agent-claw: automated task changes

src/lambdas/agent-runner/handler.py

@@ -74,6 +74,7 @@ def handler(event, context):
 
     # ── Get or create AgentCore session ──────────────────────────────────
     session_id = get_or_create_session(actor_id)
+    print(f"[agent-runner] actor={actor_id} session={session_id}")
 
     # ── Bundle messages ───────────────────────────────────────────────────
     if len(records) == 1:

src/lambdas/tg-ingest/handler.py

@@ -50,14 +50,16 @@ def handler(event, context):
     try:
         body = json.loads(event.get('body', '{}'))
     except json.JSONDecodeError:
+        print(f'[tg-ingest] Bad JSON body')
         return {'statusCode': 400, 'body': 'Bad Request'}
 
+    print(f'[tg-ingest] Update keys: {list(body.keys())}')
     update_id = body.get('update_id')
 
     # Support regular messages and edited messages
     message = body.get('message') or body.get('edited_message')
     if not message:
-        # Not a message update (could be channel_post, callback_query, etc.)
+        print(f'[tg-ingest] No message field, update_type={list(body.keys())}')
         return {'statusCode': 200, 'body': 'ok'}
 
     chat_id = str(message.get('chat', {}).get('id', ''))
@@ -65,7 +67,10 @@ def handler(event, context):
     from_user = message.get('from', {})
     timestamp = message.get('date', 0)
 
+    print(f'[tg-ingest] chat_id={chat_id} text_len={len(text)} update_id={update_id}')
+
     if not chat_id or not text:
+        print(f'[tg-ingest] Dropping: chat_id={chat_id!r} text={text!r}')
         return {'statusCode': 200, 'body': 'ok'}
 
     # ── Send typing action (non-blocking, background thread) ──────────────

src/lambdas/workspace-mcp/Dockerfile

@@ -0,0 +1,19 @@
+FROM public.ecr.aws/lambda/python:3.12
+
+# Install Lambda Web Adapter
+COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.8.4 /lambda-adapter /opt/extensions/lambda-adapter
+
+# Install workspace-mcp and dependencies
+RUN pip install workspace-mcp==1.20.3 boto3 --quiet
+
+# Copy bootstrap and helper scripts
+COPY bootstrap /var/task/bootstrap
+COPY fetch_credentials.py /var/task/fetch_credentials.py
+RUN chmod +x /var/task/bootstrap
+
+# Lambda Web Adapter config
+ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/bootstrap
+ENV PORT=8080
+ENV READINESS_CHECK_PATH=/health
+
+CMD ["/var/task/bootstrap"]

src/lambdas/workspace-mcp/bootstrap

@@ -0,0 +1,27 @@
+#!/bin/bash
+# Lambda Web Adapter bootstrap for workspace-mcp
+# Dependencies are in /opt/python (Lambda layer)
+
+set -e
+
+PYTHON=/var/lang/bin/python3
+
+export PYTHONPATH="/opt/python:/opt/python/lib/python3.12/site-packages:$PYTHONPATH"
+export PATH="/opt/python/bin:$PATH"
+
+# workspace-mcp tries to write logs to home dir — redirect to /tmp
+export HOME=/tmp
+export WORKSPACE_MCP_LOG_DIR=/tmp
+export GOOGLE_WORKSPACE_MCP_CREDENTIALS_DIR=/tmp/workspace_mcp_credentials
+
+echo "[workspace-mcp] Fetching Google credentials..." >&2
+$PYTHON /var/task/fetch_credentials.py
+
+if [ -f /tmp/workspace-mcp-env ]; then
+  source /tmp/workspace-mcp-env
+fi
+
+echo "[workspace-mcp] Starting on port $PORT..." >&2
+exec $PYTHON /opt/python/bin/workspace-mcp \
+   --transport streamable-http \
+   --tool-tier extended

src/lambdas/workspace-mcp/fetch_credentials.py

@@ -0,0 +1,59 @@
+"""
+Fetch Google OAuth credentials and client secrets from Secrets Manager.
+Called by bootstrap before starting workspace-mcp.
+"""
+import json
+import os
+import sys
+import boto3
+
+def main():
+    region = os.environ.get('AWS_REGION', 'us-east-1')
+    sm = boto3.client('secretsmanager', region_name=region)
+
+    # Fetch OAuth client credentials (client_id + client_secret)
+    client_secret_arn = os.environ.get('GOOGLE_OAUTH_CLIENT_SECRET_ARN')
+    if client_secret_arn:
+        try:
+            client_creds = json.loads(sm.get_secret_value(SecretId=client_secret_arn)['SecretString'])
+            os.environ['GOOGLE_OAUTH_CLIENT_ID'] = client_creds['client_id']
+            os.environ['GOOGLE_OAUTH_CLIENT_SECRET'] = client_creds['client_secret']
+            print('[fetch_credentials] OAuth client credentials loaded', file=sys.stderr)
+        except Exception as e:
+            print(f'[fetch_credentials] WARNING: Could not load OAuth client creds: {e}', file=sys.stderr)
+
+    # Fetch user OAuth token (access_token + refresh_token)
+    creds_arn = os.environ.get('GOOGLE_CREDENTIALS_SECRET_ARN')
+    if not creds_arn:
+        print('[fetch_credentials] ERROR: GOOGLE_CREDENTIALS_SECRET_ARN not set', file=sys.stderr)
+        sys.exit(1)
+
+    try:
+        secret = sm.get_secret_value(SecretId=creds_arn)['SecretString']
+        # Validate JSON
+        creds_data = json.loads(secret)
+    except Exception as e:
+        print(f'[fetch_credentials] ERROR fetching credentials: {e}', file=sys.stderr)
+        sys.exit(1)
+
+    # Write credentials file for workspace-mcp to load
+    creds_dir = '/tmp/workspace_mcp_credentials'
+    os.makedirs(creds_dir, exist_ok=True)
+
+    user_email = os.environ.get('GOOGLE_USER_EMAIL', 'daniel@everyonce.com')
+    creds_path = f'{creds_dir}/{user_email}.json'
+    with open(creds_path, 'w') as f:
+        json.dump(creds_data, f)
+
+    # Write env file for bootstrap to source
+    with open('/tmp/workspace-mcp-env', 'w') as f:
+        f.write(f'export GOOGLE_WORKSPACE_MCP_CREDENTIALS_DIR={creds_dir}\n')
+        f.write(f'export USER_GOOGLE_EMAIL={user_email}\n')
+        f.write(f'export GOOGLE_OAUTH_CLIENT_ID={os.environ.get("GOOGLE_OAUTH_CLIENT_ID", "")}\n')
+        f.write(f'export GOOGLE_OAUTH_CLIENT_SECRET={os.environ.get("GOOGLE_OAUTH_CLIENT_SECRET", "")}\n')
+
+    print(f'[fetch_credentials] Credentials written to {creds_path}', file=sys.stderr)
+
+
+if __name__ == '__main__':
+    main()

src/lambdas/workspace-mcp/requirements.txt

@@ -0,0 +1,2 @@
+workspace-mcp==1.20.3
+boto3>=1.35.0