Deploy: linux-sysadmin skill enforcement + keepass-cred-mgr REPL hardening

Author: chrisdpurcell

.claude-plugin/marketplace.json

@@ -52,8 +52,8 @@
     },
     {
       "name": "linux-sysadmin",
-      "description": "Linux system administration skills: 97 per-service guides covering daemons, CLI tools, and filesystems with annotated configs, cheatsheets, and a guided /sysadmin stack design workflow",
-      "version": "1.1.0",
+      "description": "Linux system administration skills: 137 per-service guides covering daemons, CLI tools, and filesystems with annotated configs, cheatsheets, and a guided /sysadmin stack design workflow",
+      "version": "1.2.0",
       "author": {
         "name": "L3DigitalNet",
         "url": "https://github.com/L3DigitalNet"
@@ -130,7 +130,7 @@
     {
       "name": "keepass-cred-mgr",
       "description": "MCP server for secure KeePass vault access from Claude Code via YubiKey authentication. Exposes 10 tools for vault unlock, listing, searching, reading, writing, and bulk-importing KeePass entries with audit logging.",
-      "version": "0.5.1",
+      "version": "0.5.2",
       "author": {
         "name": "L3DigitalNet",
         "url": "https://github.com/L3DigitalNet"

.serena/project.yml

@@ -126,3 +126,12 @@ initial_prompt: ""
 # This overrides the corresponding setting in the global configuration; see the documentation there.
 # If null or missing, use the setting from the global configuration.
 symbol_info_budget:
+
+# line ending convention to use when writing source files.
+# Possible values: unset (use global setting), "lf", "crlf", or "native" (platform default)
+# This does not affect Serena's own files (e.g. memories and configuration files), which always use native line endings.
+line_ending:
+
+# list of regex patterns which, when matched, mark a memory entry as read‑only.
+# Extends the list from the global configuration, merging the two lists.
+read_only_memory_patterns: []

CLAUDE.md

@@ -31,7 +31,7 @@ Claude-Code-Plugins/
 │   ├── design-assistant/             # Design document authoring and review
 │   ├── github-repo-manager/          # Conversational GitHub repo maintenance
 │   ├── home-assistant-dev/           # HA integration dev toolkit + MCP server
-│   ├── linux-sysadmin/               # Linux sysadmin skills (94 service, tool, and filesystem guides)
+│   ├── linux-sysadmin/               # Linux sysadmin skills (137 service, tool, and filesystem guides)
 │   ├── plugin-review/                # Plugin quality review via orchestrator
 │   ├── plugin-test-harness/          # Iterative test/fix/reload loop (TypeScript)
 │   └── release-pipeline/             # Autonomous release pipeline

docs/skills.md

@@ -458,6 +458,92 @@ Run YAML validator:
 python -c "import yaml; yaml.safe_load(open('skill.md').read().split('---')[1])"
 ```
 
+## Linux Sysadmin Skill Conventions
+
+The `linux-sysadmin` plugin follows stricter conventions than general skills. These ensure
+consistency across 100+ service, tool, and filesystem guides.
+
+### Identity Format Convention
+
+Choose the format based on whether the tool runs as a persistent process:
+
+**Services/daemons** (anything with a systemd unit or persistent process) use bullet-list format:
+
+```markdown
+## Identity
+- **Unit**: `nginx.service`
+- **Config**: `/etc/nginx/nginx.conf`
+- **Logs**: `journalctl -u nginx`, `/var/log/nginx/access.log`
+- **Install**: `apt install nginx` / `dnf install nginx`
+```
+
+**CLI tools** (stateless, no persistent process) use property table format:
+
+```markdown
+## Identity
+
+| Property | Value |
+|----------|-------|
+| **Binary** | `jq` |
+| **Config** | No persistent config |
+| **Type** | CLI tool |
+| **Install** | `apt install jq` / `dnf install jq` |
+```
+
+### Required Sections (in order)
+
+1. **Identity** — binary/unit, config paths, logs, install command
+2. **Quick Start** — 3-5 shell commands from zero to working (fenced bash block)
+3. **Key Operations** — task/command table
+4. **Expected Ports** — (services with network listeners only)
+5. **Health Checks** — (services with observable state only)
+6. **Common Failures** — symptom/cause/fix table
+7. **Pain Points** — bullet list of gotchas and non-obvious behavior
+8. **See Also** — related skills with one-line descriptions
+9. **References** — pointer to `references/` directory
+
+### Column Header Standards
+
+Standardize table headers for machine-parseable consistency:
+
+- Key Operations: `| Task | Command |`
+- Common Failures: `| Symptom | Cause | Fix |`
+
+If a skill uses bullet-list format for Key Operations (e.g., nginx), that is acceptable — do
+not force a table where bullets work better.
+
+### Frontmatter Fields
+
+```yaml
+name: string              # Required. Unique lowercase-hyphenated identifier
+description: string       # Required. Human-readable summary (no trigger phrases)
+triggerPhrases:           # Recommended. Array of activation phrases
+  - "nginx"
+  - "reverse proxy"
+globs:                    # Optional. File patterns for context matching
+  - "**/nginx.conf"
+last_verified: "YYYY-MM"  # Recommended. Date of last doc verification, or "unverified"
+```
+
+Keep trigger phrases OUT of the description field. The description should read as a clean
+one-line summary; trigger phrases go in the `triggerPhrases` array.
+
+### Reference Files
+
+Each skill directory contains a `references/` subdirectory with:
+
+- **`docs.md`** — Official and community documentation links (required)
+- **`cheatsheet.md`** or **`common-patterns.md`** — Practical command/config examples
+- **`*.annotated`** — Annotated config files with every option explained (for services with config files)
+
+### Cross-References (See Also)
+
+Every skill should list 2-5 related skills in its `## See Also` section. Group by relationship:
+
+- **Alternatives** — tools that solve the same problem differently (nginx ↔ caddy)
+- **Complements** — tools commonly used together (prometheus → grafana)
+- **Dependencies** — tools this one sits on top of (helm → kubernetes)
+
 ## Next steps
 
 - [Create plugins](./plugins.md) to package and distribute skills

plugins/keepass-cred-mgr/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "keepass-cred-mgr",
-  "version": "0.5.1",
+  "version": "0.5.2",
   "description": "MCP server for secure KeePass vault access from Claude Code via YubiKey authentication",
   "author": {
     "name": "L3DigitalNet",

plugins/keepass-cred-mgr/CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 
+## [0.5.2] - 2026-03-18
+
+### Fixed
+- Newlines in REPL arguments (notes, urls) corrupt the keepassxc-cli command stream, causing garbled entries and data loss. `_repl_quote()` now sanitizes `\n`/`\r` to spaces before quoting.
+- `deactivate_entry` constructed notes with an embedded newline (`\n[DEACTIVATED: ...]`) that split the REPL command across two lines. Uses ` | ` separator instead.
+- `run_cli` stdin_lines (passwords) now reject embedded newlines with a clear error instead of silently corrupting the stream.
+- Corrected REPL quoting model: the CLI uses `Utils::splitCommandString` (backslash escapes any character), not `QProcess::splitCommand`. Updated comments and docs.
+- `_parse_show_output` no longer misinterprets notes containing `Password: ...` or `URL: ...` text as field boundaries. Notes is the last standard field; only `Tags:` terminates it.
+- Notes passed via `--notes` are now escaped to prevent keepassxc-cli from silently converting literal `\n` text into newlines (the CLI replaces `\\n` → newline before storing).
+
 ## [0.5.1] - 2026-03-15
 
 ### Changed

plugins/keepass-cred-mgr/README.md

@@ -93,7 +93,7 @@ flowchart TD
     Poller -.->|removed > grace period| AutoLock[Auto-lock vault]
 ```
 
-The server runs as a stdio MCP process spawned by Claude Code via `scripts/start-server.sh`, which resolves Python dependencies through `uv run` and starts the FastMCP server. On startup it loads the YAML config, initializes the YubiKey poller, and registers all 10 tools. The vault starts locked; call `unlock_vault` first to verify YubiKey presence and perform a physical touch. `unlock_vault` opens a persistent `keepassxc-cli open` REPL process; that single touch covers all subsequent tool calls in the session. Commands are dispatched through the REPL's stdin/stdout with Qt-style double-quote argument escaping; the REPL stays alive until the vault locks. Removal of the YubiKey starts a grace timer (default 10 seconds); if the key isn't reinserted in time, the vault locks (killing the REPL process), and all subsequent tool calls fail with `VaultLocked` until `unlock_vault` is called again.
+The server runs as a stdio MCP process spawned by Claude Code via `scripts/start-server.sh`, which resolves Python dependencies through `uv run` and starts the FastMCP server. On startup it loads the YAML config, initializes the YubiKey poller, and registers all 10 tools. The vault starts locked; call `unlock_vault` first to verify YubiKey presence and perform a physical touch. `unlock_vault` opens a persistent `keepassxc-cli open` REPL process; that single touch covers all subsequent tool calls in the session. Commands are dispatched through the REPL's stdin/stdout with double-quote argument escaping matching keepassxc-cli's `Utils::splitCommandString` parser (backslash escapes any character, double quotes toggle quoting mode); the REPL stays alive until the vault locks. Removal of the YubiKey starts a grace timer (default 10 seconds); if the key isn't reinserted in time, the vault locks (killing the REPL process), and all subsequent tool calls fail with `VaultLocked` until `unlock_vault` is called again.
 
 ## Usage
 
@@ -178,7 +178,7 @@ audit_log_path: ~/.local/share/keepass-cred-mgr/audit.jsonl
 
 - **Tag-based access control over group allowlist**: Earlier versions required an `allowed_groups` allowlist. This was replaced with a denylist of two KeePassXC tags: `AI RESTRICTED` (blocks all AI access to an entry) and `READ ONLY` (blocks write operations). Tags are parsed from `keepassxc-cli show` output during each tool call — no config field required. The inversion from opt-in allowlist to opt-out denylist means the user can freely add, remove, or reorganize groups without reconfiguring the plugin.
 
-- **`keepassxc-cli` over `pykeepass`**: Using the CLI means the MCP server has no direct database access; KeePassXC owns the file format, locking, and YubiKey integration. `unlock_vault` opens a persistent `keepassxc-cli open` REPL process; all subsequent commands are dispatched through that process's stdin/stdout without re-authenticating. `list_entries` still issues one `ls` plus one `show` per entry (for metadata), but all within a single session rather than spawning a subprocess per call. Binary attachment exports use a separate subprocess since raw bytes cannot pass through the text REPL without corruption.
+- **`keepassxc-cli` over `pykeepass`**: Using the CLI means the MCP server has no direct database access; KeePassXC owns the file format, locking, and YubiKey integration. `unlock_vault` opens a persistent `keepassxc-cli open` REPL process; all subsequent commands are dispatched through that process's stdin/stdout without re-authenticating. `list_entries` still issues one `ls` plus one `show` per entry (for metadata), but all within a single session rather than spawning a subprocess per call. Binary attachment exports use a separate subprocess since raw bytes cannot pass through the text REPL without corruption. The REPL uses `Utils::splitCommandString` for argument parsing (backslash-escapes-any-character semantics, double-quote toggling); `_repl_quote()` matches this model.
 
 - **`ykman list` for presence polling**: `keepassxc-cli` requires a physical touch on every invocation. Using `ykman list` (pure USB enumeration, no touch) allows continuous polling without interrupting the user.
 
@@ -200,6 +200,7 @@ audit_log_path: ~/.local/share/keepass-cred-mgr/audit.jsonl
 - **No entry deletion or overwrite**: By design, Claude cannot delete or overwrite entries. Credential rotation requires a create-then-deactivate sequence, and stale `[INACTIVE]` entries accumulate until manually removed in KeePassXC.
 - **Titles with slashes are unsupported**: `keepassxc-cli` uses `/` as a path separator (`Group/Title`). Titles containing `/` produce undefined CLI behavior; `create_entry` rejects them with an error.
 - **`edit --notes` replaces the entire field**: Appending a deactivation timestamp to notes requires reading the existing notes first, then writing the combined string. If the notes update fails after a successful rename, the entry is still deactivated (renamed to `[INACTIVE]`) but the deactivation timestamp in notes may be missing. A warning is logged in this case.
+- **REPL is line-based**: The keepassxc-cli REPL reads one command per line. Arguments containing literal newlines are sanitized to spaces before sending (with a warning logged). Multi-line notes are flattened; the `--notes` `\\n`-to-newline conversion is pre-escaped to prevent silent data corruption.
 
 ## Security Model
 

plugins/keepass-cred-mgr/server/tools/read.py

@@ -23,15 +23,20 @@
 type SearchResult = dict[str, str | None]
 
 
-# Known field prefixes that terminate a multi-line notes block.
-_KNOWN_FIELDS = {"username", "password", "url", "notes", "title", "tags"}
+# Fields that appear BEFORE notes in keepassxc-cli show output.
+# Once we enter notes mode, only "tags" (which appears after notes) terminates it.
+# This prevents notes containing "Password: ..." from being misinterpreted as fields.
+_PRE_NOTES_FIELDS = {"username", "password", "url", "title"}
 
 
 def _parse_show_output(stdout: str) -> EntryFields:
     """Parse keepassxc-cli show output into a string field dict.
 
-    Notes can span multiple lines; continuation lines have no 'Key: ' prefix.
-    Continuation stops when a line starts with a known field key followed by ': '.
+    keepassxc-cli show outputs fields in order: Title, UserName, Password,
+    URL, Notes, then Tags. Notes can span multiple lines with embedded
+    newlines. Once we enter notes mode, only a Tags line terminates it;
+    lines that look like "Password: foo" inside notes are continuation lines,
+    not field boundaries.
     """
     fields: dict[str, str] = {}
     in_notes = False
@@ -41,22 +46,24 @@ def _parse_show_output(stdout: str) -> EntryFields:
         if ": " in line:
             key, _, value = line.partition(": ")
             key_lower = key.strip().lower()
-            if key_lower in _KNOWN_FIELDS:
-                if in_notes:
+
+            # Inside notes, only "tags" can terminate — everything else is content
+            if in_notes:
+                if key_lower == "tags":
                     fields["notes"] = "\n".join(notes_lines)
                     in_notes = False
-                if key_lower == "notes":
-                    notes_lines = [value.strip()]
-                    in_notes = True
-                elif key_lower == "username":
-                    fields["username"] = value.strip()
-                elif key_lower == "password":
-                    fields["password"] = value.strip()
-                elif key_lower == "url":
-                    fields["url"] = value.strip()
-                elif key_lower == "title":
-                    fields["title"] = value.strip()
+                    # Tags value is captured by _parse_tags separately; skip
+                    continue
+                notes_lines.append(line)
                 continue
+
+            if key_lower == "notes":
+                notes_lines = [value.strip()]
+                in_notes = True
+            elif key_lower in _PRE_NOTES_FIELDS:
+                fields[key_lower] = value.strip()
+            continue
+
         if in_notes:
             notes_lines.append(line)
 

plugins/keepass-cred-mgr/server/tools/write.py

@@ -38,6 +38,18 @@
 log: structlog.stdlib.BoundLogger = structlog.get_logger("keepass-cred-mgr.tools.write")
 
 
+def _escape_notes_for_cli(notes: str) -> str:
+    """Escape a notes string for --notes argument to keepassxc-cli.
+
+    The CLI's Add.cpp and Edit.cpp replace literal '\\n' with actual newlines
+    before storing (entry->setNotes(notes.replace("\\\\n", "\\n"))). If the
+    user's notes contain the two-character sequence '\\n', the CLI silently
+    converts it to a newline. Escape it to '\\\\n' so the CLI round-trips
+    to '\\n' as intended.
+    """
+    return notes.replace("\\n", "\\\\n")
+
+
 @contextmanager
 def _write_lock(vault: Vault) -> Generator[FileLock]:
     """Acquire and release a file lock around database writes."""
@@ -104,7 +116,7 @@ async def create_entry(
         if url is not None:
             cmd.extend(["--url", url])
         if notes is not None:
-            cmd.extend(["--notes", notes])
+            cmd.extend(["--notes", _escape_notes_for_cli(notes)])
         if password:
             # keepassxc-cli add has no --password flag; -p prompts stdin.
             # Write the password to stdin upfront so run_cli() doesn't deadlock.
@@ -142,7 +154,8 @@ async def deactivate_entry(
             break
 
     timestamp = datetime.now(UTC).isoformat()
-    new_notes = f"{existing_notes}\n[DEACTIVATED: {timestamp}]".strip()
+    deactivated_tag = f"[DEACTIVATED: {timestamp}]"
+    new_notes = f"{existing_notes} | {deactivated_tag}".strip(" |") if existing_notes else deactivated_tag
     new_title = f"{INACTIVE_PREFIX}{title}"
 
     with _write_lock(vault):
@@ -151,7 +164,7 @@ async def deactivate_entry(
         # Update notes using new path — non-critical, log and continue on failure
         new_path = vault.entry_path(new_title, group)
         try:
-            await vault.run_cli("edit", "--notes", new_notes, db, new_path)
+            await vault.run_cli("edit", "--notes", _escape_notes_for_cli(new_notes), db, new_path)
         except KeePassCLIError:
             log.warning("deactivate_notes_update_failed", title=title, group=group)