---
name: rickydata-platform
description: Connect agents to RickyData MCP and Agent gateways, enable hosted MCP servers, manage wallet-scoped secrets, and verify live gateway health. Use when wiring an MCP client, debugging RickyData access, or explaining wallet-token/x402 boundaries.
---

# RickyData Platform

RickyData gives agents one hosted MCP gateway plus an agent runtime. Use this skill to connect clients, discover servers, enable tools deliberately, keep wallet-scoped secrets out of prompts, and verify live behavior before making claims.

## When to Use

- When an MCP client needs a single remote endpoint instead of installing individual MCP servers locally.
- When an agent needs to search for a hosted server, enable it, then call its exposed tools through MCP.
- When a wallet-scoped server needs third-party API keys stored in the RickyData vault before its tools work.
- When debugging whether the MCP Gateway or Agent Gateway is alive and serving the expected catalog/runtime.
- When explaining the split between wallet tokens, JWTs, x402 payment, free discovery, and paid tool execution.
- When validating public RickyData gateway claims from live endpoints instead of stale docs or screenshots.

## Live URLs to Trust

These are operational product URLs, not documentation deep links:

- Marketplace UI: `https://marketplace.rickydata.org`
- Platform UI: `https://rickydata.org`
- Public skill file: `https://rickydata.org/skill.md`
- Agent-readable site map: `https://rickydata.org/llms.txt`
- MCP Gateway Streamable HTTP endpoint: `https://mcp.rickydata.org/mcp`
- MCP Gateway health: `https://mcp.rickydata.org/health`
- Agent Gateway health: `https://agents.rickydata.org/health`

Do not invent docs URLs in this skill. If you need documentation, discover the current docs surface from the live site or repository before citing a link.

## Quick Health Checks

Run these before debugging client configuration. If health is down, do not blame the user's MCP client first.

```bash
curl -fsS https://mcp.rickydata.org/health | jq .
curl -fsS https://agents.rickydata.org/health | jq .
curl -fsS "https://mcp.rickydata.org/api/servers?search=brave" | jq '.total, .servers[0]'
```

Expected signals:

- MCP health returns JSON with `status`, `ready`, catalog counts, and runtime capacity.
- Agent health returns JSON with `status`, `version`, agent/skill counts, and upstream status.
- Server search returns `total` plus a `servers` array; empty search results mean catalog/query mismatch, not necessarily gateway outage.

## Connect an MCP Client

Use the remote MCP endpoint directly. No per-server local install is required.

### Claude Code

```bash
claude mcp add --transport http mcp-gateway https://mcp.rickydata.org/mcp
```

With a wallet token:

```bash
claude mcp add --transport http mcp-gateway https://mcp.rickydata.org/mcp \
  --header "Authorization:Bearer $RICKYDATA_WALLET_TOKEN"
```

### Codex CLI

```bash
codex mcp add --transport http mcp-gateway https://mcp.rickydata.org/mcp
```

With a wallet token:

```bash
codex mcp add --transport http mcp-gateway https://mcp.rickydata.org/mcp \
  --header "Authorization:Bearer $RICKYDATA_WALLET_TOKEN"
```

### Generic MCP JSON config

```json
{
  "mcpServers": {
    "rickydata": {
      "type": "http",
      "url": "https://mcp.rickydata.org/mcp"
    }
  }
}
```

Authenticated variant:

```json
{
  "mcpServers": {
    "rickydata": {
      "type": "http",
      "url": "https://mcp.rickydata.org/mcp",
      "headers": {
        "Authorization": "Bearer ${RICKYDATA_WALLET_TOKEN}"
      }
    }
  }
}
```

Never paste a real wallet token into a shared config, screenshot, issue, prompt, or log. Use an environment variable.

## Discovery and Enablement Model

RickyData intentionally avoids dumping every hosted tool into `tools/list` by default. A fresh connection exposes gateway meta-tools first:

- `gateway__search_servers` — search the hosted MCP catalog.
- `gateway__enable_server` — enable one server for the current wallet/session scope.
- `gateway__disable_server` — remove a server from the active tool inventory.
- `gateway__list_enabled` — inspect enabled servers.
- `gateway__server_info` — inspect server details before enabling/calling.

Workflow for agents:

1. Search by capability or provider using `gateway__search_servers`.
2. Inspect the chosen result's server ID, title, tools, and verification/security fields.
3. Enable that server with `gateway__enable_server`.
4. Re-list tools. The enabled server's tools should now appear alongside the gateway meta-tools.
5. Call the target tool with normal MCP `tools/call` semantics.
6. Disable the server when it is no longer needed or when narrowing tool inventory.

If a tool does not appear after enablement, check the active session/wallet and whether the client reloaded `tools/list` after enabling.

## REST Catalog Checks

Use the public catalog API for read-only investigation and debugging.

```bash
# Search hosted servers
curl -fsS "https://mcp.rickydata.org/api/servers?search=brave" | jq '.total, .servers[0]'

# Inspect a known server once you have its ID
MCP_GATEWAY_SCHEME="https"
MCP_GATEWAY_HOST="mcp.rickydata.org"
SERVER_ID="<server-id-from-search>"
curl -fsS "${MCP_GATEWAY_SCHEME}://${MCP_GATEWAY_HOST}/api/servers/$SERVER_ID" | jq .

# List tools advertised for that server
curl -fsS "${MCP_GATEWAY_SCHEME}://${MCP_GATEWAY_HOST}/api/servers/$SERVER_ID/tools" | jq .
```

Treat REST catalog results as debugging aids. The normal agent path is MCP: connect to `/mcp`, use meta-tools, then call enabled tools.

## Wallet Tokens, JWTs, Secrets, and Payment

Keep these boundaries straight:

- Anonymous/no-auth mode is useful for browsing and broad compatibility.
- Wallet tokens are long-lived bearer tokens for MCP clients and wallet-scoped state. Token examples must be placeholders like `$RICKYDATA_WALLET_TOKEN`, never literal token strings.
- JWTs are shorter-lived dashboard/session credentials and are not the preferred long-lived MCP-client credential.
- Server secrets are scoped to the authenticated wallet and server.
- Tool discovery and `tools/list` are free.
- Paid tool execution uses x402 USDC payment on Base; payment is distinct from bearer authentication.
- A failed paid call should not be described as charged unless the response includes settlement proof/transaction evidence.

Create or refresh a wallet token through the wallet-signing flow. The shape is:

```bash
# 1. Ask the gateway for a message to sign.
MCP_GATEWAY_SCHEME="https"
MCP_GATEWAY_HOST="mcp.rickydata.org"
curl -fsS "${MCP_GATEWAY_SCHEME}://${MCP_GATEWAY_HOST}/api/auth/token-message?walletAddress=0xYOUR_WALLET&expiresAt=2027-01-01T00:00:00Z" | jq .

# 2. Sign that exact message with the wallet.
# 3. Submit walletAddress, signature, and expiresAt to create a token.
curl -fsS -X POST "${MCP_GATEWAY_SCHEME}://${MCP_GATEWAY_HOST}/api/auth/create-token" \
  -H "Content-Type: application/json" \
  -d '{"walletAddress":"0xYOUR_WALLET","signature":"0xYOUR_SIGNATURE","expiresAt":"2027-01-01T00:00:00Z"}' | jq .
```

The returned token should be stored in a local secret manager or environment variable, not committed.

## Store Server Secrets Safely

Some hosted MCP servers need third-party API keys. Store those per wallet/server; do not pass them as normal tool arguments unless the specific tool schema requires a non-secret value.

```bash
SERVER_ID="<server-id-from-search>"
MCP_GATEWAY_SCHEME="https"
MCP_GATEWAY_HOST="mcp.rickydata.org"
export RICKYDATA_WALLET_TOKEN="<token-from-wallet-signing-flow>"

curl -fsS -X POST "${MCP_GATEWAY_SCHEME}://${MCP_GATEWAY_HOST}/api/secrets/$SERVER_ID" \
  -H "Authorization: Bearer $RICKYDATA_WALLET_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"secrets":{"API_KEY":"<provider-api-key>"}}' | jq .
```

Safety rules:

- Use placeholders in examples; never include real provider keys or wallet tokens.
- Do not dump `.env` files to prove setup.
- If a secret-backed tool fails, verify the server ID and secret names before assuming payment or TEE failure.
- Prefer the Marketplace UI for humans who are uncomfortable with terminal-based secret entry.

## Agent Gateway

Use the Agent Gateway when the task is agent/session/runtime oriented rather than direct MCP tool routing.

Host: `agents.rickydata.org`; verify it through the health endpoint before debugging runtime behavior.

Check health first:

```bash
curl -fsS https://agents.rickydata.org/health | jq .
```

Use it for:

- BYOK or configured model-backed chat sessions.
- Persistent agent sessions and chat history.
- Agent-as-MCP surfaces.
- Canvas workflow execution through the RickyData agent runtime.
- Agent/runtime health validation separate from MCP Gateway health.

Do not conflate Agent Gateway outages with MCP Gateway outages. They are related RickyData services, but they have separate health endpoints and failure modes.

## Security and Verification

Before claiming RickyData is healthy, secure, or production-ready for a given task, verify the live surface relevant to that claim.

Minimum checks:

```bash
curl -fsS https://mcp.rickydata.org/health | jq .
curl -fsS https://agents.rickydata.org/health | jq .
```

For security-sensitive work, additionally inspect the current repository or live attestation/proof endpoint before making a detailed claim. Do not repeat old assertions about TEE, payment settlement, code hashes, or provenance unless you have just verified the endpoint or source that supports them.

Public claims that should be treated as verification-sensitive:

- AMD SEV-SNP / Confidential VM execution.
- Execution proof, attestation, provenance, or build hash details.
- x402 settlement and whether a call was charged.
- Per-wallet vault isolation and secret deletion proof.
- Tool/server security scoring and verification status.

## Common Failures

- **Client shows too many or too few tools**: Refresh `tools/list`, check whether the connection is anonymous or wallet-authenticated, then inspect `gateway__list_enabled`.
- **A searched server cannot be called**: Enable it first with `gateway__enable_server`; search does not automatically add its tools to the active inventory.
- **Secret-backed tool fails with auth/provider errors**: Confirm the exact server ID and expected secret names, then re-save secrets for that server under the same wallet token.
- **Paid call returns payment errors**: Separate bearer auth from x402 signing. Bearer identifies wallet/secrets; x402 authorizes the paid execution.
- **Agent chat fails but MCP search works**: Check `https://agents.rickydata.org/health`; do not debug it as an MCP Gateway catalog issue.
- **Marketplace UI differs from MCP results**: Verify both the UI and `https://mcp.rickydata.org/api/servers?search=<query>`; report the mismatch with server IDs and timestamps.
- **Docs link looks wrong**: Do not patch a guessed docs URL into this public skill. Verify the route in the docs repository or live site first.

## Publishing or Updating This Public Skill

When editing this public skill file:

1. Keep frontmatter minimal: `name` and `description` only unless a consumer contract requires another key.
2. Do not add legal, author, version, or docs-link metadata unless the public skill consumer contract explicitly requires it.
3. Use only live operational URLs in the body, and verify every URL before publishing.
4. Keep all credential examples as environment variables or obvious placeholders.
5. Validate YAML frontmatter, code fences, link reachability, and secret scanning before pushing.
6. After deployment, fetch `https://rickydata.org/skill.md` and confirm the live content matches the intended commit.