diff --git a/.pr-body-phase4.md b/.pr-body-phase4.md deleted file mode 100644 index a716da4..0000000 --- a/.pr-body-phase4.md +++ /dev/null @@ -1,34 +0,0 @@ -## Summary -Phase 4 of Claude Code support - Supply chain security and safety validation - -## Changes - -### GitHub Actions Pinning (Supply Chain Security) -- Pinned all GitHub Actions to specific commit SHAs in 4 workflow files: - - actions/checkout: v4.2.2 (11bd71901bbe5b1630ceea73d27597364c9af683) - - actions/setup-node: v4.1.0 (1a4442cacd436585991a76fe714fa58850bd193c) - - actions/configure-pages: v4.0.0 (1f0c5cde4dec8825aff22eac11aa73c856b5c886) - - actions/upload-pages-artifact: v3.0.1 (56afc609e74202658d3ffba0e8f6f4625a7d4af5) - - actions/deploy-pages: v4.0.5 (d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e) - - actions/dependency-review-action: v4.5.0 (3b139cfc5fae8b618d3eae3675e383bb1769c019) - - dorny/paths-filter: v3.0.2 (de90cc6fb38fc0963ad72b210f1f284cd68cea36) -- Renovate will still update these via SHA (helpers:pinGitHubActionDigests) - -### Safety & Validation Utilities -- Created scripts/generate-checksums.mjs to generate SHA-256 hashes -- Generated checksums.json with 84 file hashes for .cursor/ and .claude/ -- Created cli/utils/validation.mjs with: - - validateFile() - Check file against expected checksum - - validateDownload() - Validate entire directory - - scanForDangerousPatterns() - Detect malicious patterns - - validateJson() - Validate JSON syntax - -## Security -- Prevents supply chain attacks from compromised action tags -- File integrity verification via checksums -- Pattern scanning for dangerous commands - -## Depends On -Phase 1, 2, and 3 PRs should be merged first - -Refs: Implementation plan for dual-IDE support diff --git a/CLI_SKILLS_PLAN.md b/CLI_SKILLS_PLAN.md deleted file mode 100644 index d1240da..0000000 --- a/CLI_SKILLS_PLAN.md +++ /dev/null @@ -1,166 +0,0 @@ -# CLI Tool Plan: Skills Recognition and Download - -## Problem - -The CLI tool needs to recognize and download `.claude/skills/` alongside rules and commands. - -## Current State - -- CLI downloads: `.cursor/rules/`, `.claude/rules/`, `.claude/commands/` -- Missing: `.claude/skills/` directory -- Interactive mode only handles rules, not skills - -## Proposed Solution - -### 1. Update Download Logic - -Add `.claude/skills/` to IDE-specific download paths: - -```javascript -function getSourcePaths(ide) { - const paths = []; - - if (ide === 'claude' || ide === 'both') { - paths.push( - { source: '.claude/rules', dest: '.claude/rules', type: 'rules' }, - { source: '.claude/commands', dest: '.claude/commands', type: 'commands' }, - { source: '.claude/skills', dest: '.claude/skills', type: 'skills' } // NEW - ); - } - - return paths; -} -``` - -### 2. Interactive Skills Selection - -Add skills to interactive menu: - -```javascript -// scanAvailableSkills() - similar to scanAvailableRules() -async function scanAvailableSkills(basePath) { - const skills = []; - const entries = await readdir(basePath, { withFileTypes: true }); - - for (const entry of entries) { - if (entry.isDirectory() && entry.name !== 'CLAUDE.md') { - const skillPath = join(basePath, entry.name, 'SKILL.md'); - if (await fileExists(skillPath)) { - skills.push({ - name: entry.name, - path: skillPath, - displayName: formatSkillName(entry.name) - }); - } - } - } - - return skills; -} -``` - -### 3. Skills in Interactive Mode - -Update interactive menu flow: - -``` -[Interactive Mode] - ↓ -Select IDE (cursor/claude/both) - ↓ -Select Content Type: - - Rules - - Skills (NEW) ← - - Commands - - All - ↓ -Select specific items - ↓ -Download -``` - -### 4. CLI Flags for Skills - -Add skills-specific flags: - -```bash -npx @usrrname/cursorrules --skills-only # Download only skills -npx @usrrname/cursorrules --include-skills # Include in batch download -npx @usrrname/cursorrules --list-skills # List available skills -``` - -### 5. Skills Metadata - -Parse SKILL.md frontmatter for metadata: - -```javascript -function parseSkillMetadata(skillPath) { - const content = readFileSync(skillPath, 'utf-8'); - const frontmatter = content.match(/^---\n([\s\S]*?)\n---/); - - if (frontmatter) { - return yaml.parse(frontmatter[1]); - } - - return { name: basename(skillPath), description: '' }; -} -``` - -### 6. Implementation Tasks - -#### Phase A: Basic Skills Download -- [ ] Update `download-files.mjs` to include skills path -- [ ] Add skills to `--ide both` download -- [ ] Test skills download with `--dry-run` - -#### Phase B: Skills Discovery -- [ ] Create `scanAvailableSkills()` function -- [ ] Add skills metadata parsing -- [ ] Create skills listing command - -#### Phase C: Interactive Skills Selection -- [ ] Add skills category to interactive menu -- [ ] Create skill selection UI -- [ ] Handle skills-specific download - -#### Phase D: Advanced Features -- [ ] Add `--skills-only` flag -- [ ] Add skill dependency resolution -- [ ] Filter skills by trigger patterns - -### 7. Directory Structure After Download - -``` -project/ -├── .claude/ -│ ├── settings.json -│ ├── rules/ -│ ├── commands/ -│ └── skills/ # Downloaded skills -│ ├── typescript/ -│ │ └── SKILL.md -│ ├── react/ -│ │ └── SKILL.md -│ └── CLAUDE.md -``` - -### 8. Backward Compatibility - -- Existing `--flat` flag continues to work -- Default behavior unchanged (cursor rules only) -- Skills only downloaded with `--ide claude` or `--ide both` - -## Open Questions - -1. Should skills be selectable individually or only as groups? -2. Should we add skill dependencies (e.g., react skill depends on typescript skill)? -3. Should skills trigger rules download automatically? - -## Timeline - -- Phase A: 1-2 days -- Phase B: 2-3 days -- Phase C: 3-4 days -- Phase D: 2-3 days - -Total: ~1-2 weeks for full skills support