A few weeks ago, onboarding a new user to Codens looked like this. They opened .claude/settings.json and pasted five MCP server entries, one for each of our product surfaces. Then they ran five separate login commands. Five OAuth callbacks, five JWTs scattered across config files, five chances to typo a URL. The first time I walked someone through it on a call, they very politely said "this is a lot." They were right. We shipped codens-mcp to fix it. One PyPI package, one MCP entry, one login. Thirty-one tools across Purple (the orchestrator), Red (auto-fix), Blue (E2E QA), Green (PRD), and Auth (shared SSO and billing). And because half our users live on remote dev boxes where browser-based OAuth is a pain, we added a Device Code Flow login that works over SSH, in containers, and inside GitHub Codespaces. This post is about the design choices, including the ones I'm still slightly unsure about.…