Consolidate 5 plugins into AgentKit and SaaSKit (v2.0.0)

.claude-plugin/marketplace.json

@@ -1,46 +1,60 @@
 {
   "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
   "name": "scalekit-auth-stack",
-  "description": "Scalekit auth plugins for Claude Code covering full-stack auth, Modular SSO, SCIM provisioning, MCP OAuth 2.1, and agent authentication.",
+  "description": "Scalekit Auth Stack for Claude Code — AgentKit and SaaSKit plugins. Add agent auth, tool calling, SSO, SCIM, MCP auth, and session management from Claude Code.",
   "owner": {
     "name": "Scalekit Inc",
     "email": "support@scalekit.com"
   },
   "plugins": [
-     {
-      "name": "mcp-auth",
-      "description": "Guides users through adding production-ready OAuth 2.1 authorization to Model Context Protocol (MCP) servers",
-      "source": "./plugins/mcp-auth",
-      "category": "MCP Security",
-      "homepage": "https://docs.scalekit.com/dev-kit/build-with-ai/mcp-auth/"
+    {
+      "name": "agentkit",
+      "description": "Authentication for AI agents. OAuth flows, token vault, 100+ connectors (Gmail, Slack, Salesforce, etc.), tool discovery, and live testing — so agents can act on behalf of users.",
+      "source": "./plugins/agentkit",
+      "category": "Agent Auth",
+      "homepage": "https://docs.scalekit.com/agentkit/overview/"
+    },
+    {
+      "name": "saaskit",
+      "description": "Production-ready auth for B2B SaaS apps. Login, sessions, SSO (Okta, Azure AD, Google), SCIM provisioning, RBAC, MCP server auth, and API key management.",
+      "source": "./plugins/saaskit",
+      "category": "Application Auth",
+      "homepage": "https://docs.scalekit.com/authenticate/fsa/quickstart/"
     },
     {
       "name": "agent-auth",
-      "description": "Implements Scalekit Agent Auth so AI agents can act in third-party apps (Gmail, Slack, Calendar, Notion) on behalf of users.",
+      "description": "Alias for agentkit — AI agent authentication with OAuth flows, token vault, and 100+ connectors.",
       "source": "./plugins/agent-auth",
       "category": "Agent Auth",
-      "homepage": "https://docs.scalekit.com/dev-kit/build-with-ai/agent-auth/"
+      "homepage": "https://docs.scalekit.com/agentkit/overview/"
+    },
+    {
+      "name": "mcp-auth",
+      "description": "Alias for saaskit — includes OAuth 2.1 for MCP servers alongside login, SSO, SCIM, and RBAC.",
+      "source": "./plugins/mcp-auth",
+      "category": "Application Auth",
+      "homepage": "https://docs.scalekit.com/authenticate/mcp/quickstart/"
+    },
+    {
+      "name": "full-stack-auth",
+      "description": "Alias for saaskit — full-stack authentication including login, sessions, SSO, SCIM, and RBAC.",
+      "source": "./plugins/full-stack-auth",
+      "category": "Application Auth",
+      "homepage": "https://docs.scalekit.com/authenticate/fsa/quickstart/"
     },
     {
       "name": "modular-sso",
-      "description": "Integrates with all popular SSO providers (Okta, JumpCloud, Entra ID, etc.) and allows users to login to your app using their existing identity provider.",
+      "description": "Alias for saaskit — enterprise SSO is now part of the unified SaaSKit plugin.",
       "source": "./plugins/modular-sso",
-      "category": "Enterprise SSO",
-      "homepage": "https://docs.scalekit.com/dev-kit/build-with-ai/sso/"
+      "category": "Application Auth",
+      "homepage": "https://docs.scalekit.com/authenticate/sso/add-modular-sso/"
     },
     {
       "name": "modular-scim",
-      "description": "Automates user and group provisioning and deprovisioning via SCIM 2.0 with identity providers like Okta, Entra ID, and JumpCloud.",
+      "description": "Alias for saaskit — SCIM provisioning is now part of the unified SaaSKit plugin.",
       "source": "./plugins/modular-scim",
-      "category": "Provisioning",
-      "homepage": "https://docs.scalekit.com/dev-kit/build-with-ai/scim/"
-    },
-    {
-      "name": "full-stack-auth",
-      "description": "Adds end-to-end authentication to B2B and AI apps including user management, organization handling, session management, RBAC, and login flows.",
-      "source": "./plugins/full-stack-auth",
       "category": "Application Auth",
-      "homepage": "https://docs.scalekit.com/dev-kit/build-with-ai/full-stack-auth/"
+      "homepage": "https://docs.scalekit.com/directory/scim/quickstart/"
     }
   ]
 }

CHANGELOG.md

@@ -1,6 +1,44 @@
 # Changelog
 
-## Unreleased
+## 2.0.0
+
+### Breaking Changes
+
+- Consolidated 5 plugins into 2: **AgentKit** and **SaaSKit**
+- Consolidated `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` as symlink aliases — old install commands still work
+- All slash commands now use `/agentkit:` or `/saaskit:` namespace
+
+### Added
+
+- **AgentKit** plugin (`plugins/agentkit/`) — renamed from `agent-auth`, adopting Scalekit AgentKit branding
+  - New skills: `discovering-connector-tools`, `exposing-agentkit-via-mcp`, `scalekit-code-doctor`
+  - Added `docs/` layer with canonical documentation (connections, tool-discovery, code-samples)
+  - Added `rules/` layer for cross-cutting guidance
+- **SaaSKit** plugin (`plugins/saaskit/`) — consolidates FSA, SSO, SCIM, and MCP server auth
+  - 14 skills covering login, sessions, SSO, SCIM, RBAC, MCP server auth, API keys, migration, production readiness, auth testing, and SDK debugging
+  - `docs/` layer with 13 documentation files including framework-specific guides (Python, Next.js, Go, Spring Boot, Laravel)
+  - `rules/` layer with terminology and redirect URL guidance
+  - Framework-specific reference files (Go, Spring Boot, Laravel, FastMCP, Express, FastAPI)
+  - Consolidated agents, commands, hooks, and references from all 4 source plugins
+
+### Changed
+
+- Repository structure simplified from 5 plugins to 2
+- Content model: `docs/ + rules/ + thin skills/` pattern (established in PR #19) applied to both plugins
+- Skill names follow updated Scalekit terminology (AgentKit, SaaSKit)
+- Root README updated with 2-plugin listing and install instructions
+- CLAUDE.md updated with new plugin layout
+
+### Aliased (backward-compatible)
+
+- `plugins/full-stack-auth/` → symlink to `saaskit/`; old install commands continue to work
+- `plugins/mcp-auth/` → symlink to `saaskit/`; old install commands continue to work
+- `plugins/modular-sso/` → symlink to `saaskit/`; old install commands continue to work
+- `plugins/modular-scim/` → symlink to `saaskit/`; old install commands continue to work
+
+---
+
+## Unreleased (pre-2.0)
 
 - Align Claude marketplace metadata with current Build with AI docs:
   - Updated plugin categories to match product taxonomy used in docs and marketplaces.

CLAUDE.md

@@ -1,35 +1,37 @@
 # CLAUDE.md (Repo guide for agents)
 
-This repository contains multiple Claude Code plugins for marketplace distribution.
-It is a monorepo. Always work inside one plugin directory at a time.
+This repository contains two Claude Code plugins for marketplace distribution:
+**AgentKit** (AI agent authentication) and **SaaSKit** (B2B SaaS authentication).
 
 If you are making changes, read AGENTS.md first and follow it as the source of truth.
 
 ## Quick orientation
 
 Top level:
 
-- plugins/ Monorepo root for all plugins
+- plugins/ Monorepo root for both plugins
 - AGENTS.md Non negotiable rules for manifests, skills, hooks, MCP, security
-- README.md Repo overview
-- CHANGELOG.md Repo level changelog (also check plugin level changelogs if present)
-- .lsp.json LSP configuration for this repo
+- README.md Repo overview and install instructions
+- CHANGELOG.md Repo level changelog
 
-Plugins (examples you may see here):
+Plugins:
 
-- plugins/agent-auth/
-- plugins/full-stack-auth/
-- plugins/mcp-auth/
+- plugins/agentkit/ AI agent auth — connectors, token vault, tool discovery
+- plugins/saaskit/ B2B SaaS auth — login, sessions, SSO, SCIM, RBAC, MCP server auth
 
-Each plugin is expected to look like:
+Each plugin follows the `docs/ + rules/ + skills/` content model:
+```
 plugins/<plugin-name>/
-.claude-plugin/plugin.json Plugin manifest
-README.md Required docs for that plugin
-skills/<skill-name>/SKILL.md Skill entrypoint
-agents/ Optional sub agents
-hooks/ Optional hooks.json
-.mcp.json Optional MCP config
-settings.json Optional default settings
+  .claude-plugin/plugin.json  Plugin manifest
+  docs/                       Canonical durable documentation
+  rules/                      Cross-cutting guidance (terminology, etc.)
+  skills/<skill-name>/SKILL.md Thin routing layer pointing to docs/
+  agents/                     Optional sub agents
+  hooks/                      Optional hooks.json
+  commands/                   Optional slash commands
+  references/                 Optional reference material
+  README.md                   Required docs for that plugin
+```
 
 ## Golden rules
 

README.md

@@ -2,96 +2,85 @@
 
 <img src="./images/scalekit.jpg" alt="Scalekit" height="64">
 
-<p><strong>Scalekit Auth Plugins for Claude Code — the auth stack for agents.</strong><br>
-Add SSO, SCIM, MCP Auth, agent auth, and tool-calling from your Claude Code editor.</p>
+<p><strong>Scalekit Auth Stack for Claude Code — AgentKit and SaaSKit plugins.</strong><br>
+Add agent auth, tool calling, SSO, SCIM, MCP auth, and session management from Claude Code.</p>
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE)
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](https://github.com/scalekit-inc/claude-code-authstack/pulls)
 
-**[📖 Documentation](https://docs.scalekit.com)** · **[💬 Slack](https://join.slack.com/t/scalekit-community/shared_invite/zt-3gsxwr4hc-0tvhwT2b_qgVSIZQBQCWRw)**
+**[📖 Documentation](https://docs.scalekit.com)** · **[📋 LLM Docs](https://docs.scalekit.com/llms.txt)** · **[💬 Slack](https://join.slack.com/t/scalekit-community/shared_invite/zt-3gsxwr4hc-0tvhwT2b_qgVSIZQBQCWRw)**
 
 </div>
 
 ---
 
-Setting up auth for B2B and AI apps is complex. Between auth flows, SSO providers, SCIM provisioning, MCP auth, and securing AI agents, most developers spend weeks on auth instead of shipping features with confidence.
+Setting up auth for B2B and AI apps is complex. Between agent OAuth flows, SSO providers, SCIM provisioning, MCP server auth, and session management, most developers spend weeks on auth instead of shipping features.
 
-This plugin adds the complete Scalekit auth stack to your projects — whether that's a B2B app, AI agent, or MCP server — directly from Claude Code.
+This marketplace adds the complete Scalekit auth stack to your projects — whether that's an AI agent, a B2B SaaS app, or an MCP server — directly from Claude Code.
 
 ![Scalekit AuthStack demo](./images/scalekit-authstack-demo.gif)
 
 ---
 
 ### Installation
 
+```sh
+# One-line installer
+curl -fsSL https://raw.githubusercontent.com/scalekit-inc/claude-code-authstack/main/install.sh | bash
+```
+
+Or install manually inside Claude Code:
+
 ```sh
 # Start Claude REPL
 claude
 
 # Add Scalekit Auth Stack marketplace
 /plugin marketplace add scalekit-inc/claude-code-authstack
 
-# Run the plugins wizard
+# Install a plugin
+/plugin install agentkit@scalekit-auth-stack
+/plugin install saaskit@scalekit-auth-stack
+
+# Open the plugins wizard
 /plugins
 ```
 
+After installation, enable auto-update:
+
+1. Open `/plugins`
+2. Go to `Marketplaces`
+3. Select `scalekit-auth-stack`
+4. Enable `auto-update`
+
 ---
 
 ### Available Plugins
 
 | Plugin | Description |
 |--------|-------------|
-| **MCP Auth** | Add OAuth 2.1 authorization to Model Context Protocol servers. Guides you through token handling, refresh flows, and scope management. |
-| **Modular SSO** | Integrate enterprise SSO providers (Okta, JumpCloud, Entra ID, etc.). Support 20+ identity providers without writing SAML parsers. |
-| **Modular SCIM** | Enable user provisioning and directory sync. Let customers provision users automatically from their identity provider. |
-| **Full Stack Auth** | Complete authentication setup for web applications. End-to-end auth including login pages, session management, and protected routes. |
-| **Agent Auth** | Secure authentication for AI agents and services. OAuth flows designed for AI agents with token persistence and refresh logic. |
+| **AgentKit** | Authentication for AI agents. OAuth flows, token vault, 100+ connectors (Gmail, Slack, Salesforce, etc.), tool discovery, and live testing — so agents can act on behalf of users. |
+| **SaaSKit** | Production-ready auth for B2B SaaS apps. Login, sessions, SSO (Okta, Azure AD, Google), SCIM provisioning, RBAC, MCP server auth, and API key management. |
 
 ---
 
 ### Quick Start
 
-After adding the marketplace, install a plugin based on your use case:
-
-#### For MCP Servers
-
-```sh
-/plugin install mcp-auth@scalekit-auth-stack
-```
-
-Use this to secure your MCP servers with OAuth 2.1 authorization.
-
-#### For Enterprise SSO
-
-```sh
-/plugin install modular-sso@scalekit-auth-stack
-```
-
-Use this to add SAML/OIDC SSO with providers like Okta, JumpCloud, or Entra ID.
-
 #### For AI Agents
 
 ```sh
-/plugin install agent-auth@scalekit-auth-stack
+/plugin install agentkit@scalekit-auth-stack
 ```
 
-Use this to add authentication for AI agents that act on behalf of users.
+Use AgentKit to add authentication for AI agents that connect to third-party services, discover tools, and execute authenticated actions on behalf of users.
 
-#### For User Provisioning
+#### For B2B SaaS Apps
 
 ```sh
-/plugin install modular-scim@scalekit-auth-stack
+/plugin install saaskit@scalekit-auth-stack
 ```
 
-Use this to enable SCIM directory sync for automatic user provisioning.
-
-#### For Full-stack App Authentication
-
-```sh
-/plugin install full-stack-auth@scalekit-auth-stack
-```
-
-Use this to add login, callback handling, sessions, and logout flows to web apps.
+Use SaaSKit to add login, session management, enterprise SSO, SCIM provisioning, RBAC, MCP server auth, and API key management to web applications.
 
 ---
 
@@ -100,12 +89,10 @@ Use this to add login, callback handling, sessions, and logout flows to web apps
 ```
 .
 ├── plugins/
-│   ├── mcp-auth/         # OAuth 2.1 for MCP servers
-│   ├── modular-sso/      # Enterprise SSO integration
-│   ├── modular-scim/     # SCIM provisioning
-│   ├── full-stack-auth/  # Complete web app auth
-│   └── agent-auth/       # AI agent authentication
+│   ├── agentkit/         # AI agent authentication (AgentKit)
+│   └── saaskit/          # B2B SaaS authentication (SaaSKit)
 ├── images/               # Documentation images
+├── scripts/              # Install scripts
 ├── AGENTS.md             # Contribution guidelines
 └── LICENSE               # MIT License
 ```
@@ -118,19 +105,24 @@ Use this to add login, callback handling, sessions, and logout flows to web apps
 - Claude Code installed and configured
 - Project where you want to add authentication
 
+> **Windows**: `install.sh` requires macOS or Linux (or WSL on Windows). Native Windows PowerShell install is not yet supported.
+
 ---
 
 ### Helpful Links
 
 #### Documentation
 
 - [Scalekit Documentation](https://docs.scalekit.com) — Complete guides and API reference
+- [LLM docs map](https://docs.scalekit.com/llms.txt) — High-level index of published Scalekit documentation sets
+- [Docs sitemap](https://docs.scalekit.com/sitemap-0.xml) — Stable sitemap for discovering published docs pages
 - [Build with AI overview](https://docs.scalekit.com/dev-kit/build-with-ai/) — Claude, Codex, Copilot CLI, Cursor setup flows
 - [Modular SSO guide](https://docs.scalekit.com/authenticate/sso/add-modular-sso/) — Implement enterprise SSO
 - [MCP Auth guide](https://docs.scalekit.com/authenticate/mcp/quickstart/) — Secure MCP servers
 - [Full-stack auth guide](https://docs.scalekit.com/authenticate/fsa/quickstart/) — Add login, callback, and session management
 - [SCIM directory sync guide](https://docs.scalekit.com/directory/scim/quickstart/) — Provision and deprovision users
-- [Agent Auth Guide](https://docs.scalekit.com/agent-auth/quickstart/) — Authentication for AI agents
+- [AgentKit overview](https://docs.scalekit.com/agentkit/overview) — Connect agents to authenticated tools through connectors, connections, and connected accounts
+- [AgentKit quickstart](https://docs.scalekit.com/agentkit/quickstart) — Build an agent that makes authenticated tool calls on behalf of users
 
 #### Resources
 

install.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+REPO_SLUG="${CLAUDE_CODE_AUTHSTACK_REPO:-scalekit-inc/claude-code-authstack}"
+REPO_REF="${CLAUDE_CODE_AUTHSTACK_REF:-main}"
+SOURCE_DIR="${CLAUDE_CODE_AUTHSTACK_SOURCE_DIR:-}"
+
+if [[ -n "$SOURCE_DIR" ]]; then
+  exec "${SOURCE_DIR%/}/scripts/install.sh"
+fi
+
+TMP_DIR="$(mktemp -d)"
+cleanup() {
+  rm -rf "$TMP_DIR"
+}
+trap cleanup EXIT
+
+ARCHIVE_URL="https://github.com/${REPO_SLUG}/archive/refs/heads/${REPO_REF}.tar.gz"
+ARCHIVE_PATH="$TMP_DIR/claude-code-authstack.tar.gz"
+
+echo "Downloading Scalekit Auth Stack for Claude Code from:"
+echo "  $ARCHIVE_URL"
+
+curl -fsSL "$ARCHIVE_URL" -o "$ARCHIVE_PATH"
+tar -xzf "$ARCHIVE_PATH" -C "$TMP_DIR"
+
+EXTRACTED_DIR="$(find "$TMP_DIR" -mindepth 1 -maxdepth 1 -type d | head -n 1)"
+
+if [[ -z "$EXTRACTED_DIR" ]] || [[ ! -f "$EXTRACTED_DIR/scripts/install.sh" ]]; then
+  echo "Failed to find installer in downloaded archive." >&2
+  exit 1
+fi
+
+chmod +x "$EXTRACTED_DIR/scripts/install.sh"
+exec "$EXTRACTED_DIR/scripts/install.sh"

plugins/agent-auth

@@ -0,0 +1 @@
+agentkit