diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 07b41d3..7441ecd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ permissions: jobs: ci: name: Run CI Pipeline - uses: SocketDev/socket-registry/.github/workflows/ci.yml@adb5697306eb2619b3255c2406e52e04cc99d555 # main + uses: SocketDev/socket-registry/.github/workflows/ci.yml@6096b06b1790f411714c89c40f72aade2eeaab7c # main with: test-setup-script: 'pnpm run build' lint-script: 'pnpm run lint --all' @@ -46,7 +46,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@24323cbd9e61a7e3a600b8c7e99eb27a29642a54 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6096b06b1790f411714c89c40f72aade2eeaab7c # main with: node-version: '24' diff --git a/.github/workflows/provenance.yml b/.github/workflows/provenance.yml index 6319d69..2932ea3 100644 --- a/.github/workflows/provenance.yml +++ b/.github/workflows/provenance.yml @@ -21,7 +21,7 @@ permissions: jobs: publish: - uses: SocketDev/socket-registry/.github/workflows/provenance.yml@b809e72d069356dfaf490134e9a20226dd9376c1 # main + uses: SocketDev/socket-registry/.github/workflows/provenance.yml@6096b06b1790f411714c89c40f72aade2eeaab7c # main with: debug: ${{ inputs.debug }} package-name: '@socketsecurity/lib' diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml index ba26396..1d0ef49 100644 --- a/.github/workflows/weekly-update.yml +++ b/.github/workflows/weekly-update.yml @@ -24,11 +24,13 @@ jobs: outputs: has-updates: ${{ steps.check.outputs.has-updates }} steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@24323cbd9e61a7e3a600b8c7e99eb27a29642a54 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Check for npm updates id: check + shell: bash run: | + alias pnpm="$SFW_BIN pnpm" echo "Checking for npm package updates..." HAS_UPDATES=false NPM_UPDATES=$(pnpm outdated 2>/dev/null || true) @@ -47,10 +49,13 @@ jobs: contents: write pull-requests: write steps: - - uses: SocketDev/socket-registry/.github/actions/setup-and-install@24323cbd9e61a7e3a600b8c7e99eb27a29642a54 # main + - uses: SocketDev/socket-registry/.github/actions/setup-and-install@6096b06b1790f411714c89c40f72aade2eeaab7c # main - name: Install Claude Code - run: npm install -g @anthropic-ai/claude-code + shell: bash + run: | + alias pnpm="$SFW_BIN pnpm" + pnpm add -g @anthropic-ai/claude-code@2.1.89 - name: Create update branch id: branch @@ -67,10 +72,12 @@ jobs: - name: Run updating skill with Claude Code id: claude timeout-minutes: 30 + shell: bash env: ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} GITHUB_ACTIONS: 'true' run: | + alias pnpm="$SFW_BIN pnpm" if [ -z "$ANTHROPIC_API_KEY" ]; then echo "ANTHROPIC_API_KEY not set - skipping automated update" echo "success=false" >> $GITHUB_OUTPUT diff --git a/CLAUDE.md b/CLAUDE.md index b1b03ce..01b9022 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -37,6 +37,8 @@ - Read files >500 LOC in chunks using offset/limit; never assume one read captured the whole file - Before every edit: re-read the file. After every edit: re-read to confirm the change applied correctly - When renaming anything, search separately for: direct calls, type references, string literals, dynamic imports, re-exports, test files — one grep is not enough +- Tool results over 50K characters are silently truncated — if search returns suspiciously few results, narrow scope and re-run +- For tasks touching >5 files: use sub-agents with worktree isolation to prevent context decay ## JUDGMENT PROTOCOL @@ -50,6 +52,14 @@ - Try the simplest approach first; if architecture is actually flawed, flag it and wait for approval before restructuring - When asked to "make a plan," output only the plan — no code until given the go-ahead +## COMPLETION PROTOCOL + +- **NEVER claim done with something 80% complete** — finish 100% before reporting +- When a multi-step change doesn't immediately show gains, commit and keep iterating — don't revert +- If one approach fails, fix forward: analyze why, adjust, rebuild, re-measure — not `git checkout` +- After EVERY code change: build, test, verify, commit. This is a single atomic unit +- Reverting is a last resort after exhausting forward fixes — and requires explicit user approval + ## SELF-EVALUATION - Before calling anything done: present two views — what a perfectionist would reject vs. what a pragmatist would ship @@ -57,6 +67,21 @@ - If a fix doesn't work after two attempts: stop, re-read the relevant section top-down, state where the mental model was wrong, propose something fundamentally different - If asked to "step back" or "going in circles": drop everything, rethink from scratch +## SELF-IMPROVEMENT + +- After ANY correction from the user: log the pattern to memory so the same mistake is never repeated +- Convert mistakes into strict rules — don't just note them, enforce them +- After fixing a bug: explain why it happened and whether anything prevents that category of bug in the future + +## FILE SYSTEM AS STATE + +The file system is working memory. Use it actively: + +- Write intermediate results and analysis to files in `.claude/` +- Use `.claude/` for plans, status tracking, and cross-session context +- When debugging, save logs and outputs to files for reproducible verification +- Don't hold large analysis in context — write it down, reference it later + ## HOUSEKEEPING - Before risky changes: offer to checkpoint — "want me to commit before this?"