Skip to main content

Goal

DealDash exposes an authenticated AI Agent Connection section in /settings and an AI Agent Setup entry in /tools so operators can connect Claude Code, OpenAI/Codex, ChatGPT MCP clients, OpenClaw, or another MCP-capable host without exposing backend secrets in the browser. This Settings surface is informational and diagnostic in v1. It does not mint service secrets, bypass approvals, or expose manager confirmation secrets. Non-technical users should start with Connect An AI Agent. This page remains the agent/developer reference for exact response fields and safety rules.

Settings Endpoint

MethodEndpointAuthPurpose
GET/api/settings/agent-connectionrequireAuthReturns safe connection status, MCP instructions, permission tiers, tool families, future AI feature slots, and recent user-scoped agent logs.
The endpoint returns env names and boolean configuration flags only. It never returns secret values.

Response Sections

  • schemaVersion: current DealDash Agent Bridge schema version.
  • actingUserId: current authenticated DealDash user ID, retained for internal diagnostics only.
  • status: login-link availability, approval confirmation configured, state, recent count, and last activity.
  • mcp: server name, bridge path, config path, command, backend base URL, simple docs URL, agent-optimized docs URL, and public DealDash Agent Kit GitHub repo.
  • auth: login-link endpoints, safe optional env names, required headers, and optional headers.
  • permissions: Tier 0, Tier 1, and Tier 2 summaries.
  • toolGroups: canonical provider-neutral tool families from the shared schema.
  • workflows: common link, screenshot, contact, and suggestion workflows.
  • futureFeatures: planned analysis, summaries, approval inbox, and adapter diagnostics.
  • recentLogs: sanitized agent_tool_call activity scoped to the current user.

UI Map

The Tools hub includes:
  • /tools card: AI Agent Setup, simple setup badge, and docs link.
  • /tools/ai-agent-setup: copyable ready prompt, simple steps, common blockers, safe terminal command, and an advanced connection panel hidden behind Show details.
The connection card contains:
  • Header and refresh action.
  • Connection status, permission gate, and recent activity cards.
  • MCP connection instructions with repo-local .mcp.json and server command.
  • Login-link auth endpoints, the direct HTTPS login start URL, token env name, and operator-only env/header diagnostics.
  • Tier 0/Tier 1/Tier 2 permission explanation.
  • Tool family summary.
  • Recent user-scoped agent logs.
  • Future AI feature slots for analysis and summaries.
  • Links to the simple human guide, public DealDash Agent Kit, agent-optimized bridge reference, and API docs.

Security Rules

  • Do not show or set DEALDASH_AGENT_SERVICE_SECRET from the browser.
  • Do not show or set DEALDASH_AGENT_APPROVAL_CONFIRM_SECRET from the browser.
  • Normal users approve /agent/authorize/:requestId; they do not paste API keys, service secrets, or internal IDs.
  • Agents without MCP connected may still start normal setup with POST https://dealdash.neonoir.ai/api/agent/auth/start and send only the returned approval link to the user.
  • Public docs and the public agent kit must use placeholders only and must not include real tokens, database URLs, user data, or private local paths.
  • Scope logs by req.user.userId.
  • Sanitize logs to safe metadata only.
  • Clamp log limits to 1-50 rows.
  • Keep Tier 2 writes approval-gated for every host client.
  • Treat OpenClaw as an optional WhatsApp/Telegram adapter on top of the provider-neutral MCP bridge.