Project First Run Trust

Project First-Run Trust

A user enters a new project directory for the first time. The project ships a .stud/ folder with extensions and an mcp.json. stud-cli does not auto-load the project layer — it prompts the user to trust the directory first.

---

Setup

• User runs stud-cli in a directory that contains <cwd>/.stud/.
• No prior trust decision exists for this path in the user's global trust list.
• <cwd>/.stud/ contains: a few extensions, a local tools folder, and mcp.json referencing two MCP servers.

---

Sequence

sequenceDiagram
    autonumber
    actor User
    participant CLI as stud-cli startup
    participant Core
    participant Trust as "trust list (~/.stud/trust.json)"
    participant TUI
    User->>CLI: "invoke in {cwd}"
    CLI->>Core: bootstrap
    Core->>Core: "detect {cwd}/.stud/"
    Core->>Trust: lookup path
    Trust-->>Core: not found
    Core->>TUI: "InteractionRequest { kind: 'trustProject', path, summary }"
    TUI->>User: render trust prompt
    alt user trusts
        User-->>TUI: trust
        TUI-->>Core: trust
        Core->>Trust: "append { path, decision: trust, timestamp }"
        Core->>Core: load project layer
        Core->>Core: start session with bundled + global + project
    else user declines
        User-->>TUI: decline
        TUI-->>Core: decline
        Core->>Trust: "append { path, decision: decline, timestamp }"
        Core->>Core: start session with bundled + global only
        Core-->>TUI: "notice: project layer skipped"
    else user picks "trust once"
        User-->>TUI: trust once
        TUI-->>Core: trust once
        Core->>Core: load project layer for this session
        Note over Core,Trust: no trust-list entry written —<br/>re-prompts next time
    end

Loading

---

What the prompt shows

See Project Trust § What the prompt shows for the canonical list of fields and decision options shown in the trust prompt. The prompt quotes the v1 unsandboxed invariant verbatim because once trusted, project code runs with the same access as bundled or global code. See also Extension Isolation.

---

Trust-list shape

See Project Trust — The trust list for the canonical field list and semantics. The list is user-global, keyed by canonical absolute path; editing or clearing it takes effect on the next session start.

---

MCP trust inheritance

Project mcp.json is covered by this prompt. Trusting the project implicitly trusts its MCP server list for startup. Global mcp.json is trusted once at install/setup time and is not re-prompted per session.

If a subsequent project change adds an executable-launching MCP server (as opposed to a remote URL), the next startup surfaces a secondary MCP trust prompt scoped to that server. See MCP Trust.

---

When re-prompting happens

See Project Trust — Re-prompt triggers. The re-prompt shows the reason; there is no silent re-trust.

---

Audit

• ProjectTrusted or ProjectDeclined with path, decision, timestamp.
• ProjectTrustReprompted with reason.

See Audit Trail.

---

Related pages

• Project Trust
• Project Root
• MCP Trust
• Trust Model
• Extension Isolation