0.5.6 Beta

.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "cortexlink",
   "description": "Cross-agent workflow plugin — gives your agent the full programmatic reference for every CLI tool you use. One plugin. Every CLI. Stay in flow.",
-  "version": "0.5.5",
+  "version": "0.5.7",
   "author": {
     "name": "namos2502"
   },

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to CortexLink will be documented here.
 
+## [0.5.7] — 2026-03-24
+
+### Improved
+- **Commands:** Added `allowed-tools` frontmatter to `setup` (Read, Edit, Bash) and `cleanup` (Read, Edit) — restricts tool availability to the minimum required set (does not suppress permission prompts; use `--allow-tool` at session level for that)
+- **Commands:** Fixed `help` command directive style — replaced indirect "Reply to the user with..." with direct output instruction
+- **Skills:** All three skill descriptions rewritten to third-person trigger format ("This skill should be used when...") for reliable auto-activation
+- **Skills:** Added `user-invocable: false` to `orchestration`, `copilot-cli`, and `claude-cli` skills — these are internal protocol skills, not user-invocable actions
+- **Skills:** Split `orchestration/SKILL.md` (8.8 KB → 5.3 KB) — delegation prompt template and report format details extracted to `references/delegation-template.md` and `references/report-format.md` for progressive disclosure
+
+## [0.5.6] — 2026-03-23
+
+### Fixed
+- Removed `-s` flag from all Copilot CLI invocation patterns — causes exit code 1, not a valid flag for programmatic use
+- Copilot CLI sandbox fix: no `--cwd` flag exists; all invocations now `cd` to repo root first (`cd $(git rev-parse --show-toplevel) &&`) — prevents silent file access failures under `--no-ask-user` when invoked from a subdirectory
+- `--allow-tool` values corrected to no-space format (`'write,read'`, `'write,shell(git:*),read'`)
+- Model updated to `--model=claude-sonnet-4-5` for real tasks (was "omit"); `--model=claude-haiku-4.5` kept for availability checks only
+- Claude CLI: added `--cwd $(git rev-parse --show-toplevel)` to all invocation patterns — same sandbox restriction applies
+- Orchestration detection command: removed `-s`, added `cd` to repo root
+
 ## [0.5.5] — 2026-03-23
 
 ### Changed

commands/cleanup.md

@@ -1,5 +1,6 @@
 ---
 description: "Remove CortexLink configuration added by /cortexlink:setup"
+allowed-tools: Read, Edit
 ---
 
 Remove the CortexLink sections that were added during setup. Run the following steps in order.

commands/help.md

@@ -2,7 +2,7 @@
 description: "Show CortexLink plugin information and how to get started"
 ---
 
-Reply to the user with the following information:
+Output the following to the user:
 
 **CortexLink** — One plugin. Every CLI. Stay in flow.
 

commands/setup.md

@@ -1,5 +1,6 @@
 ---
 description: "One-time setup — detects installed CLI agents, authenticates, and registers CortexLink as always-on in ~/.claude/CLAUDE.md and ~/.copilot/copilot-instructions.md"
+allowed-tools: Read, Edit, Bash
 ---
 
 Run the following steps in order and report the results clearly to the user.
@@ -32,7 +33,7 @@ Then ask the user to re-run `/cortexlink:setup` after installing at least one ag
 
 For Copilot CLI (if installed):
 ```bash
-copilot -p "ping" -s --no-ask-user --no-auto-update --no-color --allow-tool='read' --model=claude-haiku-4.5 2>/dev/null
+copilot -p "ping" --no-ask-user --no-auto-update --no-color --allow-tool='read' --model=claude-haiku-4.5 2>/dev/null
 ```
 If this fails, tell the user to run `copilot login`.
 

hooks/hooks.json

@@ -0,0 +1,16 @@
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "matcher": "startup|clear|compact",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "\"${CLAUDE_PLUGIN_ROOT}/hooks/run-hook.cmd\" session-start",
+            "async": false
+          }
+        ]
+      }
+    ]
+  }
+}

hooks/run-hook.cmd

@@ -0,0 +1,46 @@
+: << 'CMDBLOCK'
+@echo off
+REM Cross-platform polyglot wrapper for hook scripts.
+REM On Windows: cmd.exe runs the batch portion, which finds and calls bash.
+REM On Unix: the shell interprets this as a script (: is a no-op in bash).
+REM
+REM Hook scripts use extensionless filenames (e.g. "session-start" not
+REM "session-start.sh") so Claude Code's Windows auto-detection -- which
+REM prepends "bash" to any command containing .sh -- doesn't interfere.
+REM
+REM Usage: run-hook.cmd <script-name> [args...]
+
+if "%~1"=="" (
+    echo run-hook.cmd: missing script name >&2
+    exit /b 1
+)
+
+set "HOOK_DIR=%~dp0"
+
+REM Try Git for Windows bash in standard locations
+if exist "C:\Program Files\Git\bin\bash.exe" (
+    "C:\Program Files\Git\bin\bash.exe" "%HOOK_DIR%%~1" %2 %3 %4 %5 %6 %7 %8 %9
+    exit /b %ERRORLEVEL%
+)
+if exist "C:\Program Files (x86)\Git\bin\bash.exe" (
+    "C:\Program Files (x86)\Git\bin\bash.exe" "%HOOK_DIR%%~1" %2 %3 %4 %5 %6 %7 %8 %9
+    exit /b %ERRORLEVEL%
+)
+
+REM Try bash on PATH (e.g. user-installed Git Bash, MSYS2, Cygwin)
+where bash >nul 2>nul
+if %ERRORLEVEL% equ 0 (
+    bash "%HOOK_DIR%%~1" %2 %3 %4 %5 %6 %7 %8 %9
+    exit /b %ERRORLEVEL%
+)
+
+REM No bash found - exit silently rather than error
+REM (plugin still works, just without SessionStart context injection)
+exit /b 0
+CMDBLOCK
+
+# Unix: run the named script directly
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+SCRIPT_NAME="$1"
+shift
+exec bash "${SCRIPT_DIR}/${SCRIPT_NAME}" "$@"

hooks/session-start

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+# SessionStart hook for CortexLink plugin
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PLUGIN_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+
+# Read orchestration skill — the CortexLink meta skill
+orchestration_content=$(cat "${PLUGIN_ROOT}/skills/orchestration/SKILL.md" 2>&1 || echo "Error reading orchestration skill")
+
+# Escape string for JSON embedding.
+# Each ${s//old/new} is a single C-level pass — fast and heredoc-safe.
+escape_for_json() {
+    local s="$1"
+    s="${s//\\/\\\\}"
+    s="${s//\"/\\\"}"
+    s="${s//$'\n'/\\n}"
+    s="${s//$'\r'/\\r}"
+    s="${s//$'\t'/\\t}"
+    printf '%s' "$s"
+}
+
+orchestration_escaped=$(escape_for_json "$orchestration_content")
+
+peer_direction="PEER DIRECTION RULES (apply these every time you delegate):\n- If you are Claude Code (Claude): GitHub tasks → Copilot CLI. Isolated code/analysis tasks → Claude CLI (last resort only — prefer native tools first).\n- If you are Copilot CLI: code tasks, analysis, and refactors → Claude CLI.\n- ONE agent per subtask. Never route the same subtask to more than one agent.\n- Always use bash with -p flag (programmatic mode). Never open an interactive terminal session.\n- Violating any of these rules violates the spirit of CortexLink."
+
+session_context="<EXTREMELY_IMPORTANT>\nYou have CortexLink — a cross-agent workflow plugin.\n\nBelow is your orchestration skill. It defines when and how to delegate tasks across CLI agents (Copilot CLI, Claude CLI). Follow it whenever multi-agent delegation could apply.\n\n${orchestration_escaped}\n\n${peer_direction}\n</EXTREMELY_IMPORTANT>"
+
+# Platform detection: emit the field consumed by the current platform only.
+# Cursor sets CURSOR_PLUGIN_ROOT. Claude Code sets CLAUDE_PLUGIN_ROOT without COPILOT_CLI.
+# Copilot CLI sets CLAUDE_PLUGIN_ROOT *and* COPILOT_CLI=1 — it uses the SDK-standard
+# top-level "additionalContext" field, not Claude Code's nested hookSpecificOutput.
+# Emitting both fields would cause double injection in Claude Code.
+#
+# Uses printf instead of heredoc to avoid a bash 5.3+ bug where heredoc
+# variable expansion hangs when content exceeds ~512 bytes.
+if [ -n "${CURSOR_PLUGIN_ROOT:-}" ]; then
+    printf '{\n  "additional_context": "%s"\n}\n' "$session_context"
+elif [ -n "${CLAUDE_PLUGIN_ROOT:-}" ] && [ -z "${COPILOT_CLI:-}" ]; then
+    printf '{\n  "hookSpecificOutput": {\n    "hookEventName": "SessionStart",\n    "additionalContext": "%s"\n  }\n}\n' "$session_context"
+else
+    printf '{\n  "additionalContext": "%s"\n}\n' "$session_context"
+fi
+
+exit 0

skills/agents/claude-cli/SKILL.md

@@ -1,13 +1,17 @@
 ---
 name: claude-cli
-description: Behavioral reference for Claude CLI. Use when delegating general code tasks, analysis, or tasks requiring Anthropic-native reasoning via `claude -p`.
-
+description: This skill should be used when delegating general code tasks — explanations, refactors, fixes, analysis — via `claude -p`. Also use when context isolation or a specific Anthropic model is needed for the subtask.
+user-invocable: false
 ---
 
 # Claude CLI Agent
 
 ## When to Use
 
+⛔ If the host is **Claude Code**: use Claude CLI only when you specifically need context isolation or a different Anthropic model AND native tools (Task tool, inline work) are insufficient. Claude Code → Claude CLI is last resort. Prefer Copilot CLI for GitHub tasks; prefer Claude Code's native Task tool for general code tasks.
+
+---
+
 **Use Claude CLI for:**
 - General code tasks — explanations, refactors, fixes, analysis
 - Tasks needing Anthropic-specific models (Sonnet, Opus, Haiku)
@@ -66,39 +70,65 @@ Shell access (`Bash(...)`) is a separate, deliberate decision. Use `--disallowed
 
 Use short aliases (`sonnet`, `opus`) for the latest version, or full IDs (e.g. `claude-sonnet-4-6`) to pin a specific model.
 
+## Working Directory
+
+Claude CLI is sandboxed to its working directory — the same restriction as Copilot CLI.
+
+⛔ **Always invoke from the repo root.** Use `--cwd` or `cd` before invoking.
+
+```bash
+claude -p "..." --cwd $(git rev-parse --show-toplevel) --output-format text ...
+```
+
 ## Invocation Patterns
 
+Always include `--append-system-prompt` with the CortexLink agent context below. This teaches the agent the report format and self-verify protocol via the system prompt — separate from the task prompt.
+
+```
+CORTEXLINK_AGENT_CONTEXT="You are operating as a CortexLink agent. Your output is consumed directly by a control center. Execute the task, verify your own work (Execute → Verify → fix if needed → Report), then return ONLY this structured report — plain text labels, no bold, no headers:\nSTATUS: ✅ Verified / ⚠️ Partial / ❌ Failed\nSUMMARY: <1-2 sentences>\nSTEPS:\n  - <step>\nFILES: <changed files or none>\nISSUES: <notes or none>\nMax 150 words. Never mark ✅ without actually checking. For analysis tasks, ✅ = completed the analysis even if you cannot run the code."
+```
+
 **Read-only delegation (question, analysis):**
 ```bash
 claude -p "[delegation prompt]" --output-format text \
+  --cwd $(git rev-parse --show-toplevel) \
   --allowedTools "Read" --model claude-haiku-4-5 \
-  --no-session-persistence --max-turns 3
+  --no-session-persistence --max-turns 3 \
+  --append-system-prompt "$CORTEXLINK_AGENT_CONTEXT"
 ```
 
 **Write delegation (fix, implement):**
 ```bash
 claude -p "[delegation prompt]" --output-format text \
+  --cwd $(git rev-parse --show-toplevel) \
   --allowedTools "Read" "Edit" "Write" \
-  --no-session-persistence
+  --no-session-persistence \
+  --append-system-prompt "$CORTEXLINK_AGENT_CONTEXT"
 ```
 
 **Write delegation + shell (runs commands):**
 ```bash
 claude -p "[delegation prompt]" --output-format text \
-  --allowedTools "Read" "Edit" "Bash(git *)" \
-  --no-session-persistence
+  --cwd $(git rev-parse --show-toplevel) \
+  --allowedTools "Read" "Edit" "Write" "Bash(git *)" \
+  --no-session-persistence \
+  --append-system-prompt "$CORTEXLINK_AGENT_CONTEXT"
 ```
 
 **Planning / analysis only (no writes):**
 ```bash
 claude -p "[delegation prompt]" --output-format text \
-  --permission-mode plan --no-session-persistence --max-turns 5
+  --cwd $(git rev-parse --show-toplevel) \
+  --permission-mode plan --no-session-persistence --max-turns 5 \
+  --append-system-prompt "$CORTEXLINK_AGENT_CONTEXT"
 ```
 
 **Piped input:**
 ```bash
 cat file.ts | claude -p "[delegation prompt]" --output-format text \
-  --allowedTools "Read" --no-session-persistence
+  --cwd $(git rev-parse --show-toplevel) \
+  --allowedTools "Read" --no-session-persistence \
+  --append-system-prompt "$CORTEXLINK_AGENT_CONTEXT"
 ```
 
 ## Delegation Prompt
@@ -116,7 +146,10 @@ Follow the template from `skills/orchestration/SKILL.md`. Include the structured
 
 The agent's stdout is its report. Capture it directly:
 ```bash
-REPORT=$(claude -p "[prompt]" --output-format text --allowedTools "Read" --no-session-persistence 2>/dev/null)
+REPORT=$(claude -p "[prompt]" --output-format text \
+  --cwd $(git rev-parse --show-toplevel) \
+  --allowedTools "Read" --no-session-persistence \
+  --append-system-prompt "$CORTEXLINK_AGENT_CONTEXT" 2>/dev/null)
 ```
 
 Read STATUS first. If ⚠️ or ❌, read ISSUES before deciding next action.
@@ -126,8 +159,8 @@ Read STATUS first. If ⚠️ or ❌, read ISSUES before deciding next action.
 | | Copilot CLI | Claude CLI |
 |--|-------------|------------|
 | Tool permissions | `--allow-tool='write, read'` | `--allowedTools "Read" "Edit"` |
-| Silence | `-s` | `--output-format text` |
 | Prevent questions | `--no-ask-user` | implied by `-p` |
+| Working directory | `cd $(git rev-parse --show-toplevel) &&` | `--cwd PATH` |
 | Model flag | `--model=claude-haiku-4.5` | `--model claude-haiku-4-5` |
 
 ## Error Handling