onecli-gateway
The OneCLI Gateway intercepts outbound HTTPS requests and automatically injects stored credentials for connected OAuth apps and API services like Gmail, GitHub, and Stripe, eliminating the need to handle authentication tokens directly. Use it when you need to access external APIs by making standard HTTP requests that the gateway transparently proxies through credential injection.
git clone --depth 1 https://github.com/nanocoai/nanoclaw /tmp/onecli-gateway && cp -r /tmp/onecli-gateway/container/skills/onecli-gateway ~/.claude/skills/onecli-gatewaySKILL.md
# OneCLI Gateway Your outbound HTTPS traffic is transparently proxied through the OneCLI gateway, which injects stored credentials at the proxy boundary. You never see or handle credential values directly. ## How to Access External Services You have direct HTTP access to external APIs. OAuth apps (Gmail, GitHub, Google Calendar, Google Drive, etc.) and API key services are all available through the gateway. Just make the request directly; the gateway injects credentials if the app is connected. If not, it returns an error with a connect URL you can present to the user. ## Making Requests Call the real API URL. The gateway intercepts the request and injects credentials automatically. ```bash curl -s "https://gmail.googleapis.com/gmail/v1/users/me/messages?maxResults=5" curl -s "https://api.github.com/user/repos?per_page=10" curl -s "https://api.stripe.com/v1/charges?limit=5" ``` Standard HTTP clients (curl, fetch, requests, axios, Go net/http, git) all honor the `HTTPS_PROXY` environment variable automatically. You do not need to set any auth headers. ## Credential Stubs for MCP Servers Some MCP servers need local credential files to start. Stubs for connected apps are pre-written automatically. Files containing `"onecli-managed"` values are managed by OneCLI — do NOT modify or delete them. If an MCP server won't start due to missing credentials, create stubs **before** starting it. Use `"onecli-managed"` as the placeholder for all secret values, with file permissions `0600`. See the guide at: https://www.onecli.sh/docs/guides/credential-stubs/general-app ## When a Request Fails If you get a 401, 403, or a gateway error (e.g., `app_not_connected`): **Step 1 — Show the user a connect link.** Use the `connect_url` from the error response: > To connect [service], open this link: > [connect_url from the error response] If there is no `connect_url` in the error, tell the user to open the OneCLI dashboard and connect the service there. **Step 2 — Retry after the user connects.** Let the user know you will retry once they have connected. When they confirm, retry the original request. If the retry still fails, ask if they need help with the setup. ## Rules - **Never** say "I don't have access to X" without first making the HTTP request through the proxy. - **Never** use browser extensions, gcloud, or manual auth flows. The gateway handles credentials for you. - **Never** ask the user for API keys or tokens directly. Direct them to connect the service in the OneCLI dashboard. - **Never** suggest the user open Gmail/Calendar/GitHub in their browser when they ask you to read or interact with those services. You have API access. Use it. - If the gateway returns a policy error (403 with a JSON body), respect the block. Do not retry or circumvent it.
Add Atomic Chat MCP server so the container agent can call local models served by the Atomic Chat desktop app via its OpenAI-compatible API.
Use Codex (CLI + AppServer) as the full agent provider — planning, tool orchestration, native compaction, MCP tools, session resume — in place of the Claude Agent SDK. ChatGPT subscription or OPENAI_API_KEY. Per-group via agent_provider. Distinct from using OpenAI as an MCP tool (where Claude remains the planner).
Add a monitoring dashboard to NanoClaw. Installs @nanoco/nanoclaw-dashboard and a pusher that sends periodic JSON snapshots.
Add DeltaChat channel integration via @deltachat/stdio-rpc-server. Native adapter — no Chat SDK bridge. Email-based messaging with end-to-end encryption.
Add Discord bot channel integration via Chat SDK.
Add Emacs as a channel. Opens an interactive chat buffer and org-mode integration so you can talk to NanoClaw from within Emacs (Doom, Spacemacs, or vanilla). Local HTTP bridge — no bot token or external service needed.
Add Google Calendar as an MCP tool (list calendars, list/search/create events, free/busy queries) using OneCLI-managed OAuth. Multi-calendar and multi-account supported. Mirrors /add-gmail-tool's stub pattern — no raw credentials ever reach the container; OneCLI injects real tokens at request time.
Add Google Chat channel integration via Chat SDK.