cexll/myclaude
1
0
Fork 0
mirror of https://github.com/cexll/myclaude.git synced 2026-02-05 02:30:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: cexll:v5.4.0
Branches Tags
cexll:master cexll:feat/intelligent-backend-selection cexll:pr-94 cexll:feature_parser cexll:fix/prevent-codeagent-infinite-recursion cexll:myclaude-master-20251215-073053-338465000 cexll:fix/issue-64-buffer-overflow cexll:rc/5.2 cexll:fix/parallel-log-path-on-startup cexll:fix/channel-sync-race-conditions cexll:freespace8/master cexll:fix-async-log cexll:cce-worktree-master-20251129-111802-997076000 cexll:cce-worktree-master-20251129-093110-192870000 cexll:feat/codex-wrapper cexll:swe-agent/23-1763544297 cexll:swe-agent/17-1760969135 cexll:swe-agent/16-1760965979 cexll:swe-agent/13-1760944712 cexll:swe-agent/12-1760944588 cexll:swe-agent/10-1760752533
cexll:v6.5.0 cexll:v6.4.0 cexll:v6.3.1 cexll:v6.3.0 cexll:v6.2.1 cexll:v6.2.0 cexll:v6.1.5 cexll:v6.1.4 cexll:v6.1.3 cexll:v6.1.2 cexll:v6.1.1 cexll:v6.1.0 cexll:v6.0.0-alpha1 cexll:v6.0.0 cexll:v5.6.7 cexll:v5.6.6 cexll:v5.6.5 cexll:v5.6.4 cexll:v5.6.3 cexll:v5.6.2 cexll:v5.6.1 cexll:v5.6.0 cexll:v5.5.0 cexll:v5.4.4 cexll:v5.4.3 cexll:v5.4.2 cexll:v5.4.1 cexll:v5.4.0 cexll:v5.2.8 cexll:v5.2.7 cexll:v5.2.6 cexll:v5.2.5 cexll:v5.2.4 cexll:v5.2.3 cexll:v5.2.2 cexll:v5.2.1 cexll:v5.2.0 cexll:v5.1.4 cexll:v5.1.3 cexll:v5.1.2 cexll:v5.1.1 cexll:v5.1.0 cexll:v5.0.0 cexll:v4.8.2 cexll:v4.8.1 cexll:v4.8.0 cexll:v4.7.3 cexll:v4.7.2 cexll:v4.7.1 cexll:v4.7 cexll:v4.7-alpha1 cexll:v4.6 cexll:v4.5 cexll:v4.4 cexll:v4.3 cexll:v4.2.2 cexll:v4.2.1 cexll:v4.2 cexll:v4.1 cexll:v4.0 cexll:v3.5 cexll:v3.4 cexll:v3.3 cexll:v3.2 cexll:v3.1
...
compare: cexll:v5.4.3
Branches Tags
cexll:master cexll:feat/intelligent-backend-selection cexll:pr-94 cexll:feature_parser cexll:fix/prevent-codeagent-infinite-recursion cexll:myclaude-master-20251215-073053-338465000 cexll:fix/issue-64-buffer-overflow cexll:rc/5.2 cexll:fix/parallel-log-path-on-startup cexll:fix/channel-sync-race-conditions cexll:freespace8/master cexll:fix-async-log cexll:cce-worktree-master-20251129-111802-997076000 cexll:cce-worktree-master-20251129-093110-192870000 cexll:feat/codex-wrapper cexll:swe-agent/23-1763544297 cexll:swe-agent/17-1760969135 cexll:swe-agent/16-1760965979 cexll:swe-agent/13-1760944712 cexll:swe-agent/12-1760944588 cexll:swe-agent/10-1760752533
cexll:v6.5.0 cexll:v6.4.0 cexll:v6.3.1 cexll:v6.3.0 cexll:v6.2.1 cexll:v6.2.0 cexll:v6.1.5 cexll:v6.1.4 cexll:v6.1.3 cexll:v6.1.2 cexll:v6.1.1 cexll:v6.1.0 cexll:v6.0.0-alpha1 cexll:v6.0.0 cexll:v5.6.7 cexll:v5.6.6 cexll:v5.6.5 cexll:v5.6.4 cexll:v5.6.3 cexll:v5.6.2 cexll:v5.6.1 cexll:v5.6.0 cexll:v5.5.0 cexll:v5.4.4 cexll:v5.4.3 cexll:v5.4.2 cexll:v5.4.1 cexll:v5.4.0 cexll:v5.2.8 cexll:v5.2.7 cexll:v5.2.6 cexll:v5.2.5 cexll:v5.2.4 cexll:v5.2.3 cexll:v5.2.2 cexll:v5.2.1 cexll:v5.2.0 cexll:v5.1.4 cexll:v5.1.3 cexll:v5.1.2 cexll:v5.1.1 cexll:v5.1.0 cexll:v5.0.0 cexll:v4.8.2 cexll:v4.8.1 cexll:v4.8.0 cexll:v4.7.3 cexll:v4.7.2 cexll:v4.7.1 cexll:v4.7 cexll:v4.7-alpha1 cexll:v4.6 cexll:v4.5 cexll:v4.4 cexll:v4.3 cexll:v4.2.2 cexll:v4.2.1 cexll:v4.2 cexll:v4.1 cexll:v4.0 cexll:v3.5 cexll:v3.4 cexll:v3.3 cexll:v3.2 cexll:v3.1

10 Commits
v5.4.0 ... v5.4.3

Author SHA1 Message Date
cexll
13465b12e5 fix: support model parameter for all backends, auto-inject from settings (#105) 
- Add Model field to Config and TaskSpec for per-task model selection
- Parse --model flag and model: metadata in parallel tasks
- Auto-inject model from ~/.claude/settings.json for claude backend in new mode
- Pass --model to claude CLI, -m to gemini CLI, --model to codex CLI
- Preserve --setting-sources "" isolation while reading minimal safe subset
- Add comprehensive tests for model parsing, propagation, and settings injection

Fixes #105

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2026-01-06 15:03:21 +08:00
cexll
cf93a0ada9 feat skill-install install script and security scan 2026-01-05 21:02:07 +08:00
cexll
b81953a1d7 feat: add uninstall scripts with selective module removal 
- uninstall.py: Python uninstaller with --list, --dry-run, --module options
- uninstall.sh: Bash uninstaller with same functionality
- Reads installed_modules.json for precise removal
- Supports partial uninstall (--module dev)
- --purge option for complete removal
- Cleans PATH from shell configs (.bashrc/.zshrc)

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2026-01-04 22:53:11 +08:00
cexll
1d2f28101a docs: add FAQ Q5 for permission/sandbox env vars 
Add CODEX_BYPASS_SANDBOX and CODEAGENT_SKIP_PERMISSIONS
environment variables to FAQ section in both EN and CN READMEs.

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2026-01-04 10:13:58 +08:00
cexll
81e95777a8 fix: replace setx with reg add to avoid 1024-char PATH truncation (#101) 
- Use reg add instead of setx to bypass Windows 1024-character limit
- Add safety check for quotes/exclamation marks in PATH to prevent injection
- Preserve stderr output for better error diagnostics
- Update documentation with warnings about cmd PATH duplication
- Add test script for PATH update validation

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2025-12-31 14:40:34 +08:00
cexll
993249acb1 docs: 添加 FAQ 常见问题章节 
添加 4 个高频问题的解决方案:
- Q1: codeagent-wrapper "Unknown event format" 日志问题 (#96)
- Q2: Gemini 无法读取 .gitignore 文件 (#75)
- Q3: /dev 命令并行执行性能优化建议 (#77)
- Q4: Go 版 Codex 权限配置指南 (#31)

提升用户自助排障能力,减少重复问题咨询。

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2025-12-26 15:03:43 +08:00
ben
0d28e70026 feat(dev-workflow): Add intelligent backend selection based on task complexity (#61) 
合并智能 backend 选择功能。包含:multiSelect backend 选择、type 字段任务分类(default|ui|quick-fix)、智能路由策略
 2025-12-26 15:01:58 +08:00
cexll
7560ce1976 fix: 移除未知事件格式的日志噪声 (#96) 
问题:
- codeagent-wrapper 在处理 Claude Code 等其他后端的事件流时
- 对无法识别的事件格式(turn.started/assistant/user)打印警告日志
- 造成输出噪声,影响用户体验

修复:
- parser.go:274 - 移除对未知事件的 warnFn 日志打印
- 改为静默 continue,直接跳过这些事件
- 添加注释说明这些事件来自其他后端,无需处理

测试:
- 新增 parser_unknown_event_test.go 回归测试
- 验证未知事件不产生 "Agent event:" 日志
- 确保 Codex/Claude/Gemini 事件解析不受影响
- 所有测试通过

Closes #96

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2025-12-26 14:51:38 +08:00
cexll
683d18e6bb docs: update troubleshooting with idempotent PATH commands (#95) 
- Use correct PATH pattern matching syntax
- Explain installer auto-adds PATH
- Provide idempotent command for manual use

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2025-12-25 11:40:53 +08:00
cexll
a7147f692c fix: prevent duplicate PATH entries on reinstall (#95) 
- install.sh: Auto-detect shell and add PATH with idempotency check
- install.bat: Improve PATH detection with system PATH check
- Fix PATH variable quoting in pattern matching

Generated with SWE-Agent.ai

Co-Authored-By: SWE-Agent.ai <noreply@swe-agent.ai>
 2025-12-25 11:38:42 +08:00
20 changed files with 1716 additions and 114 deletions
Expand all files Collapse all files

117
README.md
View File

@@ -346,8 +346,10 @@ $Env:PATH = "$HOME\bin;$Env:PATH"
```
```batch
REM cmd.exe - persistent for current user
setx PATH "%USERPROFILE%\bin;%PATH%"
REM cmd.exe - persistent for current user (use PowerShell method above instead)
REM WARNING: This expands %PATH% which includes system PATH, causing duplication
REM Note: Using reg add instead of setx to avoid 1024-character truncation limit
reg add "HKCU\Environment" /v Path /t REG_EXPAND_SZ /d "%USERPROFILE%\bin;%PATH%" /f
```
---
@@ -371,11 +373,14 @@ setx PATH "%USERPROFILE%\bin;%PATH%"
**Codex wrapper not found:**
```bash
# Check PATH
echo $PATH | grep -q "$HOME/.claude/bin" || echo 'export PATH="$HOME/.claude/bin:$PATH"' >> ~/.zshrc
# Installer auto-adds PATH, check if configured
if [[ ":$PATH:" != *":$HOME/.claude/bin:"* ]]; then
echo "PATH not configured. Reinstalling..."
bash install.sh
fi
# Reinstall
bash install.sh
# Or manually add (idempotent command)
[[ ":$PATH:" != *":$HOME/.claude/bin:"* ]] && echo 'export PATH="$HOME/.claude/bin:$PATH"' >> ~/.zshrc
```
**Permission denied:**
@@ -459,9 +464,105 @@ claude -r <session_id> "test"
---
## Documentation
## FAQ (Frequently Asked Questions)
### Core Guides
### Q1: `codeagent-wrapper` execution fails with "Unknown event format"
**Problem:**
```
Unknown event format: {"type":"turn.started"}
Unknown event format: {"type":"assistant", ...}
```
**Solution:**
This is a logging event format display issue and does not affect actual functionality. It will be fixed in the next version. You can ignore these log outputs.
**Related Issue:** [#96](https://github.com/cexll/myclaude/issues/96)
---
### Q2: Gemini cannot read files ignored by `.gitignore`
**Problem:**
When using `codeagent-wrapper --backend gemini`, files in directories like `.claude/` that are ignored by `.gitignore` cannot be read.
**Solution:**
- **Option 1:** Remove `.claude/` from your `.gitignore` file
- **Option 2:** Ensure files that need to be read are not in `.gitignore` list
**Related Issue:** [#75](https://github.com/cexll/myclaude/issues/75)
---
### Q3: `/dev` command parallel execution is very slow
**Problem:**
Using `/dev` command for simple features takes too long (over 30 minutes) with no visibility into task progress.
**Solution:**
1. **Check logs:** Review `C:\Users\User\AppData\Local\Temp\codeagent-wrapper-*.log` to identify bottlenecks
2. **Adjust backend:**
- Try faster models like `gpt-5.1-codex-max`
- Running in WSL may be significantly faster
3. **Workspace:** Use a single repository instead of monorepo with multiple sub-projects
**Related Issue:** [#77](https://github.com/cexll/myclaude/issues/77)
---
### Q4: Codex permission denied with new Go version
**Problem:**
After upgrading to the new Go-based Codex implementation, execution fails with permission denied errors.
**Solution:**
Add the following configuration to `~/.codex/config.yaml` (Windows: `c:\user\.codex\config.toml`):
```yaml
model = "gpt-5.1-codex-max"
model_reasoning_effort = "high"
model_reasoning_summary = "detailed"
approval_policy = "never"
sandbox_mode = "workspace-write"
disable_response_storage = true
network_access = true
```
**Key settings:**
- `approval_policy = "never"` - Remove approval restrictions
- `sandbox_mode = "workspace-write"` - Allow workspace write access
- `network_access = true` - Enable network access
**Related Issue:** [#31](https://github.com/cexll/myclaude/issues/31)
---
### Q5: Permission denied or sandbox restrictions during execution
**Problem:**
Execution fails with permission errors or sandbox restrictions when running codeagent-wrapper.
**Solution:**
Set the following environment variables:
```bash
export CODEX_BYPASS_SANDBOX=true
export CODEAGENT_SKIP_PERMISSIONS=true
```
Or add them to your shell profile (`~/.zshrc` or `~/.bashrc`):
```bash
echo 'export CODEX_BYPASS_SANDBOX=true' >> ~/.zshrc
echo 'export CODEAGENT_SKIP_PERMISSIONS=true' >> ~/.zshrc
```
**Note:** These settings bypass security restrictions. Use with caution in trusted environments only.
---
**Still having issues?** Visit [GitHub Issues](https://github.com/cexll/myclaude/issues) to search or report new issues.
---
## Documentation
- **[Codeagent-Wrapper Guide](docs/CODEAGENT-WRAPPER.md)** - Multi-backend execution wrapper
- **[Hooks Documentation](docs/HOOKS.md)** - Custom hooks and automation

116
README_CN.md
View File

@@ -282,8 +282,10 @@ $Env:PATH = "$HOME\bin;$Env:PATH"
```
```batch
REM cmd.exe - 永久添加(当前用户)
setx PATH "%USERPROFILE%\bin;%PATH%"
REM cmd.exe - 永久添加(当前用户)(建议使用上面的 PowerShell 方法)
REM 警告:此命令会展开 %PATH% 包含系统 PATH导致重复
REM 注意:使用 reg add 而非 setx 以避免 1024 字符截断限制
reg add "HKCU\Environment" /v Path /t REG_EXPAND_SZ /d "%USERPROFILE%\bin;%PATH%" /f
```
---
@@ -307,11 +309,14 @@ setx PATH "%USERPROFILE%\bin;%PATH%"
**Codex wrapper 未找到:**
```bash
# 检查 PATH
echo $PATH | grep -q "$HOME/.claude/bin" || echo 'export PATH="$HOME/.claude/bin:$PATH"' >> ~/.zshrc
# 安装程序会自动添加 PATH检查是否已添加
if [[ ":$PATH:" != *":$HOME/.claude/bin:"* ]]; then
echo "PATH not configured. Reinstalling..."
bash install.sh
fi
# 重新安装
bash install.sh
# 或手动添加(幂等性命令)
[[ ":$PATH:" != *":$HOME/.claude/bin:"* ]] && echo 'export PATH="$HOME/.claude/bin:$PATH"' >> ~/.zshrc
```
**权限被拒绝:**
@@ -330,6 +335,105 @@ python3 install.py --module dev --force
---
## 常见问题 (FAQ)
### Q1: `codeagent-wrapper` 执行时报错 "Unknown event format"
**问题描述:**
执行 `codeagent-wrapper` 时出现错误:
```
Unknown event format: {"type":"turn.started"}
Unknown event format: {"type":"assistant", ...}
```
**解决方案:**
这是日志事件流的显示问题,不影响实际功能执行。预计在下个版本中修复。如需排查其他问题,可忽略此日志输出。
**相关 Issue** [#96](https://github.com/cexll/myclaude/issues/96)
---
### Q2: Gemini 无法读取 `.gitignore` 忽略的文件
**问题描述:**
使用 `codeagent-wrapper --backend gemini` 时,无法读取 `.claude/` 等被 `.gitignore` 忽略的目录中的文件。
**解决方案:**
- **方案一:** 在项目根目录的 `.gitignore` 中取消对 `.claude/` 的忽略
- **方案二:** 确保需要读取的文件不在 `.gitignore` 忽略列表中
**相关 Issue** [#75](https://github.com/cexll/myclaude/issues/75)
---
### Q3: `/dev` 命令并行执行特别慢
**问题描述:**
使用 `/dev` 命令开发简单功能耗时过长超过30分钟无法了解任务执行状态。
**解决方案:**
1. **检查日志:** 查看 `C:\Users\User\AppData\Local\Temp\codeagent-wrapper-*.log` 分析瓶颈
2. **调整后端:**
- 尝试使用 `gpt-5.1-codex-max` 等更快的模型
- 在 WSL 环境下运行速度可能更快
3. **工作区选择:** 使用独立的代码仓库而非包含多个子项目的 monorepo
**相关 Issue** [#77](https://github.com/cexll/myclaude/issues/77)
---
### Q4: 新版 Go 实现的 Codex 权限不足
**问题描述:**
升级到新版 Go 实现的 Codex 后,出现权限不足的错误。
**解决方案:**
`~/.codex/config.yaml` 中添加以下配置Windows: `c:\user\.codex\config.toml`
```yaml
model = "gpt-5.1-codex-max"
model_reasoning_effort = "high"
model_reasoning_summary = "detailed"
approval_policy = "never"
sandbox_mode = "workspace-write"
disable_response_storage = true
network_access = true
```
**关键配置说明:**
- `approval_policy = "never"` - 移除审批限制
- `sandbox_mode = "workspace-write"` - 允许工作区写入权限
- `network_access = true` - 启用网络访问
**相关 Issue** [#31](https://github.com/cexll/myclaude/issues/31)
---
### Q5: 执行时遇到权限拒绝或沙箱限制
**问题描述:**
运行 codeagent-wrapper 时出现权限错误或沙箱限制。
**解决方案:**
设置以下环境变量:
```bash
export CODEX_BYPASS_SANDBOX=true
export CODEAGENT_SKIP_PERMISSIONS=true
```
或添加到 shell 配置文件(`~/.zshrc``~/.bashrc`
```bash
echo 'export CODEX_BYPASS_SANDBOX=true' >> ~/.zshrc
echo 'export CODEAGENT_SKIP_PERMISSIONS=true' >> ~/.zshrc
```
**注意:** 这些设置会绕过安全限制,请仅在可信环境中使用。
---
**仍有疑问?** 请访问 [GitHub Issues](https://github.com/cexll/myclaude/issues) 搜索或提交新问题。
---
## 许可证
AGPL-3.0 License - 查看 [LICENSE](LICENSE)

54
codeagent-wrapper/backend.go
View File

@@ -4,6 +4,7 @@ import (
"encoding/json"
"os"
"path/filepath"
"strings"
)
// Backend defines the contract for invoking different AI CLI backends.
@@ -37,33 +38,48 @@ func (ClaudeBackend) BuildArgs(cfg *Config, targetArg string) []string {
const maxClaudeSettingsBytes = 1 << 20 // 1MB
// loadMinimalEnvSettings 从 ~/.claude/settings.json 只提取 env 配置。
// 只接受字符串类型的值;文件缺失/解析失败/超限都返回空。
func loadMinimalEnvSettings() map[string]string {
type minimalClaudeSettings struct {
Env map[string]string
Model string
}
// loadMinimalClaudeSettings 从 ~/.claude/settings.json 只提取安全的最小子集:
// - env: 只接受字符串类型的值
// - model: 只接受字符串类型的值
// 文件缺失/解析失败/超限都返回空。
func loadMinimalClaudeSettings() minimalClaudeSettings {
home, err := os.UserHomeDir()
if err != nil || home == "" {
return nil
return minimalClaudeSettings{}
}
settingPath := filepath.Join(home, ".claude", "settings.json")
info, err := os.Stat(settingPath)
if err != nil || info.Size() > maxClaudeSettingsBytes {
return nil
return minimalClaudeSettings{}
}
data, err := os.ReadFile(settingPath)
if err != nil {
return nil
return minimalClaudeSettings{}
}
var cfg struct {
Env map[string]any `json:"env"`
Env map[string]any `json:"env"`
Model any `json:"model"`
}
if err := json.Unmarshal(data, &cfg); err != nil {
return nil
return minimalClaudeSettings{}
}
out := minimalClaudeSettings{}
if model, ok := cfg.Model.(string); ok {
out.Model = strings.TrimSpace(model)
}
if len(cfg.Env) == 0 {
return nil
return out
}
env := make(map[string]string, len(cfg.Env))
@@ -75,9 +91,19 @@ func loadMinimalEnvSettings() map[string]string {
env[k] = s
}
if len(env) == 0 {
return out
}
out.Env = env
return out
}
// loadMinimalEnvSettings is kept for backwards tests; prefer loadMinimalClaudeSettings.
func loadMinimalEnvSettings() map[string]string {
settings := loadMinimalClaudeSettings()
if len(settings.Env) == 0 {
return nil
}
return env
return settings.Env
}
func buildClaudeArgs(cfg *Config, targetArg string) []string {
@@ -93,6 +119,10 @@ func buildClaudeArgs(cfg *Config, targetArg string) []string {
// This ensures a clean execution environment without CLAUDE.md or skills that would trigger codeagent
args = append(args, "--setting-sources", "")
if model := strings.TrimSpace(cfg.Model); model != "" {
args = append(args, "--model", model)
}
if cfg.Mode == "resume" {
if cfg.SessionID != "" {
// Claude CLI uses -r <session_id> for resume.
@@ -122,6 +152,10 @@ func buildGeminiArgs(cfg *Config, targetArg string) []string {
}
args := []string{"-o", "stream-json", "-y"}
if model := strings.TrimSpace(cfg.Model); model != "" {
args = append(args, "-m", model)
}
if cfg.Mode == "resume" {
if cfg.SessionID != "" {
args = append(args, "-r", cfg.SessionID)

36
codeagent-wrapper/backend_test.go
View File

@@ -63,6 +63,42 @@ func TestClaudeBuildArgs_ModesAndPermissions(t *testing.T) {
})
}
func TestBackendBuildArgs_Model(t *testing.T) {
t.Run("claude includes --model when set", func(t *testing.T) {
backend := ClaudeBackend{}
cfg := &Config{Mode: "new", Model: "opus"}
got := backend.BuildArgs(cfg, "todo")
want := []string{"-p", "--setting-sources", "", "--model", "opus", "--output-format", "stream-json", "--verbose", "todo"}
if !reflect.DeepEqual(got, want) {
t.Fatalf("got %v, want %v", got, want)
}
})
t.Run("gemini includes -m when set", func(t *testing.T) {
backend := GeminiBackend{}
cfg := &Config{Mode: "new", Model: "gemini-3-pro-preview"}
got := backend.BuildArgs(cfg, "task")
want := []string{"-o", "stream-json", "-y", "-m", "gemini-3-pro-preview", "-p", "task"}
if !reflect.DeepEqual(got, want) {
t.Fatalf("got %v, want %v", got, want)
}
})
t.Run("codex includes --model when set", func(t *testing.T) {
const key = "CODEX_BYPASS_SANDBOX"
t.Cleanup(func() { os.Unsetenv(key) })
os.Unsetenv(key)
backend := CodexBackend{}
cfg := &Config{Mode: "new", WorkDir: "/tmp", Model: "o3"}
got := backend.BuildArgs(cfg, "task")
want := []string{"e", "--model", "o3", "--skip-git-repo-check", "-C", "/tmp", "--json", "task"}
if !reflect.DeepEqual(got, want) {
t.Fatalf("got %v, want %v", got, want)
}
})
}
func TestClaudeBuildArgs_GeminiAndCodexModes(t *testing.T) {
t.Run("gemini new mode defaults workdir", func(t *testing.T) {
backend := GeminiBackend{}

21
codeagent-wrapper/config.go
View File

@@ -15,6 +15,7 @@ type Config struct {
Task string
SessionID string
WorkDir string
Model string
ExplicitStdin bool
Timeout int
Backend string
@@ -36,6 +37,7 @@ type TaskSpec struct {
Dependencies []string `json:"dependencies,omitempty"`
SessionID string `json:"session_id,omitempty"`
Backend string `json:"backend,omitempty"`
Model string `json:"model,omitempty"`
Mode string `json:"-"`
UseStdin bool `json:"-"`
Context context.Context `json:"-"`
@@ -152,6 +154,8 @@ func parseParallelConfig(data []byte) (*ParallelConfig, error) {
task.Mode = "resume"
case "backend":
task.Backend = value
case "model":
task.Model = value
case "dependencies":
for _, dep := range strings.Split(value, ",") {
dep = strings.TrimSpace(dep)
@@ -198,6 +202,7 @@ func parseArgs() (*Config, error) {
}
backendName := defaultBackendName
model := ""
skipPermissions := envFlagEnabled("CODEAGENT_SKIP_PERMISSIONS")
filtered := make([]string, 0, len(args))
for i := 0; i < len(args); i++ {
@@ -220,6 +225,20 @@ func parseArgs() (*Config, error) {
case arg == "--skip-permissions", arg == "--dangerously-skip-permissions":
skipPermissions = true
continue
case arg == "--model":
if i+1 >= len(args) {
return nil, fmt.Errorf("--model flag requires a value")
}
model = args[i+1]
i++
continue
case strings.HasPrefix(arg, "--model="):
value := strings.TrimPrefix(arg, "--model=")
if value == "" {
return nil, fmt.Errorf("--model flag requires a value")
}
model = value
continue
case strings.HasPrefix(arg, "--skip-permissions="):
skipPermissions = parseBoolFlag(strings.TrimPrefix(arg, "--skip-permissions="), skipPermissions)
continue
@@ -235,7 +254,7 @@ func parseArgs() (*Config, error) {
}
args = filtered
cfg := &Config{WorkDir: defaultWorkdir, Backend: backendName, SkipPermissions: skipPermissions}
cfg := &Config{WorkDir: defaultWorkdir, Backend: backendName, SkipPermissions: skipPermissions, Model: strings.TrimSpace(model)}
cfg.MaxParallelWorkers = resolveMaxParallelWorkers()
if args[0] == "resume" {

20
codeagent-wrapper/executor.go
View File

@@ -744,6 +744,10 @@ func buildCodexArgs(cfg *Config, targetArg string) []string {
args = append(args, "--dangerously-bypass-approvals-and-sandbox")
}
if model := strings.TrimSpace(cfg.Model); model != "" {
args = append(args, "--model", model)
}
args = append(args, "--skip-git-repo-check")
if isResume {
@@ -788,6 +792,7 @@ func runCodexTaskWithContext(parentCtx context.Context, taskSpec TaskSpec, backe
Task: taskSpec.Task,
SessionID: taskSpec.SessionID,
WorkDir: taskSpec.WorkDir,
Model: taskSpec.Model,
Backend: defaultBackendName,
}
@@ -816,6 +821,15 @@ func runCodexTaskWithContext(parentCtx context.Context, taskSpec TaskSpec, backe
return result
}
var claudeEnv map[string]string
if cfg.Backend == "claude" {
settings := loadMinimalClaudeSettings()
claudeEnv = settings.Env
if cfg.Mode != "resume" && strings.TrimSpace(cfg.Model) == "" && settings.Model != "" {
cfg.Model = settings.Model
}
}
useStdin := taskSpec.UseStdin
targetArg := taskSpec.Task
if useStdin {
@@ -915,10 +929,8 @@ func runCodexTaskWithContext(parentCtx context.Context, taskSpec TaskSpec, backe
cmd := newCommandRunner(ctx, commandName, codexArgs...)
if cfg.Backend == "claude" {
if env := loadMinimalEnvSettings(); len(env) > 0 {
cmd.SetEnv(env)
}
if cfg.Backend == "claude" && len(claudeEnv) > 0 {
cmd.SetEnv(claudeEnv)
}
// For backends that don't support -C flag (claude, gemini), set working directory via cmd.Dir

22
codeagent-wrapper/main.go
View File

@@ -178,6 +178,7 @@ func run() (exitCode int) {
if parallelIndex != -1 {
backendName := defaultBackendName
model := ""
fullOutput := false
var extras []string
@@ -202,13 +203,27 @@ func run() (exitCode int) {
return 1
}
backendName = value
case arg == "--model":
if i+1 >= len(args) {
fmt.Fprintln(os.Stderr, "ERROR: --model flag requires a value")
return 1
}
model = args[i+1]
i++
case strings.HasPrefix(arg, "--model="):
value := strings.TrimPrefix(arg, "--model=")
if value == "" {
fmt.Fprintln(os.Stderr, "ERROR: --model flag requires a value")
return 1
}
model = value
default:
extras = append(extras, arg)
}
}
if len(extras) > 0 {
fmt.Fprintln(os.Stderr, "ERROR: --parallel reads its task configuration from stdin; only --backend and --full-output are allowed.")
fmt.Fprintln(os.Stderr, "ERROR: --parallel reads its task configuration from stdin; only --backend, --model and --full-output are allowed.")
fmt.Fprintln(os.Stderr, "Usage examples:")
fmt.Fprintf(os.Stderr, " %s --parallel < tasks.txt\n", name)
fmt.Fprintf(os.Stderr, " echo '...' | %s --parallel\n", name)
@@ -237,10 +252,14 @@ func run() (exitCode int) {
}
cfg.GlobalBackend = backendName
model = strings.TrimSpace(model)
for i := range cfg.Tasks {
if strings.TrimSpace(cfg.Tasks[i].Backend) == "" {
cfg.Tasks[i].Backend = backendName
}
if strings.TrimSpace(cfg.Tasks[i].Model) == "" && model != "" {
cfg.Tasks[i].Model = model
}
}
timeoutSec := resolveTimeout()
@@ -409,6 +428,7 @@ func run() (exitCode int) {
WorkDir: cfg.WorkDir,
Mode: cfg.Mode,
SessionID: cfg.SessionID,
Model: cfg.Model,
UseStdin: useStdin,
}

237
codeagent-wrapper/main_test.go
View File

@@ -1139,6 +1139,65 @@ func TestBackendParseArgs_BackendFlag(t *testing.T) {
}
}
func TestBackendParseArgs_ModelFlag(t *testing.T) {
tests := []struct {
name string
args []string
want string
wantErr bool
}{
{
name: "model flag",
args: []string{"codeagent-wrapper", "--model", "opus", "task"},
want: "opus",
},
{
name: "model equals syntax",
args: []string{"codeagent-wrapper", "--model=opus", "task"},
want: "opus",
},
{
name: "model trimmed",
args: []string{"codeagent-wrapper", "--model", " opus ", "task"},
want: "opus",
},
{
name: "model with resume mode",
args: []string{"codeagent-wrapper", "--model", "sonnet", "resume", "sid", "task"},
want: "sonnet",
},
{
name: "missing model value",
args: []string{"codeagent-wrapper", "--model"},
wantErr: true,
},
{
name: "model equals missing value",
args: []string{"codeagent-wrapper", "--model=", "task"},
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
os.Args = tt.args
cfg, err := parseArgs()
if tt.wantErr {
if err == nil {
t.Fatalf("expected error, got nil")
}
return
}
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if cfg.Model != tt.want {
t.Fatalf("Model = %q, want %q", cfg.Model, tt.want)
}
})
}
}
func TestBackendParseArgs_SkipPermissions(t *testing.T) {
const envKey = "CODEAGENT_SKIP_PERMISSIONS"
t.Cleanup(func() { os.Unsetenv(envKey) })
@@ -1276,6 +1335,26 @@ do something`
}
}
func TestParallelParseConfig_Model(t *testing.T) {
input := `---TASK---
id: task-1
model: opus
---CONTENT---
do something`
cfg, err := parseParallelConfig([]byte(input))
if err != nil {
t.Fatalf("parseParallelConfig() unexpected error: %v", err)
}
if len(cfg.Tasks) != 1 {
t.Fatalf("expected 1 task, got %d", len(cfg.Tasks))
}
task := cfg.Tasks[0]
if task.Model != "opus" {
t.Fatalf("model = %q, want opus", task.Model)
}
}
func TestParallelParseConfig_EmptySessionID(t *testing.T) {
input := `---TASK---
id: task-1
@@ -1358,6 +1437,120 @@ code with special chars: $var "quotes"`
}
}
func TestClaudeModel_DefaultsFromSettings(t *testing.T) {
defer resetTestHooks()
home := t.TempDir()
t.Setenv("HOME", home)
t.Setenv("USERPROFILE", home)
dir := filepath.Join(home, ".claude")
if err := os.MkdirAll(dir, 0o755); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
settingsModel := "claude-opus-4-5-20250929"
path := filepath.Join(dir, "settings.json")
data := []byte(fmt.Sprintf(`{"model":%q,"env":{"FOO":"bar"}}`, settingsModel))
if err := os.WriteFile(path, data, 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
makeRunner := func(gotName *string, gotArgs *[]string, fake **fakeCmd) func(context.Context, string, ...string) commandRunner {
return func(ctx context.Context, name string, args ...string) commandRunner {
*gotName = name
*gotArgs = append([]string(nil), args...)
cmd := newFakeCmd(fakeCmdConfig{
PID: 123,
StdoutPlan: []fakeStdoutEvent{
{Data: "{\"type\":\"result\",\"session_id\":\"sid\",\"result\":\"ok\"}\n"},
},
})
*fake = cmd
return cmd
}
}
t.Run("new mode inherits model when unset", func(t *testing.T) {
var (
gotName string
gotArgs []string
fake *fakeCmd
)
origRunner := newCommandRunner
newCommandRunner = makeRunner(&gotName, &gotArgs, &fake)
t.Cleanup(func() { newCommandRunner = origRunner })
res := runCodexTaskWithContext(context.Background(), TaskSpec{Task: "hi", Mode: "new", WorkDir: defaultWorkdir}, ClaudeBackend{}, nil, false, true, 5)
if res.ExitCode != 0 || res.Message != "ok" {
t.Fatalf("unexpected result: %+v", res)
}
if gotName != "claude" {
t.Fatalf("command = %q, want claude", gotName)
}
found := false
for i := 0; i+1 < len(gotArgs); i++ {
if gotArgs[i] == "--model" && gotArgs[i+1] == settingsModel {
found = true
break
}
}
if !found {
t.Fatalf("expected --model %q in args, got %v", settingsModel, gotArgs)
}
if fake == nil || fake.env["FOO"] != "bar" {
t.Fatalf("expected env to include FOO=bar, got %v", fake.env)
}
})
t.Run("explicit model overrides settings", func(t *testing.T) {
var (
gotName string
gotArgs []string
fake *fakeCmd
)
origRunner := newCommandRunner
newCommandRunner = makeRunner(&gotName, &gotArgs, &fake)
t.Cleanup(func() { newCommandRunner = origRunner })
res := runCodexTaskWithContext(context.Background(), TaskSpec{Task: "hi", Mode: "new", WorkDir: defaultWorkdir, Model: "sonnet"}, ClaudeBackend{}, nil, false, true, 5)
if res.ExitCode != 0 || res.Message != "ok" {
t.Fatalf("unexpected result: %+v", res)
}
found := false
for i := 0; i+1 < len(gotArgs); i++ {
if gotArgs[i] == "--model" && gotArgs[i+1] == "sonnet" {
found = true
break
}
}
if !found {
t.Fatalf("expected --model sonnet in args, got %v", gotArgs)
}
})
t.Run("resume mode does not inherit model by default", func(t *testing.T) {
var (
gotName string
gotArgs []string
fake *fakeCmd
)
origRunner := newCommandRunner
newCommandRunner = makeRunner(&gotName, &gotArgs, &fake)
t.Cleanup(func() { newCommandRunner = origRunner })
res := runCodexTaskWithContext(context.Background(), TaskSpec{Task: "hi", Mode: "resume", SessionID: "sid-123", WorkDir: defaultWorkdir}, ClaudeBackend{}, nil, false, true, 5)
if res.ExitCode != 0 || res.Message != "ok" {
t.Fatalf("unexpected result: %+v", res)
}
for i := 0; i < len(gotArgs); i++ {
if gotArgs[i] == "--model" {
t.Fatalf("did not expect --model in resume args, got %v", gotArgs)
}
}
})
}
func TestRunShouldUseStdin(t *testing.T) {
tests := []struct {
name string
@@ -2947,6 +3140,50 @@ do two`)
}
}
func TestParallelModelPropagation(t *testing.T) {
defer resetTestHooks()
cleanupLogsFn = func() (CleanupStats, error) { return CleanupStats{}, nil }
orig := runCodexTaskFn
var mu sync.Mutex
seen := make(map[string]string)
runCodexTaskFn = func(task TaskSpec, timeout int) TaskResult {
mu.Lock()
seen[task.ID] = task.Model
mu.Unlock()
return TaskResult{TaskID: task.ID, ExitCode: 0, Message: "ok"}
}
t.Cleanup(func() { runCodexTaskFn = orig })
stdinReader = strings.NewReader(`---TASK---
id: first
---CONTENT---
do one
---TASK---
id: second
model: opus
---CONTENT---
do two`)
os.Args = []string{"codeagent-wrapper", "--parallel", "--model", "sonnet"}
if code := run(); code != 0 {
t.Fatalf("run exit = %d, want 0", code)
}
mu.Lock()
firstModel, firstOK := seen["first"]
secondModel, secondOK := seen["second"]
mu.Unlock()
if !firstOK || firstModel != "sonnet" {
t.Fatalf("first model = %q (present=%v), want sonnet", firstModel, firstOK)
}
if !secondOK || secondModel != "opus" {
t.Fatalf("second model = %q (present=%v), want opus", secondModel, secondOK)
}
}
func TestParallelFlag(t *testing.T) {
oldArgs := os.Args
defer func() { os.Args = oldArgs }()

4
codeagent-wrapper/parser.go
View File

@@ -271,8 +271,8 @@ func parseJSONStreamInternal(r io.Reader, warnFn func(string), infoFn func(strin
continue
}
// Unknown event format
warnFn(fmt.Sprintf("Unknown event format: %s", truncateBytes(line, 100)))
// Unknown event format from other backends (turn.started/assistant/user); ignore.
continue
}
switch {

33
codeagent-wrapper/parser_unknown_event_test.go Normal file
View File

@@ -0,0 +1,33 @@
package main
import (
"strings"
"testing"
)
func TestBackendParseJSONStream_UnknownEventsAreSilent(t *testing.T) {
input := strings.Join([]string{
`{"type":"turn.started"}`,
`{"type":"assistant","text":"hi"}`,
`{"type":"user","text":"yo"}`,
`{"type":"item.completed","item":{"type":"agent_message","text":"ok"}}`,
}, "\n")
var infos []string
infoFn := func(msg string) { infos = append(infos, msg) }
message, threadID := parseJSONStreamInternal(strings.NewReader(input), nil, infoFn, nil, nil)
if message != "ok" {
t.Fatalf("message=%q, want %q (infos=%v)", message, "ok", infos)
}
if threadID != "" {
t.Fatalf("threadID=%q, want empty (infos=%v)", threadID, infos)
}
for _, msg := range infos {
if strings.Contains(msg, "Agent event:") {
t.Fatalf("unexpected log for unknown event: %q", msg)
}
}
}

62
dev-workflow/README.md
View File

@@ -9,42 +9,56 @@ A freshly designed lightweight development workflow with no legacy baggage, focu
```
/dev trigger
AskUserQuestion (backend selection)
AskUserQuestion (requirements clarification)
codeagent analysis (plan mode + UI auto-detection)
codeagent analysis (plan mode + task typing + UI auto-detection)
dev-plan-generator (create dev doc)
codeagent concurrent development (25 tasks, backend split)
codeagent concurrent development (25 tasks, backend routing)
codeagent testing & verification (≥90% coverage)
Done (generate summary)
```
## The 6 Steps
## Step 0 + The 6 Steps
### 0. Select Allowed Backends (FIRST ACTION)
- Use **AskUserQuestion** with multiSelect to ask which backends are allowed for this run
- Options (user can select multiple):
- `codex` - Stable, high quality, best cost-performance (default for most tasks)
- `claude` - Fast, lightweight (for quick fixes and config changes)
- `gemini` - UI/UX specialist (for frontend styling and components)
- If user selects ONLY `codex`, ALL subsequent tasks must use `codex` (including UI/quick-fix)
### 1. Clarify Requirements
- Use **AskUserQuestion** to ask the user directly
- No scoring system, no complex logic
- 23 rounds of Q&A until the requirement is clear
### 2. codeagent Analysis & UI Detection
### 2. codeagent Analysis + Task Typing + UI Detection
- Call codeagent to analyze the request in plan mode style
- Extract: core functions, technical points, task list (25 items)
- For each task, assign exactly one type: `default` / `ui` / `quick-fix`
- UI auto-detection: needs UI work when task involves style assets (.css, .scss, styled-components, CSS modules, tailwindcss) OR frontend component files (.tsx, .jsx, .vue); output yes/no plus evidence
### 3. Generate Dev Doc
- Call the **dev-plan-generator** agent
- Produce a single `dev-plan.md`
- Append a dedicated UI task when Step 2 marks `needs_ui: true`
- Include: task breakdown, file scope, dependencies, test commands
- Include: task breakdown, `type`, file scope, dependencies, test commands
### 4. Concurrent Development
- Work from the task list in dev-plan.md
- Use codeagent per task with explicit backend selection:
- Backend/API/DB tasks → `--backend codex` (default)
- UI/style/component tasks → `--backend gemini` (enforced)
- Route backend per task type (with user constraints + fallback):
- `default``codex`
- `ui``gemini` (enforced when allowed)
- `quick-fix``claude`
- Missing `type` → treat as `default`
- If the preferred backend is not allowed, fallback to an allowed backend by priority: `codex``claude``gemini`
- Independent tasks → run in parallel
- Conflicting tasks → run serially
@@ -65,7 +79,7 @@ Done (generate summary)
/dev "Implement user login with email + password"
```
**No options**, fixed workflow, works out of the box.
No CLI flags required; workflow starts with an interactive backend selection.
## Output Structure
@@ -80,14 +94,14 @@ Only one file—minimal and clear.
### Tools
- **AskUserQuestion**: interactive requirement clarification
- **codeagent skill**: analysis, development, testing; supports `--backend` for codex (default) or gemini (UI)
- **codeagent skill**: analysis, development, testing; supports `--backend` for `codex` / `claude` / `gemini`
- **dev-plan-generator agent**: generate dev doc (subagent via Task tool, saves context)
## UI Auto-Detection & Backend Routing
## Backend Selection & Routing
- **Step 0**: user selects allowed backends; if `仅 codex`, all tasks use codex
- **UI detection standard**: style files (.css, .scss, styled-components, CSS modules, tailwindcss) OR frontend component code (.tsx, .jsx, .vue) trigger `needs_ui: true`
- **Flow impact**: Step 2 auto-detects UI work; Step 3 appends a separate UI task in `dev-plan.md` when detected
- **Backend split**: backend/API tasks use codex backend (default); UI tasks force gemini backend
- **Implementation**: Orchestrator invokes codeagent skill with appropriate backend parameter per task type
- **Task type field**: each task in `dev-plan.md` must have `type: default|ui|quick-fix`
- **Routing**: `default`→codex, `ui`→gemini, `quick-fix`→claude; if disallowed, fallback to an allowed backend by priority: codex→claude→gemini
## Key Features
@@ -102,9 +116,9 @@ Only one file—minimal and clear.
- Steps are straightforward
### ✅ Concurrency
- 25 tasks in parallel
- Tasks split based on natural functional boundaries
- Auto-detect dependencies and conflicts
- codeagent executes independently
- codeagent executes independently with optimal backend
### ✅ Quality Assurance
- Enforces 90% coverage
@@ -117,6 +131,10 @@ Only one file—minimal and clear.
# Trigger
/dev "Add user login feature"
# Step 0: Select backends
Q: Which backends are allowed? (multiSelect)
A: Selected: codex, claude
# Step 1: Clarify requirements
Q: What login methods are supported?
A: Email + password
@@ -126,18 +144,18 @@ A: Yes, use JWT token
# Step 2: codeagent analysis
Output:
- Core: email/password login + JWT auth
- Task 1: Backend API
- Task 2: Password hashing
- Task 3: Frontend form
- Task 1: Backend API (type=default)
- Task 2: Password hashing (type=default)
- Task 3: Frontend form (type=ui)
UI detection: needs_ui = true (tailwindcss classes in frontend form)
# Step 3: Generate doc
dev-plan.md generated with backend + UI tasks ✓
dev-plan.md generated with typed tasks ✓
# Step 4-5: Concurrent development (backend codex, UI gemini)
# Step 4-5: Concurrent development (routing + fallback)
[task-1] Backend API (codex) → tests → 92% ✓
[task-2] Password hashing (codex) → tests → 95% ✓
[task-3] Frontend form (gemini) → tests → 91% ✓
[task-3] Frontend form (fallback to codex; gemini not allowed) → tests → 91% ✓
```
## Directory Structure

28
dev-workflow/agents/dev-plan-generator.md
View File

@@ -12,7 +12,7 @@ You are a specialized Development Plan Document Generator. Your sole responsibil
You receive context from an orchestrator including:
- Feature requirements description
- codeagent analysis results (feature highlights, task decomposition, UI detection flag)
- codeagent analysis results (feature highlights, task decomposition, UI detection flag, and task typing hints)
- Feature name (in kebab-case format)
Your output is a single file: `./.claude/specs/{feature_name}/dev-plan.md`
@@ -29,6 +29,7 @@ Your output is a single file: `./.claude/specs/{feature_name}/dev-plan.md`
### Task 1: [Task Name]
- **ID**: task-1
- **type**: default|ui|quick-fix
- **Description**: [What needs to be done]
- **File Scope**: [Directories or files involved, e.g., src/auth/**, tests/auth/]
- **Dependencies**: [None or depends on task-x]
@@ -38,7 +39,7 @@ Your output is a single file: `./.claude/specs/{feature_name}/dev-plan.md`
### Task 2: [Task Name]
...
(2-5 tasks)
(Tasks based on natural functional boundaries, typically 2-5)
## Acceptance Criteria
- [ ] Feature point 1
@@ -53,9 +54,13 @@ Your output is a single file: `./.claude/specs/{feature_name}/dev-plan.md`
## Generation Rules You Must Enforce
1. **Task Count**: Generate 2-5 tasks (no more, no less unless the feature is extremely simple or complex)
1. **Task Count**: Generate tasks based on natural functional boundaries (no artificial limits)
- Typical range: 2-5 tasks
- Quality over quantity: prefer fewer well-scoped tasks over excessive fragmentation
- Each task should be independently completable by one agent
2. **Task Requirements**: Each task MUST include:
- Clear ID (task-1, task-2, etc.)
- A single task type field: `type: default|ui|quick-fix`
- Specific description of what needs to be done
- Explicit file scope (directories or files affected)
- Dependency declaration ("None" or "depends on task-x")
@@ -67,18 +72,23 @@ Your output is a single file: `./.claude/specs/{feature_name}/dev-plan.md`
## Your Workflow
1. **Analyze Input**: Review the requirements description and codeagent analysis results (including `needs_ui` flag if present)
1. **Analyze Input**: Review the requirements description and codeagent analysis results (including `needs_ui` and any task typing hints)
2. **Identify Tasks**: Break down the feature into 2-5 logical, independent tasks
3. **Determine Dependencies**: Map out which tasks depend on others (minimize dependencies)
4. **Specify Testing**: For each task, define the exact test command and coverage requirements
5. **Define Acceptance**: List concrete, measurable acceptance criteria including the 90% coverage requirement
6. **Document Technical Points**: Note key technical decisions and constraints
7. **Write File**: Use the Write tool to create `./.claude/specs/{feature_name}/dev-plan.md`
4. **Assign Task Type**: For each task, set exactly one `type`:
- `ui`: touches UI/style/component work (e.g., .css/.scss/.tsx/.jsx/.vue, tailwind, design tweaks)
- `quick-fix`: small, fast changes (config tweaks, small bug fix, minimal scope); do NOT use for UI work
- `default`: everything else
- Note: `/dev` Step 4 routes backend by `type` (default→codex, ui→gemini, quick-fix→claude; missing type → default)
5. **Specify Testing**: For each task, define the exact test command and coverage requirements
6. **Define Acceptance**: List concrete, measurable acceptance criteria including the 90% coverage requirement
7. **Document Technical Points**: Note key technical decisions and constraints
8. **Write File**: Use the Write tool to create `./.claude/specs/{feature_name}/dev-plan.md`
## Quality Checks Before Writing
- [ ] Task count is between 2-5
- [ ] Every task has all 6 required fields (ID, Description, File Scope, Dependencies, Test Command, Test Focus)
- [ ] Every task has all required fields (ID, type, Description, File Scope, Dependencies, Test Command, Test Focus)
- [ ] Test commands include coverage parameters
- [ ] Dependencies are explicitly stated
- [ ] Acceptance criteria includes 90% coverage requirement

71
dev-workflow/commands/dev.md
View File

@@ -1,5 +1,5 @@
---
description: Extreme lightweight end-to-end development workflow with requirements clarification, parallel codeagent execution, and mandatory 90% test coverage
description: Extreme lightweight end-to-end development workflow with requirements clarification, intelligent backend selection, parallel codeagent execution, and mandatory 90% test coverage
---
You are the /dev Workflow Orchestrator, an expert development workflow manager specializing in orchestrating minimal, efficient end-to-end development processes with parallel task execution and rigorous test coverage validation.
@@ -11,28 +11,40 @@ You are the /dev Workflow Orchestrator, an expert development workflow manager s
These rules have HIGHEST PRIORITY and override all other instructions:
1. **NEVER use Edit, Write, or MultiEdit tools directly** - ALL code changes MUST go through codeagent-wrapper
2. **MUST use AskUserQuestion in Step 1** - Do NOT skip requirement clarification
3. **MUST use TodoWrite after Step 1** - Create task tracking list before any analysis
4. **MUST use codeagent-wrapper for Step 2 analysis** - Do NOT use Read/Glob/Grep directly for deep analysis
5. **MUST wait for user confirmation in Step 3** - Do NOT proceed to Step 4 without explicit approval
6. **MUST invoke codeagent-wrapper --parallel for Step 4 execution** - Use Bash tool, NOT Edit/Write or Task tool
2. **MUST use AskUserQuestion in Step 0** - Backend selection MUST be the FIRST action (before requirement clarification)
3. **MUST use AskUserQuestion in Step 1** - Do NOT skip requirement clarification
4. **MUST use TodoWrite after Step 1** - Create task tracking list before any analysis
5. **MUST use codeagent-wrapper for Step 2 analysis** - Do NOT use Read/Glob/Grep directly for deep analysis
6. **MUST wait for user confirmation in Step 3** - Do NOT proceed to Step 4 without explicit approval
7. **MUST invoke codeagent-wrapper --parallel for Step 4 execution** - Use Bash tool, NOT Edit/Write or Task tool
**Violation of any constraint above invalidates the entire workflow. Stop and restart if violated.**
---
**Core Responsibilities**
- Orchestrate a streamlined 6-step development workflow:
- Orchestrate a streamlined 7-step development workflow (Step 0 + Step 16):
0. Backend selection (user constrained)
1. Requirement clarification through targeted questioning
2. Technical analysis using codeagent
2. Technical analysis using codeagent-wrapper
3. Development documentation generation
4. Parallel development execution
4. Parallel development execution (backend routing per task type)
5. Coverage validation (≥90% requirement)
6. Completion summary
**Workflow Execution**
- **Step 0: Backend Selection [MANDATORY - FIRST ACTION]**
- MUST use AskUserQuestion tool as the FIRST action with multiSelect enabled
- Ask which backends are allowed for this /dev run
- Options (user can select multiple):
- `codex` - Stable, high quality, best cost-performance (default for most tasks)
- `claude` - Fast, lightweight (for quick fixes and config changes)
- `gemini` - UI/UX specialist (for frontend styling and components)
- Store the selected backends as `allowed_backends` set for routing in Step 4
- Special rule: if user selects ONLY `codex`, then ALL subsequent tasks (including UI/quick-fix) MUST use `codex` (no exceptions)
- **Step 1: Requirement Clarification [MANDATORY - DO NOT SKIP]**
- MUST use AskUserQuestion tool as the FIRST action - no exceptions
- MUST use AskUserQuestion tool
- Focus questions on functional boundaries, inputs/outputs, constraints, testing, and required unit-test coverage levels
- Iterate 2-3 rounds until clear; rely on judgment; keep questions concise
- After clarification complete: MUST use TodoWrite to create task tracking list with workflow steps
@@ -43,7 +55,10 @@ These rules have HIGHEST PRIORITY and override all other instructions:
**How to invoke for analysis**:
```bash
codeagent-wrapper --backend codex - <<'EOF'
# analysis_backend selection:
# - prefer codex if it is in allowed_backends
# - otherwise pick the first backend in allowed_backends
codeagent-wrapper --backend {analysis_backend} - <<'EOF'
Analyze the codebase for implementing [feature name].
Requirements:
@@ -54,8 +69,9 @@ These rules have HIGHEST PRIORITY and override all other instructions:
1. Explore codebase structure and existing patterns
2. Evaluate implementation options with trade-offs
3. Make architectural decisions
4. Break down into 2-5 parallelizable tasks with dependencies
5. Determine if UI work is needed (check for .css/.tsx/.vue files)
4. Break down into 2-5 parallelizable tasks with dependencies and file scope
5. Classify each task with a single `type`: `default` / `ui` / `quick-fix`
6. Determine if UI work is needed (check for .css/.tsx/.vue files)
Output the analysis following the structure below.
EOF
@@ -76,7 +92,7 @@ These rules have HIGHEST PRIORITY and override all other instructions:
2. **Identify Existing Patterns**: Find how similar features are implemented, reuse conventions
3. **Evaluate Options**: When multiple approaches exist, list trade-offs (complexity, performance, security, maintainability)
4. **Make Architectural Decisions**: Choose patterns, APIs, data models with justification
5. **Design Task Breakdown**: Produce 2-5 parallelizable tasks with file scope and dependencies
5. **Design Task Breakdown**: Produce parallelizable tasks based on natural functional boundaries with file scope and dependencies
**Analysis Output Structure**:
```
@@ -93,7 +109,7 @@ These rules have HIGHEST PRIORITY and override all other instructions:
[API design, data models, architecture choices made]
## Task Breakdown
[2-5 tasks with: ID, description, file scope, dependencies, test command]
[2-5 tasks with: ID, description, file scope, dependencies, test command, type(default|ui|quick-fix)]
## UI Determination
needs_ui: [true/false]
@@ -107,27 +123,37 @@ These rules have HIGHEST PRIORITY and override all other instructions:
- **Step 3: Generate Development Documentation**
- invoke agent dev-plan-generator
- When creating `dev-plan.md`, append a dedicated UI task if Step 2 marked `needs_ui: true`
- When creating `dev-plan.md`, ensure every task has `type: default|ui|quick-fix`
- Append a dedicated UI task if Step 2 marked `needs_ui: true` but no UI task exists
- Output a brief summary of dev-plan.md:
- Number of tasks and their IDs
- Task type for each task
- File scope for each task
- Dependencies between tasks
- Test commands
- Use AskUserQuestion to confirm with user:
- Question: "Proceed with this development plan?" (if UI work is detected, state that UI tasks will use the gemini backend)
- Question: "Proceed with this development plan?" (state backend routing rules and any forced fallback due to allowed_backends)
- Options: "Confirm and execute" / "Need adjustments"
- If user chooses "Need adjustments", return to Step 1 or Step 2 based on feedback
- **Step 4: Parallel Development Execution [CODEAGENT-WRAPPER ONLY - NO DIRECT EDITS]**
- MUST use Bash tool to invoke `codeagent-wrapper --parallel` for ALL code changes
- NEVER use Edit, Write, MultiEdit, or Task tools to modify code directly
- Backend routing (must be deterministic and enforceable):
- Task field: `type: default|ui|quick-fix` (missing → treat as `default`)
- Preferred backend by type:
- `default` → `codex`
- `ui` → `gemini` (enforced when allowed)
- `quick-fix` → `claude`
- If user selected `仅 codex`: all tasks MUST use `codex`
- Otherwise, if preferred backend is not in `allowed_backends`, fallback to the first available backend by priority: `codex` → `claude` → `gemini`
- Build ONE `--parallel` config that includes all tasks in `dev-plan.md` and submit it once via Bash tool:
```bash
# One shot submission - wrapper handles topology + concurrency
codeagent-wrapper --parallel <<'EOF'
---TASK---
id: [task-id-1]
backend: codex
backend: [routed-backend-from-type-and-allowed_backends]
workdir: .
dependencies: [optional, comma-separated ids]
---CONTENT---
@@ -139,7 +165,7 @@ These rules have HIGHEST PRIORITY and override all other instructions:
---TASK---
id: [task-id-2]
backend: gemini
backend: [routed-backend-from-type-and-allowed_backends]
workdir: .
dependencies: [optional, comma-separated ids]
---CONTENT---
@@ -152,6 +178,7 @@ These rules have HIGHEST PRIORITY and override all other instructions:
```
- **Note**: Use `workdir: .` (current directory) for all tasks unless specific subdirectory is required
- Execute independent tasks concurrently; serialize conflicting ones; track coverage reports
- Backend is routed deterministically based on task `type`, no manual intervention needed
- **Step 5: Coverage Validation**
- Validate each tasks coverage:
@@ -168,11 +195,13 @@ These rules have HIGHEST PRIORITY and override all other instructions:
- Circular dependencies: codeagent-wrapper will detect and fail with error; revise task breakdown to remove cycles
- Missing dependencies: Ensure all task IDs referenced in `dependencies` field exist
- **Parallel execution timeout**: Individual tasks timeout after 2 hours (configurable via CODEX_TIMEOUT); failed tasks can be retried individually
- **Backend unavailable**: If codex/claude/gemini CLI not found, fail immediately with clear error message
- **Backend unavailable**: If a routed backend is unavailable, fallback to another backend in `allowed_backends` (priority: codexclaudegemini); if none works, fail with a clear error message
**Quality Standards**
- Code coverage ≥90%
- 2-5 genuinely parallelizable tasks
- Tasks based on natural functional boundaries (typically 2-5)
- Each task has exactly one `type: default|ui|quick-fix`
- Backend routed by `type`: `default`→codex, `ui`→gemini, `quick-fix`→claude (with allowed_backends fallback)
- Documentation must be minimal yet actionable
- No verbose implementations; only essential code

86
install.bat
View File

@@ -46,17 +46,23 @@ echo.
echo codeagent-wrapper installed successfully at:
echo %DEST%
rem Automatically ensure %USERPROFILE%\bin is in the USER (HKCU) PATH
rem Ensure %USERPROFILE%\bin is in PATH without duplicating entries
rem 1) Read current user PATH from registry (REG_SZ or REG_EXPAND_SZ)
set "USER_PATH_RAW="
set "USER_PATH_TYPE="
for /f "tokens=1,2,*" %%A in ('reg query "HKCU\Environment" /v Path 2^>nul ^| findstr /I /R "^ *Path *REG_"') do (
set "USER_PATH_TYPE=%%B"
set "USER_PATH_RAW=%%C"
)
rem Trim leading spaces from USER_PATH_RAW
for /f "tokens=* delims= " %%D in ("!USER_PATH_RAW!") do set "USER_PATH_RAW=%%D"
rem 2) Read current system PATH from registry (REG_SZ or REG_EXPAND_SZ)
set "SYS_PATH_RAW="
for /f "tokens=1,2,*" %%A in ('reg query "HKLM\System\CurrentControlSet\Control\Session Manager\Environment" /v Path 2^>nul ^| findstr /I /R "^ *Path *REG_"') do (
set "SYS_PATH_RAW=%%C"
)
rem Trim leading spaces from SYS_PATH_RAW
for /f "tokens=* delims= " %%D in ("!SYS_PATH_RAW!") do set "SYS_PATH_RAW=%%D"
rem Normalize DEST_DIR by removing a trailing backslash if present
if "!DEST_DIR:~-1!"=="\" set "DEST_DIR=!DEST_DIR:~0,-1!"
@@ -67,42 +73,70 @@ set "SEARCH_EXP2=;!DEST_DIR!\;"
set "SEARCH_LIT=;!PCT!USERPROFILE!PCT!\bin;"
set "SEARCH_LIT2=;!PCT!USERPROFILE!PCT!\bin\;"
rem Prepare user PATH variants for containment tests
set "CHECK_RAW=;!USER_PATH_RAW!;"
set "USER_PATH_EXP=!USER_PATH_RAW!"
if defined USER_PATH_EXP call set "USER_PATH_EXP=%%USER_PATH_EXP%%"
set "CHECK_EXP=;!USER_PATH_EXP!;"
rem Prepare PATH variants for containment tests (strip quotes to avoid false negatives)
set "USER_PATH_RAW_CLEAN=!USER_PATH_RAW:"=!"
set "SYS_PATH_RAW_CLEAN=!SYS_PATH_RAW:"=!"
rem Check if already present in user PATH (literal or expanded, with/without trailing backslash)
set "CHECK_USER_RAW=;!USER_PATH_RAW_CLEAN!;"
set "USER_PATH_EXP=!USER_PATH_RAW_CLEAN!"
if defined USER_PATH_EXP call set "USER_PATH_EXP=%%USER_PATH_EXP%%"
set "USER_PATH_EXP_CLEAN=!USER_PATH_EXP:"=!"
set "CHECK_USER_EXP=;!USER_PATH_EXP_CLEAN!;"
set "CHECK_SYS_RAW=;!SYS_PATH_RAW_CLEAN!;"
set "SYS_PATH_EXP=!SYS_PATH_RAW_CLEAN!"
if defined SYS_PATH_EXP call set "SYS_PATH_EXP=%%SYS_PATH_EXP%%"
set "SYS_PATH_EXP_CLEAN=!SYS_PATH_EXP:"=!"
set "CHECK_SYS_EXP=;!SYS_PATH_EXP_CLEAN!;"
rem Check if already present (literal or expanded, with/without trailing backslash)
set "ALREADY_IN_USERPATH=0"
echo !CHECK_RAW! | findstr /I /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul && set "ALREADY_IN_USERPATH=1"
echo(!CHECK_USER_RAW! | findstr /I /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul && set "ALREADY_IN_USERPATH=1"
if "!ALREADY_IN_USERPATH!"=="0" (
echo !CHECK_EXP! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" >nul && set "ALREADY_IN_USERPATH=1"
echo(!CHECK_USER_EXP! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" >nul && set "ALREADY_IN_USERPATH=1"
)
set "ALREADY_IN_SYSPATH=0"
echo(!CHECK_SYS_RAW! | findstr /I /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul && set "ALREADY_IN_SYSPATH=1"
if "!ALREADY_IN_SYSPATH!"=="0" (
echo(!CHECK_SYS_EXP! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" >nul && set "ALREADY_IN_SYSPATH=1"
)
if "!ALREADY_IN_USERPATH!"=="1" (
echo User PATH already includes %%USERPROFILE%%\bin.
) else (
rem Not present: append to user PATH using setx without duplicating system PATH
if defined USER_PATH_RAW (
set "USER_PATH_NEW=!USER_PATH_RAW!"
if not "!USER_PATH_NEW:~-1!"==";" set "USER_PATH_NEW=!USER_PATH_NEW!;"
set "USER_PATH_NEW=!USER_PATH_NEW!!PCT!USERPROFILE!PCT!\bin"
if "!ALREADY_IN_SYSPATH!"=="1" (
echo System PATH already includes %%USERPROFILE%%\bin; skipping user PATH update.
) else (
set "USER_PATH_NEW=!PCT!USERPROFILE!PCT!\bin"
)
rem Persist update to HKCU\Environment\Path (user scope)
setx PATH "!USER_PATH_NEW!" >nul
if errorlevel 1 (
echo WARNING: Failed to append %%USERPROFILE%%\bin to your user PATH.
) else (
echo Added %%USERPROFILE%%\bin to your user PATH.
rem Not present: append to user PATH
if defined USER_PATH_RAW (
set "USER_PATH_NEW=!USER_PATH_RAW!"
if not "!USER_PATH_NEW:~-1!"==";" set "USER_PATH_NEW=!USER_PATH_NEW!;"
set "USER_PATH_NEW=!USER_PATH_NEW!!PCT!USERPROFILE!PCT!\bin"
) else (
set "USER_PATH_NEW=!PCT!USERPROFILE!PCT!\bin"
)
rem Persist update to HKCU\Environment\Path (user scope)
rem Use reg add instead of setx to avoid 1024-character limit
echo(!USER_PATH_NEW! | findstr /C:"\"" /C:"!" >nul
if not errorlevel 1 (
echo WARNING: Your PATH contains quotes or exclamation marks that may cause issues.
echo Skipping automatic PATH update. Please add %%USERPROFILE%%\bin to your PATH manually.
) else (
reg add "HKCU\Environment" /v Path /t REG_EXPAND_SZ /d "!USER_PATH_NEW!" /f >nul
if errorlevel 1 (
echo WARNING: Failed to append %%USERPROFILE%%\bin to your user PATH.
) else (
echo Added %%USERPROFILE%%\bin to your user PATH.
)
)
)
)
rem Update current session PATH so codex-wrapper is immediately available
rem Update current session PATH so codeagent-wrapper is immediately available
set "CURPATH=;%PATH%;"
echo !CURPATH! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul
set "CURPATH_CLEAN=!CURPATH:"=!"
echo(!CURPATH_CLEAN! | findstr /I /C:"!SEARCH_EXP!" /C:"!SEARCH_EXP2!" /C:"!SEARCH_LIT!" /C:"!SEARCH_LIT2!" >nul
if errorlevel 1 set "PATH=!DEST_DIR!;!PATH!"
goto :cleanup

25
install.sh
View File

@@ -48,11 +48,28 @@ else
exit 1
fi
if [[ ":$PATH:" != *":${BIN_DIR}:"* ]]; then
# Auto-add to shell config files with idempotency
if [[ ":${PATH}:" != *":${BIN_DIR}:"* ]]; then
echo ""
echo "WARNING: ${BIN_DIR} is not in your PATH"
echo "Add this line to your ~/.bashrc or ~/.zshrc (then restart your shell):"
echo ""
echo " export PATH=\"${BIN_DIR}:\$PATH\""
# Detect shell config file
if [ -n "$ZSH_VERSION" ]; then
RC_FILE="$HOME/.zshrc"
else
RC_FILE="$HOME/.bashrc"
fi
# Idempotent add: check if complete export statement already exists
EXPORT_LINE="export PATH=\"${BIN_DIR}:\$PATH\""
if [ -f "$RC_FILE" ] && grep -qF "${EXPORT_LINE}" "$RC_FILE" 2>/dev/null; then
echo " ${BIN_DIR} already in ${RC_FILE}, skipping."
else
echo " Adding to ${RC_FILE}..."
echo "" >> "$RC_FILE"
echo "# Added by myclaude installer" >> "$RC_FILE"
echo "export PATH=\"${BIN_DIR}:\$PATH\"" >> "$RC_FILE"
echo " Done. Run 'source ${RC_FILE}' or restart shell."
fi
echo ""
fi

167
skills/skill-install/SKILL.md Normal file
View File

@@ -0,0 +1,167 @@
---
name: skill-install
description: Install Claude skills from GitHub repositories with automated security scanning. Triggers when users want to install skills from a GitHub URL, need to browse available skills in a repository, or want to safely add new skills to their Claude environment.
---
# Skill Install
## Overview
Install Claude skills from GitHub repositories with built-in security scanning to protect against malicious code, backdoors, and vulnerabilities.
## When to Use
Trigger this skill when the user:
- Provides a GitHub repository URL and wants to install skills
- Asks to "install skills from GitHub"
- Wants to browse and select skills from a repository
- Needs to add new skills to their Claude environment
## Workflow
### Step 1: Parse GitHub URL
Accept a GitHub repository URL from the user. The URL should point to a repository containing a `skills/` directory.
Supported URL formats:
- `https://github.com/user/repo`
- `https://github.com/user/repo/tree/main/skills`
- `https://github.com/user/repo/tree/branch-name/skills`
Extract:
- Repository owner
- Repository name
- Branch (default to `main` if not specified)
### Step 2: Fetch Skills List
Use the WebFetch tool to retrieve the skills directory listing from GitHub.
GitHub API endpoint pattern:
```
https://api.github.com/repos/{owner}/{repo}/contents/skills?ref={branch}
```
Parse the response to extract:
- Skill directory names
- Each skill should be a subdirectory containing a SKILL.md file
### Step 3: Present Skills to User
Use the AskUserQuestion tool to let the user select which skills to install.
Set `multiSelect: true` to allow multiple selections.
Present each skill with:
- Skill name (directory name)
- Brief description (if available from SKILL.md frontmatter)
### Step 4: Fetch Skill Content
For each selected skill, fetch all files in the skill directory:
1. Get the file tree for the skill directory
2. Download all files (SKILL.md, scripts/, references/, assets/)
3. Store the complete skill content for security analysis
Use WebFetch with GitHub API:
```
https://api.github.com/repos/{owner}/{repo}/contents/skills/{skill_name}?ref={branch}
```
For each file, fetch the raw content:
```
https://raw.githubusercontent.com/{owner}/{repo}/{branch}/skills/{skill_name}/{file_path}
```
### Step 5: Security Scan
**CRITICAL:** Before installation, perform a thorough security analysis of each skill.
Read the security scan prompt template from `references/security_scan_prompt.md` and apply it to analyze the skill content.
Examine for:
1. **Malicious Command Execution** - eval, exec, subprocess with shell=True
2. **Backdoor Detection** - obfuscated code, suspicious network requests
3. **Credential Theft** - accessing ~/.ssh, ~/.aws, environment variables
4. **Unauthorized Network Access** - external requests to suspicious domains
5. **File System Abuse** - destructive operations, unauthorized writes
6. **Privilege Escalation** - sudo attempts, system modifications
7. **Supply Chain Attacks** - suspicious package installations
Output the security analysis with:
- Security Status: SAFE / WARNING / DANGEROUS
- Risk Level: LOW / MEDIUM / HIGH / CRITICAL
- Detailed findings with file locations and severity
- Recommendation: APPROVE / APPROVE_WITH_WARNINGS / REJECT
### Step 6: User Decision
Based on the security scan results:
**If SAFE (APPROVE):**
- Proceed directly to installation
**If WARNING (APPROVE_WITH_WARNINGS):**
- Display the security warnings to the user
- Use AskUserQuestion to confirm: "Security warnings detected. Do you want to proceed with installation?"
- Options: "Yes, install anyway" / "No, skip this skill"
**If DANGEROUS (REJECT):**
- Display the critical security issues
- Refuse to install
- Explain why the skill is dangerous
- Do NOT provide an option to override for CRITICAL severity issues
### Step 7: Install Skills
For approved skills, install to `~/.claude/skills/`:
1. Create the skill directory: `~/.claude/skills/{skill_name}/`
2. Write all skill files maintaining the directory structure
3. Ensure proper file permissions (executable for scripts)
4. Verify SKILL.md exists and has valid frontmatter
Use the Write tool to create files.
### Step 8: Confirmation
After installation, provide a summary:
- List of successfully installed skills
- List of skipped skills (if any) with reasons
- Location: `~/.claude/skills/`
- Next steps: "The skills are now available. Restart Claude or use them directly."
## Example Usage
**User:** "Install skills from https://github.com/example/claude-skills"
**Assistant:**
1. Fetches skills list from the repository
2. Presents available skills: "skill-a", "skill-b", "skill-c"
3. User selects "skill-a" and "skill-b"
4. Performs security scan on each skill
5. skill-a: SAFE - proceeds to install
6. skill-b: WARNING (makes HTTP request) - asks user for confirmation
7. Installs approved skills to ~/.claude/skills/
8. Confirms: "Successfully installed: skill-a, skill-b"
## Security Notes
- **Never skip security scanning** - Always analyze skills before installation
- **Be conservative** - When in doubt, flag as WARNING and let user decide
- **Critical issues are blocking** - CRITICAL severity findings cannot be overridden
- **Transparency** - Always show users what was found during security scans
- **Sandboxing** - Remind users that skills run with Claude's permissions
## Resources
### references/security_scan_prompt.md
Contains the detailed security analysis prompt template with:
- Complete list of security categories to check
- Output format requirements
- Example analyses for safe, suspicious, and dangerous skills
- Decision criteria for APPROVE/REJECT recommendations
Load this file when performing security scans to ensure comprehensive analysis.

137
skills/skill-install/references/security_scan_prompt.md Normal file
View File

@@ -0,0 +1,137 @@
# Security Scan Prompt for Skills
Use this prompt template to analyze skill content for security vulnerabilities before installation.
## Prompt Template
```
You are a security expert analyzing a Claude skill for potential security risks.
Analyze the following skill content for security vulnerabilities:
**Skill Name:** {skill_name}
**Skill Content:**
{skill_content}
## Security Analysis Criteria
Examine the skill for the following security concerns:
### 1. Malicious Command Execution
- Detect `eval()`, `exec()`, `subprocess` with `shell=True`
- Identify arbitrary code execution patterns
- Check for command injection vulnerabilities
### 2. Backdoor Detection
- Look for obfuscated code (base64, hex encoding)
- Identify suspicious network requests to unknown domains
- Detect file hash patterns matching known malware
- Check for hidden data exfiltration mechanisms
### 3. Credential Theft
- Detect attempts to access environment variables containing secrets
- Identify file operations on sensitive paths (~/.ssh, ~/.aws, ~/.netrc)
- Check for credential harvesting patterns
- Look for keylogging or clipboard monitoring
### 4. Unauthorized Network Access
- Identify external network requests
- Check for connections to suspicious domains (pastebin, ngrok, bit.ly, etc.)
- Detect data exfiltration via HTTP/HTTPS
- Look for reverse shell patterns
### 5. File System Abuse
- Detect destructive file operations (rm -rf, shutil.rmtree)
- Identify unauthorized file writes to system directories
- Check for file permission modifications
- Look for attempts to modify critical system files
### 6. Privilege Escalation
- Detect sudo or privilege escalation attempts
- Identify attempts to modify system configurations
- Check for container escape patterns
### 7. Supply Chain Attacks
- Identify suspicious package installations
- Detect dynamic imports from untrusted sources
- Check for dependency confusion attacks
## Output Format
Provide your analysis in the following format:
**Security Status:** [SAFE / WARNING / DANGEROUS]
**Risk Level:** [LOW / MEDIUM / HIGH / CRITICAL]
**Findings:**
1. [Category]: [Description]
- File: [filename:line_number]
- Severity: [LOW/MEDIUM/HIGH/CRITICAL]
- Details: [Explanation]
- Recommendation: [How to fix or mitigate]
**Summary:**
[Brief summary of the security assessment]
**Recommendation:**
[APPROVE / REJECT / APPROVE_WITH_WARNINGS]
## Decision Criteria
- **APPROVE**: No security issues found, safe to install
- **APPROVE_WITH_WARNINGS**: Minor concerns but generally safe, user should be aware
- **REJECT**: Critical security issues found, do not install
Be thorough but avoid false positives. Consider the context and legitimate use cases.
```
## Example Analysis
### Safe Skill Example
```
**Security Status:** SAFE
**Risk Level:** LOW
**Findings:** None
**Summary:** The skill contains only documentation and safe tool usage instructions. No executable code or suspicious patterns detected.
**Recommendation:** APPROVE
```
### Suspicious Skill Example
```
**Security Status:** WARNING
**Risk Level:** MEDIUM
**Findings:**
1. [Network Access]: External HTTP request detected
- File: scripts/helper.py:42
- Severity: MEDIUM
- Details: Script makes HTTP request to api.example.com without user consent
- Recommendation: Review the API endpoint and ensure it's legitimate
**Summary:** The skill makes external network requests that should be reviewed.
**Recommendation:** APPROVE_WITH_WARNINGS
```
### Dangerous Skill Example
```
**Security Status:** DANGEROUS
**Risk Level:** CRITICAL
**Findings:**
1. [Command Injection]: Arbitrary command execution detected
- File: scripts/malicious.py:15
- Severity: CRITICAL
- Details: Uses subprocess.call() with shell=True and unsanitized input
- Recommendation: Do not install this skill
2. [Data Exfiltration]: Suspicious network request
- File: scripts/malicious.py:28
- Severity: HIGH
- Details: Sends data to pastebin.com without user knowledge
- Recommendation: This appears to be a data exfiltration attempt
**Summary:** This skill contains critical security vulnerabilities including command injection and data exfiltration. It appears to be malicious.
**Recommendation:** REJECT
```

67
test_install_path.bat Normal file
View File

@@ -0,0 +1,67 @@
@echo off
setlocal enabledelayedexpansion
echo Testing PATH update with long strings...
echo.
rem Create a very long PATH string (over 1024 characters)
set "LONG_PATH="
for /L %%i in (1,1,30) do (
set "LONG_PATH=!LONG_PATH!C:\VeryLongDirectoryName%%i\SubDirectory\AnotherSubDirectory;"
)
echo Generated PATH length:
echo !LONG_PATH! > temp_path.txt
for %%A in (temp_path.txt) do set "PATH_LENGTH=%%~zA"
del temp_path.txt
echo !PATH_LENGTH! bytes
rem Test 1: Verify reg add can handle long strings
echo.
echo Test 1: Testing reg add with long PATH...
set "TEST_PATH=!LONG_PATH!%%USERPROFILE%%\bin"
reg add "HKCU\Environment" /v TestPath /t REG_EXPAND_SZ /d "!TEST_PATH!" /f >nul 2>nul
if errorlevel 1 (
echo FAIL: reg add failed with long PATH
goto :cleanup
) else (
echo PASS: reg add succeeded with long PATH
)
rem Test 2: Verify the value was stored correctly
echo.
echo Test 2: Verifying stored value length...
for /f "tokens=2*" %%A in ('reg query "HKCU\Environment" /v TestPath 2^>nul ^| findstr /I "TestPath"') do set "STORED_PATH=%%B"
echo !STORED_PATH! > temp_stored.txt
for %%A in (temp_stored.txt) do set "STORED_LENGTH=%%~zA"
del temp_stored.txt
echo Stored PATH length: !STORED_LENGTH! bytes
if !STORED_LENGTH! LSS 1024 (
echo FAIL: Stored PATH was truncated
goto :cleanup
) else (
echo PASS: Stored PATH was not truncated
)
rem Test 3: Verify %%USERPROFILE%%\bin is present
echo.
echo Test 3: Verifying %%USERPROFILE%%\bin is in stored PATH...
echo !STORED_PATH! | findstr /I "USERPROFILE" >nul
if errorlevel 1 (
echo FAIL: %%USERPROFILE%%\bin not found in stored PATH
goto :cleanup
) else (
echo PASS: %%USERPROFILE%%\bin found in stored PATH
)
echo.
echo ========================================
echo All tests PASSED
echo ========================================
:cleanup
echo.
echo Cleaning up test registry key...
reg delete "HKCU\Environment" /v TestPath /f >nul 2>nul
endlocal

302
uninstall.py Executable file
View File

@@ -0,0 +1,302 @@
#!/usr/bin/env python3
"""Uninstaller for myclaude - reads installed_modules.json for precise removal."""
from __future__ import annotations
import argparse
import json
import re
import shutil
import sys
from pathlib import Path
from typing import Any, Dict, List, Optional, Set
DEFAULT_INSTALL_DIR = "~/.claude"
# Files created by installer itself (not by modules)
INSTALLER_FILES = ["install.log", "installed_modules.json", "installed_modules.json.bak"]
def parse_args(argv: Optional[List[str]] = None) -> argparse.Namespace:
parser = argparse.ArgumentParser(description="Uninstall myclaude")
parser.add_argument(
"--install-dir",
default=DEFAULT_INSTALL_DIR,
help="Installation directory (defaults to ~/.claude)",
)
parser.add_argument(
"--module",
help="Comma-separated modules to uninstall (default: all installed)",
)
parser.add_argument(
"--list",
action="store_true",
help="List installed modules and exit",
)
parser.add_argument(
"--dry-run",
action="store_true",
help="Show what would be removed without actually removing",
)
parser.add_argument(
"--purge",
action="store_true",
help="Remove entire install directory (DANGEROUS: removes user files too)",
)
parser.add_argument(
"-y", "--yes",
action="store_true",
help="Skip confirmation prompt",
)
return parser.parse_args(argv)
def load_installed_modules(install_dir: Path) -> Dict[str, Any]:
"""Load installed_modules.json to know what was installed."""
status_file = install_dir / "installed_modules.json"
if not status_file.exists():
return {}
try:
with status_file.open("r", encoding="utf-8") as f:
return json.load(f)
except (json.JSONDecodeError, OSError):
return {}
def load_config(install_dir: Path) -> Dict[str, Any]:
"""Try to load config.json from source repo to understand module structure."""
# Look for config.json in common locations
candidates = [
Path(__file__).parent / "config.json",
install_dir / "config.json",
]
for path in candidates:
if path.exists():
try:
with path.open("r", encoding="utf-8") as f:
return json.load(f)
except (json.JSONDecodeError, OSError):
continue
return {}
def get_module_files(module_name: str, config: Dict[str, Any]) -> Set[str]:
"""Extract files/dirs that a module installs based on config.json operations."""
files: Set[str] = set()
modules = config.get("modules", {})
module_cfg = modules.get(module_name, {})
for op in module_cfg.get("operations", []):
op_type = op.get("type", "")
target = op.get("target", "")
if op_type == "copy_file" and target:
files.add(target)
elif op_type == "copy_dir" and target:
files.add(target)
elif op_type == "merge_dir":
# merge_dir merges subdirs like commands/, agents/ into install_dir
source = op.get("source", "")
source_path = Path(__file__).parent / source
if source_path.exists():
for subdir in source_path.iterdir():
if subdir.is_dir():
files.add(subdir.name)
elif op_type == "run_command":
# install.sh installs bin/codeagent-wrapper
cmd = op.get("command", "")
if "install.sh" in cmd or "install.bat" in cmd:
files.add("bin/codeagent-wrapper")
files.add("bin")
return files
def cleanup_shell_config(rc_file: Path, bin_dir: Path) -> bool:
"""Remove PATH export added by installer from shell config."""
if not rc_file.exists():
return False
content = rc_file.read_text(encoding="utf-8")
original = content
patterns = [
r"\n?# Added by myclaude installer\n",
rf'\nexport PATH="{re.escape(str(bin_dir))}:\$PATH"\n?',
]
for pattern in patterns:
content = re.sub(pattern, "\n", content)
content = re.sub(r"\n{3,}$", "\n\n", content)
if content != original:
rc_file.write_text(content, encoding="utf-8")
return True
return False
def list_installed(install_dir: Path) -> None:
"""List installed modules."""
status = load_installed_modules(install_dir)
modules = status.get("modules", {})
if not modules:
print("No modules installed (installed_modules.json not found or empty)")
return
print(f"Installed modules in {install_dir}:")
print(f"{'Module':<15} {'Status':<10} {'Installed At'}")
print("-" * 50)
for name, info in modules.items():
st = info.get("status", "unknown")
ts = info.get("installed_at", "unknown")[:19]
print(f"{name:<15} {st:<10} {ts}")
def main(argv: Optional[List[str]] = None) -> int:
args = parse_args(argv)
install_dir = Path(args.install_dir).expanduser().resolve()
bin_dir = install_dir / "bin"
if not install_dir.exists():
print(f"Install directory not found: {install_dir}")
print("Nothing to uninstall.")
return 0
if args.list:
list_installed(install_dir)
return 0
# Load installation status
status = load_installed_modules(install_dir)
installed_modules = status.get("modules", {})
config = load_config(install_dir)
# Determine which modules to uninstall
if args.module:
selected = [m.strip() for m in args.module.split(",") if m.strip()]
# Validate
for m in selected:
if m not in installed_modules:
print(f"Error: Module '{m}' is not installed")
print("Use --list to see installed modules")
return 1
else:
selected = list(installed_modules.keys())
if not selected and not args.purge:
print("No modules to uninstall.")
print("Use --list to see installed modules, or --purge to remove everything.")
return 0
# Collect files to remove
files_to_remove: Set[str] = set()
for module_name in selected:
files_to_remove.update(get_module_files(module_name, config))
# Add installer files if removing all modules
if set(selected) == set(installed_modules.keys()):
files_to_remove.update(INSTALLER_FILES)
# Show what will be removed
print(f"Install directory: {install_dir}")
if args.purge:
print(f"\n⚠️ PURGE MODE: Will remove ENTIRE directory including user files!")
else:
print(f"\nModules to uninstall: {', '.join(selected)}")
print(f"\nFiles/directories to remove:")
for f in sorted(files_to_remove):
path = install_dir / f
exists = "" if path.exists() else "✗ (not found)"
print(f" {f} {exists}")
# Confirmation
if not args.yes and not args.dry_run:
prompt = "\nProceed with uninstallation? [y/N] "
response = input(prompt).strip().lower()
if response not in ("y", "yes"):
print("Aborted.")
return 0
if args.dry_run:
print("\n[Dry run] No files were removed.")
return 0
print(f"\nUninstalling...")
removed: List[str] = []
if args.purge:
shutil.rmtree(install_dir)
print(f" ✓ Removed {install_dir}")
removed.append(str(install_dir))
else:
# Remove files/dirs in reverse order (files before parent dirs)
for item in sorted(files_to_remove, key=lambda x: x.count("/"), reverse=True):
path = install_dir / item
if not path.exists():
continue
try:
if path.is_dir():
# Only remove if empty or if it's a known module dir
if item in ("bin",):
# For bin, only remove codeagent-wrapper
wrapper = path / "codeagent-wrapper"
if wrapper.exists():
wrapper.unlink()
print(f" ✓ Removed bin/codeagent-wrapper")
removed.append("bin/codeagent-wrapper")
# Remove bin if empty
if path.exists() and not any(path.iterdir()):
path.rmdir()
print(f" ✓ Removed empty bin/")
else:
shutil.rmtree(path)
print(f" ✓ Removed {item}/")
removed.append(item)
else:
path.unlink()
print(f" ✓ Removed {item}")
removed.append(item)
except OSError as e:
print(f" ✗ Failed to remove {item}: {e}", file=sys.stderr)
# Update installed_modules.json
status_file = install_dir / "installed_modules.json"
if status_file.exists() and selected != list(installed_modules.keys()):
# Partial uninstall: update status file
for m in selected:
installed_modules.pop(m, None)
if installed_modules:
with status_file.open("w", encoding="utf-8") as f:
json.dump({"modules": installed_modules}, f, indent=2)
print(f" ✓ Updated installed_modules.json")
# Remove install dir if empty
if install_dir.exists() and not any(install_dir.iterdir()):
install_dir.rmdir()
print(f" ✓ Removed empty install directory")
# Clean shell configs
for rc_name in (".bashrc", ".zshrc"):
rc_file = Path.home() / rc_name
if cleanup_shell_config(rc_file, bin_dir):
print(f" ✓ Cleaned PATH from {rc_name}")
print("")
if removed:
print(f"✓ Uninstallation complete ({len(removed)} items removed)")
else:
print("✓ Nothing to remove")
if install_dir.exists() and any(install_dir.iterdir()):
remaining = list(install_dir.iterdir())
print(f"\nNote: {len(remaining)} items remain in {install_dir}")
print("These are either user files or from other modules.")
print("Use --purge to remove everything (DANGEROUS).")
return 0
if __name__ == "__main__":
sys.exit(main())

225
uninstall.sh Executable file
View File

@@ -0,0 +1,225 @@
#!/bin/bash
set -e
INSTALL_DIR="${INSTALL_DIR:-$HOME/.claude}"
BIN_DIR="${INSTALL_DIR}/bin"
STATUS_FILE="${INSTALL_DIR}/installed_modules.json"
DRY_RUN=false
PURGE=false
YES=false
LIST_ONLY=false
MODULES=""
usage() {
cat <<EOF
Usage: $0 [OPTIONS]
Uninstall myclaude modules.
Options:
--install-dir DIR Installation directory (default: ~/.claude)
--module MODULES Comma-separated modules to uninstall (default: all)
--list List installed modules and exit
--dry-run Show what would be removed without removing
--purge Remove entire install directory (DANGEROUS)
-y, --yes Skip confirmation prompt
-h, --help Show this help
Examples:
$0 --list # List installed modules
$0 --dry-run # Preview what would be removed
$0 --module dev # Uninstall only 'dev' module
$0 -y # Uninstall all without confirmation
$0 --purge -y # Remove everything (DANGEROUS)
EOF
exit 0
}
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
--install-dir) INSTALL_DIR="$2"; BIN_DIR="${INSTALL_DIR}/bin"; STATUS_FILE="${INSTALL_DIR}/installed_modules.json"; shift 2 ;;
--module) MODULES="$2"; shift 2 ;;
--list) LIST_ONLY=true; shift ;;
--dry-run) DRY_RUN=true; shift ;;
--purge) PURGE=true; shift ;;
-y|--yes) YES=true; shift ;;
-h|--help) usage ;;
*) echo "Unknown option: $1" >&2; exit 1 ;;
esac
done
# Check if install dir exists
if [ ! -d "$INSTALL_DIR" ]; then
echo "Install directory not found: $INSTALL_DIR"
echo "Nothing to uninstall."
exit 0
fi
# List installed modules
list_modules() {
if [ ! -f "$STATUS_FILE" ]; then
echo "No modules installed (installed_modules.json not found)"
return
fi
echo "Installed modules in $INSTALL_DIR:"
echo "Module Status Installed At"
echo "--------------------------------------------------"
# Parse JSON with basic tools (no jq dependency)
python3 -c "
import json, sys
try:
with open('$STATUS_FILE') as f:
data = json.load(f)
for name, info in data.get('modules', {}).items():
status = info.get('status', 'unknown')
ts = info.get('installed_at', 'unknown')[:19]
print(f'{name:<15} {status:<10} {ts}')
except Exception as e:
print(f'Error reading status file: {e}', file=sys.stderr)
sys.exit(1)
"
}
if [ "$LIST_ONLY" = true ]; then
list_modules
exit 0
fi
# Get installed modules from status file
get_installed_modules() {
if [ ! -f "$STATUS_FILE" ]; then
echo ""
return
fi
python3 -c "
import json
try:
with open('$STATUS_FILE') as f:
data = json.load(f)
print(' '.join(data.get('modules', {}).keys()))
except:
print('')
"
}
INSTALLED=$(get_installed_modules)
# Determine modules to uninstall
if [ -n "$MODULES" ]; then
SELECTED="$MODULES"
else
SELECTED="$INSTALLED"
fi
if [ -z "$SELECTED" ] && [ "$PURGE" != true ]; then
echo "No modules to uninstall."
echo "Use --list to see installed modules, or --purge to remove everything."
exit 0
fi
echo "Install directory: $INSTALL_DIR"
if [ "$PURGE" = true ]; then
echo ""
echo "⚠️ PURGE MODE: Will remove ENTIRE directory including user files!"
else
echo ""
echo "Modules to uninstall: $SELECTED"
echo ""
echo "Files/directories that may be removed:"
for item in commands agents skills docs bin CLAUDE.md install.log installed_modules.json; do
if [ -e "${INSTALL_DIR}/${item}" ]; then
echo " $item"
fi
done
fi
# Confirmation
if [ "$YES" != true ] && [ "$DRY_RUN" != true ]; then
echo ""
read -p "Proceed with uninstallation? [y/N] " response
case "$response" in
[yY]|[yY][eE][sS]) ;;
*) echo "Aborted."; exit 0 ;;
esac
fi
if [ "$DRY_RUN" = true ]; then
echo ""
echo "[Dry run] No files were removed."
exit 0
fi
echo ""
echo "Uninstalling..."
if [ "$PURGE" = true ]; then
rm -rf "$INSTALL_DIR"
echo " ✓ Removed $INSTALL_DIR"
else
# Remove codeagent-wrapper binary
if [ -f "${BIN_DIR}/codeagent-wrapper" ]; then
rm -f "${BIN_DIR}/codeagent-wrapper"
echo " ✓ Removed bin/codeagent-wrapper"
fi
# Remove bin directory if empty
if [ -d "$BIN_DIR" ] && [ -z "$(ls -A "$BIN_DIR" 2>/dev/null)" ]; then
rmdir "$BIN_DIR"
echo " ✓ Removed empty bin/"
fi
# Remove installed directories
for dir in commands agents skills docs; do
if [ -d "${INSTALL_DIR}/${dir}" ]; then
rm -rf "${INSTALL_DIR}/${dir}"
echo " ✓ Removed ${dir}/"
fi
done
# Remove installed files
for file in CLAUDE.md install.log installed_modules.json installed_modules.json.bak; do
if [ -f "${INSTALL_DIR}/${file}" ]; then
rm -f "${INSTALL_DIR}/${file}"
echo " ✓ Removed ${file}"
fi
done
# Remove install directory if empty
if [ -d "$INSTALL_DIR" ] && [ -z "$(ls -A "$INSTALL_DIR" 2>/dev/null)" ]; then
rmdir "$INSTALL_DIR"
echo " ✓ Removed empty install directory"
fi
fi
# Clean up PATH from shell config files
cleanup_shell_config() {
local rc_file="$1"
if [ -f "$rc_file" ]; then
if grep -q "# Added by myclaude installer" "$rc_file" 2>/dev/null; then
# Create backup
cp "$rc_file" "${rc_file}.bak"
# Remove myclaude lines
grep -v "# Added by myclaude installer" "$rc_file" | \
grep -v "export PATH=\"${BIN_DIR}:\$PATH\"" > "${rc_file}.tmp"
mv "${rc_file}.tmp" "$rc_file"
echo " ✓ Cleaned PATH from $(basename "$rc_file")"
fi
fi
}
cleanup_shell_config "$HOME/.bashrc"
cleanup_shell_config "$HOME/.zshrc"
echo ""
echo "✓ Uninstallation complete"
# Check for remaining files
if [ -d "$INSTALL_DIR" ] && [ -n "$(ls -A "$INSTALL_DIR" 2>/dev/null)" ]; then
remaining=$(ls -1 "$INSTALL_DIR" 2>/dev/null | wc -l | tr -d ' ')
echo ""
echo "Note: $remaining items remain in $INSTALL_DIR"
echo "These are either user files or from other modules."
echo "Use --purge to remove everything (DANGEROUS)."
fi