feat: add onboarding deployment skill

[Zeyuzhao]

Summary

• add an onboarding skill for deploying an Open-Inspect instance
• document credential collection, app setup, Terraform deployment, and verification steps

Testing

• Not run

Summary by CodeRabbit

• Documentation
  • Added comprehensive onboarding guide for deploying self-hosted Open-Inspect instances, including step-by-step instructions for setup, credential configuration, app creation, infrastructure provisioning, web deployment, and health verification. Includes error handling reference and security best practices.

[coderabbitai]

📝 Walkthrough

Walkthrough

This introduces a comprehensive onboarding skill document that guides users through deploying a self-hosted Open-Inspect instance, covering setup phases, credential management for multiple services, GitHub and Slack App configuration, Terraform infrastructure provisioning, and post-deployment verification steps.

Changes

Cohort / File(s)

Summary

Onboarding Skill Documentation .agent/skills/onboarding/SKILL.md

New skill definition document providing step-by-step guidance for self-hosted Open-Inspect deployment, including multi-phase setup, credential capture for external services (Cloudflare, R2, Vercel, Modal, Anthropic), GitHub App and optional Slack App creation with webhook configuration, security secrets generation, Terraform tfvars creation, two-phase Terraform apply process, post-deployment configuration, Vercel web app deployment, health verification via curl endpoints, and dedicated error-handling mapping.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A skill to guide the eager folk,
Through clouds and gates and secrets spoke,
With Terraform and GitHub's dance,
Deploy with confidence and chance!
Onboarding's now a simple hop,
From start to finish, never stop! 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add onboarding deployment skill' accurately describes the main change - adding a new onboarding skill document for deployment guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Warning

⚠️ This pull request might be slop. It has been flagged by CodeRabbit slop detection and should be reviewed carefully.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.agent/skills/onboarding/SKILL.md:
- Around line 271-276: Phase 11 missing build-time environment configuration:
before running the existing deployment commands (npx vercel link --project
open-inspect-{deployment_name} and npx vercel --prod) add the NEXT_PUBLIC_WS_URL
environment variable so it is available at build time; run the Vercel env add
flow (e.g., npx vercel env add NEXT_PUBLIC_WS_URL production) and set its value
to the control plane worker URL
(https://open-inspect-control-plane-{deployment_name}.{subdomain}.workers.dev),
then proceed with the link and prod deploy commands to ensure NEXT_PUBLIC_WS_URL
is injected during the build.
- Around line 169-194: Update the terraform variables example in the Phase 7
`terraform/environments/production/terraform.tfvars` snippet to include the
web_platform variable by adding web_platform = "cloudflare"; reference the
existing variables enable_durable_object_bindings and enable_service_bindings in
that same block so the web app is deployed to Cloudflare Workers via OpenNext
and document that Vercel credentials are not required when web_platform is set
to "cloudflare".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2f38599e-8306-429f-a771-25584efe9dc5

📥 Commits

Reviewing files that changed from the base of the PR and between 6f9ee21 and b052d3d.

📒 Files selected for processing (1)

• .agent/skills/onboarding/SKILL.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add web_platform configuration to Terraform variables.

The guide is missing the web_platform configuration in the terraform.tfvars setup. This variable determines where the web app is deployed.

Based on learnings, set web_platform = "cloudflare" in Terraform variables to deploy the web app to Cloudflare Workers via OpenNext; when using Cloudflare, Vercel credentials are not required.

📝 Add web_platform configuration

Add this to the terraform.tfvars configuration example in Phase 7:

 ```hcl
 enable_durable_object_bindings = false
 enable_service_bindings        = false
+web_platform                   = "cloudflare"

</details>

<!-- suggestion_start -->

<details>
<summary>📝 Committable suggestion</summary>

> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

```suggestion
Create `terraform/environments/production/terraform.tfvars` with all collected values. Set:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.agent/skills/onboarding/SKILL.md around lines 169 - 194, Update the
terraform variables example in the Phase 7
`terraform/environments/production/terraform.tfvars` snippet to include the
web_platform variable by adding web_platform = "cloudflare"; reference the
existing variables enable_durable_object_bindings and enable_service_bindings in
that same block so the web app is deployed to Cloudflare Workers via OpenNext
and document that Vercel credentials are not required when web_platform is set
to "cloudflare".

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Configure NEXT_PUBLIC_WS_URL environment variable before web app deployment.

The web app deployment is missing a critical environment variable setup. The NEXT_PUBLIC_WS_URL must be configured to point to the control plane worker URL deployed in Phase 8.

Based on learnings, NEXT_PUBLIC_WS_URL must be available at build time.

🔧 Add NEXT_PUBLIC_WS_URL configuration

Add environment variable setup before the Vercel deployment commands:

 ## Phase 11: Web App Deployment
 
+Set the WebSocket URL environment variable (pointing to your control plane worker):
+
+```bash
+npx vercel env add NEXT_PUBLIC_WS_URL production
+# When prompted, enter: https://open-inspect-control-plane-{deployment_name}.{subdomain}.workers.dev
+```
+
+Then deploy:
+
 ```bash
 npx vercel link --project open-inspect-{deployment_name}
 npx vercel --prod

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @.agent/skills/onboarding/SKILL.md around lines 271 - 276, Phase 11 missing
build-time environment configuration: before running the existing deployment
commands (npx vercel link --project open-inspect-{deployment_name} and npx
vercel --prod) add the NEXT_PUBLIC_WS_URL environment variable so it is
available at build time; run the Vercel env add flow (e.g., npx vercel env add
NEXT_PUBLIC_WS_URL production) and set its value to the control plane worker URL
(https://open-inspect-control-plane-{deployment_name}.{subdomain}.workers.dev),
then proceed with the link and prod deploy commands to ensure NEXT_PUBLIC_WS_URL
is injected during the build.

</details>

<!-- fingerprinting:phantom:triton:puma:e390b80b-10c1-4c36-ba04-da681f1b62bf -->

<!-- This is an auto-generated comment by CodeRabbit -->

[ColeMurray]

@Zeyuzhao rather than duplicating the existing one, we should symlink it https://github.com/ColeMurray/background-agents/blob/main/.claude/skills/onboarding/SKILL.md?plain=1