webrenew · charlesrhoward · May 18, 2026 · May 18, 2026 · chatgpt-codex-connector · May 18, 2026
diff --git a/content/docs/cli/automation/headless-runs.mdx b/content/docs/cli/automation/headless-runs.mdx
@@ -166,7 +166,7 @@ final line is `{"runId":"...","status":"success"}`. Perfect for piping into
 <Callout>
 The events feed is sanitized server-side: sensitive payload keys are redacted,
 strings/arrays/objects are capped. Safe to dump into a public CI log without
-leaking provider keys or session tokens.
+leaking credentials or session tokens.
 </Callout>
 
 ## Cancel a run

diff --git a/content/docs/cli/concepts/attach.mdx b/content/docs/cli/concepts/attach.mdx
@@ -50,7 +50,7 @@ You're a real operator on the run, not a read-only observer.
 
 ## Auth and permissions
 
-Attach uses your local Mogplex token (or provider key) the same way as any other session. Permission mode is still respected — if you attach in `approval` mode and the run produces a gated action, the Approval drawer surfaces it for **you** to decide.
+Attach uses your local Mogplex token the same way as any other session. Permission mode is still respected — if you attach in `approval` mode and the run produces a gated action, the Approval drawer surfaces it for **you** to decide.
 
 ## Detach without killing the run
 

diff --git a/content/docs/cli/guides/authentication.mdx b/content/docs/cli/guides/authentication.mdx
@@ -1,6 +1,6 @@
 ---
 title: Authentication
-description: In-app login, credential precedence, browser sign-in, stored provider keys, and what `/login` and `/logout` actually change.
+description: In-app login, credential precedence, browser sign-in, account-backed access, and what `/login` and `/logout` actually change.
 ---
 
 import { Callout } from 'fumadocs-ui/components/callout';
@@ -9,22 +9,12 @@ The CLI ships to end users — auth is in-app. You do **not** need to set enviro
 
 ## Resolution order
 
-When the CLI starts up, it resolves credentials in this order:
+When the CLI starts up, it resolves credentials in this order. The normal
+customer path is account-backed login; provider env vars are compatibility and
+development overrides.
 
-1. **Provider env var in the current shell.** If set, it wins — no matter what is stored on disk.
-
-   | Provider   | Environment variable           |
-   | ---------- | ------------------------------ |
-   | Mogplex    | `MOGPLEX_API_KEY`              |
-   | Anthropic  | `ANTHROPIC_API_KEY`            |
-   | OpenAI     | `OPENAI_API_KEY`               |
-   | Google     | `GOOGLE_GENERATIVE_AI_API_KEY` |
-   | Groq       | `GROQ_API_KEY`                 |
-   | Mistral    | `MISTRAL_API_KEY`              |
-   | DeepSeek   | `DEEPSEEK_API_KEY`             |
-   | xAI        | `XAI_API_KEY`                  |
-   | Cohere     | `COHERE_API_KEY`               |
-   | Vercel     | `VERCEL_API_TOKEN`             |
+1. **Auth env var in the current shell.** `MOGPLEX_API_KEY` and legacy local
+   provider env vars can override what is stored on disk.
 
 2. **Stored credentials** in `~/.mogplex/auth.json` (mode `0600`). If you previously used Codex and have `CODEX_HOME` set, the CLI still honors it but it is deprecated — set `MOGPLEX_HOME` instead. See [Configuration and Flags → Storage](/cli/guides/configuration-and-flags#storage).
 
@@ -34,10 +24,11 @@ The practical rule: shell env vars outrank everything else.
 
 ## In-app login
 
-On first run, the login screen offers two paths:
+On first run, use the Mogplex account path:
 
 - **Sign in with Mogplex** — opens a browser flow for account-backed login. The CLI listens on a local callback and stores a Mogplex token. Recommended.
-- **Use a provider API key** — store an Anthropic, OpenAI, Google, Groq, Mistral, DeepSeek, xAI, Cohere, or Vercel AI Gateway key locally.
+
+Account-backed login is the product path for normal use.
 
 You can re-open the login screen later from the composer:
 
@@ -47,34 +38,34 @@ You can re-open the login screen later from the composer:
 
 ## What account-backed login means
 
-Browser login is not the same thing as storing a direct provider key.
-
-When you sign in with Mogplex, the CLI stores a `mogplex` credential in `~/.mogplex/auth.json` and can reuse hosted state:
+When you sign in with Mogplex, the CLI stores a `mogplex` credential in
+`~/.mogplex/auth.json` and can reuse hosted state:
 
 - synced model catalog
 - remote MCP server definitions
-- account-backed model access configured for your Mogplex user
+- plan-backed model access configured for your Mogplex user
 
-If account login succeeds but prompts fail, the hosted account usually does not have usable model access yet. Add a provider key in [Web Settings](/web/settings).
+If account login succeeds but prompts fail, the hosted account usually does not
+have usable model access yet. Check [Available Models](/web/models) and
+[Plans & Billing](/plans-and-billing).
 
-## Provider keys (env or stored)
+## Provider env vars
 
-Direct provider credentials still work and still take precedence over the account login path. This is the preferred pattern for CI and ephemeral shells.
-
-```bash
-export OPENAI_API_KEY=sk-...
-mogplex
-```
+Direct provider environment variables are a compatibility and development
+escape hatch, not the product setup path for billed Mogplex accounts. They
+still take precedence over the account login path when they are present, so
+unset them before debugging billed account behavior.
 
-If both a stored credential and an env var exist for the same provider, the env var wins.
+If both a stored credential and an env var exist for the same provider, the env
+var wins.
 
 ## `/logout`
 
 ```text
 /logout
 ```
 
-Clears the Mogplex token (and provider key, if stored) from `~/.mogplex/auth.json`. Three things to remember:
+Clears the Mogplex token from `~/.mogplex/auth.json`. Three things to remember:
 
 - **Env vars still win.** If the matching env var is set, the next session will still authenticate through it.
 - **Restart for certainty.** The current process may still hold the old adapter. Quit (`/quit`) and relaunch if you need an immediate clean slate.
@@ -94,8 +85,8 @@ mogplex --attach run_abc123 --logout
 
 ## Common outcomes
 
-- The login screen appears at startup → no credentials anywhere; sign in or store a provider key.
-- Login succeeds but prompts fail → account login is active but the hosted account lacks model access. Fix in [Web Settings](/web/settings).
+- The login screen appears at startup → no Mogplex credential is available; sign in.
+- Login succeeds but prompts fail → account login is active but the hosted account lacks model access. Check [Available Models](/web/models) and [Plans & Billing](/plans-and-billing).
 - The CLI behaves differently than the in-app login implies → check env vars first; they outrank stored auth.
 
 ## See also

diff --git a/content/docs/cli/guides/configuration-and-flags.mdx b/content/docs/cli/guides/configuration-and-flags.mdx
@@ -28,9 +28,11 @@ the login screen, model picker, and permissions picker.
 
 ## Environment variables
 
-### Auth (provider keys)
+### Auth escape hatches
 
-See the table in [Authentication → Resolution order](/cli/guides/authentication#resolution-order). Setting any provider env var overrides stored credentials for that provider.
+See the table in [Authentication → Resolution order](/cli/guides/authentication#resolution-order).
+Provider env vars are compatibility and development escape hatches; normal
+Mogplex usage should start with account-backed login.
 
 ### Transport selection
 
@@ -65,7 +67,7 @@ The runtime loader merges built-in defaults, user config, project config,
 environment-derived values, and launcher overrides. In normal interactive use,
 prefer the visible cockpit controls first:
 
-- `/login` and the login screen for account and provider credentials
+- `/login` and the login screen for account credentials
 - `/permissions` for permission mode
 - `/model` for current model selection
 - `/mcp` for MCP inspection and sync actions
@@ -77,7 +79,7 @@ better owned by the current session UI.
 
 | Path | Contents |
 | --- | --- |
-| `~/.mogplex/auth.json` | Mogplex token and provider credentials (mode `0600`). |
+| `~/.mogplex/auth.json` | Mogplex token and compatibility auth state (mode `0600`). |
 | `~/.mogplex/config.toml` | User-level advanced config. |
 | `~/.mogplex/permissions.json` | Global permission mode and rules. |
 | `./.mogplex/config.toml` | Project-level advanced config. |

diff --git a/content/docs/cli/guides/index.mdx b/content/docs/cli/guides/index.mdx
@@ -30,7 +30,7 @@ Use these pages when you want behavior and decision-making, not just syntax.
 
 ## Pick a guide by question
 
-- "Why is the CLI choosing this provider or model?" → [Authentication](/cli/guides/authentication)
+- "Why is the CLI choosing this auth state or model?" → [Authentication](/cli/guides/authentication)
 - "Where does this default live and which env var overrides it?" → [Configuration and Flags](/cli/guides/configuration-and-flags)
 - "How do I drive a run from the composer?" → [Slash Commands](/cli/guides/slash-commands)
 - "How do I make Mogplex behave like part of this repo?" → [Project Commands](/cli/guides/project-commands)

diff --git a/content/docs/cli/index.mdx b/content/docs/cli/index.mdx
@@ -54,7 +54,7 @@ See [Reference → Panels](/cli/reference/panels) and [Reference → Drawers](/c
 
 ## Files the CLI reads
 
-- `~/.mogplex/auth.json` — Mogplex token and provider credentials.
+- `~/.mogplex/auth.json` — Mogplex token and compatibility auth state.
 - `~/.mogplex/permissions.json` — global permission mode and rules.
 - `~/.mogplex/projects/<repo-slug>/permissions.json` — project-level overrides.
 - `~/.mogplex/logs/` — structured session logs (secrets redacted).

diff --git a/content/docs/cli/installation.mdx b/content/docs/cli/installation.mdx
@@ -85,7 +85,8 @@ exec zsh -l
 mogplex
 ```
 
-The first launch opens the in-app login screen. Sign in with your Mogplex account or store a provider key locally — Mogplex never requires environment variables for normal use.
+The first launch opens the in-app login screen. Sign in with your Mogplex
+account. Mogplex never requires environment variables for normal use.
 
 For the full first-run flow, continue with [Quickstart](/cli/quickstart).
 
@@ -98,7 +99,8 @@ Re-run the installer. It detects the existing install and replaces the binary in
 - `mogplex: command not found` — the install succeeded but your shell has not picked up the updated `PATH`. Rehash or open a new shell.
 - The installer downloads but fails before extraction — confirm your machine has the right extractor (`tar` for `.tar.gz`, `unzip` or `ditto` for `.zip`).
 - You pinned `MOGPLEX_BASE_URL` and the script exits immediately — the installer rejects non-HTTPS hosts.
-- Login succeeds but prompts fail — your account probably lacks model access. Add a provider key in [Web Settings](/web/settings).
+- Login succeeds but prompts fail — your account probably lacks model access.
+  Check [Available Models](/web/models) and [Plans & Billing](/plans-and-billing).
 
 ## Uninstall
 

diff --git a/content/docs/cli/quickstart.mdx b/content/docs/cli/quickstart.mdx
@@ -25,8 +25,9 @@ mogplex
 
 If you are not authenticated, the in-app login screen appears. Pick one:
 
-- **Sign in with Mogplex** — opens a browser for account-backed login. Recommended; reuses synced model catalog and remote MCP definitions.
-- **Use a provider API key** — store an Anthropic, OpenAI, Google, Groq, Mistral, DeepSeek, xAI, Cohere, or Vercel AI Gateway key locally.
+- **Sign in with Mogplex** — opens a browser for account-backed login. This
+  reuses your plan-backed model access, synced model catalog, and remote MCP
+  definitions.
 
 Stored credentials live in `~/.mogplex/auth.json` (file mode `0600`).
 
@@ -87,7 +88,8 @@ See [Concepts → Attach](/cli/concepts/attach).
 
 ## Common first-run issues
 
-- Login succeeds but no models available — add a provider key in [Web Settings](/web/settings) (account-backed login inherits hosted model access).
+- Login succeeds but no models available — check [Available Models](/web/models)
+  and the account plan. Account-backed login inherits managed hosted access.
 - Header says `transport: offline` — core is unreachable. Check network and retry; the daemon transport surfaces a reconnect banner.
 - A slash command "doesn't work" — check `/help` for the actual registry.
 

diff --git a/content/docs/cli/skills/mogplex-auth.mdx b/content/docs/cli/skills/mogplex-auth.mdx
@@ -11,7 +11,7 @@ This page mirrors the canonical `SKILL.md` at [`skills/mogplex-auth/SKILL.md`](h
 
 ```yaml
 name: mogplex-auth
-description: Guides the user through the Mogplex CLI's in-app login flow, credential precedence, and troubleshooting. Use when the user asks to sign in, switch accounts, store a provider key, or when a Mogplex command fails with an auth error.
+description: Guides the user through the Mogplex CLI's in-app login flow, credential precedence, and troubleshooting. Use when the user asks to sign in, switch accounts, debug env-var overrides, or when a Mogplex command fails with an auth error.
 ```
 
 ## Body
@@ -22,20 +22,8 @@ The Mogplex CLI authenticates **in-app**. There is no `mogplex login status` sub
 
 The cockpit picks credentials in a fixed order:
 
-1. **Provider env var in the current shell.** If set, it wins — no matter what is stored on disk.
-
-   | Provider | Env var |
-   | --- | --- |
-   | Mogplex | `MOGPLEX_API_KEY` |
-   | Anthropic | `ANTHROPIC_API_KEY` |
-   | OpenAI | `OPENAI_API_KEY` |
-   | Google | `GOOGLE_GENERATIVE_AI_API_KEY` |
-   | Groq | `GROQ_API_KEY` |
-   | Mistral | `MISTRAL_API_KEY` |
-   | DeepSeek | `DEEPSEEK_API_KEY` |
-   | xAI | `XAI_API_KEY` |
-   | Cohere | `COHERE_API_KEY` |
-   | Vercel | `VERCEL_API_TOKEN` |
+1. **Auth env var in the current shell.** `MOGPLEX_API_KEY` and legacy local
+   provider env vars can override what is stored on disk.
 
 2. **Stored credentials** in `~/.mogplex/auth.json` (mode `0600`).
 3. **No credentials** → the cockpit's in-app login screen appears.
@@ -55,24 +43,17 @@ mogplex
 
 A browser flow opens; the cockpit listens on a local callback and stores the token in `~/.mogplex/auth.json`. The user does the click-through; you do not drive the browser.
 
-Account-backed login unlocks synced model catalog, remote MCP server definitions, and hosted model access.
+Account-backed login unlocks synced model catalog, remote MCP server
+definitions, and plan-backed hosted model access.
 
-### Alternative: store a provider key in-app
+### Compatibility: provider env var
 
-In the login screen (or via `/login` in the composer), the user can pick **Use a provider API key** and paste a key. Stored in `~/.mogplex/auth.json` with mode `0600`.
+Provider env vars are compatibility and development escape hatches. They are
+not the normal customer setup path for billed Mogplex accounts.
 
-Supported providers: Anthropic, OpenAI, Google, Groq, Mistral, DeepSeek, xAI, Cohere, Vercel AI Gateway.
-
-### Alternative: provider env var
-
-For CI or ephemeral shells:
-
-```bash
-export OPENAI_API_KEY=sk-...
-mogplex
-```
-
-Do not write keys into shell rc files on the user's behalf. Suggest it; let them do it.
+Do not write keys into shell rc files on the user's behalf. If a user is
+explicitly working in a development or compatibility flow, describe the env-var
+override and let them set it themselves.
 
 ## Sanity-check env vars (advisory)
 
@@ -89,7 +70,7 @@ Never echo a raw key.
 | Symptom | What to recommend |
 | --- | --- |
 | Login screen appears at every launch | No credential stored and no env var set. Pick a path on the login screen. |
-| Login succeeds but prompts fail with "no model access" | Account-backed login is active but the hosted account lacks model access. Direct the user to [Web Settings](https://www.mogplex.com/web/settings) to add a provider key. |
+| Login succeeds but prompts fail with "no model access" | Account-backed login is active but the hosted account lacks model access. Direct the user to [Available Models](https://www.mogplex.com/web/models) and [Plans & Billing](https://www.mogplex.com/plans-and-billing). |
 | Cockpit behaves differently than expected after `/login` | An env var is overriding the stored credential. Have the user `unset` it and relaunch. |
 | User wants to switch accounts | Type `/logout` in the composer, then `/login` (or relaunch). |
 

diff --git a/content/docs/cli/skills/using-mogplex-cli.mdx b/content/docs/cli/skills/using-mogplex-cli.mdx
@@ -84,7 +84,7 @@ is it a config / file change?
 
 - Author `AGENTS.md` at the repo root with stable repo guidance (build commands, conventions, layout).
 - Author `~/.mogplex/projects/<repo-slug>/permissions.json` with `allow` / `deny` / `ask` rules — see [Permissions](https://www.mogplex.com/cli/concepts/permissions) for the schema.
-- Recommend env-var escape hatches (`MOGPLEX_TRANSPORT`, `MOGPLEX_ATTACH_RUN_ID`, provider keys) — see [Configuration and Flags](https://www.mogplex.com/cli/guides/configuration-and-flags).
+- Recommend env-var escape hatches (`MOGPLEX_TRANSPORT`, `MOGPLEX_ATTACH_RUN_ID`) only when they fit CI, attach, or development workflows — see [Configuration and Flags](https://www.mogplex.com/cli/guides/configuration-and-flags).
 
 ### Safety
 

diff --git a/content/docs/configure-and-extend/connections-and-mcp.mdx b/content/docs/configure-and-extend/connections-and-mcp.mdx
@@ -5,7 +5,7 @@ description: Configure REST and MCP connections, understand scope resolution, sy
 
 Connections are how Mogplex agents reach external systems.
 
-They are separate from provider model keys, GitHub App coverage, Slack channel
+They are separate from managed model access, GitHub App coverage, Slack channel
 links, and the preview path where other MCP clients call into Mogplex.
 
 ## Direction matters

diff --git a/content/docs/configure-and-extend/index.mdx b/content/docs/configure-and-extend/index.mdx
@@ -10,12 +10,12 @@ team, or local workflow needs.
   <Card
     title="Settings"
     href="/web/settings"
-    description="GitHub identity, App coverage, Personal Vercel, connections, provider keys, CLI tokens, models, and shared preferences."
+    description="GitHub identity, App coverage, billing access, connections, access tokens, models, and shared preferences."
   />
   <Card
     title="Available Models"
     href="/web/models"
-    description="Live model catalog, enabled models, defaults, provider access, CLI sync, and repo-level exclusions."
+    description="Live model catalog, enabled models, defaults, plan access, CLI sync, and repo-level exclusions."
   />
   <Card
     title="Agent Authoring"
@@ -45,7 +45,7 @@ team, or local workflow needs.
   <Card
     title="Security and Data Handling"
     href="/reference/security-and-data-handling"
-    description="Identity, tokens, provider keys, connection secrets, webhooks, event data, sandboxes, and safe support artifacts."
+    description="Identity, tokens, managed model access, connection secrets, webhooks, event data, sandboxes, and safe support artifacts."
   />
   <Card
     title="Installations"
@@ -81,7 +81,7 @@ team, or local workflow needs.
 
 ## Common configuration paths
 
-- Model or provider issue: start with [Available Models](/web/models), then
+- Model or account-access issue: start with [Available Models](/web/models), then
   check [Model Selection and Cost](/guides/model-selection-and-cost) and
   [Settings](/web/settings).
 - Durable worker behavior is hard to reuse: start with
@@ -96,8 +96,8 @@ team, or local workflow needs.
   [Connection Scope and Overrides](/web/guides/connection-scope-and-overrides).
 - Repo is visible but cannot trigger hosted work: start with
   [GitHub](/integrations/github) and [Installations](/web/installations).
-- Sandbox launch depends on a user-billed project: start with
-  [Vercel](/integrations/vercel), then confirm repo settings in
+- Sandbox launch reports missing access: start with
+  [Plans & Billing](/plans-and-billing), then confirm repo settings in
   [Projects](/web/spaces).
 - CLI asks for permission unexpectedly: start with
   [Permissions](/cli/concepts/permissions) and

diff --git a/content/docs/configure-and-extend/repo-instructions.mdx b/content/docs/configure-and-extend/repo-instructions.mdx
@@ -126,7 +126,7 @@ The current schema accepts:
 Use `system_prompt_suffix` only for short, durable behavior that belongs after
 the markdown instructions.
 
-For model routing, provider access, and tool policy, prefer the first-class
+For model routing, managed access, and tool policy, prefer the first-class
 Mogplex controls unless the specific surface you are using documents that it
 honors the `agent.json` field.
 

diff --git a/content/docs/guides/common-use-cases.mdx b/content/docs/guides/common-use-cases.mdx
@@ -153,7 +153,7 @@ Read next: [Agent Authoring](/configure-and-extend/agent-authoring).
 Start with [Projects](/web/spaces) when the repo is the unit of work.
 
 Use [Vercel](/integrations/vercel) when sandbox or preview behavior depends on
-a user-billed Vercel project, repository linkage, or environment synchronization.
+repository linkage, project metadata, or environment synchronization.
 
 Use [Sandboxes](/web/sandboxes) when you need to inspect live, pending, pinned,
 or stale sandbox state.