npm - @clawnet/template-minimal - Versions diffs - 0.0.1 - Mend

@clawnet/template-minimal 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/.agents/skills/claude-agent-sdk/.claude-plugin/plugin.json +13 -0
package/.agents/skills/claude-agent-sdk/SKILL.md +954 -0
package/.agents/skills/claude-agent-sdk/references/mcp-servers-guide.md +387 -0
package/.agents/skills/claude-agent-sdk/references/permissions-guide.md +429 -0
package/.agents/skills/claude-agent-sdk/references/query-api-reference.md +437 -0
package/.agents/skills/claude-agent-sdk/references/session-management.md +419 -0
package/.agents/skills/claude-agent-sdk/references/subagents-patterns.md +464 -0
package/.agents/skills/claude-agent-sdk/references/top-errors.md +503 -0
package/.agents/skills/claude-agent-sdk/rules/claude-agent-sdk.md +96 -0
package/.agents/skills/claude-agent-sdk/scripts/check-versions.sh +55 -0
package/.agents/skills/claude-agent-sdk/templates/basic-query.ts +55 -0
package/.agents/skills/claude-agent-sdk/templates/custom-mcp-server.ts +161 -0
package/.agents/skills/claude-agent-sdk/templates/error-handling.ts +283 -0
package/.agents/skills/claude-agent-sdk/templates/filesystem-settings.ts +211 -0
package/.agents/skills/claude-agent-sdk/templates/multi-agent-workflow.ts +318 -0
package/.agents/skills/claude-agent-sdk/templates/package.json +30 -0
package/.agents/skills/claude-agent-sdk/templates/permission-control.ts +211 -0
package/.agents/skills/claude-agent-sdk/templates/query-with-tools.ts +54 -0
package/.agents/skills/claude-agent-sdk/templates/session-management.ts +151 -0
package/.agents/skills/claude-agent-sdk/templates/subagents-orchestration.ts +166 -0
package/.agents/skills/claude-agent-sdk/templates/tsconfig.json +22 -0
package/.claude/settings.local.json +70 -0
package/.claude/skills/moltbook-example/SKILL.md +79 -0
package/.claude/skills/post/SKILL.md +130 -0
package/.env.example +4 -0
package/.vercel/README.txt +11 -0
package/.vercel/project.json +1 -0
package/AGENTS.md +114 -0
package/CLAUDE.md +532 -0
package/README.md +44 -0
package/api/index.ts +3 -0
package/biome.json +14 -0
package/clark_avatar.jpeg +0 -0
package/package.json +21 -0
package/scripts/wake.ts +38 -0
package/skills/clawbook/HEARTBEAT.md +142 -0
package/skills/clawbook/SKILL.md +219 -0
package/skills/moltbook-example/SKILL.md +79 -0
package/skills/moltbook-example/bot/index.ts +61 -0
package/src/agent/prompts.ts +98 -0
package/src/agent/runner.ts +526 -0
package/src/agent/tool-definitions.ts +1151 -0
package/src/agent-options.ts +14 -0
package/src/bot-identity.ts +41 -0
package/src/constants.ts +15 -0
package/src/handlers/heartbeat.ts +21 -0
package/src/handlers/openai-compat.ts +95 -0
package/src/handlers/post.ts +21 -0
package/src/identity.ts +83 -0
package/src/index.ts +30 -0
package/src/middleware/cron-auth.ts +53 -0
package/src/middleware/sigma-auth.ts +147 -0
package/src/runs.ts +49 -0
package/tests/agent/prompts.test.ts +172 -0
package/tests/agent/runner.test.ts +353 -0
package/tests/agent/tool-definitions.test.ts +171 -0
package/tests/constants.test.ts +24 -0
package/tests/handlers/openai-compat.test.ts +128 -0
package/tests/handlers.test.ts +133 -0
package/tests/identity.test.ts +66 -0
package/tests/index.test.ts +108 -0
package/tests/middleware/cron-auth.test.ts +99 -0
package/tests/middleware/sigma-auth.test.ts +198 -0
package/tests/runs.test.ts +56 -0
package/tests/skill.test.ts +71 -0
package/tsconfig.json +14 -0
package/vercel.json +9 -0

package/.agents/skills/claude-agent-sdk/references/permissions-guide.md ADDED Viewed

@@ -0,0 +1,429 @@
+# Permissions Guide
+Complete guide to permission control in Claude Agent SDK.
+---
+## Permission Modes
+### Overview
+Three built-in modes:
+| Mode | Behavior | Use Case |
+|------|----------|----------|
+| `default` | Standard checks | General use, production |
+| `acceptEdits` | Auto-approve file edits | Trusted refactoring |
+| `bypassPermissions` | Skip ALL checks | CI/CD, sandboxed envs |
+---
+## Default Mode
+Standard permission checks.
+```typescript
+options: {
+  permissionMode: "default"
+}
+```
+**Prompts user for**:
+- File writes/edits
+- Potentially dangerous bash commands
+- Sensitive operations
+**Auto-allows**:
+- Read operations (Read, Grep, Glob)
+- Safe bash commands
+---
+## Accept Edits Mode
+Automatically approves file modifications.
+```typescript
+options: {
+  permissionMode: "acceptEdits"
+}
+```
+**Auto-approves**:
+- File edits (Edit)
+- File writes (Write)
+**Still prompts for**:
+- Dangerous bash commands
+- Sensitive operations
+**Use when**: Refactoring, code generation workflows
+---
+## Bypass Permissions Mode
+⚠️ **DANGER**: Skips ALL permission checks.
+```typescript
+options: {
+  permissionMode: "bypassPermissions"
+}
+```
+**Auto-approves EVERYTHING**:
+- All file operations
+- All bash commands
+- All tools
+**ONLY use in**:
+- CI/CD pipelines
+- Sandboxed containers
+- Docker environments
+- Trusted, isolated contexts
+**NEVER use in**:
+- Production systems
+- User-facing environments
+- Untrusted inputs
+---
+## Custom Permission Logic
+### canUseTool Callback
+```typescript
+type CanUseTool = (
+  toolName: string,
+  input: any
+) => Promise<PermissionDecision>;
+type PermissionDecision =
+  | { behavior: "allow" }
+  | { behavior: "deny"; message?: string }
+  | { behavior: "ask"; message?: string };
+```
+### Basic Example
+```typescript
+options: {
+  canUseTool: async (toolName, input) => {
+    // Allow read-only
+    if (['Read', 'Grep', 'Glob'].includes(toolName)) {
+      return { behavior: "allow" };
+    }
+    // Deny dangerous bash
+    if (toolName === 'Bash' && input.command.includes('rm -rf')) {
+      return {
+        behavior: "deny",
+        message: "Destructive command blocked"
+      };
+    }
+    // Ask for confirmation
+    if (toolName === 'Write') {
+      return {
+        behavior: "ask",
+        message: `Create ${input.file_path}?`
+      };
+    }
+    return { behavior: "allow" };
+  }
+}
+```
+---
+## Common Patterns
+### Pattern 1: Block Destructive Commands
+```typescript
+canUseTool: async (toolName, input) => {
+  if (toolName === 'Bash') {
+    const dangerous = [
+      'rm -rf',
+      'dd if=',
+      'mkfs',
+      '> /dev/',
+      'shutdown',
+      'reboot',
+      'kill -9',
+      'pkill'
+    ];
+    for (const pattern of dangerous) {
+      if (input.command.includes(pattern)) {
+        return {
+          behavior: "deny",
+          message: `Blocked dangerous command: ${pattern}`
+        };
+      }
+    }
+  }
+  return { behavior: "allow" };
+}
+```
+### Pattern 2: Protect Sensitive Files
+```typescript
+canUseTool: async (toolName, input) => {
+  if (toolName === 'Write' || toolName === 'Edit') {
+    const sensitivePaths = [
+      '/etc/',
+      '/root/',
+      '.env',
+      'credentials',
+      'secrets',
+      'config/production',
+      '.ssh/',
+      'private_key'
+    ];
+    for (const path of sensitivePaths) {
+      if (input.file_path?.includes(path)) {
+        return {
+          behavior: "ask",
+          message: `⚠️  Modify sensitive file: ${input.file_path}?`
+        };
+      }
+    }
+  }
+  return { behavior: "allow" };
+}
+```
+### Pattern 3: Environment-Based Permissions
+```typescript
+const environment = process.env.NODE_ENV; // 'development' | 'staging' | 'production'
+canUseTool: async (toolName, input) => {
+  // Production: require approval for everything
+  if (environment === 'production') {
+    if (toolName === 'Bash' || toolName === 'Write' || toolName === 'Edit') {
+      return {
+        behavior: "ask",
+        message: `PRODUCTION: Approve ${toolName}?`
+      };
+    }
+  }
+  // Staging: auto-approve edits
+  if (environment === 'staging') {
+    if (toolName === 'Write' || toolName === 'Edit') {
+      return { behavior: "allow" };
+    }
+  }
+  // Development: allow most things
+  if (environment === 'development') {
+    return { behavior: "allow" };
+  }
+  return { behavior: "allow" };
+}
+```
+### Pattern 4: Deployment Confirmation
+```typescript
+canUseTool: async (toolName, input) => {
+  if (toolName === 'Bash') {
+    const deploymentPatterns = [
+      'deploy',
+      'kubectl apply',
+      'terraform apply',
+      'helm install',
+      'docker push',
+      'npm publish'
+    ];
+    for (const pattern of deploymentPatterns) {
+      if (input.command.includes(pattern)) {
+        return {
+          behavior: "ask",
+          message: `🚀 DEPLOYMENT: ${input.command}\n\nProceed?`
+        };
+      }
+    }
+  }
+  return { behavior: "allow" };
+}
+```
+### Pattern 5: Audit Logging
+```typescript
+const auditLog: Array<{
+  tool: string;
+  input: any;
+  decision: string;
+  timestamp: Date;
+}> = [];
+canUseTool: async (toolName, input) => {
+  // Log everything
+  console.log(`[${new Date().toISOString()}] ${toolName}`);
+  const decision = { behavior: "allow" as const };
+  // Store audit log
+  auditLog.push({
+    tool: toolName,
+    input,
+    decision: decision.behavior,
+    timestamp: new Date()
+  });
+  // Could also send to external service
+  // await logToDatadog(toolName, input, decision);
+  return decision;
+}
+```
+---
+## Combining Modes with Custom Logic
+```typescript
+options: {
+  permissionMode: "acceptEdits",  // Auto-approve file edits
+  canUseTool: async (toolName, input) => {
+    // But still block dangerous bash
+    if (toolName === 'Bash' && input.command.includes('rm -rf')) {
+      return { behavior: "deny", message: "Blocked" };
+    }
+    // Custom logic runs AFTER permission mode
+    return { behavior: "allow" };
+  }
+}
+```
+---
+## Security Best Practices
+### ✅ Do
+- Start with `"default"` mode
+- Use `canUseTool` for fine-grained control
+- Block known dangerous patterns
+- Require confirmation for sensitive ops
+- Log all tool usage for auditing
+- Test permission logic thoroughly
+- Use environment-based rules
+- Implement rate limiting if needed
+### ❌ Don't
+- Use `"bypassPermissions"` in production
+- Skip permission checks for "trusted" inputs
+- Allow arbitrary bash without filtering
+- Trust file paths without validation
+- Ignore audit logging
+- Assume AI won't make mistakes
+- Give blanket approvals
+---
+## Testing Permissions
+```typescript
+async function testPermissions() {
+  const tests = [
+    { tool: "Read", input: { file_path: "/etc/passwd" }, expectAllow: true },
+    { tool: "Bash", input: { command: "rm -rf /" }, expectDeny: true },
+    { tool: "Write", input: { file_path: ".env" }, expectAsk: true }
+  ];
+  for (const test of tests) {
+    const decision = await canUseTool(test.tool, test.input);
+    if (test.expectAllow && decision.behavior !== 'allow') {
+      console.error(`FAIL: Expected allow for ${test.tool}`);
+    }
+    if (test.expectDeny && decision.behavior !== 'deny') {
+      console.error(`FAIL: Expected deny for ${test.tool}`);
+    }
+    if (test.expectAsk && decision.behavior !== 'ask') {
+      console.error(`FAIL: Expected ask for ${test.tool}`);
+    }
+  }
+}
+```
+---
+## Common Scenarios
+### Allow Read-Only
+```typescript
+canUseTool: async (toolName, input) => {
+  if (['Read', 'Grep', 'Glob'].includes(toolName)) {
+    return { behavior: "allow" };
+  }
+  return {
+    behavior: "deny",
+    message: "Read-only mode"
+  };
+}
+```
+### Require Approval for All
+```typescript
+canUseTool: async (toolName, input) => {
+  return {
+    behavior: "ask",
+    message: `Approve ${toolName}?`
+  };
+}
+```
+### Block Bash Entirely
+```typescript
+canUseTool: async (toolName, input) => {
+  if (toolName === 'Bash') {
+    return {
+      behavior: "deny",
+      message: "Bash execution disabled"
+    };
+  }
+  return { behavior: "allow" };
+}
+```
+---
+## Error Handling
+Handle permission errors gracefully:
+```typescript
+for await (const message of response) {
+  if (message.type === 'error') {
+    if (message.error.type === 'permission_denied') {
+      console.log('Permission denied for:', message.error.tool);
+      // Continue with fallback or skip
+    }
+  }
+}
+```
+---
+**For more details**: See SKILL.md
+**Template**: templates/permission-control.ts