Code Cannon is a portable agent workflow skill library. Write your team's development workflow once — start, submit-for-review, review, deploy — and sync it to Claude Code, Cursor, and other AI coding agents across all your projects.
- Skills live in
skills/as plain markdown with{{PLACEHOLDER}}tokens for project-specific values. sync.pyreads your project config (.codecannon.yaml), substitutes values, wraps each skill in an agent-specific invocation header, and writes the generated files to the right place (.claude/commands/,.cursor/rules/, etc.).- Generated files carry a hash so sync.py can detect manual edits and warn before overwriting.
The intended sequence for a complete change:
/start → [code + local test] → /submit-for-review → [QA on preview] → /deploy
/start— reads code, proposes an approach, waits for human approval, then creates the issue, branch, and writes code/submit-for-review— runs checks, commits everything, pushes, opens the PR, spawns an agent review, merges if approved/review— standalone review on any PR; also called internally by/submit-for-review/deploy— bumps version, creates a GitHub Release, promotes to production/status— read-only snapshot of open PRs, merged work, and open issues/qa— view the QA queue or record findings on a specific issue/setup— first-run onboarding: check config, labels, and milestone setup
Code Cannon is opinionated about where humans stay in the loop:
/startpauses before creating the issue to confirm the implementation approach./submit-for-reviewpauses after review if there are non-blocking findings, letting you choose to address them or merge now./deployrequires an explicit "release" confirmation before promoting to production./qashows the review comment and waits for approval before posting.
The agent commits; you test. /start writes code but does not commit — it hands off to you with "run your dev command and test locally." Committing happens in /submit-for-review. The human approval loop before shipping is where you catch things the agent missed.
Requires Python 3.8+ (stdlib only — no pip install needed).
git submodule add https://github.com/LightbridgeLab/CodeCannon.git CodeCannon
git submodule update --initcp CodeCannon/templates/codecannon.yaml .codecannon.yamlEdit .codecannon.yaml — set your branch names, check command, deploy commands, and which adapters to generate. See the config reference for all available settings.
CodeCannon/sync.pyThis generates skill files for each adapter listed in your config. For Claude Code, that's .claude/commands/*.md. For Cursor, .cursor/rules/*.mdc.
cp CodeCannon/templates/AGENTS.md.template AGENTS.mdEdit the project-specific section at the bottom.
# In your Makefile
include CodeCannon/Makefile.agents.mkOr copy the targets from Makefile.agents.mk directly.
Commit .codecannon.yaml, AGENTS.md, and the generated .claude/ directory. Every teammate gets a working installation on git clone + git submodule update --init — no further setup needed.
.codecannon.yaml is a team contract, not personal config. Changes to it should be reviewed like any other config change.
Or skip all of this and run /setup for a guided walkthrough.
git submodule update --remote CodeCannon # pull latest skills
CodeCannon/sync.py # regenerate skill filesIf any generated files have been manually customized, sync.py will warn and skip them. Use --force to overwrite.
If your project still uses the previous repo URL or folder name:
- Point
.gitmodulesathttps://github.com/LightbridgeLab/CodeCannon.gitand use submodule pathCodeCannon/(or rename your existing checkout to match). - Rename
.agentgate.yamlto.codecannon.yaml. - Run
CodeCannon/sync.py --forceonce if needed so generated file headers match the new provenance marker.
Code Cannon skills are agent-agnostic, but each agent has its own quirks. This section collects per-agent configuration tips that smooth out the experience.
Reduce approval prompts. Claude Code prompts for permission on unfamiliar shell commands. Pre-approve the commands Code Cannon uses by adding a permissions block to .claude/settings.json (project-level, committed) or .claude/settings.local.json (personal, git-ignored):
{
"permissions": {
"defaultMode": "acceptEdits",
"allow": [
"Bash(cd:*)",
"Bash(git:*)",
"Bash(gh:*)",
"Bash(make:*)",
"Bash(python3:*)",
"Bash(./sync.py:*)",
"Bash(mkdir:*)",
"Bash(mktemp:*)"
],
"deny": [
"Bash(git push --force)",
"Bash(git push --force:*)",
"Bash(git reset --hard)",
"Bash(git reset --hard:*)",
"Bash(rm -rf:*)",
"Bash(sudo:*)"
]
}
}defaultMode: "acceptEdits" auto-approves file edits and common filesystem ops. allow rules pre-approve matching bash commands (wildcards supported). deny rules always win — dangerous operations still prompt. Adjust the allow list to match your project's tooling.
Cursor does not prompt for shell commands by default, so no permission configuration is needed. Skills work out of the box.
Configure via the codex CLI's --full-auto flag or sandbox settings. Codex runs in a sandboxed environment, so approval prompts are less common but network access may need to be explicitly enabled for gh commands.
Configure via .gemini/settings.json or the --auto-approve flag. Consult Gemini CLI documentation for the latest permission options.
- Branching models — trunk, two-branch, and three-branch workflows explained
- Customization guide — how to tailor skills to your project
- Config reference — every
.codecannon.yamlplaceholder documented - Adapters — supported agents and how to add new ones
- Individual skill documentation — see links in the workflow section above