AIssistLab

Skill Workshop RAG

Claude-first local workbench for building, validating, indexing, chatting with, and exporting Claude Code skills.

V1 is intentionally local-first. It is designed for a developer running a private Claude skills workspace on their own machine, with deterministic readiness checks and sanitized diagnostics before anything is shared.

Skill Workshop RAG V1 screenshot showing the Skills workspace, library readiness panel, and local navigation

What It Does

Product Shape

flowchart LR
  Settings["Settings<br/>paths, provider, profiles"] --> Doctor["Setup Doctor<br/>deterministic checks"]
  Settings --> Index["RAG Index<br/>ready, stale, failed"]
  Skills["Skills<br/>create, import, validate"] --> Index
  Index --> Chat["RAG Chat<br/>answers + citations"]
  Doctor --> Readiness["V1 Release Readiness"]
  Chat --> Export["Export<br/>skills + diagnostics"]
  Skills --> Export

Status

V1 is feature-complete for the Claude-focused local release path:

Out of scope for V1:

See V1 release notes and V2 roadmap for the boundary between current release and future provider-agnostic work.

Quick Start

npm install
npm run dev

Open http://localhost:3000.

The dev and build scripts run Next.js with webpack because the app keeps a small server-side webpack external config for local RAG dependencies. Turbopack is not the verified V1 path.

Copy .env.example to .env.local and configure:

WORKSPACE_ROOT=examples/demo-workspace
SKILLS_DIR=.claude/skills
NEXT_PUBLIC_APP_TITLE=Skill Workshop RAG
LLM_PROVIDER=anthropic_api
ENABLE_LOCAL_CLAUDE_CLI=false
CLAUDE_CLI_PATH=auto
CLAUDE_LOGIN_COMMAND=auto
CLAUDE_CONFIG_DIR=
ANTHROPIC_API_KEY=

For your real workspace, set:

WORKSPACE_ROOT=C:/path/to/workspace
SKILLS_DIR=.claude/skills

Then use Settings:

  1. Validate WORKSPACE_ROOT and SKILLS_DIR.
  2. Rebuild the RAG index.
  3. Select Anthropic API or Claude CLI provider mode.
  4. Test API or CLI auth.
  5. Open Chat when readiness says the app can send.
  6. Export diagnostics when you need a sanitized evidence bundle.

Provider Modes

Anthropic API

API mode is the default local provider because it is predictable for desktop use:

LLM_PROVIDER=anthropic_api
ANTHROPIC_API_KEY=<your key>

The app never prints API keys in status, readiness, diagnostics, settings API responses, or UI output. POST /api/chat remains a device-local API in API mode: hosted, production, and non-local requests are rejected before request-body processing.

Claude Code CLI

CLI mode is optional and only works for local desktop use:

LLM_PROVIDER=claude_code_cli
ENABLE_LOCAL_CLAUDE_CLI=true
CLAUDE_CLI_PATH=auto
CLAUDE_LOGIN_COMMAND=auto
CLAUDE_CONFIG_DIR=

CLAUDE_CLI_PATH=auto resolves Claude Code from the official native install location first, then PATH:

CLAUDE_LOGIN_COMMAND=auto opens Claude Code’s built-in visible auth flow, claude auth login, using the resolved Claude executable. Set CLAUDE_LOGIN_COMMAND=claude-login or an explicit helper path only if you intentionally use a custom login helper.

CLAUDE_CLI_PATH may be auto, a full executable path, or the install folder that contains the Claude executable, such as %USERPROFILE%\.local\bin.

CLI generation uses claude -p in a non-interactive child process with safe flags. The spawned process removes ANTHROPIC_API_KEY so API-key auth does not accidentally override local Claude subscription auth.

Claude profile discovery is privacy-preserving:

Public UI labels stay generic, such as Default profile, Profile 1, and Manual profile. The app does not serialize account emails, organization names, raw OAuth paths, tokens, or hidden profile folder names.

Main Screens

Local APIs

The maintained local API route sources are src/lib/routes/api-routes.ts for client-side route constants and src/app/api/**/route.ts for handlers. Route tests assert that static API constants stay aligned with the handler tree.

The local APIs cover index rebuild/status, chat/status, release readiness, settings/runtime/doctor/path browsing, Claude CLI profile/test/project checks, skill lifecycle/import/guided-builder flows, validation, export, and diagnostics ZIP generation. Endpoints that expose local readiness, filesystem, env, provider state, index content, or generated chat context are guarded for localhost usage.

Diagnostics Export

Diagnostics are only generated through the intentional export flow:

/api/export/zip?diagnostics=true
/api/export/zip?skill=skill-a&skill=skill-b&diagnostics=true

Diagnostics include:

They intentionally exclude API keys, account identifiers, OAuth paths, raw Claude config contents, full home paths, MCP command args, hook commands, and raw provider output.

Verification

Use the release-candidate runbook as the maintained source of truth for command coverage and manual QA details:

Full release gate:

npm run verify:release

This runs tests, lint, build, smokes, audits, cleanup dry-runs, and privacy checks. See the runbook command gates for the current exact sequence and focused debugging commands.

Release package evidence:

npm run release:evidence -- --gate-result passed
npm run release:prepare

release:evidence prints a sanitized summary of the current checkout, release-gate status, test count, coverage, privacy-scan status, and manual gates still pending. release:prepare is finite: it runs cleanup dry-runs, runs npm run verify:release once, then prints the sanitized evidence summary.

Manual QA remains device/account-owned: native folder picker visibility, Claude Open Login, and real account-backed chat must be confirmed by the local user after the automated gate passes.

Documentation

Security And Privacy Model

Tech Stack