Phase 3b: Hosted-LLM MCP deployment (xiaozhi / vendor-cloud) — broker-hosted mcp-endpoint

[hanwencheng]

Context

Per arch.md §22c.2 the MCP server (agentkeys-mcp-server) runs in two distinct places, keyed on where the LLM lives:

Runtime (§22c.2)	Where the LLM runs	Where the MCP server runs	Transport	Status
Local LLM / Task agent (Claude Code, Codex, Hermes-in-sandbox)	Co-located with the agent	stdio subprocess inside the agent's own env	stdio (DaemonBackend)	In active development (wire track: #141 merged, #149, #133)
Hosted LLM (xiaozhi, Doubao, vendor cloud)	Vendor's cloud, connects inward over WSS	A public always-on host (broker host today)	--transport mcp-endpoint (WSS behind nginx TLS)	Deferred — this issue

We are currently focusing only on the Local-LLM / Task-agent path (stdio MCP server installed into the agent's environment via the distribution channel, wired with agentkeys wire <runtime>). The Hosted-LLM path is parked for a future milestone.

Scope (future implementation)

The hosted path is the one scripts/setup-mcp-host.sh already targets — a broker-hosted agentkeys-mcp-server --transport mcp-endpoint reachable at wss://mcp.litentry.org/mcp_endpoint/..., that a remote vendor LLM (xiaozhi cloud / ESP32 companion / Doubao speaker) connects into. Deliverables when this is picked up:

• Promote setup-mcp-host.sh from standalone to a first-class, documented entry point (or fold into setup-broker-host.sh --with-mcp per its own header TODO).
• Vendor device → actor binding flow per arch.md §22c.4 (per-actor xiaozhi-vendor-token, JWT agentkeys.omni_account = O_agent_X, agentkeys.vendor).
• Per-actor IAM scoping verified for the hosted path (the four-layer isolation invariants in CLAUDE.md apply to vendor JWTs too).
• OpenAI-compatible proxy fallback for Tier-2 hosts with no hook surface, per arch.md §22d.3 (sequenced Phase 3b, after Phase 3: LLM-host hook integration (Claude Code, Codex/ChatGPT, etc.) #133 ships and one vendor pilot is on hooks).
• Operator runbook section for the hosted-MCP-endpoint deploy.

Why deferred

Per arch.md §22d.4 + agent-iam-strategy.md §2.4: hooks-first ordering covers the four strategically-important Tier-1 runtimes (Claude Code, Codex, Hermes, OpenClaw) with one investment and lower mission-creep risk. The hosted/proxy path is broader-reach but lower-priority and carries the §2.4 "don't become a Task Host" risk, so it waits until the Authority-Host position is established.

References

• arch.md §22c.2 (four backend runtimes), §22c.4 (vendor device pairing), §22d.3 (proxy fallback)
• scripts/setup-mcp-host.sh (existing broker-hosted mcp-endpoint deploy)
• Phase 3: LLM-host hook integration (Claude Code, Codex/ChatGPT, etc.) #133 (Phase 3 hook integration — the prerequisite Tier-1 work)
• Demo: aiosandbox + Hermes + AgentKeys on ESP32 hardware #103 (aiosandbox + Hermes + ESP32 demo — the hosted-hardware demo lineage)

🤖 Filed from the wire-architecture design discussion (Local-LLM focus; hosted-LLM parked here).