feat(plugin): command metadata, scoped skills, local-tier support, layered hooks, Stop audit

Wave 3 - adoption hardening. Patterns adapted (in original prose, with
attribution) from MIT-licensed shanraisshan/claude-code-best-practice.

Commands (command/enhance-claude-md.md, command/sync-claude-md.md):
- Add allowed-tools / disallowedTools / argument-hint / when_to_use so the
  commands auto-suggest in the slash menu and avoid permission prompts.
- disallowedTools blocks WebFetch + WebSearch on both commands.
- Drop the previous broken hooks block (array-of-{matcher, commands} shape
  did not match canonical schema; was never firing).

Skills:
- skill/karpathy-guidelines/SKILL.md: paths: glob over 23 code-file
  extensions, so the guardrails auto-load only when editing source, not
  markdown or data.
- skill/SKILL.md: model: haiku, effort: medium, paths: scoped to CLAUDE.md
  + AGENTS.md + .claude/rules/*.md so validator/generator passes run
  cheaply without changing the user-facing model.

CLAUDE.local.md personal tier:
- skill/validator.py BestPracticesValidator now accepts filename=; any
  *.local.md basename waives the 150-line cap.
- hooks/validate-claude-md.py reads the exempt suffix from hooks-config.
- .gitignore covers CLAUDE.local.md, **/CLAUDE.local.md,
  .claude/settings.local.json, hooks/hooks-config.local.json.

Layered hook config:
- hooks/hooks-config.json: committed defaults
  (validateClaudeMd.enabled/maxLines/exemptFilenameSuffix/exitCodeOnViolation,
  stopAuditLine.enabled).
- hooks/validate-claude-md.py merges hooks-config.json +
  hooks-config.local.json key-by-key; honours enabled=false (silent
  exit 0), configurable cap, configurable exit code.

Stop audit hook:
- hooks/audit-claude-md.py walks the project tree, prints one stderr
  line: total tracked / OVER cap / near cap (>=80%). Respects
  stopAuditLine.enabled from config.
- hooks/hooks.json registers Stop event with matcher "".

Guardian fail-closed contract:
- agent/claude-md-guardian.md Safety & Validation section now explicitly
  requires Skill-tool invocation (no inline paraphrase of SKILL.md),
  abort on missing validated output, never auto-commit, and respect
  local hook config.

Verified (8/8 smoke tests):
- Both commands parse with new fields and no broken hooks block.
- karpathy paths: 23 globs, includes .py/.ts/.go/.rs.
- skill model=haiku effort=medium with CLAUDE.md path scope.
- Validator: *.local.md (300 lines) -> pass; CLAUDE.md (300) -> fail;
  legacy ctor without filename -> default behavior preserved.
- hooks-config.json valid; validateClaudeMd.enabled=true, maxLines=150.
- Hook validator: default rc=2 on bloated, rc=0 when local override
  disables it, rc=0 on *.local.md (exempt).
- Stop hook entry present; audit script: rc=0 with "5 CLAUDE.md tracked".
- Regression: large-fullstack root still 52 lines with chain imports.
This commit is contained in:
Claude
2026-05-19 01:07:11 +00:00
parent 0a34178e22
commit e33fa8326b
12 changed files with 317 additions and 36 deletions
+25 -9
View File
@@ -1,18 +1,34 @@
---
description: Initialize or enhance CLAUDE.md files using the claude-md-enhancer skill with interactive workflow and 100% native format compliance
description: Initialize or enhance a CLAUDE.md (and chained sub-CLAUDE.md files) for the current project using the claude-md-enhancer skill. Delegates deep codebase scans to the Explore subagent and stays within the 150-line cap.
argument-hint: "[--init | --enhance | <path-to-CLAUDE.md>]"
when_to_use: |
Use whenever a project has no CLAUDE.md, when an existing one is over 150 lines,
when an /init result needs to be hardened against context bloat, or when a repo
already uses AGENTS.md / .cursorrules / .windsurfrules and you want a Claude-
aware root that chains to them via @-imports instead of overwriting.
allowed-tools:
- Read
- Edit
- Write
- Glob
- Grep
- Skill
- "Bash(ls:*)"
- "Bash(find:*)"
- "Bash(git status:*)"
- "Bash(git diff:*)"
- "Bash(wc:*)"
disallowedTools:
- WebFetch
- WebSearch
permissions:
allow:
- Bash(ls:*)
- Bash(find:*)
- Bash(git status:*)
- "Bash(ls:*)"
- "Bash(find:*)"
- "Bash(git status:*)"
- Read
- Glob
- Skill
hooks:
- matcher: ""
once: true
commands:
- echo "Starting CLAUDE.md enhancement workflow"
---
# CLAUDE.md Enhancer Command
+32 -14
View File
@@ -1,26 +1,44 @@
---
description: Walk every CLAUDE.md in the project, prune stale references, enforce the 150-line cap, and re-chain root ↔ subdirectory files.
description: Walk every CLAUDE.md in the project, prune stale references (removed deps, deleted paths, broken modular links), enforce the 150-line cap by splitting into sub-files, and repair the root ↔ subdirectory chain (markdown links + @path imports).
argument-hint: "[--dry-run | --paths-only | <directory>]"
when_to_use: |
Run after refactors, dependency changes, deleted directories, or when any single
CLAUDE.md is near the 150-line cap. Also run before cutting a release so the
documentation tag-snapshot is truthful.
allowed-tools:
- Read
- Edit
- Write
- Glob
- Grep
- Skill
- "Bash(ls:*)"
- "Bash(find:*)"
- "Bash(git status:*)"
- "Bash(git diff:*)"
- "Bash(wc:*)"
- "Bash(grep:*)"
- "Bash(cat:*)"
- "Bash(test:*)"
disallowedTools:
- WebFetch
- WebSearch
permissions:
allow:
- Bash(ls:*)
- Bash(find:*)
- Bash(git status:*)
- Bash(git diff:*)
- Bash(wc:*)
- Bash(grep:*)
- Bash(cat:*)
- Bash(test:*)
- "Bash(ls:*)"
- "Bash(find:*)"
- "Bash(git status:*)"
- "Bash(git diff:*)"
- "Bash(wc:*)"
- "Bash(grep:*)"
- "Bash(cat:*)"
- "Bash(test:*)"
- Read
- Edit
- Write
- Glob
- Grep
- Skill
hooks:
- matcher: ""
once: true
commands:
- echo "Starting CLAUDE.md sync workflow"
---
# /sync-claude-md — CLAUDE.md Sync & Cleanup