You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Combine release management + the agentkeys CLI into a single M6 deliverable. Both touch "how does a fresh operator get from zero to running"; doing them separately doubles the design work.
What gets deferred from M3 to M6
These were scaffolded in PR #132 (commits 3d40f35 + f48ca05) then dropped per #132 review feedback — they're real work, just not the priority right now.
Release management
.github/workflows/release.yml — multi-platform release build (linux x86_64/aarch64 + darwin arm64/x86_64) on `release: created` event. Builds binaries, attaches to GH Release with SHA-256 checksums.
.github/workflows/cargo-install-smoke.yml — weekly canary that runs `cargo install --git` end-to-end + the three-act storyboard. Catches Cargo.toml drift before users hit it.
scripts/install-mcp-server.sh — one-liner installer (`curl -fsSL .../install.sh | sh`). Detects OS+arch, downloads matching tarball from latest GH Release, verifies sha256, drops binary at `~/.local/bin`, prints wiring snippets.
Code signing for macOS: notarize via Apple Developer ID OR ship via Homebrew tap. Required to clear Gatekeeper without operators running `xattr -d com.apple.quarantine`.
agentkeys CLI
`agentkeys connect ` — wires the MCP server into a host's MCP config (Claude Code via `claude mcp add`, Codex via `~/.codex/config.toml` block, Claude Desktop via JSON merge, Cursor / Cline / Roo / Windsurf / Gemini CLI). Mirrors agentmemory's `agentmemory connect ` UX.
`agentkeys hook ` — the hook stdio JSON adapter referenced in Phase 3: LLM-host hook integration (Claude Code, Codex/ChatGPT, etc.) #133 (PreToolUse / PostToolUse / Stop / etc.). Subcommand on the same binary; reads host's hook JSON on stdin, calls the right MCP tool internally, returns the right block/allow shape.
`agentkeys provision ` — preserves the existing `agentkeys-cli` provisioner scope (Stage 6 OpenRouter / Brave / ElevenLabs flows in `provisioner-scripts/`).
Single binary, multiple subcommands: pattern is `agentkeys mcp-server` (current daemon), `agentkeys connect …`, `agentkeys hook …`, `agentkeys provision …`. The current `agentkeys-mcp-server` binary becomes a subcommand alias.
Why M6 (not M3)
The functional E2E gate is already in place via `scripts/mcp-demo-mode-e-stdio.sh` running on every PR (#132's `mcp-server.yml` update). That catches the protocol-level regressions release.yml would have caught. For now operators use:
…which works today on any Rust-toolchain machine. The full GitHub Release pipeline is a UX upgrade, not a correctness gate.
The agentkeys CLI consolidation makes sense once Phase 3 hooks (#133) lock down the `agentkeys hook` shape — building the CLI first would lock in the wrong abstraction.
`agentkeys connect claude-code` on a fresh machine results in a working MCP integration (verified by mode-e equivalent run through Claude Code's MCP loader)
Goal
Combine release management + the
agentkeysCLI into a single M6 deliverable. Both touch "how does a fresh operator get from zero to running"; doing them separately doubles the design work.What gets deferred from M3 to M6
These were scaffolded in PR #132 (commits 3d40f35 + f48ca05) then dropped per #132 review feedback — they're real work, just not the priority right now.
Release management
.github/workflows/release.yml— multi-platform release build (linux x86_64/aarch64 + darwin arm64/x86_64) on `release: created` event. Builds binaries, attaches to GH Release with SHA-256 checksums..github/workflows/cargo-install-smoke.yml— weekly canary that runs `cargo install --git` end-to-end + the three-act storyboard. Catches Cargo.toml drift before users hit it.scripts/install-mcp-server.sh— one-liner installer (`curl -fsSL .../install.sh | sh`). Detects OS+arch, downloads matching tarball from latest GH Release, verifies sha256, drops binary at `~/.local/bin`, prints wiring snippets.agentkeys CLI
Why M6 (not M3)
The functional E2E gate is already in place via `scripts/mcp-demo-mode-e-stdio.sh` running on every PR (#132's `mcp-server.yml` update). That catches the protocol-level regressions release.yml would have caught. For now operators use:
```bash
cargo install --git https://github.com/litentry/agentKeys agentkeys-mcp-server
```
…which works today on any Rust-toolchain machine. The full GitHub Release pipeline is a UX upgrade, not a correctness gate.
The agentkeys CLI consolidation makes sense once Phase 3 hooks (#133) lock down the `agentkeys hook` shape — building the CLI first would lock in the wrong abstraction.
Acceptance for M6
Out of scope (defer further)
References