egutierrez
4c5bf95def
Bash script que provisiona Matrix user via Synapse admin API + login para access_token + scaffold completo (config.yaml, agent.go, prompts/system.md). 6 templates (user/sudo x config/agent.go/prompt). 20 tests bash pasan. Genera .env con AGENT_<ID>_TOKEN/PASSWORD/PICKLE/DEVICE_ID + URL mesh.
265 lines
6.2 KiB
Cheetah
265 lines
6.2 KiB
Cheetah
# ============================================
|
|
# IDENTIDAD — agent LLM user-scope (mode=user)
|
|
# ============================================
|
|
# Generado por dev-scripts/agent/provision-agent-user.sh
|
|
# Issue 0144 §6.1. NO editar a mano sin razon — re-provisionar reescribe.
|
|
|
|
agent:
|
|
id: {{AGENT_ID}}
|
|
name: "{{DISPLAY_NAME}}"
|
|
version: "0.1.0"
|
|
enabled: true
|
|
description: "Conversational LLM agent for {{HOST}} (user-scope). Tools allowed: user|both. Delegates sudo to agent-{{HOST}}-sudo."
|
|
tags: [agent, llm, devicemesh, {{HOST}}, user]
|
|
type: agent
|
|
|
|
# ============================================
|
|
# PERSONALIDAD
|
|
# ============================================
|
|
personality:
|
|
tone: pragmatic
|
|
verbosity: concise
|
|
language: es
|
|
languages_supported: [es, en]
|
|
emoji_style: minimal
|
|
prefix: "🖥️"
|
|
error_style: helpful
|
|
|
|
templates:
|
|
greeting: "Hola, soy {{DISPLAY_NAME}}. Operativo en {{HOST}} con scope user. ¿En qué te ayudo?"
|
|
unknown_command: "Comando no reconocido. Escríbeme directamente lo que necesitas."
|
|
permission_denied: "No tengo permiso para esa acción en scope user. Considera delegar a sudo."
|
|
error: "Algo salió mal: {{.Error}}"
|
|
success: "{{.Summary}}"
|
|
busy: "Procesando, dame un momento..."
|
|
|
|
behavior:
|
|
proactive: false
|
|
ask_confirmation: false
|
|
show_reasoning: false
|
|
thread_replies: true
|
|
typing_indicator: true
|
|
acknowledge_receipt: false
|
|
|
|
# ============================================
|
|
# LLM — claude-code subprocess (sonnet)
|
|
# ============================================
|
|
llm:
|
|
primary:
|
|
provider: claude-code
|
|
model: ""
|
|
api_key_env: ""
|
|
base_url: ""
|
|
max_tokens: 4096
|
|
temperature: 0.4
|
|
claude_code:
|
|
binary: "claude"
|
|
timeout: 5m
|
|
disable_tools: true
|
|
allowed_tools: []
|
|
disallowed_tools: []
|
|
working_dir: "/tmp/claude-agents/{{AGENT_ID}}"
|
|
permission_mode: "bypassPermissions"
|
|
model: "sonnet"
|
|
fallback_model: ""
|
|
session_id: ""
|
|
add_dirs: []
|
|
|
|
fallback:
|
|
provider: ""
|
|
model: ""
|
|
api_key_env: ""
|
|
base_url: ""
|
|
max_tokens: 0
|
|
temperature: 0
|
|
|
|
reasoning:
|
|
system_prompt_file: "prompts/system.md"
|
|
context_window: 32768
|
|
memory_messages: 50
|
|
|
|
tool_use:
|
|
enabled: true
|
|
max_iterations: 12
|
|
parallel_calls: false
|
|
|
|
rate_limit:
|
|
requests_per_minute: 60
|
|
tokens_per_minute: 200000
|
|
concurrent_requests: 5
|
|
|
|
# ============================================
|
|
# DEVICE MESH — tools que el LLM puede invocar
|
|
# ============================================
|
|
# Cada tool name mapea a una capability del device_agent remoto via mesh WG.
|
|
# Issue 0144 §2.1. Subset user|both. NO incluye scope=sudo.
|
|
device_mesh:
|
|
enabled: true
|
|
device_id: {{HOST}}
|
|
mode: user
|
|
manifest_id: manifest_{{HOST}}_v1
|
|
device_agent_url_env: {{AGENT_ID_UPPER}}_DEVICE_MESH_URL
|
|
client_timeout_s: 60
|
|
tools_allowed:
|
|
- exec
|
|
- fs.read
|
|
- fs.write
|
|
- fs.list
|
|
- fs.stat
|
|
- git.clone
|
|
- git.commit
|
|
- git.push
|
|
- git.status
|
|
- pkg.search
|
|
- proc.list
|
|
- proc.kill
|
|
- docker.list
|
|
- docker.exec
|
|
- docker.logs
|
|
- project.create
|
|
- project.list
|
|
- screenshot
|
|
- clipboard.read
|
|
- clipboard.write
|
|
- delegate_sudo
|
|
- current_time
|
|
- memory.recall
|
|
- memory.note
|
|
rate_limit:
|
|
tools_per_minute: 60
|
|
tools_per_turn: 12
|
|
|
|
# ============================================
|
|
# TOOLS — built-in (current_time, memory, knowledge)
|
|
# ============================================
|
|
tools:
|
|
ssh:
|
|
enabled: false
|
|
allowed_targets: []
|
|
forbidden_commands: []
|
|
timeout: 0s
|
|
max_concurrent: 0
|
|
require_confirmation: []
|
|
http:
|
|
enabled: false
|
|
allowed_domains: []
|
|
timeout: 0s
|
|
max_retries: 0
|
|
scripts:
|
|
enabled: false
|
|
scripts_dir: ""
|
|
allowed: []
|
|
timeout: 0s
|
|
sandbox: false
|
|
file_ops:
|
|
enabled: false
|
|
allowed_paths: []
|
|
read_only: true
|
|
mcp:
|
|
enabled: false
|
|
servers: []
|
|
expose:
|
|
port: 0
|
|
tools: []
|
|
memory:
|
|
enabled: true
|
|
knowledge:
|
|
enabled: false
|
|
|
|
# ============================================
|
|
# MEMORIA — rolling window + facts (issue 0144d)
|
|
# ============================================
|
|
memory:
|
|
enabled: true
|
|
window_size: 50
|
|
db_path: "./agents/{{AGENT_ID}}/data/memory.db"
|
|
|
|
# ============================================
|
|
# MATRIX
|
|
# ============================================
|
|
matrix:
|
|
homeserver: "{{MATRIX_HOMESERVER}}"
|
|
user_id: "@{{AGENT_ID}}:{{MATRIX_SERVER_NAME}}"
|
|
access_token_env: MATRIX_TOKEN_{{AGENT_ID_UPPER}}
|
|
device_id: "{{MATRIX_DEVICE_ID}}"
|
|
|
|
encryption:
|
|
enabled: true
|
|
store_path: "./agents/{{AGENT_ID}}/data/crypto/"
|
|
pickle_key_env: PICKLE_KEY_{{AGENT_ID_UPPER}}
|
|
trust_mode: tofu
|
|
recovery_key_env: SSSS_RECOVERY_KEY_{{AGENT_ID_UPPER}}
|
|
|
|
rooms:
|
|
listen: []
|
|
respond: []
|
|
admin: []
|
|
|
|
filters:
|
|
command_prefix: "!"
|
|
mention_respond: true
|
|
dm_respond: true
|
|
ignore_bots: true
|
|
ignore_users: []
|
|
unauthorized_response: silent
|
|
min_power_level: 0
|
|
|
|
threads:
|
|
enabled: true
|
|
auto_thread: false
|
|
|
|
# ============================================
|
|
# SSH — no aplica (tools sudo via mesh)
|
|
# ============================================
|
|
ssh:
|
|
defaults:
|
|
user: ""
|
|
port: 22
|
|
key_file_env: ""
|
|
known_hosts: ""
|
|
keepalive_interval: 0s
|
|
timeout: 0s
|
|
targets: {}
|
|
|
|
# ============================================
|
|
# SEGURIDAD
|
|
# ============================================
|
|
security:
|
|
audit:
|
|
enabled: true
|
|
log_file: "./agents/{{AGENT_ID}}/data/audit.log"
|
|
log_to_room: ""
|
|
include: [tool_call, llm_request, command]
|
|
|
|
secrets:
|
|
provider: env
|
|
|
|
sanitize:
|
|
enabled: true
|
|
mode: warn
|
|
min_severity: medium
|
|
disabled_patterns: []
|
|
|
|
tool_rate_limit:
|
|
enabled: true
|
|
max_calls_per_min: 60
|
|
cleanup_interval_s: 60
|
|
|
|
# ============================================
|
|
# SCHEDULING
|
|
# ============================================
|
|
schedules: []
|
|
|
|
# ============================================
|
|
# STORAGE
|
|
# ============================================
|
|
storage:
|
|
base_path: ""
|
|
|
|
# ============================================
|
|
# OPERATOR (humano dueño de este device)
|
|
# ============================================
|
|
operator:
|
|
matrix_id: "{{OPERATOR_MATRIX_ID}}"
|
|
requires_approval: false
|