scripts/onboard_client.py drives the same public API endpoints an operator would call by hand (Tenants, Integrations) — deliberately no direct database access, so RLS, RBAC, validation, and audit logging all apply exactly as they would in normal API use. It’s idempotent: an existing tenant slug or domain is reported and reused, never duplicated, so a partial failure is safe to re-run.

Usage

The SEO_OPERATOR_PASSWORD environment variable — never a command-line argument — authenticates the operator account before any tenant call.

What it prints

After provisioning, the script prints the remaining integration checklist for that tenant: which OAuth flows still need running, whether a WordPress application password is needed, and the direct dashboard link to the new tenant.

Full onboarding checklist