Phase 1: Volcano Ark MCP marketplace registration (PoC)

[hanwencheng]

Context

Volcano Ark (ByteDance's Doubao MCP marketplace) is the second rail for M1 — proof that the AgentKeys MCP server (#107) doesn't only work with xiaozhi-server, it works with at least one independent MCP host. Per agent-iam-strategy.md §5 Phase 2, this PoC is M1's bridge to M2's vendor-pilot work.

Per tuya-vs-xiaozhi.md Phase 3a: VERIFIED FEASIBLE. Open international developer signup, no PRC entity required. This contrasts with AliGenie (partnership-gated) and Xiaomi (deferred).

The cross-rail proof is the moat demo: same agentkeys_user_wallet reads identical memory whether the request comes from xiaozhi-server's LLM or a Doubao agent. That's "Agent IAM works across runtimes."

Scope (M1)

• Deploy production MCP server at mcp.agentkeys.io — TLS via Let's Encrypt, single-region for v0 (multi-region in M2). The MCP server image from Phase 1: AgentKeys MCP server — 7 active tools + 3 schema-only #107 + a thin deploy layer (Caddy or Cloudflare Tunnel + the Python process under systemd or in a container).
• Register in Volcano Ark MCP marketplace — follow their submission flow as an international developer. Submit listing with screenshots + tool inventory + integration docs.
• Vendor onboarding token — issue a Bearer token specifically for Doubao agents to authenticate as Volcengine customers. Token format follows the MCP server's per-vendor auth pattern from Phase 1: AgentKeys MCP server — 7 active tools + 3 schema-only #107.
• Per-actor scoping — Doubao agents pass X-AgentKeys-Actor header; the MCP server enforces per-actor isolation regardless of vendor.
• Live test — exercise a Doubao agent (sandbox / test Volcengine account) against the marketplace listing, prove tool calls succeed.

Out of scope (defer to M2)

• Production billing / paid tiers (use free demo tier for M1)
• High-availability multi-region (single us-east is fine for M1; multi-region in M2 once latency from CN-region Doubao agents is measured)
• Vendor self-service onboarding portal (M2 Phase 2: Tuya Cloud Development connector #114 — manual token issuance for M1)
• Marketing / featured-listing slot in the marketplace (organic listing is enough for the PoC)

Acceptance criteria

• mcp.agentkeys.io resolves with valid TLS + responds to MCP handshake from a test Volcano Ark client
• AgentKeys MCP server listed in the Volcano Ark marketplace with searchable name + clear tool inventory + onboarding docs
• A test Doubao agent successfully invokes agentkeys.memory.get from the marketplace listing (full round-trip: marketplace → Doubao runtime → AgentKeys MCP → memory worker → S3 → response)
• Cross-rail test: same actor's memory write via xiaozhi-server returns identical content when read via Doubao MCP (proves both rails hit the same backend per actor)
• Bearer-token auth verified by negative test: missing token → 401, wrong actor → 403
• Demo run: vendor watches the cross-rail test live + audit feed shows both rail's events with the same actor_omni

Risks

Risk	Mitigation
Volcano Ark marketplace approval takes longer than expected (paperwork lag)	Start the submission in week 1 of M1; #107 + #110 work happens in parallel; if approval blocks, the PoC ships as direct API access without marketplace listing
Doubao runtime interprets MCP spec differently than xiaozhi-server	The MCP server (#107) is the abstraction; if Doubao quirks need handling, they live in #107's adapter layer, not in this issue
Latency from CN-region Doubao to US-region MCP is too high for a smooth demo	M1 ships single-region; M2 multi-region. If latency is a demo-killer, deploy a CN-region replica before M1 demos to Chinese vendors
Volcano Ark TOS conflicts with our cross-vendor positioning	Read the developer TOS carefully before signup; per tuya-vs-xiaozhi.md it's open international with no exclusivity, but verify before committing

References

• docs/spec/plans/milestones-roadmap.md §2 (M1 scope) + §3 (M2 builds on this for full marketplace ops)
• docs/research/volcano-ark-mcp-integration.md — full integration architecture (Pattern B: hosted MCP server) + tool inventory
• docs/research/tuya-vs-xiaozhi.md — Phase 3a Volcano Ark feasibility verdict
• docs/research/agent-iam-strategy.md §5 Phase 2 (where Volcano Ark sits in the broader sequencing)
• Phase 1: AgentKeys MCP server — 7 active tools + 3 schema-only #107 (MCP server — this issue deploys + registers what Phase 1: AgentKeys MCP server — 7 active tools + 3 schema-only #107 builds)
• Demo: aiosandbox + Hermes + AgentKeys on ESP32 hardware #103 (xiaozhi rail — the parallel first rail this proves alongside)

Effort

~1 week. Sequencing:

1. (Day 1-2) Production deploy of MCP server at mcp.agentkeys.io — TLS, monitoring, supervised process
2. (Day 2-3) Volcano Ark international developer signup + marketplace submission
3. (Day 4-5) Wait for approval / iterate on submission feedback
4. (Day 5-7) Live integration test with a Doubao test agent; cross-rail proof; demo capture

Approval timing is the long pole — start submission early.

Pickup notes for the next agent / developer

• Wait until Phase 1: AgentKeys MCP server — 7 active tools + 3 schema-only #107 (MCP server) is shippable before deploy. Don't deploy a half-built MCP server to the public listing.
• Volcano Ark signup is at https://www.volcengine.com/ — international developer flow. ByteDance accounts (TikTok / CapCut etc.) won't have access; you need a Volcengine developer account specifically.
• Marketplace submission flow lives at https://mcp.so — the Volcengine MCP page is the host. Submit via the linked form there.
• Single-region (us-east-1) is fine for M1. Don't gold-plate multi-region.
• Watch for: the cross-rail test is the whole point. If you skip it, the marketplace listing is just another deploy. The cross-rail proof is what makes this issue meaningful.
• Use the /agentkeys-issue-create skill for follow-up issues (e.g., "Volcano Ark marketplace listing copy improvements")