claude-dev-env 1.22.0 → 1.22.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "claude-dev-env",
-    "version": "1.22.0",
+    "version": "1.22.1",
     "description": "Claude Code development standards — rules, hooks, agents, commands, and skills",
     "type": "module",
     "bin": {

package/skills/bugteam/SKILL.md

@@ -45,20 +45,11 @@ User wants automated convergence on a clean PR without babysitting each step. Ty
 
 Refusal cases — check in order; first match short-circuits and stops:
 
-1. **Agent teams not enabled.** Verify by reading `~/.claude/settings.json` and `os.environ` directly:
-
-  ```python
-  import json, os
-  from pathlib import Path
-  settings = json.loads(Path.home().joinpath('.claude', 'settings.json').read_text(encoding='utf-8'))
-  is_enabled_in_settings = settings.get('env', {}).get('CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS') == '1'
-  is_enabled_in_environment = os.environ.get('CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS') == '1'
-  ```
-
-  If neither is `'1'`, respond: `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 not set. /bugteam requires the agent teams feature. See https://code.claude.com/docs/en/agent-teams#enable-agent-teams.` and stop.
-2. **Claude Code version too old.** Run `claude --version`. If older than v2.1.32, respond: `Claude Code v<version> is older than the v2.1.32 minimum for agent teams. Upgrade first.` and stop.
-3. **No PR or upstream diff.** Respond exactly: `No PR or upstream diff. /bugteam needs a target.` and stop.
-4. **Working tree dirty with uncommitted changes the user did not stage.** Respond: `Uncommitted changes detected. Stash, commit, or revert before /bugteam.` and stop. Reason: the fix teammate will commit the working tree, mixing user-uncommitted work into automated fixes.
+- **Agent teams not enabled.** Check `claude config get env.CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS` and `~/.claude/settings.json`. If neither sets it to `"1"`, respond: `CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1 not set. /bugteam requires the agent teams feature. See https://code.claude.com/docs/en/agent-teams#enable-agent-teams.` and stop.
+- **Claude Code version too old.** Run `claude --version`. If older than v2.1.32, respond: `Claude Code v<version> is older than the v2.1.32 minimum for agent teams. Upgrade first.` and stop.
+- **No PR or upstream diff.** Respond exactly: `No PR or upstream diff. /bugteam needs a target.` and stop.
+- **Working tree dirty with uncommitted changes the user did not stage.** Respond: `Uncommitted changes detected. Stash, commit, or revert before /bugteam.` and stop. Reason: the fix teammate will commit the working tree, mixing user-uncommitted work into automated fixes.
+- **Required subagents not installed.** Before Step 0, verify `code-quality-agent` and `clean-coder` subagent types exist in the available agents list. If either is missing, respond: `Required subagent type <name> not installed. /bugteam needs both code-quality-agent and clean-coder available.` and stop.
 
 ## The Process
 
@@ -80,9 +71,11 @@ Refusal cases — check in order; first match short-circuits and stops:
 Before spawning any teammates, grant the team session write access to the project's `.claude/**` tree:
 
 ```bash
-python scripts/grant_project_claude_permissions.py
+python "${CLAUDE_SKILL_DIR}/grant_project_claude_permissions.py"
 ```
 
+Note: `${CLAUDE_SKILL_DIR}` is a Claude Code host-managed token, pre-substituted by the runtime before any shell sees it. Unlike `${TMPDIR}` and similar shell parameter expansions, it does not depend on the shell's expansion semantics, so it works identically on Unix and Windows shells.
+
 The script reads `Path.cwd()` and writes idempotent allow rules into `~/.claude/settings.json`. Run from the project root. If it fails (non-zero exit), surface the error and stop — do not proceed without the grant.
 
 This is the FIRST action of every `/bugteam` invocation, before any team creation, before any agent spawn. The corresponding revoke runs at Step 5 regardless of how the cycle exits.
@@ -103,7 +96,9 @@ This session is the **team lead**. Create a team using the agent teams feature.
 
 Team specification:
 
-- **Team name:** `bugteam-pr-<number>` (or `bugteam-<head-branch>` if no PR)
+- **Team name:** `bugteam-pr-<number>-<YYYYMMDDHHMMSS>` (or `bugteam-<sanitized-head-branch>-<YYYYMMDDHHMMSS>` if no PR). The timestamp is captured at team-creation time from the lead session and prevents two concurrent invocations on the same PR from colliding.
+- **Branch-name sanitization (no-PR fallback only):** Before substituting `<head-branch>` into the team_name template, replace every character that is NOT in `[A-Za-z0-9._-]` with `-`. This whitelist covers safe portable filename characters and rejects all OS-reserved or shell-special chars including `/ \ : * ? < > | "` and ASCII control chars (0x00–0x1F). Example: `feat/foo*bar` → `feat-foo-bar`; team_name becomes `bugteam-feat-foo-bar-<YYYYMMDDHHMMSS>`. Apply this sanitization BEFORE the team_name is captured, not after — every downstream use of `team_name` (team creation, scoped temp dir, cleanup) sees the safe form.
+- **Per-team temp directory (resolved once, reused everywhere):** After team_name is captured, resolve a portable absolute path with a Claude-side lookup using Python's `tempfile.gettempdir()`, which honors `TMPDIR`, `TEMP`, and `TMP` in the platform-correct order and falls back to `C:\Users\<user>\AppData\Local\Temp` on Windows or `/tmp` on Unix: `Path(tempfile.gettempdir()) / team_name` (requires `import tempfile`). The `team_name` value already carries the `bugteam-` prefix, so do NOT add it again here. Avoid hand-rolled env var chains. Capture the resolved absolute path as `<team_temp_dir>` and pass that literal path to every shell command that follows. Shell-side parameter expansion (`${TMPDIR:-/tmp}`) is forbidden because cmd.exe and PowerShell do not expand it.
 - **Roles defined up front (spawned per loop, not at team creation):**
   - `bugfind` — uses teammate role `code-quality-agent`, model sonnet
   - `bugfix` — uses teammate role `clean-coder`, model sonnet
@@ -119,7 +114,8 @@ last_action="fresh"
 last_findings=""
 audit_log=""
 starting_sha="$(git rev-parse HEAD)"   # captured once, used in the final report
-team_name="bugteam-pr-<number>"
+team_name="bugteam-pr-<number>-<YYYYMMDDHHMMSS>"  # no-PR fallback uses sanitized branch
+team_temp_dir="<resolved-absolute-path>/<team_name>"
 loop_comment_index=""                  # reset at every AUDIT, see scope note below
 ```
 
@@ -179,13 +175,16 @@ Repeat until an exit condition fires:
 
 ### AUDIT action (clean-room teammate, fresh per loop)
 
-Capture a fresh PR diff for this loop:
+Capture a fresh PR diff for this loop into the per-team scoped directory so concurrent `/bugteam` runs do not collide. Use the literal `<team_temp_dir>` resolved once in Step 2 — do NOT rewrite the path with shell expansion:
 
 ```
-gh pr diff <number> -R <owner>/<repo> > .bugteam-loop-<N>.patch
+mkdir -p "<team_temp_dir>"
+gh pr diff <number> -R <owner>/<repo> > "<team_temp_dir>/loop-<N>.patch"
 ```
 
-Spawn a NEW `bugfind` teammate for this loop using the `code-quality-agent` teammate role. The teammate is fresh: no prior loop's findings, no chat history, no inherited audit context. Per the docs: *"The lead's conversation history does not carry over."* — and we further guarantee independence by spawning a new teammate per loop rather than reusing one.
+`<team_temp_dir>` is the absolute path captured in Step 2 (already includes the sanitized team_name and timestamp suffix, and `team_name` itself is already prefixed with `bugteam-`). Claude resolves the portable temp root once via `Path(tempfile.gettempdir()) / team_name` (requires `import tempfile`) and passes the literal absolute path to every shell command. `tempfile.gettempdir()` honors `TMPDIR`, `TEMP`, and `TMP` in the platform-correct order and falls back to `C:\Users\<user>\AppData\Local\Temp` on Windows or `/tmp` on Unix, so this works identically on macOS, Linux, Windows cmd.exe, and PowerShell because the shell never has to interpret `${TMPDIR:-/tmp}` or `%TEMP%`.
+
+Spawn a NEW `bugfind` teammate for this loop using the `code-quality-agent` subagent type. The teammate is fresh: no prior loop's findings, no chat history, no inherited audit context. Per the docs: *"The lead's conversation history does not carry over."* — and we further guarantee independence by spawning a new teammate per loop rather than reusing one.
 
 The teammate's spawn prompt is the full XML below — copy it verbatim with the placeholders substituted. **Forbid all conversation references** in the spawn prompt. No "as we discussed," "the earlier issue," "fix from the prior loop," "you previously identified." Each loop's audit teammate has no idea other loops happened.
 
@@ -199,7 +198,7 @@ The teammate's spawn prompt is the full XML below — copy it verbatim with the
 </context>
 
 <scope>
-  <diff_path>absolute path to .bugteam-loop-N.patch</diff_path>
+  <diff_path>Absolute path to the loop-N patch file under team_temp_dir from Step 2 (same path as gh pr diff redirect in AUDIT)</diff_path>
   <scope_rule>Audit only lines added or modified in the diff. Pre-existing code on untouched lines is out of scope.</scope_rule>
 </scope>
 
@@ -377,7 +376,7 @@ If `git rev-parse HEAD` did not change, exit reason = `stuck — bugfix teammate
 When the cycle exits (any reason):
 
 1. **Clean up the team as the lead.** Per the docs: *"When you're done, ask the lead to clean up: 'Clean up the team'. This removes the shared team resources. When the lead runs cleanup, it checks for active teammates and fails if any are still running, so shut them down first."* The lead is THIS session — call cleanup directly. If any teammate is still alive (e.g., from an aborted shutdown), shut it down first.
-2. Delete every `.bugteam-loop-*.patch` from the working directory.
+2. Delete the per-team scoped temp directory using Python: `shutil.rmtree(team_temp_dir, ignore_errors=True)` (requires `import shutil`). This works on every platform without OS-detection branching. Pass the literal absolute path Claude resolved at Step 2 — do NOT defer to the shell, and never use shell `${TMPDIR:-/tmp}` or `%TEMP%` expansion at this step either.
 
 ### Step 4.5: Finalize the PR description (mandatory)
 
@@ -407,7 +406,7 @@ If Step 4.5 fails for any reason (agent error, hook block, network), surface the
 After team cleanup completes — including on error, cap-reached, or stuck exits — run:
 
 ```bash
-python scripts/revoke_project_claude_permissions.py
+python "${CLAUDE_SKILL_DIR}/revoke_project_claude_permissions.py"
 ```
 
 This removes the allow rules and additionalDirectories entry that Step 0 added. Revoke is non-negotiable: leaving the grant in place means future sessions inherit elevated permissions on this project's `.claude/**` tree without the user opting in. Run this even if Step 4 cleanup partially failed; surface the cleanup error separately in the final report.
@@ -445,6 +444,7 @@ If exit = `cap reached`, name the remaining bug count and recommend `/findbugs`
 - **One commit per fix action.** Loops produce one commit per loop, not one per bug.
 - **No `--force`, no `--amend`, no rebase, no base change** at any point.
 - **Lead-only cleanup.** Per the docs: *"Always use the lead to clean up. Teammates should not run cleanup because their team context may not resolve correctly, potentially leaving resources in an inconsistent state."* This session is the lead; teammates never call cleanup.
+- **Cleanup the per-team scoped temp directory on exit.** The resolved `<team_temp_dir>` (absolute literal captured in Step 2) is deleted entirely so no loop patches leak between runs.
 - **Cleanup all `.bugteam-*` files on exit.** `.bugteam-loop-*.patch`, `.bugteam-loop-*.outcomes.xml`, `.bugteam-final.diff`, `.bugteam-original-body.md`, `.bugteam-final-body.md`. Working directory ends clean.
 - **Teammates own audit/fix comment posting.** Bugfind posts the loop comment and finding comments (with issue-comment fallback). Bugfix posts the fix replies after committing. The lead never calls `gh pr comment` or `gh api repos/.../comments` for these.
 - **Lead owns the final PR description rewrite only** (Step 4.5), and only via the `pr-description-writer` agent. The lead does not compose the description inline.

package/skills/bugteam/_claude_permissions_common.py

@@ -0,0 +1,224 @@
+"""Shared helpers for grant_project_claude_permissions and revoke_project_claude_permissions.
+
+Writes to ~/.claude/settings.json are atomic and permission-preserving: the
+target file's existing POSIX mode is captured, a sibling temp file is
+created via os.open with O_CREAT | O_EXCL and the preserved mode, content
+is written, then os.replace swaps it into place. Output is serialized with
+sort_keys=True for a stable on-disk layout; the first run on a hand-ordered
+settings file produces a one-time re-sort diff, subsequent writes are stable.
+"""
+
+import json
+import os
+import stat
+import sys
+from pathlib import Path
+from typing import Any, NoReturn
+
+
+TEXT_FILE_ENCODING: str = "utf-8"
+GLOB_METACHARACTERS_IN_PATH: tuple[str, ...] = (
+    "*",
+    "?",
+    "[",
+    "]",
+    "(",
+    ")",
+    "{",
+    "}",
+    ",",
+)
+
+JSON_INDENT_SPACES: int = 2
+PERMISSION_ALLOW_TOOLS: tuple[str, ...] = ("Edit", "Write", "Read")
+
+DEFAULT_SETTINGS_FILE_MODE: int = 0o600
+ATOMIC_WRITE_TEMPORARY_SUFFIX: str = ".tmp"
+
+AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE: str = (
+    "Trusted local workspace: {project_path}/.claude/** is the user's "
+    "project Claude Code config tree; edits inside are routine"
+)
+
+
+def exit_with_error(message: str) -> NoReturn:
+    print(f"Error: {message}", file=sys.stderr)
+    raise SystemExit(1)
+
+
+def path_contains_glob_metacharacters(candidate_path: str) -> bool:
+    return any(
+        each_character in candidate_path
+        for each_character in GLOB_METACHARACTERS_IN_PATH
+    )
+
+
+def path_contains_whitespace(candidate_path: str) -> bool:
+    return any(each_character.isspace() for each_character in candidate_path)
+
+
+def get_current_project_path() -> str:
+    normalized_project_path = str(Path.cwd()).replace("\\", "/")
+    if path_contains_glob_metacharacters(normalized_project_path):
+        raise ValueError(
+            f"Current directory path contains glob metacharacters and cannot "
+            f"be used to build permission rules safely: {normalized_project_path}"
+        )
+    if path_contains_whitespace(normalized_project_path):
+        raise ValueError(
+            f"Current directory path contains whitespace and cannot be used "
+            f"to build permission rules safely: {normalized_project_path}"
+        )
+    return normalized_project_path
+
+
+def build_permission_rule(tool_name: str, project_path: str) -> str:
+    return f"{tool_name}({project_path}/.claude/**)"
+
+
+def build_permission_rules(
+    project_path: str, permission_allow_tools: tuple[str, ...]
+) -> list[str]:
+    return [
+        build_permission_rule(each_tool, project_path)
+        for each_tool in permission_allow_tools
+    ]
+
+
+def load_settings(settings_path: Path) -> dict[str, Any]:
+    if not settings_path.exists():
+        return {}
+    parsed_settings: dict[str, Any] = {}
+    try:
+        raw_text = settings_path.read_text(encoding=TEXT_FILE_ENCODING)
+    except OSError as read_error:
+        exit_with_error(f"Failed to read {settings_path}: {read_error}")
+    try:
+        parsed_settings = json.loads(raw_text)
+    except json.JSONDecodeError as decode_error:
+        exit_with_error(
+            f"Refusing to modify {settings_path}: existing file is not valid JSON "
+            f"({decode_error}). Fix or back up the file manually, then re-run."
+        )
+    if not isinstance(parsed_settings, dict):
+        exit_with_error(
+            f"Refusing to modify {settings_path}: existing file's root is "
+            f"{type(parsed_settings).__name__}, not a JSON object. Fix or back up "
+            f"the file manually, then re-run."
+        )
+    return parsed_settings
+
+
+def get_mode_to_preserve(settings_path: Path) -> int:
+    try:
+        stat_result = os.stat(settings_path)
+    except FileNotFoundError:
+        return DEFAULT_SETTINGS_FILE_MODE
+    except OSError as stat_error:
+        exit_with_error(f"Failed to stat {settings_path}: {stat_error}")
+    return stat.S_IMODE(stat_result.st_mode)
+
+
+def write_atomically_with_mode(
+    temporary_path: Path, serialized_content: str, file_mode: int
+) -> None:
+    file_descriptor = os.open(
+        str(temporary_path),
+        os.O_WRONLY | os.O_CREAT | os.O_EXCL,
+        file_mode,
+    )
+    with os.fdopen(file_descriptor, "w", encoding=TEXT_FILE_ENCODING) as writer:
+        writer.write(serialized_content)
+
+
+def save_settings(settings_path: Path, settings: dict[str, Any]) -> None:
+    settings_path.parent.mkdir(parents=True, exist_ok=True)
+    serialized_settings = json.dumps(
+        settings, indent=JSON_INDENT_SPACES, sort_keys=True
+    )
+    temporary_path = settings_path.with_suffix(
+        settings_path.suffix + ATOMIC_WRITE_TEMPORARY_SUFFIX
+    )
+    mode_to_preserve = get_mode_to_preserve(settings_path)
+    try:
+        try:
+            write_atomically_with_mode(
+                temporary_path, serialized_settings, mode_to_preserve
+            )
+            os.replace(str(temporary_path), str(settings_path))
+        except OSError as os_error:
+            exit_with_error(
+                f"Failed to write settings atomically to {settings_path}: {os_error}"
+            )
+    finally:
+        if temporary_path.exists():
+            try:
+                temporary_path.unlink()
+            except OSError:
+                pass
+
+
+def append_if_missing(target_list: list[str], new_value: str) -> bool:
+    if new_value in target_list:
+        return False
+    target_list.append(new_value)
+    return True
+
+
+def ensure_dict_section(
+    settings: dict[str, Any], section_name: str
+) -> dict[str, Any]:
+    """Return an existing dict section or create an empty one if absent.
+
+    A missing key and an explicit JSON null are treated identically: both
+    produce a fresh empty dict stored back into settings. Any other non-dict
+    value (string, list, number, bool) calls exit_with_error to avoid
+    overwriting user data.
+    """
+    existing_section = settings.get(section_name)
+    if existing_section is None:
+        replacement_section: dict[str, Any] = {}
+        settings[section_name] = replacement_section
+        return replacement_section
+    if not isinstance(existing_section, dict):
+        exit_with_error(
+            f"Refusing to modify settings key {section_name!r}: existing value "
+            f"is {type(existing_section).__name__}, not a JSON object. Fix or "
+            f"remove the key manually, then re-run."
+        )
+    return existing_section
+
+
+def ensure_list_entry(section: dict[str, Any], entry_name: str) -> list[Any]:
+    """Return an existing list entry or create an empty one if absent.
+
+    A missing key and an explicit JSON null are treated identically: both
+    produce a fresh empty list stored back into the section. Any other
+    non-list value (string, dict, number, bool) calls exit_with_error to
+    avoid overwriting user data.
+    """
+    existing_entry = section.get(entry_name)
+    if existing_entry is None:
+        replacement_entry: list[Any] = []
+        section[entry_name] = replacement_entry
+        return replacement_entry
+    if not isinstance(existing_entry, list):
+        exit_with_error(
+            f"Refusing to modify settings entry {entry_name!r}: existing value "
+            f"is {type(existing_entry).__name__}, not a JSON array. Fix or "
+            f"remove the entry manually, then re-run."
+        )
+    return existing_entry
+
+
+def prune_empty_list_then_empty_section(
+    settings: dict[str, Any], section_key: str, list_key: str
+) -> None:
+    section = settings.get(section_key)
+    if not isinstance(section, dict):
+        return
+    list_entry = section.get(list_key)
+    if isinstance(list_entry, list) and len(list_entry) == 0:
+        del section[list_key]
+    if len(section) == 0:
+        del settings[section_key]

package/skills/bugteam/grant_project_claude_permissions.py

@@ -0,0 +1,110 @@
+"""Grant Edit/Write/Read permissions on the current directory's .claude tree.
+
+Run from the project root whose .claude/** you want a Claude Code session
+(including spawned subagents) to edit without prompting. Writes idempotent
+entries into the user-scope settings at ~/.claude/settings.json and prints
+the changes applied. No-op when the entries already exist.
+"""
+
+import sys
+from pathlib import Path
+from typing import Any
+
+sys.path.insert(0, str(Path(__file__).resolve().parent))
+
+from _claude_permissions_common import (  # noqa: E402
+    append_if_missing,
+    build_permission_rules,
+    ensure_dict_section,
+    ensure_list_entry,
+    exit_with_error,
+    get_current_project_path,
+    load_settings,
+    save_settings,
+    AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE,
+    PERMISSION_ALLOW_TOOLS,
+)
+
+
+CLAUDE_USER_SETTINGS_PATH: Path = Path.home() / ".claude" / "settings.json"
+
+
+def is_valid_project_root(candidate_path: Path) -> bool:
+    git_marker_path = candidate_path / ".git"
+    claude_marker_path = candidate_path / ".claude"
+    return git_marker_path.exists() or claude_marker_path.exists()
+
+
+def add_rules_to_allow_list(settings: dict[str, Any], rules_to_add: list[str]) -> int:
+    permissions_section = ensure_dict_section(settings, "permissions")
+    existing_allow_list = ensure_list_entry(permissions_section, "allow")
+    return sum(
+        1
+        for each_rule in rules_to_add
+        if append_if_missing(existing_allow_list, each_rule)
+    )
+
+
+def add_directory_to_additional_directories(
+    settings: dict[str, Any], directory_path: str
+) -> int:
+    permissions_section = ensure_dict_section(settings, "permissions")
+    existing_directories = ensure_list_entry(
+        permissions_section, "additionalDirectories"
+    )
+    if append_if_missing(existing_directories, directory_path):
+        return 1
+    return 0
+
+
+def add_auto_mode_environment_entry(settings: dict[str, Any], entry_text: str) -> int:
+    auto_mode_section = ensure_dict_section(settings, "autoMode")
+    existing_environment = ensure_list_entry(auto_mode_section, "environment")
+    if append_if_missing(existing_environment, entry_text):
+        return 1
+    return 0
+
+
+def grant_permissions_for_current_directory() -> None:
+    project_root_path = Path.cwd()
+    if not is_valid_project_root(project_root_path):
+        print(
+            f"ERROR: cwd {project_root_path} is not a project root "
+            f"(no .git or .claude). Run from a project root.",
+            file=sys.stderr,
+        )
+        raise SystemExit(1)
+    project_path = get_current_project_path()
+    permission_rules = build_permission_rules(project_path, PERMISSION_ALLOW_TOOLS)
+    environment_entry = AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE.format(
+        project_path=project_path
+    )
+    settings = load_settings(CLAUDE_USER_SETTINGS_PATH)
+    rules_added_count = add_rules_to_allow_list(settings, permission_rules)
+    directories_added_count = add_directory_to_additional_directories(
+        settings, project_path
+    )
+    environment_entries_added_count = add_auto_mode_environment_entry(
+        settings, environment_entry
+    )
+    total_changes_count = (
+        rules_added_count + directories_added_count + environment_entries_added_count
+    )
+    if total_changes_count == 0:
+        print(f"Project path: {project_path}")
+        print(f"Settings file: {CLAUDE_USER_SETTINGS_PATH}")
+        print("No changes needed; settings file left untouched.")
+        return
+    save_settings(CLAUDE_USER_SETTINGS_PATH, settings)
+    print(f"Project path: {project_path}")
+    print(f"Settings file: {CLAUDE_USER_SETTINGS_PATH}")
+    print(f"Allow rules added: {rules_added_count} of {len(permission_rules)}")
+    print(f"Additional directories added: {directories_added_count}")
+    print(f"Auto-mode environment entries added: {environment_entries_added_count}")
+
+
+if __name__ == "__main__":
+    try:
+        grant_permissions_for_current_directory()
+    except ValueError as path_error:
+        exit_with_error(str(path_error))

package/skills/bugteam/revoke_project_claude_permissions.py

@@ -0,0 +1,136 @@
+"""Revoke the permissions previously granted by grant_project_claude_permissions.
+
+Run from the same project root you previously granted. Removes the matching
+allow rules, the additionalDirectories entry, and the autoMode environment
+entry from ~/.claude/settings.json. Safe to run when no prior grant exists.
+After removals, prunes any newly empty lists and their parent permissions or
+autoMode sections so repeated grant/revoke cycles leave no dead structure.
+"""
+
+import sys
+from pathlib import Path
+from typing import Any
+
+sys.path.insert(0, str(Path(__file__).resolve().parent))
+
+from _claude_permissions_common import (  # noqa: E402
+    build_permission_rules,
+    exit_with_error,
+    get_current_project_path,
+    load_settings,
+    prune_empty_list_then_empty_section,
+    save_settings,
+    AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE,
+    PERMISSION_ALLOW_TOOLS,
+)
+
+
+CLAUDE_USER_SETTINGS_PATH: Path = Path.home() / ".claude" / "settings.json"
+
+
+def is_valid_project_root(candidate_path: Path) -> bool:
+    git_marker_path = candidate_path / ".git"
+    claude_marker_path = candidate_path / ".claude"
+    return git_marker_path.exists() or claude_marker_path.exists()
+
+
+def remove_values_from_list(target_list: list[str], values_to_remove: set[str]) -> int:
+    original_length = len(target_list)
+    target_list[:] = [
+        each_value for each_value in target_list if each_value not in values_to_remove
+    ]
+    return original_length - len(target_list)
+
+
+def remove_rules_from_allow_list(
+    settings: dict[str, Any], rules_to_remove: list[str]
+) -> int:
+    permissions_section = settings.get("permissions")
+    if not isinstance(permissions_section, dict):
+        return 0
+    existing_allow_list = permissions_section.get("allow")
+    if not isinstance(existing_allow_list, list):
+        return 0
+    return remove_values_from_list(existing_allow_list, set(rules_to_remove))
+
+
+def remove_directory_from_additional_directories(
+    settings: dict[str, Any], directory_path: str
+) -> int:
+    permissions_section = settings.get("permissions")
+    if not isinstance(permissions_section, dict):
+        return 0
+    existing_directories = permissions_section.get("additionalDirectories")
+    if not isinstance(existing_directories, list):
+        return 0
+    return remove_values_from_list(existing_directories, {directory_path})
+
+
+def remove_auto_mode_environment_entry(
+    settings: dict[str, Any], entry_text: str
+) -> int:
+    auto_mode_section = settings.get("autoMode")
+    if not isinstance(auto_mode_section, dict):
+        return 0
+    existing_environment = auto_mode_section.get("environment")
+    if not isinstance(existing_environment, list):
+        return 0
+    return remove_values_from_list(existing_environment, {entry_text})
+
+
+def prune_settings_after_revoke(settings: dict[str, Any]) -> None:
+    prune_empty_list_then_empty_section(settings, "permissions", "allow")
+    prune_empty_list_then_empty_section(
+        settings, "permissions", "additionalDirectories"
+    )
+    prune_empty_list_then_empty_section(settings, "autoMode", "environment")
+
+
+def revoke_permissions_for_current_directory() -> None:
+    project_root_path = Path.cwd()
+    if not is_valid_project_root(project_root_path):
+        print(
+            f"ERROR: cwd {project_root_path} is not a project root "
+            f"(no .git or .claude). Run from a project root.",
+            file=sys.stderr,
+        )
+        raise SystemExit(1)
+    project_path = get_current_project_path()
+    permission_rules = build_permission_rules(project_path, PERMISSION_ALLOW_TOOLS)
+    environment_entry = AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE.format(
+        project_path=project_path
+    )
+    settings = load_settings(CLAUDE_USER_SETTINGS_PATH)
+    rules_removed_count = remove_rules_from_allow_list(settings, permission_rules)
+    directories_removed_count = remove_directory_from_additional_directories(
+        settings, project_path
+    )
+    environment_entries_removed_count = remove_auto_mode_environment_entry(
+        settings, environment_entry
+    )
+    total_changes_count = (
+        rules_removed_count
+        + directories_removed_count
+        + environment_entries_removed_count
+    )
+    if total_changes_count == 0:
+        print(f"Project path: {project_path}")
+        print(f"Settings file: {CLAUDE_USER_SETTINGS_PATH}")
+        print("No changes to revoke; settings file left untouched.")
+        return
+    prune_settings_after_revoke(settings)
+    save_settings(CLAUDE_USER_SETTINGS_PATH, settings)
+    print(f"Project path: {project_path}")
+    print(f"Settings file: {CLAUDE_USER_SETTINGS_PATH}")
+    print(f"Allow rules removed: {rules_removed_count} of {len(permission_rules)}")
+    print(f"Additional directories removed: {directories_removed_count}")
+    print(
+        f"Auto-mode environment entries removed: {environment_entries_removed_count}"
+    )
+
+
+if __name__ == "__main__":
+    try:
+        revoke_permissions_for_current_directory()
+    except ValueError as path_error:
+        exit_with_error(str(path_error))

package/skills/findbugs/SKILL.md

@@ -30,9 +30,18 @@ Determine the audit target in this order:
 
 ### Step 2: Capture the full PR diff
 
-When a PR exists: `gh pr diff <number> -R <owner>/<repo> > .findbugs-pr.patch`.
+Resolve the temp diff path **once, Claude-side**, before invoking any shell command. Use Python's `tempfile.gettempdir()` which honors `TMPDIR`, `TEMP`, and `TMP` in the platform-correct order and falls back to `C:\Users\<user>\AppData\Local\Temp` on Windows or `/tmp` on Unix. Avoid hand-rolled env var chains. The lookup works on macOS, Linux, Windows cmd.exe, and PowerShell:
 
-When falling back to merge-base diff: `git diff <merge-base>...HEAD > .findbugs-pr.patch`.
+```
+import tempfile
+diff_temp_path = Path(tempfile.gettempdir()) / f"findbugs-pr-{os.getpid()}.patch"
+```
+
+`os.getpid()` supplies the per-invocation suffix that prevents collisions with parallel `/findbugs` runs (a UUID or timestamp is equally acceptable). Capture the resolved absolute path as `<diff_temp_path>` and pass that **literal** path to every shell command that follows. Shell-side parameter expansion (`${TMPDIR:-/tmp}`, `$$`, `%TEMP%`) is forbidden because cmd.exe and PowerShell do not honor it.
+
+When a PR exists: `gh pr diff <number> -R <owner>/<repo> > "<diff_temp_path>"`.
+
+When falling back to merge-base diff: `git diff <merge-base>...HEAD > "<diff_temp_path>"`.
 
 The audit's authoritative scope is this single diff file. Do not inject extra files, related history, or "files Claude edited this session" — those introduce anchoring bias.
 
@@ -63,7 +72,7 @@ The XML prompt skeleton:
 </context>
 
 <scope>
-  <diff_path>.findbugs-pr.patch (absolute path)</diff_path>
+  <diff_path><diff_temp_path> (absolute scoped temp path from Step 2)</diff_path>
   <scope_rule>Audit only lines added or modified in the diff. Pre-existing code on untouched lines is out of scope.</scope_rule>
 </scope>
 
@@ -122,7 +131,7 @@ When the agent returns, report concisely:
 
 Offer the next step without auto-executing it: `Want me to spawn clean-coder to fix the P0/P1 findings?`
 
-Delete `.findbugs-pr.patch` after the audit completes (or moves to a fix flow). Temporary diff files do not belong in the working tree.
+Delete the scoped temp diff at `<diff_temp_path>` after the audit completes (or moves to a fix flow). Temporary diff files do not belong in the working tree.
 
 Do not paste the full agent transcript or the XML prompt unless the user asks.
 
@@ -153,7 +162,7 @@ Want me to spawn clean-coder to fix the P0/P1 findings?
 - **Clean-room prompt.** The agent's prompt is self-contained — no references to chat history, no anchoring hints, no expected outcomes.
 - **No clean-coder auto-spawn.** Always ask before fixing.
 - **Trust the agent's verdict.** Pass through P0/P1/P2 categorizations as the agent assigned them; do not re-rank.
-- **Temp file cleanup.** Delete `.findbugs-pr.patch` when the audit ends.
+- **Temp file cleanup.** Delete the scoped `<diff_temp_path>` when the audit ends.
 
 ## Examples
 

package/skills/fixbugs/SKILL.md

@@ -23,6 +23,7 @@ Refusal cases:
 - **No findings in session.** Respond exactly: `No findings in this session. Run /findbugs first.` and stop.
 - **Most recent /findbugs returned zero bugs.** Respond exactly: `No bugs to fix.` and stop.
 - **Filter excludes every finding.** Respond: `No bugs match the filter <args>.` and stop.
+- **Agent-prompt skill not installed.** Before Step 1, verify the `agent-prompt` skill is in the available skills list. If missing, respond: `agent-prompt skill not installed. /fixbugs hands off to it; install it first.` and stop.
 
 ## The Process