diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index b87ccb0..574f481 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -41,14 +41,15 @@ Create accounts on these services before continuing: ### Required Tools ```bash -# Terraform (1.5.0+) +# Terraform (1.6.0+) brew install terraform # Node.js (22+) brew install node@22 # Python 3.12+ and Modal CLI -pip install modal +pipx install modal +modal setup # Wrangler CLI (for initial R2 bucket setup) npm install -g wrangler @@ -58,13 +59,13 @@ npm install -g wrangler ## Step 1: Fork the Repository -Fork [ColeMurray/open-inspect](https://github.com/ColeMurray/open-inspect) to your GitHub account or -organization. +Fork [ColeMurray/background-agents](https://github.com/ColeMurray/background-agents) to your GitHub +account or organization. ```bash # Clone your fork -git clone https://github.com/YOUR-USERNAME/open-inspect.git -cd open-inspect +git clone https://github.com/YOUR-USERNAME/background-agents.git +cd background-agents npm install # Build the shared package (required before Terraform deployment) @@ -73,6 +74,12 @@ npm run build -w @open-inspect/shared --- +> **Tip**: Before proceeding, copy `terraform/environments/production/terraform.tfvars.example` to +> `terraform.tfvars` and keep it open. As you collect credentials in the following steps, paste them +> directly into this file. + +--- + ## Step 2: Create Cloud Provider Credentials ### Cloudflare @@ -83,7 +90,8 @@ npm run build -w @open-inspect/shared of the panel for `*.YOUR-SUBDOMAIN.workers.dev` 4. **Create API Token** at [API Tokens](https://dash.cloudflare.com/profile/api-tokens): - Use template: "Edit Cloudflare Workers" - - Add permissions: Workers KV Storage (Edit), Workers R2 Storage (Edit), D1 (Edit) + - Add permissions: Workers KV Storage (Edit), Workers R2 Storage (Edit) +5. **Enable R2**: Must add payment info, but first 10 GB/month is free ### Cloudflare R2 (Terraform State Backend) @@ -93,6 +101,7 @@ Terraform needs a place to store its state. We use Cloudflare R2. # Login to Cloudflare wrangler login + # Create the state bucket wrangler r2 bucket create open-inspect-terraform-state ``` @@ -109,13 +118,13 @@ Create an R2 API Token: 2. Create a new token with full access 3. **Note your Team/Account ID**: - Go to **Settings** (Account Settings or Team Settings) - - Look for **"Your ID"** or find it in the URL: `vercel.com/teams/TEAM_ID/...` + - Look for **"Your ID"** or find it in the URL: `vercel.com/{YOUR_TEAM_ID}/...` - Even personal accounts have an ID (usually starts with `team_`) ### Modal 1. Go to [Modal Settings](https://modal.com/settings) -2. Create a new API token +2. **Create a new API token**: Settings -> API Tokens -> New Token 3. Note the **Token ID** and **Token Secret** 4. Note your **Workspace name** (visible in your Modal dashboard URL) @@ -152,7 +161,7 @@ access. - Pull requests: **Read & Write** - Metadata: **Read-only** 6. Click **"Create GitHub App"** -7. Note the **App ID** (shown at top of settings page) +7. Note the **App ID** and **Client ID** (top of page) 8. Under **"Client secrets"**, click **"Generate a new client secret"** and note the **Client Secret** 9. Scroll down to **"Private keys"** and click **"Generate a private key"** (downloads a .pem file) @@ -232,11 +241,11 @@ echo "repo_secrets_encryption_key: $(openssl rand -base64 32)" # Internal callback secret echo "internal_callback_secret: $(openssl rand -base64 32)" -# NextAuth secret -echo "nextauth_secret: $(openssl rand -base64 32)" - # Modal API secret (use hex for this one) echo "modal_api_secret: $(openssl rand -hex 32)" + +# NextAuth secret +echo "nextauth_secret: $(openssl rand -base64 32)" ``` Save these values somewhere secure—you'll need them in the next step. @@ -273,7 +282,8 @@ Fill in all the values you gathered. Here's the structure: # Provider Authentication cloudflare_api_token = "your-cloudflare-api-token" cloudflare_account_id = "your-account-id" -cloudflare_worker_subdomain = "your-subdomain" # from *.your-subdomain.workers.dev +cloudflare_worker_subdomain = "your-subdomain" # e.g., "twilight-unit-b2cf" (without .workers.dev) + vercel_api_token = "your-vercel-token" vercel_team_id = "team_xxxxx" # Your Vercel ID (even personal accounts have one) modal_token_id = "your-modal-token-id" @@ -386,13 +396,12 @@ Now that the Slack bot worker is deployed, configure the App Home and Event Subs The App Home provides a settings interface where users can configure their preferred Claude model. -1. Go to your Slack App → **App Home** +1. Go to [Slack Apps](https://api.slack.com/apps) -> Your Slack App → **App Home** 2. Under **Show Tabs**, toggle **"Home Tab"** to On -3. Click **Save Changes** ### Configure Event Subscriptions -1. Go to your Slack App → **Event Subscriptions** +1. Go to [Slack Apps](https://api.slack.com/apps) -> Your Slack App → **Event Subscriptions** 2. Toggle **"Enable Events"** to On 3. Enter **Request URL**: ``` @@ -527,6 +536,24 @@ Go to your fork's Settings → Secrets and variables → Actions, and add: | `ALLOWED_USERS` | Comma-separated GitHub usernames (or empty for all users) | | `ALLOWED_EMAIL_DOMAINS` | Comma-separated email domains (or empty for all domains) | +**Bulk upload secrets with `gh` CLI:** + +Instead of adding secrets one by one, create a `.secrets` file (don't commit this!): + +``` +CLOUDFLARE_API_TOKEN=your-token +CLOUDFLARE_ACCOUNT_ID=your-account-id +ANTHROPIC_API_KEY=sk-ant-... +# ... add all secrets +``` + +Then upload all at once (run from your fork's directory, or use +`-R {your_github_username}/{background-agents}`): + +```bash +gh secret set -f .secrets +``` + Once configured, the GitHub Actions workflow will: - Run `terraform plan` on pull requests (with PR comment)