@codemcp/ade 0.3.0 → 0.5.0

package/.beads/issues.jsonl

@@ -56,3 +56,7 @@
 {"id":"ade-4.3","title":"Fix","description":"Implement the solution based on your analysis:  - If  exists: Follow the design from it - Otherwise: Elaborate design options and present them to the user  Before implementing, assess the approach: - How critical is this system? What is the blast radius if the fix causes issues? - Should this be a minimal fix or a more comprehensive solution?  Make targeted changes that address the root cause without introducing new issues. Be careful to maintain existing functionality while fixing the bug.","status":"open","priority":3,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T10:33:07.076548+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T10:33:07.076548+01:00","dependencies":[{"issue_id":"ade-4.3","depends_on_id":"ade-4","type":"parent-child","created_at":"0001-01-01T00:00:00Z"},{"issue_id":"ade-4.3","depends_on_id":"ade-4.2","type":"blocks","created_at":"0001-01-01T00:00:00Z"}]}
 {"id":"ade-4.4","title":"Verify","description":"Test the fix thoroughly to ensure the original bug is resolved and no new issues were introduced. Run existing tests, create new ones if needed, and verify the solution is robust.","status":"open","priority":3,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T10:33:07.222264+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T10:33:07.222264+01:00","dependencies":[{"issue_id":"ade-4.4","depends_on_id":"ade-4","type":"parent-child","created_at":"0001-01-01T00:00:00Z"},{"issue_id":"ade-4.4","depends_on_id":"ade-4.3","type":"blocks","created_at":"0001-01-01T00:00:00Z"}]}
 {"id":"ade-4.5","title":"Finalize","description":"Ensure code quality and documentation accuracy through systematic cleanup and review.  **STEP 1: Code Cleanup** Systematically clean up development artifacts: - Remove all temporary debug output statements used during bug investigation (console logging, print statements, debug output functions) - Address each TODO/FIXME comment by either implementing the solution or documenting why it's deferred - Remove completed TODOs and convert remaining ones to proper issue tracking if needed - Remove temporary debugging code, test code blocks, and commented-out code - Ensure proper error handling replaces temporary debug logging  **STEP 2: Documentation Review** Review and update documentation to reflect the bug fix: - If  exists, update it if design details were refined or changed during the fix - Compare documentation against the actual bug fix implementation - Update only the documentation sections that have functional changes - Remove references to investigation iterations, progress notes, and temporary decisions - Ensure documentation describes the final fixed state, not the debugging process - Ask the user to review document updates  **STEP 3: Final Validation** - Run existing tests to ensure cleanup didn't break functionality - Verify documentation accuracy with a final review - Ensure bug fix is ready for production - Update task progress and mark completed work as you finalize the bug fix","status":"open","priority":3,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T10:33:07.356694+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T10:33:07.356694+01:00","dependencies":[{"issue_id":"ade-4.5","depends_on_id":"ade-4","type":"parent-child","created_at":"0001-01-01T00:00:00Z"},{"issue_id":"ade-4.5","depends_on_id":"ade-4.4","type":"blocks","created_at":"0001-01-01T00:00:00Z"}]}
+{"id":"ade-5","title":"ade: minor (development-plan-better-in-cli-explanation.md)","description":"Responsible vibe engineering session using minor workflow for ade","status":"open","priority":2,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T11:33:13.313751+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T11:33:13.313751+01:00"}
+{"id":"ade-5.1","title":"Explore","description":"Understand the problem, analyze existing patterns, and design your approach. Consider the scope and impact of the change. **STEP 1: Analyze Requirements** - If  exists: Use it to understand the required changes - Otherwise: Document requirements in your task management system **STEP 2: Review Design Approach** - If  exists: Respect the design approach documented in  - Otherwise: Design your approach based on the problem analysis **STEP 3: Document Decisions** - Document your analysis and design decisions - Create tasks to guide implementation - Focus on analysis and design only - do not write any code yet","status":"open","priority":3,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T11:33:13.459272+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T11:33:13.459272+01:00","dependencies":[{"issue_id":"ade-5.1","depends_on_id":"ade-5","type":"parent-child","created_at":"0001-01-01T00:00:00Z"}]}
+{"id":"ade-5.2","title":"Implement","description":"Write clean, focused code for the minor enhancement, test your changes, and prepare for commit. **STEP 1: Review Design and Requirements** - If  exists: Follow your design from  - Otherwise: Elaborate design options and present them to the user - If  exists: Ensure the relevant requirements from  are met - Otherwise: Ensure existing requirements are met based on your task context **STEP 2: Implement Changes** - Write clean, focused code for the minor enhancement - Test your changes to ensure they work correctly and don't break existing functionality **STEP 3: Prepare for Finalization** - Update task progress as needed - Prepare documentation and commit when ready","status":"open","priority":3,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T11:33:13.597501+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T11:33:13.597501+01:00","dependencies":[{"issue_id":"ade-5.2","depends_on_id":"ade-5","type":"parent-child","created_at":"0001-01-01T00:00:00Z"},{"issue_id":"ade-5.2","depends_on_id":"ade-5.1","type":"blocks","created_at":"0001-01-01T00:00:00Z"}]}
+{"id":"ade-5.3","title":"Finalize","description":"Ensure code quality and documentation accuracy through systematic cleanup and review. **STEP 1: Code Cleanup** Systematically clean up development artifacts: - **Remove Debug Output**: Search for and remove all temporary debug output statements used during development.   Look for language-specific debug output methods (console logging, print statements, debug output functions).   Remove any debugging statements that were added for development purposes.  - **Review TODO/FIXME Comments**:   - Address each TODO/FIXME comment by either implementing the solution or documenting why it's deferred   - Remove completed TODOs   - Convert remaining TODOs to proper issue tracking if needed  - **Remove Debugging Code Blocks**:   - Remove temporary debugging code, test code blocks, and commented-out code   - Clean up any experimental code that's no longer needed   - Ensure proper error handling replaces temporary debug logging  **STEP 2: Documentation Review** Review and update documentation to reflect final implementation: - **Update Long-Term Memory Documents**: Based on what was actually implemented:   - If  exists: Update  if requirements changed during development   - If  exists: Update  if design details were refined or changed - **Compare Against Implementation**: Review documentation against actual implemented functionality - **Update Changed Sections**: Only modify documentation sections that have functional changes - **Remove Development Progress**: Remove references to development iterations, progress notes, and temporary decisions - **Focus on Final State**: Ensure documentation describes the final implemented state, not the development process - **Ask User to Review Document Updates** **STEP 3: Final Validation** - Run existing tests to ensure cleanup didn't break functionality - Verify documentation accuracy with a final review - Ensure minor enhancement is ready for delivery - Update task progress and mark completed work as you finalize the minor enhancement","status":"open","priority":3,"issue_type":"task","owner":"github@beimir.net","created_at":"2026-03-19T11:33:13.733496+01:00","created_by":"Oliver Jägle","updated_at":"2026-03-19T11:33:13.733496+01:00","dependencies":[{"issue_id":"ade-5.3","depends_on_id":"ade-5","type":"parent-child","created_at":"0001-01-01T00:00:00Z"},{"issue_id":"ade-5.3","depends_on_id":"ade-5.2","type":"blocks","created_at":"0001-01-01T00:00:00Z"}]}

package/.beads/last-touched

@@ -1 +1 @@
-ade-4.5
+ade-5.3

package/.vibe/beads-state-ade-better-in-cli-explanation-b8jcv3.json

@@ -0,0 +1,24 @@
+{
+  "conversationId": "ade-better-in-cli-explanation-b8jcv3",
+  "projectPath": "/Users/oliverjaegle/projects/privat/codemcp/ade",
+  "epicId": "ade-5",
+  "phaseTasks": [
+    {
+      "phaseId": "explore",
+      "phaseName": "Explore",
+      "taskId": "ade-5.1"
+    },
+    {
+      "phaseId": "implement",
+      "phaseName": "Implement",
+      "taskId": "ade-5.2"
+    },
+    {
+      "phaseId": "finalize",
+      "phaseName": "Finalize",
+      "taskId": "ade-5.3"
+    }
+  ],
+  "createdAt": "2026-03-19T10:33:13.963Z",
+  "updatedAt": "2026-03-19T10:33:13.963Z"
+}

package/.vibe/development-plan-better-in-cli-explanation.md

@@ -0,0 +1,64 @@
+# Development Plan: ade (better-in-cli-explanation branch)
+
+*Generated on 2026-03-19 by Vibe Feature MCP*
+*Workflow: [minor](https://mrsimpson.github.io/responsible-vibe-mcp/workflows/minor)*
+
+## Goal
+Improve user guidance in the ADE CLI — add contextual introductory text to help users understand what ADE is and what each setup facet (Process, Architecture, Practices, Autonomy, Backpressure, Harnesses, Docsets) means before they make a selection.
+
+## Explore
+<!-- beads-phase-id: ade-5.1 -->
+### Tasks
+- [x] Read and understand current CLI structure (index.ts, setup.ts, install.ts)
+- [x] Read all facet definitions (process, architecture, practices, autonomy, backpressure)
+- [x] Identify all prompts where contextual guidance is missing
+
+### Findings
+- The setup command starts with `clack.intro("ade setup")` — no explanation of what ADE is or what the wizard will do
+- Facet prompts show only `facet.label` as the message — no educational context about what the facet means
+- The harness prompt says "which coding agents should receive config?" — helpful but no context on what harnesses are
+- The docset prompt says "deselect any you don't need" — no explanation of what docsets are used for
+- The skill install confirm says only "Install N skill(s) now?" — no context on what skills are
+- `index.ts` help text is minimal — no explanation of ADE's purpose
+
+### Phase Entrance Criteria for Implement:
+- [x] All touchpoints where user guidance is missing have been identified
+- [x] Content approach is clear (what to say at each step)
+- [x] No ambiguity about scope (we're adding text/hints, not redesigning prompts)
+
+## Implement
+<!-- beads-phase-id: ade-5.2 -->
+
+### Phase Entrance Criteria:
+- [x] Explore phase findings are complete
+- [x] All identified touchpoints for improvement are listed
+- [x] Scope is clearly defined: text additions only, no structural changes
+
+### Tasks
+*Tasks managed via `bd` CLI*
+
+## Finalize
+<!-- beads-phase-id: ade-5.3 -->
+
+### Phase Entrance Criteria:
+- [x] All identified touchpoints have been addressed with guidance text
+- [x] Code compiles without errors
+- [x] Changes look correct and consistent in tone
+
+### Tasks
+- [ ] Squash WIP commits: `git reset --soft <first commit of this branch>`. Then, create a conventional commit. In the message, first summarize the intentions and key decisions from the development plan. Then, add a brief summary of the key changes and their side effects and dependencies
+
+*Tasks managed via `bd` CLI*
+
+## Key Decisions
+- Used `clack.note()` for the ADE intro (boxed, titled) to make it stand out as orientation content vs. action prompts
+- Used `clack.log.info()` before each facet/section prompt — lightweight, doesn't interrupt the flow, provides context without being intrusive
+- Facet descriptions from the catalog data model are reused directly (they were already well-written) rather than duplicated elsewhere
+- Harness guidance explicitly calls out the 'universal' option since it's the most common default and its purpose isn't obvious from the name alone
+- Skill install context placed immediately before the confirm prompt so it reads naturally in sequence
+
+## Notes
+*Additional context and observations*
+
+---
+*This plan is maintained by the LLM and uses beads CLI for task management. Tool responses provide guidance on which bd commands to use for task management.*

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codemcp/ade",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "ADE CLI — Agentic Development Environment setup and configuration tool",
   "license": "MIT",
   "keywords": [

package/packages/cli/dist/index.js

@@ -11697,6 +11697,25 @@ ${t("cyan", x2)}
     }
   } }).prompt();
 };
+var jt = (e) => t("dim", e);
+var kt2 = (e, r2, s) => {
+  const i = { hard: true, trim: false }, a = J2(e, r2, i).split(`
+`), o2 = a.reduce((n, c) => Math.max(D2(c), n), 0), u2 = a.map(s).reduce((n, c) => Math.max(D2(c), n), 0), l = r2 - (u2 - o2);
+  return J2(e, l, i);
+};
+var Vt2 = (e = "", r2 = "", s) => {
+  const i = s?.output ?? N2.stdout, a = s?.withGuide ?? _.withGuide, o2 = s?.format ?? jt, u2 = ["", ...kt2(e, rt(i) - 6, o2).split(`
+`).map(o2), ""], l = D2(r2), n = Math.max(u2.reduce((g2, E) => {
+    const $2 = D2(E);
+    return $2 > g2 ? $2 : g2;
+  }, 0), l) + 2, c = u2.map((g2) => `${t("gray", h)}  ${g2}${" ".repeat(n - D2(g2))}${t("gray", h)}`).join(`
+`), p2 = a ? `${t("gray", h)}
+` : "", f = a ? We : ge;
+  i.write(`${p2}${t("green", V)}  ${t("reset", r2)} ${t("gray", se.repeat(Math.max(n - l - 1, 1)) + pe)}
+${c}
+${t("gray", f + se.repeat(n + 2) + me)}
+`);
+};
 var ze = { light: I2("\u2500", "-"), heavy: I2("\u2501", "="), block: I2("\u2588", "#") };
 var oe = (e, r2) => e.includes(`
 `) ? e.split(`
@@ -11786,14 +11805,34 @@ var instructionWriter = {
 var workflowsWriter = {
   id: "workflows",
   async write(config) {
-    const { package: pkg, ref, env: env2 } = config;
+    const { package: pkg, ref, env: env2, allowedTools } = config;
     return {
       mcp_servers: [
         {
           ref: ref ?? pkg,
           command: "npx",
           args: [pkg],
-          env: env2 ?? {}
+          env: env2 ?? {},
+          ...allowedTools !== void 0 ? { allowedTools } : {}
+        }
+      ]
+    };
+  }
+};
+
+// ../core/dist/writers/mcp-server.js
+var mcpServerWriter = {
+  id: "mcp-server",
+  async write(config) {
+    const { ref, command: command2, args: args2, env: env2, allowedTools } = config;
+    return {
+      mcp_servers: [
+        {
+          ref,
+          command: command2,
+          args: args2,
+          env: env2 ?? {},
+          ...allowedTools !== void 0 ? { allowedTools } : {}
         }
       ]
     };
@@ -11863,12 +11902,13 @@ function createDefaultRegistry() {
   const registry2 = createRegistry();
   registerProvisionWriter(registry2, instructionWriter);
   registerProvisionWriter(registry2, workflowsWriter);
+  registerProvisionWriter(registry2, mcpServerWriter);
   registerProvisionWriter(registry2, skillsWriter);
   registerProvisionWriter(registry2, knowledgeWriter);
   registerProvisionWriter(registry2, gitHooksWriter);
   registerProvisionWriter(registry2, setupNoteWriter);
   registerProvisionWriter(registry2, permissionPolicyWriter);
-  for (const id of ["mcp-server", "installable"]) {
+  for (const id of ["installable"]) {
     registerProvisionWriter(registry2, {
       id,
       write: async () => ({})
@@ -11881,7 +11921,7 @@ function createDefaultRegistry() {
 var processFacet = {
   id: "process",
   label: "Process",
-  description: "How your AI agent receives and executes tasks",
+  description: "How will you guide your agent",
   required: true,
   options: [
     {
@@ -11893,7 +11933,16 @@ var processFacet = {
           writer: "workflows",
           config: {
             package: "@codemcp/workflows-server@latest",
-            ref: "workflows"
+            ref: "workflows",
+            env: {
+              VIBE_WORKFLOW_DOMAINS: "skilled"
+            },
+            allowedTools: [
+              "whats_next",
+              "conduct_review",
+              "list_workflows",
+              "get_tool_info"
+            ]
           }
         },
         {
@@ -12356,7 +12405,7 @@ var architectureFacet = {
 var practicesFacet = {
   id: "practices",
   label: "Practices",
-  description: "Composable development practices \u2014 mix and match regardless of stack",
+  description: "Development practices \u2014 mix and match regardless of stack",
   required: false,
   multiSelect: true,
   options: [
@@ -12588,7 +12637,7 @@ var JAVA_UNIT_TEST_RECIPE = [
 var backpressureFacet = {
   id: "backpressure",
   label: "Backpressure",
-  description: "Install git hooks that enforce quality gates \u2014 silent on success, surface only relevant failures",
+  description: "Which automated quality gates to put in place. Translates to git hooks",
   required: false,
   multiSelect: true,
   dependsOn: ["architecture"],
@@ -12647,31 +12696,31 @@ var autonomyFacet = {
   multiSelect: false,
   options: [
     {
-      id: "rigid",
-      label: "Rigid",
-      description: "Keep built-in capabilities approval-gated and require confirmation before acting",
+      id: "sensible-defaults",
+      label: "Sensible defaults",
+      description: "Allow a curated built-in capabilities set while keeping potentially risky actions approval-gated",
       recipe: [
         {
           writer: "permission-policy",
-          config: { profile: "rigid" }
+          config: { profile: "sensible-defaults" }
         }
       ]
     },
     {
-      id: "sensible-defaults",
-      label: "Sensible defaults",
-      description: "Allow a curated low-risk built-in capability set while keeping web access approval-gated",
+      id: "rigid",
+      label: "Rigid",
+      description: "Keep built-in capabilities approval-gated and require confirmation before acting",
       recipe: [
         {
           writer: "permission-policy",
-          config: { profile: "sensible-defaults" }
+          config: { profile: "rigid" }
         }
       ]
     },
     {
       id: "max-autonomy",
       label: "Max autonomy",
-      description: "Allow broad local built-in autonomy while keeping web access approval-gated",
+      description: "Allow broad local built-in autonomy. Recommended for sandboxed environments only",
       recipe: [
         {
           writer: "permission-policy",
@@ -22276,13 +22325,7 @@ function getBuiltInTools(profile) {
   }
 }
 function getForwardedMcpTools(servers) {
-  return servers.flatMap((server) => {
-    const allowedTools = server.allowedTools ?? ["*"];
-    if (allowedTools.includes("*")) {
-      return [`${server.ref}/*`];
-    }
-    return allowedTools.map((tool) => `${server.ref}/${tool}`);
-  });
+  return servers.map((server) => `${server.ref}/*`);
 }
 function renderCopilotAgentMcpServers(servers) {
   if (servers.length === 0) {
@@ -22294,7 +22337,7 @@ function renderCopilotAgentMcpServers(servers) {
     lines.push("    type: stdio");
     lines.push(`    command: ${JSON.stringify(server.command)}`);
     lines.push(`    args: ${JSON.stringify(server.args)}`);
-    lines.push(`    tools: ${JSON.stringify(server.allowedTools ?? ["*"])}`);
+    lines.push(`    tools: ${JSON.stringify(["*"])}`);
     if (Object.keys(server.env).length > 0) {
       lines.push("    env:");
       for (const [key, value] of Object.entries(server.env)) {
@@ -22441,20 +22484,21 @@ var kiroWriter = {
       })
     });
     const tools = getKiroTools(getAutonomyProfile(config), config.mcp_servers);
+    const allowedTools = getKiroAllowedTools(getAutonomyProfile(config), config.mcp_servers);
     await writeJson(join17(projectRoot, ".kiro", "agents", "ade.json"), {
       name: "ade",
       description: "ADE \u2014 Agentic Development Environment agent with project conventions and tools.",
       prompt: config.instructions.join("\n\n") || "ADE \u2014 Agentic Development Environment agent.",
       mcpServers: getKiroAgentMcpServers(config.mcp_servers),
       tools,
-      allowedTools: tools,
+      allowedTools,
       useLegacyMcpJson: true
     });
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
 function getKiroTools(profile, servers) {
-  const mcpTools = getKiroForwardedMcpTools(servers);
+  const mcpTools = servers.map((server) => `@${server.ref}/*`);
   switch (profile) {
     case "rigid":
       return ["read", "shell", "spec", ...mcpTools];
@@ -22466,14 +22510,24 @@ function getKiroTools(profile, servers) {
       return ["read", "write", "shell", "spec", ...mcpTools];
   }
 }
-function getKiroForwardedMcpTools(servers) {
-  return servers.flatMap((server) => {
+function getKiroAllowedTools(profile, servers) {
+  const mcpAllowedTools = servers.flatMap((server) => {
     const allowedTools = server.allowedTools ?? ["*"];
     if (allowedTools.includes("*")) {
       return [`@${server.ref}/*`];
     }
     return allowedTools.map((tool) => `@${server.ref}/${tool}`);
   });
+  switch (profile) {
+    case "rigid":
+      return ["read", "shell", "spec", ...mcpAllowedTools];
+    case "sensible-defaults":
+      return ["read", "write", "shell", "spec", ...mcpAllowedTools];
+    case "max-autonomy":
+      return ["read", "write", "shell(*)", "spec", ...mcpAllowedTools];
+    default:
+      return ["read", "write", "shell", "spec", ...mcpAllowedTools];
+  }
 }
 function getKiroAgentMcpServers(servers) {
   return Object.fromEntries(servers.map((server) => [
@@ -22611,6 +22665,19 @@ var MAX_AUTONOMY_RULES = {
   codesearch: "ask",
   doom_loop: "deny"
 };
+function getMcpPermissions(servers) {
+  const entries = servers.flatMap((server) => {
+    const allowedTools = server.allowedTools ?? ["*"];
+    if (allowedTools.includes("*")) {
+      return [[`${server.ref}*`, "allow"]];
+    }
+    return [
+      [`${server.ref}*`, "ask"],
+      ...allowedTools.map((tool) => [`${server.ref}_${tool}`, "allow"])
+    ];
+  });
+  return entries.length > 0 ? Object.fromEntries(entries) : void 0;
+}
 function getPermissionRules(profile) {
   switch (profile) {
     case "rigid":
@@ -22639,9 +22706,11 @@ var opencodeWriter = {
       defaults: { $schema: "https://opencode.ai/config.json" }
     });
     const permission = getPermissionRules(getAutonomyProfile(config));
+    const mcpPermissions = getMcpPermissions(config.mcp_servers);
+    const mergedPermission = permission || mcpPermissions ? { ...mcpPermissions ?? {}, ...permission ?? {} } : void 0;
     await writeAgentMd(config, {
       path: join18(projectRoot, ".opencode", "agents", "ade.md"),
-      extraFrontmatter: permission ? renderYamlMapping("permission", permission) : void 0,
+      extraFrontmatter: mergedPermission ? renderYamlMapping("permission", mergedPermission) : void 0,
       fallbackBody: "ADE \u2014 Agentic Development Environment agent with project conventions and tools."
     });
     await writeGitHooks(config.git_hooks, projectRoot);
@@ -22681,7 +22750,35 @@ function getHarnessIds() {
 
 // src/commands/setup.ts
 async function runSetup(projectRoot, catalog) {
-  Wt2("ade setup");
+  let lineIndex = 0;
+  const LOGO_LINES = [
+    "\n",
+    " \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557    \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 ",
+    "\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D    \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255D\u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557",
+    "\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2557      \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2557     \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D",
+    "\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u255D      \u255A\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u255D     \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u255D ",
+    "\u2588\u2588\u2551  \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557    \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557   \u2588\u2588\u2551   \u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2551     ",
+    "\u255A\u2550\u255D  \u255A\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D    \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D   \u255A\u2550\u255D    \u255A\u2550\u2550\u2550\u2550\u2550\u255D \u255A\u2550\u255D     ",
+    "\n"
+  ];
+  for (const line of LOGO_LINES) {
+    lineIndex++;
+    if (lineIndex === 1) {
+      Wt2(line);
+    } else {
+      console.log(`\u2502  ${line}`);
+    }
+  }
+  Vt2(
+    [
+      "You're about to define how your team works with coding agents.",
+      "",
+      "Pick your facets \u2014 architecture, practices, process \u2014 and ADE",
+      "translates them into a shared information hierarchy your agents",
+      "read from the repo. One setup, consistent across the whole team."
+    ].join("\n"),
+    "ADE \u2014 Agentic Development Environment"
+  );
   const existingConfig = await readUserConfig(projectRoot);
   const existingChoices = existingConfig?.choices ?? {};
   for (const [facetId, value] of Object.entries(existingChoices)) {
@@ -22726,7 +22823,7 @@ async function runSetup(projectRoot, catalog) {
   let excludedDocsets;
   if (impliedDocsets.length > 0) {
     const selected = await Lt2({
-      message: "Documentation \u2014 deselect any you don't need",
+      message: "Documentation sources \u2014 Those will be pulled to your local disk for browsing on demand",
       options: impliedDocsets.map((d3) => ({
         value: d3.id,
         label: d3.label,
@@ -22755,7 +22852,7 @@ async function runSetup(projectRoot, catalog) {
     (h3) => allHarnessWriters.some((w2) => w2.id === h3)
   );
   const selectedHarnesses = await Lt2({
-    message: "Harnesses \u2014 which coding agents should receive config?",
+    message: "Which coding agents should receive config?\nADE generates config files for each agent you select.\n",
     options: harnessOptions,
     initialValues: validExistingHarnesses && validExistingHarnesses.length > 0 ? validExistingHarnesses : ["universal"],
     required: false
@@ -22797,8 +22894,12 @@ To use the latest defaults, remove .ade/skills/ and re-run setup.`
     );
   }
   if (logicalConfig.skills.length > 0) {
+    const skillNames = logicalConfig.skills.map((s) => `  \u2022 ${s.name}`).join("\n");
     const confirmInstall = await Rt({
-      message: `Install ${logicalConfig.skills.length} skill(s) now?`,
+      message: `Install ${logicalConfig.skills.length} skill(s) now?
+` + skillNames + `
+You can also install them later with:
+  npx @codemcp/skills experimental_install`,
       initialValue: true
     });
     if (typeof confirmInstall === "symbol") {
@@ -22845,7 +22946,7 @@ function promptSelect(facet, existingChoices) {
   }
   const initialValue = getValidInitialValue(facet, existingChoices);
   return Jt({
-    message: facet.label,
+    message: `${facet.label} \u2014 ${facet.description}`,
     options: options2,
     ...initialValue !== void 0 && { initialValue }
   });
@@ -22858,7 +22959,7 @@ function promptMultiSelect(facet, existingChoices) {
   }));
   const initialValues = getValidInitialValues(facet, existingChoices);
   return Lt2({
-    message: facet.label,
+    message: `${facet.label} \u2014 ${facet.description}`,
     options: options2,
     required: false,
     ...initialValues !== void 0 && { initialValues }
@@ -22943,7 +23044,14 @@ if (command === "setup") {
   console.log(version);
 } else {
   const allIds = getHarnessIds();
-  console.log(`ade v${version}`);
+  console.log(`ade v${version} \u2014 Agentic Development Environment`);
+  console.log();
+  console.log(
+    "Define how your team works with coding agents \u2014 pick your facets,"
+  );
+  console.log(
+    "ADE translates them into a shared information hierarchy in your repo."
+  );
   console.log();
   console.log("Usage: ade <command> [options]");
   console.log();

package/packages/cli/package.json

@@ -39,5 +39,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.3.0"
+  "version": "0.5.0"
 }

package/packages/cli/src/commands/conventions.integration.spec.ts

@@ -6,6 +6,7 @@ import { join } from "node:path";
 vi.mock("@clack/prompts", () => ({
   intro: vi.fn(),
   outro: vi.fn(),
+  note: vi.fn(),
   select: vi.fn(),
   multiselect: vi.fn(),
   confirm: vi.fn().mockResolvedValue(true),

package/packages/cli/src/commands/install.integration.spec.ts

@@ -7,6 +7,7 @@ import { join } from "node:path";
 vi.mock("@clack/prompts", () => ({
   intro: vi.fn(),
   outro: vi.fn(),
+  note: vi.fn(),
   log: { info: vi.fn(), warn: vi.fn(), error: vi.fn() },
   select: vi.fn(),
   multiselect: vi.fn(),

package/packages/cli/src/commands/knowledge.integration.spec.ts

@@ -6,6 +6,7 @@ import { join } from "node:path";
 vi.mock("@clack/prompts", () => ({
   intro: vi.fn(),
   outro: vi.fn(),
+  note: vi.fn(),
   select: vi.fn(),
   multiselect: vi.fn(),
   confirm: vi.fn(),

package/packages/cli/src/commands/setup.integration.spec.ts

@@ -7,11 +7,13 @@ import { join } from "node:path";
 vi.mock("@clack/prompts", () => ({
   intro: vi.fn(),
   outro: vi.fn(),
+  note: vi.fn(),
   select: vi.fn(),
   multiselect: vi.fn(),
   confirm: vi.fn(),
   isCancel: vi.fn().mockReturnValue(false),
   cancel: vi.fn(),
+  log: { info: vi.fn(), warn: vi.fn() },
   spinner: vi.fn().mockReturnValue({ start: vi.fn(), stop: vi.fn() })
 }));
 

package/packages/cli/src/commands/setup.spec.ts

@@ -6,6 +6,7 @@ import type { Catalog, LogicalConfig } from "@codemcp/ade-core";
 vi.mock("@clack/prompts", () => ({
   intro: vi.fn(),
   outro: vi.fn(),
+  note: vi.fn(),
   select: vi.fn(),
   multiselect: vi.fn(),
   confirm: vi.fn(),
@@ -298,7 +299,7 @@ describe("runSetup", () => {
       expect(clack.multiselect).toHaveBeenCalledTimes(1);
       expect(clack.multiselect).toHaveBeenCalledWith(
         expect.objectContaining({
-          message: expect.stringContaining("Harnesses")
+          message: expect.stringContaining("coding agents")
         })
       );
     });

package/packages/cli/src/commands/setup.ts

@@ -26,7 +26,35 @@ export async function runSetup(
   projectRoot: string,
   catalog: Catalog
 ): Promise<void> {
-  clack.intro("ade setup");
+  let lineIndex = 0;
+  const LOGO_LINES = [
+    "\n",
+    " █████╗ ██████╗ ███████╗    ███████╗███████╗████████╗██╗   ██╗██████╗ ",
+    "██╔══██╗██╔══██╗██╔════╝    ██╔════╝██╔════╝╚══██╔══╝██║   ██║██╔══██╗",
+    "███████║██║  ██║█████╗      ███████╗█████╗     ██║   ██║   ██║██████╔╝",
+    "██╔══██║██║  ██║██╔══╝      ╚════██║██╔══╝     ██║   ██║   ██║██╔═══╝ ",
+    "██║  ██║██████╔╝███████╗    ███████║███████╗   ██║   ╚██████╔╝██║     ",
+    "╚═╝  ╚═╝╚═════╝ ╚══════╝    ╚══════╝╚══════╝   ╚═╝    ╚═════╝ ╚═╝     ",
+    "\n"
+  ];
+  for (const line of LOGO_LINES) {
+    lineIndex++;
+    if (lineIndex === 1) {
+      clack.intro(line);
+    } else {
+      console.log(`│  ${line}`);
+    }
+  }
+  clack.note(
+    [
+      "You're about to define how your team works with coding agents.",
+      "",
+      "Pick your facets — architecture, practices, process — and ADE",
+      "translates them into a shared information hierarchy your agents",
+      "read from the repo. One setup, consistent across the whole team."
+    ].join("\n"),
+    "ADE — Agentic Development Environment"
+  );
 
   const existingConfig = await readUserConfig(projectRoot);
   const existingChoices = existingConfig?.choices ?? {};
@@ -83,7 +111,8 @@ export async function runSetup(
 
   if (impliedDocsets.length > 0) {
     const selected = await clack.multiselect({
-      message: "Documentation — deselect any you don't need",
+      message:
+        "Documentation sources — Those will be pulled to your local disk for browsing on demand",
       options: impliedDocsets.map((d) => ({
         value: d.id,
         label: d.label,
@@ -120,7 +149,9 @@ export async function runSetup(
   );
 
   const selectedHarnesses = await clack.multiselect({
-    message: "Harnesses — which coding agents should receive config?",
+    message:
+      "Which coding agents should receive config?\n" +
+      "ADE generates config files for each agent you select.\n",
     options: harnessOptions,
     initialValues:
       validExistingHarnesses && validExistingHarnesses.length > 0
@@ -173,8 +204,14 @@ export async function runSetup(
   }
 
   if (logicalConfig.skills.length > 0) {
+    const skillNames = logicalConfig.skills
+      .map((s) => `  • ${s.name}`)
+      .join("\n");
     const confirmInstall = await clack.confirm({
-      message: `Install ${logicalConfig.skills.length} skill(s) now?`,
+      message:
+        `Install ${logicalConfig.skills.length} skill(s) now?\n` +
+        skillNames +
+        `\nYou can also install them later with:\n  npx @codemcp/skills experimental_install`,
       initialValue: true
     });
 
@@ -243,7 +280,7 @@ function promptSelect(
   const initialValue = getValidInitialValue(facet, existingChoices);
 
   return clack.select({
-    message: facet.label,
+    message: `${facet.label} — ${facet.description}`,
     options,
     ...(initialValue !== undefined && { initialValue })
   });
@@ -262,7 +299,7 @@ function promptMultiSelect(
   const initialValues = getValidInitialValues(facet, existingChoices);
 
   return clack.multiselect({
-    message: facet.label,
+    message: `${facet.label} — ${facet.description}`,
     options,
     required: false,
     ...(initialValues !== undefined && { initialValues })

package/packages/cli/src/index.ts

@@ -31,7 +31,14 @@ if (command === "setup") {
   console.log(version);
 } else {
   const allIds = getHarnessIds();
-  console.log(`ade v${version}`);
+  console.log(`ade v${version} — Agentic Development Environment`);
+  console.log();
+  console.log(
+    "Define how your team works with coding agents — pick your facets,"
+  );
+  console.log(
+    "ADE translates them into a shared information hierarchy in your repo."
+  );
   console.log();
   console.log("Usage: ade <command> [options]");
   console.log();

package/packages/core/package.json

@@ -38,5 +38,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.3.0"
+  "version": "0.5.0"
 }

package/packages/core/src/catalog/catalog.spec.ts

@@ -470,8 +470,8 @@ describe("catalog", () => {
       expect(autonomy!.required).toBe(false);
       expect(autonomy!.multiSelect).toBe(false);
       expect(autonomy!.options.map((option) => option.id)).toEqual([
-        "rigid",
         "sensible-defaults",
+        "rigid",
         "max-autonomy"
       ]);
     });

package/packages/core/src/catalog/facets/autonomy.ts

@@ -9,26 +9,26 @@ export const autonomyFacet: Facet = {
   multiSelect: false,
   options: [
     {
-      id: "rigid",
-      label: "Rigid",
+      id: "sensible-defaults",
+      label: "Sensible defaults",
       description:
-        "Keep built-in capabilities approval-gated and require confirmation before acting",
+        "Allow a curated built-in capabilities set while keeping potentially risky actions approval-gated",
       recipe: [
         {
           writer: "permission-policy",
-          config: { profile: "rigid" }
+          config: { profile: "sensible-defaults" }
         }
       ]
     },
     {
-      id: "sensible-defaults",
-      label: "Sensible defaults",
+      id: "rigid",
+      label: "Rigid",
       description:
-        "Allow a curated low-risk built-in capability set while keeping web access approval-gated",
+        "Keep built-in capabilities approval-gated and require confirmation before acting",
       recipe: [
         {
           writer: "permission-policy",
-          config: { profile: "sensible-defaults" }
+          config: { profile: "rigid" }
         }
       ]
     },
@@ -36,7 +36,7 @@ export const autonomyFacet: Facet = {
       id: "max-autonomy",
       label: "Max autonomy",
       description:
-        "Allow broad local built-in autonomy while keeping web access approval-gated",
+        "Allow broad local built-in autonomy. Recommended for sandboxed environments only",
       recipe: [
         {
           writer: "permission-policy",

package/packages/core/src/catalog/facets/backpressure.ts

@@ -89,7 +89,7 @@ export const backpressureFacet: Facet = {
   id: "backpressure",
   label: "Backpressure",
   description:
-    "Install git hooks that enforce quality gates — silent on success, surface only relevant failures",
+    "Which automated quality gates to put in place. Translates to git hooks",
   required: false,
   multiSelect: true,
   dependsOn: ["architecture"],

package/packages/core/src/catalog/facets/practices.ts

@@ -3,8 +3,7 @@ import type { Facet } from "../../types.js";
 export const practicesFacet: Facet = {
   id: "practices",
   label: "Practices",
-  description:
-    "Composable development practices — mix and match regardless of stack",
+  description: "Development practices — mix and match regardless of stack",
   required: false,
   multiSelect: true,
   options: [

package/packages/core/src/catalog/facets/process.ts

@@ -3,7 +3,7 @@ import type { Facet } from "../../types.js";
 export const processFacet: Facet = {
   id: "process",
   label: "Process",
-  description: "How your AI agent receives and executes tasks",
+  description: "How will you guide your agent",
   required: true,
   options: [
     {
@@ -16,7 +16,16 @@ export const processFacet: Facet = {
           writer: "workflows",
           config: {
             package: "@codemcp/workflows-server@latest",
-            ref: "workflows"
+            ref: "workflows",
+            env: {
+              VIBE_WORKFLOW_DOMAINS: "skilled"
+            },
+            allowedTools: [
+              "whats_next",
+              "conduct_review",
+              "list_workflows",
+              "get_tool_info"
+            ]
           }
         },
         {

package/packages/core/src/registry.ts

@@ -5,6 +5,7 @@ import type {
 } from "./types.js";
 import { instructionWriter } from "./writers/instruction.js";
 import { workflowsWriter } from "./writers/workflows.js";
+import { mcpServerWriter } from "./writers/mcp-server.js";
 import { skillsWriter } from "./writers/skills.js";
 import { knowledgeWriter } from "./writers/knowledge.js";
 import { gitHooksWriter } from "./writers/git-hooks.js";
@@ -51,15 +52,15 @@ export function createDefaultRegistry(): WriterRegistry {
 
   registerProvisionWriter(registry, instructionWriter);
   registerProvisionWriter(registry, workflowsWriter);
+  registerProvisionWriter(registry, mcpServerWriter);
   registerProvisionWriter(registry, skillsWriter);
-
   registerProvisionWriter(registry, knowledgeWriter);
   registerProvisionWriter(registry, gitHooksWriter);
   registerProvisionWriter(registry, setupNoteWriter);
   registerProvisionWriter(registry, permissionPolicyWriter);
 
   // Stub writers for types not yet implemented
-  for (const id of ["mcp-server", "installable"]) {
+  for (const id of ["installable"]) {
     registerProvisionWriter(registry, {
       id,
       write: async () => ({})

package/packages/core/src/resolver.spec.ts

@@ -120,6 +120,35 @@ describe("resolve", () => {
       expect(result.mcp_servers.length).toBeGreaterThanOrEqual(1);
       expect(result.instructions).toContain("Extra instruction");
     });
+
+    it("env set in the catalog option config is forwarded to the resolved mcp_server entry", async () => {
+      const userConfig: UserConfig = {
+        choices: { process: "codemcp-workflows" }
+      };
+
+      // Patch the catalog option's provision config to include env
+      const processFacet = catalog.facets.find((f) => f.id === "process")!;
+      const option = processFacet.options.find(
+        (o) => o.id === "codemcp-workflows"
+      )!;
+      const workflowsProvision = option.recipe.find(
+        (p) => p.writer === "workflows"
+      )!;
+      workflowsProvision.config = {
+        ...workflowsProvision.config,
+        env: { VIBE_WORKFLOWS_DOMAIN: "skilled" }
+      };
+
+      const result = await resolve(userConfig, catalog, registry);
+
+      const workflowsServer = result.mcp_servers.find(
+        (s) => s.ref === "workflows"
+      );
+      expect(workflowsServer).toBeDefined();
+      expect(workflowsServer!.env).toEqual({
+        VIBE_WORKFLOWS_DOMAIN: "skilled"
+      });
+    });
   });
 
   describe("unknown facet in choices", () => {

package/packages/core/src/writers/mcp-server.spec.ts

@@ -0,0 +1,62 @@
+import { describe, it, expect } from "vitest";
+import { mcpServerWriter } from "./mcp-server.js";
+import type { ResolutionContext } from "../types.js";
+
+describe("mcpServerWriter", () => {
+  const context: ResolutionContext = { resolved: {} };
+
+  it("has id 'mcp-server'", () => {
+    expect(mcpServerWriter.id).toBe("mcp-server");
+  });
+
+  it("returns mcp_servers with correct ref, command, args, and env", async () => {
+    const result = await mcpServerWriter.write(
+      {
+        ref: "my-server",
+        command: "npx",
+        args: ["my-mcp-package"],
+        env: { KEY: "value" }
+      },
+      context
+    );
+    expect(result).toEqual({
+      mcp_servers: [
+        {
+          ref: "my-server",
+          command: "npx",
+          args: ["my-mcp-package"],
+          env: { KEY: "value" }
+        }
+      ]
+    });
+  });
+
+  it("defaults env to an empty object when not specified", async () => {
+    const result = await mcpServerWriter.write(
+      { ref: "my-server", command: "npx", args: ["my-mcp-package"] },
+      context
+    );
+    expect(result.mcp_servers![0].env).toEqual({});
+  });
+
+  it("includes allowedTools when specified", async () => {
+    const result = await mcpServerWriter.write(
+      {
+        ref: "my-server",
+        command: "npx",
+        args: ["my-mcp-package"],
+        allowedTools: ["tool_a", "tool_b"]
+      },
+      context
+    );
+    expect(result.mcp_servers![0].allowedTools).toEqual(["tool_a", "tool_b"]);
+  });
+
+  it("omits allowedTools from entry when not specified", async () => {
+    const result = await mcpServerWriter.write(
+      { ref: "my-server", command: "npx", args: ["my-mcp-package"] },
+      context
+    );
+    expect(result.mcp_servers![0]).not.toHaveProperty("allowedTools");
+  });
+});

package/packages/core/src/writers/mcp-server.ts

@@ -0,0 +1,25 @@
+import type { ProvisionWriterDef } from "../types.js";
+
+export const mcpServerWriter: ProvisionWriterDef = {
+  id: "mcp-server",
+  async write(config) {
+    const { ref, command, args, env, allowedTools } = config as {
+      ref: string;
+      command: string;
+      args: string[];
+      env?: Record<string, string>;
+      allowedTools?: string[];
+    };
+    return {
+      mcp_servers: [
+        {
+          ref,
+          command,
+          args,
+          env: env ?? {},
+          ...(allowedTools !== undefined ? { allowedTools } : {})
+        }
+      ]
+    };
+  }
+};

package/packages/core/src/writers/workflows.spec.ts

@@ -59,6 +59,28 @@ describe("workflowsWriter", () => {
     expect(result.mcp_servers![0].env).toEqual({});
   });
 
+  it("includes allowedTools in the entry when specified", async () => {
+    const result = await workflowsWriter.write(
+      {
+        package: "@codemcp/workflows-server",
+        allowedTools: ["whats_next", "conduct_review"]
+      },
+      context
+    );
+    expect(result.mcp_servers![0].allowedTools).toEqual([
+      "whats_next",
+      "conduct_review"
+    ]);
+  });
+
+  it("omits allowedTools from entry when not specified", async () => {
+    const result = await workflowsWriter.write(
+      { package: "@codemcp/workflows-server" },
+      context
+    );
+    expect(result.mcp_servers![0]).not.toHaveProperty("allowedTools");
+  });
+
   it("only returns mcp_servers, not other LogicalConfig keys", async () => {
     const result = await workflowsWriter.write(
       { package: "@codemcp/workflows-server" },

package/packages/core/src/writers/workflows.ts

@@ -6,11 +6,13 @@ export const workflowsWriter: ProvisionWriterDef = {
     const {
       package: pkg,
       ref,
-      env
+      env,
+      allowedTools
     } = config as {
       package: string;
       ref?: string;
       env?: Record<string, string>;
+      allowedTools?: string[];
     };
     return {
       mcp_servers: [
@@ -18,7 +20,8 @@ export const workflowsWriter: ProvisionWriterDef = {
           ref: ref ?? pkg,
           command: "npx",
           args: [pkg],
-          env: env ?? {}
+          env: env ?? {},
+          ...(allowedTools !== undefined ? { allowedTools } : {})
         }
       ]
     };

package/packages/harnesses/package.json

@@ -40,5 +40,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.3.0"
+  "version": "0.5.0"
 }

package/packages/harnesses/src/writers/copilot.spec.ts

@@ -198,12 +198,8 @@ describe("copilotWriter", () => {
     expect(sensibleAgent).not.toContain("  - execute");
     expect(sensibleAgent).not.toContain("  - todo");
     expect(sensibleAgent).not.toContain("  - web");
-    expect(sensibleAgent).toContain("  - workflows/whats_next");
-    expect(sensibleAgent).toContain("  - workflows/proceed_to_phase");
-    expect(sensibleAgent).not.toContain("  - workflows/*");
-    expect(sensibleAgent).toContain(
-      '    tools: ["whats_next","proceed_to_phase"]'
-    );
+    expect(sensibleAgent).toContain("  - workflows/*");
+    expect(sensibleAgent).toContain('    tools: ["*"]');
 
     expect(maxAgent).toContain("  - read");
     expect(maxAgent).toContain("  - edit");

package/packages/harnesses/src/writers/copilot.ts

@@ -56,14 +56,7 @@ function getBuiltInTools(profile: AutonomyProfile | undefined): string[] {
 }
 
 function getForwardedMcpTools(servers: McpServerEntry[]): string[] {
-  return servers.flatMap((server) => {
-    const allowedTools = server.allowedTools ?? ["*"];
-    if (allowedTools.includes("*")) {
-      return [`${server.ref}/*`];
-    }
-
-    return allowedTools.map((tool) => `${server.ref}/${tool}`);
-  });
+  return servers.map((server) => `${server.ref}/*`);
 }
 
 function renderCopilotAgentMcpServers(servers: McpServerEntry[]): string[] {
@@ -78,7 +71,7 @@ function renderCopilotAgentMcpServers(servers: McpServerEntry[]): string[] {
     lines.push("    type: stdio");
     lines.push(`    command: ${JSON.stringify(server.command)}`);
     lines.push(`    args: ${JSON.stringify(server.args)}`);
-    lines.push(`    tools: ${JSON.stringify(server.allowedTools ?? ["*"])}`);
+    lines.push(`    tools: ${JSON.stringify(["*"])}`);
 
     if (Object.keys(server.env).length > 0) {
       lines.push("    env:");

package/packages/harnesses/src/writers/kiro.spec.ts

@@ -186,4 +186,36 @@ describe("kiroWriter", () => {
     expect(rigidMcp.mcpServers.workflows.autoApprove).toEqual(["*"]);
     expect(maxMcp.mcpServers.workflows.autoApprove).toEqual(["*"]);
   });
+
+  it("uses wildcard in tools but restricted names in allowedTools when allowedTools is set", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {},
+          allowedTools: ["whats_next", "conduct_review"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await kiroWriter.install(config, dir);
+
+    const agent = JSON.parse(
+      await readFile(join(dir, ".kiro", "agents", "ade.json"), "utf-8")
+    );
+
+    expect(agent.tools).toContain("@workflows/*");
+    expect(agent.tools).not.toContain("@workflows/whats_next");
+    expect(agent.allowedTools).toContain("@workflows/whats_next");
+    expect(agent.allowedTools).toContain("@workflows/conduct_review");
+    expect(agent.allowedTools).not.toContain("@workflows/*");
+  });
 });

package/packages/harnesses/src/writers/kiro.ts

@@ -27,6 +27,10 @@ export const kiroWriter: HarnessWriter = {
     });
 
     const tools = getKiroTools(getAutonomyProfile(config), config.mcp_servers);
+    const allowedTools = getKiroAllowedTools(
+      getAutonomyProfile(config),
+      config.mcp_servers
+    );
     await writeJson(join(projectRoot, ".kiro", "agents", "ade.json"), {
       name: "ade",
       description:
@@ -36,7 +40,7 @@ export const kiroWriter: HarnessWriter = {
         "ADE — Agentic Development Environment agent.",
       mcpServers: getKiroAgentMcpServers(config.mcp_servers),
       tools,
-      allowedTools: tools,
+      allowedTools,
       useLegacyMcpJson: true
     });
 
@@ -48,7 +52,7 @@ function getKiroTools(
   profile: AutonomyProfile | undefined,
   servers: McpServerEntry[]
 ): string[] {
-  const mcpTools = getKiroForwardedMcpTools(servers);
+  const mcpTools = servers.map((server) => `@${server.ref}/*`);
 
   switch (profile) {
     case "rigid":
@@ -62,15 +66,28 @@ function getKiroTools(
   }
 }
 
-function getKiroForwardedMcpTools(servers: McpServerEntry[]): string[] {
-  return servers.flatMap((server) => {
+function getKiroAllowedTools(
+  profile: AutonomyProfile | undefined,
+  servers: McpServerEntry[]
+): string[] {
+  const mcpAllowedTools = servers.flatMap((server) => {
     const allowedTools = server.allowedTools ?? ["*"];
     if (allowedTools.includes("*")) {
       return [`@${server.ref}/*`];
     }
-
     return allowedTools.map((tool) => `@${server.ref}/${tool}`);
   });
+
+  switch (profile) {
+    case "rigid":
+      return ["read", "shell", "spec", ...mcpAllowedTools];
+    case "sensible-defaults":
+      return ["read", "write", "shell", "spec", ...mcpAllowedTools];
+    case "max-autonomy":
+      return ["read", "write", "shell(*)", "spec", ...mcpAllowedTools];
+    default:
+      return ["read", "write", "shell", "spec", ...mcpAllowedTools];
+  }
 }
 
 function getKiroAgentMcpServers(

package/packages/harnesses/src/writers/opencode.spec.ts

@@ -148,6 +148,72 @@ describe("opencodeWriter", () => {
     expect(rigidAgent).not.toContain("tools:");
   });
 
+  it("writes allowed MCP tools into the permission block of the agent frontmatter", async () => {
+    const projectRoot = join(dir, "mcp-tools");
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["@codemcp/workflows-server@latest"],
+          env: {},
+          allowedTools: ["whats_next", "conduct_review"]
+        }
+      ],
+      instructions: ["Follow project rules."],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await opencodeWriter.install(config, projectRoot);
+
+    const agent = await readFile(
+      join(projectRoot, ".opencode", "agents", "ade.md"),
+      "utf-8"
+    );
+    const frontmatter = parseFrontmatter(agent);
+    const permission = frontmatter.permission as Record<string, string>;
+
+    expect(permission["workflows*"]).toBe("ask");
+    expect(permission["workflows_whats_next"]).toBe("allow");
+    expect(permission["workflows_conduct_review"]).toBe("allow");
+    expect(agent).not.toContain("tools:");
+  });
+
+  it("writes wildcard MCP permission when allowedTools is not restricted", async () => {
+    const projectRoot = join(dir, "mcp-wildcard");
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["@codemcp/workflows-server@latest"],
+          env: {}
+        }
+      ],
+      instructions: ["Follow project rules."],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await opencodeWriter.install(config, projectRoot);
+
+    const agent = await readFile(
+      join(projectRoot, ".opencode", "agents", "ade.md"),
+      "utf-8"
+    );
+    const frontmatter = parseFrontmatter(agent);
+    const permission = frontmatter.permission as Record<string, string>;
+
+    expect(permission["workflows*"]).toBe("allow");
+  });
+
   it("keeps MCP servers in project config and writes documented environment fields", async () => {
     const projectRoot = join(dir, "mcp");
     const config = {

package/packages/harnesses/src/writers/opencode.ts

@@ -1,5 +1,9 @@
 import { join } from "node:path";
-import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  McpServerEntry
+} from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   writeAgentMd,
@@ -138,6 +142,24 @@ const MAX_AUTONOMY_RULES: Record<string, PermissionRule> = {
   doom_loop: "deny"
 };
 
+function getMcpPermissions(
+  servers: McpServerEntry[]
+): Record<string, PermissionRule> | undefined {
+  const entries: [string, PermissionRule][] = servers.flatMap((server) => {
+    const allowedTools = server.allowedTools ?? ["*"];
+    if (allowedTools.includes("*")) {
+      return [[`${server.ref}*`, "allow"]] as [string, PermissionRule][];
+    }
+    return [
+      [`${server.ref}*`, "ask"] as [string, PermissionRule],
+      ...allowedTools.map(
+        (tool) => [`${server.ref}_${tool}`, "allow"] as [string, PermissionRule]
+      )
+    ];
+  });
+  return entries.length > 0 ? Object.fromEntries(entries) : undefined;
+}
+
 function getPermissionRules(
   profile: AutonomyProfile | undefined
 ): Record<string, PermissionRule> | undefined {
@@ -170,11 +192,16 @@ export const opencodeWriter: HarnessWriter = {
     });
 
     const permission = getPermissionRules(getAutonomyProfile(config));
+    const mcpPermissions = getMcpPermissions(config.mcp_servers);
+    const mergedPermission =
+      permission || mcpPermissions
+        ? { ...(mcpPermissions ?? {}), ...(permission ?? {}) }
+        : undefined;
 
     await writeAgentMd(config, {
       path: join(projectRoot, ".opencode", "agents", "ade.md"),
-      extraFrontmatter: permission
-        ? renderYamlMapping("permission", permission)
+      extraFrontmatter: mergedPermission
+        ? renderYamlMapping("permission", mergedPermission)
         : undefined,
       fallbackBody:
         "ADE — Agentic Development Environment agent with project conventions and tools."