claude-code-pilot 3.2.0 → 3.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +67 -0
- package/README.md +14 -9
- package/bin/install.js +124 -16
- package/manifest.json +18 -3
- package/package.json +3 -2
- package/src/agents/django-build-resolver.md +252 -0
- package/src/agents/django-reviewer.md +169 -0
- package/src/agents/fastapi-reviewer.md +79 -0
- package/src/agents/fsharp-reviewer.md +109 -0
- package/src/agents/swift-build-resolver.md +170 -0
- package/src/agents/swift-reviewer.md +116 -0
- package/src/commands/ccp/cost-report.md +107 -0
- package/src/commands/ccp/intel.md +3 -3
- package/src/commands/ccp/mvp-phase.md +45 -0
- package/src/commands/ccp/plan-prd.md +160 -0
- package/src/commands/ccp/pr-ecc.md +184 -0
- package/src/commands/ccp/security-scan.md +74 -0
- package/src/hooks/ccp-bash-hook-dispatcher.js +96 -0
- package/src/hooks/ccp-context-monitor.js +23 -0
- package/src/hooks/ccp-doc-file-warning.js +93 -0
- package/src/hooks/ccp-pre-bash-dispatcher.js +24 -0
- package/src/hooks/ccp-write-gateguard.js +868 -0
- package/src/lib/project-detect.js +0 -2
- package/src/lib/shell-substitution.js +499 -0
- package/src/pilot/references/execute-mvp-tdd.md +81 -0
- package/src/pilot/references/mvp-concepts.md +49 -0
- package/src/pilot/references/planner-graphify-auto-update.md +67 -0
- package/src/pilot/references/planner-human-verify-mode.md +57 -0
- package/src/pilot/references/planner-mvp-mode.md +53 -0
- package/src/pilot/references/skeleton-template.md +48 -0
- package/src/pilot/references/spidr-splitting.md +69 -0
- package/src/pilot/references/user-story-template.md +58 -0
- package/src/pilot/references/verify-mvp-mode.md +85 -0
- package/src/pilot/references/worktree-path-safety.md +89 -0
- package/src/pilot/workflows/help.md +5 -0
- package/src/pilot/workflows/mvp-phase.md +199 -0
- package/src/skills/agent-architecture-audit/SKILL.md +256 -0
- package/src/skills/agent-harness-design/SKILL.md +73 -0
- package/src/skills/angular-developer/SKILL.md +154 -0
- package/src/skills/angular-developer/references/angular-animations.md +160 -0
- package/src/skills/angular-developer/references/angular-aria.md +410 -0
- package/src/skills/angular-developer/references/cli.md +86 -0
- package/src/skills/angular-developer/references/component-harnesses.md +59 -0
- package/src/skills/angular-developer/references/component-styling.md +91 -0
- package/src/skills/angular-developer/references/components.md +117 -0
- package/src/skills/angular-developer/references/creating-services.md +97 -0
- package/src/skills/angular-developer/references/data-resolvers.md +69 -0
- package/src/skills/angular-developer/references/define-routes.md +67 -0
- package/src/skills/angular-developer/references/defining-providers.md +72 -0
- package/src/skills/angular-developer/references/di-fundamentals.md +120 -0
- package/src/skills/angular-developer/references/e2e-testing.md +56 -0
- package/src/skills/angular-developer/references/effects.md +83 -0
- package/src/skills/angular-developer/references/hierarchical-injectors.md +43 -0
- package/src/skills/angular-developer/references/host-elements.md +80 -0
- package/src/skills/angular-developer/references/injection-context.md +63 -0
- package/src/skills/angular-developer/references/inputs.md +101 -0
- package/src/skills/angular-developer/references/linked-signal.md +59 -0
- package/src/skills/angular-developer/references/loading-strategies.md +61 -0
- package/src/skills/angular-developer/references/mcp.md +108 -0
- package/src/skills/angular-developer/references/navigate-to-routes.md +69 -0
- package/src/skills/angular-developer/references/outputs.md +86 -0
- package/src/skills/angular-developer/references/reactive-forms.md +122 -0
- package/src/skills/angular-developer/references/rendering-strategies.md +44 -0
- package/src/skills/angular-developer/references/resource.md +77 -0
- package/src/skills/angular-developer/references/route-animations.md +56 -0
- package/src/skills/angular-developer/references/route-guards.md +52 -0
- package/src/skills/angular-developer/references/router-lifecycle.md +45 -0
- package/src/skills/angular-developer/references/router-testing.md +87 -0
- package/src/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
- package/src/skills/angular-developer/references/signal-forms.md +795 -0
- package/src/skills/angular-developer/references/signals-overview.md +94 -0
- package/src/skills/angular-developer/references/tailwind-css.md +69 -0
- package/src/skills/angular-developer/references/template-driven-forms.md +114 -0
- package/src/skills/angular-developer/references/testing-fundamentals.md +65 -0
- package/src/skills/error-handling/SKILL.md +376 -0
- package/src/skills/fastapi-patterns/SKILL.md +327 -0
- package/src/skills/flox-environments/SKILL.md +496 -0
- package/src/skills/fsharp-testing/SKILL.md +280 -0
- package/src/skills/ios-icon-gen/SKILL.md +157 -0
- package/src/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
- package/src/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
- package/src/skills/make-interfaces-feel-better/SKILL.md +151 -0
- package/src/skills/mysql-patterns/SKILL.md +412 -0
- package/src/skills/plan-orchestrate/SKILL.md +220 -0
- package/src/skills/prisma-patterns/SKILL.md +371 -0
- package/src/skills/production-audit/SKILL.md +206 -0
- package/src/skills/security-scan/references/agentshield-policy-exception/candidate-playbook.md +49 -0
- package/src/skills/security-scan/references/agentshield-policy-exception/report.json +35 -0
- package/src/skills/security-scan/references/agentshield-policy-exception/scenario.json +62 -0
- package/src/skills/security-scan/references/agentshield-policy-exception/trace.json +45 -0
- package/src/skills/security-scan/references/agentshield-policy-exception/verifier-result.json +35 -0
- package/src/skills/vite-patterns/SKILL.md +449 -0
- package/src/skills/windows-desktop-e2e/SKILL.md +887 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Generate a local Claude Code cost report from a cost-tracker SQLite database.
|
|
3
|
+
argument-hint: [csv]
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Cost Report
|
|
7
|
+
|
|
8
|
+
Query the local cost-tracking database and present a spending report by day,
|
|
9
|
+
project, tool, and session. This command assumes a cost-tracking hook or plugin
|
|
10
|
+
is already writing usage rows to `~/.claude-cost-tracker/usage.db`.
|
|
11
|
+
|
|
12
|
+
## What This Command Does
|
|
13
|
+
|
|
14
|
+
1. Check that `sqlite3` is available.
|
|
15
|
+
2. Check that `~/.claude-cost-tracker/usage.db` exists.
|
|
16
|
+
3. Run aggregate queries against the `usage` table.
|
|
17
|
+
4. Present a compact report, or export recent rows as CSV when the argument is
|
|
18
|
+
`csv`.
|
|
19
|
+
|
|
20
|
+
## Prerequisites
|
|
21
|
+
|
|
22
|
+
The database must be populated by a local cost tracker. If the file is missing,
|
|
23
|
+
tell the user the tracker is not set up and suggest installing or enabling a
|
|
24
|
+
trusted Claude Code cost-tracking hook/plugin first.
|
|
25
|
+
|
|
26
|
+
```bash
|
|
27
|
+
test -f ~/.claude-cost-tracker/usage.db && echo "Database found" || echo "Database not found"
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
## Summary Query
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
sqlite3 -header -column ~/.claude-cost-tracker/usage.db "
|
|
34
|
+
SELECT
|
|
35
|
+
ROUND(COALESCE(SUM(CASE WHEN date(timestamp) = date('now') THEN cost_usd END), 0), 4) AS today_cost,
|
|
36
|
+
ROUND(COALESCE(SUM(CASE WHEN date(timestamp) = date('now', '-1 day') THEN cost_usd END), 0), 4) AS yesterday_cost,
|
|
37
|
+
ROUND(COALESCE(SUM(cost_usd), 0), 4) AS total_cost,
|
|
38
|
+
COUNT(*) AS total_calls,
|
|
39
|
+
COUNT(DISTINCT session_id) AS sessions
|
|
40
|
+
FROM usage;
|
|
41
|
+
"
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
## Project Breakdown
|
|
45
|
+
|
|
46
|
+
```bash
|
|
47
|
+
sqlite3 -header -column ~/.claude-cost-tracker/usage.db "
|
|
48
|
+
SELECT project, ROUND(SUM(cost_usd), 4) AS cost, COUNT(*) AS calls
|
|
49
|
+
FROM usage
|
|
50
|
+
GROUP BY project
|
|
51
|
+
ORDER BY cost DESC;
|
|
52
|
+
"
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
## Tool Breakdown
|
|
56
|
+
|
|
57
|
+
```bash
|
|
58
|
+
sqlite3 -header -column ~/.claude-cost-tracker/usage.db "
|
|
59
|
+
SELECT tool_name, ROUND(SUM(cost_usd), 4) AS cost, COUNT(*) AS calls
|
|
60
|
+
FROM usage
|
|
61
|
+
GROUP BY tool_name
|
|
62
|
+
ORDER BY cost DESC;
|
|
63
|
+
"
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
## Last Seven Days
|
|
67
|
+
|
|
68
|
+
```bash
|
|
69
|
+
sqlite3 -header -column ~/.claude-cost-tracker/usage.db "
|
|
70
|
+
SELECT date(timestamp) AS date, ROUND(SUM(cost_usd), 4) AS cost, COUNT(*) AS calls
|
|
71
|
+
FROM usage
|
|
72
|
+
GROUP BY date(timestamp)
|
|
73
|
+
ORDER BY date DESC
|
|
74
|
+
LIMIT 7;
|
|
75
|
+
"
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
## CSV Export
|
|
79
|
+
|
|
80
|
+
If the user asks for `/cost-report csv`, export the most recent usage rows with
|
|
81
|
+
an explicit column list:
|
|
82
|
+
|
|
83
|
+
```bash
|
|
84
|
+
sqlite3 -csv -header ~/.claude-cost-tracker/usage.db "
|
|
85
|
+
SELECT timestamp, project, tool_name, input_tokens, output_tokens, cost_usd, session_id, model
|
|
86
|
+
FROM usage
|
|
87
|
+
ORDER BY timestamp DESC
|
|
88
|
+
LIMIT 100;
|
|
89
|
+
"
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
## Report Format
|
|
93
|
+
|
|
94
|
+
Format the response as:
|
|
95
|
+
|
|
96
|
+
1. Summary: today, yesterday, total, calls, sessions.
|
|
97
|
+
2. By project: projects ranked by total cost.
|
|
98
|
+
3. By tool: tools ranked by total cost.
|
|
99
|
+
4. Last seven days: date, cost, call count.
|
|
100
|
+
|
|
101
|
+
Use four decimal places for sub-dollar amounts. Do not estimate pricing from raw
|
|
102
|
+
tokens in this command; rely on the precomputed `cost_usd` values written by the
|
|
103
|
+
tracker.
|
|
104
|
+
|
|
105
|
+
## Source
|
|
106
|
+
|
|
107
|
+
Salvaged from stale community PR #1304 by `MayurBhavsar`.
|
|
@@ -24,7 +24,7 @@ Then proceed to Step 1.
|
|
|
24
24
|
|
|
25
25
|
Check if intel is enabled by reading `.planning/config.json` directly using the Read tool.
|
|
26
26
|
|
|
27
|
-
**DO NOT use the
|
|
27
|
+
**DO NOT use the config get-value CLI** -- it hard-exits on missing keys. Read `.planning/config.json` directly instead.
|
|
28
28
|
|
|
29
29
|
1. Read `.planning/config.json` using the Read tool
|
|
30
30
|
2. If the file does not exist: display the disabled message below and **STOP**
|
|
@@ -137,7 +137,7 @@ Task(
|
|
|
137
137
|
prompt="You are the gsd-intel-updater agent. Your job is to analyze this codebase and write/update intelligence files in .planning/intel/.
|
|
138
138
|
|
|
139
139
|
Project root: ${CWD}
|
|
140
|
-
|
|
140
|
+
Use: node "$HOME/.claude/pilot/bin/ccp-tools.cjs" <subcommand>
|
|
141
141
|
|
|
142
142
|
Instructions:
|
|
143
143
|
1. Analyze the codebase structure, dependencies, APIs, and architecture
|
|
@@ -176,4 +176,4 @@ Display a summary showing:
|
|
|
176
176
|
1. DO NOT spawn an agent for query/status/diff operations -- these are inline CLI calls
|
|
177
177
|
2. DO NOT modify intel files directly -- the agent handles writes during refresh
|
|
178
178
|
3. DO NOT skip the config gate check
|
|
179
|
-
4. DO NOT use the
|
|
179
|
+
4. DO NOT use the config get-value CLI for the config gate -- it exits on missing keys
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ccp:mvp-phase
|
|
3
|
+
description: Plan a phase as a vertical MVP slice — user story, SPIDR splitting, then plan-phase
|
|
4
|
+
argument-hint: "<phase-number>"
|
|
5
|
+
allowed-tools:
|
|
6
|
+
- Read
|
|
7
|
+
- Write
|
|
8
|
+
- Bash
|
|
9
|
+
- Glob
|
|
10
|
+
- Grep
|
|
11
|
+
- Agent
|
|
12
|
+
- AskUserQuestion
|
|
13
|
+
requires: [new-project, plan-phase]
|
|
14
|
+
---
|
|
15
|
+
<objective>
|
|
16
|
+
Guide the user through MVP-mode planning for a phase. The command:
|
|
17
|
+
|
|
18
|
+
1. Prompts for an "As a / I want to / So that" user story (three structured questions)
|
|
19
|
+
2. Runs SPIDR splitting check — if the story is too large, walks through Spike/Paths/Interfaces/Data/Rules and offers to split into multiple phases
|
|
20
|
+
3. Writes `**Mode:** mvp` and the reformatted `**Goal:**` to the phase's ROADMAP.md section
|
|
21
|
+
4. Delegates to `/ccp:plan-phase <N>` which auto-detects MVP mode via the roadmap field
|
|
22
|
+
|
|
23
|
+
Phase 1 of the vertical-mvp-slice PRD shipped the planner-side machinery; this command is the user entry point for it.
|
|
24
|
+
</objective>
|
|
25
|
+
|
|
26
|
+
<execution_context>
|
|
27
|
+
@~/.claude/pilot/workflows/mvp-phase.md
|
|
28
|
+
@~/.claude/pilot/references/spidr-splitting.md
|
|
29
|
+
@~/.claude/pilot/references/user-story-template.md
|
|
30
|
+
</execution_context>
|
|
31
|
+
|
|
32
|
+
<runtime_note>
|
|
33
|
+
**Copilot (VS Code):** Use `vscode_askquestions` wherever this workflow calls `AskUserQuestion`. Equivalent API.
|
|
34
|
+
</runtime_note>
|
|
35
|
+
|
|
36
|
+
<context>
|
|
37
|
+
Phase number: $ARGUMENTS (required — integer or decimal like `2.1`)
|
|
38
|
+
|
|
39
|
+
The phase must already exist in ROADMAP.md (created via `/ccp:new-project`, `/ccp:add-phase`, or `/ccp:insert-phase`). This command does not create new phases — it converts an existing phase to MVP mode.
|
|
40
|
+
</context>
|
|
41
|
+
|
|
42
|
+
<process>
|
|
43
|
+
Execute the mvp-phase workflow from @~/.claude/pilot/workflows/mvp-phase.md end-to-end.
|
|
44
|
+
Preserve all gates: phase existence, status guard (refuse in_progress/completed), user-story format validation, SPIDR splitting check, ROADMAP write confirmation, plan-phase delegation.
|
|
45
|
+
</process>
|
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Generate a lean, problem-first PRD and hand off to /plan for implementation planning."
|
|
3
|
+
argument-hint: "[product/feature idea] (blank = start with questions)"
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# PRD Command
|
|
7
|
+
|
|
8
|
+
Produces a **Product Requirements Document** — the requirements-phase artifact of the SDLC. Captures *what* must be true for success and *why*, and stops before *how*. Implementation decomposition is delegated to `/plan`.
|
|
9
|
+
|
|
10
|
+
**Input**: `$ARGUMENTS`
|
|
11
|
+
|
|
12
|
+
## Scope of this command
|
|
13
|
+
|
|
14
|
+
| This command does | This command does NOT do |
|
|
15
|
+
|---|---|
|
|
16
|
+
| Frame the problem and users | Design the architecture |
|
|
17
|
+
| Capture success criteria and scope | Pick files or write patterns |
|
|
18
|
+
| List open questions and risks | Enumerate implementation tasks |
|
|
19
|
+
| Write `.claude/prds/{name}.prd.md` | Produce an implementation plan — that's `/plan` |
|
|
20
|
+
|
|
21
|
+
If you find yourself writing implementation detail, stop and cut it. It belongs in `/plan`.
|
|
22
|
+
|
|
23
|
+
**Anti-fluff rule**: When information is missing, write `TBD — needs validation via {method}`. Never invent plausible-sounding requirements.
|
|
24
|
+
|
|
25
|
+
## Workflow
|
|
26
|
+
|
|
27
|
+
Four phases. Each phase is a single gate — ask the questions, wait for the user, then move on. No nested loops, no parallel research ceremony.
|
|
28
|
+
|
|
29
|
+
### Phase 1 — FRAME
|
|
30
|
+
|
|
31
|
+
If `$ARGUMENTS` is empty, ask:
|
|
32
|
+
|
|
33
|
+
> What do you want to build? One or two sentences.
|
|
34
|
+
|
|
35
|
+
If provided, restate in one sentence and ask:
|
|
36
|
+
|
|
37
|
+
> I understand: *{restated}*. Correct, or should I adjust?
|
|
38
|
+
|
|
39
|
+
Then ask the framing questions in a single set:
|
|
40
|
+
|
|
41
|
+
> 1. **Who** has this problem? (specific role or segment)
|
|
42
|
+
> 2. **What** is the observable pain? (describe behavior, not assumed needs)
|
|
43
|
+
> 3. **Why** can't they solve it with what exists today?
|
|
44
|
+
> 4. **Why now?** — what changed that makes this worth doing?
|
|
45
|
+
|
|
46
|
+
Wait for the user. Do not proceed without answers (or explicit "skip").
|
|
47
|
+
|
|
48
|
+
### Phase 2 — GROUND
|
|
49
|
+
|
|
50
|
+
Ask for evidence. This is the shortest phase and the most load-bearing:
|
|
51
|
+
|
|
52
|
+
> What evidence do you have that this problem is real and worth solving? (user quotes, support tickets, metrics, observed behavior, failed workarounds — anything concrete)
|
|
53
|
+
|
|
54
|
+
If the user has none, record the PRD's Evidence section as `Assumption — needs validation via {user research | analytics | prototype}`. This keeps the PRD honest.
|
|
55
|
+
|
|
56
|
+
### Phase 3 — DECIDE
|
|
57
|
+
|
|
58
|
+
Scope and hypothesis in a single set:
|
|
59
|
+
|
|
60
|
+
> 1. **Hypothesis** — Complete: *We believe **{capability}** will **{solve problem}** for **{users}**. We'll know we're right when **{measurable outcome}**.*
|
|
61
|
+
> 2. **MVP** — The minimum needed to test the hypothesis?
|
|
62
|
+
> 3. **Out of scope** — What are you explicitly **not** building (even if users ask)?
|
|
63
|
+
> 4. **Open questions** — Uncertainties that could change the approach?
|
|
64
|
+
|
|
65
|
+
Wait for responses.
|
|
66
|
+
|
|
67
|
+
### Phase 4 — GENERATE & HAND OFF
|
|
68
|
+
|
|
69
|
+
Create the directory if needed, write the PRD, and report.
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
mkdir -p .claude/prds
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
**Output path**: `.claude/prds/{kebab-case-name}.prd.md`
|
|
76
|
+
|
|
77
|
+
#### PRD Template
|
|
78
|
+
|
|
79
|
+
```markdown
|
|
80
|
+
# {Product / Feature Name}
|
|
81
|
+
|
|
82
|
+
## Problem
|
|
83
|
+
{2–3 sentences: who has what problem, and what's the cost of leaving it unsolved?}
|
|
84
|
+
|
|
85
|
+
## Evidence
|
|
86
|
+
- {User quote, data point, or observation}
|
|
87
|
+
- {OR: "Assumption — needs validation via {method}"}
|
|
88
|
+
|
|
89
|
+
## Users
|
|
90
|
+
- **Primary**: {role, context, what triggers the need}
|
|
91
|
+
- **Not for**: {who this explicitly excludes}
|
|
92
|
+
|
|
93
|
+
## Hypothesis
|
|
94
|
+
We believe **{capability}** will **{solve problem}** for **{users}**.
|
|
95
|
+
We'll know we're right when **{measurable outcome}**.
|
|
96
|
+
|
|
97
|
+
## Success Metrics
|
|
98
|
+
| Metric | Target | How measured |
|
|
99
|
+
|---|---|---|
|
|
100
|
+
| {primary} | {number} | {method} |
|
|
101
|
+
|
|
102
|
+
## Scope
|
|
103
|
+
**MVP** — {the minimum to test the hypothesis}
|
|
104
|
+
|
|
105
|
+
**Out of scope**
|
|
106
|
+
- {item} — {why deferred}
|
|
107
|
+
|
|
108
|
+
## Delivery Milestones
|
|
109
|
+
<!-- Business outcomes, not engineering tasks. /plan turns each into a plan. -->
|
|
110
|
+
<!-- Status: pending | in-progress | complete -->
|
|
111
|
+
|
|
112
|
+
| # | Milestone | Outcome | Status | Plan |
|
|
113
|
+
|---|---|---|---|---|
|
|
114
|
+
| 1 | {name} | {user-visible change} | pending | — |
|
|
115
|
+
| 2 | {name} | {user-visible change} | pending | — |
|
|
116
|
+
|
|
117
|
+
## Open Questions
|
|
118
|
+
- [ ] {question that could change scope or approach}
|
|
119
|
+
|
|
120
|
+
## Risks
|
|
121
|
+
| Risk | Likelihood | Impact | Mitigation |
|
|
122
|
+
|---|---|---|---|
|
|
123
|
+
|
|
124
|
+
---
|
|
125
|
+
*Status: DRAFT — requirements only. Implementation planning pending via /plan.*
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
#### Report to user
|
|
129
|
+
|
|
130
|
+
```
|
|
131
|
+
PRD created: .claude/prds/{name}.prd.md
|
|
132
|
+
|
|
133
|
+
Problem: {one line}
|
|
134
|
+
Hypothesis: {one line}
|
|
135
|
+
MVP: {one line}
|
|
136
|
+
|
|
137
|
+
Validation status:
|
|
138
|
+
Problem {validated | assumption}
|
|
139
|
+
Users {concrete | generic — refine}
|
|
140
|
+
Metrics {defined | TBD}
|
|
141
|
+
|
|
142
|
+
Open questions: {count}
|
|
143
|
+
|
|
144
|
+
Next step: /plan .claude/prds/{name}.prd.md
|
|
145
|
+
→ /plan will pick the next pending milestone and produce an implementation plan.
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
## Integration
|
|
149
|
+
|
|
150
|
+
- `/plan <prd-path>` — consume the PRD and produce an implementation plan for the next pending milestone.
|
|
151
|
+
- `tdd-workflow` skill — implement the plan test-first.
|
|
152
|
+
- `/pr` — open a PR that references the PRD and plan.
|
|
153
|
+
|
|
154
|
+
## Success criteria
|
|
155
|
+
|
|
156
|
+
- **PROBLEM_CLEAR**: problem is specific and evidenced (or flagged as assumption).
|
|
157
|
+
- **USER_CONCRETE**: primary user is a specific role, not "users".
|
|
158
|
+
- **HYPOTHESIS_TESTABLE**: measurable outcome included.
|
|
159
|
+
- **SCOPE_BOUNDED**: explicit MVP and explicit out-of-scope.
|
|
160
|
+
- **NO_IMPLEMENTATION_DETAIL**: file paths, libraries, or task breakdowns are absent — if they appeared, move them to the `/plan` step.
|
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: "Create a GitHub PR from current branch with unpushed commits — discovers templates, analyzes changes, pushes"
|
|
3
|
+
argument-hint: "[base-branch] (default: main)"
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Create Pull Request
|
|
7
|
+
|
|
8
|
+
**Input**: `$ARGUMENTS` — optional, may contain a base branch name and/or flags (e.g., `--draft`).
|
|
9
|
+
|
|
10
|
+
**Parse `$ARGUMENTS`**:
|
|
11
|
+
- Extract any recognized flags (`--draft`)
|
|
12
|
+
- Treat remaining non-flag text as the base branch name
|
|
13
|
+
- Default base branch to `main` if none specified
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Phase 1 — VALIDATE
|
|
18
|
+
|
|
19
|
+
Check preconditions:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
git branch --show-current
|
|
23
|
+
git status --short
|
|
24
|
+
git log origin/<base>..HEAD --oneline
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
| Check | Condition | Action if Failed |
|
|
28
|
+
|---|---|---|
|
|
29
|
+
| Not on base branch | Current branch ≠ base | Stop: "Switch to a feature branch first." |
|
|
30
|
+
| Clean working directory | No uncommitted changes | Warn: "You have uncommitted changes. Commit or stash first." |
|
|
31
|
+
| Has commits ahead | `git log origin/<base>..HEAD` not empty | Stop: "No commits ahead of `<base>`. Nothing to PR." |
|
|
32
|
+
| No existing PR | `gh pr list --head <branch> --json number` is empty | Stop: "PR already exists: #<number>. Use `gh pr view <number> --web` to open it." |
|
|
33
|
+
|
|
34
|
+
If all checks pass, proceed.
|
|
35
|
+
|
|
36
|
+
---
|
|
37
|
+
|
|
38
|
+
## Phase 2 — DISCOVER
|
|
39
|
+
|
|
40
|
+
### PR Template
|
|
41
|
+
|
|
42
|
+
Search for PR template in order:
|
|
43
|
+
|
|
44
|
+
1. `.github/PULL_REQUEST_TEMPLATE/` directory — if exists, list files and let user choose (or use `default.md`)
|
|
45
|
+
2. `.github/PULL_REQUEST_TEMPLATE.md`
|
|
46
|
+
3. `.github/pull_request_template.md`
|
|
47
|
+
4. `docs/pull_request_template.md`
|
|
48
|
+
|
|
49
|
+
If found, read it and use its structure for the PR body.
|
|
50
|
+
|
|
51
|
+
### Commit Analysis
|
|
52
|
+
|
|
53
|
+
```bash
|
|
54
|
+
git log origin/<base>..HEAD --format="%h %s" --reverse
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Analyze commits to determine:
|
|
58
|
+
- **PR title**: Use conventional commit format with type prefix — `feat: ...`, `fix: ...`, etc.
|
|
59
|
+
- If multiple types, use the dominant one
|
|
60
|
+
- If single commit, use its message as-is
|
|
61
|
+
- **Change summary**: Group commits by type/area
|
|
62
|
+
|
|
63
|
+
### File Analysis
|
|
64
|
+
|
|
65
|
+
```bash
|
|
66
|
+
git diff origin/<base>..HEAD --stat
|
|
67
|
+
git diff origin/<base>..HEAD --name-only
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
Categorize changed files: source, tests, docs, config, migrations.
|
|
71
|
+
|
|
72
|
+
### Planning Artifacts
|
|
73
|
+
|
|
74
|
+
Check for related artifacts produced by `/plan-prd`, `/plan`, or the legacy PRP workflow:
|
|
75
|
+
- `.claude/prds/` — PRDs this PR implements a milestone of
|
|
76
|
+
- `.claude/plans/` — Plans executed by this PR
|
|
77
|
+
- `.claude/PRPs/prds/` — legacy PRP PRDs
|
|
78
|
+
- `.claude/PRPs/plans/` — legacy PRP implementation plans
|
|
79
|
+
- `.claude/PRPs/reports/` — legacy PRP implementation reports
|
|
80
|
+
|
|
81
|
+
Reference these in the PR body if they exist.
|
|
82
|
+
|
|
83
|
+
---
|
|
84
|
+
|
|
85
|
+
## Phase 3 — PUSH
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
git push -u origin HEAD
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
If push fails due to divergence:
|
|
92
|
+
```bash
|
|
93
|
+
git fetch origin
|
|
94
|
+
git rebase origin/<base>
|
|
95
|
+
git push -u origin HEAD
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
If rebase conflicts occur, stop and inform the user.
|
|
99
|
+
|
|
100
|
+
---
|
|
101
|
+
|
|
102
|
+
## Phase 4 — CREATE
|
|
103
|
+
|
|
104
|
+
### With Template
|
|
105
|
+
|
|
106
|
+
If a PR template was found in Phase 2, fill in each section using the commit and file analysis. Preserve all template sections — leave sections as "N/A" if not applicable rather than removing them.
|
|
107
|
+
|
|
108
|
+
### Without Template
|
|
109
|
+
|
|
110
|
+
Use this default format:
|
|
111
|
+
|
|
112
|
+
```markdown
|
|
113
|
+
## Summary
|
|
114
|
+
|
|
115
|
+
<1-2 sentence description of what this PR does and why>
|
|
116
|
+
|
|
117
|
+
## Changes
|
|
118
|
+
|
|
119
|
+
<bulleted list of changes grouped by area>
|
|
120
|
+
|
|
121
|
+
## Files Changed
|
|
122
|
+
|
|
123
|
+
<table or list of changed files with change type: Added/Modified/Deleted>
|
|
124
|
+
|
|
125
|
+
## Testing
|
|
126
|
+
|
|
127
|
+
<description of how changes were tested, or "Needs testing">
|
|
128
|
+
|
|
129
|
+
## Related Issues
|
|
130
|
+
|
|
131
|
+
<linked issues with Closes/Fixes/Relates to #N, or "None">
|
|
132
|
+
```
|
|
133
|
+
|
|
134
|
+
### Create the PR
|
|
135
|
+
|
|
136
|
+
```bash
|
|
137
|
+
gh pr create \
|
|
138
|
+
--title "<PR title>" \
|
|
139
|
+
--base <base-branch> \
|
|
140
|
+
--body "<PR body>"
|
|
141
|
+
# Add --draft if the --draft flag was parsed from $ARGUMENTS
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
---
|
|
145
|
+
|
|
146
|
+
## Phase 5 — VERIFY
|
|
147
|
+
|
|
148
|
+
```bash
|
|
149
|
+
gh pr view --json number,url,title,state,baseRefName,headRefName,additions,deletions,changedFiles
|
|
150
|
+
gh pr checks --json name,status,conclusion 2>/dev/null || true
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
---
|
|
154
|
+
|
|
155
|
+
## Phase 6 — OUTPUT
|
|
156
|
+
|
|
157
|
+
Report to user:
|
|
158
|
+
|
|
159
|
+
```
|
|
160
|
+
PR #<number>: <title>
|
|
161
|
+
URL: <url>
|
|
162
|
+
Branch: <head> → <base>
|
|
163
|
+
Changes: +<additions> -<deletions> across <changedFiles> files
|
|
164
|
+
|
|
165
|
+
CI Checks: <status summary or "pending" or "none configured">
|
|
166
|
+
|
|
167
|
+
Artifacts referenced:
|
|
168
|
+
- <any PRDs/plans linked in PR body>
|
|
169
|
+
|
|
170
|
+
Next steps:
|
|
171
|
+
- gh pr view <number> --web → open in browser
|
|
172
|
+
- /code-review <number> → review the PR
|
|
173
|
+
- gh pr merge <number> → merge when ready
|
|
174
|
+
```
|
|
175
|
+
|
|
176
|
+
---
|
|
177
|
+
|
|
178
|
+
## Edge Cases
|
|
179
|
+
|
|
180
|
+
- **No `gh` CLI**: Stop with: "GitHub CLI (`gh`) is required. Install: <https://cli.github.com/>"
|
|
181
|
+
- **Not authenticated**: Stop with: "Run `gh auth login` first."
|
|
182
|
+
- **Force push needed**: If remote has diverged and rebase was done, use `git push --force-with-lease` (never `--force`).
|
|
183
|
+
- **Multiple PR templates**: If `.github/PULL_REQUEST_TEMPLATE/` has multiple files, list them and ask user to choose.
|
|
184
|
+
- **Large PR (>20 files)**: Warn about PR size. Suggest splitting if changes are logically separable.
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Scan your .claude/ configuration for security issues via AgentShield (external, opt-in via npx).
|
|
3
|
+
argument-hint: [path] [--format json|markdown|html] [--min-severity low|medium|high|critical] [--fix]
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Security Scan
|
|
7
|
+
|
|
8
|
+
Scan a project (agents, hooks, MCP servers, permissions, and secrets) for
|
|
9
|
+
security issues. This command is a thin wrapper around the external
|
|
10
|
+
`ecc-agentshield` scanner: nothing is installed at CCP install time — you opt in
|
|
11
|
+
at run time via `npx`, so the scanner is fetched on demand and never vendored.
|
|
12
|
+
|
|
13
|
+
## Usage
|
|
14
|
+
|
|
15
|
+
`/ccp:security-scan [path] [--format json|markdown|html] [--min-severity low|medium|high|critical] [--fix]`
|
|
16
|
+
|
|
17
|
+
- `path` (optional): defaults to the current project. Use a `.claude/` path, a
|
|
18
|
+
repo root, or a checked-in template directory.
|
|
19
|
+
- `--format`: output format. Use `json` for CI, `markdown` for handoffs, `html`
|
|
20
|
+
for standalone review reports.
|
|
21
|
+
- `--min-severity`: filters lower-priority findings.
|
|
22
|
+
- `--fix`: applies only fixes the scanner explicitly marks safe and auto-fixable.
|
|
23
|
+
|
|
24
|
+
## Deterministic Engine
|
|
25
|
+
|
|
26
|
+
Run the external scanner against the target path:
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
npx ecc-agentshield scan --path "${TARGET_PATH:-.}"
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
For a plain-text report instead of the default output:
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
npx ecc-agentshield scan --path "${TARGET_PATH:-.}" --format text
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Use AgentShield output as the source of truth; do not invent findings. Keep
|
|
39
|
+
scanner facts separate from your follow-up judgment.
|
|
40
|
+
|
|
41
|
+
## Remediation
|
|
42
|
+
|
|
43
|
+
For each critical or high finding, return:
|
|
44
|
+
|
|
45
|
+
- file path
|
|
46
|
+
- severity
|
|
47
|
+
- why it matters
|
|
48
|
+
- the exact fix
|
|
49
|
+
- whether `--fix` is safe to apply
|
|
50
|
+
|
|
51
|
+
If `--fix` is requested, state the planned edits before applying them, then
|
|
52
|
+
re-scan and report the before/after grade.
|
|
53
|
+
|
|
54
|
+
## Full Reference
|
|
55
|
+
|
|
56
|
+
The complete CLI surface, output formats, severity grades, and the policy schema
|
|
57
|
+
live in the skill — read it for anything beyond the invocation above:
|
|
58
|
+
|
|
59
|
+
@.claude/skills/security-scan/SKILL.md
|
|
60
|
+
|
|
61
|
+
The policy schema and example documents are under
|
|
62
|
+
`references/agentshield-policy-exception/` within that skill.
|
|
63
|
+
|
|
64
|
+
## Arguments
|
|
65
|
+
|
|
66
|
+
$ARGUMENTS:
|
|
67
|
+
- optional target path
|
|
68
|
+
- optional AgentShield flags (`--format`, `--min-severity`, `--fix`)
|
|
69
|
+
|
|
70
|
+
## Source
|
|
71
|
+
|
|
72
|
+
Thin wrapper for AgentShield (https://github.com/affaan-m/agentshield);
|
|
73
|
+
external, not vendored. Pinned in `manifest.json` under
|
|
74
|
+
`external.agentshield` (1.4.0).
|
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
'use strict';
|
|
3
|
+
|
|
4
|
+
const { isHookEnabled } = require('../lib/hook-flags');
|
|
5
|
+
|
|
6
|
+
const MAX_STDIN = 1024 * 1024;
|
|
7
|
+
|
|
8
|
+
// GateGuard is the sole pre-bash chain member in CCP's minimal dispatcher.
|
|
9
|
+
// It is lazy-required so this file does NOT hard-depend on the GateGuard hook
|
|
10
|
+
// (ccp-write-gateguard, delivered by Plan 04) landing first. If the module is
|
|
11
|
+
// absent, the member is a no-op that returns rawInput unchanged.
|
|
12
|
+
//
|
|
13
|
+
// NOTE: The upstream tmux / git-push / commit-quality / auto-tmux /
|
|
14
|
+
// block-no-verify members are intentionally NOT ported. Those are external
|
|
15
|
+
// workflow opinions; CCP ships a minimal, profile-gated dispatcher whose only
|
|
16
|
+
// job is the GateGuard Bash branch. The runHooks loop below is preserved as an
|
|
17
|
+
// extensible scaffold so future members can be appended to PRE_BASH_HOOKS.
|
|
18
|
+
let _gateguardRun = null;
|
|
19
|
+
try {
|
|
20
|
+
_gateguardRun = require('./ccp-write-gateguard').run;
|
|
21
|
+
} catch (_) {
|
|
22
|
+
_gateguardRun = null;
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
const PRE_BASH_HOOKS = [
|
|
26
|
+
{
|
|
27
|
+
id: 'pre:bash:gateguard-fact-force',
|
|
28
|
+
profiles: 'standard,strict',
|
|
29
|
+
run: rawInput => (_gateguardRun ? _gateguardRun(rawInput) : rawInput),
|
|
30
|
+
},
|
|
31
|
+
];
|
|
32
|
+
|
|
33
|
+
function normalizeHookResult(previousRaw, output) {
|
|
34
|
+
if (typeof output === 'string' || Buffer.isBuffer(output)) {
|
|
35
|
+
return {
|
|
36
|
+
raw: String(output),
|
|
37
|
+
stderr: '',
|
|
38
|
+
exitCode: 0,
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
if (output && typeof output === 'object') {
|
|
43
|
+
const nextRaw = Object.prototype.hasOwnProperty.call(output, 'stdout')
|
|
44
|
+
? String(output.stdout ?? '')
|
|
45
|
+
: !Number.isInteger(output.exitCode) || output.exitCode === 0
|
|
46
|
+
? previousRaw
|
|
47
|
+
: '';
|
|
48
|
+
|
|
49
|
+
return {
|
|
50
|
+
raw: nextRaw,
|
|
51
|
+
stderr: typeof output.stderr === 'string' ? output.stderr : '',
|
|
52
|
+
exitCode: Number.isInteger(output.exitCode) ? output.exitCode : 0,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
return {
|
|
57
|
+
raw: previousRaw,
|
|
58
|
+
stderr: '',
|
|
59
|
+
exitCode: 0,
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
function runHooks(rawInput, hooks) {
|
|
64
|
+
let currentRaw = rawInput;
|
|
65
|
+
let stderr = '';
|
|
66
|
+
|
|
67
|
+
for (const hook of hooks) {
|
|
68
|
+
if (!isHookEnabled(hook.id, { profiles: hook.profiles })) {
|
|
69
|
+
continue;
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
try {
|
|
73
|
+
const result = normalizeHookResult(currentRaw, hook.run(currentRaw));
|
|
74
|
+
currentRaw = result.raw;
|
|
75
|
+
if (result.stderr) {
|
|
76
|
+
stderr += result.stderr.endsWith('\n') ? result.stderr : `${result.stderr}\n`;
|
|
77
|
+
}
|
|
78
|
+
if (result.exitCode !== 0) {
|
|
79
|
+
return { output: currentRaw, stderr, exitCode: result.exitCode };
|
|
80
|
+
}
|
|
81
|
+
} catch (error) {
|
|
82
|
+
stderr += `[Hook] ${hook.id} failed: ${error.message}\n`;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
return { output: currentRaw, stderr, exitCode: 0 };
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
function runPreBash(rawInput) {
|
|
90
|
+
return runHooks(rawInput, PRE_BASH_HOOKS);
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
module.exports = { PRE_BASH_HOOKS, runPreBash };
|
|
94
|
+
|
|
95
|
+
// MAX_STDIN is exported indirectly for parity with the entrypoint cap.
|
|
96
|
+
module.exports.MAX_STDIN = MAX_STDIN;
|