truefoundry-access-tokens

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Routing note: For ambiguous user intents, use the shared clarification templates in references/intent-clarification.md.

路由说明：如果用户意图不明确，请使用references/intent-clarification.md中的通用澄清模板。

Access Tokens

访问令牌

Manage TrueFoundry personal access tokens (PATs). List, create, and delete tokens used for API authentication and CI/CD pipelines.

管理TrueFoundry个人访问令牌（PAT），可列出、创建和删除用于API身份验证和CI/CD流水线的令牌。

When to Use

适用场景

List, create, or delete personal access tokens for API authentication or CI/CD pipelines.

</objective> <instructions>

Security Policy: Credential Handling

The agent MUST NOT repeat, store, or log token values in its own responses.

After creating a token, direct the user to copy the value from the API response output above — do not re-display it.

Never include token values in summaries, follow-up messages, or any other output.

当你需要列出、创建或删除用于API身份验证或CI/CD流水线的个人访问令牌时使用。

</objective> <instructions>

安全策略：凭据处理

Agent 严禁在自身响应中重复、存储或记录令牌值。

创建令牌后，引导用户从上方的API响应输出中复制值，请勿重新展示。

切勿在摘要、跟进消息或任何其他输出中包含令牌值。

Step 1: Preflight

步骤1：前置检查

Run the

status

skill first to verify

TFY_BASE_URL

and

TFY_API_KEY

are set and valid.

If the user does not have an account or PAT yet, do not continue with the token APIs. First have them run

uv run tfy register

, complete any browser-based CAPTCHA or human verification the CLI requests, verify their email, open the tenant URL returned by the CLI, and create their first PAT from the tenant dashboard.

When using direct API, set

TFY_API_SH

to the full path of this skill's

scripts/tfy-api.sh

. See

references/tfy-api-setup.md

for paths per agent.

首先运行

status

skill，验证

TFY_BASE_URL

和

TFY_API_KEY

已配置且有效。

如果用户还没有账号或PAT，请不要继续调用令牌相关API。首先让他们运行

uv run tfy register

，完成CLI要求的浏览器端CAPTCHA或人工验证，验证邮箱，打开CLI返回的租户URL，然后从租户控制台创建他们的第一个PAT。

使用直接调用API的方式时，请将

TFY_API_SH

设置为该skill下

scripts/tfy-api.sh

的完整路径。各Agent对应的路径请参考

references/tfy-api-setup.md

。

Step 2: List Access Tokens

步骤2：列出访问令牌

Via Tool Call

通过工具调用

tfy_access_tokens_list()

tfy_access_tokens_list()

Via Direct API

通过直接调用API

bash

TFY_API_SH=~/.claude/skills/truefoundry-access-tokens/scripts/tfy-api.sh

bash

TFY_API_SH=~/.claude/skills/truefoundry-access-tokens/scripts/tfy-api.sh

List all personal access tokens

$TFY_API_SH GET /api/svc/v1/personal-access-tokens


Present results:

Personal Access Tokens:

Name	ID	Created At	Expires At
ci-pipeline	pat-abc	2025-01-15	2025-07-15
dev-local	pat-def	2025-03-01	Never


**Security:** Never display token values. They are only shown once at creation time.

$TFY_API_SH GET /api/svc/v1/personal-access-tokens


结果展示：

Personal Access Tokens:

Name	ID	Created At	Expires At
ci-pipeline	pat-abc	2025-01-15	2025-07-15
dev-local	pat-def	2025-03-01	Never


**安全提示：** 永远不要展示令牌值，它们仅在创建时显示一次。

Step 3: Create Access Token

步骤3：创建访问令牌

Ask the user for a token name before creating.

创建前请先向用户询问令牌名称。

Via Tool Call

通过工具调用

tfy_access_tokens_create(payload={"name": "my-token"})

Note: Requires human approval (HITL) via tool call.

tfy_access_tokens_create(payload={"name": "my-token"})

注意： 通过工具调用需要人工审批（HITL）。

Via Direct API

通过直接调用API

bash

undefined

bash

undefined

Create a new personal access token

$TFY_API_SH POST /api/svc/v1/personal-access-tokens '{"name":"my-token"}'


**IMPORTANT:** The token value is returned ONLY in the creation response.

> **Security: Token Display Policy**
> - Default to showing only a masked preview (for example: first 4 + last 4 characters).
> - Show the full token only after explicit user confirmation that they are ready to copy it now.
> - If a full token is shown, show it only once, in a minimal response, and never repeat it in summaries/follow-up messages.
> - The agent must NEVER store, log, or re-display the token value after the initial one-time reveal.
> - If the user asks to see the token again later, instruct them to create a new token.

Present the result:

Token created successfully! Name: my-token Token (masked): tfy_...

If user explicitly confirms they are ready to copy it: One-time token: <full value from API response>

⚠️ Save this token NOW — it will not be shown again. Store it in a password manager, CI/CD secret store, or TrueFoundry secret group. Never commit tokens to Git or share them in plain text.

undefined

$TFY_API_SH POST /api/svc/v1/personal-access-tokens '{"name":"my-token"}'


**重要提示：** 令牌值仅在创建响应中返回。

> **安全：令牌展示策略**
> - 默认仅展示掩码预览（例如：前4位+后4位字符）。
> - 仅在用户明确确认他们已准备好复制时，才展示完整令牌。
> - 展示完整令牌时，仅展示一次，使用最简洁的响应，切勿在摘要/跟进消息中重复。
> - 首次一次性展示后，Agent 严禁存储、记录或重新展示令牌值。
> - 如果用户后续要求再次查看令牌，告知他们需要创建新令牌。

结果展示：

Token created successfully! Name: my-token Token (masked): tfy_...

If user explicitly confirms they are ready to copy it: One-time token: <full value from API response>

⚠️ Save this token NOW — it will not be shown again. Store it in a password manager, CI/CD secret store, or TrueFoundry secret group. Never commit tokens to Git or share them in plain text.

undefined

Step 4: Delete Access Token

步骤4：删除访问令牌

Ask for confirmation before deleting — this is irreversible and will break any integrations using the token.

删除前请先询问用户确认，该操作不可逆，会破坏所有使用该令牌的集成。

Via Tool Call

通过工具调用

tfy_access_tokens_delete(id="TOKEN_ID")

Note: Requires human approval (HITL) via tool call.

tfy_access_tokens_delete(id="TOKEN_ID")

注意： 通过工具调用需要人工审批（HITL）。

Via Direct API

通过直接调用API

bash

undefined

bash

undefined

Delete a personal access token

$TFY_API_SH DELETE /api/svc/v1/personal-access-tokens/TOKEN_ID


</instructions>

<success_criteria>

$TFY_API_SH DELETE /api/svc/v1/personal-access-tokens/TOKEN_ID


</instructions>

<success_criteria>

Success Criteria

成功标准

The user can list all personal access tokens in a formatted table
The user can create a new token and receives a masked preview by default
Full token reveal happens only on explicit confirmation and only once
The user has been warned to save the token value immediately
The user can delete a token after confirmation
The agent has never displayed existing token values — only new tokens at creation time

</success_criteria>

用户可以格式化表格形式列出所有个人访问令牌
用户可以创建新令牌，默认收到掩码预览
仅在用户明确确认后才展示完整令牌，且仅展示一次
已提醒用户立即保存令牌值
用户可以在确认后删除令牌
Agent 从未展示已存在的令牌值，仅在创建时展示新令牌的值

</success_criteria>

Composability

可组合性

GitOps / CI/CD: PATs are needed for automated deployments (
```
gitops
```
skill,
```
deploy
```
skill declarative apply workflow)
Status: Use
```
status
```
skill to verify a PAT is working
Secrets: Store PATs as secrets for deployments (
```
secrets
```
skill)

GitOps / CI/CD：自动化部署需要PAT（
```
gitops
```
skill、
```
deploy
```
skill声明式应用工作流）
Status：使用
```
status
```
skill验证PAT是否有效
Secrets：将PAT作为部署密钥存储（
```
secrets
```
skill）

API Endpoints

API端点

See

references/api-endpoints.md

for the full Personal Access Tokens API reference.

</references> <troubleshooting>

完整的个人访问令牌API参考请查看

references/api-endpoints.md

。

</references> <troubleshooting>

Error Handling

错误处理

Permission Denied

权限不足

Cannot manage access tokens. Check your API key permissions.

Cannot manage access tokens. Check your API key permissions.

Token Not Found

令牌未找到

Token ID not found. List tokens first to find the correct ID.

Token ID not found. List tokens first to find the correct ID.

Token Name Already Exists

令牌名称已存在

A token with this name already exists. Use a different name.

A token with this name already exists. Use a different name.

Deleted Token Still In Use

已删除的令牌仍在使用中

If services fail after token deletion, they were using the deleted token.
Create a new token and update the affected services/pipelines.

If services fail after token deletion, they were using the deleted token.
Create a new token and update the affected services/pipelines.

Cannot Retrieve Token Value

无法获取令牌值

Token values are only shown at creation time. If lost, delete the old token
and create a new one, then update all services that used the old token.

</troubleshooting>

Token values are only shown at creation time. If lost, delete the old token
and create a new one, then update all services that used the old token.

</troubleshooting>

Name

Created At

Expires At

ci-pipeline

pat-abc

2025-01-15

2025-07-15

dev-local

pat-def

2025-03-01

Never

Name

Created At

Expires At

ci-pipeline

pat-abc

2025-01-15

2025-07-15

dev-local

pat-def

2025-03-01

Never

**IMPORTANT:** The token value is returned ONLY in the creation response. > **Security: Token Display Policy** > - Default to showing only a masked preview (for example: first 4 + last 4 characters). > - Show the full token only after explicit user confirmation that they are ready to copy it now. > - If a full token is shown, show it only once, in a minimal response, and never repeat it in summaries/follow-up messages. > - The agent must NEVER store, log, or re-display the token value after the initial one-time reveal. > - If the user asks to see the token again later, instruct them to create a new token. Present the result:

**重要提示：** 令牌值仅在创建响应中返回。 > **安全：令牌展示策略** > - 默认仅展示掩码预览（例如：前4位+后4位字符）。 > - 仅在用户明确确认他们已准备好复制时，才展示完整令牌。 > - 展示完整令牌时，仅展示一次，使用最简洁的响应，切勿在摘要/跟进消息中重复。 > - 首次一次性展示后，Agent 严禁存储、记录或重新展示令牌值。 > - 如果用户后续要求再次查看令牌，告知他们需要创建新令牌。结果展示：