# claude-code-conduit

Supervised action bridge between Claude Code (in a Docker container) and the host system. Claude sends structured action requests; the server applies per-action policies and optionally holds them for human approval via a TUI queue manager.

## Quick orientation

- **Server** runs on the host (`bin/ccc-server.mjs`), listens on port 3015
- **Client** runs in the container (`bin/ccc-client.mjs`), sends signed JSON action requests
- **Actions** are defined in `server/actions.mjs` — this is the main place to add new capabilities
- **Auth** is HMAC-SHA256; secrets live in a JSON file, never env vars
- **Policies**: `auto-accept` (runs immediately), `queue` (held for human approval), `auto-deny`

## Adding a new action

Edit `server/actions.mjs`. Each action needs `description`, `params`, `policy`, and `handler`. The handler receives `(params, ctx)` where ctx has `{ caller, users, mail_perm_store, exec, mailer_send }`.

See [`claude-info/architecture.md`](claude-info/architecture.md) for full details.
See [`claude-info/contributing.md`](claude-info/contributing.md) for the checklist when adding features.

## Active / planned work

- [`claude-info/plan-google-calendar.md`](claude-info/plan-google-calendar.md) — Google Calendar integration ✓ implemented
- [`claude-info/plan-policy-overrides.md`](claude-info/plan-policy-overrides.md) — Runtime policy overrides + TUI policy view ✓ implemented (not yet field tested)

## Running

```bash
ccc-server --config config.json
ccc-client '{"action": "list-actions"}'
```

Shell helpers (`ccc-open-terminal`, `ccc-edit-file`, `ccc-open-browser`) are available in the container via `~/.bashrc`.