sumulige-claude 1.3.0 → 1.3.2

package/.claude/skills/my-skill/SKILL.md

@@ -0,0 +1,61 @@
+# My Skill
+
+> 简短描述这个技能的作用（一句话）
+
+**版本**: 1.0.0
+**作者**: @username
+**标签**: [category1, category2]
+**难度**: 初级/中级/高级
+
+---
+
+## 概述
+
+详细描述这个技能的功能和用途。
+
+## 适用场景
+
+- 场景 1
+- 场景 2
+- 场景 3
+
+## 触发关键词
+
+```
+keyword1, keyword2, "exact phrase"
+```
+
+## 使用方法
+
+### 基础用法
+
+```bash
+# 示例命令
+your-command-here
+```
+
+### 高级用法
+
+```yaml
+# 配置示例
+key: value
+```
+
+## 输出格式
+
+描述这个技能的输出结果格式。
+
+## 注意事项
+
+- 注意事项 1
+- 注意事项 2
+
+## 相关技能
+
+- [related-skill](../related-skill/)
+- [another-skill](../another-skill/)
+
+## 更新日志
+
+### 1.0.0 (YYYY-MM-DD)
+- 初始版本

package/.claude/skills/my-skill/examples/basic.md

@@ -0,0 +1,3 @@
+# Basic Example for my-skill
+
+Replace this with your actual example.

package/.claude/skills/my-skill/metadata.yaml

@@ -0,0 +1,30 @@
+# Skill Metadata
+# 这个文件定义技能的基本信息，用于自动发现和索引
+
+name: my-skill
+version: 1.0.0
+author: @username
+description: 简短描述技能功能
+
+tags:
+  - category1
+  - category2
+
+triggers:
+  - keyword1
+  - keyword2
+  - "exact phrase"
+
+dependencies: []  # 依赖的其他技能
+
+difficulty: beginner  # beginner | intermediate | advanced
+
+# 模板文件
+templates:
+  - name: default
+    file: templates/default.md
+
+# 示例文件
+examples:
+  - name: basic
+    file: examples/basic.md

package/.claude/skills/my-skill/templates/default.md

@@ -0,0 +1,3 @@
+# Default Template for my-skill
+
+Replace this with your actual template.

package/.claude/skills/template/SKILL.md

@@ -0,0 +1,6 @@
+---
+name: template-skill
+description: Replace with description of the skill and when Claude should use it.
+---
+
+# Insert instructions below

package/.claude/skills/template/metadata.yaml

@@ -0,0 +1,30 @@
+# Skill Metadata
+# 这个文件定义技能的基本信息，用于自动发现和索引
+
+name: skill-name
+version: 1.0.0
+author: @username
+description: 简短描述技能功能
+
+tags:
+  - category1
+  - category2
+
+triggers:
+  - keyword1
+  - keyword2
+  - "exact phrase"
+
+dependencies: []  # 依赖的其他技能
+
+difficulty: beginner  # beginner | intermediate | advanced
+
+# 模板文件
+templates:
+  - name: default
+    file: templates/default.md
+
+# 示例文件
+examples:
+  - name: basic
+    file: examples/basic.md

package/.claude/skills/test-skill-name/SKILL.md

@@ -0,0 +1,61 @@
+# Test Skill Name
+
+> 简短描述这个技能的作用（一句话）
+
+**版本**: 1.0.0
+**作者**: @username
+**标签**: [category1, category2]
+**难度**: 初级/中级/高级
+
+---
+
+## 概述
+
+详细描述这个技能的功能和用途。
+
+## 适用场景
+
+- 场景 1
+- 场景 2
+- 场景 3
+
+## 触发关键词
+
+```
+keyword1, keyword2, "exact phrase"
+```
+
+## 使用方法
+
+### 基础用法
+
+```bash
+# 示例命令
+your-command-here
+```
+
+### 高级用法
+
+```yaml
+# 配置示例
+key: value
+```
+
+## 输出格式
+
+描述这个技能的输出结果格式。
+
+## 注意事项
+
+- 注意事项 1
+- 注意事项 2
+
+## 相关技能
+
+- [related-skill](../related-skill/)
+- [another-skill](../another-skill/)
+
+## 更新日志
+
+### 1.0.0 (YYYY-MM-DD)
+- 初始版本

package/.claude/skills/test-skill-name/examples/basic.md

@@ -0,0 +1,3 @@
+# Basic Example for test-skill-name
+
+Replace this with your actual example.

package/.claude/skills/test-skill-name/metadata.yaml

@@ -0,0 +1,30 @@
+# Skill Metadata
+# 这个文件定义技能的基本信息，用于自动发现和索引
+
+name: test-skill-name
+version: 1.0.0
+author: @username
+description: 简短描述技能功能
+
+tags:
+  - category1
+  - category2
+
+triggers:
+  - keyword1
+  - keyword2
+  - "exact phrase"
+
+dependencies: []  # 依赖的其他技能
+
+difficulty: beginner  # beginner | intermediate | advanced
+
+# 模板文件
+templates:
+  - name: default
+    file: templates/default.md
+
+# 示例文件
+examples:
+  - name: basic
+    file: examples/basic.md

package/.claude/skills/test-skill-name/templates/default.md

@@ -0,0 +1,3 @@
+# Default Template for test-skill-name
+
+Replace this with your actual template.

package/CHANGELOG.md

@@ -1,3 +1,48 @@
+## [1.3.2](https://github.com/sumulige/sumulige-claude/compare/v1.3.1...v1.3.2) (2026-01-22)
+
+### ✨ New Features
+
+- **Official Hooks Integration**: Claude Code lifecycle auto-sync
+  - `SessionStart` → `memory-loader.cjs`: Auto-load MEMORY.md, ANCHORS.md, restore TODO state
+  - `SessionEnd` → `memory-saver.cjs`: Auto-save session summary, archive session, sync TODO
+  - `PreCompact` → `auto-handoff.cjs`: Auto-generate handoff before context compression
+- **Context Preservation**: Automatic handoff documents in `.claude/handoffs/`
+  - Includes active TODOs, recently modified files, recovery commands
+  - `LATEST.md` always points to most recent handoff
+
+### 🔧 Improvements
+
+- Session state tracking via `.session-state.json`
+- Automatic session archiving to `.claude/sessions/`
+- Memory entries kept for 7 days with auto-cleanup
+
+---
+
+## [1.3.1](https://github.com/sumulige/sumulige-claude/compare/v1.3.0...v1.3.1) (2026-01-22)
+
+### ✨ New Features
+
+- **System Prompt Optimization**: Token savings via MCP lazy-loading
+  - `ENABLE_TOOL_SEARCH=true` - MCP tools loaded on demand
+  - `DISABLE_AUTOUPDATER=1` - Reduce startup overhead
+  - ~50% token reduction for system prompts
+- **New Commands**:
+  - `/handoff` - Generate context handoff documents for session continuity
+  - `/gha` - Analyze GitHub Actions CI failures
+  - `/audit` - Security audit for approved commands (cc-safe style)
+- **Permission Audit**: Detect dangerous patterns in approved commands
+  - Critical: `rm -rf /`, disk overwrite, fork bombs
+  - High: `sudo`, `chmod 777`, privileged containers
+  - Medium: global installs, force push
+
+### 📝 Documentation
+
+- Add `/handoff` command guide
+- Add `/gha` CI analysis guide
+- Add `/audit` security audit guide
+
+---
+
 ## [1.3.0](https://github.com/sumulige/sumulige-claude/compare/v1.2.1...v1.3.0) (2026-01-22)
 
 ### ✨ New Features

package/cli.js

@@ -175,6 +175,10 @@ const COMMANDS = {
   notebooklm: {
     help: 'NotebookLM browser automation',
     args: '<auth|ask|status|clear> [args...]'
+  },
+  audit: {
+    help: 'Audit approved commands for security risks',
+    args: '[--global] [--ci] [--report]'
   }
 };
 

package/development/todos/.state.json

@@ -13,5 +13,7 @@
       "notified": true
     }
   },
-  "transitions": []
+  "transitions": [],
+  "lastSynced": "2026-01-22T13:07:26.625Z",
+  "sessionId": "unknown"
 }

package/lib/commands.js

@@ -3332,6 +3332,57 @@ All notable changes to this project will be documented in this file.
     } = require("../.claude/workflow/notebooklm/browser");
     await handleNotebookLMCommand(args);
   },
+
+  // ==========================================================================
+  // Security Audit Commands
+  // ==========================================================================
+
+  audit: async (...args) => {
+    const { audit, generateReport, passes } = require("./permission-audit");
+
+    const isGlobal = args.includes("--global");
+    const isCi = args.includes("--ci");
+    const isReport = args.includes("--report");
+
+    console.log("🔍 Running permission audit...\n");
+
+    const results = audit({ global: isGlobal });
+
+    if (isReport) {
+      console.log(generateReport(results));
+    } else {
+      const { issues } = results;
+      const total = issues.critical.length + issues.high.length + issues.medium.length;
+
+      if (total === 0) {
+        console.log("✅ No security issues found!\n");
+        console.log(`Scanned ${results.scanned} settings file(s)`);
+      } else {
+        console.log(`Found ${total} potential issue(s):\n`);
+
+        if (issues.critical.length > 0) {
+          console.log(`🔴 Critical: ${issues.critical.length}`);
+          issues.critical.forEach(i => console.log(`   - ${i.desc}: ${i.permission}`));
+        }
+
+        if (issues.high.length > 0) {
+          console.log(`🟠 High: ${issues.high.length}`);
+          issues.high.forEach(i => console.log(`   - ${i.desc}: ${i.permission}`));
+        }
+
+        if (issues.medium.length > 0) {
+          console.log(`🟡 Medium: ${issues.medium.length}`);
+          issues.medium.forEach(i => console.log(`   - ${i.desc}: ${i.permission}`));
+        }
+
+        console.log("\nRun 'smc audit --report' for detailed analysis.");
+      }
+    }
+
+    if (isCi && !passes(results)) {
+      process.exit(1);
+    }
+  },
 };
 
 // ============================================================================

package/lib/permission-audit.js

@@ -0,0 +1,255 @@
+/**
+ * Permission Audit - Security scanner for approved commands
+ * Inspired by cc-safe from ykdojo/claude-code-tips
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+// Dangerous patterns with severity levels
+const DANGEROUS_PATTERNS = [
+  // Critical - Must remove
+  { pattern: /rm\s+-rf\s+\/(?!\w)/, level: 'critical', desc: 'Delete root directory' },
+  { pattern: />\s*\/dev\/sd[a-z]/, level: 'critical', desc: 'Overwrite disk device' },
+  { pattern: /mkfs/, level: 'critical', desc: 'Format disk' },
+  { pattern: /dd\s+if=\/dev\/zero/, level: 'critical', desc: 'Overwrite with zeros' },
+  { pattern: /:\(\)\s*\{\s*:\|:&\s*\}\s*;:/, level: 'critical', desc: 'Fork bomb' },
+
+  // High - Should review
+  { pattern: /sudo/, level: 'high', desc: 'Privilege escalation' },
+  { pattern: /rm\s+-rf/, level: 'high', desc: 'Recursive force delete' },
+  { pattern: /chmod\s+777/, level: 'high', desc: 'World-writable permissions' },
+  { pattern: /--privileged/, level: 'high', desc: 'Privileged container' },
+  { pattern: /curl.*\|\s*(sh|bash)/, level: 'high', desc: 'Remote script execution' },
+  { pattern: /wget.*\|\s*(sh|bash)/, level: 'high', desc: 'Remote script execution' },
+  { pattern: /eval\s/, level: 'high', desc: 'Dynamic code execution' },
+  { pattern: /--no-verify/, level: 'high', desc: 'Skip verification hooks' },
+
+  // Medium - Optional review
+  { pattern: /npm\s+install\s+-g/, level: 'medium', desc: 'Global npm install' },
+  { pattern: /pip\s+install/, level: 'medium', desc: 'Python package install' },
+  { pattern: /git\s+push\s+--force/, level: 'medium', desc: 'Force push' },
+  { pattern: /git\s+reset\s+--hard/, level: 'medium', desc: 'Hard reset' },
+  { pattern: /DROP\s+(TABLE|DATABASE)/i, level: 'medium', desc: 'Drop database objects' },
+  { pattern: /TRUNCATE/i, level: 'medium', desc: 'Truncate table' },
+];
+
+/**
+ * Find all settings files to scan
+ */
+function findSettingsFiles(projectDir) {
+  const files = [];
+  const homeDir = os.homedir();
+
+  // Global settings
+  const globalSettings = path.join(homeDir, '.claude', 'settings.local.json');
+  if (fs.existsSync(globalSettings)) {
+    files.push({ path: globalSettings, scope: 'global' });
+  }
+
+  // Project settings
+  if (projectDir) {
+    const projectSettings = path.join(projectDir, '.claude', 'settings.local.json');
+    if (fs.existsSync(projectSettings)) {
+      files.push({ path: projectSettings, scope: 'project' });
+    }
+  }
+
+  // All project settings in ~/.claude/projects/
+  const projectsDir = path.join(homeDir, '.claude', 'projects');
+  if (fs.existsSync(projectsDir)) {
+    try {
+      const projects = fs.readdirSync(projectsDir);
+      for (const proj of projects) {
+        const projSettings = path.join(projectsDir, proj, 'settings.local.json');
+        if (fs.existsSync(projSettings)) {
+          files.push({ path: projSettings, scope: `project:${proj}` });
+        }
+      }
+    } catch (e) {
+      // Ignore read errors
+    }
+  }
+
+  return files;
+}
+
+/**
+ * Extract permissions from settings file
+ */
+function extractPermissions(settingsPath) {
+  try {
+    const content = fs.readFileSync(settingsPath, 'utf-8');
+    const settings = JSON.parse(content);
+
+    const permissions = [];
+
+    // Check permissions.allow array
+    if (settings.permissions?.allow) {
+      permissions.push(...settings.permissions.allow);
+    }
+
+    // Check allowedTools (older format)
+    if (settings.allowedTools) {
+      permissions.push(...settings.allowedTools);
+    }
+
+    return permissions;
+  } catch (e) {
+    return [];
+  }
+}
+
+/**
+ * Scan a permission string for dangerous patterns
+ */
+function scanPermission(permission) {
+  const issues = [];
+
+  for (const { pattern, level, desc } of DANGEROUS_PATTERNS) {
+    if (pattern.test(permission)) {
+      issues.push({ level, desc, pattern: pattern.toString(), match: permission });
+    }
+  }
+
+  return issues;
+}
+
+/**
+ * Run full audit
+ */
+function audit(options = {}) {
+  const { projectDir = process.cwd(), global: scanGlobal = true } = options;
+
+  const results = {
+    scanned: 0,
+    issues: {
+      critical: [],
+      high: [],
+      medium: [],
+    },
+    files: [],
+  };
+
+  const files = findSettingsFiles(scanGlobal ? projectDir : null);
+  results.scanned = files.length;
+  results.files = files.map(f => f.path);
+
+  for (const { path: filePath, scope } of files) {
+    const permissions = extractPermissions(filePath);
+
+    for (const perm of permissions) {
+      const issues = scanPermission(perm);
+
+      for (const issue of issues) {
+        const entry = {
+          ...issue,
+          file: filePath,
+          scope,
+          permission: perm,
+        };
+
+        results.issues[issue.level].push(entry);
+      }
+    }
+  }
+
+  return results;
+}
+
+/**
+ * Generate markdown report
+ */
+function generateReport(results) {
+  const { scanned, issues, files } = results;
+  const totalIssues = issues.critical.length + issues.high.length + issues.medium.length;
+
+  let report = `# Permission Audit Report
+
+**Date**: ${new Date().toISOString().split('T')[0]}
+**Scanned**: ${scanned} files
+**Issues**: ${totalIssues} found
+
+`;
+
+  // Critical issues
+  report += `## 🔴 Critical Issues (${issues.critical.length})\n\n`;
+  if (issues.critical.length === 0) {
+    report += 'None found.\n\n';
+  } else {
+    issues.critical.forEach((issue, i) => {
+      report += `### ${i + 1}. ${issue.desc}
+**Location**: ${issue.file}
+**Pattern**: \`${issue.permission}\`
+**Risk**: ${issue.desc}
+
+`;
+    });
+  }
+
+  // High risk
+  report += `## 🟠 High Risk (${issues.high.length})\n\n`;
+  if (issues.high.length === 0) {
+    report += 'None found.\n\n';
+  } else {
+    issues.high.forEach((issue, i) => {
+      report += `### ${i + 1}. ${issue.desc}
+**Location**: ${issue.file}
+**Pattern**: \`${issue.permission}\`
+**Risk**: ${issue.desc}
+
+`;
+    });
+  }
+
+  // Medium risk
+  report += `## 🟡 Medium Risk (${issues.medium.length})\n\n`;
+  if (issues.medium.length === 0) {
+    report += 'None found.\n\n';
+  } else {
+    issues.medium.forEach((issue, i) => {
+      report += `### ${i + 1}. ${issue.desc}
+**Location**: ${issue.file}
+**Pattern**: \`${issue.permission}\`
+
+`;
+    });
+  }
+
+  // Summary
+  report += `## Summary
+
+| Level | Count | Action |
+|-------|-------|--------|
+| 🔴 Critical | ${issues.critical.length} | Must remove |
+| 🟠 High | ${issues.high.length} | Should review |
+| 🟡 Medium | ${issues.medium.length} | Optional review |
+
+`;
+
+  return report;
+}
+
+/**
+ * Check if audit passes (for CI)
+ */
+function passes(results, options = {}) {
+  const { allowMedium = true, allowHigh = false } = options;
+
+  if (results.issues.critical.length > 0) return false;
+  if (!allowHigh && results.issues.high.length > 0) return false;
+  if (!allowMedium && results.issues.medium.length > 0) return false;
+
+  return true;
+}
+
+module.exports = {
+  audit,
+  generateReport,
+  passes,
+  DANGEROUS_PATTERNS,
+  findSettingsFiles,
+  extractPermissions,
+  scanPermission,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumulige-claude",
-  "version": "1.3.0",
+  "version": "1.3.2",
   "description": "The Best Agent Harness for Claude Code",
   "main": "cli.js",
   "bin": {