oh-my-customcode 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js CHANGED
@@ -241,7 +241,7 @@ var init_package = __esm(() => {
241
241
  workspaces: [
242
242
  "packages/*"
243
243
  ],
244
- version: "1.0.5",
244
+ version: "1.0.6",
245
245
  description: "Batteries-included agent harness for Claude Code",
246
246
  type: "module",
247
247
  bin: {
package/dist/index.js CHANGED
@@ -2031,7 +2031,7 @@ var package_default = {
2031
2031
  workspaces: [
2032
2032
  "packages/*"
2033
2033
  ],
2034
- version: "1.0.5",
2034
+ version: "1.0.6",
2035
2035
  description: "Batteries-included agent harness for Claude Code",
2036
2036
  type: "module",
2037
2037
  bin: {
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "workspaces": [
4
4
  "packages/*"
5
5
  ],
6
- "version": "1.0.5",
6
+ "version": "1.0.6",
7
7
  "description": "Batteries-included agent harness for Claude Code",
8
8
  "type": "module",
9
9
  "bin": {
@@ -40,10 +40,64 @@ Skills are located at: `.claude/skills/aws-best-practices/`
40
40
 
41
41
  Guides are located at: `guides/aws/`
42
42
 
43
+ ## AWS MCP Server Integration (opt-in)
44
+
45
+ The AWS MCP Server (GA) is a remote MCP server managed by AWS that provides live documentation lookup and real AWS API execution. It complements this agent's offline design/IaC role by filling two gaps: knowledge-cutoff staleness and lack of direct execution.
46
+
47
+ ### Available Tools (when aws-mcp is configured)
48
+
49
+ | Tool | Purpose | Privilege level |
50
+ |------|---------|----------------|
51
+ | `search_documentation` | Full-text search across latest AWS docs and best practices | Read-only, safe |
52
+ | `read_documentation` | Fetch a specific AWS documentation page | Read-only, safe |
53
+ | `call_aws` | Execute 15,000+ AWS API operations using existing IAM credentials | **HIGH — can create/modify/delete resources** |
54
+ | `run_script` | Run sandboxed Python with IAM permissions (no network/filesystem access) | Sandboxed, IAM-scoped |
55
+
56
+ ### Usage Guidelines
57
+
58
+ When aws-mcp is available, prioritize live documentation over static knowledge:
59
+
60
+ 1. Use `search_documentation` / `read_documentation` first to verify current AWS API syntax, service limits, and best practices before designing or reviewing architecture.
61
+ 2. Use `call_aws` only when the user explicitly requests real AWS operations (describe, create, modify, delete). Default to IaC code generation (CloudFormation/CDK/Terraform) for infrastructure changes.
62
+ 3. Use `run_script` for AWS data analysis or resource audits that benefit from programmatic processing.
63
+
64
+ ### R010/R001 Privileged-Scope Boundary (IMPORTANT)
65
+
66
+ `call_aws` can create, modify, and delete real AWS resources — it is a high-privilege execution tool.
67
+
68
+ **Required boundary for any `call_aws` operation:**
69
+
70
+ - (a) Orchestrator MUST NOT call `call_aws` directly — delegate ALL AWS API execution to this infra-aws-expert agent (R010).
71
+ - (b) The delegation prompt MUST explicitly state: approved actions, forbidden actions (e.g., "do NOT delete resources", "do NOT modify production"), and the authorization scope tied to the user request (R010 Pre-Delegation Privileged-Scope Boundary).
72
+ - (c) Prefer IAM-scoped read-only access (Describe*/List* operations) by default. Write/delete operations require explicit user approval per invocation.
73
+ - (d) NEVER echo IAM credentials, access keys, or secret values into the transcript or output (R001). Reference by name only.
74
+ - (e) Prefer read-only verification (`describe-*`, `list-*`) before any write operation to confirm target state.
75
+
76
+ ### Activation (opt-in, user-manual)
77
+
78
+ R001 prohibits auto-installation. The user must install manually:
79
+
80
+ ```bash
81
+ claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
82
+ ```
83
+
84
+ `mcp-proxy-for-aws` bridges IAM credentials to MCP OAuth. Regional availability: US East (us-east-1), Europe (eu-central-1). AWS API calls are possible in all regions.
85
+
86
+ Once installed, add `aws-mcp` to the agent's `mcpServers` in `.mcp.json` or the agent frontmatter to activate. Without installation, this agent falls back to the offline `aws-best-practices` skill and `guides/aws/` documents.
87
+
88
+ ### Security Features
89
+
90
+ - IAM context key-based granular access control
91
+ - CloudWatch `AWS-MCP` namespace separates agent calls from human calls
92
+ - CloudTrail audit trail for all `call_aws` operations
93
+ - Sandboxed script execution (no network or filesystem access)
94
+
43
95
  ## Workflow
44
96
 
45
97
  1. Understand requirements
46
- 2. Apply aws-best-practices skill
47
- 3. Reference aws guide for specifics
48
- 4. Design/review architecture
49
- 5. Ensure security, scalability, cost optimization
98
+ 2. If aws-mcp is available, use `search_documentation` to verify current AWS documentation for the relevant service
99
+ 3. Apply aws-best-practices skill for offline patterns and Well-Architected guidance
100
+ 4. Reference aws guide for specifics
101
+ 5. Design/review architecture prefer IaC code generation over live `call_aws` unless user explicitly requests real execution
102
+ 6. If real AWS operations are needed, confirm scope with user, then use `call_aws` within approved boundary
103
+ 7. Ensure security, scalability, cost optimization
@@ -9,6 +9,8 @@ user-invocable: false
9
9
 
10
10
  Apply AWS patterns for building scalable, secure, and cost-effective cloud infrastructure.
11
11
 
12
+ > **Offline core vs. live documentation**: This skill provides static Well-Architected patterns that work without credentials or network access — the always-available baseline. For real-time AWS documentation, current API syntax, and up-to-date best practices (resolving knowledge-cutoff gaps), use the AWS MCP Server's `search_documentation` / `read_documentation` tools when installed. The two sources are complementary: static patterns for structural guidance; live docs for current specifics. Installation is user-manual (R001 auto-install prohibited) — see `infra-aws-expert` agent for setup instructions.
13
+
12
14
  ## Well-Architected Framework Pillars
13
15
 
14
16
  ### 1. Operational Excellence
@@ -243,6 +243,7 @@ Claude Code의 Agent Teams 기능이 활성화되어 있으면 (`CLAUDE_CODE_EXP
243
243
  |------|------|
244
244
  | code-review-graph | Token-efficient AST 기반 context retrieval (8.2× 토큰 절감) — wrapper: `crg-integration` 스킬 (#1171) |
245
245
  | semble | Semantic code search via embeddings (98% 토큰 절감, NDCG@10=0.854) — wrapper: `semble-integration` 스킬 (#1173) |
246
+ | aws-mcp | AWS 서비스 인증 접근 — call_aws(15,000+ API 실행), search_documentation/read_documentation(실시간 AWS 문서), run_script(샌드박스). 고특권 실행은 infra-aws-expert 위임 + R010/R001 특권경계 |
246
247
 
247
248
  ### 설치 명령어
248
249
 
@@ -263,6 +264,10 @@ pipx install code-review-graph
263
264
  uv tool install semble
264
265
  claude mcp add semble -- semble mcp
265
266
  # 또는 .mcp.json 수동 편집 (R001 auto-install 금지)
267
+
268
+ # AWS MCP 서버 (IAM 인증 필요, 수동 설치 — R001 auto-install 금지)
269
+ claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
270
+ # 사전요건: AWS IAM 자격증명 구성. 가용 리전: us-east-1, eu-central-1 (API 호출은 전 리전)
266
271
  ```
267
272
 
268
273
  <!-- omcustom:git-workflow -->
@@ -12,15 +12,49 @@ source:
12
12
  - https://docs.aws.amazon.com/
13
13
  - https://aws.amazon.com/architecture/
14
14
  last_fetched: "2026-01-22"
15
+ note: >
16
+ Static documents below were last fetched 2026-01-22 and may be stale.
17
+ For current AWS documentation, use the AWS MCP Server (mcp_server section below)
18
+ which provides real-time lookup with no knowledge-cutoff limitation.
19
+
20
+ mcp_server:
21
+ name: aws-mcp
22
+ type: remote
23
+ managed_by: AWS
24
+ endpoint: https://aws-mcp.us-east-1.api.aws/mcp
25
+ availability:
26
+ - us-east-1 # US East (N. Virginia)
27
+ - eu-central-1 # Europe (Frankfurt)
28
+ note: >
29
+ Live source — takes precedence over static documents below for current API syntax,
30
+ service limits, and best practices. Requires user-manual installation (R001 auto-install
31
+ prohibited). AWS API calls via call_aws are possible in all regions regardless of
32
+ MCP endpoint region.
33
+ tools:
34
+ - name: search_documentation
35
+ description: Full-text search across latest AWS docs and best practices (read-only, safe)
36
+ - name: read_documentation
37
+ description: Fetch a specific AWS documentation page (read-only, safe)
38
+ - name: call_aws
39
+ description: >
40
+ Execute 15,000+ AWS API operations using existing IAM credentials.
41
+ HIGH PRIVILEGE — can create/modify/delete resources. Delegate to infra-aws-expert
42
+ only; orchestrator must NOT call directly (R010). Requires explicit user approval
43
+ for write/delete operations. IAM credentials must not be echoed to transcript (R001).
44
+ - name: run_script
45
+ description: Run sandboxed Python with IAM permissions (no network/filesystem access)
46
+ install_command: >
47
+ claude mcp add-json aws-mcp --scope user
48
+ '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
15
49
 
16
50
  documents:
17
51
  - name: well-architected
18
52
  path: ./well-architected.md
19
- description: AWS Well-Architected Framework summary
53
+ description: AWS Well-Architected Framework summary (static, last_fetched 2026-01-22)
20
54
 
21
55
  - name: common-patterns
22
56
  path: ./common-patterns.md
23
- description: Common AWS architecture patterns
57
+ description: Common AWS architecture patterns (static, last_fetched 2026-01-22)
24
58
 
25
59
  used_by:
26
60
  - infra-aws-expert
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.0.5",
2
+ "version": "1.0.6",
3
3
  "lastUpdated": "2026-05-20T00:00:00.000Z",
4
4
  "omcustomMinClaudeCode": "2.1.121",
5
5
  "omcustomMinClaudeCodeReason": "Sensitive-path direct Write/Edit on .claude/** under bypassPermissions (R010 deprecation, #1101)",