Skip to main content

Goal

DealDash exposes an authenticated AI Agent Connection section in /settings and an AI Agent Setup entry in /tools so operators can connect Claude Code, OpenAI/Codex, ChatGPT MCP clients, OpenClaw, or another tool-capable host without exposing backend secrets in the browser. This Settings surface is informational and diagnostic in v1. It does not mint service secrets, bypass approvals, or expose manager confirmation secrets. Non-technical users should start with Connect An AI Agent. This page remains the agent/developer reference for exact response fields and safety rules.

Settings Endpoint

MethodEndpointAuthPurpose
GET/api/settings/agent-connectionrequireAuthReturns safe connection status, the single bridge runtime model, MCP instructions, direct HTTPS fallback URLs, permission tiers, tool families, future AI feature slots, and recent user-scoped agent logs.
The endpoint returns env names and boolean configuration flags only. It never returns secret values.

Response Sections

  • schemaVersion: current DealDash Agent Bridge schema version.
  • actingUserId: current authenticated DealDash user ID, retained for internal diagnostics only.
  • status: login-link availability, approval confirmation configured, state, recent count, and last activity.
  • mcp: server name, single bridge runtime model, bridge path, config path, command, backend base URL, direct HTTPS fallback URLs, simple docs URL, agent-optimized docs URL, and private DealDash Agent Kit GitHub repo for install/examples.
  • auth: login-link endpoints, safe optional env names, required headers, and optional headers.
  • permissions: Tier 0, Tier 1, and Tier 2 summaries.
  • toolGroups: canonical provider-neutral tool families from the shared schema.
  • workflows: common link, screenshot, template, contact, and suggestion workflows.
  • futureFeatures: planned analysis, summaries, approval inbox, and adapter diagnostics.
  • recentLogs: sanitized agent_tool_call activity scoped to the current user.

UI Map

The Tools hub includes:
  • /tools card: AI Agent Setup, simple setup badge, and docs link.
  • /tools/ai-agent-setup: human-first setup steps, copyable AI instruction, good first requests, confusion fixes, optional terminal examples, common blockers, and an advanced connection panel hidden behind Show details.
The connection card contains:
  • Header and refresh action.
  • Connection status, permission gate, and recent activity cards.
  • DealDash Agent Bridge instructions with repo-local .mcp.json, server command, and direct HTTPS fallback URLs.
  • Login-link auth endpoints, the direct HTTPS login start URL, token env name, and operator-only env/header diagnostics.
  • Tier 0/Tier 1/Tier 2 permission explanation.
  • Tool family summary.
  • Recent user-scoped agent logs.
  • Future AI feature slots for analysis and summaries.
  • Links to the simple human guide, private DealDash Agent Kit for install/examples, agent-optimized bridge reference, and API docs.

Security Rules

  • Do not show or set DEALDASH_AGENT_SERVICE_SECRET from the browser.
  • Do not show or set DEALDASH_AGENT_APPROVAL_CONFIRM_SECRET from the browser.
  • Normal users approve /agent/authorize/:requestId; they do not paste API keys, service secrets, or internal IDs.
  • Agents without MCP connected may still start normal setup with POST https://dealdash.neonoir.ai/api/agent/auth/start, send only the returned approval link to the user, then call /api/agent/* directly with the stored login token.
  • Public docs and the private agent kit must use placeholders only and must not include real tokens, database URLs, user data, or private local paths.
  • Scope logs by req.user.userId.
  • Sanitize logs to safe metadata only.
  • Clamp log limits to 1-50 rows.
  • Keep Tier 2 writes approval-gated for every host client; LinkShot bulk view-check imports are Tier 1 and should not request approval.
  • Treat OpenClaw as an optional WhatsApp/Telegram adapter on top of the provider-neutral DealDash Agent Bridge.