pr for claude skills

.devcontainer/Dockerfile

@@ -1,54 +1,50 @@
-FROM library/python:3.12-bullseye
+FROM library/python:3.12-bookworm
 
 ARG USER=vscode
 ARG USER_UID=1000
 ARG USER_GID=1000
-
 ARG DEBIAN_FRONTEND=noninteractive
 
-# Install system dependencies in a single layer
+# Base CLI tooling (sudo, git, ripgrep/fd for editors, etc.).
 RUN apt update && apt install -y --no-install-recommends \
-    sudo jq vim curl\
-    && apt autoremove -y \
+      sudo jq vim curl bash-completion \
+      ripgrep fd-find git make unzip \
     && rm -rf /var/lib/apt/lists/*
 
-# Create the user and grant sudo privileges
-RUN useradd -m -s /bin/bash ${USER} \
+# Passwordless-sudo dev user (UID/GID injected from the host via compose).
+RUN useradd -m -s /bin/bash -u ${USER_UID} ${USER} \
     && echo "${USER} ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/${USER} \
     && chmod 0440 /etc/sudoers.d/${USER}
 
-# Install Node.js 22 (from NodeSource)
+# Node 22 (NodeSource).
 RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
-    && apt install -y nodejs \
-    && node -v \
-    && npm -v
+    && apt install -y nodejs
 
-# # Install aws
-# RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
-# RUN unzip awscliv2.zip
-# RUN ./aws/install
+# GitHub CLI — used by the postCreate skill installer to authenticate against
+# private Hestia-Homes repos via the host's mounted ~/.config/gh.
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \
+      | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \
+      > /etc/apt/sources.list.d/github-cli.list \
+    && apt update && apt install -y gh \
+    && rm -rf /var/lib/apt/lists/*
 
-# # Install terraform
-# RUN apt-get update && sudo apt-get install -y gnupg software-properties-common
-# RUN wget -O- https://apt.releases.hashicorp.com/gpg | \
-# gpg --dearmor | \
-# sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null
-# RUN echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
-# https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
-# tee /etc/apt/sources.list.d/hashicorp.list
-# RUN apt update
-# RUN apt-get install terraform
-# RUN terraform -install-autocomplete
+# Download Neovim (latest release tarball from GitHub) and symlink onto PATH.
+RUN curl -fsSL https://github.com/neovim/neovim/releases/latest/download/nvim-linux-x86_64.tar.gz \
+      | tar -xz -C /opt \
+    && ln -s /opt/nvim-linux-x86_64/bin/nvim /usr/local/bin/nvim
 
-# Install Claude
 USER ${USER}
-RUN curl -fsSL https://claude.ai/install.sh | bash \
-    && export PATH="/home/${USER}/.local/bin:${PATH}" \
-    && claude plugin marketplace add JuliusBrussee/caveman \
-    && claude plugin install caveman@caveman
-ENV PATH="/home/vscode/.local/bin:${PATH}"
+
+# LazyVim starter config (.git stripped so the user owns the files).
+RUN git clone https://github.com/LazyVim/starter /home/${USER}/.config/nvim \
+    && rm -rf /home/${USER}/.config/nvim/.git
+
+# Download + install Claude Code CLI (installs to ~/.local/bin).
+RUN curl -fsSL https://claude.ai/install.sh | bash
+ENV PATH="/home/${USER}/.local/bin:${PATH}"
+
 USER root
 
-
-# Set the working directory
-WORKDIR /workspaces/assessment-model
+WORKDIR /workspaces/assessment-model

.devcontainer/devcontainer.json

@@ -4,13 +4,24 @@
   "service": "frontend",
   "remoteUser": "vscode",
   "workspaceFolder": "/workspaces/assessment-model",
-  "postStartCommand": "bash .devcontainer/post-install.sh",
-  "forwardPorts": [3000], # For vscode
-  "appPort": ["3000:3000"], # For devcontainer shell
+
+  // Host preflight: ensure GitHub auth exists before we try to build.
+  // Either ~/.config/gh (from `gh auth login`) or a GITHUB_TOKEN env var.
+  "initializeCommand": "test -d \"$HOME/.config/gh\" || test -n \"$GITHUB_TOKEN\" || { echo >&2 'error: no GitHub auth found. Run `gh auth login && gh auth setup-git` on the host, or export GITHUB_TOKEN, then retry.'; exit 1; }",
+
+  // Install Domna's curated skill set (pinned to 0.0.5) into this workspace,
+  // then install npm deps. `gh repo clone` handles private-repo auth using
+  // the mounted host ~/.config/gh.
+  "postCreateCommand": "gh repo clone Hestia-Homes/agentic-toolkit /tmp/agentic-toolkit -- --branch 0.0.5 --depth 1 && bash /tmp/agentic-toolkit/setup.sh && npm install",
+
+  "forwardPorts": [3000],
+  "appPort": ["3000:3000"],
+
   "mounts": [
     // Optional, just makes getting from Downloads (local env) easier
     "source=${localEnv:HOME},target=/workspaces/home,type=bind"
   ],
+
   "customizations": {
     "vscode": {
       "settings": {

.devcontainer/docker-compose.yml

@@ -3,6 +3,7 @@ services:
     build:
       context: ..
       dockerfile: .devcontainer/Dockerfile
+      # Match host UID/GID so files written in the container aren't root-owned.
       args:
         USER_UID: ${UID:-1000}
         USER_GID: ${GID:-1000}
@@ -11,6 +12,15 @@ services:
       - "3000:3000"
     volumes:
       - ..:/workspaces/assessment-model
+      - ~/.gitconfig:/home/vscode/.gitconfig:ro
+      # GitHub CLI auth from host (created by `gh auth login`). Used by the
+      # postCreate skill installer to clone private Hestia-Homes repos.
+      - ~/.config/gh:/home/vscode/.config/gh:ro
+    environment:
+      # Host SSH agent — for `git push` etc. inside the container.
+      - SSH_AUTH_SOCK=${SSH_AUTH_SOCK:-}
+      # Fallback HTTPS auth if ~/.config/gh isn't present on the host.
+      - GITHUB_TOKEN=${GITHUB_TOKEN:-}
     networks:
       - frontend-net
 

.devcontainer/post-install.sh

@@ -1 +0,0 @@
-npm install;

devcontainer.sh

@@ -23,8 +23,6 @@ CONFIG_PATH="${REPO_ROOT}/.devcontainer/devcontainer.json"
 
 VALID_COMMANDS=(up shell down rebuild)
 
-# --- helpers ---------------------------------------------------------------
-
 usage() {
   sed -n '3,15p' "${BASH_SOURCE[0]}" | sed 's/^# \{0,1\}//'
   exit "${1:-0}"
@@ -36,8 +34,7 @@ die() {
 }
 
 in_list() {
-  local needle="$1"
-  shift
+  local needle="$1"; shift
   local item
   for item in "$@"; do
     [[ "${item}" == "${needle}" ]] && return 0
@@ -52,10 +49,7 @@ container_id() {
     --filter "label=devcontainer.config_file=${CONFIG_PATH}"
 }
 
-# --- argument parsing ------------------------------------------------------
-
 [[ $# -eq 1 ]] || usage 1
-
 COMMAND="$1"
 
 in_list "${COMMAND}" "${VALID_COMMANDS[@]}" \
@@ -65,8 +59,6 @@ in_list "${COMMAND}" "${VALID_COMMANDS[@]}" \
 
 DC_ARGS=(--workspace-folder "${REPO_ROOT}")
 
-# --- dispatch --------------------------------------------------------------
-
 case "${COMMAND}" in
   up)
     echo ">> bringing up devcontainer"
@@ -74,8 +66,6 @@ case "${COMMAND}" in
     ;;
 
   shell)
-    # Auto-up if not already running. `devcontainer up` is idempotent —
-    # it reuses an existing container, so this is cheap on warm starts.
     if [[ -z "$(container_id)" ]]; then
       echo ">> devcontainer not running, bringing it up first"
       devcontainer up "${DC_ARGS[@]}"