> ## Documentation Index
> Fetch the complete documentation index at: https://gleanfeed.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Use the CLI with agents and CI

> Connect coding agents over MCP and run reviewed Glean Feed workflows in noninteractive automation.

Humans, coding agents, and CI use the same Glean Feed resources, scopes, and
approval boundaries. They differ only in transport and output:

| Operator     | Recommended path                   | Authentication                   | Output and approval                        |
| ------------ | ---------------------------------- | -------------------------------- | ------------------------------------------ |
| Human        | CLI                                | Local API-key profile            | Readable output and interactive previews   |
| Coding agent | MCP, installed by the CLI          | Client-managed OAuth             | Tool calls with workspace consent          |
| CI job       | CLI with `--json` and explicit yes | Ephemeral scoped API-key profile | One JSON object and no interactive prompts |

## Connect a coding agent

Preview before writing, then inspect the result:

```bash theme={null}
gleanfeed agent install --dry-run
gleanfeed agent install
gleanfeed agent status
```

The command adds one remote server named `glean-feed` at
`https://app.gleanfeed.com/api/mcp`. It never adds an API key, local command,
environment secret, access token, or refresh token. Re-running it is safe.

Target or remove one client when needed:

```bash theme={null}
gleanfeed agent install --client codex
gleanfeed agent uninstall --client cursor --dry-run
gleanfeed agent uninstall --client cursor
```

`uninstall` removes only the `glean-feed` entry. It preserves unrelated servers
and leaves OAuth credential removal to the client that owns those credentials.

| Client            | Configuration target        | Complete OAuth                                                                                      |
| ----------------- | --------------------------- | --------------------------------------------------------------------------------------------------- |
| Codex             | `~/.codex/config.toml`      | Run `codex mcp login glean-feed`.                                                                   |
| Claude Code       | User-level `~/.claude.json` | Run `/mcp`, select `glean-feed`, and complete browser sign-in.                                      |
| Cursor            | `~/.cursor/mcp.json`        | Open **Cursor Settings → MCP**, or run `cursor-agent mcp login glean-feed`.                         |
| VS Code / Copilot | Current user's `mcp.json`   | Run **MCP: List Servers**, start `glean-feed`, and complete browser sign-in.                        |
| Claude Desktop    | Settings-managed connector  | Open **Settings → Connectors → Add custom connector**, paste the endpoint, then choose **Connect**. |

For Claude Desktop or an unsupported client, the CLI reports the manual remote
Streamable HTTP configuration instead of editing a settings-owned connector.
Read the [MCP guide](/api/mcp) for consent, scopes, and manual setup.

## Verify read-only before granting writes

```text theme={null}
Summarize this Glean Feed workspace. List the five most recent feedback requests and their stages. Do not change anything.
```

Confirm the expected workspace and data before approving write scopes. Optional
[agent skills](/api/agent-skills) add reusable triage, evaluation, and changelog
workflows; they do not create another credential path.

## Run in CI

Create a dedicated least-privilege API key and store it in the CI provider's
secret manager. On an ephemeral runner:

```bash theme={null}
export GLEAN_FEED_CONFIG_DIR="$RUNNER_TEMP/gleanfeed"
printf '%s\n' "$GLEAN_FEED_API_KEY" | \
  gleanfeed auth login --profile ci --stdin --json
gleanfeed init --profile ci --non-interactive --json
gleanfeed config validate --json
```

The repository may commit `.gleanfeed.json` with profile `ci`, but it must never
commit the API key or isolated config directory. Rotate the secret if job output,
artifacts, or runner state could have exposed it.

## Make writes explicit

JSON and noninteractive callers cannot answer a prompt. Pass `--yes` only on the
reviewed command that needs it:

```bash theme={null}
gleanfeed feedback promote "$REQUEST_ID" planned \
  --profile ci \
  --yes \
  --agent "release workflow" \
  --json
```

`--agent` adds a length-limited, non-secret audit label. It does not select a workspace,
grant a scope, or replace authentication. Parse `.ok` and use the documented
[exit codes](/api/cli-reference#exit-codes); do not scrape human output.

## Disable the initialization event

`gleanfeed init` sends one best-effort, content-free authenticated success event
when it uses the production API. It contains the workspace ID and fixed event
type, not repository data, config values, commands, paths, credentials, or user
content. It runs after the repository config is written, has a 1.5-second
deadline, and never changes the setup result. Set `GLEAN_FEED_TELEMETRY=0` to
disable it:

```bash theme={null}
GLEAN_FEED_TELEMETRY=0 gleanfeed init --profile ci --non-interactive --json
```

API requests remain subject to security and operational metering described in
[CLI security](/api/cli-security).
