feat: rename pass_mgr → secret-mgr, add ego-mgr binary and skill

M1: Rename pass_mgr to secret-mgr - Rename directory, binary, and Go module - Update install.mjs to build/install secret-mgr - Update pcexec.ts to support secret-mgr patterns (with legacy pass_mgr compat) - Update plugin config schema (passMgrPath → secretMgrPath) - Create new skills/secret-mgr/SKILL.md - install.mjs now initializes ego.json on install M2: Implement ego-mgr binary (Go) - Agent Scope and Public Scope column management - Commands: add column/public-column, delete, set, get, show, list columns - pcexec environment validation (AGENT_VERIFY, AGENT_ID, AGENT_WORKSPACE) - File locking for concurrent write safety - Proper exit codes per spec (0-6) - Agent auto-registration on read/write - Global column name uniqueness enforcement M3: ego-mgr Skill - Create skills/ego-mgr/SKILL.md with usage guide and examples Ref: REQUIREMENTS_EGO_MGR.md
2026-03-24 09:36:03 +00:00
parent be0f194f47
commit 98fc3da39c
13 changed files with 821 additions and 132 deletions
--- a/skills/ego-mgr/SKILL.md
+++ b/skills/ego-mgr/SKILL.md
@@ -0,0 +1,105 @@
+---
+name: ego-mgr
+description: Manage agent personal information (name, email, timezone, etc.). Use when storing, retrieving, listing, or managing agent profile fields. Trigger on requests about agent identity, personal info, profile settings, or ego-mgr usage. MUST call ego-mgr via the pcexec tool.
+---
+
+# Ego Manager
+
+## Purpose
+Use ego-mgr to manage agent personal information fields. Supports per-agent fields (Agent Scope) and shared fields (Public Scope).
+
+## Mandatory safety rule
+Always invoke ego-mgr through the `pcexec` tool. Do NOT run ego-mgr directly.
+
+## Concepts
+
+- **Agent Scope columns**: Each agent stores its own value independently
+- **Public Scope columns**: All agents share the same value
+- Column names are globally unique — a name cannot be both agent-scope and public-scope
+
+## Workflow
+
+1. First, create a column: `ego-mgr add column <name>` or `ego-mgr add public-column <name>`
+2. Then, set its value: `ego-mgr set <name> <value>`
+3. Read it: `ego-mgr get <name>` or `ego-mgr show`
+
+## Commands (run via pcexec)
+
+### Add columns
+```bash
+# Agent-scope column (per-agent values)
+ego-mgr add column <column-name> [--default <default-value>]
+
+# Public-scope column (shared by all agents)
+ego-mgr add public-column <column-name> [--default <default-value>]
+```
+
+### Delete a column
+```bash
+ego-mgr delete <column-name>
+```
+Removes the column and all its values across all scopes.
+
+### Set a value
+```bash
+ego-mgr set <column-name> <value>
+```
+Automatically writes to the correct scope (agent or public) based on column type.
+
+### Get a value
+```bash
+ego-mgr get <column-name>
+```
+Outputs just the value (no label).
+
+### Show all fields
+```bash
+ego-mgr show
+```
+Lists all fields with values (public first, then agent-scope).
+
+### List column names
+```bash
+ego-mgr list columns
+```
+Lists all column names (public first, then agent-scope).
+
+## Error exit codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success |
+| 1 | Usage error |
+| 2 | Column not found |
+| 3 | Column already exists |
+| 4 | Permission error (not via pcexec) |
+| 5 | File lock failed |
+| 6 | JSON read/write error |
+
+## Common use cases
+
+### Set up agent identity
+```bash
+ego-mgr add column name
+ego-mgr set name "小智"
+ego-mgr add column email
+ego-mgr set email "zhi@example.com"
+```
+
+### Set shared config
+```bash
+ego-mgr add public-column timezone --default UTC
+ego-mgr add public-column language --default zh-CN
+```
+
+### Check current profile
+```bash
+ego-mgr show
+```
+
+## Usage notes
+
+- Always create columns before setting values
+- Column names are case-sensitive
+- Public scope values are readable and writable by all agents
+- Agent scope values are isolated per-agent
--- a/skills/pass-mgr/SKILL.md
+++ b/skills/pass-mgr/SKILL.md
@@ -1,68 +0,0 @@
---
-name: pass-mgr
-description: Manage OpenClaw agent credentials (usernames/secrets). Use when storing, retrieving, listing, generating, or removing credentials for an agent. Trigger on requests about saving or fetching usernames, passwords, tokens, API keys, or other secrets. MUST call pass_mgr via the pcexec tool.
---
-
-# Pass Manager
-
-## Purpose
-Use pass_mgr to store and retrieve agent-scoped credentials (username/secret pairs) and generate secrets.
-
-## Mandatory safety rule
-Always invoke pass_mgr through the `pcexec` tool. Do NOT run pass_mgr directly.
-
-## Commands (run via pcexec)
-
- List keys for current agent
-  - `pass_mgr list`
-  - Include shared scope: `pass_mgr list --public`
-
- Get username for a key
-  - `pass_mgr get-username --key <key>`
-  - Shared scope: `pass_mgr get-username --public --key <key>`
-
- Get secret for a key
-  - `pass_mgr get-secret --key <key>`
-  - Shared scope: `pass_mgr get-secret --public --key <key>`
-
- Set a key entry (username optional)
-  - `pass_mgr set --key <key> --secret <secret> [--username <username>]`
-  - Shared scope: `pass_mgr set --public --key <key> --secret <secret> [--username <username>]`
-
- Remove a key entry
-  - `pass_mgr unset --key <key>`
-  - Shared scope: `pass_mgr unset --public --key <key>`
-
- Generate a random secret for a key (prints secret)
-  - `pass_mgr generate --key <key> [--username <username>]`
-  - Shared scope: `pass_mgr generate --public --key <key> [--username <username>]`
-
- Legacy (hidden) getter
-  - `pass_mgr get <key>`
-
-## Usage notes
-
- Treat all outputs as sensitive. Never echo secrets.
- When the agent needs credentials to access a resource, first try `list` to see if a matching key already exists before asking the user.
- Prefer `generate` when the user wants a new secret or password.
- Use `set` to store both username and secret in one step.
- Use `get-username` and `get-secret` for retrieval.
- Storing can be explicit (user asks) or proactive after the agent successfully registers/creates an account.
- Secrets should be fetched and used immediately in a command, not displayed (e.g., `xxx_cli login --user $(pass_mgr get-username some_key) --pass $(pass_mgr get-secret some_key)`).
-
-## Examples (pcexec)
-
- Store credentials
-  - pcexec: `pass_mgr set github --username alice --secret <secret>`
-
- Retrieve username
-  - pcexec: `pass_mgr get-username github`
-
- Retrieve secret
-  - pcexec: `pass_mgr get-secret github`
-
- Generate secret
-  - pcexec: `pass_mgr generate github`
-
- Delete entry
-  - pcexec: `pass_mgr unset github`
--- a/skills/secret-mgr/SKILL.md
+++ b/skills/secret-mgr/SKILL.md
@@ -0,0 +1,68 @@
+---
+name: secret-mgr
+description: Manage OpenClaw agent credentials (usernames/secrets). Use when storing, retrieving, listing, generating, or removing credentials for an agent. Trigger on requests about saving or fetching usernames, passwords, tokens, API keys, or other secrets. MUST call secret-mgr via the pcexec tool.
+---
+
+# Secret Manager
+
+## Purpose
+Use secret-mgr to store and retrieve agent-scoped credentials (username/secret pairs) and generate secrets.
+
+## Mandatory safety rule
+Always invoke secret-mgr through the `pcexec` tool. Do NOT run secret-mgr directly.
+
+## Commands (run via pcexec)
+
+- List keys for current agent
+  - `secret-mgr list`
+  - Include shared scope: `secret-mgr list --public`
+
+- Get username for a key
+  - `secret-mgr get-username --key <key>`
+  - Shared scope: `secret-mgr get-username --public --key <key>`
+
+- Get secret for a key
+  - `secret-mgr get-secret --key <key>`
+  - Shared scope: `secret-mgr get-secret --public --key <key>`
+
+- Set a key entry (username optional)
+  - `secret-mgr set --key <key> --secret <secret> [--username <username>]`
+  - Shared scope: `secret-mgr set --public --key <key> --secret <secret> [--username <username>]`
+
+- Remove a key entry
+  - `secret-mgr unset --key <key>`
+  - Shared scope: `secret-mgr unset --public --key <key>`
+
+- Generate a random secret for a key (prints secret)
+  - `secret-mgr generate --key <key> [--username <username>]`
+  - Shared scope: `secret-mgr generate --public --key <key> [--username <username>]`
+
+- Legacy (hidden) getter
+  - `secret-mgr get <key>`
+
+## Usage notes
+
+- Treat all outputs as sensitive. Never echo secrets.
+- When the agent needs credentials to access a resource, first try `list` to see if a matching key already exists before asking the user.
+- Prefer `generate` when the user wants a new secret or password.
+- Use `set` to store both username and secret in one step.
+- Use `get-username` and `get-secret` for retrieval.
+- Storing can be explicit (user asks) or proactive after the agent successfully registers/creates an account.
+- Secrets should be fetched and used immediately in a command, not displayed (e.g., `xxx_cli login --user $(secret-mgr get-username --key some_key) --pass $(secret-mgr get-secret --key some_key)`).
+
+## Examples (pcexec)
+
+- Store credentials
+  - pcexec: `secret-mgr set --key github --username alice --secret <secret>`
+
+- Retrieve username
+  - pcexec: `secret-mgr get-username --key github`
+
+- Retrieve secret
+  - pcexec: `secret-mgr get-secret --key github`
+
+- Generate secret
+  - pcexec: `secret-mgr generate --key github`
+
+- Delete entry
+  - pcexec: `secret-mgr unset --key github`