clawpowers 1.0.0

package/.claude-plugin/manifest.json

@@ -0,0 +1,19 @@
+{
+  "name": "clawpowers",
+  "version": "1.0.0",
+  "description": "Skills framework with runtime execution, persistent memory, self-improvement, and agent payments.",
+  "author": "AI Agent Economy",
+  "homepage": "https://github.com/up2itnow0822/clawpowers",
+  "license": "MIT",
+  "hooks": {
+    "session_start": "hooks/session-start"
+  },
+  "skills_directory": "skills/",
+  "runtime_directory": "runtime/",
+  "capabilities": [
+    "skill_injection",
+    "persistent_state",
+    "outcome_metrics",
+    "rsi_feedback"
+  ]
+}

package/.codex/INSTALL.md

@@ -0,0 +1,36 @@
+# ClawPowers for Codex — Installation
+
+Fetch and follow these instructions to install ClawPowers skills in your Codex session.
+
+## Quick Install
+
+Paste this into your Codex session:
+
+```
+Fetch and follow instructions from https://raw.githubusercontent.com/up2itnow0822/clawpowers/main/.codex/INSTALL.md
+```
+
+## What Gets Installed
+
+ClawPowers injects 20 skills into your agent context:
+
+- **14 Core Development Skills** — TDD, subagent orchestration, systematic debugging, code review, git worktrees, planning, and more
+- **6 Extended Skills** — Agent payments (x402), security auditing, content pipeline, market intelligence, lead prospecting, and metacognitive learning
+
+## Manual Setup
+
+If the quick install fails, copy the contents of `skills/using-clawpowers/SKILL.md` from the repository root and paste it into your Codex session context.
+
+## Runtime Layer (Optional)
+
+For persistent memory and self-improvement features:
+
+```bash
+npx clawpowers init
+```
+
+This creates `~/.clawpowers/` with state, metrics, checkpoints, and feedback directories.
+
+## Skills Reference
+
+Once installed, skills activate automatically when Codex recognizes matching task patterns. See `skills/using-clawpowers/SKILL.md` for the full trigger map.

package/.cursor-plugin/manifest.json

@@ -0,0 +1,21 @@
+{
+  "name": "clawpowers",
+  "version": "1.0.0",
+  "description": "Skills framework with runtime execution, persistent memory, self-improvement, and agent payments for Cursor AI.",
+  "author": "AI Agent Economy",
+  "homepage": "https://github.com/up2itnow0822/clawpowers",
+  "license": "MIT",
+  "hooks": {
+    "session_start": "hooks/session-start"
+  },
+  "skills_directory": "skills/",
+  "runtime_directory": "runtime/",
+  "inject_on_start": true,
+  "inject_skill": "using-clawpowers",
+  "capabilities": [
+    "skill_injection",
+    "persistent_state",
+    "outcome_metrics",
+    "rsi_feedback"
+  ]
+}

package/.opencode/INSTALL.md

@@ -0,0 +1,52 @@
+# ClawPowers for OpenCode — Installation
+
+Fetch and follow these instructions to install ClawPowers skills in your OpenCode session.
+
+## Quick Install
+
+Paste this into your OpenCode session:
+
+```
+Fetch and follow instructions from https://raw.githubusercontent.com/up2itnow0822/clawpowers/main/.opencode/INSTALL.md
+```
+
+## What Gets Installed
+
+ClawPowers injects 20 skills into your agent context:
+
+- **14 Core Development Skills** — TDD, subagent orchestration, systematic debugging, code review, git worktrees, planning, and more
+- **6 Extended Skills** — Agent payments (x402), security auditing, content pipeline, market intelligence, lead prospecting, and metacognitive learning
+
+## Session Hook Setup
+
+To auto-inject ClawPowers on every OpenCode session start, add to your OpenCode configuration:
+
+```json
+{
+  "hooks": {
+    "session_start": "bash /path/to/clawpowers/hooks/session-start"
+  }
+}
+```
+
+## Manual Context Injection
+
+Copy the contents of `skills/using-clawpowers/SKILL.md` and prepend it to your OpenCode session context. This gives you all skill triggers without the runtime layer.
+
+## Runtime Layer (Optional)
+
+For persistent memory, outcome tracking, and self-improvement:
+
+```bash
+npx clawpowers init
+```
+
+Creates `~/.clawpowers/` with:
+- `state/` — cross-session key-value store
+- `metrics/` — JSONL outcome logs per skill
+- `checkpoints/` — resumable workflow state
+- `feedback/` — RSI analysis outputs
+
+## Skills Reference
+
+Skills activate on pattern recognition. See `skills/using-clawpowers/SKILL.md` for the full list of 20 skills and their trigger conditions.

package/ARCHITECTURE.md

@@ -0,0 +1,69 @@
+# ClawPowers Architecture
+
+## Design Principles
+
+1. **Skills execute, not just instruct.** Every skill can invoke tools, persist state, and measure outcomes.
+2. **Simplicity is a feature.** Complex functionality, simple interface. One SKILL.md per skill. Zero mandatory dependencies.
+3. **Progressive enhancement.** Works as static markdown (like competitors). Gains runtime powers when the persistence layer is available.
+4. **Platform-agnostic.** Same skills, same format, every platform: Claude Code, Cursor, Codex, OpenCode, Gemini CLI.
+5. **Self-improving.** The system gets better at helping you the more you use it.
+
+## Skill Format
+
+Every skill is a directory containing a `SKILL.md` with YAML frontmatter:
+
+```yaml
+---
+name: skill-name
+description: When to trigger this skill
+version: 1.0.0
+requires:
+  tools: []          # Optional: CLI tools needed (e.g., git, npm, trivy)
+  runtime: false     # Optional: true if skill needs persistence layer
+metrics:
+  tracks: []         # What outcomes this skill measures
+  improves: []       # What parameters RSI can adjust
+---
+```
+
+## Runtime Layer (Optional, Additive)
+
+The runtime layer lives at `~/.clawpowers/` and provides three services:
+
+### 1. Persistence (`runtime/persistence/`)
+- File-based key-value store for cross-session state
+- Checkpoint system for resumable workflows
+- Schema: flat file key-value store under `state/`
+
+### 2. Metrics (`runtime/metrics/`)
+- Outcome tracking per skill execution
+- Time-to-completion, success rate, error patterns
+- Statistical process control for anomaly detection
+- Export to JSON for dashboard consumption
+
+### 3. Feedback (`runtime/feedback/`)
+- RSI engine: measure → analyze → adapt cycle
+- Parameter adjustment recommendations
+- Skill effectiveness scoring
+- Anti-pattern detection from execution history
+
+## Session Hook
+
+The session-start hook (`hooks/session-start`) injects the `using-clawpowers` skill content into the agent context. This is the only mandatory injection — all other skills load on-demand via trigger matching.
+
+The hook:
+1. Detects platform (Claude Code, Cursor, Codex, OpenCode, Gemini)
+2. Reads `skills/using-clawpowers/SKILL.md`
+3. Outputs platform-appropriate JSON for context injection
+4. Optionally initializes persistence layer if not present
+
+## Graceful Degradation
+
+If the runtime layer is not installed:
+- Skills still function as static methodology guides (same as competitors)
+- Persistence features degrade to session-only memory
+- Metrics are not collected
+- RSI feedback is not available
+- All extended skills that require tool execution note the limitation
+
+This means ClawPowers works everywhere Superpowers works, and does more everywhere the runtime is available.

package/README.md

@@ -0,0 +1,381 @@
+# 🦞 ClawPowers
+
+**The skills framework that actually does something.**
+
+ClawPowers gives your coding agent superpowers that go beyond instructions. While other frameworks hand your agent a reading list and hope for the best, ClawPowers gives it **runtime tools, persistent memory, self-improvement loops, and the ability to transact autonomously.**
+
+## Why ClawPowers?
+
+| Feature | ClawPowers | Static Skills Frameworks |
+|---------|-----------|--------------------------|
+| Skills auto-load on session start | ✅ | ✅ |
+| Runtime tool execution | ✅ | ❌ |
+| Cross-session memory | ✅ | ❌ |
+| Self-improvement (RSI) | ✅ | ❌ |
+| Outcome tracking & metrics | ✅ | ❌ |
+| Agent payments (x402) | ✅ | ❌ |
+| Security scanning | ✅ | ❌ |
+| Content pipeline | ✅ | ❌ |
+| Market intelligence | ✅ | ❌ |
+| Resumable workflows | ✅ | ❌ |
+| Windows native support | ✅ | ❌ |
+| Zero dependencies | ✅ | ✅ |
+
+**20 skills.** 14 cover everything static frameworks do (TDD, subagent dev, debugging, planning, code review, git worktrees). 6 go where they can't — payments, security, content, prospecting, market intelligence, and metacognitive learning.
+
+## Requirements
+
+- **Node.js >= 16** — for cross-platform runtime (Windows, macOS, Linux)
+- **OR bash** — for Unix-native runtime (macOS, Linux, WSL2)
+- **No other dependencies.** Zero. `package.json` has an empty `dependencies` object.
+
+> Every user of Claude Code, Cursor, Codex, or Gemini CLI already has Node.js installed.
+> No `requirements.txt` needed — this is not a Python project.
+
+## Installation
+
+### Universal (recommended — works on Windows, macOS, Linux)
+
+```bash
+npx clawpowers init
+```
+
+This downloads ClawPowers, creates the `~/.clawpowers/` runtime directory, and you're ready to go. Works in any terminal: Windows CMD, PowerShell, macOS Terminal, Linux shell.
+
+### OpenClaw
+
+```bash
+openclaw skills install clawpowers
+```
+
+Or install from GitHub directly:
+
+```bash
+openclaw skills install github:up2itnow0822/clawpowers
+```
+
+ClawPowers registers as a native OpenClaw skill with session hooks, runtime init, and all 20 skills auto-discoverable.
+
+### Claude Code (Plugin Marketplace)
+
+```bash
+/plugin install clawpowers@claude-plugins-official
+```
+
+Or register the marketplace first, then install:
+
+```bash
+/plugin marketplace add up2itnow0822/clawpowers-marketplace
+/plugin install clawpowers@clawpowers-marketplace
+```
+
+### Cursor
+
+In Cursor Agent chat:
+
+```
+/add-plugin clawpowers
+```
+
+Or search for "clawpowers" in the Cursor plugin marketplace.
+
+### Codex
+
+Tell Codex:
+
+```
+Fetch and follow instructions from https://raw.githubusercontent.com/up2itnow0822/clawpowers/main/.codex/INSTALL.md
+```
+
+### OpenCode
+
+Tell OpenCode:
+
+```
+Fetch and follow instructions from https://raw.githubusercontent.com/up2itnow0822/clawpowers/main/.opencode/INSTALL.md
+```
+
+### Gemini CLI
+
+```bash
+gemini extensions install https://github.com/up2itnow0822/clawpowers
+```
+
+### Manual (git clone)
+
+```bash
+git clone https://github.com/up2itnow0822/clawpowers.git
+cd clawpowers
+node bin/clawpowers.js init    # Windows, macOS, Linux
+# or
+bash bin/clawpowers.sh init    # macOS, Linux only
+```
+
+### Verify Installation
+
+Start a new session in your chosen platform and ask for something that triggers a skill — for example, "help me plan this feature" or "let's debug this issue." The agent should automatically apply the relevant ClawPowers skill.
+
+Check runtime status anytime:
+
+```bash
+npx clawpowers status
+```
+
+## What Makes ClawPowers Different
+
+### 1. Skills That Execute, Not Just Instruct
+
+Static skills tell your agent *what to do*. ClawPowers skills can *do things themselves*:
+
+- The **test-driven-development** skill doesn't just describe TDD — it runs mutation analysis on your tests to verify they actually catch bugs
+- The **systematic-debugging** skill doesn't just list debugging steps — it maintains a persistent hypothesis tree across sessions so you never re-investigate the same dead end
+- The **verification-before-completion** skill doesn't just say "verify" — it runs the actual verification suite and blocks completion until it passes
+
+### 2. Cross-Session Memory
+
+Every ClawPowers skill can read from and write to a persistent state store. When your agent debugs an issue on Monday and encounters the same stack trace on Friday, it remembers what worked and what didn't. No more Groundhog Day debugging.
+
+```
+~/.clawpowers/
+├── state/            # Cross-session key-value store
+├── metrics/          # Outcome tracking per skill (JSONL)
+├── checkpoints/      # Resumable workflow state
+├── feedback/         # Self-improvement analysis
+├── memory/           # Persistent knowledge base
+└── logs/             # Execution logs
+```
+
+### 3. Self-Improvement (RSI)
+
+ClawPowers tracks what works and what doesn't. After every skill execution:
+
+1. **Measure** — Was the outcome successful? How long did it take? What went wrong?
+2. **Analyze** — Are there patterns in failures? Which task types need different approaches?
+3. **Adapt** — Adjust skill parameters, decomposition strategies, and review thresholds
+
+```bash
+# Record an outcome
+npx clawpowers metrics record --skill test-driven-development --outcome success --duration 1800
+
+# Analyze performance
+npx clawpowers analyze
+```
+
+This isn't theoretical — it's the same RSI framework running in production trading systems with 268+ measured outcomes.
+
+### 4. Agent Payments (x402)
+
+Your agent can pay for premium APIs, compute resources, and services autonomously — within smart-contract-enforced spending limits. No wallet draining. No surprise bills. Built on the payment infrastructure [integrated into NVIDIA's official NeMo Agent Toolkit](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17).
+
+### 5. Beyond Software Development
+
+Static frameworks stop at coding methodology. ClawPowers includes skills for:
+
+- **Security auditing** — Automated vulnerability scanning with Trivy, dependency checks, secret detection
+- **Content pipeline** — Write, humanize, and publish technical content with platform-specific formatting
+- **Market intelligence** — Research competitors, track trends, analyze opportunities
+- **Prospecting** — Find leads matching your ICP, enrich contacts, output to CRM
+
+## Skills Reference
+
+### Core Development (14 skills)
+
+| Skill | What It Does | Runtime Enhancement |
+|-------|-------------|---------------------|
+| `subagent-driven-development` | Orchestrate parallel subagents per task | Persistent execution DB, resumable checkpoints, outcome metrics |
+| `test-driven-development` | RED-GREEN-REFACTOR enforcement | Mutation analysis, test portfolio management, effectiveness scoring |
+| `writing-plans` | Spec → implementation plan | Historical task estimation, dependency validation, plan quality scoring |
+| `executing-plans` | Execute plans with verification | Progress persistence, interruption recovery, milestone tracking |
+| `brainstorming` | Structured ideation | Cross-session idea persistence, convergence tracking |
+| `systematic-debugging` | Hypothesis-driven debugging | Persistent hypothesis tree, pattern matching against known issues |
+| `verification-before-completion` | Pre-merge quality gates | Automated verification suite, historical pass rate tracking |
+| `finishing-a-development-branch` | Branch cleanup and merge prep | Automated changelog, squash strategy optimization |
+| `requesting-code-review` | Prepare and request review | Reviewer match scoring, review history |
+| `receiving-code-review` | Process and implement feedback | Feedback pattern tracking, common issues database |
+| `using-git-worktrees` | Isolated branch development | Worktree lifecycle management, conflict prediction |
+| `using-clawpowers` | Meta-skill: how to use ClawPowers | Adaptive onboarding based on user skill level |
+| `writing-skills` | Create new skills via TDD | Skill quality scoring, anti-pattern detection |
+| `dispatching-parallel-agents` | Fan-out parallel execution | Load balancing, failure isolation, result aggregation |
+
+### Extended Capabilities (6 skills)
+
+| Skill | What It Does | Why Static Frameworks Can't |
+|-------|-------------|----------------------------|
+| `agent-payments` | x402 payment protocol, spending limits, autonomous transactions | Requires runtime wallet interaction, smart contract calls |
+| `security-audit` | Vulnerability scanning, secret detection, dependency audits | Requires tool execution (Trivy, gitleaks, npm audit) |
+| `content-pipeline` | Write → humanize → format → publish | Requires API calls, platform auth, content transformation |
+| `learn-how-to-learn` | Metacognitive protocols, anti-pattern detection, confidence calibration | Requires persistent learning state, outcome correlation |
+| `market-intelligence` | Competitive analysis, trend detection, opportunity scoring | Requires web access, data aggregation, persistent tracking |
+| `prospecting` | Lead generation, contact enrichment, CRM sync | Requires API calls (Exa, Apollo), structured output |
+
+## Architecture
+
+```
+clawpowers/
+├── skills/                    # 20 skill directories, each with SKILL.md
+├── runtime/
+│   ├── persistence/           # Cross-session state (store.js + store.sh)
+│   ├── metrics/               # Outcome tracking (collector.js + collector.sh)
+│   ├── feedback/              # RSI self-improvement (analyze.js + analyze.sh)
+│   ├── init.js                # Cross-platform runtime setup
+│   └── init.sh                # Unix-native runtime setup
+├── hooks/
+│   ├── session-start          # Bash session hook (macOS/Linux)
+│   ├── session-start.js       # Node.js session hook (all platforms)
+│   └── session-start.cmd      # Windows batch wrapper
+├── bin/
+│   ├── clawpowers.js          # Cross-platform CLI (Windows/macOS/Linux)
+│   └── clawpowers.sh          # Unix-native CLI (macOS/Linux)
+├── plugins/                   # Platform-specific plugin manifests
+│   ├── .claude-plugin/        # Claude Code
+│   ├── .cursor-plugin/        # Cursor
+│   ├── .codex/                # Codex
+│   ├── .opencode/             # OpenCode
+│   └── gemini-extension.json  # Gemini CLI
+├── tests/                     # 366 test assertions
+└── docs/                      # Documentation
+```
+
+**Dual runtime:** Every runtime script exists in both bash (`.sh`) and Node.js (`.js`). Unix users get native bash performance. Windows users get full functionality via Node.js. `npx clawpowers` auto-detects the best runtime for your platform.
+
+## Platform Support
+
+| Platform | Windows | macOS | Linux | WSL2 |
+|----------|---------|-------|-------|------|
+| Claude Code | ✅ | ✅ | ✅ | ✅ |
+| Cursor | ✅ | ✅ | ✅ | ✅ |
+| Codex | ✅ | ✅ | ✅ | ✅ |
+| OpenCode | ✅ | ✅ | ✅ | ✅ |
+| Gemini CLI | ✅ | ✅ | ✅ | ✅ |
+
+## Runtime CLI Reference
+
+```bash
+npx clawpowers init                                    # Set up ~/.clawpowers/
+npx clawpowers status                                  # Runtime health check
+npx clawpowers metrics record --skill <name> --outcome success|failure  # Track outcome
+npx clawpowers metrics show                            # View recent metrics
+npx clawpowers metrics summary                         # Per-skill stats
+npx clawpowers analyze                                 # RSI performance analysis
+npx clawpowers analyze --skill <name>                  # Analyze specific skill
+npx clawpowers store set <key> <value>                 # Store persistent state
+npx clawpowers store get <key>                         # Retrieve state
+npx clawpowers store list [prefix]                     # List stored keys
+```
+
+## Security Model
+
+ClawPowers takes agent autonomy seriously — which means taking agent *limits* seriously.
+
+### Runtime Isolation
+
+- **State directory** (`~/.clawpowers/`) uses `700` permissions — owner-only access
+- **Path traversal blocked** — keys containing `/` or `\` are rejected at the store level
+- **No network access** — runtime scripts (store, metrics, analyze) are fully offline
+- **No eval** — zero use of `eval()`, `Function()`, or dynamic code execution in any runtime script
+
+### Agent Payment Guardrails
+
+The `agent-payments` skill uses `agentwallet-sdk` with hard on-chain spending limits:
+
+```
+Agent wants to spend $15  → ✅ Auto-approved (under $25/tx limit)
+Agent wants to spend $500 → ⏳ Queued for owner approval
+Agent spent $490 today    → 🛑 Next tx blocked ($500/day limit hit)
+```
+
+- **Non-custodial** — your private key, your wallet. No third-party custody.
+- **ERC-6551 token-bound accounts** — wallet is tied to an NFT. Portable, auditable, on-chain.
+- **Smart-contract enforced** — spending policies live on-chain. The agent literally *cannot* bypass them, even with a prompt injection.
+- **Owner override** — you can revoke, pause, or adjust limits at any time.
+
+### What This Means in Practice
+
+Even if an agent is compromised (prompt injection, jailbreak, malicious skill), it cannot:
+1. Spend more than the per-transaction limit you set
+2. Exceed the daily/weekly spending cap you configured
+3. Access funds outside its ERC-6551 token-bound account
+4. Modify its own spending policy (only the owner wallet can)
+
+**Recommendation:** Start with low limits ($5/tx, $25/day) and increase as you build confidence. The SDK supports per-token policies — set tighter limits on volatile assets, looser on stablecoins.
+
+## Agent Payment Demo
+
+Here's a complete example of an agent autonomously paying for a premium API:
+
+### 1. Set Up the Wallet (One-Time)
+
+```typescript
+import { createWallet, setSpendPolicy, NATIVE_TOKEN } from 'agentwallet-sdk';
+import { createWalletClient, http } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { base } from 'viem/chains';
+
+// Create wallet on Base (cheapest gas for agent operations)
+const account = privateKeyToAccount(process.env.AGENT_PRIVATE_KEY as `0x${string}`);
+const walletClient = createWalletClient({ account, chain: base, transport: http() });
+
+const wallet = createWallet({
+  accountAddress: '0xYourAgentWallet',
+  chain: 'base',
+  walletClient,
+});
+
+// Set spending guardrails: $5 per request, $50/day max
+await setSpendPolicy(wallet, {
+  token: '0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913', // USDC on Base
+  perTxLimit: 5_000_000n,    // 5 USDC per transaction
+  periodLimit: 50_000_000n,  // 50 USDC per day
+  periodLength: 86400,       // 24 hours
+});
+```
+
+### 2. Agent Pays for Premium Data (Autonomous)
+
+```typescript
+import { createX402Client } from 'agentwallet-sdk';
+
+const x402 = createX402Client(wallet, {
+  supportedNetworks: ['base:8453'],
+  globalDailyLimit: 50_000_000n, // matches spend policy
+  globalPerRequestMax: 5_000_000n,
+});
+
+// Agent encounters a 402 Payment Required response — pays automatically
+const response = await x402.fetch('https://api.premium-data.com/market-analysis');
+const data = await response.json();
+// Cost: $0.50 USDC, auto-approved (under $5 limit)
+// Owner sees: tx hash on Base, fully auditable
+```
+
+### 3. Track Payment Outcomes (RSI Loop)
+
+```bash
+# ClawPowers tracks every payment outcome
+npx clawpowers metrics record \
+  --skill agent-payments \
+  --outcome success \
+  --duration 3 \
+  --notes "Paid $0.50 for market analysis API — data quality 9/10"
+
+# After 10+ payments, analyze ROI
+npx clawpowers analyze --skill agent-payments
+# Output: success rate, avg cost, cost-per-successful-outcome
+```
+
+## Credential
+
+Built by [AI Agent Economy](https://github.com/up2itnow0822) — the team behind:
+
+- Payment infrastructure in [NVIDIA's official NeMo Agent Toolkit](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17)
+- [agentwallet-sdk](https://www.npmjs.com/package/agentwallet-sdk) — agentwallet-sdk v6.0 — Full multi-chain agent wallet: x402 payments, Uniswap V3 swaps, CCTP bridging, ERC-8004 identity, mutual stake escrow, spending policies (741+ downloads/week)
+- [agentpay-mcp](https://github.com/up2itnow0822/agentpay-mcp) — MCP payment server for AI agents
+- Production trading systems with RSI self-improvement (268+ measured outcomes)
+
+## Contributing
+
+We welcome contributions. Unlike some frameworks, we don't dismiss legitimate skill proposals with one-word responses. Open an issue or PR — every submission gets a genuine technical review.
+
+## License
+
+MIT