Skip to content

feat(installer): unify skill + MCP agent registration (16 agents)#41

Merged
f0rmatting merged 3 commits into
chainbase-labs:mainfrom
Nowhitestar:feat/unified-mcp-registration
May 20, 2026
Merged

feat(installer): unify skill + MCP agent registration (16 agents)#41
f0rmatting merged 3 commits into
chainbase-labs:mainfrom
Nowhitestar:feat/unified-mcp-registration

Conversation

@Nowhitestar
Copy link
Copy Markdown
Contributor

@Nowhitestar Nowhitestar commented May 13, 2026

Summary

  • Drive both npx skills add -a and @agentkey/mcp --auth-login --only from a single detected-agent list. MCP registration now follows the same per-host auto-detection that skill install already does, expanding MCP auto-registration from 3 clients to 16.
  • Fix the longstanding claude-code marker bug: it included Claude Desktop's config dir, causing skills CLI to target a nonexistent Claude Code on Desktop-only machines. claude-desktop is now its own id (MCP-only) — passed to --auth-login --only but never to skills add.
  • Detect Claude Desktop via /Applications/Claude.app / %LOCALAPPDATA%\AnthropicClaude so "installed but never launched" still registers (Linux still requires the config dir).
  • New scripts/dev-smoke.sh — sandboxed 4-phase regression suite, 42 assertions, ~10s, never touches real $HOME. Run before any PR touching install/uninstall scripts.

Depends on

chainbase-labs/AgentKey-Server#9 — adds --only <ids> to @agentkey/mcp --auth-login. Older CLI versions silently ignore the flag, so this PR is forward-compatible either way.

Uninstaller (the bigger gap before this)

The previous uninstaller only cleaned 3 config paths and only knew the mcpServers.<name> JSON shape. With 13 new agents using 4 different schema dialects, that left AgentKey configured everywhere after uninstall.

  • Expanded MCP cleanup to 14 JSON paths + codex TOML, covering all 16 auto-registered agents
  • Schema-agnostic JSON scrub: walks the tree and drops dict keys whose name EXACTLY matches our server names. Handles mcpServers.<name> / mcp.<name> / amp.mcpServers.<name> / projects.X.mcpServers.<name> in one pass
  • Codex TOML splice via awk / PowerShell (no parser dep) — drops [mcp_servers.agentkey] + legacy quoted block, preserves sibling sections
  • droid mcp remove + openclaw mcp unset for CLI-registered agents
  • Exact-match server names (not substring) so user keys like agentkey-helper are preserved (regression test included in dev-smoke)

Bugs fixed during review

Where Bug
install.sh:487 Unbound $TARGETS variable (renamed during refactor) — set -u would have made this fatal
install.ps1 $SkillTargets.Count used where $AllTargets.Count was meant — diverged from install.sh behavior
install.sh --only claude-desktop ran skills add -a with no filter, defeating the user's --only intent. Now correctly skips the skill step
install.sh helpers Leaked-scope loop vars (_ids, _id) — declared local -a

Test plan

  • scripts/dev-smoke.sh — 42 passing / 0 failing (Phase 1 unit tests + Phase 2 installer + Phase 3 writer schemas + Phase 4 uninstaller w/ false-positive guard)
  • bash -n clean for install.sh + uninstall.sh
  • --list-agents correctly lists claude-desktop as a separate id
  • --only claude-desktop --skip-mcp --yes walks the new "MCP-only, skip skill" branch
  • Auto-detect path tested via bash -x trace under set -u (no unbound-variable explosion)
  • Uninstaller decoy fixtures: agentkey-helper, other-svr, [mcp_servers.other], [unrelated_section] all preserved after scrub
  • Windows: install.ps1 / uninstall.ps1 syntax-checked but not runtime-tested (no Windows box handy — happy to test if reviewer has one)

@lxcong
Copy link
Copy Markdown
Contributor

lxcong commented May 14, 2026

@claude review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 14, 2026

🤖 Claude security review requested by @lxcong. Running against HEAD de7ef498dfdd12f1db17fd9f595f1811848d3135...

@claude
Copy link
Copy Markdown

claude Bot commented May 14, 2026

🤖 Claude security review — HEAD: de7ef49

Scope: 6-file installer refactor unifying skill + MCP agent registration for 16 agents (install.sh, install.ps1, uninstall.sh, uninstall.ps1, dev-smoke.sh, .claude/CLAUDE.md)

💡 Suggestion (nice-to-have)

  • scripts/dev-smoke.sh:60 — hardcoded personal fallback path "$HOME/Documents/Codebase/AgentKey-Server/mcp-server" will silently miss for every other developer; consider removing it or replacing with a more generic hint message.

  • scripts/dev-smoke.sh:247$MCP_SRC is interpolated unquoted into a heredoc that generates a .mjs file executed by node. If AGENTKEY_MCP_SRC contains " or newline characters the generated JS could be malformed. Low risk (dev-only tool, trusted env var), but single-quoting the heredoc delimiter and injecting the path via a const reassigned by process.env would be cleaner.

  • scripts/dev-smoke.sh:43set -uo pipefail omits -e; intentional for collecting all failures in one run, but worth a comment so future editors don't "fix" it.

Review triggered by @lxcong
via @claude review.

@Nowhitestar @f0rmatting
feat(installer): unify skill + MCP agent registration
0510c74 
Drive both `npx skills add -a` and `@agentkey/mcp --auth-login --only`
from a single detected-agent list so MCP registration follows the same
per-host auto-detection we already do for skill install. Lifts MCP
auto-registration from 3 clients (Claude Code, Claude Desktop on mac/win,
Cursor) to 16 — see `MCP_AUTO_AGENTS` in install.sh / `$McpAutoAgents`
in install.ps1, mirroring `AGENT_REGISTRY` in
AgentKey-Server/mcp-server/src/lib/mcp-clients.ts.

Highlights:

* Split `claude-desktop` out of the `claude-code` marker. The old marker
  treated `~/Library/Application Support/Claude` (Desktop's config dir)
  as a `claude-code` hit, which made `skills add -a claude-code` target
  a nonexistent Claude Code on Desktop-only machines. Now claude-desktop
  is its own id, listed in `MCP_ONLY_AGENTS` so it's passed to
  `--auth-login --only` but never to `skills add -a` (which would error
  — Claude Desktop has no skill install path).
* Detect Claude Desktop two ways: app bundle (`/Applications/Claude.app`
  on mac, `%LOCALAPPDATA%\AnthropicClaude` on win) OR config dir. Covers
  "installed but never launched" where the dir doesn't exist yet. Linux
  still requires the config dir.
* New edge-case branch in both scripts: `--only claude-desktop` (or any
  selection of only MCP-only ids) now SKIPS the skill step entirely
  instead of falling through to `skills add -a` with no filter — which
  was a silent target-list-defeat bug.
* Pass `--only $MCP_TARGETS` to `--auth-login`. Older `@agentkey/mcp`
  versions silently ignore unknown flags, so this is forward-compatible.

Uninstaller (the bigger gap):

* Extend MCP config cleanup from 3 paths to 14 (codex TOML included).
* JSON scrub is now schema-agnostic — walks the tree and drops any dict
  key whose name EXACTLY matches our server name (current + legacy),
  so the same scrubber handles `mcpServers.<name>`, `mcp.<name>`,
  `amp.mcpServers.<name>`, and `projects.X.mcpServers.<name>` in one
  pass. Exact-match (not substring) preserves user keys like
  `agentkey-helper`.
* Codex TOML cleanup via awk / PowerShell line-splice — drops the
  `[mcp_servers.agentkey]` block (bare + legacy quoted name) without
  needing a TOML parser dep, preserving sibling sections.
* `droid mcp remove` / `openclaw mcp unset` for the CLI-registered
  agents — they have no file-edit path so we have to unregister via CLI.

Bug fixes spotted during review:

* install.sh:487 referenced an unbound `$TARGETS` variable (renamed to
  `$ALL_TARGETS` during the refactor); `set -u` would have made this
  fatal. Fixed.
* install.ps1 used `$SkillTargets.Count -gt 0` for the `-y` decision
  while install.sh used `$ALL_TARGETS`; the divergence meant the same
  `--only` invocation behaved differently on mac vs Windows. Aligned to
  AllTargets.
* `_filter_csv` / `detect_agents` had leaked-scope loop vars; declared
  them `local` to prevent caller pollution.

New: scripts/dev-smoke.sh — sandboxed regression suite, 42 assertions
across 4 phases (unit tests / installer / writer schemas / uninstaller
+ false-positive guard). Runs in under 10s, never touches real $HOME.
Use before opening PRs touching install* or uninstall* scripts.
@Nowhitestar @f0rmatting
fix(dev-smoke): harden runner path handling
4e0d8b9
@f0rmatting f0rmatting force-pushed the feat/unified-mcp-registration branch from dafd3d9 to 4e0d8b9 Compare May 16, 2026 13:58
@f0rmatting
Copy link
Copy Markdown
Contributor

f0rmatting commented May 16, 2026

@claude review

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 16, 2026

🤖 Claude security review requested by @f0rmatting. Running against HEAD 4e0d8b90d142eaf7761507455236ab661b825bc9...

@claude
Copy link
Copy Markdown

claude Bot commented May 16, 2026

🤖 Claude security review — HEAD: 4e0d8b9

Scope: 6-file unification of skill + MCP installer/uninstaller across 16 agents (install.sh, install.ps1, uninstall.sh, uninstall.ps1, dev-smoke.sh, .claude/CLAUDE.md)

✅ No security or convention issues found.

Review triggered by @f0rmatting
via @claude review.

@f0rmatting f0rmatting merged commit 8336301 into chainbase-labs:main May 20, 2026
1 check passed
@lxcong lxcong mentioned this pull request May 20, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Nowhitestar @lxcong @f0rmatting