القائمة
Daytona secrets volume setup. Use when the user says Daytona secrets, add provider key, OpenAI key, Anthropic key, eval secrets, /daytona-secrets, or openwork-eval-secrets.
Daytona cloud instance, Den server, OpenWork Cloud, Marketplace onboarding. Use when the user asks to run, launch, start, validate, or record a Daytona cloud/Den instance for OpenWork Cloud flows.
Daytona development environment overview. Use when the user asks about Daytona setup, Daytona toolbox, dev environment, noVNC, CDP, server sandbox, secrets volume, Electron sandbox, standalone Chrome, validation, or artifacts volume.
Daytona seeded cloud demo, demo credentials, Acme Robotics seed. Use when the user asks to spin up, keep running, seed, or prepare an OpenWork Cloud/Den Daytona demo instance.
Run OpenWork UI evals on a Daytona sandbox or local Electron instance. Handles sandbox creation, service startup, and eval execution via CDP browser tools.
Daytona Electron sandbox testing with CDP/noVNC. Use when the user says test on Daytona, run Electron on Daytona, Daytona dry run, test Electron remotely, reproduce on Daytona, or validate a real desktop flow.
Daytona UI flow validation loop. Use when validating real app behavior, checking a Daytona flow, proving a bug is fixed, or deciding pass/fail from CDP snapshots, screenshots, and assertions.
| name | daytona-secrets-volume |
| description | Daytona secrets volume setup. Use when the user says Daytona secrets, add provider key, OpenAI key, Anthropic key, eval secrets, /daytona-secrets, or openwork-eval-secrets. |
Use this skill when Daytona tests need provider keys or other eval-only secrets. Never commit secrets to the repo and never print secret values.
The reusable Daytona volume is:
openwork-eval-secrets:/daytona-secrets
Electron sandboxes mount it automatically through .devcontainer/test-on-daytona.sh.
The Electron starter sources every file matching:
/daytona-secrets/*.env
This is a Daytona reusable volume, not a host directory. You cannot inspect it directly from the local filesystem. To add, list, or test files, mount it into a temporary Daytona sandbox or use an existing sandbox that mounted the volume.
Create a local env file, then copy it into the volume:
bash .devcontainer/setup-daytona-secrets-volume.sh <local-env-file> <name>.env
Examples:
bash .devcontainer/setup-daytona-secrets-volume.sh .newtoken openai.env
bash .devcontainer/setup-daytona-secrets-volume.sh .anthropic anthropic.env
bash .devcontainer/setup-daytona-secrets-volume.sh .google google.env
The destination must be a simple .env filename such as openai.env. The
script copies the file without printing secret values and sets restrictive
permissions. Do not pass secrets as command-line arguments; put them in a local
env file and pass only the filename.
Use normal shell env format:
OPENAI_API_KEY=...
ANTHROPIC_API_KEY=...
GOOGLE_CLIENT_ID=...
GOOGLE_CLIENT_SECRET=...
Only include variables needed by evals. Keep files small and purpose-specific.
If the sandbox is already running, restart Electron so it reloads /daytona-secrets/*.env:
daytona exec "$SANDBOX" -- "bash -lc 'pkill -f electron || true; pkill -f electron-dev || true; pkill -f opencode || true'"
sleep 3
daytona exec "$SANDBOX" -- "bash -lc 'cd /workspace && bash /opt/openwork-daytona/start-daytona-electron.sh --detach'"
Do not chain the kill and restart in one daytona exec command. The pkill
pattern can terminate the exec wrapper itself.
Check only filenames or whether expected variables are present:
daytona exec "$SANDBOX" -- 'ls -la /daytona-secrets'
daytona exec "$SANDBOX" -- "bash -lc 'set -a; source /daytona-secrets/openai.env; test -n \"${OPENAI_API_KEY:-}\"'"
Never run commands that print token values.
/daytona-secrets/*.env is sourced again.test -n "$OPENAI_API_KEY" is safe; env, printenv, or cat is not.