oh-my-customcode 1.0.5 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +1 -1
- package/dist/index.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/agents/infra-aws-expert.md +58 -4
- package/templates/.claude/rules/MUST-agent-design.md +2 -0
- package/templates/.claude/rules/MUST-orchestrator-coordination.md +2 -0
- package/templates/.claude/rules/MUST-tool-identification.md +2 -0
- package/templates/.claude/rules/SHOULD-hud-statusline.md +4 -0
- package/templates/.claude/skills/aws-best-practices/SKILL.md +2 -0
- package/templates/CLAUDE.md +5 -0
- package/templates/guides/aws/index.yaml +36 -2
- package/templates/manifest.json +1 -1
package/dist/cli/index.js
CHANGED
package/dist/index.js
CHANGED
package/package.json
CHANGED
|
@@ -40,10 +40,64 @@ Skills are located at: `.claude/skills/aws-best-practices/`
|
|
|
40
40
|
|
|
41
41
|
Guides are located at: `guides/aws/`
|
|
42
42
|
|
|
43
|
+
## AWS MCP Server Integration (opt-in)
|
|
44
|
+
|
|
45
|
+
The AWS MCP Server (GA) is a remote MCP server managed by AWS that provides live documentation lookup and real AWS API execution. It complements this agent's offline design/IaC role by filling two gaps: knowledge-cutoff staleness and lack of direct execution.
|
|
46
|
+
|
|
47
|
+
### Available Tools (when aws-mcp is configured)
|
|
48
|
+
|
|
49
|
+
| Tool | Purpose | Privilege level |
|
|
50
|
+
|------|---------|----------------|
|
|
51
|
+
| `search_documentation` | Full-text search across latest AWS docs and best practices | Read-only, safe |
|
|
52
|
+
| `read_documentation` | Fetch a specific AWS documentation page | Read-only, safe |
|
|
53
|
+
| `call_aws` | Execute 15,000+ AWS API operations using existing IAM credentials | **HIGH — can create/modify/delete resources** |
|
|
54
|
+
| `run_script` | Run sandboxed Python with IAM permissions (no network/filesystem access) | Sandboxed, IAM-scoped |
|
|
55
|
+
|
|
56
|
+
### Usage Guidelines
|
|
57
|
+
|
|
58
|
+
When aws-mcp is available, prioritize live documentation over static knowledge:
|
|
59
|
+
|
|
60
|
+
1. Use `search_documentation` / `read_documentation` first to verify current AWS API syntax, service limits, and best practices before designing or reviewing architecture.
|
|
61
|
+
2. Use `call_aws` only when the user explicitly requests real AWS operations (describe, create, modify, delete). Default to IaC code generation (CloudFormation/CDK/Terraform) for infrastructure changes.
|
|
62
|
+
3. Use `run_script` for AWS data analysis or resource audits that benefit from programmatic processing.
|
|
63
|
+
|
|
64
|
+
### R010/R001 Privileged-Scope Boundary (IMPORTANT)
|
|
65
|
+
|
|
66
|
+
`call_aws` can create, modify, and delete real AWS resources — it is a high-privilege execution tool.
|
|
67
|
+
|
|
68
|
+
**Required boundary for any `call_aws` operation:**
|
|
69
|
+
|
|
70
|
+
- (a) Orchestrator MUST NOT call `call_aws` directly — delegate ALL AWS API execution to this infra-aws-expert agent (R010).
|
|
71
|
+
- (b) The delegation prompt MUST explicitly state: approved actions, forbidden actions (e.g., "do NOT delete resources", "do NOT modify production"), and the authorization scope tied to the user request (R010 Pre-Delegation Privileged-Scope Boundary).
|
|
72
|
+
- (c) Prefer IAM-scoped read-only access (Describe*/List* operations) by default. Write/delete operations require explicit user approval per invocation.
|
|
73
|
+
- (d) NEVER echo IAM credentials, access keys, or secret values into the transcript or output (R001). Reference by name only.
|
|
74
|
+
- (e) Prefer read-only verification (`describe-*`, `list-*`) before any write operation to confirm target state.
|
|
75
|
+
|
|
76
|
+
### Activation (opt-in, user-manual)
|
|
77
|
+
|
|
78
|
+
R001 prohibits auto-installation. The user must install manually:
|
|
79
|
+
|
|
80
|
+
```bash
|
|
81
|
+
claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
`mcp-proxy-for-aws` bridges IAM credentials to MCP OAuth. Regional availability: US East (us-east-1), Europe (eu-central-1). AWS API calls are possible in all regions.
|
|
85
|
+
|
|
86
|
+
Once installed, add `aws-mcp` to the agent's `mcpServers` in `.mcp.json` or the agent frontmatter to activate. Without installation, this agent falls back to the offline `aws-best-practices` skill and `guides/aws/` documents.
|
|
87
|
+
|
|
88
|
+
### Security Features
|
|
89
|
+
|
|
90
|
+
- IAM context key-based granular access control
|
|
91
|
+
- CloudWatch `AWS-MCP` namespace separates agent calls from human calls
|
|
92
|
+
- CloudTrail audit trail for all `call_aws` operations
|
|
93
|
+
- Sandboxed script execution (no network or filesystem access)
|
|
94
|
+
|
|
43
95
|
## Workflow
|
|
44
96
|
|
|
45
97
|
1. Understand requirements
|
|
46
|
-
2.
|
|
47
|
-
3.
|
|
48
|
-
4.
|
|
49
|
-
5.
|
|
98
|
+
2. If aws-mcp is available, use `search_documentation` to verify current AWS documentation for the relevant service
|
|
99
|
+
3. Apply aws-best-practices skill for offline patterns and Well-Architected guidance
|
|
100
|
+
4. Reference aws guide for specifics
|
|
101
|
+
5. Design/review architecture — prefer IaC code generation over live `call_aws` unless user explicitly requests real execution
|
|
102
|
+
6. If real AWS operations are needed, confirm scope with user, then use `call_aws` within approved boundary
|
|
103
|
+
7. Ensure security, scalability, cost optimization
|
|
@@ -48,6 +48,8 @@ This is a settings-level resilience mechanism, distinct from the per-agent `mode
|
|
|
48
48
|
|
|
49
49
|
> **v2.1.172+**: `availableModels` restrictions now apply to subagent `model:` overrides, the agent dispatch model picker, and the advisor model. `availableModels` allowlists using version-specific IDs (e.g. `claude-opus-4-8`) no longer hide the Opus/Sonnet 1M picker rows, and model IDs no longer receive a doubled 1M suffix (`[1M][1m]`) when `ANTHROPIC_DEFAULT_OPUS_MODEL` already includes one. Relevant when restricting per-agent model overrides via `availableModels`.
|
|
50
50
|
|
|
51
|
+
> **v2.1.175+**: The `enforceAvailableModels` managed setting — when enabled, the `availableModels` allowlist also constrains the **Default** model: a Default that would resolve to a disallowed model now falls back to the first allowed model, and user or project settings can no longer widen a managed `availableModels` list. Extends the v2.1.172 `availableModels` scope (subagent `model:` overrides, dispatch picker, advisor model) to the Default model itself. Relevant when an enterprise/managed config pins the allowed model set — per-agent `model:` overrides AND the resolved Default both honor it.
|
|
52
|
+
|
|
51
53
|
### Optional Frontmatter
|
|
52
54
|
|
|
53
55
|
Key optional fields: `memory`, `effort`, `skills`, `soul`, `isolation`, `background`, `maxTurns`, `maxTokens`, `mcpServers`, `hooks`, `permissionMode`, `disallowedTools`, `limitations`, `domain`, `disableSkillShellExecution`. Supported since CC v2.1.63+. See full optional frontmatter via Read tool.
|
|
@@ -317,6 +317,8 @@ Before spawning any agent:
|
|
|
317
317
|
|
|
318
318
|
> **v2.1.172+**: Fixed background agents potentially reading another directory's project settings (`.mcp.json` approvals, trust) when dispatched onto a pre-warmed worker. Strengthens background-agent isolation — a `/bg`-dispatched agent now reads the correct project's settings.
|
|
319
319
|
|
|
320
|
+
> **v2.1.174+**: Fixed background sessions inheriting another session's `ANTHROPIC_*` provider env (gateway URL, custom headers, `/model` aliases) from the shell that started the background daemon. Further strengthens background-agent isolation (cf. v2.1.172 project-settings isolation): a `/bg`-dispatched agent no longer picks up a foreign session's provider configuration. Also fixed pre-warmed background workers failing with "Could not resolve authentication method" when claimed after sitting idle. `mode: "bypassPermissions"` on every Agent tool call remains required regardless.
|
|
321
|
+
|
|
320
322
|
## Agent Capability Pre-Check
|
|
321
323
|
|
|
322
324
|
Before delegating a task to a subagent, MUST verify the target agent's tool capabilities against the task requirements. Failure to pre-check causes round-trip waste (delegation → failure → re-delegation).
|
|
@@ -92,6 +92,8 @@ matches the spawn announcement:
|
|
|
92
92
|
[2] lang-python-expert:sonnet → Python code review
|
|
93
93
|
```
|
|
94
94
|
|
|
95
|
+
> **v2.1.174+**: Fixed the Workflow tool's `agent()` subagents missing per-agent attribution headers. Workflow-spawned subagents now carry attribution consistent with R008 — when authoring Workflow scripts, each `agent()` call is attributed like a direct Agent tool spawn. Align Workflow orchestration with the R008 `[agent][model] → Tool:` identification discipline: a Workflow `agent()` fan-out should still be reasoned about with the same per-agent identification model as parallel Agent tool spawns.
|
|
96
|
+
|
|
95
97
|
## Tier-3 Interaction Tool Prefix (MANDATORY)
|
|
96
98
|
|
|
97
99
|
R008 "every tool call" applies to Tier-3 interaction tools too — NOT only file/exec tools. Applying the `[agent][model] → Tool:` prefix to Agent/Bash/Read while omitting it on `AskUserQuestion`, `TodoWrite`, `EnterPlanMode`, etc. is a violation.
|
|
@@ -21,6 +21,10 @@ Format: `─── [Spawn] {subagent_type}:{model} | {description} ───`
|
|
|
21
21
|
|
|
22
22
|
> **v2.1.161+**: `OTEL_RESOURCE_ATTRIBUTES` values are now emitted as labels on metric datapoints — usage metrics can be sliced by custom dimensions (e.g., team, repo). Extends R012 observability from per-tool parameters (v2.1.157) to per-dimension metric slicing; configure via the `monitoring-setup` skill's `OTEL_RESOURCE_ATTRIBUTES` env. Separately, `claude agents` rows now show `done/total` progress before the detail when work is fanned out, and peek surfaces the longest-running item — complements the HUD parallel-spawn display and R009 `[N]` correlation.
|
|
23
23
|
|
|
24
|
+
> **v2.1.174+**: The `/usage` (Account & usage) dialog now shows usage attribution — cache misses, long context, subagents, and per-skill/agent/plugin/MCP breakdowns over the last 24h or 7d (surfaced in the VSCode integration). Extends R012 observability from OTEL metric slicing (v2.1.161) to an interactive in-client attribution view — complements the `monitoring-setup` skill by giving per-skill/agent/plugin/MCP cost visibility without standing up an OTEL backend.
|
|
25
|
+
|
|
26
|
+
> **v2.1.176+**: Added the `footerLinksRegexes` setting — regex-matched link badges rendered in the footer row, configurable via user or managed settings. Relevant to R012 statusline composition: the footer can now surface contextual link badges alongside the `.claude/statusline.sh` segments. Also in v2.1.176, session titles are generated in the conversation's language (pin via the `language` setting).
|
|
27
|
+
|
|
24
28
|
> **v2.1.172+**: Added a `model` attribute to the `claude_code.lines_of_code.count` OTEL metric — lines-of-code telemetry can now be sliced by model. Extends the per-dimension metric slicing (v2.1.161) in the `monitoring-setup` skill.
|
|
25
29
|
|
|
26
30
|
<!-- DETAIL: HUD Events full spec
|
|
@@ -9,6 +9,8 @@ user-invocable: false
|
|
|
9
9
|
|
|
10
10
|
Apply AWS patterns for building scalable, secure, and cost-effective cloud infrastructure.
|
|
11
11
|
|
|
12
|
+
> **Offline core vs. live documentation**: This skill provides static Well-Architected patterns that work without credentials or network access — the always-available baseline. For real-time AWS documentation, current API syntax, and up-to-date best practices (resolving knowledge-cutoff gaps), use the AWS MCP Server's `search_documentation` / `read_documentation` tools when installed. The two sources are complementary: static patterns for structural guidance; live docs for current specifics. Installation is user-manual (R001 auto-install prohibited) — see `infra-aws-expert` agent for setup instructions.
|
|
13
|
+
|
|
12
14
|
## Well-Architected Framework Pillars
|
|
13
15
|
|
|
14
16
|
### 1. Operational Excellence
|
package/templates/CLAUDE.md
CHANGED
|
@@ -243,6 +243,7 @@ Claude Code의 Agent Teams 기능이 활성화되어 있으면 (`CLAUDE_CODE_EXP
|
|
|
243
243
|
|------|------|
|
|
244
244
|
| code-review-graph | Token-efficient AST 기반 context retrieval (8.2× 토큰 절감) — wrapper: `crg-integration` 스킬 (#1171) |
|
|
245
245
|
| semble | Semantic code search via embeddings (98% 토큰 절감, NDCG@10=0.854) — wrapper: `semble-integration` 스킬 (#1173) |
|
|
246
|
+
| aws-mcp | AWS 서비스 인증 접근 — call_aws(15,000+ API 실행), search_documentation/read_documentation(실시간 AWS 문서), run_script(샌드박스). 고특권 실행은 infra-aws-expert 위임 + R010/R001 특권경계 |
|
|
246
247
|
|
|
247
248
|
### 설치 명령어
|
|
248
249
|
|
|
@@ -263,6 +264,10 @@ pipx install code-review-graph
|
|
|
263
264
|
uv tool install semble
|
|
264
265
|
claude mcp add semble -- semble mcp
|
|
265
266
|
# 또는 .mcp.json 수동 편집 (R001 auto-install 금지)
|
|
267
|
+
|
|
268
|
+
# AWS MCP 서버 (IAM 인증 필요, 수동 설치 — R001 auto-install 금지)
|
|
269
|
+
claude mcp add-json aws-mcp --scope user '{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
|
|
270
|
+
# 사전요건: AWS IAM 자격증명 구성. 가용 리전: us-east-1, eu-central-1 (API 호출은 전 리전)
|
|
266
271
|
```
|
|
267
272
|
|
|
268
273
|
<!-- omcustom:git-workflow -->
|
|
@@ -12,15 +12,49 @@ source:
|
|
|
12
12
|
- https://docs.aws.amazon.com/
|
|
13
13
|
- https://aws.amazon.com/architecture/
|
|
14
14
|
last_fetched: "2026-01-22"
|
|
15
|
+
note: >
|
|
16
|
+
Static documents below were last fetched 2026-01-22 and may be stale.
|
|
17
|
+
For current AWS documentation, use the AWS MCP Server (mcp_server section below)
|
|
18
|
+
which provides real-time lookup with no knowledge-cutoff limitation.
|
|
19
|
+
|
|
20
|
+
mcp_server:
|
|
21
|
+
name: aws-mcp
|
|
22
|
+
type: remote
|
|
23
|
+
managed_by: AWS
|
|
24
|
+
endpoint: https://aws-mcp.us-east-1.api.aws/mcp
|
|
25
|
+
availability:
|
|
26
|
+
- us-east-1 # US East (N. Virginia)
|
|
27
|
+
- eu-central-1 # Europe (Frankfurt)
|
|
28
|
+
note: >
|
|
29
|
+
Live source — takes precedence over static documents below for current API syntax,
|
|
30
|
+
service limits, and best practices. Requires user-manual installation (R001 auto-install
|
|
31
|
+
prohibited). AWS API calls via call_aws are possible in all regions regardless of
|
|
32
|
+
MCP endpoint region.
|
|
33
|
+
tools:
|
|
34
|
+
- name: search_documentation
|
|
35
|
+
description: Full-text search across latest AWS docs and best practices (read-only, safe)
|
|
36
|
+
- name: read_documentation
|
|
37
|
+
description: Fetch a specific AWS documentation page (read-only, safe)
|
|
38
|
+
- name: call_aws
|
|
39
|
+
description: >
|
|
40
|
+
Execute 15,000+ AWS API operations using existing IAM credentials.
|
|
41
|
+
HIGH PRIVILEGE — can create/modify/delete resources. Delegate to infra-aws-expert
|
|
42
|
+
only; orchestrator must NOT call directly (R010). Requires explicit user approval
|
|
43
|
+
for write/delete operations. IAM credentials must not be echoed to transcript (R001).
|
|
44
|
+
- name: run_script
|
|
45
|
+
description: Run sandboxed Python with IAM permissions (no network/filesystem access)
|
|
46
|
+
install_command: >
|
|
47
|
+
claude mcp add-json aws-mcp --scope user
|
|
48
|
+
'{"command":"uvx","args":["mcp-proxy-for-aws@latest","https://aws-mcp.us-east-1.api.aws/mcp","--metadata","AWS_REGION=us-west-2"]}'
|
|
15
49
|
|
|
16
50
|
documents:
|
|
17
51
|
- name: well-architected
|
|
18
52
|
path: ./well-architected.md
|
|
19
|
-
description: AWS Well-Architected Framework summary
|
|
53
|
+
description: AWS Well-Architected Framework summary (static, last_fetched 2026-01-22)
|
|
20
54
|
|
|
21
55
|
- name: common-patterns
|
|
22
56
|
path: ./common-patterns.md
|
|
23
|
-
description: Common AWS architecture patterns
|
|
57
|
+
description: Common AWS architecture patterns (static, last_fetched 2026-01-22)
|
|
24
58
|
|
|
25
59
|
used_by:
|
|
26
60
|
- infra-aws-expert
|
package/templates/manifest.json
CHANGED