@heart-of-gold/toolkit 0.1.17 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@heart-of-gold/toolkit",
3
- "version": "0.1.17",
3
+ "version": "0.1.19",
4
4
  "type": "module",
5
5
  "description": "Cross-platform installer for Heart of Gold skills — works with Codex, OpenCode, Pi, Claude Code, and more",
6
6
  "bin": {
@@ -9,7 +9,14 @@ Use this skill to hand a bounded task to Claude Code from the current harness, c
9
9
 
10
10
  This skill is task-based, not review-only. Anthropic's `plan` mode is a read-only analysis mode, but because Claude Code frames it as "Plan Mode," do not treat it as the default for reviews. Prefer `default` for normal reviews and `acceptEdits` for implementation work unless you specifically want strict read-only behavior.
11
11
 
12
- The canonical execution path is direct `claude` CLI usage, mirroring the `codex` skill's direct `codex exec` pattern. The bundled wrapper is optional and must not replace the direct path unless the user explicitly asks for it or you are debugging Claude Code invocation behavior itself.
12
+ The canonical execution path is direct `claude` CLI usage, mirroring the `codex` skill's direct `codex exec` pattern. Keep the workflow simple:
13
+
14
+ - Ask which model to use.
15
+ - Run one direct `claude` command.
16
+ - If it works, summarize Claude's output.
17
+ - If it fails or hangs, report that clearly and stop.
18
+
19
+ Do not turn a failed Claude run into an improvised shell pipeline, background polling loop, or manual artifact-concatenation workaround unless the user explicitly asks for that style of invocation.
13
20
 
14
21
  ## Available Models
15
22
 
@@ -65,6 +72,7 @@ Choose the permission mode based on what Claude Code needs to do:
65
72
  - `plan` only when you specifically want read-only analysis with no command execution
66
73
  7. Run the command, capture stdout/stderr, and summarize the outcome for the user.
67
74
  8. If Claude Code does not actually return output, stop and report that failure. Do not substitute your own review or analysis and present it as if it came from Claude Code.
75
+ 9. Do not add fallback layers automatically. One direct Claude attempt is the normal path. A retry is acceptable only when the user asks for it or when you have a concrete reason to change one thing, such as model, permission mode, or execution environment.
68
76
 
69
77
  ## Codex Execution
70
78
 
@@ -73,6 +81,7 @@ When this skill is used from Codex, the skill cannot bypass Codex sandbox policy
73
81
  - Prefer the direct `claude` command patterns in this skill. Do not silently substitute the bundled wrapper for the normal path just because it exists.
74
82
  - Run inside the sandbox first when the task is clearly local and read-only.
75
83
  - If Claude Code needs network access, auth refresh, access outside the writable sandbox, or the in-sandbox run fails or hangs for likely sandbox reasons, rerun via `exec_command` with `sandbox_permissions: "require_escalated"`.
84
+ - If you verify that direct `claude -p` works outside the sandbox but hangs inside it in the current environment, stop treating the sandboxed path as normal. For the rest of that Codex session, prefer reviewer-approved elevated execution as the default path for actual Claude invocations.
76
85
  - Use a concise justification that tells the reviewer why Claude Code needs elevation, for example:
77
86
  - "Do you want me to run Claude Code with network access so it can authenticate and complete this review?"
78
87
  - "Do you want me to rerun Claude Code outside the sandbox because the in-sandbox headless run appears blocked by permissions?"
@@ -84,16 +93,31 @@ When this skill is used from Codex, the skill cannot bypass Codex sandbox policy
84
93
  - Use `--max-turns` for automation. It keeps review and implementation runs bounded.
85
94
  - Use `--output-format json` when another agent or script needs structured output.
86
95
  - Use `--allowedTools` to make headless runs more reliable and safer.
87
- - Pipe diffs or logs into Claude for read-only analysis instead of asking Claude to execute shell commands just to fetch them.
96
+ - Prefer letting Claude inspect the repo directly for normal review and implementation tasks.
97
+ - Pass diffs or logs via stdin only when the user explicitly wants artifact-only review or when direct repo access is intentionally unavailable.
88
98
  - Use `acceptEdits` for real implementation work; do not force read-only `plan` mode onto edit tasks.
89
99
  - Use `bypassPermissions` only in a trusted sandbox and only with explicit user approval.
90
100
  - Use `-r latest -p` for follow-up instead of re-explaining the entire task.
101
+ - Avoid giant `cat file1 file2 ... | claude ...` constructions as a default strategy. They are brittle, hard to inspect, and a poor substitute for direct Claude access to the repo.
91
102
 
92
103
  ## Recommended Patterns
93
104
 
94
- ### 1. Review a provided diff
105
+ ### 1. Review the repo directly
106
+
107
+ Use this as the normal review path:
108
+
109
+ ```bash
110
+ claude -p \
111
+ --output-format text \
112
+ --model sonnet \
113
+ --permission-mode default \
114
+ --max-turns 4 \
115
+ "Review how the workshop skill is designed in this repo and whether it should be improved. Return findings ordered by severity."
116
+ ```
117
+
118
+ ### 2. Review a provided diff only
95
119
 
96
- Pass the diff via stdin and ask for review directly. Use `default` unless you specifically want strict read-only analysis:
120
+ Use stdin only when you intentionally want a bounded artifact review:
97
121
 
98
122
  ```bash
99
123
  git diff --staged | claude -p \
@@ -104,9 +128,9 @@ git diff --staged | claude -p \
104
128
  "Review this diff. Return findings ordered by severity with file paths and concise explanations."
105
129
  ```
106
130
 
107
- ### 2. Ask Claude to inspect the repo and analyze
131
+ ### 3. Ask Claude to inspect the repo and analyze with tighter tool bounds
108
132
 
109
- Use `default` or a constrained tool set when Claude needs to discover context itself:
133
+ Use this when Claude should inspect the repo but you want tighter limits:
110
134
 
111
135
  ```bash
112
136
  claude -p \
@@ -118,7 +142,7 @@ claude -p \
118
142
  "Analyze the current changes and explain the main design risks."
119
143
  ```
120
144
 
121
- ### 3. Ask Claude to implement or refactor
145
+ ### 4. Ask Claude to implement or refactor
122
146
 
123
147
  Use `acceptEdits` when Claude should change files:
124
148
 
@@ -132,7 +156,7 @@ claude -p \
132
156
  "Implement the requested change in the current repo, keep the diff minimal, and summarize what changed."
133
157
  ```
134
158
 
135
- ### 4. Resume the latest Claude Code session
159
+ ### 5. Resume the latest Claude Code session
136
160
 
137
161
  ```bash
138
162
  claude -r latest -p \
@@ -140,7 +164,7 @@ claude -r latest -p \
140
164
  "Focus only on the migration risk you mentioned earlier. What is the safest rollout plan?"
141
165
  ```
142
166
 
143
- ### 5. Request structured output for automation
167
+ ### 6. Request structured output for automation
144
168
 
145
169
  ```bash
146
170
  claude -p \
@@ -151,7 +175,7 @@ claude -p \
151
175
  "Summarize the provided diff as JSON with keys: verdict, findings, risks."
152
176
  ```
153
177
 
154
- ### 6. Use strict read-only analysis mode explicitly
178
+ ### 7. Use strict read-only analysis mode explicitly
155
179
 
156
180
  Use `plan` only when you want Claude prevented from executing commands or editing files:
157
181
 
@@ -231,5 +255,7 @@ claude -r latest -p \
231
255
  - If Claude Code reports permission issues, choose the correct permission mode or constrain tools explicitly.
232
256
  - If a headless run gets stuck on permissions, either switch to `plan`, use `acceptEdits`, or provide `--allowedTools` / a permission prompt tool.
233
257
  - In Codex, if the likely cause is sandboxing or network denial, rerun with reviewer-approved `require_escalated` execution instead of repeatedly retrying the same sandboxed command.
258
+ - In Codex, if you have already confirmed that elevated execution works and sandboxed execution hangs, do not re-run the sandboxed path again during the same task.
234
259
  - Do not use `bypassPermissions` unless the user explicitly approves it.
235
260
  - If the direct `claude` path fails, report that failure directly. Do not route around it by pretending a wrapper run or a self-authored review is equivalent to Claude output.
261
+ - Do not automatically fall back to concatenating many files into stdin just because a direct Claude run failed once.
package/src/index.ts CHANGED
@@ -7,7 +7,7 @@ import { targetsCommand } from "./commands/targets";
7
7
  const main = defineCommand({
8
8
  meta: {
9
9
  name: "heart-of-gold",
10
- version: "0.1.17",
10
+ version: "0.1.19",
11
11
  description:
12
12
  "Cross-platform installer for Heart of Gold skills — Codex, OpenCode, Pi, Claude Code, and more",
13
13
  },