wangjunxiao/nanoclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(new-setup): align onecli health path and rework auth flow

Browse Source 
onecli step:
- Poll /api/health (was /health) so the step's health check matches
  the probe's. On hosted OneCLI (app.onecli.sh) the old path returned
  non-ok, flagging the gateway as "degraded" even though install
  succeeded.
- Drop the "try `onecli start`" hint — no such subcommand exists and
  it sent the skill off chasing fabricated commands. A failed health
  poll is demoted to a soft warning; the auth step surfaces a real
  outage via `onecli secrets list`.

SKILL.md step 4: rewrite to match the /setup skill's pattern — the
user generates the token themselves, picks dashboard or CLI to
register it with OneCLI, and the skill verifies via `auth --check`.
Tokens no longer travel through chat.

Co-Authored-By: Koshkoshinsk <daniel.milliner@gmail.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Koshkoshinsk
2026-04-19 12:10:21 +00:00
parent 0992979c5a
commit 5542107b9e
2 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
.claude/skills/new-setup/SKILL.md
View File

@@ -86,15 +86,27 @@ OneCLI is the local vault that holds API keys and only releases them to agents w
Check probe results and skip if `ANTHROPIC_SECRET=true`.
The agent needs an Anthropic credential to talk to Claude. Two sources:
The credential never travels through chat — the user generates it, registers it with OneCLI themselves, and the skill verifies.
Use `AskUserQuestion`:
1. **Claude subscription (Pro/Max)** — "Run `claude setup-token` in another terminal. It prints a token; paste it back here when ready."
2. **Anthropic API key** — "Get one from https://console.anthropic.com/settings/keys."
**4a. Pick the source.** `AskUserQuestion`:
Wait for the token. When received, run:
1. **Claude subscription (Pro/Max)** — "Generate a token via `claude setup-token` in another terminal."
2. **Anthropic API key** — "Use a pay-per-use key from console.anthropic.com/settings/keys."
`pnpm exec tsx setup/index.ts --step auth -- --create --value <TOKEN>`
**4b. Wait for the user to obtain the credential.** For subscription, have them run `claude setup-token` in another terminal. For API key, point them to the console URL above. Either way, they keep the token — just confirm when they have it.
**4c. Pick the registration path.** `AskUserQuestion` — substitute `${ONECLI_URL}` from the probe (or `.env`):
1. **Dashboard** — "Open ${ONECLI_URL} in a browser; add a secret of type `anthropic`, value = the token, host-pattern `api.anthropic.com`."
2. **CLI** — "Run in another terminal: `onecli secrets create --name Anthropic --type anthropic --value YOUR_TOKEN --host-pattern api.anthropic.com`"
Wait for the user's confirmation. If their reply happens to include a token (starts with `sk-ant-`), register it for them: `pnpm exec tsx setup/index.ts --step auth -- --create --value <TOKEN>`.
**4d. Verify.**
`pnpm exec tsx setup/index.ts --step auth -- --check`
If `ANTHROPIC_OK=false`, the secret isn't there yet — ask them to retry, then re-check.
### 5. Service

14
setup/onecli.ts
View File

@@ -106,10 +106,11 @@ function installOnecli(): { stdout: string; ok: boolean } {
}
async function pollHealth(url: string, timeoutMs: number): Promise<boolean> {
// `/api/health` matches the path probe.mjs uses — keep them aligned.
const deadline = Date.now() + timeoutMs;
while (Date.now() < deadline) {
try {
const res = await fetch(`${url}/health`);
const res = await fetch(`${url}/api/health`);
if (res.ok) return true;
} catch {
// not ready yet
@@ -185,10 +186,17 @@ export async function run(_args: string[]): Promise<void> {
INSTALLED: true,
ONECLI_URL: url,
HEALTHY: healthy,
STATUS: healthy ? 'success' : 'degraded',
// Install succeeded regardless — a failed health poll often just means
// the endpoint is auth-gated or the gateway hasn't finished warming up.
// The next step (auth) will surface a genuinely broken gateway via
// `onecli secrets list`, so don't trigger rescue attempts from here.
STATUS: 'success',
...(healthy
? {}
: { HINT: 'Gateway did not respond to /health within 15s. Try `onecli start`.' }),
: {
HEALTH_HINT:
'Health poll returned non-ok within 15s — likely auth-gated. Proceed to the auth step; it will surface a real outage.',
}),
LOG: 'logs/setup.log',
});
}