Fix/update docs for secrets tags

[rholinshead]

Description

We're no longer using !developer_secret tags so update remaining documentation

Summary by CodeRabbit

• Documentation
  • Added Cloud Secrets guidance and examples, including a secrets YAML snippet in Getting Started and a new Cloud Secrets tab in Configuration.
  • Overhauled CLI README to simplify deployment/configuration flows and clarify developer vs. user secrets; removed legacy SECRETS doc.
  • Expanded asyncio example with detailed cloud deployment steps and sample outputs.
  • Updated example READMEs: improved tables/formatting, added tools (workflows-get_status, workflows-resume), and introduced company_information parameter for cover_letter_writer_tool.
  • Minor formatting fixes and syntax highlighting improvements across multiple READMEs.

[coderabbitai]

Walkthrough

Adds cloud secrets documentation and examples, introduces a raw secrets example for cloud, updates multiple example READMEs (formatting and tool lists), significantly rewrites CLI README to simplify deploy/config flows and secret semantics, and removes the older SECRETS.md. No code or API exports changed.

Changes

Cohort / File(s)	Summary of Changes
Cloud Docs: Getting Started & Configuration docs/cloud/getting-started.mdx, docs/configuration.mdx	Added cloud secrets guidance and examples; introduced raw secrets YAML snippet (openai.api_key); added “Cloud Secrets” tabs (duplicated within section in configuration doc).
CLI Documentation Overhaul src/mcp_agent/cli/README.md	Reframed developer vs user secrets; simplified deploy/config CLI usage; updated Python usage to config-dir flow; removed extensive sections (direct secrets API, integrations, testing).
CLI Secrets Doc Removal src/mcp_agent/cli/SECRETS.md	Deleted legacy secrets workflow document.
Examples: MCP Agent Server (asyncio) examples/mcp_agent_server/asyncio/README.md	Expanded cloud deployment steps, added code/output samples, refined secrets processing summary, deployment readiness, and status outputs; minor formatting fixes.
Examples: Usecase – GitHub to Slack examples/usecases/mcp_github_to_slack_agent/README.md	Formatting updates; expanded default tools list (added workflow-run/status/resume/cancel); sample output now includes execution_id.
Examples: Workflows – Evaluator/Optimizer examples/workflows/workflow_evaluator_optimizer/README.md	Formatting; listed new tools (workflows-get_status, workflows-resume); expanded cover_letter_writer_tool with company_information param.
Examples: Workflows – Intent Classifier examples/workflows/workflow_intent_classifier/README.md	Formatting-only: spacing and table style changes.
Examples: Workflows – Orchestrator/Worker examples/workflows/workflow_orchestrator_worker/README.md	Formatting improvements, added bash fence, table restyle; no semantic changes.
Examples: Basic – Agents examples/basic/mcp_basic_agent/README.md, examples/basic/mcp_model_selector/README.md	Formatting-only: spacing, trimmed whitespace, and restyled settings tables.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant CLI as mcp-agent CLI
  participant Cloud as MCP Agent Cloud
  participant App as Deployed App

  rect rgb(235, 245, 255)
  note over Dev,CLI: Deploy (simplified, config-dir based)
  Dev->>CLI: mcp-agent deploy -c <config_dir>
  CLI->>CLI: Load config + raw secrets (cloud)
  CLI->>Cloud: Create app + register developer secrets
  Cloud-->>CLI: app_id, transformed secret refs
  CLI-->>Dev: Deployment output (app URL/status)
  end

  rect rgb(240, 255, 240)
  note over Dev,CLI: Configure
  Dev->>CLI: mcp-agent configure <app_id|server_url>
  CLI->>Dev: Prompt/select user secrets (as required)
  CLI->>Cloud: Store user secrets / config instance
  Cloud-->>CLI: Configuration complete
  CLI-->>Dev: Instance ready
  end

  rect rgb(255, 250, 235)
  note over App,Cloud: Run / Status / Control
  Dev->>Cloud: Trigger run / get_status / resume / cancel
  Cloud->>App: Launch with resolved secrets
  App-->>Cloud: Execution status (may include execution_id)
  Cloud-->>Dev: Status/result
  end

  note right of CLI: New docs emphasize simplified flows and raw cloud secrets example.

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Removing !developer_secrets from all docs #496 — Also modifies cloud secrets docs/examples and tagging conventions; likely intersects with raw secrets guidance added here.
• Fix: Update Deployment Secrets Processing UX #467 — Refactors CLI/cloud secrets workflow; overlaps with this PR’s CLI README overhaul and SECRETS.md removal.
• Docs MVP #436 — Edits the same cloud docs (getting-started, configuration) around secrets; content is adjacent to this PR.

Suggested reviewers

• saqadri
• andrew-lastmile
• alienzach

Poem

I stash my keys in clouds of YAML white,
Hop-hop deploy—config takes flight.
Secrets whisper, user or dev,
One simple path, no extra chev.
Tools now sing of status, resume—
A happy bun ships docs in bloom. 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Fix/update docs for secrets tags" is concise and directly related to the PR’s primary changes—documentation updates around secrets tagging (including removal of the !developer_secret usage) as described in the PR objectives and raw_summary—so it communicates the main intent to reviewers. It is short, focused on docs/secrets, and understandable when scanning history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/update-docs-for-secrets-tags

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

examples/workflows/workflow_evaluator_optimizer/README.md (1)

159-173: Confirm README tool names vs actual exports

The README in examples/workflows/workflow_evaluator_optimizer/README.md (lines ~160-165) uses singular names (workflow-list, workflow-run-list, workflow-run) which do not match the server/docs usage (plural workflows-... and workflow-specific workflows-<Workflow>-run). Update the README to the actual exposed tool identifiers (e.g. workflows-list, workflows-<Workflow>-run, workflows-get_status, workflows-resume, workflows-cancel) so they match the server registrations and other docs.

🧹 Nitpick comments (15)

docs/cloud/getting-started.mdx (2)

182-186: Add an explicit gitignore warning and cloud‑only note next to the secrets example.

Readers may accidentally commit keys, and some earlier text suggests env vars; cloud uses raw secrets only. Add a short warning below this block.

 ```yaml mcp_agent.secrets.yaml
 openai:
   api_key: "sk-..."

+
+Add mcp_agent.secrets.yaml to .gitignore. For cloud deployments, environment variables are not read—use this secrets file and the cloud configure flow.
+

---

`471-478`: **Potential confusion: Best Practices shows env vars in Python while cloud ignores env vars.**

Consider appending a note: “For local dev only; cloud deployments use mcp_agent.secrets.yaml and cloud configure.”

</blockquote></details>
<details>
<summary>examples/basic/mcp_basic_agent/README.md (1)</summary><blockquote>

`133-144`: **Standardize Inspector table labels to “SSE URL”.**

Other docs use “SSE URL”; align for consistency.


```diff
-| _SSE_            | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |
+| _SSE URL_        | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |

examples/basic/mcp_model_selector/README.md (1)

109-119: Unify Inspector label to “SSE URL”.

Keeps wording consistent with other pages.

-| _SSE_            | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |
+| _SSE URL_        | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |

docs/configuration.mdx (1)

693-704: Clarify that env vars are ignored on cloud.

Helps reconcile guidance with local env-var examples elsewhere in this page.

   <Tab title="Cloud Secrets">
-    For mcp-agent cloud deployments, only raw secrets (not environment variables) are supported:
+    For mcp-agent cloud deployments, only raw secrets are supported. Environment variables are ignored by cloud apps:
     
     ```yaml
     openai:
       api_key: "sk-..."
     ```
 
     During deployment, you will be prompted to specify which secrets should be used for the deployed app and which
     secrets will be excluded (and require a subsequent 'configure' command to configure with user secrets).
   </Tab>

examples/workflows/workflow_intent_classifier/README.md (1)

97-107: Use “SSE URL” label for Inspector.

Match the label used in other examples.

-| _SSE_            | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |
+| _SSE URL_        | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |

examples/workflows/workflow_orchestrator_worker/README.md (1)

112-122: Consistent Inspector label: “SSE URL”.

-| _SSE_            | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |
+| _SSE URL_        | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |

examples/usecases/mcp_github_to_slack_agent/README.md (2)

112-122: Align Inspector label to “SSE URL”.

-| _SSE_            | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |
+| _SSE URL_        | _https://[your-agent-server-id].deployments.mcp-agent.com/sse_ |

---

131-139: Fix tool description typos.

• “workflows-resume” should resume, not pause.
• Grammar: “Tools your agent exposes”.

 - MCP Agent Cloud Default Tools:
@@
-  - workflows-resume: signal workflow to pause run
+  - workflows-resume: resume a paused run
@@
-- Tool's that your agent expose:
+- Tools your agent exposes:

examples/mcp_agent_server/asyncio/README.md (4)

158-174: Add language to fenced blocks and fix capitalization.

• Add bash to the login command/code fences to satisfy MD040.
• “Github” → “GitHub”.

-```
+```bash
 uv run mcp-agent login

-2. You will be redirected to the login page, create an mcp-agent cloud account through Google or Github
+2. You will be redirected to the login page, create an mcp-agent cloud account through Google or GitHub

```diff
-```
+```bash
 andrew_lm@Mac sdk-cloud % uv run mcp-agent login
 INFO: Directing to MCP Agent Cloud API login...
 Please enter your API key 🔑:

---

`176-181`: **Use the correct app name in the deploy command.**

Earlier examples and output use “basic_agent_server”; this line uses “mcp_agent_server”. Align them.


```diff
-uv run mcp-agent deploy mcp_agent_server -c /absolute/path/to/your/project
+uv run mcp-agent deploy basic_agent_server -c /absolute/path/to/your/project

---

184-221: Mark output block with a language and redact realistic IDs.

• Add text to the large output block (MD040).
• Consider obfuscating IDs/URLs consistently.

-```
+```text
 andrew_lm@Mac sdk-cloud % uv run mcp-agent deploy basic_agent_server -c /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/
 ...
 INFO: App URL: https://770xdsp22y321prwv9rasdfasd9l5zj5.deployments.mcp-agent.com
 INFO: App Status: OFFLINE
 ▹▹▹▹▹ ✅ MCP App deployed successfully!

---

`196-213`: **Tighten the “Secrets Processing Summary” formatting.**

Add a language to the summary table fence and make the label match surrounding terminology (“Reused” → “♻️ Reused” is fine, but ensure consistency across docs).


```diff
-                  Secrets Processing Summary
+                  Secrets Processing Summary
+```text
 ┏━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┓
 ┃   Type    ┃ Path           ┃ Handle/Status       ┃  Source  ┃
 ┡━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━┩
 │ Developer │ openai.api_key │ mcpac_sc...b1e4qwe9 │ ♻️ Reused │
 └───────────┴────────────────┴─────────────────────┴──────────┘
 
 Summary: 0 new secrets created, 1 existing secrets reused
 SUCCESS: Secrets file processed successfully
 INFO: Transformed secrets file written to /Users/andrew_lm/Documents/GitHub/mcp-agent/examples/mcp_agent_server/asyncio/mcp_agent.deployed.secrets.yaml
-╭───────────────────────────────────────── Deployment Ready ───────────────────────────────────────────────╮
+``` 
+╭───────────────────────────────────────── Deployment Ready ───────────────────────────────────────────────╮

src/mcp_agent/cli/README.md (2)

80-86: Align example with “UUID strings” wording above.

Section “Secret IDs” says IDs are UUID strings. The example shows a prefixed handle. Use a plain UUID here or adjust the earlier wording.

-  key: mcpac_sc_123e4567-e89b-12d3-a456-426614174000 # Deployment secret transformed to UUID
+  key: 123e4567-e89b-12d3-a456-426614174000 # Deployment secret transformed to UUID

Alternatively, change the “Secret IDs” text to “opaque IDs (often UUIDs with a prefix)”.

---

131-135: Fix Python snippet syntax (commas and quotes).

Current example won’t parse.

 await deploy_config(
-   app_name="My MCP Agent App"
-   config_dir="path/to/project/configuration,
+   app_name="My MCP Agent App",
+   config_dir="path/to/project/configuration",
    api_key="your-api-key",
-   non_interactive=True
+   non_interactive=True,
 )

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 78dd3a0 and 783cc82.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (11)

• docs/cloud/getting-started.mdx (1 hunks)
• docs/configuration.mdx (1 hunks)
• examples/basic/mcp_basic_agent/README.md (2 hunks)
• examples/basic/mcp_model_selector/README.md (2 hunks)
• examples/mcp_agent_server/asyncio/README.md (3 hunks)
• examples/usecases/mcp_github_to_slack_agent/README.md (2 hunks)
• examples/workflows/workflow_evaluator_optimizer/README.md (3 hunks)
• examples/workflows/workflow_intent_classifier/README.md (2 hunks)
• examples/workflows/workflow_orchestrator_worker/README.md (2 hunks)
• src/mcp_agent/cli/README.md (4 hunks)
• src/mcp_agent/cli/SECRETS.md (0 hunks)

💤 Files with no reviewable changes (1)

• src/mcp_agent/cli/SECRETS.md

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

examples/mcp_agent_server/asyncio/README.md

177-177: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: checks / test

🔇 Additional comments (4)

examples/workflows/workflow_evaluator_optimizer/README.md (1)

144-149: Inspector table looks good.

Labels and formatting are clear and consistent with proposed standard.

examples/usecases/mcp_github_to_slack_agent/README.md (1)

143-149: LGTM: sample now includes execution_id.

The added field improves parity with get_status output.

src/mcp_agent/cli/README.md (2)

42-49: Rewording looks good and matches the removal of !developer_secret.

Clear distinction between developer vs user secrets. No references to !developer_secret remain.

Confirm that retaining the !user_secret placeholder is intentional and still supported by the toolchain.

---

100-105: CLI deploy syntax LGTM.

Single -c config dir flow is clearer and consistent with the README changes.