From alation
Guides creation and validation of credentials.local for Alation API connections via OAuth or username/password. Supports local dev, Cowork, and container environments.
npx claudepluginhub alation/alation-plugins --plugin alationThis skill uses the workspace's default tool permissions.
Guide the user through creating and validating their `credentials.local` file.
Sets up DataHub CLI via pip in venv, configures authentication, verifies connectivity, sets default scopes, and creates agent profiles.
Guides provisioning Google AlloyDB clusters, read pools, columnar engine, Private Service Access, PostgreSQL tuning on GCP, and Cloud SQL migrations.
Installs Databricks CLI v2, Python SDK, Databricks Connect, and configures authentication via PAT or OAuth for workspace integrations.
Share bugs, ideas, or general feedback.
Guide the user through creating and validating their credentials.local file.
setup check first and after any change.| Task | CLI Command |
|---|---|
| Check if setup is complete | python -m cli setup check |
| Save credentials to file | python -m cli setup credentials --base_url <URL> ... |
| Log in via OAuth (local) | python -m cli setup login |
| Log in via OAuth (Cowork/container) | python -m cli setup login --cowork |
| Complete Cowork OAuth with redirect URL | python -m cli setup login --cowork --code "<URL>" |
setup checkpython -m cli setup check
This returns JSON with five sections: credentials_file, token, api, environment, and ready.
Evaluate in this order (first match wins):
ready: true -> setup is complete, go to step 6.credentials_file.found: false -> go to step 2.credentials_file.auth_method is null → go to step 3credentials_file.auth_method: "oauth" and token.found: false -> go to step 4.credentials_file.auth_method: "oauth" and token.expired: true -> go to step 4.api.authenticated: false -> go to step 5.Ask the user which authentication method to use once:
http://127.0.0.1:18722/callback.Ask the user for their values in a single message. Do not present options, guesses, or prefilled URLs — just ask directly for what's needed.
OAuth — ask for: base_url, client_id, and client_secret (note client_secret is optional for public clients).
Username/password — ask for: base_url, username, and password.
Run the credentials command with the values provided:
OAuth:
python -m cli setup credentials --base_url <URL> --client_id <ID> --client_secret <SECRET>
Or, if there's no client secret:
python -m cli setup credentials --base_url <URL> --client_id <ID>
Username/password:
python -m cli setup credentials --base_url <URL> --username <USER> --password <PASS>
If you ever notice SSL errors or a self-signed certificate, with user approval, add --disable_ssl_verification. You must get user approval for this.
The command outputs JSON with {"status": "ok", "path": "..."} on success. If there's a base_url_mismatch error, then request approval from the user to re-run with --force which will overwrite the existing credentials.
On success, return to step 1 to check the setup again.
Use this step only for OAuth-based setup when token is missing/expired.
Check environment.container from the step 1 setup check output to determine which flow to use.
Local environment (not in Cowork/container):
python -m cli setup login
This opens a browser window for the user to log in. On success, prints the check result as JSON.
Cowork/container environment — use the --cowork flag for a two-step manual flow:
Step 1 — start the flow:
python -m cli setup login --cowork
This returns JSON with status: "pending" and an auth_url field. Show the auth_url to the user and ask them to complete login in browser. Clearly and concisely explain that the user will need to copy the redirect URL from their browser back into the chat.
Step 2 — the user visits the URL in their browser, authorizes, and gets redirected to a page that fails to load. They paste the full redirect URL into chat. Complete the flow:
python -m cli setup login --cowork --code "<REDIRECT_URL>"
The --code flag accepts either a bare authorization code or a full redirect URL (e.g., http://127.0.0.1:18722/callback?code=ABC&state=XYZ).
On success, return to step 1 to check the setup again.
Note: An Alation admin must register http://127.0.0.1:18722/callback as an allowed redirect URI for the OAuth client.
If api.authenticated: false, check the api.error field and:
setup login (step 4)api.reachable: false): Ask the user to verify base_url, VPN, or network connectivity--disable_ssl_verification after explicit user approval.When ready: true, tell the user setup is complete. If the user has no clear intent beyond setup, then suggest 2-3 things they could try, drawn from the examples below. Pick what's most relevant to anything the user has mentioned so far. If you have no signal, default to the first two.
Example suggestions (adapt, don't recite):
configureconfigureexploreaskMistake: Running setup login before credentials exist.
Why it seems reasonable: the user said "log me in."
Instead: Always run setup check first. If no credentials file exists, go to step 2.
Mistake: Using --cowork in a local environment, or omitting it in a container.
Why it seems reasonable: the user didn't specify their environment.
Instead: Check environment.container from setup check. Use --cowork only when container: true.
Mistake: Guessing or prefilling the user's base URL, client ID, or credentials. Why it seems reasonable: you might infer the URL from context. Instead: Always ask. Credentials must come directly from the user.
Mistake: Re-prompting for all credentials when only one value is wrong.
Why it seems reasonable: starting fresh feels safer.
Instead: Ask for just the corrected value and re-run setup credentials with all values.
configure, not setup.