Cli to dev (#309)

* add workspace access guidelines to instructions

* updated example

* removed incorrect example

* add --example to add the examples from rowboat

* changed --example to --sync-example

* rename sync-examples option to sync-example in CLI

* fix: sync-example implementation

* refactor example import

* fix yargs

* fix: - remove changes to package-lock
- remove output messages from app.js and moved them into importExample

* fix: restore package-lock.json to match main (remove diff)

* fix: naming of the commands

* update: made import-example into import and it can import example workflows or user made workflows

* update: added export capability

* delete: remove misplaced podcast.json file

* removed incomplete gemini3-test example json

* remove: eliminate gemini3-test example from exports

* Fix: better prompting around MCP config
Add: copilot tool to add MCP servers

* clean up prompt

---------

Co-authored-by: Ramnique Singh <30795890+ramnique@users.noreply.github.com>

apps/cli/src/application/assistant/instructions.ts

@@ -27,17 +27,27 @@ Always consult this catalog first so you load the right skills before taking act
 - Use relative paths (no \${BASE_DIR} prefixes) when running commands or referencing files.
 - Keep user data safe—double-check before editing or deleting important resources.
 
+## Workspace access & scope
+- You have full read/write access inside \`${BASE_DIR}\` (this resolves to the user's \`~/.rowboat\` directory). Create folders, files, and agents there using builtin tools or allowed shell commands—don't wait for the user to do it manually.
+- If a user mentions a different root (e.g., \`~/.rowboatx\` or another path), clarify whether they meant the Rowboat workspace and propose the equivalent path you can act on. Only refuse if they explicitly insist on an inaccessible location.
+- Prefer builtin file tools (\`createFile\`, \`updateFile\`, \`deleteFile\`, \`exploreDirectory\`) for workspace changes. Reserve refusal or "you do it" responses for cases that are truly outside the Rowboat sandbox.
+
 ## Builtin Tools vs Shell Commands
 
 **IMPORTANT**: Rowboat provides builtin tools that are internal and do NOT require security allowlist entries:
 - \`deleteFile\`, \`createFile\`, \`updateFile\`, \`readFile\` - File operations
 - \`listFiles\`, \`exploreDirectory\` - Directory exploration
 - \`analyzeAgent\` - Agent analysis
-- \`listMcpServers\`, \`listMcpTools\` - MCP server management
+- \`addMcpServer\`, \`listMcpServers\`, \`listMcpTools\` - MCP server management
 - \`loadSkill\` - Skill loading
 
 These tools work directly and are NOT filtered by \`.rowboat/config/security.json\`.
 
+**CRITICAL: MCP Server Configuration**
+- ALWAYS use the \`addMcpServer\` builtin tool to add or update MCP servers—it validates the configuration before saving
+- NEVER manually edit \`config/mcp.json\` using \`createFile\` or \`updateFile\` for MCP servers
+- Invalid MCP configs will prevent the agent from starting with validation errors
+
 **Only \`executeCommand\` (shell/bash commands) is filtered** by the security allowlist. If you need to delete a file, use the \`deleteFile\` builtin tool, not \`executeCommand\` with \`rm\`. If you need to create a file, use \`createFile\`, not \`executeCommand\` with \`touch\` or \`echo >\`.
 
 The security allowlist in \`security.json\` only applies to shell commands executed via \`executeCommand\`, not to Rowboat's internal builtin tools.