name	code-obfuscator
type	skill
description	MCP git-style obfuscation workflow (`ls_tree`, `ls_files`, `pull`, `clone`, `status`, `push`) with cross-IDE execution patterns for Codex, Claude, and Gemini.
inputs	["task_goal","source_root","workspace_dir","request_id"]
outputs	["changed_files","status_summary","push_result"]
allowed-tools	Read, Write, Edit, Bash, Grep, Glob

Code Obfuscator MCP Skill

Purpose

Use this skill when an agent must safely edit code through obfuscated context and apply results back using MCP git-style semantics.

This skill is designed for:

Codex Agent IDE / codex CLI
Claude with MCP connector
Gemini with MCP-compatible connector/bridge

Canonical Tool Surface

Only use these MCP tools:

ls_tree
ls_files
pull
clone
status
push

Never use legacy names:

list_project_tree
obfuscate_project
obfuscate_project_from_paths
apply_llm_output
deobfuscate_project
deobfuscate_project_from_paths

Core Invariants

Reuse one options.request_id for the full lifecycle.
Keep MCP path arguments stable across clone -> status -> push.
Edit only obfuscated workspace files.
Always run status before push and after push.
Expect clean=true after successful push.

Standard Execution Flow

Flow A: Full workspace (recommended)

Discover files:

tools/list
ls_tree(root_dir)
ls_files(root_dir)

Create obfuscated workspace snapshot:

clone(root_dir, workspace_dir, options.request_id)

Edit obfuscated files in workspace.
Validate pending delta:

status(workspace_dir, options.request_id)

Apply round-trip:

push(workspace_dir, options.request_id)

Verify clean state:

status(workspace_dir, options.request_id)

Flow B: Partial context (targeted)

pull(root_dir, file_paths, options.request_id) for scoped obfuscation.
If edits must be applied to source tree, switch to clone flow for workspace materialization and push.

Path Model (Important)

Many IDE sandboxes cannot write MCP runtime paths (for example /workspace/...) directly from local shell tools.

Use dual-path model when needed:

MCP calls: runtime path (example /workspace/projects/test-obf).
Shell edits: host mirror path mounted to that runtime directory.

If sandbox blocks writes, do not skip push. Re-map workspace path to writable host mirror and retry full flow.

Safety Guardrails

Reject or stop on any tool failure.
Do not bypass status checks.
Do not write outside project root.
Do not follow symlinks for writes/deletes.
Do not alter mapping payload manually in client prompts.
Keep operation request-scoped by request_id.

Prompt Contract For Agents

When instructing another agent, require:

strict tool order: ls_tree -> clone -> status -> push
one fixed request_id
explicit root_dir and workspace_dir
explicit requirement for clean=true after push
stop-on-error with exact error text

Cross-IDE Playbooks

See detailed recipes in:

references/tool-cheatsheet.md
references/ide-playbooks.md
references/server-config-examples.md
references/prompt-templates.md

Agent-specific policy profiles:

agents/codex.yaml
agents/claude.yaml
agents/gemini.yaml

Quick Acceptance Checklist

Before finishing task:

tools/list exposes only git-style tools.
Edited files were obfuscated workspace files, not source originals.
status before push shows expected diff.
push returns applied/deleted lists.
Final status is clean.
Final response includes outcome summary with changed paths.

Troubleshooting Entry Points

unknown request_id -> wrong request_id or expired session.
root_dir does not exist -> wrong runtime path/mount.
refusing to write through symlink -> source path guardrail triggered.
push writes denied -> source volume mounted read-only.
no diff before push -> workspace file edits were not applied to bound workspace.

name	code-obfuscator
type	skill
description	MCP git-style obfuscation workflow (`ls_tree`, `ls_files`, `pull`, `clone`, `status`, `push`) with cross-IDE execution patterns for Codex, Claude, and Gemini.
inputs	["task_goal","source_root","workspace_dir","request_id"]
outputs	["changed_files","status_summary","push_result"]
allowed-tools	Read, Write, Edit, Bash, Grep, Glob

Code Obfuscator MCP Skill

Purpose

Use this skill when an agent must safely edit code through obfuscated context and apply results back using MCP git-style semantics.

This skill is designed for:

Codex Agent IDE / codex CLI
Claude with MCP connector
Gemini with MCP-compatible connector/bridge

Canonical Tool Surface

Only use these MCP tools:

ls_tree
ls_files
pull
clone
status
push

Never use legacy names:

list_project_tree
obfuscate_project
obfuscate_project_from_paths
apply_llm_output
deobfuscate_project
deobfuscate_project_from_paths

Core Invariants

Reuse one options.request_id for the full lifecycle.
Keep MCP path arguments stable across clone -> status -> push.
Edit only obfuscated workspace files.
Always run status before push and after push.
Expect clean=true after successful push.

Standard Execution Flow

Flow A: Full workspace (recommended)

Discover files:

tools/list
ls_tree(root_dir)
ls_files(root_dir)

Create obfuscated workspace snapshot:

clone(root_dir, workspace_dir, options.request_id)

Edit obfuscated files in workspace.
Validate pending delta:

status(workspace_dir, options.request_id)

Apply round-trip:

push(workspace_dir, options.request_id)

Verify clean state:

status(workspace_dir, options.request_id)

Flow B: Partial context (targeted)

pull(root_dir, file_paths, options.request_id) for scoped obfuscation.
If edits must be applied to source tree, switch to clone flow for workspace materialization and push.

Path Model (Important)

Many IDE sandboxes cannot write MCP runtime paths (for example /workspace/...) directly from local shell tools.

Use dual-path model when needed:

MCP calls: runtime path (example /workspace/projects/test-obf).
Shell edits: host mirror path mounted to that runtime directory.

If sandbox blocks writes, do not skip push. Re-map workspace path to writable host mirror and retry full flow.

Safety Guardrails

Reject or stop on any tool failure.
Do not bypass status checks.
Do not write outside project root.
Do not follow symlinks for writes/deletes.
Do not alter mapping payload manually in client prompts.
Keep operation request-scoped by request_id.

Prompt Contract For Agents

When instructing another agent, require:

strict tool order: ls_tree -> clone -> status -> push
one fixed request_id
explicit root_dir and workspace_dir
explicit requirement for clean=true after push
stop-on-error with exact error text

Cross-IDE Playbooks

See detailed recipes in:

references/tool-cheatsheet.md
references/ide-playbooks.md
references/server-config-examples.md
references/prompt-templates.md

Agent-specific policy profiles:

agents/codex.yaml
agents/claude.yaml
agents/gemini.yaml

Quick Acceptance Checklist

Before finishing task:

tools/list exposes only git-style tools.
Edited files were obfuscated workspace files, not source originals.
status before push shows expected diff.
push returns applied/deleted lists.
Final status is clean.
Final response includes outcome summary with changed paths.

Troubleshooting Entry Points

unknown request_id -> wrong request_id or expired session.
root_dir does not exist -> wrong runtime path/mount.
refusing to write through symlink -> source path guardrail triggered.
push writes denied -> source volume mounted read-only.
no diff before push -> workspace file edits were not applied to bound workspace.

code-obfuscator

Code Obfuscator MCP Skill

Purpose

Canonical Tool Surface

Core Invariants

Standard Execution Flow

Flow A: Full workspace (recommended)

Flow B: Partial context (targeted)

Path Model (Important)

Safety Guardrails

Prompt Contract For Agents

Cross-IDE Playbooks

Quick Acceptance Checklist

Troubleshooting Entry Points

المزيد من هذا المستودع

المزيد من هذا المستودع

Code Obfuscator MCP Skill

Purpose

Canonical Tool Surface

Core Invariants

Standard Execution Flow

Flow A: Full workspace (recommended)

Flow B: Partial context (targeted)

Path Model (Important)

Safety Guardrails

Prompt Contract For Agents

Cross-IDE Playbooks

Quick Acceptance Checklist

Troubleshooting Entry Points