Context
While trying to connect an org-shared Home Assistant service (home-assistant slug, hosted on org-owned node share-ops-ha) from a fresh org admin perspective, I hit several rough edges that turned a 2-minute task into an exploration of nyxid CLI flags. Filing these as a tracking issue with sub-issues so they can be triaged independently.
The end-to-end task: "I'm a new org admin, I want to call the org's HA REST API via nyxid proxy request <slug> /config, what do I do?"
Sub-issues
Reproducer (the path I took)
nyxid org list → ChronoAI (admin)
nyxid node list → finds share-ops-ha (online, org-owned)
nyxid proxy request home-assistant /config → 503 node_offline
(slug pointed at a STALE node id)
nyxid service show home-assistant → still shows Status: active, no hint about stale node
nyxid service route <id> --node <share-ops-ha-id> → ✓ rerouted
nyxid proxy request home-assistant /config → 401 (auth path now reachable, token bad)
nyxid service rotate-credential home-assistant → "service is node-managed, update on the node instead"
nyxid service update home-assistant --default-header 'Authorization=Bearer ...'
→ "Authorization is reserved"
nyxid node-credential push <node> --slug home-assistant --target-url <office-HA-URL>
→ "target_url must not resolve to private/internal IP"
nyxid node-credential push <node> --slug home-assistant (no target-url)
→ ✓ pending credential created
but now the operator on the office HA node
must run nyxid node credentials accept ...
— no way for an org admin to do this remotely
Net: 7-step CLI dance + 4 dead-ends to discover the workflow. The right experience is probably 1-2 commands or a web UI flow.
Why this matters
ChronoAI org has multiple org-shared HA / addon nodes (currently 6 admins on share-ops-ha). As we add more shared nodes (office, parents' home, etc.), every new admin will rediscover the same edge cases. Each pain point above is independent and small; tackling them in a quarter would substantially improve the org admin onboarding UX.
cc node-managed-services area
Context
While trying to connect an org-shared Home Assistant service (
home-assistantslug, hosted on org-owned nodeshare-ops-ha) from a fresh org admin perspective, I hit several rough edges that turned a 2-minute task into an exploration ofnyxidCLI flags. Filing these as a tracking issue with sub-issues so they can be triaged independently.The end-to-end task: "I'm a new org admin, I want to call the org's HA REST API via
nyxid proxy request <slug> /config, what do I do?"Sub-issues
--target-urlrejects RFC1918 /homeassistant.localURLs that ARE the legitimate targetservice show/service listshould inline-explaincredential_type: node_managed+ what an admin must do nextnyxid node showshould expose connection source IP / last-seen-from for connectivity debuggingnyxid node credentialsexists on addon-side runtime, not user-side CLI #775 — Hint message points tonyxid node credentials pending— but that subcommand does not exist on the user-side CLIReproducer (the path I took)
Net: 7-step CLI dance + 4 dead-ends to discover the workflow. The right experience is probably 1-2 commands or a web UI flow.
Why this matters
ChronoAI org has multiple org-shared HA / addon nodes (currently 6 admins on
share-ops-ha). As we add more shared nodes (office, parents' home, etc.), every new admin will rediscover the same edge cases. Each pain point above is independent and small; tackling them in a quarter would substantially improve the org admin onboarding UX.cc node-managed-services area