feat(skill,guides): AuthKit-native agent auth + consent-framed install runbook#65
Merged
Merged
Conversation
…ter`/`claim` (ZERO-483) The bundled zero skill now encodes the human-vs-autonomous decision rule before any auth command: a present human means `zero auth login` (device flow; `register` is an alias), fully autonomous means `zero auth agent register` (anonymous account + managed wallet, no browser), and `agent register` is never a way to sign a human in. Adds the claim handoff section (`zero auth agent claim <email>`): the hosted page shows the HUMAN a pairing code, they read it back, and the agent completes — inline on a TTY or via the two-invocation `--code` pattern — after which credentials rotate automatically. States the registration facts: wallet created at signup (fund with `zero wallet fund`), claim token + expiry recorded in ~/.zero/config.json, unclaimed accounts cleaned up after the registration expires. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Agents fetching zero.xyz/install.md have been hesitant to follow it: the runbook's guardrails were phrased as behavioral directives from fetched web content, which is exactly the grammar injection classifiers key on. Rewrite keeps every step and protection but moves authority to the operator: - Open with an explicit consent gate: the page acts only on an operator's request, otherwise it is reference documentation. - Convert behavioral commands to stated rationale (verbatim-commands rule, the plugins-dir warning, the web-fetch-summary note). - Permission changes (zero.xyz allowlisting) are surfaced to the operator instead of requested by the page. - Step 2 shows the literal hook command (bash hooks/ensure-runner.sh) with what it does and where it writes, instead of "find and run the hook". - Step 3 gains the autonomous path: zero auth agent register / claim (ZERO-477), alongside the existing device-code sign-in, with guidance to prefer the human path when an operator is present. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…it flow The install paradigm flipped: zero init is now the installer (runner -> plugin) — it detects harnesses and installs the plugin through each harness's own plugin manager, with the portable skill/hooks install as fallback. install.sh provisions the runner and hands off to the same zero init. The runbook still documented the old plugin -> runner order with per-harness plugin commands and a manual hook bootstrap. Replace Steps 1-2 with the real flow (npm i -g @zeroxyz/cli + zero init, or install.sh without Node), describe what init does step by step, and add the npm-provenance verification affordance (npm view @zeroxyz/cli) that empirically clears agent trust gates (ZERO-378). Keeps the consent-framed preamble, both auth paths, and the Claude Chat section. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…fests to main's 1.8.0 pending re-bump
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
spencercharest
marked this pull request as ready for review
July 7, 2026 18:31
Agents hesitate on blind curl|bash because it executes content they never saw. Make inspection the documented default: download install.sh, invite reading it, then run — with two integrity affordances (diff against ensure-runner.sh on main, one documented line different; and the payload being the same @zeroxyz/cli npm package either way). npm route kept as the package-manager alternative. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes ZERO-483. Consolidates #64 into this PR (same feature surface, one release). Follows piedotorg/zero#748 (ZERO-477).
What this ships
1. Skill: teach AuthKit-native agent auth (from #64)
The bundled
zeroskill's Authentication section now opens with the decision rule — who is the account for: human present →zero auth login(device flow), fully autonomous →zero auth agent register(anonymous account + managed wallet, no browser), neveragent registerwhen a human is present. Includes the claim handoff (zero auth agent claim <email>).2. Guides: consent-framed, runner-first rewrite of the install runbook (served at zero.xyz/install.md)
npm view @zeroxyz/cli) that empirically cleared trust gates.npm i -g @zeroxyz/cli && zero init(orinstall.shwithout Node) —zero initdoes the per-harness plugin installs itself; the old per-harness commands and manual hook bootstrap are gone.3. Version bump
1.8.0 → 1.9.0(make minor) — the skill change ships with the plugin.Companion paste-prompt (goal state)
Notes
zero auth agent register/claim) #64's stale 1.4.0 bumps re-done on top of 1.8.0).zero auth agent registerreturns 503 untilWORKOS_AUTHKIT_DOMAINis enabled in prod (ZERO-477); both the skill and guide frame the human path as the default.🤖 Generated with Claude Code