jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b5fdf35f1b
rdev/docs/claude-config-api.md
jordan 538ea57ed4 feat: Add claude-config API, security hardening, and testing infrastructure 
Claude Config API (v0.6):
- Add CRUD endpoints for commands, skills, and agents
- Commands/skills/agents stored in /workspace/.claude/ (per-project, in git)
- Credentials shared via PVC at /root/.claude/ (shared across pods)
- Use base64 encoding for file writes (prevents shell injection)
- Add content size limits (1MB max)

Security Hardening:
- Add sanitize package for command/prompt validation
- Add rate limiting middleware (token bucket algorithm)
- Add concurrent command limiting
- Add input sanitization to all command handlers
- Gitignore secrets.yaml and credentials.yaml
- Add *.example templates for secrets

Testing Infrastructure:
- Add testutil package with mocks and fixtures
- Add unit tests for auth package (63% coverage)
- Add unit tests for executor (47% coverage)
- Add handler integration tests (40% coverage)
- Add 100% coverage for sanitize, cmdlimit packages
- Add 96% coverage for ratelimit package

Infrastructure:
- Shared Claude credentials PVC (ReadWriteMany)
- Reduced workspace PVC size from 20Gi to 5Gi
- Add init container cleanup before git clone
- Document Longhorn RWX requirements

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 01:29:13 -07:00

4.0 KiB
Raw Blame History

Claude Config API

Manage Claude Code commands, skills, and agents via the rdev API.

Architecture

/root/.claude/                    # Shared PVC (all projects)
├── .credentials.json             # Auth tokens (shared)
└── settings.json                 # Global preferences

/workspace/.claude/               # In git repo (per-project)
├── commands/                     # Project slash commands
│   └── deploy.md
├── skills/                       # Project skills
│   └── go-testing.md
└── agents/                       # Project agents
    └── code-reviewer.md

Authentication

All endpoints require Authorization: Bearer <api-key> header.

  • projects:read scope for GET endpoints
  • projects:execute scope for POST/PUT/DELETE endpoints

Endpoints

Overview

GET /projects/{id}/claude-config

Returns counts and lists of available commands, skills, and agents.

Response:

{
  "data": {
    "project": "pantheon",
    "path": "/workspace/.claude",
    "commands": ["deploy", "test"],
    "skills": ["go-testing"],
    "agents": ["code-reviewer"]
  }
}

Commands

GET    /projects/{id}/claude-config/commands           # List all
POST   /projects/{id}/claude-config/commands           # Create
GET    /projects/{id}/claude-config/commands/{name}    # Get one
PUT    /projects/{id}/claude-config/commands/{name}    # Update
DELETE /projects/{id}/claude-config/commands/{name}    # Delete

Skills

GET    /projects/{id}/claude-config/skills           # List all
POST   /projects/{id}/claude-config/skills           # Create
GET    /projects/{id}/claude-config/skills/{name}    # Get one
PUT    /projects/{id}/claude-config/skills/{name}    # Update
DELETE /projects/{id}/claude-config/skills/{name}    # Delete

Agents

GET    /projects/{id}/claude-config/agents           # List all
POST   /projects/{id}/claude-config/agents           # Create
GET    /projects/{id}/claude-config/agents/{name}    # Get one
PUT    /projects/{id}/claude-config/agents/{name}    # Update
DELETE /projects/{id}/claude-config/agents/{name}    # Delete

Examples

Create a command

curl -X POST http://localhost:8080/projects/pantheon/claude-config/commands \
  -H "Authorization: Bearer $RDEV_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "deploy",
    "content": "---\ndescription: Deploy to production\n---\n\n1. Run tests\n2. Build image\n3. Deploy to k8s"
  }'

List commands

curl http://localhost:8080/projects/pantheon/claude-config/commands \
  -H "Authorization: Bearer $RDEV_API_KEY"

Get a specific command

curl http://localhost:8080/projects/pantheon/claude-config/commands/deploy \
  -H "Authorization: Bearer $RDEV_API_KEY"

Update a command

curl -X PUT http://localhost:8080/projects/pantheon/claude-config/commands/deploy \
  -H "Authorization: Bearer $RDEV_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "---\ndescription: Deploy to production (updated)\n---\n\nNew steps..."
  }'

Delete a command

curl -X DELETE http://localhost:8080/projects/pantheon/claude-config/commands/deploy \
  -H "Authorization: Bearer $RDEV_API_KEY"

File Format

Commands, skills, and agents are markdown files with optional YAML frontmatter:

---
description: Short description shown in /help
---

# Full instructions

Detailed instructions for Claude...

Git Integration

Since files are stored in /workspace/.claude/, you can commit them to git:

# Via API
POST /projects/pantheon/git
{"args": ["add", ".claude/"]}

POST /projects/pantheon/git
{"args": ["commit", "-m", "Add deploy command"]}

POST /projects/pantheon/git
{"args": ["push"]}

Shared Credentials

Claude auth is stored on a shared PVC (claudebox-shared-claude-config).

Authenticate once, all project pods can use it:

./scripts/claude-auth.sh pantheon  # Auth in any pod
# Now all pods share the credentials