@rizom/ops 0.2.0-alpha.40 → 0.2.0-alpha.42

package/dist/parse-args.d.ts

@@ -6,6 +6,8 @@ export interface ParsedArgs {
         version?: boolean | undefined;
         dryRun?: boolean | undefined;
         pushTo?: string | undefined;
+        cohort?: string | undefined;
+        anchorId?: string | undefined;
     };
 }
 export declare function parseArgs(argv: string[]): ParsedArgs;

package/dist/schema.d.ts

@@ -14,6 +14,7 @@ export declare const pilotSchema: z.ZodObject<{
     preset: z.ZodEnum<["core", "default", "pro"]>;
     aiApiKey: z.ZodString;
     gitSyncToken: z.ZodString;
+    contentRepoAdminToken: z.ZodString;
     mcpAuthToken: z.ZodString;
     agePublicKey: z.ZodString;
 }, "strict", z.ZodTypeAny, {
@@ -27,6 +28,7 @@ export declare const pilotSchema: z.ZodObject<{
     preset: "default" | "core" | "pro";
     aiApiKey: string;
     gitSyncToken: string;
+    contentRepoAdminToken: string;
     mcpAuthToken: string;
 }, {
     agePublicKey: string;
@@ -39,6 +41,7 @@ export declare const pilotSchema: z.ZodObject<{
     preset: "default" | "core" | "pro";
     aiApiKey: string;
     gitSyncToken: string;
+    contentRepoAdminToken: string;
     mcpAuthToken: string;
 }>;
 export declare const userSchema: z.ZodObject<{

package/dist/user-add.d.ts

@@ -0,0 +1,15 @@
+export interface AddPilotUserOptions {
+    cohort: string;
+    anchorId?: string | undefined;
+}
+export interface AddPilotUserResult {
+    handle: string;
+    cohort: string;
+    userPath: string;
+    secretsTemplatePath: string;
+    cohortPath: string;
+    createdUser: boolean;
+    createdSecretsTemplate: boolean;
+    addedToCohort: boolean;
+}
+export declare function addPilotUser(rootDir: string, handle: string, options: AddPilotUserOptions): Promise<AddPilotUserResult>;

package/package.json

@@ -4,7 +4,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.2.0-alpha.40",
+  "version": "0.2.0-alpha.42",
   "type": "module",
   "exports": {
     ".": {

package/templates/rover-pilot/.env.schema

@@ -14,6 +14,12 @@ AI_API_KEY=
 # @required @sensitive
 GIT_SYNC_TOKEN=
 
+# Content repo administration
+# Local/operator secret only. Used by brains-ops to create missing GitHub repos;
+# do not deploy it into Rover runtime config.
+# @required @sensitive
+CONTENT_REPO_ADMIN_TOKEN=
+
 # MCP interface
 # Comes from the decrypted users/<handle>.secrets.yaml.age file.
 # @required @sensitive

package/templates/rover-pilot/README.md

@@ -29,6 +29,7 @@ The repo also checks in its deploy contract:
 - `.github/workflows/*`
 
 `.env.schema` is the single source of truth for required and sensitive deploy vars.
+Use separate GitHub tokens: `CONTENT_REPO_ADMIN_TOKEN` for operator-side content repo creation/checks, and `GIT_SYNC_TOKEN` for runtime directory-sync git access.
 The shared pilot image tag is `brain-${brainVersion}` end to end.
 When `pilot.yaml.brainVersion` changes and you push, CI rebuilds the shared tag, refreshes generated user env files, and redeploys affected users.
 When a push changes only deploy contract files, CI prints `No affected user configs; skipping deploy.` and stops before Kamal.
@@ -37,7 +38,8 @@ When a push changes only deploy contract files, CI prints `No affected user conf
 
 - `brains-ops init <repo>`
 - `brains-ops render <repo>` — regenerates `views/users.md` with live DNS, `/health`, and unauthenticated `/mcp` status checks
-- `brains-ops onboard <repo> <handle>`
+- `brains-ops user:add <repo> <handle> --cohort <cohort>` — scaffolds a user file, per-user secrets template, and cohort membership
+- `brains-ops onboard <repo> <handle>` — creates/seeds the user's content repo with separate admin and sync tokens
 - `brains-ops age-key:bootstrap <repo>`
 - `brains-ops ssh-key:bootstrap <repo>`
 - `brains-ops cert:bootstrap <repo>`

package/templates/rover-pilot/docs/onboarding-checklist.md

@@ -4,16 +4,18 @@
 2. Run `bunx brains-ops age-key:bootstrap <repo> --push-to gh`.
 3. Fill in `pilot.yaml`.
    - keep your pinned `brainVersion`
-   - confirm shared selectors for `aiApiKey`, `gitSyncToken`, and `mcpAuthToken`
+   - confirm shared selectors for `aiApiKey`, `gitSyncToken`, `contentRepoAdminToken`, and `mcpAuthToken`
+   - use different tokens for `contentRepoAdminToken` and `gitSyncToken`: admin creates/checks content repos; sync is used by runtime directory-sync
    - confirm `agePublicKey`
-4. Add or edit `users/<handle>.yaml`.
-   - Discord is enabled by default for pilot users
-   - if the user should be an anchor there, set `discord.anchorUserId` to their Discord user ID
-5. Add the user to a cohort in `cohorts/*.yaml`.
+4. Run `bunx brains-ops user:add <repo> <handle> --cohort <cohort>`.
+   - Discord is enabled by default for pilot users.
+   - if the user should be an anchor there, add `--anchor-id <discord-user-id>`.
+   - the command creates `users/<handle>.yaml`, `users/<handle>.secrets.yaml`, and the cohort membership without duplicating existing entries.
+5. Edit the generated user file if the anchor profile needs richer metadata.
 6. Run `bunx brains-ops render <repo>`.
 7. Run `bunx brains-ops ssh-key:bootstrap <repo> --push-to gh`.
 8. Run `bunx brains-ops cert:bootstrap <repo> --push-to gh`.
-9. Keep raw user secret material locally for now (`.env.local`, file-backed env vars, or equivalent local inputs).
+9. Keep raw user secret material locally for now (`.env.local`, file-backed env vars, or equivalent local inputs), including `CONTENT_REPO_ADMIN_TOKEN` for operator onboarding.
 10. Run `bunx brains-ops secrets:encrypt <repo> <handle>`.
 11. Commit and push `users/<handle>.secrets.yaml.age`.
 12. Run `bunx brains-ops onboard <repo> <handle>`.

package/templates/rover-pilot/pilot.yaml

@@ -7,5 +7,6 @@ domainSuffix: .rizom.ai
 preset: core
 aiApiKey: AI_API_KEY
 gitSyncToken: GIT_SYNC_TOKEN
+contentRepoAdminToken: CONTENT_REPO_ADMIN_TOKEN
 mcpAuthToken: MCP_AUTH_TOKEN
 agePublicKey: age1replace-with-your-public-key