Skip to content

jcvernaleo/llm-scripts

Repository files navigation

llm-scripts

Helper scripts for using LLMs (Claude Code, OpenCode) to work on code. Written with the help of Claude.

Contents

  • ai-devcontainer.sh — Main tool. Manages isolated container environments for AI coding assistants, with network firewall, language toolchains, and session management.
  • clone-all.sh / status-all.sh / update-all.sh — Multi-repo utilities.
  • skills/ — Custom Claude Code skills (session management, workspace scaffolding, smart contract audit, web security).

ai-devcontainer.sh

Spins up a Podman (or Docker) container with an AI coding assistant and a controlled environment for working on a project. By default, outbound network access is restricted to a whitelist of essential domains only.

Quick start

# First time — initializes, builds, and launches in one step
./ai-devcontainer.sh code --lang go ~/projects/myapp

# Resume an existing project — same command, no flags needed
./ai-devcontainer.sh code ~/projects/myapp

For projects that need extra Alpine packages beyond the language defaults:

./ai-devcontainer.sh init --lang rust ~/projects/myapp
echo "libvirt-dev python3" > ~/projects/myapp/.devcontainer/.extra-packages
./ai-devcontainer.sh code ~/projects/myapp

Commands

Command Description
init [--lang LANG] [--backend BACKEND] [dir] Create .devcontainer/ with a generated Dockerfile
build [dir] Build the container image
update [dir] Regenerate Dockerfile, then rebuild from scratch (no cache, pulls latest base)
start [--port HOST:CONTAINER]... [--open-network] [dir] Start container
code [--lang LANG] [--backend BACKEND] [--port HOST:CONTAINER]... [--open-network] [dir] Start container and launch the AI assistant (auto-inits on first run)
shell [--lang LANG] [--backend BACKEND] [--port HOST:CONTAINER]... [--open-network] [dir] Open an interactive shell in the container (auto-inits on first run)
stop [dir] Stop and remove the container
status List all ai-dev containers
langs Show supported languages and backends

Languages (--lang)

Value Adds
base Minimal: common tools only (default)
go Go toolchain
rust Rust + Cargo
python Python 3 + pip + virtualenv
node Node.js + npm + pnpm
emacs Emacs (for elisp development)
solidity Foundry (forge, cast, anvil, chisel)
terraform Terraform
android OpenJDK 21 + Android SDK (platform-tools, build-tools 35, API 35)
all Go + Rust + Python + Node.js + Emacs + Solidity/Foundry (terraform and android excluded — both are large, purpose-specific installs)

Backends (--backend)

Value Description
claude Claude Code — Anthropic's AI coding assistant (default)
opencode OpenCode — open-source, supports Anthropic, OpenAI, Google, Groq, OpenRouter

The selected backend and language are saved to .devcontainer/.backend and .devcontainer/.lang, port mappings to .devcontainer/.ports, and project-specific packages to .devcontainer/.extra-packages. All are committed with the project and used automatically on subsequent commands.

Network firewall

By default, the container applies iptables rules that restrict outbound connections to a domain whitelist. The allowed set is assembled from:

  • Base: GitHub, raw.githubusercontent.com, etc.
  • Backend: api.anthropic.com, or the relevant LLM provider APIs
  • Language: Package registries for the selected language (PyPI, crates.io, npmjs.org, etc.)

To disable the firewall:

./ai-devcontainer.sh code --open-network ~/projects/myapp

Port forwarding

./ai-devcontainer.sh code --port 3000:3000 --port 8080:8080 ~/projects/myapp

Port mappings are saved to .devcontainer/.ports and reused automatically on subsequent starts, so you don't need to re-specify them when returning to a project:

# First time — sets ports and saves them
./ai-devcontainer.sh code --port 3000:3000 --port 8080:8080 ~/projects/myapp

# Later — ports are restored automatically
./ai-devcontainer.sh code ~/projects/myapp

Passing --port again replaces the saved list entirely.

Project-specific packages

To add Alpine packages beyond what the selected language provides, create .devcontainer/.extra-packages in the project directory (one package per line, # comments supported):

# needed for libvirt Rust bindings
libvirt-dev
python3
# Pick up changes to .extra-packages by rebuilding
./ai-devcontainer.sh update ~/projects/myapp

The package list is incorporated into the image name (via a short content hash), so projects with different extra packages never share an image. Projects with no .extra-packages file are unaffected.

Environment variables

Variable Description
AI_DEVCONTAINER_ENGINE Container engine (podman default, or docker)
AI_DEVCONTAINER_IMAGE Override the image name
ANTHROPIC_API_KEY Passed through to container
OPENAI_API_KEY Passed through to container
GOOGLE_API_KEY Passed through to container
GROQ_API_KEY Passed through to container
OPENROUTER_API_KEY Passed through to container

SSH agent socket, git configuration, and gh CLI credentials (~/.config/gh) are also forwarded from the host automatically.


Multi-repo utilities

./clone-all.sh [repos.txt]   # Clone repos listed in repos.txt into repos/
./status-all.sh              # Show branch, dirty state, ahead/behind for all repos
./update-all.sh              # Fast-forward all repos in repos/

Claude Code skills

The skills/ directory contains custom Claude Code skills installable to ~/.claude/skills/.

Workspace management

Skill Description
/status Show current project state (reads CLAUDE.md, TODO.md, session state)
/new-workspace Scaffold a new multi-repo umbrella workspace in the current directory

/new-workspace

Bootstraps a new umbrella workspace for managing multiple related repos together:

  • Initializes a git repo with a standard .gitignore
  • Creates repos.txt for listing component repo URLs (used by clone-all.sh)
  • Creates PLAN.md (goal, components table, architecture, milestones, decisions log)
  • Creates TODO.md for cross-repo task tracking
  • Creates a repos/ directory (gitignored) for cloned components
  • Makes an initial commit

Usage: run /new-workspace <project-name> in an empty directory. If no name is given, it will prompt you.

Session management

Skill Description
/resume Reload context from the last saved session and suggest next steps
/save-session Write a session log and state snapshot to ~/.claude/sessions/<project>/
/sessions List recent sessions across all projects

Session notes are stored globally at ~/.claude/sessions/<project-name>/ so context persists across terminal sessions and machines.

Smart contract audit

Skill Description
/pre-audit Verify build, run ToB analysis, and produce an ordered audit checklist; auto-detects re-audits
/audit Smart contract security audit using the SCAR methodology
/audit-report Combine all audit rounds into a single formatted PDF
/full-audit Run the complete pipeline: pre-audit, audit every checklist item, generate PDF

/pre-audit

Run before /audit to verify the project builds and produce a structured audit plan. Auto-detects whether this is a first-time audit or a follow-up:

  • No prior checklist → first-time path: build check, ToB analysis, codebase inspection, and a fresh audit/AUDIT-CHECKLIST.md
  • Checklist incomplete → stops and lists the outstanding items
  • Checklist complete → re-audit path: archives the current round to audit/round-N/, re-runs ToB analysis on the updated code, and generates a new checklist annotated with prior findings (e.g. ← Round 1: 1 High, 2 Low)

Both paths run the Trail of Bits audit-prep-assistant (Slither, static analysis) and code-maturity-assessor (9-category scorecard) if the plugin is installed, saving output to audit/tob-prep.md and audit/tob-maturity.md.

Usage: run /pre-audit from the project root with no arguments — before the first audit and again after the author has addressed findings.

/audit

Performs a smart contract security audit using the SCAR methodology (Scan, Classify, Analyze, Report):

  • Scans all in-scope contracts for known vulnerability patterns (reentrancy, access control, integer issues, oracle manipulation, etc.)
  • Classifies each finding by severity: Critical, High, Medium, Low, or Informational
  • Traces execution paths for Critical and High findings
  • Produces a structured report with proof of concept, recommended fix, and a Foundry regression test for each finding

Usage: pass a single Solidity file or a directory of contracts as the argument.

/audit contracts/Vault.sol
/audit src/

/audit-report

Generates a single combined PDF from all audit rounds once the current round is complete:

  • Checks that every item in audit/AUDIT-CHECKLIST.md is checked off; stops with an explanation if any remain incomplete
  • Concatenates the current round's checklist and reports, then appends all prior rounds as appendices in order
  • Converts to a formatted PDF via pandoc and weasyprint (available in the solidity container)
  • Writes audit/audit-report-<date>.pdf and cleans up all temporary files

Usage: run /audit-report from the project root with no arguments after all /audit runs are complete.

/full-audit

Runs the entire audit pipeline in one command:

  • No prior checklist → runs /pre-audit, audits every checklist item in order, then generates the PDF
  • Incomplete checklist → resumes from the first unchecked item (skips pre-audit), then generates the PDF
  • Complete checklist → runs /pre-audit (re-audit path: archives round, fresh checklist), audits every item, then generates the PDF

If anything fails (build error, audit error), stops immediately and reports the failure.

Usage: run /full-audit from the project root with no arguments.

Web security

Each skill restricts itself to read-only tools and accepts a file or directory as an argument, e.g. /vuln-scan src/.

Skill Description
/vuln-scan General web vulnerability scan (XSS, SQLi, SSRF, path traversal, command injection, insecure deserialization, etc.)
/sqli-deep Taint-analysis-style deep-dive SQL injection review: traces user input from entry points to query sinks
/authz-review Broken access control, IDOR, and privilege escalation review
/secrets-audit Hunt for hardcoded secrets, credentials, API keys, and tokens (includes git history check)
/depcheck Dependency manifest review for dangerous, deprecated, or vulnerable packages

To install all skills:

cp -r skills/* ~/.claude/skills/

Requirements

  • Podman (or Docker)
  • Bash
  • An ANTHROPIC_API_KEY (for Claude) or the relevant API key for your chosen backend

License

ISC — see LICENSE.

About

Misc helper scripts for working with LLM coding agents

Resources

License

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors