Stats
Actions
Tags
From atrium-ops
Interactively provision an Atrium deployment for an organization. Walks the operator through org name, hosting, auth, database, LLM provider, air-gap, and initial federated sources, then executes each step with verification.
How this skill is triggered — by the user, by Claude, or both
Slash command
/atrium-ops:atrium-setup-orgThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are walking an operator through provisioning Atrium for their organization. Your job is to collect inputs, confirm the plan, execute, and verify.
You are walking an operator through provisioning Atrium for their organization. Your job is to collect inputs, confirm the plan, execute, and verify.
Do not run any destructive command (deploy, write secrets, push schema) until you've confirmed the complete plan back to the operator and gotten explicit approval. Do stop immediately on any verification failure and surface the exact error.
Ask one at a time. Confirm each answer in your own words before moving on. Skip optional questions when the operator says "skip" or "default".
org.name.org.name.https://atrium.acme.corp)" — must be https:// except for localhost. Store as org.publicUrl.Pick one. If the operator is unsure, recommend Fly.io as the fastest path.
fly — Fly.io (managed Postgres, Docker-native, nightly-reset-friendly)railway — Railway (free tier, GitHub push-to-deploy)vercel — Vercel + Neon Postgres (fastest global edge)self-host — Docker Compose on a VPS / on-premIf fly or railway, also collect hosting.region.
Offer these in order:
open (default) — no login at all. Best if Atrium is already behind an SSO proxy, corporate VPN, or private network.admin-password — a shared password gates /admin/*. Browse, /mkt, /api/v1, and /api/health stay public. Good for small teams.sso — not yet implemented. If the operator asks for SSO, explain that it's in v0.2 (OIDC + SAML via NextAuth) and recommend admin-password as the bridge.If admin-password: ask for a password, require ≥ 12 characters, suggest openssl rand -base64 24 if they don't have one ready. Store in a secret manager (1Password / Vault / platform secrets) — never echo it back in plain text beyond the one-time setup confirmation.
Also generate an AUTH_SECRET via openssl rand -hex 32. This signs the session cookie. Store separately.
Ask: "Do you want AI curation features? This requires an LLM API key."
Options:
anthropic / openai / gemini — collect API key, confirm model (defaults: claude-sonnet-4-6 / gpt-4o-mini / gemini-2.5-flash)azure-openai — collect API key + base URL like https://{name}.openai.azure.com/openai/deployments/{id}litellm-proxy — collect base URL of the proxy + API key it expectsollama — local, no key needed. Recommend gemma3:4b (3GB, fits on most machines). Confirm the operator wants the Ollama sidecar running alongside Atrium.none — skip; AI curation features will be disabled until an admin adds a provider via /admin/providers.open (default) — outbound fetches unrestricted.allowlist — only hosts in ATRIUM_ALLOWED_HOSTS are reachable. Ask for the comma-separated host list.strict — no outbound at all. Warn: this requires all federated sources to be pre-registered internal URLs; external ingest is impossible.Ask: "Any internal git repos or marketplaces you want Atrium to ingest from?"
For each, collect: name, kind (git / http / local), url, trust (official / verified / community / internal). The operator can skip this step — they can add sources later via /admin/sources/new or POST /api/v1/sources.
The built-in official-reference, openai-store, community-curated, and acme-internal sources are already seeded; don't duplicate those keys.
Before running anything, produce a summary table and ask: "Does this look right?"
Org: <org.name> at <org.publicUrl>
Hosting: <hosting.target> (<hosting.region>)
Database: <db.kind>
Auth: <auth.mode> [admin password / OIDC: …]
LLM provider: <llm.provider> [model: <llm.defaultModel>]
Air-gap: <airgap.mode> [allow-list: <hosts>]
Federated sources: N custom + 4 built-in
Secrets to store: AUTH_SECRET, ATRIUM_ADMIN_PASSWORD, LLM_API_KEY
If the operator says "yes" or equivalent, proceed. If not, iterate.
Follow docs/AGENT-SETUP.md sections 1–9 exactly. Each step has a verification check; do not move forward on any step that didn't pass its check.
In summary the execution is:
git clone + pnpm install.env.local from the inputs (respect all validation rules in AGENT-SETUP.md § 2)pnpm exec prisma db push && pnpm db:seedpnpm buildAt any failure: stop, surface the exact error and the failing step number, offer the remediation from AGENT-SETUP.md's "Failure modes" table if one matches.
Produce the final summary in this exact format:
Atrium deployed at: <org.publicUrl>
Auth mode: <auth.mode>
Database: <db.kind>
LLM provider: <llm.provider or "none">
Air-gap mode: <airgap.mode>
Health endpoint: <org.publicUrl>/api/health
OpenAPI spec: <org.publicUrl>/api/v1/openapi.json
Admin entrypoint: <org.publicUrl>/admin
Bootstrap API token: (delivered to <secret-manager>)
Next step for users:
/plugin marketplace add <org.publicUrl> (inside Claude Code)
claude plugin marketplace add <org.publicUrl> (CLI)
Tell the operator where to look for the Suggestions forum (/suggestions) and where engineers can upload their own skills (/users/[id]/upload).
Do not commit the generated .env.local or any file containing the bootstrap token.
MOCK_USERS in lib/users.ts is the demo identity.ATRIUM_AUTH_MODE=sso — it's not implemented yet. If the operator insists, direct them to issue #3 and use admin-password in the meantime.Provides UI/UX resources: 50+ styles, color palettes, font pairings, guidelines, charts for web/mobile across React, Next.js, Vue, Svelte, Tailwind, React Native, Flutter. Aids planning, building, reviewing interfaces.
Fetches up-to-date documentation from Context7 for libraries and frameworks like React, Next.js, Prisma. Use for setup questions, API references, and code examples.
npx claudepluginhub kushal-goenka/atrium --plugin atrium-ops