add managed auth tools (manage_auth_connections, manage_credentials, manage_credential_providers)

[masnwilliams]

Summary

Closes the largest agent-facing capability gap in the MCP server: setting up an authenticated browser session for a third-party site. Agents can now drive Kernel's managed auth flow end-to-end without a human in the loop (beyond the one-time hosted login).

What's added

• manage_auth_connections (full surface)
  • create — start managing auth for a profile + domain (optionally referencing a pre-stored credential by name, or an external provider like 1Password)
  • list / get / delete
  • login — kicks off a hosted login flow. Returns hosted_url (share with the user to sign in) and live_view_url (agent can watch). Triggers automatic re-auth if credentials are saved.
  • submit — provide field values, an MFA option ID, or an SSO button selector when the flow is awaiting_input. Agent inspects discovered_fields / mfa_options from get to know what's needed.
• manage_credentials (full CRUD)
  • list / get (SDK never returns values) / totp_code (current 6-digit code)
  • create / update / delete — agents can store and rotate credentials directly. Values, sso_provider, and totp_secret are all settable.
• manage_credential_providers (full CRUD)
  • list / get / create / update / delete for external providers (e.g. 1Password)
  • list_items to enumerate available items from the provider, and test to validate the token and list accessible vaults

Agent flow

1. Credential is stored in Kernel (either via dashboard/CLI or via manage_credentials create).
2. Agent: manage_auth_connections create domain=netflix.com profile_name=mason credential_name=netflix-mason
3. Agent: manage_auth_connections login id=<conn_id> → shares hosted_url with user, or proceeds via re-auth.
4. Agent polls manage_auth_connections get until flow_status=SUCCESS (or flow_step=AWAITING_INPUT for MFA).
5. If MFA needed: manage_credentials totp_code <name> → manage_auth_connections submit fields={mfa_code: "123456"}.
6. Any future manage_browsers create profile_name=mason gets a logged-in session.

Test plan

• Local server starts; tools register without errors
• manage_auth_connections list returns existing connections for the authed user
• manage_auth_connections create + login returns a working hosted URL
• manage_credentials round-trip: create → list → get → update → delete
• manage_credentials totp_code returns a 6-digit code for a TOTP-enabled credential
• manage_credential_providers round-trip: create → test → list_items → update → delete

Tool count

Bumps from 10 → 13.

---

Note

High Risk
Exposes credential CRUD, TOTP codes, provider tokens, and login/MFA submission over MCP—security-sensitive auth surfaces that agents can invoke with a valid API token.

Overview
Adds managed auth to the Kernel MCP server so agents can set up and maintain logged-in browser profiles without manual dashboard work. The public tool count goes from 10 → 13 via three new manage_* tools wired to @onkernel/sdk in route.ts, with matching README entries.

manage_auth_connections covers the full connection lifecycle: create (profile + domain, optional Kernel credential or 1Password-style provider), list/get/delete, login (hosted URL + live view), and submit for MFA fields, MFA option selection, or SSO button XPath—with client-side validation so credential reference modes are mutually exclusive.

manage_credentials adds list/get/create/update/delete plus totp_code for stored secrets; create/update can set values, sso_provider, and totp_secret (get is documented as not returning secret values).

manage_credential_providers supports 1Password-style providers: CRUD, list_items, and test (token/vault validation). Provider create/update accept service-account tokens.

The diff also includes minor computer_action formatting and a few error-message layout tweaks elsewhere—no behavior change called out for those.

^{Reviewed by Cursor Bugbot for commit 7d19430. Bugbot is set up for automated code reviews on this repo. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
mcp	Ready	Preview, Comment	May 28, 2026 2:17pm

[firetiger-agent]

Monitoring Plan: Add managed-auth and credentials MCP tools

What this PR does: Registers three new MCP tool handlers — manage_auth_connections (full CRUD + login/submit on managed auth connections), manage_credentials (read-only: list, get, TOTP code fetch), and manage_credential_providers (read-only: list, get) — by adding ~450 lines to the MCP server route handler. The remaining diff is formatting-only changes to existing tools.

Intended effect: After deploy, AI agents using the MCP server can invoke these three tools. Successful calls will appear as spans on the already-active Kernel API backend endpoints (/auth/connections/*, /credentials/*, /org/credential_providers). Pre-deploy baseline on those endpoints: 210–983 calls/hr on auth connections, 144–173 calls/hr on credentials — both with 0 errors in the last 24h. Confirmation: first tool invocations produce new spans on those routes with no error status.

Risks:

• Tool registration crash — Railway HTTP 5xx rate (all routes); alert if > 15/hr sustained (baseline: 3–8/hr)
• Auth connection API errors — /auth/connections trace spans with status.code = 2; alert if any errors appear post-deploy (baseline: 0/hr)
• Credentials API errors — /credentials + /org/credential_providers trace spans with status.code = 2; alert if any errors appear post-deploy (baseline: 0/hr)
• SDK method missing at runtime — TypeError: Cannot read properties in Railway HTTP error logs; alert on any such log matching manage_auth_connections, manage_credentials, or manage_credential_providers
• TOTP misconfiguration — /credentials/{id_or_name}/totp-code returning 5xx; alert on any 5xx on this endpoint

Status updates will be posted automatically on this PR as monitoring progresses.

View agent

[dcruzeneil2]

LGTM! Clean PR, follows existing codebase patterns well. One nit:

nit: submit in manage_auth_connections lets fields: {} through the validation guard since !params.fields is falsy for empty objects. The API will likely reject it anyway, but manage_credentials create already handles the equivalent case with Object.keys(params.values).length === 0. Worth adding the same check here for consistency.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 79bcb13. Configure here.}