Skill

Context Firewall

This skill should be used when the user asks to "analyze a large log", "summarize a big file", "read the whole repository", "process long tool output", "avoid context window overflow", "use sub-agents for preprocessing", "add evidence with line numbers", "verify claims with locators", or mentions "TaskSpec", "SubResult", "Evidence Contract", "Context Firewall", "Map-Reduce", "FileWorker", "Aggregator", "Critic".

Install

npx claudepluginhub lollipopkit/cc-plugins --plugin context-firewall

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Implement a **Context Firewall** workflow to prevent the master context from being flooded by large inputs.

SKILL.md

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

139.2k

mcp-builder

9 files

Guides building MCP servers enabling LLMs to interact with external services via tools. Covers best practices, TypeScript/Node (MCP SDK), Python (FastMCP).

anthropics-skills-13

124.2k

canvas-design

20 files

Generates original PNG/PDF visual art via design philosophy manifestos for posters, graphics, and static designs on user request.

anthropics-skills-13

124.2k

Stats

Parent Repo Stars6

Parent Repo Forks0

Last CommitJan 23, 2026

Actions

View Source View Plugin View on GitHub View README

Context Firewall

Implement a Context Firewall workflow to prevent the master context from being flooded by large inputs.

Purpose

Route large inputs (big files, logs, PDFs/images, long MCP/tool outputs) through sub-agents that produce compressed, auditable results. Only pass back:

Structured claims
Evidence locators (line/symbol/tool-call)
Coverage statements

When to use

Prefer this workflow when any of the following is true:

The user wants the "full" content of a large file/log/document.
Tool output is long/noisy (search results, crawls, API responses).
The task needs multi-file scanning or cross-file synthesis.
The output must be verifiable without re-reading everything.

Core contract (Evidence Contract)

For every meaningful claim:

Attach at least one evidence item.
Use a locator that enables low-cost verification.

Locator preference order:

line_range (default)
symbol_range (functions/classes)
tool_call (tool-derived facts; include args hash and rerun hint when safe)
byte_range/json_path/stack_signature (define, but treat as harder to verify in v1)

Keep quotes short:

Respect the quote_max_chars constraint.
Never paste large raw blobs.

Recommended workflow

1) Generate TaskSpec

Create a TaskSpec.v1 that is explicit about:

Objective
Inputs (files/tool calls)
Questions
must_cover checklist
Constraints (budget + evidence requirements)
Risk level

Prefer using the command:

/cf-spec to generate a schema-valid template.

2) Run Map-Reduce preprocessing

Use /cf-run to:

Split inputs into shards
Run cf-fileworker on each shard in parallel
Merge with cf-aggregator into a final SubResult.v1

Hard requirements for sub-agents:

Output strict JSON only (no markdown fences, no extra commentary).
Ensure every claim includes evidence.

3) Verify cheaply

Use /cf-verify to sample-check claims:

Choose sampling rate by risk_level.
Re-read only the referenced snippets.
Produce VerifyReport.v1.

If verification fails:

Request stronger evidence (more/clearer locators).
Narrow must_cover.
Run a second-pass cf-critic to independently review.

Coverage & anti-leak rules

Always include a coverage section that declares:

Which inputs were scanned
Which method was used (grep+window, full scan, time-window scan)
Known gaps (missing archives, not provided inputs)

Never:

Dump raw input into the master context.
Hide uncertainty: mark gaps explicitly.

Operational defaults

Default thresholds are configurable in:

.claude/context-firewall.local.md

Defaults:

read_warn_bytes: 524288
tool_output_warn_chars: 20000
sample_rate: {low:0.05, medium:0.15, high:0.30}

Related resources

Commands:
- plugins/context-firewall/commands/cf-spec.md
- plugins/context-firewall/commands/cf-run.md
- plugins/context-firewall/commands/cf-verify.md
Agents:
- plugins/context-firewall/agents/cf-fileworker.md
- plugins/context-firewall/agents/cf-aggregator.md
- plugins/context-firewall/agents/cf-critic.md
Schemas:
- plugins/context-firewall/schemas/task-spec.v1.schema.json
- plugins/context-firewall/schemas/sub-result.v1.schema.json
- plugins/context-firewall/schemas/verify-report.v1.schema.json
- plugins/context-firewall/schemas/settings.v1.schema.json
Settings template:
- plugins/context-firewall/scripts/settings-frontmatter.md