inou/docs/chatgpt-actions-setup.md

# ChatGPT Actions Setup

Connect a ChatGPT Custom GPT to inou via OAuth 2.0 Actions.

## 1. Create the OAuth Client

SSH into staging or production and run:

```bash
# One-time setup — creates the "chatgpt" OAuth client
ssh johan@192.168.1.253 '/tank/inou/bin/oauth-setup-chatgpt'
```

This prints the Client ID and Client Secret. **Save the secret** — it cannot be retrieved later.

> The binary doesn't exist yet. Either:
> - Add a `cmd/oauth-setup-chatgpt/main.go` (same pattern as `cmd/oauth-setup/main.go`), or
> - Call `CreateChatGPTClient()` from portal startup (like `EnsureBridgeClient()`).

## 2. Create the Custom GPT

In ChatGPT → Explore GPTs → Create:

1. **Name:** inou Health
2. **Instructions:** (your system prompt for health data analysis)
3. Click **Create new action**

## 3. Configure the Action

### Import Schema

Point to the hosted OpenAPI schema:

```
https://inou.com/api/docs/openapi.yaml
```

Or paste the contents of `docs/openapi.yaml` directly.

### Authentication

| Field | Value |
|-------|-------|
| **Authentication Type** | OAuth |
| **Client ID** | _(from step 1)_ |
| **Client Secret** | _(from step 1)_ |
| **Authorization URL** | `https://inou.com/oauth/authorize` |
| **Token URL** | `https://inou.com/oauth/token` |
| **Scope** | _(leave blank)_ |
| **Token Exchange Method** | Default (POST) |

### Privacy Policy URL

```
https://inou.com/privacy
```

## 4. Test

1. Save the GPT
2. Start a conversation: "List my dossiers"
3. ChatGPT will redirect to inou's OAuth login
4. After authorizing, the GPT can call the API

## Notes

- OAuth tokens are valid for 1 hour, with refresh token support
- All access is RBAC-enforced — the GPT can only see data the logged-in user has permission to view
- The OpenAPI schema excludes imaging endpoints (not useful for text-based ChatGPT interactions)