Documentation Index
Fetch the complete documentation index at: https://docs.codezero.io/llms.txt
Use this file to discover all available pages before exploring further.
Manage integrations independently of the base setup. Enable wires an integration to use cordon (running base setup if needed); disable removes only integration-specific settings.
cordon integration enable
Enable an integration. Runs the base setup if needed, then configures that integration’s proxy settings.
cordon integration enable <claude-code|codex|hermes|openclaw> [OPTIONS]
cordon integration enable codex --scope user.
| Argument / Option | Description |
|---|
<integration> | claude-code, codex, hermes, or openclaw |
--scope | Configuration scope for Claude Code and Codex: project (default) or user. Hermes and OpenClaw do not expose --scope. |
--config, -c | Path to cordon.toml (defaults to the selected integration’s config path) |
--yes | Skip confirmation prompts |
--trust | Add CA to system trust store |
--no-trust | Skip trust store prompt |
--regenerate-ca | Regenerate the CA certificate |
--service | Install cordon as a background service |
--no-service | Skip the service install prompt |
Default config targets
Each integration has a default config target that matches its typical usage pattern:
| Integration | Default config target |
|---|
claude-code | Project scope: ./cordon.toml |
codex | Project scope: ./cordon.toml |
hermes | Project-style config: ~/.hermes/cordon.toml |
openclaw | Project-style config: ~/.openclaw/cordon.toml |
--scope:
# Use user scope for claude-code instead of the default project scope
cordon integration enable claude-code --scope user
--scope; use --config if you need to override the default cordon config path for either integration. The user-scope config (~/.config/cordon/cordon.toml) is rejected for Hermes/OpenClaw setup and enable.
Examples
# Enable Claude Code integration (project scope)
cordon integration enable claude-code
# Enable Codex integration with trust and service install
cordon integration enable codex --trust --service
# Enable Hermes integration (uses ~/.hermes/cordon.toml)
cordon integration enable hermes
# Enable OpenClaw integration (uses ~/.openclaw/cordon.toml)
cordon integration enable openclaw
cordon integration disable
Disable an integration. Removes only the settings that the integration wrote — keeps the CA files and cordon.toml so you can re-enable without rotating certificates.
cordon integration disable <claude-code|codex|hermes|openclaw> [OPTIONS]
cordon integration disable claude-code --yes.
| Argument / Option | Description |
|---|
<integration> | claude-code, codex, hermes, or openclaw |
--scope | Configuration scope for Claude Code and Codex only |
--config, -c | Path to cordon.toml |
--yes | Skip confirmation prompts |
--trust | Also remove the CA from the system trust store |
Examples
# Disable Claude Code integration
cordon integration disable claude-code
# Disable and remove CA from trust store
cordon integration disable codex --trust
# Disable Hermes integration (uses ~/.hermes/cordon.toml, or legacy user config if applicable)
cordon integration disable hermes
# Disable OpenClaw integration (uses ~/.openclaw/cordon.toml, or legacy user config if applicable)
cordon integration disable openclaw
# Skip confirmation
cordon integration disable claude-code --yes
Disabling an integration is safe — it only removes integration-specific wiring. The CA certificate, key, and cordon.toml are retained so you can re-enable with cordon integration enable without regenerating anything.
What each command touches
| Command | Creates / modifies | Removes |
|---|
cordon setup | CA cert + key, cordon.toml | — |
cordon setup claude-code | CA cert + key, cordon.toml, Claude Code settings.json env vars | — |
cordon integration enable claude-code | Same as cordon setup claude-code | — |
cordon integration disable claude-code | — | Claude Code settings.json env vars |
cordon integration disable claude-code --trust | — | Claude Code settings.json env vars + CA from system trust store |
cordon setup codex | CA cert + key, cordon.toml, Codex .env and config.toml (project .codex/ by default, $CODEX_HOME/~/.codex for user scope) | — |
cordon integration enable codex | Same as cordon setup codex | — |
cordon integration disable codex | — | Codex .env env vars |
cordon setup hermes | CA cert + key, ~/.hermes/cordon.toml, combined CA bundle, Hermes ~/.hermes/.env env vars | — |
cordon integration enable hermes | Same as cordon setup hermes | — |
cordon integration disable hermes | — | Hermes .env env vars + combined CA bundle |
cordon setup openclaw | CA cert + key, ~/.openclaw/cordon.toml, OpenClaw ~/.openclaw/openclaw.json proxy settings, daemon service env, agent skill | — |
cordon integration enable openclaw | Same as cordon setup openclaw | — |
cordon integration disable openclaw | — | OpenClaw proxy settings, daemon service env, combined CA bundle, agent skill |
cordon trust | Adds CA to system trust store | — |
cordon untrust | — | CA from system trust store |
cordon service uninstall NAME | — | launchd plist / systemd unit |
cordon setup --regenerate-ca | Replaces existing CA cert + key | Old cert + key |
If you run --regenerate-ca and the old CA was already trusted, rerun cordon trust after setup. Regeneration replaces the certificate files, but it does not automatically update the system trust store to trust the new CA.
