Skip to content

Consolidate 5 plugins into AgentKit and SaaSKit (v2.0.0)#20

Open
saif-at-scalekit wants to merge 65 commits into
mainfrom
restructure/agentkit-saaskit-consolidation
Open

Consolidate 5 plugins into AgentKit and SaaSKit (v2.0.0)#20
saif-at-scalekit wants to merge 65 commits into
mainfrom
restructure/agentkit-saaskit-consolidation

Conversation

@saif-at-scalekit
Copy link
Copy Markdown
Collaborator

@saif-at-scalekit saif-at-scalekit commented May 8, 2026
edited
Loading

Summary

Restructures the marketplace from 5 separate plugins into 2 focused plugins: AgentKit and SaaSKit.

This PR incorporates the work from #19 (docs/agent-auth-hybrid-layout) and builds the full restructure on top.

Backward Compatibility

Old plugin names are preserved as symlinks so existing install commands keep working:

Old name (symlink) Points to Rationale
plugins/agent-auth agentkit Direct rename
plugins/full-stack-auth saaskit Consolidated into SaaSKit
plugins/mcp-auth saaskit MCP server auth is now part of SaaSKit
plugins/modular-sso saaskit SSO is now part of SaaSKit
plugins/modular-scim saaskit SCIM is now part of SaaSKit

Tested: claude plugin install agent-auth@scalekit-auth-stack resolves through the symlink and loads AgentKit skills. Claude Code's marketplace uses git clone, which preserves symlinks on disk.

The install script (scripts/install_claude_marketplace.sh) now:

  • Installs both agentkit and saaskit (previously only installed agent-auth)
  • Cleans up old v1.x plugin names on reinstall

Namespace Change

  • All slash commands now use /agentkit: or /saaskit: namespace

AgentKit (5 skills)

Renamed from agent-auth, adopting Scalekit AgentKit branding with docs/ + rules/ + thin skills/ content model.

Skill Purpose
integrating-agentkit Core AgentKit integration
discovering-connector-tools Live tool metadata discovery
exposing-agentkit-via-mcp Configure AgentKit MCP endpoint
production-readiness-agentkit Production checklist
scalekit-code-doctor Generate and review Scalekit code with verified SDK signatures

SaaSKit (13 skills)

New plugin consolidating FSA, SSO, SCIM, and MCP server auth into one coherent surface.

Skill Consolidates
implementing-saaskit Core auth flow (+ Go, Spring Boot, Laravel reference files)
managing-saaskit-sessions Session management
implementing-access-control RBAC and permissions
implementing-saaskit-python Django + FastAPI + Flask (merged)
implementing-saaskit-nextjs Next.js App Router
implementing-modular-sso SSO + admin portal (merged)
implementing-scim-provisioning SCIM directory sync
adding-mcp-oauth MCP server auth (+ FastMCP, Express, FastAPI refs)
adding-api-auth API keys + client credentials (merged)
migrating-to-saaskit Migration from Auth0/Firebase/Cognito/custom
production-readiness-saaskit Unified production checklist (4 sources merged)
testing-auth-setup Validate auth integration via dryrun CLI
scalekit-code-doctor Generate and review Scalekit code with verified SDK signatures

Content model

Both plugins follow: docs/ (canonical documentation) + rules/ (cross-cutting guidance) + thin skills/ (routing layers pointing to docs)

Cleanup in this PR

  • Removed legacy test-tool.md command alias
  • Removed 42 static agent-connectors/*.md files — pointed to docs.scalekit.com/agentkit/connectors/ instead
  • Renamed providers.mdconnectors.md to match product terminology
  • Renamed building-agentkit-mcp-serverexposing-agentkit-via-mcp (configuring, not building)
  • Renamed discovering-agentkit-toolsdiscovering-connector-tools (tools belong to connectors)
  • Converted dryrun command → testing-auth-setup skill (discoverable via natural language)
  • Fixed saaskit/hooks/hooks.jsontype was on wrong nesting level

Pre-merge Coordination Checklist

These items should be coordinated before or shortly after merging this PR.
Old names still work via symlinks, so there is no hard deadline — but docs should reference the new names going forward.

1. docs.scalekit.com (developer-docs repo)

Claude Code install templates — update to use new plugin names:

  • src/components/templates/coding-agents/_agentkit-claude-code.mdxagent-auth@agentkit@
  • src/components/templates/coding-agents/_fsa-claude-code.mdxfull-stack-auth@saaskit@
  • src/components/templates/coding-agents/_mcp-auth-claude-code.mdxmcp-auth@saaskit@
  • src/components/templates/coding-agents/_sso-claude-code.mdxmodular-sso@saaskit@
  • src/components/templates/coding-agents/_scim-claude-code.mdxmodular-scim@saaskit@

GitHub Copilot CLI and Codex templates — same pattern:

  • _agentkit-github-copilot-cli.mdx / _agentkit-codex.mdx
  • _fsa-github-copilot-cli.mdx / _fsa-codex.mdx
  • _mcp-auth-github-copilot-cli.mdx / _mcp-auth-codex.mdx
  • _sso-github-copilot-cli.mdx / _sso-codex.mdx
  • _scim-github-copilot-cli.mdx / _scim-codex.mdx

Docs pages with inline install commands:

  • src/content/docs/dev-kit/build-with-ai/index.mdx — master plugin install table
  • src/content/docs/cookbooks/set-up-agentkit-with-your-coding-agent.mdx
  • src/content/docs/agentkit/quickstart.mdx
  • src/content/docs/authenticate/fsa/quickstart.mdx
  • src/content/docs/authenticate/mcp/quickstart.mdx
  • src/content/docs/authenticate/sso/add-modular-sso.mdx
  • src/content/docs/directory/scim/quickstart.mdx
  • src/content/docs/home/saaskit/index.mdx
  • src/content/docs/sso/quickstart.mdx
  • src/content/docs/passwordless/quickstart.mdx
  • src/content/docs/passwordless/oidc.mdx
  • src/content/docs/agent-auth/start-agent-auth-coding-agents/ (referenced in web search)

Config files:

  • src/configs/agent-instructions.ts
  • src/configs/llms.config.ts

2. scalekit.com marketing pages

  • Homepage (scalekit.com) — has inline Claude plugin install commands with old names
  • /agent-auth product page — has agent-auth@scalekit-auth-stack install command
  • /product-updates/add-scalekit-from-your-coding-agent — has old install commands

3. scalekit.com blog posts

  • /blog/outbound-prospecting-agent-development — has agent-auth@scalekit-auth-stack
  • Audit other blog posts for old plugin install commands

4. Scalekit dashboard app (app.scalekit.com)

  • app/scalekit-web-ui/src/pages/Quickstart/snippets.ts — has old plugin install commands
  • Check onboarding/quickstart flows in the dashboard for old plugin names

5. build-with-ai/skills repo (scalekit-inc/skills)

17 files reference old plugin names:

  • skills/setup-scalekit/SKILL.md
  • skills/integrating-agent-auth/SKILL.md
  • skills/building-agent-mcp-server/SKILL.md
  • skills/production-readiness-agent-auth/SKILL.md
  • skills/production-readiness-full-stack-auth/SKILL.md
  • skills/production-readiness-mcp-auth/SKILL.md
  • skills/modular-sso/SKILL.md
  • skills/mcp-auth-expressjs-scalekit/SKILL.md
  • skills/mcp-auth-fastmcp-scalekit/SKILL.md
  • skills/mcp-auth-fastapi-fastmcp-scalekit/SKILL.md
  • skills/mcp-oauth-fastmcp/SKILL.md
  • skills/adding-mcp-oauth/SKILL.md
  • skills/express-mcp-server/SKILL.md
  • skills/fastapi-fastmcp/SKILL.md
  • skills/README.md

6. Third-party listings

These are external and may update automatically, but worth tracking:

  • LobeHub skills marketplace (lobehub.com/skills/scalekit-inc-skills-setup-scalekit)
  • claudemarketplaces.com plugin listing
  • dev.to posts by scalekit-inc

7. Install script — Windows compatibility

  • install.sh uses bash (set -euo pipefail, curl, tar, mktemp) — does not work on Windows
  • Add a PowerShell equivalent (install.ps1) or cross-platform alternative
  • Or document that Windows users should use the manual /plugin marketplace add method

8. Post-merge verification

  • Verify symlinks resolve correctly via claude --plugin-dir (tested locally)
  • Verify symlinks resolve correctly via marketplace git clone (tested end-to-end)
  • Test fresh install: /plugin marketplace add scalekit-inc/claude-code-authstack/plugin install agentkit@scalekit-auth-stack
  • Test fresh install: /plugin install saaskit@scalekit-auth-stack
  • Test backward compat: /plugin install agent-auth@scalekit-auth-stack (should resolve via symlink)
  • Verify --plugin-dir local testing works for both plugins

saif-shines and others added 6 commits May 5, 2026 21:20
@saif-shines @cursoragent
docs: reorganize agent-auth around canonical docs
1905510 
Shift the agent-auth plugin toward a Tessl-like docs/skills/rules layout so durable AgentKit guidance is separated from Claude-specific runtime files. This makes live metadata the documented source of truth for tools while keeping existing connector notes available as secondary references.

Co-authored-by: Cursor <cursoragent@cursor.com>
@saif-shines @cursoragent
chore: bump agent-auth plugin to v2
93e21f5 
Raise the agent-auth plugin manifest to 2.0.0 so the hybrid AgentKit reorganization can ship as a major update and users can pick up the new version cleanly.

Co-authored-by: Cursor <cursoragent@cursor.com>
@saif-shines @cursoragent
docs: add Claude installer and AgentKit doc links
6c8d28a 
Add a one-line Claude Code installer that adds the marketplace, installs the agent-auth plugin, and points users to enable auto-update. Also thread official docs.scalekit.com AgentKit links through the new canonical docs so the plugin can point back to the published product documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
@saif-shines @cursoragent
docs: add llms and sitemap doc entrypoints
21ef209 
Add the stable llms.txt and sitemap-0.xml links to the main Claude Code auth stack docs and the canonical agent-auth docs entrypoints so users and agents have clear fallback indexes into published Scalekit documentation.

Co-authored-by: Cursor <cursoragent@cursor.com>
@saif-shines @cursoragent
docs: make testing skill the canonical playground
23e43b1 
Move the live AgentKit discovery and execution workflow into the testing skill so the plugin follows the modern skills-first structure. Keep `/test-tool` only as a legacy compatibility alias to preserve older usage without making `commands/` the source of truth.

Co-authored-by: Cursor <cursoragent@cursor.com>
@saif-shines
Consolidate 5 plugins into AgentKit and SaaSKit
1e9bc2d 
Restructure the marketplace from 5 separate plugins (agent-auth,
full-stack-auth, mcp-auth, modular-sso, modular-scim) into 2 focused
plugins: AgentKit (AI agent authentication) and SaaSKit (B2B SaaS auth).

AgentKit (5 skills):
- Renamed from agent-auth, adopting Scalekit AgentKit branding
- Added docs/ + rules/ content model from PR #19
- Skills: integrating, discovering tools, testing tools, MCP server, production readiness

SaaSKit (11 skills):
- New plugin consolidating FSA, SSO, SCIM, and MCP server auth
- 13 docs files including framework guides (Python, Next.js, Go, Spring Boot, Laravel)
- Thin skills routing into docs/ layer
- Skills: core auth, sessions, access control, SSO, SCIM, MCP OAuth, API auth,
  Python frameworks, Next.js, migration, production readiness
- Consolidated agents, commands, hooks, and references from all 4 source plugins

Both plugins at version 2.0.0 with the docs/ + rules/ + thin skills/ content model.
@saif-at-scalekit saif-at-scalekit mentioned this pull request May 8, 2026
Closed
2 tasks
saif-shines added 23 commits May 10, 2026 20:52
@saif-shines
remove legacy test-tool.md command alias
d504572
@saif-shines
remove static agent-connectors, point to docs.scalekit.com/agentkit/c…
a19062f 
…onnectors
@saif-shines
rename providers.md to connectors.md to match product terminology
18027a6
@saif-shines
rename building-agentkit-mcp-server to exposing-agentkit-via-mcp
f8d7e7c
@saif-shines
convert dryrun command to testing-auth-setup skill
8ac436b
@saif-shines
rename discovering-agentkit-tools to discovering-connector-tools
a46d364
@saif-shines
fix saaskit hooks.json: move type to inner hook object
ab4a570
@saif-shines
add backward-compat symlinks for old plugin names
4fa8430
@saif-shines
install both plugins, clean up old v1.x names on reinstall
137b8f7
@saif-shines
remove testing-agentkit-tools skill — redundant with MCP server
9ff35d4 
The Scalekit MCP server at mcp.scalekit.com provides tool discovery,
auth link generation, and tool execution natively. The testing skill
forced users to set up env vars, remember slash command syntax, and
wait for a Python script — all to get the same result.

Updated discovering-connector-tools, integrating-agentkit, and docs
to point to the MCP server as the live playground.
@saif-shines
trim agents: remove sdk-version-advisor, session-management-reviewer,…
2e21c5a 
… mcp-helper

Removed 3 agents that don't justify being separate agents:
- sdk-version-advisor: just a lookup, skills already cover SDK install
- session-management-reviewer: preserved as references/session-management-patterns.md
- scalekit-mcp-helper: 22 lines, MCP server + skills cover this

Also removed duplicate setup-scalekit from agentkit (kept in saaskit).
Remaining agents: setup-scalekit, scalekit-mcp-auth-troubleshooter.
@saif-shines
add .mcp.json to saaskit plugin for Scalekit MCP server
0bacb87
@saif-shines
rename scripts/install_claude_marketplace.sh to scripts/install.sh
9b026ca
@saif-shines
Improve post-install message with plugin activation and auto-update g…
fcc24b2 
…uidance
@saif-shines
Simplify post-install message to focus on what to look for, not UI steps
52f1b56
@saif-shines
Make bootstrap installer resilient to missing execute bit in tarball
7e1e9b0
@saif-shines
Add 43 agent-connectors reference docs to agentkit
f3bbff4 
Per-connector docs (scopes, quirks, tool categories) were present in
cursor and codex but missing from claude-code. Copied full set to
maintain parity across all auth stacks.
@saif-shines
Remove agent-connectors directory, point to live docs instead
e59be45 
Per-connector docs are unmaintainable — live AgentKit metadata and
docs.scalekit.com/agentkit/connectors/ are the source of truth.
@saif-shines
fix: remove and re-add marketplace to ensure latest version on reinstall
1a6532a
@saif-shines
fix: use local path for marketplace when running from git checkout
a427f95
@saif-shines
fix: revert local checkout detection, keep CLI commands for install
f63b950
@saif-shines
fix: restore install.sh to original state
64aa2b1
@saif-shines
fix: handle already-registered marketplace gracefully, suggest auto-u…
ac938ae 
…pdate
@saif-at-scalekit saif-at-scalekit requested a review from ravibits May 20, 2026 07:57
saif-shines and others added 13 commits May 20, 2026 13:28
@saif-shines
feat: add Scalekit CLI install step to setup-scalekit agent and testi…
f3ff04a 
…ng-auth-setup skill
@saif-shines
fix: update broken skill paths in bring-your-own-auth reference
7abf99b 
Old skill names (add-auth-fastmcp, express-mcp-server, fastapi-fastmcp) were
renamed to adding-mcp-oauth during consolidation. Update links to point to the
correct SKILL.md and framework-specific reference files.
@saif-shines
fix: update stale MCP docs URL in bring-your-own-auth
ff9e9ca 
/mcp/authentication -> /authenticate/mcp/quickstart/
@saif-shines
Sync improved skills from skills repo (all 90%+)
5a6c665 
All 18 skills updated with quality improvements:
- Removed verbose meta-commentary, added verification commands
- Added concrete code examples from scalekit-code-doctor references
- Consolidated duplicated content into reference files
- Improved descriptions with specific trigger terms

New reference files added for scalekit-code-doctor (EXAMPLE-REPOS.md).
@saif-shines @claude
fix: wrong pip package, SDK class name, stale URL, and missing README…
6656fec 
… skills

- install.sh: make plugin install idempotent (|| true); fix post-install message
- agentkit plugin.json: update stale homepage URL to /agentkit/overview/
- scim-provisioning: pip install scalekit-sdk → scalekit-sdk-python
- adding-mcp-oauth: Scalekit → ScalekitClient (import + constructor)
- connectors/README.md: remove false claim about deleted connector notes
- CHANGELOG.md: fix wrong skill names, wrong count, Removed → Aliased
- agentkit README: add missing scalekit-code-doctor skill
- saaskit README: add missing testing-auth-setup and scalekit-code-doctor skills

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@saif-shines @claude
fix: remaining CTO review issues — token expiry, missing refs, README…
75813cc 
…, dedup

- implementing-modular-sso: fix access token expiry 24h → 5min (configurable)
- implementing-saaskit-python: add django-reference.md and flask-reference.md
- agentkit: remove duplicate scalekit-code-doctor; point README to /saaskit:scalekit-code-doctor
- agentkit/saaskit README: fix invalid shell install command (claude /plugin → /plugin inside REPL)
- agentkit README: document MCP OAuth 2.1 auth behavior and troubleshooting steps
- root README: add Windows install caveat (install.sh requires macOS/Linux/WSL)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@saif-shines @claude
feat: add setup/onboarding skill to agentkit and saaskit
4b1e839 
Addresses CTO review issue #6 — new users facing 13 overlapping choices
with no entry point.

Both /agentkit:setup and /saaskit:setup ask 2-3 questions about framework
and use case, then route to the right skill. Covers orientation (concepts
table), environment setup steps, and cross-skill navigation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@saif-shines @claude
fix: wrong Python SDK methods, stale .io domain across skills and docs
69c4066 
- implementing-saaskit-nextjs: scalekit.io → scalekit.com in env URL
- docs/frameworks/laravel.md: scalekit.io → scalekit.com
- docs/frameworks/nextjs.md: scalekit.io → scalekit.com
- implementing-saaskit/laravel-reference.md: scalekit.io → scalekit.com
- implementing-modular-sso: validate_token → validate_access_token_and_get_claims (Python)
- implementing-access-control SKILL.md: decode_access_token → validate_access_token_and_get_claims
- docs/access-control.md: decode_access_token → validate_access_token_and_get_claims
- adding-mcp-oauth SKILL.md: validate_token → validate_access_token_and_get_claims (Python middleware)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@saif-shines
fix: SDK methods, webhook verification, browser bug, env var canonica…
819143b 
…lization

- Node: Scalekit → ScalekitClient in express-reference and bring-your-own-auth
- SCIM: getPrimaryDirectoryByOrganizationId → listDirectories pattern
- SCIM webhook: fix try/catch on bool return, use raw body for signature verification
- MCP server: use sub-client methods (organization.createOrganization etc.)
- auth-flows: getLogoutUrl positional args → options object
- sso.md: replace process.env in browser with literal constant
- Python: dict options → typed AuthorizationUrlOptions/LogoutUrlOptions classes
- Env var: SCALEKIT_ENV_URL → SCALEKIT_ENVIRONMENT_URL
- Domain: .scalekit.io → .scalekit.com in .env.example
@saif-shines
fix: .md URL suffixes, env var canonicalization, module shadowing, tr…
d28765d 
…uncated agent file

- Strip .md suffix from 22 docs.scalekit.com URLs
- SCALEKIT_ENV_URL → SCALEKIT_ENVIRONMENT_URL (41 remaining instances)
- Fix Python module shadowing: scalekit = scalekit.client.ScalekitClient → sk_client = ScalekitClient
- Complete truncated scalekit-mcp-auth-troubleshooter section 8 + add section 9
- Remove 5 [web:NN] citation markers from troubleshooter agent
@saif-shines
fix: scalekit.auth sub-client, getLogoutUrl signature, sameSite, inte…
8b659a3 
…rnal imports, Go SDK path
@saif-shines
fix: SK_ENV_URL→SCALEKIT_ENVIRONMENT_URL in MCP OAuth refs, Python di…
605fe35 
…ct→AuthorizationUrlOptions in flask/django refs
@saif-shines
fix: decodeToken→validateAccessTokenAndGetClaims in access-control
158a073
@ravibits
Copy link
Copy Markdown

ravibits commented May 22, 2026

Code review

Found 3 issues:

  1. install.sh swallows plugin install failures — both claude plugin install lines use || true, so network errors, version mismatches, and marketplace failures are silently discarded. The success banner on line 31 always prints regardless, telling developers their plugins are installed when they may not be.

claude-code-authstack/scripts/install.sh

Lines 27 to 33 in 158a073

claude plugin install agentkit@scalekit-auth-stack || true
claude plugin install saaskit@scalekit-auth-stack || true
cat <<EOF
Installed Scalekit Auth Stack for Claude Code.

  1. agentkit/.env.example uses wrong environment variable name — SCALEKIT_ENV_URL (line 1) does not match SCALEKIT_ENVIRONMENT_URL used in every skill, setup guide, and SDK call. A developer who copies from .env.example will set the wrong variable and get silent auth failures.

claude-code-authstack/plugins/agentkit/.env.example

Lines 1 to 3 in 158a073

SCALEKIT_ENV_URL=https://your-env.scalekit.dev
SCALEKIT_CLIENT_ID=skc_your_client_id
SCALEKIT_CLIENT_SECRET=your_client_secret

  1. integrating-agentkit/SKILL.md references a non-existent skill — line 288 routes users to sk-actions-custom-provider to create custom connectors, but this skill does not exist in the plugin. Following this instruction gives a "skill not found" error.

claude-code-authstack/plugins/agentkit/skills/integrating-agentkit/SKILL.md

Lines 286 to 288 in 158a073

- Use the Scalekit MCP server (`https://mcp.scalekit.com`) to validate a tool call interactively.
- Use `exposing-agentkit-via-mcp` when the user wants AgentKit tools exposed over MCP.
- Use `sk-actions-custom-provider` to create custom connectors.

🤖 Generated with Claude Code

- If this code review was useful, please react with 👍. Otherwise, react with 👎.

saif-shines and others added 15 commits May 22, 2026 16:57
@saif-shines
fix: correct Python SDK call patterns for get_authorization_url and g…
37edb2b 
…et_logout_url

- get_authorization_url: pass AuthorizationUrlOptions object, not dict
- get_logout_url: pass LogoutUrlOptions object, not bare kwargs
Both methods use attribute access internally — dicts/kwargs crash at runtime.
@saif-shines
fix: AuthorizationUrlOptions takes no constructor args in django/flas…
2e36fa3 
…k refs
@saif-shines
fix: AuthorizationUrlOptions in IdP-initiated login (django, flask re…
9f5cf64 
…ferences)
@claude @saif-shines
fix(p0): add LICENSE, fix env var name, remove sk-actions-custom-prov…
4261e64 
…ider ref
@claude @saif-shines
fix(p2): fix access-control e.g./Unauthorized, LogoutUrlOptions keywo…
946ccc4 
…rd arg, code-doctor /v2 + claims row
@claude @saif-shines
fix(p1): fix setup-scalekit frontmatter name
7cca20b
@claude @saif-shines
fix(p3/p4): FSA→SaaSKit label, scrub real org ID placeholder, documen…
0657670 
…t PostHog token exception
@ravibits @claude
fix(testing-auth-setup): remove wrong @scalekit-inc/cli prereq
867f74e 
The dryrun commands use npx @scalekit-sdk/dryrun — a separate package.
Installing @scalekit-inc/cli provides no dryrun capability and was
misleading. The npx invocation already handles on-demand download.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
fix: add setup-scalekit agent to agentkit for single-plugin installs
c347efb 
agentkit-only installs had no setup agent — it lived solely in saaskit.
Add plugins/agentkit/agents/setup-scalekit.md with agentkit-scoped
routing (integrating-agentkit, discovering-connector-tools,
exposing-agentkit-via-mcp, production-readiness-agentkit).

Trim the cross-plugin "Agent auth" row from the saaskit version and
replace with an install nudge, keeping each plugin self-contained.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
feat(evals): add basic eval framework for plugin skill quality
927b7c0 
Simulates Claude Code skill injection: SKILL.md as cached system context,
test prompt as user turn, then checks response against string pattern
matchers and a judge-model rubric.

6 scenarios across agentkit and saaskit:
- agentkit: integrate-agentkit, discover-tools, code-doctor-bad-import
- saaskit: implement-saaskit-nodejs, implement-sso, testing-auth-setup

testing-auth-setup scenario is a regression test for the @scalekit-inc/cli
prereq bug fixed in this PR — forbidden_patterns: ["@scalekit-inc/cli"].

Usage: cd evals && pip install -r requirements.txt && python run.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
fix(skills): address gaps surfaced by evals
0527d0a 
discovering-connector-tools: add ACTIVE account check rule before tool
execution — tool calls silently fail against unauthorized accounts.

integrating-agentkit: surface connection_name as an explicit key
concept near the top; previously only appeared in code examples.

implementing-saaskit: add SCALEKIT_REDIRECT_URI to the env vars block
with a note that it must match the dashboard Allowed Redirect URIs.

implementing-modular-sso: add organization_id key concept to the Quick
Start section so it appears early in any response, not just in Step 3.

All 6 evals now pass.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
feat(evals): expand eval coverage to 24 scenarios across all skills
5b539c6 
Add 18 new eval scenarios:
- agentkit: expose-via-mcp, production-readiness, setup-routing
- saaskit: managing-sessions, access-control, python-fastapi, nextjs,
  scim-provisioning, mcp-oauth, api-auth, migration, production-readiness
- security: no-hardcoded-credentials, no-tokens-in-logs, no-localstorage-tokens
- routing: agentkit-code-error, saaskit-sso-from-base, saaskit-scim-from-base

Fix skill gaps surfaced by the new evals:
- setup/SKILL.md (agentkit, saaskit): add routing directives — skills now
  tell users which skill to invoke and stop; include orientation notes for
  SSO/SCIM/MCP; fix .scalekit.dev placeholder URL
- production-readiness-saaskit/SKILL.md: expand smoke test to include
  protected route access and token refresh steps
- implement-sso.yaml scenario: fix organization_id → organizationId (JS SDK)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
fix(evals): tighten scenario rubrics after iterative eval runs
3507c53 
Remove false positives from scenario checks:
- no-hardcoded-credentials: 'hardcode' → 'hardcode the' (avoids firing on 'don't hardcode')
- agentkit/production-readiness: remove '.scalekit.dev' forbidden (appears as counter-example)
- saaskit/mcp-oauth: 'StreamableHTTP' → 'Streamable' (matches both "Streamable HTTP" and SDK class)
- saaskit/migration: remove flaky SCALEKIT_ENVIRONMENT_URL code_pattern

Update routing rubrics to match actual routing-skill behavior:
- routing/agentkit-code-error, saaskit-scim, saaskit-sso: accept correct routing + brief context,
  don't require implementation-level detail from a routing skill
- Fix YAML colon-in-string issue (items now quoted)
- saaskit/production-readiness, scim-provisioning: loosen over-prescriptive rubric wording

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
fix(evals): fix context-dependent and flaky scenario failures
f7b31a4 
- implement-nextjs, managing-sessions: add explicit context to prompts
  so Claude doesn't ask clarifying questions when not in a real app dir
- agentkit/setup-routing: soften rubric phrasing for routing confirmation
- agentkit/expose-via-mcp: move connection_name/SCALEKIT_ENVIRONMENT_URL
  from code_patterns to rubric (appear only in full code responses);
  fix streamable_http → streamable to match both transport string forms

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@ravibits @claude
fix: tighten eval rubrics to reduce false negatives from judge variab…
5ab0193 
…ility

- agentkit/production-readiness: remove SCALEKIT_ENVIRONMENT_URL code_pattern
  (production-readiness skill outputs checklists, not always raw code)
- routing/agentkit-code-error: replace negative rubric item with positive
  assertion the judge can confirm unambiguously
- routing/saaskit-scim-from-base: relax Scalekit-specific phrasing in rubric
  items; response may say "SCIM bridges" instead of "Scalekit bridges"

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ravibits ravibits Awaiting requested review from ravibits

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@saif-at-scalekit @ravibits @saif-shines @claude