Commands & Scripts

Learn how Commands extend Claude Code with custom slash commands and how Scripts provide executable tooling in CodeCourier agent sandboxes. Covers creation, versioning, and assignment.

8 min read
commandsscriptsassets

Alongside Skills, CodeCourier supports two additional asset types: Commands and Scripts. Commands add custom slash-command extensions to the Claude Code registry inside each sandbox. Scripts are executable files that agents can invoke at runtime for setup, testing, or utility tasks. Both are versioned and assignable to personas and session types using the same hierarchy as Skills.

Commands

What Commands Are

Commands are Claude Code slash-command extensions. They are placed in the .claude/commands/ directory of the sandbox as markdown files, where the Claude Code CLI discovers and registers them automatically. When an agent types /{commandName} during a session, Claude Code executes the instructions defined in the command file.

Commands are ideal for standardizing complex, multi-step workflows that agents perform repeatedly. Rather than trusting the agent to figure out the right sequence of steps for running tests, deploying, or auditing security every time, you codify those steps once as a command and invoke it with a single slash.

Command Data Model

command-data-model.ts
commands: {
  commandId: string     // unique identifier
  name: string          // the slash-command name (e.g., "run-tests")
                        // invoked as /run-tests in Claude Code
  description: string   // what this command does
  content: string       // markdown instructions executed when command is invoked
  isEnabled: boolean    // whether this command is selectable
}

commandVersions: {
  commandId: string
  version: number       // incrementing version number
  name: string          // name at time of publish
  description: string   // description at time of publish
  content: string       // full content at time of publish
  status: "active" | "inactive"
  publishedAt: number   // Unix timestamp
  publishedBy: string   // user ID of publisher
}

Example Commands

Below are examples of commands that work well in practice:

.claude/commands/run-tests.md
# Run Tests

Execute the full test suite and report results.

## Steps
1. Run `bun test --run` to execute all unit and integration tests
2. If tests fail, read the error output carefully and identify the root cause
3. Do NOT modify test files to make tests pass - fix the source code instead
4. After all tests pass, run `bun run build` to verify the TypeScript compiles
5. Report a summary: total tests run, passed, failed, and any build warnings
.claude/commands/security-review.md
# Security Review

Perform a targeted security audit on all files changed in the current session.

## Checklist
1. **Input validation** - Confirm all user-supplied inputs are validated before use
2. **SQL/command injection** - Verify no user input is interpolated into queries or shell commands
3. **Authentication** - Check that all API routes requiring auth are protected
4. **Secrets** - Scan for hardcoded API keys, passwords, or tokens (use environment variables instead)
5. **XSS** - Confirm no `dangerouslySetInnerHTML` usage without sanitization
6. **Dependencies** - Flag any newly added dependencies with known vulnerabilities

## Output
Return a structured report:
- PASS if no issues found
- FAIL with a numbered list of issues, each with the file path, line number, and recommended fix
.claude/commands/deploy-check.md
# Deploy Check

Verify the application is ready for deployment.

## Pre-deploy Verification Steps
1. Run `bun run build` - must exit with code 0
2. Run `bun run type-check` - zero TypeScript errors permitted
3. Run `bun run lint` - zero ESLint errors permitted (warnings are acceptable)
4. Run `bun test --run` - all tests must pass
5. Check for uncommitted changes with `git status`
6. Confirm the branch is up to date with main using `git log main..HEAD --oneline`

## Output
If all checks pass: respond with "DEPLOY_READY" and a brief summary of what was verified.
If any check fails: respond with "DEPLOY_BLOCKED", the specific check that failed, and the fix required.

Creating a Command

1

Navigate to the Commands asset section

From the project sidebar, navigate to the Assets section and select Commands. Click + Create Command.

2

Enter the command details

Provide a name (the slash-command identifier - use lowercase with hyphens, e.g., run-tests), a description summarizing what the command does, and the content (the markdown instructions Claude Code executes when the command is invoked).

3

Write effective command content

Command content should be:

  • Step-by-step - numbered steps for sequential execution
  • Explicit about output format - tell the agent how to structure its response
  • Specific about tools - name the exact CLI commands to run
  • Clear on error handling - specify how to handle failures
4

Publish the command

Click Publish to create version 1. The command is now available for assignment to personas and session types.

Command Naming

The namefield becomes the slash-command identifier in Claude Code. It must be lowercase, use only letters, numbers, and hyphens, and must not conflict with Claude Code’s built-in commands. Claude Code registers commands found in .claude/commands/ automatically at startup.

Versioning Commands

Commands follow the same versioning lifecycle as Skills. Each publish creates a new version, activates it, and deactivates the previous one. Use new versions whenever:

  • A CLI command changes (e.g., switching from npm test to bun test)
  • The expected output format needs to change
  • New steps need to be added to the workflow
  • An existing step is discovered to produce incorrect results

Scripts

What Scripts Are

Scripts are executable files - shell scripts, Python scripts, Node.js scripts, or any executable format - that are placed in the sandbox before the agent runs. Unlike Skills (which are read-only reference material) and Commands (which encode step-by-step instructions for the agent), Scripts are runnable artifacts the agent can execute directly.

Scripts are ideal for:

  • Complex environment setup that should not rely on the agent figuring it out each time
  • Running test suites in a standardized way that encapsulates the right flags and configuration
  • Utility operations that involve multiple CLI tools or complex piping that is error-prone to derive manually
  • Project-specific deploy or lint workflows with non-standard configurations

Script Data Model

script-data-model.ts
scripts: {
  scriptId: string      // unique identifier
  name: string          // display name (e.g., "setup-environment")
  description: string   // what this script does and when to run it
  content: string       // full script content (shell, Python, etc.)
  isEnabled: boolean    // whether this script is selectable
}

scriptVersions: {
  scriptId: string
  version: number       // incrementing version number
  name: string          // name at time of publish
  description: string   // description at time of publish
  content: string       // full script content at time of publish
  status: "active" | "inactive"
  publishedAt: number   // Unix timestamp
  publishedBy: string   // user ID of publisher
}

Example Scripts

setup-environment.sh
#!/bin/bash
# Setup Environment
# Run this script at the start of a new session to initialize the dev environment.

set -e  # Exit on any error

echo "==> Cloning repository..."
cd /home/user
git clone "$REPO_URL" project
cd project

echo "==> Installing dependencies..."
bun install

echo "==> Setting up environment variables..."
cp .env.example .env.local
echo "NEXT_PUBLIC_CONVEX_URL=$CONVEX_URL" >> .env.local
echo "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$CLERK_KEY" >> .env.local

echo "==> Running initial build to verify setup..."
bun run build

echo "==> Environment ready. Start dev server with: bun dev"
run-e2e.sh
#!/bin/bash
# Run End-to-End Tests
# Starts the dev server, waits for readiness, then runs Playwright tests.

set -e

echo "==> Starting dev server in background..."
nohup bun dev > /tmp/devserver.log 2>&1 &
DEV_PID=$!

echo "==> Waiting for server to be ready..."
timeout 60 bash -c 'until curl -sf http://localhost:3000 > /dev/null; do sleep 2; done'

echo "==> Running Playwright E2E tests..."
bun run test:e2e

echo "==> Stopping dev server..."
kill $DEV_PID 2>/dev/null || true

Creating a Script

1

Navigate to the Scripts asset section

From the Assets section in the sidebar, select Scripts and click + Create Script.

2

Enter the script details

Provide a name (used as the filename, e.g., setup-environment), a description explaining when and why to run the script, and the full content of the script.

3

Reference the script in persona instructions

Unlike Skills and Commands, which are discovered automatically by the agent, Scripts should be explicitly referenced in the persona’s instructions. For example:

designer-instructions.md
## Setup
Before starting any task, run the setup script to initialize the environment:
```
bash /home/user/scripts/setup-environment.sh
```
The script clones the repository, installs dependencies, and configures environment variables.
Do NOT manually install dependencies or clone the repo - use the script.
4

Publish the script

Click Publish to create version 1 and make the script available for assignment.

Script Permissions

Scripts are placed in the sandbox filesystem with execute permissions. Ensure your scripts begin with the correct shebang line (#!/bin/bash, #!/usr/bin/env python3, etc.) so they are executable. Scripts that fail to execute cleanly can block the agent from completing its task.

Script Best Practices

  • Always use set -e in shell scripts - This causes the script to exit immediately on any error, preventing silent partial failures that are difficult to debug.
  • Log each major step - Use echo "==> Step name..." before each section so the agent can see progress in the terminal output.
  • Use environment variables, not hardcoded values - Reference $REPO_URL, $CONVEX_URL, etc. These are injected from Project Settings and sandbox environment variables, keeping secrets out of script content.
  • Test scripts locally first - Before deploying a new script version, test it in a standalone sandbox to verify it executes cleanly without errors.
  • Keep scripts idempotent - Write scripts that can be run multiple times without breaking. Use -f flags on destructive commands and check for existing state before creating it.

Assignment: Commands and Scripts

Both Commands and Scripts are assigned to personas and session types using the same mechanism as Skills. On the persona detail page’s Skills tab, the page is divided into three sections: Skills, Commands, and Scripts. Select the desired assets in each section.

For session-type defaults, navigate to the relevant setup tab in Project Settings (e.g.,/p/{id}/issues-setup) and configure the Commands and Scripts sections alongside Skills.

Commands Require Claude Code

Custom Commands only work with the Claude Code CLI tool. If a persona uses a different CLI tool (OpenCode, Codex), commands placed in .claude/commands/ will be present in the sandbox but will not be auto-registered. Ensure personas using custom Commands are configured to use Claude Code.

Next Steps

Skills

Learn about Skills - multi-file knowledge packages injected into .claude/skills/.

Assets Overview

Review the full asset system, injection model, and assignment hierarchy.

Persona Configuration

Assign Commands and Scripts to personas from the Skills tab.

Project Settings

Configure session-type Command and Script defaults.