create-ironclaws 1.0.0 → 1.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-ironclaws",
-  "version": "1.0.0",
+  "version": "1.0.3",
   "description": "Create an IronClaws AI agent platform in seconds",
   "type": "module",
   "bin": {

package/template/container/Dockerfile.argus

@@ -11,7 +11,7 @@ USER root
 
 # Python 3 + pip (requests needed by elastic_query.py)
 RUN apt-get update && apt-get install -y python3 python3-pip && rm -rf /var/lib/apt/lists/*
-RUN pip3 install requests youtube-transcript-api markdownify --break-system-packages
+RUN pip3 install requests tenacity youtube-transcript-api markdownify --break-system-packages
 
 # Poetry
 RUN pip3 install poetry --break-system-packages

package/template/container/skills/slack-formatting/SKILL.md

@@ -1,92 +1,233 @@
 ---
 name: slack-formatting
-description: Format messages for Slack using mrkdwn syntax. Use when responding to Slack channels (folder starts with "slack_" or JID contains slack identifiers).
+description: Format messages for Slack using mrkdwn. All agents in this deployment communicate via Slack — these rules always apply.
 ---
 
-# Slack Message Formatting (mrkdwn)
+# Slack Formatting — World-Class Messages
 
-When responding to Slack channels, use Slack's mrkdwn syntax instead of standard Markdown.
+Every message you send goes to Slack. Slack does not render standard Markdown. Follow these rules exactly.
 
-## Slack context
+---
+
+## The Golden Rules
+
+1. `*bold*` — never `**bold**`
+2. `_italic_` — never `*italic*`
+3. No markdown tables — never `| col | col |`
+4. No `##` headings — use `*Bold text*` instead
+5. No `---` horizontal rules
+6. No `[text](url)` — use `<url|text>` instead
+7. Email drafts and code always go in ` ```triple backtick blocks``` `
+8. Emoji add clarity — use them intentionally, not decoratively
+
+---
+
+## RAG Status Emoji — Exact Codes (memorise these)
+
+These are the ONLY correct codes for traffic-light status indicators. Do not guess or vary them.
+
+| Status | Correct code | Wrong codes (do not use) |
+|--------|-------------|--------------------------|
+| 🔴 Red / violation / critical | `:red_circle:` | ~~`:large_red_circle:`~~ |
+| 🟡 Yellow / warning / caution | `:large_yellow_circle:` | ~~`:yellow_circle:`~~ ~~`:warning:`~~ |
+| 🟢 Green / compliant / clean | `:large_green_circle:` | ~~`:green_circle:`~~ ~~`:white_check_mark:`~~ |
+
+Rule: red has no `large_` prefix. Yellow and green both require the `large_` prefix. This is a Slack quirk — the non-large versions of yellow and green render as different emoji entirely.
+
+---
+
+## Data without tables
+
+Tables don't render. Use these patterns instead:
+
+**Field list (best for structured data):**
+```
+*Voucher:* AP-818
+*Vendor:* Metosin Oy
+*Amount:* 325,994.74 NOK
+*Posted:* 2025-08-31
+```
+
+**Compact inline (best for short summaries):**
+```
+AP-818 • Metosin Oy • 325,994.74 NOK • 2025-08-31
+```
 
-All agents in this deployment communicate via Slack. These formatting rules always apply.
+**Key-value in code block (best for exact copy-paste, e.g. email drafts):**
+````
+```
+Voucher:    AP-818
+Vendor:     Metosin Oy
+Amount:     325,994.74 NOK
+Move from:  6784 – Konsulentkostnader Utvikling
+Move to:    [INSERT ACCOUNT]
+```
+````
+
+---
+
+## Message structure
+
+**Use blank lines to breathe.** Dense walls of text are hard to scan on mobile.
+
+**Sections flow like this:**
+```
+*Title or status line*
+
+Short one-line context sentence.
+
+:emoji: *Section header*
+Content here
+
+:emoji: *Another section*
+Content here
+
+> Callout or note for important info
+
+_Footer — instructions or next steps_
+```
+
+---
+
+## Violations and alerts
+
+```
+:red_circle: *1 violation found — action required*
 
-## Formatting reference
+*Voucher:* AP-818
+*Vendor:* Metosin Oy (Finland)
+*Amount:* 325,994.74 NOK
+*Posted:* 2025-08-31
+*Issue:* Vendor invoice posted to 6784 — must be reclassified by Amesto
 
-### Text styles
+> Christian — fill in `[INSERT ACCOUNT]` and send the correction email below.
+```
 
-| Style | Syntax | Example |
-|-------|--------|---------|
-| Bold | `*text*` | *bold text* |
-| Italic | `_text_` | _italic text_ |
-| Strikethrough | `~text~` | ~strikethrough~ |
-| Code (inline) | `` `code` `` | `inline code` |
-| Code block | ` ```code``` ` | Multi-line code |
+---
 
-### Links and mentions
+## Status summaries
 
 ```
-<https://example.com|Link text>     # Named link
-<https://example.com>                # Auto-linked URL
-<@U1234567890>                       # Mention user by ID
-<#C1234567890>                       # Mention channel by ID
-<!here>                              # @here
-<!channel>                           # @channel
+:white_check_mark: *Expense check complete — May 2026*
+
+• Reports checked: 14 | Expenses: 67
+• :red_circle: 2 red violations | :large_yellow_circle: 7 yellow flags
+• Notifications: 0 (DM sending not yet enabled)
 ```
 
-### Lists
+---
+
+## Email and document drafts
 
-Slack supports simple bullet lists but NOT numbered lists:
+Always use a triple-backtick code block. This makes it copy-paste ready and visually distinct:
+
+````
+Here's the correction email for Christian to review and send:
 
 ```
-• First item
-• Second item
-• Third item
+To: [Amesto contact]
+Cc: finance@ardoq.com, Christian Dotterweich <christian.dotterweich@ardoq.com>
+Subject: Correction request — voucher AP-818 — move from 6784 to [INSERT ACCOUNT]
+
+Hi [Amesto contact],
+
+Please reclassify the following vendor invoice ...
+
+Voucher:    AP-818
+Vendor:     Metosin Oy
+Amount:     325,994.74 NOK
+Move from:  6784 – Konsulentkostnader Utvikling
+Move to:    [INSERT ACCOUNT]
+
+Thanks,
+Christian Dotterweich
 ```
+````
 
-Use `•` (bullet character) or `- ` or `* ` for bullets.
+---
+
+## Progress updates (mid-run)
 
-### Block quotes
+Use `send_message` for long-running tasks so people know you're working:
 
 ```
-> This is a block quote
-> It can span multiple lines
+:hourglass_flowing_sand: Fetching transactions from Xledger...
+```
+```
+:mag: Found 3 entries on account 6784 — running classification...
+```
+
+---
+
+## Escalations and warnings
+
 ```
+:rotating_light: *Annual true-up required — December close*
 
-### Emoji
+The December close report cannot be marked complete until the annual true-up is logged.
 
-Use standard emoji shortcodes: `:white_check_mark:`, `:x:`, `:rocket:`, `:tada:`
+Reply with:
+`annual true-up done 2025: <summary including adjustment amount>`
+```
+
+---
 
-## What NOT to use
+## Confirmations and success
 
-- **NO** `##` headings (use `*Bold text*` for headers instead)
-- **NO** `**double asterisks**` for bold (use `*single asterisks*`)
-- **NO** `[text](url)` links (use `<url|text>` instead)
-- **NO** `1.` numbered lists (use bullets with numbers: `• 1. First`)
-- **NO** tables (use code blocks or plain text alignment)
-- **NO** `---` horizontal rules
+```
+:white_check_mark: *Done* — session flagged as resolved in state/flagged_6784.json
+```
 
-## Example message
+```
+:white_check_mark: *Reconciliation complete — 6784 — 2025-08*
 
+:red_circle: 1 violation | :large_green_circle: 1 compliant | no volume flag
 ```
-*Daily Standup Summary*
 
-_March 21, 2026_
+---
 
-• *Completed:* Fixed authentication bug in login flow
-• *In Progress:* Building new dashboard widgets
-• *Blocked:* Waiting on API access from DevOps
+## Lists
 
-> Next sync: Monday 10am
+Use `•` for bullets. Never `1.` numbered lists (they don't render as lists in Slack):
 
-:white_check_mark: All tests passing | <https://ci.example.com/builds/123|View Build>
 ```
+What was checked:
+• Account 6784 — Konsulentkostnader Utvikling
+• Period: 2025-08 (August)
+• Source: Xledger GraphQL API
+```
+
+---
 
-## Quick rules
+## Mentions and links
+
+```
+<@U04S2VA1CU8>                          # Mention a specific user
+<#C0B36KNFDHV|finance-close-ops>        # Link a channel
+<https://expensify.com/report?id=123|View report>   # Named link
+```
+
+---
+
+## Dividers and spacing
+
+Never use `---`. Use blank lines between sections. For a hard visual break, use a line of spaces or just let the sections breathe naturally.
+
+---
 
-1. Use `*bold*` not `**bold**`
-2. Use `<url|text>` not `[text](url)`
-3. Use `•` bullets, avoid numbered lists
-4. Use `:emoji:` shortcodes
-5. Quote blocks with `>`
-6. Skip headings — use bold text instead
+## Quick cheat sheet
+
+| Goal | Use |
+|------|-----|
+| Bold | `*text*` |
+| Italic | `_text_` |
+| Code inline | `` `code` `` |
+| Code block | ` ```block``` ` |
+| Bullet | `•` |
+| Blockquote | `> text` |
+| Link | `<url\|text>` |
+| Mention user | `<@USERID>` |
+| Emoji | `:white_check_mark:` |
+| "Heading" | `*Bold line*` then blank line |
+| Table | Field list or code block |
+| Divider | Blank line |

package/template/groups/forge/CLAUDE.md

@@ -4,6 +4,8 @@ You are Forge, the built-in guide for IronClaws. You help people understand how
 
 You are running inside IronClaws itself — which means you can inspect the codebase, read configuration files, and help make changes directly.
 
+**You communicate exclusively through Slack. Always use Slack mrkdwn formatting — never standard Markdown. Follow the `slack-formatting` skill for every message you send. Key rules: `*bold*` not `**bold**`, no `##` headings, no markdown tables, no `---` dividers.**
+
 ---
 
 ## What you know

package/template/scripts/setup-onecli-secrets.sh

@@ -7,7 +7,7 @@
 # Run this on the VM after deploying NanoClaw:
 #   cd ~/nanoclaw-docker && bash scripts/setup-onecli-secrets.sh
 
-set -euo pipefail
+set -eo pipefail
 
 ENV_FILE="${ENV_FILE:-$(dirname "$0")/../.env}"
 API="http://localhost:10254"
@@ -112,6 +112,13 @@ if [ ! -f "$ENV_FILE" ]; then
   exit 1
 fi
 
+# Check OneCLI is reachable before proceeding
+if ! api_curl "$API/api/secrets" > /dev/null 2>&1; then
+  echo "  ⚠ OneCLI not reachable at $API — skipping secrets setup"
+  echo "    Start OneCLI with: docker compose up -d"
+  exit 0
+fi
+
 echo "Reading credentials from $ENV_FILE"
 echo ""
 
@@ -135,6 +142,13 @@ CONFLUENCE_BASIC=$(printf '%s:%s' "$CONFLUENCE_USERNAME" "$CONFLUENCE_PASSWORD"
 SLACK_BOT_TOKEN=$(env_val "SLACK_BOT_TOKEN")
 INTERCOM_ACCESS_TOKEN=$(env_val "INTERCOM_ACCESS_TOKEN")
 
+XLEDGER_API_TOKEN=$(env_val "XLEDGER_API_TOKEN")
+XLEDGER_API_BASE=$(env_val "XLEDGER_API_BASE")
+XLEDGER_HOST=$(echo "$XLEDGER_API_BASE" | sed 's|^https://||;s|^http://||' | cut -d/ -f1)
+
+ARDOQ_API_KEY=$(env_val "ARDOQ_API_KEY")
+ARDOQ_BASE_URL=$(env_val "ARDOQ_BASE_URL")
+ARDOQ_HOST=$(echo "$ARDOQ_BASE_URL" | sed 's|^https://||;s|^http://||' | cut -d/ -f1)
 
 ANTHROPIC_AUTH_TOKEN=$(env_val "ANTHROPIC_AUTH_TOKEN")
 LLM_GATEWAY=$(env_val "ANTHROPIC_BASE_URL")
@@ -168,11 +182,18 @@ fi
   upsert_secret "intercom" "api.intercom.io" "Authorization" "Bearer $INTERCOM_ACCESS_TOKEN" || \
   echo "  ⚠ Skipping intercom"
 
+[ -n "$ARDOQ_API_KEY" ] && [ -n "$ARDOQ_HOST" ] && \
+  upsert_secret "ardoq" "$ARDOQ_HOST" "Authorization" "Token token=$ARDOQ_API_KEY" || \
+  echo "  ⚠ Skipping ardoq"
 
 [ -n "$ANTHROPIC_AUTH_TOKEN" ] && [ -n "$LLM_GATEWAY_HOST" ] && \
   upsert_secret "litellm" "$LLM_GATEWAY_HOST" "Authorization" "Bearer $ANTHROPIC_AUTH_TOKEN" || \
   echo "  ⚠ Skipping litellm"
 
+[ -n "$XLEDGER_API_TOKEN" ] && [ -n "$XLEDGER_HOST" ] && \
+  upsert_secret "xledger" "$XLEDGER_HOST" "Authorization" "token $XLEDGER_API_TOKEN" || \
+  echo "  ⚠ Skipping xledger"
+
 echo ""
 
 # ── Register global-claw agent if missing ────────────────────────────────────
@@ -219,7 +240,14 @@ if ! python3 -c "import yaml" 2>/dev/null; then
   pip3 install pyyaml --quiet --break-system-packages 2>/dev/null || \
   pip3 install pyyaml --quiet 2>/dev/null || \
   pip install pyyaml --quiet 2>/dev/null || \
-  { echo "ERROR: Could not install PyYAML. Run: pip3 install pyyaml"; exit 1; }
+  { echo "  ⚠ Could not install PyYAML — skipping agent secret linking. Run: pip3 install pyyaml"; SKIP_LINKING=1; }
+fi
+
+if [ "${SKIP_LINKING:-0}" = "1" ]; then
+  echo "  ⚠ Skipping agent secret linking (PyYAML unavailable)"
+  echo ""
+  echo "Done."
+  exit 0
 fi
 
 echo "Linking secrets to agents (from agents.yaml)..."

package/template/src/index.ts

@@ -87,23 +87,21 @@ const queue = new GroupQueue();
 
 const onecli = new OneCLI({ url: ONECLI_URL });
 
-function ensureOneCLIAgent(jid: string, group: RegisteredGroup): void {
+async function ensureOneCLIAgent(jid: string, group: RegisteredGroup): Promise<void> {
   if (group.isMain) return;
   const identifier = group.folder.toLowerCase().replace(/_/g, '-');
-  onecli.ensureAgent({ name: group.name, identifier }).then(
-    (res) => {
-      logger.info(
-        { jid, identifier, created: res.created },
-        'OneCLI agent ensured',
-      );
-    },
-    (err) => {
+  try {
+    const res = await onecli.ensureAgent({ name: group.name, identifier });
+    logger.info(
+      { jid, identifier, created: res.created },
+      'OneCLI agent ensured',
+    );
+  } catch (err) {
       logger.debug(
         { jid, identifier, err: String(err) },
         'OneCLI agent ensure skipped',
       );
-    },
-  );
+  }
 }
 
 function loadState(): void {
@@ -757,15 +755,19 @@ async function main(): Promise<void> {
   // Auto-register any agents from agents.yaml whose channel env vars are set.
   autoRegisterAgentsFromYaml();
 
+  // Ensure all registered agents exist in OneCLI's PostgreSQL FIRST — must complete
+  // before ensureOneCLISecrets() runs, otherwise the secrets script cannot link
+  // secrets to agents that don't exist in OneCLI yet (race condition for new agents).
+  await Promise.all(
+    Object.entries(registeredGroups).map(([jid, group]) =>
+      ensureOneCLIAgent(jid, group),
+    ),
+  );
+
   // Ensure OneCLI secrets are up to date (re-runs only when credentials change).
+  // Runs after ensureOneCLIAgent so agents are guaranteed to exist in OneCLI.
   ensureOneCLISecrets();
 
-  // Ensure OneCLI agents exist for all registered groups.
-  // Recovers from missed creates (e.g. OneCLI was down at registration time).
-  for (const [jid, group] of Object.entries(registeredGroups)) {
-    ensureOneCLIAgent(jid, group);
-  }
-
   restoreRemoteControl();
 
   // Graceful shutdown handlers