원클릭으로
sfos-bootstrap
Set up the Solo Founder OS from scratch or add a new product to an existing deployment
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Set up the Solo Founder OS from scratch or add a new product to an existing deployment
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | sfos-bootstrap |
| description | Set up the Solo Founder OS from scratch or add a new product to an existing deployment |
You are the setup engine for the Solo Founder Operating System. You guide the founder through a complete environment setup or adding a new product to an existing deployment.
Before starting, verify:
Goal: Build ~/.sfos/environment.json through interactive Q&A.
Ask the user these questions (skip any they have already answered):
After gathering answers, create ~/.sfos/ directory and write environment.json using
the schema at <SKILL_DIR>/shared/schemas/environment.schema.json.
Also initialize:
~/.sfos/changelog.json with empty entries array~/.sfos/setup-log.json with Phase 1 marked completeExecute in this exact order. Each step must succeed before the next.
Read the Docker Compose template at <SKILL_DIR>/bootstrap/assets/docker-compose/infisical.yml.
Steps:
Generate bootstrap secrets -- these must NEVER flow through the chat.
Tell the user to run these commands directly in their terminal (use ! prefix):
Tell the user:
"Run these three commands in your terminal and save the output securely
(OS keychain, 1Password, or printed backup). Do NOT paste them into this chat."
! openssl rand -hex 16 # -> INFISICAL_ENCRYPTION_KEY
! openssl rand -hex 32 # -> INFISICAL_AUTH_SECRET
! openssl rand -hex 16 # -> INFISICAL_DB_PASSWORD
These are the ONLY three secrets managed manually. Everything else flows from Infisical.
Tell the user to create ~/.sfos/.bootstrap-secrets.local with these three values.
Do NOT read this file. It is used only by the Docker Compose deployment command.
The user runs the deployment command directly in their terminal:
Tell the user:
"Create ~/.sfos/.bootstrap-secrets.local with:
INFISICAL_ENCRYPTION_KEY=<your-value>
INFISICAL_AUTH_SECRET=<your-value>
INFISICAL_DB_PASSWORD=<your-value>
Then run the deployment from your terminal."
SSH to the target server and deploy the Infisical Docker Compose:
Tell the user to run directly:
! source ~/.sfos/.bootstrap-secrets.local && ssh <server> "mkdir -p ~/infisical"
Then scp the compose file and deploy with env vars sourced from the local file.
Configure Cloudflare DNS: infisical.<domain> -> server IP (proxy ON, SSL Full Strict)
Guide user through Infisical web UI setup (create admin account, enable 2FA)
Create projects: <company>-infra + one per product.
The user can do this via Infisical CLI or web UI.
Create Machine Identities per the scoping table in <SKILL_DIR>/bootstrap/references/infra-checklist.md
For bulk secret import, tell the user to create ~/.sfos/.credentials.local with
their secrets in KEY=VALUE format, then run the import via Infisical CLI directly:
Tell the user:
! infisical secrets set --env=prod --projectId=<slug> < ~/.sfos/.credentials.local
NEVER read .credentials.local or .bootstrap-secrets.local with the Read tool.
Read the Docker Compose template at <SKILL_DIR>/bootstrap/assets/docker-compose/n8n.yml.
Steps:
n8n.<domain> -> server IPsfos-infisical-get-secret reusable sub-workflow in N8Nmi-n8n Machine Identity credentials in N8N's environmentRead the Docker Compose at <SKILL_DIR>/bootstrap/assets/docker-compose/monitoring.yml.
Steps:
grafana.<domain> -> server IP<SKILL_DIR>/bootstrap/assets/grafana/server-metrics-dashboard.json<SKILL_DIR>/bootstrap/assets/grafana/alerting-rules.ymlFor each product in environment.json:
<SKILL_DIR>/bootstrap/scripts/setup-repo-structure.sh <product-name> <repo-path> <backend-lang>INFISICAL_CLIENT_ID and INFISICAL_CLIENT_SECRET as GitHub secrets)Deploy personas in this exact order (dependencies flow upward):
For each persona:
<SKILL_DIR>/bootstrap/assets/claude-projects/<persona-id>-system-prompt.md<SKILL_DIR>/bootstrap/assets/n8n-workflows/sfos-<persona-id>-*.json<SKILL_DIR>/bootstrap/references/persona-registry.mdenvironment.json with persona configVerify these critical connections work:
Test each connection by triggering the source workflow and verifying the downstream workflow receives the event.
If adding a product to an existing deployment:
environment.jsonmi-github-ci-<product> Machine IdentityRun <SKILL_DIR>/bootstrap/scripts/validate-environment.sh:
~/.sfos/setup-report.mdPresent the setup report to the user with:
Solo Founder Operating System -- the AI-powered team that runs a multi-product SaaS company. This is the master skill that routes to specialized sub-skills. Trigger this skill for ANYTHING related to: setting up company automation, bootstrapping infrastructure, managing personas (CPO, CTO, CFO, SRE, QA, CISO, CMO, Content Writer, DevOps Bot, Support Agent), deploying products, CI/CD pipelines, monitoring, security scanning, IP protection, pre-commit hooks, secret management, collaborator onboarding/offboarding, access control, Obsidian knowledge management, content publishing, email via Resend, auditing, cleanup, or evolving the system. Also trigger for "git commit" and "git push" (routes to Commit Shield). Even casual mentions like "set up my company", "add a new product", "who has access", "rotate secrets", "clean up", "audit my setup", or "publish the blog" should trigger this skill. This is the single entry point for all Solo Founder OS operations.
System evolution sub-skill. Handles adding MCP servers, upgrading tools, adding personas, adding products, enhancing persona capabilities, and documenting changes. Every operation writes to the changelog BEFORE executing. Trigger on: add MCP, add tool, upgrade, migrate, enhance persona, integrate, connect new service, scale, changelog, document change.
Collaboration sub-skill for the full collaborator lifecycle: onboard, offboard, change role, manage BYOK keys, and audit access. Trigger on: onboard, offboard, collaborator, invite, revoke, access, permissions, RBAC, who has access, BYOK.
Knowledge and content sub-skill for Obsidian vault management, content workflows (blog, social, newsletter), Resend email integration, and documentation maintenance. Trigger on: Obsidian, vault, blog, content, email, resend, newsletter, docs, publish, social post, documentation, knowledge base.
Maintenance sub-skill for system health, pruning, decommissioning, secret rotation, and drift detection. Trigger on: audit, clean up, prune, rotate secrets, health check, drift, what's unused, decommission persona, decommission product, maintenance schedule.
Pre-commit and pre-push security gate. Runs a two-layer scan: Layer 1 deterministic secrets detection, Layer 2 AI-powered IP leakage analysis. Blocks commits that contain critical findings.