You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Status: needs careful design — NOT in scope for now. This captures the problem and a recommended direction. The interaction model for guiding non-technical users without building a full wizard is the hard part and must be designed deliberately before any implementation. Tagged needs-refinement, no milestone.
Persona
A non-technical project/program manager — comfortable with PM work, not comfortable in a terminal (think: a program manager in her 60s). She wants to scaffold a project-management or claude-cowork workspace and may want to wire a tracker MCP (Azure DevOps, GitHub, or Jira) so her agent can read/write work items. She is the target user for the doc-collab flavors, and she is exactly the user most likely to hit a dead-end at the credential step.
Important context about the doc-collab flavors (shapes the whole design)
The project-management and claude-cowork flavors are not like the code flavors:
No .devcontainer and no assumption of a git repo. They scaffold a folder structure and some .md files.
They will most likely live in a regular folder or a shared folder (e.g. OneDrive), not a cloned repo.
The actual work in these workspaces centers on .md, .docx, .xlsx, .pptx, .txt files — documents, not source code.
This matters because the existing credential guidance (env vars, .gitignore, "restart your MCP client") implicitly assumes a developer in a shell, in a git repo, possibly in a container. None of those hold here.
What she sees today — the four dead-ends
The secure-token plumbing from #17 is correct and unchanged (${env:VAR} references in .mcp.json, gitignored secret file, gh auth reuse). The gap is purely that the guidance assumes a shell-fluent reader. Concretely, running the scaffold + add-tracker leaves her at four walls:
Token/scope creation. She's told she needs a PAT / API token but not where to create it or which scopes to select.
Giving the token to the tool. Setting a persistent environment variable assumes shell knowledge she doesn't have.
"Restart your MCP client." Jargon with no concrete steps.
Silent wrong-scope failure. A missing/under-scoped token isn't caught at setup; it surfaces later as a raw Requires authentication — the worst dead-end, because it's far from the cause.
Recommended direction (smallest dead-end-free path — no full wizard)
A set-credential subcommand scoped to the doc-collab flavors, layering four UX moves on the existing #17 plumbing:
Scope-preset deep links. Open (or print) the exact GitHub/ADO/Jira token-creation URL with the right scopes pre-selected, so she doesn't have to navigate provider settings.
Write the credential for her, into the gitignored secret file — rather than telling her to export a shell variable. (See open question on the delivery mechanism below — this is the load-bearing uncertainty.)
Validate before proceeding. Make a cheap test API call at setup time so she learns the token works now, with a plain-language result, instead of discovering a bad token three steps later.
Reuse gh auth when already authenticated, so GitHub needs no manually-created token at all.
Plain-language errors throughout ("that token doesn't have permission to read work items — here's how to fix it" rather than Requires authentication).
Deliberately not a wizard. Per the #22 "no full interactive wizard" lean, this stays a single guided primitive. If PMs still stall after this ships, an interactive TTY flow can be added later as a thin wrapper over the same set-credential primitive — not a separate code path.
Open questions (must be settled in the careful-design pass)
Credential delivery mechanism — load-bearing. With no devcontainer and possibly no git repo, how does the credential actually reach the MCP client at launch? ${env:VAR} requires the var to be in the MCP client's environment. Does writing a secret/.env file in the workspace actually get sourced by the MCP client for these flavors, or does the variable need to be set at the OS/user level? If a workspace file isn't sourced, "write it for her" doesn't wire anything up. Verify how each MCP client (Claude Code / Codex) picks up the var in a no-container, non-shell context before committing to a mechanism.
Cross-platform reality. This persona is plausibly on Windows with the workspace in OneDrive. Deep-link opening, secret-file location, and how the env var is set all differ from the macOS/Linux dev case. The design must be correct on Windows, not just POSIX.
The interaction model without a wizard. How much hand-holding is "guided" vs. "a wizard"? Where exactly is the line? This is the careful-design question the maintainer flagged.
Per-tracker instruction maintenance. Deep links and scope presets for GitHub/ADO/Jira are external surfaces that drift; who maintains them and how do we avoid stale links.
Naming/shape: a set-credential subcommand vs. folding into add-tracker's flow.
Bloat to resist
A GUI / desktop app entry point (rejected — against the small-and-simple ethos; out of scope).
A full multi-screen interactive wizard (defer; only a thin TTY wrapper later if needed).
Provisional acceptance criteria (pending the design pass)
A non-technical user can go from "I have no token" to "my agent can read/write work items" without editing .mcp.json by hand or knowing shell commands.
The flow links to the exact token-creation page with correct scopes per tracker.
The token is validated with a real call before the flow reports success; failures explain the cause in plain language.
Existing gh auth is detected and reused (no manual token for GitHub in that case).
Works on Windows with a workspace in a shared folder (OneDrive), not just POSIX/git-repo setups.
No full wizard; the guided primitive is the surface.
Persona
A non-technical project/program manager — comfortable with PM work, not comfortable in a terminal (think: a program manager in her 60s). She wants to scaffold a project-management or claude-cowork workspace and may want to wire a tracker MCP (Azure DevOps, GitHub, or Jira) so her agent can read/write work items. She is the target user for the doc-collab flavors, and she is exactly the user most likely to hit a dead-end at the credential step.
Important context about the doc-collab flavors (shapes the whole design)
The
project-managementandclaude-coworkflavors are not like the code flavors:.devcontainerand no assumption of a git repo. They scaffold a folder structure and some.mdfiles..md,.docx,.xlsx,.pptx,.txtfiles — documents, not source code.This matters because the existing credential guidance (env vars,
.gitignore, "restart your MCP client") implicitly assumes a developer in a shell, in a git repo, possibly in a container. None of those hold here.What she sees today — the four dead-ends
The secure-token plumbing from #17 is correct and unchanged (
${env:VAR}references in.mcp.json, gitignored secret file,gh authreuse). The gap is purely that the guidance assumes a shell-fluent reader. Concretely, running the scaffold +add-trackerleaves her at four walls:Requires authentication— the worst dead-end, because it's far from the cause.Recommended direction (smallest dead-end-free path — no full wizard)
A
set-credentialsubcommand scoped to the doc-collab flavors, layering four UX moves on the existing #17 plumbing:gh authwhen already authenticated, so GitHub needs no manually-created token at all.Plain-language errors throughout ("that token doesn't have permission to read work items — here's how to fix it" rather than
Requires authentication).Deliberately not a wizard. Per the #22 "no full interactive wizard" lean, this stays a single guided primitive. If PMs still stall after this ships, an interactive TTY flow can be added later as a thin wrapper over the same
set-credentialprimitive — not a separate code path.Open questions (must be settled in the careful-design pass)
${env:VAR}requires the var to be in the MCP client's environment. Does writing a secret/.envfile in the workspace actually get sourced by the MCP client for these flavors, or does the variable need to be set at the OS/user level? If a workspace file isn't sourced, "write it for her" doesn't wire anything up. Verify how each MCP client (Claude Code / Codex) picks up the var in a no-container, non-shell context before committing to a mechanism.set-credentialsubcommand vs. folding intoadd-tracker's flow.Bloat to resist
Provisional acceptance criteria (pending the design pass)
.mcp.jsonby hand or knowing shell commands.gh authis detected and reused (no manual token for GitHub in that case).Related