edgegate-mcp 0.4.1 → 0.8.0

package/dist/tools/revoke_api_key.d.ts

@@ -0,0 +1,15 @@
+import { z } from "zod";
+import { EdgeGateClient } from "../client.js";
+import type { ToolResult } from "./setup_workspace.js";
+export declare const revokeApiKeyInputSchema: z.ZodObject<{
+    workspace_id: z.ZodString;
+    key_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    workspace_id: string;
+    key_id: string;
+}, {
+    workspace_id: string;
+    key_id: string;
+}>;
+export type RevokeApiKeyInput = z.infer<typeof revokeApiKeyInputSchema>;
+export declare function revokeApiKeyHandler(client: EdgeGateClient, input: RevokeApiKeyInput): Promise<ToolResult>;

package/dist/tools/revoke_api_key.js

@@ -0,0 +1,49 @@
+import { z } from "zod";
+import { EdgeGateError } from "../client.js";
+export const revokeApiKeyInputSchema = z.object({
+    workspace_id: z.string().uuid(),
+    key_id: z
+        .string()
+        .uuid()
+        .describe("UUID of the key to revoke (the `id` field from `edgegate_list_api_keys`). " +
+        "This is destructive and immediate — any CI job or client still using " +
+        "the plaintext will fail authentication on the next request."),
+});
+export async function revokeApiKeyHandler(client, input) {
+    try {
+        await client.revokeApiKey(input.workspace_id, input.key_id);
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: [
+                        `Revoked API key \`${input.key_id}\`.`,
+                        ``,
+                        `The key is now rejected for all future requests. The audit trail (last_used_at, revoked_at) is preserved on the row — you can still see it in \`edgegate_list_api_keys\`.`,
+                    ].join("\n"),
+                },
+            ],
+        };
+    }
+    catch (err) {
+        if (err instanceof EdgeGateError) {
+            if (err.status === 404) {
+                return {
+                    isError: true,
+                    content: [
+                        {
+                            type: "text",
+                            text: `API key \`${input.key_id}\` not found in this workspace (or already revoked).`,
+                        },
+                    ],
+                };
+            }
+            return {
+                isError: true,
+                content: [{ type: "text", text: `EdgeGate returned ${err.status}: ${err.detail}` }],
+            };
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=revoke_api_key.js.map

package/dist/tools/revoke_api_key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"revoke_api_key.js","sourceRoot":"","sources":["../../src/tools/revoke_api_key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAkB,aAAa,EAAE,MAAM,cAAc,CAAC;AAG7D,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;IAC/B,MAAM,EAAE,CAAC;SACN,MAAM,EAAE;SACR,IAAI,EAAE;SACN,QAAQ,CACP,4EAA4E;QAC1E,uEAAuE;QACvE,6DAA6D,CAChE;CACJ,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAsB,EACtB,KAAwB;IAExB,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5D,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE;wBACJ,qBAAqB,KAAK,CAAC,MAAM,KAAK;wBACtC,EAAE;wBACF,2KAA2K;qBAC5K,CAAC,IAAI,CAAC,IAAI,CAAC;iBACb;aACF;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,aAAa,EAAE,CAAC;YACjC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvB,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,aAAa,KAAK,CAAC,MAAM,sDAAsD;yBACtF;qBACF;iBACF,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,qBAAqB,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;aACpF,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -1,4 +1,20 @@
 export type UUID = string;
+/** Supported dtypes for AI Hub compile input tensors. */
+export type InputSpecDtype = "float32" | "float16" | "int64" | "int32" | "bool";
+/**
+ * Explicit shape + dtype for one named model input.
+ * Passed as `input_specs` on pipeline create/update to override the default
+ * AI Hub auto-detect or PR-#40 auto-resolve behaviour.
+ *
+ * Example (BERT-family):
+ *   { shape: [1, 128], dtype: "int64" }
+ */
+export interface InputSpec {
+    /** Tensor shape (1–8 positive integers). */
+    shape: number[];
+    /** Element dtype. Defaults to "float32" when omitted. */
+    dtype: InputSpecDtype;
+}
 export interface Workspace {
     id: UUID;
     name: string;
@@ -84,6 +100,74 @@ export interface WorkflowTemplate {
     api_url: string;
     secret_names: string[];
 }
+/**
+ * Returned by GET /integrations/huggingface — status without the token.
+ * The plaintext token is never echoed; only the last 4 chars + lifecycle
+ * fields are visible after the initial connect/rotate call.
+ */
+export interface HuggingFaceIntegrationStatus {
+    id: UUID;
+    provider: "huggingface";
+    status: "active" | "disabled";
+    token_last4: string;
+    created_at: string;
+    updated_at: string;
+}
+/**
+ * Returned by POST /integrations/huggingface and the rotate endpoint.
+ * Includes the whoami account name/type so the caller can confirm the
+ * right account was connected, without leaking the secret.
+ */
+export interface HuggingFaceConnectResponse extends HuggingFaceIntegrationStatus {
+    account_name: string;
+    account_type: string;
+}
+/**
+ * Returned by GET / POST / PUT on /integrations/qaihub.
+ * The plaintext token is never echoed; only token_last4 is visible.
+ */
+export interface QaihubIntegration {
+    id: UUID;
+    provider: "qaihub";
+    status: "active" | "disabled";
+    token_last4: string;
+    created_at: string;
+    updated_at: string;
+}
+/**
+ * Returned by POST /workspaces/{ws}/api-keys.
+ * `plaintext` is the only time the full key is visible — the caller must
+ * persist it immediately; the backend stores only a bcrypt hash.
+ */
+export interface APIKeyCreatedResponse {
+    id: UUID;
+    plaintext: string;
+    name: string;
+    prefix: string;
+    suffix: string;
+    created_at: string;
+    expires_at: string | null;
+}
+/**
+ * Returned by GET /workspaces/{ws}/api-keys (one row per key).
+ * Includes lifecycle fields but never the plaintext or the hash.
+ */
+export interface APIKeyListItem {
+    id: UUID;
+    name: string;
+    prefix: string;
+    suffix: string;
+    last_used_at: string | null;
+    expires_at: string | null;
+    revoked_at: string | null;
+    created_at: string;
+}
+export type WorkspaceRole = "owner" | "admin" | "viewer";
+export interface Member {
+    user_id: UUID;
+    email: string;
+    role: WorkspaceRole;
+}
 /** @deprecated Not used — audit-report endpoint does not exist; use RunBundle instead. */
 export interface AuditReport {
     url?: string;
@@ -185,3 +269,88 @@ export interface PromptPackCreateBody {
     version: string;
     content: PromptPackContent;
 }
+/**
+ * Workspace's customer-owned S3 bucket grant. Returned by every grant
+ * endpoint (register / get / verify / rotate-external-id).
+ *
+ * `external_id` is shown in EVERY response — it's the value the customer
+ * has to paste into their IAM role trust policy's `sts:ExternalId`
+ * condition. We don't treat it like a secret because the trust policy
+ * already pins our AWS account as the only principal that can use it.
+ *
+ * `status` semantics: "active" = last probe passed; "failed" = last probe
+ * raised (with `last_verify_error` populated); "revoked" = grant was
+ * explicitly deleted (404 on /grants thereafter).
+ */
+export interface ByoGrant {
+    id: UUID;
+    workspace_id: UUID;
+    role_arn: string;
+    external_id: UUID;
+    bucket: string;
+    region: string;
+    kms_key_id: string | null;
+    status: "active" | "revoked" | "failed";
+    last_verified_at: string | null;
+    last_verify_error: string | null;
+    created_at: string;
+    updated_at: string;
+}
+/**
+ * Request body for POST /v1/workspaces/{ws}/artifacts/byo.
+ * Registers an existing S3 URI in the customer's grant-registered bucket
+ * as an Artifact pointer. EdgeGate does NOT upload bytes — it HeadObjects
+ * the URI to confirm existence + capture size/etag.
+ */
+export interface ByoArtifactRegisterRequest {
+    s3_uri: string;
+    expected_sha256?: string;
+    expected_size?: number;
+    kind?: string;
+    original_filename?: string;
+}
+/**
+ * One row from the workspace's append-only `byo_storage_audit` table.
+ * `aws_request_id` is the join key for cross-referencing the customer's
+ * own CloudTrail. Nullable fields are by design for events that don't
+ * produce them (verify_probe has no run_id/artifact_id, etc.).
+ */
+export interface ByoAuditEntry {
+    id: number;
+    event_type: string;
+    aws_request_id: string;
+    role_arn: string;
+    bucket: string;
+    s3_key: string | null;
+    bytes_read: number | null;
+    worker_hostname: string | null;
+    outcome: string;
+    error_code: string | null;
+    artifact_id: UUID | null;
+    run_id: UUID | null;
+    ts: string;
+}
+/**
+ * Paginated audit-log page. `next_cursor === null` means the response
+ * contained the last page. Pass the value back as the `cursor` query
+ * param to fetch the next page.
+ */
+export interface ByoAuditPage {
+    entries: ByoAuditEntry[];
+    next_cursor: number | null;
+}
+/**
+ * Returned by POST /artifacts and POST /artifacts/byo. Mirrors the
+ * backend `ArtifactResponse` schema. `storage_url` for BYO artifacts is
+ * `byo-s3://{bucket}/{key}` rather than the managed `s3://...` form.
+ */
+export interface ArtifactResponse {
+    id: UUID;
+    kind: string;
+    sha256: string;
+    size_bytes: number;
+    original_filename: string | null;
+    storage_url: string;
+    created_at: string;
+    expires_at: string | null;
+}

package/dist/version.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "0.4.1";
-export declare const USER_AGENT = "edgegate-mcp/0.4.1";
+export declare const VERSION = "0.8.0";
+export declare const USER_AGENT = "edgegate-mcp/0.8.0";

package/dist/version.js

@@ -1,3 +1,3 @@
-export const VERSION = "0.4.1";
+export const VERSION = "0.8.0";
 export const USER_AGENT = `edgegate-mcp/${VERSION}`;
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edgegate-mcp",
-  "version": "0.4.1",
+  "version": "0.8.0",
   "description": "MCP server for EdgeGate — set up edge-AI regression gates from Claude Code, Cursor, or Claude Desktop.",
   "license": "MIT",
   "type": "module",

package/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "edgegate",
-  "version": "0.4.1",
+  "version": "0.8.0",
   "description": "Edge-AI regression gates from Claude Code — set up CI, run benchmarks, compare runs, export reports, and fetch audit bundles from any prompt.",
   "author": "Frozo / EdgeGate",
   "homepage": "https://edgegate.frozo.ai",
@@ -25,6 +25,11 @@
     "skills/edgegate-compare.md",
     "skills/edgegate-export.md",
     "skills/edgegate-import.md",
-    "skills/edgegate-promptpacks.md"
+    "skills/edgegate-promptpacks.md",
+    "skills/edgegate-connect-huggingface.md",
+    "skills/edgegate-connect-qaihub.md",
+    "skills/edgegate-workspace-setup.md",
+    "skills/edgegate-members.md",
+    "skills/edgegate-byo-storage.md"
   ]
 }

package/skills/edgegate-byo-storage.md

@@ -0,0 +1,148 @@
+---
+name: edgegate-byo-storage
+description: Wire up BYO (bring-your-own) S3 storage for an Enterprise EdgeGate workspace — register the IAM role + bucket grant, verify the readiness probe, register the first artifact directly from the customer's bucket, and confirm the audit trail. Use when the user is on the Enterprise plan and wants model bytes to live in their own AWS account.
+---
+
+# /edgegate-byo-storage
+
+This is the **Enterprise BYO storage onboarding** flow. The whole point of
+BYO is that model bytes never leave the customer's AWS account — EdgeGate's
+workers AssumeRole into their account and read directly from their bucket.
+
+Use this skill once per workspace, after the customer's security/IAM team
+has provisioned the role + bucket.
+
+## When to use
+
+- The workspace is on the **Enterprise plan** (BYO storage 402s otherwise).
+- The user has (or wants to provision) their own S3 bucket and IAM role.
+- The user is migrating an existing workspace from EdgeGate-managed storage
+  to BYO, or onboarding a brand-new Enterprise workspace.
+
+If the workspace isn't Enterprise yet, send them to
+<https://edgegate.frozo.ai/enterprise> first — none of the
+`edgegate_*_byo_*` tools will work until BYO is enabled on the plan.
+
+## Pre-flight (AWS side — the user does this in their account)
+
+You can't do this part for them, but you can hand them the exact spec:
+
+1. **Provision the IAM role.** The fastest path is the EdgeGate
+   CloudFormation Launch Stack — link them to it from
+   <https://edgegate.frozo.ai/workspace/{workspace_id}/settings#byo-storage>.
+   (A Terraform module is also published; ask the customer which their
+   security team prefers.) The stack creates:
+   - The IAM role with `sts:AssumeRole` trusted to EdgeGate's AWS account.
+   - The S3 bucket policy granting that role `s3:GetObject` + `ListBucket`
+     scoped to the bucket only.
+   - (Optional) KMS key policy granting `kms:Decrypt` if the bucket uses
+     SSE-KMS.
+2. **Capture** the `role_arn`, `bucket` name, `region`, and (if applicable)
+   `kms_key_id`. The trust policy's `sts:ExternalId` is left as a
+   placeholder — EdgeGate mints the real one in step 1 below and the
+   customer pastes it back.
+
+If they want the raw IAM JSON instead of CloudFormation/Terraform, point
+them at `docs/byo-storage-onboarding.md` in the backend repo or the
+dashboard's "Show raw policies" link.
+
+## Steps
+
+1. **Register the grant.** Call
+   `edgegate_register_byo_bucket({ workspace_id, role_arn, bucket, region, kms_key_id? })`.
+   The response includes an `external_id` UUID — capture it.
+
+2. **Paste the External ID into the IAM role trust policy.** Tell the
+   user, in plain English: "Open your IAM role in the AWS console, edit
+   the trust relationship, and replace the placeholder ExternalId with
+   `<external_id>`." Until they do this, AssumeRole will fail with
+   `BYO_ASSUME_ROLE_FAILED`.
+
+   The CloudFormation stack supports passing the External ID as a
+   parameter — point them at that if they used the stack.
+
+3. **Verify the probe.** After the user confirms the trust policy edit
+   is saved, call `edgegate_check_byo_bucket({ workspace_id })`. Expect
+   `status: "active"`. If `status: "failed"`, the response's checklist
+   covers every typed `BYO_*` error code — read the `last_verify_error`
+   to the user, suggest the matching fix, then re-run `check`.
+
+4. **Register the first artifact.** Pick (or ask for) an existing model
+   in the bucket. Call:
+   ```
+   edgegate_register_byo_artifact({
+     workspace_id,
+     s3_uri: "s3://<bucket>/<key>.onnx",
+     expected_sha256: "<optional but recommended>",
+   })
+   ```
+   Capture the returned `artifact_id`. EdgeGate did NOT download the
+   bytes — it only HeadObject'd the URI to confirm the key exists and
+   capture size + etag. The storage URL in the response will start with
+   `byo-s3://` (not `s3://`) — that's how downstream tooling routes
+   reads through the BYO service rather than EdgeGate's managed S3.
+
+5. **Trigger the first run.** Run the artifact against an existing
+   pipeline so the customer sees the end-to-end flow work:
+   ```
+   edgegate_run_gate({
+     workspace_id,
+     pipeline_id: "<existing pipeline>",
+     model_artifact_id: "<artifact_id from step 4>",
+   })
+   ```
+   Poll with `edgegate_check_status` until it terminates.
+
+6. **Show them the audit trail.** Call
+   `edgegate_get_byo_audit({ workspace_id, run_id: "<run_id from step 5>" })`.
+   The table includes one row per S3 / STS call with the
+   `aws_request_id`. Tell the user: "Cross-reference these against your
+   own CloudTrail in the same time window — every read should match."
+   This is the trust handshake the customer's security team will ask
+   for.
+
+7. **Recap + next.** Summarize:
+   - Grant: `active`, bucket=`<name>`, region=`<region>`
+   - First artifact registered + first run executed
+   - Audit log accessible via `edgegate_get_byo_audit`
+
+   Next concrete actions:
+   - "Migrate more artifacts: `edgegate_register_byo_artifact` per s3_uri"
+   - "Schedule periodic audit pulls into your SIEM (we can stream via API)"
+   - "Rotate the External ID at any time via the dashboard"
+
+## Failure modes
+
+- **Register grant → 402.** Workspace is not on Enterprise. Send them to
+  <https://edgegate.frozo.ai/enterprise>.
+- **Register grant → 409.** A grant already exists. We deliberately do
+  NOT auto-rotate — the existing grant may belong to a role the customer
+  doesn't want overwritten. Inspect with `edgegate_check_byo_bucket`,
+  then either keep it or `edgegate_disconnect_byo_bucket` and re-register.
+  External-ID-only rotation is available via the dashboard.
+- **Check probe → status=failed with BYO_ASSUME_ROLE_FAILED.** External
+  ID drift between EdgeGate and the role's trust policy. Re-paste the
+  current external_id (visible via `edgegate_check_byo_bucket` or the
+  dashboard) into the trust policy's `sts:ExternalId` condition.
+- **Check probe → BYO_KMS_ACCESS_DENIED.** SSE-KMS bucket but the role
+  is missing `kms:Decrypt` on the key. Add the role principal to the
+  KMS key policy.
+- **Check probe → BYO_REGION_MISMATCH.** The bucket lives in a different
+  region than the `region` you registered. Disconnect and re-register
+  with the correct region.
+- **Register artifact → 400 bucket mismatch.** The s3_uri points at a
+  bucket that isn't this workspace's registered one. Cross-bucket
+  pointers are forbidden — register the right bucket (or move the
+  object).
+- **Register artifact → 400 BYO_OBJECT_NOT_FOUND.** The key is mistyped
+  or the role's bucket policy denies `ListBucket`/`GetObject` on that
+  prefix. HeadObject failures pass through with the typed code.
+- **Disconnect → 409.** Artifacts still reference the grant. The
+  response lists the safe paths forward (drop the artifacts first, or
+  rotate the External ID via dashboard if that's what you actually
+  wanted).
+- **Mid-run revocation** (customer revokes the role mid-run): the
+  in-flight cells complete, the rest fail with
+  `BYO_ASSUME_ROLE_FAILED`, the run terminates as `failed` (not
+  `error`) with the partial-success cells preserved in the bundle.
+  This is by design — re-grant + re-run picks up cleanly.

package/skills/edgegate-connect-huggingface.md

@@ -0,0 +1,64 @@
+---
+name: edgegate-connect-huggingface
+description: Connect a personal HuggingFace token to the active workspace so EdgeGate can import private, gated, or Qualcomm-org repos. Walk the user through generating a token, confirming the account, and remembering that rotation is non-disruptive.
+---
+
+# /edgegate-connect-huggingface
+
+Use this skill when the user wants to import a HuggingFace model that the
+anonymous endpoint can't reach — common cases:
+
+- `qualcomm/*` (Qualcomm's own optimized model org)
+- `Intel/*` and many `Xenova/*` repos
+- The user's own private repository
+- Any gated model (Llama family, some image models, etc.) the user has access to
+
+The workspace integration encrypts the token at rest using the same KMS as the
+AI Hub token; it is never echoed in plaintext after the initial connect.
+
+## Steps
+
+1. **Confirm the active workspace.** If you don't already know which workspace
+   the user is operating on, call `edgegate_setup_workspace` first.
+
+2. **Check whether a token is already connected.** Call
+   `edgegate_get_huggingface_integration`. If a token is already active,
+   confirm with the user whether they want to **rotate** (replace) it before
+   asking for a new one.
+
+3. **Walk the user through generating a token** if they don't already have one.
+   - Open <https://huggingface.co/settings/tokens>
+   - Click **Create new token**
+   - Default scope is `Read` — that's enough for the import flow
+   - Copy the token. It starts with `hf_…` and is shown exactly once
+
+4. **Call `edgegate_connect_huggingface`** with the token. The tool validates
+   it against HF's `whoami` endpoint before storing, so a typo'd or revoked
+   token surfaces as a clean 400 with guidance — not a silent failure later
+   during import.
+
+5. **Confirm.** The tool response includes the HF `account_name` and
+   `account_type`. Confirm that matches the user's expectation — for example,
+   if they meant to use their org account but the response shows their
+   personal handle, offer to rotate with the right token.
+
+6. **Move on.** Tell the user the integration is live and that they can now
+   call `edgegate_import_huggingface_model` against any repo their token can
+   read (including the Qualcomm org).
+
+## Failure modes
+
+- **400 "does not look like a HuggingFace token"** — they pasted something
+  that doesn't start with `hf_` or `api_`. Direct them back to
+  <https://huggingface.co/settings/tokens>.
+- **400 "HuggingFace rejected the token"** — token is real-shaped but HF
+  returned 401. Common causes: typo, copied truncated value, token revoked.
+  Suggest regenerating.
+- **409 conflict** — the tool auto-rotates on conflict, so this shouldn't
+  bubble up. If it does, the rotation also failed; surface the error.
+
+## Removing the integration
+
+If the user wants to remove the token (offboarding, key rotation policy,
+account change), call `edgegate_disconnect_huggingface`. The encrypted token
+is deleted; future imports fall back to anonymous access.

package/skills/edgegate-connect-qaihub.md

@@ -0,0 +1,56 @@
+---
+name: edgegate-connect-qaihub
+description: Connect a Qualcomm AI Hub API token to the active EdgeGate workspace so runs can compile and profile models on real Snapdragon devices. Required before any pipeline can actually execute.
+---
+
+# /edgegate-connect-qaihub
+
+Use this skill when the user is setting up a new EdgeGate workspace, has just
+created one with `edgegate_create_workspace`, or is seeing runs fail with
+`NO_AIHUB_TOKEN`.
+
+Qualcomm AI Hub is the device cloud EdgeGate uses behind the scenes — every
+compile + profile + inference job runs against a real Snapdragon device there.
+Without a token connected, the worker can't talk to Hub, so runs that reach the
+worker fail fast.
+
+## Steps
+
+1. **Confirm the active workspace.** If you don't already know which workspace,
+   call `edgegate_setup_workspace` first.
+
+2. **Check whether a token is already connected.** Call
+   `edgegate_get_qaihub_integration`. If the response says **active** with a
+   `token_last4`, ask the user whether they want to **rotate** (replace) the
+   existing token before continuing. If the response is 404, they need to
+   connect for the first time.
+
+3. **Walk the user through generating a Qualcomm AI Hub token** if they don't
+   already have one:
+   - Open <https://app.aihub.qualcomm.com/account/api-token>
+   - Click **Generate new token** (or copy the existing one if shown)
+   - The token is a long alphanumeric string; copy it
+
+4. **Call `edgegate_connect_qaihub`** with the token. The backend stores it
+   under envelope encryption using the workspace KMS — the plaintext is
+   never returned again, and only `token_last4` is visible afterwards.
+
+5. **Confirm + next step.** Tell the user the integration is live. If this is
+   their first connection, suggest:
+   - `edgegate_create_promptpack` (if they need a new promptpack)
+   - `edgegate_create_pipeline` to define their first regression gate
+
+## Failure modes
+
+- **Already exists (409 conflict)** — the tool transparently rotates instead
+  of failing, so the user shouldn't see this. If it does bubble up, the
+  rotation also failed and the backend error message comes through.
+- **500 from Qualcomm AI Hub itself** — usually a transient outage at Hub
+  (`https://app.aihub.qualcomm.com`). Ask the user to retry in a minute.
+
+## Removing the integration
+
+If the user wants to disconnect (offboarding, key rotation policy, account
+change), call `edgegate_disconnect_qaihub`. The encrypted token is deleted
+and new runs in the workspace fail with `NO_AIHUB_TOKEN` until a fresh
+token is connected.

package/skills/edgegate-import.md

@@ -1,6 +1,6 @@
 ---
 name: edgegate-import
-description: Import a public Hugging Face model (ONNX) into EdgeGate. Use when the user says "import model from huggingface", "pull this HF model", or references an "<owner>/<name>" repo they want to gate.
+description: Import a Hugging Face model (ONNX) into EdgeGate. Use when the user says "import model from huggingface", "pull this HF model", or references an "<owner>/<name>" repo they want to gate. Supports both anonymous (public repos) and personal-token (private / gated / qualcomm-org repos via /edgegate-connect-huggingface) flows.
 ---
 
 # /edgegate-import
@@ -45,5 +45,5 @@ Use this skill when the user says any of:
 ## Failure modes
 
 - **"no ONNX file found"** — The repo doesn't contain a pre-built ONNX. EdgeGate v1 only supports repos with a pre-built ONNX file. Point the user to the dashboard upload flow for converting their own model: `https://edgegate.frozo.ai/workspace/<id>/models`.
-- **"private repo"** — EdgeGate v1 only imports public HuggingFace repos. Ask the user to make the repo public or use the direct upload flow instead.
+- **"private repo" / 401 from HuggingFace** — The anonymous endpoint can't read the repo (gated org like `qualcomm/*`, the user's own private repo, or a gated Llama family model). Offer to run `/edgegate-connect-huggingface` to attach a personal HF token to the workspace; once connected the same import call will succeed.
 - **402 — plan limit** — Direct the user to `https://edgegate.frozo.ai/pricing` to upgrade.

package/skills/edgegate-init.md

@@ -13,6 +13,10 @@ Goal of this skill: take the user from "I have a model file" to "every PR is aut
 
 1. **Confirm workspace.** Call `edgegate_setup_workspace` with no args. Present the list. Ask the user which one to use; if they say "the first one", pick `result[0].id`. Confirm before continuing.
 
+   If the list is empty OR the user wants a new workspace for this project, route to `/edgegate-workspace-setup` instead — that flow creates the workspace, connects Qualcomm AI Hub, optionally mints an API key for CI, and optionally invites teammates, all from chat.
+
+   If they have a workspace but it's missing the Qualcomm AI Hub integration (runs would fail with `NO_AIHUB_TOKEN`), run `/edgegate-connect-qaihub` first.
+
 2. **Define the pipeline.** Ask the user:
    - "Which model file do you want to gate? (path or artifact_id)"
    - "Which Snapdragon devices? (default: Samsung Galaxy S24, Galaxy S23)"
@@ -20,6 +24,8 @@ Goal of this skill: take the user from "I have a model file" to "every PR is aut
 
    If they hand you a file path (e.g. `./model.onnx`), tell them they need to upload it via the dashboard first to get an artifact_id (the MCP tool does not handle uploads in v1.0). Link: `https://edgegate.frozo.ai/workspace/{workspace_id}/models`.
 
+   If they hand you a HuggingFace repo id (e.g. `microsoft/resnet-50`), call `edgegate_import_huggingface_model` to import it and get an artifact_id back. If the repo is private / gated / from the Qualcomm org, the import will 401 — offer to run `/edgegate-connect-huggingface` to attach a personal HF token to the workspace, then retry the import.
+
    If they hand you an artifact_id, proceed to `edgegate_create_pipeline`.
 
 3. **Trigger the first run.** Call `edgegate_run_gate` with the workspace_id + new pipeline_id. Tell the user the run_id. Note that runs take 3-5 min per device.
@@ -28,6 +34,17 @@ Goal of this skill: take the user from "I have a model file" to "every PR is aut
 
 5. **Confirm.** Tell the user what's now set up: workspace `<name>`, pipeline `<name>`, run `<id>` in flight, and (if applicable) GitHub Action wired.
 
+## Input shape overrides (`input_specs`)
+
+If creating a pipeline for a text or audio model, the backend auto-resolves dynamic shapes
+(defaults: batch=1, sequence=128). If those defaults don't fit — long-context LLM, custom
+audio model, or mixed-input model — pass `input_specs` explicitly with the right shape per input.
+
+Examples:
+- Long-context BERT (seq_len=512): `{ input_ids: { shape: [1, 512], dtype: "int64" }, attention_mask: { shape: [1, 512], dtype: "int64" } }`
+- Audio model (mel-spectrogram): `{ mel_features: { shape: [1, 80, 3000], dtype: "float32" } }`
+- Image model: omit entirely — the backend reads static shapes from the ONNX file.
+
 ## Failure modes
 
 - **No workspaces.** The API key may have been revoked. Direct the user to `https://edgegate.frozo.ai/workspace/<id>/settings#api-keys` to generate a fresh key.