claude/README.md
2026-04-03 18:08:21 +02:00

557 lines
22 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# claude-config
Global Claude Code configuration — agents, skills, plugins, and project templates.
---
## Overview
This repo is your personal Claude Code setup, versioned and reproducible across machines.
```
claude-config/
├── CLAUDE.md # Global coding preferences (style, rules, workflow)
├── settings.json # Global permissions (77 deny / 16 ask / 57 allow rules)
├── install-plugins.sh # One-shot installer: prerequisites + all plugins (reads plugins.lock.json)
├── link.sh # Symlinks this repo into ~/.claude/
├── doctor.sh # Setup diagnostic — checks symlinks, plugins, permissions, token budget
├── update-all.sh # One-command update for all components
├── Makefile # Unified entry point: make install / doctor / update
├── plugins.lock.json # Version pinning for non-marketplace dependencies (RTK, GSD)
├── version.txt # Semver version of this config
├── CHANGELOG.md # Release history
├── lib/
│ └── detect-plugins.sh # Shared plugin detection — sourced by all scripts
├── hooks/
│ └── session-start.sh # Health check + toggle plugin status at session start
├── skills-external/
│ └── gstack/ # Git submodule — garrytan/gstack (symlinked to ~/.claude/skills/gstack)
├── .gitmodules # Submodule declaration
├── agents/
│ ├── analyzer.md # Factual codebase analysis (read-only)
│ ├── interviewer.md # Project questionnaire → PROJECT BRIEF
│ ├── plugin-advisor.md # Plugin check: detect mismatches, block if Superpowers missing
│ ├── readme-updater.md # Update README from git history + codebase
│ ├── refactorer.md # Surgical refactoring with norm enforcement
│ └── scaffolder.md # Full project generation (CLAUDE.md, README, code)
├── skills/
│ ├── analyze/ # /analyze — deep factual analysis
│ ├── health/ # /health — run setup diagnostic
│ ├── init-project/ # /init-project — full project initialization
│ ├── plugin-check/ # /plugin-check — check plugin config vs project needs
│ ├── readme/ # /readme — update README from current state
│ ├── refactor/ # /refactor — improve code without changing behavior
│ └── ship-feature/ # /ship-feature — ship a feature end-to-end
└── templates/
├── project-CLAUDE.md # Template for per-project CLAUDE.md
└── settings/
├── settings.json # Template for project .claude/settings.json
├── settings.local.json # Template for personal .claude/settings.local.json
├── .claudeignore # Template for project .claudeignore
└── SETTINGS.md # Full settings reference
```
**Architecture principle:**
- `skills/` = entry points you invoke via `/skill-name`
- `agents/` = execution units called by skills (never invoked directly by user)
- `lib/` = shared shell functions sourced by scripts (plugin detection)
- Custom skills use **Superpowers** agents for implementation phases (required — auto-detected)
- **Plugins** (Superpowers, GStack, GSD, etc.) install separately and complement custom skills
---
## Fresh install (new machine)
```bash
# 1. Clone with submodules — choose any location
git clone --recurse-submodules git@github.com:youruser/claude-config.git
cd claude-config
# 2. Symlink into ~/.claude/
bash link.sh
# 3. Install prerequisites + all plugins (detects OS, reads pinned versions from plugins.lock.json)
bash install-plugins.sh
# 4. Add Context7 API key (free at context7.com) — manual step
claude mcp add --scope user context7 -- npx -y @upstash/context7-mcp --api-key YOUR_KEY
# 5. Verify setup
bash doctor.sh
# 6. Restart Claude Code then run /reload-plugins
```
All scripts use their own location to find the repo — run them from anywhere or from the repo directory.
Symlinks point to the repo's actual path, so renaming or moving the repo requires re-running `bash link.sh`.
The install script handles: git, Node.js 22, Rust/Cargo, Python 3, RTK, GStack (submodule), GSD,
and all marketplace plugins on Linux (apt/dnf/pacman) and macOS (brew).
RTK and GSD versions are pinned in `plugins.lock.json`. The install script reads those
versions automatically. Marketplace plugins install to `~/.claude/plugins/` (user scope).
Install output is logged to `install-YYYYMMDD-HHMMSS.log` in the repo directory for post-mortem debugging.
---
## Available slash commands
### Custom skills (this repo)
| Command | Description |
|---|---|
| `/analyze` | Deep factual analysis of code before any modification |
| `/refactor` | Improve code quality without changing behavior (strict norms) |
| `/readme` | Full README audit — diff vs codebase, mandatory stop, surgical updates |
| `/plugin-check` | Check active plugins vs project needs — recommend enable/disable |
| `/init-project` | Initialize a complete project from scratch (full orchestrator) |
| `/ship-feature` | Ship a feature end-to-end with validation gates (full orchestrator) |
| `/health` | Run setup diagnostic — check symlinks, plugins, permissions, token budget |
### Superpowers skills (auto-invoked or explicit)
> **Required dependency.** Superpowers must be active for `/init-project` and `/ship-feature`.
> The plugin-advisor (STEP 0) blocks and shows install instructions if Superpowers is missing.
| Command | When it auto-activates |
|---|---|
| `/superpowers:brainstorm` | When you describe something to build |
| `/superpowers:write-plan` | After design is approved |
| `/superpowers:execute-plan` | With an approved plan |
| `systematic-debugging` | Auto — when debugging |
| `test-driven-development` | Auto — when implementing |
| `requesting-code-review` | Auto — after a feature step |
### GStack skills (Garry Tan — full-product projects only)
> Installed as a git submodule at `skills-external/gstack/`, symlinked to `~/.claude/skills/gstack/`.
> **Use when:** project has UI + design + deploy + browser QA. Skip for backend/lib/CLI projects.
| Command | Description |
|---|---|
| `/office-hours` | Discovery consultant — scope and challenge before code |
| `/plan-ceo-review` | CEO challenges product scope and feature value |
| `/plan-eng-review` | Staff engineer locks architecture decisions |
| `/design-consultation` | Build a design system from scratch |
| `/design-shotgun` | Generate multiple visual variants for comparison |
| `/design-html` | Turn approved mockup into production HTML |
| `/review` | Code review (GStack version) |
| `/ship` | One-command: test → build → deploy |
| `/qa` | QA with real Chrome browser automation |
| `/browse` | Headless Chrome web navigation |
| `/careful` | Activate safety guardrails |
| `/freeze` | Lock edits to current directory |
| `/retro` | Engineering retrospective |
| `/gstack-upgrade` | Self-update GStack |
### GSD skills (glittercowboy — multi-session large features)
> Install: `npx get-shit-done-cc --claude --global`
> **Use when:** feature spans multiple days/sessions. Each session starts fresh with full context from previous phases.
| Command | Description |
|---|---|
| `/gsd:discuss-phase` | Refine spec for a phase through conversation |
| `/gsd:plan-phase` | Generate hierarchical phase plan |
| `/gsd:execute-phase` | Execute phase in an isolated context window |
| `/gsd:ship` | Create PR from verified work |
| `/gsd:next` | Auto-advance to the next phase |
### Other plugin commands
| Command | Plugin | Description |
|---|---|---|
| `/pr-review-toolkit:review-pr` | pr-review-toolkit | Multi-agent PR review (6 specialized agents) |
| `/context7:docs <lib>` | context7 | Manual doc lookup for a specific library |
---
## Orchestrators in detail
### `/init-project`
Same rigor as `/ship-feature`. Two validation gates. Full TDD subagent pipeline for v1 features.
The Scaffolder only creates the skeleton (no features, no README).
readme-updater handles the README in two passes: CREATE then SYNC.
STEP 0 blocks if Superpowers is not installed (required for steps 3, 6, 8, 10, 11).
```
/init-project <project idea>
├── STEP 0: PLUGIN CHECK (plugin-advisor) ← blocks if Superpowers missing or wrong plugins
├── STEP 1: INTERVIEWER (custom) → PROJECT BRIEF
├── STEP 2: ANALYZER (custom) → ANALYSIS REPORT
├── STEP 3: superpowers:brainstorming → VALIDATED DESIGN
├── STEP 4: VALIDATION GATE #1 → approve architecture
├── STEP 5: SCAFFOLDER (custom) → skeleton only (CLAUDE.md +
│ settings + structure +
│ empty entry points, NO features,
│ NO README)
├── STEP 5b: README-UPDATER create mode (custom) → CREATE README from CLAUDE.md
├── STEP 6: superpowers:writing-plans → decompose v1 features into tasks
├── STEP 7: VALIDATION GATE #2 → approve task plan
├── STEP 8: superpowers:subagent-driven (TDD) → implement each feature (isolated)
├── STEP 9: ANALYZER (custom) → regression + deviation check
├── STEP 10: superpowers:requesting-review → full code review
├── STEP 11: superpowers:finishing-branch → cleanup + build + tests
└── STEP 12: README-UPDATER sync mode (custom) → sync README with implementation
```
### `/ship-feature`
STEP 0 blocks if Superpowers is not installed (required for steps 1, 2, 4, 6, 7).
```
/ship-feature <feature description>
├── STEP 0: PLUGIN CHECK (plugin-advisor) ← blocks if Superpowers missing or wrong plugins
├── STEP 1: superpowers:brainstorming → VALIDATED DESIGN
├── STEP 2: superpowers:writing-plans → task plan
├── STEP 3: VALIDATION GATE → user approval required
├── STEP 4: superpowers:subagent-driven → implementation (TDD)
├── STEP 5: ANALYZER (custom) → regression / deviation check
├── STEP 6: superpowers:requesting-review → code review
├── STEP 7: superpowers:finishing-branch → cleanup
└── STEP 8: README-UPDATER sync mode → sync README with new feature
```
### `/plugin-check`
Standalone command you can run at any time to audit your plugin config
against what you're about to do. Also embedded as STEP 0 in both orchestrators.
Blocks if Superpowers is not active (required by orchestrators).
Blocks if critical project-specific plugins are missing (frontend tools, Context7, GStack).
```
/plugin-check "I want to build a React + FastAPI SaaS"
→ Detects active plugins
→ Analyzes signals: frontend? design? QA? multi-session? fast-evolving libs?
→ Produces recommendation table
→ Blocks with OPTIONS if critical plugins are missing (including Superpowers)
→ Or confirms "proceed" if config is optimal
```
---
## Plugins reference
All plugins below are installed by `install-plugins.sh`.
### Quick reference
The mechanism: Claude Code loads every active skill's **description** into a shared context budget
at session start (default 8000 chars). Even if you never invoke the skill, its description
is already consuming tokens. **Disabling a plugin prevents its descriptions from loading entirely.**
A `hooks/session-start.sh` hook shows the current toggle status at the start of every session.
Run `/plugin-check` anytime to get a full recommendation for the current project type.
| Plugin | Status | Passive cost | When to toggle ON | Installed by |
|---|---|---|---|---|
| **security-guidance** | ✅ ALWAYS ON | 0 tokens (hook only) | — | marketplace |
| **RTK** | ✅ ALWAYS ON | 0 tokens (hook only) | — | cargo (pinned in plugins.lock.json) |
| **Superpowers** | ✅ REQUIRED | ~6001000 tokens | — required by orchestrators, auto-detected | marketplace |
| **skill-creator** | ✅ ALWAYS ON | ~100 tokens | — | marketplace |
| **pr-review-toolkit** | ✅ ALWAYS ON | ~300 tokens | — use `/pr-review-toolkit:review-pr` | marketplace |
| **GStack** | 🔄 TOGGLE | ~25003000 tokens | Full-product: UI + design + deploy + browser QA | git submodule |
| **GSD** | 🔄 TOGGLE | ~500800 tokens | Feature spanning multiple days/sessions | npx (pinned in plugins.lock.json) |
| **frontend-design** | 🔄 TOGGLE | ~200 tokens | Any project with a UI | marketplace |
| **ui-ux-pro-max** | 🔄 TOGGLE | ~400 tokens | Design system, color/typography choices | marketplace |
| **Context7 MCP** | 🔄 TOGGLE | ~200 tokens | Fast-evolving libs (Next.js, React, Prisma…) | MCP manual |
**Rule:** toggle plugins are OFF by default. `/plugin-check` signals when to enable them.
If you use `/init-project` or `/ship-feature`, plugin-check runs automatically as STEP 0
and **blocks if Superpowers is not active**.
### Version pinning
RTK and GSD versions are pinned in `plugins.lock.json`:
```json
{
"rtk": { "version": "v0.34.3" },
"gsd": { "version": "1.30.0" }
}
```
`install-plugins.sh` reads these versions automatically.
To update a pinned version: edit `plugins.lock.json`, then re-run `install-plugins.sh`.
GStack is pinned via its git submodule pointer.
### Disabling a plugin for a specific project
```bash
# In Claude Code
/plugin
# → Find the plugin → toggle off for this scope
```
Or in the project's `.claude/settings.json`:
```json
{
"enabledPlugins": {
"gstack@gstack": false,
"gsd@gsd": false
}
}
```
### Enabling a plugin for a specific project (so teammates can install it)
```json
{
"enabledPlugins": {
"ui-ux-pro-max@ui-ux-pro-max-skill": true
},
"extraKnownMarketplaces": {
"ui-ux-pro-max-skill": {
"source": {
"source": "github",
"repo": "nextlevelbuilder/ui-ux-pro-max-skill"
}
}
}
}
```
---
## Settings and permissions
### File hierarchy
```
Highest
managed-settings.json — enterprise, cannot be overridden
CLI flags — --allowedTools / --disallowedTools (session only)
.claude/settings.local.json — personal machine overrides (gitignored)
.claude/settings.json — project rules (committed to project repo)
~/.claude/settings.json — global user rules (this repo's settings.json)
Lowest
DENY always wins over ALLOW at any level.
.claudeignore applies independently of all permission rules.
```
### Global settings (this repo's `settings.json`)
77 deny rules, 16 ask rules, 57 allow rules.
| Section | Purpose |
|---|---|
| `deny` — secrets (Read) | Blocks `Read` on `.env`, `.pem`, `.key`, SSH keys, cloud credentials |
| `deny` — secrets (Bash) | Blocks `cat`, `head`, `tail`, `grep`, `less`, `more` on `.env` and secret files |
| `deny` — destructive | Blocks `rm -rf`, `git push --force`, `chmod 777` |
| `deny` — system | Blocks `sudo`, `ssh`, `scp`, `crontab`, `systemctl` |
| `deny` — injection | Blocks `curl \| bash`, `wget \| sh` |
| `deny` — escalation | Blocks `bash -c`, `eval`, `exec`, `find -delete`, `perl -e`, `ruby -e` |
| `ask` — risky | Prompts before `git push`, `docker run`, package managers |
| `ask` — write tools | Prompts before `xargs`, `sed -i` (in-place file editing) |
| `allow` — safe reads | Auto-approves git read-only, `ls`, `cat`, `grep`, `find`, `sed` (stdout only) |
| `disableBypassPermissionsMode` | Prevents YOLO mode globally |
### Per-project setup
```bash
cd your-project
mkdir -p .claude
# Find the repo from any existing symlink
CONF="$(dirname "$(readlink ~/.claude/CLAUDE.md)")"
# Project settings (commit to project git)
cp "$CONF/templates/settings/settings.json" .claude/settings.json
# Personal overrides (never commit — gitignore it)
cp "$CONF/templates/settings/settings.local.json" .claude/settings.local.json
echo ".claude/settings.local.json" >> .gitignore
# Hard file exclusions (commit to project git)
cp "$CONF/templates/settings/.claudeignore" .claudeignore
# Project CLAUDE.md (commit to project git)
cp "$CONF/templates/project-CLAUDE.md" .claude/CLAUDE.md
```
---
## Updating
### One-command update (recommended)
```bash
# From the repo directory
bash update-all.sh
# Pulls config, updates GStack submodule, updates RTK (pinned version), refreshes symlinks, runs doctor
```
### Manual updates
#### This repo
```bash
# cd into the repo (wherever you cloned it)
git pull
# Symlinks → changes active immediately
```
#### GStack (submodule)
```bash
# Option A — inside Claude Code (recommended)
/gstack-upgrade
# Option B — via submodule (from the repo directory)
git submodule update --remote skills-external/gstack
cd skills-external/gstack && ./setup
git add skills-external/gstack
git commit -m "chore: update gstack to latest"
```
GStack is a git submodule. Its version is pinned in your config repo — reproducible on every machine.
#### RTK
```bash
# Uses the version pinned in plugins.lock.json (from the repo directory)
bash update-all.sh
# Or manually (check latest at https://github.com/rtk-ai/rtk/releases)
cargo install --git https://github.com/rtk-ai/rtk --tag v0.34.3 --force
```
#### Marketplace plugins
```bash
/plugin marketplace update # inside Claude Code
```
---
## Adding a new custom skill
1. Create `agents/myagent.md` — role, tasks, rules, output format
2. Create `skills/myskill/SKILL.md`:
```markdown
---
name: myskill
description: What this skill does — front-load the key use case (max 250 chars)
argument-hint: <what to pass>
disable-model-invocation: true
allowed-tools: Read, Write, Edit, Bash, Grep, Glob
---
Load and follow strictly:
- .claude/agents/myagent.md
Execute MYAGENT on:
$ARGUMENTS
```
3. Or use `/skill-creator` to generate a skill from conversation.
---
## Per-project agent overrides
Override any global agent for a specific project:
```bash
CONF="$(dirname "$(readlink ~/.claude/CLAUDE.md)")"
cp "$CONF/agents/refactorer.md" .claude/agents/refactorer.md
# Edit .claude/agents/refactorer.md — the local version takes precedence
```
---
## Maintenance
### Diagnostic
```bash
# Quick check from terminal (from the repo directory)
bash doctor.sh
# Or from within Claude Code
/health
# Unified commands via Makefile (from the repo directory)
make doctor # diagnostic
make update # pull + submodules + symlinks + doctor
make install # link.sh + install-plugins.sh
```
`doctor.sh` checks 7 axes: symlinks, GStack submodule, prerequisites (git, Node, Cargo, Python, Claude Code),
plugins (RTK, Superpowers, Context7), permissions, token budget estimate, and config consistency
(frontmatter coherence, CRLF detection).
`session-start.sh` runs a quick health check at every session start (filesystem only, no subprocesses)
and displays toggle plugin status with `/plugin-check` and `/health` hints.
Both scripts source `lib/detect-plugins.sh` for consistent plugin detection logic.
### Updating
```bash
# One-command update (from the repo directory)
bash update-all.sh
# Or step by step
git pull # this repo
git submodule update --remote skills-external/gstack # GStack
bash link.sh # refresh symlinks
bash doctor.sh # verify
```
---
## Troubleshooting
### "command not found" after install
Restart your shell or run `source ~/.bashrc` / `source ~/.zshrc`.
### Orchestrator blocks at STEP 0 — Superpowers missing
The plugin-advisor blocks `/init-project` and `/ship-feature` if Superpowers is not active.
Install: `claude plugin marketplace add obra/superpowers-marketplace && claude plugin install --scope user superpowers@superpowers-marketplace`
Then re-run the orchestrator.
### "agent not found" or hallucinated agent content
Symlinks are broken. `cd` into your config repo and run `bash link.sh`, then verify with `bash doctor.sh`.
### GStack skills not showing up
Run `bash link.sh` and verify: `ls -la ~/.claude/skills/gstack`.
If missing: `cd` into your config repo and run `git submodule update --init`.
### link.sh warns "is a real directory"
If `~/.claude/agents/`, `~/.claude/skills/`, or `~/.claude/lib/` exist as real directories (not symlinks
from a previous `link.sh` run), the script skips them to avoid data loss. Rename or remove the directory, then re-run `link.sh`.
### Token budget exceeded / skills truncated at session start
Too many plugins active. Run `/plugin-check` to optimize.
Run `bash doctor.sh` for a token budget estimate.
### settings.json not applying
Check precedence: deny always wins over allow at any level. `.claudeignore` overrides all permission rules.
Verify deny count: `cat ~/.claude/settings.json | python3 -c "import json,sys; print(len(json.load(sys.stdin)['permissions']['deny']))"`
Expected: 77 deny rules.
### Claude reads .env despite deny rules
The `Read(**/.env)` deny rule blocks the Read tool. `Bash(cat .env)` and similar commands have separate
deny rules (included in this config). For hard exclusion regardless of tool, use `.claudeignore` in the project root.
### install-plugins.sh failed — where are the logs?
Check `install-YYYYMMDD-HHMMSS.log` in your config repo directory — the script logs all output to a timestamped file.
---
## Known limitations
- **Deny rules are pattern-based, not sandboxed.** Common bypass vectors (`bash -c`, `eval`, `xargs`, `cat .env`) are blocked, but novel indirect patterns are still possible. `.claudeignore` is the only hard file exclusion mechanism.
- **Superpowers is a hard dependency** for `/init-project` and `/ship-feature`. The plugin-advisor (STEP 0) auto-detects and blocks if Superpowers is missing, with install instructions. There is no manual fallback mode.
- **Marketplace plugin versions are not pinned.** They install latest. Non-marketplace tools (RTK, GSD) are pinned in `plugins.lock.json` and read by `install-plugins.sh`.
- **Token budget is finite and not directly observable.** With all toggle plugins active, the description budget can exceed 60%. Run `/health` or `bash doctor.sh` for an estimate.
- **Agent frontmatter fields** like `model` and `memory` are declared but their enforcement by Claude Code is not guaranteed. They serve as documentation more than strict runtime controls.
- **`Bash(cat *)` in allow vs `Bash(cat .env)` in deny** depends on Claude Code resolving deny-wins. This is the expected behavior but cannot be tested outside the runtime.