// Use when installing MCP packages and configuring Claude-side MCP registration, hooks, permissions, IDE extension mode, and migrations.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | ln-012-mcp-configurator |
| description | Use when installing MCP packages and configuring Claude-side MCP registration, hooks, permissions, IDE extension mode, and migrations. |
| license | MIT |
Paths: File paths (
references/) are relative to this skill directory.
Type: L3 Worker Category: 0XX Shared
Invocation is agent-agnostic. Target surfaces are Claude-specific: this skill configures Claude Code MCP settings, hook/style sync, permissions, and Claude Code IDE extension permission mode.
MANDATORY READ: Load references/coordinator_summary_contract.md, references/environment_worker_runtime_contract.md, and references/worker_runtime_contract.md
Target MCP availability is not a precondition for this worker. If a server is not connected yet, use config files, package metadata, and CLI state to continue registration and cleanup work; report provider checks or live verification as skipped when they cannot run without MCP.
| Direction | Content |
|---|---|
| Input | OS info, dry_run flag, optional apply_ide_override flag (default false — Phase 6b is detection-only without it), optional runId, optional summaryArtifactPath |
| Output | Structured summary envelope with payload.status = completed / skipped / error, plus per-server outcomes in changes / detail, plus IDE extension state in payload.ide_extension |
If summaryArtifactPath is provided, write the same summary JSON there. If not provided, return the summary inline and remain fully standalone. If runId is not provided, generate a standalone run_id before emitting the summary envelope.
Runtime family: environment-worker-runtime
Phase profile:
PHASE_0_CONFIGPHASE_1_CHECK_STATUS_AND_VERSIONPHASE_2_REGISTER_AND_CONFIGUREPHASE_3_VERIFY_GRAPH_PROVIDER_DEPSPHASE_4_HOOKS_AND_OUTPUT_STYLEPHASE_5_GRAPH_INDEXINGPHASE_6_MIGRATE_ALLOWED_TOOLSPHASE_7_PERMISSION_SURFACESPHASE_8_WRITE_SUMMARYPHASE_9_SELF_CHECKRuntime rules:
summary_kind=env-mcp-configrun_id and write the default worker-family artifact pathrunId and summaryArtifactPath and must write the summary to the exact provided pathAlways build a structured env-mcp-config summary envelope per:
references/coordinator_summary_contract.mdreferences/environment_worker_runtime_contract.mdPayload fields:
serverspermissionside_extensionhooks_syncedoutput_style_syncedallowed_tools_migratedgraph_provider_statusstatusTwo transport types: stdio (local process) and HTTP (cloud endpoint).
| Server | Transport | Install | Required | API Key |
|---|---|---|---|---|
| hex-line | stdio | npx -y @levnikolaevich/hex-line-mcp | Yes | No |
| hex-ssh | stdio | npx -y @levnikolaevich/hex-ssh-mcp | No | No |
| hex-graph | stdio | npx -y @levnikolaevich/hex-graph-mcp | No | No |
| hex-research | stdio | npx -y @levnikolaevich/hex-research-mcp | No | No |
| context7 | HTTP | https://mcp.context7.com/mcp | Yes | Optional |
| Ref | HTTP | https://api.ref.tools/mcp | Yes | Yes (prompt user) |
| linear | HTTP | https://mcp.linear.app/mcp | Ask user | No (OAuth) |
Check Status & Version → Register & Configure → Verify Graph Provider Deps → Hooks → Permissions → IDE Extension Mode → Migrate → Report
Smart install: check MCP status AND package drift. npx -y caches aggressively — a connected server may still be backed by an older cached package.
Step 1a: Check MCP server status
Run claude mcp list -> parse each hex server:
| Server | Status | Action |
|---|---|---|
| Registered + Connected | Working | Check version (Step 1b) |
| Registered + Disconnected | Broken | Re-register (Phase 2) |
| Not registered | Missing | Register in Phase 2 |
Step 1b: Version check for connected hex- servers*
For each connected published hex server, run in parallel:
npm view @levnikolaevich/${PKG} version 2>/dev/null
Then compare npm latest against the running local version:
npm config get cache -> scan {cacheRoot}/_npx/**/node_modules/@levnikolaevich/${PKG}/package.json -> pick newest by semver/mtimeUse the npx cache version. If probe returns nothing, report running=unknown and treat the server as refresh-recommended rather than claiming it is current.
Note: published hex packages run via npx -y, NOT global install. Never probe global npm paths.
| npm latest | cached local version | Action |
|---|---|---|
| Same | Same | SKIP |
| Newer | Older | Mark "needs update" -> Phase 2 re-registers |
| Unknown | Any | WARN, proceed |
Skip conditions:
| Condition | Action |
|---|---|
disabled: true | SKIP |
dry_run: true | Show planned commands |
| Connected + cached local version matches npm latest | SKIP, report version |
One pass: use Phase 1 state (do NOT re-run claude mcp list) -> remove unsupported -> register/update -> verify.
~/.claude.json + ~/.claude/settings.json| Unsupported Server | Action |
|---|---|
| hashline-edit | Remove if found |
| pencil | Remove if found |
| lighthouse | Remove if found |
| playwright | Remove if found |
| browsermcp | Remove if found |
dry_run: true -> show planned commandRegistration commands (OS-dependent prefix):
| OS | Prefix | Why |
|---|---|---|
| Windows (bash/MSYS2) | MSYS_NO_PATHCONV=1 claude mcp add ... -- cmd /c npx | MSYS2/Git Bash converts /c -> C:/ in args. MSYS_NO_PATHCONV=1 prevents this |
| Windows (PowerShell/cmd) | cmd /c npx | No path conversion issue in native shells |
| macOS / Linux | npx | Direct execution |
| Server | Command (Windows bash — always prefix with MSYS_NO_PATHCONV=1) |
|---|---|
| hex-line | MSYS_NO_PATHCONV=1 claude mcp add -s user hex-line -- cmd /c npx -y @levnikolaevich/hex-line-mcp |
| hex-ssh | MSYS_NO_PATHCONV=1 claude mcp add -s user hex-ssh -- cmd /c npx -y @levnikolaevich/hex-ssh-mcp |
| hex-graph | MSYS_NO_PATHCONV=1 claude mcp add -s user hex-graph -- cmd /c npx -y @levnikolaevich/hex-graph-mcp |
| hex-research | MSYS_NO_PATHCONV=1 claude mcp add -s user hex-research -- cmd /c npx -y @levnikolaevich/hex-research-mcp |
| context7 | claude mcp add -s user --transport http context7 https://mcp.context7.com/mcp |
| Ref | claude mcp add -s user --transport http Ref https://api.ref.tools/mcp |
| linear | claude mcp add -s user --transport http linear-server https://mcp.linear.app/mcp |
claude mcp list -> check all registered show Connected. This is the only second claude mcp list call (post-mutation verify). Retry + report failures.Windows MSYS2 path validation (MANDATORY on win32):
After registration, read ~/.claude.json -> verify each hex server's args[0] is "/c" not "C:/".
If corrupted: fix via mcp__hex-line__edit_file (set_line the arg to "/c").
Error handling:
| Error | Response |
|---|---|
claude CLI not found | FAIL, report "Claude CLI not in PATH" |
| Server already exists | SKIP, report "already configured" |
| Connection failed after add | WARN, report detail from claude mcp list |
| API key missing (Ref) | Prompt user for key, skip if declined |
MANDATORY READ: Load references/hex_graph_provider_matrix.md and references/stack_detection.md.
After registration + connection, verify only the extra system binaries or packages needed for fuller MCP behavior. Assume the project already has its own runtimes and app dependencies. This phase does NOT install project dependencies, framework packages, or runtimes.
Step 1: Identify which servers are connected Reuse Phase 2 verification state. Only check deps for connected hex-* servers.
Step 2: Verify hex-line-mcp dependencies
| Dependency | Check | Required | Auto-fix | Fallback |
|---|---|---|---|---|
| ripgrep | rg --version | Yes | See install table | grep_search fails |
| git | git --version | No | Inform only | changes tool disabled |
Ripgrep install by platform:
| Platform | Command |
|---|---|
| Linux (apt) | sudo apt-get install -y ripgrep |
| Linux (yum) | sudo yum install -y ripgrep |
| macOS | brew install ripgrep |
| Windows (winget) | winget install BurntSushi.ripgrep.MSVC |
| Windows (scoop) | scoop install ripgrep |
| Fallback (npm) | npm exec --yes -- @vscode/ripgrep-postinstall |
If rg --version fails: ask user whether to auto-install (suggest platform-appropriate command). If user declines, WARN but continue — hex-line will degrade on grep.
Step 2a: EOL-risk advisory for hex-line
Inspect repo and user EOL policy, but do not rewrite it here:
.gitattributes for eol= / text=auto.editorconfig for end_of_linegit config --get core.autocrlfgit config --get core.eolgit config --get core.safecrlfReport WARN when repo policy and user working-tree policy are likely to churn line endings during normal edits. This is advisory only — do not auto-edit repo policy files in ln-012.
Step 3: Detect current project language(s) for hex-graph
Detect from the current project root only:
docs/project/tech_stack.md if presentUse framework markers only to confirm language:
| Framework hint | Language |
|---|---|
| FastAPI, Django, Flask | Python |
| ASP.NET Core | C# |
| Laravel | PHP |
| React, Next.js, Express, NestJS | JavaScript / TypeScript |
If no relevant language is detected for hex-graph, skip the optional provider checks and report SKIP.
Step 4: Verify hex-graph-mcp graph-specific providers and SCIP exporters
Use the MCP tool install_graph_providers from hex-graph-mcp as the source of truth:
mode: "check"instructions_for_agent output as the remediation textmode: "install"| Detected project language | Tool | Check | Required | Auto-fix | Fallback |
|---|---|---|---|---|---|
| JavaScript / TypeScript | None | None | No | None | Embedded TypeScript precise overlay and SCIP export are already available |
| Python | basedpyright | basedpyright-langserver --version | No | pip install basedpyright | Python precise analysis skipped |
| Python | scip-python | scip-python index --help | No | Windows: npm install -g github:levnikolaevich/scip-python#fix/windows-path-sep-regex; macOS/Linux: npm install -g @sourcegraph/scip-python | Python export_scip skipped |
| C# | csharp-ls | csharp-ls --version | No | dotnet tool install -g csharp-ls | C# precise analysis skipped |
| C# | scip-dotnet | scip-dotnet --help | No | dotnet tool install -g scip-dotnet | C# export_scip skipped |
| PHP | phpactor | phpactor --version | No | Project-specific PHP install path | PHP precise analysis skipped |
| PHP | scip-php | scip-php --help or php vendor/bin/scip-php --help | No | composer global config repositories.levnikolaevich-scip-php vcs https://github.com/levnikolaevich/scip-php then composer global require davidrjenni/scip-php:dev-fix/windows-runtime-fixes --prefer-source | PHP export_scip skipped |
For hex-graph, think only about graph-specific providers and optional SCIP exporters:
basedpyright, csharp-ls, phpactor, scip-python, scip-dotnet, and scip-php when their language is detectedscip-python install on Windows until the upstream Windows fix is releasedHEX_GRAPH_SCIP_PYTHON_BINARY when a patched Python SCIP binary lives outside the default PATHscip-php fork for PHP SCIP export when project-local Composer install is blocked or the upstream binary emits an empty artifactpython, .NET, php, fastapi, django, laravel, nestjs, or any project dependencyStep 5: Verify hex-ssh-mcp dependencies
No system dependencies (pure JS ssh2). Skip.
Step 6: Report dependency table
Print table with columns: Server | Dependency | Status | Action.
| Status | Meaning |
|---|---|
| OK | Available and functional |
| INSTALLED | Was missing, auto-installed |
| WARN | Missing, user declined install |
| SKIP | Not needed for detected project language(s) |
| FAIL | Required, cannot install |
Error handling:
| Error | Response |
|---|---|
| Required dep missing + user declines | WARN, continue with degraded functionality |
| Auto-install fails | WARN, show manual install instructions |
| Optional dep missing | INFO, note in report |
For hex-graph, also report the detected language(s) that drove the provider/exporter checks.
Do NOT call setup_hooks. hex-line now auto-syncs hooks and output style on MCP server startup.
After all Phase 2 registrations complete:
hex-line call to start the server, for example mcp__hex-line__inspect_path({ path: "{project_path}" })Hooks (in ~/.claude/settings.json):
PreToolUse hook — redirects built-in Read/Edit/Write/Grep/Glob to hex-line equivalents (Glob -> inspect_path(pattern=...))PostToolUse hook — compresses verbose tool output (RTK filter)SessionStart hook — injects MCP Tool Preferences reminderdisableAllHooks: After verifying hooks are synced, read ~/.claude/settings.json, set disableAllHooks: false (merge, preserve all other fields), write back. This is appropriate here because the user explicitly invoked setup and wants hooks active. autoSync does NOT manage this flag — it only syncs hook file content and entries.Output Style:
5. Copies output-style.md to ~/.claude/output-styles/hex-line.md
6. Sets outputStyle: "hex-line" if no style is active (preserves existing style)
Verification: Confirm all of the following after the first hex-line tool call:
~/.claude/settings.json contains the 3 hex-line hook entries with current command pathdisableAllHooks: false (set explicitly by this skill, not by autoSync)~/.claude/output-styles/hex-line.md exists and matches package contentoutputStyle: "hex-line" is set only when no other style was already activeHex-line workflow reminder: the synced output style must teach all of the following:
revision into same-file follow-up edits as base_revisionverify before delayed or mixed-tool follow-up edits on the same fileretry_edit, retry_edits, retry_checksum, and retry_plan directlyedit_file should silently normalizeNote: autosync is idempotent. Any later hex-line startup re-checks installed hook and style content and updates only when they drift.
After hex-graph registration + connected status:
mcp__hex-graph__index_project({ path: "{project_path}" }) — build initial code knowledge graphmcp__hex-graph__index_project({ path: "{project_path}" }) — the indexing path is idempotent and refreshes changed files onlySkip if hex-graph not registered or not connected.
Scan project commands/skills to replace built-in tools with hex-line equivalents in allowed-tools frontmatter.
Tool mapping:
| Built-in | Hex equivalent |
|---|---|
Read | mcp__hex-line__read_file |
Edit | mcp__hex-line__edit_file |
Write | mcp__hex-line__write_file |
Grep | mcp__hex-line__grep_search |
Glob | mcp__hex-line__inspect_path |
Steps:
.claude/commands/*.md via mcp__hex-line__inspect_path(path=".claude/commands", pattern="*.md", max_entries=0) and .claude/skills/*/SKILL.md via mcp__hex-line__inspect_path(path=".claude/skills", pattern="SKILL.md", max_entries=0)allowed-toolsRead and Bash)
b. If built-in present AND hex equivalent already present -> remove built-in (except Read and Bash)
c. Preserve ALL existing mcp__* tools not in the replacement tableSkip conditions:
| Condition | Action |
|---|---|
No .claude/ directory | Skip entire phase |
File has no allowed-tools | Skip file |
| All hex equivalents present | Skip file, report "already migrated" |
dry_run: true | Show planned changes |
Instruction files and MCP Tool Preferences content are owned by ln-014-agent-instructions-manager. This skill must not create or rewrite CLAUDE.md or AGENTS.md.
Ensure built-in tools and MCP server prefixes are in ~/.claude/settings.json -> permissions.allow[].
Built-in tools (ensure present):
| Tool | Permission entry |
|---|---|
| Bash | Bash |
| Read | Read |
| Write | Write |
| Edit | Edit |
| Grep | Grep |
| WebSearch | WebSearch |
| WebFetch | WebFetch |
MCP servers (per configured):
| Server | Permission entry |
|---|---|
| hex-line | mcp__hex-line |
| hex-ssh | mcp__hex-ssh |
| hex-graph | mcp__hex-graph |
| hex-research | mcp__hex-research |
| context7 | mcp__context7 |
| Ref | mcp__Ref |
| linear | mcp__linear-server |
~/.claude/settings.json (create if missing: {"permissions":{"allow":[]}})Bash, Read, Write, Edit, Grep, WebSearch, WebFetch, and each mcp__{name}):
Bash(gh repo:*), Bash(node ...), WebFetch(domain:docs.github.com)), remove them — the universal entry covers allentry.startsWith("Tool(") → remove if universal Tool will be addedIdempotent: existing universal entries skipped. Only specific sub-entries are consolidated into universal ones.
The Claude Code IDE extension (Cursor / VSCode) has its own claudeCode.initialPermissionMode setting that overrides permissions.defaultMode from ~/.claude/settings.json when Claude runs through the IDE. Default value is "default" — this silently ignores any project-level bypassPermissions from .claude/settings.local.json. To actually enable bypass when running through the IDE, two extension settings must be set together.
This phase is detection-first. It does NOT modify IDE settings without explicit user consent because permission mode is a security decision and IDE settings are vendor-specific.
Step 1: Detect installed Claude Code IDE extensions
| IDE | Extensions directory | User settings path (Windows) | User settings path (macOS) | User settings path (Linux) |
|---|---|---|---|---|
| Cursor | ~/.cursor/extensions/anthropic.claude-code-* | %APPDATA%/Cursor/User/settings.json | ~/Library/Application Support/Cursor/User/settings.json | ~/.config/Cursor/User/settings.json |
| VSCode | ~/.vscode/extensions/anthropic.claude-code-* | %APPDATA%/Code/User/settings.json | ~/Library/Application Support/Code/User/settings.json | ~/.config/Code/User/settings.json |
For each IDE: glob the extensions directory for anthropic.claude-code-*. If at least one match exists, the extension is installed.
Step 2: Read package.json from extension to enumerate claudeCode.* settings
The relevant keys (verified against extension package.json contributes.configuration.properties):
| Setting key | Type | Default | Effect |
|---|---|---|---|
claudeCode.initialPermissionMode | string enum | "default" | Sets --permission-mode flag at session start. Enum: default, acceptEdits, plan, bypassPermissions |
claudeCode.allowDangerouslySkipPermissions | boolean | false | Hard gate — must be true for bypassPermissions to actually engage. Anthropic's explicit guard for IDE contexts |
Step 3: Read user settings JSON for each detected IDE and report current state
| Detected state | Effective behavior | Reported as |
|---|---|---|
initialPermissionMode absent OR "default", allowDangerouslySkipPermissions absent OR false | Standard prompt-based permissions, project defaultMode IGNORED | default-prompt |
initialPermissionMode = "acceptEdits" | File ops auto-approve, Bash still prompts | accept-edits |
initialPermissionMode = "plan" | Plan mode forced (no execution) | plan-only |
initialPermissionMode = "bypassPermissions", allowDangerouslySkipPermissions = true | Bypass active | bypass-active |
initialPermissionMode = "bypassPermissions", allowDangerouslySkipPermissions = false | Misconfigured — user wanted bypass but gate is closed; falls back to default | bypass-blocked |
Always include in the report: a one-line explanation of why .claude/settings.local.json defaultMode is silently ignored when running via IDE extension.
Step 4: Cross-check against .claude/settings.json and .claude/settings.local.json defaultMode
If user's project settings declare permissions.defaultMode = "bypassPermissions" but the IDE extension is in default-prompt or bypass-blocked state → emit a WARN in the summary explaining the override:
WARN: Project
.claude/settings.local.jsondeclaresdefaultMode: bypassPermissions, but the Claude Code IDE extension for {IDE} forces--permission-mode {detected}at session start. The project setting is ignored when running through the IDE. To align them, run this skill withapply_ide_override=trueand confirm at the prompt, or manually setclaudeCode.initialPermissionModeandclaudeCode.allowDangerouslySkipPermissionsin {settings_path}.
Step 5: Optional remediation (only with explicit user consent)
This phase only writes IDE settings when the caller passes apply_ide_override=true (a separate flag distinct from the main dry_run). Even with the flag, the skill MUST prompt the user with a single confirmation question listing exactly which keys will change in which file.
When applying changes:
settings.json.bak.{timestamp} before any writeclaudeCode.* key (preferredLocation, useTerminal, respectGitIgnore, etc.) and every non-claudeCode.* keybypassPermissions: set claudeCode.allowDangerouslySkipPermissions: true AND claudeCode.initialPermissionMode: "bypassPermissions"acceptEdits: set claudeCode.initialPermissionMode: "acceptEdits" (gate not required)default: remove both keys (or set to false / "default")Skip conditions:
| Condition | Action |
|---|---|
| No Claude Code IDE extension found | SKIP entire phase, report no-ide |
dry_run: true | Detect + report only, no writes (same as default behavior) |
apply_ide_override flag absent | Detect + report only, do NOT prompt user |
| User declines remediation prompt | SKIP write, log decision in summary |
Project .claude/settings*.json does not declare defaultMode | INFO: report extension state but no WARN (no conflict to resolve) |
Why this phase is detection-first by default:
bypassPermissions is a security-sensitive choice; Anthropic explicitly guarded it with allowDangerouslySkipPermissions for IDE contexts (intended for sandboxes without internet)acceptEdits in Cursor for daily work, bypassPermissions in a separate VSCode profile for sandbox automation)Status table:
MCP Configuration:
| Server | Transport | Version | Status | Permission | Detail |
|-----------|-----------|---------|---------------|------------|-------------------------|
| hex-line | stdio | 1.5.0 | configured | granted | npx package (hex-line-mcp) |
| hex-ssh | stdio | 1.2.0 | updated | granted | was 1.1.6, now 1.2.0 |
| hex-research | stdio | 0.1.0 | configured | granted | npx package (hex-research-mcp) |
| context7 | HTTP | — | configured | granted | mcp.context7.com |
| Ref | HTTP | — | configured | granted | api.ref.tools (key set) |
| linear | HTTP | — | skipped | skipped | user declined |
IDE Extension Permission Mode:
| IDE | Extension Version | initialPermissionMode | allowDangerouslySkipPermissions | Effective State | Conflict with project defaultMode |
|---------|-------------------|-----------------------|---------------------------------|-----------------|-----------------------------------|
| Cursor | 2.1.92 | bypassPermissions | true | bypass-active | aligned |
| VSCode | (not installed) | — | — | no-ide | n/a |
claude mcp add. Write to ~/.claude/settings.json ONLY for permissions (permissions.allow[]) or when explicit hook/style verification requires correction after autosync failsclaude mcp list after registration to confirm connectionnpm i -g — npx provides process isolation and avoids EBUSY on Windows. On Windows, wrap packages with cmd /c npx (see Phase 2 OS prefix table).mcp__{server} to user settingsclaude mcp list calls. Phase 1 runs it once (discovery). Phase 2 reuses that data. Only Phase 2 Step 4 runs it again (post-mutation verify). Max 2 calls totalclaude mcp add with MSYS_NO_PATHCONV=1. After registration, verify args[0] in .claude.json is "/c" not "C:/". Fix inline if corrupted..gitattributes, .editorconfig, or Git config suggest working-tree line-ending rewrites, warn explicitly instead of silently changing repo policy here.claudeCode.* keys from Cursor / VSCode user settings and reports the effective permission mode, but never writes IDE settings without apply_ide_override=true AND an explicit user prompt confirmation. IDE settings are vendor-specific and changing bypassPermissions is a security decision the user must own.| DON'T | DO |
|---|---|
Write arbitrary fields to ~/.claude.json | Use claude mcp add for servers; rely on hex-line startup autosync for hooks/style |
| Skip verification after add | Always check claude mcp list after mutations |
| Auto-add optional servers | Ask user for Linear and other optional servers |
| Leave unsupported servers | Remove hashline-edit, pencil, etc. |
| Calculate token budget | Not this worker's responsibility |
Run claude mcp list in every phase | Run once in Phase 1, reuse in Phase 2, verify once after mutations |
| Assume connected = up to date | Check npm view version vs newest cached npx package version |
| Assume hooks/style are ready right after registration | Trigger one harmless hex-line tool call, then verify autosync results |
Run claude mcp add without MSYS_NO_PATHCONV on Windows bash | Always MSYS_NO_PATHCONV=1 claude mcp add ... or verify+fix args after |
| Skip provider verification for hex-graph | Detect project language(s) first, then verify only relevant graph-specific providers and SCIP exporters |
| Auto-install project/framework/runtime packages | Limit this phase to MCP-relevant graph providers and SCIP exporters, and ask user before install |
| Overwrite entire config file with only known fields | Read existing → deep-merge only owned fields → edit back |
Silently flip claudeCode.initialPermissionMode to bypassPermissions because the project asked for it | Detect, WARN about the override, require apply_ide_override=true AND explicit user confirmation before writing IDE settings |
Set initialPermissionMode = "bypassPermissions" without also setting allowDangerouslySkipPermissions = true | Both keys are required together — without the gate the mode silently degrades to default |
Treat IDE bypassPermissions as a substitute for Codex CLI defaults | Keep Codex execution-default ownership in ln-013-config-syncer |
Mutate ~/.codex/config.toml from this worker because it is also permission-related | Route the actual Codex CLI alignment to ln-013-config-syncer |
| Tell user to use Reload Window after changing IDE settings | Always tell user to fully Quit + reopen — extension reads settings only at activation, not on Reload Window |
hex-line startup (PreToolUse, PostToolUse, SessionStart, ConfigChange, PermissionDenied) and disableAllHooks: false (Phase 3). MCP config notes: _meta["anthropic/maxResultSizeChars"] up to 500K for large tool results (Claude Code 2.1.91); MCP_CONNECTION_NONBLOCKING env var for -p mode (2.1.89); disableSkillShellExecution setting prevents skill shell execution (2.1.91)defaultMode (Phase 6b). Writes only with apply_ide_override=true AND user consent.Version: 1.7.0 Last Updated: 2026-04-07