oh-my-customcode 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/agents/infra-aws-expert.md +58 -4
- package/templates/.claude/skills/aws-best-practices/SKILL.md +2 -0
- package/templates/CLAUDE.md +5 -0
- package/templates/guides/aws/index.yaml +36 -2
- package/templates/manifest.json +1 -1
package/dist/cli/index.js
CHANGED
package/dist/index.js
CHANGED
package/package.json
CHANGED
|
@@ -40,10 +40,64 @@ Skills are located at: `.claude/skills/aws-best-practices/`
|
|
|
40
40
|
|
|
41
41
|
Guides are located at: `guides/aws/`
|
|
42
42
|
|
|
43
|
+
## AWS MCP Server Integration (opt-in)
|
|
44
|
+
|
|
45
|
+
The AWS MCP Server (GA) is a remote MCP server managed by AWS that provides live documentation lookup and real AWS API execution. It complements this agent's offline design/IaC role by filling two gaps: knowledge-cutoff staleness and lack of direct execution.
|
|
46
|
+
|
|
47
|
+
### Available Tools (when aws-mcp is configured)
|
|
48
|
+
|
|
49
|
+
| Tool | Purpose | Privilege level |
|
|
50
|
+
|------|---------|----------------|
|
|
51
|
+
| `search_documentation` | Full-text search across latest AWS docs and best practices | Read-only, safe |
|
|
52
|
+
| `read_documentation` | Fetch a specific AWS documentation page | Read-only, safe |
|
|
53
|
+
| `call_aws` | Execute 15,000+ AWS API operations using existing IAM credentials | **HIGH — can create/modify/delete resources** |
|
|
54
|
+
| `run_script` | Run sandboxed Python with IAM permissions (no network/filesystem access) | Sandboxed, IAM-scoped |
|
|
55
|
+
|
|
56
|
+
### Usage Guidelines
|
|
57
|
+
|
|
58
|
+
When aws-mcp is available, prioritize live documentation over static knowledge:
|
|
59
|
+
|
|
60
|
+
1. Use `search_documentation` / `read_documentation` first to verify current AWS API syntax, service limits, and best practices before designing or reviewing architecture.
|
|
61
|
+
2. Use `call_aws` only when the user explicitly requests real AWS operations (describe, create, modify, delete). Default to IaC code generation (CloudFormation/CDK/Terraform) for infrastructure changes.
|
|
62
|
+
3. Use `run_script` for AWS data analysis or resource audits that benefit from programmatic processing.
|
|
63
|
+
|
|
64
|
+
### R010/R001 Privileged-Scope Boundary (IMPORTANT)
|
|
65
|
+
|
|
66
|
+
`call_aws` can create, modify, and delete real AWS resources — it is a high-privilege execution tool.
|
|
67
|
+
|
|
68
|
+
**Required boundary for any `call_aws` operation:**
|
|
69
|
+
|
|
70
|
+
- (a) Orchestrator MUST NOT call `call_aws` directly — delegate ALL AWS API execution to this infra-aws-expert agent (R010).
|
|
71
|
+
- (b) The delegation prompt MUST explicitly state: approved actions, forbidden actions (e.g., "do NOT delete resources", "do NOT modify production"), and the authorization scope tied to the user request (R010 Pre-Delegation Privileged-Scope Boundary).
|
|
72
|
+
- (c) Prefer IAM-scoped read-only access (Describe*/List* operations) by default. Write/delete operations require explicit user approval per invocation.
|
|
73
|
+
- (d) NEVER echo IAM credentials, access keys, or secret values into the transcript or output (R001). Reference by name only.
|
|
74
|
+
- (e) Prefer read-only verification (`describe-*`, `list-*`) before any write operation to confirm target state.
|
|
75
|
+
|
|
76
|
+
### Activation (opt-in, user-manual)
|
|
77
|
+
|
|
78
|
+
R001 prohibits auto-installation. The user must install manually:
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
`mcp-proxy-for-aws` bridges IAM credentials to MCP OAuth. Regional availability: US East (us-east-1), Europe (eu-central-1). AWS API calls are possible in all regions.
|
|
85
|
+
|
|
86
|
+
Once installed, add `aws-mcp` to the agent's `mcpServers` in `.mcp.json` or the agent frontmatter to activate. Without installation, this agent falls back to the offline `aws-best-practices` skill and `guides/aws/` documents.
|
|
87
|
+
|
|
88
|
+
### Security Features
|
|
89
|
+
|
|
90
|
+
- IAM context key-based granular access control
|
|
91
|
+
- CloudWatch `AWS-MCP` namespace separates agent calls from human calls
|
|
92
|
+
- CloudTrail audit trail for all `call_aws` operations
|
|
93
|
+
- Sandboxed script execution (no network or filesystem access)
|
|
94
|
+
|
|
43
95
|
## Workflow
|
|
44
96
|
|
|
45
97
|
1. Understand requirements
|
|
46
|
-
2.
|
|
47
|
-
3.
|
|
48
|
-
4.
|
|
49
|
-
5.
|
|
98
|
+
2. If aws-mcp is available, use `search_documentation` to verify current AWS documentation for the relevant service
|
|
99
|
+
3. Apply aws-best-practices skill for offline patterns and Well-Architected guidance
|
|
100
|
+
4. Reference aws guide for specifics
|
|
101
|
+
5. Design/review architecture — prefer IaC code generation over live `call_aws` unless user explicitly requests real execution
|
|
102
|
+
6. If real AWS operations are needed, confirm scope with user, then use `call_aws` within approved boundary
|
|
103
|
+
7. Ensure security, scalability, cost optimization
|
|
@@ -9,6 +9,8 @@ user-invocable: false
|
|
|
9
9
|
|
|
10
10
|
Apply AWS patterns for building scalable, secure, and cost-effective cloud infrastructure.
|
|
11
11
|
|
|
12
|
+
> **Offline core vs. live documentation**: This skill provides static Well-Architected patterns that work without credentials or network access — the always-available baseline. For real-time AWS documentation, current API syntax, and up-to-date best practices (resolving knowledge-cutoff gaps), use the AWS MCP Server's `search_documentation` / `read_documentation` tools when installed. The two sources are complementary: static patterns for structural guidance; live docs for current specifics. Installation is user-manual (R001 auto-install prohibited) — see `infra-aws-expert` agent for setup instructions.
|
|
13
|
+
|
|
12
14
|
## Well-Architected Framework Pillars
|
|
13
15
|
|
|
14
16
|
### 1. Operational Excellence
|
package/templates/CLAUDE.md
CHANGED
|
@@ -243,6 +243,7 @@ Claude Code의 Agent Teams 기능이 활성화되어 있으면 (`CLAUDE_CODE_EXP
|
|
|
243
243
|
|------|------|
|
|
244
244
|
| code-review-graph | Token-efficient AST 기반 context retrieval (8.2× 토큰 절감) — wrapper: `crg-integration` 스킬 (#1171) |
|
|
245
245
|
| semble | Semantic code search via embeddings (98% 토큰 절감, NDCG@10=0.854) — wrapper: `semble-integration` 스킬 (#1173) |
|
|
246
|
+
| aws-mcp | AWS 서비스 인증 접근 — call_aws(15,000+ API 실행), search_documentation/read_documentation(실시간 AWS 문서), run_script(샌드박스). 고특권 실행은 infra-aws-expert 위임 + R010/R001 특권경계 |
|
|
246
247
|
|
|
247
248
|
### 설치 명령어
|
|
248
249
|
|
|
@@ -263,6 +264,10 @@ pipx install code-review-graph
|
|
|
263
264
|
uv tool install semble
|
|
264
265
|
claude mcp add semble -- semble mcp
|
|
265
266
|
# 또는 .mcp.json 수동 편집 (R001 auto-install 금지)
|
|
267
|
+
|
|
268
|
+
# AWS MCP 서버 (IAM 인증 필요, 수동 설치 — R001 auto-install 금지)
|
|
269
|
+
claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
|
|
270
|
+
# 사전요건: AWS IAM 자격증명 구성. 가용 리전: us-east-1, eu-central-1 (API 호출은 전 리전)
|
|
266
271
|
```
|
|
267
272
|
|
|
268
273
|
<!-- omcustom:git-workflow -->
|
|
@@ -12,15 +12,49 @@ source:
|
|
|
12
12
|
- https://docs.aws.amazon.com/
|
|
13
13
|
- https://aws.amazon.com/architecture/
|
|
14
14
|
last_fetched: "2026-01-22"
|
|
15
|
+
note: >
|
|
16
|
+
Static documents below were last fetched 2026-01-22 and may be stale.
|
|
17
|
+
For current AWS documentation, use the AWS MCP Server (mcp_server section below)
|
|
18
|
+
which provides real-time lookup with no knowledge-cutoff limitation.
|
|
19
|
+
|
|
20
|
+
mcp_server:
|
|
21
|
+
name: aws-mcp
|
|
22
|
+
type: remote
|
|
23
|
+
managed_by: AWS
|
|
24
|
+
endpoint: https://aws-mcp.us-east-1.api.aws/mcp
|
|
25
|
+
availability:
|
|
26
|
+
- us-east-1 # US East (N. Virginia)
|
|
27
|
+
- eu-central-1 # Europe (Frankfurt)
|
|
28
|
+
note: >
|
|
29
|
+
Live source — takes precedence over static documents below for current API syntax,
|
|
30
|
+
service limits, and best practices. Requires user-manual installation (R001 auto-install
|
|
31
|
+
prohibited). AWS API calls via call_aws are possible in all regions regardless of
|
|
32
|
+
MCP endpoint region.
|
|
33
|
+
tools:
|
|
34
|
+
- name: search_documentation
|
|
35
|
+
description: Full-text search across latest AWS docs and best practices (read-only, safe)
|
|
36
|
+
- name: read_documentation
|
|
37
|
+
description: Fetch a specific AWS documentation page (read-only, safe)
|
|
38
|
+
- name: call_aws
|
|
39
|
+
description: >
|
|
40
|
+
Execute 15,000+ AWS API operations using existing IAM credentials.
|
|
41
|
+
HIGH PRIVILEGE — can create/modify/delete resources. Delegate to infra-aws-expert
|
|
42
|
+
only; orchestrator must NOT call directly (R010). Requires explicit user approval
|
|
43
|
+
for write/delete operations. IAM credentials must not be echoed to transcript (R001).
|
|
44
|
+
- name: run_script
|
|
45
|
+
description: Run sandboxed Python with IAM permissions (no network/filesystem access)
|
|
46
|
+
install_command: >
|
|
47
|
+
claude mcp add-json aws-mcp --scope user
|
|
48
|
+
'{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
|
|
15
49
|
|
|
16
50
|
documents:
|
|
17
51
|
- name: well-architected
|
|
18
52
|
path: ./well-architected.md
|
|
19
|
-
description: AWS Well-Architected Framework summary
|
|
53
|
+
description: AWS Well-Architected Framework summary (static, last_fetched 2026-01-22)
|
|
20
54
|
|
|
21
55
|
- name: common-patterns
|
|
22
56
|
path: ./common-patterns.md
|
|
23
|
-
description: Common AWS architecture patterns
|
|
57
|
+
description: Common AWS architecture patterns (static, last_fetched 2026-01-22)
|
|
24
58
|
|
|
25
59
|
used_by:
|
|
26
60
|
- infra-aws-expert
|
package/templates/manifest.json
CHANGED