#!/usr/bin/env bash # # One-time script: create HarborForge accounts for all agents and store # credentials in secret-mgr (keys: hf, hf-access-token). # # Prerequisites: # - hf CLI built with reset-apikey + acc-mgr-token support # - secret-mgr --public key "hf-acc-mgr-token" contains the account-manager token # - ego-mgr default-username and email set for each agent # - Agents without default-username are skipped # # Usage: run on claw-main as root (no arguments needed) # set -euo pipefail HF="/root/.openclaw/bin/hf" SECRET_MGR="/root/.openclaw/bin/secret-mgr" EGO_MGR="/root/.openclaw/bin/ego-mgr" AGENT_VERIFY="IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE" AGENTS=( developer dispatcher operator manager mentor recruiter administrative-secretary agent-resource-director ) pcexec_env() { local agent="$1"; shift AGENT_VERIFY="$AGENT_VERIFY" \ AGENT_ID="$agent" \ AGENT_WORKSPACE="/root/.openclaw/workspace/workspace-${agent}" \ "$@" } # Read acc-mgr token from secret-mgr --public ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr-token --public) if [ -z "$ACC_MGR_TOKEN" ]; then echo "ERROR: hf-acc-mgr-token not found in secret-mgr --public" exit 1 fi echo "=== acc-mgr token loaded from secret-mgr ===" for AGENT in "${AGENTS[@]}"; do echo "" echo "=== Processing: $AGENT ===" # Get default-username from ego-mgr USERNAME=$(pcexec_env "$AGENT" "$EGO_MGR" get default-username 2>/dev/null || true) if [ -z "$USERNAME" ]; then echo " SKIP: no default-username set for $AGENT" continue fi echo " username: $USERNAME" # Get email from ego-mgr EMAIL=$(pcexec_env "$AGENT" "$EGO_MGR" get email 2>/dev/null || true) if [ -z "$EMAIL" ]; then EMAIL="${USERNAME}@claw.hangman-lab.top" echo " email (fallback): $EMAIL" else echo " email: $EMAIL" fi # Create user via hf-cli CREATE_OUTPUT=$("$HF" user create \ --acc-mgr-token "$ACC_MGR_TOKEN" \ --user "$USERNAME" \ --email "$EMAIL" \ --pass "$(openssl rand -hex 16)" \ --json 2>&1) || true USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true) if [ -z "$USER_ID" ]; then echo " User creation: $CREATE_OUTPUT" echo " (may already exist, continuing to reset-apikey...)" else echo " Created user ID: $USER_ID" fi # Generate API key via hf user reset-apikey (uses acc-mgr-token for auth) APIKEY_OUTPUT=$("$HF" user reset-apikey "$USERNAME" \ --acc-mgr-token "$ACC_MGR_TOKEN" \ --json 2>&1) || true API_KEY=$(echo "$APIKEY_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true) if [ -z "$API_KEY" ]; then echo " ERROR: failed to generate API key: $APIKEY_OUTPUT" continue fi echo " API key generated" # Store credentials in secret-mgr pcexec_env "$AGENT" "$SECRET_MGR" set --key hf --secret "$USERNAME" --username "$USERNAME" pcexec_env "$AGENT" "$SECRET_MGR" set --key hf-access-token --secret "$API_KEY" echo " Stored: hf=$USERNAME, hf-access-token=" done echo "" echo "=== Done ==="