anthropics/claude-plugins-official
1
0
Fork 0
mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-06-13 22:26:03 -03:00
Code Issues Packages Projects Releases Wiki Activity

code-modernization: vendor d3, viewer robustness, status command, pipeline fixes

Browse Source 
Viewer (assets/topology-viewer.html):
- inline a minified d3 subset (hierarchy/pack, zoom, selection,
  interpolateZoom, ease; ISC license) instead of loading from a CDN —
  the page is now fully self-contained and works on air-gapped networks
- handle duplicate node ids (unique-suffix; edges bind to the first
  occurrence) and store parent references directly, fixing
  level-of-detail and selection corruption with messy generated data
- share one reveal rule between drawing, edge culling, and hit-testing
  so edges no longer draw into collapsed containers
- pre-bucket edges by kind and keep a per-node adjacency map; the
  hover/selection pass no longer scans every edge each frame
- cancel in-flight fly-to animations when a new one starts; clamp
  fly-to zoom to the zoom extent; derive max zoom from the smallest
  leaf so deep estates stay reachable
- render dead-end candidates (new deadEnds field) with a dashed
  outline and a sidebar badge
- clicking a node during a flow walkthrough exits the walkthrough;
  search results clear on selection and Escape; surrogate-safe label
  truncation; clearer stats line; explicit empty-topology message

Commands:
- new /modernize-status: read-only progress report — artifact inventory
  with timestamps, staleness flags, secrets-hygiene checks, next step
- map: deadEnds in the topology schema; datastore names must be logical
  identifiers with credentials stripped from URLs/DSNs
- brief: read topology.json + .mmd files (not the interactive HTML);
  staleness check against inputs; effort unit aligned to person-months
- transform: secret-safe characterization-test prompt; diff -y fallback
  when delta is missing; credential-safe diff selection
- reimagine: target vision is everything after the first argument (was
  silently truncated to one word); masking rules in spec/scaffold/
  handoff prompts
- brief/transform/reimagine: human-approval gates phrased as explicit
  stop-and-wait instead of 'enter plan mode'
- preflight: delta in the tool table; brief added to the verdict list
- README: preflight/status in the workflow; legacy/ deny list also
  covers Write; plugin + marketplace descriptions updated
This commit is contained in:
Morgan Lunt 2026-06-08 15:36:03 -07:00
parent 8745968186
commit bec8d7c93a
No known key found for this signature in database
10 changed files with 248 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
.claude-plugin/marketplace.json
View File

@ -25,7 +25,7 @@
},
{
"name": "adobe-for-creativity",
"description": "Harness Adobe's creative AI-powered tools to edit images, automate design workflows, and bring creative visions to life from background removal to vectorization and professional retouching.",
"description": "Harness Adobe's creative AI-powered tools to edit images, automate design workflows, and bring creative visions to life \u2014 from background removal to vectorization and professional retouching.",
"author": {
"name": "Adobe"
},
@ -52,7 +52,7 @@
},
{
"name": "agentforce-adlc",
"description": "Agentforce Agent Development Life Cycle author, discover, scaffold, deploy, test, and optimize .agent files",
"description": "Agentforce Agent Development Life Cycle \u2014 author, discover, scaffold, deploy, test, and optimize .agent files",
"category": "development",
"source": {
"source": "url",
@ -73,7 +73,7 @@
},
{
"name": "aikido",
"description": "Aikido Security scanning for Claude Code SAST, secrets, and IaC vulnerability detection powered by the Aikido MCP server.",
"description": "Aikido Security scanning for Claude Code \u2014 SAST, secrets, and IaC vulnerability detection powered by the Aikido MCP server.",
"source": {
"source": "url",
"url": "https://github.com/AikidoSec/aikido-claude-plugin.git",
@ -83,7 +83,7 @@
},
{
"name": "airtable",
"description": "Airtable is the database and operations layer for your agents whether running product, marketing, sales, ops, HR, or a custom business app. It combines structured data with multiplayer visual surfaces (grid, kanban, calendar, gallery, timeline) humans and agents share plus sync integrations to Jira, Salesforce, Zendesk, Google Drive, Databricks, and the rest of your stack, all backed by enterprise governance. This plugin makes Claude fluent in Airtable: creating bases and schema, working with records, and sharing UI for collaboration. Bundles the official Airtable MCP server.",
"description": "Airtable is the database and operations layer for your agents \u2014 whether running product, marketing, sales, ops, HR, or a custom business app. It combines structured data with multiplayer visual surfaces (grid, kanban, calendar, gallery, timeline) humans and agents share \u2014 plus sync integrations to Jira, Salesforce, Zendesk, Google Drive, Databricks, and the rest of your stack, all backed by enterprise governance. This plugin makes Claude fluent in Airtable: creating bases and schema, working with records, and sharing UI for collaboration. Bundles the official Airtable MCP server.",
"author": {
"name": "Airtable"
},
@ -99,7 +99,7 @@
},
{
"name": "airwallex",
"description": "Airwallex CLI plugin for Claude skills for payments, billing, invoicing, beneficiary creation, card provisioning, and cashflow management.",
"description": "Airwallex CLI plugin for Claude \u2014 skills for payments, billing, invoicing, beneficiary creation, card provisioning, and cashflow management.",
"author": {
"name": "Airwallex"
},
@ -163,13 +163,13 @@
"ref": "main",
"sha": "e9b4e15193666e1b513b5652ded23fab160bdc4e"
},
"description": "Use Amplitude as an expert analyst instrument Amplitude, discover product opportunities, analyze charts, create dashboards, manage experiments, and understand users and accounts.",
"description": "Use Amplitude as an expert analyst \u2014 instrument Amplitude, discover product opportunities, analyze charts, create dashboards, manage experiments, and understand users and accounts.",
"category": "monitoring",
"homepage": "https://github.com/amplitude/mcp-marketplace"
},
{
"name": "apollo",
"description": "Prospect, enrich leads, load outreach sequences, and query sales analytics with Apollo.io one-click MCP server integration for Claude Code and Cowork.",
"description": "Prospect, enrich leads, load outreach sequences, and query sales analytics with Apollo.io \u2014 one-click MCP server integration for Claude Code and Cowork.",
"author": {
"name": "Apollo.io"
},
@ -183,7 +183,7 @@
},
{
"name": "apollo-skills",
"description": "Apollo GraphQL agent skills for Claude Code Apollo Client, Server, Federation, Connectors, Router, Rover CLI, iOS, Kotlin, and the Apollo MCP server. Covers schema design, query optimization, and GraphQL best practices.",
"description": "Apollo GraphQL agent skills for Claude Code \u2014 Apollo Client, Server, Federation, Connectors, Router, Rover CLI, iOS, Kotlin, and the Apollo MCP server. Covers schema design, query optimization, and GraphQL best practices.",
"author": {
"name": "Apollo GraphQL"
},
@ -265,7 +265,7 @@
},
{
"name": "auth0",
"description": "Add authentication to any app with Auth0. This plugin detects your framework, scaffolds the right Auth0 SDK integration, and guides you through login, logout, sessions, and protected routes using current SDK patterns.",
"description": "Add authentication to any app with Auth0. This plugin detects your framework, scaffolds the right Auth0 SDK integration, and guides you through login, logout, sessions, and protected routes \u2014 using current SDK patterns.",
"author": {
"name": "Auth0"
},
@ -342,7 +342,7 @@
},
{
"name": "aws-dev-toolkit",
"description": "AWS development toolkit 34 skills, 11 agents, and 3 MCP servers for building, migrating, and performing architecture reviews on AWS.",
"description": "AWS development toolkit \u2014 34 skills, 11 agents, and 3 MCP servers for building, migrating, and performing architecture reviews on AWS.",
"author": {
"name": "aws-samples"
},
@ -403,7 +403,7 @@
"url": "https://github.com/AzureCosmosDB/cosmosdb-claude-code-plugin.git",
"sha": "f1e0498579a9251e5f3179b92d25d6ce3409bae5"
},
"description": "Expert assistant for Azure Cosmos DB data modeling, query optimization, performance tuning, and best practices.",
"description": "Expert assistant for Azure Cosmos DB \u2014 data modeling, query optimization, performance tuning, and best practices.",
"category": "database",
"homepage": "https://github.com/AzureCosmosDB/cosmosdb-claude-code-plugin"
},
@ -450,7 +450,7 @@
},
{
"name": "box",
"description": "Work with your Box content directly from Claude Code search files, organize folders, collaborate with your team, and use Box AI to answer questions, summarize documents, and extract data without leaving your workflow.",
"description": "Work with your Box content directly from Claude Code \u2014 search files, organize folders, collaborate with your team, and use Box AI to answer questions, summarize documents, and extract data without leaving your workflow.",
"category": "productivity",
"source": {
"source": "url",
@ -478,7 +478,7 @@
},
{
"name": "buildkite",
"description": "Official Buildkite skills for Claude Code, Cursor, and other AI coding agents pipelines, migration, preflight, agent runtime, CLI, and API",
"description": "Official Buildkite skills for Claude Code, Cursor, and other AI coding agents \u2014 pipelines, migration, preflight, agent runtime, CLI, and API",
"author": {
"name": "Buildkite"
},
@ -492,7 +492,7 @@
},
{
"name": "carta-cap-table",
"description": "Carta Cap Table plugin skills and hooks for querying cap tables, grants, SAFEs, 409A valuations, waterfall scenarios, and more",
"description": "Carta Cap Table plugin \u2014 skills and hooks for querying cap tables, grants, SAFEs, 409A valuations, waterfall scenarios, and more",
"author": {
"name": "Carta Engineering"
},
@ -508,7 +508,7 @@
},
{
"name": "carta-crm",
"description": "Manage the Carta CRM conversationally search, add, update, and enrich investors, companies, contacts, deals, notes, and fundraisings via the Carta CRM MCP Server.",
"description": "Manage the Carta CRM conversationally \u2014 search, add, update, and enrich investors, companies, contacts, deals, notes, and fundraisings via the Carta CRM MCP Server.",
"author": {
"name": "Carta Engineering"
},
@ -524,7 +524,7 @@
},
{
"name": "carta-investors",
"description": "Carta Investors plugin skills for querying investor data, performance benchmarks, regulatory reporting, AGM deck generation, brand extraction, and more via the Carta MCP Server.",
"description": "Carta Investors plugin \u2014 skills for querying investor data, performance benchmarks, regulatory reporting, AGM deck generation, brand extraction, and more via the Carta MCP Server.",
"author": {
"name": "Carta Engineering"
},
@ -567,7 +567,7 @@
},
{
"name": "circle-skills",
"description": "Ship stablecoin apps faster. Best-practice skills for USDC payments, cross-chain transfers, wallets, and smart contracts plus Circle's MCP server for real-time SDK and documentation guidance.",
"description": "Ship stablecoin apps faster. Best-practice skills for USDC payments, cross-chain transfers, wallets, and smart contracts \u2014 plus Circle's MCP server for real-time SDK and documentation guidance.",
"author": {
"name": "Circle"
},
@ -661,7 +661,7 @@
},
{
"name": "clickhouse-best-practices",
"description": "28 best practice rules for ClickHouse schema design, query optimization, and data ingestion prioritized by impact",
"description": "28 best practice rules for ClickHouse schema design, query optimization, and data ingestion \u2014 prioritized by impact",
"author": {
"name": "ClickHouse Inc"
},
@ -738,7 +738,7 @@
},
{
"name": "cockroachdb",
"description": "Connect Claude Code directly to your CockroachDB clusters for hands-on database work explore schemas, write optimized SQL, debug queries, and manage distributed database clusters. This plugin provides 14 tools across two active MCP backends (self-hosted MCP Toolbox and managed CockroachDB Cloud MCP Server), three specialized agents (DBA, Developer, Operator), 32 skills across 6 operational domains, and built-in safety hooks.",
"description": "Connect Claude Code directly to your CockroachDB clusters for hands-on database work \u2014 explore schemas, write optimized SQL, debug queries, and manage distributed database clusters. This plugin provides 14 tools across two active MCP backends (self-hosted MCP Toolbox and managed CockroachDB Cloud MCP Server), three specialized agents (DBA, Developer, Operator), 32 skills across 6 operational domains, and built-in safety hooks.",
"author": {
"name": "Cockroach Labs"
},
@ -752,7 +752,7 @@
},
{
"name": "code-modernization",
"description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured assess / map / extract-rules / reimagine / transform / harden workflow and specialist review agents",
"description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured preflight / assess / map / extract-rules / brief / reimagine / transform / harden workflow, an interactive topology viewer, and specialist review agents",
"author": {
"name": "Anthropic",
"email": "support@anthropic.com"
@ -785,7 +785,7 @@
},
{
"name": "coderabbit",
"description": "Your code review partner. CodeRabbit provides external validation using a specialized AI architecture and 40+ integrated static analyzersoffering a different perspective that catches bugs, security vulnerabilities, logic errors, and edge cases. Context-aware analysis via AST parsing and codegraph relationships. Automatically incorporates CLAUDE.md and project coding guidelines into reviews. Useful after writing or modifying code, before commits, when implementing complex or security-sensitive logic, or when a second opinion would increase confidence in the changes. Returns specific findings with suggested fixes that can be applied immediately. Free to use.",
"description": "Your code review partner. CodeRabbit provides external validation using a specialized AI architecture and 40+ integrated static analyzers\u2014offering a different perspective that catches bugs, security vulnerabilities, logic errors, and edge cases. Context-aware analysis via AST parsing and codegraph relationships. Automatically incorporates CLAUDE.md and project coding guidelines into reviews. Useful after writing or modifying code, before commits, when implementing complex or security-sensitive logic, or when a second opinion would increase confidence in the changes. Returns specific findings with suggested fixes that can be applied immediately. Free to use.",
"category": "productivity",
"source": {
"source": "url",
@ -796,7 +796,7 @@
},
{
"name": "codspeed",
"description": "CodSpeed is the all-in-one performance testing toolkit. Dive into benchmarking results, flamegraphs, and performance comparisons give Claude granular profiling context to pinpoint bottlenecks and autonomously iterate on performance via the CodSpeed MCP server.",
"description": "CodSpeed is the all-in-one performance testing toolkit. Dive into benchmarking results, flamegraphs, and performance comparisons \u2014 give Claude granular profiling context to pinpoint bottlenecks and autonomously iterate on performance via the CodSpeed MCP server.",
"author": {
"name": "CodSpeed"
},
@ -898,7 +898,7 @@
},
{
"name": "cwc-makers",
"description": "Onboard a Code-with-Claude Makers Cardputer with one /maker-setup command clones the build-with-claude repo, flashes UIFlow firmware, and installs the Claude Buddy app bundle.",
"description": "Onboard a Code-with-Claude Makers Cardputer with one /maker-setup command \u2014 clones the build-with-claude repo, flashes UIFlow firmware, and installs the Claude Buddy app bundle.",
"version": "1.0.0",
"author": {
"name": "Anthropic",
@ -1014,7 +1014,7 @@
},
{
"name": "datarobot-agent-skills",
"description": "DataRobot skills for AI/ML workflows model training, deployment, predictions, feature engineering, monitoring, explainability, data preparation, App Framework CI/CD, and external agent monitoring.",
"description": "DataRobot skills for AI/ML workflows \u2014 model training, deployment, predictions, feature engineering, monitoring, explainability, data preparation, App Framework CI/CD, and external agent monitoring.",
"author": {
"name": "DataRobot"
},
@ -1028,7 +1028,7 @@
},
{
"name": "dataverse",
"description": "Agent skills for building on, analyzing, and managing Microsoft Dataverse with Dataverse MCP, PAC CLI, and Python SDK.",
"description": "Agent skills for building on, analyzing, and managing Microsoft Dataverse \u2014 with Dataverse MCP, PAC CLI, and Python SDK.",
"category": "database",
"source": {
"source": "git-subdir",
@ -1076,7 +1076,7 @@
},
{
"name": "dominodatalab",
"description": "Full Domino Data Lab platform support workspaces, jobs, model deployment, experiment tracking, GenAI tracing, Spark/Ray/Dask, and app deployment for data science teams",
"description": "Full Domino Data Lab platform support \u2014 workspaces, jobs, model deployment, experiment tracking, GenAI tracing, Spark/Ray/Dask, and app deployment for data science teams",
"author": {
"name": "Domino Data Lab"
},
@ -1104,7 +1104,7 @@
},
{
"name": "duende-skills",
"description": "Duende development skills and agents for Claude Code covering OAuth/OIDC protocols, IdentityServer, token management, ASP.NET Core authentication/authorization, BFF patterns, and secure identity architecture",
"description": "Duende development skills and agents for Claude Code \u2014 covering OAuth/OIDC protocols, IdentityServer, token management, ASP.NET Core authentication/authorization, BFF patterns, and secure identity architecture",
"author": {
"name": "Duende Software"
},
@ -1580,7 +1580,7 @@
},
{
"name": "lumen",
"description": "Precise local semantic code search via MCP. Indexes your codebase with Go AST parsing, embeds with Ollama or LM Studio, and exposes vector search to Claude through an MCP server no cloud, no npm.",
"description": "Precise local semantic code search via MCP. Indexes your codebase with Go AST parsing, embeds with Ollama or LM Studio, and exposes vector search to Claude through an MCP server \u2014 no cloud, no npm.",
"author": {
"name": "Ory Corp"
},
@ -1594,7 +1594,7 @@
},
{
"name": "lusha",
"description": "Prospect, enrich, and build call-ready lead lists using Lusha's B2B intelligence platform verified phone numbers, company signals, and lookalike targeting.",
"description": "Prospect, enrich, and build call-ready lead lists using Lusha's B2B intelligence platform \u2014 verified phone numbers, company signals, and lookalike targeting.",
"author": {
"name": "Lusha"
},
@ -1671,7 +1671,7 @@
},
{
"name": "mercadopago",
"description": "Mercado Pago full-product integration toolkit. One agent routes to four orchestration skills (mp-integrate wizard, mp-webhooks, mp-test-setup, mp-review) that pull every endpoint, payload, and snippet live from the official Mercado Pago MCP server. The MCP must always be connected there is no offline mode.",
"description": "Mercado Pago full-product integration toolkit. One agent routes to four orchestration skills (mp-integrate wizard, mp-webhooks, mp-test-setup, mp-review) that pull every endpoint, payload, and snippet live from the official Mercado Pago MCP server. The MCP must always be connected \u2014 there is no offline mode.",
"author": {
"name": "Mercado Pago Developer Experience"
},
@ -1698,7 +1698,7 @@
},
{
"name": "migration-to-aws",
"description": "Plan a migration from Google Cloud Platform (and OpenAI/Gemini AI workloads) to AWS. Analyzes your Infrastructure-as-Code files, app code, and GCP billing data to discover resources, design an AWS architecture, estimate costs, and generate migration artifacts including AI-provider mapping to Amazon Bedrock. Processing is local; your data stays in your environment.",
"description": "Plan a migration from Google Cloud Platform (and OpenAI/Gemini AI workloads) to AWS. Analyzes your Infrastructure-as-Code files, app code, and GCP billing data to discover resources, design an AWS architecture, estimate costs, and generate migration artifacts \u2014 including AI-provider mapping to Amazon Bedrock. Processing is local; your data stays in your environment.",
"author": {
"name": "Amazon Web Services"
},
@ -1765,7 +1765,7 @@
},
{
"name": "netlify-skills",
"description": "Netlify platform skills for Claude Code functions, edge functions, blobs, database, image CDN, forms, config, CLI, frameworks, caching, AI gateway, and deployment.",
"description": "Netlify platform skills for Claude Code \u2014 functions, edge functions, blobs, database, image CDN, forms, config, CLI, frameworks, caching, AI gateway, and deployment.",
"category": "development",
"source": {
"source": "url",
@ -1776,7 +1776,7 @@
},
{
"name": "netsuite-suitecloud",
"description": "NetSuite agent skills from Oracle authoring guidance for SuiteCloud Development Framework (SDF) objects and UIF single-page-app components, plus runtime guidance for the NetSuite AI Service Connector.",
"description": "NetSuite agent skills from Oracle \u2014 authoring guidance for SuiteCloud Development Framework (SDF) objects and UIF single-page-app components, plus runtime guidance for the NetSuite AI Service Connector.",
"author": {
"name": "Oracle NetSuite"
},
@ -1808,7 +1808,7 @@
},
{
"name": "nimble",
"description": "Nimble web data toolkit search, extract, map, crawl the web and work with structured data agents",
"description": "Nimble web data toolkit \u2014 search, extract, map, crawl the web and work with structured data agents",
"source": {
"source": "url",
"url": "https://github.com/Nimbleway/agent-skills.git",
@ -1829,7 +1829,7 @@
},
{
"name": "nvidia-skills",
"description": "NVIDIA agent skills for accelerated-computing workflows starting with cuOpt vehicle-routing optimization (VRP, TSP, PDP) via the cuOpt Python API.",
"description": "NVIDIA agent skills for accelerated-computing workflows \u2014 starting with cuOpt vehicle-routing optimization (VRP, TSP, PDP) via the cuOpt Python API.",
"author": {
"name": "NVIDIA"
},
@ -1961,7 +1961,7 @@
},
{
"name": "playground",
"description": "Creates interactive HTML playgrounds self-contained single-file explorers with visual controls, live preview, and prompt output with copy button. Includes templates for design playgrounds, data explorers, concept maps, and document critique.",
"description": "Creates interactive HTML playgrounds \u2014 self-contained single-file explorers with visual controls, live preview, and prompt output with copy button. Includes templates for design playgrounds, data explorers, concept maps, and document critique.",
"author": {
"name": "Anthropic",
"email": "support@anthropic.com"
@ -2094,7 +2094,7 @@
},
{
"name": "qodo-skills",
"description": "Qodo Skills provides a curated library of reusable AI agent capabilities that extend Claude's functionality for software development workflows. Each skill is designed to integrate seamlessly into your development process, enabling tasks like code quality checks, automated testing, security scanning, and compliance validation. Skills operate across your entire SDLC—from IDE to CI/CD—ensuring consistent standards and catching issues early.",
"description": "Qodo Skills provides a curated library of reusable AI agent capabilities that extend Claude's functionality for software development workflows. Each skill is designed to integrate seamlessly into your development process, enabling tasks like code quality checks, automated testing, security scanning, and compliance validation. Skills operate across your entire SDLC\u2014from IDE to CI/CD\u2014ensuring consistent standards and catching issues early.",
"category": "development",
"source": {
"source": "url",
@ -2105,7 +2105,7 @@
},
{
"name": "qt-development-skills",
"description": "Agentic engineering skills for Qt software development Qt C++/QML code review, QML coding, and Qt C++/QML code documentation.",
"description": "Agentic engineering skills for Qt software development \u2014 Qt C++/QML code review, QML coding, and Qt C++/QML code documentation.",
"author": {
"name": "Qt Group"
},
@ -2169,7 +2169,7 @@
},
{
"name": "redis-development",
"description": "Redis development best practices data structures, query engine, vector search, caching, and performance optimization",
"description": "Redis development best practices \u2014 data structures, query engine, vector search, caching, and performance optimization",
"author": {
"name": "Redis"
},
@ -2195,7 +2195,7 @@
},
{
"name": "resend",
"description": "Agent skills for working with Resend to send and receive emails email API integration, agent inbox, CLI, React Email components, and deliverability best practices. Includes the Resend MCP server.",
"description": "Agent skills for working with Resend to send and receive emails \u2014 email API integration, agent inbox, CLI, React Email components, and deliverability best practices. Includes the Resend MCP server.",
"author": {
"name": "Resend"
},
@ -2259,7 +2259,7 @@
},
{
"name": "runway-api",
"description": "Video generation at scale. Generate videos, images, and audio with Runway's API batch ad campaigns, product videos, multishot stories, and creative iteration. Supports seedance2, gen4.5, veo3, Nano, Banana Pro, and more.",
"description": "Video generation at scale. Generate videos, images, and audio with Runway's API \u2014 batch ad campaigns, product videos, multishot stories, and creative iteration. Supports seedance2, gen4.5, veo3, Nano, Banana Pro, and more.",
"author": {
"name": "Runway"
},
@ -2354,7 +2354,7 @@
},
{
"name": "sap-mdk-server",
"description": "MCP server for SAP Mobile Development Kit (MDK). Build and modify MDK applications with AI assistance schema lookups, action validation, rule editing, and project scaffolding.",
"description": "MCP server for SAP Mobile Development Kit (MDK). Build and modify MDK applications with AI assistance \u2014 schema lookups, action validation, rule editing, and project scaffolding.",
"author": {
"name": "SAP SE",
"email": "ospo@sap.com",
@ -2463,7 +2463,7 @@
},
{
"name": "session-report",
"description": "Generate an explorable HTML report of Claude Code session usage — tokens, cache efficiency, subagents, skills, and the most expensive prompts — from local ~/.claude/projects transcripts.",
"description": "Generate an explorable HTML report of Claude Code session usage \u2014 tokens, cache efficiency, subagents, skills, and the most expensive prompts \u2014 from local ~/.claude/projects transcripts.",
"author": {
"name": "Anthropic",
"email": "support@anthropic.com"
@ -2474,7 +2474,7 @@
},
{
"name": "shopify",
"description": "Shopify developer tools for Claude Code search Shopify docs, generate and validate GraphQL, Liquid, and UI extension code",
"description": "Shopify developer tools for Claude Code \u2014 search Shopify docs, generate and validate GraphQL, Liquid, and UI extension code",
"author": {
"name": "Shopify"
},
@ -2540,7 +2540,7 @@
},
{
"name": "sonarqube",
"description": "Automatically enforce SonarQube code quality and security in the agent coding loop 7,000+ rules, secrets scanning, agentic analysis, and quality gates across 40+ languages. PostToolUse hooks run analysis after every file edit. Pre-tool secrets scanning prevents 450+ patterns from reaching the LLM. Slash commands give on-demand access to quality gate status, coverage, duplication, and dependency risks. Includes SonarQube CLI, MCP Server, skills, hooks, and slash commands.",
"description": "Automatically enforce SonarQube code quality and security in the agent coding loop \u2014 7,000+ rules, secrets scanning, agentic analysis, and quality gates across 40+ languages. PostToolUse hooks run analysis after every file edit. Pre-tool secrets scanning prevents 450+ patterns from reaching the LLM. Slash commands give on-demand access to quality gate status, coverage, duplication, and dependency risks. Includes SonarQube CLI, MCP Server, skills, hooks, and slash commands.",
"author": {
"name": "SonarSource"
},
@ -2590,7 +2590,7 @@
},
{
"name": "spotify-ads-api",
"description": "Manage Spotify ad campaigns with natural language. Create campaigns, ad sets, ads, pull reports, and handle OAuth all through conversation.",
"description": "Manage Spotify ad campaigns with natural language. Create campaigns, ad sets, ads, pull reports, and handle OAuth \u2014 all through conversation.",
"category": "productivity",
"source": {
"source": "url",
@ -2699,7 +2699,7 @@
},
{
"name": "togetherai-skills",
"description": "Agent Skills for Together AI platform inference, training, embeddings, audio, video, images, function calling, and infrastructure. Covers serverless chat completions, image/video generation, fine-tuning, batch inference, evaluations, sandboxes, dedicated endpoints, and GPU clusters.",
"description": "Agent Skills for Together AI platform \u2014 inference, training, embeddings, audio, video, images, function calling, and infrastructure. Covers serverless chat completions, image/video generation, fine-tuning, batch inference, evaluations, sandboxes, dedicated endpoints, and GPU clusters.",
"author": {
"name": "Together AI"
},
@ -2713,7 +2713,7 @@
},
{
"name": "twilio-developer-kit",
"description": "Twilio Skills provide procedural knowledge for AI coding agents which APIs to use, in what order, and what to avoid. Covers SMS, Voice, WhatsApp, Verify, SendGrid, Compliance, and 30+ products.",
"description": "Twilio Skills provide procedural knowledge for AI coding agents \u2014 which APIs to use, in what order, and what to avoid. Covers SMS, Voice, WhatsApp, Verify, SendGrid, Compliance, and 30+ products.",
"author": {
"name": "Twilio"
},
@ -2862,7 +2862,7 @@
},
{
"name": "windsor-ai",
"description": "Connect Claude Code to 325+ business data sources via Windsor.ai. Query marketing, sales, CRM, ecommerce, finance, and analytics data from Google Ads, Meta, HubSpot, Salesforce, Shopify, Stripe, and hundreds more directly from your terminal.",
"description": "Connect Claude Code to 325+ business data sources via Windsor.ai. Query marketing, sales, CRM, ecommerce, finance, and analytics data from Google Ads, Meta, HubSpot, Salesforce, Shopify, Stripe, and hundreds more \u2014 directly from your terminal.",
"author": {
"name": "Windsor.ai"
},

2
plugins/code-modernization/.claude-plugin/plugin.json
View File

@ -1,6 +1,6 @@
{
"name": "code-modernization",
"description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured assess → map → extract-rules → brief → reimagine/transform → harden workflow and specialist review agents",
"description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured preflight / assess / map / extract-rules / brief / reimagine / transform / harden workflow, an interactive topology viewer, and specialist review agents",
"author": {
"name": "Anthropic",
"email": "support@anthropic.com"

14
plugins/code-modernization/README.md
View File

@ -54,6 +54,9 @@ Greenfield rebuild from extracted intent rather than a structural port. Mines a
### `/modernize-transform <system-dir> <module> <target-stack>`
Surgical, single-module strangler-fig rewrite. Plans first (HITL gate), then writes characterization tests via `test-engineer`, then an idiomatic target implementation under `modernized/<system>/<module>/`, proves equivalence by running the tests, and produces `TRANSFORMATION_NOTES.md` mapping legacy → modern with deliberate deviations called out. Reviewed by `architecture-critic`.
### `/modernize-status <system-dir>`
Read-only progress report: artifact inventory with timestamps per workflow stage, staleness flags (e.g. a brief older than the assessment it was built from), secrets-hygiene checks (quarantine file gitignored and never committed), and the single most useful next command. Run it anytime you come back to a modernization after a break.
### `/modernize-harden <system-dir>`
Security hardening pass on the **legacy** system: OWASP/CWE scan, dependency CVEs, secrets, injection. Spawns `security-auditor`. Produces `analysis/<system>/SECURITY_FINDINGS.md` ranked Critical / High / Medium / Low and a reviewed `analysis/<system>/security_remediation.patch` with minimal fixes for the Critical/High findings. The patch is reviewed by a second `security-auditor` pass before you see it. **Never edits `legacy/`** — you review and apply the patch yourself when ready, then re-run to verify. Useful as a pre-modernization step when the legacy system will keep running in production during the migration.
@ -89,17 +92,21 @@ This plugin ships commands and agents, but modernization projects benefit from a
"Edit(modernized/**)"
],
"deny": [
"Edit(legacy/**)"
"Edit(legacy/**)",
"Write(legacy/**)"
]
}
}
```
Adjust `legacy/` and `modernized/` to match your actual layout. The key invariants: `Edit` under `legacy/` is denied, and writes are scoped to `analysis/` (for documents) and `modernized/` (for the new code). Every command in this plugin respects this — `/modernize-harden` writes a patch to `analysis/` rather than editing `legacy/` in place.
Adjust `legacy/` and `modernized/` to match your actual layout. The key invariants: `Edit`/`Write` under `legacy/` are denied, and writes are scoped to `analysis/` (for documents) and `modernized/` (for the new code). Note this guards the file tools — shell commands that mutate files (`sed -i`, `git apply`) still go through the normal Bash permission prompt, so review those prompts with the same invariant in mind. Every command in this plugin respects this — `/modernize-harden` writes a patch to `analysis/` rather than editing `legacy/` in place.
## Typical Workflow
```bash
# 0. Check the environment is ready (tools, toolchain, source completeness)
/modernize-preflight billing
# 1. Inventory the legacy system (or sweep a portfolio of them)
/modernize-assess billing
@ -120,6 +127,9 @@ Adjust `legacy/` and `modernized/` to match your actual layout. The key invarian
# 6. Security-harden the legacy system that's still in production
/modernize-harden billing
# Anytime: where am I, what's stale, what's next
/modernize-status billing
```
## License

107
plugins/code-modernization/assets/topology-viewer.html
View File

File diff suppressed because one or more lines are too long

27
plugins/code-modernization/commands/modernize-brief.md
View File

@ -8,10 +8,19 @@ single document a steering committee approves and engineering executes.
Target stack: `$2` (if blank, recommend one based on the assessment findings).
Read `analysis/$1/ASSESSMENT.md`, `analysis/$1/TOPOLOGY.html` (and the `.mmd`
files alongside it), and `analysis/$1/BUSINESS_RULES.md` first. If any are
missing, say so and stop — they come from `/modernize-assess`, `/modernize-map`,
and `/modernize-extract-rules` respectively. Run those first.
Read `analysis/$1/ASSESSMENT.md`, `analysis/$1/topology.json` (plus the
`.mmd` files alongside it — do NOT read `TOPOLOGY.html`, it's an
interactive viewer with the data minified inside), and
`analysis/$1/BUSINESS_RULES.md` first. If any are missing, say so and
stop — they come from `/modernize-assess`, `/modernize-map`, and
`/modernize-extract-rules` respectively. Run those first.
**Staleness check:** compare modification times. If any input is newer
than an existing `MODERNIZATION_BRIEF.md`, the brief is being justifiably
regenerated; but if an existing brief is newer than all inputs and the
user re-ran this command anyway, ask what changed. Either way, note the
input timestamps in the brief's header so reviewers can see what it was
built from.
## The Brief
@ -31,7 +40,8 @@ fewest-dependencies first. For each phase:
- Scope (which legacy modules, which target services)
- Entry criteria (what must be true to start)
- Exit criteria (what tests/metrics prove it's done)
- Estimated effort (person-weeks, derived from COCOMO + complexity data)
- Estimated effort (person-months, same unit as the assessment's COCOMO
figure — convert deliberately if you present weeks)
- Risk level + top 2 risks + mitigation
Render the phases as a Mermaid `gantt` chart.
@ -69,6 +79,7 @@ Approval covers: Phase 1 only | Full plan
## Present
Enter **plan mode** and present a summary of the brief. Do NOT proceed to any
transformation until the user explicitly approves. This gate is the
human-in-the-loop control point.
Present a summary of the brief and **stop — write nothing further until
the user explicitly approves** (use plan mode if the session supports
it). This gate is the human-in-the-loop control point; "no objection" is
not approval.

24
plugins/code-modernization/commands/modernize-map.md
View File

@ -78,6 +78,7 @@ summary (cap at ~200 lines for very large estates).
{ "source": "<id>", "target": "<id>", "kind": "call" }
],
"entryPoints": ["<id>", "..."],
"deadEnds": ["<id>", "..."],
"observations": ["<architect observation>", "..."],
"flows": [
{ "name": "<business flow>", "persona": "<who experiences it>",
@ -94,9 +95,20 @@ summary (cap at ~200 lines for very large estates).
`job`, `screen`. `loc` drives circle size — include it for modules.
- Edge kinds: `call` (direct), `dispatch` (dynamic/router), `read`,
`write`. Every edge endpoint must be a leaf id that exists in the tree.
- `deadEnds`: the dead-end candidates from the extraction, rendered with
a dashed outline in the viewer. Apply the suppression rules above —
anything that could be the target of an unresolved dynamic call does
NOT belong here; record that uncertainty in `observations` instead.
- **Datastore ids and names must be logical identifiers** — DD name,
dataset name, table/schema name, at most host:port. If the resolved
config value is a URL or DSN, strip userinfo and credential query
params before it goes anywhere in topology.json: the file gets
committed and the viewer displays names verbatim. Never copy raw
config values into `observations`.
- `observations`: 37 architect observations — tight coupling clusters,
single points of failure, service-extraction candidates, data stores
with too many writers.
with too many writers, dispatch targets the extraction could not
resolve.
- `flows` is the **persona walkthrough** section — see below.
## Persona flows
@ -140,11 +152,11 @@ print(f"wrote {out_dir}/TOPOLOGY.html")
EOF
```
The viewer loads d3 (version-pinned) from a CDN, so opening it needs
one-time network access; the rest is self-contained and the page shows an
explicit error if the CDN is unreachable. If the `python3` invocation
fails to find the template, `${CLAUDE_PLUGIN_ROOT}` was not substituted —
report that rather than hand-writing a viewer.
The viewer is fully self-contained (the d3 subset it needs is inlined in
the template) — it works offline and on air-gapped networks. If the
`python3` invocation fails to find the template,
`${CLAUDE_PLUGIN_ROOT}` was not substituted — report that rather than
hand-writing a viewer.
Mermaid stays for **small, exportable** diagrams. Generate standalone
`.mmd` files for reuse in docs and PRs — but keep each under ~40 edges;

2
plugins/code-modernization/commands/modernize-preflight.md
View File

@ -30,6 +30,7 @@ used for, and what degrades without it:
| `scc` (or `cloc`) | assess | LOC/complexity fall back to `find`+`wc`; COCOMO estimate gets coarser |
| `lizard` | assess --portfolio | complexity estimated from decision-keyword counts |
| `glow` | all | markdown artifacts render as plain text |
| `delta` | transform | side-by-side diffs fall back to `diff -y` |
Include the platform's install one-liner for anything missing
(`brew install scc`, `apt install cloc`, `pip install lizard`, …).
@ -85,6 +86,7 @@ followed by a **Ready / Ready-with-gaps / Not ready** verdict per command:
- `assess` + `map` + `extract-rules` — need Checks 12 green-ish and
Check 4's missing-include count low
- `brief` — needs only the three discovery artifacts; no tooling
- `transform` + `reimagine` — additionally need Check 3 green for both
legacy and target stacks
- `harden` — needs Check 2 plus any stack-specific SAST tooling found

27
plugins/code-modernization/commands/modernize-reimagine.md
View File

@ -3,7 +3,11 @@ description: Multi-agent greenfield rebuild — extract specs from legacy, desig
argument-hint: <system-dir> <target-vision>
---
**Reimagine** `legacy/$1` as: $2
The first token of `$ARGUMENTS` is the system dir (`$1`); **everything
after it is the target vision** — it is usually multiple words, so do not
truncate it to one token. Below, `<vision>` means that full remainder.
**Reimagine** `legacy/$1` as: <vision>
This is not a port — it's a rebuild from extracted intent. The legacy system
becomes the *specification source*, not the structural template. This command
@ -19,7 +23,8 @@ Spawn concurrently and show the user that all three are running:
2. **legacy-analyst** — "Catalog every external interface of legacy/$1:
inbound (screens, APIs, batch triggers, queues) and outbound (reports,
files, downstream calls, DB writes). For each: name, direction, payload
shape, frequency/SLA if discernible."
shape, frequency/SLA if discernible. Mask any credential embedded in
endpoints or payload examples per your secret-handling rules."
3. **legacy-analyst** — "Identify the core domain entities in legacy/$1 and
their relationships. Return as an entity list + Mermaid erDiagram."
@ -32,6 +37,9 @@ Collect results. Write `analysis/$1/AI_NATIVE_SPEC.md` containing:
- **Non-functional requirements** inferred from legacy (batch windows, volumes)
- **Behavior Contract** (the Given/When/Then rules — these are the acceptance tests)
Credential values are masked everywhere in the spec; connection details
appear as env-var placeholders (`${DATABASE_URL}`), never literals.
## Phase B — HITL checkpoint #1
Present the spec summary. Ask the user **one focused question**: "Which of
@ -40,20 +48,21 @@ should deliberately drop?" Wait for the answer. Record it in the spec.
## Phase C — Architecture (single agent, then critique)
Design the target architecture for "$2":
Design the target architecture for "<vision>":
- Mermaid C4 Container diagram
- Service boundaries with rationale (which rules/entities live where)
- Technology choices with one-line justification each
- Data migration approach from legacy stores
Then spawn **architecture-critic**: "Review this proposed architecture for
$2 against the spec in analysis/$1/AI_NATIVE_SPEC.md. Identify over-engineering,
<vision> against the spec in analysis/$1/AI_NATIVE_SPEC.md. Identify over-engineering,
missed requirements, scaling risks, and simpler alternatives." Incorporate
the critique. Write the result to `analysis/$1/REIMAGINED_ARCHITECTURE.md`.
## Phase D — HITL checkpoint #2
Enter plan mode. Present the architecture. Wait for approval.
Present the architecture and **stop — scaffold nothing until the user
explicitly approves** (use plan mode if the session supports it).
## Phase E — Parallel scaffolding
@ -65,7 +74,9 @@ in parallel**:
and AI_NATIVE_SPEC.md. Create: project skeleton, domain model, API stubs
matching the interface contracts, and **executable acceptance tests** for every
behavior-contract rule assigned to this service (mark unimplemented ones as
expected-failure/skip with the rule ID). Write to modernized/$1-reimagined/<service-name>/."
expected-failure/skip with the rule ID). No credential literal from legacy
code becomes a test fixture or config default — use fake same-shape values
and env-var placeholders. Write to modernized/$1-reimagined/<service-name>/."
Show the agents' progress. When all complete, run the acceptance test suites
and report: total tests, passing (scaffolded behavior), pending (rule IDs
@ -77,7 +88,9 @@ Write `modernized/$1-reimagined/CLAUDE.md` — the persistent context file for
the new system, containing: architecture summary, service responsibilities,
where the spec lives, how to run tests, and the legacy→modern traceability
map. This file IS the knowledge graph that future agents and engineers will
load.
load — and it gets committed: connection details and credentials appear
only as env-var names with a pointer to where they're provisioned, never
as values.
Report: services scaffolded, acceptance tests defined, % behaviors with a
home, location of all artifacts.

54
plugins/code-modernization/commands/modernize-status.md Normal file
View File

@ -0,0 +1,54 @@
---
description: Where am I in the modernization workflow — artifact inventory, staleness, secrets hygiene, next step
argument-hint: <system-dir>
---
Report where the modernization of `$1` stands, in one screen. This is a
read-only command — inspect, never modify.
## 1 — Artifact inventory
Check `analysis/$1/` and `modernized/$1*/` and build a table — one row per
workflow stage, with the artifact's presence and modification time:
| Stage | Artifacts |
|---|---|
| preflight | `PREFLIGHT.md` |
| assess | `ASSESSMENT.md`, `ARCHITECTURE.mmd` |
| map | `topology.json`, `TOPOLOGY.html`, `*.mmd`, `extract_topology.*` |
| extract-rules | `BUSINESS_RULES.md`, `DATA_OBJECTS.md` |
| brief | `MODERNIZATION_BRIEF.md` (note whether the approval block is signed) |
| harden | `SECURITY_FINDINGS.md`, `security_remediation.patch` |
| transform / reimagine | each `modernized/$1*/<module>/` dir — note test presence and whether `TRANSFORMATION_NOTES.md` exists |
## 2 — Staleness
Flag any artifact older than an upstream artifact it derives from:
- `MODERNIZATION_BRIEF.md` older than `ASSESSMENT.md`, `topology.json`,
or `BUSINESS_RULES.md` → the brief no longer reflects discovery;
recommend re-running `/modernize-brief`.
- `TOPOLOGY.html` older than `topology.json` → re-run the injection step
from `/modernize-map`.
- Any `TRANSFORMATION_NOTES.md` older than `BUSINESS_RULES.md` → the
module may not implement the latest rule set; list which.
## 3 — Secrets hygiene
- Does `analysis/.gitignore` exist and cover `SECRETS.local.md` /
`*.local.patch`? (`git check-ignore` when in a git repo.)
- If `SECRETS.local.md` exists: confirm it is NOT tracked
(`git ls-files --error-unmatch`, expect failure) and has never been
committed (`git log --all --oneline -- <path>`, expect empty). If
either check fails, say so prominently and recommend rotation plus
history scrubbing.
## 4 — Verdict
End with three lines:
- **Where you are** — the furthest completed stage and roughly how much
of the system it covers (e.g. "mapped 100%, 2 of 14 modules
transformed").
- **What's stale** — or "nothing".
- **Next command** — the single most useful next step, with a one-line
reason.

11
plugins/code-modernization/commands/modernize-transform.md
View File

@ -29,7 +29,8 @@ proof.
## Step 0b — Plan (HITL gate)
Read the source module and any business rules in `analysis/$1/BUSINESS_RULES.md`
that reference it. Then **enter plan mode** and present:
that reference it. Then present the plan and **stop — write no code until
the user explicitly approves** (use plan mode if the session supports it):
- Which source files are in scope
- The target module structure (packages/classes/files you'll create)
- Which business rules / behaviors this module implements
@ -47,7 +48,9 @@ identify every observable behavior, and encode each as a test case with
concrete input → expected output pairs derived from the legacy logic.
Target framework: <appropriate for $3>. Write to
`modernized/$1/$2/src/test/`. These tests define 'done' — the new code
must pass all of them."
must pass all of them. Follow your secret-handling rules: no credential
literal from legacy code becomes a fixture; substitute fake same-shape
values and read anything genuinely live from environment variables."
Show the user the test file. Get a 👍 before proceeding.
@ -85,6 +88,10 @@ Then show a visual diff of one representative behavior, legacy vs modern:
```bash
delta --side-by-side <(sed -n '<lines>p' legacy/$1/<file>) modernized/$1/$2/src/main/<file>
```
(Fall back to `diff -y --width=160` if `delta` isn't installed.) Never
pick a credential-bearing line range for this diff, and mask any
credential-like literal quoted in TRANSFORMATION_NOTES.md — the notes
live in `modernized/` and get committed.
## Step 5 — Architecture review