From 7fd212eab18127d272acf14201489040b959d27d Mon Sep 17 00:00:00 2001 From: 3x3by3 <3x3by3@gmail.com> Date: Fri, 13 Feb 2026 17:05:42 -0800 Subject: [PATCH 1/3] Add hook to block edits to sensitive files Adds a PreToolUse hook that prevents Claude from accidentally editing files containing .env, secrets, or .git/ paths. Co-Authored-By: Claude Opus 4.6 --- .claude/settings.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .claude/settings.json diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 0000000..8e99dad --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,15 @@ +{ + "hooks": { + "PreToolUse": [ + { + "matcher": "Edit|Write", + "hooks": [ + { + "type": "intercept", + "command": "python -c \"import sys,json; d=json.load(sys.stdin); p=d.get('file_path',''); blocked=['.env','secrets','.git/']; sys.exit(1) if any(x in p for x in blocked) else sys.exit(0)\"" + } + ] + } + ] + } +} From e71f98108d63a45b848c66b184b372f6cbd87afc Mon Sep 17 00:00:00 2001 From: 3x3by3 <3x3by3@gmail.com> Date: Fri, 13 Feb 2026 17:07:21 -0800 Subject: [PATCH 2/3] Add auto-lint hook for Python files on save Adds a PostToolUse hook that runs py_compile after any Edit or Write to a .py file, catching syntax errors immediately. Co-Authored-By: Claude Opus 4.6 --- .claude/settings.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude/settings.json b/.claude/settings.json index 8e99dad..aeec391 100644 --- a/.claude/settings.json +++ b/.claude/settings.json @@ -10,6 +10,17 @@ } ] } + ], + "PostToolUse": [ + { + "matcher": "Edit|Write", + "hooks": [ + { + "type": "command", + "command": "python -c \"import sys,json; d=json.load(sys.stdin); p=d.get('file_path',''); exec('import subprocess; r=subprocess.run([sys.executable,\\\"-m\\\",\\\"py_compile\\\",p],capture_output=True,text=True); print(r.stderr) if r.returncode else print(\\\"Syntax OK: \\\"+p)') if p.endswith('.py') else print('Skipped (not Python)')\"" + } + ] + } ] } } From b55a8a0e7a09fc9cd5affa1e77b806f2d720db92 Mon Sep 17 00:00:00 2001 From: 3x3by3 <3x3by3@gmail.com> Date: Fri, 13 Feb 2026 17:09:45 -0800 Subject: [PATCH 3/3] Add CLAUDE.md with project context for Claude Code Documents commands, architecture, key classes, required secrets, and gotchas for the ClawCloud auto-login project. Co-Authored-By: Claude Opus 4.6 --- CLAUDE.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 CLAUDE.md diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..44aae42 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,39 @@ +# ClawCloud Auto-Login + +Automated ClawCloud keep-alive via GitHub Actions + Playwright. + +## Commands + +```bash +# Install dependencies +pip install playwright requests pynacl +playwright install chromium +playwright install-deps + +# Run locally +python scripts/auto_login.py +``` + +## Architecture + +- `scripts/auto_login.py` — Single-file automation script (Playwright browser automation) +- `.github/workflows/keep-alive.yml` — Cron job (every 5 days, UTC 01:00) +- `.claude/settings.json` — Claude Code hooks + +## Key Classes (auto_login.py) + +- `Telegram` — Bot notifications and 2FA code retrieval via `/code` command +- `SecretUpdater` — Auto-updates GitHub Secrets via API (requires PyNaCl) +- `AutoLogin` — Main login flow: ClawCloud → GitHub OAuth → region detection → keepalive + +## Required Secrets + +`GH_USERNAME`, `GH_PASSWORD`, `GH_SESSION`, `TG_BOT_TOKEN`, `TG_CHAT_ID`, `REPO_TOKEN` + +## Gotchas + +- All credentials come from GitHub Actions secrets / environment variables — never hardcode +- The script uses anti-detection measures (custom user agent, webdriver override) +- `GH_SESSION` cookie auto-updates on successful login if `REPO_TOKEN` is set +- Region is auto-detected from redirect URL after OAuth (e.g. `ap-southeast-1.console.claw.cloud`) +- 2FA supports both GitHub Mobile approval and TOTP via Telegram `/code 123456`