add managed auth tools (manage_auth_connections, manage_credentials, manage_credential_providers)

[masnwilliams]

Summary

Closes the largest agent-facing capability gap in the MCP server: setting up an authenticated browser session for a third-party site. Agents can now drive Kernel's managed auth flow end-to-end without a human in the loop (beyond the one-time hosted login).

What's added

• manage_auth_connections (full surface)
  • create — start managing auth for a profile + domain (optionally referencing a pre-stored credential by name, or an external provider like 1Password)
  • list / get / delete
  • login — kicks off a hosted login flow. Returns hosted_url (share with the user to sign in) and live_view_url (agent can watch). Triggers automatic re-auth if credentials are saved.
  • submit — provide field values, an MFA option ID, or an SSO button selector when the flow is awaiting_input. Agent inspects discovered_fields / mfa_options from get to know what's needed.
• manage_credentials (read-only)
  • list / get (SDK never returns values) / totp_code (current 6-digit code)
  • Intentionally no create/update/delete — credentials are stored by humans via dashboard/CLI so raw secrets never enter the agent's context. The agent references creds by name.
• manage_credential_providers (read-only)
  • list / get for external providers (e.g. 1Password). Same human-creates / agent-consumes pattern.

Agent flow

1. Human pre-stores netflix-mason credential in the Kernel dashboard.
2. Agent: manage_auth_connections create domain=netflix.com profile_name=mason credential_name=netflix-mason
3. Agent: manage_auth_connections login id=<conn_id> → shares hosted_url with user, or proceeds via re-auth.
4. Agent polls manage_auth_connections get until flow_status=SUCCESS (or flow_step=AWAITING_INPUT for MFA).
5. If MFA needed: manage_credentials totp_code <name> → manage_auth_connections submit fields={mfa_code: "123456"}.
6. Any future manage_browsers create profile_name=mason gets a logged-in session.

Test plan

• Local server starts; tools register without errors
• manage_auth_connections list returns existing connections for the authed user
• manage_auth_connections create + login returns a working hosted URL
• manage_credentials list returns names; totp_code returns a 6-digit code for a TOTP-enabled credential
• manage_credential_providers list returns configured providers (or empty list)

Tool count

Bumps from 10 → 13.

---

Note

Medium Risk
New auth/credential/TOTP surfaces touch login and secrets handling; design limits agent writes to credentials but login/submit and totp_code still need careful API behavior in production.

Overview
Adds managed auth to the MCP server so agents can drive Kernel login flows for third-party sites on profiles, without agents storing secrets.

manage_auth_connections wires to client.auth.connections: create (profile + domain, optional Kernel credential name or external provider path/auto), list/get/delete, login (hosted URL + live view), and submit for MFA fields, MFA option, or SSO selector. Create validates mutually exclusive credential options and optional proxy routing.

manage_credentials is read-only (list, get, totp_code) — no create/update/delete so raw secrets stay out of agent context.

manage_credential_providers is read-only (list, get) for org-configured providers (e.g. 1Password).

README updates the advertised tool count from 10 → 13. The diff also includes minor formatting on existing computer_action schemas and error text.

^{Reviewed by Cursor Bugbot for commit 9affca9. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mcp	Ready	Preview, Comment	May 25, 2026 3:28am

[firetiger-agent]

Monitoring Plan: Add managed-auth and credentials MCP tools

What this PR does: Registers three new MCP tool handlers — manage_auth_connections (full CRUD + login/submit on managed auth connections), manage_credentials (read-only: list, get, TOTP code fetch), and manage_credential_providers (read-only: list, get) — by adding ~450 lines to the MCP server route handler. The remaining diff is formatting-only changes to existing tools.

Intended effect: After deploy, AI agents using the MCP server can invoke these three tools. Successful calls will appear as spans on the already-active Kernel API backend endpoints (/auth/connections/*, /credentials/*, /org/credential_providers). Pre-deploy baseline on those endpoints: 210–983 calls/hr on auth connections, 144–173 calls/hr on credentials — both with 0 errors in the last 24h. Confirmation: first tool invocations produce new spans on those routes with no error status.

Risks:

• Tool registration crash — Railway HTTP 5xx rate (all routes); alert if > 15/hr sustained (baseline: 3–8/hr)
• Auth connection API errors — /auth/connections trace spans with status.code = 2; alert if any errors appear post-deploy (baseline: 0/hr)
• Credentials API errors — /credentials + /org/credential_providers trace spans with status.code = 2; alert if any errors appear post-deploy (baseline: 0/hr)
• SDK method missing at runtime — TypeError: Cannot read properties in Railway HTTP error logs; alert on any such log matching manage_auth_connections, manage_credentials, or manage_credential_providers
• TOTP misconfiguration — /credentials/{id_or_name}/totp-code returning 5xx; alert on any 5xx on this endpoint

Status updates will be posted automatically on this PR as monitoring progresses.

View agent

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 4aa97f9. Configure here.}