mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-07 05:56:41 +02:00
Garry Tan
484cf1fb3b
* refactor: extract processExternalHost() shared helper for multi-host generation Refactor the Codex-specific output routing block in gen-skill-docs.ts into a shared processExternalHost() function. Both Codex and future external hosts (Factory Droid) will use this helper for output routing, symlink loop detection, frontmatter transformation, path rewrites, and metadata generation. - Rename codexSkillName() to externalSkillName() everywhere - Extract ExternalHostConfig interface with per-host settings - Codex output is byte-identical (verified via --dry-run) - Skip /codex skill for all non-Claude hosts (not just codex) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add Factory Droid host type, preamble, and co-author trailer - Add 'factory' to Host union type with .factory/skills/gstack paths - Extend preamble runtime root detection for Factory ($HOME/.factory/) - Add GSTACK_DESIGN env var to preamble (was missing for Codex too) - Add Factory Droid co-author trailer for git commits Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: Factory Droid generation, --host all, and host-aware frontmatter - Add --host factory (alias: --host droid) to gen-skill-docs - Add --host all: generates for claude, codex, and factory in one invocation with fault-tolerant per-host error handling (only fails if claude fails) - Factory frontmatter: name + description + user-invocable: true - Factory sensitive skills: disable-model-invocation: true (from sensitive: field) - Claude: strips sensitive: field from output (only Factory uses it) - Factory tool name translation: Claude tool names → generic phrasing - Replace chained gen:skill-docs calls with --host all in package.json build Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: sensitive frontmatter for Factory Droid auto-invocation safety Add sensitive: true to 6 skill templates with side effects that Factory Droids shouldn't auto-invoke (ship, land-and-deploy, guard, careful, freeze, unfreeze). The field is: - Factory: emitted as disable-model-invocation: true - Claude/Codex: stripped from output by transformFrontmatter() Also fix Claude host path: call transformFrontmatter() for Claude to strip the sensitive: field from Claude output. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: gstack-platform-detect binary for multi-host debugging Bash script that prints a table of installed AI coding agents (Claude, Codex, Factory Droid, Kiro) with versions, skill paths, and gstack installation status. Useful for debugging multi-host setups. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: Factory Droid support in setup script - Add factory to --host values (auto-detected via command -v droid) - Add .factory/ skill doc generation step alongside .agents/ - Add create_factory_runtime_root() and link_factory_skill_dirs() helpers mirroring the Codex equivalents - Factory install section creates ~/.factory/skills/ with symlinks Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: Factory Droid awareness in skill-check and uninstall - skill-check.ts: add Factory skills validation and freshness check - gstack-uninstall: add Factory artifact cleanup (~/.factory/skills/gstack* and per-project .factory/ sidecar) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test: Factory Droid generation + --host all test suites Add 13 new tests: - Factory output paths, frontmatter (user-invocable, disable-model-invocation) - Sensitive vs non-sensitive skill classification - Path rewrites (no .claude/skills/ in Factory output) - /codex skill exclusion, openai.yaml absence - Factory keeps Codex integration blocks (for second opinions) - --host droid alias, --dry-run freshness, preamble paths - --host all generates for all 3 hosts - Setup script host validation updated for factory Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: Factory Droid install instructions + CI freshness check - README: add Factory Droid section with install instructions and restart note (Factory requires restart to rescan skills) - CI: add Factory skill doc freshness verification to skill-docs.yml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: generated Factory Droid skill output (.factory/skills/) 29 skills generated for Factory Droid with: - user-invocable: true on all skills - disable-model-invocation: true on 6 sensitive skills - .factory/skills/ paths (no .claude/skills/ references) - $GSTACK_ROOT env vars for runtime root detection - Tool name translation (Claude tool names → generic phrasing) Committed to git for CI freshness checks and direct consumption. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: add Factory Droid P1 TODO for browse MCP server Add 3 TODOs under new ## Factory Droid section: - P1: Browse MCP server (Option B, deeper Factory integration) - P3: .agent/skills/ dual output for cross-agent compatibility - P3: Custom Droid definitions alongside skills Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump version and changelog (v0.13.5.0) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
82 lines
3.0 KiB
Cheetah
82 lines
3.0 KiB
Cheetah
---
|
|
name: guard
|
|
version: 0.1.0
|
|
description: |
|
|
Full safety mode: destructive command warnings + directory-scoped edits.
|
|
Combines /careful (warns before rm -rf, DROP TABLE, force-push, etc.) with
|
|
/freeze (blocks edits outside a specified directory). Use for maximum safety
|
|
when touching prod or debugging live systems. Use when asked to "guard mode",
|
|
"full safety", "lock it down", or "maximum safety".
|
|
allowed-tools:
|
|
- Bash
|
|
- Read
|
|
- AskUserQuestion
|
|
hooks:
|
|
PreToolUse:
|
|
- matcher: "Bash"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/../careful/bin/check-careful.sh"
|
|
statusMessage: "Checking for destructive commands..."
|
|
- matcher: "Edit"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh"
|
|
statusMessage: "Checking freeze boundary..."
|
|
- matcher: "Write"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh"
|
|
statusMessage: "Checking freeze boundary..."
|
|
sensitive: true
|
|
---
|
|
|
|
# /guard — Full Safety Mode
|
|
|
|
Activates both destructive command warnings and directory-scoped edit restrictions.
|
|
This is the combination of `/careful` + `/freeze` in a single command.
|
|
|
|
**Dependency note:** This skill references hook scripts from the sibling `/careful`
|
|
and `/freeze` skill directories. Both must be installed (they are installed together
|
|
by the gstack setup script).
|
|
|
|
```bash
|
|
mkdir -p ~/.gstack/analytics
|
|
echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
|
|
```
|
|
|
|
## Setup
|
|
|
|
Ask the user which directory to restrict edits to. Use AskUserQuestion:
|
|
|
|
- Question: "Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing."
|
|
- Text input (not multiple choice) — the user types a path.
|
|
|
|
Once the user provides a directory path:
|
|
|
|
1. Resolve it to an absolute path:
|
|
```bash
|
|
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
|
|
echo "$FREEZE_DIR"
|
|
```
|
|
|
|
2. Ensure trailing slash and save to the freeze state file:
|
|
```bash
|
|
FREEZE_DIR="${FREEZE_DIR%/}/"
|
|
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
|
|
mkdir -p "$STATE_DIR"
|
|
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
|
|
echo "Freeze boundary set: $FREEZE_DIR"
|
|
```
|
|
|
|
Tell the user:
|
|
- "**Guard mode active.** Two protections are now running:"
|
|
- "1. **Destructive command warnings** — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)"
|
|
- "2. **Edit boundary** — file edits restricted to `<path>/`. Edits outside this directory are blocked."
|
|
- "To remove the edit boundary, run `/unfreeze`. To deactivate everything, end the session."
|
|
|
|
## What's protected
|
|
|
|
See `/careful` for the full list of destructive command patterns and safe exceptions.
|
|
See `/freeze` for how edit boundary enforcement works.
|