MCP-lite Setup

UnfoldAI includes a local MCP-lite server for compatible AI coding agents. It lets an agent ask UnfoldAI for safe local summaries and approval-gated checkpoint actions.

MCP-lite is manual setup in this release. UnfoldAI does not edit Claude Code, Cursor, Codex, Copilot, Windsurf, or other agent configuration files automatically.

Enable Safe Agent Mode

{
  "unfoldai.v5.safeAgentMode.enabled": true,
  "unfoldai.v5.mcp.enabled": true
}

Then open Command Center and expand Manage MCP. The panel shows server status, manual setup copy, available tools, pending approvals, and latest safe results.

Manual Configuration

Configure your MCP-compatible agent to launch the bundled MCP server:

{
  "mcpServers": {
    "unfoldai": {
      "command": "node",
      "args": ["<path-to-unfoldai-extension>/dist/mcp/mcpServer.js"]
    }
  }
}

The extension path varies by platform and install method. In VS Code it is usually under the user's extensions directory with a folder name like:

taldennis-unfoldai-chatgpt-copilot.unfoldai-<version>

Available Tools

Tool	Purpose	Safety boundary
`unfold_create_checkpoint`	Request or create a checkpoint before risky work	Approval-first by default
`unfold_list_checkpoints`	List recent checkpoints	Metadata only
`unfold_diff_since_checkpoint`	Summarize changes since a checkpoint	No raw diffs/code by default
`unfold_get_risks`	Return current Safety/risk cards	Metadata only
`unfold_get_verification_prompt`	Generate a safe verification prompt	Uses prompt privacy checks
`unfold_get_recovery_prompt`	Generate a safe recovery prompt	Copy-only, no auto-apply
`unfold_request_restore`	Ask the user to review a checkpoint restore	Never restores directly

Approval States

Some MCP requests create visible approval requests in VS Code.

Checkpoint creation is approval-first unless you explicitly enable agent checkpoint creation.
Restore requests can only create a pending review request in this release.
Restore approval is intentionally unavailable until a later restore/preview safety review.

Privacy

MCP-lite responses are metadata-only by default. They must not include raw code, raw diffs, terminal output, raw command text, full local paths, diagnostic messages, secrets, .env content, raw protected path patterns, or raw v4 events/tasks.

If a tool cannot return a safe summary, it should return a privacy-blocked or unavailable result instead of leaking raw local data.

Troubleshooting

No tools appear

Confirm Safe Agent Mode is enabled.
Open Command Center and check MCP status.
Confirm your agent is launching dist/mcp/mcpServer.js from the installed extension.

A checkpoint request is pending

Open Command Center.
Review the pending MCP approval card.
Approve or deny from VS Code. Agents should not hide checkpoint creation from you.

A restore request does not restore

That is expected. unfold_request_restore never restores directly in this release.

Enable Safe Agent Mode​

Manual Configuration​

Available Tools​

Approval States​

Privacy​

Troubleshooting​