@codyswann/lisa 2.178.5 → 2.178.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/plugins/lisa/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa/skills/analyze-claude-remote/SKILL.md +72 -2
- package/plugins/lisa/skills/generate-claude-remote-build-script/SKILL.md +30 -1
- package/plugins/lisa-agy/plugin.json +1 -1
- package/plugins/lisa-agy/skills/analyze-claude-remote/SKILL.md +72 -2
- package/plugins/lisa-agy/skills/generate-claude-remote-build-script/SKILL.md +30 -1
- package/plugins/lisa-cdk/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk-agy/plugin.json +1 -1
- package/plugins/lisa-cdk-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cdk-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-copilot/skills/analyze-claude-remote/SKILL.md +72 -2
- package/plugins/lisa-copilot/skills/generate-claude-remote-build-script/SKILL.md +30 -1
- package/plugins/lisa-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-cursor/skills/analyze-claude-remote/SKILL.md +72 -2
- package/plugins/lisa-cursor/skills/generate-claude-remote-build-script/SKILL.md +30 -1
- package/plugins/lisa-expo/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-expo/agents/ops-specialist.md +2 -2
- package/plugins/lisa-expo/skills/ops-check-logs/SKILL.md +8 -2
- package/plugins/lisa-expo/skills/ops-db-ops/SKILL.md +7 -3
- package/plugins/lisa-expo/skills/ops-deploy/SKILL.md +6 -2
- package/plugins/lisa-expo/skills/ops-run-local/SKILL.md +5 -2
- package/plugins/lisa-expo-agy/agents/ops-specialist.md +2 -2
- package/plugins/lisa-expo-agy/plugin.json +1 -1
- package/plugins/lisa-expo-agy/skills/ops-check-logs/SKILL.md +8 -2
- package/plugins/lisa-expo-agy/skills/ops-db-ops/SKILL.md +7 -3
- package/plugins/lisa-expo-agy/skills/ops-deploy/SKILL.md +6 -2
- package/plugins/lisa-expo-agy/skills/ops-run-local/SKILL.md +5 -2
- package/plugins/lisa-expo-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo-copilot/agents/ops-specialist.agent.md +2 -2
- package/plugins/lisa-expo-copilot/skills/ops-check-logs/SKILL.md +8 -2
- package/plugins/lisa-expo-copilot/skills/ops-db-ops/SKILL.md +7 -3
- package/plugins/lisa-expo-copilot/skills/ops-deploy/SKILL.md +6 -2
- package/plugins/lisa-expo-copilot/skills/ops-run-local/SKILL.md +5 -2
- package/plugins/lisa-expo-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-expo-cursor/agents/ops-specialist.md +2 -2
- package/plugins/lisa-expo-cursor/skills/ops-check-logs/SKILL.md +8 -2
- package/plugins/lisa-expo-cursor/skills/ops-db-ops/SKILL.md +7 -3
- package/plugins/lisa-expo-cursor/skills/ops-deploy/SKILL.md +6 -2
- package/plugins/lisa-expo-cursor/skills/ops-run-local/SKILL.md +5 -2
- package/plugins/lisa-harper-fabric/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-agy/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-harper-fabric-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs-agy/plugin.json +1 -1
- package/plugins/lisa-nestjs-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-nestjs-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw-agy/plugin.json +1 -1
- package/plugins/lisa-openclaw-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-openclaw-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser-agy/plugin.json +1 -1
- package/plugins/lisa-phaser-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-phaser-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-rails/agents/ops-specialist.md +1 -1
- package/plugins/lisa-rails-agy/agents/ops-specialist.md +1 -1
- package/plugins/lisa-rails-agy/plugin.json +1 -1
- package/plugins/lisa-rails-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails-copilot/agents/ops-specialist.agent.md +1 -1
- package/plugins/lisa-rails-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-rails-cursor/agents/ops-specialist.md +1 -1
- package/plugins/lisa-typescript/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript-agy/plugin.json +1 -1
- package/plugins/lisa-typescript-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-typescript-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki/.codex-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki-agy/plugin.json +1 -1
- package/plugins/lisa-wiki-copilot/.claude-plugin/plugin.json +1 -1
- package/plugins/lisa-wiki-cursor/.claude-plugin/plugin.json +1 -1
- package/plugins/src/base/skills/analyze-claude-remote/SKILL.md +72 -2
- package/plugins/src/base/skills/generate-claude-remote-build-script/SKILL.md +30 -1
- package/plugins/src/expo/agents/ops-specialist.md +2 -2
- package/plugins/src/expo/skills/ops-check-logs/SKILL.md +8 -2
- package/plugins/src/expo/skills/ops-db-ops/SKILL.md +7 -3
- package/plugins/src/expo/skills/ops-deploy/SKILL.md +6 -2
- package/plugins/src/expo/skills/ops-run-local/SKILL.md +5 -2
- package/plugins/src/rails/agents/ops-specialist.md +1 -1
|
@@ -31,7 +31,7 @@ tracker/source, plus the host project's own package manager and tooling — not
|
|
|
31
31
|
|
|
32
32
|
1. **Inventory.** Invoke `/lisa:analyze-claude-remote --json` and parse its machine-readable
|
|
33
33
|
inventory block (`packageManager`, `tools`, `env`, `mcp`, `gaps`, `platform`,
|
|
34
|
-
`networkAccess`, `allowlistDomains`). If the analysis cannot run, stop and report why — never
|
|
34
|
+
`networkAccess`, `allowlistDomains`, `awsProfiles`). If the analysis cannot run, stop and report why — never
|
|
35
35
|
emit a script from guesses.
|
|
36
36
|
|
|
37
37
|
2. **Compose the setup script** from the inventory. The script must be:
|
|
@@ -71,6 +71,9 @@ tracker/source, plus the host project's own package manager and tooling — not
|
|
|
71
71
|
include `JAM_PAT`, `SONAR_TOKEN`, or similar documented substrate env vars
|
|
72
72
|
only as optional secrets, with their acquire/scope comments when the analysis
|
|
73
73
|
supplied them. Never invent values or promote dormant substrates to required.
|
|
74
|
+
When AWS entries are present, list `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, optional
|
|
75
|
+
`AWS_SESSION_TOKEN`, and `AWS_DEFAULT_REGION` exactly as the analysis reported. State that these
|
|
76
|
+
bootstrap credentials are for STS assume-role only; do not emit or recommend `aws sso login`.
|
|
74
77
|
|
|
75
78
|
3a. **Emit substrate setup snippets.** When the inventory marks an MCP
|
|
76
79
|
`headlessUsable: true` through a documented substrate, render the matching
|
|
@@ -88,6 +91,19 @@ tracker/source, plus the host project's own package manager and tooling — not
|
|
|
88
91
|
transport supports static-token auth. Do not print a Jam `.mcp.json` header snippet because
|
|
89
92
|
Jam's preferred headless substrate is its PAT-authenticated CLI.
|
|
90
93
|
|
|
94
|
+
3b. **Emit AWS assume-role profile setup.** When the inventory includes `awsProfiles`, write an
|
|
95
|
+
idempotent `~/.aws/config` block gated on `[ -n "${AWS_ACCESS_KEY_ID:-}" ]`. The generated block
|
|
96
|
+
must:
|
|
97
|
+
- `mkdir -p "$HOME/.aws"` and create or append profile stanzas without writing secrets.
|
|
98
|
+
- Emit one `[profile <name>]` stanza per inventory profile with `role_arn`,
|
|
99
|
+
`credential_source = Environment`, `region` when present, and `external_id` when present.
|
|
100
|
+
- Keep regions and ExternalIds as non-secret project metadata from the inventory; never invent
|
|
101
|
+
account IDs, role names, profile names, regions, or ExternalIds.
|
|
102
|
+
- Warn and skip profile writing when AWS profile metadata is absent, while still listing the
|
|
103
|
+
required `AWS_*` env var names in the secret template.
|
|
104
|
+
- Include a comment that agents should use `aws --profile <name> ...` and must not run
|
|
105
|
+
`aws sso login` in headless routines.
|
|
106
|
+
|
|
91
107
|
4. **Emit the allowlist + gaps notice.** List any custom domains the setup or runtime reaches
|
|
92
108
|
(from `networkAccess.allowlistDomains`, falling back to legacy `allowlistDomains`) that the user
|
|
93
109
|
must add when the environment needs Custom network access. Do not include default Trusted domains
|
|
@@ -123,6 +139,9 @@ shape, not a fixed payload):
|
|
|
123
139
|
# # Note: GH_TOKEN is for gh CLI only. Raw git uses Claude's connected-GitHub proxy/identity;
|
|
124
140
|
# # sibling repos reached only by raw git do not need to be in this token scope.
|
|
125
141
|
# - GH_TOKEN=<token> # REQUIRED, github is the active tracker+source
|
|
142
|
+
# - AWS_ACCESS_KEY_ID=<access-key-id> # REQUIRED when AWS inventory is active
|
|
143
|
+
# - AWS_SECRET_ACCESS_KEY=<secret-access-key> # REQUIRED when AWS inventory is active
|
|
144
|
+
# - AWS_SESSION_TOKEN=<session-token> # OPTIONAL for temporary bootstrap creds
|
|
126
145
|
# NETWORK: set the environment to Custom and allowlist these non-default domains if not on Full:
|
|
127
146
|
# - <networkAccess.allowlistDomains, if any>
|
|
128
147
|
set -uo pipefail
|
|
@@ -165,6 +184,14 @@ need gh || (sudo apt-get update -y && sudo apt-get install -y gh)
|
|
|
165
184
|
need jq || sudo apt-get install -y jq
|
|
166
185
|
require gh; require jq
|
|
167
186
|
|
|
187
|
+
# --- AWS assume-role profiles, when inventory includes awsProfiles ---
|
|
188
|
+
if [ -n "${AWS_ACCESS_KEY_ID:-}" ]; then
|
|
189
|
+
mkdir -p "$HOME/.aws"
|
|
190
|
+
# Generated stanzas use credential_source=Environment and contain no secrets.
|
|
191
|
+
# Agents should run: aws --profile <profile> ...
|
|
192
|
+
# Do not run aws sso login in headless routines; SSO requires an interactive browser/device flow.
|
|
193
|
+
fi
|
|
194
|
+
|
|
168
195
|
# --- optional, only with --include-optional ---
|
|
169
196
|
# (docker / ruby / chromium / etc., guarded)
|
|
170
197
|
```
|
|
@@ -186,6 +213,8 @@ to stop are: the analysis could not run, or the `--out` path is not writable.
|
|
|
186
213
|
raw git/cross-repo clone guidance must not expand the token scope to sibling repositories.
|
|
187
214
|
- Never emit an install for a tool the analysis did not surface, and never install `OPTIONAL` tools
|
|
188
215
|
unless `--include-optional` is set.
|
|
216
|
+
- When AWS is in the inventory, generate environment-backed assume-role profile stanzas from
|
|
217
|
+
`awsProfiles`; never emit `aws sso login` as a remote setup step.
|
|
189
218
|
- Prefer `networkAccess.allowlistDomains` over legacy top-level `allowlistDomains`; never emit
|
|
190
219
|
domains already covered by the routine environment's default Trusted list.
|
|
191
220
|
- Keep the script idempotent and detect-before-install so it is safe to re-run and cache.
|
|
@@ -100,10 +100,10 @@ Read `app/` directory structure to discover all available routes.
|
|
|
100
100
|
|---------|-------------|-----|
|
|
101
101
|
| `port 8081 already in use` | Previous Metro bundler running | `lsof -ti :8081 \| xargs kill -9` |
|
|
102
102
|
| `port 3000 already in use` | Previous backend running | `lsof -ti :3000 \| xargs kill -9` |
|
|
103
|
-
| `ExpiredTokenException` | AWS
|
|
103
|
+
| `ExpiredTokenException` | AWS credentials expired | Interactive local: refresh the backend AWS signin flow. Headless: use the environment-backed AWS profile; do not start an SSO browser/device flow |
|
|
104
104
|
| Metro bundler crash | Cache corruption | `bun start:local --clear` |
|
|
105
105
|
| `ECONNREFUSED localhost:3000` | Backend not running | Start backend first, then frontend |
|
|
106
|
-
| Migration fails | Missing AWS credentials |
|
|
106
|
+
| Migration fails | Missing AWS credentials | Verify `aws sts get-caller-identity --profile {profile}`; use interactive signin only locally, environment-backed profile headless |
|
|
107
107
|
| EAS CLI not found | Not installed globally | `npm install -g eas-cli` |
|
|
108
108
|
| `sls` not found | Serverless not installed | `cd $BACKEND_DIR && bun install` |
|
|
109
109
|
| GraphQL schema mismatch | Stale generated types | Run `generate:types:{env}` script |
|
|
@@ -132,9 +132,14 @@ Discover available log scripts from the backend `package.json` (matching `logs:*
|
|
|
132
132
|
|
|
133
133
|
```bash
|
|
134
134
|
cd "${BACKEND_DIR:-../backend-v2}"
|
|
135
|
-
|
|
135
|
+
aws sts get-caller-identity --profile {aws-profile} 2>/dev/null
|
|
136
136
|
```
|
|
137
137
|
|
|
138
|
+
If this is an interactive local session and credentials are expired, refresh the backend's local
|
|
139
|
+
AWS signin flow. In a headless or remote-routine session, do not start an SSO browser/device flow;
|
|
140
|
+
use the preconfigured `~/.aws/config` profile backed by `AWS_ACCESS_KEY_ID` /
|
|
141
|
+
`AWS_SECRET_ACCESS_KEY` environment credentials.
|
|
142
|
+
|
|
138
143
|
### View Recent Logs
|
|
139
144
|
|
|
140
145
|
```bash
|
|
@@ -151,7 +156,8 @@ FUNCTION_NAME={fn} bun run logs:watch:{env}
|
|
|
151
156
|
|
|
152
157
|
## Remote Logs (AWS CLI — Advanced Filtering)
|
|
153
158
|
|
|
154
|
-
For more advanced filtering, use the AWS CLI directly. Discover the AWS profile from backend
|
|
159
|
+
For more advanced filtering, use the AWS CLI directly. Discover the AWS profile from backend
|
|
160
|
+
`package.json` scripts or the remote-routine `~/.aws/config` profile.
|
|
155
161
|
|
|
156
162
|
### Discover Log Groups
|
|
157
163
|
|
|
@@ -29,7 +29,7 @@ Read the backend `package.json` to discover available migration and schema scrip
|
|
|
29
29
|
- `migration:generate:*` — generate new migration from entity changes
|
|
30
30
|
- `migration:create` — create empty migration
|
|
31
31
|
- `generate:sql-schema*` — regenerate SQL schema for MCP
|
|
32
|
-
- `aws:signin:*`
|
|
32
|
+
- AWS credential/profile scripts such as `aws:signin:*` and any environment-backed remote profile
|
|
33
33
|
|
|
34
34
|
Read the frontend `package.json` to discover codegen scripts:
|
|
35
35
|
- `fetch:graphql:schema:*` — fetch GraphQL schema
|
|
@@ -37,13 +37,17 @@ Read the frontend `package.json` to discover codegen scripts:
|
|
|
37
37
|
|
|
38
38
|
## AWS Prerequisite
|
|
39
39
|
|
|
40
|
-
All database operations (except `codegen`) require AWS credentials.
|
|
40
|
+
All database operations (except `codegen`) require AWS credentials. Verify the target profile first:
|
|
41
41
|
|
|
42
42
|
```bash
|
|
43
43
|
cd "${BACKEND_DIR:-../backend-v2}"
|
|
44
|
-
|
|
44
|
+
aws sts get-caller-identity --profile {aws-profile}
|
|
45
45
|
```
|
|
46
46
|
|
|
47
|
+
If this is an interactive local session and credentials are expired, refresh the backend's local AWS
|
|
48
|
+
signin flow. In a headless or remote-routine session, use the preconfigured environment-backed
|
|
49
|
+
assume-role profile and do not start an SSO browser/device flow.
|
|
50
|
+
|
|
47
51
|
## Operations
|
|
48
52
|
|
|
49
53
|
### migrate (run pending migrations)
|
|
@@ -73,11 +73,15 @@ Use for JS-only changes (no native module changes).
|
|
|
73
73
|
|
|
74
74
|
### Full Deploy (Serverless Framework)
|
|
75
75
|
|
|
76
|
-
1. AWS
|
|
76
|
+
1. Verify AWS credentials (discover the profile from backend `package.json` or remote-routine
|
|
77
|
+
`~/.aws/config`):
|
|
77
78
|
```bash
|
|
78
79
|
cd "${BACKEND_DIR:-../backend-v2}"
|
|
79
|
-
|
|
80
|
+
aws sts get-caller-identity --profile {aws-profile}
|
|
80
81
|
```
|
|
82
|
+
If this is an interactive local session and credentials are expired, refresh the backend's local
|
|
83
|
+
AWS signin flow. In a headless or remote-routine session, use the environment-backed assume-role
|
|
84
|
+
profile and do not start an SSO browser/device flow.
|
|
81
85
|
|
|
82
86
|
2. Deploy all functions:
|
|
83
87
|
```bash
|
|
@@ -95,11 +95,14 @@ Use when the backend is already deployed and you only need the frontend.
|
|
|
95
95
|
|
|
96
96
|
### start-backend (backend only)
|
|
97
97
|
|
|
98
|
-
1. Check AWS credentials (discover profile from backend `package.json`
|
|
98
|
+
1. Check AWS credentials (discover profile from backend `package.json` scripts or remote-routine
|
|
99
|
+
`~/.aws/config`):
|
|
99
100
|
```bash
|
|
100
101
|
aws sts get-caller-identity --profile {aws-profile} 2>/dev/null
|
|
101
102
|
```
|
|
102
|
-
If expired,
|
|
103
|
+
If this is an interactive local session and credentials are expired, refresh the backend's local
|
|
104
|
+
AWS signin flow. In headless sessions, rely on the configured environment-backed AWS profile and
|
|
105
|
+
do not start an SSO browser/device flow.
|
|
103
106
|
|
|
104
107
|
2. Start:
|
|
105
108
|
```bash
|
|
@@ -206,7 +206,7 @@ check_env() {
|
|
|
206
206
|
| Solid Queue jobs stuck | Worker process crashed | Check `docker compose logs worker`; restart worker container |
|
|
207
207
|
| Migrations fail on deploy | Unsafe migration detected by Strong Migrations | Fix the migration per Strong Migrations guidance, then redeploy |
|
|
208
208
|
| `ActiveRecord::NoDatabaseError` | Database not created | `bin/rails db:create` (local) or check ECS task definition env vars |
|
|
209
|
-
| AWS credentials expired | SSO session timed out |
|
|
209
|
+
| AWS credentials expired | SSO session timed out locally, or missing env-backed profile headless | Interactive local: refresh the local AWS profile outside headless automation. Headless: use the configured environment-backed assume-role profile |
|
|
210
210
|
| ECS tasks keep restarting | Health check failing or OOM | Check CloudWatch logs for the task; verify `/up` returns 200; check memory limits |
|
|
211
211
|
| OpenTelemetry traces missing | Collector not configured or endpoint wrong | Verify `OTEL_EXPORTER_OTLP_ENDPOINT` in environment; check collector sidecar logs |
|
|
212
212
|
| `Bundler::GemNotFound` | Missing `bundle install` after Gemfile change | `bundle install` locally; for deploy, rebuild Docker image |
|