Curated Documentation Surface

CX Documentation

Kernel-owned proof path, live MCP workspace surface, and durable cognition notes.

cx is documented as four cooperating surfaces:

  • native proof path: bundle, validate, verify, extract

  • live workspace path: mcp

  • durable cognition path: notes

  • adapter/oracle path: diagnostics and parity only

Use this page for its local concern first. Return to Documentation Index when you need the broader map.

Track A produces proof-grade artifacts such as bundles, manifests, hashes, and verification results. Track B produces hypotheses, exploratory reasoning, and live workspace investigation state. Use the proof path when later humans or CI must trust the output. Use the live path when the work is still moving.

cx is a repository-native toolchain with a kernel-owned proof path, a live MCP workspace surface, and a durable notes layer for AI handoff and verification.

Use Operating Modes for the main conceptual entrypoint and Mental Model for the canonical CX triad, Track A vs Track B, policy tiers, and artifact lifecycle.

Use this manual when you already know you are operating cx and want the shortest route to commands, assurance levels, and workflow decisions.

If you are new to the repository:

  1. Read the root README

  2. Read System Map

  3. Return here once you need the operator path instead of the conceptual map

Quick Operator Path

Use the smallest operator sequence that matches the job:

  • Live workspace path: cx mcp

  • Durable cognition path: cx notes

  • Curated docs review path: cx docs export

  • Native proof path: cx inspect, cx bundle, cx validate, cx verify, cx extract

  • Recovery or audit: cx list, cx audit, cx doctor

  • Adapter/oracle path: expert diagnostics and parity only, not the primary operator workflow

Typical minimal paths:

Live Agent Path

  1. cx mcp

  2. cx doctor mcp

  3. cx mcp catalog --json

  4. cx doctor workflow --task "refactor index.ts"

Artifact Path

  1. cx init --name demo

  2. cx inspect --token-breakdown

  3. cx bundle --config cx.toml

  4. cx verify --against .

  5. cx extract dist/bundle --to ./restore

Extraction Safety

When you extract bundle contents, treat intact and copied outputs as the ordinary safe path.

If extraction reports degraded, stop and decide whether you need approximate human review or deterministic machine-safe recovery:

  • use cx extract …​ --allow-degraded only for human inspection

  • do not use degraded output as automation input

  • rebuild the bundle instead of forcing degraded fallback when coordinates, hashes, or downstream edits matter

Why this protects you: degraded extraction means the recovered packed content no longer matches the manifest contract, so line coordinates and file identity may no longer be trustworthy enough for safe automation.

For the full failure model, recovery statuses, and detailed examples, see Extraction Safety.

Audited Overrides

cx bundle --force and cx bundle --ci are audited overrides. They allow a bundle to be materialized from tracked-file drift only when the operator has chosen that provenance explicitly, and the manifest records forced_dirty or ci_dirty for downstream review. --force also keeps the command running after note-validation errors, so the operator can inspect the resulting artifact and the emitted diagnostics together. Scanner findings remain fatal.

See Audited Overrides before using either flag in release or CI workflows.

Repository Commands

Use the repository-local make targets for day-to-day development:

Command Use it when

make test

You want the fast unit loop while iterating

make verify

You want the normal local gate before merging

make certify

You want CI-grade confidence before tagging a release

make release VERSION=vX.Y.Z

You are stepping through the two-phase release wizard

make certify runs everything make verify does, then performs a clean double-build reproducibility check: the dist/ tree is hashed, wiped, rebuilt, and hashed again. The two hash sets must match exactly. This mirrors the CI reproducibility job so the release gate is exercisable locally without pushing.

Assurance Ladder

Use these commands as a progressive assurance model:

Command What it covers When to run

bun run verify

lint, typecheck, build, Vitest coverage lane, Bun compatibility smoke

normal pre-merge gate

bun run ci:test:coverage

Vitest V8 coverage lane with HTML, JSON summary, LCOV, and markdown summary output over the full shared suite

CI coverage reporting

bun run test:all

full shared repository suite through native Vitest

broad local execution proof

bun run test:vitest:bundle

focused bundle workflow, extraction, render-adapter, and JSON CLI lane

bundle-heavy local iteration

bun run test:vitest:notes

focused notes graph, note commands, linked-note planning, and operator contract lane

notes-heavy local iteration

bun run test:vitest:planning

focused planning and schema-integration lane

overlap, linking, and config-shape iteration

bun run certify

verify + contract lane + official Repomix reference-oracle smoke + bundle transition matrix smoke + release integrity smoke + reproducibility check

pre-tag local CI-equivalent certification

bun run integrity

release integrity metadata generation from the packed npm tarball

release artifact staging

bun run verify-release

release integrity metadata verification against packed tarball

release verification and audit

make verify and make certify are thin wrappers around bun run verify and bun run certify.

Vitest coverage is now the authoritative coverage-reporting lane for release assurance. Bun remains part of the execution and compatibility matrix.

CX Commands

Use cx commands for repository planning, bundle generation, verification, and live MCP work.

cx init --name demo
cx docs export
cx inspect --token-breakdown
cx bundle --include-doc-exports
cx bundle --config cx.toml
cx mcp
cx doctor mcp --config cx.toml
cx mcp catalog --json
cx doctor secrets --config cx.toml
cx notes lint
cx notes lint --write

cx init now writes a generated workspace-aware Makefile, .editorconfig, cx-mcp.toml, cx.toml, .mcp.json, .vscode/mcp.json, and local agent settings in .claude/settings.json and .codex/settings.json in addition to notes/. The generated cx-mcp.toml is a minimal diff to cx.toml and serves as the MCP overlay for the workspace root. The Makefile selects a language-specific template when it sees common workspace markers for Rust, Go, JavaScript/TypeScript, Python, Java, Elixir, Julia, Crystal, or Zig, and otherwise falls back to the base template.

For the TypeScript template, the generated Makefile uses lockfile-first package-manager selection (bun.lock*, pnpm-lock.yaml, yarn.lock, then package-lock.json / npm-shrinkwrap.json) and keeps install separate from build. The normalized local targets are install, build, test, check, lint, verify, certify, clean, and notes. lint and check skip with a clear message when the corresponding package scripts are absent, and certify falls back to verify unless the workspace defines a stricter package-manager certify script. The generated cx-mcp.toml is the source-oriented authoring overlay and includes src/, package.json, tsconfig*.json, and README.md while excluding node_modules/, dist/**, and common cache or coverage directories. A companion cx-mcp-build.toml is generated for compiled-output inspection. Adjust the authoring and build overlays independently if your workspace uses a different layout.

The cross-template capability matrix, generated file contract, and support levels are documented in Init Template Contract.

cx init checks each generated target individually. It preserves existing files by default and creates any missing init artifacts; use --force to overwrite existing generated files.

Use --template to explicitly choose an init template by environment:

cx init --name demo --template typescript

List supported templates with:

cx init --template-list

When --template is omitted, cx init autodetects the workspace environment from files like package.json, go.mod, pyproject.toml, pom.xml, and Cargo.toml.

cx mcp prefers a colocated cx-mcp.toml overlay. If that file is present, it is the default MCP config for the workspace; if it is missing, cx falls back to the baseline cx.toml configuration. The MCP surface now includes live bundle planning plus note reading, search, creation, update, rename, delete, and note-graph inspection tools in addition to workspace file browsing.

cx docs export writes deterministic markdown renderings of the Antora assemblies described by the active playbook so operators and downstream LLM workflows can inspect the final documentation content directly instead of inferring it from source AsciiDoc files alone. MultiMarkdown is the default export format for this command. The export rewrites Antora-style cross references into review-friendly links between the emitted markdown files and reports unresolved review-link destinations such as xref: links, module-qualified Antora HTML targets, or .adoc destinations. Use --playbook when the docs are driven by a playbook other than the default antora-playbook.yml at the source root, and use --root-level to switch between a single combined assembly (0) and one export per assembly or module (1, the default). JSON mode reports structured diagnostics when the export is blocked so CI and operators can see the exact assembly and unresolved destinations instead of only receiving a generic failure. Use --log-output <path> when you want Antora export logs written to a file instead of stderr. This overrides docs.log_output from cx.toml. Empty log files are deleted automatically after the export, so a log path only remains on disk when it captured actual output.

cx bundle --include-doc-exports reuses that same export path and stages the generated Antora assemblies under docs.target_dir/ inside the bundle. The default is {project}-docs-exports, and you can configure it the same way as assets.target_dir in cx.toml. The bundle manifest records those files as .mmd.txt artifacts in derivedReviewExports so they are discoverable, checksum-covered, and still clearly labeled as derived review material rather than proof-path section outputs. cx inspect --derived-review-exports --json and cx verify --json also summarize the derived review exports, including unresolved review-link diagnostics for already bundled artifacts. When bundled docs export logging is enabled, the log is written to antora-export.log.txt in the bundle root. Empty bundled log files are removed automatically and are not recorded as bundle content or handover inventory.

Use cx mcp catalog --json when you need only the machine-readable MCP tool contract. It exposes the registered tool set with stable name, capability, and stability fields plus summary counts, without mixing in profile resolution or audit state.

For concrete integration examples and per-IDE snippets (VS Code/Cline, Roo Code, Cursor, Claude Desktop), see the Agent Integration Guide.

MCP Setup And Daily Operator Use

Use this sequence when you are connecting an agent or IDE to a live workspace:

  1. Run cx mcp from the repository root.

  2. Confirm the resolved profile and file boundary with cx doctor mcp.

  3. Inspect the machine-readable tool contract with cx mcp catalog --json.

  4. Use cx-mcp.toml when you need an MCP-specific overlay; otherwise cx falls back to cx.toml.

Keep the everyday operator rule simple:

  • use cx mcp for live reads, searches, planning, and note work

  • use cx bundle, cx validate, cx verify, and cx extract for proof-path artifacts

  • keep client-specific setup details in the repository reference guide, not in the front-door operator path

If an agent cannot see the right files, verify these before debugging anything deeper:

  • cwd points at the repository root

  • the active profile is the one you expect

  • files.include and files.exclude match the intended workspace scope

  • mutation is enabled only when you intentionally want a mutate-capable session

Repository-local make shortcuts keep the developer loop compact:

  • make test runs the fast Vitest unit suite.

  • make verify runs lint, typecheck, build, the Vitest coverage lane, and Bun compatibility smoke.

  • bun run ci:test:coverage runs the authoritative Vitest V8 coverage lane across the shared repository suite, then writes coverage/vitest/ plus .ci/coverage-summary.md for CI reporting.

  • Treat that Vitest lane as the authoritative release-assurance reporting surface. The Bun lanes still prove execution compatibility and remain part of the runtime matrix.

  • bun run test:contracts runs the contract suite through native Vitest.

  • bun run test:all runs the full shared suite through native Vitest without collecting coverage.

  • bun run test:all:full is the explicit Vitest coverage lane for local release-assurance checks.

  • bun run test:vitest:bundle isolates the slow bundle workflow, extraction, render-adapter, and JSON CLI suites.

  • bun run test:vitest:notes isolates the slow notes graph and command suites, plus linked-note planning and operator contracts.

  • bun run test:vitest:planning isolates planning and schema-integration suites for overlap, linked-note, and config-shape work.

  • bun run pages:build assembles the public Pages dist/site/ tree with /schemas/, /coverage/, and the curated Antora docs site under /docs/.

  • bun run pages:smoke validates the staged dist/site/ tree before a workflow publishes it.

  • The latest public HTML coverage view is published at https://wstein.github.io/cx-cli/coverage/ from successful develop or main CI runs.

  • The curated docs site is published at https://wstein.github.io/cx-cli/docs/.

  • bun run test:vitest:mcp runs the focused MCP cockpit lane for MCP-heavy tests without starting the full repository coverage surface.

  • bun run test:vitest:mcp:ui opens the same MCP-focused lane in Vitest UI so operators can rerun failures, inspect coverage, and review the import graph for slow MCP startup or registration paths.

  • bun run test:vitest:mcp:adversarial keeps startup failures, malformed runtime responses, and other hostile-boundary MCP cases isolated in a smaller cockpit.

  • make certify runs everything verify does plus contract tests, smoke lanes, release integrity smoke, and reproducibility checks - the CI-grade local gate to use before tagging.

  • make release VERSION=vX.Y.Z is a wizard: first call starts the release candidate on develop, second call with that same tagged version finalizes the release after CI is green.

The make targets are wrappers around the corresponding Bun scripts. Use them for local ergonomics; use cx when you are working with bundle planning, verification, extraction, or MCP sessions.

The native MCP server exposes file-based list, grep, and read tools over the workspace scope. It also exposes inspect, bundle, doctor_mcp, and doctor_workflow tools for live planning, plus note-native notes_read, notes_search, notes_new, notes_update, notes_rename, notes_delete, notes_list, notes_backlinks, notes_orphans, notes_code_links, and notes_links tools over the notes corpus. Use list to enumerate visible files, grep to search their contents, and read to inspect a specific file with optional line anchors without switching back to the packaging workflow.

Example note search:

{
  "tool": "notes_search",
  "arguments": {
    "query": "workflow",
    "tags": ["agent"],
    "limit": 5
  }
}

CLI and MCP note commands side by side:

Task CLI MCP

Create a note

cx notes new --title "Research Note" --body "Initial observation."

notes_new(title="Research Note", body="Initial observation.")

Read a note

cx notes read --id 20260414120000

notes_read(id="20260414120000")

Update a note

cx notes update --id 20260414120000 --body "Refined observation."

notes_update(id="20260414120000", body="Refined observation.")

Rename a note

cx notes rename --id 20260414120000 --title "Research Note v2"

notes_rename(id="20260414120000", title="Research Note v2")

Delete a note

cx notes delete --id 20260414120000

notes_delete(id="20260414120000")

Inspect the graph

cx notes links / cx notes backlinks --id …​ / cx notes orphans / cx notes code-links --id …​

notes_search(…​) / notes_links(…​) / notes_backlinks(…​) / notes_orphans(…​) / notes_code_links(…​)

Use the CLI for direct on-disk note lifecycle operations. Use MCP when the agent needs live search, reads, updates, or graph inspection inside an active workspace session.

cx docs compile --profile architecture|manual|onboarding is the repository-owned promotion path from stable notes into generated Antora pages. Use note graph tools to validate and inspect note evidence before running docs compilation.

Who This Manual Is For

This guide is for engineers running cx as an operational tool: local bundle authors, CI maintainers, and remote-runner owners.

If you are new to the project, read the README first. If you need the detailed knobs, read Configuration Reference. If you need the full documentation map, read Documentation Index.

Friday To Monday Map

Read the rest of this manual with one concrete timeline in mind:

  • SHA-256 sidecars prove the emitted artifacts were not silently edited after bundling.

  • The manifest records the exact file inventory, token counts, note summaries, and dirty-state provenance that downstream automation relies on.

  • verify exists so Monday’s runner can compare the bundle back to a source tree instead of trusting a stale directory by habit.

  • Dirty-state gating stops tracked-file drift from becoming an unreviewable production input.

The invariants are the mechanisms that keep Friday’s intent queryable and safe on Monday.

See Friday to Monday.

Static Bundle Versus Live MCP

See Mental Model.

The two main CX workflows are intentionally different:

  • cx bundle produces a static, immutable snapshot for CI, review, verification, and handoff.

  • cx mcp exposes the live workspace through scoped file, search, and note tools for active investigation.

They share the same repository boundary rules, but they answer different questions. Use the bundle when you need something you can verify later. Use MCP when you need the model to explore, search, or update the workspace during an ongoing task.

Command Best for Typical output

cx inspect

Reviewing the planned bundle before writing files

A deterministic plan, token totals, overlap signals, and extractability hints

cx bundle

Producing an immutable artifact for review, CI, or handoff

Bundle files, manifest, lock file, and checksum sidecar

cx mcp

Exploring the live workspace and maintaining notes during active work

Scoped file search, reads, and note tools over the current workspace

Native Path Versus Adapter Path

The shipped operator workflow is kernel-first:

  • cx bundle, cx validate, cx verify, and cx extract operate on the native proof path

  • cx mcp operates on the live workspace path

  • cx notes operates on the durable cognition path

The adapter/oracle surface is separate and expert-facing:

  • used for parity diagnostics

  • used for oracle capability inspection

  • used for migration and reference testing

  • not required for ordinary bundle, validate, verify, or extract flows

  • not the primary operator story

Core Commands

Command Use it when

cx init

You need a starter config

cx inspect

You want to preview the plan before building

cx bundle

You want to produce the bundle artifacts

cx validate

You want schema and structure validation

cx verify

You want checksum and source-tree verification

cx list

You want to browse stored files and statuses

cx extract

You want to restore selected files from the bundle

cx mcp

You want to start the MCP server with the agent profile

cx notes

You want to manage notes or inspect note graph relationships

cx doctor overlaps

A plan fails because one file matches multiple sections

cx doctor fix-overlaps

You want exact exclude entries generated or applied

cx doctor mcp

You want to review the effective MCP profile, inherited scopes, and recent audit trends

cx mcp catalog --json

You want the narrow machine-readable MCP tool catalog for automation

cx doctor notes

You want to audit note-to-code references against the VCS-backed planning master list

cx doctor secrets

You want to scan the master list for suspicious secret patterns

cx doctor workflow

You want a quick recommendation for bundle, inspect, or MCP, including mixed-task paths

cx audit summary

You want recent traceId, policy, and capability trends from .cx/audit.log without the full MCP profile report

cx completion

You want shell-native command and flag completion