daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38d828ef746343c5de6c690967826ed28158779a
agent-claw/src/lambdas/workspace-mcp/Dockerfile
daniel ac5bd78d5a multi-tenant Phase 2: per-user Google OAuth 
- workspace-mcp: add proxy.py (port 8080) that reads X-Actor-Id header,
  fetches per-user Google credentials from Secrets Manager, writes creds
  file, sets USER_GOOGLE_EMAIL, proxies to workspace-mcp on port 8081
- workspace-mcp: update bootstrap to start workspace-mcp on 8081 + proxy on 8080
- workspace-mcp: update Dockerfile to include proxy.py
- oauth-handler Lambda: new Lambda with /oauth/start + /oauth/callback
  routes; exchanges Google auth code, stores tokens in Secrets Manager
  at agent-claw/google-credentials/{actor_id_safe}, updates DynamoDB
- CDK: add OAuthHandler Lambda + GET /oauth/start + /oauth/callback routes
- CDK: remove shared google-workspace-credentials secret; add per-user
  secret IAM grants (agent-claw/google-credentials/*) for workspace-mcp
  role, runtime1 role, and oauth-handler role
- CDK: output OAuthStartUrl + OAuthRedirectUri
- agent-runner: pass google_email in user_profile payload
- main.py: pass actor_id as X-Actor-Id header in workspace-mcp MCP calls;
  skip workspace-mcp if user has no google_email; add connect_google_account
  tool that generates OAuth URL for the current user
- main.py: include google_email in user_context for system prompt
- agentcore.json: add OAUTH_START_URL env var for agent runtime
2026-05-06 21:42:33 -05:00

22 lines
682 B
Docker
Raw Blame History

FROM public.ecr.aws/lambda/python:3.12
# Install Lambda Web Adapter
COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.8.4 /lambda-adapter /opt/extensions/lambda-adapter
# Install workspace-mcp and dependencies
RUN pip install workspace-mcp==1.20.3 boto3 --quiet
# Copy bootstrap and helper scripts
COPY bootstrap /var/task/bootstrap
COPY fetch_credentials.py /var/task/fetch_credentials.py
COPY proxy.py /var/task/proxy.py
RUN chmod +x /var/task/bootstrap
# Lambda Web Adapter config — proxy listens on 8080, workspace-mcp on 8081
ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/bootstrap
ENV PORT=8080
ENV PROXY_PORT=8080
ENV READINESS_CHECK_PATH=/health
CMD ["/var/task/bootstrap"]
Reference in New Issue View Git Blame Copy Permalink