Skip to content

feat(cli): guided credential setup for non-technical users (tracker MCP on doc-collab flavors) #67

Description

@Lillevang

Status: needs careful design — NOT in scope for now. This captures the problem and a recommended direction. The interaction model for guiding non-technical users without building a full wizard is the hard part and must be designed deliberately before any implementation. Tagged needs-refinement, no milestone.

Persona

A non-technical project/program manager — comfortable with PM work, not comfortable in a terminal (think: a program manager in her 60s). She wants to scaffold a project-management or claude-cowork workspace and may want to wire a tracker MCP (Azure DevOps, GitHub, or Jira) so her agent can read/write work items. She is the target user for the doc-collab flavors, and she is exactly the user most likely to hit a dead-end at the credential step.

Important context about the doc-collab flavors (shapes the whole design)

The project-management and claude-cowork flavors are not like the code flavors:

  • No .devcontainer and no assumption of a git repo. They scaffold a folder structure and some .md files.
  • They will most likely live in a regular folder or a shared folder (e.g. OneDrive), not a cloned repo.
  • The actual work in these workspaces centers on .md, .docx, .xlsx, .pptx, .txt files — documents, not source code.

This matters because the existing credential guidance (env vars, .gitignore, "restart your MCP client") implicitly assumes a developer in a shell, in a git repo, possibly in a container. None of those hold here.

What she sees today — the four dead-ends

The secure-token plumbing from #17 is correct and unchanged (${env:VAR} references in .mcp.json, gitignored secret file, gh auth reuse). The gap is purely that the guidance assumes a shell-fluent reader. Concretely, running the scaffold + add-tracker leaves her at four walls:

  1. Token/scope creation. She's told she needs a PAT / API token but not where to create it or which scopes to select.
  2. Giving the token to the tool. Setting a persistent environment variable assumes shell knowledge she doesn't have.
  3. "Restart your MCP client." Jargon with no concrete steps.
  4. Silent wrong-scope failure. A missing/under-scoped token isn't caught at setup; it surfaces later as a raw Requires authentication — the worst dead-end, because it's far from the cause.

Recommended direction (smallest dead-end-free path — no full wizard)

A set-credential subcommand scoped to the doc-collab flavors, layering four UX moves on the existing #17 plumbing:

  • Scope-preset deep links. Open (or print) the exact GitHub/ADO/Jira token-creation URL with the right scopes pre-selected, so she doesn't have to navigate provider settings.
  • Write the credential for her, into the gitignored secret file — rather than telling her to export a shell variable. (See open question on the delivery mechanism below — this is the load-bearing uncertainty.)
  • Validate before proceeding. Make a cheap test API call at setup time so she learns the token works now, with a plain-language result, instead of discovering a bad token three steps later.
  • Reuse gh auth when already authenticated, so GitHub needs no manually-created token at all.

Plain-language errors throughout ("that token doesn't have permission to read work items — here's how to fix it" rather than Requires authentication).

Deliberately not a wizard. Per the #22 "no full interactive wizard" lean, this stays a single guided primitive. If PMs still stall after this ships, an interactive TTY flow can be added later as a thin wrapper over the same set-credential primitive — not a separate code path.

Open questions (must be settled in the careful-design pass)

  1. Credential delivery mechanism — load-bearing. With no devcontainer and possibly no git repo, how does the credential actually reach the MCP client at launch? ${env:VAR} requires the var to be in the MCP client's environment. Does writing a secret/.env file in the workspace actually get sourced by the MCP client for these flavors, or does the variable need to be set at the OS/user level? If a workspace file isn't sourced, "write it for her" doesn't wire anything up. Verify how each MCP client (Claude Code / Codex) picks up the var in a no-container, non-shell context before committing to a mechanism.
  2. Cross-platform reality. This persona is plausibly on Windows with the workspace in OneDrive. Deep-link opening, secret-file location, and how the env var is set all differ from the macOS/Linux dev case. The design must be correct on Windows, not just POSIX.
  3. The interaction model without a wizard. How much hand-holding is "guided" vs. "a wizard"? Where exactly is the line? This is the careful-design question the maintainer flagged.
  4. Per-tracker instruction maintenance. Deep links and scope presets for GitHub/ADO/Jira are external surfaces that drift; who maintains them and how do we avoid stale links.
  5. Naming/shape: a set-credential subcommand vs. folding into add-tracker's flow.

Bloat to resist

  • A GUI / desktop app entry point (rejected — against the small-and-simple ethos; out of scope).
  • A full multi-screen interactive wizard (defer; only a thin TTY wrapper later if needed).
  • Storing secrets anywhere new or bespoke — reuse the PM flavor: secure token/secret management for MCP trackers #17 mechanism, don't invent a vault.

Provisional acceptance criteria (pending the design pass)

  • A non-technical user can go from "I have no token" to "my agent can read/write work items" without editing .mcp.json by hand or knowing shell commands.
  • The flow links to the exact token-creation page with correct scopes per tracker.
  • The token is validated with a real call before the flow reports success; failures explain the cause in plain language.
  • Existing gh auth is detected and reused (no manual token for GitHub in that case).
  • Works on Windows with a workspace in a shared folder (OneDrive), not just POSIX/git-repo setups.
  • No full wizard; the guided primitive is the surface.

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:bootstrapInit/bootstrap flow and onboarding UXarea:cliCLI surface, flags, help outputarea:trackersTracker MCP integrations (GitHub/ADO/Jira)enhancementNew feature or requestneeds-refinementDesign/feature needs further technical refinement before implementation

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions