npm - sumulige-claude - Versions diffs - 1.2.1 → 1.3.1 - Mend

sumulige-claude 1.2.1 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/.claude/.kickoff-hint.txt +1 -1
package/.claude/AGENTS.md +6 -6
package/.claude/USAGE.md +175 -0
package/.claude/commands/audit.md +147 -0
package/.claude/commands/fix.md +83 -0
package/.claude/commands/gha.md +136 -0
package/.claude/commands/handoff.md +93 -0
package/.claude/commands/plan.md +88 -0
package/.claude/commands/refactor.md +102 -0
package/.claude/hooks/pre-push.cjs +3 -2
package/.claude/rules/coding-style.md +119 -0
package/.claude/rules/hooks.md +288 -0
package/.claude/rules/performance.md +78 -0
package/.claude/rules/security.md +56 -0
package/.claude/rules/testing.md +89 -0
package/.claude/settings.local.json +24 -1
package/.claude/skills/design-brain/SKILL.md +190 -0
package/.claude/skills/design-brain/metadata.yaml +26 -0
package/.claude/skills/quality-guard/SKILL.md +138 -0
package/.claude/skills/quality-guard/metadata.yaml +27 -0
package/.claude/skills/quick-fix/SKILL.md +138 -0
package/.claude/skills/quick-fix/metadata.yaml +26 -0
package/.claude/skills/test-master/SKILL.md +186 -0
package/.claude/skills/test-master/metadata.yaml +29 -0
package/AGENTS.md +25 -7
package/CHANGELOG.md +64 -3
package/README.md +57 -0
package/cli.js +4 -0
package/config/official-skills.json +1 -1
package/development/knowledge-base/.index.clean.json +1 -0
package/lib/commands.js +51 -0
package/lib/permission-audit.js +255 -0
package/package.json +1 -1
package/.claude/skills/123-skill/SKILL.md +0 -61
package/.claude/skills/123-skill/examples/basic.md +0 -3
package/.claude/skills/123-skill/metadata.yaml +0 -30
package/.claude/skills/123-skill/templates/default.md +0 -3
package/.claude/skills/api-tester/SKILL.md +0 -90
package/.claude/skills/api-tester/examples/basic.md +0 -3
package/.claude/skills/api-tester/metadata.yaml +0 -30
package/.claude/skills/api-tester/templates/default.md +0 -3
package/.claude/skills/code-reviewer-123/SKILL.md +0 -61
package/.claude/skills/code-reviewer-123/examples/basic.md +0 -3
package/.claude/skills/code-reviewer-123/metadata.yaml +0 -30
package/.claude/skills/code-reviewer-123/templates/default.md +0 -3
package/.claude/skills/my-skill/SKILL.md +0 -61
package/.claude/skills/my-skill/examples/basic.md +0 -3
package/.claude/skills/my-skill/metadata.yaml +0 -30
package/.claude/skills/my-skill/templates/default.md +0 -3
package/.claude/skills/template/SKILL.md +0 -6
package/.claude/skills/template/metadata.yaml +0 -30
package/.claude/skills/test-skill-name/SKILL.md +0 -61
package/.claude/skills/test-skill-name/examples/basic.md +0 -3
package/.claude/skills/test-skill-name/metadata.yaml +0 -30
package/.claude/skills/test-skill-name/templates/default.md +0 -3

package/lib/permission-audit.js ADDED Viewed

@@ -0,0 +1,255 @@
+/**
+ * Permission Audit - Security scanner for approved commands
+ * Inspired by cc-safe from ykdojo/claude-code-tips
+ */
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+// Dangerous patterns with severity levels
+const DANGEROUS_PATTERNS = [
+  // Critical - Must remove
+  { pattern: /rm\s+-rf\s+\/(?!\w)/, level: 'critical', desc: 'Delete root directory' },
+  { pattern: />\s*\/dev\/sd[a-z]/, level: 'critical', desc: 'Overwrite disk device' },
+  { pattern: /mkfs/, level: 'critical', desc: 'Format disk' },
+  { pattern: /dd\s+if=\/dev\/zero/, level: 'critical', desc: 'Overwrite with zeros' },
+  { pattern: /:\(\)\s*\{\s*:\|:&\s*\}\s*;:/, level: 'critical', desc: 'Fork bomb' },
+  // High - Should review
+  { pattern: /sudo/, level: 'high', desc: 'Privilege escalation' },
+  { pattern: /rm\s+-rf/, level: 'high', desc: 'Recursive force delete' },
+  { pattern: /chmod\s+777/, level: 'high', desc: 'World-writable permissions' },
+  { pattern: /--privileged/, level: 'high', desc: 'Privileged container' },
+  { pattern: /curl.*\|\s*(sh|bash)/, level: 'high', desc: 'Remote script execution' },
+  { pattern: /wget.*\|\s*(sh|bash)/, level: 'high', desc: 'Remote script execution' },
+  { pattern: /eval\s/, level: 'high', desc: 'Dynamic code execution' },
+  { pattern: /--no-verify/, level: 'high', desc: 'Skip verification hooks' },
+  // Medium - Optional review
+  { pattern: /npm\s+install\s+-g/, level: 'medium', desc: 'Global npm install' },
+  { pattern: /pip\s+install/, level: 'medium', desc: 'Python package install' },
+  { pattern: /git\s+push\s+--force/, level: 'medium', desc: 'Force push' },
+  { pattern: /git\s+reset\s+--hard/, level: 'medium', desc: 'Hard reset' },
+  { pattern: /DROP\s+(TABLE|DATABASE)/i, level: 'medium', desc: 'Drop database objects' },
+  { pattern: /TRUNCATE/i, level: 'medium', desc: 'Truncate table' },
+];
+/**
+ * Find all settings files to scan
+ */
+function findSettingsFiles(projectDir) {
+  const files = [];
+  const homeDir = os.homedir();
+  // Global settings
+  const globalSettings = path.join(homeDir, '.claude', 'settings.local.json');
+  if (fs.existsSync(globalSettings)) {
+    files.push({ path: globalSettings, scope: 'global' });
+  }
+  // Project settings
+  if (projectDir) {
+    const projectSettings = path.join(projectDir, '.claude', 'settings.local.json');
+    if (fs.existsSync(projectSettings)) {
+      files.push({ path: projectSettings, scope: 'project' });
+    }
+  }
+  // All project settings in ~/.claude/projects/
+  const projectsDir = path.join(homeDir, '.claude', 'projects');
+  if (fs.existsSync(projectsDir)) {
+    try {
+      const projects = fs.readdirSync(projectsDir);
+      for (const proj of projects) {
+        const projSettings = path.join(projectsDir, proj, 'settings.local.json');
+        if (fs.existsSync(projSettings)) {
+          files.push({ path: projSettings, scope: `project:${proj}` });
+        }
+      }
+    } catch (e) {
+      // Ignore read errors
+    }
+  }
+  return files;
+}
+/**
+ * Extract permissions from settings file
+ */
+function extractPermissions(settingsPath) {
+  try {
+    const content = fs.readFileSync(settingsPath, 'utf-8');
+    const settings = JSON.parse(content);
+    const permissions = [];
+    // Check permissions.allow array
+    if (settings.permissions?.allow) {
+      permissions.push(...settings.permissions.allow);
+    }
+    // Check allowedTools (older format)
+    if (settings.allowedTools) {
+      permissions.push(...settings.allowedTools);
+    }
+    return permissions;
+  } catch (e) {
+    return [];
+  }
+}
+/**
+ * Scan a permission string for dangerous patterns
+ */
+function scanPermission(permission) {
+  const issues = [];
+  for (const { pattern, level, desc } of DANGEROUS_PATTERNS) {
+    if (pattern.test(permission)) {
+      issues.push({ level, desc, pattern: pattern.toString(), match: permission });
+    }
+  }
+  return issues;
+}
+/**
+ * Run full audit
+ */
+function audit(options = {}) {
+  const { projectDir = process.cwd(), global: scanGlobal = true } = options;
+  const results = {
+    scanned: 0,
+    issues: {
+      critical: [],
+      high: [],
+      medium: [],
+    },
+    files: [],
+  };
+  const files = findSettingsFiles(scanGlobal ? projectDir : null);
+  results.scanned = files.length;
+  results.files = files.map(f => f.path);
+  for (const { path: filePath, scope } of files) {
+    const permissions = extractPermissions(filePath);
+    for (const perm of permissions) {
+      const issues = scanPermission(perm);
+      for (const issue of issues) {
+        const entry = {
+          ...issue,
+          file: filePath,
+          scope,
+          permission: perm,
+        };
+        results.issues[issue.level].push(entry);
+      }
+    }
+  }
+  return results;
+}
+/**
+ * Generate markdown report
+ */
+function generateReport(results) {
+  const { scanned, issues, files } = results;
+  const totalIssues = issues.critical.length + issues.high.length + issues.medium.length;
+  let report = `# Permission Audit Report
+**Date**: ${new Date().toISOString().split('T')[0]}
+**Scanned**: ${scanned} files
+**Issues**: ${totalIssues} found
+`;
+  // Critical issues
+  report += `## 🔴 Critical Issues (${issues.critical.length})\n\n`;
+  if (issues.critical.length === 0) {
+    report += 'None found.\n\n';
+  } else {
+    issues.critical.forEach((issue, i) => {
+      report += `### ${i + 1}. ${issue.desc}
+**Location**: ${issue.file}
+**Pattern**: \`${issue.permission}\`
+**Risk**: ${issue.desc}
+`;
+    });
+  }
+  // High risk
+  report += `## 🟠 High Risk (${issues.high.length})\n\n`;
+  if (issues.high.length === 0) {
+    report += 'None found.\n\n';
+  } else {
+    issues.high.forEach((issue, i) => {
+      report += `### ${i + 1}. ${issue.desc}
+**Location**: ${issue.file}
+**Pattern**: \`${issue.permission}\`
+**Risk**: ${issue.desc}
+`;
+    });
+  }
+  // Medium risk
+  report += `## 🟡 Medium Risk (${issues.medium.length})\n\n`;
+  if (issues.medium.length === 0) {
+    report += 'None found.\n\n';
+  } else {
+    issues.medium.forEach((issue, i) => {
+      report += `### ${i + 1}. ${issue.desc}
+**Location**: ${issue.file}
+**Pattern**: \`${issue.permission}\`
+`;
+    });
+  }
+  // Summary
+  report += `## Summary
+| Level | Count | Action |
+|-------|-------|--------|
+| 🔴 Critical | ${issues.critical.length} | Must remove |
+| 🟠 High | ${issues.high.length} | Should review |
+| 🟡 Medium | ${issues.medium.length} | Optional review |
+`;
+  return report;
+}
+/**
+ * Check if audit passes (for CI)
+ */
+function passes(results, options = {}) {
+  const { allowMedium = true, allowHigh = false } = options;
+  if (results.issues.critical.length > 0) return false;
+  if (!allowHigh && results.issues.high.length > 0) return false;
+  if (!allowMedium && results.issues.medium.length > 0) return false;
+  return true;
+}
+module.exports = {
+  audit,
+  generateReport,
+  passes,
+  DANGEROUS_PATTERNS,
+  findSettingsFiles,
+  extractPermissions,
+  scanPermission,
+};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "sumulige-claude",
-  "version": "1.2.1",
+  "version": "1.3.1",
   "description": "The Best Agent Harness for Claude Code",
   "main": "cli.js",
   "bin": {

package/.claude/skills/123-skill/SKILL.md DELETED Viewed

@@ -1,61 +0,0 @@
-# 123 Skill
-> 简短描述这个技能的作用（一句话）
-**版本**: 1.0.0
-**作者**: @username
-**标签**: [category1, category2]
-**难度**: 初级/中级/高级
----
-## 概述
-详细描述这个技能的功能和用途。
-## 适用场景
-- 场景 1
-- 场景 2
-- 场景 3
-## 触发关键词
-```
-keyword1, keyword2, "exact phrase"
-```
-## 使用方法
-### 基础用法
-```bash
-# 示例命令
-your-command-here
-```
-### 高级用法
-```yaml
-# 配置示例
-key: value
-```
-## 输出格式
-描述这个技能的输出结果格式。
-## 注意事项
-- 注意事项 1
-- 注意事项 2
-## 相关技能
-- [related-skill](../related-skill/)
-- [another-skill](../another-skill/)
-## 更新日志
-### 1.0.0 (YYYY-MM-DD)
-- 初始版本

package/.claude/skills/123-skill/examples/basic.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Basic Example for 123-skill
-Replace this with your actual example.

package/.claude/skills/123-skill/metadata.yaml DELETED Viewed

@@ -1,30 +0,0 @@
-# Skill Metadata
-# 这个文件定义技能的基本信息，用于自动发现和索引
-name: 123-skill
-version: 1.0.0
-author: @username
-description: 简短描述技能功能
-tags:
-  - category1
-  - category2
-triggers:
-  - keyword1
-  - keyword2
-  - "exact phrase"
-dependencies: []  # 依赖的其他技能
-difficulty: beginner  # beginner | intermediate | advanced
-# 模板文件
-templates:
-  - name: default
-    file: templates/default.md
-# 示例文件
-examples:
-  - name: basic
-    file: examples/basic.md

package/.claude/skills/123-skill/templates/default.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Default Template for 123-skill
-Replace this with your actual template.

package/.claude/skills/api-tester/SKILL.md DELETED Viewed

@@ -1,90 +0,0 @@
----
-name: api-tester
-description: API testing and HTTP request validation tool for REST/GraphQL endpoints
-see_also:
-  - mcp-builder
-  - webapp-testing
----
-# API Tester
-> Test and validate REST/GraphQL APIs with automated request/response checking
-**Version**: 1.0.0
-**Author**: sumulige
-**Tags**: [api, testing, http, rest, graphql]
-**Difficulty**: 中级
----
-## 概述
-API Tester 是一个用于测试和验证 API 接口的技能。支持 REST 和 GraphQL，可以自动检查响应状态码、数据结构和性能指标。
-## 适用场景
-- 测试 REST API 端点
-- 验证 API 响应格式
-- 检查 HTTP 状态码
-- 测试 API 认证
-- 性能基准测试
-## 触发关键词
-```
-api test, "test the api", "check endpoint", http request, "validate api",
-graphql query, rest api, postman, curl
-```
-## 使用方法
-### 基础用法
-```bash
-# 测试 GET 请求
-curl -X GET https://api.example.com/users
-# 测试 POST 请求
-curl -X POST https://api.example.com/users \
-  -H "Content-Type: application/json" \
-  -d '{"name": "John"}'
-```
-### 验证响应
-```javascript
-// 检查状态码
-response.status === 200
-// 验证数据结构
-response.data.users.forEach(user => {
-  assert(user.id, 'User must have id');
-  assert(user.email, 'User must have email');
-});
-```
-## 输出格式
-```
-✅ GET /api/users - 200 OK (142ms)
-✅ POST /api/users - 201 Created (89ms)
-❌ GET /api/users/999 - 404 Not Found (45ms)
-```
-## 注意事项
-- 使用测试环境 API，避免生产数据修改
-- 检查 API 速率限制
-- 验证认证 Token 有效性
-- 处理分页响应
-## 相关技能
-- [mcp-builder](../mcp-builder/) - MCP 服务器构建
-- [webapp-testing](../webapp-testing/) - Web 应用测试
-## 更新日志
-### 1.0.0 (2026-01-15)
-- 初始版本
-- 添加 REST/GraphQL 支持

package/.claude/skills/api-tester/examples/basic.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Basic Example for api-tester
-Replace this with your actual example.

package/.claude/skills/api-tester/metadata.yaml DELETED Viewed

@@ -1,30 +0,0 @@
-# Skill Metadata
-# 这个文件定义技能的基本信息，用于自动发现和索引
-name: api-tester
-version: 1.0.0
-author: @username
-description: 简短描述技能功能
-tags:
-  - category1
-  - category2
-triggers:
-  - keyword1
-  - keyword2
-  - "exact phrase"
-dependencies: []  # 依赖的其他技能
-difficulty: beginner  # beginner | intermediate | advanced
-# 模板文件
-templates:
-  - name: default
-    file: templates/default.md
-# 示例文件
-examples:
-  - name: basic
-    file: examples/basic.md

package/.claude/skills/api-tester/templates/default.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Default Template for api-tester
-Replace this with your actual template.

package/.claude/skills/code-reviewer-123/SKILL.md DELETED Viewed

@@ -1,61 +0,0 @@
-# Code Reviewer 123
-> 简短描述这个技能的作用（一句话）
-**版本**: 1.0.0
-**作者**: @username
-**标签**: [category1, category2]
-**难度**: 初级/中级/高级
----
-## 概述
-详细描述这个技能的功能和用途。
-## 适用场景
-- 场景 1
-- 场景 2
-- 场景 3
-## 触发关键词
-```
-keyword1, keyword2, "exact phrase"
-```
-## 使用方法
-### 基础用法
-```bash
-# 示例命令
-your-command-here
-```
-### 高级用法
-```yaml
-# 配置示例
-key: value
-```
-## 输出格式
-描述这个技能的输出结果格式。
-## 注意事项
-- 注意事项 1
-- 注意事项 2
-## 相关技能
-- [related-skill](../related-skill/)
-- [another-skill](../another-skill/)
-## 更新日志
-### 1.0.0 (YYYY-MM-DD)
-- 初始版本

package/.claude/skills/code-reviewer-123/examples/basic.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Basic Example for code-reviewer-123
-Replace this with your actual example.

package/.claude/skills/code-reviewer-123/metadata.yaml DELETED Viewed

@@ -1,30 +0,0 @@
-# Skill Metadata
-# 这个文件定义技能的基本信息，用于自动发现和索引
-name: code-reviewer-123
-version: 1.0.0
-author: @username
-description: 简短描述技能功能
-tags:
-  - category1
-  - category2
-triggers:
-  - keyword1
-  - keyword2
-  - "exact phrase"
-dependencies: []  # 依赖的其他技能
-difficulty: beginner  # beginner | intermediate | advanced
-# 模板文件
-templates:
-  - name: default
-    file: templates/default.md
-# 示例文件
-examples:
-  - name: basic
-    file: examples/basic.md

package/.claude/skills/code-reviewer-123/templates/default.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Default Template for code-reviewer-123
-Replace this with your actual template.

package/.claude/skills/my-skill/SKILL.md DELETED Viewed

@@ -1,61 +0,0 @@
-# My Skill
-> 简短描述这个技能的作用（一句话）
-**版本**: 1.0.0
-**作者**: @username
-**标签**: [category1, category2]
-**难度**: 初级/中级/高级
----
-## 概述
-详细描述这个技能的功能和用途。
-## 适用场景
-- 场景 1
-- 场景 2
-- 场景 3
-## 触发关键词
-```
-keyword1, keyword2, "exact phrase"
-```
-## 使用方法
-### 基础用法
-```bash
-# 示例命令
-your-command-here
-```
-### 高级用法
-```yaml
-# 配置示例
-key: value
-```
-## 输出格式
-描述这个技能的输出结果格式。
-## 注意事项
-- 注意事项 1
-- 注意事项 2
-## 相关技能
-- [related-skill](../related-skill/)
-- [another-skill](../another-skill/)
-## 更新日志
-### 1.0.0 (YYYY-MM-DD)
-- 初始版本

package/.claude/skills/my-skill/examples/basic.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Basic Example for my-skill
-Replace this with your actual example.

package/.claude/skills/my-skill/metadata.yaml DELETED Viewed

@@ -1,30 +0,0 @@
-# Skill Metadata
-# 这个文件定义技能的基本信息，用于自动发现和索引
-name: my-skill
-version: 1.0.0
-author: @username
-description: 简短描述技能功能
-tags:
-  - category1
-  - category2
-triggers:
-  - keyword1
-  - keyword2
-  - "exact phrase"
-dependencies: []  # 依赖的其他技能
-difficulty: beginner  # beginner | intermediate | advanced
-# 模板文件
-templates:
-  - name: default
-    file: templates/default.md
-# 示例文件
-examples:
-  - name: basic
-    file: examples/basic.md

package/.claude/skills/my-skill/templates/default.md DELETED Viewed

@@ -1,3 +0,0 @@
-# Default Template for my-skill
-Replace this with your actual template.

package/.claude/skills/template/SKILL.md DELETED Viewed

@@ -1,6 +0,0 @@
----
-name: template-skill
-description: Replace with description of the skill and when Claude should use it.
----
-# Insert instructions below