Skip to main content
Humans, coding agents, and CI use the same Glean Feed resources, scopes, and approval boundaries. They differ only in transport and output:

Connect a coding agent

Preview before writing, then inspect the result:
The command adds one remote server named glean-feed at https://app.gleanfeed.com/api/mcp. It never adds an API key, local command, environment secret, access token, or refresh token. Re-running it is safe. Target or remove one client when needed:
uninstall removes only the glean-feed entry. It preserves unrelated servers and leaves OAuth credential removal to the client that owns those credentials. For Claude Desktop or an unsupported client, the CLI reports the manual remote Streamable HTTP configuration instead of editing a settings-owned connector. Read the MCP guide for consent, scopes, and manual setup.

Verify read-only before granting writes

Confirm the expected workspace and data before approving write scopes. Optional agent skills add reusable triage, evaluation, and changelog workflows; they do not create another credential path.

Run in CI

Create a dedicated least-privilege API key and store it in the CI provider’s secret manager. On an ephemeral runner:
The repository may commit .gleanfeed.json with profile ci, but it must never commit the API key or isolated config directory. Rotate the secret if job output, artifacts, or runner state could have exposed it.

Make writes explicit

JSON and noninteractive callers cannot answer a prompt. Pass --yes only on the reviewed command that needs it:
--agent adds a length-limited, non-secret audit label. It does not select a workspace, grant a scope, or replace authentication. Parse .ok and use the documented exit codes; do not scrape human output.

Disable the initialization event

gleanfeed init sends one best-effort, content-free authenticated success event when it uses the production API. It contains the workspace ID and fixed event type, not repository data, config values, commands, paths, credentials, or user content. It runs after the repository config is written, has a 1.5-second deadline, and never changes the setup result. Set GLEAN_FEED_TELEMETRY=0 to disable it:
API requests remain subject to security and operational metering described in CLI security.