Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From truefoundry
Verifies TrueFoundry credentials and connectivity, discovers workspaces and clusters, manages roles/teams/secret groups, and creates personal access tokens.
How this skill is triggered — by the user, by Claude, or both
Slash command
/truefoundry:platformThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
> Routing note: For ambiguous user intents, use the shared clarification templates in [references/intent-clarification.md](references/intent-clarification.md).
references/access-control.mdreferences/api-endpoints.mdreferences/cli-fallback.mdreferences/cli-reference.mdreferences/cluster-discovery.mdreferences/gpu-reference.mdreferences/intent-clarification.mdreferences/prerequisites.mdreferences/secrets-and-tokens.mdreferences/tfy-api-setup.mdscripts/tfy-api.shscripts/tfy-version.shRouting note: For ambiguous user intents, use the shared clarification templates in references/intent-clarification.md.
Platform setup and access management: verify credentials, discover workspaces and clusters, manage roles/teams/collaborators, handle secret groups, and create personal access tokens.
tfy-secret://)gateway skillmcp-servers skillobservability skillonboard skill| Variable | Description | Example |
|---|---|---|
TFY_BASE_URL | Platform URL | https://your-org.truefoundry.cloud |
TFY_HOST | CLI host (set when TFY_API_KEY is set) | https://your-org.truefoundry.cloud |
TFY_API_KEY | API key for REST calls | tfy-... |
Verify credentials and connectivity:
echo "TFY_BASE_URL: ${TFY_BASE_URL:-(not set)}"
echo "TFY_API_KEY: ${TFY_API_KEY:+(set)}${TFY_API_KEY:-(not set)}"
# Test connection
TFY_API_SH=~/.claude/skills/truefoundry-platform/scripts/tfy-api.sh
$TFY_API_SH GET '/api/svc/v1/workspaces?limit=1'
Present result as status summary. If login missing, use truefoundry-onboard.
Never auto-pick a workspace. Always confirm with the user.
# Step 1: List clusters
$TFY_API_SH GET /api/svc/v1/clusters
# Step 2: List workspaces filtered by selected cluster
$TFY_API_SH GET '/api/svc/v1/workspaces?clusterId=SELECTED_CLUSTER_ID'
Present both as tables. Key field: fqn (needed for TFY_WORKSPACE_FQN).
If only one cluster exists, skip cluster selection and go to workspaces directly.
$TFY_API_SH GET /api/svc/v1/clusters/CLUSTER_ID/get-addons
For full GPU type table and cluster base domain lookups, see references/gpu-reference.md and references/cluster-discovery.md.
Manage roles, teams, and collaborators. For full API calls, tool call syntax, presentation templates, common workflows, and subject format reference, see references/access-control.md.
| Action | API Call |
|---|---|
| List roles | $TFY_API_SH GET /api/svc/v1/roles |
| List teams | $TFY_API_SH GET /api/svc/v1/teams |
| List collaborators | $TFY_API_SH GET '/api/svc/v1/collaborators?resourceType=TYPE&resourceId=ID' |
| Create role | $TFY_API_SH POST /api/svc/v1/roles '{...}' |
| Create team | $TFY_API_SH POST /api/svc/v1/teams '{...}' |
| Add collaborator | $TFY_API_SH POST /api/svc/v1/collaborators '{...}' |
Subject format: user:email, team:slug, serviceaccount:name, virtualaccount:name.
Security: Confirm subject, role, and resource with the user before granting access.
Destructive operations (delete roles, teams, collaborators): direct to dashboard.
Manage secret groups and tfy-secret:// references. Never ask user to paste secret values in chat.
| Action | API Call |
|---|---|
| List secret groups | $TFY_API_SH GET /api/svc/v1/secret-groups |
| Create secret group | $TFY_API_SH POST /api/svc/v1/secret-groups '{...}' |
| Update secrets | $TFY_API_SH PUT '/api/svc/v1/secret-groups/ID' '{"secrets":[...]}' |
Reference format: tfy-secret://<tenant>:<group>:<key>
Warning: Update operations delete omitted keys. Always include all keys.
For full create/update flows, API patterns, and security policies, see references/secrets-and-tokens.md.
List and create PATs. Token values are shown only once at creation.
| Action | API Call |
|---|---|
| List PATs | $TFY_API_SH GET /api/svc/v1/personal-access-tokens |
| Create PAT | $TFY_API_SH POST /api/svc/v1/personal-access-tokens '{"name":"..."}' |
Security: Never repeat, store, or log token values. Show masked preview by default; full value only on explicit confirmation.
For full token display policy and security rules, see references/secrets-and-tokens.md.
Deletion: direct to dashboard.
<success_criteria>
</success_criteria>
API key invalid or expired. Generate new one: Dashboard -> Access -> API Keys.
Check: URL correct (include https://), network/VPN connected, no trailing slash.
If tfy CLI says "TFY_HOST env must be set": export TFY_HOST="${TFY_HOST:-${TFY_BASE_URL%/}}"
Selected cluster may have no workspaces, or API key lacks access. Try different cluster.
Admin access may be required for access control and token operations.
Use pattern type:identifier — e.g., user:[email protected], team:platform-team.
Token values only shown at creation. Create a new token, update affected services, revoke old one in dashboard.
npx claudepluginhub truefoundry/skills --plugin truefoundryLists, creates, and manages MCP server registry entries in the TrueFoundry AI Gateway — remote, virtual, hosted STDIO, and OpenAPI-backed servers with tool selection, auth, and client attachment support.
Use when the user asks for a WorkOS docs URL, term, or dashboard field (Sign-in endpoint, initiate_login_uri, Redirect URI, `WORKOS_*` env vars), or is implementing, debugging, or migrating WorkOS — AuthKit, SSO/SAML, Directory Sync, RBAC, FGA, MFA, Vault, Audit Logs, Admin Portal, Pipes (Connected Apps), Feature Flags, Radar (bot/fraud detection), webhooks, Custom Domains, running the `workos` CLI in agent or sandbox sessions (`WORKOS_MODE`, `workos doctor`), or migrating from Auth0, Clerk, Cognito, Firebase, Supabase, Stytch, Descope, or Better Auth. Also triggers on @workos-inc/* imports.
Creates bite-sized, testable implementation plans from specs or requirements, with file structure and task decomposition. Activates before coding multi-step tasks.