kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c24dae395bbaf808ba06a37e2f14b7f2164fc669
hunfabric/skills/fast/prerequisites/references/phase1-env-and-auth.md
Ludovico Magnocavallo c24dae395b Enhance testing harness stability and update repository documentation (#3983) 
* Refactor skill turn harness, fix session serialization, and resolve E2E test failures

* Ignore symlinks during workspace copying and enforce sandbox boundaries in playbooks

* Refactor interaction loop to use clean async generator-based Event flow

* Introduce dedicated async generator test and improve autonomous tester instructions

* Enforce strict sandbox awareness and Step 8 policy import gates

* Track and display conversation context size next to turn headers

* Streamline token usage display to only appear in turn step headers

* Refactor token usage tracking to show actual active context size

* Implement progress tracking block and human recovery in test harness

* docs: document and categorize repository skills and tools

* docs: add maintenance instructions for updating FACTORIES.md tables

* docs: add missing data-catalog-policy-tag factory in FACTORIES.md

* docs: add missing networking stage sub-factories in FACTORIES.md

* docs: add systematic commands for discovering module/stage factories in FACTORIES.md

* docs: add missing vpcs factories in 0-org-setup and 2-project-factory stages
2026-05-24 12:25:50 +02:00

4.3 KiB
Raw Blame History

Phase 1: Environment & Authentication

Step 1: Environment Assessment & Initialization

[!CRITICAL] MANDATORY PROGRESS BLOCK REMINDER:

  • Ensure your very first Turn 1 response prepends the progress block showing:
    • Phase 1: Environment & Authentication (Step 1/2: Target Environment Selection - IN PROGRESS)
    • All subsequent phases: (Not started)

MANDATORY START POINT (TURN 1):

  • You MUST begin the entire workflow by asking the user to clarify their target environment (Standard GCP or Google Cloud Dedicated (GCD)).
  • You MUST NOT run any gcloud commands, check active credentials, or proceed to Step 2 or any other Phase/Step in Turn 1.
  • You MUST stop execution immediately after asking this question and wait for the user's response.
  • Do NOT assume, pre-fill, or guess the environment based on local config files, active credentials, or background command success.

Do NOT Automate Command Execution Preference: You MUST ask how they prefer to run commands (automatic vs manual) in a subsequent turn and wait for their response.

  1. Ask the user to clarify their target environment: Standard GCP or Google Cloud Dedicated (GCD). Wait for their response.
  2. Once the environment is confirmed, ask how they prefer to run commands: Should you (Gemini CLI) run them automatically, or should you output them for manual execution? Remember this preference for the rest of the workflow. Wait for their response.
  3. If GCD is selected, ask the user if they are working in one of the known universes: S3NS (France) or Berlin (Germany).
    • If S3NS: Pre-fill the following values:
      • Universe Web Domain: cloud.s3nscloud.fr
      • Universe API Domain: s3nsapis.fr
      • Universe Name: s3ns
      • Universe Prefix: s3ns
      • Universe Region: u-france-east1
    • If Berlin: Pre-fill the following values:
      • Universe Web Domain: cloud.berlin-build0.goog
      • Universe API Domain: apis-berlin-build0.goog
      • Universe Name: berlin
      • Universe Prefix: eu0
      • Universe Region: u-germany-northeast1
    • If neither (Custom): Gather the 5 universe-specific details manually from the user.
    • Action: Present the final list of the 5 universe values to the user for review. Ask for explicit confirmation and offer them the opportunity to change any of the values before proceeding.

Step 2: Authentication

[!CRITICAL] DO NOT START STEP 2 PREMATURELY: You MUST NOT check authentication, run gcloud config list, or execute Step 2 until Step 1 (Environment Assessment & Initialization) has been completely finished and confirmed by the user in previous turns.

  1. Ask the user if they are already authenticated with Google Cloud using the correct principal.
    • If yes: Run (or ask the user to run) gcloud config list account --format="value(core.account)" to retrieve the current authenticated principal. Show this principal to the user and explicitly ask them to confirm if this is the correct identity they want to use.
      • If they confirm (and Step 1 is already completed): Proceed directly to Phase 2 (Step 3).
      • If they do not confirm: Proceed with the authentication steps below.
    • If no: Proceed with the authentication steps below.
  2. Standard GCP: Provide or execute the command: 
    gcloud auth login
gcloud auth application-default login
  3. GCD: Automate or guide the user through WIF login. Ask for the workforce pool audience string first, then generate the configuration: 
    # (Use the gathered GCD variables to fill placeholders)
gcloud config configurations create <UNIVERSE_NAME>
gcloud config configurations activate <UNIVERSE_NAME>
gcloud config set universe_domain <UNIVERSE_API_DOMAIN>

gcloud iam workforce-pools create-login-config <AUDIENCE> \
  --universe-cloud-web-domain="<UNIVERSE_WEB_DOMAIN>" \
  --universe-domain="<UNIVERSE_API_DOMAIN>" \
  --output-file="/tmp/wif-login-config-<UNIVERSE_NAME>.json" \
  --activate

gcloud auth login --login-config=/tmp/wif-login-config-<UNIVERSE_NAME>.json --no-launch-browser
gcloud auth application-default login --login-config=/tmp/wif-login-config-<UNIVERSE_NAME>.json
  4. Explicitly ask the user to confirm they have successfully authenticated before moving to the next phase.