     _
    | |_ ___ _____   _____
    |  _|  _|  _  |_|   -|
    |_| |_| |_____|_|___/   v0.2.4 — 20 modules, live-verified

Trove

One ~/.trove/ directory. Every AI coding agent — Claude Code, Codex, Cursor — in every project on your machine reuses the same API credentials and service playbooks.

$ npm install -g @robozephyr/trove GitHub → npm →

20 modules in library · 5 production · 14 verified · 1 partial · ~/.trove/ on disk · 0 cloud accounts

No more re-pasting Stripe keys into a fresh .env for every project. No more re-explaining "this service has a quirk that bit me last time" to a fresh agent session. Add a service once at ~/.trove/<service>/; reference it from any project's CLAUDE.md / AGENTS.md / .cursorrules with one line:

@/Users/you/.trove/stripe/module.md

The AI loads the module on session start. It now knows your Stripe key, the gotchas (amounts in cents, restricted keys over secret keys, idempotency-key requirement), and — if a Stripe MCP server is wired up — calls it directly.

No inject step. No init step. No per-agent shims. Trove is a plain directory; the AI is the runtime.

Quick start

Install the CLI

Node 22+. The trove binary becomes available on your PATH.

npm install -g @robozephyr/trove

Install a module + open the Web UI to fill credentials

Pick from 20 bundled modules (or trove install --list to browse). The UI binds to 127.0.0.1:7821 only — never public.

trove install stripe
trove ui     # → http://127.0.0.1:7821

Reference it from any project

Add one line to CLAUDE.md / AGENTS.md / .cursorrules — the AI picks up the playbook + credentials on session start.

echo '@/Users/you/.trove/stripe/module.md' >> CLAUDE.md

What's new in v0.2.4

Three new modules — all live-verified, not LLM-hallucinated. Module bodies built from real API calls during authoring; last_verified records token counts, wall-clock, and exact gotchas.

seedance verified

Doubao Seedance 2.0 — Volcengine multimodal video gen (text + up to 9 images + 3 videos + 3 audios → 4–15s clip). Async tasks, token-billed.

Use seedance to generate
a 5s 720p product video:
morning kitchen, hands
holding a steaming mug,
slow push-in.

seedream verified

Doubao Seedream 4.0 / 4.5 / 5.0 image gen. Multi-image fusion (up to 14 refs), group output, streaming, web-search-augmented. Sync, ~15–30s per image.

Use seedream to make
4 brand-system mocks
(tote bag, cap, card,
lanyard) from this logo.
Green primary palette.

ngrok verified

Dev tunneling. Free tier ships one stable *.ngrok-free.dev reserved subdomain — corrected against old "every restart is random" docs via live smoke.

Open an ngrok tunnel
to my local server on
:4242 so Stripe webhooks
can hit it during dev.

Plus, on the infra side: CI workflow runs typecheck + validate on every PR; SECURITY.md documents the private vulnerability flow; SPEC.md §0–§4 translated to English (the schema-facing half — §5+ remains in Chinese as historical dogfood evidence).

How it works

Per service, one folder holds three layers:

~/.trove/stripe/
├── module.md             # YAML frontmatter + gotchas-first skill body
├── credentials.json      # secret values — gitignored, mode 600
└── files/                # (optional) SA JSON / SSH key / cert
    └── ...

On session start, the AI auto-loads the referenced modules (any agent supporting @-reference to an absolute path), reads credentials.json and files/ directly when calling the API, and consults the playbook body when it hits a known-gotcha code path. No tooling required to start — the directory convention IS the runtime.

How is this different from…

Tool	Why Trove isn't replacing it
`.env` + direnv	Env files have no skill knowledge, no MCP config, and re-fragment per-project. Trove keeps creds but adds the two layers env can't carry.
`~/.claude/skills/`	Agent-specific — locked to Claude Code. Trove modules are referenced by absolute path from `CLAUDE.md` / `AGENTS.md` / `.cursorrules`, so the same module serves Claude Code / Codex / Cursor without re-authoring.
1Password CLI / `op run`	Credentials only — no playbook, no MCP wiring. Use 1Password as the source-of-truth vault and pull values into trove if you want; the two compose.
Per-project skill files	Every project re-pays the authoring cost; trove de-duplicates across N projects, and the `last_verified` field makes "is this knowledge still correct?" auditable.
A SaaS / cloud sync	Local-first by design. Sync via git remote / iCloud Drive / rsync — whichever you already use.

Web UI

trove ui opens a local dashboard at 127.0.0.1:7821 (bound to localhost only — never public). Four views:

Modules — your installed modules grouped by category with credential-status indicators
Library — 20 bundled module templates, one-click Install copies module.md into ~/.trove/
Credentials form — masked password fields with reveal toggle, file-type fields with present/replace/delete widget, inline save via HTMX
Module detail — frontmatter + rendered skill markdown side-by-side, with last_verified tier dot

MCP support (optional)

Most modern services ship MCP servers — Stripe, Supabase, Google Analytics, npm, etc. Each agent has its own MCP config file (~/.claude.json, ~/.cursor/mcp.json, ~/.codex/...). Adding one service to three agents currently means editing three files.

Trove modules can carry an mcp: block declaring the canonical install — HTTP for hosted MCP servers, stdio for local pipx / npx / uvx servers. The ${credential.X} substitution resolves to the field's value (string fields) or absolute path (file fields). One place to declare, applies to every agent.

mcp:
  type: stdio
  command: pipx
  args: ["run", "google-analytics-mcp"]
  env:
    GOOGLE_APPLICATION_CREDENTIALS: ${credential.GOOGLE_SERVICE_ACCOUNT_JSON}

Currently wired in library/: stripe, supabase, npm, google-analytics. Others are credential-only; opt-in.

What's in the library

Every module carries a last_verified field — what was actually tested, by whom, when. Dot color reflects current state. We'd rather ship 20 honest modules than 50 LLM-hallucinated ones.

production · daily-use verified · real call succeeded partial · known gap pending

llm-provider

openrouter qwen minimax

search-api

serper tavily brave

media-generation

seedance seedream kling fal-ai

payments

stripe

analytics

google-analytics google-search-console

infra · email · db

cloudflare resend supabase

collab · dev-tool

lark github-account npm ngrok

Each module ships with a gotchas-first skill body — auth header quirks, billing pitfalls, error-code tables — so the AI doesn't have to rediscover the same trap that bit the last engineer.

Documentation

SPEC — the format definition (frontmatter schema, reference syntax, runtime conventions). Includes a living convention adherence log in §10 of real dogfood lessons from production.
library/ — the 20 bundled modules listed above
ROADMAP — phases and explicit non-goals (no trove init, no inject step, no SaaS — ever)
CONTRIBUTING — module quality bar
design-v0.2.md — why the Web UI dropped AI-chat features (chat IS the entry interface; UI is the visualization)

Status

v0.2.4 — the format spec is stable, all 20 modules are gated by last_verified, and the maintainer dogfoods trove daily across personal projects. AI-assisted module authoring (v0.3) and a marketplace for community modules (v1.0) are next.

The repo is github.com/RoboZephyr/trove — issues, PRs, and module additions welcome (see CONTRIBUTING.md for the quality bar).