ai-agent-config 2.5.8 → 2.6.0

package/README.md

@@ -33,14 +33,31 @@ ai-agent update
 | Command | Description |
 |---------|-------------|
 | `init --repo <url>` | Initialize config and clone repo |
-| `push` / `pull` | Git push/pull with your skills repo |
-| `update` | Pull -> sync external skills -> push |
+| `push [--message "msg"]` | Git push to your skills repo |
+| `pull` | Git pull from repo + auto-install |
+| `update` | Pull → sync external skills → push |
 | `install` | Copy skills to platform directories |
 | `list` | List installed skills |
 | `platforms` | Show detected platforms |
-| `source add/remove/list` | Manage skill sources |
-| `config get/set/edit` | Manage configuration |
 | `uninstall` | Remove installed skills |
+| `source add <url>` | Add custom skill source |
+| `source remove <name>` | Remove skill source |
+| `source list` | List all sources |
+| `source enable <name>` | Enable a source |
+| `source disable <name>` | Disable a source |
+| `source info <name>` | View source details |
+| `config get <key>` | Get config value |
+| `config set <key> <value>` | Set config value |
+| `config edit` | Open config in $EDITOR |
+| `config validate` | Validate configuration |
+| `config export [file]` | Export configuration |
+| `config import [file]` | Import configuration |
+| `config reset --yes` | Reset to defaults |
+| `secrets sync` | Sync MCP secrets from Bitwarden vault |
+| `sync-external` | Alias for `update` |
+| `list-external` | List available external skills |
+| `version` | Show version |
+| `help` | Show help |
 
 ## Supported Platforms
 
@@ -53,22 +70,44 @@ ai-agent update
 | Codex CLI | `~/.codex/skills/` |
 | GitHub Copilot | `~/.github/copilot-instructions.md` |
 
+## Secret Management
+
+Securely sync MCP secrets from Bitwarden vault to your shell profile:
+
+```bash
+ai-agent secrets sync
+```
+
+**How it works:**
+- Discovers required secrets from MCP config files (e.g., `${GITHUB_TOKEN}`)
+- Fetches secrets from Bitwarden vault folder "MCP Secrets"
+- Writes to `~/.zshrc` for persistence across sessions
+- Never stores Bitwarden master password
+
+**Setup:** See [Bitwarden MCP Setup Guide](./mcp-servers/bitwarden/README.md)
+
+**Auto-configuration:** Package automatically configures Bitwarden MCP server in Antigravity on install
+
 ## Configuration
 
 User config at `~/.ai-agent/config.json`:
 
 ```json
 {
-  "version": "2.3",
+  "version": "2.5",
   "repository": {
     "url": "https://github.com/youruser/my-ai-skills.git",
     "branch": "main",
-    "local": "~/.ai-agent/sync-repo"
+    "local": "/Users/you/.ai-agent/sync-repo"
   },
-  "sources": {
-    "official": [],
-    "custom": []
-  }
+  "sources": [
+    {
+      "name": "vercel-labs",
+      "url": "https://github.com/vercel-labs/agent-skills.git",
+      "enabled": true
+    }
+  ],
+  "lastSync": "2026-02-13T12:00:00.000Z"
 }
 ```
 

package/bin/cli.js

@@ -199,6 +199,21 @@ function listSkills() {
     });
   }
 
+  // MCP Servers
+  const mcpInstaller = require("../scripts/mcp-installer");
+  const mcpServers = mcpInstaller.getAvailableMcpServers();
+
+  console.log("\nMCP Servers:");
+  if (mcpServers.length === 0) {
+    console.log("  (no MCP servers found)");
+  } else {
+    mcpServers.forEach((server) => {
+      const status = server.enabled === false ? " (disabled)" : "";
+      const desc = server.description ? ` - ${server.description}` : "";
+      console.log(`  • ${server.name}${desc}${status}`);
+    });
+  }
+
   console.log(`\nSource: ${installer.CACHE_DIR}`);
   console.log("");
 }
@@ -668,6 +683,13 @@ function install(args) {
       if (result.skillsCount > 0) parts.push(`${result.skillsCount} skill(s)`);
       if (result.workflowsCount > 0) parts.push(`${result.workflowsCount} workflow(s)`);
 
+      // Count MCP servers across all platforms
+      let mcpTotal = 0;
+      result.details.forEach((d) => {
+        if (d.mcpServers) mcpTotal += d.mcpServers.added + d.mcpServers.skipped;
+      });
+      if (mcpTotal > 0) parts.push(`${mcpTotal} MCP server(s)`);
+
       console.log(`\n✓ Installed ${parts.join(", ")} to ${result.platformsCount} platform(s)\n`);
       result.details.forEach((d) => {
         console.log(`  ${d.platform}:`);
@@ -685,7 +707,18 @@ function install(args) {
             console.log(`      • ${w.name} ${status}`);
           });
         }
+        if (d.mcpServers && d.mcpServers.servers.length > 0) {
+          console.log(`    MCP Servers: ${d.mcpServers.added} added, ${d.mcpServers.skipped} skipped`);
+          d.mcpServers.servers.forEach((name) => {
+            console.log(`      • ${name}`);
+          });
+        }
       });
+
+      // Hint about secrets sync if MCP servers were installed
+      if (mcpTotal > 0) {
+        console.log("\n💡 Run 'ai-agent secrets sync' to resolve Bitwarden secrets");
+      }
     } else {
       console.log("\n⚠️  No skills or workflows installed.");
     }
@@ -830,7 +863,7 @@ function pull(args) {
       const noInstall = args.includes("--no-install");
 
       if (!noInstall) {
-        console.log("📥 Auto-installing skills...\n");
+        console.log("📥 Auto-installing skills + MCP servers...\n");
         install(["--force"]); // Force install to ensure latest
       }
     } else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-agent-config",
-  "version": "2.5.8",
+  "version": "2.6.0",
   "description": "Universal skill & workflow manager for AI coding assistants with bi-directional GitHub sync",
   "main": "index.js",
   "bin": {

package/scripts/installer.js

@@ -8,6 +8,8 @@ const path = require("path");
 const { execSync } = require("child_process");
 const platforms = require("./platforms");
 
+const mcpInstaller = require("./mcp-installer");
+
 const REPO_URL = "https://github.com/dongitran/ai-agent-config.git";
 const CACHE_DIR = path.join(platforms.HOME, ".ai-agent-config-cache");
 const REPO_SKILLS_DIR = path.join(CACHE_DIR, ".agent", "skills");
@@ -178,6 +180,7 @@ function installToPlatform(platform, options = {}) {
     workflowsPath: workflowsPath,
     skills: [],
     workflows: [],
+    mcpServers: null,
   };
 
   // Install skills
@@ -230,6 +233,15 @@ function installToPlatform(platform, options = {}) {
     }
   }
 
+  // Install MCP servers (Antigravity only for now)
+  if (platform.name === "antigravity") {
+    try {
+      results.mcpServers = mcpInstaller.installMcpServers({ force });
+    } catch (error) {
+      console.warn(`  ⚠️  MCP install failed: ${error.message}`);
+    }
+  }
+
   return results;
 }
 

package/scripts/mcp-installer.js

@@ -0,0 +1,280 @@
+/**
+ * MCP Installer Module
+ * Handles discovering, validating, and installing MCP servers from repo to platforms
+ */
+
+const fs = require("fs");
+const path = require("path");
+const platforms = require("./platforms");
+const configManager = require("./config-manager");
+
+const SKIP_FOLDERS = ["bitwarden"];
+
+/**
+ * Get the MCP servers directory from the user's sync repo
+ * @returns {string|null} Path to .agent/mcp-servers/ or null
+ */
+function getMcpServersDir() {
+    const config = configManager.loadConfig();
+    const repoLocal = config.repository && config.repository.local;
+    if (!repoLocal) return null;
+
+    const expanded = repoLocal.replace(/^~/, process.env.HOME || process.env.USERPROFILE);
+    const mcpDir = path.join(expanded, ".agent", "mcp-servers");
+    return fs.existsSync(mcpDir) ? mcpDir : null;
+}
+
+/**
+ * Validate an MCP server config
+ * @param {Object} config - Parsed config.json
+ * @returns {{ valid: boolean, errors: string[] }}
+ */
+function validateMcpConfig(config) {
+    const errors = [];
+
+    if (!config.name || typeof config.name !== "string") {
+        errors.push("Missing or invalid 'name' field");
+    }
+    if (!config.command || typeof config.command !== "string") {
+        errors.push("Missing or invalid 'command' field");
+    }
+    if (!Array.isArray(config.args)) {
+        errors.push("Missing or invalid 'args' field (must be array)");
+    }
+    if (config.bitwardenEnv && typeof config.bitwardenEnv !== "object") {
+        errors.push("'bitwardenEnv' must be an object");
+    }
+    if (config.disabledTools && !Array.isArray(config.disabledTools)) {
+        errors.push("'disabledTools' must be an array");
+    }
+
+    return { valid: errors.length === 0, errors };
+}
+
+/**
+ * Get all available MCP servers from the repo
+ * @returns {Array<Object>} Array of parsed and validated MCP server configs
+ */
+function getAvailableMcpServers() {
+    const mcpDir = getMcpServersDir();
+    if (!mcpDir) return [];
+
+    const servers = [];
+
+    const entries = fs.readdirSync(mcpDir, { withFileTypes: true });
+    for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        if (SKIP_FOLDERS.includes(entry.name)) continue;
+
+        const configPath = path.join(mcpDir, entry.name, "config.json");
+        if (!fs.existsSync(configPath)) continue;
+
+        try {
+            const config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+            const validation = validateMcpConfig(config);
+            if (!validation.valid) {
+                console.warn(`  ⚠️  Invalid MCP config in ${entry.name}/: ${validation.errors.join(", ")}`);
+                continue;
+            }
+            servers.push(config);
+        } catch (error) {
+            console.warn(`  ⚠️  Failed to parse ${entry.name}/config.json: ${error.message}`);
+        }
+    }
+
+    return servers;
+}
+
+/**
+ * Collect all bitwardenEnv entries from MCP server configs
+ * @returns {Array<{ serverName: string, envVar: string, bitwardenItem: string }>}
+ */
+function collectBitwardenEnvs() {
+    const servers = getAvailableMcpServers();
+    const envs = [];
+
+    for (const server of servers) {
+        if (server.enabled === false) continue;
+        if (!server.bitwardenEnv) continue;
+
+        for (const [envVar, bitwardenItem] of Object.entries(server.bitwardenEnv)) {
+            envs.push({
+                serverName: server.name,
+                envVar,
+                bitwardenItem,
+            });
+        }
+    }
+
+    return envs;
+}
+
+/**
+ * Install MCP servers to Antigravity's mcp_config.json
+ * This is the "pull" flow - installs structure without resolved secrets
+ * @param {Object} options - { force: boolean }
+ * @returns {{ added: number, skipped: number, servers: string[] }}
+ */
+function installMcpServers(options = {}) {
+    const { force = false } = options;
+    const antigravity = platforms.getByName("antigravity");
+
+    if (!antigravity || !antigravity.mcpConfigPath) {
+        return { added: 0, skipped: 0, servers: [] };
+    }
+
+    const servers = getAvailableMcpServers().filter((s) => s.enabled !== false);
+    if (servers.length === 0) {
+        return { added: 0, skipped: 0, servers: [] };
+    }
+
+    // Read existing mcp_config.json
+    let mcpConfig = { mcpServers: {} };
+    if (fs.existsSync(antigravity.mcpConfigPath)) {
+        try {
+            mcpConfig = JSON.parse(fs.readFileSync(antigravity.mcpConfigPath, "utf-8"));
+            if (!mcpConfig.mcpServers) mcpConfig.mcpServers = {};
+        } catch {
+            mcpConfig = { mcpServers: {} };
+        }
+    }
+
+    let added = 0;
+    let skipped = 0;
+    const serverNames = [];
+
+    for (const server of servers) {
+        const existing = mcpConfig.mcpServers[server.name];
+
+        if (existing && !force) {
+            skipped++;
+            serverNames.push(server.name);
+            continue;
+        }
+
+        // Build server entry for Antigravity format
+        const entry = {
+            command: server.command,
+            args: server.args,
+        };
+
+        // Preserve existing env if not forcing
+        if (existing && existing.env) {
+            entry.env = existing.env;
+        }
+
+        if (server.disabledTools && server.disabledTools.length > 0) {
+            entry.disabledTools = server.disabledTools;
+        }
+
+        mcpConfig.mcpServers[server.name] = entry;
+        added++;
+        serverNames.push(server.name);
+    }
+
+    // Write back
+    if (added > 0) {
+        const configDir = path.dirname(antigravity.mcpConfigPath);
+        if (!fs.existsSync(configDir)) {
+            fs.mkdirSync(configDir, { recursive: true });
+        }
+        fs.writeFileSync(antigravity.mcpConfigPath, JSON.stringify(mcpConfig, null, 2) + "\n", "utf-8");
+    }
+
+    return { added, skipped, servers: serverNames };
+}
+
+/**
+ * Install MCP servers with resolved secrets to Antigravity
+ * This is the "secrets sync" flow - updates env with real values
+ * @param {Object} resolvedSecrets - Map of envVar → resolvedValue
+ * @returns {{ installed: number, servers: Array<{ name: string, secretsCount: number }> }}
+ */
+function installMcpServersWithSecrets(resolvedSecrets) {
+    const antigravity = platforms.getByName("antigravity");
+
+    if (!antigravity || !antigravity.mcpConfigPath) {
+        return { installed: 0, servers: [] };
+    }
+
+    const allServers = getAvailableMcpServers().filter((s) => s.enabled !== false);
+    if (allServers.length === 0) {
+        return { installed: 0, servers: [] };
+    }
+
+    // Read existing mcp_config.json
+    let mcpConfig = { mcpServers: {} };
+    if (fs.existsSync(antigravity.mcpConfigPath)) {
+        try {
+            mcpConfig = JSON.parse(fs.readFileSync(antigravity.mcpConfigPath, "utf-8"));
+            if (!mcpConfig.mcpServers) mcpConfig.mcpServers = {};
+        } catch {
+            mcpConfig = { mcpServers: {} };
+        }
+    }
+
+    let installed = 0;
+    const serverResults = [];
+
+    for (const server of allServers) {
+        const existing = mcpConfig.mcpServers[server.name] || {};
+
+        // Build entry: keep existing custom fields (disabledTools user may have customized)
+        const entry = {
+            command: server.command,
+            args: server.args,
+        };
+
+        // Build env from resolved secrets
+        if (server.bitwardenEnv) {
+            const env = {};
+            let secretsCount = 0;
+
+            for (const [envVar, bitwardenItem] of Object.entries(server.bitwardenEnv)) {
+                if (resolvedSecrets[bitwardenItem]) {
+                    env[envVar] = resolvedSecrets[bitwardenItem];
+                    secretsCount++;
+                }
+            }
+
+            if (Object.keys(env).length > 0) {
+                entry.env = { ...(existing.env || {}), ...env };
+            }
+
+            serverResults.push({ name: server.name, secretsCount });
+        } else {
+            serverResults.push({ name: server.name, secretsCount: 0 });
+        }
+
+        // Preserve user-customized disabledTools from existing config
+        if (existing.disabledTools) {
+            entry.disabledTools = existing.disabledTools;
+        } else if (server.disabledTools && server.disabledTools.length > 0) {
+            entry.disabledTools = server.disabledTools;
+        }
+
+        mcpConfig.mcpServers[server.name] = entry;
+        installed++;
+    }
+
+    // Write back
+    if (installed > 0) {
+        const configDir = path.dirname(antigravity.mcpConfigPath);
+        if (!fs.existsSync(configDir)) {
+            fs.mkdirSync(configDir, { recursive: true });
+        }
+        fs.writeFileSync(antigravity.mcpConfigPath, JSON.stringify(mcpConfig, null, 2) + "\n", "utf-8");
+    }
+
+    return { installed, servers: serverResults };
+}
+
+module.exports = {
+    getMcpServersDir,
+    validateMcpConfig,
+    getAvailableMcpServers,
+    collectBitwardenEnvs,
+    installMcpServers,
+    installMcpServersWithSecrets,
+    SKIP_FOLDERS,
+};

package/scripts/platforms.js

@@ -42,6 +42,7 @@ const SUPPORTED = [
     configDir: ".gemini/antigravity",
     skillsDir: "skills",
     workflowsDir: "workflows",
+    mcpConfigFile: "mcp_config.json",
     get configPath() {
       return path.join(HOME, this.configDir);
     },
@@ -51,6 +52,9 @@ const SUPPORTED = [
     get workflowsPath() {
       return path.join(HOME, this.configDir, this.workflowsDir);
     },
+    get mcpConfigPath() {
+      return path.join(HOME, this.configDir, this.mcpConfigFile);
+    },
     detect() {
       // Check for .gemini directory or Antigravity app
       return (

package/scripts/postinstall.js

@@ -73,6 +73,24 @@ function main() {
             BW_CLIENT_ID: "${BW_CLIENT_ID}",
             BW_CLIENT_SECRET: "${BW_CLIENT_SECRET}",
           },
+          disabledTools: [
+            "lock", "sync", "status", "confirm",
+            "create_org_collection", "edit_org_collection", "edit_item_collections", "move",
+            "device_approval_list", "device_approval_approve", "device_approval_approve_all",
+            "device_approval_deny", "device_approval_deny_all",
+            "create_text_send", "create_file_send", "list_send", "get_send",
+            "edit_send", "delete_send", "remove_send_password",
+            "create_attachment",
+            "list_org_collections", "get_org_collection", "update_org_collection", "delete_org_collection",
+            "list_org_members", "get_org_member", "get_org_member_groups",
+            "invite_org_member", "update_org_member", "update_org_member_groups",
+            "remove_org_member", "reinvite_org_member",
+            "list_org_groups", "get_org_group", "get_org_group_members",
+            "create_org_group", "update_org_group", "delete_org_group", "update_org_group_members",
+            "list_org_policies", "get_org_policy", "update_org_policy",
+            "get_org_events", "get_org_subscription", "update_org_subscription",
+            "import_org_users_and_groups"
+          ],
         };
         changed = true;
         console.log("🔐 Bitwarden MCP server added to Antigravity (✓ enabled)");
@@ -89,6 +107,30 @@ function main() {
           changed = true;
           console.log("🔓 Bitwarden MCP server configuration repaired and enabled");
         }
+
+        // Phase 4: Add disabledTools if not present (don't override if user customized)
+        if (!bw.disabledTools) {
+          bw.disabledTools = [
+            "lock", "sync", "status", "confirm",
+            "create_org_collection", "edit_org_collection", "edit_item_collections", "move",
+            "device_approval_list", "device_approval_approve", "device_approval_approve_all",
+            "device_approval_deny", "device_approval_deny_all",
+            "create_text_send", "create_file_send", "list_send", "get_send",
+            "edit_send", "delete_send", "remove_send_password",
+            "create_attachment",
+            "list_org_collections", "get_org_collection", "update_org_collection", "delete_org_collection",
+            "list_org_members", "get_org_member", "get_org_member_groups",
+            "invite_org_member", "update_org_member", "update_org_member_groups",
+            "remove_org_member", "reinvite_org_member",
+            "list_org_groups", "get_org_group", "get_org_group_members",
+            "create_org_group", "update_org_group", "delete_org_group", "update_org_group_members",
+            "list_org_policies", "get_org_policy", "update_org_policy",
+            "get_org_events", "get_org_subscription", "update_org_subscription",
+            "import_org_users_and_groups"
+          ];
+          changed = true;
+          console.log("🎛️  Bitwarden MCP: Added tool filters (disabled org-management tools)");
+        }
       }
 
       if (changed) {

package/scripts/secret-manager.js

@@ -153,35 +153,25 @@ function unlockBitwarden(password) {
 }
 
 /**
- * Discover required secrets from MCP configs
- * Scans ~/.gemini/antigravity/mcp_config.json for ${VAR} patterns
+ * Discover required secrets from MCP server configs in the repo
+ * Scans .agent/mcp-servers/{name}/config.json for bitwardenEnv fields
  */
 function discoverRequiredSecrets() {
-    const platforms = require("./platforms");
-    const antigravity = platforms.getByName("antigravity");
+    const mcpInstaller = require("./mcp-installer");
+    const envs = mcpInstaller.collectBitwardenEnvs();
 
-    if (!antigravity) {
-        return { found: false, secrets: [], reason: "Antigravity platform not detected" };
-    }
-
-    const mcpConfigPath = path.join(antigravity.configPath, "mcp_config.json");
-
-    if (!fs.existsSync(mcpConfigPath)) {
-        return { found: false, secrets: [], reason: "MCP config not found" };
+    if (envs.length === 0) {
+        const mcpDir = mcpInstaller.getMcpServersDir();
+        if (!mcpDir) {
+            return { found: false, secrets: [], reason: "No repository configured or no MCP servers found" };
+        }
+        return { found: true, secrets: [] };
     }
 
-    try {
-        const content = fs.readFileSync(mcpConfigPath, "utf-8");
-
-        // Extract all ${VAR_NAME} patterns (supports mixed/lowercase)
-        const regex = /\$\{([a-zA-Z_][a-zA-Z0-9_]*)\}/g;
-        const matches = [...content.matchAll(regex)];
-        const secretNames = [...new Set(matches.map((m) => m[1]))];
+    // Collect unique Bitwarden item names to fetch
+    const secretNames = [...new Set(envs.map((e) => e.bitwardenItem))];
 
-        return { found: true, secrets: secretNames };
-    } catch (error) {
-        return { found: false, secrets: [], reason: error.message };
-    }
+    return { found: true, secrets: secretNames, envs };
 }
 
 /**
@@ -334,22 +324,22 @@ async function syncSecrets() {
         console.log("✓ Vault unlocked\n");
         sessionKey = unlockResult.sessionKey;
 
-        // 5. Discover required secrets
-        console.log("🔍 Scanning MCP configs for required secrets...");
+        // 5. Discover required secrets from repo's bitwardenEnv
+        console.log("🔍 Scanning MCP server configs for required secrets...");
         const discovery = discoverRequiredSecrets();
 
         if (!discovery.found) {
             console.log(`⚠️  ${discovery.reason}`);
-            console.log("\n💡 No secrets to sync. MCP configs will be available after implementing Plan 01.\n");
+            console.log("\n💡 Configure a repository first: ai-agent init --repo <url>\n");
             return;
         }
 
         if (discovery.secrets.length === 0) {
-            console.log("No environment variables found in MCP configs.\n");
+            console.log("No bitwardenEnv entries found in MCP server configs.\n");
             return;
         }
 
-        console.log(`Found ${discovery.secrets.length} secret(s):`);
+        console.log(`Found ${discovery.secrets.length} secret(s) to fetch:`);
         discovery.secrets.forEach((name) => {
             console.log(`  • ${name}`);
         });
@@ -359,32 +349,42 @@ async function syncSecrets() {
         const fetchResults = fetchSecretsFromBitwarden(sessionKey, discovery.secrets);
 
         fetchResults.found.forEach((secret) => {
-            console.log(`✓ ${secret.name} (found)`);
+            console.log(`  ✓ ${secret.name}`);
         });
 
         fetchResults.missing.forEach((name) => {
-            console.log(`⚠ ${name} (not found in vault)`);
+            console.log(`  ⚠ ${name} (not found in vault)`);
         });
 
-        // 7. Write to shell profile
+        // 7. Install MCP servers with resolved secrets to Antigravity
         if (fetchResults.found.length > 0) {
-            console.log("\n💾 Writing secrets to shell profile...");
-            const writeResult = writeToShellProfile(fetchResults.found);
-            console.log(`✓ Added ${writeResult.count} environment variable(s) to ${writeResult.path}`);
+            const mcpInstaller = require("./mcp-installer");
+
+            // Build resolvedSecrets map: bitwardenItemName → value
+            const resolvedSecrets = {};
+            fetchResults.found.forEach((s) => {
+                resolvedSecrets[s.name] = s.value;
+            });
+
+            console.log("\n📦 Installing MCP servers to Antigravity...");
+            const installResult = mcpInstaller.installMcpServersWithSecrets(resolvedSecrets);
+
+            installResult.servers.forEach((s) => {
+                if (s.secretsCount > 0) {
+                    console.log(`  ✓ ${s.name}: ${s.secretsCount} secret(s) resolved`);
+                } else {
+                    console.log(`  ✓ ${s.name}: no secrets needed`);
+                }
+            });
         }
 
         // 8. Summary
         console.log("\n✅ Secrets synced successfully!\n");
 
-        console.log("ℹ️  Next steps:");
-        console.log("   1. Restart terminal or run: source ~/.zshrc");
-
         if (fetchResults.missing.length > 0) {
-            console.log(`   2. Missing secrets: ${fetchResults.missing.join(", ")}`);
-            console.log("      Add them to Bitwarden or set manually");
+            console.log(`⚠️  Missing secrets: ${fetchResults.missing.join(", ")}`);
+            console.log(`   Add them to Bitwarden vault folder "${BITWARDEN_FOLDER}"\n`);
         }
-
-        console.log("");
     } finally {
         // Cleanup: Lock vault to invalidate session key
         if (sessionKey) {

package/scripts/sync-manager.js

@@ -168,9 +168,13 @@ class SyncManager {
             // Add all .agent/ files except bundled package skills
             execSync("git add .agent/workflows/", { cwd: this.repoPath, stdio: "pipe" });
 
+            // Add MCP servers
+            const mcpServersDir = path.join(this.repoPath, ".agent/mcp-servers");
+            if (fs.existsSync(mcpServersDir)) {
+                execSync("git add .agent/mcp-servers/", { cwd: this.repoPath, stdio: "pipe" });
+            }
+
             // Add skills individually, excluding bundled ones
-            const fs = require("fs");
-            const path = require("path");
             const skillsDir = path.join(this.repoPath, ".agent/skills");
             const bundledSkills = ["ai-agent-config", "config-manager"];