Initial Setup#1
Merged
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Initial repository bootstrap for “Staffbot”, including local dev onboarding scripts, Claude Code/MCP configuration, and baseline CI/linting/docs to support a read-only DB-query assistant workflow for non-technical staff.
Changes:
- Add scripts for local developer setup, developer-mode gating, and starting the DB MCP server.
- Add project configuration for Claude Code/MCP, Node/Prettier, git ignores, and environment templates.
- Add baseline GitHub Actions CI + Dependabot and expand README/CLAUDE.md guidance.
Reviewed changes
Copilot reviewed 14 out of 16 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/start-db.sh | Validates env vars, handles SSH key material, starts dbhub MCP server |
| scripts/setup-local-dev.sh | Creates .local-developer, .claude/settings.local.json, and .env from template |
| scripts/check-developer-mode.sh | Blocks write/shell tools unless developer flag exists |
| package.json | Adds Prettier + lint/format scripts and local-developer setup script |
| package-lock.json | Locks Prettier dependency |
| README.md | Documents Staffbot purpose, setup, security notes, troubleshooting |
| CLAUDE.md | Defines behavioral rules for non-technical staff usage sessions |
| .prettierignore | Ignores .env* and .local-developer from Prettier |
| .node-version | Pins Node major version for tooling/CI |
| .mcp.json | Configures MCP server entry for DB via start script |
| .gitignore | Ignores local-only developer and Claude local settings artifacts |
| .github/workflows/ci.yml | Adds CI jobs for actionlint + prettier check |
| .github/dependabot.yml | Configures monthly npm and GitHub Actions updates |
| .env.template | Provides required DB + SSH environment variables template |
| .editorconfig | Establishes repo-wide editor settings |
| .claude/settings.json | Sets default Claude tool permissions and dev-mode pre-hook gate |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This repo is a configuration-as-product for non-technical staff, but it still needs standard tooling to keep contributions consistent and catch issues before they reach main. Prettier enforces formatting across JSON, Markdown, and YAML. The CI workflow mirrors the pattern used in other PermanentOrg repos (shared setup job with node_modules caching, actionlint for workflow validation, lint gate). Each downstream job includes a fallback npm ci in case of cache miss. Dependabot handles monthly updates for both npm packages and GitHub Actions. The editorconfig matches PermanentOrg conventions (tabs, utf-8, LF, spaces for YAML). Gitignore additions cover local developer files that will be introduced in a later commit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Staff need to query our production database through Claude Code, but the database is behind an IP allowlist which blocks direct connections from the web interface. This configures dbhub as the MCP server and adds a startup script that handles two access paths: - Local: connects using env vars directly (SSH_KEY points at a file) - Web: decodes a base64-encoded private key from an env var to a temp file, then connects through an SSH tunnel via the bastion host The startup script validates all required env vars before attempting to connect, providing clear error messages that distinguish between missing database credentials and incomplete SSH configuration. dbhub is pinned in package.json so dependabot can track updates. The base64 decode uses printf (not echo) to avoid newline corruption, with platform-aware flags for macOS vs Linux. The script runs npx as a child process (not exec) so the EXIT trap reliably cleans up the temp key file. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This repo is used by non-technical staff, not engineers. CLAUDE.md instructs the agent to avoid jargon, never expose SQL, present results conversationally, and never create or modify files (since file writes could leak sensitive production data into the repository via PRs). Rules that restrict file modification and shell commands include an explicit developer-mode exception: when Write/Edit/Bash tools are available (gated by the PreToolUse hook), Claude recognizes it is in a developer session and behaves accordingly. This avoids conflicting guidance where CLAUDE.md would block actions the hook has allowed. The PreToolUse hook checks for a .local-developer flag file: if absent (web users, fresh clones), it blocks Write, Edit, Bash, and Agent tools with a clear message. If present (developers who have run the setup script), it allows full access. This avoids using deny rules in settings.json, which cannot be overridden by settings.local.json per Claude Code's permission precedence model. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Developers and end users have different setup needs for this repo. "npm run local-developer" handles the developer path: it creates the .local-developer flag (which the PreToolUse hook checks to unlock write tools), generates a settings.local.json with full permissions, and copies .env.template to .env for local credential configuration. The README targets end users (non-technical staff) with plain-language setup instructions for both local and web access, usage tips for asking natural-language questions, and a troubleshooting table for common connection issues. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
slifty
force-pushed
the
noissue-initial-setup
branch
from
895793b to
7b2c70f
Compare
slifty
commented
Mar 26, 2026
Caching node_modules wholesale and skipping npm ci on a cache hit prevented postinstall hooks and dist-specific steps from running. Switch to actions/setup-node's built-in npm cache (~/.npm) and run npm ci unconditionally so hooks always fire. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This approach to granting developer-mode permissions back didn't work; developer mode is gated by the PreToolUse hook (check-developer-mode.sh) keying off the .local-developer flag instead. The settings.local.json allow-list it wrote was dead weight. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Rename the project from Staffbot to Roboterry across package.json and docs. - Remove the dbhub/postgres MCP server machinery (.mcp.json entry, scripts/start-db.sh, @bytebase/dbhub dependency, .env.template). The postgres MCP server will be reintroduced in a separate branch. - Stop restricting tool use. Replace the PreToolUse blocking gate (check-developer-mode.sh) with a SessionStart hook (developer-mode-status.sh) that reports developer vs staff mode based on the .local-developer flag. CLAUDE.md now carries two instruction sets keyed on mode; the mode changes how Claude behaves, not which tools it can use. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
liam-lloyd
approved these changes
Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This sets up the repository with CI as well as some tooling to support the "dual claude roles" that are possible (local development of the repo itself vs use of the repo for roboterry purposes)