open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

docs(readme): cut marketplace catalog to current-state, drop embedded version history

Browse source 
README went from 327 to 191 lines (50.6KB -> 12.6KB). Each plugin now
follows one template: tagline + 3-5 capability bullets + key commands +
stats/docs line. All per-version changelog prose removed (lives in each
plugin's CHANGELOG). Fixed stale LinkedIn Studio stats (now 19 agents /
26 commands / 6 skills, verified against plugin files).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen 2026-05-30 01:14:02 +02:00
commit b4648e1255
1 changed files with 79 additions and 215 deletions
Download patch file Download diff file Expand all files Collapse all files

290
README.md
View file

@ -4,9 +4,7 @@ Open-source Claude Code plugins for AI-assisted development, security, and plann
Built for my own Claude Code workflow and shared openly for anyone who finds them useful. Solo-maintained, AI-assisted, fork-and-own. Issues are welcome as signals; pull requests are not accepted. See [GOVERNANCE.md](GOVERNANCE.md) for what upstream provides and how this is meant to be used.
## AI-generated code disclosure
All code in this marketplace is generated by Claude Code through a dialog-based process. I direct, review, test, and validate; Claude writes. Every commit reflects this — treat the plugins as AI-authored, human-curated.
All code here is generated by Claude Code through a dialog-based process: I direct, review, test, and validate; Claude writes. Treat the plugins as AI-authored, human-curated.
## Installation
@ -14,13 +12,9 @@ All code in this marketplace is generated by Claude Code through a dialog-based
claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git
```
Then open Claude Code and type `/plugin` to browse and install plugins from the marketplace.
Then open Claude Code and type `/plugin` to browse and install. Works with the Claude Code CLI, desktop app, and IDE extensions on macOS, Linux, and Windows. No external dependencies.
## Compatibility
- Claude Code CLI, desktop app, and IDE extensions
- macOS, Linux, Windows
- No external dependencies (all scanners and hooks are self-contained)
Each plugin keeps its own full README and CHANGELOG; this page is just the catalog.
---
@ -28,181 +22,95 @@ Then open Claude Code and type `/plugin` to browse and install plugins from the
### [LLM Security](plugins/llm-security/) `v7.7.2`
Security scanning, auditing, and threat modeling for agentic AI projects.
Security scanning, auditing, and threat modeling for agentic AI projects. Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and Google DeepMind's AI Agent Traps taxonomy.
Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection:
- **Automated enforcement** — 9 hooks block prompt injection, secrets in code, destructive commands, and supply-chain risks in real time
- **Deterministic scanning** — 23 Node.js scanners for entropy, Unicode codepoints, typosquatting, taint flow, git forensics, AI-BOM, and IDE-extension prescan (VS Code + JetBrains)
- **Advisory analysis** — 20 commands that scan, audit, and model threats with letter-graded reports and remediation
- **Enterprise governance** — EU AI Act / NIST AI RMF / ISO 42001 mapping, SARIF 2.1.0 output, policy-as-code, standalone CLI
- **Automated enforcement** — 9 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails, transcript scanning before context compaction)
- **Deterministic scanning** — 23 Node.js scanners (10 orchestrated + 13 standalone) for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics, AI-BOM, attack simulation, IDE extension prescan (VS Code + JetBrains — URL fetch from Marketplace / OpenVSX / direct VSIX / JetBrains Marketplace, hardened ZIP extractor for zip-slip / symlinks / bombs, plus OS sandbox via `sandbox-exec` / `bwrap` so the kernel enforces FS confinement), MCP cumulative-drift baseline reset (E14 — sticky baseline catches slow-burn rug-pulls). Bash-normalize T1-T6 for obfuscation-resistant denylists
- **Advisory analysis** — 20 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation
- **Enterprise governance** — Compliance mapping (EU AI Act, NIST AI RMF, ISO 42001), SARIF 2.1.0 output, structured audit trail, policy-as-code, standalone CLI
- **v7.7.2 language consistency pass (2026-05-19)** — Norwegian had crept into surface text across v7.5-v7.7. Per the `~/.claude/CLAUDE.md` convention (English for code and documentation, Norwegian for dialog only), this release translates the HTML Report-step in all 18 skill commands, the canonical CLI renderer `scripts/lib/report-renderers.mjs`, the playground UI strings, the skill-scanner and mcp-scanner agent prompts, the marketplace + plugin README/CLAUDE.md state sections, and six table cells in `docs/scanner-reference.md`. Demo-state fixture content for the `dft-komplett-demo` project (intentional Norwegian persona) and regex alternations that match Norwegian-language report markdown (`/^high\|^høy/`, `/resolution\|løsning/`) were preserved. No scanner, hook, or behavior changes — purely surface text
- **v7.7.1 playground UX strip (2026-05-18)** — Operator feedback immediately after v7.7.0: the catalog became the only routable surface in the playground (the onboarding/home/project render functions remain in source but are not routable). Topbar simplified to a `Catalog` button + state/theme actions. Breadcrumb org-name replaced with a neutral `llm-security`. The onboarding concept (per-command context injection) is documented as a v7.8.0 candidate in ROADMAP. No scanner or hook behavior changes
- **v7.7.0 HTML report for all 18 skill commands (2026-05-18)** — Every `/security <cmd>` that produces a report now prints a clickable `file://` link to a self-contained HTML version. Delivered across five sessions: (1) playground catalog list-view + builder-pane with a copy button; (2) playground project-surface cleanup (stub-screen + topbar split); (3) the 18 inline parsers + renderers moved to a canonical ESM module `scripts/lib/report-renderers.mjs` (the playground keeps a bit-identical inline copy since ESM `import` does not work from `file://`); (4) new zero-dep CLI `scripts/render-report.mjs` — stdin/file/stdout mode, kebab→camel commandId routing, inlines 6 DS stylesheets, ~140 KB self-contained HTML with system-font fallback, absolute `file://` paths for Ghostty cmd-click; (5) all 18 skills wired (4 in session 4 + 14 in session 5). No scanner or hook behavior changes — purely additive
- **v7.6.1 playground visual patch (2026-05-06)** — Six bugs caught by the maintainer during manual browser verification after the v7.6.0 release. All were mismatches between DS classes and how playground renderers used them (or missing DS implementations the renderers assumed existed): `renderFindingsBlock` used the `.findings` outer class (the DS 2-column list+detail grid) → replaced with `<section class="report-meta">` + the correct `findings__list` pattern; `.report-table` was missing entirely from the DS but used in 7+ renderers → local CSS implementation; `renderPreDeploy` traffic-lights used the fixed 28×28 px `.sm-card__grade` for "PASS"/"PASS-WITH-NOTES"/"FAIL" → width-adapting status pill; threat-model matrix bubbles were not clickable → `<button>` with `data-threat-id` + click handler that scrolls to the Threats table; radar labels overlapped → SVG 280→380, R 105→125, dynamic `text-anchor`; `recommendation-card__body` text overflow → `overflow-wrap: anywhere`. 4/4 fix-specific + 18/18 regression tests passing. No scanner or hook behavior changes
- **v7.6.0 playground Tier 3 reference case (2026-05-06)** — The playground was raised to a visually and structurally complete reference for the `shared/playground-design-system/` Tier 3 supplement. 8 new DS components integrated into the 18 report renderers: `tfa-flow` + `tfa-leg` + `tfa-arrow` (lethal trifecta chain with `<button>` elements + ARIA), `mat-ladder` + `mat-step` (5-step maturity ladder), `suppressed-group` (narrative audit), `codepoint-reveal` + `cp-tag/cp-zw/cp-bidi` (Unicode steganography), `top-risks` + `top-risk[data-severity]` (ranked top-findings listing), extended `recommendation-card[data-severity]` on `clean`/`harden`/`audit`/`posture`/`pre-deploy`/`plugin-audit`, `risk-meter` (0-100 band visualization across 5 archetypes), `card--severity-{level}` modifier on findings cards. Wave 1 (Session 2): `badge--scope-security` (identity chip), `verdict-pill-lg` (DS Tier 3 pill across all 18 report types), `form-progress` + `fp-step` (onboarding wizard). Removed ~30 duplicate CSS declarations (DS wins the cascade). 5 new DS helpers + `mapSeverityToCardLevel` + `parseNarrativeAudit`. A11Y report updated. File size 10209 → 10677 lines across 5 sessions. No scanner or hook behavior changes — purely additive surface
- **v7.5.0 playground (2026-05-05)** — Single-file SPA at `plugins/llm-security/playground/llm-security-playground.html` (~10 200 lines) for onboarding, demos and workshop use without a Claude Code installation. Parsers + renderers for all 18 produces_report commands, 18 markdown test fixtures as contract anchors, a complete demo project with all 18 reports parsed in advance, vendor-synced design-system, 9 Playwright-generated screenshots. 11 new `window` globals exposed for testing/automation (`__store`, `__navigate`, `__loadDemoState`, `__PARSERS`, `__RENDERERS` …). Bug-fix: `normalizeVerdictText` handles GO-WITH-CONDITIONS without collapsing to ALLOW. No scanner or hook behavior changes — purely additive surface
- **v7.4.0 examples + e2e suite (2026-05-05)** — 9 runnable demonstration walkthroughs under `examples/` (lethal-trifecta, mcp-rug-pull, supply-chain-attack, poisoned-claude-md, bash-evasion-gallery, prompt-injection-showcase, malicious-skill-demo, toxic-agent-demo, pre-compact-poisoning) plus three new test suites under `tests/e2e/` (attack-chain, multi-session, scan-pipeline) that prove the framework works as a coordinated system. +45 tests (1777 → 1822), no scanner or hook behavior changes — purely additive surface
- **v8.0.0 env-var deprecation runway (D3, v7.3.0)** — Hook configuration has historically been split between process env-vars and the team-distributable `.llm-security/policy.json` file. Until v7.3.0 the two surfaces could disagree silently. The new `getPolicyValueWithEnvWarn()` helper in `scanners/lib/policy-loader.mjs` now emits a one-time-per-process stderr line whenever both surfaces are explicitly set:
- Affected pairs: `LLM_SECURITY_INJECTION_MODE``injection.mode`, `LLM_SECURITY_TRIFECTA_MODE``trifecta.mode`, `LLM_SECURITY_ESCALATION_WINDOW``trifecta.escalation_window` (new key in `DEFAULT_POLICY`), `LLM_SECURITY_AUDIT_LOG``audit.log_path`
- Env still wins through the v7.x window — no behaviour change today, only a runway signal
- Suppress headless-log noise with `LLM_SECURITY_DEPRECATION_QUIET=1`
- Teams should converge on `policy.json` for distributable configuration before v8.0.0 removes the env-var path
- **Opus 4.7 aligned** — Agent instructions rewritten for literal instruction-following (system card §6.3.1.1), defense-in-depth posture per §5.2.1, production hardening guide
Key commands: `/security posture`, `/security audit`, `/security scan`, `/security ide-scan`, `/security threat-model`
Key commands: `/security posture`, `/security audit`, `/security scan`, `/security ide-scan`, `/security threat-model`, `/security plugin-audit`
6 specialized agents · 23 scanners · 9 hooks · 20 knowledge docs · 9 runnable examples · 1822 tests
→ [Full documentation](plugins/llm-security/README.md)
6 agents · 23 scanners · 9 hooks · 1822 tests · [Full documentation →](plugins/llm-security/README.md)
---
### [Config-Audit](plugins/config-audit/) `v5.1.0`
Configuration intelligence for Claude Code — health checks, feature discovery, auto-fix, active-config inventory, reality-based Opus-4.7 token analysis, and plain-language UX that leads with prose ("Fix soon: The same automation is set up more than once") instead of technical IDs.
Configuration intelligence for Claude Code. Claude reads instructions from 7+ file types across multiple scopes; this plugin tells you what's wrong, what's missing, what's silently conflicting, what's actually loaded, and where you're burning tokens.
Claude Code reads instructions from 7+ file types across multiple scopes. This plugin tells you what's wrong, what's missing, what's silently conflicting, what's actually loaded, and where you're burning tokens unnecessarily:
- **Health** — 12 deterministic scanners verify correctness across every configuration file (broken imports, deprecated settings, conflicting rules, permission contradictions, Opus-4.7-era token waste, cache-prefix instability, dead tool grants, cross-plugin skill collisions)
- **Health** — 12 deterministic scanners catch broken imports, deprecated settings, conflicting rules, permission contradictions, and token waste
- **Opportunities** — context-aware recommendations for Claude Code features you're not using
- **Action** — auto-fix with mandatory backups, syntax validation, rollback support, and human-in-the-loop workflow
- **What's active** — read-only inventory of plugins, skills, MCP servers, hooks, and CLAUDE.md cascade for a repo, with token estimates
- **Token hotspots**`/config-audit tokens` ranks files by estimated waste across 6 Opus-4.7 patterns (cache-breaking volatile content, redundant tool permissions, deep import chains, oversized cascades, bloated SKILL.md descriptions, MCP tool-schema budget). Optional `--accurate-tokens` calibrates against Anthropic's `count_tokens` API.
- **System-prompt manifest**`/config-audit manifest` ranks every token source (CLAUDE.md cascade, plugins, skills, MCP servers, hooks) by estimated tokens
- **Plain-language UX (v5.1.0)** — default output of all 18 commands leads with prose; findings group by user-impact category (Configuration mistake, Conflict, Wasted tokens, Missed opportunity, Dead config) and urgency phrase (Fix this now → FYI). Pass `--raw` for v5.0.0 verbatim output; `--json` is unchanged and byte-stable.
- **Action** — auto-fix with mandatory backups, syntax validation, and rollback
- **Inventory + hotspots** — read-only view of active plugins, skills, MCP servers, hooks, and CLAUDE.md cascade, plus a ranked map of token waste
- **Plain-language UX** — output leads with prose and groups findings by impact and urgency (`--raw` and `--json` available)
Key commands: `/config-audit posture`, `/config-audit feature-gap`, `/config-audit fix`, `/config-audit whats-active`, `/config-audit tokens`, `/config-audit manifest`
Key commands: `/config-audit posture`, `/config-audit feature-gap`, `/config-audit fix`, `/config-audit whats-active`, `/config-audit tokens`
6 agents · 12 scanners · 18 commands · 792+ tests
→ [Full documentation](plugins/config-audit/README.md)
6 agents · 12 scanners · 18 commands · 792+ tests · [Full documentation →](plugins/config-audit/README.md)
---
### [Voyage](plugins/voyage/) `v5.1.1`
Deep requirements gathering, research, implementation planning, self-verifying execution, independent post-hoc review, and zero-friction multi-session resumption — with specialized agent swarms, adversarial review, and failure recovery. Six-command (brief, research, plan, execute, review, continue) universal pipeline + adaptive-depth per-phase effort dialog. `/trekbrief`, `/trekplan`, and `/trekreview` render their artifact to a self-contained HTML view and print the `file://` link.
A six-command planning pipeline with specialized agent swarms, adversarial review, and zero-friction multi-session resumption. Renamed from `ultraplan-local`/`/ultra*-local` to avoid collision with Anthropic's `/ultraplan` and `/ultrareview`. No cloud dependency.
v5.1.1 is a 13-step remediation patch closing 11 of 12 findings from the v5.1.0 review (the SC8 dogfood gate is operator-manual, scheduled for after-execute). Load-bearing bug fixes: YAML-number bypass in `brief-validator` so the gate fires for both quoted and unquoted `brief_version` (#8 + #11). Wiring: a new `lib/profiles/phase-signal-resolver.mjs` helper is invoked from `/trekplan`/`/trekresearch`/`/trekreview`/`/trekexecute` Phase 1, the resolved JSON is captured as `phase_signal_result`, and the `brief-validator --soft` gate is required uniformly across all 4 downstream commands (#9 + #12). Test refactor: runtime SC1 walk for trekbrief + per-tier resolver-output + missing-signals falsification per downstream command + dedicated profile-resolver non-interference test (#1 #2 #3 #4 #6 #7 #10). Documentation: Decision B high-effort behavior locked per command (gemini-bridge pass for `/trekplan`, full swarm + always-on `contrarian-researcher` for `/trekresearch`, skip Pass 3 + coordinator normalization for `/trekreview`, `gates_mode: closed` for `/trekexecute`) + brief Non-Goal/SC1 amendments + REMEMBER dogfood scaffolding. v5.1.1 is additive — no breaking changes against v5.1.0. See `plugins/voyage/CHANGELOG.md` § v5.1.1.
- **`/trekbrief`** — capture intent through a quality-gated interview; emits a reviewable brief
- **`/trekresearch`** — deep multi-source research with triangulation and confidence ratings
- **`/trekplan`** — transform the brief into an executable, manifest-verified plan
- **`/trekexecute`** — disciplined execution with independent audit and bounded failure recovery
- **`/trekreview`** — independent post-hoc review; severity-tagged findings feed back into planning
- **`/trekcontinue`** — resume the next session from saved state in one command
v5.1.0 adds Phase 3.5 to `/trekbrief`: 4 tier-coupled `AskUserQuestion` calls commit an effort level (`low | standard | high`) and an optional `model` (`sonnet | opus`) per downstream phase (`research`, `plan`, `execute`, `review`). The choices land in `brief.md` as `phase_signals:` (or `phase_signals_partial: true` on force-stop). `brief_version: 2.1` activates a validator-side sequencing gate (`BRIEF_V51_MISSING_SIGNALS`) so downstream commands halt with a friendly hint when signals are missing. Composition rule per downstream command: brief signal wins per-phase, profile fills gaps. `effort == low` activates each command's existing `--quick`-equivalent code-path (`/trekexecute` low-effort = `--gates open` + sequential-only). Additive — no breaking changes; pre-2.1 briefs still validate. See `plugins/voyage/CHANGELOG.md` § v5.1.0.
Per-phase effort and model dialog; `/trekbrief`, `/trekplan`, and `/trekreview` render an operator-annotation HTML view you can mark up and copy back into Claude.
v5.0.3 lands the annotation UX modelled on `~/repos/claude-code-100x/claude-code-100x/build-site.js`: pencil-toggle annotation mode, **select text or click any element to anchor**, choose intent (**Fiks** / **Endre** / **Spørsmål**), write a comment, save. The sidebar groups annotations by section with intent badges; Copy Prompt assembles them into a structured markdown the operator pastes back into Claude. State persists in `localStorage` per artifact path. v5.0.2 was operator-led but too thin (line-click + freeform note, no intent categories). v5.0.1 had pointed at `/playground document-critique` (Claude-leads — wrong direction). v5.0.0 (breaking, kept) removed the v4.2/v4.3 bespoke playground SPA, `/trekrevise`, Handover 8, the supporting `lib/` modules, the Playwright e2e suite, and the `@playwright/test` / `@axe-core/playwright` devDeps. v5.0.3's `scripts/annotate.mjs` is one self-contained zero-dependency Node script. **The operator drives every annotation** — Claude never pre-generates suggestions in this flow. See `plugins/voyage/CHANGELOG.md` § v5.0.0 → § v5.0.3.
v4.0.0 (breaking) renamed the plugin from `ultraplan-local` to **Voyage** and all commands from `/ultra*-local` to `/trek*` to remove name collision with Anthropic's `/ultraplan` and `/ultrareview` features. See `plugins/voyage/TRADEMARKS.md` and `plugins/voyage/CHANGELOG.md`.
Six commands, one pipeline with clear division of labor:
- **`/trekbrief`** — Capture intent. Dynamic, quality-gated interview: a section-driven completeness loop (Phase 3) followed by a `brief-reviewer` stop-gate (Phase 4, max 3 review iterations). Required sections must reach an initial-signal gate AND pass review across completeness, consistency, testability, scope clarity, and research-plan validity before `brief.md` is written. Identifies research topics with copy-paste-ready `/trekresearch` commands. Optional auto-orchestration runs research + planning in foreground. Always interactive.
- **`/trekresearch`** — Gather context. Deep multi-source research with triangulation: 5 local agents + 4 external agents + Gemini bridge, producing structured briefs with confidence ratings. Makes no build decisions.
- **`/trekplan`** — Transform intent into an executable contract. Per-step YAML manifests (`expected_paths`, `commit_message_pattern`, `bash_syntax_check`). Plan-critic is a hard gate on manifest quality. Requires a task brief as input (`--brief` or `--project`). Auto-discovers `architecture/overview.md` when produced upstream and cross-references its `cc_features_proposed` against exploration findings.
- **`/trekexecute`** — Execute the contract disciplined. Manifest-based verification, independent Phase 7.5 audit from git log + filesystem (ignores agent bookkeeping), Phase 7.6 bounded recovery dispatch for missing steps. Step 0 pre-flight catches sandbox push-denial before any work. `--validate` mode offers a fast schema-only sanity-check between planning and execution.
- **`/trekreview`** — Close the iteration loop. Independent post-hoc reviewer reads `brief.md` from scratch and evaluates the diff produced by execute. Two parallel reviewers (brief-conformance + code-correctness) plus a Judge Agent (review-coordinator) for dedup and reasonableness filtering. Severity-tagged findings (Critical/High/Medium/Low/Info) with stable 40-char hex IDs feed back into planning via Handover 6 (`/trekplan --brief review.md` → remediation plan with `source_findings:` audit trail).
- **`/trekcontinue`** — Zero-friction multi-session resumption. In a fresh chat, type `/trekcontinue` — reads `.session-state.local.json` (Handover 7), prints a 3-line summary, and immediately begins executing the next session. Any session-end mechanism may write the state file (`/trekexecute` Phase 8/2.55/4 do so automatically; `/trekendsession` helper writes it for informal flows). Forward-compat schema (unknown top-level keys ignored) so future producers can extend additively.
`/trekbrief`, `/trekplan`, and `/trekreview` each end by running `scripts/annotate.mjs` against the just-written `.md`, printing the `file://<abs path>` link to the resulting self-contained operator-annotation HTML. The operator opens it, clicks any line to add their own note, watches a sidebar of every note (editable, deletable, persisted in browser `localStorage`), clicks "Copy Prompt" to get one structured prompt with every note, pastes back into Claude — Claude revises the `.md` from the notes. The operator drives every annotation.
All artifacts land in one project directory: `.claude/projects/{YYYY-MM-DD}-{slug}/` contains `brief.md`, `research/NN-*.md`, `plan.md`, `sessions/`, `progress.json`, `review.md`, and `.session-state.local.json` (gitignored). `--project <dir>` works across `/trekresearch`, `/trekplan`, `/trekexecute`, `/trekreview`, and (optionally) `/trekcontinue`.
v3.4.0 (non-breaking) adds the **autonomy chain from brief approval to main-merge** plus parallel-wave hardenings. New `lib/util/autonomy-gate.mjs` state machine (`idle → approved → executing → merge-pending → main-merged`), `lib/review/plan-review-dedup.mjs` for Phase 9 inline dedup, `lib/stats/event-emit.mjs` for autonomy-gate transitions and main-merge gate, and `--gates {open|closed|adaptive}` flag on all four pipeline commands. `commands/trekplan.md` Phase 8 seals Opus-4.7 plan/list-emission schema-drift via `plan-validator --strict`. `commands/trekexecute.md` Phase 2.6 wave-executor adds 11 hardenings for plugin-in-monorepo + gitignored-state topology (GIT_OPTIONAL_LOCKS, --max-turns, --max-budget-usd, scoped --allowedTools, push-before-cleanup ordering). New `hooks/scripts/post-compact-flush.mjs` PostCompact hook re-injects session-state after compaction. SC7 synthetic determinism floor (Jaccard ≥ 0.833) for plan + review fixtures. Hook baseline regression pins. Architecture decision: Path B (sequential `--no-ff` parallel waves with manifest-driven failure recovery) ships; Path C (cache-first hybrid) deferred to v3.5.0 contingent on cache-telemetry harvest.
v3.3.0 (non-breaking) adds `/trekcontinue` as the sixth command and the contracted **Handover 7 (.session-state.local.json)** for zero-friction multi-session resumption. New `lib/validators/session-state-validator.mjs` (schema v1, forward-compat — unknown top-level keys ignored), `lib/util/atomic-write.mjs` extracted from `pre-compact-flush.mjs` for tmp+rename writes, and `/trekendsession` helper for informal multi-session flows. `/trekexecute` Phase 8 / 2.55 / 4 now write the state file alongside `progress.json`. `pre-compact-flush.mjs` also refreshes the state file before context compaction (monotonic; never advances to non-resumable status). 22 new tests (163 → 185 green).
v3.2.0 (non-breaking) adds `/trekreview` as the fifth command and the contracted **Handover 6 (review → plan)** feedback loop. New artifact type `type: trekreview` validated by `lib/validators/review-validator.mjs`, stable 40-char SHA1 finding-IDs from `lib/parsers/finding-id.mjs`, Jaccard similarity for determinism testing (`lib/parsers/jaccard.mjs`), and a 12-key version-pinned rule catalogue (`lib/review/rule-catalogue.mjs`). Four new agents (review-orchestrator, brief-conformance-reviewer, code-correctness-reviewer, review-coordinator) implementing the Judge-Agent dedup pattern. `/trekplan` now consumes `--brief review.md` (BLOCKER + MAJOR findings become plan goals) and writes `source_findings: [<id>, ...]` audit trail. `brief-validator` accepts both `type: trekbrief` and `type: trekreview`.
v3.0.0 extracts the Claude-Code-specific architecture phase to a separate plugin. The planning pipeline now stays technology-agnostic; CC-feature matching becomes opt-in. The plan command still auto-discovers `architecture/overview.md` if produced upstream — the contract is filesystem-level, not code-level. Non-breaking for users of brief/research/plan/execute. See `plugins/voyage/CHANGELOG.md` for migration steps.
v2.4.0 (breaking, default behavior) removes background mode. The commands now run foreground in the main context because the harness does not expose the Agent tool to sub-agents — background orchestrators silently degraded the swarm to inline reasoning without external research tools. The `--fg` flag is preserved as a no-op alias for backward compatibility. Source: github.com/anthropics/claude-code/issues/19077.
v2.1 (non-breaking) replaced the hardcoded Q1Q8 interview with a dynamic, quality-gated loop; `brief-reviewer` emits machine-readable per-dimension JSON scores so `/trekbrief` can use it as an internal stop-gate. v2.0 (breaking) extracted the interview from planning: briefs are reviewable artifacts that downstream agents (`brief-reviewer`, `plan-critic`, `scope-guardian`) validate independently. `/trekplan` requires `--brief` or `--project`. See `plugins/voyage/MIGRATION.md`.
v1.7 self-verifying chain (preserved): a step may not be marked `completed` unless its manifest verifies. v1.8 Opus 4.7 literalism fixes (preserved): literal Step+Manifest template, forbidden narrative headers, schema self-check.
v3.1.0 (in progress) adds a `lib/`-tree of zero-dep validators (`brief-validator`, `research-validator`, `plan-validator`, `progress-validator`, `architecture-discovery`) wired into the four commands as CLI shims, plus 109 `node:test` cases and a doc-consistency invariant test. The Phase 5.5 schema self-check now runs as `node lib/validators/plan-validator.mjs --strict` instead of three `grep -cE` calls — same checks, single source of truth, machine-readable error codes. Architecture discovery treats the upstream `architecture/overview.md` contract as drift-WARN, never drift-FAIL. Forking the plugin? `npm test` is the readiness gate.
v3.1.0 also adds: `docs/HANDOVER-CONTRACTS.md` as the single source of truth for the 5 pipeline handovers (extended to 6 in v3.2.0, then to 7 in v3.3.0); PreCompact-hook (`pre-compact-flush.mjs`, CC v2.1.105+) that fixes the documented progress.json drift bug — `--resume` now works after long conversations; UserPromptSubmit-hook that sets session titles `voyage:<command>:<slug>` for headless multiplexing (CC v2.1.94+); PostToolUse-hook that captures Bash `duration_ms` per call (CC v2.1.97+); semantic plan-critic rubric that catches paraphrased deferred decisions ("implement as needed", "wire it up") instead of just exact-string blacklist; `examples/01-add-verbose-flag/` showing a calibrated end-to-end pipeline run; `SECURITY.md` boilerplate; `docs/architect-bridge-test.md` smoke checklist.
Defense-in-depth security: plugin hooks block destructive commands and sensitive path writes, prompt-level denylist works in headless sessions, pre-execution plan scan catches dangerous commands before they run, scoped `--allowedTools` replaces `--dangerously-skip-permissions` in parallel sessions. Recommended hardening: `disableSkillShellExecution: true` for fork-ers handling untrusted plans (CC v2.1.91+).
Modes: default, brief-driven, project-scoped, research-enriched, foreground, quick, decompose, export, resume
23 specialized agents · 6 commands (+ 1 helper) · 5 plugin hooks · 500+ tests · Operator-driven HTML annotation surface · No cloud dependency
→ [Full documentation](plugins/voyage/README.md) · [Migration guide](plugins/voyage/MIGRATION.md)
23 agents · 6 commands (+1 helper) · 5 hooks · 500+ tests · [Full documentation →](plugins/voyage/README.md) · [Migration guide](plugins/voyage/MIGRATION.md)
---
### [AI Psychosis](plugins/ai-psychosis/) `v1.2.0`
Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns.
Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns. AI assistants are structurally optimized to be agreeable; this surfaces when that becomes a problem.
AI assistants are structurally optimized to be agreeable. This creates reinforcement loops where productive collaboration is often a mirror showing you what you want to see. Research documents psychotic episodes triggered by sustained AI interaction in individuals with no prior psychiatric history.
- **Behavioral instructions** — rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming
- **Programmatic detection** — 4 hooks measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage, with progressive alerts
- **Interaction reports**`/interaction-report` for aggregated session statistics (opt-in)
- **Contemplative references** — optional pointers when interaction flags are elevated (opt-in)
- **Layer 1 — Behavioral instructions** — SKILL.md rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming
- **Layer 2 — Programmatic detection** — 4 hooks that measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage with progressive alerts
- **Layer 3 — Interaction reports**`/interaction-report` slash command for aggregated session statistics across configurable timeframes (weekly, monthly, all-time). Opt-in
- **Layer 4 — Contemplative references** — optional references to contemplative approaches when interaction flags are elevated. Opt-in
Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged.
Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged. Layers 3 and 4 are off by default.
1 skill · 1 command · 4 hooks
→ [Full documentation](plugins/ai-psychosis/README.md)
1 skill · 1 command · 4 hooks · [Full documentation →](plugins/ai-psychosis/README.md)
---
### [Graceful Handoff](plugins/graceful-handoff/) `v2.1.0`
Auto-trigger session handoff at context threshold. Manual `/graceful-handoff` always works as backup. Built for Opus 4.7.
Auto-trigger session handoff at context threshold, so summarizing state, committing work, and writing a continuation prompt don't get rushed when you run low. Manual `/graceful-handoff` always works as backup. Built for Opus 4.7.
When you hit 60-70% context and have to start a new session, three things usually get rushed or forgotten: summarizing state, committing finished work, and writing a continuation prompt. v2.0 removed all three from the user's hands; v2.1 makes context detection model-aware so auto-trigger fires at the right moment on Opus 4.7's 1M window.
- **Auto-trigger via Stop hook** — at estimated ≥70% context, writes artifact + commits (push remains user-triggered: irreversible operations stay manual)
- **Model-aware context detection (v2.1)** — 4-step fallback chain (`used_percentage``payload-size``model-map` → 1M default), so Opus 4.7 no longer fires 57× too early
- **statusLine hint** — display-only warning at 60% and urgent reminder at 70% (never runs git, safe per research)
- **SessionStart auto-load** — on `--resume` / `compact`, handoff content is injected into the new session via `additionalContext`; no manual `cat` needed
- **Skill-architecture**`disable-model-invocation: true` so Claude can't autonomously invoke the side-effect-bearing flow; user triggers manually or hooks call the pipeline directly
- **Deterministic JSON pipeline**`scripts/handoff-pipeline.mjs` returns structured JSON; tests run without LLM involvement
- **Explicit staging** — pipeline stages ONLY the artifact (never `git add -A`, regression-tested)
- **No subagents, no web** — under 60s budget; pinned to Sonnet 4.6 to free Opus for the next session
- **Auto-trigger via Stop hook** — at ~70% context, writes the handoff artifact and commits (push stays manual; irreversible operations remain user-triggered)
- **Model-aware context detection** — a 4-step fallback chain so Opus 4.7's 1M window fires at the right moment, not 57× too early
- **statusLine hint + SessionStart auto-load** — display-only warnings at 60%/70%, then injects the handoff into the resumed session
- **Deterministic JSON pipeline** — runs without an LLM, stages only the artifact (never `git add -A`), under a 60s budget
Key command: `/graceful-handoff [topic-slug] [--no-commit] [--no-push] [--dry-run]`
3 hooks · 1 skill · 1 pipeline · 57 tests · BREAKING from v1.0
→ [Full documentation](plugins/graceful-handoff/README.md)
3 hooks · 1 skill · 1 pipeline · 57 tests · [Full documentation →](plugins/graceful-handoff/README.md)
---
### [MS AI Architect — Azure AI and Microsoft Foundry](plugins/ms-ai-architect/) `v1.15.0` `🇳🇴 Norwegian`
### [MS AI Architect](plugins/ms-ai-architect/) `v1.15.0` `🇳🇴 Norwegian`
Microsoft AI solution architecture guidance for Norwegian public sector and enterprise.
Meet Cosmo Skyberg — a structured architect persona who understands the problem before recommending technology. Every recommendation is grounded in 387 reference documents and verified against live Microsoft Learn documentation via MCP:
Microsoft AI solution architecture guidance for Norwegian public sector and enterprise, through Cosmo Skyberg — a structured architect persona who understands the problem before recommending technology.
- **Structured advisory** — 7-phase methodology from business need to architecture recommendation and optional diagram
- **Regulatory assessments** — ROS analysis (NS 5814), DPIA/PVK, security scoring (6×5), EU AI Act classification, cost estimation in NOK (P10/P50/P90)
- **Norwegian public sector** — Digdir architecture principles, Utredningsinstruksen, NSM, Schrems II data residency, EU AI Act compliance workflow
- **Manual KB-refresh**`/architect:kb-update` slash command drives sitemap-based change detection + new-URL discovery + per-file `microsoft_docs_fetch`-update + commit, run from an active Claude Code session. Scheduling is intentionally out of scope and left to the user (cron / launchd / GitHub Actions etc. as desired)
- **Regulatory assessments** — ROS (NS 5814), DPIA/PVK, 6×5 security scoring, EU AI Act classification, cost in NOK (P10/P50/P90)
- **Norwegian public sector** — Digdir architecture principles, Utredningsinstruksen, NSM, Schrems II data residency, EU AI Act workflow
- **Grounded and current** — 387 reference documents, verified against live Microsoft Learn via MCP; `/architect:kb-update` refreshes the knowledge base
- **Playground** — single-file decision-builder and report viewer covering all 17 report types, light/dark, runs offline
Key commands: `/architect`, `/architect:ros`, `/architect:security`, `/architect:dpia`, `/architect:utredning`, `/architect:cost`
12 specialized agents · 25 commands · 5 skills (387 reference docs) · 2 hooks · manual sitemap-driven KB refresh
**One-click demo (v1.15.0, 2026-05-16):** "Last inn demo-data"-knappen på onboarding bootstrapper en ferdig "Acme Kommune" med demo-prosjektet "Acme: Kunde-chatbot" og alle 17 rapport-typer pre-importert. v2→v3 migrasjon auto-parser `raw_markdown` til `project.artifacts[cid]` så project-view viser aggregert verdict (BLOKKERT), key stats (17/17 artifacts), top-risks-liste, og navigerbart artifact-sidebar i én navigasjon. 24 retina-screenshots committed under `playground/screenshots/v1.15.0/` (12 surfaces × 2 tema), så forkere ser pluginen uten å kjøre noe. Standalone Playwright-runner under `tests/screenshot/` (egen `package.json`).
**Playground (v3, v1.15.0 — project-view integration, 2026-05-16):** Multi-surface decision-builder + report viewer. The single-file HTML app lives at `playground/ms-ai-architect-playground.html` (~3870+ lines). v1.15.0 erstatter v2 project-surface (screen-tabs + category-tabs + per-command paste-cards) med v3 `renderProjectView` (sidebar med 17 artifacts gruppert i 4 kategorier + main-area med per-artifact view eller overview + import-modal som DS-overlay). V2-surface helt fjernet (`renderProjectSurface`, `renderCommandSubCard`, `rehydratePasteImports`, 5 v2-CSS-klasser). 2 fingerprint-gap lukket (requirements + license headers). `migrateDataVersion` utvidet med `parserFor` slik at demo-state og persisted localStorage auto-parses. Ship-QA: `components-tier4-project-view.css` lagt til i `<link>`-kjeden (var ikke loaded → modal-overlay og two-column layout virket ikke). 386 E2E PASS, 0 FAIL, 2 WARN.
- **4 surfaces:** Onboarding (4 strukturerte / 14 fritekst, prefill alle command-skjemaer) → Home (project list + 3 entry tracks) → Catalog (24 commands grouped in 5 expansion categories with search) → **Project v3** (sidebar med 17 artifacts + søk + main-area med per-artifact view eller aggregate overview + import-modal overlay)
- **Persistence:** IndexedDB primary + localStorage fallback, schema-versioned (`STATE_KEY = 'ms-ai-architect-state-v1'`) with eager migrations pipeline. v1.10.0 adds idempotent `dataVersion v1→v2` migration that backfills `verdict` + `keyStats` on existing reports.
- **17 inline report renderers (felles grunnskjelett)** — all wrap output through `renderPageShell()` with eyebrow + h1 + optional verdict-pill + optional key-stats-grid + archetype body (pyramid, 5×5/6×5/7×5 matrix, radar, kanban, mat-ladder, scenario-cards, screen-tabs, residual-pair, top-risks, recommendation-card, suppressed-panel, critique-card, read-more, traffic-light).
- **Foundation helpers**`renderPageShell`, `renderVerdictPill`, `renderKeyStatsGrid`, `inferVerdict`, `inferKeyStats`, `KEY_STATS_CONFIG`.
- **Light/dark theme toggle** with Aksel-aligned tokens in both modes (full WCAG AA contrast). Persisted in `localStorage('ms-ai-architect-theme')`, FOUC-safe via `<head>`-bootstrap script.
- **Validation:** 272 PASS combined — 201 static + 70 parser-fixture + 1 verdict-pill. `bash tests/run-e2e.sh --playground` runs static-structure + parser-fixture suites. Migrations 7 PASS separat. Plugin-validering 219 PASS.
- **Vendored design-system** at `playground/vendor/`, kept in sync via `scripts/sync-design-system.mjs ms-ai-architect`. Standalone — opens from `file://` without server or marketplace dependency.
→ [Full documentation](plugins/ms-ai-architect/README.md)
12 agents · 25 commands · 5 skills (387 docs) · 2 hooks · [Full documentation →](plugins/ms-ai-architect/README.md)
---
@ -210,94 +118,57 @@ Key commands: `/architect`, `/architect:ros`, `/architect:security`, `/architect
Build authentic LinkedIn authority through algorithmic understanding, strategic consistency, and AI-assisted content creation.
**v3.1.0 adds a cold adversarial review package to the long-form pipeline (Endring 9)** — three new headless archetypes (`content-reviewer` argument, `language-reviewer` Norwegian, `fact-reviewer` cold re-verification + pivot-risk), all Opus, that re-review a frozen draft with NO drafting-session context; a new **Step 6.5 (headless-review)** in `/linkedin:newsletter` after the persona sweep and before lock; a standalone **`/linkedin:headless-review`** command (run in a fresh session for maximum isolation); a **`/linkedin:pivot`** command + pivot-detection gate (> 20 % word-count / > 2 new sections re-opens cleared gates before lock); and **per-artifact personas** configurable per edition. Motivated by the Del 4 Security Champions pivot, where the in-session editor + persona sweep shared the drafting session's framing-bias so the shipped version was never independently re-reviewed. Pipeline 15 → 16 phases; 24 → 26 commands; 16 → 19 agents; backward-compatible (additive state); reload required for the new agents. **v3.0.0 renames the plugin to LinkedIn Studio** (was `linkedin-thought-leadership`): the slug, agent namespace, and runtime state-file path are now `linkedin-studio` — the `/linkedin:*` commands are unchanged. Breaking: reinstall required and the state file moves to `~/.claude/linkedin-studio.local.md`. Functionality is identical to v2.4.0. v2.4.0 adds an **editor's craft gate as an explicit pipeline phase** in `/linkedin:newsletter`: a new **`editorial-reviewer` agent** (Opus) + **Step 5.5 (editorial-review)** between fact-check (Step 5) and the persona sweep (Step 6). It judges **craft****prosa-håndverk** (em-dash density, verbatim repetition, postulated numbers, contradictions, versal-tic) + **narrativ-arkitektur** (concrete instantiation, theory-anchored hypotheses, series-title symmetry, equal action per addressee, un-overloaded conclusion) — not reader-response, returning **≤10 flags** (BLOCK / REWORK / NICE) as *direction* (never copy), operator-gated via `SendUserFile`, mirroring the Maskinrommet writing-contract §C2. Motivated by the Del 4 run, where **every persona reported PASS yet the editor found 8 fresh points on first reading, ~6/8 of them craft/architecture blind spots no agent measured.** Pipeline 14 → 15 phases; 15 → 16 agents; additive `editorialReview` state. v2.3.0 made **visual assets an explicit pipeline phase** (Step 7.5, between annotation and lock): the cover (+ optional inline figures) or a carousel deck is generated (default `mcp-image`; external `cover-raw.png` accepted) and operator-gated via `SendUserFile` **before lock**. v2.2.0 **hardened the longform gates** (blocking persona hard-fails, post-cutoff fact-check mandate, a Norwegian-chronicle `voice-scrubber`, render+annotate operator gates, STATE.md-reconciled edition state). Commands unchanged (24); 16 agents. v2.1.0's skeleton-gate-before-prose and v2.0.0's full-spectrum surface are preserved. Updated for the January 2026 360Brew algorithm change, which validates your creator profile before distributing content.
- **Long-form newsletter pipeline** — a multi-phase orchestrator (research → skeleton → prose → de-AI/voice scrub → fact-check → editorial and persona gates → visual assets → lock → delivery) with maintained edition state
- **Adversarial review** — cold headless content, language, and fact reviewers re-check a frozen draft with no drafting-session context; `/linkedin:pivot` re-opens cleared gates on major rewrites
- **Content engine** — Content Matrix (40+ ideas from one topic), voice training with drift detection, full ideation → publish → 48-hour monitoring → analytics
- **Growth and monetization** — phase-specific guidance from 0 to 10K+ followers; 360Brew profile optimization for LinkedIn's creator validation
- **Editorial-review craft gate BEFORE the persona sweep (v2.4)** — Step 5.5 runs the new `editorial-reviewer` (Opus) on the fact-checked draft, two axes (prosa-håndverk + narrativ-arkitektur), ≤10 flags severity-ranked BLOCK/REWORK/NICE, surfaced to the operator via `SendUserFile`. It runs *before* the persona sweep so the personas measure resonance instead of stumbling on craft noise; `persona-reviewer` is unchanged (one measures craft, one measures response). Mirrors Maskinrommet §C2.
- **Visual-assets gate BEFORE lock (v2.3)** — Step 7.5 decides image needs from the article type (method-heavy → 12 inline figures; diagnosis-heavy → cover only), briefs each image, generates via mcp-image or an external `cover-raw.png`, surfaces candidates with `SendUserFile`, and copies the approved one to the fixed `cover.png` name. Explicit `format: "carousel"` branch reusing `build-carousel.mjs`.
- **Blocking persona hard-fails (v2.2)**`persona-reviewer` + `personas.template.md` make primær «mistet meg», doesn't-own-the-action, sjargong-mur, and modell-/navne-katalog BLOCK-level rewrites, not annotations. The bar is the primær reader's *clean* JA.
- **Fact-check orthogonal to polish (v2.2)**`fact-checker` web-searches every post-cutoff claim (never confirms from memory) and runs an explicit checklist for person titles, org-varying "standards", over-credited studies, source scope, and founding/release years.
- **New `voice-scrubber` agent (v2.2, Opus)** — aggressive de-AI scrub (Pass 1) + Norwegian-chronicle voice-drift correction (Pass 2), calibrated to the **approved Norwegian editions** rather than the English post corpus; wired into Step 4. *New agent — requires a session reload before invokable.*
- **Render+annotate operator gates (v2.2)** — Steps 2.5/3a surface an annotatable `file://` review page (`build-html.mjs`) as the primary operator-review flow; `AskUserQuestion` becomes a receipt + fallback.
- **STATE.md-reconciled edition state (v2.2)** — narrative state in `<serie>/STATE.md` (auto-injected, overwritten each phase), machine state in `edition-state.json`; no separate `edition-HANDOVER.md`.
- **Skeleton gate BEFORE prose (v2.1)**`/linkedin:newsletter` Step 2.5 writes a five-line spine (premiss / problem / anbefaling / gevinst / vei videre) + one-line section pitches to `<serie>/NN-skjelett.md`. Operator-gate AND parallel persona-skjelett-sweep must both return JA before the pipeline can advance. Step 3a follows with spine prose (one paragraph per section) and its own operator-gate. Encodes the Maskinrommet writing-contract §A discipline into the pipeline.
- **Long-form `/linkedin:newsletter` orchestrator** — multi-session 14-phase pipeline (research → **skeleton + persona-skjelett-sweep****spine prose** → full prose draft → **de-AI/voice scrub** → fact-check sweep → persona sweep → annotation → **visual assets (cover/figures or carousel, BEFORE lock)** → lock → delivery → hook-gate) with maintained edition-state. Newsletter editions, essays, series articles
- **Three longform-quality gate agent modes**`fact-checker` (Opus, verifies every claim against primary sources) and `persona-reviewer` (Opus) with three modes: **`skjelett`** (Step 2.5, before prose), **`resonans`** (Step 6, before lock), **`konverter`** (Step 9, after lock)
- **Render pipeline in-plugin**`build-html.mjs`, `build-pdf.mjs`, `build-linkedin.mjs`, `build-carousel.mjs` with self-hosted Newsreader/Inter/JetBrains Mono under OFL-1.1
- **Guided onboarding**`/linkedin:onboarding` walks new users through profile → setup → first post in one flow
- **360Brew profile optimization** — audit your profile against LinkedIn's creator validation criteria
- **Full content pipeline** — ideation, drafting, publishing, 48-hour monitoring, and analytics
- **Content Matrix System** — 40+ post ideas from a single topic using 8 universal angles and 48 industry-specific variants
- **Voice training** — learns your authentic writing style and detects drift with 6-dimension scoring
- **Analytics pipeline** — import LinkedIn CSV exports, weekly/monthly reports, day-of-week heatmap
- **Growth strategy** — phase-specific guidance from foundation (0-1K followers) through authority (10K+)
- **Router gating**`/linkedin:monetize` and `/linkedin:outreach` soft-gate at ~1K followers, pointing earlier users at `/linkedin:strategy` first
- **Friction reduction (carried from v1.2.0)** — auto-clipboard on all content commands, max 2 interactive steps per post, deterministic state management, iCal batch scheduling
Key commands: `/linkedin:onboarding`, `/linkedin:post`, `/linkedin:quick`, `/linkedin:newsletter`, `/linkedin:carousel`, `/linkedin:report`
Key commands: `/linkedin:onboarding`, `/linkedin:post`, `/linkedin:quick`, `/linkedin:newsletter`, `/linkedin:carousel`, `/linkedin:react`, `/linkedin:report`
15 specialized agents · 24 commands · 6 skills · 9 hooks · 24 reference docs
→ [Full documentation](plugins/linkedin-studio/README.md)
19 agents · 26 commands · 6 skills · 9 hooks · [Full documentation →](plugins/linkedin-studio/README.md)
---
### [OKR for Public Sector](plugins/okr/) `v1.3.0` `🇳🇴 Norwegian`
Turn strategy into measurable goals. An AI coach that learns your organization, tracks progress across cycles, and guides you from first OKR to organizational mastery.
Turn strategy into measurable goals. An AI coach that learns your organization once, then builds on that knowledge so you spend time on strategy, not re-explaining context.
Most OKR tools explain methodology. This plugin *knows your organization*. After a one-time onboarding conversation, it remembers your maturity level, strategic goals, current OKR, and cultural challenges. Every interaction builds on that knowledge — so you spend time on strategy, not re-explaining context.
- **Strategy to OKR** — transform goals from virksomhetsplan or tildelingsbrev into well-structured OKR with quality checks and alignment scoring
- **Gap analysis**`/okr:gap` compares strategy documents against current OKR: what's covered, what's missing, what to do
- **Cross-cycle learning**`/okr:analyse` tracks score trends and recurring antipatterns across cycles with charts
- **19 antipattern detection** — catches sandbagging, activity-disguised-as-KR, set-and-forget, and 16 more
- **Built for norsk offentlig sektor** — 4-month tertials, DFO terminology, tillitsvalgt involvement, Riksrevisjon-ready documentation
- **Strategy to OKR** — transform goals from virksomhetsplan, tildelingsbrev, or any strategic document into well-structured OKR with guided writing, quality checks, and alignment scoring
- **Gap analysis**`/okr:gap` compares your strategic documents against current OKR and shows what's covered, what's missing, and what to do about it
- **Cross-cycle learning**`/okr:analyse` tracks score trends, recurring antipatterns, and alignment progress across cycles with visual charts
- **Proactive coaching** — automatically tells you where you are in the cycle and what to focus on — progress checks mid-cycle, retrospective prep near the end
- **19 antipattern detection** — catches sandbagging, activity-disguised-as-KR, set-and-forget, and 16 more named failure modes before they take root
- **Built for norsk offentlig sektor** — 4-month tertials, DFO terminology, tillitsvalgt involvement, Riksrevisjon-ready documentation, governance chain from Stortingsmelding to team OKR
Key commands: `/okr:skriv`, `/okr:kvalitet`, `/okr:gap`, `/okr:analyse`, `/okr:kaskade`, `/okr:governance`
Key commands: `/okr:skriv`, `/okr:kvalitet`, `/okr:gap`, `/okr:analyse`, `/okr:kaskade`, `/okr:sporing`, `/okr:governance`, `/okr:oppsett`
7 agents · 10 commands · 4 hooks · 16 reference docs
→ [Full documentation](plugins/okr/README.md)
7 agents · 10 commands · 4 hooks · [Full documentation →](plugins/okr/README.md)
---
### [Human-Friendly Style](plugins/human-friendly-style/) `v1.1.0`
Shared Claude Code [output style](https://code.claude.com/docs/en/output-styles) used across this marketplace. Gives every plugin a consistent, plain-language tone — so users don't have to switch mental gears when moving between plugins.
A shared Claude Code [output style](https://code.claude.com/docs/en/output-styles) used across this marketplace, so the conversation feels like dialog rather than a console dump.
- **Explains what and why, not how** — describes the work in human terms, reserves technical detail for when the user asks
- **Hides noise by default** — long paths, raw commands, JSON, stack traces, and verbose tool output are summarized rather than dumped
- **Always shows irreversible actions** — deploys, deletes, force-push, history rewrites, migrations, and bulk edits are shown verbatim before and after, even unprompted, so you can approve and audit
- **Matches the user's language** — Norwegian when the user writes Norwegian, English otherwise
- **Honest about uncertainty** — says "I think this should work" instead of pretending to be sure
- **Keeps coding instructions intact** (`keep-coding-instructions: true`) — testing discipline, careful edits, and verification still apply
- Explains what and why, not how — reserving technical detail for when you ask
- Hides noise by default — long paths, raw commands, JSON, and stack traces are summarized
- Always shows irreversible actions verbatim — deploys, deletes, force-push, migrations
- Matches your language (Norwegian or English) and is honest about uncertainty
Optional. Every other plugin in the marketplace works without it; this just makes the conversation feel more like dialog and less like a console dump.
Optional and works alongside every other plugin. Activate with `/config` → Output style → Human-Friendly.
Activate with `/config`**Output style****Human-Friendly**.
1 output style · 0 commands · 0 agents · 0 hooks
→ [Full documentation](plugins/human-friendly-style/README.md)
1 output style · [Full documentation →](plugins/human-friendly-style/README.md)
---
### [Claude Design](plugins/claude-design/) `v0.1.0`
End-to-end facilitator for prompting Claude Design (`claude.ai/design` — Anthropic's Labs research preview launched 2026-04-17, Opus 4.7 pinned). Walks the operator from raw idea through intent-preset selection, audience and destination clarification, DESIGN.md anchor, five-layer prompt drafting, copy-paste delivery, iteration coaching, and ship-readiness handoff. Output is the prompt; the artifact gets built in Claude Design.
End-to-end facilitator for prompting Claude Design (`claude.ai/design`). Walks you from raw idea through prompt drafting, delivery, and iteration coaching. The output is the prompt; the artifact gets built in Claude Design.
The plugin is the **pre-design and during-design** complement to Anthropic's official `knowledge-work-plugins/design` (`https://claude.com/plugins/design`). This plugin covers idea → prompt → iterate; Anthropic's plugin covers critique → accessibility → handoff. Zero command overlap by design — `tests/validate-plugin.sh` assertion (h) enforces the forbidden-command-name list mechanically.
- **Eight-phase flow** — disambiguate → intent preset → audience and destination → DESIGN.md anchor → five-layer prompt → delivery → iteration coaching → ship-readiness
- **Evidence-graded references** — five foundation plus eight per-preset references, each carrying an Anthropic-domain citation
- **Complements Anthropic's official design plugin** — this covers idea → prompt → iterate; theirs covers critique → handoff, with zero command overlap (enforced by test)
- **Eight-phase facilitation flow** — disambiguate surface → name intent preset → audience + destination → DESIGN.md anchor → five-layer prompt draft → copy-paste delivery → iteration coaching (Tweak / Comment / Chat cascade) → ship-readiness check
- **Five foundation references + eight per-preset references** with evidence-grade labels (`Anthropic-documented + community-validated`, `Community-only`, `Experimental` for `frontier-design`)
- **Authoritative-claims discipline** — every reference file carries ≥1 Anthropic-domain URL citation (`anthropic.com`, `claude.com`, `support.claude.com`, `platform.claude.com`, `github.com/anthropics`); `.coverage.md` is the canonical registry
- **`.coverage.md`** at plugin root enumerates the 8 intent presets with evidence-grade labels and the 13 authoritative-claims files; SC2 and SC3 read from it directly
- **5 test scripts + `verify.sh` roll-up** — plugin structure validation, SC1 dogfood-log format, SC2 per-preset coverage, SC3 citation discipline, skill description quality
1 skill (`claude-design-facilitator`) · 13 reference files · 5 tests · 0 commands · 0 agents · 0 hooks
→ [Full documentation](plugins/claude-design/README.md)
1 skill · 13 reference files · 5 tests · [Full documentation →](plugins/claude-design/README.md)
---
@ -305,20 +176,13 @@ The plugin is the **pre-design and during-design** complement to Anthropic's off
### [Playground Design System](shared/playground-design-system/) `v0.1`
Shared design system for plugin Playgrounds — visual self-service UIs that complement terminal slash-commands. Aksel/Digdir-aligned aesthetics, WCAG 2.1 AA compliance, light + dark themes, A4 print stylesheets with B/W severity patterns.
Shared design system for plugin Playgrounds — the visual self-service UIs that complement terminal slash-commands. Aksel/Digdir-aligned, WCAG 2.1 AA, light + dark themes, print-ready. Used by `ms-ai-architect`, `okr`, `llm-security`, `voyage`, and `config-audit`.
Targets five plugins: `ms-ai-architect`, `okr`, `llm-security`, `voyage`, `config-audit`. Built for Norwegian public sector decision-makers (kommunaldirektører, sikkerhetsoffiserer, OKR-koordinatorer) plus developer power-users — one visual family, two information densities.
- **Tokens and components** — self-hosted fonts (OFL 1.1), a deuteranopia-safe severity ramp, and Tier 13 components: radar, matrix-heatmap, findings-browser, AI Act pyramid and timeline, maturity-ladder, and more
- **Privacy-first** — all fonts self-hosted, zero CDN requests, works offline and behind air-gapped firewalls
- **Vendoring sync**`scripts/sync-design-system.mjs <plugin>` keeps each plugin standalone; a SHA-256 manifest detects local drift
- **Tokens** — Inter/JetBrains Mono/Source Serif 4 (all self-hosted, OFL 1.1), body 17px, Digdir blue `#0062BA`, deuteranopia-safe severity ramp, distinct severity-red vs failure-red, plugin-scope colors, semantic CSS custom properties
- **Tier 1 components** — radar/spider, 5×5 matrix-heatmap (bottom-left origin, ROS/DPIA), findings-browser, critique-card, wizard/stepper, live-meter with antipattern lints
- **Tier 2 components** — decision-tree (AI Act 4-step), traffic-lights, diff-review, treemap (token hotspots), distribution P10/P50/P90, command-pipeline output, AI Act 4-color pyramide, pipeline-cockpit, verdict-pill + 5-band risk-meter, codepoint-reveal (Unicode steganography), small-multiples grid (16-category posture without overcrowded radar), OWASP badges (LLM/ASI/AST/MCP)
- **Tier 3 components (wave 1+2, 20 total)** — pair-before-after, AI Act timeline, 3-track entry, FRIA rights-matrix, capability-matrix, parallel-agent-status, ErrorSummary, GuidePanel, toxic-flow chain, fleet-overview, kanban Keep/Review/Remove, maturity-ladder, classify-and-transform, cycle-ribbon, persistent-antipattern, suppressed-signals, ExpansionCard, ReadMore, FormProgress, Aspirational-vs-Committed
- **JSON schemas**`finding.schema.json`, `okr-set.schema.json`, `ros-threat.schema.json` for cross-plugin data interchange
- **Privacy-first** — all fonts self-hosted as woff2 in `fonts/`, zero external CDN requests, GDPR-safe for offentlig sektor, works offline / behind air-gapped firewalls
- **Reference scenarios** — Lier kommune ROS-rapport (ms-ai-architect), Bærum kommune T2 OKR live-writer, Direktoratet for digital tjenesteutvikling ToxicSkills findings review (85 funn, BLOCK)
- **Vendoring sync**`scripts/sync-design-system.mjs <plugin>` copies the design-system into `plugins/<name>/playground/vendor/` so each plugin stays standalone. SHA-256 MANIFEST detects local drift; `--force` to override. First adopter: `ms-ai-architect` (2026-05-03).
→ [Full documentation](shared/playground-design-system/README.md) · [Browse showcase](shared/playground-examples/index.html)
[Full documentation →](shared/playground-design-system/README.md) · [Browse showcase](shared/playground-examples/index.html)
---