Documentation Index
Fetch the complete documentation index at: https://docs.codezero.io/llms.txt
Use this file to discover all available pages before exploring further.
Manage integrations independently of the base setup. Enable wires an integration to use cordon (running base setup if needed); disable removes only integration-specific settings.
cordon integration enable
Enable an integration. Runs the base setup if needed, then configures that integration’s proxy settings.
cordon integration enable <claude-code|codex|hermes> [OPTIONS]
cordon integration enable codex --scope user.
| Argument / Option | Description |
|---|
<integration> | claude-code, codex, or hermes |
--scope | Configuration scope (see defaults below; Hermes supports user scope only) |
--config, -c | Path to cordon.toml (default: ./cordon.toml) |
--yes | Skip confirmation prompts |
--trust | Add CA to system trust store |
--no-trust | Skip trust store prompt |
--regenerate-ca | Regenerate the CA certificate |
--service | Install cordon as a background service |
--no-service | Skip the service install prompt |
Default scopes
Each integration has a default scope that matches its typical usage pattern:
| Integration | Default scope |
|---|
claude-code | project |
codex | project |
hermes | user |
--scope:
# Use user scope for claude-code instead of the default project scope
cordon integration enable claude-code --scope user
cordon integration enable hermes --scope project is rejected.
Examples
# Enable Claude Code integration (project scope)
cordon integration enable claude-code
# Enable Codex integration with trust and service install
cordon integration enable codex --trust --service
# Enable Hermes integration (defaults to user scope)
cordon integration enable hermes
cordon integration disable
Disable an integration. Removes only the settings that the integration wrote — keeps the CA files and cordon.toml so you can re-enable without rotating certificates.
cordon integration disable <claude-code|codex|hermes> [OPTIONS]
cordon integration disable claude-code --yes.
| Argument / Option | Description |
|---|
<integration> | claude-code, codex, or hermes |
--scope | Configuration scope (same defaults as enable; Hermes supports user scope only) |
--config, -c | Path to cordon.toml |
--yes | Skip confirmation prompts |
--trust | Also remove the CA from the system trust store |
Examples
# Disable Claude Code integration
cordon integration disable claude-code
# Disable and remove CA from trust store
cordon integration disable codex --trust
# Disable Hermes integration (defaults to user scope)
cordon integration disable hermes
# Skip confirmation
cordon integration disable claude-code --yes
Disabling an integration is safe — it only removes integration-specific wiring. The CA certificate, key, and cordon.toml are retained so you can re-enable with cordon integration enable without regenerating anything.
What each command touches
| Command | Creates / modifies | Removes |
|---|
cordon setup | CA cert + key, cordon.toml | — |
cordon setup claude-code | CA cert + key, cordon.toml, Claude Code settings.json env vars | — |
cordon integration enable claude-code | Same as cordon setup claude-code | — |
cordon integration disable claude-code | — | Claude Code settings.json env vars |
cordon integration disable claude-code --trust | — | Claude Code settings.json env vars + CA from system trust store |
cordon setup codex | CA cert + key, cordon.toml, Codex .env and config.toml (project .codex/ by default, $CODEX_HOME/~/.codex for user scope) | — |
cordon integration enable codex | Same as cordon setup codex | — |
cordon integration disable codex | — | Codex .env env vars |
cordon setup hermes | CA cert + key, cordon.toml, combined CA bundle, Hermes ~/.hermes/.env env vars | — |
cordon integration enable hermes | Same as cordon setup hermes | — |
cordon integration disable hermes | — | Hermes .env env vars + combined CA bundle |
cordon trust | Adds CA to system trust store | — |
cordon untrust | — | CA from system trust store |
cordon service uninstall NAME | — | launchd plist / systemd unit |
cordon setup --regenerate-ca | Replaces existing CA cert + key | Old cert + key |
If you run --regenerate-ca and the old CA was already trusted, rerun cordon trust after setup. Regeneration replaces the certificate files, but it does not automatically update the system trust store to trust the new CA.
