@analyticscli/growth-engineer 0.1.1-preview.18 → 0.1.1-preview.20

package/dist/runtime/openclaw-growth-wizard.mjs

@@ -3524,13 +3524,14 @@ function printBullets(lines) {
     }
     process.stdout.write('\n');
 }
+function bold(text) {
+    return `${ANSI.bold}${text}${ANSI.reset}`;
+}
 async function guideGitHubConnector(rl, secrets) {
     printSection('GitHub code access', [
-        'Use this when OpenClaw should read repo context or create GitHub delivery artifacts.',
-    ]);
-    printBullets([
-        'Open the token page, select the scopes you want, then paste the token here.',
-        'You can rerun this wizard later to change GitHub permissions.',
+        `${bold('Create token')} here: https://github.com/settings/tokens/new`,
+        `${bold('Scopes')}: public repos = public_repo, private repos/issues/PRs = repo.`,
+        `${bold('Only add workflow')} if OpenClaw should edit GitHub Actions files.`,
     ]);
     let hasGh = await commandExists('gh');
     if (!hasGh) {
@@ -3539,15 +3540,6 @@ async function guideGitHubConnector(rl, secrets) {
     if (hasGh) {
         process.stdout.write('GitHub CLI is available for helper commands.\n\n');
     }
-    process.stdout.write('Token URL: https://github.com/settings/tokens/new\n\n');
-    process.stdout.write(`${ANSI.bold}Suggested scopes${ANSI.reset}\n`);
-    printBullets([
-        'Public repo only: select `public_repo`.',
-        'Private repo access: select `repo` (classic GitHub tokens make private repo access broad).',
-        'Create issues / draft PRs in private repos: `repo` is the relevant classic-token scope.',
-        'Edit GitHub Actions workflow files: add `workflow` only if you explicitly want this.',
-        'Usually do not select: packages, admin:org, hooks, gist, user, delete_repo, enterprise, codespace, copilot.',
-    ]);
     const token = await maybePromptSecret(rl, 'Paste GITHUB_TOKEN into this local terminal', 'GITHUB_TOKEN');
     if (token)
         secrets.GITHUB_TOKEN = token;
@@ -3568,12 +3560,10 @@ function shouldForceFreshAnalyticsToken(healthByConnector = {}) {
     return ['blocked', 'partial'].includes(String(health?.status || '')) || /revoked|unauthorized|invalid token/i.test(detail);
 }
 async function guideAnalyticsConnector(rl, secrets, options = {}) {
-    printSection('AnalyticsCLI');
-    process.stdout.write('Create a readonly CLI token:\n');
-    process.stdout.write('1. Open https://dash.analyticscli.com/\n');
-    process.stdout.write('2. Account -> API Keys\n');
-    process.stdout.write('3. Create Access Token\n');
-    process.stdout.write('4. Copy the Readonly CLI Token and paste it below\n\n');
+    printSection('AnalyticsCLI', [
+        `${bold('Create readonly CLI token')}: https://dash.analyticscli.com/`,
+        `${bold('Path')}: Account -> API Keys -> Create Access Token.`,
+    ]);
     const forceFresh = Boolean(options.forceFresh);
     if (forceFresh && process.env.ANALYTICSCLI_ACCESS_TOKEN) {
         process.stdout.write('Stored token failed. Paste a new token.\n\n');
@@ -3590,17 +3580,9 @@ async function guideAnalyticsConnector(rl, secrets, options = {}) {
 }
 async function guideRevenueCatConnector(rl, secrets) {
     printSection('RevenueCat monetization data', [
-        'Use this when OpenClaw should read subscription, product, entitlement, and revenue context.',
-    ]);
-    process.stdout.write('\nCreate a RevenueCat secret API key here:\n  https://app.revenuecat.com/\n\n');
-    printBullets([
-        'Select your app.',
-        'In the sidebar, choose "Apps & providers".',
-        'Click "API keys" and generate a new secret API key.',
-        'Name it "analyticscli" and choose API version 2.',
-        'Set Charts metrics permissions to read.',
-        'Set Customer information permissions to read.',
-        'Set Project configuration permissions to read.',
+        `${bold('Create secret API key')}: https://app.revenuecat.com/`,
+        `${bold('Path')}: Apps & providers -> API keys -> New secret key.`,
+        `${bold('Permissions')}: API v2, read for Charts metrics, Customer information, Project configuration.`,
     ]);
     const apiKey = await maybePromptSecret(rl, 'Paste REVENUECAT_API_KEY into this local terminal', 'REVENUECAT_API_KEY');
     if (apiKey)
@@ -3623,17 +3605,9 @@ function paddleTokenEnvForAccount(index, label) {
 }
 async function guidePaddleConnector(rl, secrets) {
     printSection('Paddle Billing metrics', [
-        'Use this when OpenClaw should read web checkout, revenue, MRR, refunds, chargebacks, and active subscriber metrics.',
-    ]);
-    process.stdout.write('\nCreate or update a scoped Paddle API key here:\n  https://vendors.paddle.com/authentication-v2\n\n');
-    printBullets([
-        'Open Paddle > Developer Tools > Authentication.',
-        'Use the API keys tab and create a new live API key.',
-        'Minimum: grant `metrics.read` so account-level revenue, MRR, refunds, chargebacks, subscribers, and checkout conversion work.',
-        'Recommended for better Growth Engineer analysis: grant all available read-only permissions (`*.read`), including products, prices, discounts, customers, transactions, subscriptions, adjustments, reports, and notifications.',
-        'Do not grant any write permissions (`*.write`) unless another workflow explicitly needs them.',
-        'Do not select or hard-code a single product in the wizard; the Growth Engineer should keep account-level metrics context.',
-        'Paste the key here so it is stored only in the local chmod 600 secrets file.',
+        `${bold('Create live API key')}: https://vendors.paddle.com/authentication-v2`,
+        `${bold('Minimum')}: metrics.read. Better: all read-only *.read scopes.`,
+        `${bold('Do not grant write scopes')} unless you explicitly need them elsewhere.`,
     ]);
     const accounts = [];
     let index = 0;
@@ -3660,17 +3634,10 @@ async function guidePaddleConnector(rl, secrets) {
 }
 async function guideSeoConnector(rl, secrets) {
     printSection('SEO / Google Search Console / DataForSEO', [
-        'Use this when OpenClaw should read organic search demand, GSC clicks/impressions/CTR/position, and optional paid keyword ideas.',
-    ]);
-    process.stdout.write('\nGoogle Search Console:\n  https://search.google.com/search-console\nGoogle Cloud service accounts:\n  https://console.cloud.google.com/iam-admin/serviceaccounts\nDataForSEO API dashboard:\n  https://app.dataforseo.com/api-dashboard\n\n');
-    printBullets([
-        'Preferred: give the token/service account access to all Search Console properties you want analyzed.',
-        'Leave the property URL empty to let the exporter list and query all verified GSC properties in the account.',
-        'Enter a property URL only when you intentionally want to restrict analysis to one site.',
-        'For OAuth token mode, paste a read-only Search Console token with `webmasters.readonly` scope.',
-        'For service-account mode, add the service account email as a restricted/full user in Search Console, then set GOOGLE_APPLICATION_CREDENTIALS or GSC_SERVICE_ACCOUNT_JSON outside this wizard.',
-        'DataForSEO is optional and paid. The exporter refuses paid calls unless the source command includes --confirm-paid and a small --max-paid-requests cap.',
-        'CSV-only mode is also supported with --gsc-csv or --csv in sources.seo.command.',
+        `${bold('GSC')}: https://search.google.com/search-console`,
+        `${bold('Service account')}: https://console.cloud.google.com/iam-admin/serviceaccounts`,
+        `${bold('Optional paid keyword data')}: https://app.dataforseo.com/api-dashboard`,
+        `${bold('Default')}: leave property URL empty to use all verified GSC properties.`,
     ]);
     const siteUrl = await ask(rl, 'Optional GSC property URL (empty = all verified properties)', process.env.GSC_SITE_URL || '');
     if (siteUrl.trim())
@@ -3769,11 +3736,10 @@ async function guideAccountSignalConnector(rl, secrets, key) {
     if (!definition)
         return [];
     printSection(definition.label, [
-        definition.summary,
-        'Setup is account-wide. Do not paste project IDs, app IDs, product IDs, package names, paywall IDs, service names, or tags here.',
+        `${bold('Docs')}: ${definition.docsUrl}`,
+        `${bold('Setup is account-wide')}. Do not paste project IDs, app IDs, product IDs, package names, paywall IDs, service names, or tags here.`,
+        `${bold('Paste only credentials')} below. The agent discovers accounts/apps/projects later.`,
     ]);
-    process.stdout.write(`Docs: ${definition.docsUrl}\n\n`);
-    printBullets(definition.steps);
     const accounts = [];
     let index = 0;
     while (true) {
@@ -3813,8 +3779,8 @@ async function guideAccountSignalConnector(rl, secrets, key) {
 }
 async function guideSentryConnector(rl, secrets) {
     printSection('Sentry / GlitchTip', [
-        'Paste token, org, and base URL. Projects are discovered automatically.',
-        'Use `https://sentry.io` for Sentry Cloud or your GlitchTip/self-hosted base URL.',
+        `${bold('Base URL')}: https://sentry.io for Sentry Cloud, otherwise your GlitchTip/self-hosted URL.`,
+        `${bold('Token + org')} are needed. Project scope remains unpinned.`,
     ]);
     const accounts = [];
     let index = 0;
@@ -3866,7 +3832,7 @@ async function guideSentryConnector(rl, secrets) {
             let verifiedVisibleProjects = false;
             if (discovery.ok && discovery.projects.length > 0) {
                 verifiedVisibleProjects = true;
-                process.stdout.write(`Found ${discovery.projects.length} visible project(s). Project scope remains unpinned so OpenClaw/Hermes can decide per run.\n`);
+                process.stdout.write(`Found ${discovery.projects.length} visible project(s). Project scope remains unpinned.\n`);
             }
             else {
                 const fallbackOrgs = discoveredOrganizations
@@ -3923,19 +3889,12 @@ function normalizeCoolifyBaseUrl(value) {
 }
 async function guideCoolifyConnector(rl, secrets) {
     printSection('Coolify deployment monitoring', [
-        'Use this when OpenClaw should read deployment, resource, server, and health-check signals from Coolify.',
-        'The token should be read-only. Do not use "*" or sensitive-token permissions for normal monitoring.',
+        `${bold('Create read-only API token')} in Coolify.`,
+        `${bold('Do not use * or sensitive-token permissions')} for normal monitoring.`,
     ]);
     const baseUrl = normalizeCoolifyBaseUrl(await ask(rl, 'Coolify base URL', process.env.COOLIFY_BASE_URL || 'https://coolify.wotaso.com'));
     const tokenUrl = baseUrl ? `${baseUrl}/security/api-tokens` : 'https://<your-coolify-host>/security/api-tokens';
-    process.stdout.write(`\nToken page: ${tokenUrl}\n\n`);
-    printBullets([
-        'Open the Coolify dashboard.',
-        'In the sidebar, go to "Keys & Tokens".',
-        'Open "API tokens".',
-        'Create a new API key/token with read-only permissions.',
-        'Copy the token once and paste it into this local terminal.',
-    ]);
+    process.stdout.write(`${bold('Token page')}: ${tokenUrl}\n\n`);
     const token = await maybePromptSecret(rl, 'Paste COOLIFY_API_TOKEN into this local terminal', 'COOLIFY_API_TOKEN');
     if (baseUrl)
         secrets.COOLIFY_BASE_URL = baseUrl;
@@ -3945,37 +3904,18 @@ async function guideCoolifyConnector(rl, secrets) {
 }
 async function guideAscConnector(rl, secrets) {
     printSection('App Store Connect CLI', [
-        'You need two App Store Connect API keys: one normal reporting key and one temporary Admin key.',
-        'Create both here: https://appstoreconnect.apple.com/access/integrations/api',
-    ]);
-    process.stdout.write('\nStep 1 - normal key, saved for Growth Engineer\n');
-    printBullets([
-        'Create an API key named "Growth Engineer Reports".',
-        'Role: Sales and Reports. Finance or Admin also works.',
-        'Optional extra roles: Customer Support for reviews, Developer for builds/TestFlight.',
-        'Copy this key into the ASC_KEY_ID, ASC_ISSUER_ID, and ASC_PRIVATE_KEY prompts below.',
-    ]);
-    process.stdout.write('\nStep 2 - temporary Admin key, used once\n');
-    printBullets([
-        'Create a second API key named "Growth Engineer Setup Admin".',
-        'Role: Admin.',
-        'Use it only when the wizard asks for ASC_BOOTSTRAP_* later.',
-        'The wizard does not save this key to secrets.env. Revoke it in App Store Connect after setup.',
-    ]);
-    process.stdout.write('\nWhy two keys?\n');
-    printBullets([
-        'Apple requires Admin once to create the initial App Analytics report request.',
-        'After that, Growth Engineer only needs the normal reporting key for downloads.',
+        `${bold('Create 2 API keys')} here: https://appstoreconnect.apple.com/access/integrations/api`,
+        `1. ${bold('Reports key')} - role ${bold('Sales and Reports')} - saved for Growth Engineer.`,
+        `2. ${bold('Setup key')} - role ${bold('Admin')} - used once, then revoke.`,
     ]);
-    process.stdout.write('\nNeeded values for the normal key now\n');
+    process.stdout.write(`${bold('Enter the Reports key now:')}\n`);
     printBullets([
-        'Issuer ID: shown at the top of the API keys page.',
-        '.p8 file path: use Apple\'s original downloaded file name AuthKey_<KEY_ID>.p8.',
-        'Do not rename the .p8 file; the wizard reads ASC_KEY_ID from the file name.',
-        'Vendor Number: App Store Connect > Sales and Trends > Reports.',
+        `${bold('.p8 path')} to Apple\'s original ${bold('AuthKey_<KEY_ID>.p8')} file. ${bold('Do not rename it')}; KEY_ID is read from the filename.`,
+        `${bold('Issuer ID')} from the API keys page.`,
+        `${bold('Vendor Number')} from Sales and Trends > Reports.`,
     ]);
     const normalKeyPath = await askAscPrivateKeyPathWithKeyId(rl, {
-        label: 'ASC_PRIVATE_KEY_PATH for normal reporting key (AuthKey_<KEY_ID>.p8 path, empty = paste content instead)',
+        label: 'Reports .p8 path (AuthKey_<KEY_ID>.p8, empty = paste)',
         defaultValue: process.env.ASC_PRIVATE_KEY_PATH || '',
         keyLabel: 'the normal reporting key',
     });
@@ -3985,11 +3925,11 @@ async function guideAscConnector(rl, secrets) {
         secrets.ASC_KEY_ID = keyId;
         process.stdout.write(`Inferred ASC_KEY_ID=${keyId} from ${path.basename(normalKeyPath.privateKeyPath)}.\n`);
     }
-    const issuerId = await ask(rl, 'ASC_ISSUER_ID for normal reporting key (leave empty to skip)', process.env.ASC_ISSUER_ID || '');
+    const issuerId = await ask(rl, 'ASC_ISSUER_ID (reports key, empty = skip)', process.env.ASC_ISSUER_ID || '');
     if (issuerId.trim())
         secrets.ASC_ISSUER_ID = issuerId.trim();
     if (!normalKeyPath.privateKeyPath) {
-        keyId = await ask(rl, 'ASC_KEY_ID for normal reporting key (from AuthKey_<KEY_ID>.p8, leave empty to skip)', process.env.ASC_KEY_ID || '');
+        keyId = await ask(rl, 'ASC_KEY_ID (from AuthKey_<KEY_ID>.p8, empty = skip)', process.env.ASC_KEY_ID || '');
         if (keyId.trim())
             secrets.ASC_KEY_ID = keyId.trim();
         const privateKeyContent = await askAscPrivateKeyContent(rl, {
@@ -4004,30 +3944,26 @@ async function guideAscConnector(rl, secrets) {
         secrets.ASC_PRIVATE_KEY_PATH = privateKeyPath;
         process.stdout.write(`Saved ASC private key to ${privateKeyPath} with chmod 600.\n`);
     }
-    const vendorNumber = await ask(rl, 'ASC_VENDOR_NUMBER for Sales and Trends/App Units (required for healthy ASC status)', process.env.ASC_VENDOR_NUMBER || '');
+    const vendorNumber = await ask(rl, 'ASC_VENDOR_NUMBER (Sales and Trends > Reports)', process.env.ASC_VENDOR_NUMBER || '');
     if (vendorNumber.trim())
         secrets.ASC_VENDOR_NUMBER = vendorNumber.trim();
     return await guideAscBootstrapAdminKey(rl, issuerId.trim());
 }
 async function guideAscBootstrapAdminKey(rl, issuerIdDefault = '') {
     const bootstrapEnv = {};
-    process.stdout.write('\nStep 3 - temporary Admin key for first ASC setup\n');
+    process.stdout.write(`\n${bold('Enter the Setup Admin key:')}\n`);
     printBullets([
-        'Use the second key you created with the Admin role.',
-        'This is only needed to create the first App Analytics report request.',
-        'The wizard does not save ASC_BOOTSTRAP_* to secrets.env.',
-        'Use Apple\'s original AuthKey_<KEY_ID>.p8 file name so the wizard can infer ASC_BOOTSTRAP_KEY_ID.',
-        'Do not rename the .p8 file.',
-        'If you paste the .p8 content, the local temporary file is deleted after analytics initialization.',
-        'Revoke this Admin key in App Store Connect after setup.',
+        `${bold('Role must be Admin')} so Apple can create the first App Analytics report request.`,
+        `${bold('Use original AuthKey_<KEY_ID>.p8 filename')} so KEY_ID is read automatically.`,
+        `${bold('Not saved')} to secrets.env. Revoke this key after setup.`,
     ]);
     const bootstrapKeyPath = await askAscPrivateKeyPathWithKeyId(rl, {
-        label: 'ASC_BOOTSTRAP_PRIVATE_KEY_PATH for temporary Admin key (AuthKey_<KEY_ID>.p8 path, empty = paste content instead)',
+        label: 'Setup Admin .p8 path (AuthKey_<KEY_ID>.p8, empty = paste)',
         defaultValue: '',
         keyLabel: 'the temporary Admin key',
     });
     let bootstrapKeyId = bootstrapKeyPath.keyId;
-    const bootstrapIssuerId = await ask(rl, 'ASC_BOOTSTRAP_ISSUER_ID for temporary Admin key', issuerIdDefault);
+    const bootstrapIssuerId = await ask(rl, 'ASC_BOOTSTRAP_ISSUER_ID', issuerIdDefault);
     if (bootstrapKeyPath.privateKeyPath) {
         bootstrapEnv.ASC_BOOTSTRAP_PRIVATE_KEY_PATH = bootstrapKeyPath.privateKeyPath;
         process.stdout.write(`Inferred ASC_BOOTSTRAP_KEY_ID=${bootstrapKeyId} from ${path.basename(bootstrapKeyPath.privateKeyPath)}.\n`);
@@ -4036,7 +3972,7 @@ async function guideAscBootstrapAdminKey(rl, issuerIdDefault = '') {
             bootstrapEnv.ASC_BOOTSTRAP_PRIVATE_KEY_DELETE_AFTER_USE = '1';
     }
     else {
-        bootstrapKeyId = await ask(rl, 'ASC_BOOTSTRAP_KEY_ID for temporary Admin key (from AuthKey_<KEY_ID>.p8, required)', '');
+        bootstrapKeyId = await ask(rl, 'ASC_BOOTSTRAP_KEY_ID (from AuthKey_<KEY_ID>.p8)', '');
     }
     if (!bootstrapKeyId.trim() || !bootstrapIssuerId.trim())
         return { bootstrapEnv };