open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/README.md
Kjell Tore Guttormsen 1634197853 feat(ultraplan-local): v2.1.0 — dynamic quality-gated interview 
Replace hardcoded Q1-Q8 in /ultrabrief-local with a section-driven
completeness loop (Phase 3) and a draft/review/revise loop with
brief-reviewer as stop-gate (Phase 4). Quality drives the interview,
not a question counter.

brief-reviewer now emits a machine-readable JSON block with per-dimension
scores (1-5) and detail arrays alongside the existing prose report;
planning-orchestrator continues to consume the prose verdict unchanged.

Phase 4 gate: all dimensions >= 4 AND research_plan = 5. On fail, a
targeted follow-up is generated from the weakest dimension's detail
field and the draft is re-reviewed. Max 3 review iterations bound cost;
exhaustion writes brief.md with brief_quality: partial and an explicit
Brief Quality section. Force-stop surfaces per-dimension findings before
the user chooses continue or partial.

Not breaking. /ultrabrief-local [--quick] <task> interface unchanged.
--quick now means compact start with escalation, not a max-N cap.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 09:43:43 +02:00

174 lines
13 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ktg-plugin-marketplace
Open-source Claude Code plugins for AI-assisted development, security, and planning.
Built for my own Claude Code workflow and shared openly for anyone who finds them useful. Solo project — bug reports and feature requests are welcome, pull requests are not accepted.
## Installation
```bash
claude plugin marketplace add https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git
```
Then open Claude Code and type `/plugin` to browse and install plugins from the marketplace.
## Compatibility
- Claude Code CLI, desktop app, and IDE extensions
- macOS, Linux, Windows
- No external dependencies (all scanners and hooks are self-contained)
---
## Plugins
### [LLM Security](plugins/llm-security/) `v6.5.0`
Security scanning, auditing, and threat modeling for agentic AI projects.
Built on OWASP LLM Top 10 (2025), OWASP Agentic AI Top 10, and the AI Agent Traps taxonomy (Google DeepMind, 2025). Three layers of protection:
- **Automated enforcement** — 9 hooks that block dangerous operations in real time (prompt injection, secrets in code, destructive commands, supply chain guardrails, transcript scanning before context compaction)
- **Deterministic scanning** — 22 Node.js scanners (10 orchestrated + 12 standalone) for byte-level analysis: Shannon entropy, Unicode codepoints, typosquatting detection, taint flow, DNS resolution, git forensics, AI-BOM, attack simulation, IDE extension prescan (URL fetch from Marketplace / OpenVSX / direct VSIX, hardened ZIP extractor for zip-slip / symlinks / bombs, plus OS sandbox via `sandbox-exec` / `bwrap` so the kernel enforces FS confinement). Bash-normalize T1-T6 for obfuscation-resistant denylists
- **Advisory analysis** — 19 commands that scan, audit, and model threats with structured reports, letter grades, and actionable remediation
- **Enterprise governance** — Compliance mapping (EU AI Act, NIST AI RMF, ISO 42001), SARIF 2.1.0 output, structured audit trail, policy-as-code, standalone CLI
- **Opus 4.7 aligned** — Agent instructions rewritten for literal instruction-following (system card §6.3.1.1), defense-in-depth posture per §5.2.1, production hardening guide
Key commands: `/security posture`, `/security audit`, `/security scan`, `/security ide-scan`, `/security threat-model`, `/security plugin-audit`
6 specialized agents · 22 scanners · 9 hooks · 19 knowledge docs · 1352 tests
→ [Full documentation](plugins/llm-security/README.md)
---
### [Config-Audit](plugins/config-audit/) `v3.1.0`
Configuration intelligence for Claude Code — health checks, feature discovery, auto-fix, and active-config inventory.
Claude Code reads instructions from 7+ file types across multiple scopes. This plugin tells you what's wrong, what's missing, what's silently conflicting, and now — what's actually loaded:
- **Health** — 7 deterministic scanners verify correctness across every configuration file (broken imports, deprecated settings, conflicting rules, permission contradictions)
- **Opportunities** — context-aware recommendations for Claude Code features you're not using
- **Action** — auto-fix with mandatory backups, syntax validation, rollback support, and human-in-the-loop workflow
- **What's active** — read-only inventory of plugins, skills, MCP servers, hooks, and CLAUDE.md cascade for a repo, with token estimates
Key commands: `/config-audit posture`, `/config-audit feature-gap`, `/config-audit fix`, `/config-audit whats-active`
6 agents · 8 scanners · 16 commands · 522+ tests
→ [Full documentation](plugins/config-audit/README.md)
---
### [Ultra {brief | research | plan | execute} - local](plugins/ultraplan-local/) `v2.1.0`
Deep requirements gathering, research, implementation planning, and self-verifying execution with specialized agent swarms, adversarial review, and failure recovery.
Four commands, one pipeline with clear division of labor:
- **`/ultrabrief-local`** — Capture intent. Dynamic, quality-gated interview: a section-driven completeness loop (Phase 3) followed by a `brief-reviewer` stop-gate (Phase 4, max 3 review iterations). Required sections must reach an initial-signal gate AND pass review across completeness, consistency, testability, scope clarity, and research-plan validity before `brief.md` is written. Identifies research topics with copy-paste-ready `/ultraresearch-local` commands. Optional auto-orchestration runs research + planning in foreground. Always interactive.
- **`/ultraresearch-local`** — Gather context. Deep multi-source research with triangulation: 5 local agents + 4 external agents + Gemini bridge, producing structured briefs with confidence ratings. Makes no build decisions.
- **`/ultraplan-local`** — Transform intent into an executable contract. Per-step YAML manifests (`expected_paths`, `commit_message_pattern`, `bash_syntax_check`). Plan-critic is a hard gate on manifest quality. Requires a task brief as input (`--brief` or `--project`).
- **`/ultraexecute-local`** — Execute the contract disciplined. Manifest-based verification, independent Phase 7.5 audit from git log + filesystem (ignores agent bookkeeping), Phase 7.6 bounded recovery dispatch for missing steps. Step 0 pre-flight catches sandbox push-denial before any work. `--validate` mode offers a fast schema-only sanity-check between planning and execution.
All artifacts land in one project directory: `.claude/projects/{YYYY-MM-DD}-{slug}/` contains `brief.md`, `research/NN-*.md`, `plan.md`, `sessions/`, and `progress.json`. `--project <dir>` works across `/ultraresearch-local`, `/ultraplan-local`, and `/ultraexecute-local`.
v2.1 (non-breaking) replaces the hardcoded Q1Q8 interview with a dynamic, quality-gated loop; `brief-reviewer` now emits machine-readable per-dimension JSON scores so `/ultrabrief-local` can use it as an internal stop-gate. v2.0 extracts the interview from planning: briefs are reviewable artifacts with explicit intent, research plan, and falsifiable success criteria — each a contract that downstream agents (`brief-reviewer`, `plan-critic`, `scope-guardian`) can validate independently. v2.0 is breaking: `/ultraplan-local` no longer runs an interview and requires `--brief` or `--project`. See `plugins/ultraplan-local/MIGRATION.md`.
v1.7 self-verifying chain (preserved): a step may not be marked `completed` unless its manifest verifies. v1.8 Opus 4.7 literalism fixes (preserved): literal Step+Manifest template, forbidden narrative headers, schema self-check.
Defense-in-depth security: plugin hooks block destructive commands and sensitive path writes, prompt-level denylist works in headless sessions, pre-execution plan scan catches dangerous commands before they run, scoped `--allowedTools` replaces `--dangerously-skip-permissions` in parallel sessions.
Modes: default, brief-driven, project-scoped, research-enriched, foreground, quick, decompose, export
19 specialized agents · 4 commands · 2 security hooks · No cloud dependency
→ [Full documentation](plugins/ultraplan-local/README.md) · [Migration guide](plugins/ultraplan-local/MIGRATION.md)
---
### [AI Psychosis](plugins/ai-psychosis/) `v1.0.0`
Meta-awareness tools that counteract sycophancy, reinforcement loops, and compulsive AI interaction patterns.
AI assistants are structurally optimized to be agreeable. This creates reinforcement loops where productive collaboration is often a mirror showing you what you want to see. Research documents psychotic episodes triggered by sustained AI interaction in individuals with no prior psychiatric history.
- **Layer 1 — Behavioral instructions** — SKILL.md rules that modify Claude's behavior: no unearned affirmations, mandatory risk identification, pattern naming
- **Layer 2 — Programmatic detection** — 4 hooks that measure session duration, dependency language, rapid-fire bursts, edit ratios, and late-night usage with progressive alerts
- **Layer 3 — Interaction reports** — `/interaction-report` slash command for aggregated session statistics across configurable timeframes (weekly, monthly, all-time). Opt-in
- **Layer 4 — Contemplative references** — optional references to contemplative approaches when interaction flags are elevated. Opt-in
Research-informed thresholds. Alerts are progressive and never blocking. Privacy-first: prompt text is never logged. Layers 3 and 4 are off by default.
1 skill · 1 command · 4 hooks
→ [Full documentation](plugins/ai-psychosis/README.md)
---
### [MS AI Architect — Azure AI and Microsoft Foundry](plugins/ms-ai-architect/) `v1.8.0` `🇳🇴 Norwegian`
Microsoft AI solution architecture guidance for Norwegian public sector and enterprise.
Meet Cosmo Skyberg — a structured architect persona who understands the problem before recommending technology. Every recommendation is grounded in 387 reference documents and verified against live Microsoft Learn documentation via MCP:
- **Structured advisory** — 7-phase methodology from business need to architecture recommendation and optional diagram
- **Regulatory assessments** — ROS analysis (NS 5814), DPIA/PVK, security scoring (6×5), EU AI Act classification, cost estimation in NOK (P10/P50/P90)
- **Norwegian public sector** — Digdir architecture principles, Utredningsinstruksen, NSM, Schrems II data residency, EU AI Act compliance workflow
- **Automated freshness** — sitemap-based change detection polls Microsoft Learn weekly, flags which reference files need updating based on source page changes, and discovers new relevant pages
Key commands: `/architect`, `/architect:ros`, `/architect:security`, `/architect:dpia`, `/architect:utredning`, `/architect:cost`
12 specialized agents · 24 commands · 5 skills (387 reference docs) · 2 hooks · sitemap-based KB monitoring
→ [Full documentation](plugins/ms-ai-architect/README.md)
---
### [LinkedIn Thought Leadership](plugins/linkedin-thought-leadership/) `v1.2.0`
Build authentic LinkedIn authority through algorithmic understanding, strategic consistency, and AI-assisted content creation.
Updated for the January 2026 360Brew algorithm change, which validates your creator profile before distributing content. v1.2.0 reduces friction: auto-clipboard on all content commands, max 2 interactive steps per post, deterministic state management, MCP image carousel pipeline, progressive onboarding, and iCal calendar integration for batch scheduling.
- **Guided onboarding** — `/linkedin:onboarding` walks new users through profile → setup → first post in one flow
- **360Brew profile optimization** — audit your profile against LinkedIn's creator validation criteria
- **Full content pipeline** — ideation, drafting, publishing, 48-hour monitoring, and analytics
- **Content Matrix System** — 40+ post ideas from a single topic using 8 universal angles and 48 industry-specific variants
- **Voice training** — learns your authentic writing style and detects drift with 6-dimension scoring
- **Analytics pipeline** — import LinkedIn CSV exports, weekly/monthly reports, day-of-week heatmap
- **Growth strategy** — phase-specific guidance from foundation (0-1K followers) through authority (10K+)
Key commands: `/linkedin:onboarding`, `/linkedin:post`, `/linkedin:quick`, `/linkedin:carousel`, `/linkedin:react`, `/linkedin:report`
16 specialized agents · 27 commands · 6 skills · 9 hooks · 24 reference docs
→ [Full documentation](plugins/linkedin-thought-leadership/README.md)
---
### [OKR for Public Sector](plugins/okr/) `v1.3.0` `🇳🇴 Norwegian`
Turn strategy into measurable goals. An AI coach that learns your organization, tracks progress across cycles, and guides you from first OKR to organizational mastery.
Most OKR tools explain methodology. This plugin *knows your organization*. After a one-time onboarding conversation, it remembers your maturity level, strategic goals, current OKR, and cultural challenges. Every interaction builds on that knowledge — so you spend time on strategy, not re-explaining context.
- **Strategy to OKR** — transform goals from virksomhetsplan, tildelingsbrev, or any strategic document into well-structured OKR with guided writing, quality checks, and alignment scoring
- **Gap analysis** — `/okr:gap` compares your strategic documents against current OKR and shows what's covered, what's missing, and what to do about it
- **Cross-cycle learning** — `/okr:analyse` tracks score trends, recurring antipatterns, and alignment progress across cycles with visual charts
- **Proactive coaching** — automatically tells you where you are in the cycle and what to focus on — progress checks mid-cycle, retrospective prep near the end
- **19 antipattern detection** — catches sandbagging, activity-disguised-as-KR, set-and-forget, and 16 more named failure modes before they take root
- **Built for norsk offentlig sektor** — 4-month tertials, DFO terminology, tillitsvalgt involvement, Riksrevisjon-ready documentation, governance chain from Stortingsmelding to team OKR
Key commands: `/okr:skriv`, `/okr:kvalitet`, `/okr:gap`, `/okr:analyse`, `/okr:kaskade`, `/okr:sporing`, `/okr:governance`, `/okr:oppsett`
7 agents · 10 commands · 4 hooks · 16 reference docs
→ [Full documentation](plugins/okr/README.md)
---
## License
MIT
Reference in a new issue View git blame Copy permalink