docs: clarify claude-code host discovery metadata

2026-06-10 08:05:14 +02:00 · 2026-05-15 17:00:23 +02:00 · 2026-05-15 17:00:23 +02:00 · abc7795744
commit abc7795744
parent a5b364415a
2 changed files with 8 additions and 4 deletions
--- a/docs-site/content/docs/guides/building-context.mdx
+++ b/docs-site/content/docs/guides/building-context.mdx
@ -59,8 +59,9 @@ Deep ingest needs LLM and embedding readiness. If those providers are not
 configured, run `ktx setup` or use `--fast`.

 When you use `claude-code`, KTX still controls the tool surface for ingest and
-memory capture. Claude Code built-in tools, discovered MCP servers, hooks,
-skills, plugins, agents, and slash commands are not exposed to KTX agent loops.
+memory capture. Claude Code built-in tools, discovered MCP servers, plugins,
+skills, agents, and slash commands are not invokable by KTX agent loops unless
+they are exact KTX MCP tools for the current run.

 ## Query history

--- a/docs-site/content/docs/guides/llm-configuration.mdx
+++ b/docs-site/content/docs/guides/llm-configuration.mdx
@ -37,8 +37,11 @@ llm:
 ```

 `claude-code` keeps KTX tool boundaries intact. KTX exposes only the MCP tools
-needed for the current KTX agent loop and disables Claude Code built-in tools,
-filesystem settings, skills, plugins, agents, hooks, and slash commands.
+needed for the current KTX agent loop, disables Claude Code built-in tools,
+keeps plugins empty, and denies every non-KTX tool request through
+`canUseTool`. The Claude Agent SDK may still report host-discovered slash
+commands, skills, and subagent names in init metadata; that metadata is not an
+execution grant for KTX agent loops.

 ## Prompt caching