Use this workflow when the user is setting up the MetaMask Agentic CLI for the first time.
Reference command syntax in references/auth.md and references/wallet.md.
- Check CLI installation.
- Login.
- Initialize wallet mode.
- Verify readiness.
- Show wallet address.
mm --versionIf this fails, the CLI is not installed. Guide the user to install it with npm install -g @metamask/agentic-cli@latest before proceeding.
Then run the version compatibility check from the skill Preflight section: compare the installed major.minor against the pinned cliVersion and the latest published release, and warn the user if they are out of sync.
Ask the user which login method they want to use: MetaMask Mobile QR or browser (Google or Email). QR (mm login qr) is available on non-production builds (dev/uat); on production it returns COMING_SOON, so fall back to browser login there.
mm login browser --no-waitUse --no-wait for non-interactive environments. The command prints a sign-in URL; the user completes sign-in in the browser using Google or Email.
Once the user completes sign-in, verify with:
mm login --token "<TOKEN>"First check whether the project is already initialized with mm doctor (read its initialized boolean):
mm doctorIf initialized is true, skip this step.
For server-wallet mode, if the account already has a remote wallet, mm init syncs it and reuses the existing trading mode — no trading-mode prompt.
Otherwise, ask the user which wallet mode they want:
server-wallet(recommended) — keys are hosted by MetaMask infrastructure. No need to manage private keys or mnemonics.byok— bring your own mnemonic. The user manages their own keys locally.
Ask the user which trading mode they want (server-wallet only):
guard— enforces outflow and whitelist policies. When a policy is violated, the CLI requires MFA confirmation before proceeding.beast— skips all policy checks and confirmations. Useful for scripting or experienced users who want faster execution.
Server wallet:
mm init --wallet server-wallet --mode guardBYOK:
Never pass --mnemonic or --password as inline flags. Always instruct the user to set environment variables instead.
export MM_MNEMONIC="word1 word2 ..."
mm init --wallet byokIf the user wants to encrypt their mnemonic with a password during init:
export MM_MNEMONIC="word1 word2 ..."
export MM_PASSWORD="mypassword"
mm init --wallet byokIf the mnemonic was stored unencrypted, suggest setting a password afterward:
mm wallet password setOnce the mnemonic is encrypted, all subsequent operations that need the private key require the MM_PASSWORD environment variable to be set. Never instruct the user to pass --password inline.
mm doctorConfirm mm doctor reports both authenticated: true and initialized: true with no blocking hints before proceeding. (mm auth status reports only authentication and does not reflect initialization, so it cannot confirm readiness on its own.)
mm wallet address