From b32879bf76f08048c8e469411ac3c64194c8e132 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Thu, 9 Apr 2026 14:30:37 -0500 Subject: [PATCH 01/39] Add SAP CAP MCP Server plugin (cds-mcp) (#1328) URL-source plugin pointing to cap-js/mcp-server which already has .claude-plugin/plugin.json and .mcp.json at repo root. Co-authored-by: Claude Opus 4.6 (1M context) --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index fb1e918..b45bf14 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -157,6 +157,17 @@ }, "homepage": "https://docs.brightdata.com" }, + { + "name": "cds-mcp", + "description": "AI-assisted development of SAP Cloud Application Programming Model (CAP) projects. Search CDS models and CAP documentation.", + "category": "development", + "source": { + "source": "url", + "url": "https://github.com/cap-js/mcp-server.git", + "sha": "4d59d7070a52761a9b8028cbe710c8d7477cbc92" + }, + "homepage": "https://cap.cloud.sap/" + }, { "name": "chrome-devtools-mcp", "description": "Control and inspect a live Chrome browser from your coding agent. Record performance traces, analyze network requests, check console messages with source-mapped stack traces, and automate browser actions with Puppeteer.", From 6e43e87fc8350d1e51651e28edcce06f8773aeea Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Thu, 9 Apr 2026 16:11:31 -0500 Subject: [PATCH 02/39] =?UTF-8?q?Add=20box=20plugin=20(box/box-for-ai)=20?= =?UTF-8?q?=E2=80=94=20first-party=20skills=20plugin=20for=20Box=20Platfor?= =?UTF-8?q?m=20integrations.=20(#1286)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Claude Opus 4.6 (1M context) --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index b45bf14..3aa3848 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -147,6 +147,17 @@ }, "homepage": "https://github.com/awslabs/agent-plugins" }, + { + "name": "box", + "description": "Work with your Box content directly from Claude Code — search files, organize folders, collaborate with your team, and use Box AI to answer questions, summarize documents, and extract data without leaving your workflow.", + "category": "productivity", + "source": { + "source": "url", + "url": "https://github.com/box/box-for-ai.git", + "sha": "6f4ec3549f3e869b115628403555b1c9220b2b34" + }, + "homepage": "https://github.com/box/box-for-ai" + }, { "name": "brightdata-plugin", "description": "Web scraping, Google search, structured data extraction, and MCP server integration powered by Bright Data. Includes 7 skills: scrape any webpage as markdown (with bot detection/CAPTCHA bypass), search Google with structured JSON results, extract data from 40+ websites (Amazon, LinkedIn, Instagram, TikTok, YouTube, and more), orchestrate Bright Data's 60+ MCP tools, built-in best practices for Web Unlocker, SERP API, Web Scraper API, and Browser API, Python SDK best practices for the brightda...", From 9dc3809e747a4e7fd4a3dee56501e4f711693901 Mon Sep 17 00:00:00 2001 From: Thariq Shihipar Date: Thu, 9 Apr 2026 19:07:37 -0700 Subject: [PATCH 03/39] Add per-day session timeline and collapse cache-breaks list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - analyze-sessions.mjs: track per-session start/end/tokens and emit by_day[] in JSON output (date, dow, tokens, peak concurrency, per-session spans). Hoist shared token-sum in commit loop. - template.html: new "session timeline by day" section — horizontal day pills (% of total + session count) drive a lane-packed gantt of concurrent sessions, colored by project, with hover details and ←/→ keyboard nav. Extract drillList() helper and use it for both top-prompts and cache-breaks (5 visible + "show more" toggle). --- .../session-report/analyze-sessions.mjs | 69 +++++- .../skills/session-report/template.html | 197 ++++++++++++++---- 2 files changed, 215 insertions(+), 51 deletions(-) diff --git a/plugins/session-report/skills/session-report/analyze-sessions.mjs b/plugins/session-report/skills/session-report/analyze-sessions.mjs index 7ea712a..1a5e593 100644 --- a/plugins/session-report/skills/session-report/analyze-sessions.mjs +++ b/plugins/session-report/skills/session-report/analyze-sessions.mjs @@ -166,6 +166,7 @@ const toolUseIdToPrompt = new Map() // tool_use id -> promptKey (Agent spawned d const agentIdToPrompt = new Map() // agentId -> promptKey const prompts = new Map() // promptKey -> { text, ts, project, sessionId, ...usage } const sessionTurns = new Map() // sessionId -> [promptKey, ...] in transcript order +const sessionSpans = new Map() // sessionId -> {project, firstTs, lastTs, tokens} function promptRecord(key, init) { let r = prompts.get(key) @@ -333,11 +334,29 @@ async function processFile(p, info, buckets) { } } + // session span (for by_day timeline) — subagent files roll into parent sessionId + let span = sessionSpans.get(info.sessionId) + if (!span) { + span = { project: info.project, firstTs: null, lastTs: null, tokens: 0 } + sessionSpans.set(info.sessionId, span) + } + if (firstTs !== null) { + if (span.firstTs === null || firstTs < span.firstTs) span.firstTs = firstTs + if (span.lastTs === null || lastTs > span.lastTs) span.lastTs = lastTs + } + // commit API calls for (const [key, { usage, ts, skill, prompt }] of fileApiCalls) { if (key && seenRequestIds.has(key)) continue seenRequestIds.add(key) + const tot = + (usage.input_tokens || 0) + + (usage.cache_creation_input_tokens || 0) + + (usage.cache_read_input_tokens || 0) + + (usage.output_tokens || 0) + span.tokens += tot + const targets = [overall, project] if (subagent) targets.push(subagent) if (skill && skillStats) { @@ -359,11 +378,6 @@ async function processFile(p, info, buckets) { // subagent token accounting on parent buckets if (info.kind === 'subagent') { - const tot = - (usage.input_tokens || 0) + - (usage.cache_creation_input_tokens || 0) + - (usage.cache_read_input_tokens || 0) + - (usage.output_tokens || 0) overall.subagentTokens += tot project.subagentTokens += tot if (subagent) subagent.subagentTokens += tot @@ -656,10 +670,55 @@ function printJson({ overall, perProject, perSubagent, perSkill }) { [...perSkill].map(([k, v]) => [k, summarize(v)]), ), top_prompts: topPrompts(100), + by_day: buildByDay(), } process.stdout.write(JSON.stringify(out, null, 2) + '\n') } +// Group sessions into local-date buckets for the timeline view. A session is +// placed on the day its first message landed; tokens for that session (incl. +// subagents) count toward that day even if it ran past midnight. +function buildByDay() { + const DOW = ['Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat'] + const days = new Map() // yyyy-mm-dd -> {date, dow, tokens, sessions:[]} + for (const [id, s] of sessionSpans) { + if (s.firstTs === null || s.tokens === 0) continue + const d0 = new Date(s.firstTs) + const key = `${d0.getFullYear()}-${String(d0.getMonth() + 1).padStart(2, '0')}-${String(d0.getDate()).padStart(2, '0')}` + let day = days.get(key) + if (!day) { + day = { date: key, dow: DOW[d0.getDay()], tokens: 0, sessions: [] } + days.set(key, day) + } + const base = new Date( + d0.getFullYear(), + d0.getMonth(), + d0.getDate(), + ).getTime() + day.tokens += s.tokens + day.sessions.push({ + id, + project: s.project, + tokens: s.tokens, + start_min: Math.max(0, Math.round((s.firstTs - base) / 60000)), + end_min: Math.max(1, Math.round((s.lastTs - base) / 60000)), + }) + } + for (const d of days.values()) { + // peak concurrency via 10-min buckets, capped at 24h for display + const b = new Array(144).fill(0) + for (const s of d.sessions) { + const lo = Math.min(143, Math.floor(s.start_min / 10)) + const hi = Math.min(144, Math.ceil(Math.min(s.end_min, 1440) / 10)) + for (let i = lo; i < hi; i++) b[i]++ + } + d.peak = Math.max(0, ...b) + d.peak_at_min = d.peak > 0 ? b.indexOf(d.peak) * 10 : 0 + d.sessions.sort((a, b) => a.start_min - b.start_min) + } + return [...days.values()].sort((a, b) => a.date.localeCompare(b.date)) +} + function promptTotal(r) { return ( r.inputUncached + r.inputCacheCreate + r.inputCacheRead + r.outputTokens diff --git a/plugins/session-report/skills/session-report/template.html b/plugins/session-report/skills/session-report/template.html index 7a89e97..98a9910 100644 --- a/plugins/session-report/skills/session-report/template.html +++ b/plugins/session-report/skills/session-report/template.html @@ -102,6 +102,42 @@ color: var(--dim); margin: 6px 0; } .callout b, .callout code { color: var(--term-fg); } + /* ——— day pills + session gantt ——— */ + .days { display: flex; gap: 8px; flex-wrap: wrap; margin-bottom: 14px; } + .dpill { flex: 1; min-width: 84px; max-width: 140px; background: none; + border: 1px solid var(--subtle); border-radius: 4px; + padding: 9px 6px; font: inherit; color: var(--dim); + cursor: pointer; text-align: center; } + .dpill:hover { border-color: var(--dim); background: var(--hover); } + .dpill .dow { font-size: 10px; color: var(--subtle); display: block; } + .dpill .date { font-size: 11px; color: var(--term-fg); font-weight: 500; + display: block; margin: 2px 0 4px; } + .dpill .pct { font-size: 16px; font-weight: 700; color: var(--term-fg); display: block; } + .dpill .ns { font-size: 10px; color: var(--subtle); display: block; margin-top: 2px; } + .dpill.heaviest .pct { color: var(--clay); } + .dpill.sel { border-color: var(--clay); background: rgba(217,119,87,0.10); } + .gantt-hd { display: flex; justify-content: space-between; align-items: baseline; + margin-bottom: 6px; } + .gantt-hd .day { color: var(--term-fg); font-weight: 500; } + .gantt-hd .stats { font-size: 11px; color: var(--dim); } + .gantt-hd .stats b { color: var(--clay); } + .gantt { position: relative; border-top: 1px solid var(--outline); + border-bottom: 1px solid var(--outline); min-height: 32px; } + .lane { position: relative; height: 16px; + border-bottom: 1px dashed rgba(255,255,255,0.04); } + .seg { position: absolute; top: 2px; height: 12px; border-radius: 2px; + opacity: .85; cursor: crosshair; } + .seg:hover { opacity: 1; outline: 1px solid var(--term-fg); z-index: 2; } + .gantt-rule { position: absolute; top: 0; bottom: 0; width: 0; + border-left: 1px dashed var(--subtle); opacity: .4; + pointer-events: none; } + .gantt-axis { display: flex; justify-content: space-between; + font-size: 10px; color: var(--subtle); padding: 4px 0; } + .gantt-leg { font-size: 10px; color: var(--subtle); margin-top: 8px; + display: flex; gap: 14px; flex-wrap: wrap; } + .gantt-leg .sw { display: inline-block; width: 14px; height: 10px; + border-radius: 2px; vertical-align: middle; margin-right: 4px; } + /* ——— block-char bars ——— */ .bar { display: grid; grid-template-columns: 26ch 1fr 8ch; gap: 14px; padding: 2px 0; align-items: center; } @@ -231,6 +267,21 @@
+
+
+

session timeline by dayclick a day · ←/→ to navigate

+
+
+
+ + +
+
00:0006:0012:0018:0024:00
+
+
+
+
+

most expensive promptsclick to expand context

@@ -335,6 +386,65 @@ `
${typeof v==='number'&&v>=1e4?fmt(v):v}
`+ (d?`
${d}
`:'')+``).join(''); + // session timeline by day + (function() { + const days = (DATA.by_day||[]).slice(-14); + if (!days.length) { $('timeline-section').style.display='none'; return; } + const PCOL = ['rgb(177,185,249)','rgb(78,186,101)','#D97757','rgb(255,193,7)', + 'rgb(255,107,128)','#9b8cff','#6ec1d6','#c792ea']; + const dayTotal = days.reduce((a,d)=>a+d.tokens,0) || 1; + const tokMax = Math.max(...days.map(d=>d.tokens)); + const projects = [...new Set(days.flatMap(d=>d.sessions.map(s=>s.project)))]; + const colorOf = p => PCOL[projects.indexOf(p)%PCOL.length]; + const hhmm = m => (m>=1440?`+${Math.floor(m/1440)}d `:'') + + `${String(Math.floor(m/60)%24).padStart(2,'0')}:${String(m%60).padStart(2,'0')}`; + const md = iso => { const [,mo,da]=iso.split('-'); return `${MON[+mo-1]} ${+da}`; }; + let sel = days.findIndex(d=>d.tokens===tokMax); + + function pills() { + $('day-pills').innerHTML = days.map((d,i)=> + `` + ).join(''); + $('day-pills').querySelectorAll('.dpill').forEach(el=> + el.onclick=()=>{sel=+el.dataset.i;pills();gantt();}); + } + function gantt() { + const d = days[sel], DAY = 1440; + $('g-day').textContent = `${d.dow} ${md(d.date)}`; + $('g-stats').innerHTML = `${d.sessions.length} sessions · ${fmt(d.tokens)} tokens`+ + ` · peak ${d.peak} concurrent at ${hhmm(d.peak_at_min)}`; + const lanes = []; + for (const s of d.sessions) { + let placed = false; + for (const L of lanes) if (L[L.length-1].end_min <= s.start_min) { L.push(s); placed=true; break; } + if (!placed) lanes.push([s]); + } + let h = ''; + for (let t=0;t<=24;t+=6) h += `
`; + h += lanes.map(L=>`
${L.map(s=>{ + const end = Math.min(s.end_min, DAY); + const w = Math.max(0.15, 100*(end-s.start_min)/DAY); + const tip = `folder: ${short(s.project)}\n`+ + `${hhmm(s.start_min)}–${hhmm(s.end_min)} · ${fmt(s.tokens)} tokens\n`+ + `session ${s.id}`; + return ``; + }).join('')}
`).join(''); + $('gantt').innerHTML = h || '
no sessions
'; + } + document.addEventListener('keydown',e=>{ + if (e.key==='ArrowRight'&&sel0){sel--;pills();gantt();e.preventDefault();} + }); + $('gantt-leg').innerHTML = projects.slice(0,12).map(p=> + `${esc(short(p))}`).join(''); + pills(); gantt(); + })(); + // block-char project bars (function() { const W = 48; @@ -366,57 +476,52 @@ return h + ''; } - // top prompts — share of grand total - (function() { - const ps = (DATA.top_prompts||[]).slice(0,100); + // expandable drill-down list with "show N more" toggle + function drillList(hostId, items, rowFn, empty) { const SHOW = 5; - const row = p => { - const inTot = p.input.uncached+p.input.cache_create+p.input.cache_read; - return `
`+ - `${share(p.total_tokens)}`+ - `${esc(p.text)}`+ - `${niceDate(p.ts)} · ${esc(short(p.project))} · ${p.api_calls} calls`+ - (p.subagent_calls?` · ${p.subagent_calls} subagents`:'')+ - ` · ${pct(p.input.cache_read,inTot)} cached`+ - `
`+ - renderContext(p.context)+ - `
session ${esc(p.session)}
`+ - `
in: uncached ${fmt(p.input.uncached)} · cache-create ${fmt(p.input.cache_create)} · `+ - `cache-read ${fmt(p.input.cache_read)} · out ${fmt(p.output)}
`+ - `
`; - }; - const head = ps.slice(0,SHOW).map(row).join(''); - const rest = ps.slice(SHOW).map(row).join(''); - $('top-prompts').innerHTML = ps.length - ? head + (rest - ? ``+ - `` - : '') - : '
No prompts in range.
'; - const btn = $('tp-more'); + const host = $(hostId); + if (!items.length) { host.innerHTML = `
${empty}
`; return; } + const head = items.slice(0,SHOW).map(rowFn).join(''); + const rest = items.slice(SHOW).map(rowFn).join(''); + host.innerHTML = head + (rest + ? `` + : ''); + const btn = host.querySelector('.more-btn'); if (btn) btn.onclick = () => { - const r = $('tp-rest'); r.hidden = !r.hidden; - btn.textContent = r.hidden ? `show ${ps.length-SHOW} more` : 'show less'; + const r = btn.previousElementSibling; r.hidden = !r.hidden; + btn.textContent = r.hidden ? `show ${items.length-SHOW} more` : 'show less'; }; - })(); + } - // cache breaks - (function() { - const bs = (DATA.cache_breaks||[]).slice(0,100); - $('cache-breaks').innerHTML = bs.map(b => - `
`+ - `${fmt(b.uncached)}`+ - `${esc(short(b.project))} · `+ - `${b.kind==='subagent'?esc(b.agentType||'subagent'):'main'}`+ - `${niceDate(b.ts)} · ${pct(b.uncached,b.total)} of ${fmt(b.total)} uncached`+ + drillList('top-prompts', (DATA.top_prompts||[]).slice(0,100), p => { + const inTot = p.input.uncached+p.input.cache_create+p.input.cache_read; + return `
`+ + `${share(p.total_tokens)}`+ + `${esc(p.text)}`+ + `${niceDate(p.ts)} · ${esc(short(p.project))} · ${p.api_calls} calls`+ + (p.subagent_calls?` · ${p.subagent_calls} subagents`:'')+ + ` · ${pct(p.input.cache_read,inTot)} cached`+ `
`+ - renderContext(b.context, - `
${fmt(b.uncached)} uncached `+ - `(${pct(b.uncached,b.total)} of ${fmt(b.total)}) — cache break here
`)+ - `
session ${esc(b.session)}
`+ - `
` - ).join('') || '
No cache breaks over threshold.
'; - })(); + renderContext(p.context)+ + `
session ${esc(p.session)}
`+ + `
in: uncached ${fmt(p.input.uncached)} · cache-create ${fmt(p.input.cache_create)} · `+ + `cache-read ${fmt(p.input.cache_read)} · out ${fmt(p.output)}
`+ + `
`; + }, 'No prompts in range.'); + + drillList('cache-breaks', (DATA.cache_breaks||[]).slice(0,100), b => + `
`+ + `${fmt(b.uncached)}`+ + `${esc(short(b.project))} · `+ + `${b.kind==='subagent'?esc(b.agentType||'subagent'):'main'}`+ + `${niceDate(b.ts)} · ${pct(b.uncached,b.total)} of ${fmt(b.total)} uncached`+ + `
`+ + renderContext(b.context, + `
${fmt(b.uncached)} uncached `+ + `(${pct(b.uncached,b.total)} of ${fmt(b.total)}) — cache break here
`)+ + `
session ${esc(b.session)}
`+ + `
`, + 'No cache breaks over threshold.'); // sortable table function table(el, cols, rows) { From 58578a456a83f3480a5fe21f8b8cfdd38dfa3152 Mon Sep 17 00:00:00 2001 From: Noah Zweben Date: Fri, 10 Apr 2026 12:01:01 -0700 Subject: [PATCH 04/39] fix(telegram): prevent zombie pollers from blocking new sessions with 409 Conflict (#1349) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix(telegram): prevent zombie pollers from blocking new sessions The MCP server runs as a grandchild of the CLI (via `bun run start` → shell → `bun server.ts`). When the CLI is killed uncleanly (SIGKILL, crash, terminal close), the grandchild survives as an orphan and keeps long-polling getUpdates indefinitely. Telegram allows only one consumer per token, so every subsequent session sees 409 Conflict and the existing retry loop spins forever. Three layered mitigations: - PID lockfile (STATE_DIR/bot.pid): on startup, SIGTERM any stale holder before claiming the slot, so a fresh session always wins. - Orphan watchdog: every 5s check for parent reparenting (POSIX ppid change) or a dead stdin pipe, and self-terminate. Covers cases where the existing stdin end/close events never fire through the wrapper. - 409 retry cap: give up after 8 attempts (~28s) instead of looping forever, and bail immediately if shutdown has begun. Also adds a SIGHUP handler and removes the pidfile on clean shutdown (only if still owned by this process). * chore(telegram): bump version to 0.0.5 --------- Co-authored-by: Claude --- .../telegram/.claude-plugin/plugin.json | 2 +- external_plugins/telegram/server.ts | 40 +++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/external_plugins/telegram/.claude-plugin/plugin.json b/external_plugins/telegram/.claude-plugin/plugin.json index 2763481..9e3c96a 100644 --- a/external_plugins/telegram/.claude-plugin/plugin.json +++ b/external_plugins/telegram/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "telegram", "description": "Telegram channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.", - "version": "0.0.4", + "version": "0.0.5", "keywords": [ "telegram", "messaging", diff --git a/external_plugins/telegram/server.ts b/external_plugins/telegram/server.ts index 3211bba..6a07e35 100644 --- a/external_plugins/telegram/server.ts +++ b/external_plugins/telegram/server.ts @@ -51,6 +51,22 @@ if (!TOKEN) { process.exit(1) } const INBOX_DIR = join(STATE_DIR, 'inbox') +const PID_FILE = join(STATE_DIR, 'bot.pid') + +// Telegram allows exactly one getUpdates consumer per token. If a previous +// session crashed (SIGKILL, terminal closed) its server.ts grandchild can +// survive as an orphan and hold the slot forever, so every new session sees +// 409 Conflict. Kill any stale holder before we start polling. +mkdirSync(STATE_DIR, { recursive: true, mode: 0o700 }) +try { + const stale = parseInt(readFileSync(PID_FILE, 'utf8'), 10) + if (stale > 1 && stale !== process.pid) { + process.kill(stale, 0) + process.stderr.write(`telegram channel: replacing stale poller pid=${stale}\n`) + process.kill(stale, 'SIGTERM') + } +} catch {} +writeFileSync(PID_FILE, String(process.pid)) // Last-resort safety net — without these the process dies silently on any // unhandled promise rejection. With them it logs and keeps serving tools. @@ -621,6 +637,9 @@ function shutdown(): void { if (shuttingDown) return shuttingDown = true process.stderr.write('telegram channel: shutting down\n') + try { + if (parseInt(readFileSync(PID_FILE, 'utf8'), 10) === process.pid) rmSync(PID_FILE) + } catch {} // bot.stop() signals the poll loop to end; the current getUpdates request // may take up to its long-poll timeout to return. Force-exit after 2s. setTimeout(() => process.exit(0), 2000) @@ -630,6 +649,19 @@ process.stdin.on('end', shutdown) process.stdin.on('close', shutdown) process.on('SIGTERM', shutdown) process.on('SIGINT', shutdown) +process.on('SIGHUP', shutdown) + +// Orphan watchdog: stdin events above don't reliably fire when the parent +// chain (`bun run` wrapper → shell → us) is severed by a crash. Poll for +// reparenting (POSIX) or a dead stdin pipe and self-terminate. +const bootPpid = process.ppid +setInterval(() => { + const orphaned = + (process.platform !== 'win32' && process.ppid !== bootPpid) || + process.stdin.destroyed || + process.stdin.readableEnded + if (orphaned) shutdown() +}, 5000).unref() // Commands are DM-only. Responding in groups would: (1) leak pairing codes via // /status to other group members, (2) confirm bot presence in non-allowlisted @@ -975,7 +1007,15 @@ void (async () => { }) return // bot.stop() was called — clean exit from the loop } catch (err) { + if (shuttingDown) return if (err instanceof GrammyError && err.error_code === 409) { + if (attempt >= 8) { + process.stderr.write( + `telegram channel: 409 Conflict persists after ${attempt} attempts — ` + + `another poller is holding the bot token (stray 'bun server.ts' process or a second session). Exiting.\n`, + ) + return + } const delay = Math.min(1000 * attempt, 15000) const detail = attempt === 1 ? ' — another instance is polling (zombie session, or a second Claude Code running?)' From d19dab67e891a932a78d68ccc63b6580d4692c65 Mon Sep 17 00:00:00 2001 From: Noah Zweben Date: Fri, 10 Apr 2026 12:46:37 -0700 Subject: [PATCH 05/39] Add Apache 2.0 LICENSE to session-report plugin (#1306) Co-authored-by: Claude --- plugins/session-report/LICENSE | 202 +++++++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 plugins/session-report/LICENSE diff --git a/plugins/session-report/LICENSE b/plugins/session-report/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/plugins/session-report/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From 76f1e09f075cf075980926ba5194bb727074bf77 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 16:51:53 -0500 Subject: [PATCH 06/39] Add pydantic-ai plugin (#1202) --- .claude-plugin/marketplace.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 3aa3848..10dafa0 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1013,6 +1013,18 @@ }, "homepage": "https://www.accoil.com/product-tracking" }, + { + "name": "pydantic-ai", + "description": "Write accurate Pydantic AI code from the start. Up-to-date patterns, decision trees, and common gotchas for agents, tools, structured output, streaming, and multi-agent apps.", + "category": "development", + "source": { + "source": "git-subdir", + "url": "pydantic/skills", + "path": "plugins/ai", + "ref": "main" + }, + "homepage": "https://github.com/pydantic/skills/tree/main/plugins/ai" + }, { "name": "pyright-lsp", "description": "Python language server (Pyright) for type checking and code intelligence", From 5c6c90c1bd3302d173ef85009412b454f2434a81 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 16:52:19 -0500 Subject: [PATCH 07/39] Remove SHA pin from sonarqube-agent-plugins entry (#1311) Allow SonarSource to ship updates without requiring SHA bump PRs. The plugin tracks the default branch (main) going forward. Co-authored-by: Claude Opus 4.6 (1M context) --- .claude-plugin/marketplace.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 10dafa0..0014009 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1263,8 +1263,7 @@ "category": "security", "source": { "source": "url", - "url": "https://github.com/SonarSource/sonarqube-agent-plugins.git", - "sha": "0cae644cee9318e6245b62ca779abdc60e6daa49" + "url": "https://github.com/SonarSource/sonarqube-agent-plugins.git" }, "homepage": "https://github.com/SonarSource/sonarqube-agent-plugins" }, From 23a9a10ff72424b6daee618958c67e1b786b8589 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 16:52:30 -0500 Subject: [PATCH 08/39] Add azure-cosmos-db-assistant plugin (#1291) --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 0014009..e4472fb 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -147,6 +147,17 @@ }, "homepage": "https://github.com/awslabs/agent-plugins" }, + { + "name": "azure-cosmos-db-assistant", + "source": { + "source": "url", + "url": "https://github.com/AzureCosmosDB/cosmosdb-claude-code-plugin.git", + "sha": "56e6da0cae93cdee8bcfa5e624ecdd9a0a483181" + }, + "description": "Expert assistant for Azure Cosmos DB — data modeling, query optimization, performance tuning, and best practices.", + "category": "database", + "homepage": "https://github.com/AzureCosmosDB/cosmosdb-claude-code-plugin" + }, { "name": "box", "description": "Work with your Box content directly from Claude Code — search files, organize folders, collaborate with your team, and use Box AI to answer questions, summarize documents, and extract data without leaving your workflow.", From 95f807ee6cad0a7862361e535342a242f2f2870c Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 16:52:42 -0500 Subject: [PATCH 09/39] Add cloudflare plugin (#1290) --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index e4472fb..f0e1dc4 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -264,6 +264,17 @@ "category": "productivity", "homepage": "https://github.com/anthropics/claude-plugins-official/tree/main/plugins/claude-md-management" }, + { + "name": "cloudflare", + "source": { + "source": "url", + "url": "https://github.com/cloudflare/skills.git", + "sha": "5ec03da67e230df52b698255c8e5979dc9b124b6" + }, + "description": "Skills for the Cloudflare developer platform: Workers, Durable Objects, Agents SDK, MCP servers, Wrangler CLI, and web performance.", + "category": "deployment", + "homepage": "https://github.com/cloudflare/skills" + }, { "name": "cloudinary", "description": "Use Cloudinary directly in Claude. Manage assets, apply transformations, optimize media, and more through natural conversation.", From d4e6f609d85406eb12ad63e1a7980acb1fe6823a Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 16:52:48 -0500 Subject: [PATCH 10/39] Add amplitude plugin (#1289) --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index f0e1dc4..ed7566e 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -73,6 +73,17 @@ }, "homepage": "https://github.com/awslabs/agent-plugins" }, + { + "name": "amplitude", + "source": { + "source": "url", + "url": "https://github.com/amplitude/mcp-marketplace.git", + "sha": "be54ccb66b10593721dd3a31e47b2db20ea02d2f" + }, + "description": "Use Amplitude as an expert analyst — instrument Amplitude, discover product opportunities, analyze charts, create dashboards, manage experiments, and understand users and accounts.", + "category": "monitoring", + "homepage": "https://github.com/amplitude/mcp-marketplace" + }, { "name": "asana", "description": "Asana project management integration. Create and manage tasks, search projects, update assignments, track progress, and integrate your development workflow with Asana's work management platform.", From 9a6b30ebb414794861cdafac6d2665f7f827659a Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 16:55:24 -0500 Subject: [PATCH 11/39] =?UTF-8?q?Rename=20sanity-plugin=20=E2=86=92=20sani?= =?UTF-8?q?ty=20(#1236)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Developer requested slug change from sanity-plugin to sanity. Co-authored-by: Claude Opus 4.6 (1M context) --- .claude-plugin/marketplace.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index ed7566e..0253bd0 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1193,7 +1193,7 @@ } }, { - "name": "sanity-plugin", + "name": "sanity", "description": "Sanity content platform integration with MCP server, agent skills, and slash commands. Query and author content, build and optimize GROQ queries, design schemas, and set up Visual Editing.", "category": "development", "author": { From 9fc974ef8be9778b19272251709bdf00ae21c259 Mon Sep 17 00:00:00 2001 From: Tobin South Date: Fri, 10 Apr 2026 15:02:18 -0700 Subject: [PATCH 12/39] Remove hosted slack plugin stub (#1305) Co-authored-by: Claude --- external_plugins/slack/.claude-plugin/plugin.json | 7 ------- external_plugins/slack/.mcp.json | 10 ---------- 2 files changed, 17 deletions(-) delete mode 100644 external_plugins/slack/.claude-plugin/plugin.json delete mode 100644 external_plugins/slack/.mcp.json diff --git a/external_plugins/slack/.claude-plugin/plugin.json b/external_plugins/slack/.claude-plugin/plugin.json deleted file mode 100644 index 0cfb22c..0000000 --- a/external_plugins/slack/.claude-plugin/plugin.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "slack", - "description": "Slack workspace integration. Search messages, access channels, read threads, and stay connected with your team's communications while coding. Find relevant discussions and context quickly.", - "author": { - "name": "Slack" - } -} diff --git a/external_plugins/slack/.mcp.json b/external_plugins/slack/.mcp.json deleted file mode 100644 index dae2c58..0000000 --- a/external_plugins/slack/.mcp.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "slack": { - "type": "http", - "url": "https://mcp.slack.com/mcp", - "oauth": { - "clientId": "1601185624273.8899143856786", - "callbackPort": 3118 - } - } -} From 7ed523140f506611c968a0ec32e1dfc40a1d5673 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 10 Apr 2026 17:39:06 -0500 Subject: [PATCH 13/39] Add spotify-ads-api plugin (#1351) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Partner escalation from #plugin-partner-escalations (Lucas Smedley). Spotify Ads Manager — skills-only plugin for managing ad campaigns via Claude Code. Already published in community marketplace. Co-authored-by: Claude Opus 4.6 (1M context) --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 0253bd0..9b72188 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1321,6 +1321,17 @@ }, "homepage": "https://sourcegraph.com" }, + { + "name": "spotify-ads-api", + "description": "Manage Spotify ad campaigns with natural language. Create campaigns, ad sets, ads, pull reports, and handle OAuth — all through conversation.", + "category": "productivity", + "source": { + "source": "url", + "url": "https://github.com/spotify/ads-claude-plugin.git", + "sha": "a4bce9912db071d47dfb410086a48004e0539efa" + }, + "homepage": "https://github.com/spotify/ads-claude-plugin" + }, { "name": "stagehand", "description": "Browser automation skill for Claude Code using Stagehand. Automate web interactions, extract data, and navigate websites using natural language.", From 656b617198e18fa24a9d6ae9209006e6d3857633 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Mon, 13 Apr 2026 11:24:33 -0500 Subject: [PATCH 14/39] Add base44 plugin (#1389) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Official Base44 plugin — full-stack app development with CLI project management and JavaScript/TypeScript SDK skills. MIT licensed, skills-only (no MCP server). Partner escalation from #plugin-partner-escalations. Already merged on -internal (PR #1466, 2026-04-07). --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9b72188..c945258 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -169,6 +169,17 @@ "category": "database", "homepage": "https://github.com/AzureCosmosDB/cosmosdb-claude-code-plugin" }, + { + "name": "base44", + "description": "Build and deploy Base44 full-stack apps with CLI project management and JavaScript/TypeScript SDK development skills", + "category": "development", + "source": { + "source": "url", + "url": "https://github.com/base44/skills.git", + "sha": "c7039b37eca0e2916a565a7395040c00055bcf8b" + }, + "homepage": "https://docs.base44.com" + }, { "name": "box", "description": "Work with your Box content directly from Claude Code — search files, organize folders, collaborate with your team, and use Box AI to answer questions, summarize documents, and extract data without leaving your workflow.", From 3ffb4b4ca81f0da4ac92062bf93d7a2702abcd5a Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Mon, 13 Apr 2026 13:41:08 -0500 Subject: [PATCH 15/39] Add adlc plugin (#1394) --- .claude-plugin/marketplace.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index c945258..9e79f08 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -7,6 +7,16 @@ "email": "support@anthropic.com" }, "plugins": [ + { + "name": "adlc", + "description": "Agentforce Agent Development Life Cycle — author, discover, scaffold, deploy, test, and optimize .agent files", + "category": "development", + "source": { + "source": "url", + "url": "https://github.com/SalesforceAIResearch/agentforce-adlc.git" + }, + "homepage": "https://github.com/SalesforceAIResearch/agentforce-adlc" + }, { "name": "adspirer-ads-agent", "description": "Cross-platform ad management for Google Ads, Meta Ads, TikTok Ads, and LinkedIn Ads. 91 tools for keyword research, campaign creation, performance analysis, and budget optimization.", From c5b7657350cde8b249a536ef24b9c0e4025b998d Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Mon, 13 Apr 2026 18:00:31 -0500 Subject: [PATCH 16/39] Add azure-skills plugin --- .claude-plugin/marketplace.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9e79f08..f9437de 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -179,6 +179,17 @@ "category": "database", "homepage": "https://github.com/AzureCosmosDB/cosmosdb-claude-code-plugin" }, + { + "name": "azure-skills", + "description": "Microsoft Azure MCP integration for cloud resource management, deployments, and Azure services. Manage your Azure infrastructure, monitor applications, and deploy resources directly from Claude Code.", + "category": "deployment", + "source": { + "source": "url", + "url": "https://github.com/microsoft/azure-skills.git", + "sha": "6ffe5ea548bae9679c4eb4f5c82c51db3527d58c" + }, + "homepage": "https://github.com/microsoft/azure-skills" + }, { "name": "base44", "description": "Build and deploy Base44 full-stack apps with CLI project management and JavaScript/TypeScript SDK development skills", From 0de7a91403cc14e6456fa0fd9b77ecba5e3a98e9 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Mon, 13 Apr 2026 18:00:49 -0500 Subject: [PATCH 17/39] Add dataverse plugin --- .claude-plugin/marketplace.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9e79f08..79416fd 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -421,6 +421,19 @@ }, "homepage": "https://github.com/astronomer/agents" }, + { + "name": "dataverse", + "description": "Agent skills for building on, analyzing, and managing Microsoft Dataverse — with Dataverse MCP, PAC CLI, and Python SDK.", + "category": "database", + "source": { + "source": "git-subdir", + "url": "https://github.com/microsoft/Dataverse-skills.git", + "path": ".github/plugins/dataverse", + "ref": "main", + "sha": "87bc55342e6313a5677f00d3e5e574b441ae60bb" + }, + "homepage": "https://github.com/microsoft/Dataverse-skills" + }, { "name": "deploy-on-aws", "description": "Deploy applications to AWS with architecture recommendations, cost estimates, and IaC deployment.", From 173bd29be333793924f8567d3975ade2ee247260 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 07:39:11 -0500 Subject: [PATCH 18/39] =?UTF-8?q?Update=20sonarqube=20plugin=20entry=20?= =?UTF-8?q?=E2=80=94=20rename,=20author,=20description?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .claude-plugin/marketplace.json | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9e79f08..e65b137 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1312,14 +1312,17 @@ "homepage": "https://github.com/slackapi/slack-mcp-plugin/tree/main" }, { - "name": "sonarqube-agent-plugins", - "description": "Integrate SonarQube code quality and security analysis into Claude Code: namespaced slash commands, a guided skill to setup the SonarQube CLI, and a startup check for CLI wiring. MCP server registration and secrets-scanning hooks are installed by the SonarQube CLI as part of setup.", + "name": "sonarqube", + "description": "Automatically enforce SonarQube code quality and security in the agent coding loop — 7,000+ rules, secrets scanning, agentic analysis, and quality gates across 40+ languages. PostToolUse hooks run analysis after every file edit. Pre-tool secrets scanning prevents 450+ patterns from reaching the LLM. Slash commands give on-demand access to quality gate status, coverage, duplication, and dependency risks. Includes SonarQube CLI, MCP Server, skills, hooks, and slash commands.", + "author": { + "name": "SonarSource" + }, "category": "security", "source": { "source": "url", "url": "https://github.com/SonarSource/sonarqube-agent-plugins.git" }, - "homepage": "https://github.com/SonarSource/sonarqube-agent-plugins" + "homepage": "https://www.sonarsource.com" }, { "name": "sonatype-guide", From 622ef853238f326336ef0d95bb464c4c5aa263dc Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 07:52:48 -0500 Subject: [PATCH 19/39] Add shopify plugin --- .claude-plugin/marketplace.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9e79f08..8ed5aa1 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1311,6 +1311,19 @@ }, "homepage": "https://github.com/slackapi/slack-mcp-plugin/tree/main" }, + { + "name": "shopify", + "description": "Shopify developer tools for Claude Code — search Shopify docs, generate and validate GraphQL, Liquid, and UI extension code", + "author": { + "name": "Shopify" + }, + "category": "development", + "source": { + "source": "url", + "url": "https://github.com/Shopify/shopify-plugins.git" + }, + "homepage": "https://shopify.dev/docs/apps/build/devmcp" + }, { "name": "sonarqube-agent-plugins", "description": "Integrate SonarQube code quality and security analysis into Claude Code: namespaced slash commands, a guided skill to setup the SonarQube CLI, and a startup check for CLI wiring. MCP server registration and secrets-scanning hooks are installed by the SonarQube CLI as part of setup.", From fb48c3af93ade6dbe0400fcc4e62db43f7972bad Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 09:42:49 -0500 Subject: [PATCH 20/39] Update nimble plugin: remove SHA pin Allow Nimble to resolve from latest HEAD rather than a pinned commit. --- .claude-plugin/marketplace.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9e79f08..9af4334 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -886,8 +886,7 @@ "description": "Nimble web data toolkit — search, extract, map, crawl the web and work with structured data agents", "source": { "source": "url", - "url": "https://github.com/Nimbleway/agent-skills.git", - "sha": "cf391e95bd8ac009e3641f172434a1d130dde7fe" + "url": "https://github.com/Nimbleway/agent-skills.git" }, "homepage": "https://docs.nimbleway.com/integrations/agent-skills/plugin-installation" }, From c28404f8181b78cb5b60e03c5763b5d75db9e1d6 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 11:29:03 -0500 Subject: [PATCH 21/39] Add bigdata-com plugin --- .claude-plugin/marketplace.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9e79f08..48015a4 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -190,6 +190,21 @@ }, "homepage": "https://docs.base44.com" }, + { + "name": "bigdata-com", + "description": "Official Bigdata.com plugin providing financial research, analytics, and intelligence tools powered by Bigdata MCP.", + "author": { + "name": "RavenPack" + }, + "category": "database", + "source": { + "source": "git-subdir", + "url": "Bigdata-com/bigdata-plugins-marketplace", + "path": "plugins/bigdata-com", + "ref": "main" + }, + "homepage": "https://docs.bigdata.com" + }, { "name": "box", "description": "Work with your Box content directly from Claude Code — search files, organize folders, collaborate with your team, and use Box AI to answer questions, summarize documents, and extract data without leaving your workflow.", From e8fb9898a67e75980e811301f60c46d9e977c7b1 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 11:39:57 -0500 Subject: [PATCH 22/39] Fix sort order: move shopify before skill-creator --- .claude-plugin/marketplace.json | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 8ed5aa1..6b9e489 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1290,6 +1290,19 @@ "category": "productivity", "homepage": "https://github.com/anthropics/claude-plugins-official/tree/main/plugins/session-report" }, + { + "name": "shopify", + "description": "Shopify developer tools for Claude Code — search Shopify docs, generate and validate GraphQL, Liquid, and UI extension code", + "author": { + "name": "Shopify" + }, + "category": "development", + "source": { + "source": "url", + "url": "https://github.com/Shopify/shopify-plugins.git" + }, + "homepage": "https://shopify.dev/docs/apps/build/devmcp" + }, { "name": "skill-creator", "description": "Create new skills, improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, or benchmark skill performance with variance analysis.", @@ -1311,19 +1324,6 @@ }, "homepage": "https://github.com/slackapi/slack-mcp-plugin/tree/main" }, - { - "name": "shopify", - "description": "Shopify developer tools for Claude Code — search Shopify docs, generate and validate GraphQL, Liquid, and UI extension code", - "author": { - "name": "Shopify" - }, - "category": "development", - "source": { - "source": "url", - "url": "https://github.com/Shopify/shopify-plugins.git" - }, - "homepage": "https://shopify.dev/docs/apps/build/devmcp" - }, { "name": "sonarqube-agent-plugins", "description": "Integrate SonarQube code quality and security analysis into Claude Code: namespaced slash commands, a guided skill to setup the SonarQube CLI, and a startup check for CLI wiring. MCP server registration and secrets-scanning hooks are installed by the SonarQube CLI as part of setup.", From 2b666914e69afcfccbc04690f76c4ab0e304c86f Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 11:51:40 -0500 Subject: [PATCH 23/39] Remove SHA pin from dataverse entry --- .claude-plugin/marketplace.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 79416fd..42dc57f 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -429,8 +429,7 @@ "source": "git-subdir", "url": "https://github.com/microsoft/Dataverse-skills.git", "path": ".github/plugins/dataverse", - "ref": "main", - "sha": "87bc55342e6313a5677f00d3e5e574b441ae60bb" + "ref": "main" }, "homepage": "https://github.com/microsoft/Dataverse-skills" }, From 8145923edce668187a4e914787fc0b18b420e4d3 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 11:51:46 -0500 Subject: [PATCH 24/39] Remove SHA pin from azure-skills entry --- .claude-plugin/marketplace.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index f9437de..2467074 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -185,8 +185,7 @@ "category": "deployment", "source": { "source": "url", - "url": "https://github.com/microsoft/azure-skills.git", - "sha": "6ffe5ea548bae9679c4eb4f5c82c51db3527d58c" + "url": "https://github.com/microsoft/azure-skills.git" }, "homepage": "https://github.com/microsoft/azure-skills" }, From dcd86cd6f9fd4d0ab1e0f82a8fcefd0cc5f41049 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Tue, 14 Apr 2026 11:54:28 -0500 Subject: [PATCH 25/39] Add shopify-ai-toolkit plugin --- .claude-plugin/marketplace.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index b2ab7bf..236b179 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1317,6 +1317,19 @@ }, "homepage": "https://shopify.dev/docs/apps/build/devmcp" }, + { + "name": "shopify-ai-toolkit", + "description": "Shopify's AI Toolkit provides 18 development skills for building on the Shopify platform, covering documentation search, API schema access, GraphQL and Liquid code validation, Hydrogen storefronts, Polaris UI extensions, store management via CLI, and onboarding guidance for both developers and merchants.", + "author": { + "name": "Shopify" + }, + "category": "development", + "source": { + "source": "url", + "url": "https://github.com/Shopify/Shopify-AI-Toolkit.git" + }, + "homepage": "https://shopify.dev" + }, { "name": "skill-creator", "description": "Create new skills, improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, or benchmark skill performance with variance analysis.", From 7e401edac7ca6449c4f549fda9e1b43385496bef Mon Sep 17 00:00:00 2001 From: Noah Zweben Date: Tue, 14 Apr 2026 12:47:13 -0700 Subject: [PATCH 26/39] fix(telegram): retry polling on all transient errors, not just 409 (#1397) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A single ETIMEDOUT/ECONNRESET/DNS failure during long-polling rejected bot.start(); the catch block returned and polling stopped permanently. The MCP server process stayed alive (stdin keeps it running), so outbound reply/react tools kept working — but the bot was deaf to inbound messages until a full restart. Users see 'typing...' then nothing, indistinguishable from the harness-side gate bug. Now all errors retry with the same capped backoff (max 15s). attempt resets to 0 in onStart so backoff doesn't accumulate across a long-running session. Co-authored-by: Claude --- .../telegram/.claude-plugin/plugin.json | 2 +- external_plugins/telegram/server.ts | 43 +++++++++---------- 2 files changed, 21 insertions(+), 24 deletions(-) diff --git a/external_plugins/telegram/.claude-plugin/plugin.json b/external_plugins/telegram/.claude-plugin/plugin.json index 9e3c96a..e1edd21 100644 --- a/external_plugins/telegram/.claude-plugin/plugin.json +++ b/external_plugins/telegram/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "telegram", "description": "Telegram channel for Claude Code \u2014 messaging bridge with built-in access control. Manage pairing, allowlists, and policy via /telegram:access.", - "version": "0.0.5", + "version": "0.0.6", "keywords": [ "telegram", "messaging", diff --git a/external_plugins/telegram/server.ts b/external_plugins/telegram/server.ts index 6a07e35..bfc551f 100644 --- a/external_plugins/telegram/server.ts +++ b/external_plugins/telegram/server.ts @@ -985,14 +985,17 @@ bot.catch(err => { process.stderr.write(`telegram channel: handler error (polling continues): ${err.error}\n`) }) -// 409 Conflict = another getUpdates consumer is still active (zombie from a -// previous session, or a second Claude Code instance). Retry with backoff -// until the slot frees up instead of crashing on the first rejection. +// Retry polling with backoff on any error. Previously only 409 was retried — +// a single ETIMEDOUT/ECONNRESET/DNS failure rejected bot.start(), the catch +// returned, and polling stopped permanently while the process stayed alive +// (MCP stdin keeps it running). Outbound tools kept working but the bot was +// deaf to inbound messages until a full restart. void (async () => { for (let attempt = 1; ; attempt++) { try { await bot.start({ onStart: info => { + attempt = 0 botUsername = info.username process.stderr.write(`telegram channel: polling as @${info.username}\n`) void bot.api.setMyCommands( @@ -1008,28 +1011,22 @@ void (async () => { return // bot.stop() was called — clean exit from the loop } catch (err) { if (shuttingDown) return - if (err instanceof GrammyError && err.error_code === 409) { - if (attempt >= 8) { - process.stderr.write( - `telegram channel: 409 Conflict persists after ${attempt} attempts — ` + - `another poller is holding the bot token (stray 'bun server.ts' process or a second session). Exiting.\n`, - ) - return - } - const delay = Math.min(1000 * attempt, 15000) - const detail = attempt === 1 - ? ' — another instance is polling (zombie session, or a second Claude Code running?)' - : '' - process.stderr.write( - `telegram channel: 409 Conflict${detail}, retrying in ${delay / 1000}s\n`, - ) - await new Promise(r => setTimeout(r, delay)) - continue - } // bot.stop() mid-setup rejects with grammy's "Aborted delay" — expected, not an error. if (err instanceof Error && err.message === 'Aborted delay') return - process.stderr.write(`telegram channel: polling failed: ${err}\n`) - return + const is409 = err instanceof GrammyError && err.error_code === 409 + if (is409 && attempt >= 8) { + process.stderr.write( + `telegram channel: 409 Conflict persists after ${attempt} attempts — ` + + `another poller is holding the bot token (stray 'bun server.ts' process or a second session). Exiting.\n`, + ) + return + } + const delay = Math.min(1000 * attempt, 15000) + const detail = is409 + ? `409 Conflict${attempt === 1 ? ' — another instance is polling (zombie session, or a second Claude Code running?)' : ''}` + : `polling error: ${err}` + process.stderr.write(`telegram channel: ${detail}, retrying in ${delay / 1000}s\n`) + await new Promise(r => setTimeout(r, delay)) } } })() From 48aa43517886014e90ee80a6461f9de75045369d Mon Sep 17 00:00:00 2001 From: "Daisy S. Hollman" Date: Tue, 14 Apr 2026 14:46:42 -0700 Subject: [PATCH 27/39] fix(discord): use cached author.id when DMChannel.recipientId is null (#1365) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit DMChannel.recipientId can be null when client.channels.fetch() returns a DM channel with a cold cache. The inbound gate correctly uses msg.author.id, but fetchAllowedChannel relied on recipientId, so replies to allowlisted DMs intermittently failed with "channel not allowlisted" after session restart. Maintain a channelId→userId map populated during inbound handling and fall back to it when recipientId is null. Fixes anthropics/claude-code#40576 Fixes anthropics/claude-code#41647 :house: Remote-Dev: homespace --- external_plugins/discord/server.ts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/external_plugins/discord/server.ts b/external_plugins/discord/server.ts index 1752ebf..0595fc7 100644 --- a/external_plugins/discord/server.ts +++ b/external_plugins/discord/server.ts @@ -222,6 +222,8 @@ type GateResult = const recentSentIds = new Set() const RECENT_SENT_CAP = 200 +const dmChannelUsers = new Map() + function noteSent(id: string): void { recentSentIds.add(id) if (recentSentIds.size > RECENT_SENT_CAP) { @@ -404,7 +406,8 @@ async function fetchAllowedChannel(id: string) { const ch = await fetchTextChannel(id) const access = loadAccess() if (ch.type === ChannelType.DM) { - if (access.allowFrom.includes(ch.recipientId)) return ch + const userId = ch.recipientId ?? dmChannelUsers.get(id) + if (userId && access.allowFrom.includes(userId)) return ch } else { const key = ch.isThread() ? ch.parentId ?? ch.id : ch.id if (key in access.groups) return ch @@ -823,6 +826,10 @@ async function handleInbound(msg: Message): Promise { const chat_id = msg.channelId + if (msg.channel.type === ChannelType.DM) { + dmChannelUsers.set(chat_id, msg.author.id) + } + // Permission-reply intercept: if this looks like "yes xxxxx" for a // pending permission request, emit the structured event instead of // relaying as chat. The sender is already gate()-approved at this point From cb8c857a5e6fbd47380967c88a67ec8f4e01e394 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Thu, 16 Apr 2026 15:01:08 -0500 Subject: [PATCH 28/39] Normalize git-subdir source URLs to full HTTPS format (#1422) Standardize 12 git-subdir plugin entries from owner/repo shorthand to full https://github.com/owner/repo.git URLs for consistency with the existing HTTPS entries. Co-authored-by: Claude Opus 4.6 (1M context) --- .claude-plugin/marketplace.json | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 7500c87..01a9ef2 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -44,7 +44,7 @@ "description": "AI-first project auditor and re-engineer based on the 9 design principles and 7 design patterns from the TechWolf AI-First Bootcamp", "source": { "source": "git-subdir", - "url": "techwolf-ai/ai-first-toolkit", + "url": "https://github.com/techwolf-ai/ai-first-toolkit.git", "path": "plugins/ai-firstify", "ref": "main", "sha": "7f18e11d694b9ae62ea3009fbbc175f08ae913df" @@ -209,7 +209,7 @@ "category": "database", "source": { "source": "git-subdir", - "url": "Bigdata-com/bigdata-plugins-marketplace", + "url": "https://github.com/Bigdata-com/bigdata-plugins-marketplace.git", "path": "plugins/bigdata-com", "ref": "main" }, @@ -503,7 +503,7 @@ "category": "development", "source": { "source": "git-subdir", - "url": "expo/skills", + "url": "https://github.com/expo/skills.git", "path": "plugins/expo", "ref": "main" }, @@ -670,7 +670,7 @@ "description": "Build on Solana with Helius — live blockchain tools, expert coding patterns, and autonomous account signup", "source": { "source": "git-subdir", - "url": "helius-labs/core-ai", + "url": "https://github.com/helius-labs/core-ai.git", "path": "helius-plugin", "ref": "main", "sha": "05ea4d1128d46618266bbcc23a5e7019c57be0d6" @@ -785,7 +785,7 @@ "category": "productivity", "source": { "source": "git-subdir", - "url": "legalzoom/claude-plugins", + "url": "https://github.com/legalzoom/claude-plugins.git", "path": "plugins/legalzoom", "ref": "main", "sha": "f9fd8a0ca6e1421bc1aacb113a109663a7a6f6d8" @@ -891,7 +891,7 @@ "category": "database", "source": { "source": "git-subdir", - "url": "neondatabase/agent-skills", + "url": "https://github.com/neondatabase/agent-skills.git", "path": "plugins/neon-postgres", "ref": "main", "sha": "54d7a9db2ddd476f84d5d1fd7bac323907858a8b" @@ -1109,7 +1109,7 @@ "category": "development", "source": { "source": "git-subdir", - "url": "pydantic/skills", + "url": "https://github.com/pydantic/skills.git", "path": "plugins/ai", "ref": "main" }, @@ -1155,7 +1155,7 @@ "category": "deployment", "source": { "source": "git-subdir", - "url": "railwayapp/railway-skills", + "url": "https://github.com/railwayapp/railway-skills.git", "path": "plugins/railway", "ref": "main", "sha": "d52f3741a6a33a3191d6138eb3d6c3355cb970d1" @@ -1448,7 +1448,7 @@ "category": "development", "source": { "source": "git-subdir", - "url": "stripe/ai", + "url": "https://github.com/stripe/ai.git", "path": "providers/claude/plugin", "ref": "main" }, @@ -1555,7 +1555,7 @@ "category": "development", "source": { "source": "git-subdir", - "url": "UI5/plugins-claude", + "url": "https://github.com/UI5/plugins-claude.git", "path": "plugins/ui5", "ref": "main", "sha": "5070dfc1cef711d6efad40beb43750027039d71f" @@ -1568,7 +1568,7 @@ "category": "development", "source": { "source": "git-subdir", - "url": "UI5/plugins-claude", + "url": "https://github.com/UI5/plugins-claude.git", "path": "plugins/ui5-typescript-conversion", "ref": "main", "sha": "5070dfc1cef711d6efad40beb43750027039d71f" @@ -1622,7 +1622,7 @@ "category": "productivity", "source": { "source": "git-subdir", - "url": "zapier/zapier-mcp", + "url": "https://github.com/zapier/zapier-mcp.git", "path": "plugins/zapier", "ref": "main", "sha": "b93007e9a726c6ee93c57a949e732744ef5acbfd" From de39da5ba2daf371d35601bc9e8f3946dbfc373f Mon Sep 17 00:00:00 2001 From: Dickson Tsai Date: Thu, 16 Apr 2026 13:01:47 -0700 Subject: [PATCH 29/39] Point supabase plugin to supabase-community/supabase-plugin (#1442) Remove the in-repo supabase stub; source from the external repo. Co-authored-by: Claude --- .claude-plugin/marketplace.json | 7 +++++-- external_plugins/supabase/.claude-plugin/plugin.json | 7 ------- external_plugins/supabase/.mcp.json | 6 ------ 3 files changed, 5 insertions(+), 15 deletions(-) delete mode 100644 external_plugins/supabase/.claude-plugin/plugin.json delete mode 100644 external_plugins/supabase/.mcp.json diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 01a9ef2..de9cc7d 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1469,8 +1469,11 @@ "name": "supabase", "description": "Supabase MCP integration for database operations, authentication, storage, and real-time subscriptions. Manage your Supabase projects, run SQL queries, and interact with your backend directly.", "category": "database", - "source": "./external_plugins/supabase", - "homepage": "https://github.com/anthropics/claude-plugins-public/tree/main/external_plugins/supabase" + "source": { + "source": "url", + "url": "https://github.com/supabase-community/supabase-plugin.git" + }, + "homepage": "https://github.com/supabase-community/supabase-plugin" }, { "name": "superpowers", diff --git a/external_plugins/supabase/.claude-plugin/plugin.json b/external_plugins/supabase/.claude-plugin/plugin.json deleted file mode 100644 index 2d23085..0000000 --- a/external_plugins/supabase/.claude-plugin/plugin.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "name": "supabase", - "description": "Supabase MCP integration for database operations, authentication, storage, and real-time subscriptions. Manage your Supabase projects, run SQL queries, and interact with your backend directly.", - "author": { - "name": "Supabase" - } -} diff --git a/external_plugins/supabase/.mcp.json b/external_plugins/supabase/.mcp.json deleted file mode 100644 index 8df00e1..0000000 --- a/external_plugins/supabase/.mcp.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "supabase": { - "type": "http", - "url": "https://mcp.supabase.com/mcp" - } -} From b992a65037b55f1fef916b32a239dca01d5f6249 Mon Sep 17 00:00:00 2001 From: Tobin South Date: Fri, 17 Apr 2026 04:29:23 -0700 Subject: [PATCH 30/39] Refresh AWS plugins: add amplify/databases/sagemaker, remove migration (#1226) Adds three plugins from awslabs/agent-plugins: - aws-amplify (development) - databases-on-aws (database) - sagemaker-ai (development) Removes migration-to-aws (deprecated by the AWS team). --- .claude-plugin/marketplace.json | 48 ++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index de9cc7d..37c369d 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -156,6 +156,18 @@ "source": "./external_plugins/autofix-bot", "homepage": "https://github.com/anthropics/claude-plugins-public/tree/main/external_plugins/autofix-bot" }, + { + "name": "aws-amplify", + "description": "Build full-stack apps with AWS Amplify Gen 2 using guided workflows for authentication, data models, storage, GraphQL APIs, and Lambda functions.", + "category": "development", + "source": { + "source": "git-subdir", + "url": "https://github.com/awslabs/agent-plugins.git", + "path": "plugins/aws-amplify", + "ref": "main" + }, + "homepage": "https://github.com/awslabs/agent-plugins" + }, { "name": "aws-serverless", "description": "Design, build, deploy, test, and debug serverless applications with AWS Serverless services.", @@ -446,6 +458,18 @@ }, "homepage": "https://github.com/astronomer/agents" }, + { + "name": "databases-on-aws", + "description": "Expert database guidance for the AWS database portfolio. Design schemas, execute queries, handle migrations, and choose the right database for your workload.", + "category": "database", + "source": { + "source": "git-subdir", + "url": "https://github.com/awslabs/agent-plugins.git", + "path": "plugins/databases-on-aws", + "ref": "main" + }, + "homepage": "https://github.com/awslabs/agent-plugins" + }, { "name": "dataverse", "description": "Agent skills for building on, analyzing, and managing Microsoft Dataverse — with Dataverse MCP, PAC CLI, and Python SDK.", @@ -851,18 +875,6 @@ }, "homepage": "https://github.com/microsoftdocs/mcp" }, - { - "name": "migration-to-aws", - "description": "Assess current cloud provider usage and billing to estimate and compare AWS services and pricing, with recommendations for migration or continued use of current provider.", - "category": "migration", - "source": { - "source": "git-subdir", - "url": "https://github.com/awslabs/agent-plugins.git", - "path": "plugins/migration-to-aws", - "ref": "main" - }, - "homepage": "https://github.com/awslabs/agent-plugins" - }, { "name": "mintlify", "description": "Build beautiful documentation sites with Mintlify. Convert non-markdown files into properly formatted MDX pages, add and modify content with correct component use, and automate documentation updates.", @@ -1249,6 +1261,18 @@ } } }, + { + "name": "sagemaker-ai", + "description": "Build, train, and deploy AI models with deep AWS AI/ML expertise brought directly into your coding assistants, covering the surface area of Amazon SageMaker AI.", + "category": "development", + "source": { + "source": "git-subdir", + "url": "https://github.com/awslabs/agent-plugins.git", + "path": "plugins/sagemaker-ai", + "ref": "main" + }, + "homepage": "https://github.com/awslabs/agent-plugins" + }, { "name": "sanity", "description": "Sanity content platform integration with MCP server, agent skills, and slash commands. Query and author content, build and optimize GROQ queries, design schemas, and set up Visual Editing.", From 8518bfc43d31a3f29790a8b8b4e34000f461c16a Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 17 Apr 2026 08:53:58 -0500 Subject: [PATCH 31/39] Add miro plugin --- .claude-plugin/marketplace.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 37c369d..a70f9c1 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -886,6 +886,22 @@ }, "homepage": "https://www.mintlify.com/" }, + { + "name": "miro", + "description": "Secure access to Miro boards. Enables AI to read board context, create diagrams, and generate code with enterprise-grade security.", + "author": { + "name": "Miro" + }, + "category": "design", + "source": { + "source": "git-subdir", + "url": "https://github.com/miroapp/miro-ai.git", + "path": "claude-plugins/miro", + "ref": "main", + "sha": "748bd6afbf60ebc1a1a42bc2e275bfaee53a3eb6" + }, + "homepage": "https://miro.com" + }, { "name": "mongodb", "description": "Official Claude plugin for MongoDB (MCP Server + Skills). Connect to databases, explore data, manage collections, optimize queries, generate reliable code, implement best practices, develop advanced features, and more.", From 5c5c5f9896921013ce83ebbeb0f2271122a22ef8 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 17 Apr 2026 08:57:39 -0500 Subject: [PATCH 32/39] Remove SHA pin from miro entry --- .claude-plugin/marketplace.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index a70f9c1..aa34976 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -897,8 +897,7 @@ "source": "git-subdir", "url": "https://github.com/miroapp/miro-ai.git", "path": "claude-plugins/miro", - "ref": "main", - "sha": "748bd6afbf60ebc1a1a42bc2e275bfaee53a3eb6" + "ref": "main" }, "homepage": "https://miro.com" }, From b00abee24ea2dd020f56fcb65e9fa3230522a3ec Mon Sep 17 00:00:00 2001 From: Tobin South Date: Fri, 17 Apr 2026 09:02:48 -0700 Subject: [PATCH 33/39] Align mcp-server-dev skills with claude.com/docs connector guidance (#1418) - build-mcp-server: load llms-full.txt for Claude-specific context; add Phase 6 (test in Claude, review checklist, submit, ship plugin) - references/auth.md: add Claude auth-type table, callback URL, not-supported list - references/tool-design.md: add Anthropic Directory hard requirements (annotations, name length, read/write split, prompt-injection rule) - build-mcp-app: add Claude host specifics (prefersBorder, safeAreaInsets, CSP) and submission asset specs; testing via custom connector - build-mcpb: note remote servers are the recommended directory path --- .../mcp-server-dev/skills/build-mcp-app/SKILL.md | 9 +++++++++ .../skills/build-mcp-server/SKILL.md | 13 +++++++++++++ .../skills/build-mcp-server/references/auth.md | 16 ++++++++++++++++ .../build-mcp-server/references/tool-design.md | 10 ++++++++++ .../mcp-server-dev/skills/build-mcpb/SKILL.md | 2 ++ 5 files changed, 50 insertions(+) diff --git a/plugins/mcp-server-dev/skills/build-mcp-app/SKILL.md b/plugins/mcp-server-dev/skills/build-mcp-app/SKILL.md index 0ee1dd0..1afbf39 100644 --- a/plugins/mcp-server-dev/skills/build-mcp-app/SKILL.md +++ b/plugins/mcp-server-dev/skills/build-mcp-app/SKILL.md @@ -10,6 +10,15 @@ An MCP app is a standard MCP server that **also serves UI resources** — intera The UI layer is **additive**. Under the hood it's still tools, resources, and the same wire protocol. If you haven't built a plain MCP server before, the `build-mcp-server` skill covers the base layer. This skill adds widgets on top. +> **Testing in Claude:** Add the server as a custom connector in claude.ai (via a Cloudflare tunnel for local dev) — this exercises the real iframe sandbox and `hostContext`. See https://claude.com/docs/connectors/building/testing. + +## Claude host specifics + +- `_meta.ui.prefersBorder: false` on a `ui://` resource removes the outer card border (mobile). +- `hostContext.safeAreaInsets: {top, right, bottom, left}` (px) — honor these for notches and the composer overlay. +- `_meta.ui.csp.{connectDomains, resourceDomains, baseUriDomains}` — declare external origins per resource; default is block-all. `frameDomains` is currently restricted in Claude. +- Directory submission for MCP Apps requires 3–5 PNG screenshots, ≥1000px wide, cropped to the app response only (no prompt in the image). See https://claude.com/docs/connectors/building/submission#asset-specifications. + --- ## When a widget beats plain text diff --git a/plugins/mcp-server-dev/skills/build-mcp-server/SKILL.md b/plugins/mcp-server-dev/skills/build-mcp-server/SKILL.md index 2ba063e..5ab19c3 100644 --- a/plugins/mcp-server-dev/skills/build-mcp-server/SKILL.md +++ b/plugins/mcp-server-dev/skills/build-mcp-server/SKILL.md @@ -8,6 +8,8 @@ version: 0.1.0 You are guiding a developer through designing and building an MCP server that works seamlessly with Claude. MCP servers come in many forms — picking the wrong shape early causes painful rewrites later. Your first job is **discovery, not code**. +**Load Claude-specific context first.** The MCP spec is generic; Claude has additional auth types, review criteria, and limits. Before answering questions or scaffolding, fetch `https://claude.com/docs/llms-full.txt` (the full export of the Claude connector docs) so your guidance reflects Claude's actual constraints. + Do not start scaffolding until you have answers to the questions in Phase 1. If the user's opening message already answers them, acknowledge that and skip straight to the recommendation. --- @@ -182,6 +184,17 @@ Tools are one of three server primitives. Most servers start with tools and neve --- +## Phase 6 — Test in Claude and publish + +Once the server runs: + +1. **Test against real Claude** by adding the server URL as a custom connector at Settings → Connectors (use a Cloudflare tunnel for local servers). Claude identifies itself with `clientInfo.name: "claude-ai"` on initialize. → https://claude.com/docs/connectors/building/testing +2. **Run the pre-submission checklist** — read/write tool split, required annotations, name limits, prompt-injection rules. → https://claude.com/docs/connectors/building/review-criteria +3. **Submit to the Anthropic Directory.** → https://claude.com/docs/connectors/building/submission +4. **Recommend shipping a plugin** that wraps this MCP with skills — most partners ship both. → https://claude.com/docs/connectors/building/what-to-build + +--- + ## Quick reference: decision matrix | Scenario | Deployment | Tool pattern | diff --git a/plugins/mcp-server-dev/skills/build-mcp-server/references/auth.md b/plugins/mcp-server-dev/skills/build-mcp-server/references/auth.md index ba7227c..56fcefb 100644 --- a/plugins/mcp-server-dev/skills/build-mcp-server/references/auth.md +++ b/plugins/mcp-server-dev/skills/build-mcp-server/references/auth.md @@ -2,6 +2,22 @@ Auth is the reason most people end up needing a **remote** server even when a local one would be simpler. OAuth redirects, token storage, and refresh all work cleanly when there's a real hosted endpoint to redirect back to. +## Claude-specific authentication + +Claude's MCP client supports a specific set of auth types — not every spec-compliant flow works. Full reference: https://claude.com/docs/connectors/building/authentication + +| Type | Notes | +|---|---| +| `oauth_dcr` | Supported. For high-volume directory entries, prefer CIMD or Anthropic-held creds — DCR registers a new client on every fresh connection. | +| `oauth_cimd` | Supported, recommended over DCR for directory entries. | +| `oauth_anthropic_creds` | Partner provides `client_id`/`client_secret` to Anthropic; user-consent-gated. Contact `mcp-review@anthropic.com`. | +| `custom_connection` | User supplies URL/creds at connect time (Snowflake-style). Contact `mcp-review@anthropic.com`. | +| `none` | Authless. | + +**Not supported:** user-pasted bearer tokens (`static_bearer`); pure machine-to-machine `client_credentials` grant without user consent. + +**Callback URL** (single, all surfaces): `https://claude.ai/api/mcp/auth_callback` + --- ## The three tiers diff --git a/plugins/mcp-server-dev/skills/build-mcp-server/references/tool-design.md b/plugins/mcp-server-dev/skills/build-mcp-server/references/tool-design.md index 29ae377..8d4a4c5 100644 --- a/plugins/mcp-server-dev/skills/build-mcp-server/references/tool-design.md +++ b/plugins/mcp-server-dev/skills/build-mcp-server/references/tool-design.md @@ -2,6 +2,16 @@ Tool schemas and descriptions are prompt engineering. They land directly in Claude's context and determine whether Claude picks the right tool with the right arguments. Most MCP integration bugs trace back to vague descriptions or loose schemas. +## Anthropic Directory hard requirements + +If this server will be submitted to the Anthropic Directory, the following are pass/fail review criteria (full list: https://claude.com/docs/connectors/building/review-criteria): + +- Every tool **must** include `readOnlyHint`, `destructiveHint`, and `title` annotations — these determine auto-permissions in Claude. +- Tool names **must** be ≤64 characters. +- Read and write operations **must** be in separate tools. A single tool accepting both GET and POST/PUT/PATCH/DELETE is rejected — documenting safe vs unsafe within one tool's description does not satisfy this. +- Tool descriptions **must not** instruct Claude how to behave (e.g. "always do X", "you must call Y first", overriding system instructions, promoting products) — treated as prompt injection at review. +- Tools that accept freeform API endpoints/params **must** reference the target API's documentation in their description. + --- ## Descriptions diff --git a/plugins/mcp-server-dev/skills/build-mcpb/SKILL.md b/plugins/mcp-server-dev/skills/build-mcpb/SKILL.md index 4334163..772097d 100644 --- a/plugins/mcp-server-dev/skills/build-mcpb/SKILL.md +++ b/plugins/mcp-server-dev/skills/build-mcpb/SKILL.md @@ -8,6 +8,8 @@ version: 0.1.0 MCPB is a local MCP server **packaged with its runtime**. The user installs one file; it runs without needing Node, Python, or any toolchain on their machine. It's the sanctioned way to distribute local MCP servers. +> MCPB is the **secondary** distribution path. Anthropic recommends remote MCP servers for directory listing — see https://claude.com/docs/connectors/building/what-to-build. + **Use MCPB when the server must run on the user's machine** — reading local files, driving a desktop app, talking to localhost services, OS-level APIs. If your server only hits cloud APIs, you almost certainly want a remote HTTP server instead (see `build-mcp-server`). Don't pay the MCPB packaging tax for something that could be a URL. --- From 637c6b3b6ac9828262c6b6e6c5cb80e89f97c269 Mon Sep 17 00:00:00 2001 From: Noah Zweben Date: Fri, 17 Apr 2026 09:11:39 -0700 Subject: [PATCH 34/39] Add Apache 2.0 license to session-report plugin (#1346) Co-authored-by: Claude From 167f01f2e027ba112ecf4a8856080c02af000769 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 17 Apr 2026 11:12:36 -0500 Subject: [PATCH 35/39] Add auto-SHA-bump workflow for marketplace plugins (#1392) * Add auto-SHA-bump workflow for marketplace plugins Weekly CI action that discovers stale SHA pins in marketplace.json and opens a batched PR with updated SHAs. Adapted from the claude-plugins-community-internal bump-plugin-shas workflow for the single-file marketplace.json format. - discover_bumps.py: checks 56 SHA-pinned plugins against upstream repos, oldest-stale-first rotation, capped at 20 bumps/run - bump-plugin-shas.yml: weekly Monday schedule + manual dispatch with dry_run and per-plugin targeting options Entries without SHA pins (intentionally tracking HEAD) are never touched. Existing validate-marketplace CI runs on the resulting PR. Co-Authored-By: Claude Opus 4.6 (1M context) * Fix input interpolation and add BASE_BRANCH overlay - Pass workflow_dispatch inputs through env vars instead of direct ${{ inputs.* }} interpolation in run blocks (avoids shell injection) - Add marketplace.json overlay from main so the workflow can be tested via dispatch from a feature branch against main's real plugin data Both patterns match claude-plugins-community-internal's implementation. Co-Authored-By: Claude Opus 4.6 (1M context) * Use GitHub App token for PR creation The anthropics org disables "Allow GitHub Actions to create and approve pull requests", so GITHUB_TOKEN cannot call gh pr create. Split the workflow: GITHUB_TOKEN pushes the branch, then the same GitHub App used by -internal's bump workflow (app-id 2812036) creates the PR. Prerequisite: app must be installed on this repo and the PEM secret (CLAUDE_DIRECTORY_BOT_PRIVATE_KEY) must exist in repo settings. Co-Authored-By: Claude Opus 4.6 (1M context) * Use --force-with-lease for bump branch push Prevents push failure if the branch exists from a previous same-day run whose PR was merged but whose branch wasn't auto-deleted. Co-Authored-By: Claude Opus 4.6 (1M context) --------- Co-authored-by: Claude Opus 4.6 (1M context) --- .github/scripts/discover_bumps.py | 229 +++++++++++++++++++++++++ .github/workflows/bump-plugin-shas.yml | 133 ++++++++++++++ 2 files changed, 362 insertions(+) create mode 100644 .github/scripts/discover_bumps.py create mode 100644 .github/workflows/bump-plugin-shas.yml diff --git a/.github/scripts/discover_bumps.py b/.github/scripts/discover_bumps.py new file mode 100644 index 0000000..7bc2359 --- /dev/null +++ b/.github/scripts/discover_bumps.py @@ -0,0 +1,229 @@ +#!/usr/bin/env python3 +"""Discover plugins in marketplace.json whose upstream repo has moved past +their pinned SHA, update the file in place, and emit a summary. + +Adapted from claude-plugins-community-internal's discover_bumps.py for the +single-file marketplace.json format used by claude-plugins-official. + +Usage: discover_bumps.py [--plugin NAME] [--max N] [--dry-run] +""" + +import argparse +import json +import os +import re +import subprocess +import sys +from datetime import datetime, timezone +from typing import Any + + +MARKETPLACE_PATH = ".claude-plugin/marketplace.json" + + +def gh_api(path: str) -> Any: + """GET from the GitHub API. None on not-found; raises on other errors. + + "Not found" covers both 404 (resource gone) and 422 "No commit found + for SHA" (force-pushed away). Both mean the thing we asked for isn't + there — treating them the same lets callers handle dead refs uniformly. + """ + r = subprocess.run( + ["gh", "api", path], capture_output=True, text=True + ) + if r.returncode != 0: + combined = r.stdout + r.stderr + if any(s in combined for s in ("404", "Not Found", "No commit found")): + return None + raise RuntimeError(f"gh api {path}: {r.stderr.strip() or r.stdout.strip()}") + return json.loads(r.stdout) + + +def parse_github_repo(url: str) -> tuple[str, str] | None: + """Extract (owner, repo) from a URL or owner/repo shorthand.""" + # Full URL: https://github.com/owner/repo(.git)(/...) + m = re.match(r"https?://github\.com/([^/]+)/([^/]+?)(?:\.git)?(?:/|$)", url) + if m: + return m.group(1), m.group(2) + # Shorthand: owner/repo + m = re.match(r"^([\w.-]+)/([\w.-]+)$", url) + if m: + return m.group(1), m.group(2) + return None + + +def latest_sha(owner: str, repo: str, *, ref: str | None, path: str | None) -> str | None: + """Latest commit SHA for the repo, optionally scoped to a ref and/or path.""" + if path: + # Scoped to a subdirectory — use the commits list endpoint with path filter. + q = f"repos/{owner}/{repo}/commits?per_page=1&path={path}" + if ref: + q += f"&sha={ref}" + commits = gh_api(q) + if not commits: + return None + return commits[0]["sha"] + # Whole repo — the single-ref endpoint is cheaper. + if not ref: + meta = gh_api(f"repos/{owner}/{repo}") + if not meta: + return None + ref = meta["default_branch"] + c = gh_api(f"repos/{owner}/{repo}/commits/{ref}") + return c["sha"] if c else None + + +def pinned_age_days(owner: str, repo: str, sha: str) -> int | None: + """Days since the pinned commit was authored. Used for oldest-first rotation.""" + c = gh_api(f"repos/{owner}/{repo}/commits/{sha}") + if not c: + return None + dt = datetime.fromisoformat( + c["commit"]["committer"]["date"].replace("Z", "+00:00") + ) + return (datetime.now(timezone.utc) - dt).days + + +def main() -> int: + ap = argparse.ArgumentParser() + ap.add_argument("--plugin", help="only check this plugin") + ap.add_argument("--max", type=int, default=20, help="cap bumps emitted") + ap.add_argument("--dry-run", action="store_true", help="don't write marketplace.json") + args = ap.parse_args() + + with open(MARKETPLACE_PATH) as f: + marketplace = json.load(f) + + plugins = marketplace.get("plugins", []) + bumps: list[dict] = [] + dead: list[str] = [] + skipped_non_github = 0 + checked = 0 + + for plugin in plugins: + name = plugin.get("name", "?") + src = plugin.get("source") + + # Only process object sources with a sha field + if not isinstance(src, dict) or "sha" not in src: + continue + + # Filter to specific plugin if requested + if args.plugin and name != args.plugin: + continue + + checked += 1 + kind = src.get("source") + url = src.get("url", "") + path = src.get("path") + ref = src.get("ref") + pinned = src.get("sha") + + slug = parse_github_repo(url) + if not slug: + skipped_non_github += 1 + continue + owner, repo = slug + + try: + latest = latest_sha(owner, repo, ref=ref, path=path) + except RuntimeError as e: + print(f"::warning::{name}: {e}", file=sys.stderr) + continue + + if latest is None: + dead.append(f"{name} ({owner}/{repo})") + continue + + if latest == pinned: + continue # up to date + + # Age lookup for rotation — oldest-pinned first prevents starvation. + try: + age = pinned_age_days(owner, repo, pinned) if pinned else None + except RuntimeError as e: + print(f"::warning::{name}: age lookup failed: {e}", file=sys.stderr) + age = None + + bumps.append({ + "name": name, + "kind": kind, + "url": url, + "path": path or "", + "ref": ref or "", + "old_sha": pinned or "", + "new_sha": latest, + "age_days": age if age is not None else 10**6, + }) + + # Oldest-pinned first so nothing starves under the cap. + bumps.sort(key=lambda b: -b["age_days"]) + emitted = bumps[: args.max] + + # Apply bumps to marketplace data + if emitted and not args.dry_run: + bump_map = {b["name"]: b["new_sha"] for b in emitted} + for plugin in plugins: + name = plugin.get("name") + src = plugin.get("source") + if isinstance(src, dict) and name in bump_map: + src["sha"] = bump_map[name] + + with open(MARKETPLACE_PATH, "w") as f: + json.dump(marketplace, f, indent=2, ensure_ascii=False) + f.write("\n") + + # Write GitHub outputs + out = os.environ.get("GITHUB_OUTPUT") + if out: + bumped_names = ",".join(b["name"] for b in emitted) + with open(out, "a") as fh: + fh.write(f"count={len(emitted)}\n") + fh.write(f"bumped_names={bumped_names}\n") + + # Write GitHub step summary + summary = os.environ.get("GITHUB_STEP_SUMMARY") + if summary: + with open(summary, "a") as fh: + fh.write("## SHA Bump Discovery\n\n") + fh.write(f"- Checked: {checked} SHA-pinned entries\n") + fh.write(f"- Stale: {len(bumps)} (applying {len(emitted)}, cap {args.max})\n") + if skipped_non_github: + fh.write(f"- Skipped non-GitHub: {skipped_non_github}\n") + if dead: + fh.write(f"- **Dead upstream** ({len(dead)}): {', '.join(dead)}\n") + if emitted: + fh.write("\n| Plugin | Old | New | Age |\n|---|---|---|---|\n") + for b in emitted: + old = b["old_sha"][:8] if b["old_sha"] else "(unpinned)" + fh.write(f"| {b['name']} | `{old}` | `{b['new_sha'][:8]}` | {b['age_days']}d |\n") + + # Write PR body for the workflow to use + pr_body_path = os.environ.get("PR_BODY_PATH", "/tmp/bump-pr-body.md") + if emitted: + with open(pr_body_path, "w") as fh: + fh.write("Upstream repos moved. Bumping pinned SHAs so plugins track latest.\n\n") + fh.write("| Plugin | Old | New | Upstream |\n") + fh.write("|--------|-----|-----|----------|\n") + for b in emitted: + old = b["old_sha"][:8] if b["old_sha"] else "(unpinned)" + slug_str = re.sub(r"https?://github\.com/", "", b["url"]) + slug_str = re.sub(r"\.git$", "", slug_str) + compare = f"https://github.com/{slug_str}/compare/{b['old_sha'][:12]}...{b['new_sha'][:12]}" + fh.write(f"| `{b['name']}` | `{old}` | `{b['new_sha'][:8]}` | [diff]({compare}) |\n") + fh.write(f"\n---\n_Auto-generated by `bump-plugin-shas.yml` on {datetime.now(timezone.utc).strftime('%Y-%m-%d')}_\n") + + # Console summary + print(f"Checked {checked} SHA-pinned plugins", file=sys.stderr) + print(f"Stale: {len(bumps)}, applying: {len(emitted)}", file=sys.stderr) + if dead: + print(f"Dead upstream: {', '.join(dead)}", file=sys.stderr) + for b in emitted: + old = b["old_sha"][:8] if b["old_sha"] else "unpinned" + print(f" {b['name']}: {old} -> {b['new_sha'][:8]} ({b['age_days']}d)", file=sys.stderr) + + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/.github/workflows/bump-plugin-shas.yml b/.github/workflows/bump-plugin-shas.yml new file mode 100644 index 0000000..4ea47b8 --- /dev/null +++ b/.github/workflows/bump-plugin-shas.yml @@ -0,0 +1,133 @@ +name: Bump plugin SHAs + +# Weekly sweep of marketplace.json — for each entry whose upstream repo has +# moved past its pinned SHA, open a PR against main with updated SHAs. The +# validate-marketplace workflow then runs on the PR to confirm the file is +# still well-formed. +# +# Adapted from claude-plugins-community-internal's bump-plugin-shas.yml +# for the single-file marketplace.json format. Key difference: all bumps +# are batched into one PR (since they all modify the same file). + +on: + schedule: + - cron: '23 7 * * 1' # Monday 07:23 UTC + workflow_dispatch: + inputs: + plugin: + description: Only bump this plugin (for testing) + required: false + max_bumps: + description: Cap on plugins bumped this run + required: false + default: '20' + dry_run: + description: Discover only, don't open PR + type: boolean + default: true + +concurrency: + group: bump-plugin-shas + cancel-in-progress: false + +permissions: + contents: write + pull-requests: write + +jobs: + bump: + runs-on: ubuntu-latest + timeout-minutes: 15 + steps: + - uses: actions/checkout@v4 + + - name: Check for existing bump PR + id: existing + env: + GH_TOKEN: ${{ github.token }} + run: | + existing=$(gh pr list --label sha-bump --state open --json number --jq 'length') + echo "count=$existing" >> "$GITHUB_OUTPUT" + if [ "$existing" -gt 0 ]; then + echo "::notice::Open sha-bump PR already exists — skipping" + fi + + - name: Ensure sha-bump label exists + if: steps.existing.outputs.count == '0' + env: + GH_TOKEN: ${{ github.token }} + run: gh label create sha-bump --color 0e8a16 --description "Automated SHA bump" 2>/dev/null || true + + - name: Overlay marketplace data from main + if: steps.existing.outputs.count == '0' + run: | + git fetch origin main --depth=1 --quiet + git checkout origin/main -- .claude-plugin/marketplace.json + + - name: Discover and apply SHA bumps + if: steps.existing.outputs.count == '0' + id: discover + env: + GH_TOKEN: ${{ github.token }} + PR_BODY_PATH: /tmp/bump-pr-body.md + PLUGIN: ${{ inputs.plugin }} + MAX_BUMPS: ${{ inputs.max_bumps }} + DRY_RUN: ${{ inputs.dry_run }} + run: | + args=(--max "${MAX_BUMPS:-20}") + [[ -n "$PLUGIN" ]] && args+=(--plugin "$PLUGIN") + [[ "$DRY_RUN" = "true" ]] && args+=(--dry-run) + python3 .github/scripts/discover_bumps.py "${args[@]}" + + - uses: oven-sh/setup-bun@v2 + if: steps.existing.outputs.count == '0' && steps.discover.outputs.count != '0' && inputs.dry_run != true + + - name: Validate marketplace.json + if: steps.existing.outputs.count == '0' && steps.discover.outputs.count != '0' && inputs.dry_run != true + run: | + bun .github/scripts/validate-marketplace.ts .claude-plugin/marketplace.json + bun .github/scripts/check-marketplace-sorted.ts + + - name: Push bump branch + if: steps.existing.outputs.count == '0' && steps.discover.outputs.count != '0' && inputs.dry_run != true + id: push + run: | + branch="auto/bump-shas-$(date +%Y%m%d)" + echo "branch=$branch" >> "$GITHUB_OUTPUT" + + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git checkout -b "$branch" + git add .claude-plugin/marketplace.json + git commit -m "Bump SHA pins for ${{ steps.discover.outputs.count }} plugin(s) + + Plugins: ${{ steps.discover.outputs.bumped_names }}" + git push -u origin "$branch" --force-with-lease + + # GITHUB_TOKEN cannot create PRs (org policy: "Allow GitHub Actions to + # create and approve pull requests" is disabled). Use the same GitHub App + # that -internal's bump workflow uses. + # + # Prerequisite: app 2812036 must be installed on this repo. The PEM + # secret must exist in this repo's settings (shared with -internal). + - name: Generate bot token + if: steps.push.outcome == 'success' + id: app-token + uses: actions/create-github-app-token@v1 + with: + app-id: 2812036 + private-key: ${{ secrets.CLAUDE_DIRECTORY_BOT_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: ${{ github.event.repository.name }} + + - name: Create pull request + if: steps.push.outcome == 'success' + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + run: | + gh pr create \ + --base main \ + --head "${{ steps.push.outputs.branch }}" \ + --title "Bump SHA pins (${{ steps.discover.outputs.count }} plugins)" \ + --body-file /tmp/bump-pr-body.md \ + --label sha-bump From 12401af1041430637f1560cb4ec1a8816aabc5d4 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 17 Apr 2026 15:10:22 -0500 Subject: [PATCH 36/39] Add Oracle NetSuite agent skills (3 plugins) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds three NetSuite agent skills to the official marketplace: - netsuite-aiconnector-service-skill: runtime guidance for the NetSuite AI Service Connector (tool selection, output formatting, SuiteQL safety checklist) - netsuite-sdf-roles-and-permissions: SDF permission ID lookup and least-privilege role authoring (ADMI_, LIST_, REGT_, REPO_, TRAN_) - netsuite-uif-spa-reference: API/type reference for @uif-js/core and @uif-js/component All three ship from oracle/netsuite-suitecloud-sdk (packages/agent-skills/) using git-subdir + strict:false + skills[] — the same shape stagehand uses for skill-only distributions. --- .claude-plugin/marketplace.json | 60 +++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index aa34976..c8f3659 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -935,6 +935,66 @@ }, "homepage": "https://github.com/netlify/context-and-tools" }, + { + "name": "netsuite-aiconnector-service-skill", + "description": "NetSuite Intelligence skill — teaches AI the correct tool-selection order, output formatting, domain knowledge, multi-subsidiary and currency handling, and SuiteQL safety checklist for any session using the NetSuite AI Service Connector.", + "author": { + "name": "Oracle NetSuite" + }, + "category": "productivity", + "source": { + "source": "git-subdir", + "url": "https://github.com/oracle/netsuite-suitecloud-sdk.git", + "path": "packages/agent-skills", + "ref": "master", + "sha": "43bacf43763e1eedd0892b4652be3d45df94f0e7" + }, + "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk", + "strict": false, + "skills": [ + "./netsuite-ai-connector-instructions" + ] + }, + { + "name": "netsuite-sdf-roles-and-permissions", + "description": "Use when generating or reviewing NetSuite SDF permission configurations — customrole XML, script deployment permissions, permkey values, permlevel choices, run-as role design, and least-privilege access. Confirms exact ADMI_/LIST_/REGT_/REPO_/TRAN_ permission IDs and validates permissions against bundled NetSuite reference data.", + "author": { + "name": "Oracle NetSuite" + }, + "category": "development", + "source": { + "source": "git-subdir", + "url": "https://github.com/oracle/netsuite-suitecloud-sdk.git", + "path": "packages/agent-skills", + "ref": "master", + "sha": "43bacf43763e1eedd0892b4652be3d45df94f0e7" + }, + "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk", + "strict": false, + "skills": [ + "./netsuite-sdf-roles-and-permissions" + ] + }, + { + "name": "netsuite-uif-spa-reference", + "description": "Use when building, modifying, or debugging NetSuite UIF SPA components. Provides API/type lookup for @uif-js/core and @uif-js/component — constructors, methods, props, enums, hooks, and component options.", + "author": { + "name": "Oracle NetSuite" + }, + "category": "development", + "source": { + "source": "git-subdir", + "url": "https://github.com/oracle/netsuite-suitecloud-sdk.git", + "path": "packages/agent-skills", + "ref": "master", + "sha": "43bacf43763e1eedd0892b4652be3d45df94f0e7" + }, + "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk", + "strict": false, + "skills": [ + "./netsuite-uif-spa-reference" + ] + }, { "name": "nightvision", "description": "Skills for working with NightVision, a DAST and API Discovery platform that finds exploitable vulnerabilities in web applications and REST APIs", From bb7730114d873b91acd477e696066f217f882391 Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Fri, 17 Apr 2026 16:03:25 -0500 Subject: [PATCH 37/39] Consolidate Oracle NetSuite skills into a single plugin (#1464) --- .claude-plugin/marketplace.json | 50 ++++----------------------------- 1 file changed, 6 insertions(+), 44 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index c8f3659..9629546 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -936,28 +936,8 @@ "homepage": "https://github.com/netlify/context-and-tools" }, { - "name": "netsuite-aiconnector-service-skill", - "description": "NetSuite Intelligence skill — teaches AI the correct tool-selection order, output formatting, domain knowledge, multi-subsidiary and currency handling, and SuiteQL safety checklist for any session using the NetSuite AI Service Connector.", - "author": { - "name": "Oracle NetSuite" - }, - "category": "productivity", - "source": { - "source": "git-subdir", - "url": "https://github.com/oracle/netsuite-suitecloud-sdk.git", - "path": "packages/agent-skills", - "ref": "master", - "sha": "43bacf43763e1eedd0892b4652be3d45df94f0e7" - }, - "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk", - "strict": false, - "skills": [ - "./netsuite-ai-connector-instructions" - ] - }, - { - "name": "netsuite-sdf-roles-and-permissions", - "description": "Use when generating or reviewing NetSuite SDF permission configurations — customrole XML, script deployment permissions, permkey values, permlevel choices, run-as role design, and least-privilege access. Confirms exact ADMI_/LIST_/REGT_/REPO_/TRAN_ permission IDs and validates permissions against bundled NetSuite reference data.", + "name": "netsuite-suitecloud", + "description": "NetSuite agent skills from Oracle — authoring guidance for SuiteCloud Development Framework (SDF) objects and UIF single-page-app components, plus runtime guidance for the NetSuite AI Service Connector.", "author": { "name": "Oracle NetSuite" }, @@ -969,31 +949,13 @@ "ref": "master", "sha": "43bacf43763e1eedd0892b4652be3d45df94f0e7" }, - "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk", - "strict": false, - "skills": [ - "./netsuite-sdf-roles-and-permissions" - ] - }, - { - "name": "netsuite-uif-spa-reference", - "description": "Use when building, modifying, or debugging NetSuite UIF SPA components. Provides API/type lookup for @uif-js/core and @uif-js/component — constructors, methods, props, enums, hooks, and component options.", - "author": { - "name": "Oracle NetSuite" - }, - "category": "development", - "source": { - "source": "git-subdir", - "url": "https://github.com/oracle/netsuite-suitecloud-sdk.git", - "path": "packages/agent-skills", - "ref": "master", - "sha": "43bacf43763e1eedd0892b4652be3d45df94f0e7" - }, - "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk", "strict": false, "skills": [ + "./netsuite-ai-connector-instructions", + "./netsuite-sdf-roles-and-permissions", "./netsuite-uif-spa-reference" - ] + ], + "homepage": "https://github.com/oracle/netsuite-suitecloud-sdk" }, { "name": "nightvision", From aeecad8f431a434040719fab6434dbecae7d5b4e Mon Sep 17 00:00:00 2001 From: Karandeep Johar Date: Mon, 20 Apr 2026 12:34:29 -0700 Subject: [PATCH 38/39] fix(amplitude): use git-subdir source to point at plugins/amplitude (#1505) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The amplitude entry used source type "url" which clones the root of https://github.com/amplitude/mcp-marketplace — a multi-plugin repo where the actual plugin lives at plugins/amplitude/. Claude Code found no skills there, so /reload-plugins loaded 0 skills for amplitude. Switching to "git-subdir" with path "plugins/amplitude" (the same pattern used by awslabs, bigdata-com, zapier, etc.) makes Claude Code resolve the correct subdirectory and load all 27 amplitude skills. Removing the pinned sha so the plugin tracks main, consistent with how posthog and other unpinned entries behave. --- .claude-plugin/marketplace.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index 9629546..c76083c 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -86,9 +86,10 @@ { "name": "amplitude", "source": { - "source": "url", + "source": "git-subdir", "url": "https://github.com/amplitude/mcp-marketplace.git", - "sha": "be54ccb66b10593721dd3a31e47b2db20ea02d2f" + "path": "plugins/amplitude", + "ref": "main" }, "description": "Use Amplitude as an expert analyst — instrument Amplitude, discover product opportunities, analyze charts, create dashboards, manage experiments, and understand users and accounts.", "category": "monitoring", From 777db5c30b30fd1809cdc0ed26a6b2cec57628dd Mon Sep 17 00:00:00 2001 From: Bryan Thompson Date: Mon, 20 Apr 2026 16:01:55 -0500 Subject: [PATCH 39/39] Add liquid-skills plugin (#1507) --- .claude-plugin/marketplace.json | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index c76083c..9af6573 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -824,6 +824,22 @@ "source": "./external_plugins/linear", "homepage": "https://github.com/anthropics/claude-plugins-public/tree/main/external_plugins/linear" }, + { + "name": "liquid-skills", + "description": "Liquid language fundamentals, CSS/JS/HTML coding standards, and WCAG accessibility patterns for Shopify themes", + "author": { + "name": "Shopify" + }, + "category": "development", + "source": { + "source": "git-subdir", + "url": "https://github.com/Shopify/liquid-skills.git", + "path": "plugins/liquid-skills", + "ref": "main", + "sha": "ae3e4cc3f454923e388bbd841fd931f0c7bf5be4" + }, + "homepage": "https://github.com/Shopify/liquid-skills/tree/main/plugins/liquid-skills" + }, { "name": "lua-lsp", "description": "Lua language server for code intelligence",