bd22b29a21
README.md: badges updated (1.7.0/387/12), installation URL updated to ktg-plugin-marketplace, added ai-act-assessor to agent table, updated skill ref counts, updated hooks section, updated category-skill-map path. CLAUDE.md: fix agent model column (sonnet->opus), remove Linear section, fix manual test path to generic placeholder. commands/generate-skills.md: orchestrator paths updated to scripts/skill-gen. commands/export.md: add Bash scope guardrail (security scan finding). docs: replace GitHub and ktg-privat URLs with Forgejo, replace personal paths. scripts/skill-gen/manifest.json: rename ktg-privat ID. skills: remove Linear tagging reference, add supply chain warnings. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
5.4 KiB
From Clone to PR: Building ROS Analysis for ms-ai-architect
Step-by-step guide for Windows. Start at Step 1, end with a PR containing a complete ROS analysis feature.
Prerequisites
- Node.js (LTS) — required for Claude Code and MCP servers
- Git for Windows — includes Git Bash (needed for test scripts)
- Claude Code —
npm install -g @anthropic-ai/claude-code
Step 1: Clone and Register
Open PowerShell:
# Create the marketplace directory
New-Item -ItemType Directory -Force -Path "$env:USERPROFILE\.claude\plugins\marketplaces"
# Clone
git clone https://git.fromaitochitta.com/open/ktg-plugin-marketplace.git "$env:USERPROFILE\.claude\plugins\marketplaces\ktg-plugin-marketplace"
Edit %USERPROFILE%\.claude\settings.json (create if it doesn't exist):
{
"enabledPlugins": {
"ms-ai-architect@ktg-plugin-marketplace": true
},
"mcpServers": {
"microsoft-learn": {
"command": "npx",
"args": ["-y", "@nicobailey/microsoft-learn-mcp-server"]
}
}
}
Tip: Open the file with
notepad $env:USERPROFILE\.claude\settings.json
Step 2: Verify
cd "$env:USERPROFILE\.claude\plugins\marketplaces\ktg-plugin-marketplace"
claude
You should see:
Architect: Ingen virksomhetstilpasning. Kjor /architect:onboard (~5 min).
Type /architect:help — if you see a list of commands, the plugin works.
Step 3: Create a Branch
git checkout -b feat/ros-analysis
Step 4: Read the Pattern Files
Before writing anything, ask Claude to read these files. They are the patterns your ROS implementation must follow:
Read these files:
- plugins/ms-ai-architect/commands/dpia.md
- plugins/ms-ai-architect/agents/dpia-agent.md
- plugins/ms-ai-architect/agents/security-assessment-agent.md
- plugins/ms-ai-architect/skills/ms-ai-security/references/ai-security-engineering/security-scoring-rubrics-6x5.md
- plugins/ms-ai-architect/CLAUDE.md
Key patterns to understand:
- Command (
dpia.md): collects context via dialog, then delegates to agent viaTask - Agent (
dpia-agent.md): phased methodology, KB-routing to reference files, structured output - Scoring (
security-scoring-rubrics-6x5.md): deterministic rubrics with checkpoints per cell
Step 5: Plan the Implementation
This is the critical step. Type plan first, then your prompt:
plan Build a professional ROS analysis feature for the ms-ai-architect
plugin. It needs: a /architect:ros command, a ros-analysis-agent,
knowledge base files (threat library, scoring rubrics, sector checklists,
methodology guide, report templates, integration guide), E2E tests,
and updates to CLAUDE.md + help.md + SKILL.md.
Follow the patterns in dpia.md, dpia-agent.md, and
security-scoring-rubrics-6x5.md exactly.
Claude will explore the codebase and produce a detailed plan listing every file to create/modify. Review the plan carefully. The plan should include roughly:
- ~10 new files: command, agent, 6 knowledge base references, test script, test fixture
- ~5 modified files: CLAUDE.md, help.md, SKILL.md, summary-agent.md, run-e2e.sh
When satisfied, approve the plan. Claude implements exactly what was approved — nothing more.
Step 6: Verify
After implementation, run validation in Git Bash (not PowerShell — the test scripts are bash):
# Open Git Bash from Start menu, then:
cd ~/.claude/plugins/marketplaces/ktg-plugin-marketplace
# Plugin structure validation
bash plugins/ms-ai-architect/tests/validate-plugin.sh
# E2E tests (no Claude invocation needed)
bash plugins/ms-ai-architect/tests/run-e2e.sh --ros
Note: Alternatively, ask Claude to run the tests for you — Claude's built-in Bash tool handles this on Windows.
Fix any failures before proceeding.
Step 7: Commit and PR
Ask Claude:
Commit all changes and create a PR to main
Commit message convention: feat(architect): add ROS analysis command and agent
CLAUDE.md must be updated in the same commit as the new functionality.
What the Final PR Should Contain
| Type | Files | Description |
|---|---|---|
| Command | commands/ros.md |
/architect:ros with quick and full mode |
| Agent | agents/ros-analysis-agent.md |
Multi-phase ROS with scoring rubrics |
| KB: Threats | references/.../ros-ai-threat-library.md |
~45 AI-specific threats |
| KB: Scoring | references/.../ros-scoring-rubrics-7x5.md |
Deterministic rubrics (7 dimensions x 5 levels) |
| KB: Sectors | references/.../ros-sector-checklists.md |
Health, transport, finance, justice, education |
| KB: Methodology | references/.../ros-methodology-ns5814-iso31000.md |
NS 5814 / ISO 31000 process mapping |
| KB: Templates | references/.../ros-report-templates.md |
Quick and full report templates |
| KB: Integration | references/.../ros-dpia-security-integration.md |
When to use ROS vs DPIA vs Security |
| Tests | tests/test-ros-output.sh + tests/fixtures/ros-analysis/ |
E2E structure validation |
| Docs | CLAUDE.md, help.md, SKILL.md, summary-agent.md, run-e2e.sh | Updated tables and references |
Quick Reference
| Action | How |
|---|---|
| See all commands | Type / and scroll |
| Plan mode | Type plan before your prompt |
| Auto-accept tool calls | Shift+Tab |
| Cancel | Esc |
| New conversation | /clear |
| Context usage | /cost |