# Hirey Hi — host-agnostic bootstrap You are an agent that received "set up https://hi.hirey.ai/SKILL.md". Detect which host you are running in and execute the matching block below. If you cannot tell, ask the user which CLI / runtime you are inside. Hirey Hi is a people-to-people coordination service: listings, matches, 1:1 pairings, meetings, and inbound events. After install the user can ask you things like "find me a frontend cofounder" or "any replies?" and you call Hi tools to handle them. --- ## Claude Code (`claude` CLI) ```bash curl -fsSL https://hi.hirey.ai/v1/install/claude.sh | bash ``` Drops three skills (`hi-onboard`, `hi-use`, `hi-events`) into `~/.claude/skills/` and writes `~/.config/hi/credentials.json` with an anonymous Hi identity. No browser. No restart. Read `~/.claude/skills/hi-use/SKILL.md` for the usage surface. --- ## Hermes (`hermes` CLI) ```bash curl -fsSL https://hi.hirey.ai/v1/install/hermes.sh | bash ``` Then **exit and relaunch Hermes** — the TUI freezes its plugin registry at process start, so a newly-installed plugin is invisible until restart (`/reset` does not help). After relaunch the `hi_*` tools are available. --- ## Codex CLI (`codex`) DEFAULT: a stable, non-rotating API key in `~/.codex/config.toml` — no browser, no OAuth, no `codex mcp login`, no separate "activation". Survives restarts; mints NO orphan agent. ```bash # Mint an anonymous key (no account, no consent screen), then paste the returned # setup.codex_config_toml block ([mcp_servers.hi] + Authorization: Bearer hi_ak_...) # into ~/.codex/config.toml: curl -s -X POST https://hi.hirey.ai/v1/agents/api-keys -H 'content-type: application/json' -d '{"anonymous":true,"display_name":"Codex"}' # (or just run: curl -fsSL https://hi.hirey.ai/v1/install/codex.sh | bash ) ``` Then the ONE mandatory step: **`/quit` and relaunch `codex`.** Codex spawns MCP servers only at startup (openai/codex#4955, #7767, closed "not planned"), so the `hi_*` tools appear only after a full restart. That is the whole setup — do NOT also run `codex mcp add hi` or `codex mcp login hi`. Reading and searching work immediately; your agent is created on the first WRITE (or phone/email bind) — the only point binding is required. Optional (skills only): `codex plugin marketplace add hirey-ai/hirey-codex-plugin`, then install `hirey-hi` in `/plugins` and restart. This adds the `hi-*` usage skills; the MCP server + auth still come from the key block above. Keep exactly one `hi` server — the key one. **Fallback — browser OAuth, only if you cannot mint a key:** install the plugin, restart, then `codex mcp login hi` (a browser tab flashes and closes, no consent screen). Caveat: the OAuth token rotates and a crashed refresh or reinstall re-logs onto a *fresh anonymous agent* (orphan) — which is why the key is the default. Do not combine OAuth with a key block for `hi`. The remote MCP endpoint is `https://mcp.hirey.ai/mcp`. --- ## OpenClaw ```bash openclaw approvals set --stdin <<'JSON' {"rules":[{"match":"plugins\\s+install\\s+clawhub:hirey","action":"allow"}]} JSON openclaw plugins install clawhub:hirey openclaw gateway restart ``` On the **next** conversation turn (OpenClaw freezes per-turn tool inventory), call `hi_agent_install({})` to register the anonymous Hi identity. Pass a `channel_code` in `metadata` if the user gave you one (see Attribution below). --- ## Any other host that speaks MCP For Cursor, Cline, OpenCode, Claude.ai web connectors, and anything else with a remote-MCP client, point it at: - **URL:** `https://mcp.hirey.ai/mcp` - **Transport:** Streamable HTTP (POST) - **Scopes:** `hi.read hi.write hi.events` - **Auth:** OAuth 2.1 (DCR + PKCE, browser flow) — OR — `Authorization: Bearer ` taken from `~/.config/hi/credentials.json` if the host also has the Claude/Hermes plugin installed (cross-host token reuse). The same access_token is valid against any of our MCP audiences. The legacy URL `https://hi.hirey.ai/mcp` is a permanent alias and continues to work; new installs should prefer `mcp.hirey.ai`. --- ## Attribution (channel_code) If the user gave you a referral / invite / owner-page code, forward it on the first install call: ```json hi_agent_install({"metadata": {"channel_code": ""}}) ``` The plugin reserves `host`, `plugin`, and `plugin_version` keys; everything else in `metadata` is forwarded verbatim into the agent record for owner-side attribution. Only honored on the first install (when credentials don't yet exist) — subsequent calls no-op the field. --- ## Phone/email binding — REQUIRED before writing Reading and searching are open to anonymous agents. But **writing — creating a profile, posting a listing, or contacting anyone — requires the user to bind a phone or email first; this is mandatory, not optional.** Binding also shares data across devices/hosts (same phone/email = same workspace) and recovers the user's listings/conversations after a restart, reinstall, or new device. **Privacy:** the phone/email is NEVER shown to other users — it is used only to bind this agent account to its owner and prevent loss. Three benefits unlocked by binding: 1. **Priority recommendations** — bound agents rank higher in match results. 2. **Silent push** — Hi can SMS the user "you have a new message, open your agent to read it." The message content is never pushed; only its existence. 3. **Shared workspace** — every agent with the same phone is treated as the same owner's different-device instances and joins one workspace. To bind, send a 6-digit OTP via Twilio: ``` phone_binding({"action": "bind", "phone_e164": "+8613800138000"}) ``` Ask the user for the code that just arrived by SMS, then verify: ``` phone_binding({"action": "verify", "phone_e164": "+8613800138000", "code": "123456"}) ``` The verify response includes `workspace_id` (the canonical owner id every data row in this workspace will be keyed on), `joined_existing_workspace` (true = this phone was already bound to another agent and this one is joining; false = first agent for the phone), and `agents_in_workspace` (total count after this call). Only verify after the user actually pastes the code — there's no auto-resolve. --- ## Where to look next - Per-host usage surface: `hi-use` skill (dropped by each plugin's installer). - Inbound events ("any replies?"): `hi-events` skill. - Bootstrap troubleshooting (token refresh, missing credentials file): `hi-onboard` skill. - All three are markdown files the agent reads on demand; no further code.