-
AI user has to use its own credential. Run as the AI user and create a workspace to populate the credentials, then delete the workspace. Subsequent workspaces created by the AI user will reuse the user data saved previously.
-
Hmmm ok, dont like it.
It is not really scalable to have one AI user per team member (also normal OneDev users cannot impersonate their corresponding AI user to configure the user data) and misusing a team account to configure a shared AI user isn't an option because of usage limits.
So for now your solution is only usable if you access an AI provider via ordinary API key and not via team accounts with individual usage limits.
What if every OneDev user account could configure a list of <ai provider, token> in its own user settings? Depending on the ai provider it is either a simple API token or OneDev executes the OAuth flow to obtain the access token (e.g. for ChatGPT/Codex or Github Copilot). The token could then be encrypted with an individual user password (maybe optionally) and stored in OneDev DB. Then in OneDev you continue to assign issues to normal OneDev users but the user then as a button "Delegate to AI" which allows selecting the configured credentials, (maybe optionally) asks for the password to decrypt the token and then spins up a workspace. The token could then be accessible via some env variable and thus can be made available to the agent cli command which launches the agent cli in headless mode. OneDev could also ask which model to use and make that available as env variable as well.
That way it is more user centric and it allows using subsidized personal team accounts just like in an IDE. I generally prefer if you can transparently see that a user as delegated work to AI and if the AI creates commits that these commits are in the name of the user with an additional footer indicating that AI has assisted. The linux kernel for example requires something like
Assisted-by: Claude:claude-3-opus. At the end the user is responsible. -
AI user has to be created by adminsitrator and shared with the team. The approach you mentioned complicates things a lot, and will not be considered for now.
-
For your case, your team member may just create a workspace on an issue without using AI user, and run below prompt:
work on this issue and submit your work when completeThen everything runs under the team member's own account.
-
Previous Value Current Value Open
Closed
| Type |
Question
|
| Priority |
Normal
|
| Assignee | |
| Labels |
No labels
|
With 16+ an AI user can be assigned to an issue. How does authentication inside the codex/claude/custom container work?
For example in a team everyone has its own personalized Github Copilot credentials and if a team member assigns the OneDev AI user I cannot figure out what needs to be done so that the credentials of that team member is used within the workspace to authenticate the agent.
Every team member can create its own personal fine-grained Github access token which allows copilot requests but how to configure OneDev to use it?