#!/usr/bin/env bash # # One-time script: create HarborForge accounts for all agents and store # credentials in secret-mgr (keys: hf, hf-access-token). # # Prerequisites: # - hf CLI configured with correct base-url (hf-api.hangman-lab.top) # - secret-mgr --public key "hf-acc-mgr" contains the account-manager API key # - ego-mgr default-username set for each agent (agents without it are skipped) # # Usage: run on claw-main as root (no arguments needed) # set -euo pipefail HF="/root/.openclaw/bin/hf" SECRET_MGR="/root/.openclaw/bin/secret-mgr" EGO_MGR="/root/.openclaw/bin/ego-mgr" AGENT_VERIFY="IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE" AGENTS=( developer dispatcher operator manager mentor recruiter administrative-secretary agent-resource-director ) pcexec_env() { local agent="$1"; shift AGENT_VERIFY="$AGENT_VERIFY" \ AGENT_ID="$agent" \ AGENT_WORKSPACE="/root/.openclaw/workspace/workspace-${agent}" \ "$@" } # Read acc-mgr token from secret-mgr --public ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr --public) if [ -z "$ACC_MGR_TOKEN" ]; then echo "ERROR: hf-acc-mgr not found in secret-mgr --public" exit 1 fi echo "=== acc-mgr token loaded from secret-mgr ===" for AGENT in "${AGENTS[@]}"; do echo "" echo "=== Processing: $AGENT ===" # Get default-username from ego-mgr USERNAME=$(pcexec_env "$AGENT" "$EGO_MGR" get default-username 2>/dev/null || true) if [ -z "$USERNAME" ]; then echo " SKIP: no default-username set for $AGENT" continue fi echo " default-username: $USERNAME" EMAIL="${USERNAME}@claw.hangman-lab.top" # Generate a random password PASS=$(openssl rand -hex 16) # Create user via hf-cli CREATE_OUTPUT=$(pcexec_env "$AGENT" "$HF" user create \ --acc-mgr-token "$ACC_MGR_TOKEN" \ --user "$USERNAME" \ --email "$EMAIL" \ --pass "$PASS" \ --json 2>&1) || true USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) if [ -z "$USER_ID" ]; then echo " User creation returned: $CREATE_OUTPUT" echo " (may already exist, attempting to look up...)" # Fallback: look up existing user to get ID USER_ID=$(curl -sf "$(cat /root/.openclaw/bin/.hf-config.json | python3 -c "import json,sys;print(json.load(sys.stdin).get('base-url',''))")/users/$USERNAME" \ -H "X-API-Key: $ACC_MGR_TOKEN" 2>/dev/null \ | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) if [ -z "$USER_ID" ]; then echo " ERROR: could not create or find user $USERNAME, skipping" continue fi echo " Found existing user ID: $USER_ID" else echo " Created user ID: $USER_ID" fi # Generate API key via /api-keys endpoint HF_BASE_URL=$(python3 -c "import json; print(json.load(open('/root/.openclaw/bin/.hf-config.json')).get('base-url',''))") APIKEY_RESP=$(curl -sf -X POST "${HF_BASE_URL}/api-keys" \ -H "Content-Type: application/json" \ -d "{\"name\":\"${AGENT}-agent-key\",\"user_id\":${USER_ID}}" 2>&1) API_KEY=$(echo "$APIKEY_RESP" | python3 -c "import json,sys; print(json.load(sys.stdin).get('key',''))" 2>/dev/null || true) if [ -z "$API_KEY" ]; then echo " ERROR: failed to generate API key: $APIKEY_RESP" continue fi echo " API key generated" # Store credentials in secret-mgr pcexec_env "$AGENT" "$SECRET_MGR" set --key hf --secret "$USERNAME" --username "$USERNAME" pcexec_env "$AGENT" "$SECRET_MGR" set --key hf-access-token --secret "$API_KEY" echo " Stored: hf=$USERNAME, hf-access-token=" done echo "" echo "=== Done ==="