CLI and MCP installation guide

Install the public CLI, register remote token-backed MCP clients, and find the full command and tool catalog.

company setupstaffing

Use the public CLI when a technical operator, Claude Code, Codex, Cursor, or another local agent needs to help set up and operate ROST. Use MCP when the local agent should call ROST tools directly from its own client.

The MCP server is remote and token-backed. There is no local MCP daemon to install. The CLI logs you in, mints a scoped MCP token, and prints the registration block for the deployed /mcp route.

Prerequisite: a human approver in a browser

A headless agent cannot complete setup unattended. Two things always require a human, so plan to announce the handoff rather than stall silently:

Device-code approval at first login. rost login --device prints a code; a human must open the workspace URL in a browser, sign in with Google, match the code, and approve.
Durable gated commands. Setting or approving a Charter, staffing a seat, and taking an agent live each open a confirmation that a human approves (an agent never approves its own request — see the confirmations-guide). The CLI surfaces the confirmation_id and an approveVia URL for the human. (rost mcp install is a partial exception: for an interactive operator it completes its own token-mint approval inline; in a headless/agent session it surfaces the confirmation and stops unless --skip-permissions / ROST_CLI_SKIP_PERMISSIONS=1 is set — see Approving the token mint below.)

Treat these as blocking prerequisites: the agent prepares the request and waits for the human approver.

Placeholder legend

Commands below use angle-bracket placeholders. The CLI prints the real, fully-resolved values at runtime — read them from the terminal, do not hand-construct them:

<your-workspace-url> — your workspace origin. The CLI prints the full /auth/device and /mcp URLs in its output; copy them from the terminal rather than guessing the host.
<tenant-slug-or-id> — a tenant identifier from rost tenants.
<seat-id> — a seat id from rost command seat.create output or rost_get_responsibility_graph / rost command graph.get.
<token-id> — an MCP token id printed by mcp install, or discoverable later via rost command mcp_token.list / rost_list_mcp_tokens.
<confirmation-id> — shown in the CLI error or output for a gated command; see the confirmations-guide.

Before you start: create your account and company

A ROST account (the human identity) is created with Google sign-in — in the browser at /signup, or headlessly via rost login --device (a human approves the code in any browser). A company (tenant) can then be created either way:

Browser: at /signup, name your company, then return to the CLI.
Headless (no browser step): once logged in, run rost signup --company "<name>". This provisions the company for your session and makes it your active tenant, so rost onboard status and every other tenant-scoped command work immediately. This is the recommended path for an autonomous agent setting up from scratch.

If you run a tenant-scoped command before any company exists, the CLI tells you both options. You only get one company per signup; running rost signup --company again returns your existing company rather than creating a duplicate.

Install the CLI

Run the published package with npx:

npx @rosthq/cli@latest --help
npx @rosthq/cli@latest login

Or install it globally:

npm i -g @rosthq/cli
rost login

The package requires Node 22 or newer. The binary name is rost. Check your version before installing — npx will still launch the package on Node 20 or 18, but the CLI rejects an older runtime:

node --version

If it prints anything below v22, upgrade Node first.

A coding agent (Codex, Claude Code, or any headless shell) signs in without a browser of its own: the agent prints a short code, and a human approves it in any browser. This is the recommended path for autonomous agents. Plain rost login (the browser-callback flow) stays the default for an interactive human at a keyboard.

rost login --device

How it works:

1. The CLI prints a verification URL (your workspace's /auth/device page) and a short code, then polls and waits:

   To sign in, open this URL in any browser and approve the code:
     https://<your-workspace-url>/auth/device
     Code: ABCD-EFGH
   Waiting for approval…

The <your-workspace-url> shown here is a placeholder for this doc; the CLI prints your actual workspace origin. Read the URL and code from the terminal — do not hand-construct them. 2. A human opens the URL, signs in with Google, confirms the code shown in the browser matches the one in the agent's terminal, and clicks Approve. 3. The CLI detects the approval, exchanges a one-time handoff for a session, and stores it in the OS keychain. rost whoami then shows the account, and tenant-scoped commands (rost onboard status, etc.) operate in the approver's active tenant. If the approver has no company yet, create one headlessly with rost signup --company "<name>" — no browser step.

Notes:

The code expires after 10 minutes — rerun rost login --device if it lapses.
No password is entered, and no access token is stored on the server; only the agent's own machine holds the session (in its OS keychain).
Matching the code before approving is a security step: only approve a code your own agent printed.
Approve only in a browser you control and trust — never on a kiosk or someone else's device, and sign out afterward on any shared machine. Approval grants a live ROST session tied to your Google identity, not just a code match.

Headless Linux, CI, and machines with no keychain

By default the CLI stores the session in the macOS Keychain (on darwin). There is no built-in Windows or Linux keychain integration today — on any non-macOS host, or any machine without a keychain, the CLI errors with "No OS credential store is available" unless you opt into the file store.

For headless Linux, CI runners, or any no-keychain environment, set ROST_CLI_ALLOW_FILE_TOKEN_STORE=1 to opt into the development-only plain-file token store. It is not encrypted — it writes the file with owner-only permissions (directory 0700, file 0600) and prints a stderr warning. It stores only the CLI session token, never tenant secrets, API keys, or vault refs. Treat that file as a credential: do not bake it into a shared image and do not commit it.

The CLI checks this flag on every invocation, not just login. Export it for the whole shell or CI job (so rost whoami, rost onboard status, and the rest also find the file store), not only on the login line:

export ROST_CLI_ALLOW_FILE_TOKEN_STORE=1
rost login --device

For CI, do not run an interactive device login on every job (a device code still needs a human approver, which CI does not have). Note that the CLI session is a short-lived auth session (it carries an expiry), not a durable credential — so storing the session file as a long-lived CI secret will stop working once it expires, and re-approving a device code unattended is not possible. For ongoing unattended automation, prefer a seat-scoped MCP token used directly by your MCP client, and treat that client config as a secret. Such a token now defaults to a 90-day expiry, so for automation that must outlive that window, mint it with an explicit --expires-in <days> (up to 365) or, accepting the long-lived-credential tradeoff, --no-expiry — e.g. mcp install --scope seat --seat-id <id> --expires-in 365. Rotate it before it lapses (--rotate <old-token-id>), and revoke and re-mint if a runner image is rebuilt or shared.

First-run path

This is the install/auth quickstart — it gets you logged in, MCP registered, and onboarding started. It is a convenience view, not the full org-setup procedure: for the canonical end-to-end setup order beyond install, agent-reference-map is the source of truth (its 19-step Standard Setup Order). Read it with rost reference get agent-reference-map (step 6 below).

1. Log in: npx @rosthq/cli@latest login (or rost login --device for a headless agent) 2. Confirm identity: rost whoami 3. Create your company if you have none yet: rost signup --company "<name>" (no browser step) 4. List tenants: rost tenants 5. Select a tenant when needed: rost use <tenant-slug-or-id> 6. Read the agent map: rost reference get agent-reference-map (the full canonical setup order lives here) 7. Register MCP for the client (pick a scope — --scope is required): rost mcp install --client claude-code --scope tenant-admin for setup, or --scope seat --seat-id <id> for a narrower seat token 8. Inspect onboarding: rost onboard status 9. Get the guided agent prompt: rost onboard run

Or use the one-shot helper: rost init logs in when needed, optionally selects a tenant, installs MCP, and prints the onboarding prompt. It does not run every numbered step above (it does not create your company or call onboard status) — it gets you logged in, registered, and handed the onboarding prompt. As the first-run helper it defaults to a tenant-admin token (no seats exist yet), so unlike a direct mcp install it does not need --scope; pass --scope seat --seat-id <id> if you already have a seat to scope it to:

rost init --tenant <tenant-slug-or-id> --client codex

MCP install commands

A direct mcp install now requires an explicit `--scope` — there is no silent default. Choose --scope seat --seat-id <id> (the narrowest scope, limited to one seat's Charter and permission manifest — prefer it for day-to-day operation) or --scope tenant-admin (can administer the whole company — reserve it for initial setup). Running mcp install without --scope errors and mints nothing, naming both options. (The first-run helper rost init is the exception: it defaults to --scope tenant-admin because no seats exist yet at setup; and --rotate inherits the old token's scope, so it does not need --scope either.)

mcp install accepts an optional --skip-permissions flag (equivalently ROST_CLI_SKIP_PERMISSIONS=1). It governs the token-mint approval in a non-interactive session — see Approving the token mint below. An interactive operator never needs it.

Claude Code (tenant-admin):

npx @rosthq/cli@latest mcp install --client claude-code --scope tenant-admin

Codex (tenant-admin):

npx @rosthq/cli@latest mcp install --client codex --scope tenant-admin

Cursor (tenant-admin):

npx @rosthq/cli@latest mcp install --client cursor --scope tenant-admin

The tenant-admin token administers the whole company. For day-to-day operation, prefer a seat-scoped token instead — it operates only as one seat and is limited by that seat's Charter and permission manifest. Reserve the tenant-admin token for initial setup.

Seat-scoped MCP for a specific seat:

npx @rosthq/cli@latest mcp install --client codex --scope seat --seat-id <seat-id>

The <seat-id> comes from rost command seat.create output or rost_get_responsibility_graph / rost command graph.get.

Approving the token mint

Minting a token (and the inline revoke that --rotate performs) is a human-gated authority change at the command layer. How rost mcp install handles that approval depends on whether it runs in an interactive session:

Interactive operator (a human at a real terminal). The CLI completes the approval inline: the operator who ran the command is the human in the loop, so it runs the gated mint, completes the confirmation for that same command, and prints the registration block — a single step, no separate URL to click.
Non-interactive / headless / agent session. The CLI does not approve its own request. By default it surfaces the confirmation and stops, minting nothing: it prints the confirmation_id, the exact rost command confirmation.approve --json '{"confirmation_id":"<id>"}' command, and the approveVia URL when the server provided one, then exits non-zero ("pending human approval"). A human then approves it (in a browser or with that approve command) — and that approval executes the mint and returns the token in the approve output (shown once), so register it with your client from there. Do not re-run mcp install after approving: that starts a second mint and orphans the first token. (For an unattended agent that should mint and register in one step, use --skip-permissions below.)
Opting into auto-approval in a headless session. Pass --skip-permissions on mcp install, or set ROST_CLI_SKIP_PERMISSIONS=1, to auto-approve the mint/revoke confirmation inline even without a TTY. This is a deliberate loosening (the running session stands in for the human approver) — use it only for trusted automation where you accept that the agent approves its own token mint.

The broader rule still holds for durable changes an agent proposes — charters, decisions, compass and charter amendments — where an agent never approves its own request and a human approves the surfaced approveVia confirmation. See the confirmations-guide for the four confirmation levels and that flow.

Handling the printed token (read this before you paste anything)

The registration block mcp install prints embeds a live bearer token — a real, scoped credential. mcp install prints this block; it does not write any client config itself. You apply it, and once applied the token lands in the client's config file in plaintext:

Claude Code: run the printed claude mcp add command — that command writes the token into Claude Code's MCP config.
Codex: paste the printed TOML stanza into your Codex config file.
Cursor: paste the printed JSON entry into Cursor's MCP config.

Because the token lands on disk in plaintext, treat it like a password:

Never commit the block or the client config to version control, and never paste it into a chat, issue, or log. A leaked block grants its full scope until revoked.
The session asymmetry matters: your CLI login session lives in the OS keychain and is cleared by rost logout. The MCP token is a separate credential written in plaintext into the client config — rost logout does not revoke it. Revoke MCP tokens separately (below).

Example shapes of what mcp install prints (token redacted as <MCP_TOKEN>; the real values, including the workspace URL, are printed by the CLI — do not hand-construct them):

# Claude Code
claude mcp add --transport http rost https://<your-workspace-url>/mcp --header "Authorization: Bearer <MCP_TOKEN>"

# Codex (config.toml)
[mcp_servers.rost]
url = "https://<your-workspace-url>/mcp"
transport = "http"
headers = { Authorization = "Bearer <MCP_TOKEN>" }

// Cursor (mcp.json)
{
  "mcpServers": {
    "rost": {
      "url": "https://<your-workspace-url>/mcp",
      "headers": { "Authorization": "Bearer <MCP_TOKEN>" }
    }
  }
}

Verify the MCP connection

After registering, confirm the client can actually reach the server with the new token before doing real work. Make one cheap read call scoped to your token type:

Any valid token: call rost_list_commands with {}.
Tenant-admin token: read the resource rost://tenant/status.
Seat-scoped token: call rost_get_context with {} (or read rost://seat/<seat-id>/context). A seat token cannot read rost://tenant/status — that is tenant-admin only, so do not use it to test a seat token.
Success returns a normal JSON payload (the command list, your tenant/onboarding status, or your seat context). An auth error (a 401 / "not authorized" shape) means the token did not register — re-run mcp install.

Token lifetime and rotation

Every MCP token now carries an expiry. Tokens minted by rost mcp install default to a 90-day TTL (for both tenant-admin and seat-scoped tokens); after that the token stops authenticating and you re-mint. Override the lifetime at mint time:

--expires-in <days> — set an explicit TTL, between 1 and 365 days. Example: rost mcp install --client codex --scope tenant-admin --expires-in 30.
--no-expiry — mint a token with no practical expiry (a ~100-year TTL). This is a deliberate loosening for long-lived automation; the CLI prints a warning. Prefer a finite --expires-in and rotate instead.

mcp install echoes the chosen expiry, and rost command mcp_token.list reports expires_in_days for every token so you can see what is about to lapse.

One-step rotation. Replace a live token in a single command — it mints the replacement, prints the new registration block, then revokes the old token:

rost mcp install --client <client> --rotate <old-token-id>

Rotation preserves the original token's scope and seat: rotating a seat-scoped token mints a new seat-scoped token for the same seat, and rotating a tenant-admin token mints a tenant-admin token — you do not pass --scope/--seat-id (and if you do, they must match the old token, or the command errors without minting). The CLI looks the old token up first, so an unknown --rotate id fails cleanly with nothing minted. If the mint succeeds but revoking the old token fails (or the id isn't found at revoke time), the CLI says so on stderr and prints the manual mcp_token.revoke command — the new token is already live, so revoke the old one by hand. Find the <old-token-id> with rost command mcp_token.list.

You can also rotate the long way (mint then revoke separately):

1. Re-run rost mcp install --client <client> --scope <tenant-admin|seat> (add --seat-id <seat-id> for a seat token) to mint and register a fresh token — a direct install requires --scope. 2. Revoke the old one (below). Rotate on a periodic cadence, and whenever the scope or seat changes.

Revoke a token

Revoke the server-side token with the command printed by mcp install:

rost command mcp_token.revoke --json '{"token_id":"<token-id>"}'

Revocation is not just end-of-session housekeeping — it is your incident-response action. Revoke immediately if a laptop is lost or stolen, the client config leaks, or the token is committed to version control. If you no longer have the original printout, find the <token-id> with rost command mcp_token.list (MCP rost_list_mcp_tokens) — it returns token metadata, never token material.

Uninstall and cleanup

Revoking the server-side token leaves a dead entry in the client config that will keep erroring. To fully tear a setup down:

1. Revoke the token (mcp_token.revoke, above). 2. Remove the ROST entry from the client config: claude mcp remove rost for Claude Code; delete the [mcp_servers.rost] stanza from the Codex TOML; delete the rost entry from Cursor's mcp.json. 3. rost logout to clear the CLI session from the keychain (this does not revoke MCP tokens — step 1 does that).

Blast radius of a tenant-admin token

A leaked tenant-admin token can administer the whole tenant, not just one seat. It can run tenant-wide setup and onboarding, staffing (rost_staff_seat), member add / remove / role-change (rost_remove_member), Charter approval (rost_approve_charter), settings changes, and further token minting (rost_create_mcp_token) across every seat in the tenant. A seat-scoped token can act only as its one seat, bounded by that seat's Charter and permission manifest. This is why a direct mcp install now requires you to choose `--scope` explicitly (no silent tenant-admin default), why you should mint the narrowest scope that does the job, and why you should reserve tenant-admin for initial setup. mcp install echoes the granted scope and its blast radius at mint time on every path. See the security-model-guide for tenant isolation, vault-backed credentials, and the seat-scoped-authority principle.

Storing the Anthropic key and other credentials

Storing the tenant model key or any other secret goes through credential ingress as a vault reference — the secret is never pasted into a prompt, config, or log. Use rost_save_tenant_anthropic_key (tenant.anthropic_key.save) for the tenant Anthropic key, or rost_store_credential (credential.ingress) for other secrets; rost_configure_agent_tools stages credential requests but never accepts raw secrets. Credential storage is a gated credential_flow confirmation that a human approves. For the vault model and the security posture behind this, see the security-model-guide and the tool-access-and-vault guide; for the confirmation gate, see the confirmations-guide.

When to use MCP or CLI

A technical operator wants to drive onboarding from a local agent session.
A partner wants to use their own local model subscription.
A Steward wants a local agent to inspect context, draft changes, or prepare work.
A developer wants repeatable setup commands.

Access scopes

Tenant-admin access can help set up the company. Seat-scoped access lets an agent act only as a specific seat. Prefer the narrowest scope that can do the job — a direct mcp install requires you to choose --scope tenant-admin or --scope seat --seat-id <id> and mints nothing until you do. rost init defaults to tenant-admin (first-run setup, no seats yet), and --rotate inherits the existing token's scope. See the security-model-guide for tenant isolation, vault-backed credentials, server-side authority checks, and the seat-scoped-authority principle.

For pairing and running a local runner, see the runner-guide.

Safe operating practices (security checklist)

These are the security posture rules for operating after install — a checklist applied across the whole setup, not a competing install procedure. For the full rationale, see the security-model-guide.

1. Log in with the CLI and select the tenant if needed. 2. Read agent-reference-map. 3. Register MCP for the narrowest needed scope (prefer a seat-scoped token for day-to-day operation). 4. Start with onboarding.status or context lookup. 5. Draft changes before durable activation. 6. Route approvals through human confirmation (an agent never approves its own request — see the confirmations-guide). 7. Revoke tokens when you finish operating or the seat changes — and immediately on a lost laptop, leaked config, or committed token. (Revoking is separate from rost logout, which clears only the CLI session, not MCP tokens.)

CLI command catalog

Authentication and tenant selection

Command	Purpose	Scope	Safe example
`rost login`	Open browser login and store the CLI session.	User session	`rost login`
`rost login --device`	Device-code login for a headless agent: prints a short code + URL, a human approves in any browser, the CLI polls until authorized — no browser session needed on the agent's machine.	User session	`rost login --device`
`rost logout`	Clear the local CLI session.	Local session	`rost logout`
`rost signup [--company "<name>"]`	With no flag, open/print the web signup page. With `--company`, create the company headlessly for the logged-in session (no browser step) — it becomes your active tenant.	Public (`--company` needs a login session)	`rost signup --company "Acme"`
`rost whoami`	Show the authenticated user, accessible tenant roles, and the active tenant (`current_tenant_id`).	User	`rost whoami`
`rost tenants`	List tenants the user can access; the active one is marked `current`.	User	`rost tenants`
`rost use <tenant>`	Select a tenant slug or id as the active tenant for the session. It persists, so a following `rost whoami` reports it as `current_tenant_id`.	User	`rost use acme-ops`

Reference and docs

Command	Purpose	Scope	Safe example
`rost docs`	Print the agent-facing how-to summary.	Public reference	`rost docs`
`rost help [group]`	Print top-level usage, or one operation group's usage; `rost <group> --help` works too.	Public reference	`rost help agent`
`rost reference <list\|search\|get> [options]`	Help syntax for public reference commands. `--audience <human\|cli\|mcp\|in_app_agent>` filters to one audience (omit for all).	Public reference	`rost reference search "onboarding" --audience cli`
`rost reference list`	List public reference guides.	Public reference	`rost reference list --audience cli`
`rost reference search <query>`	Search public guides.	Public reference	`rost reference search "MCP install" --audience mcp`
`rost reference get <slug>`	Print one public guide.	Public reference	`rost reference get agent-reference-map`

--audience <human|cli|mcp|in_app_agent> (on reference list and reference search) filters guides to those tagged for that audience. When omitted, all audiences are returned.

Onboarding

Command	Purpose	Scope	Safe example
`rost onboard status`	Return onboarding progress, graph summary, and next actions.	Tenant	`rost onboard status`
`rost onboard run`	Print the deterministic agent onboarding prompt.	Public reference	`rost onboard run`
`rost init [--client claude-code\|codex\|cursor] (defaults --scope tenant-admin)`	Log in when needed, install MCP, and print the onboarding prompt. As the first-run helper it defaults to a tenant-admin token (no seats exist yet); pass `--scope seat --seat-id <id>` to scope it narrower.	User plus tenant	`rost init --client codex`
`rost init --tenant <tenant> --client <client>`	Select a tenant before MCP install.	User plus tenant	`rost init --tenant acme-ops --client cursor`

Direct command execution

Command	Purpose	Scope	Safe example
`rost command <id> [--seat <seat-id>] --json [json-body]`	Execute a server-side command by id. Add `--seat <seat-id>` to run a seat-scoped command (e.g. `task.list`) against a specific seat.	Command-defined	`rost command task.list --seat <seat-id> --json '{}'`
`rost command schema <id> [--json]`	Discover a command's exact input/output schema, help pointer, and a worked example before calling it.	User	`rost command schema compass.draft`
`rost command list [--json]`	List every callable command id with its scope and confirmation gate.	User	`rost command list`
`rost command onboarding.attach_reference --json ...`	Attach a company reference document (reference-only).	Tenant	`rost command onboarding.attach_reference --json '{"text":"# Ops handbook\n...","title":"Ops handbook","kind":"process","source":"handbook/ops.md"}'`
`rost command seat.create --json ...`	Create a Responsibility Graph seat.	Tenant	`rost command seat.create --json '{"name":"Finance","seat_type":"human"}'`
`rost command charter.draft --json ...`	Create or fetch a draft Charter.	Seat or tenant-admin	`rost command charter.draft --json '{"seat_id":"<seat-id>"}'`
`rost command confirmation.approve --json ...`	Approve a pending confirmation as a human.	Tenant	`rost command confirmation.approve --json '{"confirmation_id":"<confirmation-id>"}'`

Seat scope (`--seat <seat-id>`). Seat-operating commands run in a seat context. A seat-scoped MCP token already carries that context; a tenant or owner session does not, so pass --seat <seat-id> to target a specific seat — an owner can target any seat in the tenant, a member only a seat they occupy. The flag rides the x-rost-seat header out-of-band and is never part of the command body; the server resolves and authorizes the seat scope. It works on both the raw rost command <id> path and the ergonomic wrappers (e.g. rost task list --seat <seat-id>).

Regular operation wrappers

Ergonomic subcommands for everyday operation. Each wrapper is sugar over the same server-side command shown in the command-id column — it builds the JSON body from flags and routes through the same execution path as rost command <id> --json. Add --json to any wrapper for stable, machine-parseable output; without it the wrapper prints a concise line that still includes the ids needed for follow-up calls. rost command <id> --json remains the completeness floor for fields a wrapper does not expose.

These ergonomic wrappers (including the rost agent group) require rost 0.2.0 or newer — run npx @rosthq/cli@latest … to get them. Older versions can still reach every command through the rost command <id> --json floor, since command execution is server-side.

Command	Command ids	Purpose	Scope	Safe example
`rost task list\|accept\|decline\|complete\|create`	`task.list`, `task.accept`, `task.decline`, `task.complete`, `task.create`	Operate a seat's task queue.	Seat	`rost task list --json`
`rost status record`	`status.record`	Record measurable readings and goal status as a status event.	Seat	`rost status record --measurable-id <id> --value 42`
`rost signal list\|get\|confirm\|correct`	`signal.list`, `signal.get`, `signal.confirm_reading`, `signal.correct_reading`	Read and confirm Signal measurables.	Seat	`rost signal list --json`
`rost goal list\|create\|update\|status\|reparent\|drop`	`goal.list`, `goal.create`, `goal.update`, `goal.set_status`, `goal.reparent`, `goal.drop`	Manage Cascade goals. Scope varies by verb: `status` is seat-scoped, `list`/`create` need a tenant token, and `update`/`reparent`/`drop` require tenant-admin.	Seat to tenant-admin	`rost goal list --json`
`rost friction list\|file\|resolve\|link`	`friction.list`, `friction.file_issue`, `friction.resolve`, `friction.link_task`	File and resolve Friction issues.	Seat	`rost friction list --status open --json`
`rost escalation list\|get\|resolve\|reject`	`escalation.list`, `escalation.get`, `escalation.resolve`, `escalation.reject`	Work the steward escalation queue.	Steward	`rost escalation list --json`
`rost sync brief\|compile\|complete`	`sync.brief.get`, `sync.brief.compile`, `sync.run.complete`	Compile, read, and complete a weekly Sync.	Tenant	`rost sync brief --json`
`rost runner list\|status\|work-orders\|revoke`	`runner.list`, `runner.status`, `work_order.list`, `runner.revoke`	Inspect runners and work orders; revoke a runner.	Tenant	`rost runner list --json`
`rost notification settings\|test\|errors`	`notification.settings.get`, `notification.test`, `notification.list_errors`	Read notification settings, send a test, and list failed deliveries with linked product error source, seat id, and run id when available.	Tenant	`rost notification errors --limit 10 --json`
`rost settings get\|update`	`settings.get`, `settings.update`	Read tenant settings; update budget caps.	Tenant	`rost settings get --json`
`rost member invite\|update\|remove`	`member.invite`, `member.update`, `member.remove`	Manage tenant members.	Tenant	`rost member invite --email ops@example.com --role member`
`rost agent templates\|create\|setup\|tools\|dry-run\|go-live\|status\|run-now\|get-run\|show`	`agent_template.list`, `agent.create_from_template`, `agent.create_custom`, `agent_setup.get`, `agent_setup.update`, `agent.configure_tools`, `agent.run_dry_run`, `agent.go_live`, `agent.status`, `agent.run_now`, `agent.get_run`, `agent.show_markdown`	Run the full agent setup and operation flow: list templates, create a draft from a template or guided custom answers (with `--model` and `--effort`), read or answer setup state, connect or decline tools, dry-run, go live, run on demand, read one run's transcript/error diagnostics, and show a markdown readout. Create and go-live stop at human gates; the dry-run is ungated by human approval but requires a signed manifest first.	Tenant and seat	`rost agent get-run --seat-id <seat-id> --run-id <run-id> --json`
`rost tools list`	`tool.catalog`	List the discoverable tool catalog the builder reads (id, scope tiers, credential requirement, access policy). Configuration only; the tools do not execute yet.	Tenant	`rost tools list --json`
`rost compass show`	`compass.show_markdown`	Render the current Compass as a clean markdown card for review.	Tenant	`rost compass show --markdown`
`rost charter show`	`charter.show_markdown`	Render a seat's Charter as a clean markdown card for review.	Tenant	`rost charter show --seat-id <id> --markdown`

MCP registration

Command	Purpose	Scope	Safe example
`rost mcp install --client claude-code\|codex\|cursor --scope tenant-admin\|seat [--seat-id <id>] [--expires-in <days>\|--no-expiry] [--skip-permissions]`	Direct install syntax. `--scope` is required (seat is narrower — prefer it for day-to-day; tenant-admin can administer the whole company). `--expires-in <days>` (1..365) or `--no-expiry` sets the token TTL (default 90 days). `--skip-permissions` auto-approves the token-mint confirmation in a non-interactive session (see below).	Tenant	`rost mcp install --client codex --scope tenant-admin --expires-in 30`
`rost mcp install --client claude-code\|codex\|cursor --rotate <old-token-id> (inherits the old token's scope; no --scope)`	Rotate syntax. Mints a replacement, inherits the old token's scope/seat (so do not pass `--scope`), prints the new registration block, and revokes the old token.	Tenant	`rost mcp install --client codex --rotate <old-token-id>`
`rost mcp install ... --skip-permissions (or ROST_CLI_SKIP_PERMISSIONS=1 — auto-approves the token-mint confirmation in a non-interactive session)`	Skip-permissions opt-in. In a headless/agent session, auto-approve the `human_required` token-mint (and rotate revoke) confirmation inline instead of surfacing it for a human (a deliberate loosening). An interactive operator never needs it.	Tenant	`rost mcp install --client codex --scope seat --seat-id <seat-id> --skip-permissions`
`rost mcp install --client claude-code --scope tenant-admin`	Mint a tenant-admin MCP token and print a Claude Code registration command.	Tenant	`rost mcp install --client claude-code --scope tenant-admin`
`rost mcp install --client codex --scope tenant-admin`	Mint a tenant-admin MCP token and print Codex TOML.	Tenant	`rost mcp install --client codex --scope tenant-admin`
`rost mcp install --client cursor --scope tenant-admin`	Mint a tenant-admin MCP token and print Cursor JSON.	Tenant	`rost mcp install --client cursor --scope tenant-admin`
`rost mcp install --client <client> --scope seat --seat-id <seat-id>`	Mint a token limited to one seat (the narrowest scope — prefer for day-to-day).	Seat	`rost mcp install --client codex --scope seat --seat-id <seat-id>`
`rost --help`	Print top-level CLI help.	Public help	`rost --help`

MCP tool and resource catalog

This catalog is the canonical machine surface — the rost_* tools your MCP client calls. Three different things are called "tools" in ROST; do not confuse them:

1. The MCP tools below — the rost_* surface your client actually calls to read and act. 2. `rost tools list` / `tool.catalog` (MCP rost_list_tool_catalog) — the agent-configuration catalog the builder reads when staffing an agent. It is selectable per agent and does not execute yet; it is not the surface you call to operate. 3. The "Available tools guide" (in the sidebar) — covers tool *categories* and governance, not a callable surface. See the available-tools-guide.

Sections below: Command discovery (2) · Public reference (3) · Tenant-admin tools (grouped by domain) · Seat-scoped operating tools (9) · MCP operation resources (9).

Command discovery tools

These read-only tools are available to any valid MCP token (like the reference tools). Use them to discover a command's exact contract before calling it, and when a command fails, read the error's help field and run the command it names.

Tool	Purpose	Scope	Safe example
`rost_describe_command`	Return a command's input/output JSON Schema, scope, confirmation gate, help pointer, guides, a validated example, and related commands.	Any valid MCP token	Query `{"command_id":"compass.draft"}`
`rost_list_commands`	List every callable command id with its title, scope, confirmation, and stages.	Any valid MCP token	Call with `{}`

The equivalent CLI verbs are rost command schema <id> and rost command list. The discoverable tool catalog is rost tools list (MCP rost_list_tool_catalog, tenant-scoped).

Public reference tools and resources

Tool or resource	Purpose	Scope	Safe example
`rost_reference_search`	Search public reference guides.	Any valid MCP token	Query `{"query":"agent-reference-map","audience":"mcp"}`
`rost_reference_get`	Retrieve a public guide by slug.	Any valid MCP token	Query `{"slug":"agent-reference-map"}`
`rost://reference/{slug}`	Read a public reference guide as a resource.	Any valid MCP token	Resource `rost://reference/mcp-and-cli-guide`

Tenant-admin tools

These names are available to tenant-admin MCP tokens. They are aliases over the shared command layer and are audited as MCP tool calls. The list spans far more than onboarding — it groups, in order: onboarding, seats, Charter, confirmations, Compass, staffing, credentials/tokens, graph reads, agents, runners and work orders, notifications, members and settings, Signals, Cascade goals, Friction, tasks, Sync, and escalations.

Several rows here are seat-operating commands (task.create, the signal.*, goal.*, and friction.* families) surfaced because they are also tenant-admin-callable — which is why the CLI wrapper table marks them "Seat". Scope selection follows the Seat scope note above: a seat-scoped token already carries seat context, while a tenant or owner token must pass --seat <seat-id> (CLI) or supply seat context (MCP). See the security-model-guide for the seat-vs-tenant authority principle.

Tool	Command id	Purpose	Required scope	Safe example
`rost_onboard_status`	`onboarding.status`	Inspect onboarding progress.	Tenant	Call with `{}`
`rost_advance_onboarding_step`	`onboarding.advance_step`	Persist the current onboarding step after validation.	Tenant	Call with the next step after checking status.
`rost_finish_onboarding`	`onboarding.finish`	Mark onboarding complete once requirements pass.	Tenant	Call after graph, Compass, and Charters are ready.
`rost_attach_reference_document`	`onboarding.attach_reference`	Attach a company reference document (text/markdown) with title/kind/source so Compass and Charters can cite it.	Tenant	Call with `text`, a `title`, a `kind`, and a `source`.
`rost_upload_org_context`	`onboarding.upload_context`	Back-compat alias of `onboarding.attach_reference`.	Tenant	Prefer `rost_attach_reference_document`; same widened schema.
`rost_create_onboarding_invite`	`onboarding.create_invite`	Invite a team member during onboarding.	Tenant	Call with a business email and role.
`rost_save_tenant_anthropic_key`	`tenant.anthropic_key.save`	Store a tenant model key through the vault.	Tenant	Use only with a real human-provided secret.
`rost_create_seat`	`seat.create`	Create a Responsibility Graph seat.	Tenant	Call with `{"name":"Finance","seat_type":"human"}`.
`rost_rename_seat`	`seat.rename`	Rename a seat.	Seat or tenant-admin	Call with `seat_id` and `name`.
`rost_reparent_seat`	`seat.reparent`	Move a seat under a new parent.	Seat or tenant-admin	Call with `seat_id` and `parent_seat_id`.
`rost_set_seat_type`	`seat.set_type`	Set a seat type.	Seat or tenant-admin	Call with `seat_id` and `seat_type`.
`rost_decommission_seat`	`seat.decommission`	Retire a seat: end occupancies, archive the Charter, revoke tokens/credentials, cancel schedules, tombstone event. No-orphan guarded.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>"}`; expect confirmation.
`rost_draft_charter`	`charter.draft`	Create or fetch a draft Charter.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>"}`.
`rost_draft_all_charters`	`charter.draft_all`	Draft Charters for every eligible seat.	Tenant	Call after initial graph creation.
`rost_update_charter_draft`	`charter.update_draft`	Update a draft Charter document.	Seat or tenant-admin	Call with `charter_version_id` and the full `doc`.
`rost_set_charter`	`charter.set`	Create or replace a seat's draft Charter from a full document in one call.	Seat or tenant-admin	Call with `seat_id` and `doc`; `approve` activates it (human gate).
`rost_approve_charter`	`charter.approve`	Approve a draft Charter as a human owner.	Seat or tenant-admin	Expect confirmation when authority changes.
`rost_skip_charter_draft`	`charter.skip`	Mark a Charter draft as skipped.	Seat or tenant-admin	Call only when a human defers the seat.
`rost_apply_charter_seat_type_recommendation`	`charter.apply_seat_type_recommendation`	Apply a Charter's seat-type recommendation.	Seat or tenant-admin	Call after reviewing the draft.
`rost_sign_charter_manifest`	`charter.sign_manifest`	Request human confirmation for a permission manifest.	Seat or tenant-admin	Use after tool permissions are reviewed.
`rost_approve_pending_confirmation`	`confirmation.approve`	Approve a pending confirmation.	Tenant	Call with `{"confirmation_id":"<confirmation-id>"}`.
`rost_reject_pending_confirmation`	`confirmation.reject`	Reject a pending confirmation.	Tenant	Call with `{"confirmation_id":"<confirmation-id>"}`.
`rost_draft_compass`	`compass.draft`	Create a Compass draft.	Tenant	Call with a concise Compass document.
`rost_update_compass_draft`	`compass.update_draft`	Replace a Compass draft document.	Tenant	Call with `draft_id` and updated document.
`rost_approve_compass_version`	`compass.approve_version`	Activate a Compass version by supersession.	Tenant	Call after human review.
`rost_reject_compass_draft`	`compass.reject_draft`	Reject and remove a Compass draft.	Tenant	Call when the draft should not proceed.
`rost_answer_compass_gap`	`compass.answer_gap`	Record a human answer for a Compass gap.	Tenant	Call with `gap_id` and answer text.
`rost_set_compass`	`compass.set`	Compatibility helper for setting Compass over MCP.	Tenant	Call with the approved Compass shape.
`rost_assign_user_to_seat`	`staffing.assign_user`	Assign a human user occupancy to a seat.	Seat or tenant-admin	Call with `seat_id` and `user_id`.
`rost_assign_dry_run_agent_to_seat`	`staffing.assign_agent_dry_run`	Assign an agent occupancy in dry-run mode.	Seat or tenant-admin	Call only after Steward chain is clear.
`rost_staff_seat`	`staffing.assign`	Compatibility helper for human, agent, or hybrid staffing.	Seat or tenant-admin	Call with `seat_id` and `occupant`.
`rost_store_credential`	`credential.ingress`	Store a secret through the vault and persist only a vault reference.	Seat or tenant-admin	Use vault-backed values only.
`rost_go_live`	`agent.go_live`	Promote a dry-run agent seat to live.	Seat or tenant-admin	Call after human approval.
`rost_create_mcp_token`	`mcp_token.create`	Mint a tenant-admin or seat-scoped MCP token.	Tenant	Prefer `rost mcp install` for users.
`rost_revoke_mcp_token`	`mcp_token.revoke`	Revoke an MCP token immediately.	Tenant	Call with `token_id`.
`rost_get_responsibility_graph`	`graph.get`	Read the Responsibility Graph: seats, edges, root, occupants, status rollups.	Tenant	Call with `{}` before mutating or routing work.
`rost_get_seat_detail`	`seat.get`	Read a seat's Charter ids, steward chain, occupancy, agent status, token metadata, and open-work counts.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>"}`.
`rost_list_charters`	`charter.list`	List Charter versions, optionally by seat or status.	Tenant	Call with `{}` or `{"seat_id":"<seat-id>"}`.
`rost_get_charter`	`charter.get`	Read a Charter with supersession history and dry-run status.	Tenant	Call with `{"charter_version_id":"<id>"}`.
`rost_get_current_compass`	`compass.get_current`	Read the active and draft Compass versions and source documents.	Tenant	Call with `{}`.
`rost_list_compass_gaps`	`compass.list_gaps`	List unanswered and answered Compass context gaps.	Tenant	Call with `{}` before answering gaps.
`rost_get_agent_status`	`agent.status`	Read agent lane, live state, steward chain, dry-run result, Runner availability.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>"}`.
`rost_list_agent_fleet`	`agent.list_fleet`	Read every staffed agent seat at once: lane, live state, last real turn, 24h/7d real turns, measurable status, escalations, and 7-day spend.	Tenant	Call with `{}`; counts use the same seat-run association as `agent.list_runs`, with sandbox dry runs excluded from real turns.
`rost_run_agent_now`	`agent.run_now`	Queue an immediate run for a live staffed agent without changing its saved schedule; cloud lane dispatches to the executor and runner lane queues for the paired runner.	Tenant	Call with `{"seat_id":"<seat-id>"}`.
`rost_list_agent_runs`	`agent.list_runs`	Read a seat's agent run history (status, lane, model, cost, per-run tool-call and guard-held counts) plus the seat's run/tool-call rollup including held-action count.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>"}`; pass `limit` for a deeper window.
`rost_get_agent_run_diagnostics`	`agent.get_run`	Read one run's diagnostic record: transcript reference, token/cost usage, outcome, and linked product-visible run errors.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>","run_id":"<run-id>"}`.
`rost_list_agent_tool_calls`	`agent.list_tool_calls`	Read a seat's tool-call ledger (tool name, guard result, manifest clause, outcome) with the held-action count as the hero metric. Never returns argument summaries or secret material.	Seat or tenant-admin	Call with `{"seat_id":"<seat-id>"}`; pass `held_only: true` for only guard-held calls.
`rost_list_agent_templates`	`agent_template.list`	List stock agent templates and metadata.	Tenant	Call with `{}`.
`rost_create_agent_from_template`	`agent.create_from_template`	Create a draft stock agent and draft Charter from a template (draft-only; occupancy needs a human steward).	Tenant	Call with `seat_id` and `template_slug`; expect human confirmation.
`rost_start_agent_setup`	`agent_setup.start`	Start an agent setup draft for template, custom, or existing mode.	Tenant	Call with `mode` and seat placement.
`rost_get_agent_setup`	`agent_setup.get`	Read agent setup state, blockers, and next action.	Seat or tenant-admin	Call with `{"setup_id":"<id>"}`.
`rost_update_agent_setup`	`agent_setup.update`	Update parent, steward, lane, schedule, or answers on a setup draft.	Tenant	Call with `setup_id` and the fields to change.
`rost_update_agent_schedule`	`agent.update_schedule`	Update a draft or live agent's scheduled execution.	Tenant	Call with `agent_id` and `schedule_cron`; expect human confirmation.
`rost_decommission_agent`	`agent.decommission`	Retire an agent occupancy safely (no-orphan guarded).	Tenant	Call with `agent_id`; expect human confirmation.
`rost_pause_agent`	`agent.pause`	Pause a live agent so it stops scheduled and on-demand runs; reversible.	Tenant	Call with `seat_id`; expect human confirmation.
`rost_resume_agent`	`agent.resume`	Resume a paused agent back to live (no-orphan guarded).	Tenant	Call with `seat_id`; expect human confirmation.
`rost_create_custom_agent`	`agent.create_custom`	Create a draft custom agent shell and draft Charter seed from operational answers.	Tenant	Call with `seat_id` and operational answers; expect human confirmation.
`rost_configure_agent_tools`	`agent.configure_tools`	Connect or decline proposed tools and stage credential-ingress requests (vault refs only).	Seat or tenant-admin	Never send raw secrets; expect a credential confirmation.
`rost_run_agent_dry_run`	`agent.run_dry_run`	Run the sandbox dry run for a draft agent; durable and idempotent per Charter version.	Seat or tenant-admin	Call after the manifest is signed; ungated by human approval, but precondition-gated on a signed manifest.
`rost_list_mcp_tokens`	`mcp_token.list`	List MCP token metadata (never token material).	Tenant	Call with `{}` or `{"include_revoked":true}`.
`rost_list_runners`	`runner.list`	List local runners and their online/offline/revoked state.	Tenant	Call with `{}`.
`rost_runner_status`	`runner.status`	Read a single runner's capability and state.	Tenant	Call with `runner_id`.
`rost_start_runner_pairing`	`runner.pairing.start`	Open a runner pairing session and return the human pairing code.	Tenant	Call with `name` and `platform`.
`rost_revoke_runner`	`runner.revoke`	Revoke a runner so it can no longer authenticate.	Tenant	Call with `runner_id`; expect human confirmation.
`rost_list_work_orders`	`work_order.list`	List runner/cloud work orders for the tenant.	Tenant	Call with optional `status`, `agent_id`, or `runner_id`.
`rost_enqueue_work_order`	`work_order.enqueue`	Queue a work order for a live scheduled agent.	Tenant	Call with `agent_id`.
`rost_cancel_work_order`	`work_order.cancel`	Cancel a queued, claimed, or running work order.	Tenant	Call with `work_order_id`; expect human confirmation.
`rost_get_notification_settings`	`notification.settings.get`	Read tenant notification preferences.	Tenant	Call with `{}`.
`rost_update_notification_settings`	`notification.settings.update`	Update tenant notification preferences.	Tenant	Call with the fields to change.
`rost_send_test_notification`	`notification.test`	Emit an in-app test notification to the acting human.	Tenant	Call with `{}`.
`rost_list_notification_errors`	`notification.list_errors`	List recent failed notification deliveries with linked `error_log_id`, source, seat id, and run id when available.	Tenant	Call with optional `limit`; `source=run` rows can be followed with `agent.get_run`.
`rost_invite_member`	`member.invite`	Create a pending tenant invite for a human teammate.	Tenant	Call with `email` and `role`.
`rost_update_member_role`	`member.update`	Change a tenant member's role.	Tenant	Call with `member_id` and `role`; expect human confirmation.
`rost_remove_member`	`member.remove`	Remove a tenant member.	Tenant	Call with `member_id`; blocked if it would orphan an agent steward chain.
`rost_get_tenant_settings`	`settings.get`	Read tenant operating settings and integration status.	Tenant	Call with `{}`; metadata only.
`rost_update_tenant_settings`	`settings.update`	Update tenant AI budget caps.	Tenant	Call with `soft_cap_usd` or `hard_cap_usd`; expect human confirmation.
`rost_get_sync_brief_scope`	`settings.sync_brief_scope.get`	Read the tenant's Sync Brief scope (company_wide or per_cluster).	Tenant	Call with `{}`.
`rost_update_sync_brief_scope`	`settings.sync_brief_scope.update`	Set the tenant's Sync Brief scope (company_wide or per_cluster).	Tenant-admin	Owner-only; call with `{"sync_brief_scope":"company_wide"}` or `{"sync_brief_scope":"per_cluster"}`.
`rost_list_signals`	`signal.list`	List measurables with their latest reading and on/off-track state.	Seat or tenant-admin	Call with `{}` to find measurable ids.
`rost_get_signal`	`signal.get`	Read a measurable with its full reading history.	Seat or tenant-admin	Call with `{"measurable_id":"<id>"}`.
`rost_confirm_signal_reading`	`signal.confirm_reading`	Confirm an unconfirmed reading as human-verified.	Seat or tenant-admin	Humans confirm; call with `{"reading_id":"<id>"}`.
`rost_correct_signal_reading`	`signal.correct_reading`	Overwrite a reading with a human-confirmed value.	Seat or tenant-admin	Manual correction; expect confirmation.
`rost_add_a_measurable`	`measurable.create`	Add a measurable a seat owns (name, unit, direction, target, cadence).	Seat or tenant-admin	Call with `{"seat_id":"<id>","name":"...","unit":"...","direction":"up_good","target":0,"cadence":"weekly"}`.
`rost_list_cascade_goals`	`goal.list`	List Cascade goals, optionally by cycle or seat.	Seat or tenant-admin	Call with `{}` or `{"cycle_id":"<id>"}`.
`rost_create_cascade_goal`	`goal.create`	Create a cycle goal under an objective.	Tenant	Call with cycle, seat, parent, title, definition of done.
`rost_update_cascade_goal`	`goal.update`	Update a goal's title or definition of done.	Tenant	Call with `goal_id` and the changed fields.
`rost_set_cascade_goal_status`	`goal.set_status`	Set a goal's status (on/off/done).	Seat or tenant-admin	Seats may set only their own goals.
`rost_reparent_cascade_goal`	`goal.reparent`	Move a goal under a new parent.	Tenant	Authority change; expect confirmation.
`rost_drop_cascade_goal`	`goal.drop`	Drop (retire) a goal, retained for audit.	Tenant	Expect confirmation.
`rost_list_friction_issues`	`friction.list`	List Friction issues ranked by impact and severity.	Seat or tenant-admin	Call with `{}` or `{"status":"active"}`.
`rost_update_friction_issue_status`	`friction.update_status`	Move a non-terminal issue between open and diagnosing.	Seat or tenant-admin	Call with `issue_id` and `status`.
`rost_resolve_friction_issue`	`friction.resolve`	Resolve an issue with a root cause and remediation task.	Tenant	Human decision; expect confirmation.
`rost_link_task_to_friction_issue`	`friction.link_task`	Attach an existing task as an issue's action task.	Seat or tenant-admin	Call with `issue_id` and `task_id`.
`rost_create_task`	`task.create`	Create a task (a commitment between seats).	Seat or tenant-admin	`none` — created directly; the owning seat accepts or declines.
`rost_compile_sync_brief`	`sync.brief.compile`	Compile the weekly Sync Brief (idempotent per period).	Tenant	Call with `{}`.
`rost_get_sync_brief`	`sync.brief.get`	Read the latest or a specific Sync Brief and agenda.	Seat or tenant-admin	Call with `{}` or `{"sync_brief_id":"<id>"}`.
`rost_start_sync_run`	`sync.run.start`	Ensure a Sync Brief exists so the meeting can begin.	Tenant	Call with `{}`.
`rost_complete_sync_run`	`sync.run.complete`	Record that the Sync meeting completed (idempotent).	Tenant	Call with `{"sync_brief_id":"<id>"}`.
`rost_assign_sync_follow_up`	`sync.item.assign`	Create a follow-up task from a Sync agenda item.	Tenant	Call with brief, owner seat, title, description.
`rost_list_escalations`	`escalation.list`	List Steward queue escalations (own steward chain for humans, own seat for agents).	Seat or tenant-admin	Call with `{}` or `{"include_decided":true}`.
`rost_get_escalation`	`escalation.get`	Read one escalation's evidence, recommendation, and decision state.	Seat or tenant-admin	Call with `{"id":"<escalation-id>"}`. Resolve/reject are human-only and not exposed over MCP.
`rost_show_compass_as_markdown`	`compass.show_markdown`	Render the current Compass and its open gaps as a clean markdown card for review.	Tenant	Call with `{}`.
`rost_show_charter_as_markdown`	`charter.show_markdown`	Render a seat's active or latest Charter as a clean markdown card for review.	Tenant	Call with `{"seat_id":"<seat-id>"}`.
`rost_show_agent_setup_as_markdown`	`agent.show_markdown`	Render a seat's agent setup, model, steward, tools, and Charter as a clean markdown card for review.	Tenant	Call with `{"seat_id":"<seat-id>"}`.
`rost_list_tool_catalog`	`tool.catalog`	List the discoverable tool catalog the agent builder reads — id, prescriptive description, scope tiers, credential requirement, access policy. Configuration only; the tools do not execute yet.	Tenant	Call with `{}` or `{"provider":"google"}`.

Seat-scoped operating tools

Seat-scoped MCP tokens expose the operating protocol below. The server still checks the seat's permission manifest, Charter, task ownership, and tenant boundary. These are the seat-token equivalents of the CLI rost task / rost signal / rost friction wrappers and the tenant-admin task tools above: rost_get_tasks, rost task list, and task.list are the same operation reached three different ways. The command-id column makes the mapping explicit.

Tool	Command id	Purpose	Scope	Safe example
`rost_get_context`	(read) seat-context bundle	Retrieve the seat's Charter, Compass, goals, tasks, issues, and protocol instructions. Equivalent to reading `rost://seat/{id}/context`.	Seat	Call first with `{}`.
`rost_get_tasks`	`task.list`	List open tasks visible to the seat. Each task's `due_on` is an ISO date string (`YYYY-MM-DD`) or null.	Seat	Call with `{}`.
`rost_accept_task`	`task.accept`	Accept a task owned by the seat.	Seat	Call with `{"task_id":"<task-id>"}`.
`rost_decline_task`	`task.decline`	Decline a task with a reason.	Seat	Call with `task_id` and `reason`.
`rost_report_status`	`status.record`	Write a status event.	Seat	Call with a concise status payload.
`rost_complete_task`	`task.complete`	Complete a task and record evidence.	Seat	Call with `task_id` and evidence.
`rost_escalate`	`escalation.raise`	Escalate approval-scope or must-escalate work.	Seat	Call with severity, reason, and requested decision.
`rost_file_issue`	`friction.file_issue`	File a Friction issue.	Seat	Call with title, severity, and impact.
`rost_log_work`	`work.log`	Record work performed by the seat.	Seat	Call with summary and evidence.

MCP operation resources

These read-only resources bundle the facts the UI shows so an agent can avoid guessing ids. Each enforces tenant, role, and seat scope server-side and never returns secrets, tokens, local file paths, or cross-tenant ids. Tenant-wide resources require a tenant-admin token; the seat-context resource is readable by the owning seat token (or a tenant-admin for any seat in the tenant); the operations map is public to any valid token.

Resource	Purpose	Scope	Safe example
`rost://tenant/status`	Current user, tenant, role/scope, and onboarding status.	Tenant-admin	Read before driving tenant setup.
`rost://graph`	Responsibility Graph: seats, edges, root, occupants, status rollups.	Tenant-admin	Read before routing or reparenting work.
`rost://seat/{id}/context`	A seat's Compass, Charter, goals, measurables, open tasks, open issues, and protocol.	Seat (own seat) or tenant-admin (any seat)	Read `rost://seat/<seat-id>/context` for the acting seat.
`rost://compass/current`	Active and draft Compass versions plus source documents.	Tenant-admin	Read before drafting Compass changes.
`rost://sync/latest`	The most recent compiled Sync Brief and its agenda.	Tenant-admin	Read before running the weekly Sync.
`rost://agents/templates`	Stock agent templates: responsibilities, default tools, safety boundaries, and dry-run rehearsal.	Tenant-admin	Read before creating an agent from a template.
`rost://agent-setup/{id}`	A draft agent setup's mode, parent, steward, lane, schedule, tool decisions, dry-run, blockers, and next action.	Tenant-admin	Read `rost://agent-setup/<setup-id>` to resume a draft.
`rost://seat/{id}/agent-status`	A seat's agent occupancy, lane, schedule, live state, steward chain, and dry-run result.	Seat (own seat) or tenant-admin (any seat)	Read `rost://seat/<seat-id>/agent-status` for the acting seat.
`rost://operations/reference-map`	Machine-facing map of which guide to read before each workflow.	Any valid MCP token	Read first when planning a CLI/MCP workflow.

Troubleshooting

These rows are quick, at-a-glance triage. For deeper auth, tenant, scope, confirmation, and MCP-token errors — including structured error-code interpretation — see the troubleshooting-guide.

Not logged in: run rost login, then retry rost whoami.
Session not persisting (keychain issue — "not logged in" right after a successful login): clear and re-run rost login --device; the session is stored in the macOS Keychain by default. On a non-macOS or no-keychain host the CLI errors unless you opt into the plain-file token store — see Headless Linux, CI, and machines with no keychain.
Wrong tenant: run rost tenants, then rost use <tenant-slug-or-id>.
Missing Node: install Node 22 or newer, then rerun npx @rosthq/cli@latest --help.
Node present but too old (npx launches but the CLI rejects it): run node --version; if it is below v22, upgrade Node.
Stale npx cache: rerun with npx @rosthq/cli@latest --help or clear the npm cache.
MCP connection not working after registering: call rost_list_commands with {} (any token); with a tenant-admin token read rost://tenant/status, with a seat-scoped token call rost_get_context with {} (a seat token cannot read rost://tenant/status). A 401 / not-authorized shape means the token did not register — re-run mcp install.
Revoked, expired, or invalid MCP token: run rost mcp install --client <client> --scope <tenant-admin|seat> again to mint and register a fresh one (a direct install requires --scope; or rotate the old token in place with --rotate <old-token-id>, which inherits its scope). Tokens minted by mcp install default to a 90-day expiry — check expires_in_days in rost command mcp_token.list; mint with --expires-in <days> or --no-expiry to change it.
Confirmation required: a human approves from the approveVia web link or runs the rost command confirmation.approve --json ... command shown in the CLI error output (an agent never approves its own request — see the confirmations-guide).
Command denied by scope or manifest: switch to a tenant-admin token for setup, or ask a human Steward to update the seat Charter and permission manifest.
Inference budget hard cap reached (a run stops with a budget precondition error): raise the tenant hard cap with rost settings update --hard-cap-usd <amount> (command settings.update), then retry. A new company starts at a $0 hard cap, so managed-inference runs are blocked until it is set. The sandbox dry run is free and is never blocked by the cap, so you can charter, dry-run, and go live before setting a budget.
Need command guidance: run rost docs, rost reference search "onboarding", or rost reference get agent-reference-map.
Need MCP guidance: call rost_reference_get with {"slug":"agent-reference-map"}.