diff --git a/scripts/provision-hf-accounts.sh b/scripts/provision-hf-accounts.sh index 593d8f8..f1c2040 100755 --- a/scripts/provision-hf-accounts.sh +++ b/scripts/provision-hf-accounts.sh @@ -4,9 +4,10 @@ # credentials in secret-mgr (keys: hf, hf-access-token). # # Prerequisites: -# - hf CLI configured with correct base-url (hf-api.hangman-lab.top) -# - secret-mgr --public key "hf-acc-mgr" contains the account-manager API key -# - ego-mgr default-username set for each agent (agents without it are skipped) +# - hf CLI built with reset-apikey + acc-mgr-token support +# - secret-mgr --public key "hf-acc-mgr-token" contains the account-manager token +# - ego-mgr default-username and email set for each agent +# - Agents without default-username are skipped # # Usage: run on claw-main as root (no arguments needed) # @@ -37,9 +38,9 @@ pcexec_env() { } # Read acc-mgr token from secret-mgr --public -ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr --public) +ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr-token --public) if [ -z "$ACC_MGR_TOKEN" ]; then - echo "ERROR: hf-acc-mgr not found in secret-mgr --public" + echo "ERROR: hf-acc-mgr-token not found in secret-mgr --public" exit 1 fi echo "=== acc-mgr token loaded from secret-mgr ===" @@ -54,49 +55,43 @@ for AGENT in "${AGENTS[@]}"; do echo " SKIP: no default-username set for $AGENT" continue fi - echo " default-username: $USERNAME" + echo " username: $USERNAME" - EMAIL="${USERNAME}@claw.hangman-lab.top" - - # Generate a random password - PASS=$(openssl rand -hex 16) + # Get email from ego-mgr + EMAIL=$(pcexec_env "$AGENT" "$EGO_MGR" get email 2>/dev/null || true) + if [ -z "$EMAIL" ]; then + EMAIL="${USERNAME}@claw.hangman-lab.top" + echo " email (fallback): $EMAIL" + else + echo " email: $EMAIL" + fi # Create user via hf-cli - CREATE_OUTPUT=$(pcexec_env "$AGENT" "$HF" user create \ + CREATE_OUTPUT=$("$HF" user create \ --acc-mgr-token "$ACC_MGR_TOKEN" \ --user "$USERNAME" \ --email "$EMAIL" \ - --pass "$PASS" \ + --pass "$(openssl rand -hex 16)" \ --json 2>&1) || true USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) if [ -z "$USER_ID" ]; then - echo " User creation returned: $CREATE_OUTPUT" - echo " (may already exist, attempting to look up...)" - # Fallback: look up existing user to get ID - USER_ID=$(curl -sf "$(cat /root/.openclaw/bin/.hf-config.json | python3 -c "import json,sys;print(json.load(sys.stdin).get('base-url',''))")/users/$USERNAME" \ - -H "X-API-Key: $ACC_MGR_TOKEN" 2>/dev/null \ - | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) - if [ -z "$USER_ID" ]; then - echo " ERROR: could not create or find user $USERNAME, skipping" - continue - fi - echo " Found existing user ID: $USER_ID" + echo " User creation: $CREATE_OUTPUT" + echo " (may already exist, continuing to reset-apikey...)" else echo " Created user ID: $USER_ID" fi - # Generate API key via /api-keys endpoint - HF_BASE_URL=$(python3 -c "import json; print(json.load(open('/root/.openclaw/bin/.hf-config.json')).get('base-url',''))") - APIKEY_RESP=$(curl -sf -X POST "${HF_BASE_URL}/api-keys" \ - -H "Content-Type: application/json" \ - -d "{\"name\":\"${AGENT}-agent-key\",\"user_id\":${USER_ID}}" 2>&1) + # Generate API key via hf user reset-apikey (uses acc-mgr-token for auth) + APIKEY_OUTPUT=$("$HF" user reset-apikey "$USERNAME" \ + --acc-mgr-token "$ACC_MGR_TOKEN" \ + --json 2>&1) || true - API_KEY=$(echo "$APIKEY_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('key',''))" 2>/dev/null || true) + API_KEY=$(echo "$APIKEY_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true) if [ -z "$API_KEY" ]; then - echo " ERROR: failed to generate API key: $APIKEY_RESP" + echo " ERROR: failed to generate API key: $APIKEY_OUTPUT" continue fi echo " API key generated"