بنقرة واحدة
build-dashclaw
Contribute to the DashClaw codebase — architecture, scaffolding, tests, CI
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Contribute to the DashClaw codebase — architecture, scaffolding, tests, CI
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
The single command that gets a DashClaw change ON MAIN AND LIVE — it resolves everything blocking production, never defers, and never hands back a checklist. Lands feature branches on main (rebase, gate, merge, push so Vercel deploys), bumps the unified platform+SDK version, and realigns every *description* of the system with the live code: README, PROJECT_DETAILS, SDK READMEs, /docs, generated artifacts (API inventory, OpenAPI, download bundles), plugins/skills/hooks/MCP, marketing/landing pages, the drift-prone hardcoded counts (routes, SDK methods, MCP tools/resources, guard policies) and stale freshness date-stamps. The one step it can't finish itself is the credential-gated SDK publish (`npm run release:sdks`). Use whenever the user wants to ship, land, or finish a change — get it on main, make it live, cut a release, bump the version, refresh all the docs, make everything accurate, fix wrong counts or old dates. Not for building or debugging the feature itself.
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Human-in-the-loop approval workflows for governed agent actions
Governance behavior for AI agents governed by DashClaw. Teaches the governance protocol: when to call guard (risk thresholds), how to interpret decisions (allow/warn/block/require_approval), when to record actions, how to wait for approvals, and session lifecycle management. Loads org-specific policies and capabilities from MCP resources at session start. Use with @dashclaw/mcp-server. Trigger on: governed agent, dashclaw governance, guard policy, approval wait, governed capability, risk threshold, action recording, session lifecycle.
Set up a DashClaw instance, install the CLI tool, and configure Claude Code hooks
Use when the user needs to run GitNexus CLI commands like analyze/index a repo, check status, clean the index, generate a wiki, or list indexed repos. Examples: "Index this repo", "Reanalyze the codebase", "Generate a wiki"
| name | build-dashclaw |
| description | Contribute to the DashClaw codebase — architecture, scaffolding, tests, CI |
| license | MIT |
| metadata | {"author":"ucsandman","version":"1.0.0","category":"development"} |
Guide for contributing to the DashClaw codebase. Covers architecture, adding new capabilities, testing, and CI.
DashClaw is organized into 3 tiers:
app/api/)7 mandatory endpoints that define DashClaw's governance category:
| Route | Method | Purpose |
|---|---|---|
/api/guard | POST | Policy evaluation — "can I do this?" |
/api/actions | POST, PATCH, GET | Action lifecycle recording |
/api/approvals | POST | Human approval decisions |
/api/assumptions | POST, GET | Reasoning integrity tracking |
/api/signals | GET | Real-time anomaly detection |
/api/policies | GET, POST | Guard policy management |
/api/health | GET | System readiness |
The 7-route boundary is CI-enforced. Adding a new core route requires justification.
app/(extensions)/)Modular operational intelligence:
app/api/_archive/)Legacy features from the "Agent Platform" era. Physically isolated.
| Layer | Technology |
|---|---|
| Runtime | Node.js 20+ |
| Framework | Next.js 16 (App Router) |
| Database | Postgres (Neon recommended) |
| ORM | Drizzle ORM |
| Auth | NextAuth.js v4 |
| UI | React 18, Tailwind CSS 3 |
| Testing | Vitest + jsdom |
| Package Manager | npm |
All IDs are TEXT with crypto-random prefixed values:
import { randomBytes } from 'crypto';
const id = `act_${randomBytes(16).toString('hex')}`;
ID prefixes: ar_ (actions), oc_live_/oc_test_ (API keys), sp_ (scoring profiles), pt_ (prompt templates), etc.
No direct SQL in route handlers. All data access goes through repository modules:
app/lib/repositories/*.repository.js
Route handlers import from repositories, never inline SQL.
Request → Strip client org headers → Rate limit → Route matching
→ Public routes: pass through
→ Protected routes: x-api-key (fast path: timing-safe compare)
→ Inject org context from resolved key
When adding a new feature to DashClaw:
app/lib/repositories/<name>.repository.js (all SQL here)app/lib/<name>.js (business logic)app/api/<name>/route.js (imports from repository)sdk/dashclaw.js (camelCase)sdk-python/dashclaw/client.py (snake_case)docs/sdk-parity.md with new method countsThe v1 SDK has 187 methods across 31 categories. When promoting to v2:
High priority (core governance):
registerOpenLoop() + resolveOpenLoop() — Decision integrityevents() — Real-time SSE eventsheartbeat() + startHeartbeat() — Agent telemetryMedium priority (analytics):
getRecommendations() + recommendAction() — Adaptive learninggetLearningVelocity() + getLearningCurves() — Learning analyticsgetSignals() — Decision integrity signalsSee knowledge/legacy-sdk-reference.md for the full inventory with all method signatures.
# Run all tests (watch mode)
npm run test
# Run tests once (CI mode)
npm run test -- --run
# Run specific test file
npx vitest run app/lib/__tests__/guard.test.js
Tests live alongside their modules or in __tests__/ directories.
Three mandatory CI checks:
# 1. Governance boundary — enforces 7-route API limit
npm run governance:boundary:check
# 2. OpenAPI contract — detects API drift
npm run openapi:check
# 3. Tests
npm run test -- --run
All three must pass before merge.
| File | What to Read |
|---|---|
PROJECT_DETAILS.md | Canonical system map (source of truth) |
CLAUDE.md | Contributing conventions |
app/lib/guard.js | Risk scoring engine |
app/lib/signals.js | Anomaly detection logic |
sdk/dashclaw.js | V2 SDK implementation |
sdk/legacy/dashclaw-v1.js | V1 SDK (187 methods) |
schema/schema.js | Database schema (Drizzle) |
middleware.js | Auth chain |
docs/sdk-parity.md | SDK method parity matrix |
PROJECT_DETAILS.md and CLAUDE.md