refactor(ansible): rename freecad_mcp env vars and rework deployment

- Drop `FREECAD_MCP_` prefix from env vars (use `FREECAD_*`) - Update freecad_mcp port from 22032 to 22061 - Document that FreeCAD bridge is required for tool calls - Replace kottos deployment with pallas deployment
2026-05-30 09:37:56 -04:00
parent bc431a3a2a
commit acf3419450
21 changed files with 876 additions and 258 deletions
--- a/ansible/kottos/fastagent.secrets.yaml.j2
+++ b/ansible/kottos/fastagent.secrets.yaml.j2
@@ -1,27 +1,35 @@
-# Kottos — fast-agent secrets (rendered by Ansible from the vault)
-# ------------------------------------------------------------------
-# Never commit the rendered file.  Each value here pulls from a vault
-# variable — if a vault variable is missing, Ansible will fail the
-# template step with a clear error before the file is written.
-#
-# Same structure as fastagent.config.yaml; values merge with secrets
-# taking precedence (fast-agent deep-merges the two).
+# Kottos — Secrets
+# Managed by Ansible. Values fetched from OCI Vault at deploy time.
+# Merges with fastagent.config.yaml (secrets take precedence).

 openai:
-  api_key: "{{ vault_kottos_openai_api_key }}"
+  api_key: "{{ kottos_openai_api_key }}"
+
+anthropic:
+  api_key: "{{ kottos_anthropic_api_key }}"

 mcp:
  servers:
-    github:
-      env:
-        GITHUB_PERSONAL_ACCESS_TOKEN: "{{ vault_kottos_github_pat }}"
-
-    angelia:
+    # Per-agent Kernos MCP bearer tokens so Kernos can distinguish callers.
+    # Kottos itself does not consume these — they are surfaced to each agent
+    # module via fast-agent's server auth headers below.
+    argus:
      headers:
-        Authorization: "Bearer {{ vault_kottos_angelia_bearer }}"
+        Authorization: "Bearer {{ scotty_kernos_mcp_token }}"
+    andromeda:
+      headers:
+        Authorization: "Bearer {{ harper_kernos_mcp_token }}"
+    korax:
+      headers:
+        Authorization: "Bearer {{ case_kernos_mcp_token }}"

-    # Long-lived team JWT minted in Daedalus admin UI.
-    # See kottos/README.md § "Mnemosyne memory" for the rotation procedure.
+    # Downstream MCP bearer tokens
+    arke:
+      headers:
+        Authorization: "Bearer {{ kottos_arke_mcp_token }}"
    mnemosyne:
      headers:
-        Authorization: "Bearer {{ vault_kottos_mnemosyne_jwt }}"
+        Authorization: "Bearer {{ mnemosyne_kottos_token }}"
+    github:
+      env:
+        GITHUB_PERSONAL_ACCESS_TOKEN: "{{ kottos_github_pa_token }}"