diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md index 27f6cf0..30aba0b 100644 --- a/.claude/CLAUDE.md +++ b/.claude/CLAUDE.md @@ -9,7 +9,7 @@ AgentKey Skill ships the agent-side half of AgentKey: a single skill that teache AgentKey has **two pieces** and a full end-user install is two commands: 1. `npx skills add chainbase-labs/agentkey` — installs **this** skill. It does NOT register the MCP server. -2. `npx -y @agentkey/mcp --auth-login` — registers the MCP server (`@agentkey/mcp` from `../AgentKey-Server/mcp-server`) and writes the API key into Claude Code, Claude Desktop, and Cursor configs. +2. `npx -y @agentkey/cli --auth-login` — runs the AgentKey CLI (`@agentkey/cli` from `../AgentKey-Server/cli`). It mints an API key via device-code login and writes a remote-HTTP MCP block (pointing at `https://api.agentkey.app/v1/mcp`) into Claude Code, Claude Desktop, and Cursor configs. The hosted MCP server itself lives at `/v1/mcp` on AgentKey-Server. The skill is useless without the MCP server; the MCP server works without the skill but the agent won't know to prefer it over built-in web search. Keep this mental model when editing docs — do not let either command drift into claiming it does both. @@ -65,16 +65,16 @@ Releases are driven by [release-please](https://github.com/googleapis/release-pl **Changes to `.mcp.json`:** - Ensure env var name matches `plugin.json` userConfig key via `CLAUDE_PLUGIN_OPTION_` prefix -- Only matters for the Claude Code plugin path; the Skills-CLI path writes MCP config through `npx @agentkey/mcp --auth-login` +- Only matters for the Claude Code plugin path; the Skills-CLI path writes MCP config through `npx @agentkey/cli --auth-login` **Changes to install/uninstall docs:** - Update both `README.md` and `docs/README_zh.md` together — they mirror each other -- The canonical install is always the two-command sequence (`npx skills add …` + `npx -y @agentkey/mcp --auth-login`). Don't imply either command does both. +- The canonical install is always the two-command sequence (`npx skills add …` + `npx -y @agentkey/cli --auth-login`). Don't imply either command does both. - Do **not** re-add OpenClaw / per-agent installers without a new design — historical context is in git history (removed in chore/remove-archive-directory) ## Architecture Constraints -- Setup mode in SKILL.md runs `! npx -y @agentkey/mcp --auth-login` to authenticate via browser — same command as step 2 of the public install -- `@agentkey/mcp --auth-login` auto-writes configs for Claude Code, Claude Desktop (mac/win), and Cursor only. Other agents need a manual JSON paste — SKILL.md's "Fallback" section covers this; keep it up to date with any new auto-targets added server-side -- `.mcp.json` auto-registers the MCP server in Claude Code plugin mode; API key flows from plugin userConfig → `CLAUDE_PLUGIN_OPTION_AGENTKEY_API_KEY` env var (read in `../AgentKey-Server/mcp-server/src/index.ts`) +- Setup mode in SKILL.md runs `! npx -y @agentkey/cli --auth-login` to authenticate via browser — same command as step 2 of the public install +- `@agentkey/cli --auth-login` auto-writes configs for Claude Code, Claude Desktop (mac/win), and Cursor only. Other agents need a manual JSON paste — SKILL.md's "Fallback" section covers this; keep it up to date with any new auto-targets added server-side +- `.mcp.json` registers the remote-HTTP MCP endpoint (`https://api.agentkey.app/v1/mcp`) in Claude Code plugin mode; API key flows from plugin userConfig → `Authorization: Bearer ` header (no stdio binary is launched) - `README.md` / `docs/README_zh.md` are the public-facing docs; keep them in sync with any structural changes diff --git a/README.md b/README.md index 85f3a82..26ee33d 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ Just top up. No auto-renewal, no hidden charges. There are two pieces and they update differently: -- **MCP server** (`@agentkey/mcp` npm package): always up to date. Your MCP config runs it as `npx -y @agentkey/mcp`, which re-resolves to the latest published version every time your agent restarts. You never have to touch this. +- **MCP server**: the real server is hosted at `https://api.agentkey.app/v1/mcp`, so it's always up to date — no local upgrade step. The `@agentkey/cli` package (run as `npx -y @agentkey/cli --auth-login`) only writes the remote-HTTP MCP config into each AI client and never has to be re-run unless you want to rotate your key. - **Skill files** (`SKILL.md` + helpers): how this updates depends on your client. @@ -187,7 +187,7 @@ npx skills add chainbase-labs/agentkey@v1.0.0 Note: `npx skills update` writes to `~/.agents/skills/agentkey` and `~/.claude/skills/agentkey`, which is where Claude Code reads from. **Claude Desktop reads from its own sandbox path** and is not touched by `npx skills update` — use the Desktop bootstrap command above for Desktop. -Re-run `npx -y @agentkey/mcp --auth-login` only when you want to rotate your API key. +Re-run `npx -y @agentkey/cli --auth-login` only when you want to rotate your API key. @@ -299,7 +299,7 @@ PowerShell equivalents: `-Yes`, `-ListAgents`, `-Only`, `-AllAgents`, `-SkipMcp` npx skills add chainbase-labs/agentkey # 2. Authenticate and register the MCP server -npx -y @agentkey/mcp --auth-login +npx -y @agentkey/cli --auth-login ``` @@ -327,7 +327,7 @@ curl -fsSL https://agentkey.app/install.sh | bash -s -- --local PowerShell: `-Remote` / `-Local`. -If you'd rather skip the URL/QR flow entirely and type a key manually, `npx -y @agentkey/mcp --setup` opens an interactive wizard that asks for the key and lets you pick which MCP clients to write to. +If you'd rather skip the URL/QR flow entirely and type a key manually, `npx -y @agentkey/cli --setup` opens an interactive wizard that asks for the key and lets you pick which MCP clients to write to. @@ -340,9 +340,9 @@ MCP auto-configuration covers **Claude Code**, **Claude Desktop**, and **Cursor* { "mcpServers": { "agentkey": { - "command": "npx", - "args": ["-y", "@agentkey/mcp"], - "env": { "AGENTKEY_API_KEY": "ak_..." } + "type": "http", + "url": "https://api.agentkey.app/v1/mcp", + "headers": { "Authorization": "Bearer ak_..." } } } } @@ -365,12 +365,12 @@ cd agentkey npx skills add . # 2. Register the MCP server (if you haven't already) -npx -y @agentkey/mcp --auth-login +npx -y @agentkey/cli --auth-login ``` `npx skills add .` accepts a local path (or a `file://` URL) — run it again after each edit to `skills/agentkey/SKILL.md`. The MCP step only needs to run once per machine. -**Iterating on the MCP server itself?** Point the MCP config's `command` at `node /path/to/AgentKey-Server/mcp-server/dist/index.js`, then `pnpm --filter @agentkey/mcp build` in the server repo between iterations. +**Iterating on the MCP server itself?** The server lives at `AgentKey-Server/` (Go) and exposes the MCP endpoint at `/v1/mcp`. Run a local server (`make run`) and point your MCP config at `http://localhost:8081/v1/mcp` to test changes end-to-end. **Claude Code plugin mode** — add the repo as a local marketplace: diff --git a/SECURITY.md b/SECURITY.md index 7cdc480..08f106b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -47,7 +47,7 @@ The skill ships two helper scripts that the agent invokes: | `~/.config/agentkey/auto-upgrade` | written by the agent on user's "Always keep me up to date" choice; read by Step 0 to skip the prompt | Persistent auto-upgrade opt-in | | `~/.config/agentkey/update-snoozed` | written by the agent on user's "Not now" choice; read by `check-update.sh` to suppress reminders | Snooze state (` `) | | `~/.config/agentkey/update-disabled` | written by the agent on user's "Never ask again" choice; read by `check-update.sh` to exit silently | Permanent disable for update checks | -| `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) / `%APPDATA%/Claude/...` (Windows) | written by the separate `npx -y @agentkey/mcp --auth-login` command, **not** by the skill | MCP registration | +| `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) / `%APPDATA%/Claude/...` (Windows) | written by the separate `npx -y @agentkey/cli --auth-login` command, **not** by the skill | MCP registration | | `~/.cursor/mcp.json` | written by `--auth-login`, **not** by the skill | MCP registration | ### Network egress from the skill @@ -55,7 +55,7 @@ The skill ships two helper scripts that the agent invokes: | Destination | When | Why | |---|---|---| | `api.github.com` | At most every 24 hours | Look up the latest release tag | -| npm registry | When the user first runs `npx -y @agentkey/mcp` | Resolve and run the MCP server | +| npm registry | When the user first runs `npx -y @agentkey/cli --auth-login` | Resolve and run the AgentKey CLI | ### Credential handling @@ -66,7 +66,7 @@ The skill ships two helper scripts that the agent invokes: ### Supply chain - Releases are cut by [release-please](https://github.com/googleapis/release-please) from merged Conventional-Commit PRs on `main` — no manual artifact uploads, no manual tag pushes. -- The companion `@agentkey/mcp` npm package is published from the same organization. Users invoke it via `npx -y @agentkey/mcp`, which resolves to the latest published version at runtime — this is the same threat model as any other `npx`-launched CLI. +- The companion `@agentkey/cli` npm package is published from the same organization. Users invoke it via `npx -y @agentkey/cli`, which resolves to the latest published version at runtime — this is the same threat model as any other `npx`-launched CLI. - Future work: SLSA provenance attestation via GitHub OIDC + sigstore; signed npm provenance. ## Scanner false-positive notes diff --git a/docs/README_zh.md b/docs/README_zh.md index ce3c013..a0e2605 100644 --- a/docs/README_zh.md +++ b/docs/README_zh.md @@ -146,7 +146,7 @@ Claude 与 ChatGPT 的原生联网与平台覆盖有限,往往触达不到推 AgentKey 有两部分,更新方式不同: -- **MCP server**(npm 包 `@agentkey/mcp`):永远自动最新。你的 MCP 配置写的是 `npx -y @agentkey/mcp`,每次 Agent 重启都会重新解析到最新发布版。这部分完全不用你管。 +- **MCP server**:真正的服务端在 `https://api.agentkey.app/v1/mcp`,永远自动最新,不需要本地升级。`@agentkey/cli` 包(`npx -y @agentkey/cli --auth-login`)只负责把远程 HTTP MCP 配置写入各个 AI client,除非要换 API Key,否则不用再跑。 - **Skill 文件**(`SKILL.md` 加辅助脚本):升级方式取决于你用的 client。 @@ -187,7 +187,7 @@ npx skills add chainbase-labs/agentkey@v1.0.0 注意:`npx skills update` 只写 `~/.agents/skills/agentkey` 和 `~/.claude/skills/agentkey` 这两个目录,是 Claude Code 读取的位置。**Claude Desktop 读的是自己的 sandbox 路径**,`npx skills update` 碰不到——Desktop 升级要用上面的破冰命令。 -只有在需要换 API Key 时才需要再跑一次 `npx -y @agentkey/mcp --auth-login`。 +只有在需要换 API Key 时才需要再跑一次 `npx -y @agentkey/cli --auth-login`。 @@ -299,7 +299,7 @@ PowerShell 对应参数:`-Yes`、`-ListAgents`、`-Only`、`-AllAgents`、`-Sk npx skills add chainbase-labs/agentkey # 2. 浏览器授权并注册 MCP Server -npx -y @agentkey/mcp --auth-login +npx -y @agentkey/cli --auth-login ``` @@ -327,7 +327,7 @@ curl -fsSL https://agentkey.app/install.sh | bash -s -- --local PowerShell:`-Remote` / `-Local`。 -如果完全不想走 URL/二维码流程、想自己手动粘 Key,可以用 `npx -y @agentkey/mcp --setup` —— 交互式向导,问你要 Key 并让你勾选要写入的 MCP 客户端。 +如果完全不想走 URL/二维码流程、想自己手动粘 Key,可以用 `npx -y @agentkey/cli --setup` —— 交互式向导,问你要 Key 并让你勾选要写入的 MCP 客户端。 @@ -340,9 +340,9 @@ MCP 自动配置覆盖 **Claude Code**、**Claude Desktop**、**Cursor**。如 { "mcpServers": { "agentkey": { - "command": "npx", - "args": ["-y", "@agentkey/mcp"], - "env": { "AGENTKEY_API_KEY": "ak_..." } + "type": "http", + "url": "https://api.agentkey.app/v1/mcp", + "headers": { "Authorization": "Bearer ak_..." } } } } @@ -365,12 +365,12 @@ cd agentkey npx skills add . # 2. 注册 MCP Server(只需一次) -npx -y @agentkey/mcp --auth-login +npx -y @agentkey/cli --auth-login ``` `npx skills add .` 支持本地路径(也支持 `file://` URL),改完 `skills/agentkey/SKILL.md` 再跑一次就能立刻生效,是日常迭代最快的路径。MCP 注册步骤每台机器只需一次。 -**想改 MCP Server 本身?** 在 MCP 配置里把 `command` 换成 `node /path/to/AgentKey-Server/mcp-server/dist/index.js`,然后在 server 仓库里 `pnpm --filter @agentkey/mcp build`,就能在本地验证改动。 +**想改 MCP Server 本身?** MCP server 在 `AgentKey-Server/`(Go),端点是 `/v1/mcp`。本地起服务(`make run`),把 MCP 配置指向 `http://localhost:8081/v1/mcp` 就能端到端验证。 **Claude Code 插件模式** —— 把仓库当成本地 marketplace 安装: diff --git a/docs/SERVER-IMPLEMENTATION.md b/docs/SERVER-IMPLEMENTATION.md index 85a2761..09ddbca 100644 --- a/docs/SERVER-IMPLEMENTATION.md +++ b/docs/SERVER-IMPLEMENTATION.md @@ -1,6 +1,6 @@ # Server Implementation Guide — `agentkey_skill_meta` -Implementation handoff for the `@agentkey/mcp` MCP server. Tells the server maintainer exactly what to build so the cross-client skill-update path (Claude Desktop, Cursor, etc.) works. +Implementation handoff for AgentKey-Server's hosted MCP endpoint (`/v1/mcp`). Tells the server maintainer exactly what to build so the cross-client skill-update path (Claude Desktop, Cursor, etc.) works. **Authoritative spec**: [protocol/skill-meta-v1.md](../protocol/skill-meta-v1.md). This doc is implementation guidance, not protocol; if it conflicts with the spec, the spec wins. @@ -90,7 +90,7 @@ async function fetchFromGitHub(prevEtag?: string): Promise { "https://api.github.com/repos/chainbase-labs/agentkey/releases/latest", { headers: { - "User-Agent": "@agentkey/mcp", + "User-Agent": "AgentKey-Server", ...(prevEtag ? { "If-None-Match": prevEtag } : {}), }, signal: AbortSignal.timeout(3000), @@ -230,7 +230,7 @@ export async function handleSkillMeta() { Add a CI workflow on the server side that diffs the vendored schema against this repo's authoritative copy: ```yaml -# .github/workflows/protocol-drift.yml (in @agentkey/mcp repo) +# .github/workflows/protocol-drift.yml (in AgentKey-Server repo) on: pull_request: schedule: [{cron: '0 12 * * 1'}] @@ -285,9 +285,9 @@ Honor the env var `AGENTKEY_NO_VERSION_BEACON=1`: tool stays registered (so the ## Release coordination with this repo -1. Implement and merge in `@agentkey/mcp` -2. `npm publish` a new version -3. (Verify) Any user with `npx -y @agentkey/mcp` in their config will pick it up on next agent restart automatically +1. Implement and merge in AgentKey-Server +2. Deploy to production (hosted MCP endpoint at `https://api.agentkey.app/v1/mcp`) +3. (Verify) Any user whose MCP config points at `/v1/mcp` picks it up on next agent restart automatically — no client-side upgrade required 4. In this repo, a new skill release (`v1.4.0`) ships the SKILL.md rule that reads the metadata tool 5. Existing skill versions (≤1.3.x) silently ignore the new tool — no regression; they continue to use the inline bash path on Claude Code and have no upgrade path on Desktop (status quo) 6. New skill versions (≥1.4.0) work everywhere diff --git a/protocol/skill-meta-v1.md b/protocol/skill-meta-v1.md index b83bed0..167c2b5 100644 --- a/protocol/skill-meta-v1.md +++ b/protocol/skill-meta-v1.md @@ -1,6 +1,6 @@ # AgentKey Skill-Meta Protocol v1 -Contract between **`@agentkey/mcp`** (server, npm package) and **`chainbase-labs/agentkey`** (this skill repo). The server publishes the skill's latest version + client-specific upgrade instructions via a dedicated MCP tool; the skill (via the agent) reads it and tells the user how to upgrade. +Contract between **AgentKey-Server** (the hosted MCP server at `/v1/mcp`) and **`chainbase-labs/agentkey`** (this skill repo). The server publishes the skill's latest version + client-specific upgrade instructions via a dedicated MCP tool; the skill (via the agent) reads it and tells the user how to upgrade. This protocol exists because some MCP clients — notably Claude Desktop — cannot execute the inline `bash` block in `SKILL.md` Step 0, so the in-skill update-check path silently fails there. Routing the check through the always-on MCP server makes upgrades discoverable on every client. @@ -171,4 +171,4 @@ The server's own CI MUST validate every `SkillMetaResponse` it emits against thi - [example-response-claude-code.json](./example-response-claude-code.json) — fixture for Code client - [example-response-unknown-client.json](./example-response-unknown-client.json) — fixture for unrecognized client - [example-response-offline.json](./example-response-offline.json) — fixture for the server-offline / rate-limited failure mode -- [docs/SERVER-IMPLEMENTATION.md](../docs/SERVER-IMPLEMENTATION.md) — implementation guide for `@agentkey/mcp` maintainers +- [docs/SERVER-IMPLEMENTATION.md](../docs/SERVER-IMPLEMENTATION.md) — implementation guide for AgentKey-Server maintainers diff --git a/scripts/install.ps1 b/scripts/install.ps1 index ac8b616..4bb74f7 100644 --- a/scripts/install.ps1 +++ b/scripts/install.ps1 @@ -11,7 +11,7 @@ Behavior mirrors install.sh: checks Node >= 18 (installs via winget/scoop/choco), auto-detects which AI agents are installed and runs `npx skills add` for them, - then `npx @agentkey/mcp --auth-login` for device auth. The auth step opens a + then `npx @agentkey/cli --auth-login` for device auth. The auth step opens a local browser by default; under SSH / Docker / OpenClaw it switches to a QR + URL flow that the user scans on a phone (`--no-browser` server-side flag). MCP config is written automatically for Claude Code / Claude Desktop / Cursor. @@ -35,7 +35,7 @@ param( $ErrorActionPreference = 'Stop' $SkillRepo = 'chainbase-labs/agentkey' -$McpPackage = '@agentkey/mcp' +$CliPackage = '@agentkey/cli' $NodeMinMajor = 18 # ── Agent markers (mirror of install.sh) ────────────────────────────────── @@ -378,7 +378,7 @@ if ($SkipMcp) { # Telemetry context for install_completed. Opt-out is honored at the # SOURCE: when AGENTKEY_TELEMETRY=0, no other context env vars are # exported — hostname-derived fingerprint, agent lists, and installer - # flags are never computed nor passed to the child `npx @agentkey/mcp` + # flags are never computed nor passed to the child `npx @agentkey/cli` # process. The server treats AGENTKEY_TELEMETRY=0 as a hard skip. if ($NoTelemetry -or (Test-Path -LiteralPath $TelemetryOptOutFile)) { $env:AGENTKEY_TELEMETRY = '0' @@ -403,10 +403,10 @@ if ($SkipMcp) { $env:AGENTKEY_DEVICE_FINGERPRINT = $DeviceFingerprint } - & npx -y $McpPackage @authArgs + & npx -y $CliPackage @authArgs if ($LASTEXITCODE -ne 0) { Write-Err 'MCP auth failed.' - Write-Muted "Retry manually: npx -y $McpPackage $($authArgs -join ' ')" + Write-Muted "Retry manually: npx -y $CliPackage $($authArgs -join ' ')" exit 1 } Write-Ok 'MCP server registered' diff --git a/scripts/install.sh b/scripts/install.sh index 4c1e8c3..a0be721 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -18,7 +18,7 @@ set -euo pipefail # ── Constants ───────────────────────────────────────────────────────────── SKILL_REPO="chainbase-labs/agentkey" -MCP_PACKAGE="@agentkey/mcp" +CLI_PACKAGE="@agentkey/cli" NODE_MIN_MAJOR=18 # ── Agent markers ───────────────────────────────────────────────────────── @@ -517,7 +517,7 @@ main() { # the SOURCE: when AGENTKEY_TELEMETRY=0, no other context env vars # are exported — hostname-derived fingerprint, agent lists, and # installer flags are never computed nor passed to the child - # `npx @agentkey/mcp` process. The server treats AGENTKEY_TELEMETRY=0 + # `npx @agentkey/cli` process. The server treats AGENTKEY_TELEMETRY=0 # as a hard skip. if $NO_TELEMETRY || [ -f "$TELEMETRY_OPT_OUT_FILE" ]; then export AGENTKEY_TELEMETRY=0 @@ -534,9 +534,9 @@ main() { export AGENTKEY_DEVICE_FINGERPRINT="$(compute_device_fingerprint "$PLATFORM")" fi - if ! npx -y "$MCP_PACKAGE" "${AUTH_ARGS[@]}"; then + if ! npx -y "$CLI_PACKAGE" "${AUTH_ARGS[@]}"; then ui_error "MCP auth failed." - ui_muted "Retry manually: npx -y $MCP_PACKAGE ${AUTH_ARGS[*]}" + ui_muted "Retry manually: npx -y $CLI_PACKAGE ${AUTH_ARGS[*]}" exit 1 fi ui_ok "MCP server registered" diff --git a/scripts/uninstall.ps1 b/scripts/uninstall.ps1 index 46879ef..93330d3 100644 --- a/scripts/uninstall.ps1 +++ b/scripts/uninstall.ps1 @@ -260,13 +260,20 @@ Write-Step '6. npm / npx caches' if (Get-Command npm -ErrorAction SilentlyContinue) { $globalList = & npm list -g --depth=0 2>$null - if ($globalList -and ($globalList -match '@agentkey/mcp')) { - Write-Info 'Uninstalling global @agentkey/mcp ...' - & npm uninstall -g '@agentkey/mcp' 2>$null | Out-Null - if ($LASTEXITCODE -eq 0) { Write-Ok 'Removed @agentkey/mcp' } - else { Write-Warn2 'Could not remove @agentkey/mcp' } - } else { - Write-Skip 'Global @agentkey/mcp not installed' + $removedAny = $false + # Sweep both the current package name and the legacy v0.x name so users + # who installed before the @agentkey/mcp → @agentkey/cli rename get a + # clean uninstall. + foreach ($pkg in @('@agentkey/cli', '@agentkey/mcp')) { + if ($globalList -and ($globalList -match [regex]::Escape($pkg))) { + Write-Info "Uninstalling global $pkg ..." + & npm uninstall -g $pkg 2>$null | Out-Null + if ($LASTEXITCODE -eq 0) { Write-Ok "Removed $pkg"; $removedAny = $true } + else { Write-Warn2 "Could not remove $pkg" } + } + } + if (-not $removedAny) { + Write-Skip 'No global @agentkey/cli or @agentkey/mcp installed' } } else { Write-Skip 'npm not on PATH' diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 0dfafd6..9110537 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -293,15 +293,24 @@ $md_changed || skipped "No removable AgentKey section in CLAUDE.md" step "7. npm / npx caches" if command -v npm >/dev/null 2>&1; then - if npm list -g --depth=0 2>/dev/null | grep -q "@agentkey/mcp"; then - info "Uninstalling global @agentkey/mcp ..." - if npm uninstall -g @agentkey/mcp >/dev/null 2>&1; then - ok "Removed @agentkey/mcp" - else - warn "Could not remove @agentkey/mcp — try: npm uninstall -g @agentkey/mcp" + _global_list="$(npm list -g --depth=0 2>/dev/null || true)" + _removed_any=false + # Sweep both the current package name and the legacy v0.x name so + # users who installed before the @agentkey/mcp → @agentkey/cli rename + # get a clean uninstall. + for _pkg in "@agentkey/cli" "@agentkey/mcp"; do + if echo "$_global_list" | grep -q "$_pkg"; then + info "Uninstalling global $_pkg ..." + if npm uninstall -g "$_pkg" >/dev/null 2>&1; then + ok "Removed $_pkg" + _removed_any=true + else + warn "Could not remove $_pkg — try: npm uninstall -g $_pkg" + fi fi - else - skipped "Global @agentkey/mcp not installed" + done + if ! $_removed_any; then + skipped "No global @agentkey/cli or @agentkey/mcp installed" fi else skipped "npm not on PATH" diff --git a/skills/agentkey/SKILL.md b/skills/agentkey/SKILL.md index e8c05d5..335273e 100644 --- a/skills/agentkey/SKILL.md +++ b/skills/agentkey/SKILL.md @@ -193,10 +193,10 @@ Then route by intent: The skill is useless without the AgentKey MCP server registered with the user's agent. Install / re-auth in one shot — run this in the user's shell: ``` -! npx -y @agentkey/mcp --auth-login +! npx -y @agentkey/cli --auth-login ``` -What it does: opens a browser to mint an API key, then registers the AgentKey MCP server with the user's agent. The skill itself does not write any files; that work is performed by the separate `@agentkey/mcp` CLI. See `SECURITY.md` in the repo root for the full list of supported clients and the exact files the CLI touches. +What it does: opens a browser to mint an API key, then registers the AgentKey MCP server with the user's agent. The skill itself does not write any files; that work is performed by the separate `@agentkey/cli` package. See `SECURITY.md` in the repo root for the full list of supported clients and the exact files the CLI touches. When the command finishes, tell the user verbatim: @@ -214,9 +214,9 @@ If the user's agent is **Codex / OpenCode / Gemini CLI / Linux Claude Desktop / { "mcpServers": { "agentkey": { - "command": "npx", - "args": ["-y", "@agentkey/mcp"], - "env": { "AGENTKEY_API_KEY": "ak_..." } + "type": "http", + "url": "https://api.agentkey.app/v1/mcp", + "headers": { "Authorization": "Bearer ak_..." } } } }