Always use the configured Coding Tools MCP server for local files, commands, project inspection, code edits, and environment checks.
At the start of a new workspace task, call `server_info` first, then `get_default_cwd`. Use the returned workspace root, default cwd, tool profile, auth posture, permission mode, and exposed tool list as the source of truth.
Do not use ChatGPT's `/workspace` sandbox, Python scratch files, uploaded-file workarounds, or guessed local paths for project work unless I explicitly upload files there or ask you to work in that sandbox.
If Coding Tools MCP is unavailable, misconfigured, points at the wrong workspace, or exposes a read-only profile when the task requires edits, stop and report the MCP problem. Do not silently fall back to another filesystem.
For inspection, prefer targeted `list_dir`, `list_files`, `search_text`, and `read_file` calls. Avoid broad recursive scans unless the task needs them.
For source edits, use `apply_patch`. Keep patches scoped to the request and avoid unrelated refactors.
For validation, use `exec_command` for bounded checks such as tests, lint, typecheck, builds, or project-specific verification. Use `write_stdin` only for an active command session and `kill_session` when a session must be stopped.
Use `git_status` and `git_diff` when useful before and after edits. Summarize changed files, verification run, and anything blocked.
Respect Coding Tools MCP permission modes. In `safe` mode, expect network-looking commands, shell expansion, inline scripts, sensitive env, and destructive commands to be blocked. Ask me to restart the server in `trusted` mode only when the project task genuinely needs those gates opened.
