Removing !developer_secrets from all docs

[andrew-lastmile]

Removing instructions for !developer_secrets

Summary by CodeRabbit

• Documentation

  • Simplified secrets guidance across cloud docs and examples: removed explicit secrets YAML snippets and !developer_secret examples; now describe an interactive, deployment-time secrets flow.
  • Added notes about secrets handling during deployment and removed cloud-secrets UI guidance in configuration.
  • Expanded connection guidance with Claude Desktop integration, MCP Inspector instructions, monitoring tips, and tool listings in workflow docs.
  • Reorganized and renumbered deploy/connect steps for clarity.

• Style

  • Normalized “Developer Secrets” header enumeration in CLI README.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Documentation removes explicit mcp_agent.secrets.yaml and !developer_secret examples across cloud docs and examples, replacing them with narrative guidance that secrets are managed interactively during deployment; minor step reordering and one CLI heading tweak. No code or API changes.

Changes

Cohort / File(s)	Summary of Changes
Cloud docs: secrets guidance removal docs/cloud/agent-server.mdx, docs/cloud/getting-started.mdx, docs/cloud/overview.mdx	Removed mcp_agent.secrets.yaml examples and !developer_secret references; updated deploy steps to describe interactive, deployment-time secrets handling; added MCP Inspector info in getting-started and a Note in overview.
Configuration: secrets management tabs docs/configuration.mdx	Removed Cloud Secrets tab content and associated !developer_secret guidance; retained other secrets approaches (separate secrets file, env vars).
Examples: basic agents examples/basic/mcp_basic_agent/README.md, examples/basic/mcp_model_selector/README.md	Deleted explicit secrets YAML snippets; changed deploy steps to single-command flow; added deployment-time secrets note; expanded connect guidance (Claude Desktop integration in model selector).
Examples: asyncio server examples/mcp_agent_server/asyncio/README.md	Removed pre-provisioned secrets YAML step; reordered to interactive CLI secret prompts during deploy; minor text fixes.
Examples: use cases & workflows examples/usecases/mcp_github_to_slack_agent/README.md, examples/workflows/*	Removed developer-secrets YAML instructions across workflow and use-case READMEs; standardized deploy command step; inserted deployment-time secrets note; added/expanded connect and monitoring guidance (Claude Desktop, MCP Inspector, available tools in evaluator-optimizer).
CLI docs src/mcp_agent/cli/README.md	Adjusted “Developer Secrets” list item to remove explicit !developer_secret tag mention and normalized numbering/heading.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant CLI as mcp-agent CLI
  participant Cloud as MCP Agent Cloud
  participant SM as Secrets Manager
  participant Agent as Deployed Agent

  Dev->>CLI: mcp-agent deploy <app>
  CLI->>Cloud: Initiate deployment
  Cloud-->>CLI: Ask how to handle secrets
  CLI->>Dev: Prompt for secrets (interactive)
  Dev-->>CLI: Provide secret values / choose management
  CLI->>SM: Store secrets / request handles
  SM-->>CLI: Return secret handles
  CLI->>Cloud: Submit deployment with secret handles
  Cloud->>Agent: Provision and start
  Agent-->>Dev: Endpoint / ready
  note over CLI,Cloud: Errors surfaced if secret validation fails

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Feat: add mcp_marketing_assistant_agent use case #338 — Adds/removes example mcp_agent.secrets.yaml files; directly touches same secrets-file examples.
• Make mcp_basic_agent cloud ready #450 — Modifies cloud deployment examples for basic agents; overlaps with these README changes.
• Docs MVP #436 — Edits cloud documentation pages (getting-started, overview, agent-server); related doc changes.

Suggested reviewers

• rholinshead
• saqadri

Poem

A rabbit hops to hit deploy,
No YAML keys to spoil the joy—
The cloud will ask, you kindly say,
"Store it safe, and send away."
Agent wakes, the inspector beams—
Carrots, logs, and sweeter dreams 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The PR title accurately and concisely summarizes the primary change: removing the !developer_secret developer-secrets instructions from documentation across multiple docs and example READMEs, which aligns with the provided file-level summaries showing deleted YAML secret blocks and a shift to deployment-time secrets flow. It is specific, short, and clearly communicates the main intent of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch andrew-docs-remove-developer-secrets

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (6)

examples/usecases/mcp_github_to_slack_agent/README.md (1)

128-140: Fix tool description and grammar.

• “workflows-resume: signal workflow to pause run” should say “resume run”.
• “Tool's that your agent expose” → “Tools that your agent exposes”.

-  - workflows-resume: signal workflow to pause run
+  - workflows-resume: resume a paused run
- - Tool's that your agent expose:
-  - github_to_slack: default of your tool name, input the parameters to trigger a workflow run
+ - Tools that your agent exposes:
+  - github_to_slack: default tool name; provide parameters to trigger a workflow run

examples/mcp_agent_server/asyncio/README.md (2)

159-176: Add languages to fenced code blocks (MD040).

Mark code fences with languages for login/output/deploy snippets.

-```
+```bash
 uv run mcp-agent login

- +text
andrew_lm@Mac sdk-cloud % uv run mcp-agent login
INFO: Directing to MCP Agent Cloud API login...
Please enter your API key 🔑:

-```
+```bash
uv run mcp-agent deploy mcp_agent_server -c /absolute/path/to/your/project

---

`178-179`: **Typo: “ou” → “you”.**

```diff
-5. In the terminal, ou will then be prompted to specify your OpenAI and/or Anthropic keys:
+5. In the terminal, you will then be prompted to specify your OpenAI and/or Anthropic keys:

docs/cloud/getting-started.mdx (2)

72-76: Avoid implying a secrets “file” in the deploy steps

Wording still points users to a file-based flow. Align this with the new interactive secrets flow.

Apply:

-    2. Process your secrets file
+    2. Handle secrets via the interactive deployment flow

---

320-323: Remove lingering reference to mcp_agent.secrets.yaml and tighten phrasing

This section still mentions a secrets YAML file, which conflicts with the PR goal of moving away from file-based guidance.

Within the changed lines, update bullets:

-1. During `mcp-agent deploy`, you will be prompted through the secrets management flow
-2. Secrets are safely secured in MCP Agent Cloud
+1. During `mcp-agent deploy`, you’ll be guided through an interactive secrets flow.
+2. Secrets are securely stored and injected by MCP Agent Cloud at runtime.

Additionally, update the section lead-in (Line 320) to remove the file reference:

### Secrets Management

MCP Agent Cloud securely handles secrets during deployment:

docs/cloud/overview.mdx (1)

56-57: Good addition; consider cross-linking and consistent phrasing

The new note looks good. For consistency with Getting Started, consider: “During deploy, you’ll be guided through an interactive secrets flow.” Optionally add a link to the “Secrets Management” section in Getting Started.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8b2550e and d880ab4.

📒 Files selected for processing (12)

• docs/cloud/agent-server.mdx (0 hunks)
• docs/cloud/getting-started.mdx (2 hunks)
• docs/cloud/overview.mdx (1 hunks)
• docs/configuration.mdx (0 hunks)
• examples/basic/mcp_basic_agent/README.md (1 hunks)
• examples/basic/mcp_model_selector/README.md (1 hunks)
• examples/mcp_agent_server/asyncio/README.md (1 hunks)
• examples/usecases/mcp_github_to_slack_agent/README.md (1 hunks)
• examples/workflows/workflow_evaluator_optimizer/README.md (1 hunks)
• examples/workflows/workflow_intent_classifier/README.md (1 hunks)
• examples/workflows/workflow_orchestrator_worker/README.md (1 hunks)
• src/mcp_agent/cli/README.md (1 hunks)

💤 Files with no reviewable changes (2)

• docs/configuration.mdx
• docs/cloud/agent-server.mdx

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

examples/mcp_agent_server/asyncio/README.md

159-159: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

167-167: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

174-174: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (6)

examples/workflows/workflow_orchestrator_worker/README.md (1)

79-86: LGTM on removing explicit developer-secrets YAML and adding deployment-time secrets note.

The updated flow is clearer and consistent with the PR objective.

examples/basic/mcp_basic_agent/README.md (1)

99-106: LGTM on removing developer-secrets YAML and clarifying deployment-time secrets.

The new flow is concise and aligns with the PR objective.

examples/basic/mcp_model_selector/README.md (1)

75-83: LGTM on secrets guidance update and connect section.

Consistent with the interactive secrets approach.

examples/workflows/workflow_intent_classifier/README.md (1)

63-71: LGTM on removing developer-secrets YAML and adding deployment-time note.

Matches the PR intent without losing necessary context.

src/mcp_agent/cli/README.md (1)

41-41: Remove remaining !developer_secret usage and align README examples with the PR objective.

README still shows !developer_secret in the secrets YAML; remove the developer-secret YAML block, clarify that developer secrets are created via the Secrets API or during deployment, and keep !user_secret placeholders.
Location: src/mcp_agent/cli/README.md (around lines 41, 70–77, 79–88).

Apply:

-```yaml
-# mcp_agent.secrets.yaml (separate secrets file)
-api:
-  key: !developer_secret API_KEY # Developer provides value through API_KEY environment variable
-
-database:
-  # User will provide this later - no environment variable specified
-  password: !user_secret
-```
+> Note: Developer secrets are created via the Secrets API or during deployment prompts. Do not store developer secret values in a local YAML file.
+
+```yaml
+# mcp_agent.secrets.yaml (optional: user placeholders only)
+database:
+  password: !user_secret
+```

Optional paragraph tweak: “When processed during deployment, developer secrets are referenced by UUIDs and user placeholders remain tags.”

examples/workflows/workflow_evaluator_optimizer/README.md (1)

154-167: Standardize tool names with other docs — confirm canonical CLI names

README (examples/workflows/workflow_evaluator_optimizer/README.md lines 154–167) uses singular tool names (workflow-list, workflow-run-list, workflow-run) while other docs use plural. Provide the authoritative tool names from the CLI/help (copy the CLI tool listing or --help output) and align all docs accordingly.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

examples/mcp_agent_server/asyncio/README.md (1)

183-207: Cloud output still references “Secrets file” and “Developer secret handle”—contradicts PR goal to remove developer_secrets.

Sanitize the deployment transcript to avoid implying secrets.yaml/developer-secret flows in cloud.

Apply this diff to redact the developer-secrets bits while keeping the gist of a successful deploy:

 andrew_lm@Mac sdk-cloud % uv run mcp-agent deploy basic_agent_server -c /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/
 ╭─────────────────────────────────────────────────── MCP Agent Deployment ────────────────────────────────────────────────────╮
 │ Configuration: /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/mcp_agent.config.yaml │
-│ Secrets file: /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/mcp_agent.secrets.yaml │
 │ Mode: DEPLOY                                                                                                                │
 ╰──────────────────────────────────────────────────────── LastMile AI ────────────────────────────────────────────────────────╯
 INFO: Using API at https://mcp-agent.com/api
 INFO: Checking for existing app ID for 'basic_agent_server'...
 SUCCESS: Found existing app with ID: app_dd3a033d-4f4b-4e33-b82c-aad9ec43c52f for name 'basic_agent_server'
-INFO: Processing secrets file...
-INFO: Found existing transformed secrets to use where applicable: 
-/Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/mcp_agent.deployed.secrets.yaml
-INFO: Loaded existing secrets configuration for reuse
-INFO: Reusing existing developer secret handle at 'openai.api_key': mcpac_sc_83d412fd-083e-4174-89b4-ecebb1e4cae9
-INFO: Transformed config written to /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/mcp_agent.deployed.secrets.yaml
-
-                  Secrets Processing Summary                   
-┏━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┓
-┃   Type    ┃ Path           ┃ Handle/Status       ┃  Source  ┃
-┡━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━┩
-│ Developer │ openai.api_key │ mcpac_sc...b1e4qwe9 │ ♻️ Reused │
-└───────────┴────────────────┴─────────────────────┴──────────┘
-
-Summary: 0 new secrets created, 1 existing secrets reused
-SUCCESS: Secrets file processed successfully
-INFO: Transformed secrets file written to /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/mcp_agent.deployed.secrets.yaml
+INFO: Capturing API keys via interactive prompts...
+SUCCESS: Secrets configured for deployment
 ╭───────────────────────────────────────── Deployment Ready ───────────────────────────────────────────────╮
 │ Ready to deploy MCP Agent with processed configuration                                                   │
 ╰──────────────────────────────────────────────────────────────────────────────────────────────────────────╯
 WARNING: Found a __main__ entrypoint in main.py. This will be ignored in the deployment.
 ▰▰▰▰▰▰▱ ✅ Bundled successfully
 ▹▹▹▹▹ Deploying MCP App bundle...INFO: App ID: app_ddde033d-21as-fe3s-b82c-aaae4243c52f
 INFO: App URL: https://770xdsp22y321prwv9rasdfasd9l5zj5.deployments.mcp-agent.com
 INFO: App Status: OFFLINE
 ▹▹▹▹▹ ✅ MCP App deployed successfully!

♻️ Duplicate comments (1)

examples/mcp_agent_server/asyncio/README.md (1)

178-179: Typo fix confirmed (“you”)—resolved.

Matches the prior review note.

🧹 Nitpick comments (6)

examples/mcp_agent_server/asyncio/README.md (6)

159-161: Add a language to the fenced code block (markdownlint MD040).

Use bash for CLI commands.

Apply this diff:

-```
+```bash
 uv run mcp-agent login

---

`167-171`: **Label transcript block with a language (markdownlint MD040).**

Use console for interactive prompts.

Apply this diff:

```diff
-```
+```console
 andrew_lm@Mac sdk-cloud % uv run mcp-agent login
 INFO: Directing to MCP Agent Cloud API login...
 Please enter your API key 🔑: 

---

`174-176`: **Add language to deploy command block (markdownlint MD040).**

Use bash.

Apply this diff:

```diff
-```
+```bash
 uv run mcp-agent deploy mcp_agent_server -c /absolute/path/to/your/project

---

`98-114`: **Clarify that secrets.yaml is optional for local dev; cloud deploy prompts for keys.**

Prevents confusion with the removal of developer_secrets.

Apply this diff:

```diff
-### API Keys
+### API keys (local development)
@@
-1. Copy the example secrets file:
+1. (Optional) Copy the example secrets file for local runs:
@@
-2. Edit `mcp_agent.secrets.yaml` to add your API keys:
+2. (Optional) Edit `mcp_agent.secrets.yaml` to add your API keys:
@@

anthropic:
api_key: "your-anthropic-api-key"
openai:
api_key: "your-openai-api-key"

+
+Note: For cloud deployments, you will be prompted to enter keys interactively during `mcp-agent deploy`; a local secrets file is not required.

---

25-37: “Synchronous tool” example is declared async; align code and imports.

Make it truly sync and import Context.

Apply this diff:

-from mcp_agent.app import MCPApp
+from mcp_agent.app import MCPApp, Context
@@
-# Synchronous tool – returns the final result to the caller
-@app.tool
-async def grade_story(story: str, app_ctx: Optional[Context] = None) -> str:
+# Synchronous tool – returns the final result to the caller
+@app.tool
+def grade_story(story: str, app_ctx: Optional[Context] = None) -> str:
@@
-    return "Report..."
+    return "Report..."

If Context is not a public type here, switch the annotation to Optional[object] instead.

---

356-357: Mark secrets file in Code Structure as optional.

Keeps docs consistent with interactive secrets in cloud.

Apply this diff:

-- `mcp_agent.secrets.yaml` - Contains API keys (not included in repository)
+- `mcp_agent.secrets.yaml` - Optional (local dev): contains API keys (not included in repository)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d880ab4 and 968a38f.

📒 Files selected for processing (1)

• examples/mcp_agent_server/asyncio/README.md (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

examples/mcp_agent_server/asyncio/README.md

159-159: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

167-167: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

174-174: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (1)

examples/mcp_agent_server/asyncio/README.md (1)

158-166: Login flow reorder reads better—LGTM.

The authentication and API-key setup steps are clearer and match the interactive flow.

[coderabbitai]

🛠️ Refactor suggestion

🧩 Analysis chain

Add a quick self-check to keep MD040 clean going forward.

Run markdownlint locally to verify no remaining MD040 in this file.

---

🏁 Script executed:

#!/bin/bash
# Verify fenced code blocks have languages
npx -y markdownlint-cli2 'examples/mcp_agent_server/asyncio/README.md' || true
rg -n '```$' examples/mcp_agent_server/asyncio/README.md

Length of output: 6704

---

Add markdownlint self-check and fix MD040 occurrences

markdownlint-cli2 found 50 errors in examples/mcp_agent_server/asyncio/README.md, including multiple MD040 (fenced code blocks missing language) — e.g. lines 102, 108, 121, 139, 159, 174, 181, 256, 293, 333. Action items:

• Add language tags to every ``` fence and fix the other lint issues (line-length, list numbering, blank lines).
• Add a CI or pre-commit check running npx -y markdownlint-cli2 and require no MD040 before merging; re-run the linter until clean.

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

159-159: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

167-167: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

174-174: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

181-181: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

In examples/mcp_agent_server/asyncio/README.md around lines 155 to 181, several
fenced code blocks lack language tags (MD040) and other markdownlint issues
exist; add appropriate language identifiers (bash, sh, or console) to every ```
fence (including at lines 102, 108, 121, 139, 159, 174, 181, etc.), fix other
lint problems such as line-length, list numbering, and required blank lines per
markdownlint rules, and add a CI/pre-commit step that runs npx -y
markdownlint-cli2 (failing on any MD040) so the linter must pass before merging.

[alienzach]

LGTM!

[rholinshead]

Thanks!

[rholinshead]

I didn't see your PR before I did the same. Your's is good, but we should also make some other changes in this README (e.g. see main...fix/update-docs-for-secrets-tags) and should delete src/mcp_agent/cli/SECRETS.md entirely to avoid confusion

[rholinshead]

Updated here -- #497