Skip to content

feat: smooth agent BYO-LLM onboarding — self-healing remediation + self-documenting MCP tools + first-time-setup docs#302

Merged
mkreyman merged 2 commits into
masterfrom
feat/agent-llm-onboarding
Jul 4, 2026
Merged

feat: smooth agent BYO-LLM onboarding — self-healing remediation + self-documenting MCP tools + first-time-setup docs#302
mkreyman merged 2 commits into
masterfrom
feat/agent-llm-onboarding

Conversation

@mkreyman

@mkreyman mkreyman commented Jul 4, 2026

Copy link
Copy Markdown
Owner

Summary

Makes provisioning BYO LLM keys a smooth, discoverable, self-service experience a stranger agent can complete from docs + tool descriptions + self-healing errors alone. The mechanism already existed (PATCH /api/v1/tenants/me/llm-config + the set_llm_config MCP tool, role :user); this closes the onboarding gap around it. No security/role/chain-of-custody changes.

Self-healing remediation (server-side)

  • Loopctl.Llm.Remediation — one shared builder emitting a consistent, machine-readable, secret-free object: action, missing, credential, mcp_tool, example, api, docs, message. Distinguishes the missing credential — Anthropic api_key (ingest/classify/merge) vs OpenAI embedding_api_key (embeddings/semantic search).
  • Ingest no-key 422 (code: no_api_key) now carries error.remediation (Anthropic). The bare string is gone.
  • Search/context keyword-only degrade now carries meta.remediation only when fallback_reason == "no_embedding_key" — transient/provider fallbacks carry none (a key IS configured there, so "configure a key" would be wrong). Derives from the existing ProviderError-sanitized fallback_reason, so no key/body can leak.

Self-documenting MCP tools (mcp-server 2.33.1 → 2.34.0)

  • Rewrote set_llm_config / llm_config descriptions to fully onboard a stranger agent: WHAT (BYO, encrypted, never returned), WHY (required before ingest/search; loopctl fronts no cost), WHEN (once, at signup), the required LOOPCTL_USER_KEY, which key powers what, partial-merge, and the has_api_key/has_embedding_key status check.
  • knowledge_ingest / _batch / _search / _context results now lead with an ACTION REQUIRED notice built from the server remediation, so an agent that skips setup reads the exact next step (call set_llm_config) instead of a bare error.
  • README: new First-time setup section before the tool reference; updated tool-table + LOOPCTL_USER_KEY env rows; CHANGELOG entry.

Docs + signup hook

  • New docs/onboarding-agent-tenant.md — the authoritative agent-tenant sequence (WebAuthn L0 signup → provision keys → use ingest/search).
  • Added a "Provision your BYO LLM keys" step to the post-signup onboarding checklist (TenantOnboardingLive). Security-neutral display step — WebAuthn / chain-of-custody untouched. (The only concrete signup surface is this checklist; there is no getting-started API payload, so the doc is the authoritative sequence.)

Tests

  • Loopctl.Llm.Remediation unit test (shapes, missing-key names, no secret, for_fallback_reason mapping).
  • Ingest 422 remediation shape (names set_llm_config + api_key, api is a registered route, no secret).
  • Search no_embedding_key fallback carries the embedding remediation; a provider-error fallback carries none.
  • Node tests: tool descriptions carry the onboarding language; ingest/search results surface the remediation notice; no false positives.

Verification

  • mix compile --warnings-as-errors, format, credo --strict (0), dialyzer (0), full mix test3673 tests, 0 failures (via the pre-commit hook, 1.19/OTP28).
  • mcp-server: node --test test/*.test.js112 tests, 0 failures.

mkreyman added 2 commits July 3, 2026 21:49
…lf-documenting MCP tools + first-time-setup docs

loopctl is agent-native and strictly BYO: a tenant provisions its OWN
Anthropic + OpenAI embedding keys once, at onboarding, via set_llm_config
(role :user). This makes that a smooth, discoverable, self-service
experience a stranger agent can complete from docs + tool descriptions +
self-healing errors alone.

Self-healing remediation (server-side):
- New Loopctl.Llm.Remediation builder emits a consistent, machine-readable,
  secret-free object (action/missing/mcp_tool/example/api/docs/message),
  distinguishing the missing credential — Anthropic api_key (ingest/
  classify/merge) vs OpenAI embedding_api_key (embeddings/semantic search).
- Wired into the ingest no-key 422 (code no_api_key) and the search/context
  keyword-only degrade (meta.remediation when fallback_reason ==
  no_embedding_key). Transient/provider fallbacks carry no remediation
  (a key IS configured). Reuses the ProviderError-sanitized fallback_reason,
  so no key/body ever leaks.

Self-documenting MCP tools:
- Rewrote set_llm_config / llm_config descriptions to fully onboard a
  stranger agent (WHAT/WHY/WHEN, required LOOPCTL_USER_KEY, which key powers
  what, partial-merge, has_api_key/has_embedding_key status check).
- knowledge_ingest/_batch/_search/_context results now LEAD with an
  ACTION REQUIRED notice built from the server remediation.
- Bumped mcp-server 2.33.1 -> 2.34.0 + CHANGELOG; README first-time-setup
  section + updated tool-table/env rows.

Docs + signup hook:
- New docs/onboarding-agent-tenant.md (WebAuthn L0 signup -> provision keys
  -> use ingest/search) as the authoritative sequence.
- Added a "Provision your BYO LLM keys" step to the post-signup onboarding
  checklist (security-neutral; WebAuthn/chain-of-custody untouched).

Tests: remediation builder unit test; ingest 422 + search no_embedding_key
remediation shape (names set_llm_config + the right missing key, never a
secret); node tests for tool descriptions + result remediation surfacing.
Closes the two LOW test-coverage gaps from the enhanced review of #302:

1. /knowledge/context remediation path: the existing fallback test mocked
   generate_embedding/2 -> {:error, :service_unavailable}, which sanitizes to
   the generic "embedding_error" tag (no remediation). Add a test mocking
   {:error, :no_api_key} and assert meta.fallback_reason == "no_embedding_key"
   AND meta.remediation names set_llm_config + missing == ["embedding_api_key"],
   with the same no-secret-leak guard as the search/ingest tests.

2. The new "Provision your BYO LLM keys" onboarding step had no render
   assertion. Assert the rendered onboarding checklist contains the step title
   and set_llm_config (static display text only).
@mkreyman mkreyman marked this pull request as ready for review July 4, 2026 04:14
@mkreyman mkreyman merged commit 70b086c into master Jul 4, 2026
10 checks passed
@mkreyman mkreyman deleted the feat/agent-llm-onboarding branch July 4, 2026 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant