From heimdall
Harden a project's MCP secrets behind a setuid OS boundary (Layer 1). Use when the user says "harden secrets", "set up the secrets safe", "lock my mcp secrets at the OS level", "install the setuid broker", or asks for a real (not just hook-level) boundary around a credentials file. Creates/uses .claude/heimdall-conceal.json, then guides the privileged setup (creates a runner uid, locks the file, installs the setuid broker, rewrites .mcp.json). This is the OS-level companion to /heimdall:conceal (which is hook-only, no sudo).
How this skill is triggered — by the user, by Claude, or both
Slash command
/heimdall:hardenThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Two layers: an OS uid boundary (setuid broker) + the hook-level conceal guard.
Two layers: an OS uid boundary (setuid broker) + the hook-level conceal guard.
The conceal guard activates automatically once .claude/heimdall-conceal.json
exists; the broker needs one privileged (sudo) run.
Linux/Unix only — this layer relies on setuid + uid file-ownership, which
Windows does not have (use /heimdall:conceal there). No compiler needed:
the installer compiles the broker from source when gcc is present, otherwise
installs the committed prebuilt scripts/bin/mcp-pg-broker.linux-<arch>; either
way the broker reads its config at runtime from a root-owned, per-repo
broker.conf co-located with the binary
(/usr/local/lib/mcp-broker/<repo-slug>/broker.conf, where <repo-slug> is the
repo basename plus a short hash of its absolute path) that the script writes.
$CLAUDE_PROJECT_DIR).<repo>/.claude/heimdall-conceal.json is missing, copy the template and tune it:
mkdir -p "<repo>/.claude"
cp "${CLAUDE_PLUGIN_ROOT}/heimdall-conceal.example.json" "<repo>/.claude/heimdall-conceal.json"
Then edit secretsFiles, wrapper, and allowlist to match the project
(inspect .mcp.json to derive the allowlist of server names launched via the
wrapper). Confirm values with the user before proceeding.The plugin cannot run sudo. Tell the user to run, and explain each step:
sudo bash "${CLAUDE_PLUGIN_ROOT}/scripts/setup-secrets-heimdall.sh" "<repo>"
This creates the runner uid, locks the secrets file (0600), hardens the wrapper,
compiles+installs the setuid broker, rewrites .mcp.json, and verifies the
agent uid is denied.
.mcp.json.The boundary holds only if the agent uid has no sudo or docker-socket access (both are root-equivalent and bypass file permissions). State this explicitly.
npx claudepluginhub thomfilg/ai-plugin-work --plugin heimdallGuides collaborative design exploration before implementation: explores context, asks clarifying questions, proposes approaches, and writes a design doc for user approval.
Creates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
Implements work from a spec or tickets using TDD at agreed seams, with regular typechecking and test runs, followed by code review.