project-kickoff
Project Kickoff
Bootstrap a new project or clean up an existing one so Claude Code has the right permissions, documentation, and git setup from the start.
Problem: Every new project accumulates dozens of permission approvals one click at a time, resulting in bloated settings files with leaked secrets, shell fragments, and deprecated MCP refs. This skill generates HQ-quality project scaffolding upfront.
Output: settings.local.json, CLAUDE.md, .gitignore (and optionally git init + GitHub repo).
Operating Modes
Mode 1: New Project Setup
When: Starting a new project, or working in a directory without .claude/settings.local.json.
Steps:
-
Detect project type from files present in the directory:
Indicator Type wrangler.jsoncorwrangler.tomlcloudflare-worker vercel.jsonornext.config.*vercel-app package.json(no deploy target)node-generic pyproject.tomlorsetup.pypython .claude/agents/or operational scriptsops-admin Empty directory Ask the user If ambiguous, ask. Types can stack (e.g. cloudflare-worker + node-generic).
-
Generate
.claude/settings.local.json:- Read references/permission-presets.md for the preset definitions
- Combine Universal Base + type-specific preset
- Write with
//comment groups for organisation - Warn the user: "Project settings.local.json SHADOWS your global settings — it does not merge"
-
Generate
CLAUDE.md:- Read references/claude-md-templates.md for templates
- Fill in: project name (from directory name or ask), today's date, detected stack
- Pre-fill Jez's defaults (Cloudflare account ID, pnpm, EN-AU)
-
Generate
.gitignore:- Use the type-appropriate template from references/claude-md-templates.md
- Always include
.claude/settings.local.jsonand.dev.vars
-
Optionally (ask first):
git init+ first commitgh repo create jezweb/[name] --private+ push
Mode 2: Tidy Existing Permissions
When: User says "tidy permissions", "clean settings", or the existing settings.local.json has more than ~50 entries.
Steps:
-
Run the tidy script to analyse the current file:
python3 ${SKILL_DIR}/scripts/tidy_permissions.py .claude/settings.local.json -
Review the report. It flags:
- Leaked secrets: API keys, tokens, hex strings embedded in approval patterns
- Shell fragments:
Bash(do),Bash(fi),Bash(then),Bash(else),Bash(done) - Deprecated MCP refs:
mcp__bitwarden__*and similar - Duplicates: Entries covered by a broader pattern already present
- One-time entries: Entire commit messages, hardcoded paths that will never match again
- Consolidation opportunities: e.g. 5 separate
Bash(git add:*),Bash(git commit:*)could becomeBash(git *)
-
Present the cleaned version with a diff showing what changed.
-
Apply after user confirmation. Recommend the user rotate any leaked secrets.
Mode 3: Add Preset
When: User says "add wrangler permissions" or "add MCP permissions" to an existing project.
Steps:
- Read the relevant preset section from references/permission-presets.md
- Read the existing
.claude/settings.local.json - Merge without duplicating — add new entries, keep existing groups
- Write the updated file
Permission Syntax Quick Reference
| Pattern | Meaning |
|---|---|
Bash(git *) |
Current syntax — space before * = word boundary |
Bash(git:*) |
Deprecated colon syntax (still works) |
WebFetch(domain:x.com) |
Domain-scoped web access |
WebSearch |
Blanket web search |
mcp__server__tool |
Specific MCP tool |
Critical: Project settings.local.json shadows global settings. It does not merge. If a project has its own allow list, the global allow list is ignored entirely for that project.
Shell operators (&&, ||, ;) are handled safely — Bash(git *) won't match git add && rm -rf /.
Autonomy
- Just do it: Detect project type, read existing files
- Brief confirmation: Write settings.local.json, CLAUDE.md, .gitignore (show what will be written)
- Ask first: git init, GitHub repo creation, overwriting existing files, applying tidy fixes
Reference Files
| When | Read |
|---|---|
| Building permission presets | references/permission-presets.md |
| Generating CLAUDE.md and .gitignore | references/claude-md-templates.md |