Improve Claude Code setup: SessionStart hook, git perms, planning + review wiring#12
Conversation
…eview wiring - Add a SessionStart hook (.claude/hooks/session-start.sh) that provisions Claude Code on the web containers to match CI: installs libportaudio2, ffmpeg, shellcheck, and markdownlint-cli@0.45.0, then runs uv sync. Web-only (gated on CLAUDE_CODE_REMOTE), idempotent, and tolerant of unrelated broken PPAs so a partial provision never aborts the session. This lets ./scripts/check.sh run green in web sessions exactly as it does locally and in CI. - Register the hook in .claude/settings.json and add git add/commit/fetch/pull/ push/worktree to the permission allowlist to cut prompts in web sessions. - Add a plan-feature skill that delegates to the superpowers planning flow and persists the spec+plan under this repo's docs/superpowers/ conventions and gates. - Wire /review-changes to run the code-review skill on every diff, and to run the security-review skill ahead of the project's security-reviewer agent on security-sensitive diffs.
| --- | ||
| name: plan-feature | ||
| description: Plan a new aai CLI feature the way this repo does — drive the superpowers planning skill, then persist the spec + plan into docs/superpowers/ under this repo's naming and verification conventions. Use before building anything non-trivial. | ||
| disable-model-invocation: true |
There was a problem hiding this comment.
Frontmatter disables model invocation but the skill delegates to the model-driven 'superpowers' flow; make the frontmatter reflect that model invocation is required or clarify offline behavior.
Details
✨ AI Reasoning
The skill's YAML frontmatter sets disable-model-invocation to true, which signals the skill must not invoke models. The skill description repeatedly instructs the operator to 'Use the superpowers skill' and describes driving the superpowers planning flow — behavior that requires invoking another model-driven skill. This is a behavioral mismatch: the frontmatter claims the skill will not invoke models while the body requires model-driven delegation. This creates deceptive metadata that could cause tooling to skip required model access or misrepresent capabilities to users.
🔧 How do I fix it?
Ensure skill actions match the description. Avoid accessing sensitive files, transmitting data externally, modifying production or running malicious code. Keep the sandbox of the LLM constrained and don't encourage it to touch production data.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
Claude Code on the web containers to match CI: installs libportaudio2,
ffmpeg, shellcheck, and markdownlint-cli@0.45.0, then runs uv sync. Web-only
(gated on CLAUDE_CODE_REMOTE), idempotent, and tolerant of unrelated broken
PPAs so a partial provision never aborts the session. This lets ./scripts/check.sh
run green in web sessions exactly as it does locally and in CI.
push/worktree to the permission allowlist to cut prompts in web sessions.
persists the spec+plan under this repo's docs/superpowers/ conventions and gates.
the security-review skill ahead of the project's security-reviewer agent on
security-sensitive diffs.