{"schema_version":1,"workflow_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","workflow_title":"OpenAuth — Universal Auth Server You Can Self-Host","page_url":"","raw_url":"https://tokrepo.com/raw/4ef9462d-c757-48ec-93c1-db0c2835dc0c","metadata_url":"https://tokrepo.com/metadata/4ef9462d-c757-48ec-93c1-db0c2835dc0c.json","install_plan_url":"https://api.tokrepo.com/api/v1/tokenboard/workflows/install-plan?uuid=4ef9462d-c757-48ec-93c1-db0c2835dc0c&target=codex","recommended_install":{"schema_version":1,"status":"stage","policy":"stage_only","install_mode":"stage_only","target":"codex","command":"npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c --target codex","dry_run_command":"npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c --target codex --dry-run --json","runtime_commands":{"codex":"npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c --target codex","gemini":"npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c --target gemini","project":"npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c"},"prompt":"Install and make this TokRepo asset usable: \"OpenAuth — Universal Auth Server You Can Self-Host\".\n\nPage: \nUUID: 4ef9462d-c757-48ec-93c1-db0c2835dc0c\nTarget adapter: codex\nPolicy/mode: stage_only / stage_only\n\nRead these machine-facing entry points first:\n- metadata: https://tokrepo.com/metadata/4ef9462d-c757-48ec-93c1-db0c2835dc0c.json\n- install contract: https://tokrepo.com/install-contract/4ef9462d-c757-48ec-93c1-db0c2835dc0c.json\n- install plan: https://api.tokrepo.com/api/v1/tokenboard/workflows/install-plan?uuid=4ef9462d-c757-48ec-93c1-db0c2835dc0c&target=codex\n- raw content: https://tokrepo.com/raw/4ef9462d-c757-48ec-93c1-db0c2835dc0c\n\nCommands:\n- choose the current runtime; do not use unsupported CLI targets.\n- Codex: npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c --target codex\n- Gemini CLI: npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c --target gemini\n- Claude Code / project agent: run npx -y tokrepo@latest install 4ef9462d-c757-48ec-93c1-db0c2835dc0c from the project root; add `--dry-run --json` first to inspect the plan.\n- add `--dry-run --json` to the chosen command first; after the plan allows it, run the chosen command.\n\nExecution rules:\n1. Run the install command to stage the asset safely.\n2. Read the staged README, install-plan, and entrypoint files.\n3. Activate scripts, MCP config, or global config only after user confirmation.\n4. Verify usability with the install-plan post_verify checks and the asset README.\n\nReport back with changed files, verification result, and how to use the asset next.","next_steps":["Run the install command to stage the asset safely.","Read the staged README, install-plan, and entrypoint files.","Activate scripts, MCP config, or global config only after user confirmation.","Verify usability with the install-plan post_verify checks and the asset README."],"success_check":["The asset is safely staged.","The agent can give clear activation steps from the staged content."]},"agent_metadata":{"asset_kind":"skill","target_tools":["claude_code","codex","gemini_cli"],"install_mode":"stage_only","entrypoint":"Asset","risk_profile":{"executes_code":false,"modifies_global_config":false,"requires_secrets":["GITHUB_CLIENT_SECRET"],"uses_absolute_paths":false,"network_access":false},"dependencies":{"npm":["@openauthjs/openauth"],"pip":[],"brew":[],"system":[]},"content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","verification":{"commands":[],"expected_files":["Asset"]},"inferred":true},"agent_fit":{"target":"codex","score":29,"status":"stage_only","policy":"stage_only","why":["target_tools includes codex","asset_kind skill","install_mode stage_only","policy stage_only","install_mode is stage_only","risk_profile.requires_secrets is not empty","trust community"],"asset_kind":"skill","install_mode":"stage_only"},"trust":{"author_trust_level":"community","verified_publisher":false,"asset_signed_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","signature_status":"hash_only","install_count":0,"report_count":0,"dangerous_capability_badges":["requires_secrets","stage_only"],"review_status":"unreviewed","signals":["asset has usage views","content hash available"]},"provenance":{"owner_uuid":"e7e561cb-209a-4b8f-b649-6c55aae15c78","owner_name":"SST","source_url":"https://tokrepo.com/en/workflows/openauth-universal-auth-server-you-can-self-host","content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","visibility":1,"created_at":"2026-05-11 16:01:24","updated_at":"2026-06-26 00:18:51"},"target_adapter":{"target":"codex","adapter":"skill-directory","root":"~/.codex/skills","entrypoint":"SKILL.md","manifest_path":"~/.codex/tokrepo/install-manifest.json","staging_root":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c","install_modes":["single","bundle","split","stage_only"],"activates_files":true},"install_plan":{"schema_version":2,"target":"codex","asset_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","asset_title":"OpenAuth — Universal Auth Server You Can Self-Host","source_url":"https://tokrepo.com/en/workflows/openauth-universal-auth-server-you-can-self-host","install_mode":"stage_only","entrypoint":"Asset","preconditions":[{"type":"target_supported","status":"pass","message":"codex install target is supported"},{"type":"install_root","status":"pass","message":"~/.codex/skills for activated assets; ~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c for staged assets"},{"type":"target_tool_metadata","status":"pass","message":"metadata allows codex"},{"type":"content_hash","status":"pass","message":"asset metadata includes content_hash"},{"type":"trust_policy","status":"warn","message":"low trust publisher plus dangerous capability requires staging"},{"type":"policy_decision","status":"warn","message":"stage_only for 4ef9462d-c757-48ec-93c1-db0c2835dc0c (stage_only)"}],"actions":[{"type":"stage_file","path":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c/Asset.md","source_name":"Asset","sha256":"ffa59ad96b47ff4e864cd104d442093c43d951c8f387338f601f928c774b3212","bytes":7400,"risk":{"executes_code":false,"modifies_global_config":false,"requires_secrets":["GITHUB_CLIENT_SECRET"],"uses_absolute_paths":false,"network_access":false},"if_exists":"overwrite"}],"policy_decision":{"decision":"stage_only","requires_confirmation":false,"reasons":["install_mode is stage_only","risk_profile.requires_secrets is not empty","low trust publisher plus dangerous capability requires staging"]},"requires_confirmation":false,"rollback":[{"type":"remove_file","path":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c/Asset.md"}],"post_verify":[{"type":"file_sha256","path":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c/Asset.md","sha256":"ffa59ad96b47ff4e864cd104d442093c43d951c8f387338f601f928c774b3212"},{"type":"expected_file","path":"Asset.md"}],"metadata":{"asset_kind":"skill","target_tools":["claude_code","codex","gemini_cli"],"install_mode":"stage_only","entrypoint":"Asset","risk_profile":{"executes_code":false,"modifies_global_config":false,"requires_secrets":["GITHUB_CLIENT_SECRET"],"uses_absolute_paths":false,"network_access":false},"dependencies":{"npm":["@openauthjs/openauth"],"pip":[],"brew":[],"system":[]},"content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","verification":{"commands":[],"expected_files":["Asset"]},"inferred":true},"agent_fit":{"target":"codex","score":29,"status":"stage_only","policy":"stage_only","why":["target_tools includes codex","asset_kind skill","install_mode stage_only","policy stage_only","install_mode is stage_only","risk_profile.requires_secrets is not empty","trust community"],"asset_kind":"skill","install_mode":"stage_only"},"trust":{"author_trust_level":"community","verified_publisher":false,"asset_signed_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","signature_status":"hash_only","install_count":0,"report_count":0,"dangerous_capability_badges":["requires_secrets","stage_only"],"review_status":"unreviewed","signals":["asset has usage views","content hash available"]},"provenance":{"owner_uuid":"e7e561cb-209a-4b8f-b649-6c55aae15c78","owner_name":"SST","source_url":"https://tokrepo.com/en/workflows/openauth-universal-auth-server-you-can-self-host","content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","visibility":1,"created_at":"2026-05-11 16:01:24","updated_at":"2026-06-26 00:18:51"},"target_adapter":{"target":"codex","adapter":"skill-directory","root":"~/.codex/skills","entrypoint":"SKILL.md","manifest_path":"~/.codex/tokrepo/install-manifest.json","staging_root":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c","install_modes":["single","bundle","split","stage_only"],"activates_files":true},"evidence_bundle":{"acceptance_gate":{"recommended_action":"stage_or_request_confirmation","rule":"Agents should only activate an asset after evidence_bundle.integrity, policy_compatibility, rollback, and post_verify have been inspected.","status":"caution"},"asset_title":"OpenAuth — Universal Auth Server You Can Self-Host","asset_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","eval_evidence":["https://tokrepo.com/evals/install-safety.json","https://tokrepo.com/evals/trust-evidence-coverage.json","https://tokrepo.com/evals/handoff-quality.json"],"generated_at":"2026-06-25T16:18:53Z","integrity":{"content_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","declared_content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","file_count":1,"hash_algorithm":"sha256","install_plan_hash":"da7aad7f002fe9322cc38cca92391f620a4da2e580d2c9317a8fac434e5e9c02"},"policy_compatibility":{"permission_envelope":{"destructive":false,"executes_code":false,"file_count":1,"filesystem_write":["~/.codex/tokrepo/staged"],"global_config_write":false,"network":false,"requires_secrets":["GITHUB_CLIENT_SECRET"],"uses_absolute_paths":false},"policy_decision":{"decision":"stage_only","requires_confirmation":false,"reasons":["install_mode is stage_only","risk_profile.requires_secrets is not empty","low trust publisher plus dangerous capability requires staging"]},"requires_confirmation":false,"target":"codex","trust_score_v2":{"recommended_action":"stage_or_request_confirmation","status":"caution","trust_score":60}},"provenance":{"asset_kind":"skill","asset_title":"OpenAuth — Universal Auth Server You Can Self-Host","asset_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","computed_bundle_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","created_at":"2026-05-11 16:01:24","generated_at":"2026-06-25T16:18:53Z","install_plan_hash":"da7aad7f002fe9322cc38cca92391f620a4da2e580d2c9317a8fac434e5e9c02","owner_name":"SST","owner_uuid":"e7e561cb-209a-4b8f-b649-6c55aae15c78","parent_uuid":"","schema_version":2,"source":"tokrepo_asset","source_url":"https://tokrepo.com/en/workflows/openauth-universal-auth-server-you-can-self-host","updated_at":"2026-06-26 00:18:51","visibility":1},"sbom":{"asset_kind":"skill","asset_title":"OpenAuth — Universal Auth Server You Can Self-Host","asset_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","capability_flags":{"destructive":false,"executes_code":false,"modifies_global_config":false,"network_access":false,"requires_secrets":["GITHUB_CLIENT_SECRET"]},"content_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","dependencies":{"brew":[],"mcp":[],"npm":["@openauthjs/openauth"],"pip":[],"system":[]},"files":[{"bytes":7400,"path":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c/Asset.md","role":"supporting_file","sha256":"ffa59ad96b47ff4e864cd104d442093c43d951c8f387338f601f928c774b3212","source_name":"Asset"}],"format":"SBOM-lite","install_mode":"stage_only","schema_version":1,"target":"codex"},"schema":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json","schema_version":1,"schemas":{"asset_verification":"https://tokrepo.com/schemas/asset-verification.schema.json","evidence_bundle":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json","install_plan":"https://tokrepo.com/schemas/install-plan.schema.json","provenance":"https://tokrepo.com/schemas/provenance.schema.json","sbom":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json#/properties/sbom"},"signature_evidence":{"content_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","hash_algorithm":"sha256","install_plan_hash":"da7aad7f002fe9322cc38cca92391f620a4da2e580d2c9317a8fac434e5e9c02","schema_version":1,"signed_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","status":"hash_only","verification_notes":["hash_only evidence proves content integrity but not publisher identity unless an external signature verifies it"]},"source_url":"https://tokrepo.com/en/workflows/openauth-universal-auth-server-you-can-self-host","target":"codex"},"sbom":{"asset_kind":"skill","asset_title":"OpenAuth — Universal Auth Server You Can Self-Host","asset_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","capability_flags":{"destructive":false,"executes_code":false,"modifies_global_config":false,"network_access":false,"requires_secrets":["GITHUB_CLIENT_SECRET"]},"content_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","dependencies":{"brew":[],"mcp":[],"npm":["@openauthjs/openauth"],"pip":[],"system":[]},"files":[{"bytes":7400,"path":"~/.codex/tokrepo/staged/4ef9462d-c757-48ec-93c1-db0c2835dc0c/Asset.md","role":"supporting_file","sha256":"ffa59ad96b47ff4e864cd104d442093c43d951c8f387338f601f928c774b3212","source_name":"Asset"}],"format":"SBOM-lite","install_mode":"stage_only","schema_version":1,"target":"codex"},"signature_evidence":{"content_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","hash_algorithm":"sha256","install_plan_hash":"da7aad7f002fe9322cc38cca92391f620a4da2e580d2c9317a8fac434e5e9c02","schema_version":1,"signed_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","status":"hash_only","verification_notes":["hash_only evidence proves content integrity but not publisher identity unless an external signature verifies it"]},"provenance_v2":{"asset_kind":"skill","asset_title":"OpenAuth — Universal Auth Server You Can Self-Host","asset_uuid":"4ef9462d-c757-48ec-93c1-db0c2835dc0c","computed_bundle_hash":"5a25eefa1ca6f7a6b26298d5b46bbaa015689607a7533646f20e1f1089ca4348","content_hash":"05663720f9dbf36570ea0eec0c6f8e56af039eb21205d87e5f9a128034196579","created_at":"2026-05-11 16:01:24","generated_at":"2026-06-25T16:18:53Z","install_plan_hash":"da7aad7f002fe9322cc38cca92391f620a4da2e580d2c9317a8fac434e5e9c02","owner_name":"SST","owner_uuid":"e7e561cb-209a-4b8f-b649-6c55aae15c78","parent_uuid":"","schema_version":2,"source":"tokrepo_asset","source_url":"https://tokrepo.com/en/workflows/openauth-universal-auth-server-you-can-self-host","updated_at":"2026-06-26 00:18:51","visibility":1},"transitive_dependencies":null}}