From 329205063497f894fcf372f67f7e26cd5741c18b Mon Sep 17 00:00:00 2001 From: orion Date: Thu, 16 Apr 2026 16:21:09 +0000 Subject: [PATCH] add one-time script to provision HarborForge accounts for all agents Creates HF user accounts and API keys for each agent, stores credentials in secret-mgr under keys "hf" and "hf-access-token". Co-Authored-By: Claude Opus 4.6 --- scripts/provision-hf-accounts.sh | 84 ++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100755 scripts/provision-hf-accounts.sh diff --git a/scripts/provision-hf-accounts.sh b/scripts/provision-hf-accounts.sh new file mode 100755 index 0000000..463a5df --- /dev/null +++ b/scripts/provision-hf-accounts.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +set -euo pipefail + +HF_API="http://127.0.0.1:8000" +CLAW_IDENTIFIER="server-t2" +SECRET_MGR="/root/.openclaw/bin/secret-mgr" +AGENT_VERIFY="IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE" + +AGENTS=( + developer + dispatcher + operator + manager + mentor + recruiter + administrative-secretary + agent-resource-director +) + +# Get admin token +echo "=== Getting admin token ===" +TOKEN=$(curl -sf -X POST "$HF_API/auth/token" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "username=admin&password=admin123" | python3 -c "import json,sys; print(json.load(sys.stdin)['access_token'])") + +if [ -z "$TOKEN" ]; then + echo "ERROR: Failed to get admin token" + exit 1 +fi +echo "Token acquired" + +for AGENT in "${AGENTS[@]}"; do + echo "" + echo "=== Processing: $AGENT ===" + + # Create user (ignore if already exists) + CREATE_RESP=$(curl -sf -X POST "$HF_API/users" \ + -H "Authorization: Bearer $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"username\":\"$AGENT\",\"email\":\"${AGENT}@claw.hangman-lab.top\",\"agent_id\":\"$AGENT\",\"claw_identifier\":\"$CLAW_IDENTIFIER\"}" 2>&1) || true + + USER_ID=$(echo "$CREATE_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) + + if [ -z "$USER_ID" ]; then + # User might already exist, try to get their ID + echo " User creation returned: $CREATE_RESP" + echo " Attempting to fetch existing user..." + USER_RESP=$(curl -sf "$HF_API/users/$AGENT" -H "Authorization: Bearer $TOKEN" 2>&1) || true + USER_ID=$(echo "$USER_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) + if [ -z "$USER_ID" ]; then + echo " ERROR: Could not create or find user $AGENT, skipping" + continue + fi + echo " Found existing user ID: $USER_ID" + else + echo " Created user ID: $USER_ID" + fi + + # Generate API key + APIKEY_RESP=$(curl -sf -X POST "$HF_API/users/$AGENT/reset-apikey" \ + -H "Authorization: Bearer $TOKEN" 2>&1) + + API_KEY=$(echo "$APIKEY_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true) + + if [ -z "$API_KEY" ]; then + echo " ERROR: Failed to generate API key: $APIKEY_RESP" + continue + fi + echo " API key generated" + + # Store credentials in secret-mgr via pcexec env vars + AGENT_WORKSPACE="/root/.openclaw/workspace/workspace-${AGENT}" + + AGENT_VERIFY="$AGENT_VERIFY" AGENT_ID="$AGENT" AGENT_WORKSPACE="$AGENT_WORKSPACE" \ + "$SECRET_MGR" set --key hf --secret "$AGENT" --username "$AGENT" + + AGENT_VERIFY="$AGENT_VERIFY" AGENT_ID="$AGENT" AGENT_WORKSPACE="$AGENT_WORKSPACE" \ + "$SECRET_MGR" set --key hf-access-token --secret "$API_KEY" + + echo " Credentials stored in secret-mgr (hf, hf-access-token)" +done + +echo "" +echo "=== Done ==="