Compare commits
6 Commits
main
...
task-onboa
| Author | SHA1 | Date | |
|---|---|---|---|
|
0c5d9fb195 | ||
|
|
5d71a83b72 | ||
|
|
baec665cc5 | ||
|
|
c7d1ab2a75 | ||
|
|
70c5f75fb4 | ||
|
|
cf7c36ac65 |
@ -333,6 +333,7 @@ Options:
|
||||
- `--non-interactive`
|
||||
- `--mode <local|remote>`
|
||||
- `--flow <quickstart|advanced|manual>` (manual is an alias for advanced)
|
||||
- `--tools-profile <minimal|coding|messaging|full>`
|
||||
- `--auth-choice <setup-token|token|chutes|openai-codex|openai-api-key|openrouter-api-key|ai-gateway-api-key|moonshot-api-key|moonshot-api-key-cn|kimi-code-api-key|synthetic-api-key|venice-api-key|gemini-api-key|zai-api-key|mistral-api-key|apiKey|minimax-api|minimax-api-lightning|opencode-zen|custom-api-key|skip>`
|
||||
- `--token-provider <id>` (non-interactive; used with `--auth-choice token`)
|
||||
- `--token <token>` (non-interactive; used with `--auth-choice token`)
|
||||
|
||||
@ -23,6 +23,7 @@ Interactive onboarding wizard (local or remote Gateway setup).
|
||||
openclaw onboard
|
||||
openclaw onboard --flow quickstart
|
||||
openclaw onboard --flow manual
|
||||
openclaw onboard --tools-profile coding
|
||||
openclaw onboard --mode remote --remote-url wss://gateway-host:18789
|
||||
```
|
||||
|
||||
@ -122,6 +123,8 @@ Flow notes:
|
||||
- `quickstart`: minimal prompts, auto-generates a gateway token.
|
||||
- `manual`: full prompts for port/bind/auth (alias of `advanced`).
|
||||
- Local onboarding DM scope behavior: [CLI Onboarding Reference](/start/wizard-cli-reference#outputs-and-internals).
|
||||
- Local onboarding prompts for a tool profile (`Messaging`, `Coding`, `Full`, `Minimal`).
|
||||
- Non-interactive profile selection: `--tools-profile <minimal|coding|messaging|full>`.
|
||||
- Fastest first chat: `openclaw dashboard` (Control UI, no channel setup).
|
||||
- Custom Provider: connect any OpenAI or Anthropic compatible endpoint,
|
||||
including hosted providers not listed. Use Unknown to auto-detect.
|
||||
|
||||
@ -1674,7 +1674,7 @@ Defaults for Talk mode (macOS/iOS/Android).
|
||||
|
||||
`tools.profile` sets a base allowlist before `tools.allow`/`tools.deny`:
|
||||
|
||||
Local onboarding defaults new local configs to `tools.profile: "messaging"` when unset (existing explicit profiles are preserved).
|
||||
Local onboarding prompts for a tool profile. In non-interactive onboarding, `--tools-profile` can set it explicitly; if omitted, new local configs default to `tools.profile: "messaging"` when unset (existing explicit profiles are preserved).
|
||||
|
||||
| Profile | Includes |
|
||||
| ----------- | ----------------------------------------------------------------------------------------- |
|
||||
|
||||
@ -270,7 +270,7 @@ Typical fields in `~/.openclaw/openclaw.json`:
|
||||
|
||||
- `agents.defaults.workspace`
|
||||
- `agents.defaults.model` / `models.providers` (if Minimax chosen)
|
||||
- `tools.profile` (local onboarding defaults to `"messaging"` when unset; existing explicit values are preserved)
|
||||
- `tools.profile` (local onboarding prompts for a tool profile; when unset in non-interactive runs, defaults to `"messaging"` and preserves existing explicit values)
|
||||
- `gateway.*` (mode, bind, auth, tailscale)
|
||||
- `session.dmScope` (behavior details: [CLI Onboarding Reference](/start/wizard-cli-reference#outputs-and-internals))
|
||||
- `channels.telegram.botToken`, `channels.discord.token`, `channels.signal.*`, `channels.imessage.*`
|
||||
|
||||
@ -34,7 +34,7 @@ Security trust model:
|
||||
|
||||
- By default, OpenClaw is a personal agent: one trusted operator boundary.
|
||||
- Shared/multi-user setups require lock-down (split trust boundaries, keep tool access minimal, and follow [Security](/gateway/security)).
|
||||
- Local onboarding now defaults new configs to `tools.profile: "messaging"` so broad runtime/filesystem tools are opt-in.
|
||||
- Local onboarding now prompts for a tool profile; when unset, new configs default to `tools.profile: "messaging"` so broad runtime/filesystem tools are opt-in.
|
||||
- If hooks/webhooks or other untrusted content feeds are enabled, use a strong modern model tier and keep strict tool policy/sandboxing.
|
||||
|
||||
</Step>
|
||||
|
||||
@ -247,7 +247,7 @@ Typical fields in `~/.openclaw/openclaw.json`:
|
||||
|
||||
- `agents.defaults.workspace`
|
||||
- `agents.defaults.model` / `models.providers` (if Minimax chosen)
|
||||
- `tools.profile` (local onboarding defaults to `"messaging"` when unset; existing explicit values are preserved)
|
||||
- `tools.profile` (local onboarding prompts for a tool profile; use `--tools-profile <minimal|coding|messaging|full>` in non-interactive mode. If omitted, defaults to `"messaging"` when unset and preserves existing explicit values)
|
||||
- `gateway.*` (mode, bind, auth, tailscale)
|
||||
- `session.dmScope` (local onboarding defaults this to `per-channel-peer` when unset; existing explicit values are preserved)
|
||||
- `channels.telegram.botToken`, `channels.discord.token`, `channels.signal.*`, `channels.imessage.*`
|
||||
|
||||
@ -50,7 +50,7 @@ The wizard starts with **QuickStart** (defaults) vs **Advanced** (full control).
|
||||
- Workspace default (or existing workspace)
|
||||
- Gateway port **18789**
|
||||
- Gateway auth **Token** (auto‑generated, even on loopback)
|
||||
- Tool policy default for new local setups: `tools.profile: "messaging"` (existing explicit profile is preserved)
|
||||
- Tool profile prompt (`Messaging`, `Coding`, `Full`, `Minimal`); defaults to `messaging` when unset and preserves existing explicit profiles.
|
||||
- DM isolation default: local onboarding writes `session.dmScope: "per-channel-peer"` when unset. Details: [CLI Onboarding Reference](/start/wizard-cli-reference#outputs-and-internals)
|
||||
- Tailscale exposure **Off**
|
||||
- Telegram + WhatsApp DMs default to **allowlist** (you'll be prompted for your phone number)
|
||||
|
||||
@ -139,6 +139,16 @@ describe("registerOnboardCommand", () => {
|
||||
);
|
||||
});
|
||||
|
||||
it("forwards --tools-profile", async () => {
|
||||
await runCli(["onboard", "--tools-profile", "coding"]);
|
||||
expect(onboardCommandMock).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
toolsProfile: "coding",
|
||||
}),
|
||||
runtime,
|
||||
);
|
||||
});
|
||||
|
||||
it("reports errors via runtime on onboard command failures", async () => {
|
||||
onboardCommandMock.mockRejectedValueOnce(new Error("onboard failed"));
|
||||
|
||||
|
||||
@ -10,6 +10,7 @@ import type {
|
||||
ResetScope,
|
||||
SecretInputMode,
|
||||
TailscaleMode,
|
||||
ToolProfileId,
|
||||
} from "../../commands/onboard-types.js";
|
||||
import { onboardCommand } from "../../commands/onboard.js";
|
||||
import { defaultRuntime } from "../../runtime.js";
|
||||
@ -69,6 +70,7 @@ export function registerOnboardCommand(program: Command) {
|
||||
)
|
||||
.option("--flow <flow>", "Wizard flow: quickstart|advanced|manual")
|
||||
.option("--mode <mode>", "Wizard mode: local|remote")
|
||||
.option("--tools-profile <profile>", "Tool profile: minimal|coding|messaging|full")
|
||||
.option("--auth-choice <choice>", `Auth: ${AUTH_CHOICE_HELP}`)
|
||||
.option(
|
||||
"--token-provider <id>",
|
||||
@ -138,6 +140,7 @@ export function registerOnboardCommand(program: Command) {
|
||||
acceptRisk: Boolean(opts.acceptRisk),
|
||||
flow: opts.flow as "quickstart" | "advanced" | "manual" | undefined,
|
||||
mode: opts.mode as "local" | "remote" | undefined,
|
||||
toolsProfile: opts.toolsProfile as ToolProfileId | undefined,
|
||||
authChoice: opts.authChoice as AuthChoice | undefined,
|
||||
tokenProvider: opts.tokenProvider as string | undefined,
|
||||
token: opts.token as string | undefined,
|
||||
|
||||
@ -49,4 +49,17 @@ describe("applyOnboardingLocalWorkspaceConfig", () => {
|
||||
|
||||
expect(result.tools?.profile).toBe("full");
|
||||
});
|
||||
|
||||
it("applies explicit tools.profile override when provided", () => {
|
||||
const baseConfig: OpenClawConfig = {
|
||||
tools: {
|
||||
profile: "messaging",
|
||||
},
|
||||
};
|
||||
const result = applyOnboardingLocalWorkspaceConfig(baseConfig, "/tmp/workspace", {
|
||||
toolsProfile: "coding",
|
||||
});
|
||||
|
||||
expect(result.tools?.profile).toBe("coding");
|
||||
});
|
||||
});
|
||||
|
||||
@ -8,7 +8,10 @@ export const ONBOARDING_DEFAULT_TOOLS_PROFILE: ToolProfileId = "messaging";
|
||||
export function applyOnboardingLocalWorkspaceConfig(
|
||||
baseConfig: OpenClawConfig,
|
||||
workspaceDir: string,
|
||||
params?: { toolsProfile?: ToolProfileId },
|
||||
): OpenClawConfig {
|
||||
const toolsProfile =
|
||||
params?.toolsProfile ?? baseConfig.tools?.profile ?? ONBOARDING_DEFAULT_TOOLS_PROFILE;
|
||||
return {
|
||||
...baseConfig,
|
||||
agents: {
|
||||
@ -28,7 +31,7 @@ export function applyOnboardingLocalWorkspaceConfig(
|
||||
},
|
||||
tools: {
|
||||
...baseConfig.tools,
|
||||
profile: baseConfig.tools?.profile ?? ONBOARDING_DEFAULT_TOOLS_PROFILE,
|
||||
profile: toolsProfile,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
@ -151,6 +151,77 @@ describe("onboard (non-interactive): gateway and remote auth", () => {
|
||||
});
|
||||
}, 60_000);
|
||||
|
||||
it("writes explicit tools profile from --tools-profile", async () => {
|
||||
await withStateDir("state-tools-profile-", async (stateDir) => {
|
||||
const workspace = path.join(stateDir, "openclaw");
|
||||
|
||||
await runNonInteractiveOnboarding(
|
||||
{
|
||||
nonInteractive: true,
|
||||
mode: "local",
|
||||
workspace,
|
||||
toolsProfile: "coding",
|
||||
authChoice: "skip",
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
installDaemon: false,
|
||||
gatewayBind: "loopback",
|
||||
gatewayAuth: "token",
|
||||
gatewayToken: "tok_test_123",
|
||||
},
|
||||
runtime,
|
||||
);
|
||||
|
||||
const configPath = resolveStateConfigPath(process.env, stateDir);
|
||||
const cfg = await readJsonFile<{ tools?: { profile?: string } }>(configPath);
|
||||
expect(cfg?.tools?.profile).toBe("coding");
|
||||
});
|
||||
}, 60_000);
|
||||
|
||||
it("rejects --tools-profile in remote mode", async () => {
|
||||
await withStateDir("state-tools-profile-remote-", async (_stateDir) => {
|
||||
await expect(
|
||||
runNonInteractiveOnboarding(
|
||||
{
|
||||
nonInteractive: true,
|
||||
mode: "remote",
|
||||
remoteUrl: "wss://gateway.example.test",
|
||||
toolsProfile: "coding",
|
||||
authChoice: "skip",
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
installDaemon: false,
|
||||
},
|
||||
runtime,
|
||||
),
|
||||
).rejects.toThrow('--tools-profile is only supported when --mode is "local".');
|
||||
});
|
||||
}, 60_000);
|
||||
|
||||
it("rejects invalid --tools-profile in local mode", async () => {
|
||||
await withStateDir("state-tools-profile-invalid-", async (stateDir) => {
|
||||
const workspace = path.join(stateDir, "openclaw");
|
||||
|
||||
await expect(
|
||||
runNonInteractiveOnboarding(
|
||||
{
|
||||
nonInteractive: true,
|
||||
mode: "local",
|
||||
workspace,
|
||||
toolsProfile: "invalid" as never,
|
||||
authChoice: "skip",
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
installDaemon: false,
|
||||
},
|
||||
runtime,
|
||||
),
|
||||
).rejects.toThrow(
|
||||
'Invalid --tools-profile. Use "minimal", "coding", "messaging", or "full".',
|
||||
);
|
||||
});
|
||||
}, 60_000);
|
||||
|
||||
it("uses OPENCLAW_GATEWAY_TOKEN when --gateway-token is omitted", async () => {
|
||||
await withStateDir("state-env-token-", async (stateDir) => {
|
||||
const envToken = "tok_env_fallback_123";
|
||||
|
||||
@ -5,7 +5,7 @@ import type { RuntimeEnv } from "../runtime.js";
|
||||
import { defaultRuntime } from "../runtime.js";
|
||||
import { runNonInteractiveOnboardingLocal } from "./onboard-non-interactive/local.js";
|
||||
import { runNonInteractiveOnboardingRemote } from "./onboard-non-interactive/remote.js";
|
||||
import type { OnboardOptions } from "./onboard-types.js";
|
||||
import { VALID_TOOLS_PROFILES, type OnboardOptions } from "./onboard-types.js";
|
||||
|
||||
export async function runNonInteractiveOnboarding(
|
||||
opts: OnboardOptions,
|
||||
@ -27,6 +27,16 @@ export async function runNonInteractiveOnboarding(
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
if (mode === "remote" && opts.toolsProfile !== undefined) {
|
||||
runtime.error('--tools-profile is only supported when --mode is "local".');
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
if (opts.toolsProfile !== undefined && !VALID_TOOLS_PROFILES.has(opts.toolsProfile)) {
|
||||
runtime.error('Invalid --tools-profile. Use "minimal", "coding", "messaging", or "full".');
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
|
||||
if (mode === "remote") {
|
||||
await runNonInteractiveOnboardingRemote({ opts, runtime, baseConfig });
|
||||
|
||||
@ -33,7 +33,9 @@ export async function runNonInteractiveOnboardingLocal(params: {
|
||||
defaultWorkspaceDir: DEFAULT_WORKSPACE,
|
||||
});
|
||||
|
||||
let nextConfig: OpenClawConfig = applyOnboardingLocalWorkspaceConfig(baseConfig, workspaceDir);
|
||||
let nextConfig: OpenClawConfig = applyOnboardingLocalWorkspaceConfig(baseConfig, workspaceDir, {
|
||||
toolsProfile: opts.toolsProfile,
|
||||
});
|
||||
|
||||
const inferredAuthChoice = inferAuthChoiceFromFlags(opts);
|
||||
if (!opts.authChoice && inferredAuthChoice.matches.length > 1) {
|
||||
|
||||
@ -1,6 +1,16 @@
|
||||
import type { ChannelId } from "../channels/plugins/types.js";
|
||||
import type { ToolProfileId } from "../config/types.tools.js";
|
||||
import type { GatewayDaemonRuntime } from "./daemon-runtime.js";
|
||||
|
||||
export type { ToolProfileId } from "../config/types.tools.js";
|
||||
|
||||
export const VALID_TOOLS_PROFILES = new Set<ToolProfileId>([
|
||||
"minimal",
|
||||
"coding",
|
||||
"messaging",
|
||||
"full",
|
||||
]);
|
||||
|
||||
export type OnboardMode = "local" | "remote";
|
||||
export type AuthChoice =
|
||||
// Legacy alias for `setup-token` (kept for backwards CLI compatibility).
|
||||
@ -100,6 +110,7 @@ export type OnboardOptions = {
|
||||
reset?: boolean;
|
||||
resetScope?: ResetScope;
|
||||
authChoice?: AuthChoice;
|
||||
toolsProfile?: ToolProfileId;
|
||||
/** Used when `authChoice=token` in non-interactive mode. */
|
||||
tokenProvider?: string;
|
||||
/** Used when `authChoice=token` in non-interactive mode. */
|
||||
|
||||
@ -138,4 +138,78 @@ describe("onboardCommand", () => {
|
||||
expect(mocks.runInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
expect(mocks.runNonInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("fails fast for invalid --tools-profile", async () => {
|
||||
const runtime = makeRuntime();
|
||||
|
||||
await onboardCommand(
|
||||
{
|
||||
toolsProfile: "invalid" as never,
|
||||
},
|
||||
runtime,
|
||||
);
|
||||
|
||||
expect(runtime.error).toHaveBeenCalledWith(
|
||||
'Invalid --tools-profile. Use "minimal", "coding", "messaging", or "full".',
|
||||
);
|
||||
expect(runtime.exit).toHaveBeenCalledWith(1);
|
||||
expect(mocks.runInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
expect(mocks.runNonInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("fails fast for empty --tools-profile", async () => {
|
||||
const runtime = makeRuntime();
|
||||
|
||||
await onboardCommand(
|
||||
{
|
||||
toolsProfile: "" as never,
|
||||
},
|
||||
runtime,
|
||||
);
|
||||
|
||||
expect(runtime.error).toHaveBeenCalledWith(
|
||||
'Invalid --tools-profile. Use "minimal", "coding", "messaging", or "full".',
|
||||
);
|
||||
expect(runtime.exit).toHaveBeenCalledWith(1);
|
||||
expect(mocks.runInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
expect(mocks.runNonInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("fails fast for --tools-profile in remote mode", async () => {
|
||||
const runtime = makeRuntime();
|
||||
|
||||
await onboardCommand(
|
||||
{
|
||||
mode: "remote",
|
||||
toolsProfile: "coding",
|
||||
},
|
||||
runtime,
|
||||
);
|
||||
|
||||
expect(runtime.error).toHaveBeenCalledWith(
|
||||
'--tools-profile is only supported when --mode is "local".',
|
||||
);
|
||||
expect(runtime.exit).toHaveBeenCalledWith(1);
|
||||
expect(mocks.runInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
expect(mocks.runNonInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("prefers the remote-mode error when --tools-profile is invalid in remote mode", async () => {
|
||||
const runtime = makeRuntime();
|
||||
|
||||
await onboardCommand(
|
||||
{
|
||||
mode: "remote",
|
||||
toolsProfile: "invalid" as never,
|
||||
},
|
||||
runtime,
|
||||
);
|
||||
|
||||
expect(runtime.error).toHaveBeenCalledWith(
|
||||
'--tools-profile is only supported when --mode is "local".',
|
||||
);
|
||||
expect(runtime.exit).toHaveBeenCalledWith(1);
|
||||
expect(mocks.runInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
expect(mocks.runNonInteractiveOnboarding).not.toHaveBeenCalled();
|
||||
});
|
||||
});
|
||||
|
||||
@ -8,7 +8,7 @@ import { isDeprecatedAuthChoice, normalizeLegacyOnboardAuthChoice } from "./auth
|
||||
import { DEFAULT_WORKSPACE, handleReset } from "./onboard-helpers.js";
|
||||
import { runInteractiveOnboarding } from "./onboard-interactive.js";
|
||||
import { runNonInteractiveOnboarding } from "./onboard-non-interactive.js";
|
||||
import type { OnboardOptions, ResetScope } from "./onboard-types.js";
|
||||
import { VALID_TOOLS_PROFILES, type OnboardOptions, type ResetScope } from "./onboard-types.js";
|
||||
|
||||
const VALID_RESET_SCOPES = new Set<ResetScope>(["config", "config+creds+sessions", "full"]);
|
||||
|
||||
@ -46,6 +46,19 @@ export async function onboardCommand(opts: OnboardOptions, runtime: RuntimeEnv =
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
if (normalizedOpts.mode === "remote" && normalizedOpts.toolsProfile !== undefined) {
|
||||
runtime.error('--tools-profile is only supported when --mode is "local".');
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
if (
|
||||
normalizedOpts.toolsProfile !== undefined &&
|
||||
!VALID_TOOLS_PROFILES.has(normalizedOpts.toolsProfile)
|
||||
) {
|
||||
runtime.error('Invalid --tools-profile. Use "minimal", "coding", "messaging", or "full".');
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
|
||||
if (normalizedOpts.resetScope && !VALID_RESET_SCOPES.has(normalizedOpts.resetScope)) {
|
||||
runtime.error('Invalid --reset-scope. Use "config", "config+creds+sessions", or "full".');
|
||||
|
||||
@ -275,10 +275,13 @@ describe("runOnboardingWizard", () => {
|
||||
expect(prompter.outro).toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("skips prompts and setup steps when flags are set", async () => {
|
||||
const select = vi.fn(
|
||||
async (_params: WizardSelectParams<unknown>) => "quickstart",
|
||||
) as unknown as WizardPrompter["select"];
|
||||
it("skips channel/skill/health setup but still prompts for tool profile", async () => {
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "Tool access profile") {
|
||||
return "messaging";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const multiselect: WizardPrompter["multiselect"] = vi.fn(async () => []);
|
||||
const prompter = buildWizardPrompter({ select, multiselect });
|
||||
const runtime = createRuntime({ throwsOnExit: true });
|
||||
@ -298,7 +301,12 @@ describe("runOnboardingWizard", () => {
|
||||
prompter,
|
||||
);
|
||||
|
||||
expect(select).not.toHaveBeenCalled();
|
||||
expect(select).toHaveBeenCalledTimes(1);
|
||||
expect(select).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
message: "Tool access profile",
|
||||
}),
|
||||
);
|
||||
expect(setupChannels).not.toHaveBeenCalled();
|
||||
expect(setupSkills).not.toHaveBeenCalled();
|
||||
expect(healthCommand).not.toHaveBeenCalled();
|
||||
@ -320,6 +328,9 @@ describe("runOnboardingWizard", () => {
|
||||
if (opts.message === "How do you want to hatch your bot?") {
|
||||
return "tui";
|
||||
}
|
||||
if (opts.message === "Tool access profile") {
|
||||
return "messaging";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
|
||||
@ -364,7 +375,13 @@ describe("runOnboardingWizard", () => {
|
||||
|
||||
try {
|
||||
const note: WizardPrompter["note"] = vi.fn(async () => {});
|
||||
const prompter = buildWizardPrompter({ note });
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "Tool access profile") {
|
||||
return "messaging";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ note, select });
|
||||
const runtime = createRuntime();
|
||||
|
||||
await runOnboardingWizard(
|
||||
@ -425,6 +442,9 @@ describe("runOnboardingWizard", () => {
|
||||
if (opts.message === "Config handling") {
|
||||
return "keep";
|
||||
}
|
||||
if (opts.message === "Tool access profile") {
|
||||
return "messaging";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ select });
|
||||
@ -464,7 +484,13 @@ describe("runOnboardingWizard", () => {
|
||||
|
||||
it("passes secretInputMode through to local gateway config step", async () => {
|
||||
configureGatewayForOnboarding.mockClear();
|
||||
const prompter = buildWizardPrompter({});
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "Tool access profile") {
|
||||
return "messaging";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ select });
|
||||
const runtime = createRuntime();
|
||||
|
||||
await runOnboardingWizard(
|
||||
@ -490,4 +516,204 @@ describe("runOnboardingWizard", () => {
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
it("writes selected tool profile from onboarding prompt", async () => {
|
||||
writeConfigFile.mockClear();
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "Tool access profile") {
|
||||
return "coding";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ select });
|
||||
|
||||
await runOnboardingWizard(
|
||||
{
|
||||
acceptRisk: true,
|
||||
flow: "quickstart",
|
||||
mode: "local",
|
||||
authChoice: "skip",
|
||||
installDaemon: false,
|
||||
skipProviders: true,
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
skipUi: true,
|
||||
},
|
||||
createRuntime(),
|
||||
prompter,
|
||||
);
|
||||
|
||||
expect(writeConfigFile).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
tools: expect.objectContaining({
|
||||
profile: "coding",
|
||||
}),
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
it("preselects existing tools.profile in the onboarding prompt", async () => {
|
||||
readConfigFileSnapshot.mockResolvedValueOnce({
|
||||
path: "/tmp/.openclaw/openclaw.json",
|
||||
exists: true,
|
||||
raw: "{}",
|
||||
parsed: {},
|
||||
resolved: {},
|
||||
valid: true,
|
||||
config: {
|
||||
tools: {
|
||||
profile: "coding",
|
||||
},
|
||||
},
|
||||
issues: [],
|
||||
warnings: [],
|
||||
legacyIssues: [],
|
||||
});
|
||||
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "Config handling") {
|
||||
return "keep";
|
||||
}
|
||||
if (params.message === "Tool access profile") {
|
||||
return "coding";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ select });
|
||||
|
||||
await runOnboardingWizard(
|
||||
{
|
||||
acceptRisk: true,
|
||||
flow: "quickstart",
|
||||
mode: "local",
|
||||
authChoice: "skip",
|
||||
installDaemon: false,
|
||||
skipProviders: true,
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
skipUi: true,
|
||||
},
|
||||
createRuntime(),
|
||||
prompter,
|
||||
);
|
||||
|
||||
expect(select).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
message: "Tool access profile",
|
||||
initialValue: "coding",
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
it("ignores invalid toolsProfile option and still prompts for a valid profile", async () => {
|
||||
writeConfigFile.mockClear();
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "Tool access profile") {
|
||||
return "messaging";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ select });
|
||||
|
||||
await runOnboardingWizard(
|
||||
{
|
||||
acceptRisk: true,
|
||||
flow: "quickstart",
|
||||
mode: "local",
|
||||
toolsProfile: "invalid" as never,
|
||||
authChoice: "skip",
|
||||
installDaemon: false,
|
||||
skipProviders: true,
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
skipUi: true,
|
||||
},
|
||||
createRuntime(),
|
||||
prompter,
|
||||
);
|
||||
|
||||
expect(select).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
message: "Tool access profile",
|
||||
}),
|
||||
);
|
||||
expect(writeConfigFile).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
tools: expect.objectContaining({
|
||||
profile: "messaging",
|
||||
}),
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
it("fails when interactive mode selection resolves to remote with --tools-profile set", async () => {
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
if (params.message === "What do you want to set up?") {
|
||||
return "remote";
|
||||
}
|
||||
return "advanced";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const prompter = buildWizardPrompter({ select });
|
||||
const runtime = createRuntime({ throwsOnExit: true });
|
||||
|
||||
await expect(
|
||||
runOnboardingWizard(
|
||||
{
|
||||
acceptRisk: true,
|
||||
flow: "advanced",
|
||||
toolsProfile: "coding",
|
||||
authChoice: "skip",
|
||||
installDaemon: false,
|
||||
skipProviders: true,
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
skipUi: true,
|
||||
},
|
||||
runtime,
|
||||
prompter,
|
||||
),
|
||||
).rejects.toThrow("exit:1");
|
||||
|
||||
expect(runtime.error).toHaveBeenCalledWith(
|
||||
'--tools-profile is only supported when --mode is "local".',
|
||||
);
|
||||
});
|
||||
|
||||
it("prompts for tool access profile before workspace in local advanced flow", async () => {
|
||||
const promptOrder: string[] = [];
|
||||
const select = vi.fn(async (params: WizardSelectParams<unknown>) => {
|
||||
promptOrder.push(`select:${params.message}`);
|
||||
if (params.message === "Tool access profile") {
|
||||
return "coding";
|
||||
}
|
||||
return "quickstart";
|
||||
}) as unknown as WizardPrompter["select"];
|
||||
const text = vi.fn(async (params: { message: string }) => {
|
||||
promptOrder.push(`text:${params.message}`);
|
||||
return "/tmp/openclaw-advanced-workspace";
|
||||
}) as unknown as WizardPrompter["text"];
|
||||
const prompter = buildWizardPrompter({ select, text });
|
||||
|
||||
await runOnboardingWizard(
|
||||
{
|
||||
acceptRisk: true,
|
||||
flow: "advanced",
|
||||
mode: "local",
|
||||
authChoice: "skip",
|
||||
installDaemon: false,
|
||||
skipProviders: true,
|
||||
skipSkills: true,
|
||||
skipHealth: true,
|
||||
skipUi: true,
|
||||
},
|
||||
createRuntime(),
|
||||
prompter,
|
||||
);
|
||||
|
||||
expect(promptOrder).toContain("select:Tool access profile");
|
||||
expect(promptOrder).toContain("text:Workspace directory");
|
||||
expect(promptOrder.indexOf("select:Tool access profile")).toBeLessThan(
|
||||
promptOrder.indexOf("text:Workspace directory"),
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@ -1,9 +1,11 @@
|
||||
import { formatCliCommand } from "../cli/command-format.js";
|
||||
import type {
|
||||
GatewayAuthChoice,
|
||||
OnboardMode,
|
||||
OnboardOptions,
|
||||
ResetScope,
|
||||
import {
|
||||
VALID_TOOLS_PROFILES,
|
||||
type GatewayAuthChoice,
|
||||
type OnboardMode,
|
||||
type OnboardOptions,
|
||||
type ResetScope,
|
||||
type ToolProfileId,
|
||||
} from "../commands/onboard-types.js";
|
||||
import type { OpenClawConfig } from "../config/config.js";
|
||||
import {
|
||||
@ -70,6 +72,29 @@ async function requireRiskAcknowledgement(params: {
|
||||
}
|
||||
}
|
||||
|
||||
const TOOL_PROFILE_CHOICES: Array<{ value: ToolProfileId; label: string; hint: string }> = [
|
||||
{
|
||||
value: "messaging",
|
||||
label: "Messaging",
|
||||
hint: "[chat + memory] Chat-focused: send messages + use session history; no files, shell, or browser automation.",
|
||||
},
|
||||
{
|
||||
value: "coding",
|
||||
label: "Coding",
|
||||
hint: "[files + shell] Builder mode: read/edit files, run shell, use coding tools + sessions; no direct channel messaging.",
|
||||
},
|
||||
{
|
||||
value: "full",
|
||||
label: "Full",
|
||||
hint: "[all built-ins] Unrestricted built-in tool profile, including higher-risk capabilities.",
|
||||
},
|
||||
{
|
||||
value: "minimal",
|
||||
label: "Minimal",
|
||||
hint: "[status only] Status-only: check session status; no file access, shell commands, browsing, or messaging.",
|
||||
},
|
||||
];
|
||||
|
||||
export async function runOnboardingWizard(
|
||||
opts: OnboardOptions,
|
||||
runtime: RuntimeEnv = defaultRuntime,
|
||||
@ -382,6 +407,12 @@ export async function runOnboardingWizard(
|
||||
],
|
||||
})) as OnboardMode));
|
||||
|
||||
if (mode === "remote" && opts.toolsProfile !== undefined) {
|
||||
runtime.error('--tools-profile is only supported when --mode is "local".');
|
||||
runtime.exit(1);
|
||||
return;
|
||||
}
|
||||
|
||||
if (mode === "remote") {
|
||||
const { promptRemoteGatewayConfig } = await import("../commands/onboard-remote.js");
|
||||
const { logConfigUpdated } = await import("../config/logging.js");
|
||||
@ -395,6 +426,24 @@ export async function runOnboardingWizard(
|
||||
return;
|
||||
}
|
||||
|
||||
const existingToolsProfile = baseConfig.tools?.profile;
|
||||
const resolvedExistingToolsProfile = existingToolsProfile
|
||||
? VALID_TOOLS_PROFILES.has(existingToolsProfile)
|
||||
? existingToolsProfile
|
||||
: undefined
|
||||
: undefined;
|
||||
const explicitToolsProfile =
|
||||
typeof opts.toolsProfile === "string" && VALID_TOOLS_PROFILES.has(opts.toolsProfile)
|
||||
? opts.toolsProfile
|
||||
: undefined;
|
||||
const toolsProfile =
|
||||
explicitToolsProfile ??
|
||||
(await prompter.select({
|
||||
message: "Tool access profile",
|
||||
options: TOOL_PROFILE_CHOICES,
|
||||
initialValue: resolvedExistingToolsProfile ?? "messaging",
|
||||
}));
|
||||
|
||||
const workspaceInput =
|
||||
opts.workspace ??
|
||||
(flow === "quickstart"
|
||||
@ -407,7 +456,9 @@ export async function runOnboardingWizard(
|
||||
const workspaceDir = resolveUserPath(workspaceInput.trim() || onboardHelpers.DEFAULT_WORKSPACE);
|
||||
|
||||
const { applyOnboardingLocalWorkspaceConfig } = await import("../commands/onboard-config.js");
|
||||
let nextConfig: OpenClawConfig = applyOnboardingLocalWorkspaceConfig(baseConfig, workspaceDir);
|
||||
let nextConfig: OpenClawConfig = applyOnboardingLocalWorkspaceConfig(baseConfig, workspaceDir, {
|
||||
toolsProfile,
|
||||
});
|
||||
|
||||
const { ensureAuthProfileStore } = await import("../agents/auth-profiles.js");
|
||||
const { promptAuthChoiceGrouped } = await import("../commands/auth-choice-prompt.js");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user