You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Implement codewhale remote-setup — the interactive wizard designed in docs/REMOTE_SETUP_DESIGN.md — so that standing up a phone-controlled remote workbench (cloud VM + chat bridge + provider) becomes a guided in-product flow instead of a runbook: pick cloud, pick bridge, pick provider, get prompted for exactly the right secrets, receive a generated deploy bundle (env files, systemd units, RUNBOOK), optionally auto-provision behind a printed-plan confirmation gate.
User phrasing of the need: "a /remote thing that makes it easy to set up your Feishu/Lark / Telegram + DigitalOcean / Tencent Lighthouse and cues you for the right keys."
Design
Already written: docs/REMOTE_SETUP_DESIGN.md (table-driven CloudTarget × BridgeSpec × ProviderSpec, native Rust subcommand in crates/cli + crates/tui, generate-only by default, --apply gated, secrets never via argv). This issue is the implementation tracker; deltas from the design doc as written:
Add DigitalOcean as a CloudTarget row (the design lists Lighthouse/Azure with "extensible"). The v0.8.56 smoke lane validated DO end-to-end; scripts/remote-smoke/digitalocean/provision.sh is the reference for provision/digitalocean.rs (region/size/price preflight via API, SSH key import, SSH-only firewall, typed-yes billing gate, teardown with leftover-billing check).
First shipped pair: DigitalOcean × Telegram (matches the proven lane), with Lighthouse × Feishu next since its scripts/templates already exist.
Templates must encode the sharp edges found in the v0.8.56 smoke (see v0.8.56: Ship DigitalOcean + Telegram remote-workbench setup #2964): runtime binary reads DEEPSEEK_RUNTIME_TOKEN/flags only — env names work via systemd ExecStart expansion; pre-create ~/.codewhale + ~/.deepseek (ReadWritePaths); install prebuilt release binaries to /home/codewhale/.cargo/bin/ instead of building Rust on the VM.
Namespace migration (DEEPSEEK_* → CODEWHALE_* with fallback) lands with or before this, per the design doc's touch list.
Scope
crates/tui/src/remote_setup/ module per the design layout (registry, prompts, bundle renderer, provisioners).
CLI: Commands::RemoteSetup with --cloud/--bridge/--provider/--out/--generate-only/--apply/--yes/--non-interactive.
Clouds: digitalocean (new), lighthouse (existing templates); Azure may follow.
Bridges: telegram, feishu (both bridge implementations already exist under integrations/).
Providers: read the existing PROVIDERS registry; prompt for env_keys[0].
Tests per the design doc (registry uniqueness/path existence, bundle rendering for each triple, provision plans built-not-executed).
Non-goals
Webhook/public-ingress modes; Discord/Slack bridges (new BridgeSpec rows later).
Replacing the v0.8.56 script lane — those scripts remain the manual/CI path and the wizard's template source.
Acceptance criteria
codewhale remote-setup --cloud digitalocean --bridge telegram --provider deepseek --generate-only emits a bundle whose RUNBOOK + env files + units reproduce the proven v0.8.56 lane (modulo secrets).
--apply prints the full ordered provisioning plan and requires confirmation before any billable API call; secrets are fed via stdin/temp files, never argv.
Wizard prompts adapt to the chosen bridge/provider (secret_keys, setup_hint, provider key var) — "cues you for the right keys."
Adding a new cloud or bridge is one registry row + one module, no wizard control-flow changes.
Goal
Implement
codewhale remote-setup— the interactive wizard designed indocs/REMOTE_SETUP_DESIGN.md— so that standing up a phone-controlled remote workbench (cloud VM + chat bridge + provider) becomes a guided in-product flow instead of a runbook: pick cloud, pick bridge, pick provider, get prompted for exactly the right secrets, receive a generated deploy bundle (env files, systemd units, RUNBOOK), optionally auto-provision behind a printed-plan confirmation gate.User phrasing of the need: "a
/remotething that makes it easy to set up your Feishu/Lark / Telegram + DigitalOcean / Tencent Lighthouse and cues you for the right keys."Design
Already written:
docs/REMOTE_SETUP_DESIGN.md(table-drivenCloudTarget × BridgeSpec × ProviderSpec, native Rust subcommand incrates/cli+crates/tui, generate-only by default,--applygated, secrets never via argv). This issue is the implementation tracker; deltas from the design doc as written:CloudTargetrow (the design lists Lighthouse/Azure with "extensible"). The v0.8.56 smoke lane validated DO end-to-end;scripts/remote-smoke/digitalocean/provision.shis the reference forprovision/digitalocean.rs(region/size/price preflight via API, SSH key import, SSH-only firewall, typed-yes billing gate, teardown with leftover-billing check).DEEPSEEK_RUNTIME_TOKEN/flags only — env names work via systemd ExecStart expansion; pre-create~/.codewhale+~/.deepseek(ReadWritePaths); install prebuilt release binaries to/home/codewhale/.cargo/bin/instead of building Rust on the VM.DEEPSEEK_*→CODEWHALE_*with fallback) lands with or before this, per the design doc's touch list.Scope
crates/tui/src/remote_setup/module per the design layout (registry, prompts, bundle renderer, provisioners).Commands::RemoteSetupwith--cloud/--bridge/--provider/--out/--generate-only/--apply/--yes/--non-interactive.digitalocean(new),lighthouse(existing templates); Azure may follow.telegram,feishu(both bridge implementations already exist underintegrations/).PROVIDERSregistry; prompt forenv_keys[0].Non-goals
BridgeSpecrows later).Acceptance criteria
codewhale remote-setup --cloud digitalocean --bridge telegram --provider deepseek --generate-onlyemits a bundle whose RUNBOOK + env files + units reproduce the proven v0.8.56 lane (modulo secrets).--applyprints the full ordered provisioning plan and requires confirmation before any billable API call; secrets are fed via stdin/temp files, never argv.secret_keys,setup_hint, provider key var) — "cues you for the right keys."Links
docs/REMOTE_SETUP_DESIGN.mdscripts/remote-smoke/integrations/telegram-bridge/,integrations/feishu-bridge/