claudeforge-cli 1.0.0

package/templates/claude/hooks/pre-tool-use.sh.tpl

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+# ─────────────────────────────────────────────────────────────────────────────
+# PreToolUse Hook
+# Runs before every tool execution. Use this to block or warn on dangerous ops.
+#
+# Input:  JSON on stdin  — describes the tool call (tool_name, tool_input, ...)
+# Output: JSON on stdout — {"decision": "block"|"warn", "reason": "..."} to
+#                          intercept, or empty output to allow the call.
+#
+# Exit codes: 0 = allow (unless decision=block), non-zero = block
+#
+# Docs: https://docs.anthropic.com/en/docs/claude-code/hooks
+# ─────────────────────────────────────────────────────────────────────────────
+
+set -euo pipefail
+
+INPUT=$(cat)
+
+# ── Helper: extract JSON field via python3 (available on macOS/Linux) ─────────
+json_get() {
+  python3 -c "
+import sys, json
+try:
+    d = json.loads(sys.stdin.read())
+    keys = '$1'.split('.')
+    v = d
+    for k in keys:
+        v = v[k] if isinstance(v, dict) else ''
+    print(v if v is not None else '')
+except:
+    print('')
+" <<< "$INPUT"
+}
+
+TOOL_NAME=$(json_get "tool_name")
+COMMAND=$(json_get "tool_input.command")
+FILE_PATH=$(json_get "tool_input.path")
+
+# ── Rule 1: Block rm -rf on paths outside /tmp ────────────────────────────────
+if [[ "$TOOL_NAME" == "Bash" ]]; then
+  if echo "$COMMAND" | grep -qE 'rm\s+-[rf]+\s+/' && ! echo "$COMMAND" | grep -qE 'rm\s+-[rf]+\s+/tmp'; then
+    echo '{"decision":"block","reason":"Blocked: rm -rf on an absolute path outside /tmp. Verify the target and use a safer, more targeted delete."}'
+    exit 0
+  fi
+fi
+
+# ── Rule 2: Warn on edits to sensitive files ──────────────────────────────────
+if [[ "$TOOL_NAME" == "Edit" || "$TOOL_NAME" == "Write" || "$TOOL_NAME" == "MultiEdit" ]]; then
+  if echo "$FILE_PATH" | grep -qiE '\.env$|credentials|secrets|\.pem$|\.key$|id_rsa|\.p12$'; then
+    echo '{"decision":"warn","reason":"Warning: Editing a sensitive file. Ensure no secrets are hardcoded and this file is listed in .gitignore."}'
+    exit 0
+  fi
+fi
+
+# ── Rule 3: Block piped shell execution (curl | bash, wget | sh, etc.) ────────
+if [[ "$TOOL_NAME" == "Bash" ]]; then
+  if echo "$COMMAND" | grep -qE '(curl|wget)\s+.*\|\s*(bash|sh|zsh)'; then
+    echo '{"decision":"block","reason":"Blocked: piped remote script execution (curl|bash pattern). Download the script first, inspect it, then run it explicitly."}'
+    exit 0
+  fi
+fi
+
+# ── Default: allow ────────────────────────────────────────────────────────────
+exit 0

package/templates/claude/rules/no-sensitive-files.md.tpl

@@ -0,0 +1,29 @@
+# Rule: No Sensitive Files
+
+## What This Rule Does
+
+Prevents Claude from reading, writing, or referencing files that are likely
+to contain credentials, private keys, or other sensitive data.
+
+## Sensitive File Patterns
+
+Claude should decline to read or write files matching these patterns unless
+the user has explicitly acknowledged the risk:
+
+- `.env` and `.env.*` variants (`.env.local`, `.env.production`, etc.)
+- `credentials`, `secrets`, `keystore` (any extension)
+- `*.pem`, `*.key`, `*.p12`, `*.pfx` (cryptographic key material)
+- `id_rsa`, `id_ed25519`, `id_ecdsa` (SSH private keys)
+- `*.json` files inside `~/.aws/`, `~/.gcp/`, `~/.azure/`
+
+## What to Do Instead
+
+- Store secrets in environment variables or a secrets manager
+- Reference values via `process.env.SECRET_NAME` (Node) or `os.environ["SECRET"]` (Python)
+- Use `.env.example` to document required variables without exposing values
+- Never hardcode API keys, tokens, or passwords in source files
+
+## When It's OK
+
+If the user explicitly says "yes, edit this file" after being warned, proceed.
+Always verify the file will be covered by `.gitignore` before writing.

package/templates/claude/settings.json.tpl

@@ -0,0 +1,50 @@
+{
+  "model": "claude-sonnet-4-6",
+  "permissions": {
+    "allow": [
+      "Bash(git status:*)",
+      "Bash(git diff:*)",
+      "Bash(git log:*)",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(git push:*)",
+      "Bash(git branch:*)",
+      "Bash(git checkout:*)",
+      "Bash(git stash:*)",
+      "Bash(npm run:*)",
+      "Bash(npm test:*)",
+      "Bash(npm install:*)",
+      "Bash(npx:*)"
+    ],
+    "deny": [
+      "Bash(rm -rf /:*)",
+      "Bash(curl * | bash:*)",
+      "Bash(wget * | bash:*)",
+      "Bash(sudo rm:*)"
+    ]
+  },
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash|Edit|Write|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/pre-tool-use.sh"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .claude/hooks/post-tool-use.sh"
+          }
+        ]
+      }
+    ]
+  }
+}

package/templates/claude/settings.local.json.tpl

@@ -0,0 +1,4 @@
+{
+  "_comment": "Personal overrides — DO NOT commit this file (it is gitignored). Values here override .claude/settings.json for your local environment only.",
+  "model": "claude-opus-4-6"
+}

package/templates/claude/skills/project-conventions/SKILL.md.tpl

@@ -0,0 +1,39 @@
+---
+name: project-conventions
+description: Apply the coding conventions and standards defined in CLAUDE.md for this project. Invoke this skill before writing new code, creating files, or refactoring — especially when the user hasn't specified a style preference. Claude-invocable only.
+user-invocable: false
+---
+
+# Project Conventions Skill
+
+This skill reminds Claude to read and apply project-specific conventions before writing code.
+
+## What to Read First
+
+Before writing any code, always read:
+
+1. **`CLAUDE.md`** — the authoritative source for this project's commands, architecture, and style
+2. **Neighboring files** — files in the same directory as the file being created/edited reveal local patterns
+3. **`memory/project_ai_workflow.md`** — AI-specific conventions for this project
+
+## Core Principles
+
+- **Match the surrounding style exactly** — if the codebase uses tabs, use tabs; if it uses `const`, use `const`
+- **Read before you write** — read at least 2 existing files in the relevant module before creating anything new
+- **No debug artifacts** — never commit `console.log`, `print()`, `debugger`, or commented-out blocks
+- **No silent failures** — always propagate or log errors; never swallow exceptions
+
+## Before Finishing Any Task
+
+Run through this checklist mentally:
+
+- [ ] Does the new code match the surrounding style?
+- [ ] Are all variables and functions named consistently with the rest of the file?
+- [ ] Is there any debug code or dead code to remove?
+- [ ] Are there hardcoded values that should be constants or environment variables?
+- [ ] Does this need a test? If yes, was one written or is one planned?
+
+## Customizing This Skill
+
+Update the sections above to reflect your project's actual conventions.
+The more specific you are, the less correction Claude will need.

package/templates/mcp.json.tpl

@@ -0,0 +1,9 @@
+{
+  "mcpServers": {
+    "context7": {
+      "command": "npx",
+      "args": ["-y", "@upstash/context7-mcp@latest"],
+      "env": {}
+    }
+  }
+}

package/templates/memory/MEMORY.md.tpl

@@ -0,0 +1,37 @@
+# Project Memory Index
+
+This file is an **index** of persistent memory files for this project.
+It is always loaded into Claude's context at the start of every session.
+
+> **Do NOT write memory content directly here.**
+> Create individual files and add a one-line pointer below.
+> Lines past ~200 are truncated — keep this index concise.
+
+---
+
+## Memory Files
+
+<!-- Format: - [Title](./filename.md) — one-line description (≤120 chars) -->
+
+- [user_profile.md](./user_profile.md) — Developer role, preferences, and working style
+- [feedback_communication.md](./feedback_communication.md) — How Claude should communicate in this project
+- [project_ai_workflow.md](./project_ai_workflow.md) — AI tools, agents, and workflow conventions
+
+---
+
+## How This System Works
+
+1. `MEMORY.md` (this file) is always loaded — keep it under 200 lines
+2. Individual memory files are read on-demand when relevant to the current task
+3. Claude updates memory files as it learns project context across sessions
+4. Tell Claude **"Remember that [fact]"** to persist something across sessions
+5. Tell Claude **"Forget that [fact]"** to remove a memory entry
+
+## Memory File Types
+
+| Type | Purpose |
+|------|---------|
+| `user` | Who you are, your role, preferences, and expertise |
+| `feedback` | How Claude should behave — corrections and confirmed approaches |
+| `project` | Ongoing work, goals, decisions, deadlines |
+| `reference` | Where to find things in external systems |

package/templates/memory/feedback_communication.md.tpl

@@ -0,0 +1,29 @@
+---
+name: feedback-communication
+description: Guidance on how Claude should communicate and behave in this project — corrections and confirmed approaches
+type: feedback
+---
+
+# Communication Feedback
+
+> This file is populated as Claude learns your preferences.
+> Corrections ("Don't do X") and confirmations ("Yes, keep doing Y") both belong here.
+
+## Rules
+
+<!-- Add entries as Claude learns your preferences. Format:
+- **Rule**: [the behavior rule]
+  **Why**: [reason the user gave]
+  **How to apply**: [when this kicks in]
+-->
+
+> No rules yet. Tell Claude what you like or dislike about its responses
+> and it will record the preference here for future sessions.
+
+## Examples of What to Record
+
+- "No trailing summaries after completing tasks — I can read the diff"
+- "Always show the exact shell command before running it"
+- "Prefer bullet lists over paragraphs for multi-step instructions"
+- "Explain tradeoffs before making architectural decisions, don't just pick one"
+- "Don't refactor surrounding code unless I ask — stay focused on the task"

package/templates/memory/project_ai_workflow.md.tpl

@@ -0,0 +1,43 @@
+---
+name: project-ai-workflow
+description: How AI tools are integrated into this project's development workflow — agents, commands, hooks, and MCP servers in use
+type: project
+---
+
+# Project AI Workflow
+
+> Update this file as your team's AI workflow evolves.
+
+## Slash Commands
+
+| Command | Purpose | When to Use |
+|---------|---------|-------------|
+| `/commit` | Stage and create a conventional commit | After completing a feature or fix |
+| `/review-pr` | Review the current branch before opening a PR | Before `gh pr create` |
+
+## Agents
+
+| Agent | When Claude Uses It |
+|-------|---------------------|
+| `code-reviewer` | Reviewing changed code for bugs, security, and style issues |
+
+## MCP Servers
+
+| Server | Purpose |
+|--------|---------|
+| `context7` | Live documentation lookup for any library — use `use context7` in prompts |
+
+## Active Hooks
+
+| Hook | Trigger | Effect |
+|------|---------|--------|
+| `pre-tool-use.sh` | Before any Bash/Edit/Write call | Blocks `rm -rf /`, warns on `.env` edits, blocks `curl\|bash` |
+| `post-tool-use.sh` | After Edit/Write/MultiEdit | Reminds Claude to run tests after editing test files |
+
+## Project-Specific AI Context
+
+> Add notes about what makes this project unique from an AI-assistance perspective.
+> Examples:
+> - "Always read `db/schema.ts` before writing any database queries"
+> - "The API follows JSON:API spec — check `docs/api.md` when generating endpoints"
+> - "We use a custom test helper in `tests/helpers.ts` — use it instead of raw assertions"

package/templates/memory/user_profile.md.tpl

@@ -0,0 +1,30 @@
+---
+name: user-profile
+description: Developer identity, role, technical background, and working preferences for this project
+type: user
+---
+
+# User Profile
+
+> This file is **gitignored** — fill it in with your personal context.
+> Tell Claude "Remember that I [preference]" and it will update this file.
+
+## Role & Background
+
+- **Role**: [e.g., Full-stack engineer, Backend engineer, Data scientist]
+- **Team**: [e.g., Platform team, Growth team]
+- **Years of experience**: [e.g., 8 years]
+- **Strong areas**: [e.g., Go, distributed systems, PostgreSQL]
+- **Learning areas**: [e.g., New to React, first time with this codebase]
+
+## Communication Preferences
+
+- [e.g., Terse responses — I can read the diff, no need to summarize]
+- [e.g., Explain the *why* behind architectural decisions]
+- [e.g., Show the full command before running it]
+
+## Working Style
+
+- [e.g., I prefer small, atomic commits over large ones]
+- [e.g., I review all diffs before approving — always show me what changed]
+- [e.g., I like to understand the approach before you start implementing]