feat: initial open marketplace with llm-security, config-audit, ultraplan-local

plugins/config-audit/commands/implement.md

@@ -0,0 +1,132 @@
+---
+name: config-audit:implement
+description: Phase 5 - Execute action plan with backups and verification
+allowed-tools: Read, Write, Edit, Bash, Agent, AskUserQuestion
+model: opus
+---
+
+# Config-Audit: Implementation (Phase 5)
+
+Execute the action plan with full backup, verification, and rollback support.
+
+## Prerequisites
+
+- Must have completed Phase 4 (plan)
+- Action plan at `~/.claude/config-audit/sessions/{session-id}/action-plan.md`
+
+## Implementation
+
+### Step 1: Load and verify
+
+Find the most recent session with a plan. If none: "No action plan found. Run `/config-audit plan` first."
+
+Read the action plan and count actions. Tell the user:
+
+```
+## Implementing Action Plan
+
+Found {N} actions to execute across {M} files.
+A backup will be created before any changes are made.
+```
+
+### Step 2: Get user approval
+
+```
+AskUserQuestion:
+  question: "Ready to implement {N} actions? Backup created automatically — you can roll back with one command."
+  options:
+    - "Yes, proceed"
+    - "Review plan first" (then show the plan file path)
+    - "Cancel"
+```
+
+### Step 3: Create backup
+
+Create backup silently:
+
+```bash
+mkdir -p ~/.claude/config-audit/backups/$(date +%Y%m%d_%H%M%S)/files/ 2>/dev/null
+```
+
+Copy each file to be modified. Generate `manifest.yaml` with checksums.
+
+Tell the user: **"Backup created. Implementing actions..."**
+
+### Step 4: Execute actions
+
+Group actions by dependencies. For each group, spawn implementer agents (batch of 3):
+
+```
+Agent(subagent_type: "config-audit:implementer-agent")
+  model: sonnet
+  prompt: |
+    Execute action: {action-id}
+    File: {file-path}, Type: {create|modify|delete}
+    Details: {changes}
+    Verify backup exists, make change, validate syntax.
+    Append result to: ~/.claude/config-audit/sessions/{session-id}/implementation-log.md
+```
+
+Show progress between groups:
+
+```
+Action 1/N: {title} — done
+Action 2/N: {title} — done
+...
+```
+
+### Step 5: Verify results
+
+Spawn verifier agent:
+
+```
+Agent(subagent_type: "config-audit:verifier-agent")
+  model: sonnet (note: using sonnet, not haiku)
+  prompt: |
+    Verify all changes from implementation:
+    1. Modified files exist and are syntactically valid
+    2. New files created correctly
+    3. No new conflicts introduced
+    Report to: ~/.claude/config-audit/sessions/{session-id}/implementation-log.md
+```
+
+If verifier finds issues: one retry with implementer agent. If still failing: report and suggest rollback.
+
+### Step 6: Present results
+
+```markdown
+### Implementation Complete
+
+**{succeeded} succeeded** | {failed} failed | {skipped} skipped
+
+{If score improved, run quick posture and show:}
+Score impact: {old_grade} → {new_grade} (+{delta} points)
+
+{If failed > 0:}
+{failed} action(s) couldn't be completed — see log for details.
+
+**Backup location:** `~/.claude/config-audit/backups/{timestamp}/`
+**Rollback:** `/config-audit rollback {timestamp}`
+**Full log:** `~/.claude/config-audit/sessions/{session-id}/implementation-log.md`
+```
+
+### Step 7: Update state
+
+Update `state.yaml` with `current_phase: "implement"`, `next_phase: null`.
+
+## Rollback
+
+If the user requests rollback at any point:
+1. Read `manifest.yaml` from backup
+2. Restore each file and verify checksums
+3. Delete newly created files
+4. Update state to `rolled_back`
+
+## Error Handling
+
+| Error | What happens |
+|-------|-------------|
+| Permission denied | Skip action, log it, continue with others |
+| File not found | Skip action, log it, continue |
+| Invalid syntax after edit | Rollback that single file, log, continue |
+| Critical failure | Offer full rollback |