jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0f25bd8dbe
rdev/docs/claude-config-api.md
jordan 538ea57ed4 feat: Add claude-config API, security hardening, and testing infrastructure 
Claude Config API (v0.6):
- Add CRUD endpoints for commands, skills, and agents
- Commands/skills/agents stored in /workspace/.claude/ (per-project, in git)
- Credentials shared via PVC at /root/.claude/ (shared across pods)
- Use base64 encoding for file writes (prevents shell injection)
- Add content size limits (1MB max)

Security Hardening:
- Add sanitize package for command/prompt validation
- Add rate limiting middleware (token bucket algorithm)
- Add concurrent command limiting
- Add input sanitization to all command handlers
- Gitignore secrets.yaml and credentials.yaml
- Add *.example templates for secrets

Testing Infrastructure:
- Add testutil package with mocks and fixtures
- Add unit tests for auth package (63% coverage)
- Add unit tests for executor (47% coverage)
- Add handler integration tests (40% coverage)
- Add 100% coverage for sanitize, cmdlimit packages
- Add 96% coverage for ratelimit package

Infrastructure:
- Shared Claude credentials PVC (ReadWriteMany)
- Reduced workspace PVC size from 20Gi to 5Gi
- Add init container cleanup before git clone
- Document Longhorn RWX requirements

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 01:29:13 -07:00

167 lines
4.0 KiB
Markdown
Raw Blame History

# Claude Config API
Manage Claude Code commands, skills, and agents via the rdev API.
## Architecture
```
/root/.claude/ # Shared PVC (all projects)
├── .credentials.json # Auth tokens (shared)
└── settings.json # Global preferences
/workspace/.claude/ # In git repo (per-project)
├── commands/ # Project slash commands
│ └── deploy.md
├── skills/ # Project skills
│ └── go-testing.md
└── agents/ # Project agents
└── code-reviewer.md
```
## Authentication
All endpoints require `Authorization: Bearer <api-key>` header.
- `projects:read` scope for GET endpoints
- `projects:execute` scope for POST/PUT/DELETE endpoints
## Endpoints
### Overview
```
GET /projects/{id}/claude-config
```
Returns counts and lists of available commands, skills, and agents.
**Response:**
```json
{
"data": {
"project": "pantheon",
"path": "/workspace/.claude",
"commands": ["deploy", "test"],
"skills": ["go-testing"],
"agents": ["code-reviewer"]
}
}
```
### Commands
```
GET /projects/{id}/claude-config/commands # List all
POST /projects/{id}/claude-config/commands # Create
GET /projects/{id}/claude-config/commands/{name} # Get one
PUT /projects/{id}/claude-config/commands/{name} # Update
DELETE /projects/{id}/claude-config/commands/{name} # Delete
```
### Skills
```
GET /projects/{id}/claude-config/skills # List all
POST /projects/{id}/claude-config/skills # Create
GET /projects/{id}/claude-config/skills/{name} # Get one
PUT /projects/{id}/claude-config/skills/{name} # Update
DELETE /projects/{id}/claude-config/skills/{name} # Delete
```
### Agents
```
GET /projects/{id}/claude-config/agents # List all
POST /projects/{id}/claude-config/agents # Create
GET /projects/{id}/claude-config/agents/{name} # Get one
PUT /projects/{id}/claude-config/agents/{name} # Update
DELETE /projects/{id}/claude-config/agents/{name} # Delete
```
## Examples
### Create a command
```bash
curl -X POST http://localhost:8080/projects/pantheon/claude-config/commands \
-H "Authorization: Bearer $RDEV_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "deploy",
"content": "---\ndescription: Deploy to production\n---\n\n1. Run tests\n2. Build image\n3. Deploy to k8s"
}'
```
### List commands
```bash
curl http://localhost:8080/projects/pantheon/claude-config/commands \
-H "Authorization: Bearer $RDEV_API_KEY"
```
### Get a specific command
```bash
curl http://localhost:8080/projects/pantheon/claude-config/commands/deploy \
-H "Authorization: Bearer $RDEV_API_KEY"
```
### Update a command
```bash
curl -X PUT http://localhost:8080/projects/pantheon/claude-config/commands/deploy \
-H "Authorization: Bearer $RDEV_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"content": "---\ndescription: Deploy to production (updated)\n---\n\nNew steps..."
}'
```
### Delete a command
```bash
curl -X DELETE http://localhost:8080/projects/pantheon/claude-config/commands/deploy \
-H "Authorization: Bearer $RDEV_API_KEY"
```
## File Format
Commands, skills, and agents are markdown files with optional YAML frontmatter:
```markdown
---
description: Short description shown in /help
---
# Full instructions
Detailed instructions for Claude...
```
## Git Integration
Since files are stored in `/workspace/.claude/`, you can commit them to git:
```bash
# Via API
POST /projects/pantheon/git
{"args": ["add", ".claude/"]}
POST /projects/pantheon/git
{"args": ["commit", "-m", "Add deploy command"]}
POST /projects/pantheon/git
{"args": ["push"]}
```
## Shared Credentials
Claude auth is stored on a shared PVC (`claudebox-shared-claude-config`).
Authenticate once, all project pods can use it:
```bash
./scripts/claude-auth.sh pantheon # Auth in any pod
# Now all pods share the credentials
```
Reference in New Issue View Git Blame Copy Permalink