add one-time script to provision HarborForge accounts for all agents

Creates HF user accounts and API keys for each agent, stores
credentials in secret-mgr under keys "hf" and "hf-access-token".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

scripts/provision-hf-accounts.sh

@@ -0,0 +1,84 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+HF_API="http://127.0.0.1:8000"
+CLAW_IDENTIFIER="server-t2"
+SECRET_MGR="/root/.openclaw/bin/secret-mgr"
+AGENT_VERIFY="IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE"
+
+AGENTS=(
+  developer
+  dispatcher
+  operator
+  manager
+  mentor
+  recruiter
+  administrative-secretary
+  agent-resource-director
+)
+
+# Get admin token
+echo "=== Getting admin token ==="
+TOKEN=$(curl -sf -X POST "$HF_API/auth/token" \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "username=admin&password=admin123" | python3 -c "import json,sys; print(json.load(sys.stdin)['access_token'])")
+
+if [ -z "$TOKEN" ]; then
+  echo "ERROR: Failed to get admin token"
+  exit 1
+fi
+echo "Token acquired"
+
+for AGENT in "${AGENTS[@]}"; do
+  echo ""
+  echo "=== Processing: $AGENT ==="
+
+  # Create user (ignore if already exists)
+  CREATE_RESP=$(curl -sf -X POST "$HF_API/users" \
+    -H "Authorization: Bearer $TOKEN" \
+    -H "Content-Type: application/json" \
+    -d "{\"username\":\"$AGENT\",\"email\":\"${AGENT}@claw.hangman-lab.top\",\"agent_id\":\"$AGENT\",\"claw_identifier\":\"$CLAW_IDENTIFIER\"}" 2>&1) || true
+
+  USER_ID=$(echo "$CREATE_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+
+  if [ -z "$USER_ID" ]; then
+    # User might already exist, try to get their ID
+    echo "  User creation returned: $CREATE_RESP"
+    echo "  Attempting to fetch existing user..."
+    USER_RESP=$(curl -sf "$HF_API/users/$AGENT" -H "Authorization: Bearer $TOKEN" 2>&1) || true
+    USER_ID=$(echo "$USER_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
+    if [ -z "$USER_ID" ]; then
+      echo "  ERROR: Could not create or find user $AGENT, skipping"
+      continue
+    fi
+    echo "  Found existing user ID: $USER_ID"
+  else
+    echo "  Created user ID: $USER_ID"
+  fi
+
+  # Generate API key
+  APIKEY_RESP=$(curl -sf -X POST "$HF_API/users/$AGENT/reset-apikey" \
+    -H "Authorization: Bearer $TOKEN" 2>&1)
+
+  API_KEY=$(echo "$APIKEY_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true)
+
+  if [ -z "$API_KEY" ]; then
+    echo "  ERROR: Failed to generate API key: $APIKEY_RESP"
+    continue
+  fi
+  echo "  API key generated"
+
+  # Store credentials in secret-mgr via pcexec env vars
+  AGENT_WORKSPACE="/root/.openclaw/workspace/workspace-${AGENT}"
+
+  AGENT_VERIFY="$AGENT_VERIFY" AGENT_ID="$AGENT" AGENT_WORKSPACE="$AGENT_WORKSPACE" \
+    "$SECRET_MGR" set --key hf --secret "$AGENT" --username "$AGENT"
+
+  AGENT_VERIFY="$AGENT_VERIFY" AGENT_ID="$AGENT" AGENT_WORKSPACE="$AGENT_WORKSPACE" \
+    "$SECRET_MGR" set --key hf-access-token --secret "$API_KEY"
+
+  echo "  Credentials stored in secret-mgr (hf, hf-access-token)"
+done
+
+echo ""
+echo "=== Done ==="