codeforge-dev 1.12.0 → 1.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.devcontainer/CHANGELOG.md +175 -2
- package/.devcontainer/CLAUDE.md +61 -268
- package/.devcontainer/README.md +17 -9
- package/.devcontainer/config/defaults/ccstatusline-settings.json +147 -0
- package/.devcontainer/config/defaults/main-system-prompt.md +6 -1
- package/.devcontainer/config/defaults/rules/spec-workflow.md +1 -55
- package/.devcontainer/config/defaults/rules/workspace-scope.md +13 -4
- package/.devcontainer/config/defaults/settings.json +5 -3
- package/.devcontainer/config/file-manifest.json +14 -0
- package/.devcontainer/devcontainer.json +32 -7
- package/.devcontainer/docs/optional-features.md +0 -65
- package/.devcontainer/docs/plugins.md +38 -23
- package/.devcontainer/features/ast-grep/devcontainer-feature.json +0 -1
- package/.devcontainer/features/biome/install.sh +13 -0
- package/.devcontainer/features/ccburn/devcontainer-feature.json +0 -1
- package/.devcontainer/features/ccms/devcontainer-feature.json +0 -1
- package/.devcontainer/features/ccms/install.sh +1 -1
- package/.devcontainer/features/ccstatusline/devcontainer-feature.json +0 -1
- package/.devcontainer/features/ccstatusline/install.sh +17 -115
- package/.devcontainer/features/ccusage/devcontainer-feature.json +0 -1
- package/.devcontainer/features/chromaterm/README.md +42 -0
- package/.devcontainer/features/chromaterm/chromaterm.yml +35 -0
- package/.devcontainer/features/chromaterm/devcontainer-feature.json +22 -0
- package/.devcontainer/features/chromaterm/install.sh +113 -0
- package/.devcontainer/features/claude-monitor/devcontainer-feature.json +0 -1
- package/.devcontainer/features/claude-session-dashboard/README.md +40 -0
- package/.devcontainer/features/claude-session-dashboard/devcontainer-feature.json +34 -0
- package/.devcontainer/features/claude-session-dashboard/install.sh +172 -0
- package/.devcontainer/features/kitty-terminfo/README.md +32 -0
- package/.devcontainer/features/kitty-terminfo/devcontainer-feature.json +13 -0
- package/.devcontainer/features/kitty-terminfo/install.sh +72 -0
- package/.devcontainer/features/lsp-servers/devcontainer-feature.json +0 -1
- package/.devcontainer/features/mcp-qdrant/devcontainer-feature.json +0 -1
- package/.devcontainer/features/shellcheck/install.sh +6 -2
- package/.devcontainer/features/tree-sitter/devcontainer-feature.json +0 -1
- package/.devcontainer/plugins/devs-marketplace/.claude-plugin/marketplace.json +48 -59
- package/.devcontainer/plugins/devs-marketplace/plugins/agent-system/.claude-plugin/plugin.json +7 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/AGENT-REDIRECTION.md +7 -12
- package/.devcontainer/plugins/devs-marketplace/plugins/agent-system/README.md +197 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/REVIEW-RUBRIC.md +1 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/architect.md +3 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/bash-exec.md +3 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/claude-guide.md +5 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/debug-logs.md +7 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/dependency-analyst.md +6 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/doc-writer.md +4 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/explorer.md +4 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/generalist.md +10 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/git-archaeologist.md +5 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/migrator.md +4 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/perf-profiler.md +4 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/refactorer.md +5 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/researcher.md +6 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/security-auditor.md +5 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/spec-writer.md +3 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/statusline-config.md +4 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/agents/test-writer.md +4 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/agent-system/hooks/hooks.json +51 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/scripts/guard-readonly-bash.py +2 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/scripts/inject-cwd.py +7 -4
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/scripts/redirect-builtin-agents.py +17 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/task-completed-check.py +166 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/agent-system/scripts/teammate-idle-check.py +81 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/scripts/verify-no-regression.py +14 -10
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → agent-system}/scripts/verify-tests-pass.py +2 -14
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/README.md +17 -31
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-code-quality/hooks/hooks.json +5 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → auto-code-quality}/scripts/advisory-test-runner.py +9 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/codeforge-lsp/README.md +28 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/README.md +28 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/scripts/block-dangerous.py +2 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/notify-hook/README.md +28 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/notify-hook/hooks/hooks.json +0 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/README.md +28 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/scripts/guard-protected-bash.py +1 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/scripts/guard-protected.py +2 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/session-context/.claude-plugin/plugin.json +7 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/session-context/README.md +140 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/session-context/hooks/hooks.json +33 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → session-context}/scripts/commit-reminder.py +3 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → session-context}/scripts/git-state-injector.py +18 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → session-context}/scripts/todo-harvester.py +9 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/.claude-plugin/plugin.json +7 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/README.md +158 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/hooks/hooks.json +16 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/scripts/skill-suggester.py +189 -100
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/api-design/SKILL.md +9 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/ast-grep-patterns/SKILL.md +7 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/claude-agent-sdk/SKILL.md +8 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/claude-code-headless/SKILL.md +8 -9
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/debugging/SKILL.md +11 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/dependency-management/SKILL.md +10 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/docker/SKILL.md +8 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/docker-py/SKILL.md +9 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/documentation-patterns/SKILL.md +7 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/fastapi/SKILL.md +9 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/git-forensics/SKILL.md +11 -9
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/migration-patterns/SKILL.md +7 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/performance-profiling/SKILL.md +10 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/pydantic-ai/SKILL.md +8 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/refactoring-patterns/SKILL.md +9 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/security-checklist/SKILL.md +9 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/skill-building/SKILL.md +7 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/sqlite/SKILL.md +9 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/SKILL.md +7 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/team/SKILL.md +271 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/testing/SKILL.md +10 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/.claude-plugin/plugin.json +7 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/README.md +192 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/hooks/hooks.json +16 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/scripts/spec-reminder.py +3 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-build/SKILL.md +9 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-check/SKILL.md +10 -5
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-init/SKILL.md +8 -4
- package/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-init/references/roadmap-template.md +33 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-new/SKILL.md +8 -4
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-refine/SKILL.md +10 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-review/SKILL.md +10 -6
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-update/SKILL.md +10 -5
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/specification-writing/SKILL.md +9 -9
- package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/.claude-plugin/plugin.json +1 -2
- package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/README.md +28 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/hooks/hooks.json +16 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → ticket-workflow}/scripts/ticket-linker.py +9 -1
- package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/README.md +104 -32
- package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/hooks/hooks.json +49 -3
- package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/guard-workspace-scope.py +269 -58
- package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/inject-workspace-cwd.py +44 -0
- package/.devcontainer/scripts/setup-aliases.sh +13 -5
- package/.devcontainer/scripts/setup-config.sh +1 -0
- package/.devcontainer/scripts/setup-projects.sh +1 -1
- package/README.md +5 -5
- package/package.json +6 -2
- package/setup.js +3 -2
- package/.devcontainer/.env +0 -33
- package/.devcontainer/features/README.md +0 -126
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-formatter/.claude-plugin/plugin.json +0 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-formatter/README.md +0 -81
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-formatter/hooks/hooks.json +0 -17
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-formatter/scripts/__pycache__/format-on-stop.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-formatter/scripts/format-on-stop.py +0 -297
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-linter/.claude-plugin/plugin.json +0 -7
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-linter/README.md +0 -92
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-linter/hooks/hooks.json +0 -17
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-linter/scripts/__pycache__/lint-file.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/auto-linter/scripts/lint-file.py +0 -536
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/.claude-plugin/plugin.json +0 -8
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/README.md +0 -250
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/hooks/hooks.json +0 -112
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/advisory-test-runner.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/collect-edited-files.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/commit-reminder.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/git-state-injector.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/guard-readonly-bash.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/redirect-builtin-agents.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/skill-suggester.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/syntax-validator.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/ticket-linker.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/todo-harvester.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/verify-no-regression.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/__pycache__/verify-tests-pass.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/collect-edited-files.py +0 -46
- package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/scripts/syntax-validator.py +0 -146
- package/.devcontainer/plugins/devs-marketplace/plugins/dangerous-command-blocker/scripts/__pycache__/block-dangerous.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/protected-files-guard/scripts/__pycache__/guard-protected.cpython-314.pyc +0 -0
- package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/.claude-plugin/system-prompt.md +0 -184
- package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/__pycache__/guard-workspace-scope.cpython-314.pyc +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive/.claude-plugin/commands/debug.md → agent-system/skills/debug/SKILL.md} +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/api-design/references/error-handling.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/api-design/references/rest-conventions.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/ast-grep-patterns/references/language-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/claude-agent-sdk/references/sdk-typescript-reference.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/claude-code-headless/references/cli-flags-and-output.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/claude-code-headless/references/sdk-and-mcp.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/debugging/references/error-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/debugging/references/log-locations.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/dependency-management/references/ecosystem-commands.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/dependency-management/references/license-compliance.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/docker/references/compose-services.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/docker/references/dockerfile-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/docker-py/references/container-lifecycle.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/docker-py/references/resources-and-security.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/documentation-patterns/references/api-doc-templates.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/documentation-patterns/references/docstring-formats.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/fastapi/references/middleware-and-lifespan.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/fastapi/references/pydantic-models.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/fastapi/references/routing-and-dependencies.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/fastapi/references/sse-and-streaming.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/git-forensics/references/advanced-commands.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/git-forensics/references/investigation-playbooks.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/migration-patterns/references/javascript-migrations.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/migration-patterns/references/python-migrations.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/performance-profiling/references/interpreting-results.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/performance-profiling/references/tool-commands.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/pydantic-ai/references/agents-and-tools.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/pydantic-ai/references/models-and-streaming.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/refactoring-patterns/references/safe-transformations.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/refactoring-patterns/references/smell-catalog.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/security-checklist/references/owasp-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/security-checklist/references/secrets-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/skill-building/references/cross-vendor-principles.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/skill-building/references/patterns-and-antipatterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/skill-building/references/skill-authoring-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/sqlite/references/advanced-queries.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/sqlite/references/javascript-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/sqlite/references/python-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/sqlite/references/schema-and-pragmas.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/ai-sdk-svelte.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/component-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/layercake.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/migration-guide.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/runes-and-reactivity.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/spa-and-routing.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/svelte5/references/svelte-dnd-action.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/testing/references/fastapi-testing.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → skill-engine}/skills/testing/references/svelte-testing.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-build/references/review-checklist.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-init/references/backlog-template.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-init/references/milestones-template.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/spec-new/references/template.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/specification-writing/references/criteria-patterns.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/{code-directive → spec-workflow}/skills/specification-writing/references/ears-templates.md +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/{.claude-plugin/commands/ticket/357/200/272create-pr.md" → skills/ticketcreate-pr/SKILL.md} +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/{.claude-plugin/commands/ticket/357/200/272new.md" → skills/ticketnew/SKILL.md} +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/{.claude-plugin/commands/ticket/357/200/272review-commit.md" → skills/ticketreview-commit/SKILL.md} +0 -0
- /package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/{.claude-plugin/commands/ticket/357/200/272work.md" → skills/ticketwork/SKILL.md} +0 -0
|
@@ -1,31 +1,41 @@
|
|
|
1
1
|
#!/usr/bin/env python3
|
|
2
2
|
"""
|
|
3
|
-
|
|
3
|
+
Nuclear workspace scope enforcement.
|
|
4
4
|
|
|
5
|
-
Blocks
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
Blocks ALL operations (read, write, bash) outside the current working directory.
|
|
6
|
+
Permanently blacklists /workspaces/.devcontainer/ — no exceptions, no bypass.
|
|
7
|
+
Bash enforcement via two-layer detection: write target extraction + workspace path scan.
|
|
8
|
+
Fails closed on any error.
|
|
9
9
|
|
|
10
10
|
Exit code 2 blocks the operation with an error message.
|
|
11
|
-
Exit code 0 allows the operation to proceed
|
|
11
|
+
Exit code 0 allows the operation to proceed.
|
|
12
12
|
"""
|
|
13
13
|
|
|
14
14
|
import json
|
|
15
15
|
import os
|
|
16
|
+
import re
|
|
17
|
+
import shlex
|
|
16
18
|
import sys
|
|
17
19
|
|
|
18
|
-
#
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
# ---------------------------------------------------------------------------
|
|
21
|
+
# BLACKLIST — checked FIRST, overrides everything.
|
|
22
|
+
# Nothing touches these paths. Ever. No exceptions.
|
|
23
|
+
# Checked before allowlist, before scope check, before cwd bypass.
|
|
24
|
+
# ---------------------------------------------------------------------------
|
|
25
|
+
BLACKLISTED_PREFIXES = [
|
|
22
26
|
"/workspaces/.devcontainer/",
|
|
23
|
-
"/
|
|
24
|
-
|
|
27
|
+
"/workspaces/.devcontainer", # exact match (no trailing slash)
|
|
28
|
+
]
|
|
29
|
+
|
|
30
|
+
# Paths always allowed regardless of working directory
|
|
31
|
+
ALLOWED_PREFIXES = [
|
|
32
|
+
"/workspaces/.claude/", # Claude config, plans, rules
|
|
33
|
+
"/tmp/", # System scratch
|
|
25
34
|
]
|
|
26
35
|
|
|
27
36
|
WRITE_TOOLS = {"Write", "Edit", "NotebookEdit"}
|
|
28
37
|
READ_TOOLS = {"Read", "Glob", "Grep"}
|
|
38
|
+
ALL_FILE_TOOLS = WRITE_TOOLS | READ_TOOLS
|
|
29
39
|
|
|
30
40
|
# Tool input field that contains the target path
|
|
31
41
|
PATH_FIELDS = {
|
|
@@ -37,6 +47,76 @@ PATH_FIELDS = {
|
|
|
37
47
|
"Grep": "path",
|
|
38
48
|
}
|
|
39
49
|
|
|
50
|
+
# ---------------------------------------------------------------------------
|
|
51
|
+
# Bash Layer 1: Write target patterns
|
|
52
|
+
# Ported from guard-protected-bash.py + new patterns
|
|
53
|
+
# ---------------------------------------------------------------------------
|
|
54
|
+
WRITE_PATTERNS = [
|
|
55
|
+
# --- Ported from guard-protected-bash.py ---
|
|
56
|
+
r"(?:>|>>)\s*([^\s;&|]+)", # > file, >> file
|
|
57
|
+
r"\btee\s+(?:-a\s+)?([^\s;&|]+)", # tee file
|
|
58
|
+
r"\b(?:cp|mv)\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)", # cp/mv src dest
|
|
59
|
+
r'\bsed\s+-i[^\s]*\s+(?:\'[^\']*\'\s+|"[^"]*"\s+|[^\s]+\s+)*([^\s;&|]+)', # sed -i
|
|
60
|
+
r"\bcat\s+(?:<<[^\s]*\s+)?>\s*([^\s;&|]+)", # cat > file
|
|
61
|
+
# --- New patterns ---
|
|
62
|
+
r"\btouch\s+(?:-[^\s]+\s+)*([^\s;&|]+)", # touch file
|
|
63
|
+
r"\bmkdir\s+(?:-[^\s]+\s+)*([^\s;&|]+)", # mkdir [-p] dir
|
|
64
|
+
r"\brm\s+(?:-[^\s]+\s+)*([^\s;&|]+)", # rm [-rf] path
|
|
65
|
+
r"\bln\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)", # ln [-s] src dest
|
|
66
|
+
r"\binstall\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)", # install src dest
|
|
67
|
+
r"\brsync\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)", # rsync src dest
|
|
68
|
+
r"\bchmod\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)", # chmod mode path
|
|
69
|
+
r"\bchown\s+(?:-[^\s]+\s+)*[^\s:]+(?::[^\s]+)?\s+([^\s;&|]+)", # chown owner[:group] path
|
|
70
|
+
r"\bdd\b[^;|&]*\bof=([^\s;&|]+)", # dd of=path
|
|
71
|
+
r"\bwget\s+(?:-[^\s]+\s+)*-O\s+([^\s;&|]+)", # wget -O path
|
|
72
|
+
r"\bcurl\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)", # curl -o path
|
|
73
|
+
r"\btar\s+(?:-[^\s]+\s+)*-C\s+([^\s;&|]+)", # tar -C dir
|
|
74
|
+
r"\bunzip\s+(?:-[^\s]+\s+)*-d\s+([^\s;&|]+)", # unzip -d dir
|
|
75
|
+
r"\b(?:gcc|g\+\+|cc|c\+\+|clang)\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)", # gcc -o out
|
|
76
|
+
r"\bsqlite3\s+([^\s;&|]+)", # sqlite3 dbpath
|
|
77
|
+
]
|
|
78
|
+
|
|
79
|
+
# ---------------------------------------------------------------------------
|
|
80
|
+
# Bash Layer 2: Workspace path scan (ALWAYS runs, never exempt)
|
|
81
|
+
# Stops at: whitespace, ;, |, &, >, ), <, ', "
|
|
82
|
+
# ---------------------------------------------------------------------------
|
|
83
|
+
WORKSPACE_PATH_RE = re.compile(r'/workspaces/[^\s;|&>)<\'"]+')
|
|
84
|
+
|
|
85
|
+
# ---------------------------------------------------------------------------
|
|
86
|
+
# System command exemption (Layer 1 only)
|
|
87
|
+
# ---------------------------------------------------------------------------
|
|
88
|
+
SYSTEM_COMMANDS = frozenset({
|
|
89
|
+
"git", "pip", "pip3", "npm", "npx", "yarn", "pnpm",
|
|
90
|
+
"apt-get", "apt", "cargo", "go", "docker", "make", "cmake",
|
|
91
|
+
"node", "python3", "python", "ruby", "gem", "bundle",
|
|
92
|
+
})
|
|
93
|
+
|
|
94
|
+
SYSTEM_PATH_PREFIXES = (
|
|
95
|
+
"/usr/", "/bin/", "/sbin/", "/lib/", "/opt/",
|
|
96
|
+
"/proc/", "/sys/", "/dev/", "/var/", "/etc/",
|
|
97
|
+
)
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
# ---------------------------------------------------------------------------
|
|
101
|
+
# Core check functions
|
|
102
|
+
# ---------------------------------------------------------------------------
|
|
103
|
+
|
|
104
|
+
def is_blacklisted(resolved_path: str) -> bool:
|
|
105
|
+
"""Check if resolved_path is under a permanently blocked directory."""
|
|
106
|
+
return (resolved_path == "/workspaces/.devcontainer"
|
|
107
|
+
or resolved_path.startswith("/workspaces/.devcontainer/"))
|
|
108
|
+
|
|
109
|
+
|
|
110
|
+
def is_in_scope(resolved_path: str, cwd: str) -> bool:
|
|
111
|
+
"""Check if resolved_path is within the working directory."""
|
|
112
|
+
cwd_prefix = cwd if cwd.endswith("/") else cwd + "/"
|
|
113
|
+
return resolved_path == cwd or resolved_path.startswith(cwd_prefix)
|
|
114
|
+
|
|
115
|
+
|
|
116
|
+
def is_allowlisted(resolved_path: str) -> bool:
|
|
117
|
+
"""Check if resolved_path falls under an allowed prefix."""
|
|
118
|
+
return any(resolved_path.startswith(prefix) for prefix in ALLOWED_PREFIXES)
|
|
119
|
+
|
|
40
120
|
|
|
41
121
|
def get_target_path(tool_name: str, tool_input: dict) -> str | None:
|
|
42
122
|
"""Extract the target path from tool input.
|
|
@@ -50,16 +130,147 @@ def get_target_path(tool_name: str, tool_input: dict) -> str | None:
|
|
|
50
130
|
return tool_input.get(field) or None
|
|
51
131
|
|
|
52
132
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
return resolved_path == cwd or resolved_path.startswith(cwd_prefix)
|
|
133
|
+
# ---------------------------------------------------------------------------
|
|
134
|
+
# Bash enforcement
|
|
135
|
+
# ---------------------------------------------------------------------------
|
|
57
136
|
|
|
137
|
+
def extract_write_targets(command: str) -> list[str]:
|
|
138
|
+
"""Extract file paths that the command writes to (Layer 1)."""
|
|
139
|
+
targets = []
|
|
140
|
+
for pattern in WRITE_PATTERNS:
|
|
141
|
+
for match in re.finditer(pattern, command):
|
|
142
|
+
target = match.group(1).strip("'\"")
|
|
143
|
+
if target:
|
|
144
|
+
targets.append(target)
|
|
145
|
+
return targets
|
|
58
146
|
|
|
59
|
-
def is_allowlisted(resolved_path: str) -> bool:
|
|
60
|
-
"""Check if resolved_path falls under an allowed prefix."""
|
|
61
|
-
return any(resolved_path.startswith(prefix) for prefix in ALLOWED_PREFIXES)
|
|
62
147
|
|
|
148
|
+
def extract_primary_command(command: str) -> str:
|
|
149
|
+
"""Extract the primary command, stripping sudo/env/variable prefixes."""
|
|
150
|
+
try:
|
|
151
|
+
tokens = shlex.split(command)
|
|
152
|
+
except ValueError:
|
|
153
|
+
# Unclosed quotes or other parse errors — no exemption
|
|
154
|
+
return ""
|
|
155
|
+
i = 0
|
|
156
|
+
while i < len(tokens):
|
|
157
|
+
tok = tokens[i]
|
|
158
|
+
# Skip inline variable assignments: VAR=value
|
|
159
|
+
if "=" in tok and not tok.startswith("-") and tok.split("=")[0].isidentifier():
|
|
160
|
+
i += 1
|
|
161
|
+
continue
|
|
162
|
+
# Skip sudo and its flags
|
|
163
|
+
if tok == "sudo":
|
|
164
|
+
i += 1
|
|
165
|
+
while i < len(tokens) and tokens[i].startswith("-"):
|
|
166
|
+
flag = tokens[i]
|
|
167
|
+
i += 1
|
|
168
|
+
# Flags that consume the next token as an argument
|
|
169
|
+
if flag in ("-u", "-g", "-C", "-D", "-R", "-T"):
|
|
170
|
+
i += 1 # skip the argument too
|
|
171
|
+
continue
|
|
172
|
+
# Skip env and its variable assignments
|
|
173
|
+
if tok == "env":
|
|
174
|
+
i += 1
|
|
175
|
+
while i < len(tokens):
|
|
176
|
+
if "=" in tokens[i] and not tokens[i].startswith("-"):
|
|
177
|
+
i += 1 # skip VAR=val
|
|
178
|
+
elif tokens[i].startswith("-"):
|
|
179
|
+
i += 1 # skip env flags (-i, etc.)
|
|
180
|
+
else:
|
|
181
|
+
break
|
|
182
|
+
continue
|
|
183
|
+
# Skip nohup, nice, time
|
|
184
|
+
if tok in ("nohup", "nice", "time"):
|
|
185
|
+
i += 1
|
|
186
|
+
continue
|
|
187
|
+
return tok
|
|
188
|
+
return ""
|
|
189
|
+
|
|
190
|
+
|
|
191
|
+
def check_bash_scope(command: str, cwd: str) -> None:
|
|
192
|
+
"""Enforce scope on Bash commands. Calls sys.exit(2) on violation."""
|
|
193
|
+
if not command:
|
|
194
|
+
return
|
|
195
|
+
|
|
196
|
+
# --- Extract paths from command ---
|
|
197
|
+
write_targets = extract_write_targets(command)
|
|
198
|
+
workspace_paths = WORKSPACE_PATH_RE.findall(command)
|
|
199
|
+
|
|
200
|
+
# --- BLACKLIST check (FIRST — before cwd bypass, before everything) ---
|
|
201
|
+
# Early exit on first blacklisted path found
|
|
202
|
+
for target in write_targets:
|
|
203
|
+
resolved = os.path.realpath(target.strip("'\""))
|
|
204
|
+
if is_blacklisted(resolved):
|
|
205
|
+
print(
|
|
206
|
+
f"Blocked: Bash command writes to blacklisted path '{target}'. "
|
|
207
|
+
f"/workspaces/.devcontainer/ is permanently blocked.",
|
|
208
|
+
file=sys.stderr,
|
|
209
|
+
)
|
|
210
|
+
sys.exit(2)
|
|
211
|
+
|
|
212
|
+
for path_str in workspace_paths:
|
|
213
|
+
resolved = os.path.realpath(path_str)
|
|
214
|
+
if is_blacklisted(resolved):
|
|
215
|
+
print(
|
|
216
|
+
f"Blocked: Bash command references blacklisted path '{path_str}'. "
|
|
217
|
+
f"/workspaces/.devcontainer/ is permanently blocked.",
|
|
218
|
+
file=sys.stderr,
|
|
219
|
+
)
|
|
220
|
+
sys.exit(2)
|
|
221
|
+
|
|
222
|
+
# --- cwd=/workspaces bypass (blacklist already checked above) ---
|
|
223
|
+
if cwd == "/workspaces":
|
|
224
|
+
return
|
|
225
|
+
|
|
226
|
+
# --- Layer 1: Write target scope check ---
|
|
227
|
+
if write_targets:
|
|
228
|
+
primary_cmd = extract_primary_command(command)
|
|
229
|
+
is_system_cmd = primary_cmd in SYSTEM_COMMANDS
|
|
230
|
+
|
|
231
|
+
resolved_targets = [
|
|
232
|
+
(t, os.path.realpath(t.strip("'\""))) for t in write_targets
|
|
233
|
+
]
|
|
234
|
+
|
|
235
|
+
# System command exemption: skip Layer 1 ONLY if ALL targets are system paths
|
|
236
|
+
skip_layer1 = False
|
|
237
|
+
if is_system_cmd:
|
|
238
|
+
skip_layer1 = all(
|
|
239
|
+
any(r.startswith(sp) for sp in SYSTEM_PATH_PREFIXES)
|
|
240
|
+
for _, r in resolved_targets
|
|
241
|
+
)
|
|
242
|
+
# Override: if ANY target is under /workspaces/ outside cwd → NOT exempt
|
|
243
|
+
if skip_layer1:
|
|
244
|
+
for _, resolved in resolved_targets:
|
|
245
|
+
if resolved.startswith("/workspaces/") and not is_in_scope(resolved, cwd):
|
|
246
|
+
skip_layer1 = False
|
|
247
|
+
break
|
|
248
|
+
|
|
249
|
+
if not skip_layer1:
|
|
250
|
+
for target, resolved in resolved_targets:
|
|
251
|
+
if not is_in_scope(resolved, cwd) and not is_allowlisted(resolved):
|
|
252
|
+
print(
|
|
253
|
+
f"Blocked: Bash command writes to '{target}' which is "
|
|
254
|
+
f"outside the working directory ({cwd}).",
|
|
255
|
+
file=sys.stderr,
|
|
256
|
+
)
|
|
257
|
+
sys.exit(2)
|
|
258
|
+
|
|
259
|
+
# --- Layer 2: Workspace path scan (ALWAYS runs, never exempt) ---
|
|
260
|
+
for path_str in workspace_paths:
|
|
261
|
+
resolved = os.path.realpath(path_str)
|
|
262
|
+
if not is_in_scope(resolved, cwd) and not is_allowlisted(resolved):
|
|
263
|
+
print(
|
|
264
|
+
f"Blocked: Bash command references '{path_str}' which is "
|
|
265
|
+
f"outside the working directory ({cwd}).",
|
|
266
|
+
file=sys.stderr,
|
|
267
|
+
)
|
|
268
|
+
sys.exit(2)
|
|
269
|
+
|
|
270
|
+
|
|
271
|
+
# ---------------------------------------------------------------------------
|
|
272
|
+
# Main
|
|
273
|
+
# ---------------------------------------------------------------------------
|
|
63
274
|
|
|
64
275
|
def main():
|
|
65
276
|
try:
|
|
@@ -69,63 +280,63 @@ def main():
|
|
|
69
280
|
|
|
70
281
|
cwd = os.getcwd()
|
|
71
282
|
|
|
72
|
-
#
|
|
73
|
-
if
|
|
283
|
+
# --- Bash tool: separate code path ---
|
|
284
|
+
if tool_name == "Bash":
|
|
285
|
+
check_bash_scope(tool_input.get("command", ""), cwd)
|
|
74
286
|
sys.exit(0)
|
|
75
287
|
|
|
288
|
+
# --- File tools ---
|
|
76
289
|
target_path = get_target_path(tool_name, tool_input)
|
|
77
290
|
|
|
78
|
-
# No path
|
|
291
|
+
# No path → tool defaults to cwd, always in scope (for known file tools)
|
|
79
292
|
if target_path is None:
|
|
80
|
-
|
|
293
|
+
if tool_name in ALL_FILE_TOOLS:
|
|
294
|
+
sys.exit(0)
|
|
295
|
+
# Unknown tool with no recognizable path → block
|
|
296
|
+
print(
|
|
297
|
+
f"Blocked: Unknown tool '{tool_name}' — not in scope guard allowlist.",
|
|
298
|
+
file=sys.stderr,
|
|
299
|
+
)
|
|
300
|
+
sys.exit(2)
|
|
81
301
|
|
|
82
302
|
resolved = os.path.realpath(target_path)
|
|
83
303
|
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
if is_allowlisted(resolved):
|
|
88
|
-
sys.exit(0)
|
|
89
|
-
|
|
90
|
-
# Out of scope
|
|
91
|
-
if tool_name in WRITE_TOOLS:
|
|
304
|
+
# BLACKLIST — checked FIRST, before cwd bypass
|
|
305
|
+
if is_blacklisted(resolved):
|
|
92
306
|
print(
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
f"outside the working directory ({cwd}). Move to that "
|
|
98
|
-
f"project's directory first or work from /workspaces."
|
|
99
|
-
)
|
|
100
|
-
}
|
|
101
|
-
)
|
|
307
|
+
f"Blocked: {tool_name} targets '{target_path}' which is under "
|
|
308
|
+
f"blacklisted path /workspaces/.devcontainer/. This path is "
|
|
309
|
+
f"permanently blocked for all operations.",
|
|
310
|
+
file=sys.stderr,
|
|
102
311
|
)
|
|
103
312
|
sys.exit(2)
|
|
104
313
|
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
)
|
|
116
|
-
)
|
|
314
|
+
# cwd=/workspaces bypass (blacklist already checked)
|
|
315
|
+
if cwd == "/workspaces":
|
|
316
|
+
sys.exit(0)
|
|
317
|
+
|
|
318
|
+
# In-scope check
|
|
319
|
+
if is_in_scope(resolved, cwd):
|
|
320
|
+
sys.exit(0)
|
|
321
|
+
|
|
322
|
+
# Allowlist check
|
|
323
|
+
if is_allowlisted(resolved):
|
|
117
324
|
sys.exit(0)
|
|
118
325
|
|
|
119
|
-
#
|
|
120
|
-
|
|
326
|
+
# Out of scope — BLOCK for ALL tools
|
|
327
|
+
print(
|
|
328
|
+
f"Blocked: {tool_name} targets '{target_path}' which is outside "
|
|
329
|
+
f"the working directory ({cwd}). Move to that project's directory "
|
|
330
|
+
f"first or work from /workspaces.",
|
|
331
|
+
file=sys.stderr,
|
|
332
|
+
)
|
|
333
|
+
sys.exit(2)
|
|
121
334
|
|
|
122
335
|
except json.JSONDecodeError:
|
|
123
|
-
|
|
124
|
-
sys.exit(0)
|
|
336
|
+
sys.exit(2)
|
|
125
337
|
except Exception as e:
|
|
126
|
-
# Don't block on hook failure
|
|
127
338
|
print(f"Hook error: {e}", file=sys.stderr)
|
|
128
|
-
sys.exit(
|
|
339
|
+
sys.exit(2)
|
|
129
340
|
|
|
130
341
|
|
|
131
342
|
if __name__ == "__main__":
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
"""
|
|
3
|
+
CWD context injector — injects working directory into Claude's context
|
|
4
|
+
on every session start, user prompt, tool call, and subagent spawn.
|
|
5
|
+
|
|
6
|
+
Fires on: SessionStart, UserPromptSubmit, PreToolUse, SubagentStart
|
|
7
|
+
Always exits 0 (advisory, never blocking).
|
|
8
|
+
"""
|
|
9
|
+
|
|
10
|
+
import json
|
|
11
|
+
import os
|
|
12
|
+
import sys
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
def main():
|
|
16
|
+
cwd = os.getcwd()
|
|
17
|
+
try:
|
|
18
|
+
input_data = json.load(sys.stdin)
|
|
19
|
+
# Some hook events provide cwd override
|
|
20
|
+
cwd = input_data.get("cwd", cwd)
|
|
21
|
+
hook_event = input_data.get("hook_event_name", "PreToolUse")
|
|
22
|
+
except (json.JSONDecodeError, ValueError):
|
|
23
|
+
hook_event = "PreToolUse"
|
|
24
|
+
|
|
25
|
+
context = (
|
|
26
|
+
f"Working Directory: {cwd}\n"
|
|
27
|
+
f"All file operations and commands MUST target paths within {cwd}. "
|
|
28
|
+
f"Do not read, write, or execute commands against paths outside this directory."
|
|
29
|
+
)
|
|
30
|
+
|
|
31
|
+
json.dump(
|
|
32
|
+
{
|
|
33
|
+
"hookSpecificOutput": {
|
|
34
|
+
"hookEventName": hook_event,
|
|
35
|
+
"additionalContext": context,
|
|
36
|
+
}
|
|
37
|
+
},
|
|
38
|
+
sys.stdout,
|
|
39
|
+
)
|
|
40
|
+
sys.exit(0)
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
if __name__ == "__main__":
|
|
44
|
+
main()
|
|
@@ -70,6 +70,7 @@ for rc in ~/.bashrc ~/.zshrc; do
|
|
|
70
70
|
|
|
71
71
|
${BLOCK_START}
|
|
72
72
|
export CLAUDE_CONFIG_DIR="${CLAUDE_CONFIG_DIR}"
|
|
73
|
+
export GH_CONFIG_DIR="${GH_CONFIG_DIR:-/workspaces/.gh}"
|
|
73
74
|
export LANG=en_US.UTF-8
|
|
74
75
|
export LC_ALL=en_US.UTF-8
|
|
75
76
|
|
|
@@ -82,10 +83,17 @@ else
|
|
|
82
83
|
_CLAUDE_BIN=claude
|
|
83
84
|
fi
|
|
84
85
|
|
|
85
|
-
|
|
86
|
-
|
|
86
|
+
# ChromaTerm wrapper (if ct is installed, wrap claude through it)
|
|
87
|
+
if command -v ct >/dev/null 2>&1; then
|
|
88
|
+
_CLAUDE_WRAP="ct"
|
|
89
|
+
else
|
|
90
|
+
_CLAUDE_WRAP="command"
|
|
91
|
+
fi
|
|
92
|
+
|
|
93
|
+
alias cc='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
|
|
94
|
+
alias claude='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
|
|
87
95
|
alias ccraw='command "\$_CLAUDE_BIN"'
|
|
88
|
-
alias ccw='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1
|
|
96
|
+
alias ccw='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/writing-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
|
|
89
97
|
|
|
90
98
|
cc-tools() {
|
|
91
99
|
echo "CodeForge Available Tools"
|
|
@@ -93,9 +101,9 @@ cc-tools() {
|
|
|
93
101
|
printf " %-20s %s\n" "COMMAND" "STATUS"
|
|
94
102
|
echo " ────────────────────────────────────"
|
|
95
103
|
for cmd in claude cc ccw ccraw ccusage ccburn claude-monitor \\
|
|
96
|
-
ccms cargo ruff biome dprint shfmt shellcheck hadolint \\
|
|
104
|
+
ccms ct cargo ruff biome dprint shfmt shellcheck hadolint \\
|
|
97
105
|
ast-grep tree-sitter pyright typescript-language-server \\
|
|
98
|
-
agent-browser gh docker git jq tmux bun go; do
|
|
106
|
+
agent-browser gh docker git jq tmux bun go infocmp; do
|
|
99
107
|
if command -v "\$cmd" >/dev/null 2>&1; then
|
|
100
108
|
ver=\$("\$cmd" --version 2>/dev/null | head -1 || echo "installed")
|
|
101
109
|
printf " %-20s ✓ %s\n" "\$cmd" "\$ver"
|
|
@@ -45,6 +45,7 @@ expand_vars() {
|
|
|
45
45
|
local val="$1"
|
|
46
46
|
val="${val//\$\{CLAUDE_CONFIG_DIR\}/$CLAUDE_CONFIG_DIR}"
|
|
47
47
|
val="${val//\$\{WORKSPACE_ROOT\}/$WORKSPACE_ROOT}"
|
|
48
|
+
val="${val//\$\{HOME\}/$HOME}"
|
|
48
49
|
# Warn on any remaining unresolved ${...} tokens
|
|
49
50
|
if [[ "$val" =~ \$\{[^}]+\} ]]; then
|
|
50
51
|
warn "Unresolved variable in: $val"
|
package/README.md
CHANGED
|
@@ -66,13 +66,13 @@ tree-sitter (JS/TS/Python), ast-grep, Pyright, TypeScript LSP
|
|
|
66
66
|
|
|
67
67
|
`claude`, `cc` (wrapper), `ccw` (writing mode wrapper), `ccusage`, `ccburn`, `ccstatusline`, `claude-monitor`
|
|
68
68
|
|
|
69
|
-
### Custom Features (
|
|
69
|
+
### Custom Features (21)
|
|
70
70
|
|
|
71
|
-
tmux, agent-browser, claude-monitor, ccusage, ccburn, ccstatusline, ast-grep, tree-sitter, lsp-servers, biome, ruff, shfmt, shellcheck, hadolint, dprint, ccms, notify-hook, mcp-qdrant
|
|
71
|
+
tmux, agent-browser, claude-monitor, ccusage, ccburn, ccstatusline, ast-grep, tree-sitter, lsp-servers, biome, ruff, shfmt, shellcheck, hadolint, dprint, ccms, notify-hook, mcp-qdrant, chromaterm, kitty-terminfo, claude-session-dashboard
|
|
72
72
|
|
|
73
|
-
### Agents (17) & Skills (
|
|
73
|
+
### Agents (17) & Skills (34)
|
|
74
74
|
|
|
75
|
-
The `
|
|
75
|
+
The `agent-system` plugin includes 17 specialized agents (architect, explorer, test-writer, security-auditor, etc.). The `skill-engine` plugin provides 21 general coding skills, `spec-workflow` adds 8 spec lifecycle skills, and `ticket-workflow` provides 4 ticket management skills.
|
|
76
76
|
|
|
77
77
|
## Quick Start
|
|
78
78
|
|
|
@@ -102,7 +102,7 @@ npm publish
|
|
|
102
102
|
|
|
103
103
|
## Changelog
|
|
104
104
|
|
|
105
|
-
See [CHANGELOG.md](.devcontainer/CHANGELOG.md) for release history. Current version: **1.
|
|
105
|
+
See [CHANGELOG.md](.devcontainer/CHANGELOG.md) for release history. Current version: **1.14.0** (2026-02-23).
|
|
106
106
|
|
|
107
107
|
## Further Reading
|
|
108
108
|
|
package/package.json
CHANGED
|
@@ -1,13 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "codeforge-dev",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.14.1",
|
|
4
4
|
"description": "Complete development container that sets up Claude Code with modular devcontainer features, modern dev tools, and persistent configurations. Drop it into any project and get a production-ready AI development environment in minutes.",
|
|
5
5
|
"main": "setup.js",
|
|
6
6
|
"bin": {
|
|
7
7
|
"codeforge": "setup.js"
|
|
8
8
|
},
|
|
9
9
|
"scripts": {
|
|
10
|
-
"test": "node test.js"
|
|
10
|
+
"test": "node test.js",
|
|
11
|
+
"prepublishOnly": "npm test",
|
|
12
|
+
"docs:dev": "npm run dev --prefix docs",
|
|
13
|
+
"docs:build": "npm run build --prefix docs",
|
|
14
|
+
"docs:preview": "npm run preview --prefix docs"
|
|
11
15
|
},
|
|
12
16
|
"keywords": [
|
|
13
17
|
"devcontainer",
|
package/setup.js
CHANGED
|
@@ -10,6 +10,7 @@ const DEFAULT_PRESERVE = [
|
|
|
10
10
|
"config/defaults/settings.json",
|
|
11
11
|
"config/defaults/main-system-prompt.md",
|
|
12
12
|
"config/defaults/keybindings.json",
|
|
13
|
+
"config/defaults/ccstatusline-settings.json",
|
|
13
14
|
"config/file-manifest.json",
|
|
14
15
|
".codeforge-preserve",
|
|
15
16
|
];
|
|
@@ -244,8 +245,8 @@ function printNextSteps() {
|
|
|
244
245
|
function printFeatures() {
|
|
245
246
|
console.log("Features included:");
|
|
246
247
|
console.log(" - Claude Code CLI with optimized tool configuration");
|
|
247
|
-
console.log(" - MCP servers: Qdrant (vector memory)
|
|
248
|
-
console.log(" - Development tools: Node.js LTS, Python 3.14,
|
|
248
|
+
console.log(" - MCP servers: Qdrant (vector memory)");
|
|
249
|
+
console.log(" - Development tools: Node.js LTS, Python 3.14, Rust, Bun");
|
|
249
250
|
console.log(" - Persistent configuration and shell history");
|
|
250
251
|
console.log("");
|
|
251
252
|
}
|
package/.devcontainer/.env
DELETED
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
# CodeForge Environment Configuration
|
|
2
|
-
|
|
3
|
-
# Paths
|
|
4
|
-
CLAUDE_CONFIG_DIR=/workspaces/.claude
|
|
5
|
-
# CONFIG_SOURCE_DIR is derived from script location; uncomment to override:
|
|
6
|
-
# CONFIG_SOURCE_DIR=/custom/path/to/config
|
|
7
|
-
|
|
8
|
-
# Setup: copy config files to CLAUDE_CONFIG_DIR
|
|
9
|
-
SETUP_CONFIG=true
|
|
10
|
-
|
|
11
|
-
# Setup: add cc alias to shell rc files
|
|
12
|
-
SETUP_ALIASES=true
|
|
13
|
-
|
|
14
|
-
# Setup: configure Git and NPM auth from .secrets file
|
|
15
|
-
SETUP_AUTH=true
|
|
16
|
-
|
|
17
|
-
# Setup: install official Anthropic plugins
|
|
18
|
-
SETUP_PLUGINS=true
|
|
19
|
-
|
|
20
|
-
# Setup: auto-update Claude Code CLI to latest on container start (runs in background)
|
|
21
|
-
SETUP_UPDATE_CLAUDE=true
|
|
22
|
-
|
|
23
|
-
# Setup: configure VS Code Shift+Enter keybinding for Claude Code terminal
|
|
24
|
-
SETUP_TERMINAL=true
|
|
25
|
-
|
|
26
|
-
# Setup: auto-detect and register projects for VS Code Project Manager
|
|
27
|
-
SETUP_PROJECTS=true
|
|
28
|
-
|
|
29
|
-
# Setup: run post-start hooks from /usr/local/devcontainer-poststart.d/
|
|
30
|
-
SETUP_POSTSTART=true
|
|
31
|
-
|
|
32
|
-
# Plugin blacklist (comma-separated plugin names to skip during auto-install)
|
|
33
|
-
PLUGIN_BLACKLIST=""
|