chore: remove AWS SSO setup from install-flex, defer to flexcamp-ai

AWS credentials and opencode.json are now managed by flexcamp-ai.
install-flex now only clones the repo, builds the binary, and writes
a simple opencode-work launcher with no credential-export logic.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: lgarceau768

install-flex

@@ -5,13 +5,15 @@
 #   curl -fsSL https://raw.githubusercontent.com/flexion/opencode/flex/install-flex | bash
 #
 # What this does:
-#   1. Checks prerequisites (git, bun, aws-cli v2)
-#   2. Prompts: clone directory, AWS account ID, preferred AWS region
+#   1. Checks prerequisites (git, bun)
+#   2. Prompts: clone directory
 #   3. Clones git@github.com:flexion/opencode.git (flex branch) — skipped if already present
 #   4. Installs dependencies and builds the native binary
-#   5. Writes [profile ClaudeCodeAccess] to ~/.aws/config
-#   6. Writes ~/.config/opencode/opencode.json (Bedrock + model config)
-#   7. Appends opencode-work() launcher function to ~/.zshrc or ~/.bashrc
+#   5. Appends opencode-work() launcher function to ~/.zshrc or ~/.bashrc
+#
+# AWS credentials and opencode configuration are managed by flexcamp-ai:
+#   https://github.com/flexion/flexcamp-ai
+# Run flexcamp-ai setup before or after this installer.
 #
 # Existing files are never overwritten; each step is skipped with a warning
 # if the output already exists.
@@ -27,10 +29,6 @@ else
 fi
 
 # ── constants ─────────────────────────────────────────────────────────────────
-SSO_START_URL="https://identitycenter.amazonaws.com/ssoins-6684680a9b285ea2"
-SSO_REGION="us-east-2"
-SSO_ROLE_NAME="ClaudeCodeAccess"
-AWS_PROFILE="ClaudeCodeAccess"
 REPO_URL="git@github.com:flexion/opencode.git"
 BRANCH="flex"
 
@@ -46,12 +44,6 @@ check_prereqs() {
   local missing=()
   command -v git >/dev/null 2>&1 || missing+=("git")
   command -v bun >/dev/null 2>&1 || missing+=("bun  (https://bun.sh)")
-  if command -v aws >/dev/null 2>&1; then
-    aws --version 2>&1 | grep -q '^aws-cli/2\.' \
-      || missing+=("aws-cli v2  (found v1 — upgrade: https://aws.amazon.com/cli/)")
-  else
-    missing+=("aws-cli v2  (https://aws.amazon.com/cli/)")
-  fi
   if [ ${#missing[@]} -gt 0 ]; then
     die "Missing prerequisites:$(printf '\n  • %s' "${missing[@]}")"
   fi
@@ -78,22 +70,6 @@ gather_inputs() {
   if [[ "$CLONE_DIR" =~ [[:cntrl:]] ]]; then
     die "Invalid clone directory — control characters are not allowed"
   fi
-
-  while true; do
-    printf 'AWS account ID: ' >/dev/tty
-    IFS= read -r ACCOUNT_ID </dev/tty
-    [ -n "${ACCOUNT_ID:-}" ] || { warn "AWS account ID is required."; continue; }
-    # AWS account IDs are exactly 12 digits
-    [[ "$ACCOUNT_ID" =~ ^[0-9]{12}$ ]] || { warn "AWS account ID must be exactly 12 digits."; continue; }
-    break
-  done
-
-  printf 'Preferred AWS region [us-east-1]: ' >/dev/tty
-  IFS= read -r AWS_REGION </dev/tty
-  AWS_REGION="${AWS_REGION:-us-east-1}"
-  # AWS regions match the pattern: two-or-more-letters, dash, letters, dash, digit(s)
-  [[ "$AWS_REGION" =~ ^[a-z]{2,}-[a-z]+-[0-9]+$ ]] \
-    || die "Invalid AWS region format (expected e.g. us-east-1, eu-west-2)"
   echo
 }
 
@@ -135,96 +111,7 @@ clone_and_build() {
   success "Binary built"
 }
 
-# ── step 4: AWS SSO config ────────────────────────────────────────────────────
-write_aws_config() {
-  mkdir -p "$HOME/.aws"
-  # Use aws configure set for atomic, structured writes — avoids raw cat >> which can
-  # corrupt ~/.aws/config if a concurrent write leaves an unterminated section header.
-  # aws configure get doubles as an idempotency check without relying on fragile grep.
-  if aws configure get sso_start_url --profile "$AWS_PROFILE" >/dev/null 2>&1; then
-    warn "AWS profile [$AWS_PROFILE] already configured — skipping"
-    return
-  fi
-
-  info "Writing AWS SSO profile via aws configure set..."
-  aws configure set sso_start_url  "$SSO_START_URL"  --profile "$AWS_PROFILE"
-  aws configure set sso_region     "$SSO_REGION"     --profile "$AWS_PROFILE"
-  aws configure set sso_account_id "$ACCOUNT_ID"     --profile "$AWS_PROFILE"
-  aws configure set sso_role_name  "$SSO_ROLE_NAME"  --profile "$AWS_PROFILE"
-  aws configure set region         "$AWS_REGION"     --profile "$AWS_PROFILE"
-  success "AWS profile [$AWS_PROFILE] written"
-}
-
-# ── step 5: opencode provider config ─────────────────────────────────────────
-write_opencode_config() {
-  local config_dir="$HOME/.config/opencode"
-  local config_file="$config_dir/opencode.json"
-  mkdir -p "$config_dir"
-
-  if [ -f "$config_file" ]; then
-    warn "opencode config already exists at $config_file — skipping"
-    return
-  fi
-
-  info "Writing opencode config to $config_file..."
-  cat >"$config_file" <<EOF
-{
-  "\$schema": "https://opencode.ai/config.json",
-  "autoupdate": false,
-  "model": "amazon-bedrock/us.anthropic.claude-sonnet-4-6",
-  "enabled_providers": ["amazon-bedrock"],
-  "plugin": [],
-  "provider": {
-    "amazon-bedrock": {
-      "options": {
-        "region": "$AWS_REGION"
-      },
-      "models": {
-        "writer.palmyra-x4-v1:0": {
-          "name": "Writer Palmyra X4",
-          "tool_call": false,
-          "limit": { "context": 128000, "output": 8192 }
-        },
-        "writer.palmyra-x5-v1:0": {
-          "name": "Writer Palmyra X5",
-          "tool_call": false,
-          "limit": { "context": 1000000, "output": 8192 }
-        },
-        "deepseek.r1-v1:0": {
-          "name": "DeepSeek R1 (A)",
-          "tool_call": false,
-          "reasoning": false,
-          "limit": { "context": 64000, "output": 32768 }
-        },
-        "mistral.pixtral-large-2502-v1:0": {
-          "name": "Mistral Pixtral Large",
-          "tool_call": false,
-          "limit": { "context": 128000, "output": 8192 }
-        },
-        "meta.llama4-maverick-17b-instruct-v1:0": {
-          "name": "Meta Llama 4 Maverick 17B",
-          "tool_call": false,
-          "limit": { "context": 1000000, "output": 8192 }
-        },
-        "meta.llama4-scout-17b-instruct-v1:0": {
-          "name": "Meta Llama 4 Scout 17B",
-          "tool_call": false,
-          "limit": { "context": 10000000, "output": 8192 }
-        },
-        "amazon.nova-2-lite-v1:0": {
-          "name": "Amazon Nova 2 Lite",
-          "limit": { "context": 300000, "output": 5120 }
-        }
-      }
-    }
-  }
-}
-EOF
-  chmod 600 "$config_file"
-  success "opencode config written"
-}
-
-# ── step 6: shell launcher function ──────────────────────────────────────────
+# ── step 4: shell launcher function ──────────────────────────────────────────
 write_shell_alias() {
   local rc_file
   case "$(basename "${SHELL:-bash}")" in
@@ -252,22 +139,14 @@ write_shell_alias() {
   cat >>"$rc_file" <<SHELL_EOF
 
 # ── Flexion opencode launcher ─────────────────────────────────────────────────
+# AWS credentials are managed by flexcamp-ai (github.com/flexion/flexcamp-ai).
 opencode-work() {
-  local profile="ClaudeCodeAccess"
   local clone_dir=$clone_dir_q
   local arch os
   case "\$(uname -m)" in arm64|aarch64) arch="arm64" ;; *) arch="x64" ;; esac
   case "\$(uname -s)" in Darwin) os="darwin" ;; Linux) os="linux" ;; *)
     echo "Unsupported OS: \$(uname -s)" && return 1 ;; esac
-  echo "Logging in to AWS SSO (\$profile)..."
-  aws sso login --profile "\$profile" || return 1
-  # Subshell confines exported credentials to the opencode process — they do not
-  # persist in the interactive shell environment after opencode exits.
-  (
-    eval "\$(aws configure export-credentials --profile "\$profile" --format env)"
-    export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
-    "\${clone_dir}/packages/opencode/dist/opencode-\${os}-\${arch}/bin/opencode" "\$@"
-  )
+  "\${clone_dir}/packages/opencode/dist/opencode-\${os}-\${arch}/bin/opencode" "\$@"
 }
 # ─────────────────────────────────────────────────────────────────────────────
 SHELL_EOF
@@ -280,8 +159,6 @@ main() {
   check_prereqs
   gather_inputs
   clone_and_build
-  write_aws_config
-  write_opencode_config
   write_shell_alias
 
   local rc_file
@@ -293,11 +170,11 @@ main() {
   printf '\n%s%sInstallation complete!%s\n' "$GREEN" "$BOLD" "$NC"
   printf '────────────────────────────────────────────\n'
   printf '  Binary:   %s/packages/opencode/dist/opencode-*/bin/opencode\n' "$CLONE_DIR"
-  printf '  AWS:      profile=%s  account=%s  region=%s\n' "$AWS_PROFILE" "$ACCOUNT_ID" "$AWS_REGION"
-  printf '  Config:   %s/.config/opencode/opencode.json\n' "$HOME"
   printf '\n  Next steps:\n'
-  printf '    1. source %s\n' "$rc_file"
-  printf '    2. opencode-work\n\n'
+  printf '    1. Set up AWS credentials via flexcamp-ai:\n'
+  printf '       https://github.com/flexion/flexcamp-ai\n'
+  printf '    2. source %s\n' "$rc_file"
+  printf '    3. opencode-work\n\n'
 }
 
 main