Skip to content

Commit 0772b19

Browse files
committed
point setup and init-onecli skills at OneCLI Cloud
1 parent a81e165 commit 0772b19

26 files changed

Lines changed: 2533 additions & 72 deletions

File tree

.claude/skills/add-compact/SKILL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ git fetch upstream skill/compact
2828
git merge upstream/skill/compact
2929
```
3030

31-
> **Note:** `upstream` is the remote pointing to `qwibitai/nanoclaw`. If using a different remote name, substitute accordingly.
31+
> **Note:** `upstream` is the remote pointing to `onecli/nanoclaw`. If using a different remote name, substitute accordingly.
3232
3333
This adds:
3434
- `src/session-commands.ts` (extract and authorize session commands)

.claude/skills/add-emacs/SKILL.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,11 @@ If it exists, skip to Phase 3 (Setup). The code changes are already in place.
3737
git remote -v
3838
```
3939

40-
If an `upstream` remote pointing to `https://github.com/qwibitai/nanoclaw.git` is missing,
40+
If an `upstream` remote pointing to `https://github.com/onecli/nanoclaw.git` is missing,
4141
add it:
4242

4343
```bash
44-
git remote add upstream https://github.com/qwibitai/nanoclaw.git
44+
git remote add upstream https://github.com/onecli/nanoclaw.git
4545
```
4646

4747
### Merge the skill branch

.claude/skills/add-ollama-tool/SKILL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ git remote -v
5454
If `upstream` is missing, add it:
5555

5656
```bash
57-
git remote add upstream https://github.com/qwibitai/nanoclaw.git
57+
git remote add upstream https://github.com/onecli/nanoclaw.git
5858
```
5959

6060
### Merge the skill branch

.claude/skills/channel-formatting/SKILL.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,11 @@ If `already applied`, skip to Phase 3 (Verify).
3737
git remote -v
3838
```
3939

40-
If an `upstream` remote pointing to `https://github.com/qwibitai/nanoclaw.git` is missing,
40+
If an `upstream` remote pointing to `https://github.com/onecli/nanoclaw.git` is missing,
4141
add it:
4242

4343
```bash
44-
git remote add upstream https://github.com/qwibitai/nanoclaw.git
44+
git remote add upstream https://github.com/onecli/nanoclaw.git
4545
```
4646

4747
### Merge the skill branch

.claude/skills/convert-to-apple-container/SKILL.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ git remote -v
5858
If `upstream` is missing, add it:
5959

6060
```bash
61-
git remote add upstream https://github.com/qwibitai/nanoclaw.git
61+
git remote add upstream https://github.com/onecli/nanoclaw.git
6262
```
6363

6464
### Merge the skill branch

.claude/skills/init-onecli/SKILL.md

Lines changed: 45 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,36 @@
11
---
22
name: init-onecli
3-
description: Install and initialize OneCLI Agent Vault. Migrates existing .env credentials to the vault. Use after /update-nanoclaw brings in OneCLI as a breaking change, or for first-time OneCLI setup.
3+
description: Configure OneCLI Cloud Agent Vault. Migrates existing .env credentials to the cloud vault. Use after /update-nanoclaw brings in OneCLI as a breaking change, or for first-time OneCLI Cloud setup.
44
---
55

6-
# Initialize OneCLI Agent Vault
6+
# Initialize OneCLI Cloud Agent Vault
77

8-
This skill installs OneCLI, configures the Agent Vault gateway, and migrates any existing `.env` credentials into it. Run this after `/update-nanoclaw` introduces OneCLI as a breaking change, or any time OneCLI needs to be set up from scratch.
8+
This skill configures the OneCLI Cloud Agent Vault gateway and migrates any existing `.env` credentials into it. Run this after `/update-nanoclaw` introduces OneCLI as a breaking change, or any time OneCLI Cloud needs to be set up.
99

1010
**Principle:** When something is broken or missing, fix it. Don't tell the user to go fix it themselves unless it genuinely requires their manual action (e.g. pasting a token).
1111

1212
## Phase 1: Pre-flight
1313

14-
### Check if OneCLI is already working
14+
### Check if OneCLI Cloud is already configured
15+
16+
Check `.env` for OneCLI Cloud configuration:
1517

1618
```bash
17-
onecli version 2>/dev/null
19+
grep 'ONECLI_URL' .env && grep 'ONECLI_API_KEY' .env
1820
```
1921

20-
If the command succeeds, OneCLI is installed, check for an Anthropic secret:
22+
If both are present, check if the cloud gateway is reachable:
2123

2224
```bash
23-
onecli secrets list
25+
source .env && curl -sf "${ONECLI_URL}/health"
2426
```
2527

26-
If an Anthropic secret exists, tell the user OneCLI is already configured and working. Use AskUserQuestion:
28+
If reachable, check the OneCLI Cloud dashboard (Secrets page at ONECLI_URL) for an Anthropic secret.
2729

28-
1. **Keep current setup** — description: "OneCLI is installed and has credentials configured. Nothing to do."
29-
2. **Reconfigure** — description: "Start fresh — reinstall OneCLI and re-register credentials."
30+
If an Anthropic secret exists, tell the user OneCLI Cloud is already configured and working. Use AskUserQuestion:
31+
32+
1. **Keep current setup** — description: "OneCLI Cloud is configured and has credentials. Nothing to do."
33+
2. **Reconfigure** — description: "Start fresh — re-register credentials in the cloud."
3034

3135
If they choose to keep, skip to Phase 5 (Verify). If they choose to reconfigure, continue.
3236

@@ -36,10 +40,10 @@ If they choose to keep, skip to Phase 5 (Verify). If they choose to reconfigure,
3640
grep "credential-proxy" src/index.ts 2>/dev/null
3741
```
3842

39-
If `startCredentialProxy` is imported, the native credential proxy skill is active. Tell the user: "You're currently using the native credential proxy (`.env`-based). This skill will switch you to OneCLI's Agent Vault, which adds per-agent policies and rate limits. Your `.env` credentials will be migrated to the vault."
43+
If `startCredentialProxy` is imported, the native credential proxy skill is active. Tell the user: "You're currently using the native credential proxy (`.env`-based). This skill will switch you to OneCLI Cloud's Agent Vault, which adds per-agent policies and rate limits. Your `.env` credentials will be migrated to the cloud vault."
4044

4145
Use AskUserQuestion:
42-
1. **Continue** — description: "Switch to OneCLI Agent Vault."
46+
1. **Continue** — description: "Switch to OneCLI Cloud Agent Vault."
4347
2. **Cancel** — description: "Keep the native credential proxy."
4448

4549
If they cancel, stop.
@@ -52,12 +56,11 @@ grep "@onecli-sh/sdk" package.json
5256

5357
If `@onecli-sh/sdk` is NOT in package.json, the codebase hasn't been updated to use OneCLI yet. Tell the user to run `/update-nanoclaw` first to get the OneCLI integration, then retry `/init-onecli`. Stop here.
5458

55-
## Phase 2: Install OneCLI
59+
## Phase 2: Install & Configure OneCLI CLI
5660

57-
### Install the gateway and CLI
61+
### Install the CLI
5862

5963
```bash
60-
curl -fsSL onecli.sh/install | sh
6164
curl -fsSL onecli.sh/cli/install | sh
6265
```
6366

@@ -75,36 +78,41 @@ Re-verify with `onecli version`.
7578

7679
### Configure the CLI
7780

78-
Point the CLI at the local OneCLI instance, the ONECLI_URL was output from the install script above:
81+
Point the CLI at OneCLI Cloud (reads ONECLI_URL from `.env`, defaults to `https://app.onecli.sh`):
7982

8083
```bash
81-
onecli config set api-host ${ONECLI_URL}
84+
source .env 2>/dev/null
85+
onecli config set api-host "${ONECLI_URL:-https://app.onecli.sh}"
8286
```
8387

8488
### Set ONECLI_URL in .env
8589

8690
```bash
87-
grep -q 'ONECLI_URL' .env 2>/dev/null || echo 'ONECLI_URL=${ONECLI_URL}' >> .env
91+
grep -q 'ONECLI_URL' .env 2>/dev/null || echo 'ONECLI_URL=https://app.onecli.sh' >> .env
8892
```
8993

90-
### Wait for gateway readiness
94+
### Set ONECLI_API_KEY in .env
95+
96+
If `ONECLI_API_KEY` is not already in `.env`, ask the user for their API key from the OneCLI Cloud dashboard (Settings → API Keys) and add it:
9197

92-
The gateway may take a moment to start after installation. Poll for up to 15 seconds:
98+
```bash
99+
echo 'ONECLI_API_KEY=<their-key>' >> .env
100+
```
101+
102+
### Authenticate the CLI
93103

94104
```bash
95-
for i in $(seq 1 15); do
96-
curl -sf ${ONECLI_URL}/health && break
97-
sleep 1
98-
done
105+
source .env 2>/dev/null
106+
onecli auth login --api-key "$ONECLI_API_KEY"
99107
```
100108

101-
If it never becomes healthy, check if the gateway process is running:
109+
### Verify cloud gateway is reachable
102110

103111
```bash
104-
ps aux | grep -i onecli | grep -v grep
112+
source .env && curl -sf "${ONECLI_URL}/health"
105113
```
106114

107-
If it's not running, try starting it manually: `onecli start`. If that fails, show the error and stop — the user needs to debug their OneCLI installation.
115+
If the gateway is not reachable, verify the `ONECLI_URL` value in `.env` is correct and that the user has an active OneCLI Cloud account.
108116

109117
## Phase 3: Migrate existing credentials
110118

@@ -128,7 +136,7 @@ Parse the file for any of the credential variables listed above.
128136

129137
### If credentials found in .env
130138

131-
For each credential found, migrate it to OneCLI:
139+
For each credential found, migrate it to OneCLI Cloud:
132140

133141
**Anthropic API key** (`ANTHROPIC_API_KEY=sk-ant-...`):
134142
```bash
@@ -140,14 +148,14 @@ onecli secrets create --name Anthropic --type anthropic --value <key> --host-pat
140148
onecli secrets create --name Anthropic --type anthropic --value <token> --host-pattern api.anthropic.com
141149
```
142150

143-
After successful migration, remove the credential lines from `.env`. Use the Edit tool to remove only the credential variable lines (`ANTHROPIC_API_KEY`, `CLAUDE_CODE_OAUTH_TOKEN`, `ANTHROPIC_AUTH_TOKEN`). Keep all other `.env` entries intact (e.g. `ONECLI_URL`, `TELEGRAM_BOT_TOKEN`, channel tokens).
151+
After successful migration, remove the credential lines from `.env`. Use the Edit tool to remove only the credential variable lines (`ANTHROPIC_API_KEY`, `CLAUDE_CODE_OAUTH_TOKEN`, `ANTHROPIC_AUTH_TOKEN`). Keep all other `.env` entries intact (e.g. `ONECLI_URL`, `ONECLI_API_KEY`, `TELEGRAM_BOT_TOKEN`, channel tokens).
144152

145153
Verify the secret was registered:
146154
```bash
147155
onecli secrets list
148156
```
149157

150-
Tell the user: "Migrated your Anthropic credentials from `.env` to the OneCLI Agent Vault. The raw keys have been removed from `.env` — they're now managed by OneCLI and will be injected at request time without entering containers."
158+
Tell the user: "Migrated your Anthropic credentials from `.env` to the OneCLI Cloud Agent Vault. The raw keys have been removed from `.env` — they're now managed by OneCLI Cloud and will be injected at request time without entering containers."
151159

152160
### Offer to migrate other container-facing credentials
153161

@@ -188,7 +196,7 @@ onecli secrets list
188196

189197
No migration needed. Proceed to register credentials fresh.
190198

191-
Check if OneCLI already has an Anthropic secret:
199+
Check if OneCLI Cloud already has an Anthropic secret:
192200
```bash
193201
onecli secrets list
194202
```
@@ -208,7 +216,7 @@ Tell the user to run `claude setup-token` in another terminal and copy the token
208216

209217
Once they have the token, AskUserQuestion with two options:
210218

211-
1. **Dashboard** — description: "Best if you have a browser on this machine. Open ${ONECLI_URL} and add the secret in the UI. Use type 'anthropic' and paste your token as the value."
219+
1. **Dashboard** — description: "Open the dashboard at `${ONECLI_URL}/connections/secrets`, click '+ Add Secret', choose type 'anthropic', and paste your token as the value."
212220
2. **CLI** — description: "Best for remote/headless servers. Run: `onecli secrets create --name Anthropic --type anthropic --value YOUR_TOKEN --host-pattern api.anthropic.com`"
213221

214222
#### API key path
@@ -217,7 +225,7 @@ Tell the user to get an API key from https://console.anthropic.com/settings/keys
217225

218226
AskUserQuestion with two options:
219227

220-
1. **Dashboard** — description: "Best if you have a browser on this machine. Open ${ONECLI_URL} and add the secret in the UI."
228+
1. **Dashboard** — description: "Open the dashboard at `${ONECLI_URL}/connections/secrets`, click '+ Add Secret', choose type 'anthropic', and paste your key as the value."
221229
2. **CLI** — description: "Best for remote/headless servers. Run: `onecli secrets create --name Anthropic --type anthropic --value YOUR_KEY --host-pattern api.anthropic.com`"
222230

223231
#### After either path
@@ -254,17 +262,15 @@ Expected: `OneCLI gateway config applied` messages when containers start.
254262
If the service is running and a channel is configured, tell the user to send a test message to verify the agent responds.
255263

256264
Tell the user:
257-
- OneCLI Agent Vault is now managing credentials
265+
- OneCLI Cloud Agent Vault is now managing credentials
258266
- Agents never see raw API keys — credentials are injected at the gateway level
259-
- To manage secrets: `onecli secrets list`, or open ${ONECLI_URL}
267+
- To manage secrets: `onecli secrets list`, or open the OneCLI Cloud dashboard
260268
- To add rate limits or policies: `onecli rules create --help`
261269

262270
## Troubleshooting
263271

264-
**"OneCLI gateway not reachable" in logs:** The gateway isn't running. Check with `curl -sf ${ONECLI_URL}/health`. Start it with `onecli start` if needed.
272+
**"OneCLI gateway not reachable" in logs:** The cloud gateway isn't reachable. Check with `source .env && curl -sf "${ONECLI_URL}/health"`. Verify `ONECLI_URL` and `ONECLI_API_KEY` are correctly set in `.env`.
265273

266-
**Container gets no credentials:** Verify `ONECLI_URL` is set in `.env` and the gateway has an Anthropic secret (`onecli secrets list`).
274+
**Container gets no credentials:** Verify `ONECLI_URL` and `ONECLI_API_KEY` are set in `.env` and the gateway has an Anthropic secret (`onecli secrets list`).
267275

268276
**Old .env credentials still present:** This skill should have removed them. Double-check `.env` for `ANTHROPIC_API_KEY`, `CLAUDE_CODE_OAUTH_TOKEN`, or `ANTHROPIC_AUTH_TOKEN` and remove them manually if still present.
269-
270-
**Port 10254 already in use:** Another OneCLI instance may be running. Check with `lsof -i :10254` and kill the old process, or configure a different port.

0 commit comments

Comments
 (0)