WIZ-8 Apply transaction + Done screen — atomic apply, master-key backup nag #679

New issue

Closed

opened 2026-05-01 19:27:53 +00:00 by claude-desktop · 1 comment

claude-desktop commented 2026-05-01 19:27:53 +00:00

Collaborator

Copy link

User story

As an operator, I want a single POST /onboarding/apply that atomically configures every wizard choice (agents, secrets, plugin/mcp overrides, renames, webhooks) — and a Done screen that nags me to back up the master key — so a failure doesn't leave me half-configured.

Acceptance criteria

Apply endpoint

• POST /onboarding/apply body { ...full setup row contents }. Operator-auth-gated.
• One DB transaction:
  1. Insert agents rows for every chosen type / pool size, keyed by role.
  2. Insert secret rows for every PAT (encrypted via SC-6 helper).
  3. Insert config_revision rows for every starter-pack choice (plugins, MCPs, system_prompt appendices).
  4. Call WIZ-prereq-B rename endpoint inline for any type whose name diverged from default.
  5. Install webhooks on every selected repo via ForgePort.createWebhook.
  6. Mark setup.wizard_completed_at = Date.now().
• Trigger agent-env-sync.renderForInstance for every new agent post-commit.
• Returns 200 { ok: true, summary: { agents_created, secrets_added, repos_watched, webhooks_installed, plugins_enabled, mcps_enabled } }.
• On any failure: roll back every step, return 500 with the error. The wizard's UI restores from setup row's mid-flow state and surfaces the error inline.
• Webhook-install error policy: pick one (rollback all OR partial-land + report) and document in handler docstring.

Done screen

• Summary bullets per the spec architecture section (forge, repos, agents, plugins).
• Master-key backup nag: explicit copy + the on-disk path (~/.config/systemd/user/claude-hooks.service.d/secret-key.conf). [ ] I've backed up the key checkbox required to enable the Open dashboard → button.
• Suggested next steps: open issue → assign dev / browse /agents/dev → check audit log.

Tests

• Smoke: full wizard end-to-end — fixture forge + fixture repos + 4 agents + 2 PATs → DB state matches expectations + webhooks installed (mocked).
• Failure: simulated webhook-install error rolls back the entire transaction; no half-installed state.
• Done screen: backup-checkbox-required behavior verified.

Out of scope

• Re-run wizard affordance (WIZ-9).

References

• specs/first-login-wizard.md §Story WIZ-8
• Depends on WIZ-1..WIZ-7.

## User story As an operator, I want a single `POST /onboarding/apply` that atomically configures every wizard choice (agents, secrets, plugin/mcp overrides, renames, webhooks) — and a Done screen that nags me to back up the master key — so a failure doesn't leave me half-configured. ## Acceptance criteria ### Apply endpoint - [ ] `POST /onboarding/apply` body `{ ...full setup row contents }`. Operator-auth-gated. - [ ] One DB transaction: 1. Insert `agents` rows for every chosen type / pool size, keyed by role. 2. Insert `secret` rows for every PAT (encrypted via SC-6 helper). 3. Insert `config_revision` rows for every starter-pack choice (plugins, MCPs, system_prompt appendices). 4. Call WIZ-prereq-B rename endpoint inline for any type whose name diverged from default. 5. Install webhooks on every selected repo via `ForgePort.createWebhook`. 6. Mark `setup.wizard_completed_at = Date.now()`. - [ ] Trigger `agent-env-sync.renderForInstance` for every new agent post-commit. - [ ] Returns 200 `{ ok: true, summary: { agents_created, secrets_added, repos_watched, webhooks_installed, plugins_enabled, mcps_enabled } }`. - [ ] On any failure: roll back every step, return 500 with the error. The wizard's UI restores from `setup` row's mid-flow state and surfaces the error inline. - [ ] Webhook-install error policy: pick one (rollback all OR partial-land + report) and document in handler docstring. ### Done screen - [ ] Summary bullets per the spec architecture section (forge, repos, agents, plugins). - [ ] Master-key backup nag: explicit copy + the on-disk path (`~/.config/systemd/user/claude-hooks.service.d/secret-key.conf`). `[ ] I've backed up the key` checkbox **required** to enable the `Open dashboard →` button. - [ ] Suggested next steps: open issue → assign dev / browse `/agents/dev` → check audit log. ### Tests - [ ] Smoke: full wizard end-to-end — fixture forge + fixture repos + 4 agents + 2 PATs → DB state matches expectations + webhooks installed (mocked). - [ ] Failure: simulated webhook-install error rolls back the entire transaction; no half-installed state. - [ ] Done screen: backup-checkbox-required behavior verified. ## Out of scope - Re-run wizard affordance (WIZ-9). ## References - `specs/first-login-wizard.md` §Story WIZ-8 - Depends on **WIZ-1**..**WIZ-7**.

claude-desktop added the

area:agents

type:user-story

labels 2026-05-01 19:28:16 +00:00

claude-desktop added this to the First-login wizard milestone 2026-05-01 19:28:25 +00:00

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#672 WIZ-1 Onboarding state table + /onboarding/should-redirect trigger

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#673 WIZ-2 Wizard shell + 6-step stepper

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#674 WIZ-3 Repos screen — multi-select + webhook install

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#675 WIZ-4 Agent types screen — rename + pool sizing + drop-design toggle

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#676 WIZ-5 Stack detection + starter-pack file

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#677 WIZ-6 Customize screen — stack-aware suggestions, system-prompt appendices

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#678 WIZ-7 Tokens screen — per-agent PAT input + bulk-paste + skip

claude-desktop added a new dependency 2026-05-01 20:35:35 +00:00

#680 WIZ-9 Re-run wizard affordance + admin reset

code-lead self-assigned this 2026-05-01 23:40:20 +00:00

code-lead commented 2026-05-01 23:40:20 +00:00

Collaborator

Copy link

🤖 Auto-assigned to boss (heuristic: area:agents → boss (architecture-touching)). Reply /unassign to reroute.

🤖 Auto-assigned to **boss** (heuristic: area:agents → boss (architecture-touching)). Reply `/unassign` to reroute.

code-lead referenced this issue from a commit 2026-05-02 00:05:08 +00:00

feat(onboarding): WIZ-8 apply transaction + Done screen

code-lead referenced this issue from a pull request that will close it, 2026-05-02 00:05:28 +00:00

WIZ-8 apply transaction + Done screen #704

charles closed this issue 2026-05-02 00:42:40 +00:00

charles referenced this issue from a commit 2026-05-02 00:42:41 +00:00

WIZ-8 apply transaction + Done screen (#704)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

chore/sync-pre-push-from-forge-base

fix/flows-yaml-dispatch-identity

feat/board-tap-to-assign

dev/1107

code-lead/1106

code-lead/1108

dev/1104

code-lead/1103

code-lead/1080

dev/1087

feat/flows-yaml-ci-events

chore/board-drop-stalled-and-density-controls

fix/flows-yaml-routes-always-register

flows-yaml/api-defaults

dev/1023

fix/event-log-history-bleed

fix/janitor-fix-ci-logs-and-cap

dev/1022

fix/board-card-provider

code-lead/1036

dev/1025

code-lead/1020

dev/1017

code-lead/1026

feat/web-shortcut-registry-1018

dev/1015

code-lead/1009

code-lead/1008

dev/975

dev/969

dev/973

dev/967

code-lead/968

code-lead/953

dev/970

dev/976

code-lead/966

code-lead/956

code-lead/951

dev/962

dev/963

dev/977

dev/955

dev/983

dev/961

dev/974

code-lead/950

code-lead/939

dev/941

dev/940

dev/937

dev/938

dev/936

dev/935

feat/web-i18n-fr-locale

feat/spec-editor-ui-polish

chore/drop-legacy-compat

fix/skills-drop-preview-pane

fix/882-skills-safety-rail

dev/911

dev/909

dev/923

dev/917

dev/915

feat/879-sr11-m2-drop-legacy-skill

code-lead/873

dev/881

code-lead/869

dev/867

code-lead/845

code-lead/843

code-lead/844

dev/837

dev/861

dev/849

code-lead/837

code-lead/842

fix/dedup-rebase-inflight

dev/838

code-lead/847

dev/833

code-lead/848

pr/838

code-lead/841

feat/settings-save-bar/836

code-lead/840

dev/846

code-lead/839

dev/832

fix/board-sse-stale-cache

dev/834

dev/835

feat/settings-breadcrumbs

feat/forge-oauth-credentials

refactor/service-config-consolidation

feat/agent-tokens-to-secrets

feat/gitlab-oauth-to-db

feat/authelia-rip-and-voice-fixes

fix/rebase-storm-and-dead-letter

code-lead/797

code-lead/796

dev/811

code-lead/798

dev/810

code-lead/795

dev/808

code-lead/794

dev/805

dev/802

dev/803

feat/avatar-menu-settings-entry

feat/per-agent-token-tracking

dev/793

dev/747

dev/752

code-lead/790

code-lead/759

dev/756

dev/760

dev/741

dev/767

dev/740

dev/709

dev/644

dev/637

boss/614

dev/600

dev/611

dev/585

fix/login-bonus-fixes

boss/544

dev/542

refactor/api-prefix-and-session-gate

dev/489

boss/531

boss/518

dev/499

boss/516

dev/530

dev/517

dev/519

dev/515

dev/522

dev/503

dev/471

boss/329

dev/417

dev/418

dev/402

boss/327

dev/334

dev/332

boss/326

boss/325

dev/331

boss/324

boss/323

boss/322

dev/294

test/s11-task-analytics

dev/262

boss/270

dev/268

foreman/ui-consolidation-spec

dev/234

boss/196

boss/176

boss/164

fix/124-session-persist-bind

boss/52

dev/87

boss/73

dev/77

dev/81

dev/82

boss/79

dev/42

dev/35

boss/7

No results found.

Labels

Clear labels   

area:agents

Agent types, pool scheduling, per-instance config

  

area:dashboard

Dashboard UI and observability surfaces

  

area:database

DB layer — schema, migrations, ORM, raw SQL

  

area:design

UI/UX mockup work — routes to designer agent

  

area:design-review

Design review dispatch — routes to design-reviewer agent

  

area:flows

Flow runner — YAML loader, executor, op registry, expression eval

  

area:infra

Deployment, isolation, containers, systemd units

  

area:meta

Tracking, scaffolding, project setup

  

area:security

Security — routes to reviewer-security (opus)

  

area:sessions

Session-id store, Claude SDK resume logic

  

area:webhook

Forgejo webhook routing and handlers

  

area:workdir

Clone cache, worktrees, git identity

  

security

Security-sensitive issue

  

type:bug

Bug

  

type:chore

Chore

  

type:meta

Tracking or decisions, not implementation work

  

type:user-story

User story

No labels

area:agents

area:dashboard

area:database

area:design

area:design-review

area:flows

area:infra

area:meta

area:security

area:sessions

area:webhook

area:workdir

security

type:bug

type:chore

type:meta

type:user-story

Milestone

Clear milestone

No items

No milestone

First-login wizard

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

code-lead

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks

#680 WIZ-9 Re-run wizard affordance + admin reset

charles/claude-hooks

Depends on

#672 WIZ-1 Onboarding state table + /onboarding/should-redirect trigger

charles/claude-hooks

#673 WIZ-2 Wizard shell + 6-step stepper

charles/claude-hooks

#674 WIZ-3 Repos screen — multi-select + webhook install

charles/claude-hooks

#675 WIZ-4 Agent types screen — rename + pool sizing + drop-design toggle

charles/claude-hooks

#676 WIZ-5 Stack detection + starter-pack file

charles/claude-hooks

#677 WIZ-6 Customize screen — stack-aware suggestions, system-prompt appendices

charles/claude-hooks

#678 WIZ-7 Tokens screen — per-agent PAT input + bulk-paste + skip

charles/claude-hooks

Reference

charles/claude-hooks#679

No description provided.