feat(docs): SEO/GEO sweep — sitelinks, JSON-LD, Y1 billing accuracy, cross-links

authentication.mdx

@@ -1,25 +1,44 @@
 ---
 title: "Authentication"
-description: "Authenticate Rendobar API requests with a Bearer API key. Same keys cover REST, MCP, and the CLI. OAuth available for MCP clients."
+description: "Authenticate API requests with a Bearer API key. Same keys cover REST, MCP, and the CLI. OAuth available for MCP clients with native support."
 sidebarTitle: "Authentication"
 icon: "key"
+keywords: ["rendobar authentication", "api key", "bearer token", "rb_ key", "mcp oauth", "rest api auth"]
 ---
 
+<script
+  type="application/ld+json"
+  dangerouslySetInnerHTML={{
+    __html: JSON.stringify({
+      "@context": "https://schema.org",
+      "@type": "TechArticle",
+      "@id": "https://rendobar.com/docs/authentication/#article",
+      "headline": "Authentication",
+      "description": "Authenticate API requests with a Bearer API key. Same keys cover REST, MCP, and the CLI.",
+      "datePublished": "2026-03-20",
+      "dateModified": "2026-05-24",
+      "author": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "publisher": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "isPartOf": { "@id": "https://rendobar.com/#website" }
+    })
+  }}
+/>
+
 Every Rendobar API request needs an API key in the `Authorization` header:
 
 ```bash
 curl https://api.rendobar.com/jobs \
-  -H "Authorization: Bearer rb_live_YOUR_KEY"
+  -H "Authorization: Bearer rb_YOUR_KEY"
 ```
 
-Keys start with `rb_live_` (production) or `rb_test_` (test mode). Get one from [app.rendobar.com](https://app.rendobar.com) → **Settings → API keys**. Test-mode jobs run end to end but don't consume credits.
+Keys start with `rb_`. Get one from [app.rendobar.com](https://app.rendobar.com) → **Settings → API keys**.
 
 ## Three credential types
 
 | Type | Where to use it |
 |---|---|
-| **API key** (`rb_live_*` / `rb_test_*`) | REST API, MCP, CLI in CI |
-| **Session cookie** (`rb_session`) | Dashboard browser sessions only — set automatically when you sign in |
+| **API key** (`rb_*`) | REST API, MCP, CLI in CI |
+| **Session cookie** (`rb_session`) | Dashboard browser sessions only (set automatically when you sign in) |
 | **OAuth 2.1 token** | MCP clients with native OAuth support, or the CLI's `rb login` browser flow |
 
 ## Use a key
@@ -28,20 +47,20 @@ Keys start with `rb_live_` (production) or `rb_test_` (test mode). Get one from
 
 ```bash cURL
 curl https://api.rendobar.com/jobs \
-  -H "Authorization: Bearer rb_live_YOUR_KEY"
+  -H "Authorization: Bearer rb_YOUR_KEY"
 ```
 
 ```javascript JavaScript
 const res = await fetch("https://api.rendobar.com/jobs", {
-  headers: { "Authorization": "Bearer rb_live_YOUR_KEY" },
+  headers: { "Authorization": "Bearer rb_YOUR_KEY" },
 });
 ```
 
 ```python Python
 import requests
 res = requests.get(
     "https://api.rendobar.com/jobs",
-    headers={"Authorization": "Bearer rb_live_YOUR_KEY"},
+    headers={"Authorization": "Bearer rb_YOUR_KEY"},
 )
 ```
 
@@ -54,13 +73,13 @@ Keys are scoped to an organization, not a user. Each key has a name. There's no
 ```bash
 # Create
 curl -X POST https://api.rendobar.com/api-keys \
-  -H "Authorization: Bearer rb_live_EXISTING_KEY" \
+  -H "Authorization: Bearer rb_EXISTING_KEY" \
   -H "Content-Type: application/json" \
   -d '{ "name": "CI Pipeline" }'
 
 # Revoke
 curl -X DELETE https://api.rendobar.com/api-keys/KEY_ID \
-  -H "Authorization: Bearer rb_live_YOUR_KEY"
+  -H "Authorization: Bearer rb_YOUR_KEY"
 ```
 
 Revoked keys return `401 UNAUTHORIZED` immediately.
@@ -69,9 +88,9 @@ Revoked keys return `401 UNAUTHORIZED` immediately.
 
 Every authenticated request resolves to:
 
-- `userId` — the authenticated user (when via session or OAuth)
-- `orgId` — the active organization
-- `plan` — current plan; controls rate limits, allowed job types, balance
+- `userId`: the authenticated user (when via session or OAuth)
+- `orgId`: the active organization
+- `plan`: current plan; controls [rate limits](/support/limits), allowed job types, [balance](/concepts/credits)
 
 Used for rate limiting, plan enforcement, and credit checks on every request.
 
@@ -95,3 +114,11 @@ HTTP `401`. Other auth-adjacent errors live in [Error codes](/support/errors).
 - [CLI authentication](/cli/authentication)
 - [MCP overview](/mcp/overview)
 - [Error codes](/support/errors)
+
+## Related
+
+- [Quickstart](/quickstart): submit your first job in under five minutes
+- [CLI authentication](/cli/authentication): `rb login` browser flow and CI key usage
+- [MCP overview](/mcp/overview): how API keys and OAuth work for AI agents
+- [Plan limits](/support/limits): rate limits and concurrency by plan
+- [Pricing](https://rendobar.com/pricing/): Free vs Pro and credit packs

changelog/2026-03-20.mdx

@@ -1,9 +1,36 @@
 ---
 title: "Documentation site launch, 2026-03-20"
-description: "Explore the initial docs launch: raw.ffmpeg reference, webhook guide, and MCP integration docs. Powered by Mintlify with an AI-optimized content layer."
+description: "View the initial docs launch with the raw.ffmpeg reference, webhook guide, and MCP integration docs. Powered by Mintlify with AI-optimized content."
 icon: "sparkles"
+keywords: ["rendobar changelog", "rendobar releases", "docs launch", "rendobar 2026"]
 ---
 
+<script
+  type="application/ld+json"
+  dangerouslySetInnerHTML={{
+    __html: JSON.stringify({
+      "@context": "https://schema.org",
+      "@type": "TechArticle",
+      "@id": "https://rendobar.com/docs/changelog/2026-03-20/#article",
+      "headline": "Documentation site launch, 2026-03-20",
+      "description": "Initial docs launch: raw.ffmpeg reference, webhook guide, and MCP integration docs.",
+      "datePublished": "2026-03-20",
+      "dateModified": "2026-05-24",
+      "author": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "publisher": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "isPartOf": { "@id": "https://rendobar.com/#website" }
+    })
+  }}
+/>
+
 <Update label="2026-03-20" description="Docs site live">
-Rendobar documentation is now live at [rendobar.com/docs](https://rendobar.com/docs). Includes the `raw.ffmpeg` reference, a webhooks guide, and MCP integration docs for AI agents. The site is powered by Mintlify with an interactive API playground and AI-optimized content.
+Rendobar documentation is now live at [rendobar.com/docs](https://rendobar.com/docs). Includes the [`raw.ffmpeg` reference](/job-types/raw-ffmpeg), a [webhooks guide](/guides/webhooks), and [MCP integration docs](/mcp/overview) for AI agents. The site is powered by Mintlify with an interactive API playground and AI-optimized content.
 </Update>
+
+## Related
+
+- [Quickstart](/quickstart): submit your first job in under five minutes
+- [raw.ffmpeg reference](/job-types/raw-ffmpeg): the live job type and its parameters
+- [MCP overview](/mcp/overview): connect any MCP-compatible agent to Rendobar
+- [Full release history](https://rendobar.com/changelog/): every shipped update on the marketing site
+- [Pricing](https://rendobar.com/pricing/): Free vs Pro and credit packs

cli/authentication.mdx

@@ -1,10 +1,28 @@
 ---
 title: "Authenticate the CLI"
-description: "Sign in via browser OAuth, paste an API key for non-interactive use, or set RENDOBAR_API_KEY for CI. Tokens auto-refresh."
+description: "Sign in via browser OAuth, paste an API key for non-interactive use, or set RENDOBAR_API_KEY for CI. Tokens auto-refresh every hour."
 icon: "key"
-keywords: ["rb login", "rendobar cli auth", "rendobar api key", "rendobar oauth"]
+keywords: ["rb login", "rendobar cli auth", "rendobar api key", "rendobar oauth", "rb whoami"]
 ---
 
+<script
+  type="application/ld+json"
+  dangerouslySetInnerHTML={{
+    __html: JSON.stringify({
+      "@context": "https://schema.org",
+      "@type": "TechArticle",
+      "@id": "https://rendobar.com/docs/cli/authentication/#article",
+      "headline": "Authenticate the CLI",
+      "description": "Sign in via browser OAuth, paste an API key for non-interactive use, or set RENDOBAR_API_KEY for CI.",
+      "datePublished": "2026-04-10",
+      "dateModified": "2026-05-24",
+      "author": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "publisher": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "isPartOf": { "@id": "https://rendobar.com/#website" }
+    })
+  }}
+/>
+
 The CLI reads credentials from three sources, in priority order:
 
 1. `RENDOBAR_API_KEY` environment variable
@@ -31,7 +49,7 @@ If port `14832` is in use, login fails fast. Use `--key` instead.
 For SSH sessions, headless containers, or any environment without a browser:
 
 ```bash
-rb login --key rb_live_xxxxxxxxxxxxxxxxxxxxxxxx
+rb login --key rb_xxxxxxxxxxxxxxxxxxxxxxxx
 ```
 
 The CLI verifies the key against the API, then saves it. Keys must start with `rb_`. Get one from [app.rendobar.com](https://app.rendobar.com) → Settings → API keys.
@@ -41,7 +59,7 @@ The CLI verifies the key against the API, then saves it. Keys must start with `r
 `RENDOBAR_API_KEY` beats any saved credential and writes nothing to disk:
 
 ```bash
-export RENDOBAR_API_KEY=rb_live_xxx
+export RENDOBAR_API_KEY=rb_xxx
 rb ffmpeg -i input.mp4 -c:v libx264 -crf 23 out.mp4
 ```
 
@@ -69,7 +87,7 @@ After OAuth login the file looks like:
 After `--key`:
 
 ```json
-{ "type": "apikey", "apiKey": "rb_live_..." }
+{ "type": "apikey", "apiKey": "rb_..." }
 ```
 
 Treat the file as a secret. The CLI does not chmod it for you.
@@ -89,10 +107,10 @@ rb logout
 rb login
 ```
 
-There's no profile system. To run a single command against a different account or test mode, set the env var inline:
+There's no profile system. To run a single command against a different account, set the env var inline:
 
 ```bash
-RENDOBAR_API_KEY=rb_test_xxx rb ffmpeg -i clip.mp4 -c:v libx264 out.mp4
+RENDOBAR_API_KEY=rb_xxx rb ffmpeg -i clip.mp4 -c:v libx264 out.mp4
 ```
 
 ## Sign out
@@ -123,3 +141,11 @@ Hits `/orgs/current` and prints org, plan, balance. Useful as a CI sanity check
 - [Commands](/cli/commands)
 - [CI/CD](/cli/ci-cd)
 - [Authentication (API)](/authentication)
+
+## Related
+
+- [API authentication](/authentication): keys, OAuth, and session cookies across REST and MCP
+- [Commands reference](/cli/commands): every `rb` flag and exit code
+- [CI/CD](/cli/ci-cd): full GitHub Actions and GitLab CI snippets
+- [Troubleshooting](/cli/troubleshooting): `invalid_grant`, port conflicts, and refresh failures
+- [CLI source repo](https://github.com/rendobar/cli): release tags and issues

cli/ci-cd.mdx

@@ -1,11 +1,29 @@
 ---
 title: "Use the CLI in CI/CD"
-description: "Install rb in GitHub Actions, GitLab CI, or Docker. Authenticate from a secret, pin a version, parse JSON output, verify provenance."
+description: "Install rb in GitHub Actions, GitLab CI, or Docker. Authenticate from a secret, pin a version, parse JSON output, verify build provenance."
 sidebarTitle: "CI/CD"
 icon: "infinity"
-keywords: ["rendobar github actions", "rendobar cli ci", "rendobar gitlab", "rendobar docker"]
+keywords: ["rendobar github actions", "rendobar cli ci", "rendobar gitlab", "rendobar docker", "rb ci secret"]
 ---
 
+<script
+  type="application/ld+json"
+  dangerouslySetInnerHTML={{
+    __html: JSON.stringify({
+      "@context": "https://schema.org",
+      "@type": "TechArticle",
+      "@id": "https://rendobar.com/docs/cli/ci-cd/#article",
+      "headline": "Use the CLI in CI/CD",
+      "description": "Install rb in GitHub Actions, GitLab CI, or Docker. Authenticate from a secret, pin a version, parse JSON output.",
+      "datePublished": "2026-04-10",
+      "dateModified": "2026-05-24",
+      "author": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "publisher": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "isPartOf": { "@id": "https://rendobar.com/#website" }
+    })
+  }}
+/>
+
 Three rules for any CI: pin the CLI version, authenticate from a secret, pick an output mode you can parse.
 
 ## GitHub Actions
@@ -90,10 +108,10 @@ docker run --rm -v $(pwd):/work -w /work \
 
 ## Authenticate from a secret
 
-`RENDOBAR_API_KEY` is the only auth path for CI. It beats any saved credential and writes nothing to disk. Don't run `rb login` in CI — the browser flow will hang.
+`RENDOBAR_API_KEY` is the only auth path for CI. It beats any saved credential and writes nothing to disk. Don't run `rb login` in CI. The browser flow will hang.
 
 ```bash
-export RENDOBAR_API_KEY=rb_live_xxx
+export RENDOBAR_API_KEY=rb_xxx
 rb whoami      # confirm before running anything else
 ```
 
@@ -149,3 +167,11 @@ The CLI does not expose `--idempotency-key`. If a retried CI step shouldn't doub
 - [Authentication](/cli/authentication)
 - [Commands](/cli/commands)
 - [Troubleshooting](/cli/troubleshooting)
+
+## Related
+
+- [CLI overview](/cli/overview): pick between CLI, SDK, and raw HTTP
+- [Authentication](/cli/authentication): `RENDOBAR_API_KEY` as the only CI-safe auth path
+- [Commands reference](/cli/commands): exit codes for boolean assertions
+- [raw.ffmpeg reference](/job-types/raw-ffmpeg): the API the CLI invokes per run
+- [Changelog](https://rendobar.com/changelog/): pin a release tag with confidence

cli/commands.mdx

@@ -1,12 +1,30 @@
 ---
 title: "Commands reference"
-description: "Every rb command, every flag, every exit code. Covers ffmpeg, login, logout, whoami, doctor, and update."
+description: "View every rb command, flag, and exit code. Covers ffmpeg, login, logout, whoami, doctor, and update across 6 subcommands."
 sidebarTitle: "Commands"
 icon: "list"
-keywords: ["rb commands", "rendobar cli reference", "rb ffmpeg flags", "rb exit codes"]
+keywords: ["rb commands", "rendobar cli reference", "rb ffmpeg flags", "rb exit codes", "rb doctor"]
 mode: "wide"
 ---
 
+<script
+  type="application/ld+json"
+  dangerouslySetInnerHTML={{
+    __html: JSON.stringify({
+      "@context": "https://schema.org",
+      "@type": "TechArticle",
+      "@id": "https://rendobar.com/docs/cli/commands/#article",
+      "headline": "Commands reference",
+      "description": "Every rb command, every flag, every exit code.",
+      "datePublished": "2026-04-10",
+      "dateModified": "2026-05-24",
+      "author": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "publisher": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "isPartOf": { "@id": "https://rendobar.com/#website" }
+    })
+  }}
+/>
+
 Reference for every `rb` command. Use the [overview](/cli/overview) for narrative.
 
 ## Global flags
@@ -73,7 +91,7 @@ Runs FFmpeg in the cloud. Pass real FFmpeg arguments after the subcommand. Globa
 
 Local input files (`-i ./clip.mp4`) upload automatically before submission and are rewritten to short-lived URLs. Remote inputs (`-i https://...`) pass through as-is.
 
-The trailing positional argument (the FFmpeg output filename) is the local path the result downloads to. With `--no-wait` no download happens — only the job ID prints.
+The trailing positional argument (the FFmpeg output filename) is the local path the result downloads to. With `--no-wait` no download happens. Only the job ID prints.
 
 Job-failure exits `1` and writes the API error to stderr. Insufficient credits exits `2` with a top-up link.
 
@@ -111,7 +129,7 @@ Credential paths and storage details: [Authentication](/cli/authentication).
 
 ```bash
 rb login
-rb login --key rb_live_xxx
+rb login --key rb_xxx
 ```
 
 ---
@@ -164,3 +182,11 @@ Exits `2` if not authenticated, `1` if the API call fails.
 - [Authentication](/cli/authentication)
 - [CI/CD](/cli/ci-cd)
 - [Troubleshooting](/cli/troubleshooting)
+
+## Related
+
+- [CLI overview](/cli/overview): narrative quickstart for `rb ffmpeg`
+- [Authentication](/cli/authentication): `rb login` flow and credential storage
+- [CI/CD](/cli/ci-cd): parse `--json` output and authenticate from a secret
+- [raw.ffmpeg reference](/job-types/raw-ffmpeg): the underlying API call
+- [Changelog](https://rendobar.com/changelog/): release notes for every `rb` version

cli/installation.mdx

@@ -1,10 +1,28 @@
 ---
 title: "Install the CLI"
-description: "Install the rb binary on macOS, Linux, or Windows. Pin a version, change the install path, run inside Docker, or uninstall."
+description: "Install the rb binary on macOS, Linux, or Windows in one command. Pin a version, change the install path, run inside Docker, or uninstall."
 icon: "download"
-keywords: ["install rendobar cli", "rb install", "rendobar windows install", "rendobar docker"]
+keywords: ["install rendobar cli", "rb install", "rendobar windows install", "rendobar docker", "rb doctor"]
 ---
 
+<script
+  type="application/ld+json"
+  dangerouslySetInnerHTML={{
+    __html: JSON.stringify({
+      "@context": "https://schema.org",
+      "@type": "TechArticle",
+      "@id": "https://rendobar.com/docs/cli/installation/#article",
+      "headline": "Install the CLI",
+      "description": "Install the rb binary on macOS, Linux, or Windows in one command.",
+      "datePublished": "2026-04-10",
+      "dateModified": "2026-05-24",
+      "author": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "publisher": { "@type": "Organization", "@id": "https://rendobar.com/#organization" },
+      "isPartOf": { "@id": "https://rendobar.com/#website" }
+    })
+  }}
+/>
+
 Install the `rb` binary in one command, on any of the three supported platforms.
 
 <Tabs>
@@ -123,3 +141,11 @@ The uninstaller removes the binary and the PATH entry. Add `RENDOBAR_PURGE=1` to
 - [Troubleshooting](/cli/troubleshooting)
 
 For version history and release notes, see the [changelog](https://rendobar.com/changelog/).
+
+## Related
+
+- [CLI overview](/cli/overview): what the `rb` binary does and when to pick it
+- [Authentication](/cli/authentication): `rb login`, API keys, CI credentials
+- [CI/CD](/cli/ci-cd): pin a version and authenticate from a secret
+- [Troubleshooting](/cli/troubleshooting): install, PATH, and Gatekeeper fixes
+- [Changelog](https://rendobar.com/changelog/): version history and release notes