iam/v2-onboarding-sheep-dip-2026-05-02: agent auto-sync#11
Merged
Conversation
Adds three GitHub issue forms (bug, feature, integration-help) plus a config.yml that disables blank issues and points devs at Discussions (general Q&A), dev@toreva.io (compliance-sensitive), and the cdx triage protocol (SLAs). Each form includes a regulated-claim check (Earn/Stake/Balance/yield/ custody) so cdx-agent can route to compliance-agent before substantive reply, per dev-advocacy posture in cdx/docs/dev-advocacy-day1.md. Doctrine: po/docs/decisions/DEC-001-wallet-mode-architecture.md §"Connect integration mechanic — MCP" + 5-word ATTEST bar. Spawned-By: day1-launch-po-001 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Ship the kit half of DEC-001 v1.0 gate C7 (MCP server quartet — kit slice). Adds a self-serve install path so a Connect-mode user can wire Toreva into Claude Desktop, OpenClaw, or Cursor in two commands and verify the result with a third. CLI surface (packages/cli): - toreva init --client=<claude-desktop|openclaw|cursor> writes the Toreva MCP server stanza into the client's config file, preserving any existing mcpServers entries and refusing to clobber invalid JSON. - toreva login runs the gateway's OAuth-equivalent device-code flow (POST /auth/device → poll /auth/token) and persists the token to ~/.config/toreva/config.json (chmod 600). TOREVA_AUTH_TOKEN env var short-circuits for CI / power users. - toreva doctor reports config_present + auth_token + mcp_call as a three-line OK/WARN/FAIL diagnostic; non-zero exit on failure. Stub flags until gateway ships canonical endpoint shapes — TOREVA_MCP_URL defaults to https://mcp.toreva.com and is pinned in the stanza env. Examples (examples/<client>/): - One folder per supported client with the JSON snippet + a README that shows the npx flow and the manual-edit fallback. Tests (packages/cli/src/__tests__/, 18 new cases): - init: parses --client, builds the stdio stanza, writes fresh configs, preserves existing entries, refuses invalid JSON, rejects unsupported clients. - login: completes the device-code flow with a mocked fetch, skips the flow when TOREVA_AUTH_TOKEN is set, throws on malformed responses and 5xx during polling, asserts chmod 600 on the written config. - doctor: covers all-OK, missing config, missing token, 401 from gateway, and network unreachable; plus formatReport rendering. Repo plumbing: - bin/toreva monorepo shim so `npx toreva` works from this checkout before publishing; resolves to packages/cli/dist/index.js. - Root package.json exposes the bin. - README rewritten with the install + first-run UX as the headline path. Doctrine: po/docs/decisions/DEC-001-wallet-mode-architecture.md §"Connect integration mechanic — MCP". Spawned-By: day1-launch-po-001 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sheep-dipped via iam/scripts/onboard-agent.sh (v2 framework). Adds AGENTS.md / ARCHITECTURE.md / BACKUP.md / docs/decisions/ stubs + sensitivity-tier gitignore baseline. Identity record at toreva/iam/data/agents/. See toreva/iam PR #26 for the framework. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cb76ed2928
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+29
to
+31
| env: { | ||
| TOREVA_MCP_URL: mcpUrl, | ||
| }, |
There was a problem hiding this comment.
The init command writes an MCP server config that only sets TOREVA_MCP_URL, but the actual MCP server still hard-fails unless RELAY_AUTH_TOKEN is present (packages/mcp/src/server.ts throws when it is missing). In the documented flow (toreva init + toreva login), login only saves the token to ~/.config/toreva/config.json, so when the client launches npx @toreva/mcp it never receives the required auth env var and the server cannot start.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This draft PR was opened by the auto-sync sweeper (
goblin_infra/scripts/drift-detector/auto-sync.sh) for visibility and to trigger CI/CD.iam/v2-onboarding-sheep-dip-2026-05-02The sweeper opens this as a draft to surface agent-produced work that is otherwise invisible to CI/CD. Mark ready-for-review when the work is intended to merge.
Generated by the hourly drift-detector + auto-sync daemon.