ktg-plugin-marketplace/plugins/ms-ai-architect/docs/onboarding-ros-analysis.md

# From Clone to PR: Building ROS Analysis for ms-ai-architect

Step-by-step guide for **Windows**. Start at Step 1, end with a PR containing a complete ROS analysis feature.

## Prerequisites

- [Node.js](https://nodejs.org/) (LTS) — required for Claude Code and MCP servers
- [Git for Windows](https://git-scm.com/download/win) — includes Git Bash (needed for test scripts)
- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) — `npm install -g @anthropic-ai/claude-code`
## Step 1: Clone and Register

Open PowerShell:

```powershell
# Create the marketplace directory
New-Item -ItemType Directory -Force -Path "$env:USERPROFILE\.claude\plugins\marketplaces"

# Clone
git clone https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git "$env:USERPROFILE\.claude\plugins\marketplaces\ktg-plugin-marketplace"
```

Edit `%USERPROFILE%\.claude\settings.json` (create if it doesn't exist):

```json
{
  "enabledPlugins": {
    "ms-ai-architect@ktg-plugin-marketplace": true
  },
  "mcpServers": {
    "microsoft-learn": {
      "command": "npx",
      "args": ["-y", "@nicobailey/microsoft-learn-mcp-server"]
    }
  }
}
```

> **Tip:** Open the file with `notepad $env:USERPROFILE\.claude\settings.json`

## Step 2: Verify

```powershell
cd "$env:USERPROFILE\.claude\plugins\marketplaces\ktg-plugin-marketplace"
claude
```

You should see:
```
Architect: Ingen virksomhetstilpasning. Kjor /architect:onboard (~5 min).
```

Type `/architect:help` — if you see a list of commands, the plugin works.

## Step 3: Create a Branch

```powershell
git checkout -b feat/ros-analysis
```

## Step 4: Read the Pattern Files

Before writing anything, ask Claude to read these files. They are the patterns your ROS implementation must follow:

```
Read these files:
- plugins/ms-ai-architect/commands/dpia.md
- plugins/ms-ai-architect/agents/dpia-agent.md
- plugins/ms-ai-architect/agents/security-assessment-agent.md
- plugins/ms-ai-architect/skills/ms-ai-security/references/ai-security-engineering/security-scoring-rubrics-6x5.md
- plugins/ms-ai-architect/CLAUDE.md
```

Key patterns to understand:
- **Command** (`dpia.md`): collects context via dialog, then delegates to agent via `Task`
- **Agent** (`dpia-agent.md`): phased methodology, KB-routing to reference files, structured output
- **Scoring** (`security-scoring-rubrics-6x5.md`): deterministic rubrics with checkpoints per cell

## Step 5: Plan the Implementation

This is the critical step. Type `plan` first, then your prompt:

```
plan Build a professional ROS analysis feature for the ms-ai-architect
plugin. It needs: a /architect:ros command, a ros-analysis-agent,
knowledge base files (threat library, scoring rubrics, sector checklists,
methodology guide, report templates, integration guide), E2E tests,
and updates to CLAUDE.md + help.md + SKILL.md.

Follow the patterns in dpia.md, dpia-agent.md, and
security-scoring-rubrics-6x5.md exactly.
```

Claude will explore the codebase and produce a detailed plan listing every file to create/modify. **Review the plan carefully.** The plan should include roughly:

- **~10 new files**: command, agent, 6 knowledge base references, test script, test fixture
- **~5 modified files**: CLAUDE.md, help.md, SKILL.md, summary-agent.md, run-e2e.sh

When satisfied, approve the plan. Claude implements exactly what was approved — nothing more.

## Step 6: Verify

After implementation, run validation in **Git Bash** (not PowerShell — the test scripts are bash):

```bash
# Open Git Bash from Start menu, then:
cd ~/.claude/plugins/marketplaces/ktg-plugin-marketplace

# Plugin structure validation
bash plugins/ms-ai-architect/tests/validate-plugin.sh

# E2E tests (no Claude invocation needed)
bash plugins/ms-ai-architect/tests/run-e2e.sh --ros
```

> **Note:** Alternatively, ask Claude to run the tests for you — Claude's built-in Bash tool handles this on Windows.

Fix any failures before proceeding.

## Step 7: Commit and PR

Ask Claude:

```
Commit all changes and create a PR to main
```

Commit message convention: `feat(architect): add ROS analysis command and agent`

CLAUDE.md must be updated in the same commit as the new functionality.

## What the Final PR Should Contain

| Type | Files | Description |
|------|-------|-------------|
| Command | `commands/ros.md` | `/architect:ros` with quick and full mode |
| Agent | `agents/ros-analysis-agent.md` | Multi-phase ROS with scoring rubrics |
| KB: Threats | `references/.../ros-ai-threat-library.md` | ~45 AI-specific threats |
| KB: Scoring | `references/.../ros-scoring-rubrics-7x5.md` | Deterministic rubrics (7 dimensions x 5 levels) |
| KB: Sectors | `references/.../ros-sector-checklists.md` | Health, transport, finance, justice, education |
| KB: Methodology | `references/.../ros-methodology-ns5814-iso31000.md` | NS 5814 / ISO 31000 process mapping |
| KB: Templates | `references/.../ros-report-templates.md` | Quick and full report templates |
| KB: Integration | `references/.../ros-dpia-security-integration.md` | When to use ROS vs DPIA vs Security |
| Tests | `tests/test-ros-output.sh` + `tests/fixtures/ros-analysis/` | E2E structure validation |
| Docs | CLAUDE.md, help.md, SKILL.md, summary-agent.md, run-e2e.sh | Updated tables and references |

## Quick Reference

| Action | How |
|--------|-----|
| See all commands | Type `/` and scroll |
| Plan mode | Type `plan` before your prompt |
| Auto-accept tool calls | Shift+Tab |
| Cancel | Esc |
| New conversation | `/clear` |
| Context usage | `/cost` |