orion/HangmanLab.Server.T2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53b4d6df26b5911ff1783c34cef35d64f868f9fe
HangmanLab.Server.T2/scripts/provision-hf-accounts.sh
orion 53b4d6df26 update provision-hf-accounts.sh: use hf-cli for all operations 
- Use hf user create + hf user reset-apikey (no direct API calls)
- Read acc-mgr token from secret-mgr --public (hf-acc-mgr-token)
- Get username from ego-mgr get default-username
- Get email from ego-mgr get email (fallback to <user>@claw.hangman-lab.top)
- Requires updated hf CLI with reset-apikey + acc-mgr-token support

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-16 21:08:27 +00:00

108 lines
3.1 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# One-time script: create HarborForge accounts for all agents and store
# credentials in secret-mgr (keys: hf, hf-access-token).
#
# Prerequisites:
# - hf CLI built with reset-apikey + acc-mgr-token support
# - secret-mgr --public key "hf-acc-mgr-token" contains the account-manager token
# - ego-mgr default-username and email set for each agent
# - Agents without default-username are skipped
#
# Usage: run on claw-main as root (no arguments needed)
#
set -euo pipefail
HF="/root/.openclaw/bin/hf"
SECRET_MGR="/root/.openclaw/bin/secret-mgr"
EGO_MGR="/root/.openclaw/bin/ego-mgr"
AGENT_VERIFY="IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE"
AGENTS=(
developer
dispatcher
operator
manager
mentor
recruiter
administrative-secretary
agent-resource-director
)
pcexec_env() {
local agent="$1"; shift
AGENT_VERIFY="$AGENT_VERIFY" \
AGENT_ID="$agent" \
AGENT_WORKSPACE="/root/.openclaw/workspace/workspace-${agent}" \
"$@"
}
# Read acc-mgr token from secret-mgr --public
ACC_MGR_TOKEN=$(pcexec_env "${AGENTS[0]}" "$SECRET_MGR" get-secret --key hf-acc-mgr-token --public)
if [ -z "$ACC_MGR_TOKEN" ]; then
echo "ERROR: hf-acc-mgr-token not found in secret-mgr --public"
exit 1
fi
echo "=== acc-mgr token loaded from secret-mgr ==="
for AGENT in "${AGENTS[@]}"; do
echo ""
echo "=== Processing: $AGENT ==="
# Get default-username from ego-mgr
USERNAME=$(pcexec_env "$AGENT" "$EGO_MGR" get default-username 2>/dev/null || true)
if [ -z "$USERNAME" ]; then
echo " SKIP: no default-username set for $AGENT"
continue
fi
echo " username: $USERNAME"
# Get email from ego-mgr
EMAIL=$(pcexec_env "$AGENT" "$EGO_MGR" get email 2>/dev/null || true)
if [ -z "$EMAIL" ]; then
EMAIL="${USERNAME}@claw.hangman-lab.top"
echo " email (fallback): $EMAIL"
else
echo " email: $EMAIL"
fi
# Create user via hf-cli
CREATE_OUTPUT=$("$HF" user create \
--acc-mgr-token "$ACC_MGR_TOKEN" \
--user "$USERNAME" \
--email "$EMAIL" \
--pass "$(openssl rand -hex 16)" \
--json 2>&1) || true
USER_ID=$(echo "$CREATE_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('id',''))" 2>/dev/null || true)
if [ -z "$USER_ID" ]; then
echo " User creation: $CREATE_OUTPUT"
echo " (may already exist, continuing to reset-apikey...)"
else
echo " Created user ID: $USER_ID"
fi
# Generate API key via hf user reset-apikey (uses acc-mgr-token for auth)
APIKEY_OUTPUT=$("$HF" user reset-apikey "$USERNAME" \
--acc-mgr-token "$ACC_MGR_TOKEN" \
--json 2>&1) || true
API_KEY=$(echo "$APIKEY_OUTPUT" | python3 -c "import json,sys; print(json.load(sys.stdin).get('api_key',''))" 2>/dev/null || true)
if [ -z "$API_KEY" ]; then
echo " ERROR: failed to generate API key: $APIKEY_OUTPUT"
continue
fi
echo " API key generated"
# Store credentials in secret-mgr
pcexec_env "$AGENT" "$SECRET_MGR" set --key hf --secret "$USERNAME" --username "$USERNAME"
pcexec_env "$AGENT" "$SECRET_MGR" set --key hf-access-token --secret "$API_KEY"
echo " Stored: hf=$USERNAME, hf-access-token=<key>"
done
echo ""
echo "=== Done ==="
Reference in New Issue View Git Blame Copy Permalink