codeforge-dev 1.12.0 → 1.14.1

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/guard-workspace-scope.py

@@ -1,31 +1,41 @@
 #!/usr/bin/env python3
 """
-Enforce workspace scope for file operations.
+Nuclear workspace scope enforcement.
 
-Blocks write operations (Write, Edit, NotebookEdit) to files outside the
-current working directory. Warns on read operations (Read, Glob, Grep)
-outside the working directory. Allows unrestricted access when cwd is
-/workspaces (the workspace root).
+Blocks ALL operations (read, write, bash) outside the current working directory.
+Permanently blacklists /workspaces/.devcontainer/ — no exceptions, no bypass.
+Bash enforcement via two-layer detection: write target extraction + workspace path scan.
+Fails closed on any error.
 
 Exit code 2 blocks the operation with an error message.
-Exit code 0 allows the operation to proceed (with optional warning context).
+Exit code 0 allows the operation to proceed.
 """
 
 import json
 import os
+import re
+import shlex
 import sys
 
-# Paths that are always allowed regardless of working directory
-ALLOWED_PREFIXES = [
-    "/workspaces/.claude/",
-    "/workspaces/.tmp/",
+# ---------------------------------------------------------------------------
+# BLACKLIST — checked FIRST, overrides everything.
+# Nothing touches these paths. Ever. No exceptions.
+# Checked before allowlist, before scope check, before cwd bypass.
+# ---------------------------------------------------------------------------
+BLACKLISTED_PREFIXES = [
     "/workspaces/.devcontainer/",
-    "/tmp/",
-    "/home/vscode/",
+    "/workspaces/.devcontainer",  # exact match (no trailing slash)
+]
+
+# Paths always allowed regardless of working directory
+ALLOWED_PREFIXES = [
+    "/workspaces/.claude/",  # Claude config, plans, rules
+    "/tmp/",                 # System scratch
 ]
 
 WRITE_TOOLS = {"Write", "Edit", "NotebookEdit"}
 READ_TOOLS = {"Read", "Glob", "Grep"}
+ALL_FILE_TOOLS = WRITE_TOOLS | READ_TOOLS
 
 # Tool input field that contains the target path
 PATH_FIELDS = {
@@ -37,6 +47,76 @@ PATH_FIELDS = {
     "Grep": "path",
 }
 
+# ---------------------------------------------------------------------------
+# Bash Layer 1: Write target patterns
+# Ported from guard-protected-bash.py + new patterns
+# ---------------------------------------------------------------------------
+WRITE_PATTERNS = [
+    # --- Ported from guard-protected-bash.py ---
+    r"(?:>|>>)\s*([^\s;&|]+)",                                              # > file, >> file
+    r"\btee\s+(?:-a\s+)?([^\s;&|]+)",                                       # tee file
+    r"\b(?:cp|mv)\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                  # cp/mv src dest
+    r'\bsed\s+-i[^\s]*\s+(?:\'[^\']*\'\s+|"[^"]*"\s+|[^\s]+\s+)*([^\s;&|]+)',  # sed -i
+    r"\bcat\s+(?:<<[^\s]*\s+)?>\s*([^\s;&|]+)",                            # cat > file
+    # --- New patterns ---
+    r"\btouch\s+(?:-[^\s]+\s+)*([^\s;&|]+)",                               # touch file
+    r"\bmkdir\s+(?:-[^\s]+\s+)*([^\s;&|]+)",                               # mkdir [-p] dir
+    r"\brm\s+(?:-[^\s]+\s+)*([^\s;&|]+)",                                  # rm [-rf] path
+    r"\bln\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                         # ln [-s] src dest
+    r"\binstall\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                    # install src dest
+    r"\brsync\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                      # rsync src dest
+    r"\bchmod\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                      # chmod mode path
+    r"\bchown\s+(?:-[^\s]+\s+)*[^\s:]+(?::[^\s]+)?\s+([^\s;&|]+)",         # chown owner[:group] path
+    r"\bdd\b[^;|&]*\bof=([^\s;&|]+)",                                      # dd of=path
+    r"\bwget\s+(?:-[^\s]+\s+)*-O\s+([^\s;&|]+)",                           # wget -O path
+    r"\bcurl\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)",                           # curl -o path
+    r"\btar\s+(?:-[^\s]+\s+)*-C\s+([^\s;&|]+)",                            # tar -C dir
+    r"\bunzip\s+(?:-[^\s]+\s+)*-d\s+([^\s;&|]+)",                          # unzip -d dir
+    r"\b(?:gcc|g\+\+|cc|c\+\+|clang)\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)",  # gcc -o out
+    r"\bsqlite3\s+([^\s;&|]+)",                                            # sqlite3 dbpath
+]
+
+# ---------------------------------------------------------------------------
+# Bash Layer 2: Workspace path scan (ALWAYS runs, never exempt)
+# Stops at: whitespace, ;, |, &, >, ), <, ', "
+# ---------------------------------------------------------------------------
+WORKSPACE_PATH_RE = re.compile(r'/workspaces/[^\s;|&>)<\'"]+')
+
+# ---------------------------------------------------------------------------
+# System command exemption (Layer 1 only)
+# ---------------------------------------------------------------------------
+SYSTEM_COMMANDS = frozenset({
+    "git", "pip", "pip3", "npm", "npx", "yarn", "pnpm",
+    "apt-get", "apt", "cargo", "go", "docker", "make", "cmake",
+    "node", "python3", "python", "ruby", "gem", "bundle",
+})
+
+SYSTEM_PATH_PREFIXES = (
+    "/usr/", "/bin/", "/sbin/", "/lib/", "/opt/",
+    "/proc/", "/sys/", "/dev/", "/var/", "/etc/",
+)
+
+
+# ---------------------------------------------------------------------------
+# Core check functions
+# ---------------------------------------------------------------------------
+
+def is_blacklisted(resolved_path: str) -> bool:
+    """Check if resolved_path is under a permanently blocked directory."""
+    return (resolved_path == "/workspaces/.devcontainer"
+            or resolved_path.startswith("/workspaces/.devcontainer/"))
+
+
+def is_in_scope(resolved_path: str, cwd: str) -> bool:
+    """Check if resolved_path is within the working directory."""
+    cwd_prefix = cwd if cwd.endswith("/") else cwd + "/"
+    return resolved_path == cwd or resolved_path.startswith(cwd_prefix)
+
+
+def is_allowlisted(resolved_path: str) -> bool:
+    """Check if resolved_path falls under an allowed prefix."""
+    return any(resolved_path.startswith(prefix) for prefix in ALLOWED_PREFIXES)
+
 
 def get_target_path(tool_name: str, tool_input: dict) -> str | None:
     """Extract the target path from tool input.
@@ -50,16 +130,147 @@ def get_target_path(tool_name: str, tool_input: dict) -> str | None:
     return tool_input.get(field) or None
 
 
-def is_in_scope(resolved_path: str, cwd: str) -> bool:
-    """Check if resolved_path is within the working directory."""
-    cwd_prefix = cwd if cwd.endswith("/") else cwd + "/"
-    return resolved_path == cwd or resolved_path.startswith(cwd_prefix)
+# ---------------------------------------------------------------------------
+# Bash enforcement
+# ---------------------------------------------------------------------------
 
+def extract_write_targets(command: str) -> list[str]:
+    """Extract file paths that the command writes to (Layer 1)."""
+    targets = []
+    for pattern in WRITE_PATTERNS:
+        for match in re.finditer(pattern, command):
+            target = match.group(1).strip("'\"")
+            if target:
+                targets.append(target)
+    return targets
 
-def is_allowlisted(resolved_path: str) -> bool:
-    """Check if resolved_path falls under an allowed prefix."""
-    return any(resolved_path.startswith(prefix) for prefix in ALLOWED_PREFIXES)
 
+def extract_primary_command(command: str) -> str:
+    """Extract the primary command, stripping sudo/env/variable prefixes."""
+    try:
+        tokens = shlex.split(command)
+    except ValueError:
+        # Unclosed quotes or other parse errors — no exemption
+        return ""
+    i = 0
+    while i < len(tokens):
+        tok = tokens[i]
+        # Skip inline variable assignments: VAR=value
+        if "=" in tok and not tok.startswith("-") and tok.split("=")[0].isidentifier():
+            i += 1
+            continue
+        # Skip sudo and its flags
+        if tok == "sudo":
+            i += 1
+            while i < len(tokens) and tokens[i].startswith("-"):
+                flag = tokens[i]
+                i += 1
+                # Flags that consume the next token as an argument
+                if flag in ("-u", "-g", "-C", "-D", "-R", "-T"):
+                    i += 1  # skip the argument too
+            continue
+        # Skip env and its variable assignments
+        if tok == "env":
+            i += 1
+            while i < len(tokens):
+                if "=" in tokens[i] and not tokens[i].startswith("-"):
+                    i += 1  # skip VAR=val
+                elif tokens[i].startswith("-"):
+                    i += 1  # skip env flags (-i, etc.)
+                else:
+                    break
+            continue
+        # Skip nohup, nice, time
+        if tok in ("nohup", "nice", "time"):
+            i += 1
+            continue
+        return tok
+    return ""
+
+
+def check_bash_scope(command: str, cwd: str) -> None:
+    """Enforce scope on Bash commands. Calls sys.exit(2) on violation."""
+    if not command:
+        return
+
+    # --- Extract paths from command ---
+    write_targets = extract_write_targets(command)
+    workspace_paths = WORKSPACE_PATH_RE.findall(command)
+
+    # --- BLACKLIST check (FIRST — before cwd bypass, before everything) ---
+    # Early exit on first blacklisted path found
+    for target in write_targets:
+        resolved = os.path.realpath(target.strip("'\""))
+        if is_blacklisted(resolved):
+            print(
+                f"Blocked: Bash command writes to blacklisted path '{target}'. "
+                f"/workspaces/.devcontainer/ is permanently blocked.",
+                file=sys.stderr,
+            )
+            sys.exit(2)
+
+    for path_str in workspace_paths:
+        resolved = os.path.realpath(path_str)
+        if is_blacklisted(resolved):
+            print(
+                f"Blocked: Bash command references blacklisted path '{path_str}'. "
+                f"/workspaces/.devcontainer/ is permanently blocked.",
+                file=sys.stderr,
+            )
+            sys.exit(2)
+
+    # --- cwd=/workspaces bypass (blacklist already checked above) ---
+    if cwd == "/workspaces":
+        return
+
+    # --- Layer 1: Write target scope check ---
+    if write_targets:
+        primary_cmd = extract_primary_command(command)
+        is_system_cmd = primary_cmd in SYSTEM_COMMANDS
+
+        resolved_targets = [
+            (t, os.path.realpath(t.strip("'\""))) for t in write_targets
+        ]
+
+        # System command exemption: skip Layer 1 ONLY if ALL targets are system paths
+        skip_layer1 = False
+        if is_system_cmd:
+            skip_layer1 = all(
+                any(r.startswith(sp) for sp in SYSTEM_PATH_PREFIXES)
+                for _, r in resolved_targets
+            )
+            # Override: if ANY target is under /workspaces/ outside cwd → NOT exempt
+            if skip_layer1:
+                for _, resolved in resolved_targets:
+                    if resolved.startswith("/workspaces/") and not is_in_scope(resolved, cwd):
+                        skip_layer1 = False
+                        break
+
+        if not skip_layer1:
+            for target, resolved in resolved_targets:
+                if not is_in_scope(resolved, cwd) and not is_allowlisted(resolved):
+                    print(
+                        f"Blocked: Bash command writes to '{target}' which is "
+                        f"outside the working directory ({cwd}).",
+                        file=sys.stderr,
+                    )
+                    sys.exit(2)
+
+    # --- Layer 2: Workspace path scan (ALWAYS runs, never exempt) ---
+    for path_str in workspace_paths:
+        resolved = os.path.realpath(path_str)
+        if not is_in_scope(resolved, cwd) and not is_allowlisted(resolved):
+            print(
+                f"Blocked: Bash command references '{path_str}' which is "
+                f"outside the working directory ({cwd}).",
+                file=sys.stderr,
+            )
+            sys.exit(2)
+
+
+# ---------------------------------------------------------------------------
+# Main
+# ---------------------------------------------------------------------------
 
 def main():
     try:
@@ -69,63 +280,63 @@ def main():
 
         cwd = os.getcwd()
 
-        # Unrestricted when working from the workspace root
-        if cwd == "/workspaces":
+        # --- Bash tool: separate code path ---
+        if tool_name == "Bash":
+            check_bash_scope(tool_input.get("command", ""), cwd)
             sys.exit(0)
 
+        # --- File tools ---
         target_path = get_target_path(tool_name, tool_input)
 
-        # No path specified — tool defaults to cwd, which is in scope
+        # No path → tool defaults to cwd, always in scope (for known file tools)
         if target_path is None:
-            sys.exit(0)
+            if tool_name in ALL_FILE_TOOLS:
+                sys.exit(0)
+            # Unknown tool with no recognizable path → block
+            print(
+                f"Blocked: Unknown tool '{tool_name}' — not in scope guard allowlist.",
+                file=sys.stderr,
+            )
+            sys.exit(2)
 
         resolved = os.path.realpath(target_path)
 
-        if is_in_scope(resolved, cwd):
-            sys.exit(0)
-
-        if is_allowlisted(resolved):
-            sys.exit(0)
-
-        # Out of scope
-        if tool_name in WRITE_TOOLS:
+        # BLACKLIST — checked FIRST, before cwd bypass
+        if is_blacklisted(resolved):
             print(
-                json.dumps(
-                    {
-                        "error": (
-                            f"Blocked: {tool_name} targets '{target_path}' which is "
-                            f"outside the working directory ({cwd}). Move to that "
-                            f"project's directory first or work from /workspaces."
-                        )
-                    }
-                )
+                f"Blocked: {tool_name} targets '{target_path}' which is under "
+                f"blacklisted path /workspaces/.devcontainer/. This path is "
+                f"permanently blocked for all operations.",
+                file=sys.stderr,
             )
             sys.exit(2)
 
-        if tool_name in READ_TOOLS:
-            print(
-                json.dumps(
-                    {
-                        "additionalContext": (
-                            f"Warning: {tool_name} targets '{target_path}' which is "
-                            f"outside the working directory ({cwd}). This read is "
-                            f"allowed but may indicate unintended cross-project access."
-                        )
-                    }
-                )
-            )
+        # cwd=/workspaces bypass (blacklist already checked)
+        if cwd == "/workspaces":
+            sys.exit(0)
+
+        # In-scope check
+        if is_in_scope(resolved, cwd):
+            sys.exit(0)
+
+        # Allowlist check
+        if is_allowlisted(resolved):
             sys.exit(0)
 
-        # Unknown tool — allow by default
-        sys.exit(0)
+        # Out of scope — BLOCK for ALL tools
+        print(
+            f"Blocked: {tool_name} targets '{target_path}' which is outside "
+            f"the working directory ({cwd}). Move to that project's directory "
+            f"first or work from /workspaces.",
+            file=sys.stderr,
+        )
+        sys.exit(2)
 
     except json.JSONDecodeError:
-        # Can't parse input — allow by default
-        sys.exit(0)
+        sys.exit(2)
     except Exception as e:
-        # Don't block on hook failure
         print(f"Hook error: {e}", file=sys.stderr)
-        sys.exit(0)
+        sys.exit(2)
 
 
 if __name__ == "__main__":

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/inject-workspace-cwd.py

@@ -0,0 +1,44 @@
+#!/usr/bin/env python3
+"""
+CWD context injector — injects working directory into Claude's context
+on every session start, user prompt, tool call, and subagent spawn.
+
+Fires on: SessionStart, UserPromptSubmit, PreToolUse, SubagentStart
+Always exits 0 (advisory, never blocking).
+"""
+
+import json
+import os
+import sys
+
+
+def main():
+    cwd = os.getcwd()
+    try:
+        input_data = json.load(sys.stdin)
+        # Some hook events provide cwd override
+        cwd = input_data.get("cwd", cwd)
+        hook_event = input_data.get("hook_event_name", "PreToolUse")
+    except (json.JSONDecodeError, ValueError):
+        hook_event = "PreToolUse"
+
+    context = (
+        f"Working Directory: {cwd}\n"
+        f"All file operations and commands MUST target paths within {cwd}. "
+        f"Do not read, write, or execute commands against paths outside this directory."
+    )
+
+    json.dump(
+        {
+            "hookSpecificOutput": {
+                "hookEventName": hook_event,
+                "additionalContext": context,
+            }
+        },
+        sys.stdout,
+    )
+    sys.exit(0)
+
+
+if __name__ == "__main__":
+    main()

package/.devcontainer/scripts/setup-aliases.sh

@@ -70,6 +70,7 @@ for rc in ~/.bashrc ~/.zshrc; do
 
 ${BLOCK_START}
 export CLAUDE_CONFIG_DIR="${CLAUDE_CONFIG_DIR}"
+export GH_CONFIG_DIR="${GH_CONFIG_DIR:-/workspaces/.gh}"
 export LANG=en_US.UTF-8
 export LC_ALL=en_US.UTF-8
 
@@ -82,10 +83,17 @@ else
     _CLAUDE_BIN=claude
 fi
 
-alias cc='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
-alias claude='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
+# ChromaTerm wrapper (if ct is installed, wrap claude through it)
+if command -v ct >/dev/null 2>&1; then
+    _CLAUDE_WRAP="ct"
+else
+    _CLAUDE_WRAP="command"
+fi
+
+alias cc='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
+alias claude='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
 alias ccraw='command "\$_CLAUDE_BIN"'
-alias ccw='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 command "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/writing-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
+alias ccw='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/writing-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
 
 cc-tools() {
   echo "CodeForge Available Tools"
@@ -93,9 +101,9 @@ cc-tools() {
   printf "  %-20s %s\n" "COMMAND" "STATUS"
   echo "  ────────────────────────────────────"
   for cmd in claude cc ccw ccraw ccusage ccburn claude-monitor \\
-             ccms cargo ruff biome dprint shfmt shellcheck hadolint \\
+             ccms ct cargo ruff biome dprint shfmt shellcheck hadolint \\
              ast-grep tree-sitter pyright typescript-language-server \\
-             agent-browser gh docker git jq tmux bun go; do
+             agent-browser gh docker git jq tmux bun go infocmp; do
     if command -v "\$cmd" >/dev/null 2>&1; then
       ver=\$("\$cmd" --version 2>/dev/null | head -1 || echo "installed")
       printf "  %-20s ✓ %s\n" "\$cmd" "\$ver"

package/.devcontainer/scripts/setup-config.sh

@@ -45,6 +45,7 @@ expand_vars() {
 	local val="$1"
 	val="${val//\$\{CLAUDE_CONFIG_DIR\}/$CLAUDE_CONFIG_DIR}"
 	val="${val//\$\{WORKSPACE_ROOT\}/$WORKSPACE_ROOT}"
+	val="${val//\$\{HOME\}/$HOME}"
 	# Warn on any remaining unresolved ${...} tokens
 	if [[ "$val" =~ \$\{[^}]+\} ]]; then
 		warn "Unresolved variable in: $val"

package/.devcontainer/scripts/setup-projects.sh

@@ -198,7 +198,7 @@ start_watcher() {
 
 		# Cleanup on exit
 		rm -f "$PID_FILE"
-	) &
+	) &>/dev/null &
 	local watcher_pid=$!
 	set +m
 	echo "$watcher_pid" >"$PID_FILE"

package/README.md

@@ -66,13 +66,13 @@ tree-sitter (JS/TS/Python), ast-grep, Pyright, TypeScript LSP
 
 `claude`, `cc` (wrapper), `ccw` (writing mode wrapper), `ccusage`, `ccburn`, `ccstatusline`, `claude-monitor`
 
-### Custom Features (18)
+### Custom Features (21)
 
-tmux, agent-browser, claude-monitor, ccusage, ccburn, ccstatusline, ast-grep, tree-sitter, lsp-servers, biome, ruff, shfmt, shellcheck, hadolint, dprint, ccms, notify-hook, mcp-qdrant
+tmux, agent-browser, claude-monitor, ccusage, ccburn, ccstatusline, ast-grep, tree-sitter, lsp-servers, biome, ruff, shfmt, shellcheck, hadolint, dprint, ccms, notify-hook, mcp-qdrant, chromaterm, kitty-terminfo, claude-session-dashboard
 
-### Agents (17) & Skills (28)
+### Agents (17) & Skills (34)
 
-The `code-directive` plugin includes 17 specialized agents (architect, explorer, test-writer, security-auditor, etc.) and 28 domain-specific coding reference skills (fastapi, svelte5, docker, testing, spec-workflow, security-checklist, etc.).
+The `agent-system` plugin includes 17 specialized agents (architect, explorer, test-writer, security-auditor, etc.). The `skill-engine` plugin provides 21 general coding skills, `spec-workflow` adds 8 spec lifecycle skills, and `ticket-workflow` provides 4 ticket management skills.
 
 ## Quick Start
 
@@ -102,7 +102,7 @@ npm publish
 
 ## Changelog
 
-See [CHANGELOG.md](.devcontainer/CHANGELOG.md) for release history. Current version: **1.12.0** (2026-02-18).
+See [CHANGELOG.md](.devcontainer/CHANGELOG.md) for release history. Current version: **1.14.0** (2026-02-23).
 
 ## Further Reading
 

package/package.json

@@ -1,13 +1,17 @@
 {
 	"name": "codeforge-dev",
-	"version": "1.12.0",
+	"version": "1.14.1",
 	"description": "Complete development container that sets up Claude Code with modular devcontainer features, modern dev tools, and persistent configurations. Drop it into any project and get a production-ready AI development environment in minutes.",
 	"main": "setup.js",
 	"bin": {
 		"codeforge": "setup.js"
 	},
 	"scripts": {
-		"test": "node test.js"
+		"test": "node test.js",
+		"prepublishOnly": "npm test",
+		"docs:dev": "npm run dev --prefix docs",
+		"docs:build": "npm run build --prefix docs",
+		"docs:preview": "npm run preview --prefix docs"
 	},
 	"keywords": [
 		"devcontainer",

package/setup.js

@@ -10,6 +10,7 @@ const DEFAULT_PRESERVE = [
 	"config/defaults/settings.json",
 	"config/defaults/main-system-prompt.md",
 	"config/defaults/keybindings.json",
+	"config/defaults/ccstatusline-settings.json",
 	"config/file-manifest.json",
 	".codeforge-preserve",
 ];
@@ -244,8 +245,8 @@ function printNextSteps() {
 function printFeatures() {
 	console.log("Features included:");
 	console.log("  - Claude Code CLI with optimized tool configuration");
-	console.log("  - MCP servers: Qdrant (vector memory), Reasoner");
-	console.log("  - Development tools: Node.js LTS, Python 3.14, Go, Bun");
+	console.log("  - MCP servers: Qdrant (vector memory)");
+	console.log("  - Development tools: Node.js LTS, Python 3.14, Rust, Bun");
 	console.log("  - Persistent configuration and shell history");
 	console.log("");
 }

package/.devcontainer/.env

@@ -1,33 +0,0 @@
-# CodeForge Environment Configuration
-
-# Paths
-CLAUDE_CONFIG_DIR=/workspaces/.claude
-# CONFIG_SOURCE_DIR is derived from script location; uncomment to override:
-# CONFIG_SOURCE_DIR=/custom/path/to/config
-
-# Setup: copy config files to CLAUDE_CONFIG_DIR
-SETUP_CONFIG=true
-
-# Setup: add cc alias to shell rc files
-SETUP_ALIASES=true
-
-# Setup: configure Git and NPM auth from .secrets file
-SETUP_AUTH=true
-
-# Setup: install official Anthropic plugins
-SETUP_PLUGINS=true
-
-# Setup: auto-update Claude Code CLI to latest on container start (runs in background)
-SETUP_UPDATE_CLAUDE=true
-
-# Setup: configure VS Code Shift+Enter keybinding for Claude Code terminal
-SETUP_TERMINAL=true
-
-# Setup: auto-detect and register projects for VS Code Project Manager
-SETUP_PROJECTS=true
-
-# Setup: run post-start hooks from /usr/local/devcontainer-poststart.d/
-SETUP_POSTSTART=true
-
-# Plugin blacklist (comma-separated plugin names to skip during auto-install)
-PLUGIN_BLACKLIST=""