Two OS-too-new layers blocked gstack's browser on Ubuntu 26.04; handle both
from the installer so a fresh `make install` works without manual steps:
1. Playwright version — gstack pins 1.58.x which has no browser build for
ubuntu>24.04 ("does not support chromium on ubuntu26.04"). New
gstack_bump_playwright_if_unsupported() runs before ./setup: if the
pinned Playwright's support list lacks the running distro, `bun add
playwright@latest` in the submodule (1.61 supports 26.04), then ./setup's
frozen-lockfile install picks it up and rebuilds the browse binary against
it. Idempotent (skips when already supported). Edits the submodule locally
— goes dirty, reset by `git submodule update`, re-applied next install.
2. Chromium sandbox — Ubuntu 24.04+ restricts unprivileged user namespaces
via AppArmor, so Chromium aborts "No usable sandbox". Persist gstack's
documented opt-out GSTACK_CHROMIUM_NO_SANDBOX=1 to the shell profile, gated
on the exact sysctl (kernel.apparmor_restrict_unprivileged_userns=1) so it
only triggers where the restriction is active.
Verified end-to-end on Ubuntu 26.04: gstack browse drives a real page
(Navigated 200). See BDR-029 / LRN-040 / BLK-008.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
The PLAYWRIGHT_HOST_PLATFORM_OVERRIDE=ubuntu24.04-x64 pin (211c7d4) made
Playwright 1.58.2 stop erroring and instead download a Chrome-for-Testing
fallback build — but that download reaches 100% and then HANGS at extraction
on Ubuntu 26.04 (reproduced on a real machine + here: chrome binary never
materializes, no headless-shell download starts). Net effect: the override
turned a 0.5s fast-fail into an indefinite hang that blocks `make install` /
`make plugin` (user had to Ctrl+C).
Reverting restores the original behavior: gstack's ./setup fast-fails the
browser install (non-fatal — gstack is OFF by default, browser only needed
for /browse, /qa, screenshots) and the install completes. Replaced the code
with a NOTE explaining the dead end. Real fix is upstream: gstack bumping
Playwright to a version that supports the OS. See BLK-008.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
graphify's installer rewrites CLAUDE.md + .claude/settings.json (clobbers
the curated graphify section, drops the "This repo only" header, injects
aggressive MANDATORY pre-tool hooks) and `claude plugin install` flips
enable-states in settings.json. These 3 files are hand-curated, never
installer-owned.
Snapshot them at the top of install-plugins.sh and restore on EXIT (trap)
so `make install` / `make plugin` leaves them exactly as found. Pre-existing
local edits are preserved; only installer drift is undone. Verified with an
isolated drift→restore test. update-all.sh needs no guard — it only runs
`claude plugin update` (no enable flips) and never re-runs graphify's
CLAUDE.md/settings integration.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
jq is used 18+ times in always-on hooks (statusline.sh, rtk-rewrite.sh)
but was never installed by any script — it only worked because dev
machines happened to have it; a bare machine breaks at hook-run time.
Add it to Step 1 (same inline pattern as the other prereqs) and to
doctor.sh at fail level.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
Ubuntu 26.04 (and any release newer than 24.04) isn't in Playwright
1.58.2's supported-build list, so gstack's ./setup aborted with
"Playwright does not support chromium on ubuntu26.04-x64".
Add gated helper playwright_platform_override() (ubuntu >24.04 → echoes
ubuntu24.04-<arch>, else nothing). Export PLAYWRIGHT_HOST_PLATFORM_OVERRIDE
before gstack ./setup (install-time download) and persist it to the shell
profile (runtime browser launch). Playwright then pulls a compatible
Chrome-for-Testing fallback build instead of erroring.
Verified on Ubuntu 26.04: override emitted correctly (no var leak), CfT
build resolves all shared libs (ldd) and renders headless. No submodule
edits — purely an env pin from the wrapper.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
Move the real secret out of the git tree: the key lives in ~/.claude/.env
(outside the repo), and link.sh symlinks repo/.env -> ~/.claude/.env so
`source "$REPO/.env"` resolves transparently. The secret never enters git —
not as content (it's a link) and not by accident (gitignored).
link.sh: add link_env() — verify ~/.claude/.env exists + has MAGIC_API_KEY
(warn, never create/copy the secret), then create repo/.env -> ~/.claude/.env.
Defensive + idempotent: links only when repo/.env is absent or already the
right symlink; a residual REAL repo/.env is left untouched with a migrate hint
(never clobbered, so the secret can't be destroyed).
.gitignore: harden .env -> .env + .env.* + !.env.example (covers .env.local,
.env.bak, .env.save; keeps the template tracked).
Messages point at ~/.claude/.env (the canonical edit location) instead of the
ambiguous $REPO/.env: design-tool-gate.sh gate output, design-gate.md
(branch 3 + IMPORTANT), toggle-external.sh, install-plugins.sh.
Verified: shellcheck clean (link.sh, toggle-external.sh, design-tool-gate.sh);
link.sh created the symlink (1 change, idempotent re-run); repo/.env absent
from git status; magic-off path still exits 10 with the ~/.claude/.env hint.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The gstack/bin/ and gstack/browse/dist/ symlinks (added in link.sh) were
missing from install-plugins.sh and update-all.sh, meaning fresh installs
and updates wouldn't create them. Also adds doctor.sh health checks.
- install-plugins.sh: create symlinks after gstack ./setup
- update-all.sh: refresh symlinks after gstack submodule update
- doctor.sh: verify both symlinks exist in consistency section
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Source: anthropic-agent-skills plugin cache → skills-external/frontend-design/
Auto-install via install-plugins.sh step 8b, auto-update via update-all.sh
step 7.1, symlinked by link.sh (refactored to loop over EXTERNAL_SKILLS).
Added to profiles: design, web, web-full, full.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two interlocked bugs masking each other:
1. install-plugins.sh installed but never enabled marketplace plugins.
`claude plugin install` only writes to ~/.claude/plugins/cache; without
a separate `claude plugin enable` the plugin sits dormant in the
user's enabledPlugins map. security-guidance and superpowers shipped
as ALWAYS-ON in CLAUDE.md/README/installer banner but in practice
landed disabled on every fresh install.
2. session-start.sh hardcoded the literal "security-guidance rtk
superpowers" in the ✅ ON row, so the misleading banner agreed with
the misleading documentation. The bug stayed invisible.
Fixes:
- install-plugins.sh now calls enable_plugin (added in the caveman
commit) for security-guidance and superpowers immediately after
install. Idempotent: skips if already in enabledPlugins.
- session-start.sh builds the ALWAYS-ON row dynamically from RTK
binary detection + plugin_enabled() lookups against
settings.json. Plugins that are not enabled are omitted, so the
banner reflects reality. Wider strings split across two lines like
the toggle row.
- settings.json: ship security-guidance and superpowers in
enabledPlugins so this user's machine matches the contract until
install-plugins.sh runs again.
Out of scope (separate bug, not addressed here): the marketplace-aware
detect_security_guidance / detect_plugin_dev cache scans miss plugins
nested under cache/<marketplace>/<plugin>/<version>/. They aren't on
the always-on path so the symptom is hidden — left for a follow-up.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wires JuliusBrussee/caveman into the always-on tier alongside
security-guidance and superpowers. Caveman compresses Claude's output
tokens (~75%) by speaking like a caveman while keeping technical
substance. Three layers:
1. Plugin (caveman@caveman, marketplace JuliusBrussee/caveman)
— adds /caveman, /caveman-commit, /caveman-review, /caveman-stats,
/caveman-help, /cavecrew, /compress + 3 cavecrew agents +
SessionStart/UserPromptSubmit hooks from the plugin path.
2. Standalone hooks (statusline + stats badge) deployed by
caveman's own hooks/install.sh into ~/.claude/hooks/. Paths in
settings.json normalized to ~/.claude/hooks/... so this user's
home dir doesn't leak across machines.
3. caveman-shrink MCP proxy — NOT auto-registered. The bare proxy
fails health checks because it requires an upstream MCP server
to wrap. install-plugins.sh STEP 5.5 prints a snippet showing how
to register a wrapped entry (e.g. caveman-shrink-fs) when the user
decides which upstream to compress.
New helper enable_plugin() for explicit always-on activation —
'claude plugin install' only copies into cache, doesn't write
enabledPlugins. Idempotent via Python json check.
doctor.sh adds detect_caveman / detect_caveman_hooks / detect_caveman_shrink
checks plus a 300t passive-cost adder. update-all.sh refreshes hook
files via the upstream installer's --force mode.
.gitignore covers caveman runtime files materialized into hooks/
because ~/.claude/hooks is symlinked to this repo.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add `magic` to the unified toggle-external.sh helper alongside gstack,
emil-design-eng, darwin-skill, find-skills. MCPs are toggled via
`claude mcp add|remove` instead of symlink moves.
API key loaded from $REPO/.env (gitignored) via .env.example template.
install-plugins.sh step 8.7 forces magic MCP off after each install run
so the MCP doesn't load into every session unless explicitly enabled.
Toggle: bash lib/toggle-external.sh enable|disable|status magic
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gstack ships ~40 skills that all load into Claude's context. Keeping
them active by default taxes every session, even when the project has
no browser-QA or deploy workflow. install-plugins.sh now calls
`toggle-external.sh disable gstack` right after gstack's ./setup, so
fresh installs land with gstack symlinks staged in skills-disabled/.
update-all.sh captures the current enabled/disabled state before the
submodule bump and restores it afterwards — otherwise ./setup would
silently re-enable a user who had explicitly disabled gstack.
To use gstack: `bash lib/toggle-external.sh enable gstack`.
Co-Authored-By: Claude <noreply@anthropic.com>
`claude plugin update` rejects a bare plugin name when multiple
marketplaces are registered — the CLI demands `name@marketplace`.
update-all.sh stripped the suffix via `${_p%%@*}`, causing every
marketplace plugin update to fail with "Plugin not found". Fixed
by passing the unmodified spec from `claude plugin list`.
Also adds install + update paths for external skills distributed
through the `npx skills` CLI (vercel-labs/skills):
- alchaincyf/darwin-skill
- alchaincyf/find-skills
These land in ~/.agents/skills/ and are now symlinked into
$REPO/skills/ via link.sh using absolute paths — the previous
relative `../../.agents/...` targets resolved incorrectly when
the repo is cloned below $HOME (as ~/Documents/claude/), leaving
dangling symlinks.
Co-Authored-By: Claude <noreply@anthropic.com>
install-plugins.sh: replace 'export CLAUDE_EFFORT=max' with
'alias claude="claude --effort max"' (cleaner, uses CLI flag).
Cleans up old env var from shell profile on re-run.
Also adds tasks/ tracking files and fixes trailing whitespace in CLAUDE.md.
Co-Authored-By: Claude <noreply@anthropic.com>
New Step 10 writes CLAUDE_EFFORT=max and
CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1 to the user's shell
profile (~/.bashrc, ~/.zshrc, or ~/.profile). Skips if already
present.
Co-Authored-By: Claude <noreply@anthropic.com>
skill-creator is bundled in the "example-skills" plugin from
anthropics/skills repo, not in anthropics/claude-code marketplace.
Adds anthropic-agent-skills marketplace and installs example-skills.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- detect_plan() auto-detects Max/Pro/Free from ~/.claude.json
- session-start budget adapts to plan (Max=20k, Pro=11k, Free=5k)
- token counting now uses only ACTIVE plugins, not installed binaries
- statusline shows plan label + session duration instead of start time
- plugin-advisor: complexity assessment (0-100%) drives tool selection
- plugin-advisor: auto-activation with confirmation (PHASE 4)
- ruflo OFF by default, GSD v2 preferred for multi-session
- init-project: ctx7 pre-fetch + graphify scaffold + graphify full
- ship-feature: ctx7 cache check before implementation
- frontend-design disabled in installer (doublon with ui-ux-pro-max)
- python3 -c moved from deny to ask (unblocks graphify)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>