- modernize-harden: never edits legacy/ anymore. Writes findings plus a
reviewed unified diff to analysis/<system>/security_remediation.patch.
A second security-auditor pass reviews each hunk (RESOLVES / PARTIAL /
INTRODUCES-RISK) before presenting. The user reviews and applies the
patch deliberately, then re-runs to verify. This makes every command
consistent with the recommended deny Edit(legacy/**) workspace setting,
so the README's exception note is gone.
- modernize-map: restructure the parse-target list around three stack-
agnostic principles (dispatcher targets are variables; code-storage
joins live in config; entry points live in deployment descriptors), with
COBOL/Java/web/CLI examples on equal footing rather than COBOL-dominant.
Same protections against false dead-code findings, less stack-specific.
- security-auditor agent: rephrase coverage items in stack-neutral terms
(record layouts/temp datasets, resource ACLs, deployment scripts/job
definitions, batch input records) so the checklist reads naturally for
COBOL, Java EE, .NET, and web targets alike.
- README: drop the harden exception note; describe the patch workflow.
Fixes found by running the discovery workflow against the AWS CardDemo
mainframe sample (~50 KLOC of COBOL/CICS/JCL/BMS/VSAM):
- modernize-assess: add scc -> cloc -> find/wc fallback chain with the
COCOMO-II formula so Step 1 works when scc isn't installed; same for
portfolio-mode cloc/lizard. Drop the reference to a specific
agent-spawning tool name (just "in parallel"). Sharpen the structural-
map subagent prompt: 5-12 domains, subgraph clustering, ~40-edge cap,
repo-relative paths, dangling-reference check.
- modernize-map: expand the parse-target list with the things a
literal-minded reader would miss on a real mainframe codebase — CICS
CSD DEFINE TRANSACTION/FILE for entry points and online file I/O,
EXEC CICS file ops, SELECT...ASSIGN TO joined with JCL DD,
EXEC SQL table refs (not JCL DD), SEND/RECEIVE MAP, dynamic
data-name XCTL resolution, COBOL fixed-format column slicing. Without
these the dead-code list is wrong (most CICS programs look unreachable).
Also write a machine-readable topology.json alongside the summary.
- modernize-extract-rules: add a Priority (P0/P1/P2) field with a
heuristic, and an optional Suspected-defect field. modernize-brief
reads P0 rules to build the behavior contract, but the Rule Card had
no priority slot — the chain was broken.
- modernize-brief: read the new P0 tags; flag low-confidence P0 rules as
SME blockers.
- modernize-reimagine: drop "for the demo" wording.
- security-auditor agent: add mainframe/COBOL coverage items (RACF,
JCL/PROC creds, BMS field validation, DB2 dynamic SQL, copybook PII)
and mark web-only items as such so it adapts to the target stack.
- README: add Optional Tooling section and a symlink example for the
expected layout.
- modernize-brief: read TOPOLOGY.html (what modernize-map actually
produces) instead of nonexistent TOPOLOGY.md, and tell the user which
command produces each missing input.
- README: rewrite the Commands section to match actual command behavior —
correct output filenames, ordering (brief is the synthesis/approval gate
after discovery, not the first step), agent attributions, and required
args. Add a workspace-layout note and an explicit callout that
modernize-harden edits legacy/, which conflicts with the recommended
deny rule. Reconcile the Overview and Typical Workflow sequences.
- modernize-assess: generalize the production-runtime overlay step so it
no longer assumes a specific MCP server/tool; mark it optional. Fix
app/jcl/ -> legacy/$1/jcl/ for layout consistency.
- modernize-map: make TOPOLOGY.html self-contained (load Mermaid from a
CDN) so it renders in any browser; drop assumptions about an external
artifact renderer. Generalize the telemetry annotation note.
- business-rules-extractor agent: fix command cross-reference to the
actual command name.
- plugin.json: include the brief step in the workflow description.
The bot command handlers bypassed access control — they responded to
any DM user regardless of dmPolicy, leaking bot presence and
contradicting ACCESS.md's "Drop silently. No reply." contract for
allowlist mode.
Add dmCommandGate() that applies the same disabled/allowlist checks
as gate() without the pairing side effects, and route all three
handlers through it. Also prune expired pending codes before /status
iterates them.
Fixes#854
Co-authored-by: Claude <noreply@anthropic.com>
Ports anthropics/skills#547 (b0cbd3d) so this repo matches the upstream
skills repo.
improve_description.py and run_loop.py now shell out to `claude -p` instead
of using the Anthropic SDK directly, so the description optimizer uses the
session's existing Claude Code auth and no longer requires a separate
ANTHROPIC_API_KEY. SKILL.md drops the stale extended-thinking reference and
adds guidance for updating an existing skill.
Several enterprise customers sync exclusively from this repo (not
anthropics/skills, whose README disclaims production use), so they have been
stuck on the old SDK-based path.
Let installs follow the repo's default branch instead of a fixed SHA.
Removes the plugin from the weekly SHA-bump rotation and lets developer
updates reach users directly on `claude plugin install`.
The amplitude entry used source type "url" which clones the root of
https://github.com/amplitude/mcp-marketplace — a multi-plugin repo
where the actual plugin lives at plugins/amplitude/. Claude Code found
no skills there, so /reload-plugins loaded 0 skills for amplitude.
Switching to "git-subdir" with path "plugins/amplitude" (the same
pattern used by awslabs, bigdata-com, zapier, etc.) makes Claude Code
resolve the correct subdirectory and load all 27 amplitude skills.
Removing the pinned sha so the plugin tracks main, consistent with
how posthog and other unpinned entries behave.
Adds three NetSuite agent skills to the official marketplace:
- netsuite-aiconnector-service-skill: runtime guidance for the NetSuite
AI Service Connector (tool selection, output formatting, SuiteQL
safety checklist)
- netsuite-sdf-roles-and-permissions: SDF permission ID lookup and
least-privilege role authoring (ADMI_, LIST_, REGT_, REPO_, TRAN_)
- netsuite-uif-spa-reference: API/type reference for @uif-js/core and
@uif-js/component
All three ship from oracle/netsuite-suitecloud-sdk (packages/agent-skills/)
using git-subdir + strict:false + skills[] — the same shape stagehand uses
for skill-only distributions.
* Add auto-SHA-bump workflow for marketplace plugins
Weekly CI action that discovers stale SHA pins in marketplace.json
and opens a batched PR with updated SHAs. Adapted from the
claude-plugins-community-internal bump-plugin-shas workflow for
the single-file marketplace.json format.
- discover_bumps.py: checks 56 SHA-pinned plugins against upstream
repos, oldest-stale-first rotation, capped at 20 bumps/run
- bump-plugin-shas.yml: weekly Monday schedule + manual dispatch
with dry_run and per-plugin targeting options
Entries without SHA pins (intentionally tracking HEAD) are never
touched. Existing validate-marketplace CI runs on the resulting PR.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix input interpolation and add BASE_BRANCH overlay
- Pass workflow_dispatch inputs through env vars instead of direct
${{ inputs.* }} interpolation in run blocks (avoids shell injection)
- Add marketplace.json overlay from main so the workflow can be tested
via dispatch from a feature branch against main's real plugin data
Both patterns match claude-plugins-community-internal's implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Use GitHub App token for PR creation
The anthropics org disables "Allow GitHub Actions to create and approve
pull requests", so GITHUB_TOKEN cannot call gh pr create. Split the
workflow: GITHUB_TOKEN pushes the branch, then the same GitHub App
used by -internal's bump workflow (app-id 2812036) creates the PR.
Prerequisite: app must be installed on this repo and the PEM secret
(CLAUDE_DIRECTORY_BOT_PRIVATE_KEY) must exist in repo settings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Use --force-with-lease for bump branch push
Prevents push failure if the branch exists from a previous same-day
run whose PR was merged but whose branch wasn't auto-deleted.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Standardize 12 git-subdir plugin entries from owner/repo shorthand to
full https://github.com/owner/repo.git URLs for consistency with the
existing HTTPS entries.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DMChannel.recipientId can be null when client.channels.fetch() returns
a DM channel with a cold cache. The inbound gate correctly uses
msg.author.id, but fetchAllowedChannel relied on recipientId, so
replies to allowlisted DMs intermittently failed with "channel not
allowlisted" after session restart.
Maintain a channelId→userId map populated during inbound handling and
fall back to it when recipientId is null.
Fixesanthropics/claude-code#40576Fixesanthropics/claude-code#41647🏠 Remote-Dev: homespace
A single ETIMEDOUT/ECONNRESET/DNS failure during long-polling rejected
bot.start(); the catch block returned and polling stopped permanently.
The MCP server process stayed alive (stdin keeps it running), so outbound
reply/react tools kept working — but the bot was deaf to inbound messages
until a full restart. Users see 'typing...' then nothing, indistinguishable
from the harness-side gate bug.
Now all errors retry with the same capped backoff (max 15s). attempt resets
to 0 in onStart so backoff doesn't accumulate across a long-running session.
Co-authored-by: Claude <noreply@anthropic.com>
