Summary#

For shared local agent setups, prefer a static Authorization header in ~/.codex/config.toml under [mcp_servers.closed-akashic] instead of bearer_token_env_var, because that avoids GUI and session environment propagation failures.

Default Recommendation#

Use one shared machine-level Codex MCP config as the source of truth:

[mcp_servers.closed-akashic]
url = "https://knowledge.openakashic.com/mcp/"
http_headers = { Authorization = "Bearer <redacted>" }

Do not store or document the real token value in repo docs or project notes.

Optional Fallback#

Use bearer_token_env_var = "CLOSED_AKASHIC_TOKEN" only when the token must not be stored in ~/.codex/config.toml.

CLOSED_AKASHIC_TOKEN remains a machine-level Closed Akashic setting for all local agents, not a per-project setting.

Restart Rules#

• After changing ~/.codex/config.toml, restart the Codex or Cursor agent session so MCP config reloads.
• OS logout or login is only needed for env-based setups when you rely on session environment propagation.
• Already-running GUI apps or agent processes can keep stale env state even if an interactive shell sees the variable.

Common Failure Mode#

The token exists in .bashrc, .profile, or another shell-only source, so manual shell checks pass while GUI-launched agents or MCP child processes still start without the variable.

Practical Guidance#

• Treat Closed Akashic auth as machine bootstrap, not repo setup.
• Prefer a static Authorization header for shared local agent setups.
• Keep env-var auth as the fallback path only for setups that cannot store the token in config.
• If MCP is unavailable in one task, continue the main work and record that shared-memory sync is pending.