e1a43bcee1
Some checks failed
CI / Lint & Format Check (push) Failing after 5s
CI / Test Backend (push) Failing after 7s
CI / Build Backend (push) Has been skipped
CI / Test Frontend (push) Failing after 6s
Security Audit / Dependency Review (push) Has been skipped
CI / Build Frontend (push) Has been skipped
Security Audit / npm audit (push) Failing after 5s
77 lines
3.0 KiB
Markdown
77 lines
3.0 KiB
Markdown
# CLAUDE.md
|
|
|
|
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
|
|
|
## User Configuration Directory
|
|
|
|
This is the Claude Code configuration directory (`~/.claude`) containing user settings, project data, custom commands, and security configurations.
|
|
|
|
## Security System
|
|
|
|
The system includes a comprehensive security validation hook:
|
|
|
|
- **Command Validation**: `/Users/david/.claude/scripts/validate-command.js` - A Bun-based security script that validates commands before execution
|
|
- **Protected Operations**: Blocks dangerous commands like `rm -rf /`, system modifications, privilege escalation, network tools, and malicious patterns
|
|
- **Security Logging**: Events are logged to `/Users/melvynx/.claude/security.log` for audit trails
|
|
- **Fail-Safe Design**: Script blocks execution on any validation errors or script failures
|
|
|
|
The security system is automatically triggered by the PreToolUse hook configured in `settings.json`.
|
|
|
|
## Custom Commands
|
|
|
|
Three workflow commands are available in the `/commands` directory:
|
|
|
|
### `/run-task` - Complete Feature Implementation
|
|
Workflow for implementing features from requirements:
|
|
1. Analyze file paths or GitHub issues (using `gh cli`)
|
|
2. Create implementation plan
|
|
3. Execute updates with TypeScript validation
|
|
4. Auto-commit changes
|
|
5. Create pull request
|
|
|
|
### `/fix-pr-comments` - PR Comment Resolution
|
|
Workflow for addressing pull request feedback:
|
|
1. Fetch unresolved comments using `gh cli`
|
|
2. Plan required modifications
|
|
3. Update files accordingly
|
|
4. Commit and push changes
|
|
|
|
### `/explore-and-plan` - EPCT Development Workflow
|
|
Structured approach using parallel subagents:
|
|
1. **Explore**: Find and read relevant files
|
|
2. **Plan**: Create detailed implementation plan with web research if needed
|
|
3. **Code**: Implement following existing patterns and run autoformatting
|
|
4. **Test**: Execute tests and verify functionality
|
|
5. Write up work as PR description
|
|
|
|
## Status Line
|
|
|
|
Custom status line script (`statusline-ccusage.sh`) displays:
|
|
- Git branch with pending changes (+added/-deleted lines)
|
|
- Current directory name
|
|
- Model information
|
|
- Session costs and daily usage (if `ccusage` tool available)
|
|
- Active block costs and time remaining
|
|
- Token usage for current session
|
|
|
|
## Hooks and Audio Feedback
|
|
|
|
- **Stop Hook**: Plays completion sound (`finish.mp3`) when tasks complete
|
|
- **Notification Hook**: Plays notification sound (`need-human.mp3`) for user interaction
|
|
- **Pre-tool Validation**: All Bash commands are validated by the security script
|
|
|
|
## Project Data Structure
|
|
|
|
- `projects/`: Contains conversation history in JSONL format organized by directory paths
|
|
- `todos/`: Agent-specific todo lists for task tracking
|
|
- `shell-snapshots/`: Shell state snapshots for session management
|
|
- `statsig/`: Analytics and feature flagging data
|
|
|
|
## Permitted Commands
|
|
|
|
The system allows specific command patterns without additional validation:
|
|
- `git *` - All Git operations
|
|
- `npm run *` - NPM script execution
|
|
- `pnpm *` - PNPM package manager
|
|
- `gh *` - GitHub CLI operations
|
|
- Standard file operations (`cd`, `ls`, `node`) |