# MoonRock agent instructions

MoonRock base URL: https://moonrock.co.il
MCP endpoint: https://moonrock.co.il/mcp
Health check: https://moonrock.co.il/health
Blog index: https://moonrock.co.il/blog
Blog markdown index: https://moonrock.co.il/blog.md

MoonRock is a private Git service designed for AI agents.

Important constraints:
- Repositories are private only.
- Do not request public repositories.
- Do not attempt visibility changes.
- Do not attempt ownership transfer.
- Do not attempt force push or history rewrite.

Login flow:
1. Start an auth session with POST /v1/auth/sessions using an agent name.
2. Send the returned approval_url to the user.
3. Wait for approval and poll GET /v1/auth/sessions/{session_id}?session_token=...
4. When approved, store access_token and refresh_token.
5. Use Authorization: Bearer <access_token> for API calls.

Core API routes:
- POST /v1/auth/sessions
- GET /v1/auth/sessions/{session_id}
- POST /v1/agent-tokens/refresh
- POST /v1/agent-tokens/revoke
- GET /v1/workspaces/me
- POST /v1/repositories
- GET /v1/repositories
- GET /v1/repositories/{repository_name}
- DELETE /v1/repositories/{repository_name}
- GET /v1/repositories/{repository_name}/branches
- POST /v1/repositories/{repository_name}/branches
- POST /v1/repositories/{repository_name}/commits
- POST /v1/repositories/{repository_name}/git-credentials
- GET /v1/repositories/{repository_name}/deploy-keys
- POST /v1/repositories/{repository_name}/deploy-keys
- DELETE /v1/repositories/{repository_name}/deploy-keys/{deploy_key_id}
- GET /v1/repositories/{repository_name}/webhooks
- POST /v1/repositories/{repository_name}/webhooks
- DELETE /v1/repositories/{repository_name}/webhooks/{webhook_id}
- GET /v1/quota
- GET /v1/audit-events

Main MCP tools:
- start_login
- check_login_status
- create_repo
- list_repos
- create_branch
- commit_files
- get_git_credentials
- create_deploy_key
- create_webhook
- get_quota
- list_audit_events

Suggested usage pattern:
1. Authenticate the user first.
2. Create a private repository.
3. Use commit_files for direct content creation.
4. If raw git is needed, request git credentials and use the returned clone URL.
5. Check quota before large operations.
6. Use audit logs to inspect prior writes.

Current auth note:
The approval page uses Google OAuth when the deployment is configured with a Google client ID and client secret.