{"id":45852144,"url":"https://github.com/jpvelasco/juggernaut","last_synced_at":"2026-05-11T04:15:40.539Z","repository":{"id":336904412,"uuid":"1129421873","full_name":"jpvelasco/juggernaut","owner":"jpvelasco","description":"Juggernaut is a one-command setup tool that configures Claude Code to use AWS Bedrock, with cross-platform support (bash/zsh/fish/PowerShell), dry-run mode, and validation scripts.","archived":false,"fork":false,"pushed_at":"2026-04-07T05:08:19.000Z","size":1614,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-07T05:09:30.392Z","etag":null,"topics":["anthropic","aws","bedrock","claude","claude-code","cli","developer-tools"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jpvelasco.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-07T04:27:00.000Z","updated_at":"2026-03-22T23:48:17.000Z","dependencies_parsed_at":"2026-02-27T03:03:47.601Z","dependency_job_id":null,"html_url":"https://github.com/jpvelasco/juggernaut","commit_stats":null,"previous_names":["jpvelasco/juggernaut"],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/jpvelasco/juggernaut","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpvelasco%2Fjuggernaut","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpvelasco%2Fjuggernaut/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpvelasco%2Fjuggernaut/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpvelasco%2Fjuggernaut/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpvelasco","download_url":"https://codeload.github.com/jpvelasco/juggernaut/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpvelasco%2Fjuggernaut/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31522574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T16:28:08.000Z","status":"ssl_error","status_checked_at":"2026-04-07T16:28:06.951Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anthropic","aws","bedrock","claude","claude-code","cli","developer-tools"],"created_at":"2026-02-27T03:00:48.127Z","updated_at":"2026-05-11T04:15:40.533Z","avatar_url":"https://github.com/jpvelasco.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"docs/logo.png\" alt=\"Juggernaut\" width=\"200\"\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eJuggernaut\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\u003cstrong\u003eClaude Code Bedrock Setup\u003c/strong\u003e\u003c/p\u003e\n\n**One-command setup for Claude Code with Amazon Bedrock using Global CRIS inference profiles.**\n\n## What This Does\n\nConfigures Claude Code to use Amazon Bedrock instead of Anthropic's direct API, with optimized settings for enterprise use:\n\n- **Global CRIS**: Primary model uses cross-region inference for better availability\n- **Optimized Tokens**: Bedrock-specific token limits (32768 output, 65536 thinking)\n- **Cost Control**: Route through your AWS account for billing/governance\n- **Enterprise Ready**: Works with AWS SSO, IAM roles, and corporate identity providers\n\n## Why Bedrock?\n\n| Feature | Direct Anthropic API | Amazon Bedrock |\n|---------|---------------------|----------------|\n| **Billing** | Separate Anthropic account | Consolidated AWS billing |\n| **Authentication** | API keys only | IAM, SSO, roles, federation |\n| **Data Residency** | Anthropic infrastructure | Your chosen AWS region |\n| **Compliance** | Anthropic's certifications | AWS compliance (SOC, HIPAA, FedRAMP, etc.) |\n| **Network** | Public internet | VPC endpoints, PrivateLink |\n| **Governance** | Limited controls | IAM policies, CloudTrail, quotas |\n| **Cost Tracking** | Anthropic console | AWS Cost Explorer, tags, budgets |\n\n**Choose Bedrock if you:**\n- Need consolidated billing through AWS\n- Require enterprise SSO/identity federation\n- Have data residency or compliance requirements\n- Want to use existing AWS governance (IAM, CloudTrail)\n- Need private network connectivity (VPC)\n\n**Stick with direct API if you:**\n- Want the simplest setup (just an API key)\n- Don't have AWS infrastructure\n- Are exploring/prototyping individually\n\n## Prerequisites\n\n1. AWS account with Bedrock access enabled\n2. Access to Claude models (Opus 4.7, Sonnet 4.6, Haiku 4.5) in Bedrock\n3. Claude Code installed (`npm install -g @anthropic-ai/claude-code`)\n4. Valid AWS credentials (`aws configure` or SSO)\n5. Bash 4.0+ (macOS users: `brew install bash`) or PowerShell 5.1+\n6. `jq` (for JSON parsing — the installer checks this automatically)\n\n## Install\n\nJuggernaut v3 ships as a **destructive wipe-and-reinstall**: the installer strips any legacy Juggernaut/Claude-Code-Bedrock blocks from your shell profiles, removes the `juggernaut` key from `~/.claude/settings.json`, and deletes the bearer token storage (OS keychain on macOS/Windows for short keys, per-user DPAPI file at `~/.juggernaut/bearer-token.dpapi.bin` on Windows for long keys \u003e1280 chars, profile file on Linux) **before** placing fresh files. Re-running the installer is the only supported upgrade path — there are no migration scripts, no deprecation windows, no `--yes` flag.\n\nThe installer does **not** auto-apply. You run `juggernaut apply` explicitly after install with a chosen auth mode.\n\n**Pin a release tag for reproducible installs.**\n\n\u003e **Windows Defender / AMSI note:** earlier versions advertised `\u0026 ([scriptblock]::Create((irm ...)))`. Defender's fileless-malware heuristics flag that pattern regardless of script content. v3.0.4 switches to a download-then-run one-liner — `irm -OutFile`, `Unblock-File`, then execute the file on disk. Same one-line UX; matches Microsoft's own pattern for `dotnet-install.ps1`.\n\n```bash\n# Unix / macOS / Linux / Git Bash / WSL\ncurl -fsSL https://raw.githubusercontent.com/jpvelasco/juggernaut/v3.2.0/install.sh | bash -s -- --version v3.2.0\n```\n\n```powershell\n# Windows PowerShell (5.1 or 7) — Defender-friendly download-then-run\n$u='https://raw.githubusercontent.com/jpvelasco/juggernaut/v3.2.0/install.ps1'; $p=\"$env:TEMP\\juggernaut-install.ps1\"; irm $u -OutFile $p; Unblock-File $p; \u0026 $p -Version v3.2.0; Remove-Item $p\n```\n\n**Preview what the wipe will remove (no writes):**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/jpvelasco/juggernaut/v3.2.0/install.sh | bash -s -- --version v3.2.0 --dry-run\n```\n\n```powershell\n$u='https://raw.githubusercontent.com/jpvelasco/juggernaut/v3.2.0/install.ps1'; $p=\"$env:TEMP\\juggernaut-install.ps1\"; irm $u -OutFile $p; Unblock-File $p; \u0026 $p -Version v3.2.0 -DryRun; Remove-Item $p\n```\n\n**Manual clone:**\n\n```bash\ngit clone --branch v3.2.0 --depth 1 https://github.com/jpvelasco/juggernaut.git \u0026\u0026 cd juggernaut\n./juggernaut apply --auth=iam\n```\n\nThe installer installs to `$HOME/.juggernaut` by default (override with `JUGGERNAUT_DIR`) and places a launcher at `$HOME/.local/bin/juggernaut`. Add that directory to your `PATH` to invoke `juggernaut` from anywhere.\n\nBoth scripts normalize the version automatically — `3.0.2` and `v3.0.2` both work.\n\n### Launcher wrappers\n\nThe installer also places a **claude launcher** so fresh shells pick up your bearer token automatically. On both platforms the launcher is a **shell function** that intercepts the `claude` command — it resolves before binaries on PATH, so it survives Anthropic's `claude update` self-rewrites that would clobber a symlink:\n\n- **Unix / macOS / Linux / Git Bash**: a bracketed `claude() { ... }` function block is appended to your `~/.bashrc`, `~/.zshrc`, and/or `~/.profile` (only files that already exist; if none do, the matching rc for `$SHELL` is seeded). The function reads `AWS_BEARER_TOKEN_BEDROCK` from Juggernaut bearer token storage (macOS keychain, Linux profile token file, or Windows DPAPI/keychain when running under Git Bash) via `bearer_token_get` in `lib/keychain.sh`, exports it, and runs the real binary via `command claude \"$@\"`.\n- **Windows PowerShell**: a `function claude { ... }` block is written to `$PROFILE.CurrentUserCurrentHost` (and the sibling host's profile when present). PowerShell resolves functions before applications on the command name `claude`, so the function intercepts the call, reads Windows Credential Manager or the DPAPI file, and invokes the real `claude.exe`.\n\nThis closes a v3.0.0 gap: `settings.json` flips `CLAUDE_CODE_USE_BEDROCK=1`, but Claude Code reads the bearer token only from its own process env. Without the launcher, a fresh shell with the token only in Juggernaut storage would hang. With the launcher, the hand-off happens automatically — and because it's a shell function, not a file on disk, Anthropic's own installer (which writes `~/.local/bin/claude` directly) is never fighting us.\n\n**To skip the launcher** (set the token yourself): export `AWS_BEARER_TOKEN_BEDROCK` before running `claude`. The launcher preserves any pre-set value and only injects from Juggernaut bearer token storage when the env var is unset.\n\n**Editor / IDE note:** tools that invoke `claude.exe` directly (bypassing both interactive shells and the PowerShell profile function) won't get the injection and must set the env var themselves.\n\n### Windows Notes\n\nJuggernaut v3 supports Windows PowerShell 5.1 and PowerShell 7 side-by-side:\n\n- The installer scans both PowerShell 5.1 (`Documents\\WindowsPowerShell\\profile.ps1`) and PowerShell 7 (`Documents\\PowerShell\\profile.ps1`) paths, plus `$PROFILE.CurrentUserAllHosts` and `$PROFILE.AllUsersAllHosts` from both editions.\n- If your `Documents\\` folder is redirected by OneDrive, `$PROFILE.*` resolves correctly under `%OneDrive%\\Documents\\...` — the installer follows that redirection automatically.\n- Non-admin users: the `AllUsers` profile strip and any other All-Users writes may require elevation. If they do, the installer **warns and skips** those paths (not fails). `CurrentUser` paths, the settings.json removal, and the keychain delete all work without elevation.\n- Windows stores the bearer token via Credential Manager for short keys (~≤1280 chars) or, for long-form keys (\u003e1280 chars), a per-user DPAPI-encrypted file at `~/.juggernaut/bearer-token.dpapi.bin`. Both are per-user; neither is synced across machines.\n- First-run script policy friction: `Set-ExecutionPolicy RemoteSigned -Scope CurrentUser`.\n\n## Configure\n\nAfter install, pick an auth mode and run `juggernaut apply` explicitly. v3 refuses to write `CLAUDE_CODE_USE_BEDROCK=1` to `~/.claude/settings.json` unless a valid auth source is present (`aws sts get-caller-identity` succeeds, `$AWS_BEARER_TOKEN_BEDROCK` is set, or Juggernaut bearer token storage exists). This prevents the \"installer silently routed me through Bedrock with no credentials\" class of hang.\n\n**IAM / SSO (recommended):**\n\n```bash\naws sso login --profile=\u003cyour-profile\u003e # or: aws configure\nexport AWS_PROFILE=\u003cyour-profile\u003e\n\njuggernaut apply --auth=iam\n```\n\n```powershell\n# Windows PowerShell\n.\\juggernaut.ps1 apply -Auth iam\n```\n\n**Bedrock API key — three input methods:**\n\n```bash\n# Recommended: pipe the key in (paste-safe, nothing in terminal scrollback)\necho \"$BEDROCK_KEY\" | juggernaut apply --auth=bedrock-api-key\n\n# Interactive: visible prompt at the terminal (paste-safe on all platforms)\njuggernaut apply --auth=bedrock-api-key\n\n# Inline (CI/CD only): key visible in process list / shell history\njuggernaut apply --auth=bedrock-api-key --bedrock-key=br-xxxxxxxxxxxx\n```\n\nThe key is stored in the OS keychain (`juggernaut-bedrock` target) on macOS/Windows for short keys (~≤1280 chars), per-user DPAPI file on Windows for long keys (\u003e1280 chars), or in a profile file on Linux.\n\n\u003e **Paste truncation note:** On Linux/macOS under tmux, screen, or SSH, pasting into `read -s` prompts can silently truncate the key. The piped form avoids this entirely. Juggernaut rejects keys under 40 characters with an error that steers you to the pipe form.\n\n| Type | Duration | Use Case |\n|------|----------|----------|\n| Short-term | Up to 12 hours | Production (recommended) |\n| Long-term | Up to 30 days | Exploration/testing only |\n\n**Custom region (default: us-west-2):**\n\n```bash\njuggernaut apply --auth=iam --region=us-east-1\n```\n\n**Custom models:**\n\n```bash\njuggernaut apply --auth=iam --opus-model=us.anthropic.claude-opus-4-7\njuggernaut apply --auth=iam --sonnet-model=eu.anthropic.claude-sonnet-4-6\njuggernaut apply --auth=iam --haiku-model=ap.anthropic.claude-haiku-4-5-20251001-v1:0\njuggernaut apply --auth=iam --model-prefix=us\n```\n\n**OpusPlan and effort level:**\n\n```bash\njuggernaut apply --auth=iam --opusplan # Opus in /plan, Sonnet in execute\njuggernaut apply --auth=iam --effort=xhigh # low | medium | high | xhigh (default) | max\n```\n\n**1M context windows** (Opus uses its native 1M; enable on Sonnet with):\n\n```bash\njuggernaut apply --auth=iam --1m-context\njuggernaut apply --auth=iam --no-1m-context # revert\n```\n\n**Mantle routing** is on by default in v3. Disable with:\n\n```bash\njuggernaut apply --auth=iam --no-mantle\njuggernaut apply --auth=iam --mantle-url=https://mantle.example.internal\n```\n\n**Scope and preview:**\n\n```bash\njuggernaut apply --auth=iam --scope=user # ~/.claude/settings.json (default)\njuggernaut apply --auth=iam --scope=project # ./.claude/settings.json\njuggernaut apply --auth=iam --dry-run # preview without writing\n```\n\n**Verify:**\n\n```bash\njuggernaut doctor\nclaude # launch\n```\n\nA healthy bearer-token setup looks like:\n\n```text\nCredentials\n Auth: Bedrock API key\n Source: AWS_BEARER_TOKEN_BEDROCK\n Status: OK\n\nMantle\n Status: enabled\n Reason: Bedrock API key detected\n\nOpusplan\n Status: enabled\n Status: OK\n```\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `apply` | Write Juggernaut config to `settings.json`. Requires `--auth=iam` or `--auth=bedrock-api-key` on first run. |\n| `show` | Print the current Juggernaut block from both user and project scopes. |\n| `doctor` | Read-only diagnostics — checks credentials, region, models, Mantle, and opusplan drift. |\n| `uninstall` | Remove the Juggernaut block from settings.json (all scopes by default) and delete the bearer token storage entry (OS keychain on macOS/Windows for short keys, per-user DPAPI file on Windows for long keys \u003e1280 chars, profile file on Linux). |\n\n## Configuration Details\n\nJuggernaut writes **only** to `~/.claude/settings.json` (user scope) or `./.claude/settings.json` (project scope). v3 does not write to shell profiles. The `juggernaut` key holds Juggernaut's own state; the `env` block holds the Claude Code environment variables:\n\n- `CLAUDE_CODE_USE_BEDROCK=1` — gated behind explicit auth validation\n- `AWS_REGION=us-west-2` — default region\n- `CLAUDE_CODE_MAX_OUTPUT_TOKENS=32768`\n- `MAX_THINKING_TOKENS=65536`\n- `ANTHROPIC_MODEL=global.anthropic.claude-sonnet-4-6` — primary model (Global CRIS)\n- `DISABLE_ERROR_REPORTING=1`, `DISABLE_TELEMETRY=1`, `DISABLE_AUTOUPDATE=1`, `DISABLE_BUG_COMMAND=1`\n- `ANTHROPIC_DEFAULT_OPUS_MODEL` / `SONNET` / `HAIKU` — `/model` picker entries\n- `ENABLE_PROMPT_CACHING_1H=1` — Bedrock 1-hour prompt caching\n\n## Default Models\n\n| Tier | Model | Global CRIS Profile |\n|------|-------|-------------------|\n| **Primary** | Claude Sonnet 4.6 | `global.anthropic.claude-sonnet-4-6` |\n| **Opus** | Claude Opus 4.7 | `global.anthropic.claude-opus-4-7` |\n| **Fast** | Claude Haiku 4.5 | `global.anthropic.claude-haiku-4-5-20251001-v1:0` |\n\n### Model Capabilities\n\n| Feature | Opus 4.7 | Sonnet 4.6 | Haiku 4.5 |\n|---------|----------|------------|-----------|\n| Effort levels | Yes | Yes | No |\n| Max effort | Yes | No | No |\n| Extended thinking | Yes | Yes | No |\n| Adaptive thinking | Yes | Yes | No |\n| Interleaved thinking | Yes | Yes | No |\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────────────────────┐\n│ juggernaut apply │\n└─────────────────────────────────────────────────────────────────────┘\n │\n ┌─────────────────┴─────────────────┐\n ▼ ▼\n┌───────────────────────────────┐ ┌───────────────────────────────┐\n│ commands/apply.sh │ │ commands/apply.ps1 │\n│ (Unix/macOS/Linux/WSL) │ │ (Windows PowerShell) │\n└───────────────────────────────┘ └───────────────────────────────┘\n │ │\n └─────────────────┬─────────────────┘\n ▼\n ┌─────────────────────────────────────┐\n │ bedrock-config.json │\n │ (single source of truth for │\n │ env vars, regions, defaults) │\n └─────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│ ~/.claude/settings.json │\n│ │\n│ { │\n│ \"juggernaut\": { … state … }, │\n│ \"env\": { … Claude Code env vars … } │\n│ } │\n└─────────────────────────────────────────────────────────────────────┘\n │\n ▼\n┌─────────────────────────────────────────────────────────────────────┐\n│ Claude Code → Amazon Bedrock │\n└─────────────────────────────────────────────────────────────────────┘\n```\n\n**Key Design Decisions:**\n- **Single output target**: `~/.claude/settings.json`. No shell-profile fallback. No triple-write drift.\n- **Single config source**: `bedrock-config.json` — consumed by both Bash and PowerShell.\n- **Auth-gated writes**: `CLAUDE_CODE_USE_BEDROCK=1` only lands when auth is verified.\n- **Atomic writes**: `config_manager` handles backup rotation (5 backups retained), file locking, and mode preservation.\n- **Destructive installer**: wipe-and-reinstall on every run; there is no in-place upgrade.\n\n## Files\n\n- `juggernaut` / `juggernaut.ps1` — CLI entry point\n- `commands/` — subcommand implementations (`apply`, `show`, `doctor`, `uninstall`)\n- `lib/` — shared libraries (`schema`, `config_manager`, `keychain`, `doctor`, `profile_paths`)\n- `install.sh` / `install.ps1` — wipe-and-reinstall installers\n- `bedrock-config.json` — single source of truth for env vars, regions, and defaults\n- `tests/v2/` — bash and Pester test suites\n\n## Troubleshooting\n\n### Run diagnostics first\n\n```bash\njuggernaut doctor\n```\n\n### Check environment variables\n\n```bash\necho $CLAUDE_CODE_USE_BEDROCK\necho $AWS_REGION\n```\n\n### Verify AWS credentials\n\n```bash\naws sts get-caller-identity\n```\n\n### List available Bedrock models\n\n```bash\naws bedrock list-foundation-models --region us-west-2 --by-provider anthropic\n```\n\n### Authentication Precedence\n\nClaude Code honors the following precedence (this is Claude Code behavior, not Juggernaut's):\n\n| Priority | Credential Source | Notes |\n|----------|-------------------|-------|\n| 1 (highest) | `AWS_BEARER_TOKEN_BEDROCK` | API key always takes precedence if set |\n| 2 | Environment variables | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` |\n| 3 | AWS credentials file | `~/.aws/credentials` |\n| 4 | AWS config/SSO | `~/.aws/config` with profiles |\n\nIf you manually set `AWS_BEARER_TOKEN_BEDROCK` in your own shell profile and it expires, Claude Code will hang. Juggernaut itself does not set that variable; unset it and re-run if you hit this.\n\n### Common Issues\n\n1. **\"API Error: exceeded token maximum\"** — restart terminal or `source ~/.zshrc`\n2. **`juggernaut apply` exits with \"auth validation required\"** — pass `--auth=iam` or `--auth=bedrock-api-key` explicitly\n3. **Authentication errors** — re-authenticate: `aws sso login --profile=\u003cprofile\u003e`\n4. **Region errors** — verify model availability; try `us-east-1` or `us-west-2`\n5. **PowerShell execution policy error** — `Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser`\n6. **\"jq is required\"** — `brew install jq` / `sudo apt install jq` / `winget install jqlang.jq`\n\n## Uninstall\n\n### Remove Juggernaut configuration\n\n```bash\n# Preview what will be removed\njuggernaut uninstall --dry-run\n\n# Remove the Juggernaut block from settings.json, bearer token storage,\n# and the Claude launcher shell/profile block\njuggernaut uninstall\n\n# Limit to one scope\njuggernaut uninstall --scope=user\njuggernaut uninstall --scope=project\n```\n\n\"juggernaut uninstall\" removes the \"juggernaut\" key from settings.json, deletes the bearer token storage entry (OS keychain on macOS/Windows for short keys, per-user DPAPI file on Windows for long keys \u003e1280 chars, profile file on Linux), removes the Juggernaut \"claude\" launcher block from shell profiles, and removes the legacy \"~/.local/bin/claude\" symlink if present. It intentionally leaves the \"juggernaut\" command launcher and install directory in place so you can reconfigure later.\n\n### Fully remove Juggernaut\n\n\u003e Warning: This will permanently delete your Juggernaut installation, all stored tokens, and configuration. This action cannot be undone.\n\nFor most users, re-running the installer is still the easiest full-wipe path: the installer performs a destructive wipe before reinstalling. Use \"juggernaut uninstall --full\" only when you want Juggernaut removed from the machine instead of reinstalled.\n\nmacOS:\n\n```bash\njuggernaut uninstall --full --dry-run\njuggernaut uninstall --full --yes\n\n# Clear the current shell's command cache. Start a new terminal if \"claude\"\n# or \"juggernaut\" was already loaded in this shell.\nhash -r 2\u003e/dev/null || true\nunset -f claude 2\u003e/dev/null || true\nunfunction claude 2\u003e/dev/null || true\nfunctions -e claude 2\u003e/dev/null || true\n\n# Optional sanity checks: these should print nothing for Juggernaut.\ncommand -v juggernaut || true\ntype claude\n```\n\nLinux, WSL, and Git Bash:\n\n```bash\njuggernaut uninstall --full --dry-run\njuggernaut uninstall --full --yes\n\n# Clear the current shell's command cache. Start a new terminal if \"claude\"\n# or \"juggernaut\" was already loaded in this shell.\nhash -r 2\u003e/dev/null || true\nunset -f claude 2\u003e/dev/null || true\nunfunction claude 2\u003e/dev/null || true\nfunctions -e claude 2\u003e/dev/null || true\n\n# Optional sanity checks: these should print nothing for Juggernaut.\ncommand -v juggernaut || true\ntype claude\n```\n\nWindows PowerShell:\n\n```powershell\njuggernaut uninstall --full --dry-run\njuggernaut uninstall --full --yes\n\n# Start a new PowerShell session if \"claude\" or \"juggernaut\" was already loaded.\n\n# Optional sanity checks: these should not point at Juggernaut.\nGet-Command juggernaut -ErrorAction SilentlyContinue\nGet-Command claude -All\n```\n\nIf \"Get-Command claude -All\" still shows a PowerShell \"Function\" named \"claude\",\nopen a new PowerShell session. If it still appears after that, remove the\n\"# BEGIN: Juggernaut Launcher\" block from your PowerShell profile and restart\nPowerShell.\n\nIf you installed with \"JUGGERNAUT_DIR\", full uninstall removes that custom install directory instead of \"$HOME/.juggernaut\" / \"$HOME\\.juggernaut\".\n\nThe installer does not modify your PATH. If you manually added \"~/.local/bin\" (or equivalent) only for Juggernaut, remove that entry from your shell profile after deletion.\n\nAfter uninstalling, Claude Code will prompt you to log in with your Anthropic account.\n\n## IAM Permissions Required\n\nYour AWS user/role needs:\n- `bedrock:InvokeModel`\n- `bedrock:InvokeModelWithResponseStream`\n- `bedrock:ListInferenceProfiles`\n\nSee `iam-policy.json` for the complete policy.\n\n**Security Note:** The provided IAM policy uses wildcard regions (`arn:aws:bedrock:*:...`) for flexibility. For tighter security, restrict to specific regions (e.g., `arn:aws:bedrock:us-west-2:...`).\n\n## Security Considerations\n\n### Authentication Methods (Most to Least Secure)\n\n| Method | Security | Use Case |\n|--------|----------|----------|\n| IAM/SSO | Most secure | Production — no secrets in commands |\n| API key + keychain/Credential Manager/DPAPI/profile | Varies | Key encrypted at rest in OS keychain/Credential Manager or per-user DPAPI file; Linux profile storage is plaintext |\n| API key (pipe) | Secure | `echo $KEY \\| juggernaut apply ...` — key never in terminal scrollback |\n| API key (interactive) | Secure | Visible prompt, paste-safe on all platforms |\n| API key (inline) | Least secure | CI/CD only — visible in process list |\n\n### API Key Authentication\n\n**Pipe mode (`echo $KEY | juggernaut apply --auth=bedrock-api-key`)** is the recommended path:\n- Key never appears in terminal scrollback\n- Works reliably under tmux, screen, SSH, and all terminal emulators\n- Script-friendly\n\n**Interactive mode (`juggernaut apply --auth=bedrock-api-key`)**:\n- Prompts with a visible `\u003e` indicator — paste-safe on all platforms\n- Key appears in terminal scrollback (same as it would in any editor)\n\n**Inline mode (`--bedrock-key=xxx`)** — use only for CI/CD:\n- Command-line arguments are visible to other users via `ps aux`\n- Commands are saved to shell history\n\n**For CI/CD**, use secrets management:\n\n```bash\n# GitHub Actions\njuggernaut apply --auth=bedrock-api-key --bedrock-key=${{ secrets.BEDROCK_KEY }}\n```\n\n## Notes\n\n- `/login` and `/logout` commands are disabled when using Bedrock\n- Authentication is handled through AWS credentials\n- `AWS_REGION` is required (Claude Code doesn't read from `.aws/config`)\n- Credentials need periodic refresh if using SSO/temporary credentials\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpvelasco%2Fjuggernaut","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjpvelasco%2Fjuggernaut","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpvelasco%2Fjuggernaut/lists"}