@analyticscli/growth-engineer 0.1.1-preview.19 → 0.1.1-preview.21

package/dist/runtime/openclaw-growth-wizard.mjs

@@ -2126,6 +2126,9 @@ function getPassingConnectorKeys(payload, failedConnectors = new Set()) {
 }
 function summarizeFailureReason(detail) {
     const text = String(detail || '').replace(/\s+/g, ' ').trim();
+    if (/ASC .*\.p8 private key is invalid|invalid or truncated|sequence truncated|malformed/i.test(text)) {
+        return 'ASC .p8 file is invalid or truncated';
+    }
     if (/token has been revoked/i.test(text))
         return 'token has been revoked';
     if (/unauthorized|UNAUTHORIZED/i.test(text))
@@ -2168,6 +2171,9 @@ function summarizeFailureFix(connector, blockers) {
         return 'Paste a Coolify base URL and read-only API token from Keys & Tokens / API tokens, then rerun setup.';
     }
     if (connector === 'asc') {
+        if (/invalid|truncated|malformed|private key/i.test(combined)) {
+            return 'Choose the original valid AuthKey_<KEY_ID>.p8 file, or paste the full key content from BEGIN PRIVATE KEY to END PRIVATE KEY.';
+        }
         return 'Rerun ASC setup and verify ASC credentials, key role access, and `asc apps list --output json`.';
     }
     if (isAccountSignalConnector(connector)) {
@@ -2216,21 +2222,15 @@ function printConciseSetupBlockers(payload, command, options = {}) {
         process.stdout.write(`Live checks passed: ${passingConnectors.map(connectorTitle).join(', ')}.\n`);
     }
     if (groups.size > 0) {
-        process.stdout.write('\nNeeds fix:\n');
+        process.stdout.write('\nNeeds attention:\n');
         for (const [connector, connectorBlockers] of groups.entries()) {
             const primary = connectorBlockers[0] || {};
-            const reasons = [
-                ...new Set(connectorBlockers
-                    .map((blocker) => summarizeFailureReason(blocker.detail || blocker.check))
-                    .filter(Boolean)),
-            ];
             process.stdout.write(`- ${connectorTitle(connector)}: ${summarizeFailureReason(primary.detail || primary.check)}\n`);
-            process.stdout.write(`  Why: ${reasons.join('; ')}.\n`);
             process.stdout.write(`  Fix: ${summarizeFailureFix(connector, connectorBlockers)}\n`);
         }
     }
     printDeferredSetupNotes(blockers, focusConnectors);
-    if (groups.size > 0 || !options.hideRerunWhenClean) {
+    if (!options.hideRerun && (groups.size > 0 || !options.hideRerunWhenClean)) {
         process.stdout.write(`\nRerun: ${command}\n`);
     }
 }
@@ -2375,9 +2375,9 @@ function isDeferredGitHubFailure(failure) {
     return (name === 'project:github-repo' ||
         (name === 'connection:github' && /project\.githubRepo|repo is missing|repo is not configured/i.test(detail)));
 }
-function healthStatusLabel(status) {
+function healthStatusLabel(status, spinner = '') {
     if (status === 'running')
-        return 'running';
+        return spinner ? `running ${spinner}` : 'running';
     if (status === 'pass')
         return 'done';
     if (status === 'warn')
@@ -2386,18 +2386,27 @@ function healthStatusLabel(status) {
         return 'needs attention';
     if (status === 'deferred')
         return 'deferred';
-    return 'pending';
+    return spinner ? `pending ${spinner}` : 'pending';
 }
-function renderHealthProgress(items, message = 'Live checks running...', title = 'Health check') {
+function renderHealthProgress(items, message = 'Live checks running...', title = 'Health check', options = {}) {
     if (process.stdout.isTTY)
         clearTerminal();
-    const finished = items.filter((item) => !['pending', 'running'].includes(String(item.status || ''))).length;
+    const final = Boolean(options.final);
+    const visibleItems = final
+        ? items.filter((item) => !['pending', 'running'].includes(String(item.status || '')) && item.key !== 'finalize')
+        : items;
+    const finished = visibleItems.filter((item) => !['pending', 'running'].includes(String(item.status || ''))).length;
     process.stdout.write(`${title}\n`);
     process.stdout.write('------------\n');
     process.stdout.write(`${message}\n\n`);
-    process.stdout.write(`${finished}/${items.length} checks finished.\n\n`);
-    for (const item of items) {
-        process.stdout.write(`[${healthStatusLabel(item.status)}] ${item.label}: ${item.detail}\n`);
+    if (final) {
+        process.stdout.write('Checks complete.\n\n');
+    }
+    else {
+        process.stdout.write(`${finished}/${visibleItems.length} checks finished.\n\n`);
+    }
+    for (const item of visibleItems) {
+        process.stdout.write(`[${healthStatusLabel(item.status, options.spinner || '')}] ${item.label}: ${item.detail}\n`);
     }
 }
 function updateHealthProgress(items, event) {
@@ -2508,22 +2517,35 @@ function updateProgressItem(items, key, status, detail) {
 }
 async function runSetupCommandWithProgress(command, env, selected, message) {
     const plan = buildSetupTestProgressPlan(selected);
-    renderHealthProgress(plan, `${message}\nDo not close this terminal yet.`, 'Connector setup test');
+    const spinnerFrames = ['-', '\\', '|', '/'];
+    let spinnerIndex = 0;
+    let currentMessage = message;
+    const render = (nextMessage = currentMessage, options = {}) => {
+        currentMessage = nextMessage;
+        renderHealthProgress(plan, currentMessage, 'Connector setup test', {
+            ...options,
+            spinner: spinnerFrames[spinnerIndex++ % spinnerFrames.length],
+        });
+    };
+    render(message);
+    const spinnerInterval = process.stdout.isTTY
+        ? setInterval(() => render(currentMessage), 800)
+        : null;
     const progressCommand = command.includes('--progress-json') ? command : `${command} --progress-json`;
     const result = await runCommandCaptureWithProgress(progressCommand, (event) => {
-        if (updateHealthProgress(plan, event)) {
-            const primaryFinished = primaryProgressItemsFinished(plan);
-            if (primaryFinished) {
-                updateProgressItem(plan, 'finalize', 'running', 'command still running; parsing final output and follow-up work');
-            }
-            const message = primaryFinished
-                ? 'Checks finished. Finalizing result; do not close this terminal yet.'
-                : 'Connector setup test is still running. Do not close this terminal yet.';
-            renderHealthProgress(plan, message, 'Connector setup test');
+        if (!updateHealthProgress(plan, event))
+            return;
+        const primaryFinished = primaryProgressItemsFinished(plan);
+        if (primaryFinished) {
+            updateProgressItem(plan, 'finalize', 'running', 'finishing');
         }
-    }, { env, timeoutMs: 180_000 });
+        render(primaryFinished ? 'Finishing setup test...' : 'Testing connector setup...');
+    }, { env, timeoutMs: 180_000 }).finally(() => {
+        if (spinnerInterval)
+            clearInterval(spinnerInterval);
+    });
     updateProgressItem(plan, 'finalize', 'pass', 'result received');
-    renderHealthProgress(plan, 'Connector setup test finished.', 'Connector setup test');
+    renderHealthProgress(plan, 'Connector setup test finished.', 'Connector setup test', { final: true });
     return result;
 }
 async function saveSecretsImmediately(secrets) {
@@ -2556,6 +2578,7 @@ async function runImmediateConnectorHealthCheck({ rl, configPath, connector, sec
         printConciseSetupBlockers(payload, command, {
             focusConnectors: [connector],
             hideRerunWhenClean: true,
+            hideRerun: true,
         });
         const retry = await askYesNo(rl, `Re-enter ${connectorLabel(connector)} configuration now?`, true);
         return { ok: false, retry, result, payload };
@@ -3529,11 +3552,9 @@ function bold(text) {
 }
 async function guideGitHubConnector(rl, secrets) {
     printSection('GitHub code access', [
-        'Use this when OpenClaw should read repo context or create GitHub delivery artifacts.',
-    ]);
-    printBullets([
-        'Open the token page, select the scopes you want, then paste the token here.',
-        'You can rerun this wizard later to change GitHub permissions.',
+        `${bold('Create token')} here: https://github.com/settings/tokens/new`,
+        `${bold('Scopes')}: public repos = public_repo, private repos/issues/PRs = repo.`,
+        `${bold('Only add workflow')} if OpenClaw should edit GitHub Actions files.`,
     ]);
     let hasGh = await commandExists('gh');
     if (!hasGh) {
@@ -3542,15 +3563,6 @@ async function guideGitHubConnector(rl, secrets) {
     if (hasGh) {
         process.stdout.write('GitHub CLI is available for helper commands.\n\n');
     }
-    process.stdout.write('Token URL: https://github.com/settings/tokens/new\n\n');
-    process.stdout.write(`${ANSI.bold}Suggested scopes${ANSI.reset}\n`);
-    printBullets([
-        'Public repo only: select `public_repo`.',
-        'Private repo access: select `repo` (classic GitHub tokens make private repo access broad).',
-        'Create issues / draft PRs in private repos: `repo` is the relevant classic-token scope.',
-        'Edit GitHub Actions workflow files: add `workflow` only if you explicitly want this.',
-        'Usually do not select: packages, admin:org, hooks, gist, user, delete_repo, enterprise, codespace, copilot.',
-    ]);
     const token = await maybePromptSecret(rl, 'Paste GITHUB_TOKEN into this local terminal', 'GITHUB_TOKEN');
     if (token)
         secrets.GITHUB_TOKEN = token;
@@ -3571,12 +3583,10 @@ function shouldForceFreshAnalyticsToken(healthByConnector = {}) {
     return ['blocked', 'partial'].includes(String(health?.status || '')) || /revoked|unauthorized|invalid token/i.test(detail);
 }
 async function guideAnalyticsConnector(rl, secrets, options = {}) {
-    printSection('AnalyticsCLI');
-    process.stdout.write('Create a readonly CLI token:\n');
-    process.stdout.write('1. Open https://dash.analyticscli.com/\n');
-    process.stdout.write('2. Account -> API Keys\n');
-    process.stdout.write('3. Create Access Token\n');
-    process.stdout.write('4. Copy the Readonly CLI Token and paste it below\n\n');
+    printSection('AnalyticsCLI', [
+        `${bold('Create readonly CLI token')}: https://dash.analyticscli.com/`,
+        `${bold('Path')}: Account -> API Keys -> Create Access Token.`,
+    ]);
     const forceFresh = Boolean(options.forceFresh);
     if (forceFresh && process.env.ANALYTICSCLI_ACCESS_TOKEN) {
         process.stdout.write('Stored token failed. Paste a new token.\n\n');
@@ -3593,17 +3603,9 @@ async function guideAnalyticsConnector(rl, secrets, options = {}) {
 }
 async function guideRevenueCatConnector(rl, secrets) {
     printSection('RevenueCat monetization data', [
-        'Use this when OpenClaw should read subscription, product, entitlement, and revenue context.',
-    ]);
-    process.stdout.write('\nCreate a RevenueCat secret API key here:\n  https://app.revenuecat.com/\n\n');
-    printBullets([
-        'Select your app.',
-        'In the sidebar, choose "Apps & providers".',
-        'Click "API keys" and generate a new secret API key.',
-        'Name it "analyticscli" and choose API version 2.',
-        'Set Charts metrics permissions to read.',
-        'Set Customer information permissions to read.',
-        'Set Project configuration permissions to read.',
+        `${bold('Create secret API key')}: https://app.revenuecat.com/`,
+        `${bold('Path')}: Apps & providers -> API keys -> New secret key.`,
+        `${bold('Permissions')}: API v2, read for Charts metrics, Customer information, Project configuration.`,
     ]);
     const apiKey = await maybePromptSecret(rl, 'Paste REVENUECAT_API_KEY into this local terminal', 'REVENUECAT_API_KEY');
     if (apiKey)
@@ -3626,17 +3628,9 @@ function paddleTokenEnvForAccount(index, label) {
 }
 async function guidePaddleConnector(rl, secrets) {
     printSection('Paddle Billing metrics', [
-        'Use this when OpenClaw should read web checkout, revenue, MRR, refunds, chargebacks, and active subscriber metrics.',
-    ]);
-    process.stdout.write('\nCreate or update a scoped Paddle API key here:\n  https://vendors.paddle.com/authentication-v2\n\n');
-    printBullets([
-        'Open Paddle > Developer Tools > Authentication.',
-        'Use the API keys tab and create a new live API key.',
-        'Minimum: grant `metrics.read` so account-level revenue, MRR, refunds, chargebacks, subscribers, and checkout conversion work.',
-        'Recommended for better Growth Engineer analysis: grant all available read-only permissions (`*.read`), including products, prices, discounts, customers, transactions, subscriptions, adjustments, reports, and notifications.',
-        'Do not grant any write permissions (`*.write`) unless another workflow explicitly needs them.',
-        'Do not select or hard-code a single product in the wizard; the Growth Engineer should keep account-level metrics context.',
-        'Paste the key here so it is stored only in the local chmod 600 secrets file.',
+        `${bold('Create live API key')}: https://vendors.paddle.com/authentication-v2`,
+        `${bold('Minimum')}: metrics.read. Better: all read-only *.read scopes.`,
+        `${bold('Do not grant write scopes')} unless you explicitly need them elsewhere.`,
     ]);
     const accounts = [];
     let index = 0;
@@ -3663,17 +3657,10 @@ async function guidePaddleConnector(rl, secrets) {
 }
 async function guideSeoConnector(rl, secrets) {
     printSection('SEO / Google Search Console / DataForSEO', [
-        'Use this when OpenClaw should read organic search demand, GSC clicks/impressions/CTR/position, and optional paid keyword ideas.',
-    ]);
-    process.stdout.write('\nGoogle Search Console:\n  https://search.google.com/search-console\nGoogle Cloud service accounts:\n  https://console.cloud.google.com/iam-admin/serviceaccounts\nDataForSEO API dashboard:\n  https://app.dataforseo.com/api-dashboard\n\n');
-    printBullets([
-        'Preferred: give the token/service account access to all Search Console properties you want analyzed.',
-        'Leave the property URL empty to let the exporter list and query all verified GSC properties in the account.',
-        'Enter a property URL only when you intentionally want to restrict analysis to one site.',
-        'For OAuth token mode, paste a read-only Search Console token with `webmasters.readonly` scope.',
-        'For service-account mode, add the service account email as a restricted/full user in Search Console, then set GOOGLE_APPLICATION_CREDENTIALS or GSC_SERVICE_ACCOUNT_JSON outside this wizard.',
-        'DataForSEO is optional and paid. The exporter refuses paid calls unless the source command includes --confirm-paid and a small --max-paid-requests cap.',
-        'CSV-only mode is also supported with --gsc-csv or --csv in sources.seo.command.',
+        `${bold('GSC')}: https://search.google.com/search-console`,
+        `${bold('Service account')}: https://console.cloud.google.com/iam-admin/serviceaccounts`,
+        `${bold('Optional paid keyword data')}: https://app.dataforseo.com/api-dashboard`,
+        `${bold('Default')}: leave property URL empty to use all verified GSC properties.`,
     ]);
     const siteUrl = await ask(rl, 'Optional GSC property URL (empty = all verified properties)', process.env.GSC_SITE_URL || '');
     if (siteUrl.trim())
@@ -3772,11 +3759,10 @@ async function guideAccountSignalConnector(rl, secrets, key) {
     if (!definition)
         return [];
     printSection(definition.label, [
-        definition.summary,
-        'Setup is account-wide. Do not paste project IDs, app IDs, product IDs, package names, paywall IDs, service names, or tags here.',
+        `${bold('Docs')}: ${definition.docsUrl}`,
+        `${bold('Setup is account-wide')}. Do not paste project IDs, app IDs, product IDs, package names, paywall IDs, service names, or tags here.`,
+        `${bold('Paste only credentials')} below. The agent discovers accounts/apps/projects later.`,
     ]);
-    process.stdout.write(`Docs: ${definition.docsUrl}\n\n`);
-    printBullets(definition.steps);
     const accounts = [];
     let index = 0;
     while (true) {
@@ -3816,8 +3802,8 @@ async function guideAccountSignalConnector(rl, secrets, key) {
 }
 async function guideSentryConnector(rl, secrets) {
     printSection('Sentry / GlitchTip', [
-        'Paste token, org, and base URL. Projects are discovered automatically.',
-        'Use `https://sentry.io` for Sentry Cloud or your GlitchTip/self-hosted base URL.',
+        `${bold('Base URL')}: https://sentry.io for Sentry Cloud, otherwise your GlitchTip/self-hosted URL.`,
+        `${bold('Token + org')} are needed. Project scope remains unpinned.`,
     ]);
     const accounts = [];
     let index = 0;
@@ -3869,7 +3855,7 @@ async function guideSentryConnector(rl, secrets) {
             let verifiedVisibleProjects = false;
             if (discovery.ok && discovery.projects.length > 0) {
                 verifiedVisibleProjects = true;
-                process.stdout.write(`Found ${discovery.projects.length} visible project(s). Project scope remains unpinned so OpenClaw/Hermes can decide per run.\n`);
+                process.stdout.write(`Found ${discovery.projects.length} visible project(s). Project scope remains unpinned.\n`);
             }
             else {
                 const fallbackOrgs = discoveredOrganizations
@@ -3926,19 +3912,12 @@ function normalizeCoolifyBaseUrl(value) {
 }
 async function guideCoolifyConnector(rl, secrets) {
     printSection('Coolify deployment monitoring', [
-        'Use this when OpenClaw should read deployment, resource, server, and health-check signals from Coolify.',
-        'The token should be read-only. Do not use "*" or sensitive-token permissions for normal monitoring.',
+        `${bold('Create read-only API token')} in Coolify.`,
+        `${bold('Do not use * or sensitive-token permissions')} for normal monitoring.`,
     ]);
     const baseUrl = normalizeCoolifyBaseUrl(await ask(rl, 'Coolify base URL', process.env.COOLIFY_BASE_URL || 'https://coolify.wotaso.com'));
     const tokenUrl = baseUrl ? `${baseUrl}/security/api-tokens` : 'https://<your-coolify-host>/security/api-tokens';
-    process.stdout.write(`\nToken page: ${tokenUrl}\n\n`);
-    printBullets([
-        'Open the Coolify dashboard.',
-        'In the sidebar, go to "Keys & Tokens".',
-        'Open "API tokens".',
-        'Create a new API key/token with read-only permissions.',
-        'Copy the token once and paste it into this local terminal.',
-    ]);
+    process.stdout.write(`${bold('Token page')}: ${tokenUrl}\n\n`);
     const token = await maybePromptSecret(rl, 'Paste COOLIFY_API_TOKEN into this local terminal', 'COOLIFY_API_TOKEN');
     if (baseUrl)
         secrets.COOLIFY_BASE_URL = baseUrl;
@@ -3955,7 +3934,7 @@ async function guideAscConnector(rl, secrets) {
     process.stdout.write(`${bold('Enter the Reports key now:')}\n`);
     printBullets([
         `${bold('.p8 path')} to Apple\'s original ${bold('AuthKey_<KEY_ID>.p8')} file. ${bold('Do not rename it')}; KEY_ID is read from the filename.`,
-        `${bold('Issuer ID')} from the API keys page.`,
+        `${bold('Issuer ID')} from the API keys page. Same value for both keys.`,
         `${bold('Vendor Number')} from Sales and Trends > Reports.`,
     ]);
     const normalKeyPath = await askAscPrivateKeyPathWithKeyId(rl, {
@@ -3969,7 +3948,7 @@ async function guideAscConnector(rl, secrets) {
         secrets.ASC_KEY_ID = keyId;
         process.stdout.write(`Inferred ASC_KEY_ID=${keyId} from ${path.basename(normalKeyPath.privateKeyPath)}.\n`);
     }
-    const issuerId = await ask(rl, 'ASC_ISSUER_ID (reports key, empty = skip)', process.env.ASC_ISSUER_ID || '');
+    const issuerId = await ask(rl, 'ASC_ISSUER_ID (same for both keys, empty = skip)', process.env.ASC_ISSUER_ID || '');
     if (issuerId.trim())
         secrets.ASC_ISSUER_ID = issuerId.trim();
     if (!normalKeyPath.privateKeyPath) {
@@ -4007,7 +3986,10 @@ async function guideAscBootstrapAdminKey(rl, issuerIdDefault = '') {
         keyLabel: 'the temporary Admin key',
     });
     let bootstrapKeyId = bootstrapKeyPath.keyId;
-    const bootstrapIssuerId = await ask(rl, 'ASC_BOOTSTRAP_ISSUER_ID', issuerIdDefault);
+    let bootstrapIssuerId = String(issuerIdDefault || '').trim();
+    if (!bootstrapIssuerId) {
+        bootstrapIssuerId = await ask(rl, 'ASC_ISSUER_ID (same API keys page)', process.env.ASC_ISSUER_ID || '');
+    }
     if (bootstrapKeyPath.privateKeyPath) {
         bootstrapEnv.ASC_BOOTSTRAP_PRIVATE_KEY_PATH = bootstrapKeyPath.privateKeyPath;
         process.stdout.write(`Inferred ASC_BOOTSTRAP_KEY_ID=${bootstrapKeyId} from ${path.basename(bootstrapKeyPath.privateKeyPath)}.\n`);