@codyswann/lisa 2.178.0 → 2.178.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/package.json +1 -1
  2. package/plugins/lisa/.claude-plugin/plugin.json +1 -1
  3. package/plugins/lisa/.codex-plugin/plugin.json +1 -1
  4. package/plugins/lisa/rules/reference/integration-access-layer.md +1 -1
  5. package/plugins/lisa/skills/analyze-claude-remote/SKILL.md +89 -11
  6. package/plugins/lisa/skills/generate-claude-remote-build-script/SKILL.md +41 -7
  7. package/plugins/lisa/skills/jam-access/SKILL.md +12 -11
  8. package/plugins/lisa-agy/plugin.json +1 -1
  9. package/plugins/lisa-agy/skills/analyze-claude-remote/SKILL.md +89 -11
  10. package/plugins/lisa-agy/skills/generate-claude-remote-build-script/SKILL.md +41 -7
  11. package/plugins/lisa-agy/skills/jam-access/SKILL.md +12 -11
  12. package/plugins/lisa-cdk/.claude-plugin/plugin.json +1 -1
  13. package/plugins/lisa-cdk/.codex-plugin/plugin.json +1 -1
  14. package/plugins/lisa-cdk-agy/plugin.json +1 -1
  15. package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json +1 -1
  16. package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json +1 -1
  17. package/plugins/lisa-copilot/.claude-plugin/plugin.json +1 -1
  18. package/plugins/lisa-copilot/rules/reference/integration-access-layer.md +1 -1
  19. package/plugins/lisa-copilot/skills/analyze-claude-remote/SKILL.md +89 -11
  20. package/plugins/lisa-copilot/skills/generate-claude-remote-build-script/SKILL.md +41 -7
  21. package/plugins/lisa-copilot/skills/jam-access/SKILL.md +12 -11
  22. package/plugins/lisa-cursor/.claude-plugin/plugin.json +1 -1
  23. package/plugins/lisa-cursor/rules/integration-access-layer-reference.mdc +1 -1
  24. package/plugins/lisa-cursor/skills/analyze-claude-remote/SKILL.md +89 -11
  25. package/plugins/lisa-cursor/skills/generate-claude-remote-build-script/SKILL.md +41 -7
  26. package/plugins/lisa-cursor/skills/jam-access/SKILL.md +12 -11
  27. package/plugins/lisa-expo/.claude-plugin/plugin.json +1 -1
  28. package/plugins/lisa-expo/.codex-plugin/plugin.json +1 -1
  29. package/plugins/lisa-expo-agy/plugin.json +1 -1
  30. package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json +1 -1
  31. package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json +1 -1
  32. package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json +1 -1
  33. package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json +1 -1
  34. package/plugins/lisa-harper-fabric-agy/plugin.json +1 -1
  35. package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json +1 -1
  36. package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json +1 -1
  37. package/plugins/lisa-nestjs/.claude-plugin/plugin.json +1 -1
  38. package/plugins/lisa-nestjs/.codex-plugin/plugin.json +1 -1
  39. package/plugins/lisa-nestjs-agy/plugin.json +1 -1
  40. package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json +1 -1
  41. package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json +1 -1
  42. package/plugins/lisa-openclaw/.claude-plugin/plugin.json +1 -1
  43. package/plugins/lisa-openclaw/.codex-plugin/plugin.json +1 -1
  44. package/plugins/lisa-openclaw-agy/plugin.json +1 -1
  45. package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json +1 -1
  46. package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json +1 -1
  47. package/plugins/lisa-phaser/.claude-plugin/plugin.json +1 -1
  48. package/plugins/lisa-phaser/.codex-plugin/plugin.json +1 -1
  49. package/plugins/lisa-phaser-agy/plugin.json +1 -1
  50. package/plugins/lisa-phaser-copilot/.claude-plugin/plugin.json +1 -1
  51. package/plugins/lisa-phaser-cursor/.claude-plugin/plugin.json +1 -1
  52. package/plugins/lisa-rails/.claude-plugin/plugin.json +1 -1
  53. package/plugins/lisa-rails/.codex-plugin/plugin.json +1 -1
  54. package/plugins/lisa-rails-agy/plugin.json +1 -1
  55. package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json +1 -1
  56. package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json +1 -1
  57. package/plugins/lisa-typescript/.claude-plugin/plugin.json +1 -1
  58. package/plugins/lisa-typescript/.codex-plugin/plugin.json +1 -1
  59. package/plugins/lisa-typescript-agy/plugin.json +1 -1
  60. package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json +1 -1
  61. package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json +1 -1
  62. package/plugins/lisa-wiki/.claude-plugin/plugin.json +1 -1
  63. package/plugins/lisa-wiki/.codex-plugin/plugin.json +1 -1
  64. package/plugins/lisa-wiki-agy/plugin.json +1 -1
  65. package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json +1 -1
  66. package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json +1 -1
  67. package/plugins/src/base/rules/reference/integration-access-layer.md +1 -1
  68. package/plugins/src/base/skills/analyze-claude-remote/SKILL.md +89 -11
  69. package/plugins/src/base/skills/generate-claude-remote-build-script/SKILL.md +41 -7
  70. package/plugins/src/base/skills/jam-access/SKILL.md +12 -11
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.178.0",
3
+ "version": "2.178.2",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.178.0",
3
+ "version": "2.178.2",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa-cdk",
3
- "version": "2.178.0",
3
+ "version": "2.178.2",
4
4
  "description": "AWS CDK-specific plugin",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.178.0",
3
+ "version": "2.178.2",
4
4
  "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -22,7 +22,7 @@ available.
22
22
  | Atlassian | `lisa:atlassian-access` | `ATLASSIAN_API_TOKEN` | Atlassian Cloud REST |
23
23
  | Notion | `lisa:notion-access` | `NOTION_API_TOKEN` | Notion REST |
24
24
  | Linear | `lisa:linear-access` | `LINEAR_API_KEY` | Linear GraphQL |
25
- | Jam | `lisa:jam-access` | `JAM_PAT` | Jam MCP HTTP endpoint with bearer PAT |
25
+ | Jam | `lisa:jam-access` | `JAM_PAT` | Jam CLI |
26
26
  | SonarCloud | `lisa:sonarcloud-access` | `SONAR_TOKEN` | SonarCloud Web API |
27
27
  | Sentry | `lisa:sentry-access` | `SENTRY_AUTH_TOKEN` | Sentry REST API |
28
28
  | PostHog | `lisa:posthog-access` | `POSTHOG_PERSONAL_API_KEY` | PostHog REST API |
@@ -133,11 +133,35 @@ Group the findings as:
133
133
  `RISK`/`GAP` (need a local process — only viable if the cloud session can spawn them from the
134
134
  repo). Flag interactively/OAuth-authed servers as `GAP` for headless auth — they cannot complete
135
135
  a browser flow headless **regardless of transport** (an HTTP MCP like `linear-server` is still a
136
- `GAP` because its *auth* is OAuth, not because of its transport). When an OAuth MCP backs an
137
- active tracker/source, do not stop at the `GAP` cross-reference group 4a and point to the
138
- integration's token substrate as the headless replacement (e.g. `linear-server` MCP `LINEAR_API_KEY`
139
- + Linear GraphQL). Note any user-scoped MCP (`~/.claude.json`) as `GAP` it never reaches the
140
- cloud; it must be moved into project `.mcp.json`.
136
+ `GAP` because its *auth* is OAuth, not because of its transport). Before finalizing any
137
+ OAuth/interactive/stdio MCP as a flat `GAP`, check for a documented headless substrate: a
138
+ static-token MCP header, a vendor CLI that can login from an env token, or a token-authenticated
139
+ REST API that the MCP wraps. If documented evidence exists, mark the MCP `headlessUsable: true`
140
+ in the inventory, mark the supporting secret `required: false` / `secret: true` unless the
141
+ integration is active, and set `replacedBy` to the concrete substrate rather than leaving it as
142
+ an impossible capability. When an OAuth MCP backs an active tracker/source, do not stop at the
143
+ `GAP` — cross-reference group 4a and point to the integration's token substrate as the headless
144
+ replacement (e.g. `linear-server` MCP -> `LINEAR_API_KEY` + Linear GraphQL). Note any user-scoped
145
+ MCP (`~/.claude.json`) as `GAP` — it never reaches the cloud; it must be moved into project
146
+ `.mcp.json`.
147
+
148
+ Use this data-driven hint table as seed evidence, and extend it only when you can cite a vendor
149
+ doc or committed access-skill reference:
150
+
151
+ | Match | Substrate | Env | Setup / wiring | Domains |
152
+ |---|---|---|---|---|
153
+ | `mcp.jam.dev`, `jam`, or Jam MCP entries | Jam CLI (`jam`) authenticated by PAT | `JAM_PAT` | install with `curl -fsSL https://native.jam.dev/install | bash`; export `~/.local/bin`; run `printf '%s' "$JAM_PAT" | jam auth login --token`; optionally `jam skills install` | `native.jam.dev`, `api.jam.dev` |
154
+ | `mcp/sonarqube`, `sonarqube`, or SonarCloud/SonarQube MCP entries | SonarCloud Web API | `SONAR_TOKEN` | use REST calls against `https://sonarcloud.io/api/`; if a host needs legacy token-as-basic-auth, put that in the access adapter | `sonarcloud.io` |
155
+
156
+ For PAT-bearer MCP substrates that really use the same MCP transport, include `mcpHeaders` in
157
+ the inventory with a snippet such as `headers: { "Authorization": "Bearer ${VAR}" }` so the
158
+ generator can print a commented `.mcp.json` example. Do **not** use that for Jam: Jam's preferred
159
+ headless substrate is the `jam` CLI, so the generator should emit CLI setup lines instead of an
160
+ `.mcp.json` header snippet.
161
+
162
+ When no documented substrate is known, keep the MCP as `headlessUsable: false` / `GAP`, and add
163
+ an action line like: `check the vendor for a documented PAT, API-key, CLI, or REST substrate`.
164
+ Never assert that no substrate exists unless the vendor documentation explicitly says so.
141
165
 
142
166
  6. **Config scope & memory gaps** — identify reliance on user-scoped config that will not load
143
167
  remotely: `~/.claude/CLAUDE.md`, user `enabledPlugins`, user skills/agents, user MCP. Most
@@ -148,9 +172,14 @@ Group the findings as:
148
172
  7. **Platform constraints** — surface the non-config constraints as `GAP`/`RISK` so the user is
149
173
  not surprised: routines run with no interactive permission prompts and cannot ask the user
150
174
  mid-run; interactive auth (SSO/OAuth browser, keychain) is unavailable; GitHub org IP
151
- allowlisting blocks cloud sessions; outbound traffic is proxied and custom domains need
152
- allowlisting; resource limits (~4 vCPU / 16 GB RAM / 30 GB disk); no desktop/computer-use; no
153
- statusline/theme rendering.
175
+ allowlisting blocks cloud sessions; raw GitHub clone/fetch/push operations are handled by
176
+ Claude's connected-GitHub proxy/identity and do not need a separate PAT; the `gh` CLI is not the
177
+ same substrate and still needs `GH_TOKEN`; outbound traffic is controlled by the routine
178
+ environment network tier, where the default Trusted tier includes common development domains and
179
+ package registries but arbitrary integration hosts need Custom or Full access; environment
180
+ variables and setup scripts are stored in the cloud environment configuration and are visible to
181
+ anyone who can edit that environment; resource limits (~4 vCPU / 16 GB RAM / 30 GB disk); no
182
+ desktop/computer-use; no statusline/theme rendering.
154
183
 
155
184
  8. **Host-project app needs** — note any build/test/run command a routine would invoke and any
156
185
  runtime service it depends on (database, queue, external API) that will not exist in a fresh
@@ -168,9 +197,18 @@ unsuffixed `…_TOKEN`/`…_KEY` is the simplest to set in a single-account rout
168
197
 
169
198
  ### GitHub — `tracker: github` and/or `source: github`
170
199
  - Headless substrate: `gh` CLI authed by token (every Lisa GitHub script gates on `gh auth status`).
171
- - Env: `GH_TOKEN` (the routine's built-in repo connection may not authenticate the `gh` CLI — verify; set `GH_TOKEN` if `gh auth status` fails). `PAT` only for cross-repo flows.
200
+ - Platform substrate: Claude's connected-GitHub proxy/identity authenticates raw git
201
+ clone/fetch/push for repositories the routine can access. Do not ask for a PAT solely for raw git
202
+ or sibling-repo clones.
203
+ - Env: `GH_TOKEN` for the `gh` CLI only; set it because Lisa's PR/issue lifecycle shells out to
204
+ `gh`. Do not describe it as required for raw git clone/fetch/push.
172
205
  - Acquire: fine-grained — `https://github.com/settings/personal-access-tokens`; classic — `https://github.com/settings/tokens`.
173
- - Access: fine-grained → Repository access to the target repo(s); Repository permissions: Contents R/W, Issues R/W, Pull requests R/W, Metadata R (mandatory); add Workflows R/W only if editing `.github/workflows`, and Organization → Projects R/W only if using ProjectV2. Classic equivalent: `repo` + `workflow` (+ `project`, `read:org` for boards). The identity must hold WRITE/MAINTAIN/ADMIN on the repo.
206
+ - Access: fine-grained → Repository access to the repo(s) where Lisa will run `gh` commands (the
207
+ project repo, and the Lisa repo only if filing Lisa issues); Repository permissions: Contents R/W,
208
+ Issues R/W, Pull requests R/W, Metadata R (mandatory); add Workflows R/W only if editing
209
+ `.github/workflows`, and Organization → Projects R/W only if using ProjectV2. Do not include
210
+ sibling repos that are only cloned/fetched with raw git. Classic equivalent: `repo` + `workflow`
211
+ (+ `project`, `read:org` for boards). The identity must hold WRITE/MAINTAIN/ADMIN on the repo.
174
212
 
175
213
  ### JIRA — `tracker: jira`
176
214
  - Headless substrate: `jira-cli` + curl (Basic auth). The acli and Atlassian-MCP tiers need prior interactive/OAuth auth → not viable headless.
@@ -236,12 +274,41 @@ so the generator can render acquisition comments into its template:
236
274
  "headlessSubstrate": "gh CLI (token)",
237
275
  "acquireUrl": "https://github.com/settings/personal-access-tokens",
238
276
  "accessScope": "fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R; +Workflows R/W if editing .github/workflows; +Projects R/W if using ProjectV2"
277
+ },
278
+ {
279
+ "name": "JAM_PAT", "required": false, "secret": true, "integration": "jam",
280
+ "reason": "optional non-tracker MCP recovery; Jam CLI can authenticate headlessly from a PAT",
281
+ "headlessSubstrate": "jam CLI (PAT)",
282
+ "acquireUrl": "https://jam.dev/docs/debug-a-jam/mcp/personal-access-tokens",
283
+ "accessScope": "Jam Personal Access Token for the workspace/team whose traces the routine needs to read",
284
+ "setupSnippet": "curl -fsSL https://native.jam.dev/install | bash; export PATH=\"$HOME/.local/bin:$PATH\"; printf '%s' \"$JAM_PAT\" | jam auth login --token; jam skills install"
285
+ },
286
+ {
287
+ "name": "SONAR_TOKEN", "required": false, "secret": true, "integration": "sonarcloud",
288
+ "reason": "optional non-tracker MCP recovery; SonarQube MCP wraps the token-authenticated SonarCloud Web API",
289
+ "headlessSubstrate": "SonarCloud Web API (token)",
290
+ "acquireUrl": "https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/managing-tokens",
291
+ "accessScope": "token must be able to read the target SonarCloud organization/project quality gate, issues, hotspots, rules, and source snippets"
239
292
  }
240
293
  ],
241
294
  "mcp": [
242
- { "name": "linear-server", "transport": "http", "auth": "oauth", "headlessUsable": false, "replacedBy": "LINEAR_API_KEY + Linear GraphQL", "dormant": true }
295
+ { "name": "linear-server", "transport": "http", "auth": "oauth", "headlessUsable": false, "replacedBy": "LINEAR_API_KEY + Linear GraphQL", "dormant": true },
296
+ { "name": "jam", "transport": "http", "auth": "oauth", "headlessUsable": true, "replacedBy": "jam CLI + JAM_PAT", "dormant": true },
297
+ { "name": "sonarqube", "transport": "stdio", "auth": "local-wrapper", "headlessUsable": true, "replacedBy": "SONAR_TOKEN + SonarCloud Web API", "dormant": true }
243
298
  ],
244
299
  "gaps": [ "auto-memory not synced to cloud", "bun package fetch behind proxy", "OS keychain absent — env-var token form only" ],
300
+ "platform": {
301
+ "githubProxy": {
302
+ "rawGitAuthenticated": true,
303
+ "crossRepoAccess": "repositories reachable by the connected GitHub identity/routine access do not need a PAT for raw git",
304
+ "ghCliNeedsToken": true
305
+ },
306
+ "secretsVisibility": "environment variables and setup scripts are visible to environment editors"
307
+ },
308
+ "networkAccess": {
309
+ "tier": "custom",
310
+ "allowlistDomains": []
311
+ },
245
312
  "allowlistDomains": []
246
313
  }
247
314
  ```
@@ -269,5 +336,16 @@ so the generator can render acquisition comments into its template:
269
336
  Lisa's `setup-*` skills) — transcribe them exactly; never guess at the access a token needs.
270
337
  - For the active `tracker`/`source`, always report the **env-var** form of the secret, never the OS
271
338
  keychain form — keychain reads do not work in a cloud routine.
339
+ - For GitHub, keep the split explicit: raw git uses the platform GitHub proxy/identity, while
340
+ `GH_TOKEN` is for `gh` CLI commands. Sibling repos that are only cloned or fetched with raw git do
341
+ not belong in the token scope.
342
+ - Add GitHub/npm/PyPI/Docker Hub/common development domains to neither `allowlistDomains` nor
343
+ `networkAccess.allowlistDomains`; those are covered by the routine environment's default Trusted
344
+ list. Only non-default integration hosts require Custom-network allowlisting.
345
+ - Always include a `RISK`/`GAP` finding when environment secrets or setup scripts would be visible
346
+ to environment editors; never imply the generated script can hide them.
272
347
  - A browser-OAuth MCP (or interactively-authed CLI) backing an active integration is a `GAP`; the
273
348
  remediation is its token substrate from the table, not "authenticate the MCP".
349
+ - For non-tracker MCPs, a documented CLI, PAT/API-key, or REST substrate converts the finding from
350
+ a flat `GAP` into an `OPTIONAL` headless recovery path; unknown vendors remain gaps with a
351
+ vendor-substrate follow-up, not invented credentials.
@@ -30,8 +30,9 @@ tracker/source, plus the host project's own package manager and tooling — not
30
30
  ## Procedure
31
31
 
32
32
  1. **Inventory.** Invoke `/lisa:analyze-claude-remote --json` and parse its machine-readable
33
- inventory block (`packageManager`, `tools`, `env`, `mcp`, `gaps`, `allowlistDomains`). If the
34
- analysis cannot run, stop and report why — never emit a script from guesses.
33
+ inventory block (`packageManager`, `tools`, `env`, `mcp`, `gaps`, `platform`,
34
+ `networkAccess`, `allowlistDomains`). If the analysis cannot run, stop and report why — never
35
+ emit a script from guesses.
35
36
 
36
37
  2. **Compose the setup script** from the inventory. The script must be:
37
38
  - **Idempotent & detect-before-install** — every install guarded by a `command -v <tool>` check
@@ -62,11 +63,38 @@ tracker/source, plus the host project's own package manager and tooling — not
62
63
  where to get the token and what permissions it needs. Emit only the **env-var form** of the name
63
64
  that the analysis reported (including any per-account suffixed form like `LINEAR_API_KEY_<slug>`);
64
65
  never emit a keychain instruction — keychain does not exist in a cloud routine.
66
+ When the entry is `GH_TOKEN`, add a comment from `platform.githubProxy` clarifying that the token
67
+ is for `gh` CLI commands against the project/Lisa repos, not for raw git clone/fetch/push or
68
+ sibling repos reachable through the routine's GitHub proxy.
69
+ For OPTIONAL non-tracker MCP recovery entries discovered by
70
+ `/lisa:analyze-claude-remote`, preserve the same names-only behavior:
71
+ include `JAM_PAT`, `SONAR_TOKEN`, or similar documented substrate env vars
72
+ only as optional secrets, with their acquire/scope comments when the analysis
73
+ supplied them. Never invent values or promote dormant substrates to required.
74
+
75
+ 3a. **Emit substrate setup snippets.** When the inventory marks an MCP
76
+ `headlessUsable: true` through a documented substrate, render the matching
77
+ wiring guidance as commented, opt-in setup:
78
+ - CLI substrates: emit the detected install/login commands gated on the
79
+ optional env var. For Jam, this means `curl -fsSL https://native.jam.dev/install | bash`,
80
+ `export PATH="$HOME/.local/bin:$PATH"`, `printf '%s' "$JAM_PAT" | jam auth login --token`,
81
+ and `jam skills install`, all inside `[ -n "${JAM_PAT:-}" ] && ...` guards so missing
82
+ optional secrets do not fail the environment build.
83
+ - REST substitute substrates: do not install an MCP. Emit comments naming the
84
+ REST host and env var (for example `SONAR_TOKEN` with `https://sonarcloud.io/api/`) and
85
+ rely on the access skill or generated consumer to call the API.
86
+ - PAT-bearer MCP substrates: print a commented `.mcp.json` `headers` snippet from the
87
+ inventory's `mcpHeaders`. Use this only when the analysis explicitly says the same MCP
88
+ transport supports static-token auth. Do not print a Jam `.mcp.json` header snippet because
89
+ Jam's preferred headless substrate is its PAT-authenticated CLI.
65
90
 
66
91
  4. **Emit the allowlist + gaps notice.** List any custom domains the setup or runtime reaches
67
- (from `allowlistDomains`) that the user must add to the environment's network access, and echo
68
- the `gaps` from the analysis (auto-memory not synced, interactive-auth/stdio-MCP unavailable,
69
- etc.) as a header comment so the user knows what the script **cannot** fix.
92
+ (from `networkAccess.allowlistDomains`, falling back to legacy `allowlistDomains`) that the user
93
+ must add when the environment needs Custom network access. Do not include default Trusted domains
94
+ such as GitHub, npm/PyPI registries, or Docker Hub. Echo the `gaps` from the analysis
95
+ (auto-memory not synced, interactive-auth/stdio-MCP unavailable, etc.) and the
96
+ `platform.secretsVisibility` warning as a header comment so the user knows what the script
97
+ **cannot** fix.
70
98
 
71
99
  5. **Write and report.** Write the script to `--out` (default `scripts/claude-remote-setup.sh`),
72
100
  `chmod +x` it, and print: the path, a one-line summary of what it installs and which env vars to
@@ -92,9 +120,11 @@ shape, not a fixed payload):
92
120
  # # --- credentials for the active tracker/source (set in the environment UI) ---
93
121
  # # Acquire: https://github.com/settings/personal-access-tokens
94
122
  # # Access: fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R
123
+ # # Note: GH_TOKEN is for gh CLI only. Raw git uses Claude's connected-GitHub proxy/identity;
124
+ # # sibling repos reached only by raw git do not need to be in this token scope.
95
125
  # - GH_TOKEN=<token> # REQUIRED, github is the active tracker+source
96
- # NETWORK: allowlist these domains in the environment if not on full access:
97
- # - <allowlistDomains, if any>
126
+ # NETWORK: set the environment to Custom and allowlist these non-default domains if not on Full:
127
+ # - <networkAccess.allowlistDomains, if any>
98
128
  set -uo pipefail
99
129
 
100
130
  need() { command -v "$1" >/dev/null 2>&1; }
@@ -152,8 +182,12 @@ to stop are: the analysis could not run, or the `--out` path is not writable.
152
182
  - Never write real secret values into the script or template — names and placeholders only.
153
183
  - For active tracker/source credentials, carry the analysis's `Acquire:` URL and `Access:` scope into
154
184
  the template as comments, and emit only the env-var form of the name — never a keychain command.
185
+ - For `GH_TOKEN`, preserve the analysis's GitHub proxy split: it is for `gh` CLI commands only, and
186
+ raw git/cross-repo clone guidance must not expand the token scope to sibling repositories.
155
187
  - Never emit an install for a tool the analysis did not surface, and never install `OPTIONAL` tools
156
188
  unless `--include-optional` is set.
189
+ - Prefer `networkAccess.allowlistDomains` over legacy top-level `allowlistDomains`; never emit
190
+ domains already covered by the routine environment's default Trusted list.
157
191
  - Keep the script idempotent and detect-before-install so it is safe to re-run and cache.
158
192
  - Preserve the inventory's `REQUIRED` vs `OPTIONAL` distinction in both fail-behavior (fatal vs
159
193
  warn) and section placement.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: jam-access
3
- description: "Vendor-neutral access layer for Jam. Jam triage rules and skills MUST delegate through this skill rather than calling Jam MCP tools directly. Resolves Jam MCP first when available, then falls back to JAM_PAT bearer auth for headless routines."
3
+ description: "Vendor-neutral access layer for Jam. Jam triage rules and skills MUST delegate through this skill rather than calling Jam MCP tools directly. Resolves Jam MCP first when available, then falls back to the JAM_PAT-authenticated Jam CLI for headless routines."
4
4
  allowed-tools: ["Bash", "Read", "Skill"]
5
5
  ---
6
6
 
@@ -24,16 +24,16 @@ Return parsed JSON or a concise structured summary in a `<result>` block.
24
24
  Probe in order:
25
25
 
26
26
  1. Jam MCP, if the tool is available and authenticated.
27
- 2. `JAM_PAT` bearer token against Jam's MCP/trace HTTP substrate.
27
+ 2. Jam CLI authenticated with `JAM_PAT`.
28
28
 
29
- Jam documents personal access tokens for MCP clients so a browser OAuth flow is
30
- not required. The headless tier uses:
29
+ Jam documents a PAT-authenticated CLI that is cleaner for remote routines than
30
+ editing `.mcp.json` headers. The headless tier uses:
31
31
 
32
32
  ```bash
33
- curl -sS "https://mcp.jam.dev/mcp" \
34
- -H "Authorization: Bearer $JAM_PAT" \
35
- -H "Content-Type: application/json" \
36
- --data-binary "$PAYLOAD"
33
+ curl -fsSL https://native.jam.dev/install | bash
34
+ export PATH="$HOME/.local/bin:$PATH"
35
+ printf '%s' "$JAM_PAT" | jam auth login --token
36
+ jam skills install
37
37
  ```
38
38
 
39
39
  If neither tier works, fail with:
@@ -45,7 +45,8 @@ Error: no Jam access substrate available. Authenticate the Jam MCP or set JAM_PA
45
45
  ## Invariants
46
46
 
47
47
  - Fallback is gated on `JAM_PAT`; do not retry Jam MCP failures blindly.
48
- - Never commit a Jam PAT into `.mcp.json`. Use env interpolation in host MCP
49
- config, for example `Authorization: Bearer ${JAM_PAT}`.
50
- - If a requested operation is not yet mapped to the Jam HTTP substrate, surface
48
+ - Never commit a Jam PAT into `.mcp.json` or any generated setup artifact.
49
+ - Headless Jam access requires `native.jam.dev` for the installer and
50
+ `api.jam.dev` for CLI/API calls in any custom remote network allowlist.
51
+ - If a requested operation is not yet mapped to the Jam CLI substrate, surface
51
52
  that exact missing adapter instead of pretending the trace is unavailable.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "lisa",
3
- "version": "2.178.0",
3
+ "version": "2.178.2",
4
4
  "description": "Universal governance — agents, skills, commands, hooks, and rules for all projects",
5
5
  "author": {
6
6
  "name": "Cody Swann"
@@ -27,7 +27,7 @@ available.
27
27
  | Atlassian | `lisa:atlassian-access` | `ATLASSIAN_API_TOKEN` | Atlassian Cloud REST |
28
28
  | Notion | `lisa:notion-access` | `NOTION_API_TOKEN` | Notion REST |
29
29
  | Linear | `lisa:linear-access` | `LINEAR_API_KEY` | Linear GraphQL |
30
- | Jam | `lisa:jam-access` | `JAM_PAT` | Jam MCP HTTP endpoint with bearer PAT |
30
+ | Jam | `lisa:jam-access` | `JAM_PAT` | Jam CLI |
31
31
  | SonarCloud | `lisa:sonarcloud-access` | `SONAR_TOKEN` | SonarCloud Web API |
32
32
  | Sentry | `lisa:sentry-access` | `SENTRY_AUTH_TOKEN` | Sentry REST API |
33
33
  | PostHog | `lisa:posthog-access` | `POSTHOG_PERSONAL_API_KEY` | PostHog REST API |
@@ -133,11 +133,35 @@ Group the findings as:
133
133
  `RISK`/`GAP` (need a local process — only viable if the cloud session can spawn them from the
134
134
  repo). Flag interactively/OAuth-authed servers as `GAP` for headless auth — they cannot complete
135
135
  a browser flow headless **regardless of transport** (an HTTP MCP like `linear-server` is still a
136
- `GAP` because its *auth* is OAuth, not because of its transport). When an OAuth MCP backs an
137
- active tracker/source, do not stop at the `GAP` cross-reference group 4a and point to the
138
- integration's token substrate as the headless replacement (e.g. `linear-server` MCP `LINEAR_API_KEY`
139
- + Linear GraphQL). Note any user-scoped MCP (`~/.claude.json`) as `GAP` it never reaches the
140
- cloud; it must be moved into project `.mcp.json`.
136
+ `GAP` because its *auth* is OAuth, not because of its transport). Before finalizing any
137
+ OAuth/interactive/stdio MCP as a flat `GAP`, check for a documented headless substrate: a
138
+ static-token MCP header, a vendor CLI that can login from an env token, or a token-authenticated
139
+ REST API that the MCP wraps. If documented evidence exists, mark the MCP `headlessUsable: true`
140
+ in the inventory, mark the supporting secret `required: false` / `secret: true` unless the
141
+ integration is active, and set `replacedBy` to the concrete substrate rather than leaving it as
142
+ an impossible capability. When an OAuth MCP backs an active tracker/source, do not stop at the
143
+ `GAP` — cross-reference group 4a and point to the integration's token substrate as the headless
144
+ replacement (e.g. `linear-server` MCP -> `LINEAR_API_KEY` + Linear GraphQL). Note any user-scoped
145
+ MCP (`~/.claude.json`) as `GAP` — it never reaches the cloud; it must be moved into project
146
+ `.mcp.json`.
147
+
148
+ Use this data-driven hint table as seed evidence, and extend it only when you can cite a vendor
149
+ doc or committed access-skill reference:
150
+
151
+ | Match | Substrate | Env | Setup / wiring | Domains |
152
+ |---|---|---|---|---|
153
+ | `mcp.jam.dev`, `jam`, or Jam MCP entries | Jam CLI (`jam`) authenticated by PAT | `JAM_PAT` | install with `curl -fsSL https://native.jam.dev/install | bash`; export `~/.local/bin`; run `printf '%s' "$JAM_PAT" | jam auth login --token`; optionally `jam skills install` | `native.jam.dev`, `api.jam.dev` |
154
+ | `mcp/sonarqube`, `sonarqube`, or SonarCloud/SonarQube MCP entries | SonarCloud Web API | `SONAR_TOKEN` | use REST calls against `https://sonarcloud.io/api/`; if a host needs legacy token-as-basic-auth, put that in the access adapter | `sonarcloud.io` |
155
+
156
+ For PAT-bearer MCP substrates that really use the same MCP transport, include `mcpHeaders` in
157
+ the inventory with a snippet such as `headers: { "Authorization": "Bearer ${VAR}" }` so the
158
+ generator can print a commented `.mcp.json` example. Do **not** use that for Jam: Jam's preferred
159
+ headless substrate is the `jam` CLI, so the generator should emit CLI setup lines instead of an
160
+ `.mcp.json` header snippet.
161
+
162
+ When no documented substrate is known, keep the MCP as `headlessUsable: false` / `GAP`, and add
163
+ an action line like: `check the vendor for a documented PAT, API-key, CLI, or REST substrate`.
164
+ Never assert that no substrate exists unless the vendor documentation explicitly says so.
141
165
 
142
166
  6. **Config scope & memory gaps** — identify reliance on user-scoped config that will not load
143
167
  remotely: `~/.claude/CLAUDE.md`, user `enabledPlugins`, user skills/agents, user MCP. Most
@@ -148,9 +172,14 @@ Group the findings as:
148
172
  7. **Platform constraints** — surface the non-config constraints as `GAP`/`RISK` so the user is
149
173
  not surprised: routines run with no interactive permission prompts and cannot ask the user
150
174
  mid-run; interactive auth (SSO/OAuth browser, keychain) is unavailable; GitHub org IP
151
- allowlisting blocks cloud sessions; outbound traffic is proxied and custom domains need
152
- allowlisting; resource limits (~4 vCPU / 16 GB RAM / 30 GB disk); no desktop/computer-use; no
153
- statusline/theme rendering.
175
+ allowlisting blocks cloud sessions; raw GitHub clone/fetch/push operations are handled by
176
+ Claude's connected-GitHub proxy/identity and do not need a separate PAT; the `gh` CLI is not the
177
+ same substrate and still needs `GH_TOKEN`; outbound traffic is controlled by the routine
178
+ environment network tier, where the default Trusted tier includes common development domains and
179
+ package registries but arbitrary integration hosts need Custom or Full access; environment
180
+ variables and setup scripts are stored in the cloud environment configuration and are visible to
181
+ anyone who can edit that environment; resource limits (~4 vCPU / 16 GB RAM / 30 GB disk); no
182
+ desktop/computer-use; no statusline/theme rendering.
154
183
 
155
184
  8. **Host-project app needs** — note any build/test/run command a routine would invoke and any
156
185
  runtime service it depends on (database, queue, external API) that will not exist in a fresh
@@ -168,9 +197,18 @@ unsuffixed `…_TOKEN`/`…_KEY` is the simplest to set in a single-account rout
168
197
 
169
198
  ### GitHub — `tracker: github` and/or `source: github`
170
199
  - Headless substrate: `gh` CLI authed by token (every Lisa GitHub script gates on `gh auth status`).
171
- - Env: `GH_TOKEN` (the routine's built-in repo connection may not authenticate the `gh` CLI — verify; set `GH_TOKEN` if `gh auth status` fails). `PAT` only for cross-repo flows.
200
+ - Platform substrate: Claude's connected-GitHub proxy/identity authenticates raw git
201
+ clone/fetch/push for repositories the routine can access. Do not ask for a PAT solely for raw git
202
+ or sibling-repo clones.
203
+ - Env: `GH_TOKEN` for the `gh` CLI only; set it because Lisa's PR/issue lifecycle shells out to
204
+ `gh`. Do not describe it as required for raw git clone/fetch/push.
172
205
  - Acquire: fine-grained — `https://github.com/settings/personal-access-tokens`; classic — `https://github.com/settings/tokens`.
173
- - Access: fine-grained → Repository access to the target repo(s); Repository permissions: Contents R/W, Issues R/W, Pull requests R/W, Metadata R (mandatory); add Workflows R/W only if editing `.github/workflows`, and Organization → Projects R/W only if using ProjectV2. Classic equivalent: `repo` + `workflow` (+ `project`, `read:org` for boards). The identity must hold WRITE/MAINTAIN/ADMIN on the repo.
206
+ - Access: fine-grained → Repository access to the repo(s) where Lisa will run `gh` commands (the
207
+ project repo, and the Lisa repo only if filing Lisa issues); Repository permissions: Contents R/W,
208
+ Issues R/W, Pull requests R/W, Metadata R (mandatory); add Workflows R/W only if editing
209
+ `.github/workflows`, and Organization → Projects R/W only if using ProjectV2. Do not include
210
+ sibling repos that are only cloned/fetched with raw git. Classic equivalent: `repo` + `workflow`
211
+ (+ `project`, `read:org` for boards). The identity must hold WRITE/MAINTAIN/ADMIN on the repo.
174
212
 
175
213
  ### JIRA — `tracker: jira`
176
214
  - Headless substrate: `jira-cli` + curl (Basic auth). The acli and Atlassian-MCP tiers need prior interactive/OAuth auth → not viable headless.
@@ -236,12 +274,41 @@ so the generator can render acquisition comments into its template:
236
274
  "headlessSubstrate": "gh CLI (token)",
237
275
  "acquireUrl": "https://github.com/settings/personal-access-tokens",
238
276
  "accessScope": "fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R; +Workflows R/W if editing .github/workflows; +Projects R/W if using ProjectV2"
277
+ },
278
+ {
279
+ "name": "JAM_PAT", "required": false, "secret": true, "integration": "jam",
280
+ "reason": "optional non-tracker MCP recovery; Jam CLI can authenticate headlessly from a PAT",
281
+ "headlessSubstrate": "jam CLI (PAT)",
282
+ "acquireUrl": "https://jam.dev/docs/debug-a-jam/mcp/personal-access-tokens",
283
+ "accessScope": "Jam Personal Access Token for the workspace/team whose traces the routine needs to read",
284
+ "setupSnippet": "curl -fsSL https://native.jam.dev/install | bash; export PATH=\"$HOME/.local/bin:$PATH\"; printf '%s' \"$JAM_PAT\" | jam auth login --token; jam skills install"
285
+ },
286
+ {
287
+ "name": "SONAR_TOKEN", "required": false, "secret": true, "integration": "sonarcloud",
288
+ "reason": "optional non-tracker MCP recovery; SonarQube MCP wraps the token-authenticated SonarCloud Web API",
289
+ "headlessSubstrate": "SonarCloud Web API (token)",
290
+ "acquireUrl": "https://docs.sonarsource.com/sonarqube-cloud/managing-your-account/managing-tokens",
291
+ "accessScope": "token must be able to read the target SonarCloud organization/project quality gate, issues, hotspots, rules, and source snippets"
239
292
  }
240
293
  ],
241
294
  "mcp": [
242
- { "name": "linear-server", "transport": "http", "auth": "oauth", "headlessUsable": false, "replacedBy": "LINEAR_API_KEY + Linear GraphQL", "dormant": true }
295
+ { "name": "linear-server", "transport": "http", "auth": "oauth", "headlessUsable": false, "replacedBy": "LINEAR_API_KEY + Linear GraphQL", "dormant": true },
296
+ { "name": "jam", "transport": "http", "auth": "oauth", "headlessUsable": true, "replacedBy": "jam CLI + JAM_PAT", "dormant": true },
297
+ { "name": "sonarqube", "transport": "stdio", "auth": "local-wrapper", "headlessUsable": true, "replacedBy": "SONAR_TOKEN + SonarCloud Web API", "dormant": true }
243
298
  ],
244
299
  "gaps": [ "auto-memory not synced to cloud", "bun package fetch behind proxy", "OS keychain absent — env-var token form only" ],
300
+ "platform": {
301
+ "githubProxy": {
302
+ "rawGitAuthenticated": true,
303
+ "crossRepoAccess": "repositories reachable by the connected GitHub identity/routine access do not need a PAT for raw git",
304
+ "ghCliNeedsToken": true
305
+ },
306
+ "secretsVisibility": "environment variables and setup scripts are visible to environment editors"
307
+ },
308
+ "networkAccess": {
309
+ "tier": "custom",
310
+ "allowlistDomains": []
311
+ },
245
312
  "allowlistDomains": []
246
313
  }
247
314
  ```
@@ -269,5 +336,16 @@ so the generator can render acquisition comments into its template:
269
336
  Lisa's `setup-*` skills) — transcribe them exactly; never guess at the access a token needs.
270
337
  - For the active `tracker`/`source`, always report the **env-var** form of the secret, never the OS
271
338
  keychain form — keychain reads do not work in a cloud routine.
339
+ - For GitHub, keep the split explicit: raw git uses the platform GitHub proxy/identity, while
340
+ `GH_TOKEN` is for `gh` CLI commands. Sibling repos that are only cloned or fetched with raw git do
341
+ not belong in the token scope.
342
+ - Add GitHub/npm/PyPI/Docker Hub/common development domains to neither `allowlistDomains` nor
343
+ `networkAccess.allowlistDomains`; those are covered by the routine environment's default Trusted
344
+ list. Only non-default integration hosts require Custom-network allowlisting.
345
+ - Always include a `RISK`/`GAP` finding when environment secrets or setup scripts would be visible
346
+ to environment editors; never imply the generated script can hide them.
272
347
  - A browser-OAuth MCP (or interactively-authed CLI) backing an active integration is a `GAP`; the
273
348
  remediation is its token substrate from the table, not "authenticate the MCP".
349
+ - For non-tracker MCPs, a documented CLI, PAT/API-key, or REST substrate converts the finding from
350
+ a flat `GAP` into an `OPTIONAL` headless recovery path; unknown vendors remain gaps with a
351
+ vendor-substrate follow-up, not invented credentials.
@@ -30,8 +30,9 @@ tracker/source, plus the host project's own package manager and tooling — not
30
30
  ## Procedure
31
31
 
32
32
  1. **Inventory.** Invoke `/lisa:analyze-claude-remote --json` and parse its machine-readable
33
- inventory block (`packageManager`, `tools`, `env`, `mcp`, `gaps`, `allowlistDomains`). If the
34
- analysis cannot run, stop and report why — never emit a script from guesses.
33
+ inventory block (`packageManager`, `tools`, `env`, `mcp`, `gaps`, `platform`,
34
+ `networkAccess`, `allowlistDomains`). If the analysis cannot run, stop and report why — never
35
+ emit a script from guesses.
35
36
 
36
37
  2. **Compose the setup script** from the inventory. The script must be:
37
38
  - **Idempotent & detect-before-install** — every install guarded by a `command -v <tool>` check
@@ -62,11 +63,38 @@ tracker/source, plus the host project's own package manager and tooling — not
62
63
  where to get the token and what permissions it needs. Emit only the **env-var form** of the name
63
64
  that the analysis reported (including any per-account suffixed form like `LINEAR_API_KEY_<slug>`);
64
65
  never emit a keychain instruction — keychain does not exist in a cloud routine.
66
+ When the entry is `GH_TOKEN`, add a comment from `platform.githubProxy` clarifying that the token
67
+ is for `gh` CLI commands against the project/Lisa repos, not for raw git clone/fetch/push or
68
+ sibling repos reachable through the routine's GitHub proxy.
69
+ For OPTIONAL non-tracker MCP recovery entries discovered by
70
+ `/lisa:analyze-claude-remote`, preserve the same names-only behavior:
71
+ include `JAM_PAT`, `SONAR_TOKEN`, or similar documented substrate env vars
72
+ only as optional secrets, with their acquire/scope comments when the analysis
73
+ supplied them. Never invent values or promote dormant substrates to required.
74
+
75
+ 3a. **Emit substrate setup snippets.** When the inventory marks an MCP
76
+ `headlessUsable: true` through a documented substrate, render the matching
77
+ wiring guidance as commented, opt-in setup:
78
+ - CLI substrates: emit the detected install/login commands gated on the
79
+ optional env var. For Jam, this means `curl -fsSL https://native.jam.dev/install | bash`,
80
+ `export PATH="$HOME/.local/bin:$PATH"`, `printf '%s' "$JAM_PAT" | jam auth login --token`,
81
+ and `jam skills install`, all inside `[ -n "${JAM_PAT:-}" ] && ...` guards so missing
82
+ optional secrets do not fail the environment build.
83
+ - REST substitute substrates: do not install an MCP. Emit comments naming the
84
+ REST host and env var (for example `SONAR_TOKEN` with `https://sonarcloud.io/api/`) and
85
+ rely on the access skill or generated consumer to call the API.
86
+ - PAT-bearer MCP substrates: print a commented `.mcp.json` `headers` snippet from the
87
+ inventory's `mcpHeaders`. Use this only when the analysis explicitly says the same MCP
88
+ transport supports static-token auth. Do not print a Jam `.mcp.json` header snippet because
89
+ Jam's preferred headless substrate is its PAT-authenticated CLI.
65
90
 
66
91
  4. **Emit the allowlist + gaps notice.** List any custom domains the setup or runtime reaches
67
- (from `allowlistDomains`) that the user must add to the environment's network access, and echo
68
- the `gaps` from the analysis (auto-memory not synced, interactive-auth/stdio-MCP unavailable,
69
- etc.) as a header comment so the user knows what the script **cannot** fix.
92
+ (from `networkAccess.allowlistDomains`, falling back to legacy `allowlistDomains`) that the user
93
+ must add when the environment needs Custom network access. Do not include default Trusted domains
94
+ such as GitHub, npm/PyPI registries, or Docker Hub. Echo the `gaps` from the analysis
95
+ (auto-memory not synced, interactive-auth/stdio-MCP unavailable, etc.) and the
96
+ `platform.secretsVisibility` warning as a header comment so the user knows what the script
97
+ **cannot** fix.
70
98
 
71
99
  5. **Write and report.** Write the script to `--out` (default `scripts/claude-remote-setup.sh`),
72
100
  `chmod +x` it, and print: the path, a one-line summary of what it installs and which env vars to
@@ -92,9 +120,11 @@ shape, not a fixed payload):
92
120
  # # --- credentials for the active tracker/source (set in the environment UI) ---
93
121
  # # Acquire: https://github.com/settings/personal-access-tokens
94
122
  # # Access: fine-grained PAT on target repo: Contents R/W, Issues R/W, Pull requests R/W, Metadata R
123
+ # # Note: GH_TOKEN is for gh CLI only. Raw git uses Claude's connected-GitHub proxy/identity;
124
+ # # sibling repos reached only by raw git do not need to be in this token scope.
95
125
  # - GH_TOKEN=<token> # REQUIRED, github is the active tracker+source
96
- # NETWORK: allowlist these domains in the environment if not on full access:
97
- # - <allowlistDomains, if any>
126
+ # NETWORK: set the environment to Custom and allowlist these non-default domains if not on Full:
127
+ # - <networkAccess.allowlistDomains, if any>
98
128
  set -uo pipefail
99
129
 
100
130
  need() { command -v "$1" >/dev/null 2>&1; }
@@ -152,8 +182,12 @@ to stop are: the analysis could not run, or the `--out` path is not writable.
152
182
  - Never write real secret values into the script or template — names and placeholders only.
153
183
  - For active tracker/source credentials, carry the analysis's `Acquire:` URL and `Access:` scope into
154
184
  the template as comments, and emit only the env-var form of the name — never a keychain command.
185
+ - For `GH_TOKEN`, preserve the analysis's GitHub proxy split: it is for `gh` CLI commands only, and
186
+ raw git/cross-repo clone guidance must not expand the token scope to sibling repositories.
155
187
  - Never emit an install for a tool the analysis did not surface, and never install `OPTIONAL` tools
156
188
  unless `--include-optional` is set.
189
+ - Prefer `networkAccess.allowlistDomains` over legacy top-level `allowlistDomains`; never emit
190
+ domains already covered by the routine environment's default Trusted list.
157
191
  - Keep the script idempotent and detect-before-install so it is safe to re-run and cache.
158
192
  - Preserve the inventory's `REQUIRED` vs `OPTIONAL` distinction in both fail-behavior (fatal vs
159
193
  warn) and section placement.
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: jam-access
3
- description: "Vendor-neutral access layer for Jam. Jam triage rules and skills MUST delegate through this skill rather than calling Jam MCP tools directly. Resolves Jam MCP first when available, then falls back to JAM_PAT bearer auth for headless routines."
3
+ description: "Vendor-neutral access layer for Jam. Jam triage rules and skills MUST delegate through this skill rather than calling Jam MCP tools directly. Resolves Jam MCP first when available, then falls back to the JAM_PAT-authenticated Jam CLI for headless routines."
4
4
  allowed-tools: ["Bash", "Read", "Skill"]
5
5
  ---
6
6
 
@@ -24,16 +24,16 @@ Return parsed JSON or a concise structured summary in a `<result>` block.
24
24
  Probe in order:
25
25
 
26
26
  1. Jam MCP, if the tool is available and authenticated.
27
- 2. `JAM_PAT` bearer token against Jam's MCP/trace HTTP substrate.
27
+ 2. Jam CLI authenticated with `JAM_PAT`.
28
28
 
29
- Jam documents personal access tokens for MCP clients so a browser OAuth flow is
30
- not required. The headless tier uses:
29
+ Jam documents a PAT-authenticated CLI that is cleaner for remote routines than
30
+ editing `.mcp.json` headers. The headless tier uses:
31
31
 
32
32
  ```bash
33
- curl -sS "https://mcp.jam.dev/mcp" \
34
- -H "Authorization: Bearer $JAM_PAT" \
35
- -H "Content-Type: application/json" \
36
- --data-binary "$PAYLOAD"
33
+ curl -fsSL https://native.jam.dev/install | bash
34
+ export PATH="$HOME/.local/bin:$PATH"
35
+ printf '%s' "$JAM_PAT" | jam auth login --token
36
+ jam skills install
37
37
  ```
38
38
 
39
39
  If neither tier works, fail with:
@@ -45,7 +45,8 @@ Error: no Jam access substrate available. Authenticate the Jam MCP or set JAM_PA
45
45
  ## Invariants
46
46
 
47
47
  - Fallback is gated on `JAM_PAT`; do not retry Jam MCP failures blindly.
48
- - Never commit a Jam PAT into `.mcp.json`. Use env interpolation in host MCP
49
- config, for example `Authorization: Bearer ${JAM_PAT}`.
50
- - If a requested operation is not yet mapped to the Jam HTTP substrate, surface
48
+ - Never commit a Jam PAT into `.mcp.json` or any generated setup artifact.
49
+ - Headless Jam access requires `native.jam.dev` for the installer and
50
+ `api.jam.dev` for CLI/API calls in any custom remote network allowlist.
51
+ - If a requested operation is not yet mapped to the Jam CLI substrate, surface
51
52
  that exact missing adapter instead of pretending the trace is unavailable.