npm - codeforge-dev - Versions diffs - 1.10.0 → 1.11.0 - Mend

codeforge-dev 1.10.0 → 1.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/guard-workspace-scope.py ADDED Viewed

@@ -0,0 +1,132 @@
+#!/usr/bin/env python3
+"""
+Enforce workspace scope for file operations.
+Blocks write operations (Write, Edit, NotebookEdit) to files outside the
+current working directory. Warns on read operations (Read, Glob, Grep)
+outside the working directory. Allows unrestricted access when cwd is
+/workspaces (the workspace root).
+Exit code 2 blocks the operation with an error message.
+Exit code 0 allows the operation to proceed (with optional warning context).
+"""
+import json
+import os
+import sys
+# Paths that are always allowed regardless of working directory
+ALLOWED_PREFIXES = [
+    "/workspaces/.claude/",
+    "/workspaces/.tmp/",
+    "/workspaces/.devcontainer/",
+    "/tmp/",
+    "/home/",
+]
+WRITE_TOOLS = {"Write", "Edit", "NotebookEdit"}
+READ_TOOLS = {"Read", "Glob", "Grep"}
+# Tool input field that contains the target path
+PATH_FIELDS = {
+    "Read": "file_path",
+    "Write": "file_path",
+    "Edit": "file_path",
+    "NotebookEdit": "notebook_path",
+    "Glob": "path",
+    "Grep": "path",
+}
+def get_target_path(tool_name: str, tool_input: dict) -> str | None:
+    """Extract the target path from tool input.
+    Returns None if no path field is present or the field is empty,
+    which means the tool defaults to cwd (always in scope).
+    """
+    field = PATH_FIELDS.get(tool_name)
+    if not field:
+        return None
+    return tool_input.get(field) or None
+def is_in_scope(resolved_path: str, cwd: str) -> bool:
+    """Check if resolved_path is within the working directory."""
+    cwd_prefix = cwd if cwd.endswith("/") else cwd + "/"
+    return resolved_path == cwd or resolved_path.startswith(cwd_prefix)
+def is_allowlisted(resolved_path: str) -> bool:
+    """Check if resolved_path falls under an allowed prefix."""
+    return any(resolved_path.startswith(prefix) for prefix in ALLOWED_PREFIXES)
+def main():
+    try:
+        input_data = json.load(sys.stdin)
+        tool_name = input_data.get("tool_name", "")
+        tool_input = input_data.get("tool_input", {})
+        cwd = os.getcwd()
+        # Unrestricted when working from the workspace root
+        if cwd == "/workspaces":
+            sys.exit(0)
+        target_path = get_target_path(tool_name, tool_input)
+        # No path specified — tool defaults to cwd, which is in scope
+        if target_path is None:
+            sys.exit(0)
+        resolved = os.path.realpath(target_path)
+        if is_in_scope(resolved, cwd):
+            sys.exit(0)
+        if is_allowlisted(resolved):
+            sys.exit(0)
+        # Out of scope
+        if tool_name in WRITE_TOOLS:
+            print(
+                json.dumps(
+                    {
+                        "error": (
+                            f"Blocked: {tool_name} targets '{target_path}' which is "
+                            f"outside the working directory ({cwd}). Move to that "
+                            f"project's directory first or work from /workspaces."
+                        )
+                    }
+                )
+            )
+            sys.exit(2)
+        if tool_name in READ_TOOLS:
+            print(
+                json.dumps(
+                    {
+                        "additionalContext": (
+                            f"Warning: {tool_name} targets '{target_path}' which is "
+                            f"outside the working directory ({cwd}). This read is "
+                            f"allowed but may indicate unintended cross-project access."
+                        )
+                    }
+                )
+            )
+            sys.exit(0)
+        # Unknown tool — allow by default
+        sys.exit(0)
+    except json.JSONDecodeError:
+        # Can't parse input — allow by default
+        sys.exit(0)
+    except Exception as e:
+        # Don't block on hook failure
+        print(f"Hook error: {e}", file=sys.stderr)
+        sys.exit(0)
+if __name__ == "__main__":
+    main()

package/.devcontainer/scripts/setup-aliases.sh CHANGED Viewed

@@ -1,129 +1,122 @@
 #!/bin/bash
 # Setup cc/claude/ccraw aliases for claude with local system prompt support
+#
+# Idempotent: removes the entire managed block then re-writes it fresh.
+# Safe to run on every container start via postStartCommand.
 CLAUDE_DIR="${CLAUDE_CONFIG_DIR:?CLAUDE_CONFIG_DIR not set}"
 echo "[setup-aliases] Configuring Claude aliases..."
-# Simple alias definitions (not functions — functions don't behave reliably across shell contexts)
-# Aliases reference $_CLAUDE_BIN which is resolved at shell startup to prefer the native binary.
-ALIAS_CC='alias cc='"'"'CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "$_CLAUDE_BIN" --system-prompt-file "$CLAUDE_CONFIG_DIR/system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'"'"''
-ALIAS_CLAUDE='alias claude='"'"'CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "$_CLAUDE_BIN" --system-prompt-file "$CLAUDE_CONFIG_DIR/system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'"'"''
-ALIAS_CCRAW='alias ccraw='"'"'command "$_CLAUDE_BIN"'"'"''
+# Resolve check-setup path once (used inside the block we write)
+DEVCONTAINER_SCRIPTS="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+BLOCK_START='# === CodeForge Claude aliases START (managed by setup-aliases.sh — do not edit) ==='
+BLOCK_END='# === CodeForge Claude aliases END ==='
 for rc in ~/.bashrc ~/.zshrc; do
 	if [ -f "$rc" ]; then
-		# --- Backup before modifying ---
+		# --- 1. Backup before modifying ---
 		cp "$rc" "${rc}.bak.$(date +%s)" 2>/dev/null || true
 		# Clean old backups (keep last 3)
 		ls -t "${rc}.bak."* 2>/dev/null | tail -n +4 | xargs rm -f 2>/dev/null || true
-		# --- Cleanup old definitions ---
+		# --- 2. Remove existing managed block (if present) ---
+		sed -i '/# === CodeForge Claude aliases START/,/# === CodeForge Claude aliases END/d' "$rc"
-		# Remove old cc alias
-		if grep -q "alias cc=" "$rc" 2>/dev/null; then
-			sed -i '/alias cc=/d' "$rc"
-			echo "[setup-aliases] Removed old cc alias from $(basename $rc)"
-		fi
-		# Remove old cc function (single-line or multi-line)
+		# --- 3. Legacy cleanup (pre-marker formats only) ---
+		# These remove remnants from versions that predated the block-marker system.
+		# After step 2, anything matching these patterns is orphaned from old formats.
+		# Old function forms (pre-v1.10.0)
 		if grep -q "^cc()" "$rc" 2>/dev/null; then
 			sed -i '/^cc() {/,/^}/d' "$rc"
-			echo "[setup-aliases] Removed old cc function from $(basename $rc)"
+			echo "[setup-aliases] Removed legacy cc() function from $(basename "$rc")"
 		fi
-		# Remove old _claude_with_config function
 		if grep -q "^_claude_with_config()" "$rc" 2>/dev/null; then
 			sed -i '/^_claude_with_config() {/,/^}/d' "$rc"
-			echo "[setup-aliases] Removed old _claude_with_config function from $(basename $rc)"
+			echo "[setup-aliases] Removed legacy _claude_with_config() function from $(basename "$rc")"
 		fi
-		# Remove old claude function override
-		if grep -q "^claude() {" "$rc" 2>/dev/null; then
+		if grep -q "^claude() { _claude_with_config" "$rc" 2>/dev/null; then
 			sed -i '/^claude() { _claude_with_config/d' "$rc"
-			echo "[setup-aliases] Removed old claude function from $(basename $rc)"
-		fi
-		# Remove old claude alias
-		if grep -q "alias claude=" "$rc" 2>/dev/null; then
-			sed -i '/alias claude=/d' "$rc"
+			echo "[setup-aliases] Removed legacy claude() function from $(basename "$rc")"
 		fi
-		# Remove old ccraw alias
-		if grep -q "alias ccraw=" "$rc" 2>/dev/null; then
-			sed -i '/alias ccraw=/d' "$rc"
-		fi
-		# Remove old specwright alias
 		if grep -q "alias specwright=" "$rc" 2>/dev/null; then
 			sed -i '/alias specwright=/d' "$rc"
+			echo "[setup-aliases] Removed legacy specwright alias from $(basename "$rc")"
 		fi
-		# Remove old cc-tools/check-setup functions
+		# Old alias/export form (v1.10.0 — no block markers)
+		sed -i '/# Claude Code environment and aliases/d' "$rc"
+		sed -i '/^export CLAUDE_CONFIG_DIR="/d' "$rc"
+		sed -i '/^export LANG=en_US\.UTF-8$/d' "$rc"
+		sed -i '/^export LC_ALL=en_US\.UTF-8$/d' "$rc"
+		# _CLAUDE_BIN if-block (4 patterns: if, elif, else, fi + assignments)
+		sed -i '/^if \[ -x "\$HOME\/\.local\/bin\/claude" \]/,/^fi$/d' "$rc"
+		sed -i '/^    _CLAUDE_BIN=/d' "$rc"
+		# Standalone aliases from old format
+		sed -i "/^alias cc='/d" "$rc"
+		sed -i "/^alias claude='/d" "$rc"
+		sed -i "/^alias ccraw='/d" "$rc"
+		sed -i "/^alias ccw='/d" "$rc"
+		sed -i '/^alias check-setup=/d' "$rc"
+		# cc-tools function from old format
 		if grep -q "^cc-tools()" "$rc" 2>/dev/null; then
 			sed -i '/^cc-tools() {/,/^}/d' "$rc"
 		fi
-		if grep -q "alias check-setup=" "$rc" 2>/dev/null; then
-			sed -i '/alias check-setup=/d' "$rc"
-		fi
-		# --- Add environment and aliases (idempotent) ---
-		# Guard: skip if aliases already present from a previous run
-		if grep -q '# Claude Code environment and aliases' "$rc" 2>/dev/null; then
-			echo "[setup-aliases] Aliases already present in $(basename $rc), skipping"
-			continue
-		fi
-		echo "" >>"$rc"
-		echo "# Claude Code environment and aliases (managed by setup-aliases.sh)" >>"$rc"
-		# Export CLAUDE_CONFIG_DIR so it's available in all shells (not just VS Code remoteEnv)
-		if ! grep -q 'export CLAUDE_CONFIG_DIR=' "$rc" 2>/dev/null; then
-			echo "export CLAUDE_CONFIG_DIR=\"${CLAUDE_CONFIG_DIR}\"" >>"$rc"
-		fi
-		# Export UTF-8 locale so tmux renders Unicode correctly (docker exec doesn't inherit locale)
-		if ! grep -q 'export LANG=en_US.UTF-8' "$rc" 2>/dev/null; then
-			echo 'export LANG=en_US.UTF-8' >>"$rc"
-			echo 'export LC_ALL=en_US.UTF-8' >>"$rc"
-		fi
-		# Prefer native binary over npm-installed version
-		# 'claude install' puts the binary at ~/.local/bin/claude
-		# Legacy manual installs used /usr/local/bin/claude — check both
-		cat >>"$rc" <<'CLAUDEBIN_EOF'
-if [ -x "$HOME/.local/bin/claude" ]; then
-    _CLAUDE_BIN="$HOME/.local/bin/claude"
+		# --- 5. Write fresh managed block ---
+		cat >>"$rc" <<BLOCK_EOF
+${BLOCK_START}
+export CLAUDE_CONFIG_DIR="${CLAUDE_CONFIG_DIR}"
+export LANG=en_US.UTF-8
+export LC_ALL=en_US.UTF-8
+# Prefer native binary over npm-installed version
+if [ -x "\$HOME/.local/bin/claude" ]; then
+    _CLAUDE_BIN="\$HOME/.local/bin/claude"
 elif [ -x /usr/local/bin/claude ]; then
     _CLAUDE_BIN=/usr/local/bin/claude
 else
     _CLAUDE_BIN=claude
 fi
-CLAUDEBIN_EOF
-		echo "$ALIAS_CC" >>"$rc"
-		echo "$ALIAS_CLAUDE" >>"$rc"
-		echo "$ALIAS_CCRAW" >>"$rc"
-		# cc-tools: list all available CodeForge tools with version info
-		cat >>"$rc" <<'CCTOOLS_EOF'
+alias cc='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
+alias claude='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
+alias ccraw='command "\$_CLAUDE_BIN"'
+alias ccw='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/writing-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
 cc-tools() {
   echo "CodeForge Available Tools"
   echo "━━━━━━━━━━━━━━━━━━━━━━━━"
   printf "  %-20s %s\n" "COMMAND" "STATUS"
   echo "  ────────────────────────────────────"
-  for cmd in claude cc ccraw ccusage ccburn claude-monitor \
-             ruff biome dprint shfmt shellcheck hadolint \
-             ast-grep tree-sitter pyright typescript-language-server \
+  for cmd in claude cc ccw ccraw ccusage ccburn claude-monitor \\
+             ccms cargo ruff biome dprint shfmt shellcheck hadolint \\
+             ast-grep tree-sitter pyright typescript-language-server \\
              agent-browser gh docker git jq tmux bun go; do
-    if command -v "$cmd" >/dev/null 2>&1; then
-      ver=$("$cmd" --version 2>/dev/null | head -1 || echo "installed")
-      printf "  %-20s ✓ %s\n" "$cmd" "$ver"
+    if command -v "\$cmd" >/dev/null 2>&1; then
+      ver=\$("\$cmd" --version 2>/dev/null | head -1 || echo "installed")
+      printf "  %-20s ✓ %s\n" "\$cmd" "\$ver"
     else
-      printf "  %-20s ✗ not found\n" "$cmd"
+      printf "  %-20s ✗ not found\n" "\$cmd"
     fi
   done
 }
-CCTOOLS_EOF
-		# check-setup: alias to the health check script
-		DEVCONTAINER_SCRIPTS="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-		echo "alias check-setup='bash ${DEVCONTAINER_SCRIPTS}/check-setup.sh'" >>"$rc"
+alias check-setup='bash ${DEVCONTAINER_SCRIPTS}/check-setup.sh'
+${BLOCK_END}
+BLOCK_EOF
-		echo "[setup-aliases] Added aliases to $(basename $rc)"
+		echo "[setup-aliases] Added aliases to $(basename "$rc")"
 	fi
 done
 echo "[setup-aliases] Aliases configured:"
-echo "  cc          -> claude with \$CLAUDE_CONFIG_DIR/system-prompt.md"
-echo "  claude      -> claude with \$CLAUDE_CONFIG_DIR/system-prompt.md"
+echo "  cc          -> claude with \$CLAUDE_CONFIG_DIR/main-system-prompt.md"
+echo "  claude      -> claude with \$CLAUDE_CONFIG_DIR/main-system-prompt.md"
 echo "  ccraw       -> vanilla claude without any config"
+echo "  ccw         -> claude with \$CLAUDE_CONFIG_DIR/writing-system-prompt.md"
 echo "  cc-tools    -> list all available CodeForge tools"
 echo "  check-setup -> verify CodeForge setup health"

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "codeforge-dev",
-	"version": "1.10.0",
+	"version": "1.11.0",
 	"description": "Complete development container that sets up Claude Code with modular devcontainer features, modern dev tools, and persistent configurations. Drop it into any project and get a production-ready AI development environment in minutes.",
 	"main": "setup.js",
 	"bin": {

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-init/references/roadmap-template.md DELETED Viewed

@@ -1,33 +0,0 @@
-# Roadmap
-> Features live in the priority-graded backlog until pulled into a version.
-> Versions are scoped and spec'd when ready to build — not pre-assigned.
-> See `BACKLOG.md` for the feature backlog.
-## How Versioning Works
-1. **Backlog** — All desired features live in `BACKLOG.md`, graded by priority.
-2. **Version scoping** — When ready to start a new version, pull features from the backlog.
-3. **Spec first** — Each feature in a version gets a spec before implementation begins.
-4. **Ship** — Version is done when all its specs are implemented and verified.
-Only the **next version** is defined in detail. Everything else is backlog.
-## Released
-_None yet._
-## Current
-### v0.1.0 — [Name] 🔧
-- [ ] [Feature pulled from backlog]
-- [ ] [Feature pulled from backlog]
-## Next
-> Scoped from `BACKLOG.md` when current version is complete.
-## Out of Scope
-- [Items explicitly not planned]