CC 2.1.128/129 Group E — OTEL/MCP/SDK new-perm + new-event

Six effective doc additions covering OTEL subprocess isolation, MCP reconnect summarization, SDK-host Bash auth persistence, channels for console auth, gateway model-discovery opt-in, and the MCP-aware claude_code.pull_request.count metric. All doc-only — no plugin or runtime behavior changes.

Issues closed 9 → 6 effective sections

Issue(s)	Feature	CC	Category	Skills touched
#1636 + #1655	otel_env_no_inherit_subprocess dupe pair	2.1.128	breaking	configure, monitoring-observability, telemetry-inspect
#1638	mcp_reconnect_tool_summary	2.1.128	breaking	configure, mcp-patterns
#1642 + #1661	sdk_localsettings_bash_perm_hint dupe pair	2.1.128	new_perm	configure, security-patterns
#1659 + #1660	channels_console_auth + channels_enabled_managed_setting companion pair	2.1.128	new_command + new_perm	configure
#1643	gateway_model_discovery_opt_in	2.1.129	breaking	configure, llm-integration
#1668	pr_count_metric_includes_mcp	2.1.129	new_event	configure, monitoring-observability, telemetry-inspect

What changes

1. OTEL subprocess env isolation breaking

BEFORE 2.1.128

# Shell
export OTEL_EXPORTER_OTLP_ENDPOINT=http://otel:4318
claude

# Inside session, Bash tool runs:
python -m my_app
  ↑ inherits OTEL_*, spans land in
    CLI's collector under
    service.name=claude-code (wrong)

AFTER 2.1.128

# Shell — same setup
export OTEL_EXPORTER_OTLP_ENDPOINT=http://otel:4318
claude

# Inside session, Bash tool runs:
python -m my_app
  ↑ OTEL_* stripped, no spans emitted
    unless explicitly set per-invocation:

OTEL_EXPORTER_OTLP_ENDPOINT=http://otel:4318 \
OTEL_SERVICE_NAME=my-app \
  python -m my_app

Affected children: Bash, hooks, MCP servers (stdio + Streamable HTTP), LSP. For MCP, set OTEL env in .mcp.json's env block instead of relying on shell inheritance.

2. MCP reconnect tool summarization breaking

BEFORE 2.1.128

mcp__github__create_issue re-registered
mcp__github__create_pull_request re-registered
mcp__github__list_repositories re-registered
... (37 lines per reconnect)

AFTER 2.1.128

mcp__github__* (37 tools re-registered)

# Audit-log diff: use initial connect
# event as source of truth; reconnect
# summaries are deltas only.

3. SDK host "Always allow" persistence new_perm

# SDK host Bash permission prompt → user picks "Always allow"
# CC 2.1.128 writes to .claude/settings.local.json (per-user, gitignored)
{
  "permissions": {
    "allow": ["Bash(npm run lint)"]
  }
}
# .claude/settings.json stays unchanged. Audit your SDK consumers'
# .gitignore — committing settings.local.json leaks per-dev grants.

4. `--channels` with console auth new_perm

# Console (API key) auth orgs with managed settings:
# /etc/claude-code/managed-settings.json
{
  "channelsEnabled": true
}
# Without this, --channels no-ops with "channels disabled by managed policy"

5. Gateway `/v1/models` discovery breaking

# 2.1.126–2.1.128: automatic
# 2.1.129+: opt-in
export CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY=1
claude  # custom gateway models now visible in /model picker

6. `claude_code.pull_request.count` includes MCP new_event

# Before 2.1.129: counted only Bash-tool PRs (gh pr create, glab mr create)
# After 2.1.129: also counts MCP-filed PRs (mcp__github__create_pull_request, …)
# Dashboards see step-function increase at cutover. Annotate, don't alert.

Files changed doc-only

Path	Change
src/skills/configure/references/cc-version-settings.md	+6 subsections (4 under 2.1.128, 2 under 2.1.129)
src/skills/monitoring-observability/references/tracing-setup.md	+1 OTEL subprocess isolation section with before/after
src/skills/monitoring-observability/references/metrics-collection.md	+1 section on `claude_code.pull_request.count` MCP coverage
src/skills/telemetry-inspect/SKILL.md	+1 "Upstream OTel metric notes" section
src/skills/mcp-patterns/references/mcp-audit-runbook.md	+1 reconnect summarization section with grep recipes
src/skills/mcp-patterns/SKILL.md	+1 inline note in Debugging section
src/skills/security-patterns/SKILL.md	+1 SDK-host Bash auth persistence note
src/skills/llm-integration/references/model-selection.md	+1 gateway discovery opt-in section
plugins/ork/…	mirrored by `npm run build`

M131 group plan

✅ A · Foundation — 4 doc additions (PR #1672 merged)
✅ B · MCP hygiene — 5 features + manifest restructure (PR #1674 merged)
✅ D · Config / permission — introduced parent CC 2.1.128/129 headers (PR #1686 merged)
⏳ C · OAuth/scope/perm — runs in parallel with E
E · OTEL / MCP / SDK (this PR) — 9 issues / 6 effective sections — all hang under D's parent headers

Verification

npm run build — plugins/ regenerated, no count drift
npm run test:skills
npm run test:agents
npm run test:manifests
npm run test:security
npm run typecheck

CC 2.1.128/129 Adoption — Group E: OTEL / MCP / SDK

Issues closed 9 → 6 effective sections

What changes

1. OTEL subprocess env isolation breaking

BEFORE 2.1.128

AFTER 2.1.128

2. MCP reconnect tool summarization breaking

BEFORE 2.1.128

AFTER 2.1.128

3. SDK host "Always allow" persistence new_perm

4. --channels with console auth new_perm

5. Gateway /v1/models discovery breaking

6. claude_code.pull_request.count includes MCP new_event

Files changed doc-only

M131 group plan

Verification

4. `--channels` with console auth new_perm

5. Gateway `/v1/models` discovery breaking

6. `claude_code.pull_request.count` includes MCP new_event