Skip to content

feat: provision config, wizard reorder, AGENTS.md managed section#20

Merged
TimBeyer merged 8 commits intomainfrom
fix/checkpoint-nested-git
Mar 15, 2026
Merged

feat: provision config, wizard reorder, AGENTS.md managed section#20
TimBeyer merged 8 commits intomainfrom
fix/checkpoint-nested-git

Conversation

@TimBeyer
Copy link
Owner

@TimBeyer TimBeyer commented Mar 15, 2026

Summary

  • Provision config file: Host writes data/provision.json with feature flags (onePassword, tailscale) before claw stages run. VM-side stages read the config and skip op-cli/tailscale installation when disabled. Previously every VM got both unconditionally.
  • Wizard reorder: Credentials step split into collection (before VM, step 3) and setup (after provision, step 7). This makes credential preferences available before provisioning so provision.json can be written with the right flags. Wizard is now 9 steps.
  • Checkpoint skill improvements: Concrete file trigger list, write→checkpoint→done habit pattern in the skill description.
  • AGENTS.md managed section: HTML-comment-delimited section (<!-- clawctl:managed:start/end -->) appended to AGENTS.md with operational rules (currently: checkpoint after writes). Runs after onboard + bootstrap/first conversation so OpenClaw populates AGENTS.md first. Idempotent — replaces in-place on re-run.
  • Ctrl-C safety: Wrapped openclaw tui (first conversation) so a user exit doesn't skip the AGENTS.md patch.

Test plan

  • bun test — 234 pass, 0 fail
  • bun run lint — clean
  • bun run format:check — clean
  • Headless: verified AGENTS.md gets managed section after bootstrap
  • Wizard: verify credentials collected before VM, credential-setup runs after provision
  • Verify: headless create without services.onePassword → no op-cli installed
  • Verify: headless create with services.onePassword → op-cli + skill + wrapper present

🤖 Generated with Claude Code

TimBeyer and others added 8 commits March 15, 2026 22:22
@TimBeyer @claude
chore: add task for checkpoint nested git fix and agent skill
beea3a2 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
fix: remove nested .git after onboard, add checkpoint agent skill
30623c0 
OpenClaw's onboard creates a nested .git inside data/workspace/,
which causes git add data/ to fail. Remove it after onboard on the
host side. Also adds a checkpoint SKILL.md so agents know how and
when to use claw checkpoint, updates .gitignore for secrets and
ephemeral files, and hardens the watch handler with a defensive
nested-git check and commit stat logging.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
refactor: migrate skills and scripts from templates to claw provision…
59bda36 
… workspace

All VM-side setup now goes through `claw` provisioning stages. New
`claw provision workspace` stage installs checkpoint skill (unconditional),
secret-management skill, op wrapper, and exec-approvals (conditional on
op being installed). Removed generateSecretManagementSkill,
generateOpWrapperScript, and generateExecApprovals from @clawctl/templates.
Added provision-workspace lifecycle phase. Documents the "delegate to claw"
architectural principle.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
chore: add task for provision config file
8e1789d 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
feat: host writes provision.json to gate optional tool installation
4111961 
Add ProvisionConfig type and PROVISION_CONFIG_FILE constant. The host
writes data/provision.json with onePassword/tailscale feature flags
before claw stages run. VM-side stages read the config and skip op-cli
or tailscale installation when disabled.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
feat: reorder wizard — collect credentials before VM creation
1f4d05d 
Split the credentials step into two: collection (before VM) and setup
(after provision). Credentials now asks about 1Password/Tailscale and
collects tokens without needing the VM. The new credential-setup step
validates tokens and connects Tailscale after the VM exists.

Wizard flow is now 9 steps: welcome → configure → credentials →
host-setup → create-vm → provision → credential-setup → onboard → finish.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
feat: add checkpoint rules to AGENTS.md via managed section
be950ba 
Improve checkpoint skill description with concrete file triggers and
the write→checkpoint→done habit pattern.

Add a clawctl-managed section to AGENTS.md (delimited by HTML comment
markers) with operational rules the agent should follow. Currently
contains the checkpoint-after-writes rule. Runs after onboard and
bootstrap so OpenClaw populates AGENTS.md first; appends if it exists,
creates as fallback if not.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer @claude
fix: wrap openclaw tui so Ctrl-C doesn't skip AGENTS.md patch
b7940ae 
If the user exits the first conversation with Ctrl-C, execInteractive
throws and patchAgentsMd was skipped. Catch the tui error so the
managed section is always written.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@TimBeyer TimBeyer merged commit ed9d3a6 into main Mar 15, 2026
4 checks passed
@TimBeyer TimBeyer deleted the fix/checkpoint-nested-git branch March 16, 2026 06:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@TimBeyer