@paulduvall/claude-dev-toolkit 0.0.1-alpha.2 → 0.0.1-alpha.21

package/commands/experiments/xconstraints.md

@@ -0,0 +1,89 @@
+---
+description: Manage and enforce development constraints for quality and compliance
+tags: [constraints, quality, compliance, validation, governance]
+---
+
+Manage development constraints based on the arguments provided in $ARGUMENTS.
+
+First, check for existing constraint configuration:
+!ls -la .constraints.yml .constraints.yaml 2>/dev/null || echo "No constraint configuration found"
+!find . -name "*constraint*" -o -name "*rule*" | head -5
+
+Based on $ARGUMENTS, perform the appropriate constraint operation:
+
+## 1. Define New Constraints
+
+If defining constraints (--define):
+!touch .constraints.yml
+!echo "Adding constraint: $constraint_name" >> .constraints.yml
+
+Common constraint types to define:
+- Code complexity limits (max_complexity=10)
+- File size limits (max_lines=500)
+- Naming conventions (snake_case, camelCase)
+- Security patterns (no_secrets, https_only)
+- Architecture boundaries (no_direct_db_access)
+
+## 2. Enforce Constraints
+
+If enforcing constraints (--enforce):
+!python -m flake8 --max-complexity=10 . 2>/dev/null || echo "No Python linter available"
+!eslint --max-complexity 10 . 2>/dev/null || echo "No JavaScript linter available"
+!grep -r "password\|secret\|key" . --exclude-dir=.git | head -5 || echo "No hardcoded secrets found"
+
+Check for:
+- Code complexity violations
+- File size violations
+- Naming convention violations
+- Security violations
+- Architecture violations
+
+## 3. Validate Compliance
+
+If validating constraints (--validate):
+!find . -name "*.py" -exec wc -l {} \; | awk '$1 > 500 {print $2 ": " $1 " lines (exceeds 500)"}'
+!find . -name "*.js" -exec wc -l {} \; | awk '$1 > 300 {print $2 ": " $1 " lines (exceeds 300)"}'
+
+Validate:
+- Code meets complexity limits
+- Files are within size limits
+- Naming follows conventions
+- No security violations
+- Architecture boundaries respected
+
+## 4. List Current Constraints
+
+If listing constraints (--list):
+@.constraints.yml 2>/dev/null || echo "No constraints file found"
+!echo "Active constraints:"
+!echo "- Max complexity: 10"
+!echo "- Max file lines: 500"
+!echo "- Naming: snake_case (Python), camelCase (JavaScript)"
+!echo "- Security: No hardcoded secrets"
+
+## 5. Generate Compliance Report
+
+If generating report (--report):
+!date
+!echo "=== Constraint Compliance Report ==="
+!echo "Project: $(basename $(pwd))"
+
+Run constraint checks:
+!python -c "import ast; print('Python syntax check: OK')" 2>/dev/null || echo "Python syntax issues found"
+!node -c "console.log('JavaScript syntax check: OK')" 2>/dev/null || echo "JavaScript syntax issues found"
+
+Generate summary:
+- Total files checked
+- Violations found
+- Compliance percentage
+- Recommendations for fixes
+
+Think step by step about constraint violations and provide:
+- Current compliance status
+- Specific violations found
+- Prioritized fix recommendations
+- Prevention strategies
+- Integration suggestions
+
+Report overall constraint health and suggest improvements for maintaining code quality and compliance.
+

package/commands/experiments/xcoverage.md

@@ -0,0 +1,90 @@
+---
+description: Comprehensive dual coverage analysis for code and specifications
+tags: [coverage, testing, specifications, quality, metrics]
+---
+
+Perform dual coverage analysis based on the arguments provided in $ARGUMENTS.
+
+First, examine the project structure for test files and coverage tools:
+!find . -name "*test*" -o -name "*spec*" | grep -E "\.(py|js|ts)$" | head -10
+!ls -la | grep -E "(pytest|jest|coverage|nyc)"
+!which pytest 2>/dev/null || which npm 2>/dev/null || echo "No test runners found"
+
+Based on $ARGUMENTS, perform the appropriate coverage analysis:
+
+## 1. HTML Coverage Report Generation
+
+If generating HTML report (--html):
+!python -m pytest --cov=. --cov-report=html 2>/dev/null || npm test -- --coverage 2>/dev/null || echo "No coverage tools configured"
+!ls htmlcov/ 2>/dev/null && echo "HTML report generated in htmlcov/" || echo "No HTML coverage report found"
+
+## 2. Missing Coverage Analysis
+
+If checking missing coverage (--missing):
+!python -m pytest --cov=. --cov-report=term-missing 2>/dev/null || echo "Python coverage not available"
+!npm test -- --coverage --verbose 2>/dev/null || echo "JavaScript coverage not available"
+
+Show uncovered lines and specifications that need attention.
+
+## 3. Specification Coverage Analysis
+
+If checking specific specification (--spec):
+@specs/ 2>/dev/null || echo "No specs directory found"
+!find . -name "*test*" -exec grep -l "$spec_id" {} \; 2>/dev/null
+
+Analyze:
+- Tests linked to the specification
+- Code coverage for specification implementation
+- Traceability from spec to test to code
+
+## 4. Dual Coverage Metrics
+
+If showing dual coverage (--dual):
+!python -m pytest --cov=. --cov-report=term 2>/dev/null | grep "TOTAL" || echo "Code coverage not available"
+!find specs/ -name "*.md" 2>/dev/null | wc -l | xargs echo "Total specifications:"
+!find . -name "*test*" 2>/dev/null | wc -l | xargs echo "Total test files:"
+
+Calculate:
+- Code coverage percentage
+- Specification coverage percentage
+- Traceability coverage percentage
+- Combined dual coverage score
+
+## 5. Authority Level Coverage
+
+If checking by authority (--authority):
+!grep -r "authority=$authority_level" specs/ 2>/dev/null || echo "No authority specifications found"
+
+Break down coverage by:
+- System level specifications
+- Platform level specifications  
+- Developer level specifications
+
+## 6. Coverage Gaps Analysis
+
+If identifying gaps (--gaps):
+!find specs/ -name "*.md" -exec basename {} \; 2>/dev/null | sed 's/\.md$//' > /tmp/specs.txt
+!find . -name "*test*" -exec grep -l "spec" {} \; 2>/dev/null | xargs grep -o "spec[0-9a-zA-Z]*" | sort -u > /tmp/tested_specs.txt
+!comm -23 <(sort /tmp/specs.txt) <(sort /tmp/tested_specs.txt) 2>/dev/null || echo "Gap analysis not available"
+
+Identify:
+- Specifications without tests
+- Code without specification coverage
+- Missing traceability links
+
+## 7. Comprehensive Metrics Dashboard
+
+If generating metrics (--metrics):
+!uptime
+!date
+
+Think step by step about coverage analysis and provide:
+- Current code coverage percentage
+- Specification coverage percentage
+- Traceability coverage percentage
+- Gap analysis summary
+- Recommendations for improvement
+- Coverage trends and targets
+
+Generate a comprehensive coverage report with actionable insights and recommendations.
+

package/commands/experiments/xdb.md

@@ -0,0 +1,102 @@
+---
+description: Comprehensive database management, migrations, and performance operations
+tags: [database, schema, migration, performance, backup]
+---
+
+Perform database operations based on the arguments provided in $ARGUMENTS.
+
+First, examine the project for database configuration and tools:
+!ls -la | grep -E "(database|db|migration|schema)"
+!find . -name "*.sql" -o -name "*migration*" -o -name "*schema*" | head -10
+!which psql 2>/dev/null || which mysql 2>/dev/null || which sqlite3 2>/dev/null || echo "No database clients found"
+
+Based on $ARGUMENTS, perform the appropriate database operation:
+
+## 1. Schema Management
+
+If managing schema (--schema):
+!find . -name "schema.sql" -o -name "*.schema" | head -5
+!ls models/ 2>/dev/null || ls app/models/ 2>/dev/null || echo "No models directory found"
+
+For schema operations:
+- Check existing schema files
+- Validate schema syntax
+- Generate schema documentation
+- Compare schema versions
+
+## 2. Migration Operations
+
+If handling migrations (--migrate):
+!find . -name "*migration*" -o -path "*/migrations/*" | head -10
+!python manage.py showmigrations 2>/dev/null || rails db:migrate:status 2>/dev/null || echo "No migration framework detected"
+
+Migration tasks:
+- Check migration status
+- Run pending migrations
+- Create new migration files
+- Rollback migrations if needed
+
+## 3. Data Seeding
+
+If seeding data (--seed):
+!find . -name "*seed*" -o -name "*fixture*" | head -5
+!python manage.py loaddata 2>/dev/null || rails db:seed 2>/dev/null || echo "No seeding framework detected"
+
+Seeding operations:
+- Load test fixtures
+- Populate sample data
+- Environment-specific seeding
+- Data validation after seeding
+
+## 4. Performance Analysis
+
+If analyzing performance (--performance):
+!ps aux | grep -E "(postgres|mysql|sqlite)" | head -3
+!top -l 1 | grep -E "(CPU|Memory)" 2>/dev/null || echo "System stats not available"
+
+Performance checks:
+- Database connection status
+- Query performance analysis
+- Index optimization suggestions
+- Resource usage monitoring
+
+## 5. Backup Operations
+
+If performing backup (--backup):
+!ls -la *.sql *.dump 2>/dev/null || echo "No backup files found"
+!which pg_dump 2>/dev/null || which mysqldump 2>/dev/null || echo "No backup tools found"
+
+Backup tasks:
+- Create database backups
+- Verify backup integrity
+- Schedule automated backups
+- Test restore procedures
+
+## 6. Database Testing
+
+If testing database (--test):
+!python -m pytest tests/test_*db* 2>/dev/null || npm test 2>/dev/null || echo "No database tests found"
+!find . -name "*test*" | grep -i db | head -5
+
+Testing operations:
+- Run database unit tests
+- Test migration scripts
+- Validate data integrity
+- Check constraint violations
+
+## 7. Connection and Status
+
+Check database connectivity:
+!python -c "import sqlite3; print('SQLite available')" 2>/dev/null || echo "SQLite not available"
+!python -c "import psycopg2; print('PostgreSQL client available')" 2>/dev/null || echo "PostgreSQL client not available"
+!python -c "import pymongo; print('MongoDB client available')" 2>/dev/null || echo "MongoDB client not available"
+
+Think step by step about database operations and provide:
+- Current database status
+- Available operations for detected database type
+- Recommendations for database optimization
+- Best practices for data management
+- Security considerations
+
+Generate database management report with actionable recommendations.
+

package/commands/experiments/xdesign.md

@@ -0,0 +1,121 @@
+---
+description: Apply design patterns and architectural principles to improve code quality
+tags: [design-patterns, architecture, solid, refactoring, best-practices]
+---
+
+Analyze code structure and apply design patterns based on the arguments provided in $ARGUMENTS.
+
+First, examine the project structure and identify current patterns:
+!find . -name "*.py" -o -name "*.js" -o -name "*.ts" -o -name "*.java" | head -15
+!ls -la src/ app/ lib/ 2>/dev/null || echo "No standard source directories found"
+
+Based on $ARGUMENTS, perform the appropriate design analysis:
+
+## 1. Pattern Analysis and Suggestions
+
+If analyzing patterns (--patterns, --analyze):
+!grep -r "class" . --include="*.py" --include="*.js" --include="*.ts" | head -10
+!grep -r "interface\|abstract" . --include="*.py" --include="*.js" --include="*.ts" | head -5
+
+Analyze current code for:
+- Existing design patterns
+- Anti-patterns and code smells
+- Opportunities for pattern application
+- Architectural structure
+
+## 2. SOLID Principles Assessment
+
+If checking SOLID principles (--solid, --principles):
+!find . -name "*.py" -exec grep -l "class" {} \; | head -5
+!python -c "import ast; print('Analyzing class structures...')" 2>/dev/null || echo "Python AST analysis not available"
+
+Check for:
+- Single Responsibility Principle violations
+- Open/Closed Principle compliance
+- Liskov Substitution Principle adherence
+- Interface Segregation implementation
+- Dependency Inversion usage
+
+## 3. Code Quality Analysis
+
+If checking DRY violations (--dry):
+!grep -r "def\|function" . --include="*.py" --include="*.js" | cut -d: -f2 | sort | uniq -c | sort -nr | head -10
+!find . -name "*.py" -exec grep -l "copy\|duplicate" {} \; 2>/dev/null
+
+Identify:
+- Duplicated code blocks
+- Similar functions/methods
+- Copy-paste patterns
+- Refactoring opportunities
+
+## 4. Coupling and Cohesion Analysis
+
+If analyzing coupling (--coupling):
+!find . -name "*.py" -exec grep -c "import" {} \; | sort -nr | head -10
+!grep -r "from.*import" . --include="*.py" | wc -l
+
+Evaluate:
+- Module dependencies
+- Import complexity
+- Circular dependencies
+- Cohesion within modules
+
+## 5. Refactoring Suggestions
+
+If providing refactoring guidance (--refactor):
+!find . -name "*.py" -exec wc -l {} \; | awk '$1 > 100 {print $2 ": " $1 " lines (consider refactoring)"}'
+!grep -r "def" . --include="*.py" | wc -l | xargs echo "Total functions:"
+
+Suggest:
+- Extract method opportunities
+- Class decomposition
+- Interface extraction
+- Dependency injection improvements
+
+## 6. Specific Pattern Implementation
+
+If implementing specific patterns (--factory, --observer, --strategy):
+@src/ 2>/dev/null || @app/ 2>/dev/null || echo "No source directory to analyze"
+
+Pattern suggestions based on context:
+- Factory patterns for object creation
+- Observer patterns for event handling
+- Strategy patterns for algorithm selection
+- Repository patterns for data access
+- Decorator patterns for feature extension
+
+## 7. Architecture Pattern Assessment
+
+If checking architecture patterns (--mvc, --repository):
+!find . -name "*model*" -o -name "*view*" -o -name "*controller*" | head -10
+!find . -name "*repository*" -o -name "*service*" -o -name "*dao*" | head -5
+
+Assess current architecture:
+- MVC pattern implementation
+- Layer separation
+- Service layer design
+- Data access patterns
+
+## 8. Best Practices Review
+
+If reviewing best practices (--best-practices, --clean-code):
+!python -m flake8 . 2>/dev/null | head -10 || echo "No Python linting available"
+!eslint . 2>/dev/null | head -10 || echo "No JavaScript linting available"
+
+Review:
+- Naming conventions
+- Function/method length
+- Class responsibilities
+- Code complexity
+- Documentation quality
+
+Think step by step about design improvements and provide:
+- Current design pattern usage
+- Anti-pattern identification
+- SOLID principle compliance
+- Refactoring recommendations
+- Architecture improvement suggestions
+- Implementation guidance for suggested patterns
+
+Generate a comprehensive design analysis with actionable recommendations for code quality improvement.
+

package/commands/experiments/xdevcontainer.md

@@ -0,0 +1,238 @@
+---
+description: Set up Anthropic's official devcontainer for running Claude Code with --dangerously-skip-permissions safely
+tags: [devcontainer, security, isolation, docker, autonomous, permissions]
+---
+
+Set up a secure devcontainer environment based on Anthropic's official reference implementation.
+
+Reference: https://docs.anthropic.com/en/docs/claude-code/devcontainer
+
+First, check the current environment and any existing configuration:
+!ls -la .devcontainer/ 2>/dev/null || echo "No existing devcontainer configuration"
+!which docker 2>/dev/null && docker --version || echo "Docker not installed"
+!which devcontainer 2>/dev/null && devcontainer --version || echo "devcontainer CLI not installed"
+!echo "ANTHROPIC_API_KEY is $([ -n \"$ANTHROPIC_API_KEY\" ] && echo 'set' || echo 'NOT SET')"
+
+Based on $ARGUMENTS, perform the appropriate devcontainer operation:
+
+## 1. Create Devcontainer (default, --create, --setup)
+
+If creating a new devcontainer configuration or no arguments provided:
+
+### Recommended Security Configuration
+
+Create `.devcontainer/devcontainer.json`:
+```json
+{
+  "name": "Claude Code Sandbox",
+  "build": {
+    "dockerfile": "Dockerfile"
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/node:1": {},
+    "ghcr.io/devcontainers/features/python:1": {},
+    "ghcr.io/devcontainers/features/git:1": {},
+    "ghcr.io/devcontainers/features/github-cli:1": {},
+    "ghcr.io/devcontainers/features/aws-cli:1": {},
+    "ghcr.io/devcontainers/features/docker-in-docker:1": {}
+  },
+  "postCreateCommand": "npm install -g @anthropic-ai/claude-code && pip install --user boto3 requests",
+  "remoteEnv": {
+    "ANTHROPIC_API_KEY": "${localEnv:ANTHROPIC_API_KEY}",
+    "GITHUB_TOKEN": "${localEnv:GITHUB_TOKEN}",
+    "AWS_ACCESS_KEY_ID": "${localEnv:AWS_ACCESS_KEY_ID}",
+    "AWS_SECRET_ACCESS_KEY": "${localEnv:AWS_SECRET_ACCESS_KEY}",
+    "AWS_DEFAULT_REGION": "${localEnv:AWS_DEFAULT_REGION}"
+  },
+  "runArgs": [
+    "--cap-drop=ALL",
+    "--security-opt=no-new-privileges"
+  ],
+  "mounts": [],
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "anthropic.claude-code"
+      ],
+      "settings": {
+        "terminal.integrated.defaultProfile.linux": "bash"
+      }
+    }
+  }
+}
+```
+
+Create `.devcontainer/Dockerfile`:
+```dockerfile
+# Anthropic's recommended devcontainer for Claude Code
+# Reference: https://docs.anthropic.com/en/docs/claude-code/devcontainer
+FROM mcr.microsoft.com/devcontainers/base:ubuntu
+
+# Security labels
+LABEL org.opencontainers.image.title="Claude Code Sandbox"
+LABEL org.opencontainers.image.description="Secure container for running Claude Code with --dangerously-skip-permissions"
+LABEL org.opencontainers.image.vendor="Generated by setup-devcontainer.sh"
+
+# Install essential security tools
+RUN apt-get update && apt-get install -y \
+    curl \
+    ca-certificates \
+    gnupg \
+    lsb-release \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Network firewall - only allow specific domains
+RUN apt-get update && apt-get install -y iptables dnsutils && \
+    apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Create firewall setup script (runs at container start)
+# Rules are processed in order - first match wins
+RUN echo '#!/bin/bash' > /usr/local/bin/setup-firewall.sh && \
+    echo 'set -e' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -o lo -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p udp --dport 53 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp -d api.anthropic.com --dport 443 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp -d github.com --dport 443 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp -d registry.npmjs.org --dport 443 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp -d pypi.org --dport 443 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp -d files.pythonhosted.org --dport 443 -j ACCEPT' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp --dport 443 -j DROP' >> /usr/local/bin/setup-firewall.sh && \
+    echo 'iptables -A OUTPUT -p tcp --dport 80 -j DROP' >> /usr/local/bin/setup-firewall.sh && \
+    chmod +x /usr/local/bin/setup-firewall.sh
+
+# Create non-root user workspace
+RUN mkdir -p /workspace && chown vscode:vscode /workspace
+WORKDIR /workspace
+
+# Default to non-root user
+USER vscode
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -sf https://api.anthropic.com/health || exit 1
+```
+
+Key security features:
+- **`--cap-drop=ALL`**: Drops all Linux capabilities
+- **`--security-opt=no-new-privileges`**: Prevents privilege escalation
+- **Network firewall**: Only allows traffic to allowlisted domains
+- **No mounts**: Isolates from host filesystem
+
+## 2. Using the Setup Script (--script)
+
+If the user wants to use the automated setup script:
+!ls -la setup-devcontainer.sh 2>/dev/null || echo "Script not in current directory"
+
+Run the setup script:
+```bash
+# Full setup with recommended security
+./setup-devcontainer.sh
+
+# Minimal setup (Node.js and Git only)
+./setup-devcontainer.sh --minimal
+
+# Skip network firewall restrictions
+./setup-devcontainer.sh --no-network-firewall
+
+# Preview what would be created
+./setup-devcontainer.sh --dry-run
+
+# Strict mode for CI (fails if prerequisites missing)
+./setup-devcontainer.sh --strict
+
+# Add custom domains for enterprise private registries
+./setup-devcontainer.sh --allow-domain internal.registry.com
+
+# Or use environment variable for extra domains
+DEVCONTAINER_EXTRA_DOMAINS="internal.registry.com,npm.mycompany.com" ./setup-devcontainer.sh
+```
+
+## 3. Start Container (--start, --up)
+
+If starting the devcontainer:
+!docker ps -a | grep -i devcontainer | head -3 || echo "No devcontainer running"
+
+Start commands:
+```bash
+# Using VS Code
+# Cmd/Ctrl+Shift+P → "Dev Containers: Reopen in Container"
+
+# Using devcontainer CLI
+devcontainer up --workspace-folder .
+devcontainer exec --workspace-folder . claude --dangerously-skip-permissions
+```
+
+## 4. Security Validation (--validate, --check)
+
+If validating the devcontainer security:
+!cat .devcontainer/devcontainer.json 2>/dev/null | grep -E "(cap-drop|no-new-privileges|mounts)" || echo "Security settings not found"
+!cat .devcontainer/Dockerfile 2>/dev/null | grep -E "(iptables|DROP)" || echo "Firewall rules not found"
+
+Verify:
+- [ ] `--cap-drop=ALL` is present in runArgs
+- [ ] `--security-opt=no-new-privileges` is present
+- [ ] Network firewall rules block unauthorized outbound traffic
+- [ ] No host filesystem mounts configured
+
+## 5. Cleanup (--cleanup, --remove)
+
+If cleaning up devcontainer:
+```bash
+# Stop and remove container
+devcontainer down --workspace-folder .
+
+# Remove configuration (optional)
+rm -rf .devcontainer/
+```
+
+## Comparison: /sandbox vs Devcontainer
+
+| Aspect | Claude's `/sandbox` | Devcontainer |
+|--------|---------------------|--------------|
+| **Purpose** | Run code snippets safely | Run Claude itself isolated |
+| **Scope** | Ephemeral execution | Persistent dev environment |
+| **What's isolated** | Your code | The entire Claude session |
+| **Use case** | "Test this script" | "Let Claude work autonomously" |
+| **Flag enabled** | N/A | `--dangerously-skip-permissions` |
+
+## Security Considerations
+
+**Safe for:**
+- Your own trusted projects
+- Development and testing workflows
+- CI/CD automation with Claude
+
+**Avoid for:**
+- Untrusted repositories (prompt injection risk)
+- Projects with sensitive credentials you haven't reviewed
+- Production systems
+
+**Remember:** Even with isolation, credentials inside the container are accessible to Claude. Only pass credentials you're comfortable with Claude having access to.
+
+## Quick Start
+
+```bash
+# 1. Set API key
+export ANTHROPIC_API_KEY="sk-ant-..."
+
+# 2. Run setup script (or create files manually)
+./setup-devcontainer.sh
+
+# 3. Open in VS Code and reopen in container
+code . && # Cmd+Shift+P → "Dev Containers: Reopen in Container"
+
+# 4. Run Claude with full autonomy
+claude --dangerously-skip-permissions
+```
+
+Think step by step about the user's devcontainer needs and provide:
+
+1. **Environment Assessment**: Current setup, Docker availability, existing configuration
+2. **Security Recommendation**: Appropriate isolation level based on use case
+3. **Implementation**: Create or modify devcontainer configuration
+4. **Validation**: Verify security settings are correctly applied
+5. **Usage Instructions**: How to start and use the devcontainer
+
+If no specific operation is provided, assess the current environment and help create a secure devcontainer configuration using Anthropic's recommended approach.