shepherd-onboard 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/bin/shepherd-onboard.js +5 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -12,6 +12,7 @@ npx -y shepherd-onboard@latest agent
|
|
|
12
12
|
|
|
13
13
|
The command prints the exact prompt the agent should follow, then the exact follow-up commands to open Shepherd WorkOS login/signup, open source auth, open Granola's API key page, finalize, start cloud raw polling/backfills, and install local Messages sync.
|
|
14
14
|
The agent prompt tells coding agents to ask short selection questions first: existing/new org, sources to connect, and Messages skip/provide-handle. Account creation/relinking always starts with Shepherd WorkOS auth.
|
|
15
|
+
Existing-organization joins are verified from Shepherd login and company email domain; the typed org name is not trusted by itself.
|
|
15
16
|
|
|
16
17
|
## Human Terminal One-liner
|
|
17
18
|
|
|
@@ -25,6 +26,7 @@ The command:
|
|
|
25
26
|
- asks for name, organization, and an optional local Messages handle
|
|
26
27
|
- creates or reuses the Shepherd customer account from the WorkOS-authenticated email
|
|
27
28
|
- creates or reuses the organization, including case-insensitive and close-name matches
|
|
29
|
+
- only reuses an existing organization when the authenticated account is allowed to join it
|
|
28
30
|
- opens Google Workspace authorization for Gmail, Drive, Docs, and Calendar consent
|
|
29
31
|
- opens Slack authorization
|
|
30
32
|
- opens the Granola desktop app to Settings -> Connectors -> API keys
|
package/bin/shepherd-onboard.js
CHANGED
|
@@ -553,6 +553,7 @@ function printAgentContract() {
|
|
|
553
553
|
"Ask whether they are joining an existing organization or creating a new one.",
|
|
554
554
|
"Run Shepherd WorkOS login/signup before source setup. Do not ask whether they already have an account.",
|
|
555
555
|
"Collect Full name and Organization name as direct text prompts after those choices. The email comes from WorkOS auth.",
|
|
556
|
+
"Tell the user Shepherd verifies existing-org joins from the authenticated WorkOS account and company email domain. The typed org name is not trusted by itself.",
|
|
556
557
|
"Ask Messages as a selectable choice: Skip Messages, or Provide handle.",
|
|
557
558
|
"If the user chooses Provide handle, ask for the phone number or Apple ID email.",
|
|
558
559
|
],
|
|
@@ -600,6 +601,7 @@ function printAgentContract() {
|
|
|
600
601
|
"--granola-api-key \"<granola_key>\" if Granola is being connected",
|
|
601
602
|
],
|
|
602
603
|
statusCommand: `${command} agent --status`,
|
|
604
|
+
orgSecurity: "Existing organizations are only reused when Shepherd can verify the authenticated user belongs there, for example by an existing Shepherd account/membership or matching non-personal company email domain. Similar spelling helps match verified orgs, but cannot attach an unverified user to someone else's org.",
|
|
603
605
|
expectedResult: "Cloud sources start raw polling/backfill in the customer-facing Shepherd environment. Local Messages starts via a macOS LaunchAgent when run on macOS. Downstream wiki, memory, and summary compilers remain outside this onboarding flow.",
|
|
604
606
|
granolaApiKeyCommand: `${command} granola-api-keys`,
|
|
605
607
|
granolaApiKeyPath: "Granola desktop app -> Settings -> Connectors -> API keys",
|
|
@@ -623,6 +625,8 @@ Start with selection questions to determine intent:
|
|
|
623
625
|
2. Sources: Google Workspace (Gmail/Drive/Docs/Calendar), Slack, Granola, Messages. Allow multi-select if your interface supports it.
|
|
624
626
|
3. Messages, if selected: Skip Messages, or Provide handle.
|
|
625
627
|
|
|
628
|
+
When discussing existing orgs, keep it short: Shepherd verifies the join from their Shepherd login and company email domain. The org name they type is not trusted by itself.
|
|
629
|
+
|
|
626
630
|
Before source setup, always run:
|
|
627
631
|
${payload.loginCommand}
|
|
628
632
|
|
|
@@ -635,7 +639,7 @@ Ask the user for:
|
|
|
635
639
|
|
|
636
640
|
Do not ask for their email separately. Use the email returned by WorkOS auth.
|
|
637
641
|
|
|
638
|
-
If they are joining an existing org, ask for the org name they believe they belong to. Shepherd will
|
|
642
|
+
If they are joining an existing org, ask for the org name they believe they belong to. Shepherd will match similar/case-different org names only when the authenticated account is allowed to join that org. Otherwise it creates or uses a separate org.
|
|
639
643
|
|
|
640
644
|
Then run:
|
|
641
645
|
${payload.startCommand}
|