Dargon789 · Dargon789 · Sep 30, 2025 · Oct 1, 2025 · Feb 1, 2025 · Feb 1, 2025
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,31 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/configuration-reference
+version: 2.1
+
+# Define a job to be invoked later in a workflow.
+# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs
+jobs:
+  say-hello:
+    # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub.
+    # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job
+    docker:
+      # Specify the version you desire here
+      # See: https://circleci.com/developer/images/image/cimg/base
+      - image: cimg/base:current
+
+    # Add steps to the job
+    # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps
+    steps:
+      # Checkout the code as the first step.
+      - checkout
+      - run:
+          name: "Say hello"
+          command: "echo Hello, World!"
+
+# Orchestrate jobs using workflows
+# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows
+workflows:
+  say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow.
+    # Inside the workflow, you define the jobs you want to run.
+    jobs:
+      - say-hello
diff --git a/.circleci/docker.yml b/.circleci/docker.yml
@@ -0,0 +1,100 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '21 12 * * *'
+  push:
+    branches: [ "master" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "master" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+    - name: Build the Docker image
+      run: docker build . --file path/to/Dockerfile --tag my-image-name:$(date +%s)
+
+  runs-on: ubuntu-latest
+   permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v5.0.0
+        with:
+          context: ./
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
diff --git a/.claude/hooks/skill-activation-prompt.sh b/.claude/hooks/skill-activation-prompt.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# Copied from https://github.com/diet103/claude-code-infrastructure-showcase/blob/c586f9d8854989abbe9040cde61527888ded3904/.claude/hooks/skill-activation-prompt.sh
+set -e
+
+cd "$CLAUDE_PROJECT_DIR/.claude/hooks"
+cat | bun run skill-activation-prompt.ts
diff --git a/.claude/hooks/skill-activation-prompt.ts b/.claude/hooks/skill-activation-prompt.ts
@@ -0,0 +1,132 @@
+#!/usr/bin/env node
+/** biome-ignore-all lint/suspicious/noConsole: script output */
+// Copied from https://github.com/diet103/claude-code-infrastructure-showcase/blob/c586f9d8854989abbe9040cde61527888ded3904/.claude/hooks/skill-activation-prompt.ts
+import { readFileSync } from 'fs'
+import { join } from 'path'
+
+interface HookInput {
+  session_id: string
+  transcript_path: string
+  cwd: string
+  permission_mode: string
+  prompt: string
+}
+
+interface PromptTriggers {
+  keywords?: string[]
+  intentPatterns?: string[]
+}
+
+interface SkillRule {
+  type: 'guardrail' | 'domain'
+  enforcement: 'block' | 'suggest' | 'warn'
+  priority: 'critical' | 'high' | 'medium' | 'low'
+  promptTriggers?: PromptTriggers
+}
+
+interface SkillRules {
+  version: string
+  skills: Record<string, SkillRule>
+}
+
+interface MatchedSkill {
+  name: string
+  matchType: 'keyword' | 'intent'
+  config: SkillRule
+}
+
+async function main() {
+  try {
+    // Read input from stdin
+    const input = readFileSync(0, 'utf-8')
+    const data: HookInput = JSON.parse(input)
+    const prompt = data.prompt.toLowerCase()
+
+    // Load skill rules
+    const projectDir = process.env.CLAUDE_PROJECT_DIR || '$HOME/project'
+    const rulesPath = join(projectDir, '.claude', 'skills', 'skill-rules.json')
+    const rules: SkillRules = JSON.parse(readFileSync(rulesPath, 'utf-8'))
+
+    const matchedSkills: MatchedSkill[] = []
+
+    // Check each skill for matches
+    for (const [skillName, config] of Object.entries(rules.skills)) {
+      const triggers = config.promptTriggers
+      if (!triggers) {
+        continue
+      }
+
+      // Keyword matching
+      if (triggers.keywords) {
+        const keywordMatch = triggers.keywords.some((kw) => prompt.includes(kw.toLowerCase()))
+        if (keywordMatch) {
+          matchedSkills.push({ name: skillName, matchType: 'keyword', config })
+          continue
+        }
+      }
+
+      // Intent pattern matching
+      if (triggers.intentPatterns) {
+        const intentMatch = triggers.intentPatterns.some((pattern) => {
+          const regex = new RegExp(pattern, 'i')
+          return regex.test(prompt)
+        })
+        if (intentMatch) {
+          matchedSkills.push({ name: skillName, matchType: 'intent', config })
+        }
+      }
+    }
+
+    // Generate output if matches found
+    if (matchedSkills.length > 0) {
+      let output = '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n'
+      output += '🎯 SKILL ACTIVATION CHECK\n'
+      output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n'
+
+      // Group by priority
+      const critical = matchedSkills.filter((s) => s.config.priority === 'critical')
+      const high = matchedSkills.filter((s) => s.config.priority === 'high')
+      const medium = matchedSkills.filter((s) => s.config.priority === 'medium')
+      const low = matchedSkills.filter((s) => s.config.priority === 'low')
+
+      if (critical.length > 0) {
+        output += '⚠️ CRITICAL SKILLS (REQUIRED):\n'
+        critical.forEach((s) => (output += `  → ${s.name}\n`))
+        output += '\n'
+      }
+
+      if (high.length > 0) {
+        output += '📚 RECOMMENDED SKILLS:\n'
+        high.forEach((s) => (output += `  → ${s.name}\n`))
+        output += '\n'
+      }
+
+      if (medium.length > 0) {
+        output += '💡 SUGGESTED SKILLS:\n'
+        medium.forEach((s) => (output += `  → ${s.name}\n`))
+        output += '\n'
+      }
+
+      if (low.length > 0) {
+        output += '📌 OPTIONAL SKILLS:\n'
+        low.forEach((s) => (output += `  → ${s.name}\n`))
+        output += '\n'
+      }
+
+      output += 'ACTION: Use Skill tool BEFORE responding\n'
+      output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n'
+
+      console.log(output)
+    }
+
+    process.exit(0)
+  } catch (err) {
+    console.error('Error in skill-activation-prompt hook:', err)
+    process.exit(1)
+  }
+}
+
+main().catch((err) => {
+  console.error('Uncaught error:', err)
+  process.exit(1)
+})
diff --git a/.claude/settings.json b/.claude/settings.json
@@ -0,0 +1,32 @@
+{
+  "permissions": {
+    "deny": [
+      "Read(**/.env)",
+      "Edit(**/.env)",
+      "Read(~/.aws/**)",
+      "Edit(~/.aws/**)",
+      "Read(~/.ssh/**)",
+      "Edit(~/.ssh/**)",
+      "Read(~/.gnupg/**)",
+      "Edit(~/.gnupg/**)",
+      "Read(~/.git-credentials)",
+      "Edit(~/.git-credentials)",
+      "Read($HOME/Library/Keychains/**)",
+      "Edit($HOME/Library/Keychains/**)",
+      "Read(/private/etc/**)",
+      "Edit(/private/etc/**)"
+    ]
+  },
+  "hooks": {
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/skill-activation-prompt.sh"
+          }
+        ]
+      }
+    ]
+  }
+}
diff --git a/.claude/skills/skill-rules.json b/.claude/skills/skill-rules.json
@@ -0,0 +1,29 @@
+{
+  "version": "1.0",
+  "description": "Skill activation triggers for Claude Code. Controls when skills automatically suggest or block actions.",
+  "skills": {
+    "web-e2e": {
+      "type": "domain",
+      "enforcement": "block",
+      "priority": "critical",
+      "description": "Run, debug, and create Playwright e2e tests for the web app.",
+      "promptTriggers": {
+        "keywords": ["e2e", "end-to-end", "playwright"],
+        "intentPatterns": ["(run|start|debug|create|explain).*?e2e"]
+      }
+    }
+  },
+  "notes": {
+    "enforcement_types": {
+      "suggest": "Skill suggestion appears but doesn't block execution",
+      "block": "Requires skill to be used before proceeding (guardrail)",
+      "warn": "Shows warning but allows proceeding"
+    },
+    "priority_levels": {
+      "critical": "Highest - Always trigger when matched",
+      "high": "Important - Trigger for most matches",
+      "medium": "Moderate - Trigger for clear matches",
+      "low": "Optional - Trigger only for explicit matches"
+    }
+  }
+}