🐋

2025-06-27 11:32:56 -05:00 · 2025-06-27 11:32:56 -05:00 · 98a9195c9d
commit 98a9195c9d
--- a/docs/contact.mdx
+++ b/docs/contact.mdx
@ -21,5 +21,3 @@ Agentic's currently a solo team built and run by [Travis Fischer](https://x.com/
    icon='calendar-days'
  />
 </Columns>
-
-**TODO**
--- a/docs/docs.json
+++ b/docs/docs.json
@ -55,7 +55,8 @@
            "pages": [
              "publishing/index",
              "publishing/quickstart",
-              "publishing/origin-metadata"
+              "publishing/origin-metadata",
+              "publishing/origin-security"
            ]
          },
          {
--- a/docs/publishing/config/auth.mdx
+++ b/docs/publishing/config/auth.mdx
@ -1,6 +1,6 @@
 ---
 title: Auth Config
-description: Configure auth for your Agentic product.
+description: Configure auth for your product.
 ---

 Ship to production fast with Agentic's free, hosted authentication. Email & password, OAuth, GitHub, Google, Twitter, etc – if your origin API requires OAuth credentials, Agentic likely already supports it, and if not, [please let us know](/contact).
@ -16,62 +16,7 @@ Your product's users will sign into Agentic, subscribe to your product using Str

 Agentic's MCP gateway will then track all usage of your product based on API keys.

-<Tabs>
-  <Tab title='MCP Origin Server'>
-Agentic's MCP Gateway will always include the following metadata in all tool calls within the `_meta.agentic` field.
-
-```ts
-export type AgenticMcpRequestMetadata = {
-  agenticProxySecret: string
-  sessionId: string
-  isCustomerSubscriptionActive: boolean
-
-  customerId?: string
-  customerSubscriptionStatus?: string
-  customerSubscriptionPlan?: string
-
-  userId?: string
-  userEmail?: string
-  userUsername?: string
-  userName?: string
-  userCreatedAt?: string
-  userUpdatedAt?: string
-
-  deploymentId: string
-  deploymentIdentifier: string
-  projectId: string
-  projectIdentifier: string
-
-  ip?: string
-} & (
-  | {
-      // If the customer has an active subscription, these fields are guaranteed
-      // to be present in the metadata.
-      isCustomerSubscriptionActive: true
-
-      customerId: string
-      customerSubscriptionStatus: string
-
-      userId: string
-      userEmail: string
-      userUsername: string
-      userCreatedAt: string
-      userUpdatedAt: string
-    }
-  | {
-      // If the customer does not have an active subscription, then the customer
-      // fields may or may not be present.
-      isCustomerSubscriptionActive: false
-    }
-)
-```
-
-If a customer doesn't provide an API key, they'll default to your `free` pricing plan with `isCustomerSubscriptionActive` set to `false`.
-
-</Tab>
-
-<Tab title='OpenAPI Origin Server'>TODO</Tab>
-</Tabs>
+See [Origin Metadata](/publishing/origin-metadata) for details on how Agentic's MCP gateway passes customer auth and subscription information to your origin server.

 ## Alpha Features

--- a/docs/publishing/config/caching.mdx
+++ b/docs/publishing/config/caching.mdx
@ -1,6 +1,6 @@
 ---
 title: Caching Config
-description: Configure caching for your Agentic product's tools.
+description: Configure caching for your product's tools.
 ---

 Opt-in to caching with familiar _cache-control_ and _stale-while-revalidate_ options. MCP tool calls include caching information in their _\_meta_ fields, providing parity with standard HTTP headers.
--- a/docs/publishing/config/index.mdx
+++ b/docs/publishing/config/index.mdx
@ -1,5 +1,5 @@
 ---
-title: Overview
+title: Config Overview
 description: Configuring your Agentic project.
 ---

@ -63,7 +63,7 @@ Examples: `1.0.0`, `0.0.1`, `5.0.1`, etc.

 <ResponseField name='origin' type='object' required>
  Origin API adapter used to configure the origin API server downstream from
-  Agentic's API gateway.
+  Agentic's MCP gateway.

 <Expandable title="properties" defaultOpen>
 <Tabs>
@ -76,7 +76,7 @@ Examples: `1.0.0`, `0.0.1`, `5.0.1`, etc.

 Required base URL of the externally hosted origin MCP server.

-This URL must be accessible from Agentic's API gateway and support the Streamable HTTP transport.
+This URL must be accessible from Agentic's MCP gateway and support the Streamable HTTP transport.

 Must be a valid `https` URL.

@ -116,7 +116,7 @@ Note that older OpenAPI versions are not supported.

 Defaults to a single free plan which is useful for developing and testing your project.

-See [PricingPlan](/publishing/config/pricing#pricing-plan-config) for details.
+See [PricingPlan](/publishing/config/pricing#pricing-plan) for details.

 </ResponseField>

--- a/docs/publishing/config/pricing.mdx
+++ b/docs/publishing/config/pricing.mdx
@ -1,9 +1,9 @@
 ---
 title: Pricing Config
-description: Configure pricing for your Agentic product.
+description: Configure pricing for your product.
 ---

-Charge for your Agentic product with a flexible, declarative pricing model built on top of [Stripe](https://stripe.com).
+Charge for your Agentic product with a flexible, declarative pricing model built on top of [Stripe](https://stripe.com)'s subscription billing.

 Agentic supports almost any combination of **fixed** and **usage-based billing** billing models, both at the MCP level, at the tool-call level, and at the custom metric level (e.g., tokens, image transformations, etc).

@ -13,7 +13,7 @@ Agentic supports almost any combination of **fixed** and **usage-based billing**
  happy to help you set everything up.
 </Note>

-## Pricing Plan Config
+## Pricing Plan

 <ResponseField name="name" type="string" required>
 Display name for the pricing plan.
@ -82,11 +82,11 @@ List of LineItems which are included in the PricingPlan.

 Note: Agentic currently supports a max of 20 LineItems per pricing plan.

-See [PricingPlanLineItem](#pricing-plan-line-item-config) for details.
+See [PricingPlanLineItem](#pricing-plan-line-item) for details.

 </ResponseField>

-## Pricing Plan Line Item Config
+## Pricing Plan Line Item

 Each Pricing Plan Line Item corresponds to one [Stripe Product](https://docs.stripe.com/api/products/object?api-version=2025-05-28.preview), one [Stripe Price](https://docs.stripe.com/api/prices/object?api-version=2025-05-28.preview), and possibly one [Stripe Meter](https://docs.stripe.com/api/billing/meter/object?api-version=2025-05-28.preview) if the line-item is `metered`.

--- a/docs/publishing/config/rate-limits.mdx
+++ b/docs/publishing/config/rate-limits.mdx
@ -1,20 +1,20 @@
 ---
 title: Rate Limit Config
-description: Configure rate-limits for your Agentic product.
+description: Configure rate-limits for your product.
 ---

 Agentic's durable rate-limiting is built on top of Cloudflare's global infrastructure. Customize the default rate-limits, change them based on a customer's pricing plan, or create custom tool-specific overrides.

-## Rate Limit Config
+## Rate Limit

 <ResponseField name='enabled' type='boolean' required>
-  Whether to enable rate limiting for this pricing plan.
+  Whether or not this rate limit is enabled.
 </ResponseField>

 <ResponseField name="interval" type="string" required>
  The interval at which the rate limit is applied.

-Either a positive integer expressed in seconds or a valid positive [ms](https://github.com/vercel/ms) string (eg, "10s", "1m", "8h", "2d", "1w", "1y", etc).
+Either a positive integer expressed in seconds or a valid positive [ms](https://github.com/vercel/ms) string (eg, `10s`, `1m`, `8h`, `2d`, `1w`, `1y`, etc).

 </ResponseField>

@ -23,15 +23,13 @@ Either a positive integer expressed in seconds or a valid positive [ms](https://
 </ResponseField>

 <ResponseField name="mode" type="string" default="approximate">
-  How to enforce the rate limit: "strict" (more precise but slower) or "approximate" (the default; faster and asynchronous but less precise).
+  How to enforce the rate limit: `strict` (more precise but slower) or `approximate` (the default; faster and asynchronous but less precise).

 The default rate-limiting mode is `approximate`, which means that requests
 are allowed to proceed immediately, with the limit being enforced
-asynchronously in the background. This is much faster than synchronous
-mode, but it is less consistent if precise adherence to rate-limits is
-required.
+asynchronously in the background. This is faster than `strict` mode, but it is less consistent if precise adherence to rate-limits is required.

-With `strict` mode, requests are blocked until the current limit has
+With `strict` mode, customer requests are blocked until the current limit has
 been confirmed. The downside with this approach is that it introduces
 more latency to every request by default. The advantage is that it is
 more precise and consistent.
--- a/docs/publishing/config/tool-config.mdx
+++ b/docs/publishing/config/tool-config.mdx
@ -1,13 +1,9 @@
 ---
 title: Tool Config
-description: Configure tool-specific settings for your Agentic product.
+description: Configure tool-specific settings for your product.
 ---

-Optional list of tool configs to override the default behavior of specific tools.
-
-Make sure the tool `name` matches the origin server's tool names, either via its MCP server or OpenAPI operationIds.
-
-Tool names are expected to be unique and stable across deployments.
+`toolConfigs` is an optional array of tool configs which may be used to override the default gateway behavior for specific tools.

 With `toolConfigs`, tools can be disabled, set custom rate-limits, customize reporting usage for metered billing, and they can also override behavior for different pricing plans.

@ -15,13 +11,16 @@ For example, you may want to disable certain tools on a `free` pricing plan or r

 Note that tool-specific configs override the defaults defined in pricing plans.

-If a tool is defined on the origin server but not specified in `toolConfigs`, it will use the default behavior of the Agentic API gateway.
+If a tool is defined on the origin server but not specified in `toolConfigs`, it will use the default behavior of the Agentic MCP gateway.

 ## Tool Config

 <ResponseField name='name' type='string' required>
  The name of the tool, which acts as a unique, stable identifier for the tool
  across deployments.
+
+Make sure the tool `name` matches the origin server's tool names, either via its MCP server or OpenAPI operationIds.
+
 </ResponseField>

 <ResponseField name='enabled' type='boolean' default='true'>
--- a/docs/publishing/origin-metadata.mdx
+++ b/docs/publishing/origin-metadata.mdx
@ -3,6 +3,8 @@ title: Origin Metadata
 description: Agentic's MCP Gateway passes metadata to your origin server.
 ---

+## Metadata
+
 <Tabs>
  <Tab title='MCP Origin Server'>
 Agentic's MCP Gateway will always include the following metadata in all tool calls within the `_meta.agentic` field.
@ -151,69 +153,3 @@ Possible values are `incomplete`, `incomplete_expired`, `trialing`, `active`, `p
 If a customer doesn't provide an API key for their MCP or HTTP call, Agentic's MCP Gateway will default them to your project's `free` pricing plan with `isCustomerSubscriptionActive` set to `false`.

 This means they'll be subject to your project's `free` pricing plan's [rate limits](/publishing/config/rate-limits), which is important to protect your origin server from abuse.
-
-## Securing your origin server
-
-Agentic's MCP Gateway will always pass a proxy secret when making tool calls to your origin server (either as `_meta.agentic.agenticProxySecret` for MCP origin servers or as an `x-agentic-proxy-secret` header for OpenAPI origin servers).
-
-You can find this secret key in your Agentic project's dashboard settings.
-
-You'll want to set this secret key in your origin server's environment variables and use it to protect against unauthorized requests.
-
-Note that this is only necessary if your origin server is deployed externally to a public network.
-
-### Securing an MCP origin server
-
-```ts
-// This is example pseudocode for how you might protect your origin MCP
-// server to ensure only calls from Agentic's MCP Gateway are allowed.
-if (
-  (_meta?.agentic as any)?.agenticProxySecret !==
-  process.env.AGENTIC_PROXY_SECRET
-) {
-  return {
-    content: [
-      {
-        type: 'text',
-        text: 'Unauthorized'
-      }
-    ]
-  }
-}
-```
-
-### Securing an OpenAPI origin server
-
-```ts
-// This is example pseudocode for how you might protect your origin OpenAPI
-// service to ensure only calls from Agentic's MCP Gateway are allowed.
-if (
-  request.headers.get('x-agentic-proxy-secret') !==
-  process.env.AGENTIC_PROXY_SECRET
-) {
-  return {
-    status: 401,
-    body: {
-      error: 'Unauthorized'
-    }
-  }
-}
-```
-
-### Restricting IP addresses
-
-You can also protecting your origin server by restricting HTTP calls to specific IP addresses used by Agentic's MCP gateway.
-
-This is currently a private beta feature. If you're interested in using it, please [get in touch](/contact).
-
-### Signed HTTP requests
-
-You can also protecting your origin OpenAPI server by requiring all HTTP requests to be signed with your project's proxy secret.
-
-This is currently a private beta feature. If you're interested in using it, please [get in touch](/contact).
-
-### Signed MCP requests
-
-[MCP currently doesn't support signed requests](https://github.com/modelcontextprotocol/modelcontextprotocol/discussions/461).
-
-If you're interested in this feature, please [get in touch](/contact).
--- a/docs/publishing/origin-security.mdx
+++ b/docs/publishing/origin-security.mdx
@ -0,0 +1,70 @@
+---
+title: Origin Security
+description: Agentic offers multiple ways to secure your origin server from unauthorized requests.
+---
+
+## Securing your origin server
+
+Agentic's MCP Gateway will always pass a **proxy secret** when making tool calls to your origin server (either as [`_meta.agentic.agenticProxySecret` for MCP origin servers](/publishing/origin-metadata#mcp-origin-server) or as an [`x-agentic-proxy-secret` header for OpenAPI origin servers](/publishing/origin-metadata#open-api-origin-server)).
+
+You can find this secret key in your Agentic project's dashboard settings.
+
+You'll want to set this secret key in your origin server's environment variables and use it to protect against unauthorized requests.
+
+Note that this is only necessary if your origin server is deployed externally to a public network.
+
+### Securing an MCP origin server
+
+This is example pseudocode for how you might protect your origin MCP server to ensure only calls from Agentic's MCP Gateway are allowed.
+
+```ts
+if (
+  (_meta?.agentic as any)?.agenticProxySecret !==
+  process.env.AGENTIC_PROXY_SECRET
+) {
+  return {
+    content: [
+      {
+        type: 'text',
+        text: 'Unauthorized'
+      }
+    ]
+  }
+}
+```
+
+### Securing an OpenAPI origin server
+
+This is example pseudocode for how you might protect your origin OpenAPI service to ensure only calls from Agentic's MCP Gateway are allowed.
+
+```ts
+if (
+  request.headers.get('x-agentic-proxy-secret') !==
+  process.env.AGENTIC_PROXY_SECRET
+) {
+  return {
+    status: 401,
+    body: {
+      error: 'Unauthorized'
+    }
+  }
+}
+```
+
+## Restricting IP addresses
+
+You can also protecting your origin server by restricting HTTP calls to specific IP addresses used by Agentic's MCP gateway.
+
+This is currently a private beta feature. If you're interested in using it, please [get in touch](/contact).
+
+## Signed HTTP requests
+
+You can also protecting your origin OpenAPI server by requiring all HTTP requests to be signed with your project's proxy secret.
+
+This is currently a private beta feature. If you're interested in using it, please [get in touch](/contact).
+
+## Signed MCP requests
+
+[MCP currently doesn't support signed requests](https://github.com/modelcontextprotocol/modelcontextprotocol/discussions/461).
+
+If you're interested in this feature, please [get in touch](/contact).