claudekit-cli 1.2.2 → 1.4.0

package/.github/workflows/ci.yml

@@ -38,8 +38,8 @@ jobs:
       - name: Run linter
         run: bun run lint
 
-      - name: Run tests
-        run: bun test
-
       - name: Build
         run: bun run build
+
+      - name: Run tests
+        run: bun test

package/.github/workflows/claude-code-review.yml

@@ -0,0 +1,57 @@
+name: Claude Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    # Optional: Only run on specific file changes
+    # paths:
+    #   - "src/**/*.ts"
+    #   - "src/**/*.tsx"
+    #   - "src/**/*.js"
+    #   - "src/**/*.jsx"
+
+jobs:
+  claude-review:
+    # Optional: Filter by PR author
+    # if: |
+    #   github.event.pull_request.user.login == 'external-contributor' ||
+    #   github.event.pull_request.user.login == 'new-developer' ||
+    #   github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code Review
+        id: claude-review
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          prompt: |
+            REPO: ${{ github.repository }}
+            PR NUMBER: ${{ github.event.pull_request.number }}
+
+            Please review this pull request and provide feedback on:
+            - Code quality and best practices
+            - Potential bugs or issues
+            - Performance considerations
+            - Security concerns
+            - Test coverage
+
+            Use the repository's CLAUDE.md for guidance on style and conventions. Be constructive and helpful in your feedback.
+
+            Use `gh pr comment` with your Bash tool to leave your review as a comment on the PR.
+
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          claude_args: '--allowed-tools "Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*)"'
+

package/.github/workflows/claude.yml

@@ -0,0 +1,50 @@
+name: Claude Code
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude')))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+      actions: read # Required for Claude to read CI results on PRs
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude Code
+        id: claude
+        uses: anthropics/claude-code-action@v1
+        with:
+          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+
+          # This is an optional setting that allows Claude to read CI results on PRs
+          additional_permissions: |
+            actions: read
+
+          # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it.
+          # prompt: 'Update the pull request description to include a summary of changes.'
+
+          # Optional: Add claude_args to customize behavior and configuration
+          # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md
+          # or https://docs.claude.com/en/docs/claude-code/cli-reference for available options
+          # claude_args: '--allowed-tools Bash(gh pr:*)'
+

package/CHANGELOG.md

@@ -1,3 +1,26 @@
+# [1.4.0](https://github.com/mrgoonie/claudekit-cli/compare/v1.3.0...v1.4.0) (2025-10-21)
+
+
+### Features
+
+* add --exclude flag to new and update commands ([8a0d7a0](https://github.com/mrgoonie/claudekit-cli/commit/8a0d7a00de70823d4fecac26d4c7e82c4df2ab0f))
+
+# [1.3.0](https://github.com/mrgoonie/claudekit-cli/compare/v1.2.2...v1.3.0) (2025-10-21)
+
+
+### Bug Fixes
+
+* fix CLI path calculation in integration tests ([c841e1d](https://github.com/mrgoonie/claudekit-cli/commit/c841e1d68abf9d1a8a714cd5dcec54357fc8c646))
+* regenerate bun.lock for bun v1.3.0 compatibility ([e19c943](https://github.com/mrgoonie/claudekit-cli/commit/e19c943ad5b653694476527226448850c537c88d))
+* skip integration tests in CI environment ([a890423](https://github.com/mrgoonie/claudekit-cli/commit/a890423b8e9d791c1387c4219dde78298b57159d))
+* update bun.lock after dependency removal ([bfccb39](https://github.com/mrgoonie/claudekit-cli/commit/bfccb393aa12b395429aef8d8440b22417c8438b))
+
+
+### Features
+
+* add version.json and integration tests ([fc538d0](https://github.com/mrgoonie/claudekit-cli/commit/fc538d033f579962f8aee73ae3f8a25370189037))
+* enhance CLI with security features and non-interactive mode ([297e6bb](https://github.com/mrgoonie/claudekit-cli/commit/297e6bba73f87411d3be9918929a35758b62be41))
+
 ## [1.2.2](https://github.com/mrgoonie/claudekit-cli/compare/v1.2.1...v1.2.2) (2025-10-20)
 
 

package/README.md

@@ -79,6 +79,12 @@ ck new --dir my-project --kit engineer
 
 # Specific version
 ck new --kit engineer --version v1.0.0
+
+# With exclude patterns
+ck new --kit engineer --exclude "*.log" --exclude "temp/**"
+
+# Multiple patterns
+ck new --exclude "*.log" --exclude "*.tmp" --exclude "cache/**"
 ```
 
 ### Update Existing Project
@@ -94,6 +100,9 @@ ck update --kit engineer
 
 # Specific version
 ck update --kit engineer --version v1.0.0
+
+# With exclude patterns
+ck update --exclude "local-config/**" --exclude "*.local"
 ```
 
 ### List Available Versions
@@ -204,6 +213,95 @@ The following file patterns are protected and will not be overwritten during upd
 - `node_modules/**`, `.git/**`
 - `dist/**`, `build/**`
 
+## Excluding Files
+
+Use the `--exclude` flag to skip specific files or directories during download and extraction. This is useful for:
+
+- Excluding temporary or cache directories
+- Skipping log files or debug output
+- Omitting files you want to manage manually
+- Avoiding unnecessary large files
+
+### Basic Usage
+
+```bash
+# Exclude log files
+ck new --exclude "*.log"
+
+# Exclude multiple patterns
+ck new --exclude "*.log" --exclude "temp/**" --exclude "cache/**"
+
+# Common exclude patterns for updates
+ck update --exclude "node_modules/**" --exclude "dist/**" --exclude ".env.*"
+```
+
+### Supported Glob Patterns
+
+The `--exclude` flag accepts standard glob patterns:
+
+- `*` - Match any characters except `/` (e.g., `*.log` matches all log files)
+- `**` - Match any characters including `/` (e.g., `temp/**` matches all files in temp directory)
+- `?` - Match single character (e.g., `file?.txt` matches `file1.txt`, `file2.txt`)
+- `[abc]` - Match characters in brackets (e.g., `[Tt]emp` matches `Temp` or `temp`)
+- `{a,b}` - Match alternatives (e.g., `*.{log,tmp}` matches `*.log` and `*.tmp`)
+
+### Common Exclude Patterns
+
+```bash
+# Exclude all log files
+--exclude "*.log" --exclude "**/*.log"
+
+# Exclude temporary directories
+--exclude "tmp/**" --exclude "temp/**" --exclude ".tmp/**"
+
+# Exclude cache directories
+--exclude "cache/**" --exclude ".cache/**" --exclude "**/.cache/**"
+
+# Exclude build artifacts
+--exclude "dist/**" --exclude "build/**" --exclude "out/**"
+
+# Exclude local configuration
+--exclude "*.local" --exclude "local/**" --exclude ".env.local"
+
+# Exclude IDE/editor files
+--exclude ".vscode/**" --exclude ".idea/**" --exclude "*.swp"
+```
+
+### Important Notes
+
+**Additive Behavior:**
+- User exclude patterns are ADDED to the default protected patterns
+- They do not replace the built-in protections
+- All patterns work together to determine which files to skip
+
+**Security Restrictions:**
+- Absolute paths (starting with `/`) are not allowed
+- Path traversal patterns (containing `..`) are not allowed
+- Patterns must be between 1-500 characters
+- These restrictions prevent accidental or malicious file system access
+
+**Pattern Matching:**
+- Patterns are case-sensitive on Linux/macOS
+- Patterns are case-insensitive on Windows
+- Patterns are applied during both extraction and merge phases
+- Excluded files are never written to disk, saving time and space
+
+**Examples of Invalid Patterns:**
+
+```bash
+# ❌ Absolute paths not allowed
+ck new --exclude "/etc/passwd"
+
+# ❌ Path traversal not allowed
+ck new --exclude "../../secret"
+
+# ❌ Empty patterns not allowed
+ck new --exclude ""
+
+# ✅ Correct way to exclude root-level files
+ck new --exclude "secret.txt" --exclude "config.local.json"
+```
+
 ### Custom .claude Files
 
 When updating a project, the CLI automatically preserves your custom `.claude/` files that don't exist in the new release package. This allows you to maintain:

package/biome.json

@@ -1,7 +1,7 @@
 {
 	"$schema": "https://biomejs.dev/schemas/1.9.4/schema.json",
 	"files": {
-		"ignore": ["dist", "node_modules", "*.log", ".claude"]
+		"ignore": ["dist", "node_modules", "*.log", ".claude", "package.json"]
 	},
 	"organizeImports": {
 		"enabled": true