charles/claude-hooks

Fork

You've already forked claude-hooks

Code Issues 10 Pull requests Projects Releases Packages 1 Wiki Activity Actions

SC-1 Agent-config schema, migrations, builtin sync #623

New issue

Closed

opened 2026-05-01 10:32:49 +00:00 by claude-desktop · 0 comments

claude-desktop commented

2026-05-01 10:32:49 +00:00

Collaborator

Copy link

User story

As a platform engineer, I want the per-kind tables, the shared revision/secret tables, the builtin-sync boot pass, and the resolver landed and unwired from any caller, so that every artifact is queryable from DB but production paths still consume the existing in-process config and we can layer the migration story-by-story behind a feature flag.

Acceptance criteria

Migration

New migration apps/server/src/infrastructure/database/migrations/NNN-agent-config.ts creates skill, system_prompt, plugin_binding, plugin_marketplace, mcp_server, agent_type_config, config_revision, secret, secret_access_log tables per the spec's schema block.
Indexes: idx_config_revision_lookup on (kind, artifact_id, created_at DESC), idx_secret_access_log_lookup on (secret_id, accessed_at DESC), plus per-table UNIQUE(name, scope, agent_type, instance_id) covering uniqueness for skills / plugins / MCP / marketplaces / system prompts.
Foreign keys to agents(id) ON DELETE CASCADE for every instance_id column so dropping an instance reaps its overrides.

Builtin sync

New apps/server/src/domain/agent-config/builtin-sync.ts exporting syncBuiltinsFromRepo(). Reads /skills/*.md, config/agents.json, config/mcp-builtin.json, config/marketplaces-builtin.json. Upserts scope = 'builtin' rows; drift detection via sha256 stored as builtin_hash.
config/mcp-builtin.json and config/marketplaces-builtin.json are seeded from the current ~/.config/claude-hooks/agent-env/*/.claude.json and settings.json. Secret values replaced by ${SECRET:<NAME>} placeholders. Document the placeholder convention in the file headers.
main.ts calls syncBuiltinsFromRepo() once during startup, after the migration runner.

Resolver

New apps/server/src/domain/agent-config/resolver.ts exports resolveSkill, resolveSystemPrompt, resolvePlugins, resolveMarketplaces, resolveMcpServers.
Shared pickFromLadder helper: returns the most-specific row across instance → agent_type → global → builtin. First-match-wins for string-shaped artifacts.
Per-kind merge for collection-shaped artifacts (plugin_binding, mcp_server, plugin_marketplace): each layer adds rows; an instance-scope row with enabled = false for a plugin name shadows a higher layer's enabled row for the same name.

Tests

Unit: pickFromLadder returns the most-specific row across all four scope shapes, including null/skip cases.
Unit: builtin-sync upserts unchanged rows as no-ops, updates body when the file's sha256 differs.
Unit: resolver layers (global row shadows builtin, agent_type shadows global, instance shadows agent_type).
Unit: collection merge — instance-scope enabled = false shadows agent-type enabled = true for the same plugin name.

Out of scope

Render-to-disk wiring (SC-2).
HTTP routes (SC-7).
Replacing existing loadSkill / system_prompt_template consumers (SC-3, SC-4).

References

specs/agent-config-customization.md §Architecture and §Story SC-1
apps/server/src/infrastructure/database/ — existing migrations + DAOs
apps/server/src/domain/analytics/skill-loader.ts — loadSkill filesystem reader (consumed by builtin-sync)
apps/server/src/shared/config/agents-config-schema.ts — agents.json schema (read by builtin-sync)

## User story As a platform engineer, I want the per-kind tables, the shared revision/secret tables, the builtin-sync boot pass, and the resolver landed and unwired from any caller, so that every artifact is queryable from DB but production paths still consume the existing in-process config and we can layer the migration story-by-story behind a feature flag. ## Acceptance criteria ### Migration - [ ] New migration `apps/server/src/infrastructure/database/migrations/NNN-agent-config.ts` creates `skill`, `system_prompt`, `plugin_binding`, `plugin_marketplace`, `mcp_server`, `agent_type_config`, `config_revision`, `secret`, `secret_access_log` tables per the spec's schema block. - [ ] Indexes: `idx_config_revision_lookup` on `(kind, artifact_id, created_at DESC)`, `idx_secret_access_log_lookup` on `(secret_id, accessed_at DESC)`, plus per-table `UNIQUE(name, scope, agent_type, instance_id)` covering uniqueness for skills / plugins / MCP / marketplaces / system prompts. - [ ] Foreign keys to `agents(id) ON DELETE CASCADE` for every `instance_id` column so dropping an instance reaps its overrides. ### Builtin sync - [ ] New `apps/server/src/domain/agent-config/builtin-sync.ts` exporting `syncBuiltinsFromRepo()`. Reads `/skills/*.md`, `config/agents.json`, `config/mcp-builtin.json`, `config/marketplaces-builtin.json`. Upserts `scope = 'builtin'` rows; drift detection via sha256 stored as `builtin_hash`. - [ ] `config/mcp-builtin.json` and `config/marketplaces-builtin.json` are seeded from the current `~/.config/claude-hooks/agent-env/*/.claude.json` and `settings.json`. Secret values replaced by `${SECRET:<NAME>}` placeholders. Document the placeholder convention in the file headers. - [ ] `main.ts` calls `syncBuiltinsFromRepo()` once during startup, after the migration runner. ### Resolver - [ ] New `apps/server/src/domain/agent-config/resolver.ts` exports `resolveSkill`, `resolveSystemPrompt`, `resolvePlugins`, `resolveMarketplaces`, `resolveMcpServers`. - [ ] Shared `pickFromLadder` helper: returns the most-specific row across `instance → agent_type → global → builtin`. First-match-wins for string-shaped artifacts. - [ ] Per-kind merge for collection-shaped artifacts (`plugin_binding`, `mcp_server`, `plugin_marketplace`): each layer adds rows; an instance-scope row with `enabled = false` for a plugin name shadows a higher layer's enabled row for the same name. ### Tests - [ ] Unit: `pickFromLadder` returns the most-specific row across all four scope shapes, including null/skip cases. - [ ] Unit: builtin-sync upserts unchanged rows as no-ops, updates body when the file's sha256 differs. - [ ] Unit: resolver layers (`global` row shadows `builtin`, `agent_type` shadows `global`, `instance` shadows `agent_type`). - [ ] Unit: collection merge — instance-scope `enabled = false` shadows agent-type `enabled = true` for the same plugin name. ## Out of scope - Render-to-disk wiring (SC-2). - HTTP routes (SC-7). - Replacing existing `loadSkill` / `system_prompt_template` consumers (SC-3, SC-4). ## References - `specs/agent-config-customization.md` §Architecture and §Story SC-1 - `apps/server/src/infrastructure/database/` — existing migrations + DAOs - `apps/server/src/domain/analytics/skill-loader.ts` — `loadSkill` filesystem reader (consumed by builtin-sync) - `apps/server/src/shared/config/agents-config-schema.ts` — `agents.json` schema (read by builtin-sync)

claude-desktop added the

area:agents

type:user-story

labels

2026-05-01 10:36:26 +00:00

claude-desktop added this to the Agent config customization milestone

2026-05-01 10:36:35 +00:00

code-lead was assigned by claude-desktop

2026-05-01 10:43:56 +00:00

code-lead referenced this issue from a commit

2026-05-01 10:59:50 +00:00

feat(agent-config): SC-1 schema, builtin sync, resolver

code-lead referenced this issue from a pull request that will close it,

2026-05-01 11:00:11 +00:00

feat(agent-config): SC-1 schema, builtin sync, resolver #635

code-lead closed this issue

2026-05-01 11:30:49 +00:00

code-lead referenced this issue from a commit

2026-05-01 11:30:51 +00:00

feat(agent-config): SC-1 schema, builtin sync, resolver (#635)

No Branch/Tag specified

main

chore/sync-pre-push-from-forge-base

fix/flows-yaml-dispatch-identity

feat/board-tap-to-assign

dev/1107

code-lead/1106

code-lead/1108

dev/1104

code-lead/1103

code-lead/1080

dev/1087

feat/flows-yaml-ci-events

chore/board-drop-stalled-and-density-controls

fix/flows-yaml-routes-always-register

flows-yaml/api-defaults

dev/1023

fix/event-log-history-bleed

fix/janitor-fix-ci-logs-and-cap

dev/1022

fix/board-card-provider

code-lead/1036

dev/1025

code-lead/1020

dev/1017

code-lead/1026

feat/web-shortcut-registry-1018

dev/1015

code-lead/1009

code-lead/1008

dev/975

dev/969

dev/973

dev/967

code-lead/968

code-lead/953

dev/970

dev/976

code-lead/966

code-lead/956

code-lead/951

dev/962

dev/963

dev/977

dev/955

dev/983

dev/961

dev/974

code-lead/950

code-lead/939

dev/941

dev/940

dev/937

dev/938

dev/936

dev/935

feat/web-i18n-fr-locale

feat/spec-editor-ui-polish

chore/drop-legacy-compat

fix/skills-drop-preview-pane

fix/882-skills-safety-rail

dev/911

dev/909

dev/923

dev/917

dev/915

feat/879-sr11-m2-drop-legacy-skill

code-lead/873

dev/881

code-lead/869

dev/867

code-lead/845

code-lead/843

code-lead/844

dev/837

dev/861

dev/849

code-lead/837

code-lead/842

fix/dedup-rebase-inflight

dev/838

code-lead/847

dev/833

code-lead/848

pr/838

code-lead/841

feat/settings-save-bar/836

code-lead/840

dev/846

code-lead/839

dev/832

fix/board-sse-stale-cache

dev/834

dev/835

feat/settings-breadcrumbs

feat/forge-oauth-credentials

refactor/service-config-consolidation

feat/agent-tokens-to-secrets

feat/gitlab-oauth-to-db

feat/authelia-rip-and-voice-fixes

fix/rebase-storm-and-dead-letter

code-lead/797

code-lead/796

dev/811

code-lead/798

dev/810

code-lead/795

dev/808

code-lead/794

dev/805

dev/802

dev/803

feat/avatar-menu-settings-entry

feat/per-agent-token-tracking

dev/793

dev/747

dev/752

code-lead/790

code-lead/759

dev/756

dev/760

dev/741

dev/767

dev/740

dev/709

dev/644

dev/637

boss/614

dev/600

dev/611

dev/585

fix/login-bonus-fixes

boss/544

dev/542

refactor/api-prefix-and-session-gate

dev/489

boss/531

boss/518

dev/499

boss/516

dev/530

dev/517

dev/519

dev/515

dev/522

dev/503

dev/471

boss/329

dev/417

dev/418

dev/402

boss/327

dev/334

dev/332

boss/326

boss/325

dev/331

boss/324

boss/323

boss/322

dev/294

test/s11-task-analytics

dev/262

boss/270

dev/268

foreman/ui-consolidation-spec

dev/234

boss/196

boss/176

boss/164

fix/124-session-persist-bind

boss/52

dev/87

boss/73

dev/77

dev/81

dev/82

boss/79

dev/42

dev/35

boss/7

No results found.

Labels

Clear labels

area:agents

Agent types, pool scheduling, per-instance config

area:dashboard

Dashboard UI and observability surfaces

area:database

DB layer — schema, migrations, ORM, raw SQL

area:design

UI/UX mockup work — routes to designer agent

area:design-review

Design review dispatch — routes to design-reviewer agent

area:flows

Flow runner — YAML loader, executor, op registry, expression eval

area:infra

Deployment, isolation, containers, systemd units

area:meta

Tracking, scaffolding, project setup

area:security

Security — routes to reviewer-security (opus)

area:sessions

Session-id store, Claude SDK resume logic

area:webhook

Forgejo webhook routing and handlers

area:workdir

Clone cache, worktrees, git identity

security

Security-sensitive issue

Tracking or decisions, not implementation work

No labels

Milestone

Clear milestone

No items

No milestone

Agent config customization

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

code-lead

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

charles/claude-hooks#623

Reference in a new issue

Repository

charles/claude-hooks

Title

Body

No description provided.

Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?

Rows
Columns