2025-07-14 14:28:11 +02:00
# Security Policy
## 🔒 Reporting Security Vulnerabilities
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
SuperClaude Framework prioritizes security through secure-by-design principles, comprehensive input validation, and responsible vulnerability management. We are committed to maintaining a secure development platform while enabling powerful AI-assisted workflows.
**Security Commitment:**
- Timely response to security reports (48-72 hours)
- Transparent communication about security issues
- Regular security audits and dependency updates
- Community-driven security improvement
2025-07-14 14:28:11 +02:00
### Responsible Disclosure
2025-08-18 12:45:06 +02:00
**Primary Contact:** anton.knoery@gmail .com (monitored by maintainers)
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Process:**
2025-08-18 12:45:06 +02:00
1. **Report** : Send detailed vulnerability report to anton.knoery@gmail .com
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
2. **Acknowledgment** : We'll confirm receipt within 48 hours
3. **Investigation** : Initial assessment within 72 hours
4. **Coordination** : Work together on fix development and testing
5. **Disclosure** : Coordinated public disclosure after fix deployment
**Alternative Channels:**
- GitHub Security Advisories (for GitHub-hosted issues)
- Direct contact to maintainers for critical vulnerabilities
- Encrypted communication available upon request
**Please Do:**
- Provide detailed technical description and reproduction steps
- Allow reasonable time for investigation and fix development
- Maintain confidentiality until coordinated disclosure
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Please Don't:**
- Publicly disclose vulnerabilities before coordination
- Test vulnerabilities on systems you don't own
- Access or modify data beyond proof-of-concept demonstration
2025-07-14 14:28:11 +02:00
### What to Include
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Essential Information:**
- SuperClaude version: `SuperClaude --version`
- Operating system and version
- Python version: `python3 --version`
- Claude Code version: `claude --version`
- Vulnerability description and potential impact
- Detailed reproduction steps with minimal test case
- Proof-of-concept code or commands (if applicable)
**Helpful Additional Details:**
- MCP server configurations involved (if applicable)
- Network environment and proxy configurations
- Custom behavioral modes or agent configurations
- Log files or error messages (sanitized of personal data)
- Screenshots or recordings of the vulnerability demonstration
**Vulnerability Report Template:**
```
**SuperClaude Version:** [version]
**Environment:** [OS, Python version, Claude Code version]
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Vulnerability Summary:**
[Brief description of the security issue]
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Impact Assessment:**
[Potential security impact and affected components]
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Reproduction Steps:**
1. [Step-by-step instructions]
2. [Include exact commands or configuration]
3. [Show expected vs actual behavior]
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Proof of Concept:**
[Minimal code or commands demonstrating the issue]
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Suggested Fix:**
[Optional: your thoughts on remediation approach]
```
### Response Timeline
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Response Timeline:**
**Initial Response: 48 hours**
- Acknowledge receipt of vulnerability report
- Assign internal tracking identifier
- Provide initial impact assessment
**Investigation: 72 hours**
- Confirm vulnerability and assess severity
- Identify affected versions and components
- Begin fix development planning
**Status Updates: Weekly**
- Regular progress updates during investigation
- Timeline adjustments if complexity requires extension
- Coordination on disclosure timeline
**Fix Development: Severity-dependent**
- **Critical**: 7-14 days for patch development
- **High**: 14-30 days for comprehensive fix
- **Medium**: 30-60 days for thorough resolution
- **Low**: Next regular release cycle
**Disclosure Coordination:**
- Advance notice to reporter before public disclosure
- Security advisory preparation and review
- Coordinated release with fix deployment
- Public acknowledgment of responsible disclosure
**Emergency Response:**
For actively exploited vulnerabilities or critical security issues:
- Immediate response within 12 hours
- Emergency patch development and testing
- Expedited disclosure process with community notification
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
## 🚨 Severity Levels
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Critical (CVSS 9.0-10.0)**
- **Examples**: Remote code execution, arbitrary file system access, credential theft
- **Response**: 12-hour acknowledgment, 7-day fix target
- **Impact**: Complete system compromise or data breach potential
**High (CVSS 7.0-8.9)**
- **Examples**: Privilege escalation, sensitive data exposure, authentication bypass
- **Response**: 24-hour acknowledgment, 14-day fix target
- **Impact**: Significant security control bypass or data access
**Medium (CVSS 4.0-6.9)**
- **Examples**: Information disclosure, denial of service, configuration manipulation
- **Response**: 48-hour acknowledgment, 30-day fix target
- **Impact**: Limited security impact or specific attack scenarios
**Low (CVSS 0.1-3.9)**
- **Examples**: Minor information leaks, rate limiting bypass, non-critical validation errors
- **Response**: 72-hour acknowledgment, next release cycle
- **Impact**: Minimal security impact requiring specific conditions
**Severity Assessment Factors:**
- **Attack Vector**: Network accessible vs local access required
- **Attack Complexity**: Simple vs complex exploitation requirements
- **Privileges Required**: None vs authenticated access needed
- **User Interaction**: Automatic vs user action required
- **Scope**: Framework core vs specific component impact
- **Confidentiality/Integrity/Availability Impact**: Complete vs partial vs none
**Special Considerations:**
- MCP server vulnerabilities assessed based on worst-case configuration
- Agent coordination issues evaluated for privilege escalation potential
- Configuration file vulnerabilities considered for credential exposure risk
2025-07-14 14:28:11 +02:00
docs: Comprehensive documentation update for SuperClaude V4 Beta
Updated all root documentation to reflect V4 Beta capabilities:
Root Documentation:
- VERSION: Updated to 4.0.0-beta.1
- README.md: Complete rewrite with V4 features (21 commands, 13 agents, 6 MCP servers)
- ARCHITECTURE_OVERVIEW.md: Updated for V4 Beta with correct counts and new features
- CHANGELOG.md: Added comprehensive V4.0.0-beta.1 release section
- ROADMAP.md: Added V4 Beta current status and updated future vision
- CONTRIBUTING.md: Updated architecture, testing, and contribution guidelines
- SECURITY.md: Added V4 security features and version support table
- MANIFEST.in: Updated to include new V4 directories
- pyproject.toml: Updated URLs and description for V4 Beta
User Documentation:
- commands-guide.md: Updated to 21 commands with new V4 commands
- superclaude-user-guide.md: Comprehensive V4 Beta features documentation
- flags-guide.md: Updated with new V4 flags and agent system
- installation-guide.md: V4 Beta installation including hooks system
- agents-guide.md: NEW - Complete guide for 13 specialized agents
- personas-guide.md: Renamed to personas-guide-v3-legacy.md
Key V4 Beta Features Documented:
- 21 specialized commands (added: brainstorm, reflect, save, select-tool)
- 13 domain expert agents replacing persona system
- 6 MCP servers (added Morphllm and Serena)
- 4 Behavioral Modes (Brainstorming, Introspection, Task Management, Token Efficiency)
- Session Lifecycle with cross-session persistence
- Redesigned Hooks System with Python integration
- SuperClaude-Lite minimal implementation
- Comprehensive Templates system
All documentation maintains friendly, accessible tone while accurately reflecting V4 Beta's advanced capabilities.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-05 14:44:37 +02:00
## 🔐 Supported Versions
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Currently Supported Versions:**
| Version | Security Support | End of Support |
|---------|------------------|----------------|
Fixed Some Bugs (#355)
* Fix: Install only selected MCP servers and ensure valid empty backups
This commit addresses two separate issues:
1. **MCP Installation:** The `install` command was installing all MCP servers instead of only the ones selected by the user. The `_install` method in `setup/components/mcp.py` was iterating through all available servers, not the user's selection. This has been fixed to respect the `selected_mcp_servers` configuration. A new test has been added to verify this fix.
2. **Backup Creation:** The `create_backup` method in `setup/core/installer.py` created an invalid `.tar.gz` file when the backup source was empty. This has been fixed to ensure that a valid, empty tar archive is always created. A test was added for this as well.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* Fix: Correct installer validation for MCP and MCP Docs components
This commit fixes a validation issue in the installer where it would incorrectly fail after a partial installation of MCP servers.
The `MCPComponent` validation logic was checking for all "required" servers, regardless of whether they were selected by the user. This has been corrected to only validate the servers that were actually installed, by checking against the list of installed servers stored in the metadata. The metadata storage has also been fixed to only record the installed servers.
The `MCPDocsComponent` was failing validation because it was not being registered in the metadata if no documentation files were installed. This has been fixed by ensuring the post-installation hook runs even when no files are copied.
New tests have been added for both components to verify the corrected logic.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* Fix: Allow re-installation of components and correct validation logic
This commit fixes a bug that prevented new MCP servers from being installed on subsequent runs of the installer. It also fixes the validation logic that was causing failures after a partial installation.
The key changes are:
1. A new `is_reinstallable` method has been added to the base `Component` class. This allows certain components (like the `mcp` component) to be re-run even if they are already marked as installed.
2. The installer logic has been updated to respect this new method.
3. The `MCPComponent` now correctly stores only the installed servers in the metadata.
4. The validation logic for `MCPComponent` and `MCPDocsComponent` has been corrected to prevent incorrect failures.
New tests have been added to verify all aspects of the new logic.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* feat: Display authors in UI header and update author info
This commit implements the user's request to display author names and emails in the UI header of the installer.
The key changes are:
1. The `__email__` field in `SuperClaude/__init__.py` has been updated to include both authors' emails.
2. The `display_header` function in `setup/utils/ui.py` has been modified to read the author and email information and display it.
3. A new test has been added to `tests/test_ui.py` to verify the new UI output.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* feat: Version bump to 4.1.0 and various fixes
This commit prepares the project for the v4.1.0 release. It includes a version bump across all relevant files and incorporates several bug fixes and feature enhancements from recent tasks.
Key changes in this release:
- **Version Bump**: The project version has been updated from 4.0.9 to 4.1.0 in all configuration files, documentation, and source code.
- **Installer Fixes**:
- Components can now be marked as `reinstallable`, allowing them to be re-run on subsequent installations. This fixes a bug where new MCP servers could not be added.
- The validation logic for `mcp` and `mcp_docs` components has been corrected to avoid incorrect failures.
- A bug in the backup creation process that created invalid empty archives has been fixed.
- **UI Enhancements**:
- Author names and emails are now displayed in the installer UI header.
- **Metadata Updates**:
- Mithun Gowda B has been added as an author.
- **New Tests**:
- Comprehensive tests have been added for the installer logic, MCP components, and UI changes to ensure correctness and prevent regressions.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* fix: Resolve dependencies for partial installs and other fixes
This commit addresses several issues, the main one being a dependency resolution failure during partial installations.
Key changes:
- **Dependency Resolution**: The installer now correctly resolves the full dependency tree when a user requests to install a subset of components. This fixes the "Unknown component: core" error.
- **Component Re-installation**: A new `is_reinstallable` flag allows components like `mcp` to be re-run on subsequent installs, enabling the addition of new servers.
- **Validation Logic**: The validation for `mcp` and `mcp_docs` has been corrected to avoid spurious failures.
- **UI and Metadata**: Author information has been added to the UI header and source files.
- **Version Bump**: The project version has been updated to 4.1.0.
- **Tests**: New tests have been added to cover all the above changes.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* fix: Installer fixes and version bump to 4.1.0
This commit includes a collection of fixes for the installer logic, UI enhancements, and a version bump to 4.1.0.
Key changes:
- **Dependency Resolution**: The installer now correctly resolves the full dependency tree for partial installations, fixing the "Unknown component: core" error.
- **Component Re-installation**: A new `is_reinstallable` flag allows components like `mcp` to be re-run to add new servers.
- **MCP Installation**: The non-interactive installation of the `mcp` component now correctly prompts the user to select servers.
- **Validation Logic**: The post-installation validation logic has been corrected to only validate components from the current session and to use the correct list of installed servers.
- **UI & Metadata**: Author information has been added to the UI and source files.
- **Version Bump**: The project version has been updated from 4.0.9 to 4.1.0 across all files.
- **Tests**: New tests have been added to cover all the bug fixes.
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
* feat: Add --authors flag and multiple installer fixes
This commit introduces the `--authors` flag to display author information and includes a collection of fixes for the installer logic.
Key changes:
- **New Feature**: Added an `--authors` flag that displays the names, emails, and GitHub usernames of the project authors.
- **Dependency Resolution**: Fixed a critical bug where partial installations would fail due to unresolved dependencies.
- **Component Re-installation**: Added a mechanism to allow components to be "reinstallable", fixing an issue that prevented adding new MCP servers on subsequent runs.
- **MCP Installation**: The non-interactive installation of the `mcp` component now correctly prompts for server selection.
- **Validation Logic**: Corrected the post-installation validation to prevent spurious errors.
- **Version Bump**: The project version has been updated to 4.1.0.
- **Metadata**: Author and GitHub information has been added to the source files.
- **UI**: The installer header now displays author information.
- **Tests**: Added new tests for all new features and bug fixes.
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
---------
Co-authored-by: Mithun Gowda B <mithungowda.b7411@gmail.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Jules <jules-ai-assistant@users.noreply.github.com>
2025-09-13 17:28:52 +05:30
| 4.1.x | ✅ Full support | TBD (current) |
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
| 3.x.x | ⚠️ Critical only | June 2025 |
| 2.x.x | ❌ No support | December 2024 |
| 1.x.x | ❌ No support | June 2024 |
**Support Policy:**
- **Full Support**: All security issues addressed with regular patches
- **Critical Only**: Only critical vulnerabilities (CVSS 9.0+) receive patches
- **No Support**: No security patches; users should upgrade immediately
**Version Support Lifecycle:**
- **Current Major**: Full security support for entire lifecycle
- **Previous Major**: Critical security support for 12 months after new major release
- **Legacy Versions**: No support; upgrade required for security fixes
**Security Update Distribution:**
- Critical patches: Immediate release with emergency notification
- High severity: Coordinated release with regular update cycle
- Medium/Low: Included in next scheduled release
**Upgrade Recommendations:**
- Always use the latest stable version for best security posture
- Subscribe to security notifications for timely update information
- Test updates in development environment before production deployment
- Review security advisories for impact assessment
**Enterprise Support:**
For organizations requiring extended security support:
- Contact maintainers for custom support arrangements
- Consider contributing to development for priority handling
- Implement additional security controls for unsupported versions
docs: Comprehensive documentation update for SuperClaude V4 Beta
Updated all root documentation to reflect V4 Beta capabilities:
Root Documentation:
- VERSION: Updated to 4.0.0-beta.1
- README.md: Complete rewrite with V4 features (21 commands, 13 agents, 6 MCP servers)
- ARCHITECTURE_OVERVIEW.md: Updated for V4 Beta with correct counts and new features
- CHANGELOG.md: Added comprehensive V4.0.0-beta.1 release section
- ROADMAP.md: Added V4 Beta current status and updated future vision
- CONTRIBUTING.md: Updated architecture, testing, and contribution guidelines
- SECURITY.md: Added V4 security features and version support table
- MANIFEST.in: Updated to include new V4 directories
- pyproject.toml: Updated URLs and description for V4 Beta
User Documentation:
- commands-guide.md: Updated to 21 commands with new V4 commands
- superclaude-user-guide.md: Comprehensive V4 Beta features documentation
- flags-guide.md: Updated with new V4 flags and agent system
- installation-guide.md: V4 Beta installation including hooks system
- agents-guide.md: NEW - Complete guide for 13 specialized agents
- personas-guide.md: Renamed to personas-guide-v3-legacy.md
Key V4 Beta Features Documented:
- 21 specialized commands (added: brainstorm, reflect, save, select-tool)
- 13 domain expert agents replacing persona system
- 6 MCP servers (added Morphllm and Serena)
- 4 Behavioral Modes (Brainstorming, Introspection, Task Management, Token Efficiency)
- Session Lifecycle with cross-session persistence
- Redesigned Hooks System with Python integration
- SuperClaude-Lite minimal implementation
- Comprehensive Templates system
All documentation maintains friendly, accessible tone while accurately reflecting V4 Beta's advanced capabilities.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-05 14:44:37 +02:00
2025-07-14 14:28:11 +02:00
## 🛡️ Security Features
2025-08-15 21:30:29 +02:00
### Framework Component Security (V4 Enhanced)
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Input Validation & Sanitization:**
- Command parameter validation and type checking
- File path sanitization and directory traversal prevention
- Agent activation logic with controlled permissions
- Configuration parsing with strict schema validation
**Behavioral Mode Security:**
- Mode switching validation and access controls
- Isolation between different behavioral contexts
- Safe mode operation with restricted capabilities
- Automatic fallback to secure defaults on errors
**Agent Coordination Security:**
- Agent privilege separation and limited scope
- Secure inter-agent communication protocols
- Resource usage monitoring and limits
- Fail-safe agent deactivation on security violations
**Session Management:**
- Secure session persistence with data integrity validation
- Memory isolation between different projects and users
- Automatic session cleanup and resource deallocation
- Encrypted storage for sensitive session data
**Quality Gates:**
- Pre-execution security validation for all commands
- Runtime monitoring for suspicious activity patterns
- Post-execution verification and rollback capabilities
- Automated security scanning for generated code
**Dependency Management:**
- Regular dependency updates and vulnerability scanning
- Minimal privilege principle for external library usage
- Supply chain security validation for framework components
- Isolated execution environments for external tool integration
2025-07-14 14:28:11 +02:00
### File System Protection
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Path Validation:**
- Absolute path requirement for all file operations
- Directory traversal attack prevention (`../` sequences blocked)
- Symbolic link resolution with safety checks
- Whitelist-based path validation for sensitive operations
**File Access Controls:**
- User permission respect and validation
- Read-only mode enforcement where appropriate
- Temporary file cleanup and secure deletion
- Configuration file integrity validation
**Configuration Security:**
- ~/.claude directory permission validation (user-only access)
- Configuration file schema validation and sanitization
- Backup creation before configuration changes
- Rollback capabilities for configuration corruption
**Workspace Isolation:**
- Project-specific workspace boundaries
- Prevent cross-project data leakage
- Secure temporary file management within project scope
- Automatic cleanup of generated artifacts
**File Content Security:**
- Binary file detection and safe handling
- Text encoding validation and normalization
- Size limits for file operations to prevent resource exhaustion
- Content scanning for potential security indicators
**Backup and Recovery:**
- Automatic backup creation before destructive operations
- Secure backup storage with integrity verification
- Point-in-time recovery for configuration corruption
- User data preservation during framework updates
2025-07-14 14:28:11 +02:00
docs: Comprehensive documentation update for SuperClaude V4 Beta
Updated all root documentation to reflect V4 Beta capabilities:
Root Documentation:
- VERSION: Updated to 4.0.0-beta.1
- README.md: Complete rewrite with V4 features (21 commands, 13 agents, 6 MCP servers)
- ARCHITECTURE_OVERVIEW.md: Updated for V4 Beta with correct counts and new features
- CHANGELOG.md: Added comprehensive V4.0.0-beta.1 release section
- ROADMAP.md: Added V4 Beta current status and updated future vision
- CONTRIBUTING.md: Updated architecture, testing, and contribution guidelines
- SECURITY.md: Added V4 security features and version support table
- MANIFEST.in: Updated to include new V4 directories
- pyproject.toml: Updated URLs and description for V4 Beta
User Documentation:
- commands-guide.md: Updated to 21 commands with new V4 commands
- superclaude-user-guide.md: Comprehensive V4 Beta features documentation
- flags-guide.md: Updated with new V4 flags and agent system
- installation-guide.md: V4 Beta installation including hooks system
- agents-guide.md: NEW - Complete guide for 13 specialized agents
- personas-guide.md: Renamed to personas-guide-v3-legacy.md
Key V4 Beta Features Documented:
- 21 specialized commands (added: brainstorm, reflect, save, select-tool)
- 13 domain expert agents replacing persona system
- 6 MCP servers (added Morphllm and Serena)
- 4 Behavioral Modes (Brainstorming, Introspection, Task Management, Token Efficiency)
- Session Lifecycle with cross-session persistence
- Redesigned Hooks System with Python integration
- SuperClaude-Lite minimal implementation
- Comprehensive Templates system
All documentation maintains friendly, accessible tone while accurately reflecting V4 Beta's advanced capabilities.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-05 14:44:37 +02:00
### MCP Server Security (6 Servers in V4)
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**MCP Server Communication:**
- Secure protocol validation for all MCP server connections
- Request/response integrity verification
- Connection timeout and retry limits to prevent resource exhaustion
- Error handling that doesn't leak sensitive information
**Server Configuration Security:**
- Configuration file validation and schema enforcement
- Secure credential management for authenticated MCP servers
- Server capability verification and permission boundaries
- Isolation between different MCP server contexts
**Individual Server Security:**
**Context7**: Documentation lookup with request sanitization and rate limiting
**Sequential**: Reasoning engine with controlled execution scope and resource limits
**Magic**: UI generation with output validation and XSS prevention
**Playwright**: Browser automation with sandboxed execution environment
**Morphllm**: Code transformation with input validation and safety checks
**Serena**: Memory management with secure data persistence and access controls
**Network Security:**
- HTTPS enforcement for external MCP server connections
- Certificate validation and pinning where applicable
- Network timeout configuration to prevent hanging connections
- Request rate limiting and abuse prevention
**Data Protection:**
- No persistent storage of sensitive data in MCP communications
- Memory cleanup after MCP server interactions
- Audit logging for security-relevant MCP operations
- Data minimization in server requests and responses
**Failure Handling:**
- Graceful degradation when MCP servers are unavailable
- Secure fallback to native capabilities without data loss
- Error isolation to prevent MCP failures from affecting framework security
- Monitoring for suspicious MCP server behavior patterns
2025-07-14 14:28:11 +02:00
### Configuration Security
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Configuration File Security:**
- ~/.claude directory with user-only permissions (700)
- Configuration files with restricted access (600)
- Schema validation for all configuration content
- Atomic configuration updates to prevent corruption
**Secrets Management:**
- No hardcoded secrets or API keys in framework code
- Environment variable preference for sensitive configuration
- Clear documentation about credential handling best practices
- Automatic redaction of sensitive data from logs and error messages
**API Key Handling:**
- User-managed API keys stored in secure system credential stores
- No framework storage of Claude API credentials
- Clear separation between framework configuration and user credentials
- Guidance for secure credential rotation
**MCP Server Credentials:**
- Individual MCP server authentication handled securely
- No cross-server credential sharing
- User control over MCP server authentication configuration
- Clear documentation for secure MCP server setup
**Configuration Validation:**
- JSON schema validation for all configuration files
- Type checking and range validation for configuration values
- Detection and rejection of malicious configuration attempts
- Automatic configuration repair for common corruption scenarios
**Default Security:**
- Secure-by-default configuration with minimal permissions
- Explicit opt-in for potentially risky features
- Regular review of default settings for security implications
- Clear warnings for configuration changes that reduce security
2025-07-14 14:28:11 +02:00
## 🔧 Security Best Practices
### For Users
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Installation Security:**
- Download SuperClaude only from official sources (PyPI, npm, GitHub releases)
- Verify package signatures and checksums when available
- Use virtual environments to isolate dependencies
- Keep Python, Node.js, and system packages updated
**Configuration Security:**
- Use secure file permissions for ~/.claude directory (user-only access)
- Store API credentials in system credential managers, not configuration files
- Regularly review and audit MCP server configurations
- Enable only needed MCP servers to minimize attack surface
**Project Security:**
- Never run SuperClaude with elevated privileges unless absolutely necessary
- Review generated code before execution, especially for external API calls
- Use version control to track all SuperClaude-generated changes
- Regularly backup project configurations and important data
**Network Security:**
- Use HTTPS for all external MCP server connections
- Be cautious when using MCP servers that access external APIs
- Consider network firewalls for restrictive environments
- Monitor network traffic for unexpected external connections
**Data Privacy:**
- Be mindful of sensitive data in project files when using cloud-based MCP servers
- Review MCP server privacy policies and data handling practices
- Use local-only MCP servers for sensitive projects when possible
- Regularly clean up temporary files and session data
**Command Usage:**
- Use `--dry-run` flags to preview potentially destructive operations
- Understand command scope and permissions before execution
- Be cautious with commands that modify multiple files or system configurations
- Verify command output and results before proceeding with dependent operations
2025-07-14 14:28:11 +02:00
### For Developers
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Secure Coding Standards:**
- Input validation for all user-provided data and configuration
- Use parameterized queries and prepared statements for database operations
- Implement proper error handling that doesn't leak sensitive information
- Follow principle of least privilege for all component interactions
**Agent Development Security:**
- Validate all agent activation triggers and parameters
- Implement secure inter-agent communication protocols
- Use controlled execution environments for agent operations
- Include security-focused testing for all agent capabilities
**MCP Integration Security:**
- Validate all MCP server responses and data integrity
- Implement secure credential handling for authenticated servers
- Use sandboxed execution for external MCP server interactions
- Include comprehensive error handling for MCP communication failures
**Command Implementation:**
- Sanitize all command parameters and file paths
- Implement proper authorization checks for privileged operations
- Use safe defaults and explicit opt-in for risky functionality
- Include comprehensive input validation and bounds checking
**Testing Requirements:**
- Security-focused unit tests for all security-critical functionality
- Integration tests that include adversarial inputs and edge cases
- Regular security scanning of dependencies and external integrations
- Penetration testing for new features with external communication
**Code Review Security:**
- Security-focused code review for all changes to core framework
- Automated security scanning integrated into CI/CD pipeline
- Regular dependency audits and update procedures
- Documentation review for security implications of new features
**External Integration:**
- Secure API communication with proper authentication and encryption
- Validation of all external data sources and third-party services
- Sandboxed execution for external tool integration
- Clear documentation of security boundaries and trust relationships
2025-07-14 14:28:11 +02:00
## 📋 Security Checklist
### Before Release
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Pre-Release Security Validation:**
**Dependency Security:**
- [ ] Run dependency vulnerability scanning (`pip audit` , `npm audit` )
- [ ] Update all dependencies to latest secure versions
- [ ] Review new dependencies for security implications
- [ ] Verify supply chain security for critical dependencies
**Code Security Review:**
- [ ] Security-focused code review for all new features
- [ ] Static analysis security testing (SAST) completion
- [ ] Manual review of security-critical functionality
- [ ] Validation of input sanitization and output encoding
**Configuration Security:**
- [ ] Review default configuration for secure-by-default settings
- [ ] Validate configuration schema and input validation
- [ ] Test configuration file permission requirements
- [ ] Verify backup and recovery functionality
**MCP Server Security:**
- [ ] Test MCP server connection security and error handling
- [ ] Validate MCP server authentication and authorization
- [ ] Review MCP server communication protocols
- [ ] Test MCP server failure scenarios and fallback behavior
**Integration Testing:**
- [ ] Security-focused integration tests with adversarial inputs
- [ ] Cross-platform security validation
- [ ] End-to-end workflow security testing
- [ ] Performance testing under security constraints
**Documentation Security:**
- [ ] Security documentation updates and accuracy review
- [ ] User security guidance validation and testing
- [ ] Developer security guidelines review
- [ ] Vulnerability disclosure process documentation update
2025-07-14 14:28:11 +02:00
### Regular Maintenance
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Daily Security Monitoring:**
- Automated dependency vulnerability scanning
- Security alert monitoring from GitHub and package registries
- Community-reported issue triage and assessment
- Log analysis for suspicious activity patterns
**Weekly Security Tasks:**
- Dependency update evaluation and testing
- Security-focused code review for incoming contributions
- MCP server security configuration review
- User-reported security issue investigation
**Monthly Security Maintenance:**
- Comprehensive dependency audit and update cycle
- Security documentation review and updates
- MCP server integration security testing
- Framework configuration security validation
**Quarterly Security Review:**
- Complete security architecture review
- Threat model updates and validation
- Security testing and penetration testing
- Security training and awareness updates for contributors
**Annual Security Assessment:**
- External security audit consideration
- Security policy and procedure review
- Incident response plan testing and updates
- Security roadmap planning and prioritization
**Continuous Monitoring:**
- Automated security scanning in CI/CD pipeline
- Real-time monitoring for new vulnerability disclosures
- Community security discussion monitoring
- Security research and best practice tracking
**Response Procedures:**
- Established incident response procedures for security events
- Communication plans for security advisories and updates
- Rollback procedures for security-related issues
- Community notification systems for critical security updates
2025-07-14 14:28:11 +02:00
## 🤝 Security Community
### Bug Bounty Program
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Security Researcher Recognition:**
**Hall of Fame:**
Security researchers who responsibly disclose vulnerabilities are recognized in:
- Security advisory acknowledgments
- Annual security report contributor recognition
- GitHub contributor recognition and special mentions
- Community newsletter and blog post acknowledgments
**Recognition Criteria:**
- Responsible disclosure following established timeline
- High-quality vulnerability reports with clear reproduction steps
- Constructive collaboration during fix development and testing
- Adherence to ethical security research practices
**Public Recognition:**
- CVE credit for qualifying vulnerabilities
- Security advisory co-authorship for significant discoveries
- Speaking opportunities at community events and conferences
- Priority review for future security research and contributions
**Current Incentive Structure:**
SuperClaude Framework currently operates as an open-source project without monetary bug bounty rewards. Recognition focuses on professional acknowledgment and community contribution value.
**Future Incentive Considerations:**
As the project grows and secures funding:
- Potential monetary rewards for critical vulnerability discoveries
- Exclusive access to pre-release security testing opportunities
- Enhanced collaboration opportunities with security team
- Priority support for security research and tooling requests
**Qualifying Vulnerability Types:**
- Framework core security vulnerabilities
- Agent coordination security issues
- MCP server integration security problems
- Configuration security and privilege escalation
- Data integrity and confidentiality issues
**Non-Qualifying Issues:**
- Issues in third-party dependencies (report to respective projects)
- Social engineering or physical security issues
- Denial of service through resource exhaustion (unless critical)
- Security issues requiring highly privileged access or custom configuration
2025-07-14 14:28:11 +02:00
### Security Advisory Process
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Security Advisory Lifecycle:**
**Advisory Creation:**
1. **Initial Assessment** : Vulnerability validation and impact analysis
2. **Advisory Draft** : Technical description, affected versions, and impact assessment
3. **Fix Development** : Coordinated patch development with testing
4. **Pre-Release Review** : Advisory accuracy and completeness validation
**Stakeholder Coordination:**
- **Reporter Communication**: Regular updates and collaboration on fix validation
- **Maintainer Review**: Technical accuracy and fix verification
- **Community Preparation**: Pre-announcement for high-impact vulnerabilities
- **Downstream Notification**: Alert dependent projects and distributions
**Disclosure Timeline:**
- **Coordinated Disclosure**: 90-day standard timeline from fix availability
- **Emergency Disclosure**: Immediate for actively exploited vulnerabilities
- **Extended Coordination**: Additional time for complex fixes with prior agreement
- **Public Release**: Advisory publication with fix deployment
**Advisory Content:**
- **Vulnerability Description**: Clear technical explanation of the security issue
- **Impact Assessment**: CVSS score and real-world impact analysis
- **Affected Versions**: Complete list of vulnerable framework versions
- **Fix Information**: Patch details, workarounds, and upgrade instructions
- **Credit**: Responsible disclosure acknowledgment and researcher recognition
**Distribution Channels:**
- GitHub Security Advisories for primary notification
- Community mailing lists and discussion forums
- Social media announcements for high-impact issues
- Vulnerability databases (CVE, NVD) for formal tracking
**Post-Disclosure:**
- Community Q& A and support for advisory understanding
- Lessons learned analysis and process improvement
- Security documentation updates based on discovered issues
- Enhanced testing and validation for similar vulnerability classes
2025-07-14 14:28:11 +02:00
## 📞 Contact Information
### Security Team
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Primary Security Contact:**
2025-08-18 12:45:06 +02:00
- **Email**: anton.knoery@gmail .com
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- **Monitored By**: Core maintainers and security-focused contributors
- **Response Time**: 48-72 hours for initial acknowledgment
- **Escalation**: Direct maintainer contact for critical issues requiring immediate attention
**Security Team Structure:**
- **Lead Security Maintainer**: Responsible for security policy and coordination
- **Code Security Reviewers**: Focus on secure coding practices and vulnerability assessment
- **Infrastructure Security**: MCP server security and integration validation
- **Community Security Liaisons**: Interface with security researchers and community
**GitHub Security Integration:**
- **Security Advisories**: https://github.com/SuperClaude-Org/SuperClaude_Framework/security/advisories
- **Security Policy**: Available in repository security tab
- **Vulnerability Reporting**: GitHub's private vulnerability reporting system
- **Security Team**: GitHub team with security focus and escalation procedures
**Encrypted Communication:**
For sensitive security discussions requiring encrypted communication:
2025-08-18 12:45:06 +02:00
- **GPG Key**: Available upon request to anton.knoery@gmail .com
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- **Signal**: Secure messaging coordination available for complex cases
- **Private Channels**: Dedicated security discussion channels for verified researchers
**Emergency Contact:**
For critical vulnerabilities requiring immediate attention:
2025-08-18 12:45:06 +02:00
- **Priority Email**: anton.knoery@gmail .com (monitored continuously)
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- **Escalation Path**: Direct maintainer contact information provided upon first contact
2025-07-14 14:28:11 +02:00
### General Security Questions
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**General Security Questions:**
- **GitHub Discussions**: https://github.com/SuperClaude-Org/SuperClaude_Framework/discussions
- **Community Forums**: Security-focused discussion threads
refactor: PEP8 compliance - directory rename and code formatting (#425)
* fix(orchestration): add WebFetch auto-trigger for infrastructure configuration
Problem: Infrastructure configuration changes (e.g., Traefik port settings)
were being made based on assumptions without consulting official documentation,
violating the 'Evidence > assumptions' principle in PRINCIPLES.md.
Solution:
- Added Infrastructure Configuration Validation section to MODE_Orchestration.md
- Auto-triggers WebFetch for infrastructure tools (Traefik, nginx, Docker, etc.)
- Enforces MODE_DeepResearch activation for investigation
- BLOCKS assumption-based configuration changes
Testing: Verified WebFetch successfully retrieves Traefik official docs (port 80 default)
This prevents production outages from infrastructure misconfiguration by ensuring
all technical recommendations are backed by official documentation.
* feat: Add PM Agent (Project Manager Agent) for seamless orchestration
Introduces PM Agent as the default orchestration layer that coordinates
all sub-agents and manages workflows automatically.
Key Features:
- Default orchestration: All user interactions handled by PM Agent
- Auto-delegation: Intelligent sub-agent selection based on task analysis
- Docker Gateway integration: Zero-token baseline with dynamic MCP loading
- Self-improvement loop: Automatic documentation of patterns and mistakes
- Optional override: Users can specify sub-agents explicitly if desired
Architecture:
- Agent spec: SuperClaude/Agents/pm-agent.md
- Command: SuperClaude/Commands/pm.md
- Updated docs: README.md (15→16 agents), agents.md (new Orchestration category)
User Experience:
- Default: PM Agent handles everything (seamless, no manual routing)
- Optional: Explicit --agent flag for direct sub-agent access
- Both modes available simultaneously (no user downside)
Implementation Status:
- ✅ Specification complete
- ✅ Documentation complete
- ⏳ Prototype implementation needed
- ⏳ Docker Gateway integration needed
- ⏳ Testing and validation needed
Refs: kazukinakai/docker-mcp-gateway (IRIS MCP Gateway integration)
* feat: Add Agent Orchestration rules for PM Agent default activation
Implements PM Agent as the default orchestration layer in RULES.md.
Key Changes:
- New 'Agent Orchestration' section (CRITICAL priority)
- PM Agent receives ALL user requests by default
- Manual override with @agent-[name] bypasses PM Agent
- Agent Selection Priority clearly defined:
1. Manual override → Direct routing
2. Default → PM Agent → Auto-delegation
3. Delegation based on keywords, file types, complexity, context
User Experience:
- Default: PM Agent handles everything (seamless)
- Override: @agent-[name] for direct specialist access
- Transparent: PM Agent reports delegation decisions
This establishes PM Agent as the orchestration layer while
respecting existing auto-activation patterns and manual overrides.
Next Steps:
- Local testing in agiletec project
- Iteration based on actual behavior
- Documentation updates as needed
* refactor(pm-agent): redesign as self-improvement meta-layer
Problem Resolution:
PM Agent's initial design competed with existing auto-activation for task routing,
creating confusion about orchestration responsibilities and adding unnecessary complexity.
Design Change:
Redefined PM Agent as a meta-layer agent that operates AFTER specialist agents
complete tasks, focusing on:
- Post-implementation documentation and pattern recording
- Immediate mistake analysis with prevention checklists
- Monthly documentation maintenance and noise reduction
- Pattern extraction and knowledge synthesis
Two-Layer Orchestration System:
1. Task Execution Layer: Existing auto-activation handles task routing (unchanged)
2. Self-Improvement Layer: PM Agent meta-layer handles documentation (new)
Files Modified:
- SuperClaude/Agents/pm-agent.md: Complete rewrite with meta-layer design
- Category: orchestration → meta
- Triggers: All user interactions → Post-implementation, mistakes, monthly
- Behavioral Mindset: Continuous learning system
- Self-Improvement Workflow: BEFORE/DURING/AFTER/MISTAKE RECOVERY/MAINTENANCE
- SuperClaude/Core/RULES.md: Agent Orchestration section updated
- Split into Task Execution Layer + Self-Improvement Layer
- Added orchestration flow diagram
- Clarified PM Agent activates AFTER task completion
- README.md: Updated PM Agent description
- "orchestrates all interactions" → "ensures continuous learning"
- Docs/User-Guide/agents.md: PM Agent section rewritten
- Section: Orchestration Agent → Meta-Layer Agent
- Expertise: Project orchestration → Self-improvement workflow executor
- Examples: Task coordination → Post-implementation documentation
- PR_DOCUMENTATION.md: Comprehensive PR documentation added
- Summary, motivation, changes, testing, breaking changes
- Two-layer orchestration system diagram
- Verification checklist
Integration Validated:
Tested with agiletec project's self-improvement-workflow.md:
✅ PM Agent aligns with existing BEFORE/DURING/AFTER/MISTAKE RECOVERY phases
✅ Complements (not competes with) existing workflow
✅ agiletec workflow defines WHAT, PM Agent defines WHO executes it
Breaking Changes: None
- Existing auto-activation continues unchanged
- Specialist agents unaffected
- User workflows remain the same
- New capability: Automatic documentation and knowledge maintenance
Value Proposition:
Transforms SuperClaude into a continuously learning system that accumulates
knowledge, prevents recurring mistakes, and maintains fresh documentation
without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add Claude Code conversation history management research
Research covering .jsonl file structure, performance impact, and retention policies.
Content:
- Claude Code .jsonl file format and message types
- Performance issues from GitHub (memory leaks, conversation compaction)
- Retention policies (consumer vs enterprise)
- Rotation recommendations based on actual data
- File history snapshot tracking mechanics
Source: Moved from agiletec project (research applicable to all Claude Code projects)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add Development documentation structure
Phase 1: Documentation Structure complete
- Add Docs/Development/ directory for development documentation
- Add ARCHITECTURE.md - System architecture with PM Agent meta-layer
- Add ROADMAP.md - 5-phase development plan with checkboxes
- Add TASKS.md - Daily task tracking with progress indicators
- Add PROJECT_STATUS.md - Current status dashboard and metrics
- Add pm-agent-integration.md - Implementation guide for PM Agent mode
This establishes comprehensive documentation foundation for:
- System architecture understanding
- Development planning and tracking
- Implementation guidance
- Progress visibility
Related: #pm-agent-mode #documentation #phase-1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: PM Agent session lifecycle and PDCA implementation
Phase 2: PM Agent Mode Integration (Design Phase)
Commands/pm.md updates:
- Add "Always-Active Foundation Layer" concept
- Add Session Lifecycle (Session Start/During Work/Session End)
- Add PDCA Cycle (Plan/Do/Check/Act) automation
- Add Serena MCP Memory Integration (list/read/write_memory)
- Document auto-activation triggers
Agents/pm-agent.md updates:
- Add Session Start Protocol (MANDATORY auto-activation)
- Add During Work PDCA Cycle with example workflows
- Add Session End Protocol with state preservation
- Add PDCA Self-Evaluation Pattern
- Add Documentation Strategy (temp → patterns/mistakes)
- Add Memory Operations Reference
Key Features:
- Session start auto-activation for context restoration
- 30-minute checkpoint saves during work
- Self-evaluation with think_about_* operations
- Systematic documentation lifecycle
- Knowledge evolution to CLAUDE.md
Implementation Status:
- ✅ Design complete (Commands/pm.md, Agents/pm-agent.md)
- ⏳ Implementation pending (Core components)
- ⏳ Serena MCP integration pending
Salvaged from mistaken development in ~/.claude directory
Related: #pm-agent-mode #session-lifecycle #pdca-cycle #phase-2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: disable Serena MCP auto-browser launch
Disable web dashboard and GUI log window auto-launch in Serena MCP server
to prevent intrusive browser popups on startup. Users can still manually
access the dashboard at http://localhost:24282/dashboard/ if needed.
Changes:
- Add CLI flags to Serena run command:
- --enable-web-dashboard false
- --enable-gui-log-window false
- Ensures Git-tracked configuration (no reliance on ~/.serena/serena_config.yml)
- Aligns with AIRIS MCP Gateway integration approach
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: rename directories to lowercase for PEP8 compliance
- Rename superclaude/Agents -> superclaude/agents
- Rename superclaude/Commands -> superclaude/commands
- Rename superclaude/Core -> superclaude/core
- Rename superclaude/Examples -> superclaude/examples
- Rename superclaude/MCP -> superclaude/mcp
- Rename superclaude/Modes -> superclaude/modes
This change follows Python PEP8 naming conventions for package directories.
* style: fix PEP8 violations and update package name to lowercase
Changes:
- Format all Python files with black (43 files reformatted)
- Update package name from 'SuperClaude' to 'superclaude' in pyproject.toml
- Fix import statements to use lowercase package name
- Add missing imports (timedelta, __version__)
- Remove old SuperClaude.egg-info directory
PEP8 violations reduced from 2672 to 701 (mostly E501 line length due to black's 88 char vs flake8's 79 char limit).
* docs: add PM Agent development documentation
Add comprehensive PM Agent development documentation:
- PM Agent ideal workflow (7-phase autonomous cycle)
- Project structure understanding (Git vs installed environment)
- Installation flow understanding (CommandsComponent behavior)
- Task management system (current-tasks.md)
Purpose: Eliminate repeated explanations and enable autonomous PDCA cycles
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(pm-agent): add self-correcting execution and warning investigation culture
## Changes
### superclaude/commands/pm.md
- Add "Self-Correcting Execution" section with root cause analysis protocol
- Add "Warning/Error Investigation Culture" section enforcing zero-tolerance for dismissal
- Define error detection protocol: STOP → Investigate → Hypothesis → Different Solution → Execute
- Document anti-patterns (retry without understanding) and correct patterns (research-first)
### docs/Development/hypothesis-pm-autonomous-enhancement-2025-10-14.md
- Add PDCA workflow hypothesis document for PM Agent autonomous enhancement
## Rationale
PM Agent must never retry failed operations without understanding root causes.
All warnings and errors require investigation via context7/WebFetch/documentation
to ensure production-quality code and prevent technical debt accumulation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(installer): add airis-mcp-gateway MCP server option
## Changes
- Add airis-mcp-gateway to MCP server options in installer
- Configuration: GitHub-based installation via uvx
- Repository: https://github.com/oraios/airis-mcp-gateway
- Purpose: Dynamic MCP Gateway for zero-token baseline and on-demand tool loading
## Implementation
Added to setup/components/mcp.py self.mcp_servers dictionary with:
- install_method: github
- install_command: uvx test installation
- run_command: uvx runtime execution
- required: False (optional server)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: kazuki <kazuki@kazukinoMacBook-Air.local>
Co-authored-by: Claude <noreply@anthropic.com>
2025-10-14 12:17:09 +09:00
- **Documentation**: [Security Best Practices ](docs/Reference/quick-start-practices.md#security-practices )
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- **Issue Tracker**: Non-sensitive security configuration questions
**Technical Security Support:**
- **Configuration Help**: MCP server security setup and validation
- **Best Practices**: Secure usage patterns and recommendations
- **Integration Security**: Third-party tool security considerations
- **Compliance Questions**: Security framework compliance and standards
**Educational Resources:**
- **Security Guides**: Framework security documentation and tutorials
- **Webinars**: Community security education and awareness sessions
- **Blog Posts**: Security tips, best practices, and case studies
- **Conference Talks**: Security-focused presentations and demonstrations
**Professional Support:**
For organizations requiring dedicated security support:
- **Consulting**: Security architecture review and recommendations
- **Custom Security**: Tailored security implementations and validation
- **Training**: Security-focused training for development teams
- **Compliance**: Assistance with security compliance and audit requirements
**Response Expectations:**
- **General Questions**: 3-5 business days through community channels
- **Technical Support**: 1-2 business days for configuration assistance
- **Best Practices**: Community-driven responses with maintainer oversight
- **Professional Inquiries**: Direct contact for custom arrangements
2025-07-14 14:28:11 +02:00
## 📚 Additional Resources
### Security-Related Documentation
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Framework Security Documentation:**
refactor: PEP8 compliance - directory rename and code formatting (#425)
* fix(orchestration): add WebFetch auto-trigger for infrastructure configuration
Problem: Infrastructure configuration changes (e.g., Traefik port settings)
were being made based on assumptions without consulting official documentation,
violating the 'Evidence > assumptions' principle in PRINCIPLES.md.
Solution:
- Added Infrastructure Configuration Validation section to MODE_Orchestration.md
- Auto-triggers WebFetch for infrastructure tools (Traefik, nginx, Docker, etc.)
- Enforces MODE_DeepResearch activation for investigation
- BLOCKS assumption-based configuration changes
Testing: Verified WebFetch successfully retrieves Traefik official docs (port 80 default)
This prevents production outages from infrastructure misconfiguration by ensuring
all technical recommendations are backed by official documentation.
* feat: Add PM Agent (Project Manager Agent) for seamless orchestration
Introduces PM Agent as the default orchestration layer that coordinates
all sub-agents and manages workflows automatically.
Key Features:
- Default orchestration: All user interactions handled by PM Agent
- Auto-delegation: Intelligent sub-agent selection based on task analysis
- Docker Gateway integration: Zero-token baseline with dynamic MCP loading
- Self-improvement loop: Automatic documentation of patterns and mistakes
- Optional override: Users can specify sub-agents explicitly if desired
Architecture:
- Agent spec: SuperClaude/Agents/pm-agent.md
- Command: SuperClaude/Commands/pm.md
- Updated docs: README.md (15→16 agents), agents.md (new Orchestration category)
User Experience:
- Default: PM Agent handles everything (seamless, no manual routing)
- Optional: Explicit --agent flag for direct sub-agent access
- Both modes available simultaneously (no user downside)
Implementation Status:
- ✅ Specification complete
- ✅ Documentation complete
- ⏳ Prototype implementation needed
- ⏳ Docker Gateway integration needed
- ⏳ Testing and validation needed
Refs: kazukinakai/docker-mcp-gateway (IRIS MCP Gateway integration)
* feat: Add Agent Orchestration rules for PM Agent default activation
Implements PM Agent as the default orchestration layer in RULES.md.
Key Changes:
- New 'Agent Orchestration' section (CRITICAL priority)
- PM Agent receives ALL user requests by default
- Manual override with @agent-[name] bypasses PM Agent
- Agent Selection Priority clearly defined:
1. Manual override → Direct routing
2. Default → PM Agent → Auto-delegation
3. Delegation based on keywords, file types, complexity, context
User Experience:
- Default: PM Agent handles everything (seamless)
- Override: @agent-[name] for direct specialist access
- Transparent: PM Agent reports delegation decisions
This establishes PM Agent as the orchestration layer while
respecting existing auto-activation patterns and manual overrides.
Next Steps:
- Local testing in agiletec project
- Iteration based on actual behavior
- Documentation updates as needed
* refactor(pm-agent): redesign as self-improvement meta-layer
Problem Resolution:
PM Agent's initial design competed with existing auto-activation for task routing,
creating confusion about orchestration responsibilities and adding unnecessary complexity.
Design Change:
Redefined PM Agent as a meta-layer agent that operates AFTER specialist agents
complete tasks, focusing on:
- Post-implementation documentation and pattern recording
- Immediate mistake analysis with prevention checklists
- Monthly documentation maintenance and noise reduction
- Pattern extraction and knowledge synthesis
Two-Layer Orchestration System:
1. Task Execution Layer: Existing auto-activation handles task routing (unchanged)
2. Self-Improvement Layer: PM Agent meta-layer handles documentation (new)
Files Modified:
- SuperClaude/Agents/pm-agent.md: Complete rewrite with meta-layer design
- Category: orchestration → meta
- Triggers: All user interactions → Post-implementation, mistakes, monthly
- Behavioral Mindset: Continuous learning system
- Self-Improvement Workflow: BEFORE/DURING/AFTER/MISTAKE RECOVERY/MAINTENANCE
- SuperClaude/Core/RULES.md: Agent Orchestration section updated
- Split into Task Execution Layer + Self-Improvement Layer
- Added orchestration flow diagram
- Clarified PM Agent activates AFTER task completion
- README.md: Updated PM Agent description
- "orchestrates all interactions" → "ensures continuous learning"
- Docs/User-Guide/agents.md: PM Agent section rewritten
- Section: Orchestration Agent → Meta-Layer Agent
- Expertise: Project orchestration → Self-improvement workflow executor
- Examples: Task coordination → Post-implementation documentation
- PR_DOCUMENTATION.md: Comprehensive PR documentation added
- Summary, motivation, changes, testing, breaking changes
- Two-layer orchestration system diagram
- Verification checklist
Integration Validated:
Tested with agiletec project's self-improvement-workflow.md:
✅ PM Agent aligns with existing BEFORE/DURING/AFTER/MISTAKE RECOVERY phases
✅ Complements (not competes with) existing workflow
✅ agiletec workflow defines WHAT, PM Agent defines WHO executes it
Breaking Changes: None
- Existing auto-activation continues unchanged
- Specialist agents unaffected
- User workflows remain the same
- New capability: Automatic documentation and knowledge maintenance
Value Proposition:
Transforms SuperClaude into a continuously learning system that accumulates
knowledge, prevents recurring mistakes, and maintains fresh documentation
without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add Claude Code conversation history management research
Research covering .jsonl file structure, performance impact, and retention policies.
Content:
- Claude Code .jsonl file format and message types
- Performance issues from GitHub (memory leaks, conversation compaction)
- Retention policies (consumer vs enterprise)
- Rotation recommendations based on actual data
- File history snapshot tracking mechanics
Source: Moved from agiletec project (research applicable to all Claude Code projects)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add Development documentation structure
Phase 1: Documentation Structure complete
- Add Docs/Development/ directory for development documentation
- Add ARCHITECTURE.md - System architecture with PM Agent meta-layer
- Add ROADMAP.md - 5-phase development plan with checkboxes
- Add TASKS.md - Daily task tracking with progress indicators
- Add PROJECT_STATUS.md - Current status dashboard and metrics
- Add pm-agent-integration.md - Implementation guide for PM Agent mode
This establishes comprehensive documentation foundation for:
- System architecture understanding
- Development planning and tracking
- Implementation guidance
- Progress visibility
Related: #pm-agent-mode #documentation #phase-1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: PM Agent session lifecycle and PDCA implementation
Phase 2: PM Agent Mode Integration (Design Phase)
Commands/pm.md updates:
- Add "Always-Active Foundation Layer" concept
- Add Session Lifecycle (Session Start/During Work/Session End)
- Add PDCA Cycle (Plan/Do/Check/Act) automation
- Add Serena MCP Memory Integration (list/read/write_memory)
- Document auto-activation triggers
Agents/pm-agent.md updates:
- Add Session Start Protocol (MANDATORY auto-activation)
- Add During Work PDCA Cycle with example workflows
- Add Session End Protocol with state preservation
- Add PDCA Self-Evaluation Pattern
- Add Documentation Strategy (temp → patterns/mistakes)
- Add Memory Operations Reference
Key Features:
- Session start auto-activation for context restoration
- 30-minute checkpoint saves during work
- Self-evaluation with think_about_* operations
- Systematic documentation lifecycle
- Knowledge evolution to CLAUDE.md
Implementation Status:
- ✅ Design complete (Commands/pm.md, Agents/pm-agent.md)
- ⏳ Implementation pending (Core components)
- ⏳ Serena MCP integration pending
Salvaged from mistaken development in ~/.claude directory
Related: #pm-agent-mode #session-lifecycle #pdca-cycle #phase-2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: disable Serena MCP auto-browser launch
Disable web dashboard and GUI log window auto-launch in Serena MCP server
to prevent intrusive browser popups on startup. Users can still manually
access the dashboard at http://localhost:24282/dashboard/ if needed.
Changes:
- Add CLI flags to Serena run command:
- --enable-web-dashboard false
- --enable-gui-log-window false
- Ensures Git-tracked configuration (no reliance on ~/.serena/serena_config.yml)
- Aligns with AIRIS MCP Gateway integration approach
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: rename directories to lowercase for PEP8 compliance
- Rename superclaude/Agents -> superclaude/agents
- Rename superclaude/Commands -> superclaude/commands
- Rename superclaude/Core -> superclaude/core
- Rename superclaude/Examples -> superclaude/examples
- Rename superclaude/MCP -> superclaude/mcp
- Rename superclaude/Modes -> superclaude/modes
This change follows Python PEP8 naming conventions for package directories.
* style: fix PEP8 violations and update package name to lowercase
Changes:
- Format all Python files with black (43 files reformatted)
- Update package name from 'SuperClaude' to 'superclaude' in pyproject.toml
- Fix import statements to use lowercase package name
- Add missing imports (timedelta, __version__)
- Remove old SuperClaude.egg-info directory
PEP8 violations reduced from 2672 to 701 (mostly E501 line length due to black's 88 char vs flake8's 79 char limit).
* docs: add PM Agent development documentation
Add comprehensive PM Agent development documentation:
- PM Agent ideal workflow (7-phase autonomous cycle)
- Project structure understanding (Git vs installed environment)
- Installation flow understanding (CommandsComponent behavior)
- Task management system (current-tasks.md)
Purpose: Eliminate repeated explanations and enable autonomous PDCA cycles
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(pm-agent): add self-correcting execution and warning investigation culture
## Changes
### superclaude/commands/pm.md
- Add "Self-Correcting Execution" section with root cause analysis protocol
- Add "Warning/Error Investigation Culture" section enforcing zero-tolerance for dismissal
- Define error detection protocol: STOP → Investigate → Hypothesis → Different Solution → Execute
- Document anti-patterns (retry without understanding) and correct patterns (research-first)
### docs/Development/hypothesis-pm-autonomous-enhancement-2025-10-14.md
- Add PDCA workflow hypothesis document for PM Agent autonomous enhancement
## Rationale
PM Agent must never retry failed operations without understanding root causes.
All warnings and errors require investigation via context7/WebFetch/documentation
to ensure production-quality code and prevent technical debt accumulation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(installer): add airis-mcp-gateway MCP server option
## Changes
- Add airis-mcp-gateway to MCP server options in installer
- Configuration: GitHub-based installation via uvx
- Repository: https://github.com/oraios/airis-mcp-gateway
- Purpose: Dynamic MCP Gateway for zero-token baseline and on-demand tool loading
## Implementation
Added to setup/components/mcp.py self.mcp_servers dictionary with:
- install_method: github
- install_command: uvx test installation
- run_command: uvx runtime execution
- required: False (optional server)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: kazuki <kazuki@kazukinoMacBook-Air.local>
Co-authored-by: Claude <noreply@anthropic.com>
2025-10-14 12:17:09 +09:00
- [Quick Start Practices Guide ](docs/Reference/quick-start-practices.md ) - Security-focused usage patterns
- [Technical Architecture ](docs/Developer-Guide/technical-architecture.md ) - Security design principles
- [Contributing Code Guide ](docs/Developer-Guide/contributing-code.md ) - Secure development practices
- [Testing & Debugging Guide ](docs/Developer-Guide/testing-debugging.md ) - Security testing procedures
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**MCP Server Security:**
refactor: PEP8 compliance - directory rename and code formatting (#425)
* fix(orchestration): add WebFetch auto-trigger for infrastructure configuration
Problem: Infrastructure configuration changes (e.g., Traefik port settings)
were being made based on assumptions without consulting official documentation,
violating the 'Evidence > assumptions' principle in PRINCIPLES.md.
Solution:
- Added Infrastructure Configuration Validation section to MODE_Orchestration.md
- Auto-triggers WebFetch for infrastructure tools (Traefik, nginx, Docker, etc.)
- Enforces MODE_DeepResearch activation for investigation
- BLOCKS assumption-based configuration changes
Testing: Verified WebFetch successfully retrieves Traefik official docs (port 80 default)
This prevents production outages from infrastructure misconfiguration by ensuring
all technical recommendations are backed by official documentation.
* feat: Add PM Agent (Project Manager Agent) for seamless orchestration
Introduces PM Agent as the default orchestration layer that coordinates
all sub-agents and manages workflows automatically.
Key Features:
- Default orchestration: All user interactions handled by PM Agent
- Auto-delegation: Intelligent sub-agent selection based on task analysis
- Docker Gateway integration: Zero-token baseline with dynamic MCP loading
- Self-improvement loop: Automatic documentation of patterns and mistakes
- Optional override: Users can specify sub-agents explicitly if desired
Architecture:
- Agent spec: SuperClaude/Agents/pm-agent.md
- Command: SuperClaude/Commands/pm.md
- Updated docs: README.md (15→16 agents), agents.md (new Orchestration category)
User Experience:
- Default: PM Agent handles everything (seamless, no manual routing)
- Optional: Explicit --agent flag for direct sub-agent access
- Both modes available simultaneously (no user downside)
Implementation Status:
- ✅ Specification complete
- ✅ Documentation complete
- ⏳ Prototype implementation needed
- ⏳ Docker Gateway integration needed
- ⏳ Testing and validation needed
Refs: kazukinakai/docker-mcp-gateway (IRIS MCP Gateway integration)
* feat: Add Agent Orchestration rules for PM Agent default activation
Implements PM Agent as the default orchestration layer in RULES.md.
Key Changes:
- New 'Agent Orchestration' section (CRITICAL priority)
- PM Agent receives ALL user requests by default
- Manual override with @agent-[name] bypasses PM Agent
- Agent Selection Priority clearly defined:
1. Manual override → Direct routing
2. Default → PM Agent → Auto-delegation
3. Delegation based on keywords, file types, complexity, context
User Experience:
- Default: PM Agent handles everything (seamless)
- Override: @agent-[name] for direct specialist access
- Transparent: PM Agent reports delegation decisions
This establishes PM Agent as the orchestration layer while
respecting existing auto-activation patterns and manual overrides.
Next Steps:
- Local testing in agiletec project
- Iteration based on actual behavior
- Documentation updates as needed
* refactor(pm-agent): redesign as self-improvement meta-layer
Problem Resolution:
PM Agent's initial design competed with existing auto-activation for task routing,
creating confusion about orchestration responsibilities and adding unnecessary complexity.
Design Change:
Redefined PM Agent as a meta-layer agent that operates AFTER specialist agents
complete tasks, focusing on:
- Post-implementation documentation and pattern recording
- Immediate mistake analysis with prevention checklists
- Monthly documentation maintenance and noise reduction
- Pattern extraction and knowledge synthesis
Two-Layer Orchestration System:
1. Task Execution Layer: Existing auto-activation handles task routing (unchanged)
2. Self-Improvement Layer: PM Agent meta-layer handles documentation (new)
Files Modified:
- SuperClaude/Agents/pm-agent.md: Complete rewrite with meta-layer design
- Category: orchestration → meta
- Triggers: All user interactions → Post-implementation, mistakes, monthly
- Behavioral Mindset: Continuous learning system
- Self-Improvement Workflow: BEFORE/DURING/AFTER/MISTAKE RECOVERY/MAINTENANCE
- SuperClaude/Core/RULES.md: Agent Orchestration section updated
- Split into Task Execution Layer + Self-Improvement Layer
- Added orchestration flow diagram
- Clarified PM Agent activates AFTER task completion
- README.md: Updated PM Agent description
- "orchestrates all interactions" → "ensures continuous learning"
- Docs/User-Guide/agents.md: PM Agent section rewritten
- Section: Orchestration Agent → Meta-Layer Agent
- Expertise: Project orchestration → Self-improvement workflow executor
- Examples: Task coordination → Post-implementation documentation
- PR_DOCUMENTATION.md: Comprehensive PR documentation added
- Summary, motivation, changes, testing, breaking changes
- Two-layer orchestration system diagram
- Verification checklist
Integration Validated:
Tested with agiletec project's self-improvement-workflow.md:
✅ PM Agent aligns with existing BEFORE/DURING/AFTER/MISTAKE RECOVERY phases
✅ Complements (not competes with) existing workflow
✅ agiletec workflow defines WHAT, PM Agent defines WHO executes it
Breaking Changes: None
- Existing auto-activation continues unchanged
- Specialist agents unaffected
- User workflows remain the same
- New capability: Automatic documentation and knowledge maintenance
Value Proposition:
Transforms SuperClaude into a continuously learning system that accumulates
knowledge, prevents recurring mistakes, and maintains fresh documentation
without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add Claude Code conversation history management research
Research covering .jsonl file structure, performance impact, and retention policies.
Content:
- Claude Code .jsonl file format and message types
- Performance issues from GitHub (memory leaks, conversation compaction)
- Retention policies (consumer vs enterprise)
- Rotation recommendations based on actual data
- File history snapshot tracking mechanics
Source: Moved from agiletec project (research applicable to all Claude Code projects)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add Development documentation structure
Phase 1: Documentation Structure complete
- Add Docs/Development/ directory for development documentation
- Add ARCHITECTURE.md - System architecture with PM Agent meta-layer
- Add ROADMAP.md - 5-phase development plan with checkboxes
- Add TASKS.md - Daily task tracking with progress indicators
- Add PROJECT_STATUS.md - Current status dashboard and metrics
- Add pm-agent-integration.md - Implementation guide for PM Agent mode
This establishes comprehensive documentation foundation for:
- System architecture understanding
- Development planning and tracking
- Implementation guidance
- Progress visibility
Related: #pm-agent-mode #documentation #phase-1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: PM Agent session lifecycle and PDCA implementation
Phase 2: PM Agent Mode Integration (Design Phase)
Commands/pm.md updates:
- Add "Always-Active Foundation Layer" concept
- Add Session Lifecycle (Session Start/During Work/Session End)
- Add PDCA Cycle (Plan/Do/Check/Act) automation
- Add Serena MCP Memory Integration (list/read/write_memory)
- Document auto-activation triggers
Agents/pm-agent.md updates:
- Add Session Start Protocol (MANDATORY auto-activation)
- Add During Work PDCA Cycle with example workflows
- Add Session End Protocol with state preservation
- Add PDCA Self-Evaluation Pattern
- Add Documentation Strategy (temp → patterns/mistakes)
- Add Memory Operations Reference
Key Features:
- Session start auto-activation for context restoration
- 30-minute checkpoint saves during work
- Self-evaluation with think_about_* operations
- Systematic documentation lifecycle
- Knowledge evolution to CLAUDE.md
Implementation Status:
- ✅ Design complete (Commands/pm.md, Agents/pm-agent.md)
- ⏳ Implementation pending (Core components)
- ⏳ Serena MCP integration pending
Salvaged from mistaken development in ~/.claude directory
Related: #pm-agent-mode #session-lifecycle #pdca-cycle #phase-2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: disable Serena MCP auto-browser launch
Disable web dashboard and GUI log window auto-launch in Serena MCP server
to prevent intrusive browser popups on startup. Users can still manually
access the dashboard at http://localhost:24282/dashboard/ if needed.
Changes:
- Add CLI flags to Serena run command:
- --enable-web-dashboard false
- --enable-gui-log-window false
- Ensures Git-tracked configuration (no reliance on ~/.serena/serena_config.yml)
- Aligns with AIRIS MCP Gateway integration approach
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: rename directories to lowercase for PEP8 compliance
- Rename superclaude/Agents -> superclaude/agents
- Rename superclaude/Commands -> superclaude/commands
- Rename superclaude/Core -> superclaude/core
- Rename superclaude/Examples -> superclaude/examples
- Rename superclaude/MCP -> superclaude/mcp
- Rename superclaude/Modes -> superclaude/modes
This change follows Python PEP8 naming conventions for package directories.
* style: fix PEP8 violations and update package name to lowercase
Changes:
- Format all Python files with black (43 files reformatted)
- Update package name from 'SuperClaude' to 'superclaude' in pyproject.toml
- Fix import statements to use lowercase package name
- Add missing imports (timedelta, __version__)
- Remove old SuperClaude.egg-info directory
PEP8 violations reduced from 2672 to 701 (mostly E501 line length due to black's 88 char vs flake8's 79 char limit).
* docs: add PM Agent development documentation
Add comprehensive PM Agent development documentation:
- PM Agent ideal workflow (7-phase autonomous cycle)
- Project structure understanding (Git vs installed environment)
- Installation flow understanding (CommandsComponent behavior)
- Task management system (current-tasks.md)
Purpose: Eliminate repeated explanations and enable autonomous PDCA cycles
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(pm-agent): add self-correcting execution and warning investigation culture
## Changes
### superclaude/commands/pm.md
- Add "Self-Correcting Execution" section with root cause analysis protocol
- Add "Warning/Error Investigation Culture" section enforcing zero-tolerance for dismissal
- Define error detection protocol: STOP → Investigate → Hypothesis → Different Solution → Execute
- Document anti-patterns (retry without understanding) and correct patterns (research-first)
### docs/Development/hypothesis-pm-autonomous-enhancement-2025-10-14.md
- Add PDCA workflow hypothesis document for PM Agent autonomous enhancement
## Rationale
PM Agent must never retry failed operations without understanding root causes.
All warnings and errors require investigation via context7/WebFetch/documentation
to ensure production-quality code and prevent technical debt accumulation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(installer): add airis-mcp-gateway MCP server option
## Changes
- Add airis-mcp-gateway to MCP server options in installer
- Configuration: GitHub-based installation via uvx
- Repository: https://github.com/oraios/airis-mcp-gateway
- Purpose: Dynamic MCP Gateway for zero-token baseline and on-demand tool loading
## Implementation
Added to setup/components/mcp.py self.mcp_servers dictionary with:
- install_method: github
- install_command: uvx test installation
- run_command: uvx runtime execution
- required: False (optional server)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: kazuki <kazuki@kazukinoMacBook-Air.local>
Co-authored-by: Claude <noreply@anthropic.com>
2025-10-14 12:17:09 +09:00
- [MCP Servers Guide ](docs/User-Guide/mcp-servers.md ) - Server security configuration
- [Troubleshooting Guide ](docs/Reference/troubleshooting.md ) - Security-related issue resolution
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- MCP Server Documentation - Individual server security considerations
- Configuration Security - Secure MCP setup and credential management
**Agent Security:**
refactor: PEP8 compliance - directory rename and code formatting (#425)
* fix(orchestration): add WebFetch auto-trigger for infrastructure configuration
Problem: Infrastructure configuration changes (e.g., Traefik port settings)
were being made based on assumptions without consulting official documentation,
violating the 'Evidence > assumptions' principle in PRINCIPLES.md.
Solution:
- Added Infrastructure Configuration Validation section to MODE_Orchestration.md
- Auto-triggers WebFetch for infrastructure tools (Traefik, nginx, Docker, etc.)
- Enforces MODE_DeepResearch activation for investigation
- BLOCKS assumption-based configuration changes
Testing: Verified WebFetch successfully retrieves Traefik official docs (port 80 default)
This prevents production outages from infrastructure misconfiguration by ensuring
all technical recommendations are backed by official documentation.
* feat: Add PM Agent (Project Manager Agent) for seamless orchestration
Introduces PM Agent as the default orchestration layer that coordinates
all sub-agents and manages workflows automatically.
Key Features:
- Default orchestration: All user interactions handled by PM Agent
- Auto-delegation: Intelligent sub-agent selection based on task analysis
- Docker Gateway integration: Zero-token baseline with dynamic MCP loading
- Self-improvement loop: Automatic documentation of patterns and mistakes
- Optional override: Users can specify sub-agents explicitly if desired
Architecture:
- Agent spec: SuperClaude/Agents/pm-agent.md
- Command: SuperClaude/Commands/pm.md
- Updated docs: README.md (15→16 agents), agents.md (new Orchestration category)
User Experience:
- Default: PM Agent handles everything (seamless, no manual routing)
- Optional: Explicit --agent flag for direct sub-agent access
- Both modes available simultaneously (no user downside)
Implementation Status:
- ✅ Specification complete
- ✅ Documentation complete
- ⏳ Prototype implementation needed
- ⏳ Docker Gateway integration needed
- ⏳ Testing and validation needed
Refs: kazukinakai/docker-mcp-gateway (IRIS MCP Gateway integration)
* feat: Add Agent Orchestration rules for PM Agent default activation
Implements PM Agent as the default orchestration layer in RULES.md.
Key Changes:
- New 'Agent Orchestration' section (CRITICAL priority)
- PM Agent receives ALL user requests by default
- Manual override with @agent-[name] bypasses PM Agent
- Agent Selection Priority clearly defined:
1. Manual override → Direct routing
2. Default → PM Agent → Auto-delegation
3. Delegation based on keywords, file types, complexity, context
User Experience:
- Default: PM Agent handles everything (seamless)
- Override: @agent-[name] for direct specialist access
- Transparent: PM Agent reports delegation decisions
This establishes PM Agent as the orchestration layer while
respecting existing auto-activation patterns and manual overrides.
Next Steps:
- Local testing in agiletec project
- Iteration based on actual behavior
- Documentation updates as needed
* refactor(pm-agent): redesign as self-improvement meta-layer
Problem Resolution:
PM Agent's initial design competed with existing auto-activation for task routing,
creating confusion about orchestration responsibilities and adding unnecessary complexity.
Design Change:
Redefined PM Agent as a meta-layer agent that operates AFTER specialist agents
complete tasks, focusing on:
- Post-implementation documentation and pattern recording
- Immediate mistake analysis with prevention checklists
- Monthly documentation maintenance and noise reduction
- Pattern extraction and knowledge synthesis
Two-Layer Orchestration System:
1. Task Execution Layer: Existing auto-activation handles task routing (unchanged)
2. Self-Improvement Layer: PM Agent meta-layer handles documentation (new)
Files Modified:
- SuperClaude/Agents/pm-agent.md: Complete rewrite with meta-layer design
- Category: orchestration → meta
- Triggers: All user interactions → Post-implementation, mistakes, monthly
- Behavioral Mindset: Continuous learning system
- Self-Improvement Workflow: BEFORE/DURING/AFTER/MISTAKE RECOVERY/MAINTENANCE
- SuperClaude/Core/RULES.md: Agent Orchestration section updated
- Split into Task Execution Layer + Self-Improvement Layer
- Added orchestration flow diagram
- Clarified PM Agent activates AFTER task completion
- README.md: Updated PM Agent description
- "orchestrates all interactions" → "ensures continuous learning"
- Docs/User-Guide/agents.md: PM Agent section rewritten
- Section: Orchestration Agent → Meta-Layer Agent
- Expertise: Project orchestration → Self-improvement workflow executor
- Examples: Task coordination → Post-implementation documentation
- PR_DOCUMENTATION.md: Comprehensive PR documentation added
- Summary, motivation, changes, testing, breaking changes
- Two-layer orchestration system diagram
- Verification checklist
Integration Validated:
Tested with agiletec project's self-improvement-workflow.md:
✅ PM Agent aligns with existing BEFORE/DURING/AFTER/MISTAKE RECOVERY phases
✅ Complements (not competes with) existing workflow
✅ agiletec workflow defines WHAT, PM Agent defines WHO executes it
Breaking Changes: None
- Existing auto-activation continues unchanged
- Specialist agents unaffected
- User workflows remain the same
- New capability: Automatic documentation and knowledge maintenance
Value Proposition:
Transforms SuperClaude into a continuously learning system that accumulates
knowledge, prevents recurring mistakes, and maintains fresh documentation
without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add Claude Code conversation history management research
Research covering .jsonl file structure, performance impact, and retention policies.
Content:
- Claude Code .jsonl file format and message types
- Performance issues from GitHub (memory leaks, conversation compaction)
- Retention policies (consumer vs enterprise)
- Rotation recommendations based on actual data
- File history snapshot tracking mechanics
Source: Moved from agiletec project (research applicable to all Claude Code projects)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add Development documentation structure
Phase 1: Documentation Structure complete
- Add Docs/Development/ directory for development documentation
- Add ARCHITECTURE.md - System architecture with PM Agent meta-layer
- Add ROADMAP.md - 5-phase development plan with checkboxes
- Add TASKS.md - Daily task tracking with progress indicators
- Add PROJECT_STATUS.md - Current status dashboard and metrics
- Add pm-agent-integration.md - Implementation guide for PM Agent mode
This establishes comprehensive documentation foundation for:
- System architecture understanding
- Development planning and tracking
- Implementation guidance
- Progress visibility
Related: #pm-agent-mode #documentation #phase-1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: PM Agent session lifecycle and PDCA implementation
Phase 2: PM Agent Mode Integration (Design Phase)
Commands/pm.md updates:
- Add "Always-Active Foundation Layer" concept
- Add Session Lifecycle (Session Start/During Work/Session End)
- Add PDCA Cycle (Plan/Do/Check/Act) automation
- Add Serena MCP Memory Integration (list/read/write_memory)
- Document auto-activation triggers
Agents/pm-agent.md updates:
- Add Session Start Protocol (MANDATORY auto-activation)
- Add During Work PDCA Cycle with example workflows
- Add Session End Protocol with state preservation
- Add PDCA Self-Evaluation Pattern
- Add Documentation Strategy (temp → patterns/mistakes)
- Add Memory Operations Reference
Key Features:
- Session start auto-activation for context restoration
- 30-minute checkpoint saves during work
- Self-evaluation with think_about_* operations
- Systematic documentation lifecycle
- Knowledge evolution to CLAUDE.md
Implementation Status:
- ✅ Design complete (Commands/pm.md, Agents/pm-agent.md)
- ⏳ Implementation pending (Core components)
- ⏳ Serena MCP integration pending
Salvaged from mistaken development in ~/.claude directory
Related: #pm-agent-mode #session-lifecycle #pdca-cycle #phase-2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: disable Serena MCP auto-browser launch
Disable web dashboard and GUI log window auto-launch in Serena MCP server
to prevent intrusive browser popups on startup. Users can still manually
access the dashboard at http://localhost:24282/dashboard/ if needed.
Changes:
- Add CLI flags to Serena run command:
- --enable-web-dashboard false
- --enable-gui-log-window false
- Ensures Git-tracked configuration (no reliance on ~/.serena/serena_config.yml)
- Aligns with AIRIS MCP Gateway integration approach
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: rename directories to lowercase for PEP8 compliance
- Rename superclaude/Agents -> superclaude/agents
- Rename superclaude/Commands -> superclaude/commands
- Rename superclaude/Core -> superclaude/core
- Rename superclaude/Examples -> superclaude/examples
- Rename superclaude/MCP -> superclaude/mcp
- Rename superclaude/Modes -> superclaude/modes
This change follows Python PEP8 naming conventions for package directories.
* style: fix PEP8 violations and update package name to lowercase
Changes:
- Format all Python files with black (43 files reformatted)
- Update package name from 'SuperClaude' to 'superclaude' in pyproject.toml
- Fix import statements to use lowercase package name
- Add missing imports (timedelta, __version__)
- Remove old SuperClaude.egg-info directory
PEP8 violations reduced from 2672 to 701 (mostly E501 line length due to black's 88 char vs flake8's 79 char limit).
* docs: add PM Agent development documentation
Add comprehensive PM Agent development documentation:
- PM Agent ideal workflow (7-phase autonomous cycle)
- Project structure understanding (Git vs installed environment)
- Installation flow understanding (CommandsComponent behavior)
- Task management system (current-tasks.md)
Purpose: Eliminate repeated explanations and enable autonomous PDCA cycles
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(pm-agent): add self-correcting execution and warning investigation culture
## Changes
### superclaude/commands/pm.md
- Add "Self-Correcting Execution" section with root cause analysis protocol
- Add "Warning/Error Investigation Culture" section enforcing zero-tolerance for dismissal
- Define error detection protocol: STOP → Investigate → Hypothesis → Different Solution → Execute
- Document anti-patterns (retry without understanding) and correct patterns (research-first)
### docs/Development/hypothesis-pm-autonomous-enhancement-2025-10-14.md
- Add PDCA workflow hypothesis document for PM Agent autonomous enhancement
## Rationale
PM Agent must never retry failed operations without understanding root causes.
All warnings and errors require investigation via context7/WebFetch/documentation
to ensure production-quality code and prevent technical debt accumulation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(installer): add airis-mcp-gateway MCP server option
## Changes
- Add airis-mcp-gateway to MCP server options in installer
- Configuration: GitHub-based installation via uvx
- Repository: https://github.com/oraios/airis-mcp-gateway
- Purpose: Dynamic MCP Gateway for zero-token baseline and on-demand tool loading
## Implementation
Added to setup/components/mcp.py self.mcp_servers dictionary with:
- install_method: github
- install_command: uvx test installation
- run_command: uvx runtime execution
- required: False (optional server)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: kazuki <kazuki@kazukinoMacBook-Air.local>
Co-authored-by: Claude <noreply@anthropic.com>
2025-10-14 12:17:09 +09:00
- [Agents Guide ](docs/User-Guide/agents.md ) - Agent security boundaries and coordination
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- Agent Development - Security considerations for agent implementation
- Behavioral Modes - Security implications of different operational modes
- Command Security - Security aspects of command execution and validation
**Session Management Security:**
refactor: PEP8 compliance - directory rename and code formatting (#425)
* fix(orchestration): add WebFetch auto-trigger for infrastructure configuration
Problem: Infrastructure configuration changes (e.g., Traefik port settings)
were being made based on assumptions without consulting official documentation,
violating the 'Evidence > assumptions' principle in PRINCIPLES.md.
Solution:
- Added Infrastructure Configuration Validation section to MODE_Orchestration.md
- Auto-triggers WebFetch for infrastructure tools (Traefik, nginx, Docker, etc.)
- Enforces MODE_DeepResearch activation for investigation
- BLOCKS assumption-based configuration changes
Testing: Verified WebFetch successfully retrieves Traefik official docs (port 80 default)
This prevents production outages from infrastructure misconfiguration by ensuring
all technical recommendations are backed by official documentation.
* feat: Add PM Agent (Project Manager Agent) for seamless orchestration
Introduces PM Agent as the default orchestration layer that coordinates
all sub-agents and manages workflows automatically.
Key Features:
- Default orchestration: All user interactions handled by PM Agent
- Auto-delegation: Intelligent sub-agent selection based on task analysis
- Docker Gateway integration: Zero-token baseline with dynamic MCP loading
- Self-improvement loop: Automatic documentation of patterns and mistakes
- Optional override: Users can specify sub-agents explicitly if desired
Architecture:
- Agent spec: SuperClaude/Agents/pm-agent.md
- Command: SuperClaude/Commands/pm.md
- Updated docs: README.md (15→16 agents), agents.md (new Orchestration category)
User Experience:
- Default: PM Agent handles everything (seamless, no manual routing)
- Optional: Explicit --agent flag for direct sub-agent access
- Both modes available simultaneously (no user downside)
Implementation Status:
- ✅ Specification complete
- ✅ Documentation complete
- ⏳ Prototype implementation needed
- ⏳ Docker Gateway integration needed
- ⏳ Testing and validation needed
Refs: kazukinakai/docker-mcp-gateway (IRIS MCP Gateway integration)
* feat: Add Agent Orchestration rules for PM Agent default activation
Implements PM Agent as the default orchestration layer in RULES.md.
Key Changes:
- New 'Agent Orchestration' section (CRITICAL priority)
- PM Agent receives ALL user requests by default
- Manual override with @agent-[name] bypasses PM Agent
- Agent Selection Priority clearly defined:
1. Manual override → Direct routing
2. Default → PM Agent → Auto-delegation
3. Delegation based on keywords, file types, complexity, context
User Experience:
- Default: PM Agent handles everything (seamless)
- Override: @agent-[name] for direct specialist access
- Transparent: PM Agent reports delegation decisions
This establishes PM Agent as the orchestration layer while
respecting existing auto-activation patterns and manual overrides.
Next Steps:
- Local testing in agiletec project
- Iteration based on actual behavior
- Documentation updates as needed
* refactor(pm-agent): redesign as self-improvement meta-layer
Problem Resolution:
PM Agent's initial design competed with existing auto-activation for task routing,
creating confusion about orchestration responsibilities and adding unnecessary complexity.
Design Change:
Redefined PM Agent as a meta-layer agent that operates AFTER specialist agents
complete tasks, focusing on:
- Post-implementation documentation and pattern recording
- Immediate mistake analysis with prevention checklists
- Monthly documentation maintenance and noise reduction
- Pattern extraction and knowledge synthesis
Two-Layer Orchestration System:
1. Task Execution Layer: Existing auto-activation handles task routing (unchanged)
2. Self-Improvement Layer: PM Agent meta-layer handles documentation (new)
Files Modified:
- SuperClaude/Agents/pm-agent.md: Complete rewrite with meta-layer design
- Category: orchestration → meta
- Triggers: All user interactions → Post-implementation, mistakes, monthly
- Behavioral Mindset: Continuous learning system
- Self-Improvement Workflow: BEFORE/DURING/AFTER/MISTAKE RECOVERY/MAINTENANCE
- SuperClaude/Core/RULES.md: Agent Orchestration section updated
- Split into Task Execution Layer + Self-Improvement Layer
- Added orchestration flow diagram
- Clarified PM Agent activates AFTER task completion
- README.md: Updated PM Agent description
- "orchestrates all interactions" → "ensures continuous learning"
- Docs/User-Guide/agents.md: PM Agent section rewritten
- Section: Orchestration Agent → Meta-Layer Agent
- Expertise: Project orchestration → Self-improvement workflow executor
- Examples: Task coordination → Post-implementation documentation
- PR_DOCUMENTATION.md: Comprehensive PR documentation added
- Summary, motivation, changes, testing, breaking changes
- Two-layer orchestration system diagram
- Verification checklist
Integration Validated:
Tested with agiletec project's self-improvement-workflow.md:
✅ PM Agent aligns with existing BEFORE/DURING/AFTER/MISTAKE RECOVERY phases
✅ Complements (not competes with) existing workflow
✅ agiletec workflow defines WHAT, PM Agent defines WHO executes it
Breaking Changes: None
- Existing auto-activation continues unchanged
- Specialist agents unaffected
- User workflows remain the same
- New capability: Automatic documentation and knowledge maintenance
Value Proposition:
Transforms SuperClaude into a continuously learning system that accumulates
knowledge, prevents recurring mistakes, and maintains fresh documentation
without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* docs: add Claude Code conversation history management research
Research covering .jsonl file structure, performance impact, and retention policies.
Content:
- Claude Code .jsonl file format and message types
- Performance issues from GitHub (memory leaks, conversation compaction)
- Retention policies (consumer vs enterprise)
- Rotation recommendations based on actual data
- File history snapshot tracking mechanics
Source: Moved from agiletec project (research applicable to all Claude Code projects)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: add Development documentation structure
Phase 1: Documentation Structure complete
- Add Docs/Development/ directory for development documentation
- Add ARCHITECTURE.md - System architecture with PM Agent meta-layer
- Add ROADMAP.md - 5-phase development plan with checkboxes
- Add TASKS.md - Daily task tracking with progress indicators
- Add PROJECT_STATUS.md - Current status dashboard and metrics
- Add pm-agent-integration.md - Implementation guide for PM Agent mode
This establishes comprehensive documentation foundation for:
- System architecture understanding
- Development planning and tracking
- Implementation guidance
- Progress visibility
Related: #pm-agent-mode #documentation #phase-1
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat: PM Agent session lifecycle and PDCA implementation
Phase 2: PM Agent Mode Integration (Design Phase)
Commands/pm.md updates:
- Add "Always-Active Foundation Layer" concept
- Add Session Lifecycle (Session Start/During Work/Session End)
- Add PDCA Cycle (Plan/Do/Check/Act) automation
- Add Serena MCP Memory Integration (list/read/write_memory)
- Document auto-activation triggers
Agents/pm-agent.md updates:
- Add Session Start Protocol (MANDATORY auto-activation)
- Add During Work PDCA Cycle with example workflows
- Add Session End Protocol with state preservation
- Add PDCA Self-Evaluation Pattern
- Add Documentation Strategy (temp → patterns/mistakes)
- Add Memory Operations Reference
Key Features:
- Session start auto-activation for context restoration
- 30-minute checkpoint saves during work
- Self-evaluation with think_about_* operations
- Systematic documentation lifecycle
- Knowledge evolution to CLAUDE.md
Implementation Status:
- ✅ Design complete (Commands/pm.md, Agents/pm-agent.md)
- ⏳ Implementation pending (Core components)
- ⏳ Serena MCP integration pending
Salvaged from mistaken development in ~/.claude directory
Related: #pm-agent-mode #session-lifecycle #pdca-cycle #phase-2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* fix: disable Serena MCP auto-browser launch
Disable web dashboard and GUI log window auto-launch in Serena MCP server
to prevent intrusive browser popups on startup. Users can still manually
access the dashboard at http://localhost:24282/dashboard/ if needed.
Changes:
- Add CLI flags to Serena run command:
- --enable-web-dashboard false
- --enable-gui-log-window false
- Ensures Git-tracked configuration (no reliance on ~/.serena/serena_config.yml)
- Aligns with AIRIS MCP Gateway integration approach
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* refactor: rename directories to lowercase for PEP8 compliance
- Rename superclaude/Agents -> superclaude/agents
- Rename superclaude/Commands -> superclaude/commands
- Rename superclaude/Core -> superclaude/core
- Rename superclaude/Examples -> superclaude/examples
- Rename superclaude/MCP -> superclaude/mcp
- Rename superclaude/Modes -> superclaude/modes
This change follows Python PEP8 naming conventions for package directories.
* style: fix PEP8 violations and update package name to lowercase
Changes:
- Format all Python files with black (43 files reformatted)
- Update package name from 'SuperClaude' to 'superclaude' in pyproject.toml
- Fix import statements to use lowercase package name
- Add missing imports (timedelta, __version__)
- Remove old SuperClaude.egg-info directory
PEP8 violations reduced from 2672 to 701 (mostly E501 line length due to black's 88 char vs flake8's 79 char limit).
* docs: add PM Agent development documentation
Add comprehensive PM Agent development documentation:
- PM Agent ideal workflow (7-phase autonomous cycle)
- Project structure understanding (Git vs installed environment)
- Installation flow understanding (CommandsComponent behavior)
- Task management system (current-tasks.md)
Purpose: Eliminate repeated explanations and enable autonomous PDCA cycles
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(pm-agent): add self-correcting execution and warning investigation culture
## Changes
### superclaude/commands/pm.md
- Add "Self-Correcting Execution" section with root cause analysis protocol
- Add "Warning/Error Investigation Culture" section enforcing zero-tolerance for dismissal
- Define error detection protocol: STOP → Investigate → Hypothesis → Different Solution → Execute
- Document anti-patterns (retry without understanding) and correct patterns (research-first)
### docs/Development/hypothesis-pm-autonomous-enhancement-2025-10-14.md
- Add PDCA workflow hypothesis document for PM Agent autonomous enhancement
## Rationale
PM Agent must never retry failed operations without understanding root causes.
All warnings and errors require investigation via context7/WebFetch/documentation
to ensure production-quality code and prevent technical debt accumulation.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
* feat(installer): add airis-mcp-gateway MCP server option
## Changes
- Add airis-mcp-gateway to MCP server options in installer
- Configuration: GitHub-based installation via uvx
- Repository: https://github.com/oraios/airis-mcp-gateway
- Purpose: Dynamic MCP Gateway for zero-token baseline and on-demand tool loading
## Implementation
Added to setup/components/mcp.py self.mcp_servers dictionary with:
- install_method: github
- install_command: uvx test installation
- run_command: uvx runtime execution
- required: False (optional server)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: kazuki <kazuki@kazukinoMacBook-Air.local>
Co-authored-by: Claude <noreply@anthropic.com>
2025-10-14 12:17:09 +09:00
- [Session Management Guide ](docs/User-Guide/session-management.md ) - Secure session handling
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
- Memory Security - Secure handling of persistent session data
- Project Isolation - Security boundaries between different projects
- Context Security - Secure context loading and validation
2025-07-14 14:28:11 +02:00
### External Security Resources
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Security Standards and Frameworks:**
- **OWASP Top 10**: Web application security risks and mitigation strategies
- **NIST Cybersecurity Framework**: Comprehensive security risk management
- **CIS Controls**: Critical security controls for effective cyber defense
- **ISO 27001**: Information security management systems standard
**Python Security Resources:**
- **Python Security**: https://python-security.readthedocs.io/
- **Bandit**: Security linting for Python code
- **Safety**: Python dependency vulnerability scanning
- **PyUp.io**: Automated Python security monitoring
**Node.js Security Resources:**
- **Node.js Security Working Group**: https://github.com/nodejs/security-wg
- **npm audit**: Dependency vulnerability scanning
- **Snyk**: Comprehensive dependency security monitoring
- **Node Security Platform**: Security advisories and vulnerability database
**AI/ML Security:**
- **OWASP AI Security**: AI/ML security guidance and best practices
- **NIST AI Risk Management Framework**: AI system security considerations
- **Microsoft Responsible AI**: AI security and privacy best practices
- **Google AI Safety**: AI system safety and security research
**Development Security:**
- **OWASP DevSecOps**: Security integration in development workflows
- **GitHub Security Features**: Security scanning and dependency management
- **SAST Tools**: Static application security testing resources
- **Secure Code Review**: Security-focused code review practices
2025-07-14 14:28:11 +02:00
---
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Security Policy Maintenance:**
**Last Updated**: December 2024 (SuperClaude Framework v4.0)
**Next Review**: March 2025 (Quarterly review cycle)
2025-09-26 19:37:34 +05:30
**Version**: 4.1.5 (Updated for v4 architectural changes)
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Review Schedule:**
- **Quarterly Reviews**: Security policy accuracy and completeness assessment
- **Release Reviews**: Policy updates for new features and architectural changes
- **Incident Reviews**: Policy updates based on security incidents and lessons learned
- **Annual Assessment**: Comprehensive security policy and procedure review
**Change Management:**
- **Minor Updates**: Clarifications and contact information updates
- **Major Updates**: Architectural changes, new security features, and process improvements
- **Emergency Updates**: Critical security policy changes requiring immediate implementation
- **Community Input**: Regular solicitation of community feedback and improvement suggestions
**Security Contributor Acknowledgments:**
SuperClaude Framework's security posture benefits from community-driven security research, responsible disclosure, and collaborative improvement efforts.
**Security Contributors:**
- Security researchers who responsibly disclose vulnerabilities
- Community members who identify and report security configuration issues
- Developers who contribute security-focused code improvements and testing
- Documentation contributors who improve security guidance and best practices
**Recognition:**
- [GitHub Contributors ](https://github.com/SuperClaude-Org/SuperClaude_Framework/graphs/contributors ) - Complete contributor recognition
- Security advisories include researcher acknowledgment and credit
- Annual security report highlights significant security contributions
- Community discussions celebrate helpful security guidance and support
**Ongoing Security Community:**
The SuperClaude security community continues growing through shared commitment to secure AI-assisted development workflows. Security-focused contributions, from vulnerability reports to secure coding practices, strengthen the framework for all users.
2025-07-14 14:28:11 +02:00
Complete comprehensive documentation implementation
- Implement content for 200+ TODO placeholders across all documentation
- Create complete documentation structure: Getting-Started, User-Guide, Developer-Guide, Reference
- Add comprehensive guides for commands, agents, modes, MCP servers, flags, session management
- Implement technical architecture, contributing, testing, and security documentation
- Create examples cookbook, troubleshooting guide, and best practices documentation
- Update administrative files: CONTRIBUTING.md, SECURITY.md, PUBLISHING.md, CODE_OF_CONDUCT.md
- Ensure factual accuracy based on actual SuperClaude implementation analysis
- Maintain professional structure with progressive complexity and cross-references
- Provide complete coverage from beginner to expert level usage
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-16 19:22:54 +02:00
**Join Security Efforts:**
Whether you're reporting security issues, improving security documentation, or contributing security-focused code, your efforts help build more secure software development tools for the entire community.
