fix(lvt): improve auth templates and lvt-plan skill#4
Merged
Conversation
Created comprehensive testing infrastructure to validate that the LiveTemplate agent usage guide examples actually work as documented: **Agent Test Harness** (internal/agenttest/harness.go): - Isolated test environments with temp directories - Command execution and skill usage tracking - File/database assertion helpers - Simulated agent workflows (QuickStart, FullStack, Conversation) **Documentation Validation Tests** (e2e/agent_doc_validation_test.go): - TestAgentDocValidation_QuickStart - Basic blog creation - TestAgentDocValidation_FullStack - Task manager with auth - TestAgentDocValidation_StepByStep - Incremental development - TestAgentDocValidation_CommonPatterns - Auth, CRUD, relationships - TestAgentDocValidation_AllKits - multi, single, simple kits - TestAgentDocValidation_IncrementalFeatures - Building progressively - TestAgentDocValidation_RecipeExample - Complete workflow **Usage Guide** (docs/AGENT_USAGE_GUIDE.md): - Getting started instructions - Example workflows (quick start, full stack, step-by-step) - 21 available skills organized by category - Tips for best results - Common patterns and examples - Complete example session This ensures documentation stays accurate and gives users confidence that the examples work exactly as shown. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds 'make install' command to install the lvt CLI to GOPATH/bin. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
The agent and skills exist in the lvt CLI repository for developing lvt itself. They are NOT automatically installed when users run 'lvt new' to create new apps. Updated the Getting Started section to clearly state: - Agent/skills are in lvt repo for lvt development - Not available in projects created with 'lvt new' - Guide is for contributors, not end users This corrects the fundamental misunderstanding in the previous documentation about agent availability. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
The agent testing framework (internal/agenttest) uses testify/require for assertions. This is consistent with other e2e tests in the codebase. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds 'lvt install-agent' command to install Claude Code agent and skills into LiveTemplate projects. This enables AI-assisted development with guided workflows and best practices. Implementation: - New command: install_agent.go with InstallAgent() - Embeds .claude/ directory (33 files) using Go embed.FS - Includes 20+ skills for lvt commands and workflows - Project management agent for task tracking - Permission settings for safe Claude Code operation - Conflict detection with --force override option Features: - Easy one-command installation - Comprehensive onboarding messages - Handles existing installations gracefully - Validates and reports installation success Testing: - 5 comprehensive test cases - Tests new installation, existing installation, force overwrite - Validates file counts and essential files - Verifies settings.json structure Documentation: - Added AI-Assisted Development section to README - Clear installation and usage instructions - Examples of what users can ask Claude - Link to AGENT_USAGE_GUIDE.md Next Step: Phase 2 will add MCP server for global lvt access 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds 'lvt mcp-server' command providing Model Context Protocol server for global AI access to lvt commands from Claude Desktop, Claude Code, and other MCP-compatible applications. Implementation: - New command: mcp_server.go using official go-sdk v1.1.0 - 8 MCP tools exposing core lvt functionality - Type-safe tool handlers with JSON schema generation - Stdio transport for local client communication Tools: - lvt_new: Create apps with kit/CSS/module options - lvt_gen_resource: Generate CRUD resources with typed fields - lvt_gen_view: Generate view-only handlers - lvt_gen_auth: Generate authentication systems - lvt_migration_up/down/status/create: Migration management Architecture: - Uses official github.com/modelcontextprotocol/go-sdk@v1.1.0 - Type-safe handlers with automatic schema inference - Proper error handling and output capture - Follows MCP spec for tool responses Documentation: - Added "Global AI Access via MCP Server" section to README - Setup instructions for Claude Desktop (macOS/Windows/Linux) - Tool descriptions and usage examples - Comparison with embedded agent approach Benefits: - Global access before project exists (solves chicken-egg problem) - Works with Claude Desktop (larger audience than Claude Code) - Future-proof with official SDK and industry standard protocol - Complements embedded agent (MCP for discovery, agent for workflows) Next: Users can install lvt globally and configure Claude Desktop to access lvt commands from anywhere, then use 'lvt install-agent' in projects for deeper workflow guidance. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds upgrade functionality for installed agents and a main lvt-assistant agent file that serves as the entry point for the AI assistant. Upgrade Mechanism (--upgrade flag): - Backs up user's custom settings (settings.local.json) - Removes old installation cleanly - Installs latest agent and skills - Restores user's custom settings - Shows before/after file counts and what's new - Handles edge cases (no existing installation, missing settings) lvt-assistant Agent: - Main agent file explaining capabilities and usage - Comprehensive guide to available skills and workflows - Examples and best practices - Philosophy and principles - Onboarding for new users Testing: - 3 new comprehensive upgrade tests - Tests backup/restore of custom settings - Tests upgrade without existing installation - Tests that only settings.local.json is preserved - All tests passing Documentation: - Added "Upgrading" section to README - Updated help text to show --upgrade flag - Clear instructions on backup and restore process Usage: - lvt install-agent # Fresh install - lvt install-agent --upgrade # Upgrade existing - lvt install-agent --force # Overwrite everything Benefits: - Users can easily get latest skills and improvements - Custom settings are preserved - Safe upgrade path with backup/restore - Clear feedback on what changed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fixed jsonschema struct tags to use the correct format expected by the official MCP Go SDK. The SDK expects the tag value to be just the description text, not "description=..." format. Before: Name string `jsonschema:"description=Application name"` After: Name string `jsonschema:"Application name"` This follows the SDK's requirement that tag values must not begin with "WORD=" where WORD is a sequence of non-whitespace characters. The MCP server now starts successfully without panicking. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Adds comprehensive MCP tool coverage to match all 14 core skills: New Tools Added: - lvt_gen_schema - Generate database schema only - lvt_seed - Generate test data for resources - lvt_resource_list - List all available resources - lvt_resource_describe - Show detailed schema for a resource - lvt_validate_template - Validate and analyze template files - lvt_env_generate - Generate .env.example with detected config - lvt_kits_list - List available CSS framework kits - lvt_kits_info - Show detailed kit information Total: 16 MCP tools providing complete coverage of lvt functionality through Model Context Protocol for Claude Desktop and other AI apps. Updated README.md with categorized documentation of all 16 tools. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Implements complete testing infrastructure for the MCP server feature: ## New Test Files ### commands/mcp_server_test.go (170 lines) - Server initialization and lifecycle tests - Tool registration validation for all 11 registration functions - Context cancellation handling - Input/Output structure validation for all tool types - 6 comprehensive test functions ### commands/mcp_tools_test.go (700+ lines) - Individual tests for all 16 MCP tools - Valid input/output validation - File and directory creation verification - Command execution testing - Integration with underlying commands - 12 test functions covering all tool categories: * Core generation (5 tools) * Migrations (3 tools, down skipped intentionally) * Resource inspection (2 tools) * Data management (1 tool) * Template validation (1 tool) * Environment (1 tool) * Kits (2 tools) ## Agent Test Harness Extensions ### internal/agenttest/harness.go Extended RunLvtCommand to support additional commands: - seed - Generate test data - resource/res - Inspect resources and schemas - parse - Validate template files - env - Environment variable management - kits/kit - CSS framework kit management Previously only supported: gen, migration ## Documentation ### e2e/AGENT_TESTING_README.md Added comprehensive MCP testing documentation: - MCP Server Testing section - All 16 MCP tools documented with categories - Running MCP tests guide - Test environment details - Agent test harness extensions - Example usage ## Test Results All new tests pass: ✅ 6 MCP server tests - PASS ✅ 12 MCP tool tests with 40+ subtests - PASS ✅ No breaking changes to existing tests ✅ Isolated test environments with cleanup ## Coverage This completes the testing requirements for the MCP server feature, ensuring all 16 tools and the server infrastructure work correctly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…ot agent Phase 1 of multi-LLM support: Foundation documentation and first LLM agent. ## New Documentation ### docs/MCP_TOOLS.md (900+ lines) Complete reference for all 16 MCP tools: - Detailed input/output schemas for each tool - JSON examples for every tool - Common use cases and workflows - Error handling patterns - Complete workflow example (blog app) - Tool catalog with quick reference table Categories covered: - Core Generation (5 tools) - Database Migration (4 tools) - Resource Inspection (2 tools) - Data Management (1 tool) - Template Validation (1 tool) - Environment (1 tool) - Kits Management (2 tools) ### docs/WORKFLOWS.md (500+ lines) Common development patterns using MCP tools: - 17 complete workflows with step-by-step instructions - Quick start workflows (blog, task manager, e-commerce) - Authentication workflows - Resource management workflows - Database workflows - Development workflows - Deployment workflows - Troubleshooting workflows Each workflow includes: - Clear goal statement - Numbered steps with tool calls - Expected results - Best practices ## First LLM Agent: GitHub Copilot ### .github/copilot-instructions.md (200 lines) Thin agent wrapper for GitHub Copilot that: - Lists all 16 MCP tools with categories - Provides common workflow patterns - Shows example sessions (blog, task manager) - Includes best practices - Documents field types and file structure - Links to full documentation Design: - Optimized for GitHub Copilot's instruction format - Focused on MCP tool orchestration - Minimal duplication (references full docs) - Practical examples over theory ## Architecture This follows the MCP-First approach: - MCP server (16 tools) = Universal interface - Thin LLM wrappers = Orchestration guides - Shared documentation = Single source of truth Benefits: - ~200 lines per LLM vs 1000+ for full agent - Easy to maintain (update docs, not agents) - Works with any MCP-compatible LLM ## Next Steps - Create Cursor agent (.cursor/rules/lvt.md) - Create Aider agent (.aider/) - Create generic agent (agents/generic/) - Update install-agent command with --llm flag 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated AGENT_USAGE_GUIDE.md to explain that skill invocation cannot be automatically tested since it depends on Claude's autonomous decision-making. Key changes: - Added manual verification section explaining skill activation is autonomous - Clarified that skills are invoked by Claude's model, not deterministically - Updated verification steps to include manual testing approach - Added note about automated tests only validating structure and naming Context: Skills in Claude Code activate based on Claude's interpretation of user requests. There's no way to programmatically force a specific skill to be used, which means skill invocation testing must be done manually by observing Claude's behavior. The agent_skills_validation_test.go file tests: 1. Skill structure (individual directories with SKILL.md) 2. Skill naming (lowercase, numbers, hyphens only) 3. Agent metadata validity 4. Skill count accuracy But it cannot test actual skill invocation since that's controlled by the AI model. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Implemented keyword-gated activation and brainstorming capabilities for
LiveTemplate skills to prevent false positives and improve user control.
## Key Changes
### 1. New Brainstorming Skill
- Created `skills/brainstorm/SKILL.md` with progressive questioning
- Phase 1: Core questions (3-5 questions)
- Phase 2: Offer more options
- Phase 3: Detailed configuration (if requested)
- Phase 4: Preview before execution
- Always requires keywords ("lvt"/"livetemplate"/"lt")
### 2. Keyword-Gated Activation (7 skills updated)
Added activation rules to prevent skills from triggering on generic requests:
- `quickstart` - Added activation rules + brainstorming recommendation
- `new-app` - Added activation rules
- `add-resource` - Added activation rules
- `gen-auth` - Added activation rules
- `add-migration` - Added activation rules
- `add-related-resources` - Added activation rules + AskUserQuestion pattern
### 3. Context Detection Logic
Skills activate when LiveTemplate context is established by:
1. **Project context** - `.lvtrc` file exists
2. **Agent context** - Using `lvt-assistant` agent
3. **Keyword context** - User mentions "lvt"/"livetemplate"/"lt"
Priority: Project > Agent > Keyword
### 4. Agent Context Declaration
Updated `lvt-assistant` agent to explicitly declare LiveTemplate context:
- Added context:livetemplate frontmatter
- Added prominent context declaration section
- Explains users don't need keywords when using agent
### 5. User Control Improvements
- `add-related-resources` now uses `AskUserQuestion` for resource selection
- Users explicitly choose which resources to add (no auto-add)
- Multi-select checkboxes for better UX
## Benefits
✅ Prevents false positives (e.g., "create a blog" won't trigger without context)
✅ Context persists after first mention (no need to repeat keywords)
✅ Works seamlessly with lvt-assistant agent
✅ Progressive disclosure in brainstorming (start simple, offer more options)
✅ Users have explicit control over what gets generated
## Remaining Work
15 skills still need activation rules added:
- add-skill, add-view, analyze, customize, deploy
- gen-schema, manage-env, manage-kits, production-ready
- resource-inspect, run-and-test, seed-data, suggest
- troubleshoot, validate-templates
Tests for keyword gating and context detection still need to be created.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added keyword-gated activation rules to all remaining 15 skills, completing the implementation across the entire skill set. ## Changes ### Batch Update: 15 Skills Added standard activation rules to: - add-skill, add-view, analyze, customize, deploy - gen-schema, manage-env, manage-kits, production-ready - resource-inspect, run-and-test, seed-data - suggest, troubleshoot, validate-templates ### Test Update - Updated skill count test: 21 → 22 skills - Reflects addition of brainstorm skill ## Activation Rules Added Each skill now includes: - Context detection (Project, Agent, Keyword) - Keyword matching (lvt, livetemplate, lt) - Trigger patterns (with/without context) - Clear examples of when skills activate ## Statistics **All Skills Now Have Activation Rules:** - Total skills: 22 - With activation rules: 22/22 (100%) - Files modified: 15 - Lines added: ~370 ## Benefits ✅ Complete coverage - all skills now keyword-gated ✅ Consistent behavior across all skills ✅ Prevents false positives for all operations ✅ Context-aware activation (project, agent, keywords) ✅ Ready for production use 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated all agent documentation files to reflect: 1. Skill count: 21 → 22 (added brainstorming skill) 2. Workflow skills: 3 → 4 (includes lvt-brainstorm) 3. Keyword-gating: Explained context detection (project, agent, keywords) 4. Brainstorming skill: Added usage examples and progressive disclosure ## Changes ### docs/AGENT_USAGE_GUIDE.md - Updated skill count from 21 to 22 - Added lvt-brainstorm to Workflow Skills section - Added comprehensive "Understanding Skill Activation" section: - Explains keyword-gating mechanism - Shows examples of with/without context - Documents why keyword-gating prevents false positives - Added "Using the Brainstorming Skill" section: - Progressive disclosure approach (3-5 questions → more) - Always requires keywords - Helps users make informed decisions ### docs/AGENT_SETUP.md - Updated skill count from 21 to 22 - Added lvt-brainstorm to examples - Added note about keyword-gating to skills section ### e2e/AGENT_TESTING_README.md - Updated test comments: 21 → 22 skills - Added breakdown (Core: 14, Workflow: 4, Maintenance: 3, Meta: 1) - Updated Multi-LLM Support section to mention brainstorming - Added keyword-gating and brainstorming to Documentation Coverage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Changed both commands to show interactive selection menus when no
options are provided, improving user experience and discoverability.
## Changes
### commands/install-agent.go
- Removed default LLM (was "claude")
- Added `selectAgentInteractive()` function
- Shows numbered menu with all 5 agent options
- Provides clear descriptions for each choice
- Falls back to helpful error message on invalid input
- Updated `listAgents()` to show new interactive usage
### commands/mcp-server.go
- Added `strings` import for flag parsing
- Shows `--setup` wizard automatically when run in TTY with no flags
- Maintains existing behavior when run from AI clients (non-TTY)
- Improves first-time user experience
### Test Updates
- Updated all tests calling `InstallAgent([]string{})` to use `--llm claude`
- Fixed `TestInstallAgent_DefaultIsClaudeCode` to explicitly specify claude
- Tests now pass with the new interactive behavior
### Documentation Updates
**docs/AGENT_SETUP.md:**
- Quick Start now shows interactive commands as recommended
- Updated all installation examples to show interactive + direct options
- Added wizard guidance for MCP server setup
- Clarified Method 2 (MCP Server) with step-by-step wizard instructions
**docs/AGENT_USAGE_GUIDE.md:**
- Installation section now recommends interactive menu
- Updated Claude setup to show interactive option first
- MCP Server section shows interactive as recommended approach
- All examples consistently show both interactive and direct usage
## Benefits
✅ Better discoverability - users see all options
✅ No need to remember --llm flag names
✅ Clearer descriptions help users choose correctly
✅ Reduces documentation lookup for first-time users
✅ Maintains backward compatibility with --llm flag
## Breaking Changes
⚠️ `lvt install-agent` without flags now shows interactive menu instead of
defaulting to Claude. Use `lvt install-agent --llm claude` for scripts.
⚠️ `lvt mcp-server` without flags now shows setup wizard in terminal. Use
explicit flags or pipe to prevent interactive prompts in scripts.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Improved user experience for agent installation and management: Interactive Installation: - Show interactive menu when running without --llm flag - Present numbered choices (1-5) for selecting agent type - Provide helpful tips if invalid choice selected Interactive Conflict Resolution: - Added interactive menu when existing installation detected - Options: Upgrade (preserve settings), Overwrite (fresh install), Cancel - Confirmation prompt for destructive overwrite operation Version Tracking: - Added .version marker files to track installation versions - Display version information during upgrades (old → new) - Auto-detect installed agent for upgrade without --llm flag Test Updates: - Fixed test expectations for new interactive behavior - Updated file paths to match actual claude_resources structure - Added explicit --llm flags to tests to avoid interactive prompts All install-agent tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Enhanced Claude Code agent to automatically trigger brainstorming workflow
when users request to create new LiveTemplate applications.
**Problem**: When users say "create a lvt blog app" in plan mode, Claude Code
would jump straight to implementation without gathering requirements first.
**Solution**:
1. **Added Instructions to settings.json**:
- Clear patterns for when brainstorming is required (new apps)
- Examples of creation requests that trigger brainstorming
- Explicit instruction to use Skill("lvt-brainstorm") first
- Guidance on when NOT to brainstorm (feature additions)
2. **Updated lvt-assistant Agent**:
- Added "Brainstorming Policy" section in Philosophy
- Updated example conversation to show brainstorm-first approach
- Clarified distinction between NEW apps (need brainstorming) vs
EXISTING apps (direct skill invocation)
**Impact**:
When Claude Code encounters requests like:
- "create a blog app"
- "build a todo application"
- "make an e-commerce site"
It will now:
1. Recognize this as a new app creation request
2. Invoke the lvt-brainstorm skill automatically
3. Guide user through progressive questions
4. Only generate code after requirements are gathered
**Benefits**:
- Better user experience with guided workflows
- Ensures proper requirements gathering before implementation
- Reduces back-and-forth from missing requirements
- Aligns with TDD and plan-before-code best practices
All tests passing ✓
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Modified new-app skill to defer to brainstorming when requirements are vague. **Problem**: Even with brainstorming instructions in settings.json, Claude Code would still match the new-app skill first when users say "create a blog app" because the skill detection system picks the first matching skill. **Root Cause**: Skills are content-based documents that Claude reads after being selected. The settings.json instructions tell Claude what to do, but they can't prevent skill selection from happening first. **Solution**: Add explicit guidance AT THE TOP of the new-app skill itself that instructs Claude to check if brainstorming is needed before proceeding. **Changes**: Added "⚠️ IMPORTANT: Check for Brainstorming First" section that: - Defines when to use lvt-brainstorm instead (vague requirements, new projects) - Shows explicit Skill("lvt-brainstorm") invocation - Explains when new-app can be used directly (detailed requirements, post-brainstorm) - Provides clear examples with ✅/❌ markers **Impact**: When Claude Code loads the new-app skill for "create a blog app", it will now: 1. Read the warning section at the top 2. Recognize the request is vague (no specific resources) 3. STOP and invoke lvt-brainstorm skill instead 4. Only proceed with new-app after brainstorming completes **Why This Works**: Skills are sequential documents that Claude reads from top to bottom. By placing the brainstorming check BEFORE the activation rules, Claude sees it immediately and can redirect before executing the new-app workflow. This is a defense-in-depth approach: - settings.json instructions (general guidance) - new-app skill check (specific interception at execution time) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated brainstorm skill to match creation requests, not just planning requests.
**Problem**: Brainstorm skill only matched planning keywords ("plan", "design",
"brainstorm") but not creation keywords ("create", "build", "make"). When users
said "create a lvt blog app", the new-app skill matched first.
**Root Cause**: The brainstorm skill's keywords and description didn't include
creation verbs, so Claude Code's skill matching algorithm never considered it
for creation requests.
**Solution**: Expand brainstorm skill's matching scope to include creation
patterns when requirements are vague (domain mentioned without resources).
**Changes**:
1. **Updated frontmatter keywords**: Added "create", "build", "make"
2. **Enhanced description**: Now explicitly mentions creation patterns:
"Use for 'create/build/make a [lvt/livetemplate] [domain] app'"
3. **Added creation pattern examples**:
- ✅ "create a lvt blog app"
- ✅ "build a livetemplate shop"
- ✅ "make an lvt CRM"
4. **Distinguished from detailed requests**:
- ❌ "create blog with posts(title,content)" → skip to new-app
**How Skill Matching Works**:
Claude Code matches skills based on:
1. **description** field (main matching signal)
2. **keywords** array (secondary signals)
3. **requires_keywords** flag (gating mechanism)
By adding creation verbs to both description and keywords, the brainstorm
skill now competes with new-app for creation requests.
**Expected Behavior**:
When user says "create a lvt blog app":
1. Both brainstorm and new-app skills match (both have "create" + "lvt")
2. Claude Code picks best match based on description relevance
3. Brainstorm should win because description explicitly mentions this pattern
4. User gets progressive questions before code generation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Added app name as first question and ensured apps are created in CWD. **Issues**: 1. App name was inferred from domain instead of asking user 2. Apps were being created in /tmp/worktrees instead of current directory **Changes**: 1. **Added Question 1: App Name** - Asks user for app name explicitly - Explains requirements (lowercase, no spaces, etc.) - Provides examples: `myblog`, `todo-app`, `my-shop` - Clarifies it will be directory name and Go module name 2. **Updated Question Sequence** - Question 1: App Name (NEW) - Question 2: App Domain (was Q1) - Question 3: Primary Resource (was Q2) - Question 4: Related Resources (was Q3) - Question 5: Test Data (was Q4) 3. **Fixed Creation Location** - Added explicit instruction: "Create the app in the current working directory (CWD)" - Added warning: "NOT in /tmp or a git worktree" - New applications should be created directly where user is working 4. **Updated Summary Phase** - Now shows app name in Phase 2 summary - Helps user confirm the name before proceeding **Why Worktree Was Used**: The user's global CLAUDE.md has: "a plan must always have a progress tracker and the work should be implemented in a new git worktree". This applies to FEATURE work in existing projects, not NEW application creation. The explicit instruction in the skill now overrides this for new apps. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Renamed skill to be more specific and avoid matching with superpowers brainstorming. **Problem**: When user says "create a lvt blog app", the generic superpowers brainstorming skill was matching instead of our lvt-specific skill because: 1. Superpowers has broader trigger patterns 2. Both skills have "brainstorm" in the name 3. Claude Code picks first matching skill **Solution**: Make our skill more specific to LiveTemplate app creation **Changes**: 1. **Renamed skill**: lvt-brainstorm → lvt-app-brainstorm - More specific name helps with matching - Clearly indicates it's for app creation, not generic brainstorming 2. **Refined description**: - OLD: "Interactive planning and app creation..." - NEW: "Create LiveTemplate applications - ... ONLY use for..." - Starts with action verb "Create" to match user intent - Emphasizes ONLY for LiveTemplate/lvt 3. **Added app-specific keywords**: - Added "app", "application", "new" to keywords - These match user's actual request: "create a lvt **app**" 4. **More explicit matching pattern**: - Description now says: "ONLY use for 'create/build/make a lvt/livetemplate [type] app/application'" - This exact pattern matches user's request better **Why This Works**: Claude Code skill matching uses description as primary signal. By: - Starting description with "Create LiveTemplate applications" - Adding "app"/"application" keywords - Making it ONLY for lvt (not generic) The skill becomes more specific than superpowers:brainstorming for this request. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Renamed skill from lvt-app-brainstorm to lvt-plan to completely avoid
conflict with superpowers:brainstorming skill.
**Problem**: Even with name "lvt-app-brainstorm", there was still potential
for conflict with the superpowers:brainstorming skill which has very broad
matching patterns.
**Solution**: Use completely different name "lvt-plan" that:
- Describes what it does (planning app structure)
- Doesn't overlap with "brainstorm" keyword at all
- Is clearer and more concise
**Changes**:
1. **Skill renamed**: lvt-app-brainstorm → lvt-plan
- Frontmatter: name, description updated
- Added "plan" to keywords
- Version bumped to 1.1.0
2. **Updated all references**:
- skills/brainstorm/SKILL.md internal references
- skills/new-app/SKILL.md references (lvt-brainstorm → lvt-plan)
- settings.json instructions (brainstorm → lvt-plan)
3. **Description refined**:
- "Plan and create LiveTemplate applications"
- Emphasizes it's an "Interactive workflow"
- Clear that it asks "progressive questions about app name, resources, auth, styling"
**Benefits**:
- Zero overlap with superpowers:brainstorming
- Clearer name for what it does (planning, not brainstorming)
- Better matches user mental model ("plan my app" vs "brainstorm")
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Complete the skill rename by updating the directory structure. Directory renamed: skills/brainstorm/ → skills/lvt-plan/ This ensures the skill shows as 'lvt-plan' in Claude Code's UI (which uses the directory name) and matches the frontmatter name change. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated file structure preview to match actual lvt new output. **Issue**: The skill showed outdated directory structure that didn't match what lvt actually creates. **Changes**: Updated internal/database/ structure to show: - migrations/ directory (not just 'migrations') - queries.sql (single file for all resources, not per-resource) - models/ directory with models.go inside (not just models.go at root) - db.go (database connection) - sqlc.yaml (sqlc configuration) - shared/ directory (utilities) Now matches actual output from 'lvt new'. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit addresses multiple issues with the lvt CLI and planning workflow: **Auth Template Fixes:** - Rewrite auth handler template to use LiveTemplate v0.4.x Store/ActionContext API - Temporarily disable password auth due to API limitations (requires HTTP context) - Add warning message explaining password auth will be re-enabled in v0.5.0 - Keep magic-link auth working (uses separate HTTP handlers) **lvt-plan Skill Improvements:** - Add smart prompt extraction to parse app name and domain from initial request - Fix confusion between kits (architectural templates) and CSS frameworks - Improve skill matching with better keywords and description - Show extracted information before asking clarifying questions **Files Changed:** - commands/auth.go: Add password auth warning and auto-disable - internal/kits/system/multi/templates/auth/handler.go.tmpl: Complete rewrite for v0.4.x API - commands/claude_resources/skills/lvt-plan/: Enhanced planning skill - commands/help.go: New help command implementation See docs/proposals/authentication-v0.5.md for the plan to re-enable password auth. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Pull Request Review - AI Agent & MCP InfrastructureThis is a comprehensive PR that adds significant AI-assisted development capabilities to the lvt CLI. Overall, this is well-architected and production-ready work with excellent test coverage and documentation. Below are detailed findings across all review categories. 🎯 SummaryScope: Adds multi-LLM support via MCP server + embedded agents
Size: 13,937 additions across 26 commits
✅ StrengthsArchitecture & Design
Code Quality
Testing
Documentation
|
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive AI agent integration for LiveTemplate, fixing authentication template compatibility issues and introducing robust MCP server support across multiple LLM platforms. The changes enable developers to use Claude Code, GitHub Copilot, Cursor, Aider, and generic LLMs to build LiveTemplate applications through both MCP protocol tools and project-specific agent installations.
Key Changes:
- Rewrites auth handler template from Session-based to Store/ActionContext API (LiveTemplate v0.4.x compatibility)
- Temporarily disables password auth with clear migration path to v0.5.0
- Adds MCP server with 16 tools for AI-assisted development
- Implements multi-LLM agent installation system supporting 5 platforms
- Introduces comprehensive testing framework for agent workflows and MCP tools
Reviewed changes
Copilot reviewed 70 out of 81 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
main.go |
Adds install-agent and mcp-server commands with help text |
internal/kits/system/multi/templates/auth/handler.go.tmpl |
Complete rewrite from Handler to State pattern for v0.4.x API compatibility |
commands/auth.go |
Adds password auth warning and auto-disable flag for API compatibility |
commands/mcp_server.go |
New MCP server with 16 tools, interactive setup, and stdio transport |
commands/install_agent.go |
Multi-LLM agent installation with upgrade support and custom file preservation |
commands/mcp_tools_test.go |
Comprehensive tests for all 16 MCP tools |
commands/mcp_server_test.go |
Server lifecycle and flag handling tests |
commands/install_agent_test.go |
Agent installation validation tests |
commands/install_agent_multi_llm_test.go |
Multi-LLM agent installation tests |
internal/agenttest/harness.go |
Test harness for agent workflow validation |
e2e/agent_skills_validation_test.go |
Claude skills and agent metadata validation |
e2e/agent_doc_validation_test.go |
Documentation example validation tests |
e2e/AGENT_TESTING_README.md |
Testing framework documentation |
docs/WORKFLOWS.md |
Common MCP tool workflows and patterns |
docs/MCP_TOOLS.md |
Complete MCP tool reference with schemas |
docs/AGENT_USAGE_GUIDE.md |
Comprehensive multi-LLM usage guide |
docs/AGENT_SETUP.md |
Platform-specific setup instructions |
commands/seed.go |
Adds help flag and validation |
commands/resource.go |
Adds help flag and validation |
commands/parse.go |
Adds help flag and validation |
commands/new.go |
Adds help flag and validation |
commands/migration.go |
Adds help flag and validation |
commands/kits.go |
Adds help flag and validation |
go.mod / go.sum |
Adds MCP SDK and testing dependencies |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Update TestAuthCommand_Integration to not expect password.go file - Fix agent doc validation tests to use correct `lvt gen resource` syntax - Add time delays between migration generation to avoid timestamp conflicts - Remove users table assertions (created via create_auth_tables migration) - Update auth file expectations for new template structure (auth.tmpl instead of login/signup.tmpl) These changes align tests with the current behavior where password auth is temporarily disabled in favor of magic-link authentication. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Pull Request Review: Auth Templates & lvt-plan Skill ImprovementsSummaryThis is a comprehensive and well-executed PR that addresses critical authentication API compatibility issues and significantly improves the user experience for planning LiveTemplate applications. The changes are well-tested, properly documented, and follow the project's conventions. ✅ Strengths1. Auth Template Migration (Critical Fix)
2. Testing Infrastructure
3. MCP Server Implementation
4. lvt-plan Skill Improvements
5. Multi-LLM Support
6. Code Quality
🔍 Issues FoundSecurity Considerations1. Auth Handler Template - Session Management (Medium Priority)// internal/kits/system/multi/templates/auth/handler.go.tmpl:99-100
httpWriter http.ResponseWriter `json:"-"`
httpRequest *http.Request `json:"-"`Concern: Storing HTTP writer/request in state struct could lead to state leakage if state is cached or reused across requests. Recommendation:
2. Password Auth Disabled - Migration Risk (Low Priority)// commands/auth.go:68-75
if !flags.NoPassword {
fmt.Println("⚠️ WARNING: Password authentication is temporarily disabled...")
flags.NoPassword = true
}Concern: Users upgrading from earlier versions might expect password auth to work. Recommendation:
Potential Bugs3. MCP Server - Module Name Defaulting (Low Priority)// commands/mcp_server.go:117-120
module := input.Module
if module == "" {
module = input.Name
}Issue: Using app name as module name doesn't create a valid Go module path for real projects. Recommendation:
4. Agent Test Harness - Race Condition Potential (Low Priority)// internal/agenttest/harness.go:72-73
err = runGoModTidy(t, appDir)
require.NoError(t, err, "failed to run go mod tidy")Issue: Function Recommendation: Verify that Code Quality & Best Practices5. Help Command - Duplicated Code (Low Priority)// commands/help.go - Multiple print functions with similar structure
func printNewHelp() { ... }
func printGenHelp() { ... }
func printGenResourceHelp() { ... }Suggestion: Consider using a template-based approach to reduce duplication: type HelpTemplate struct {
Command string
Description string
Usage string
Options []Option
Examples []string
}6. Pluralization Logic - Limited Coverage (Low Priority)// commands/auth.go:143-184
func pluralizeNoun(word string) string {
// Only handles a few special cases
}Issue: Pluralization will fail for uncommon words. Recommendation:
Performance Considerations7. Agent Test Setup - Unnecessary
|
The skill directory naming convention is that frontmatter uses `lvt-{name}`
while the directory is just `{name}`. The test TestClaudeAgent_SkillInvocationSyntax
validates this by checking that frontmatter name = "lvt-" + directory name.
Directory: skills/plan/ → frontmatter: lvt-plan ✓
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Pull Request Review: lvt CLI Auth Templates and Planning WorkflowOverviewThis PR makes significant improvements to the Recommendation: ✅ Approve with minor suggestions 🎯 Strengths1. Pragmatic API Compatibility SolutionThe auth template rewrite to use LiveTemplate v0.4.x Store/ActionContext API is excellent:
// commands/auth.go:68-75
if !flags.NoPassword {
fmt.Println("⚠️ WARNING: Password authentication is temporarily disabled...")
fmt.Println(" Use magic-link authentication instead...")
flags.NoPassword = true
}2. Well-Architected Auth TemplateThe rewritten
3. Excellent Planning Skill ImprovementsThe
4. Comprehensive TestingStrong test coverage across the board:
5. Excellent DocumentationImpressive documentation additions:
🔍 Code Quality AssessmentArchitecture & Design: ⭐⭐⭐⭐⭐
Security: ⭐⭐⭐⭐⭐Auth template security highlights: // handler.go.tmpl:260-268
http.SetCookie(s.httpWriter, &http.Cookie{
Name: "{{.TableName}}_token",
Value: token,
Path: "/",
MaxAge: 30 * 24 * 60 * 60,
HttpOnly: true, // ✅ Prevents XSS
Secure: true, // ✅ HTTPS only
SameSite: http.SameSiteStrictMode, // ✅ CSRF protection
})
Error Handling: ⭐⭐⭐⭐Good error handling throughout:
Code Organization: ⭐⭐⭐⭐⭐Excellent organization: 📝 Observations & Minor Suggestions1. Auth Template: Error HandlingLocation: func (s *{{.StructName}}State) handleRegister(ctx *livetemplate.ActionContext) error {
var input RegisterInput
if err := ctx.BindAndValidate(&input, validate); err != nil {
s.Error = "Email and password are required"
return nil // ⚠️ Returns nil even on validation error
}Observation: The template returns Suggestion: Add a comment explaining this pattern: // Return nil to show error in template rather than 500 error page
return nil2. Magic Link Token SecurityLocation: // Generate magic link token
token, err := s.generateToken(user.ID, "magic", 15*time.Minute)Observation: 15-minute expiration is good. Consider making it configurable. Suggestion: Add to auth config: type AuthConfig struct {
MagicLinkExpiry time.Duration // Default: 15 minutes
}3. Password Reset Form HTMLLocation: The inline HTML form for password reset is a quick solution but inconsistent with the rest of the template-based approach. Suggestion: Consider creating a separate template file: This would maintain consistency with the LiveTemplate approach. 4. Planning Skill: Keyword MatchingLocation: The keyword requirement is good, but the documentation could be clearer about edge cases. Question: Does "create a blog app with lvt" match if "lvt" appears later in the sentence? Suggestion: Add examples of edge cases: ✅ "using lvt, create a blog"
❌ "create a blog" (mentioned lvt earlier in conversation)5. Test Coverage GapObservation: I notice comprehensive unit tests for the install_agent functionality, but I don't see specific tests for the auth template changes in the PR. Suggestion: Consider adding tests for:
Example test: func TestAuthPasswordDisabledByDefault(t *testing.T) {
// Test that --no-password is auto-set
}🐛 Potential Issues1. Minor: Pluralization Edge CaseLocation: func pluralizeNoun(word string) string {
// ...
if strings.HasSuffix(lower, "y") && len(lower) > 1 {
secondLast := lower[len(lower)-2]
if !isVowel(secondLast) {
return lower[:len(lower)-1] + "ies"
}
}Issue: "day" → "daies" instead of "days" (vowel before y) Fix: The logic looks correct actually. "day" has 'a' (vowel) before 'y', so it won't apply the 'ies' rule. ✅ 2. Security: Session Token RotationLocation: Observation: Sessions don't appear to have rotation/refresh logic. Long-lived 30-day tokens could be a security concern. Suggestion: Consider implementing:
Priority: Low (acceptable for v0.4.x, enhance in v0.5+) 🚀 Performance ConsiderationsDatabase QueriesObservation: Auth operations are well-optimized:
Token GenerationLocation: func (s *{{.StructName}}State) generateToken(userID, context string, duration time.Duration) (string, error) {
b := make([]byte, 32)
if _, err := rand.Read(b); err != nil {
return "", err
}
token := base64.URLEncoding.EncodeToString(b)Performance: ✅ Excellent - 32 bytes from crypto/rand is appropriate 🔒 Security Review Summary
No critical security issues found. ✅ 📊 Test CoverageBased on the test files added:
Overall test coverage: ⭐⭐⭐⭐⭐ 💡 RecommendationsMust AddressNone - the PR is production-ready as-is. Should Consider
Nice to Have
📈 Impact AnalysisPositive Impacts
Risk Assessment
✅ Final VerdictThis PR demonstrates:
Overall Quality Rating: ⭐⭐⭐⭐⭐ (5/5) Recommendation: Approve and merge after considering the minor suggestions above. 🙏 AcknowledgmentsGreat work on:
The temporary password auth disable is a pragmatic decision that keeps users productive while waiting for LiveTemplate v0.5.x API improvements. Review completed by Claude Code |
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
|
See detailed code review analysis in the comments |
Code Review SummaryOverall Assessment: B+ (Good, with reservations) Critical Issues
Major Issues
Security: LOW RISK
Test Coverage: 75% overall
Strengths
Required Before Merge
Time: 4-6 hours for fixes Full detailed review posted separately. |
Detailed Code Review - Part 1: Critical & Major IssuesCRITICAL C1: PR Metadata MismatchTitle says: "fix(lvt): improve auth templates"
Impact: Misleads reviewers and breaks version control history Required Fix: CRITICAL C2: Password Auth Disabled Without OverrideFile: commands/auth.go:68-75 if !flags.NoPassword {
fmt.Println("⚠️ WARNING: Password auth temporarily disabled...")
flags.NoPassword = true // Forced regardless of user intent
}Issue: Breaking change with no opt-in for advanced users Required Fix: if os.Getenv("ENABLE_PASSWORD_AUTH_V04") != "true" && !flags.NoPassword {
fmt.Println("⚠️ WARNING...")
flags.NoPassword = true
}MAJOR M1: Race Condition in Stdout CaptureFile: commands/mcp_server.go:329-356 (repeated in multiple handlers) oldStdout := os.Stdout
r, w, _ := os.Pipe()
os.Stdout = w // RACE: No mutex protection
err := Migration([]string{"up"})
w.Close()
os.Stdout = oldStdout // PANIC: Never restored if Migration panicsProblems:
Required Fix: var stdoutMutex sync.Mutex
func captureStdout(fn func() error) (string, error) {
stdoutMutex.Lock()
defer stdoutMutex.Unlock()
oldStdout := os.Stdout
defer func() { os.Stdout = oldStdout }() // Restore even on panic
r, w, _ := os.Pipe()
os.Stdout = w
err := fn()
w.Close()
output, _ := io.ReadAll(r)
return string(output), err
}MAJOR M2: Insufficient Input ValidationFile: commands/mcp_server.go - multiple tool handlers Missing validations:
Example vulnerability: // Line 234 - GenViewInput
if input.Name == "" {
return nil, GenViewOutput{Success: false, Message: "required"}, nil
}
// No check for "../../../etc/passwd" or malicious inputRequired Fix: func validateResourceName(name string) error {
if name == "" {
return errors.New("name is required")
}
if len(name) > 64 {
return errors.New("name too long (max 64 chars)")
}
if !regexp.MustCompile(`^[a-z][a-z0-9_]*$`).MatchString(name) {
return errors.New("invalid format: lowercase alphanumeric with underscores")
}
return nil
} |
|
Part 2: Testing & Documentation Issues MAJOR M3: Data Loss Risk MAJOR M4: Zero Test Coverage for Interactive Flows Documentation Gaps:
Test Coverage: 75% overall
|
|
Part 3: Minor Issues & Recommendations Minor Issues:
Security Assessment: LOW RISK Recommendations:
Performance:
Files with specific issues documented:
|
|
Part 4: What is Done Well & Final Recommendations Excellent Work: Architecture:
Testing:
UX Features:
Code Quality:
Required Actions Before Merge: Must Fix (Blockers):
Should Fix (Recommended): Time Estimate:
Final Verdict: REQUEST CHANGES The foundation is solid and adds significant value with multi-LLM support. Code quality is generally good with proper Go idioms. However, the critical metadata mismatch, race condition in stdout capture, and missing test coverage for interactive flows must be addressed before merge. Risk Assessment:
This will be a great addition once the required fixes are implemented. Happy to clarify any findings or help with implementation! |
5 tasks
This was referenced Jan 25, 2026
5 tasks
7 tasks
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses critical issues with the lvt CLI authentication templates and planning workflow:
Auth Template Fixes
lvt-plan Skill Improvements
Key Changes
commands/auth.go: Add password auth warning and auto-disable flaginternal/kits/system/multi/templates/auth/handler.go.tmpl: Complete rewrite for v0.4.x API compatibilitycommands/claude_resources/skills/lvt-plan/: Enhanced planning skill with smart extractioncommands/help.go: New help command implementationMigration Path
See
docs/proposals/authentication-v0.5.mdin the livetemplate repo for the plan to re-enable password auth by adding HTTP methods to ActionContext in LiveTemplate v0.5.0.Test Plan
Related Issues
Fixes issues with:
🤖 Generated with Claude Code