codeforge-dev 1.14.2 → 2.0.1

package/.devcontainer/plugins/devs-marketplace/plugins/skill-engine/skills/worktree/references/parallel-workflow-patterns.md

@@ -0,0 +1,228 @@
+# Parallel Workflow Patterns
+
+Worktree usage patterns for multi-context development, agent orchestration, and lifecycle customization.
+
+---
+
+## Pattern 1: Feature + Review
+
+Work on a feature in one worktree while reviewing a PR in another.
+
+**Setup:**
+```bash
+# Main checkout: feature work
+# New worktree: PR review
+git worktree add /workspaces/projects/.worktrees/review-pr-123 -b review/pr-123
+cd /workspaces/projects/.worktrees/review-pr-123
+git fetch origin pull/123/head:review/pr-123
+git checkout review/pr-123
+```
+
+**Workflow:**
+1. Continue feature work in the main checkout
+2. Switch to the review worktree to read, test, and comment on the PR
+3. No stashing, no context loss
+4. Remove review worktree after PR is merged
+
+**When to use:** Long-running feature work that cannot be interrupted, combined with review responsibilities.
+
+---
+
+## Pattern 2: Safe Experimentation
+
+Try a risky refactor or architectural change without affecting the working checkout.
+
+**Setup:**
+```bash
+claude --worktree spike-new-architecture
+# or
+EnterWorktree: spike-new-architecture
+```
+
+**Workflow:**
+1. Experiment freely in the worktree — break things, try approaches
+2. If the experiment succeeds: commit, create PR
+3. If it fails: exit the session → Claude auto-removes the worktree (no changes kept)
+4. Main checkout is untouched regardless of outcome
+
+**When to use:** Evaluating whether an approach works before committing to it. Especially useful for refactors that touch many files.
+
+---
+
+## Pattern 3: Agent Swarm
+
+Multiple Claude Code sessions working in parallel, each in their own worktree.
+
+**Setup (manual):**
+```bash
+# Terminal 1
+claude --worktree feature-auth --tmux
+
+# Terminal 2
+claude --worktree feature-search --tmux
+
+# Terminal 3
+claude --worktree fix-tests --tmux
+```
+
+**Setup (via agent teams):**
+Agents with `isolation: worktree` in their frontmatter (refactorer, test-writer, migrator, documenter, implementer) automatically get worktrees when spawned via the `Task` tool. The lead agent coordinates, and each teammate operates in its own isolated copy.
+
+**Workflow:**
+1. Each agent/session works on independent files
+2. Changes stay isolated until explicitly merged
+3. Reduced conflict risk when file ownership is respected
+4. After each session completes, review changes via PR
+
+**When to use:** Large tasks that decompose into independent workstreams. Effective for feature builds, migrations, or test suites where each agent owns a different set of files.
+
+**File ownership rule:** Assign each parallel session/agent to a distinct set of files. Two agents editing the same file causes merge conflicts that are difficult to resolve.
+
+---
+
+## Pattern 4: Hotfix While Mid-Feature
+
+An urgent production bug arrives while deep in unfinished feature work.
+
+**Without worktrees:**
+```bash
+git stash          # hope you remember what's stashed
+git checkout main
+# fix the bug
+git checkout feature-branch
+git stash pop      # hope there are no conflicts
+```
+
+**With worktrees:**
+```bash
+claude --worktree hotfix-critical-bug
+# fix the bug in the worktree, commit, create PR
+# exit → worktree cleaned up
+# continue feature work — never interrupted
+```
+
+**When to use:** Anytime urgent work arrives while mid-task. The worktree avoids the stash-switch-pop dance entirely.
+
+---
+
+## Pattern 5: Long-Running Migration
+
+Incremental migration work spread across multiple sessions.
+
+**Setup:**
+```bash
+git worktree add /workspaces/projects/.worktrees/migrate-v2 -b migrate/v2-upgrade
+```
+
+**Workflow:**
+1. Work on the migration across multiple Claude sessions using `claude --resume`
+2. The worktree persists between sessions (not auto-cleaned because it has changes)
+3. Make incremental commits as milestones are reached
+4. When migration is complete, create PR from the worktree branch
+5. Clean up after merge
+
+**When to use:** Multi-day migrations where the work cannot be completed in a single session. Keep the worktree alive until the migration PR is merged.
+
+---
+
+## Anti-Patterns
+
+### Too Many Worktrees
+
+**Problem:** Five or more active worktrees with partially-complete work scattered across them.
+
+**Consequence:** Cognitive overhead of tracking what's where. Dependency directories (`node_modules/`, `.venv/`) duplicated across worktrees consume disk space.
+
+**Guideline:** Limit to 2-3 active worktrees. Finish and clean up before starting new ones.
+
+### Forgetting Cleanup
+
+**Problem:** Worktrees accumulate after sessions end. `git worktree list` shows stale entries.
+
+**Consequence:** Branch namespace pollution, stale references, wasted disk space.
+
+**Guideline:** Clean up worktrees as part of completing a task. Run `git worktree list` periodically. Use `git worktree prune` for stale references.
+
+### Shared State Leaks
+
+**Problem:** Operations in one worktree unexpectedly affect another.
+
+**Examples:**
+- `git stash` — the stash is shared across all worktrees
+- `git gc` — can repack objects used by other worktrees
+- `.git/config` changes — affect all worktrees
+- Global hooks — run in all worktrees
+
+**Guideline:** Avoid `git stash` in worktree workflows (use commits instead). Be cautious with global git config changes.
+
+### Editing the Same File in Multiple Worktrees
+
+**Problem:** Two worktrees modify the same file independently.
+
+**Consequence:** Merge conflict when integrating changes, requiring manual resolution.
+
+**Guideline:** Assign file ownership. Each worktree/agent edits a distinct set of files. If overlap is unavoidable, coordinate explicitly before merging.
+
+---
+
+## Worktree Lifecycle Hooks
+
+Claude Code provides `WorktreeCreate` and `WorktreeRemove` hooks for customizing worktree lifecycle behavior.
+
+### WorktreeCreate Hook
+
+Fires when a worktree is being created via `--worktree` or `isolation: "worktree"`. **Replaces** the default git worktree behavior entirely.
+
+**Input:**
+```json
+{
+  "session_id": "abc123",
+  "cwd": "/workspaces/projects/CodeForge",
+  "hook_event_name": "WorktreeCreate",
+  "name": "feature-auth"
+}
+```
+
+**Output:** Print the absolute path to the created worktree directory on stdout.
+
+**Use cases:**
+- Custom directory layout (override the default `.claude/worktrees/` path)
+- Non-git VCS (SVN, Mercurial) worktree creation
+- Post-creation setup (install dependencies, copy config files)
+
+### WorktreeRemove Hook
+
+Fires when a worktree is being removed (session exit or subagent finish). Cleanup counterpart to WorktreeCreate.
+
+**Input:**
+```json
+{
+  "session_id": "abc123",
+  "hook_event_name": "WorktreeRemove",
+  "worktree_path": "/workspaces/projects/CodeForge/.claude/worktrees/feature-auth"
+}
+```
+
+**Use cases:**
+- Custom cleanup (remove dependency directories, revoke temporary credentials)
+- Non-git VCS cleanup
+- Logging or notification on worktree removal
+
+**Configuration:** Hooks are defined in `.claude/settings.json` or `.claude/settings.local.json`:
+
+```json
+{
+  "hooks": {
+    "WorktreeCreate": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash /path/to/create-worktree.sh"
+          }
+        ]
+      }
+    ]
+  }
+}
+```

package/.devcontainer/plugins/devs-marketplace/plugins/spec-workflow/skills/spec-build/SKILL.md

@@ -74,13 +74,13 @@ Decompose work into parallel workstreams and recommend team composition using th
 
 | Spec Type | Teammates |
 |-----------|-----------|
-| Full-stack feature | researcher + test-writer + doc-writer |
+| Full-stack feature | researcher + test-writer + documenter |
 | Backend-heavy | researcher + test-writer |
 | Security-sensitive | security-auditor + test-writer |
 | Refactoring work | refactorer + test-writer |
 | Multi-service | researcher per service + test-writer |
 
-**Available specialist agents:** `architect`, `bash-exec`, `claude-guide`, `debug-logs`, `dependency-analyst`, `doc-writer`, `explorer`, `generalist`, `git-archaeologist`, `migrator`, `perf-profiler`, `refactorer`, `researcher`, `security-auditor`, `spec-writer`, `statusline-config`, `test-writer`
+**Available specialist agents:** `architect`, `bash-exec`, `claude-guide`, `debug-logs`, `dependency-analyst`, `documenter`, `explorer`, `generalist`, `git-archaeologist`, `migrator`, `perf-profiler`, `refactorer`, `researcher`, `security-auditor`, `spec-writer`, `statusline-config`, `test-writer`
 
 Use `generalist` only when no specialist matches the workstream. Hard limit: 3-5 active teammates maximum.
 

package/.devcontainer/plugins/devs-marketplace/plugins/ticket-workflow/scripts/ticket-linker.py

@@ -71,7 +71,7 @@ def fetch_ticket(number: int) -> str | None:
 
     try:
         data = json.loads(result.stdout)
-    except (json.JSONDecodeError, ValueError):
+    except json.JSONDecodeError:
         return None
 
     title = data.get("title", "(no title)")
@@ -103,7 +103,7 @@ def main():
 
     try:
         data = json.loads(raw)
-    except (json.JSONDecodeError, ValueError):
+    except json.JSONDecodeError:
         sys.exit(0)
 
     prompt = data.get("prompt", "")

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/README.md

@@ -27,7 +27,7 @@ These paths are always permitted regardless of working directory:
 
 | Path | Reason |
 |------|--------|
-| `/workspaces/.claude/` | Claude config, plans, rules |
+| `~/.claude/` | Claude config, plans, rules |
 | `/tmp/` | System temp directory |
 
 ### CWD Context Injection

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/scripts/guard-workspace-scope.py

@@ -28,9 +28,10 @@ BLACKLISTED_PREFIXES = [
 ]
 
 # Paths always allowed regardless of working directory
+_home = os.environ.get("HOME", "/home/vscode")
 ALLOWED_PREFIXES = [
-    "/workspaces/.claude/",  # Claude config, plans, rules
-    "/tmp/",                 # System scratch
+    f"{_home}/.claude/",  # Claude config, plans, rules
+    "/tmp/",  # System scratch
 ]
 
 WRITE_TOOLS = {"Write", "Edit", "NotebookEdit"}
@@ -53,27 +54,27 @@ PATH_FIELDS = {
 # ---------------------------------------------------------------------------
 WRITE_PATTERNS = [
     # --- Ported from guard-protected-bash.py ---
-    r"(?:>|>>)\s*([^\s;&|]+)",                                              # > file, >> file
-    r"\btee\s+(?:-a\s+)?([^\s;&|]+)",                                       # tee file
-    r"\b(?:cp|mv)\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                  # cp/mv src dest
+    r"(?:>>|>)\s*([^\s;&|]+)",  # >> file, > file
+    r"\btee\s+(?:-a\s+)?([^\s;&|]+)",  # tee file
+    r"\b(?:cp|mv)\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",  # cp/mv src dest
     r'\bsed\s+-i[^\s]*\s+(?:\'[^\']*\'\s+|"[^"]*"\s+|[^\s]+\s+)*([^\s;&|]+)',  # sed -i
-    r"\bcat\s+(?:<<[^\s]*\s+)?>\s*([^\s;&|]+)",                            # cat > file
+    r"\bcat\s+(?:<<[^\s]*\s+)?>\s*([^\s;&|]+)",  # cat > file
     # --- New patterns ---
-    r"\btouch\s+(?:-[^\s]+\s+)*([^\s;&|]+)",                               # touch file
-    r"\bmkdir\s+(?:-[^\s]+\s+)*([^\s;&|]+)",                               # mkdir [-p] dir
-    r"\brm\s+(?:-[^\s]+\s+)*([^\s;&|]+)",                                  # rm [-rf] path
-    r"\bln\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                         # ln [-s] src dest
-    r"\binstall\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                    # install src dest
-    r"\brsync\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                      # rsync src dest
-    r"\bchmod\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",                      # chmod mode path
-    r"\bchown\s+(?:-[^\s]+\s+)*[^\s:]+(?::[^\s]+)?\s+([^\s;&|]+)",         # chown owner[:group] path
-    r"\bdd\b[^;|&]*\bof=([^\s;&|]+)",                                      # dd of=path
-    r"\bwget\s+(?:-[^\s]+\s+)*-O\s+([^\s;&|]+)",                           # wget -O path
-    r"\bcurl\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)",                           # curl -o path
-    r"\btar\s+(?:-[^\s]+\s+)*-C\s+([^\s;&|]+)",                            # tar -C dir
-    r"\bunzip\s+(?:-[^\s]+\s+)*-d\s+([^\s;&|]+)",                          # unzip -d dir
+    r"\btouch\s+(?:-[^\s]+\s+)*([^\s;&|]+)",  # touch file
+    r"\bmkdir\s+(?:-[^\s]+\s+)*([^\s;&|]+)",  # mkdir [-p] dir
+    r"\brm\s+(?:-[^\s]+\s+)*([^\s;&|]+)",  # rm [-rf] path
+    r"\bln\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",  # ln [-s] src dest
+    r"\binstall\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",  # install src dest
+    r"\brsync\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",  # rsync src dest
+    r"\bchmod\s+(?:-[^\s]+\s+)*[^\s]+\s+([^\s;&|]+)",  # chmod mode path
+    r"\bchown\s+(?:-[^\s]+\s+)*[^\s:]+(?::[^\s]+)?\s+([^\s;&|]+)",  # chown owner[:group] path
+    r"\bdd\b[^;|&]*\bof=([^\s;&|]+)",  # dd of=path
+    r"\bwget\s+(?:-[^\s]+\s+)*-O\s+([^\s;&|]+)",  # wget -O path
+    r"\bcurl\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)",  # curl -o path
+    r"\btar\s+(?:-[^\s]+\s+)*-C\s+([^\s;&|]+)",  # tar -C dir
+    r"\bunzip\s+(?:-[^\s]+\s+)*-d\s+([^\s;&|]+)",  # unzip -d dir
     r"\b(?:gcc|g\+\+|cc|c\+\+|clang)\s+(?:-[^\s]+\s+)*-o\s+([^\s;&|]+)",  # gcc -o out
-    r"\bsqlite3\s+([^\s;&|]+)",                                            # sqlite3 dbpath
+    r"\bsqlite3\s+([^\s;&|]+)",  # sqlite3 dbpath
 ]
 
 # ---------------------------------------------------------------------------
@@ -85,15 +86,42 @@ WORKSPACE_PATH_RE = re.compile(r'/workspaces/[^\s;|&>)<\'"]+')
 # ---------------------------------------------------------------------------
 # System command exemption (Layer 1 only)
 # ---------------------------------------------------------------------------
-SYSTEM_COMMANDS = frozenset({
-    "git", "pip", "pip3", "npm", "npx", "yarn", "pnpm",
-    "apt-get", "apt", "cargo", "go", "docker", "make", "cmake",
-    "node", "python3", "python", "ruby", "gem", "bundle",
-})
+SYSTEM_COMMANDS = frozenset(
+    {
+        "git",
+        "pip",
+        "pip3",
+        "npm",
+        "npx",
+        "yarn",
+        "pnpm",
+        "apt-get",
+        "apt",
+        "cargo",
+        "go",
+        "docker",
+        "make",
+        "cmake",
+        "node",
+        "python3",
+        "python",
+        "ruby",
+        "gem",
+        "bundle",
+    }
+)
 
 SYSTEM_PATH_PREFIXES = (
-    "/usr/", "/bin/", "/sbin/", "/lib/", "/opt/",
-    "/proc/", "/sys/", "/dev/", "/var/", "/etc/",
+    "/usr/",
+    "/bin/",
+    "/sbin/",
+    "/lib/",
+    "/opt/",
+    "/proc/",
+    "/sys/",
+    "/dev/",
+    "/var/",
+    "/etc/",
 )
 
 
@@ -101,10 +129,12 @@ SYSTEM_PATH_PREFIXES = (
 # Core check functions
 # ---------------------------------------------------------------------------
 
+
 def is_blacklisted(resolved_path: str) -> bool:
     """Check if resolved_path is under a permanently blocked directory."""
-    return (resolved_path == "/workspaces/.devcontainer"
-            or resolved_path.startswith("/workspaces/.devcontainer/"))
+    return resolved_path == "/workspaces/.devcontainer" or resolved_path.startswith(
+        "/workspaces/.devcontainer/"
+    )
 
 
 def is_in_scope(resolved_path: str, cwd: str) -> bool:
@@ -134,6 +164,7 @@ def get_target_path(tool_name: str, tool_input: dict) -> str | None:
 # Bash enforcement
 # ---------------------------------------------------------------------------
 
+
 def extract_write_targets(command: str) -> list[str]:
     """Extract file paths that the command writes to (Layer 1)."""
     targets = []
@@ -156,7 +187,11 @@ def extract_primary_command(command: str) -> str:
     while i < len(tokens):
         tok = tokens[i]
         # Skip inline variable assignments: VAR=value
-        if "=" in tok and not tok.startswith("-") and tok.split("=")[0].isidentifier():
+        if (
+            "=" in tok
+            and not tok.startswith("-")
+            and tok.split("=", 1)[0].isidentifier()
+        ):
             i += 1
             continue
         # Skip sudo and its flags
@@ -242,7 +277,9 @@ def check_bash_scope(command: str, cwd: str) -> None:
             # Override: if ANY target is under /workspaces/ outside cwd → NOT exempt
             if skip_layer1:
                 for _, resolved in resolved_targets:
-                    if resolved.startswith("/workspaces/") and not is_in_scope(resolved, cwd):
+                    if resolved.startswith("/workspaces/") and not is_in_scope(
+                        resolved, cwd
+                    ):
                         skip_layer1 = False
                         break
 
@@ -272,6 +309,7 @@ def check_bash_scope(command: str, cwd: str) -> None:
 # Main
 # ---------------------------------------------------------------------------
 
+
 def main():
     try:
         input_data = json.load(sys.stdin)

package/.devcontainer/scripts/check-setup.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (c) 2026 Marcus Krueger
 # Verify CodeForge setup is working correctly
 # Run anytime with: check-setup
 
@@ -34,10 +36,10 @@ warn_check() {
 echo ""
 echo "Core:"
 check "Claude Code installed" "command -v claude"
-warn_check "Claude native binary" "[ -x ~/.local/bin/claude ] || [ -x /usr/local/bin/claude ]"
+warn_check "Claude native binary" "[ -x ~/.local/bin/claude ]"
 check "cc alias configured" "grep -q 'alias cc=' ~/.bashrc 2>/dev/null || grep -q 'alias cc=' ~/.zshrc 2>/dev/null"
-check "Config directory exists" "[ -d '${CLAUDE_CONFIG_DIR:-/workspaces/.claude}' ]"
-check "Settings file exists" "[ -f '${CLAUDE_CONFIG_DIR:-/workspaces/.claude}/settings.json' ]"
+check "Config directory exists" "[ -d '${CLAUDE_CONFIG_DIR:-$HOME/.claude}' ]"
+check "Settings file exists" "[ -f '${CLAUDE_CONFIG_DIR:-$HOME/.claude}/settings.json' ]"
 
 echo ""
 echo "Authentication:"

package/.devcontainer/scripts/preflight.sh

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (c) 2026 Marcus Krueger
+# Pre-flight check: validates a container runtime is available on the host.
+# Runs via initializeCommand BEFORE any container build/pull/start.
+
+set -euo pipefail
+
+# --- OS detection ---
+
+detect_os() {
+    if [[ -f /proc/version ]] && grep -qi 'microsoft\|wsl' /proc/version 2>/dev/null; then
+        echo "wsl"
+    elif [[ "$(uname -s)" == "Darwin" ]]; then
+        echo "macos"
+    else
+        echo "linux"
+    fi
+}
+
+# --- Timeout wrapper (macOS lacks coreutils timeout) ---
+
+run_with_timeout() {
+    local seconds="$1"
+    shift
+    if command -v timeout &>/dev/null; then
+        timeout "$seconds" "$@" &>/dev/null 2>&1
+    else
+        # Fallback for macOS: background + kill
+        "$@" &>/dev/null 2>&1 &
+        local pid=$!
+        (sleep "$seconds" && kill "$pid" 2>/dev/null) &
+        local watchdog=$!
+        if wait "$pid" 2>/dev/null; then
+            kill "$watchdog" 2>/dev/null
+            wait "$watchdog" 2>/dev/null
+            return 0
+        else
+            kill "$watchdog" 2>/dev/null
+            wait "$watchdog" 2>/dev/null
+            return 1
+        fi
+    fi
+}
+
+# --- Runtime detection ---
+
+check_runtime() {
+    local runtime="$1"
+    if ! command -v "$runtime" &>/dev/null; then
+        return 1
+    fi
+    if run_with_timeout 5 "$runtime" info; then
+        return 0
+    fi
+    return 1
+}
+
+# --- Main ---
+
+for runtime in docker podman; do
+    if check_runtime "$runtime"; then
+        exit 0
+    fi
+done
+
+# No working runtime found — determine why and advise
+
+found_binary=""
+for runtime in docker podman; do
+    if command -v "$runtime" &>/dev/null; then
+        found_binary="$runtime"
+        break
+    fi
+done
+
+HOST_OS="$(detect_os)"
+
+echo ""
+echo "╔══════════════════════════════════════════════════════════════╗"
+echo "║  CodeForge: Container runtime not available                 ║"
+echo "╚══════════════════════════════════════════════════════════════╝"
+echo ""
+
+if [[ -n "$found_binary" ]]; then
+    echo "  Found '$found_binary' but the daemon is not responding."
+    echo ""
+    case "$HOST_OS" in
+        wsl)
+            echo "  Fix: Start Docker Desktop and enable WSL 2 integration:"
+            echo "        Settings → Resources → WSL Integration"
+            ;;
+        macos)
+            echo "  Fix: Start Docker Desktop:"
+            echo "        open -a Docker"
+            ;;
+        linux)
+            echo "  Fix: Start the Docker daemon:"
+            echo "        sudo systemctl start docker"
+            ;;
+    esac
+else
+    echo "  No container runtime (docker or podman) found in PATH."
+    echo ""
+    echo "  Install Docker Desktop:"
+    echo "    https://www.docker.com/products/docker-desktop/"
+    echo ""
+    echo "  Or install Podman:"
+    echo "    https://podman.io/getting-started/installation"
+fi
+
+echo ""
+exit 1

package/.devcontainer/scripts/setup-aliases.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
+# SPDX-License-Identifier: GPL-3.0-only
+# Copyright (c) 2026 Marcus Krueger
 # Setup cc/claude/ccraw aliases for claude with local system prompt support
 #
 # Idempotent: removes the entire managed block then re-writes it fresh.
@@ -74,14 +76,14 @@ export GH_CONFIG_DIR="${GH_CONFIG_DIR:-/workspaces/.gh}"
 export LANG=en_US.UTF-8
 export LC_ALL=en_US.UTF-8
 
-# Prefer native binary over npm-installed version
-if [ -x "\$HOME/.local/bin/claude" ]; then
-    _CLAUDE_BIN="\$HOME/.local/bin/claude"
-elif [ -x /usr/local/bin/claude ]; then
-    _CLAUDE_BIN=/usr/local/bin/claude
-else
-    _CLAUDE_BIN=claude
+# Terminal color defaults — Docker sets TERM=xterm (8 colors); upgrade to 256-color
+if [ "\$TERM" = "xterm" ] || [ -z "\$TERM" ]; then
+    export TERM=xterm-256color
 fi
+export COLORTERM="\${COLORTERM:-truecolor}"
+
+# Native binary (installed by claude-code-native feature)
+_CLAUDE_BIN="\$HOME/.local/bin/claude"
 
 # ChromaTerm wrapper (if ct is installed, wrap claude through it)
 if command -v ct >/dev/null 2>&1; then
@@ -94,13 +96,14 @@ alias cc='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CL
 alias claude='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/main-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
 alias ccraw='command "\$_CLAUDE_BIN"'
 alias ccw='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/writing-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
+alias cc-orc='CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 "\$_CLAUDE_WRAP" "\$_CLAUDE_BIN" --system-prompt-file "\$CLAUDE_CONFIG_DIR/orchestrator-system-prompt.md" --permission-mode plan --allow-dangerously-skip-permissions'
 
 cc-tools() {
   echo "CodeForge Available Tools"
   echo "━━━━━━━━━━━━━━━━━━━━━━━━"
   printf "  %-20s %s\n" "COMMAND" "STATUS"
   echo "  ────────────────────────────────────"
-  for cmd in claude cc ccw ccraw ccusage ccburn claude-monitor \\
+  for cmd in claude cc ccw ccraw cc-orc ccusage ccburn claude-monitor \\
              ccms ct cargo ruff biome dprint shfmt shellcheck hadolint \\
              ast-grep tree-sitter pyright typescript-language-server \\
              agent-browser gh docker git jq tmux bun go infocmp; do
@@ -114,6 +117,7 @@ cc-tools() {
 }
 
 alias check-setup='bash ${DEVCONTAINER_SCRIPTS}/check-setup.sh'
+alias codeforge='node \${WORKSPACE_ROOT}/setup.js'
 ${BLOCK_END}
 BLOCK_EOF
 
@@ -126,5 +130,6 @@ echo "  cc          -> claude with \$CLAUDE_CONFIG_DIR/main-system-prompt.md"
 echo "  claude      -> claude with \$CLAUDE_CONFIG_DIR/main-system-prompt.md"
 echo "  ccraw       -> vanilla claude without any config"
 echo "  ccw         -> claude with \$CLAUDE_CONFIG_DIR/writing-system-prompt.md"
+echo "  cc-orc      -> claude with \$CLAUDE_CONFIG_DIR/orchestrator-system-prompt.md (delegation mode)"
 echo "  cc-tools    -> list all available CodeForge tools"
 echo "  check-setup -> verify CodeForge setup health"