sober
Health Gecti
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 27 GitHub stars
Code Basarisiz
- rm -rf — Recursive force deletion command in .claude/settings.json
- rm -rf — Recursive force deletion command in install.sh
- execSync — Synchronous shell command execution in lib/cli.js
- spawnSync — Synchronous process spawning in lib/cli.js
- fs.rmSync — Destructive file system operation in lib/cli.js
- process.env — Environment variable access in lib/cli.js
- fs module — File system access in lib/cli.js
- rm -rf — Recursive force deletion command in scripts/hooks/critical-action-check.sh
Permissions Gecti
- Permissions — No dangerous permissions requested
This agent is a configuration and workflow optimization tool for Claude Pro users. It uses model routing, batch execution commands, and output filtering to help users maximize their daily usage quotas.
Security Assessment
Overall risk is rated as High. This tool extensively interacts with your system's lower layers. The audit flagged multiple instances of synchronous shell command execution and process spawning, meaning it runs potentially opaque operations directly on your machine. It also accesses environment variables, which could expose sensitive API keys or local configurations. Most concerning are the multiple instances of recursive force deletions (`rm -rf`) found in both the installation script and internal files. Coupled with its access to the user's home directory and broad file system write capabilities, this gives the tool highly destructive potential if misconfigured or if a malicious update is pushed. No hardcoded secrets were found, and no dangerous permissions are requested.
Quality Assessment
The project is actively maintained, with its last push occurring today, and is distributed under the standard MIT license. It currently has 25 GitHub stars, indicating a small but present community footprint. However, developers should be aware that it relies on several external dependencies—such as `jq`, `tmux`, and `mgrep`—and automatically attempts to install them via package managers like npm and Homebrew.
Verdict
Use with caution — while its optimization features are appealing, its broad file system access, heavy reliance on shell execution, and destructive deletion commands require strict review before deploying in any sensitive environment.
Minimize waste. Maximize validated work. The ultimate config to beat the Claude Pro quota.
Sober
A local behavior harness that makes Claude Code and Codex CLI read less, guess less, and verify more.
Sober is a small, local harness to make AI coding tools like Claude Code and Codex CLI run more consistently and efficiently. It installs one rules file, a few focused skills, and lightweight safety hooks so your agent reads only what it needs, locates target lines using actual search tools, makes pinpoint edits, verifies changes via tests, and stops looping on failed guesses.
It is not a new agent runtime. It does not run a service. It does not ask for API keys. Once installed, simply ask Claude Code or Codex CLI for tasks, and both runtimes will align behind the same working contract.
Before & After
- Before Sober: Agents read entire files blindly, guess code locations, and spend quota on verbose explanations.
- After Sober: Agents locate target lines with tools, make minimal edits, verify changes via tests, and report briefly.
Sober drastically reduces context byte inflow per task by enforcing target-line reading, pinpoint tool searches, and diff-only outputs instead of full-file dumps. For design decisions and constraints, see docs/adr/.
💡 How to use: After installing Sober, just request tasks via
claudeorcodexcommand as usual. Sober does not run a separate runtime; it simply links rules, skills, and hooks into each CLI's configuration.
Quick start
npm install -g @move-hoon/sober@latest
sober install
sober doctor
⚠️ Migration from
claude-pro-minmax(CPMM v1): If you have the oldclaude-pro-minmaxpackage installed, please uninstall it first before setting up Sober:npm uninstall -g claude-pro-minmax
That gives you:
- one source of truth in
~/.sober - shared rules for Claude Code and Codex CLI
- Sober skills linked into each runtime
- Claude Code and Codex hooks/rules for safety, handoff, formatting, compact reminders, and failure logs
Sober does not intercept OS-level processes; it simply links rules, skills, and hooks into the CLI's configuration endpoints.
Common commands:
sober install # apply / refresh Sober's policy files globally
sober setup # install deps + optional Context7 / search-edit toolkit
sober doctor # check install, deps, hooks, and optional tools
sober template [dir] # bootstrap a specific project with local rules and HANDOFF.md memory
sober uninstall # remove Sober symlinks and ~/.sober
First request example (to guide the agent's behavior correctly):
"Fix this bug. Locate the relevant files first, make the minimal required edits, and verify with tests."
Install from source if you want to audit every line first:
git clone https://github.com/move-hoon/sober.git
cd sober
bash install.sh
What Sober Solves
Most quota waste is boring and predictable.
| What usually happens | What Sober teaches the agent to do |
|---|---|
| Read whole files to find one line | Locate exact file:line matches first |
| Guess where code lives | Search with ripgrep, ast-grep, Probe, or Serena |
| Hand-rewrite mechanical edits | Use repeatable command-line transforms |
| Change code from stale navigation | Re-check the target, then run compile/tests |
| Retry the same failed idea | Stop after a few misses and re-plan |
| Produce long explanations and full-file dumps | Return diffs, paths, and the decision that matters |
| Add tools because they sound useful | Measure before/after; remove what does not pay |
The rule of thumb: spend model thinking on judgment, not grep.
The Sober loop
Ask one scoped task
→ locate exact lines
→ change with the smallest safe edit
→ verify with build/tests
→ write a short handoff
→ measure before adding anything
The loop lives in AGENTS.md, the one rules file both runtimes read. Claude Code reads it through CLAUDE.md; Codex reads AGENTS.md directly.
You do not need to memorize internal policy codes. In plain language, Sober asks the agent to:
- read only what it needs
- search with real tools (
search-ladderskill) - use tools for mechanical edits (
edit-deterministicskill) - verify before changing state (
verify-gatehook) - stop and re-plan after repeated failure
- keep memory human-reviewed and file-based (
HANDOFF.md) - isolate risk behind git
- measure every harness addition (
observeskill) - keep output compact (
cavemanskill)
The longer reasoning behind these choices is recorded in docs/adr/.
What gets installed
Sober sets ~/.sober as the shared configuration source, allowing both Claude Code and Codex CLI to read the same rules and skills. It safely links rules, skills, and hooks into each CLI's native configuration format.
flowchart TD
subgraph Core ["Sober Core (~/.sober)"]
Spine["AGENTS.md (Shared Policy)"]
Scripts["Bash Scripts (Hooks)"]
Skills["skills/ (Tools)"]
end
subgraph Claude ["Claude Code (~/.claude)"]
C_Hooks["settings.json\n(Merged Hooks)"]
C_Rules["rules/*.md\n(Soft Prompts)"]
end
subgraph Codex ["Codex CLI (~/.codex)"]
X_Hooks["hooks.json\n(Native Hooks)"]
X_Rules["rules/*.rules\n(Hard Policies)"]
end
Core -. "Symlinks &\nAdditive Merges" .-> Claude
Core -. "Symlinks &\nAdditive Merges" .-> Codex
File Tree
~/.sober/AGENTS.md # shared rules source
~/.sober/skills/<skill>/SKILL.md # one copy of each skill
# For Claude Code Users
~/.claude/CLAUDE.md -> ~/.sober/AGENTS.md
~/.claude/AGENTS.md -> ~/.sober/AGENTS.md
~/.claude/skills/* -> ~/.sober/skills/*
~/.claude/settings.json # Sober hooks are additively merged here
# For Codex CLI Users
~/.codex/AGENTS.md -> ~/.sober/AGENTS.md
~/.agents/skills/* -> ~/.sober/skills/*
~/.codex/hooks.json # Sober hooks are additively merged here
~/.codex/rules/sober-critical-actions.rules -> ~/.sober/codex-rules/sober-critical-actions.rules
Project-level AGENTS.md, .claude/, or .codex/ files can still override the global setup.
Skills
| Skill | Job |
|---|---|
karpathy |
Stay scoped: no invented requirements, no over-building, no unrelated edits, match local style |
caveman |
Keep answers short: result, diff, file:line, no ceremony |
search-ladder |
Find code in the cheapest reliable order |
edit-deterministic |
Route mechanical edits to tools instead of manual rewrites |
observe |
Measure context, cost, retries, and failures before adding tools |
structure-graph |
Use repo graphs only as hints for large-codebase flow tracing |
sober-review |
A portable code-review checklist; it reports issues and never edits |
Optional tools
Sober works without these. They make the loop cheaper when installed.
| Tool | Why it helps |
|---|---|
ripgrep |
Fast exact text search |
ast-grep |
Structural code search and mechanical rewrites |
| Probe | Index-free structural repo search |
| Serena | Symbol-aware navigation and edits through LSP |
Context7 / ctx7 |
Current library docs instead of stale API memory |
mgrep |
Semantic search for concept queries, last resort |
Run:
sober doctor
sober setup
For Context7 directly:
npm install -g ctx7
ctx7 setup --cli --claude
doctor shows what is present. setup can install missing required dependencies and offer optional integrations.
Code review and helper agents
Sober ships the review checklist, not a fixed reviewer pipeline.
Use a separate helper when it pays for itself:
- reviewing a non-trivial change with fresh eyes
- exploring a large unfamiliar repository
- running several truly independent tasks in parallel
Avoid fixed multi-agent chains for everyday work. They often spend more quota than they save. The checklist is in skills/sober-review; the actual helper can be Claude Code's native subagent, a Codex helper, or a reviewer you already trust.
Safety and privacy
- Additive Installation: Sober never overwrites your config. It safely merges its hooks into
settings.jsonandhooks.json. Your environment variables, permissions, and existing tools are preserved. - Purely Local: Sober is local configuration and bash scripts, not a hosted service.
- No API Keys: Sober never asks for or touches your model API keys.
- Safety Guardrails: Dangerous shell commands are detected and blocked prior to execution by Claude Hooks and Codex Starlark Rules.
- User in Control: Verification reminders (like testing before committing) are advisory-only and do not block your
git commitorpushcommands. You retain final control over what gets executed. - No Hidden Memory: Session memory is a small, visible
HANDOFF.mdfile for humans to review. No automatic hidden memory bloating your context. - Local Failure Logs & Redaction: Tool-failure logs are stored locally and automatically redact common secret patterns before writing.
Learn the workflow
- Day-to-day guide:
docs/USER-MANUAL.md - Design decisions:
docs/adr/ - Contributing:
CONTRIBUTING.md
Develop
git clone https://github.com/move-hoon/sober.git
cd sober
npm test
npm pack --dry-run
License
MIT — see LICENSE.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi