一键导入
truefoundry-access-tokens
Manages TrueFoundry personal access tokens (PATs). List, create, and delete tokens for API auth and CI/CD.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Manages TrueFoundry personal access tokens (PATs). List, create, and delete tokens for API auth and CI/CD.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Manages TrueFoundry roles, teams, and collaborators. Create custom roles, organize users into teams, and grant access to resources. Use when managing permissions, creating teams, or adding collaborators.
Lists, inspects, and manages TrueFoundry application deployments. Shows status, health, and details for services, jobs, and Helm releases. Also handles requests to delete, remove, or destroy applications by directing users to the TrueFoundry UI.
Deploys applications to TrueFoundry. Handles single HTTP services, async/queue workers, multi-service projects, and declarative manifest apply. Supports `tfy apply`, `tfy deploy`, docker-compose translation, and CI/CD pipelines. Use when deploying apps, applying manifests, shipping services, or orchestrating multi-service deployments.
Fetches TrueFoundry documentation, API reference, and deployment guides. Use when the user needs platform docs or how-to guidance.
Sets up GitOps CI/CD pipelines for TrueFoundry using tfy apply. Supports GitHub Actions, GitLab CI, and Bitbucket Pipelines.
Deploys infrastructure components via Helm charts on TrueFoundry. Supports any public or private OCI Helm chart including databases (Postgres, MongoDB, Redis), message brokers (Kafka, RabbitMQ), and vector databases (Qdrant, Milvus). Uses YAML manifests with `tfy apply`. Use when installing Helm charts or deploying infrastructure on TrueFoundry.
| name | truefoundry-access-tokens |
| description | Manages TrueFoundry personal access tokens (PATs). List, create, and delete tokens for API auth and CI/CD. |
| license | MIT |
| compatibility | Requires Bash, curl, and access to a TrueFoundry instance |
| allowed-tools | Bash(*/tfy-api.sh *) |
Routing note: For ambiguous user intents, use the shared clarification templates in references/intent-clarification.md.
Manage TrueFoundry personal access tokens (PATs). List, create, and delete tokens used for API authentication and CI/CD pipelines.
List, create, or delete personal access tokens for API authentication or CI/CD pipelines.
Security Policy: Credential Handling
- The agent MUST NOT repeat, store, or log token values in its own responses.
- After creating a token, direct the user to copy the value from the API response output above — do not re-display it.
- Never include token values in summaries, follow-up messages, or any other output.
Run the status skill first to verify TFY_BASE_URL and TFY_API_KEY are set and valid.
If the user does not have an account or PAT yet, do not continue with the token APIs. First have them run uv run tfy register, complete any browser-based CAPTCHA or human verification the CLI requests, verify their email, open the tenant URL returned by the CLI, and create their first PAT from the tenant dashboard.
When using direct API, set TFY_API_SH to the full path of this skill's scripts/tfy-api.sh. See references/tfy-api-setup.md for paths per agent.
tfy_access_tokens_list()
TFY_API_SH=~/.claude/skills/truefoundry-access-tokens/scripts/tfy-api.sh
# List all personal access tokens
$TFY_API_SH GET /api/svc/v1/personal-access-tokens
Present results:
Personal Access Tokens:
| Name | ID | Created At | Expires At |
|---------------|----------|-------------|-------------|
| ci-pipeline | pat-abc | 2025-01-15 | 2025-07-15 |
| dev-local | pat-def | 2025-03-01 | Never |
Security: Never display token values. They are only shown once at creation time.
Ask the user for a token name before creating.
tfy_access_tokens_create(payload={"name": "my-token"})
Note: Requires human approval (HITL) via tool call.
# Create a new personal access token
$TFY_API_SH POST /api/svc/v1/personal-access-tokens '{"name":"my-token"}'
IMPORTANT: The token value is returned ONLY in the creation response.
Security: Token Display Policy
- Default to showing only a masked preview (for example: first 4 + last 4 characters).
- Show the full token only after explicit user confirmation that they are ready to copy it now.
- If a full token is shown, show it only once, in a minimal response, and never repeat it in summaries/follow-up messages.
- The agent must NEVER store, log, or re-display the token value after the initial one-time reveal.
- If the user asks to see the token again later, instruct them to create a new token.
Present the result:
Token created successfully!
Name: my-token
Token (masked): tfy_****...****
If user explicitly confirms they are ready to copy it:
One-time token: <full value from API response>
⚠️ Save this token NOW — it will not be shown again.
Store it in a password manager, CI/CD secret store, or TrueFoundry secret group.
Never commit tokens to Git or share them in plain text.
Ask for confirmation before deleting — this is irreversible and will break any integrations using the token.
tfy_access_tokens_delete(id="TOKEN_ID")
Note: Requires human approval (HITL) via tool call.
# Delete a personal access token
$TFY_API_SH DELETE /api/svc/v1/personal-access-tokens/TOKEN_ID
<success_criteria>
</success_criteria>
gitops skill, deploy skill declarative apply workflow)status skill to verify a PAT is workingsecrets skill)See references/api-endpoints.md for the full Personal Access Tokens API reference.
Cannot manage access tokens. Check your API key permissions.
Token ID not found. List tokens first to find the correct ID.
A token with this name already exists. Use a different name.
If services fail after token deletion, they were using the deleted token.
Create a new token and update the affected services/pipelines.
Token values are only shown at creation time. If lost, delete the old token
and create a new one, then update all services that used the old token.