0 ]]; do
case "$1" in
--anthropic-key) anthropic_key="$2"; shift 2 ;;
--openrouter-key) openrouter_key="$2"; shift 2 ;;
--cerebras-key) cerebras_key="$2"; shift 2 ;;
--skills) custom_skills="$2"; shift 2 ;;
--no-deploy) no_deploy=true; shift ;;
--session-id) session_id="$2"; shift 2 ;;
*) err "Unknown option: $1"; exit 1 ;;
esac
done
[ -z "${name}" ] && { err "Usage: spawn-machine.sh spawn <name> <telegram_token>"; exit 1; }
[ -z "${telegram_token}" ] && echo " ⚠️ No Telegram token — agent will run without Telegram channel"
# Validate name not already in registry
if grep -q "^ ${name}:" "${REGISTRY_FILE}" 2>/dev/null; then
err "Agent '${name}' already exists in registry. Use a different name."
exit 1
fi
log "Spawning agent '${name}'..."
# Load fleet env defaults
local fleet_env=()
if [ -f "${FLEET_ENV_CONF}" ]; then
while IFS='=' read -r k v; do
[[ "$k" =~ ^#.*$ || -z "$k" ]] && continue
fleet_env+=("$k=$v")
done < "${FLEET_ENV_CONF}"
log "Fleet env loaded from ${FLEET_ENV_CONF} (${#fleet_env[@]} vars)"
else
log "Warning: No fleet env config at ${FLEET_ENV_CONF} — set shared vars manually in Coolify"
fi
# -------------------------------------------------------------------------
# Step 1: Generate per-agent compose + push to GitHub
# -------------------------------------------------------------------------
log "[1/9] Generating per-agent compose → machine-machine/m2-desktop:agents/${name}/docker-compose.yml"
local compose_content
compose_content="# Agent compose — ${name} — all values hardcoded, no \${VAR} outside environment section
services:
${name}-m2o:
container_name: ${name}-m2o
image: ghcr.io/machine-machine/m2-desktop:agent-latest
# Fix: strip set -e from entrypoint + strip meta block from generated openclaw.json (meta block breaks config validator)
entrypoint: [\"/bin/bash\", \"-c\", \"sed -i '/^set -e/d' /usr/local/bin/entrypoint.sh 2>/dev/null || true; echo aW1wb3J0IGpzb24scGF0aGxpYgpwPXBhdGhsaWIuUGF0aC5ob21lKCkvIi5vcGVuY2xhdy9vcGVuY2xhdy5qc29uIgppZiBwLmV4aXN0cygpOgogICAgZD1qc29uLmxvYWRzKHAucmVhZF90ZXh0KCkpCiAgICBkLnBvcCgibWV0YSIsTm9uZSkKICAgIHAud3JpdGVfdGV4dChqc29uLmR1bXBzKGQsaW5kZW50PTIpKQo= | base64 -d > /tmp/strip_meta.py; sed -i '/generate-openclaw-config/a python3 /tmp/strip_meta.py 2>/dev/null||true' /usr/local/bin/entrypoint.sh 2>/dev/null || true; exec /usr/local/bin/entrypoint.sh\"]
restart: unless-stopped
environment:
AGENT_NAME: \"${name}\"
AGENT_ID: \"${name}\"
M2_HOME: /agent_home
WORKSPACE: /home/developer/.openclaw/workspace
ANTHROPIC_API_KEY: \${ANTHROPIC_API_KEY}
OPENROUTER_API_KEY: \${OPENROUTER_API_KEY}
CEREBRAS_API_KEY: \${CEREBRAS_API_KEY}
AGENT_TELEGRAM_BOT_TOKEN: \${AGENT_TELEGRAM_BOT_TOKEN}
AGENT_OPENCLAW_REPO: \${AGENT_OPENCLAW_REPO}
AGENT_OPENCLAW_BRANCH: \${AGENT_OPENCLAW_BRANCH}
AGENT_BOOTSTRAP_REPO_URL: \${AGENT_BOOTSTRAP_REPO_URL}
AGENT_TTS_BASE_URL: \${AGENT_TTS_BASE_URL}
AGENT_TTS_VOICE: \${AGENT_TTS_VOICE}
AGENT_TTS_TIMEOUT_MS: \${AGENT_TTS_TIMEOUT_MS}
AGENT_STT_BASE_URL: \${AGENT_STT_BASE_URL}
AGENT_STT_MODEL: \${AGENT_STT_MODEL}
QDRANT_URL: \${QDRANT_URL}
EMBEDDINGS_URL: \${EMBEDDINGS_URL}
COLLECTION_NAME: \"agent_memory_${name}\"
AGENT_SKILLS: \${AGENT_SKILLS}
BGE_PROXY_TOKEN: \${BGE_PROXY_TOKEN}
PLANKA_URL: \${PLANKA_URL}
PLANKA_TOKEN: \${PLANKA_TOKEN}
PLANKA_USER: \${PLANKA_USER}
PLANKA_EMAIL: \${PLANKA_EMAIL}
PLANKA_PASS: \${PLANKA_PASS}
COOLIFY_TOKEN: \${COOLIFY_TOKEN}
COOLIFY_API_URL: \${COOLIFY_API_URL}
VNC_PASSWORD: \${VNC_PASSWORD}
AGENT_BROWSER_ENABLED: \"true\"
FLEET_REDIS_HOST: \"fleet-redis\"
FLEET_REDIS_PORT: \"6379\"
FLEET_SSH_PUBKEY: \${FLEET_SSH_PUBKEY}
AGENT_PRESET: \"generalist\"
deploy:
resources:
limits:
cpus: \"8\"
memory: 8g
shm_size: 1gb
privileged: true
volumes:
- ${name}_agent_home:/agent_home
healthcheck:
test: [\"CMD-SHELL\", \"bash -c '</dev/tcp/localhost/18789' 2>/dev/null && exit 0 || exit 1\"]
interval: 30s
timeout: 10s
retries: 3
start_period: 120s
networks:
default:
coolify:
aliases:
- ${name}-m2o
networks:
coolify:
external: true
volumes:
${name}_agent_home:
driver: local
"
# Push compose to GitHub on a per-agent branch (agents/${name})
# Rationale: all agents sharing :base means ANY push to base triggers redeploys
# for every agent connected to that branch. Per-agent branch = isolated webhook.
python3 - << PYEOF
import json, base64, subprocess, sys
content = base64.b64encode("""${compose_content}""".encode()).decode()
repo = "machine-machine/m2-desktop"
path = "docker-compose.yml" # root of the per-agent branch
branch = "agents/${name}"
# Get SHA of base branch tip to fork from
base_ref = subprocess.run(
["gh","api",f"repos/{repo}/git/refs/heads/base"],
capture_output=True, text=True)
if base_ref.returncode != 0:
print(f" ERROR: could not read base branch: {base_ref.stderr[:100]}", file=sys.stderr)
sys.exit(1)
base_sha = json.loads(base_ref.stdout)["object"]["sha"]
# Create per-agent branch from base (ignore 422 = already exists)
branch_payload = {"ref": f"refs/heads/{branch}", "sha": base_sha}
br = subprocess.run(
["gh","api","--method=POST",f"repos/{repo}/git/refs","--input=-"],
input=json.dumps(branch_payload), capture_output=True, text=True)
if br.returncode == 0:
print(f" Created branch agents/${name} from base ({base_sha[:8]})")
elif "Reference already exists" in br.stderr or "already exists" in br.stderr:
print(f" Branch agents/${name} already exists — reusing")
else:
print(f" ERROR creating branch: {br.stderr[:100]}", file=sys.stderr)
sys.exit(1)
# Get existing SHA of docker-compose.yml on agent branch (for update)
r = subprocess.run(
["gh","api",f"repos/{repo}/contents/{path}?ref={branch}"],
capture_output=True, text=True)
sha = json.loads(r.stdout).get("sha","") if r.returncode == 0 else ""
payload = {"message": "spawn: ${name} docker-compose.yml — service name ${name}-m2o",
"content": content, "branch": branch}
if sha:
payload["sha"] = sha
r2 = subprocess.run(
["gh","api","--method=PUT",f"repos/{repo}/contents/{path}","--input=-"],
input=json.dumps(payload), capture_output=True, text=True)
if r2.returncode == 0:
print(f" Pushed: {branch}/docker-compose.yml")
else:
print(f" ERROR: {r2.stderr[:100]}", file=sys.stderr)
sys.exit(1)
PYEOF
log " Compose pushed to GitHub (branch: agents/${name})"
# -------------------------------------------------------------------------
# Step 2: Create Coolify app on per-agent branch
# -------------------------------------------------------------------------
log "[2/9] Creating Coolify application '${name}-m2o'..."
local app_json
app_json=$(coolify_api POST "applications/private-github-app" "{
\"project_uuid\": \"${COOLIFY_PROJECT_UUID}\",
\"server_uuid\": \"${COOLIFY_SERVER_UUID}\",
\"environment_name\": \"production\",
\"git_repository\": \"machine-machine/m2-desktop\",
\"git_branch\": \"agents/${name}\",
\"build_pack\": \"dockercompose\",
\"docker_compose_location\": \"/docker-compose.yml\",
\"github_app_uuid\": \"${COOLIFY_GITHUB_APP_UUID}\",
\"ports_exposes\": \"8080\",
\"name\": \"${name}-m2o\",
\"instant_deploy\": false
}") || { err "Failed to create Coolify app"; exit 1; }
local app_uuid
app_uuid=$(echo "${app_json}" | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('uuid') or d.get('data',{}).get('uuid',''))" 2>/dev/null)
[ -z "${app_uuid}" ] && { err "Could not parse app UUID from: ${app_json}"; exit 1; }
log " Created: ${app_uuid}"
# -------------------------------------------------------------------------
# Step 3: (named volumes auto-created by Docker — no host mkdir needed)
# -------------------------------------------------------------------------
log "[3/9] Named volume '${name}_agent_home' will be auto-created by Docker"
# -------------------------------------------------------------------------
# Step 4: Set environment variables
# -------------------------------------------------------------------------
log "[4/9] Setting environment variables..."
# Fleet-wide vars (from config file)
for kv in "${fleet_env[@]}"; do
local k="${kv%%=*}" v="${kv#*=}"
coolify_set_env "${app_uuid}" "${k}" "${v}"
done
# Agent-specific vars (always set, override fleet defaults)
coolify_set_env "${app_uuid}" "AGENT_NAME" "${name}"
coolify_set_env "${app_uuid}" "AGENT_ID" "${name}"
coolify_set_env "${app_uuid}" "M2_HOME" "/agent_home"
[ -n "${telegram_token}" ] && coolify_set_env "${app_uuid}" "AGENT_TELEGRAM_BOT_TOKEN" "${telegram_token}"
coolify_set_env "${app_uuid}" "COLLECTION_NAME" "agent_memory_${name}"
# Notify-live wiring — agent calls this on boot to mark itself live
[ -n "${session_id}" ] && coolify_set_env "${app_uuid}" "AGENT_SESSION_ID" "${session_id}"
[ -n "${session_id}" ] && coolify_set_env "${app_uuid}" "AGENT_NOTIFY_URL" \
"https://api.machinemachine.ai/v1/onboard/notify-live"
# API keys — use project-level shared vars by default (Coolify {{project.KEY}} pattern)
# Override with explicit --anthropic-key / --openrouter-key flags if needed
local effective_anthropic="${anthropic_key:-{{project.ANTHROPIC_API_KEY}}}"
local effective_openrouter="${openrouter_key:-{{project.OPENROUTER_API_KEY}}}"
coolify_set_env "${app_uuid}" "ANTHROPIC_API_KEY" "${effective_anthropic}"
coolify_set_env "${app_uuid}" "OPENROUTER_API_KEY" "${effective_openrouter}"
[ -n "${cerebras_key}" ] && coolify_set_env "${app_uuid}" "CEREBRAS_API_KEY" "${cerebras_key}"
[ -n "${custom_skills}" ] && coolify_set_env "${app_uuid}" "AGENT_SKILLS" "${custom_skills}"
# Default model: GLM-5 via OpenRouter (override with AGENT_DEFAULT_MODEL env or --model flag)
local default_model="${AGENT_DEFAULT_MODEL:-openrouter/thudm/glm-z1-32b:free}"
coolify_set_env "${app_uuid}" "AGENT_DEFAULT_MODEL" "${default_model}"
# S3/Minio env vars — read from shell env first, fall back to fleet-env.conf
local minio_endpoint="${MINIO_ENDPOINT:-}"
local minio_access="${MINIO_ACCESS_KEY:-}"
local minio_secret="${MINIO_SECRET_KEY:-}"
local minio_bucket="${MINIO_BUCKET:-m2o-agents}"
for kv in "${fleet_env[@]}"; do
case "${kv%%=*}" in
MINIO_ENDPOINT) [ -z "$minio_endpoint" ] && minio_endpoint="${kv#*=}" ;;
MINIO_ACCESS_KEY) [ -z "$minio_access" ] && minio_access="${kv#*=}" ;;
MINIO_SECRET_KEY) [ -z "$minio_secret" ] && minio_secret="${kv#*=}" ;;
MINIO_BUCKET) minio_bucket="${kv#*=}" ;;
esac
done
if [ -n "$minio_endpoint" ]; then
coolify_set_env "${app_uuid}" "MINIO_ENDPOINT" "${minio_endpoint}"
coolify_set_env "${app_uuid}" "MINIO_ACCESS_KEY" "${minio_access}"
coolify_set_env "${app_uuid}" "MINIO_SECRET_KEY" "${minio_secret}"
coolify_set_env "${app_uuid}" "MINIO_BUCKET" "${minio_bucket}"
log " S3 sync configured → ${minio_endpoint}/${minio_bucket}"
else
log " Warning: MINIO_ENDPOINT not set — agent home will NOT be S3-backed"
fi
log " Env vars set"
# -------------------------------------------------------------------------
# Step 4a: Create Qdrant memory namespace
# -------------------------------------------------------------------------
log "[5/9] Creating Qdrant collection 'agent_memory_${name}'..."
local qdrant_url="${QDRANT_URL:-http://memory-qdrant:6333}"
# Read from fleet-env.conf if available
[[ " ${fleet_env[*]} " =~ QDRANT_URL=([^ ]*) ]] && qdrant_url="${BASH_REMATCH[1]}"
local qdrant_result
qdrant_result=$(curl -sf -o /dev/null -w "%{http_code}" -X PUT \
"${qdrant_url}/collections/agent_memory_${name}" \
-H "Content-Type: application/json" \
-d '{
"vectors": {"size": 1024, "distance": "Cosine"},
"optimizers_config": {"default_segment_number": 2}
}') 2>/dev/null || true
if [ "$qdrant_result" = "200" ] || [ "$qdrant_result" = "201" ]; then
log " Collection created: agent_memory_${name}"
# Add payload indices
for field in "timestamp:float" "importance:float" "agent_id:keyword" "tier:keyword" "entity_tags:keyword" "memory_type:keyword"; do
fname="${field%%:*}"; ftype="${field##*:}"
curl -sf -X PUT "${qdrant_url}/collections/agent_memory_${name}/index" \
-H "Content-Type: application/json" \
-d "{\"field_name\":\"${fname}\",\"field_schema\":\"${ftype}\"}" > /dev/null 2>&1 || true
done
log " Payload indices created"
else
log " Warning: Qdrant returned ${qdrant_result} — collection may already exist or Qdrant unreachable"
fi
# -------------------------------------------------------------------------
# Step 4b: Create Planka user
# -------------------------------------------------------------------------
log "[6/9] Creating Planka user for '${name}'..."
local planka_url="${PLANKA_URL:-https://kanban.machinemachine.ai}"
local planka_token="${PLANKA_TOKEN:-}"
local planka_email="${name}@machinemachine.ai"
local planka_pass="${name^}Agent2026!"
for kv in "${fleet_env[@]}"; do
[[ "$kv" == PLANKA_URL=* ]] && planka_url="${kv#*=}"
[[ "$kv" == PLANKA_TOKEN=* ]] && planka_token="${kv#*=}"
done
if [ -n "${planka_token}" ]; then
local planka_create
planka_create=$(curl -sf -X POST "${planka_url}/api/users" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${planka_token}" \
-d "{\"email\":\"${planka_email}\",\"password\":\"${planka_pass}\",\"name\":\"${name^}\",\"username\":\"${name}\"}" \
2>/dev/null | python3 -c "import json,sys; d=json.load(sys.stdin); print(d.get('item',{}).get('id','err:'+str(d)))" 2>/dev/null || echo "failed")
if [[ "${planka_create}" =~ ^[0-9]+ ]]; then
log " Planka user created: ${planka_email} (id: ${planka_create})"
# Terms acceptance via DB exec
local pg_container
pg_container=$(sudo curl -sf --unix-socket /var/run/docker.sock \
"http://localhost/containers/json" 2>/dev/null | \
python3 -c "
import json,sys
cs=json.load(sys.stdin)
for c in cs:
if any('postgres' in n.lower() and 'planka' in n.lower() for n in c.get('Names',[])):
print(c['Id'][:12])
break
" 2>/dev/null || echo "")
if [ -n "${pg_container}" ]; then
EXEC_ID=$(sudo curl -sf -X POST --unix-socket /var/run/docker.sock \
"http://localhost/containers/${pg_container}/exec" \
-H "Content-Type: application/json" \
-d "{\"Cmd\":[\"psql\",\"-U\",\"postgres\",\"planka\",\"-c\",\"UPDATE \\\"user\\\" SET is_agreement_accepted=true WHERE username='${name}'\"],\"AttachStdout\":true,\"AttachStderr\":true}" \
2>/dev/null | python3 -c "import json,sys; print(json.load(sys.stdin).get('Id',''))")
[ -n "${EXEC_ID}" ] && sudo curl -sf -X POST --unix-socket /var/run/docker.sock \
"http://localhost/exec/${EXEC_ID}/start" \
-H "Content-Type: application/json" -d '{"Detach":false}' > /dev/null 2>&1
log " Terms accepted via DB exec"
fi
# Get individual token
local agent_token
agent_token=$(curl -sf -X POST "${planka_url}/api/access-tokens" \
-H "Content-Type: application/json" \
-d "{\"emailOrUsername\":\"${planka_email}\",\"password\":\"${planka_pass}\"}" \
2>/dev/null | python3 -c "import json,sys; print(json.load(sys.stdin).get('item',''))" 2>/dev/null || echo "")
[ -n "${agent_token}" ] && {
coolify_set_env "${app_uuid}" "PLANKA_EMAIL" "${planka_email}"
coolify_set_env "${app_uuid}" "PLANKA_USER" "${planka_email}"
coolify_set_env "${app_uuid}" "PLANKA_PASS" "${planka_pass}"
coolify_set_env "${app_uuid}" "PLANKA_TOKEN" "${agent_token}"
log " Individual Planka token set in Coolify"
} || log " Warning: Could not get individual token — shared admin token will be used"
else
log " Warning: Planka user creation failed (${planka_create}). Using shared admin token."
coolify_set_env "${app_uuid}" "PLANKA_EMAIL" "${planka_email}"
fi
else
log " Skipping Planka user — no PLANKA_TOKEN in fleet env"
fi
# -------------------------------------------------------------------------
# Step 4: Pre-register Guacamole connection
# -------------------------------------------------------------------------
log "[7/9] Pre-registering Guacamole connection + user (m2o)..."
load_guacamole_creds 2>/dev/null && {
local guac_token
guac_token=$(guacamole_token 2>/dev/null) && {
local vnc_pass="agentdesktop"
# Generate a per-agent Guacamole password (stored in registry)
local guac_user_pass
guac_user_pass=$(python3 -c "import secrets; print(secrets.token_urlsafe(16))")
# Create VNC connection — hostname matches container alias (${name}-m2o)
local response conn_id
response=$(curl -sf -X POST \
"${GUACAMOLE_URL}/api/session/data/mysql/connections?token=${guac_token}" \
-H "Content-Type: application/json" \
-d "{
\"name\": \"${name^} Desktop\",
\"protocol\": \"vnc\",
\"parentIdentifier\": \"ROOT\",
\"parameters\": {
\"hostname\": \"${name}-m2o\",
\"port\": \"5900\",
\"password\": \"${vnc_pass}\",
\"color-depth\": \"32\",
\"width\": \"1920\",
\"height\": \"1080\"
},
\"attributes\": {}
}")
conn_id=$(echo "${response}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('identifier',''))" 2>/dev/null || true)
[ -n "${conn_id}" ] && log " Connection created: ID ${conn_id}" || log " Warning: connection pre-registration failed"
# Create a per-agent Guacamole user
local user_response
user_response=$(curl -sf -X POST \
"${GUACAMOLE_URL}/api/session/data/mysql/users?token=${guac_token}" \
-H "Content-Type: application/json" \
-d "{
\"username\": \"${name}\",
\"password\": \"${guac_user_pass}\",
\"attributes\": {
\"disabled\": \"\",
\"expired\": \"\",
\"access-window-start\": \"\",
\"access-window-end\": \"\",
\"valid-from\": \"\",
\"valid-until\": \"\",
\"timezone\": null
}
}" 2>/dev/null || echo "")
local user_created
user_created=$(echo "${user_response}" | python3 -c "import json,sys; print(json.load(sys.stdin).get('username',''))" 2>/dev/null || true)
# Grant that user access to their connection
if [ -n "${user_created}" ] && [ -n "${conn_id}" ]; then
curl -sf -X PATCH \
"${GUACAMOLE_URL}/api/session/data/mysql/users/${name}/permissions?token=${guac_token}" \
-H "Content-Type: application/json" \
-d "[{\"op\":\"add\",\"path\":\"/connectionPermissions/${conn_id}\",\"value\":\"READ\"}]" > /dev/null 2>&1 || true
log " Guacamole user '${name}' created — password: ${guac_user_pass}"
log " URL: ${GUACAMOLE_URL} | User: ${name} | Pass: ${guac_user_pass}"
# Store creds in onboarding session so notify-live can send them to the user
if [ -n "${session_id}" ] && [ -n "${ONBOARD_API_URL:-}" ] && [ -n "${ONBOARD_ADMIN_TOKEN:-}" ]; then
curl -sf -X POST "${ONBOARD_API_URL}/v1/admin/set-guac-creds" \
-H "Content-Type: application/json" \
-H "x-admin-token: ${ONBOARD_ADMIN_TOKEN}" \
-d "{\"session_id\":\"${session_id}\",\"guacamole_user\":\"${name}\",\"guacamole_pass\":\"${guac_user_pass}\"}" \
> /dev/null 2>&1 \
&& log " Guacamole creds stored in onboarding session ${session_id}" \
|| log " Warning: could not store guac creds in session (non-fatal)"
fi
else
log " Warning: Guacamole user creation failed — admin access only"
fi
}
} || log " Guacamole creds not found — skipping pre-registration"
# -------------------------------------------------------------------------
# Step 5: Update registry
# -------------------------------------------------------------------------
log "[8/9] Registering in fleet registry..."
local ts
ts=$(date -u +%Y-%m-%d)
cat >> "${REGISTRY_FILE}" << YAML
${name}:
coolify_uuid: ${app_uuid}
telegram: pending
memory_collection: agent_memory_${name}
status: provisioning
created: ${ts}
host_path: /opt/m2o/${name}/home
YAML
log " Added to registry.yaml"
# -------------------------------------------------------------------------
# Step 6: Deploy (unless --no-deploy)
# -------------------------------------------------------------------------
if [ "${no_deploy}" = "false" ]; then
log "[9/9] Triggering deployment..."
coolify_api POST "deploy?uuid=${app_uuid}&force=false" > /dev/null
log " Deployment triggered"
log ""
log "✅ Agent '${name}' spawning!"
log " Coolify UUID: ${app_uuid}"
log " Host path: /opt/m2o/${name}/home"
log " Guacamole: m2o.machinemachine.ai → '${name^} Desktop'"
log " Timeline: ~3 min to first Telegram message"
else
log "[9/9] Skipping deploy (--no-deploy). Run when ready:"
log " coolify_api POST deploy?uuid=${app_uuid}&force=false"
fi
# Notify via escalation
python3 - << PYEOF 2>/dev/null || true
import urllib.request, json, os
token = "${BGE_PROXY_TOKEN:-}"
if token:
payload = json.dumps({
"from_agent": "m2",
"to_agent": "m2",
"message": "spawn-machine: '${name}' spawning (uuid: ${app_uuid}). Notify master when live.",
"priority": "low"
}).encode()
req = urllib.request.Request(
"http://bge-proxy.machinemachine.ai/escalate",
data=payload,
headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"},
method="POST"
)
urllib.request.urlopen(req, timeout=5)
PYEOF
}
# =============================================================================
# =============================================================================
# cmd_destroy — full teardown of a spawned agent
# =============================================================================
cmd_destroy() {
local name="${1:-}"
local force=false
shift || true
[[ "${1:-}" == "--force" ]] && force=true
[ -z "${name}" ] && { err "Usage: spawn-machine.sh destroy <name> [--force]"; exit 1; }
# Load fleet env
local fleet_env=()
if [ -f "${FLEET_ENV_CONF}" ]; then
while IFS='=' read -r k v; do
[[ "$k" =~ ^#.*$ || -z "$k" ]] && continue
fleet_env+=("$k=$v")
done < "${FLEET_ENV_CONF}"
fi
# Get values from fleet_env
get_fleet_var() { local key="$1" val=""
for kv in "${fleet_env[@]}"; do [[ "${kv%%=*}" == "$key" ]] && val="${kv#*=}"; done; echo "$val"; }
# Read agent from registry
if ! grep -q "^ ${name}:" "${REGISTRY_FILE}" 2>/dev/null; then
err "Agent '${name}' not found in registry. Check: spawn-machine.sh list"
exit 1
fi
local coolify_uuid memory_collection
coolify_uuid=$(python3 -c "
import sys
with open('${REGISTRY_FILE}') as f: content=f.read()
import re
m=re.search(r' ${name}:\n((?: .+\n)*)', content)
if m:
block=m.group(1)
u=re.search(r'coolify_uuid:\s*(\S+)', block)
print(u.group(1) if u else '')
" 2>/dev/null || echo "")
memory_collection="agent_memory_${name}"
log "Destroying agent '${name}' (coolify_uuid=${coolify_uuid:-unknown})"
# Confirmation
if [ "${force}" = "false" ]; then
echo ""
echo " ⚠️ This will permanently delete:"
echo " • Coolify app (container + named volume ${name}_agent_home)"
echo " • Qdrant collection ${memory_collection}"
echo " • Planka user ${name}"
echo " • Guacamole connection '${name^} Desktop' + user '${name}'"
echo " • S3 data s3://m2o-agents/${name}/"
echo " • Registry entry + GitHub branch agents/${name}"
echo " • Onboarding session (marked destroyed in API)"
echo ""
read -rp " Type '${name}' to confirm: " confirm
[ "${confirm}" != "${name}" ] && { log "Aborted."; exit 0; }
fi
local errors=0
# ── 1. Coolify: stop + delete application ────────────────────────────────
log "[1/7] Deleting Coolify application..."
if [ -n "${coolify_uuid}" ]; then
local del_result
del_result=$(coolify_api DELETE "applications/${coolify_uuid}" 2>&1) && \
log " Coolify app deleted" || \
{ log " Warning: Coolify delete failed: ${del_result}"; ((errors++)); }
else
log " Warning: No coolify_uuid in registry — skipping Coolify delete"
((errors++))
fi
# ── 2. Qdrant: delete collection ─────────────────────────────────────────
log "[2/7] Deleting Qdrant collection '${memory_collection}'..."
local qdrant_url="${QDRANT_URL:-http://memory-qdrant:6333}"
for kv in "${fleet_env[@]}"; do [[ "${kv%%=*}" == "QDRANT_URL" ]] && qdrant_url="${kv#*=}"; done
curl -sf -X DELETE "${qdrant_url}/collections/${memory_collection}" -o /dev/null && \
log " Qdrant collection deleted" || \
{ log " Warning: Qdrant delete failed (collection may not exist)"; }
# ── 3. Planka: delete user ────────────────────────────────────────────────
log "[3/7] Deleting Planka user '${name}'..."
local planka_url planka_token planka_email
planka_url=$(get_fleet_var "PLANKA_URL"); planka_url="${planka_url:-${PLANKA_URL:-}}"
planka_token=$(get_fleet_var "PLANKA_TOKEN"); planka_token="${planka_token:-${PLANKA_TOKEN:-}}"