{"id":47698668,"url":"https://github.com/kpkaranam/fishi","last_synced_at":"2026-04-02T16:59:49.048Z","repository":{"id":344711624,"uuid":"1182683089","full_name":"kpkaranam/fishi","owner":"kpkaranam","description":"FISHI — Vibe coding meets CLI. Describe what you want, agents build it. AI-Powered Software Delivery Pipeline with Governance.","archived":false,"fork":false,"pushed_at":"2026-03-28T19:16:38.000Z","size":727,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-03-28T19:25:05.055Z","etag":null,"topics":["ai-agents","ai-agents-automation","ai-dev-team","autonomous-development","claude-code","cli","developer-tools","mcp","open-source","subagents","tdd","vibe-coding"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kpkaranam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-15T20:50:27.000Z","updated_at":"2026-03-28T19:15:59.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/kpkaranam/fishi","commit_stats":null,"previous_names":["kpkaranam/fishi"],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/kpkaranam/fishi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpkaranam%2Ffishi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpkaranam%2Ffishi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpkaranam%2Ffishi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpkaranam%2Ffishi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kpkaranam","download_url":"https://codeload.github.com/kpkaranam/fishi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kpkaranam%2Ffishi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31310986,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-agents-automation","ai-dev-team","autonomous-development","claude-code","cli","developer-tools","mcp","open-source","subagents","tdd","vibe-coding"],"created_at":"2026-04-02T16:59:48.495Z","updated_at":"2026-04-02T16:59:49.042Z","avatar_url":"https://github.com/kpkaranam.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003eFISHI\u003c/h1\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cstrong\u003eThe framework that makes AI agents build production-grade software — not demos.\u003c/strong\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    Governance, safety, and integration patterns for Claude Code. Works with any framework — or on its own.\n  \u003c/p\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@qlucent/fishi\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@qlucent/fishi?style=flat-square\u0026color=0066cc\u0026label=npm\" alt=\"npm version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@qlucent/fishi\"\u003e\u003cimg src=\"https://img.shields.io/npm/dm/@qlucent/fishi?style=flat-square\u0026color=green\" alt=\"npm downloads\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/kpkaranam/fishi/actions\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/kpkaranam/fishi/ci.yml?style=flat-square\u0026label=CI\" alt=\"CI\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/kpkaranam/fishi\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/kpkaranam/fishi?style=flat-square\u0026color=yellow\" alt=\"stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/kpkaranam/fishi/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-blue?style=flat-square\" alt=\"license\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/badge/agents-22+-purple?style=flat-square\" alt=\"22+ agents\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/tests-743-brightgreen?style=flat-square\" alt=\"629 tests\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Node.js-18%2B-339933?style=flat-square\" alt=\"Node.js 18+\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#the-problem\"\u003eThe Problem\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#works-with\"\u003eWorks With\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#what-you-get\"\u003eWhat You Get\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#architecture\"\u003eArchitecture\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#fishi-vs-going-bare\"\u003eFISHI vs Going Bare\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#available-patterns-60\"\u003ePatterns\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#the-full-framework\"\u003eFull Framework\u003c/a\u003e \u0026bull;\n  \u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## The Problem\n\nAI agents delete production files, force-push to main, and generate apps that demo well but break under real-world conditions. Nobody governs them. While everyone races to ship faster, we say: **ship RIGHT.**\n\nFISHI fixes that — as a lightweight safety layer you bolt onto whatever you already use, or as a full governed pipeline if you want the whole thing.\n\n---\n\n## Quick Start\n\n### Path A: Just want safety?\n\nTwo steps. Two minutes. Zero config.\n\n```bash\n# 1. Install the governance plugin\nnpm install -g @qlucent/fishi-governance\n\n# 2. Done. Destructive operations are now blocked. Audit trail is logging.\n```\n\nYour agent tries `rm -rf migrations/` — blocked. Tries `git push --force origin main` — blocked. Every action logged to `.fishi/audit-log.jsonl`. You keep whatever framework you already use.\n\n### Path B: Want the full pipeline?\n\n22+ AI agents, 9 phases, 7 approval gates, brownfield-safe.\n\n```bash\nnpx @qlucent/fishi init \"Build me a SaaS invoicing platform with Stripe\"\n```\n\nA master strategist, 4 team leads, and 13+ specialists plan, research, code, test, and deploy — you approve at gates.\n\n---\n\n## Works With\n\nFISHI components are **additive, not competing**. They layer on top of whatever you already use.\n\n| Framework | How FISHI works alongside it |\n|-----------|------------------------------|\n| **Ruflo** | Governance hooks layer on top of swarm orchestration. Blocks destructive ops Ruflo doesn't catch. Pattern blueprints feed into Ruflo agents. |\n| **BMAD Method** | BMAD designs the process, FISHI enforces it at runtime. Governance gates + audit trail complement BMAD's methodology. |\n| **Oh-My-ClaudeCode** | Additive hooks, independent operation. Governance + patterns complement Oh-My-CC's agent skills. |\n| **Raw Claude Code** | Standalone protection. No framework required — just safety and patterns on top of vanilla Claude Code. |\n\n---\n\n## What You Get\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"33%\" valign=\"top\"\u003e\n\n### Governance Plugin\n\n**Blocks destructive ops. Logs everything.**\n\n- Intercepts `rm -rf`, `git push --force`, `DROP TABLE`, and 30+ destructive patterns\n- Append-only audit trail (`.fishi/audit-log.jsonl`)\n- Zero config, zero network calls, zero telemetry\n- Override with explicit `--force` (logged)\n\n```bash\nnpm install -g @qlucent/fishi-governance\n```\n\n\u003c/td\u003e\n\u003ctd width=\"33%\" valign=\"top\"\u003e\n\n### Pattern Marketplace\n\n**60 blueprints via MCP. Grab-and-go integrations.**\n\n- Stripe, Auth0, SendGrid, Prisma, PostHog, and 50 more\n- Agent pulls the blueprint, implements correctly in minutes\n- No more hallucinated API calls or outdated patterns\n- Searchable by keyword or category\n\n```bash\nnpm install -g @qlucent/fishi-patterns\n```\n\n\u003c/td\u003e\n\u003ctd width=\"34%\" valign=\"top\"\u003e\n\n### Full Framework\n\n**9-phase pipeline. 22+ agents. Gate approvals.**\n\n- Master orchestrator + 4 coordinators + 13+ specialists\n- 7 human approval gates across the SDLC\n- Brownfield-safe: auto-detects stack, never overwrites\n- Built-in security scanner (SAST + OWASP)\n\n```bash\nnpx @qlucent/fishi init\n```\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n---\n\n## Architecture\n\nEach component works independently. Use one, two, or all three.\n\n```\n┌─────────────────────────────────────────────────────────────────┐\n│                        YOUR PROJECT                             │\n│                                                                 │\n│   ┌─────────────────┐  ┌──────────────────┐  ┌──────────────┐  │\n│   │   Governance     │  │  Pattern MCP     │  │ Full FISHI   │  │\n│   │   Plugin         │  │  Server          │  │ Framework    │  │\n│   │                  │  │                  │  │              │  │\n│   │  • Safety hooks  │  │  • 60 blueprints │  │  • 9 phases  │  │\n│   │  • Audit trail   │  │  • Search/select │  │  • 22+ agents│  │\n│   │  • Block/allow   │  │  • MCP protocol  │  │  • 7 gates   │  │\n│   │                  │  │                  │  │  • TaskBoard  │  │\n│   │  STANDALONE      │  │  STANDALONE      │  │  FULL BUNDLE │  │\n│   └─────────────────┘  └──────────────────┘  └──────────────┘  │\n│          ↑                      ↑                    ↑          │\n│     Works alone            Works alone          Includes both   │\n│     Works with any         Works with any       governance +    │\n│     framework              framework            patterns        │\n└─────────────────────────────────────────────────────────────────┘\n```\n\n---\n\n## FISHI vs Going Bare\n\nWhat happens when AI agents operate without governance?\n\n| Scenario | Without FISHI | With FISHI |\n|----------|---------------|------------|\n| Agent deletes production files | You discover it later. Maybe git reflog saves you. Maybe not. | **Blocked before execution.** Clear message explains why. |\n| Agent force-pushes to main | Your team's work is overwritten. Hours of recovery. | **Blocked.** Logged to audit trail. |\n| Agent overwrites `.env` with placeholders | Credentials gone. Services break. Panic. | **Blocked.** Environment files are protected. |\n| Agent improvises a Stripe integration | Hallucinated API calls. Outdated patterns. 30 minutes wasted. | **Blueprint pulled.** Correct implementation in 3 minutes. |\n| Agent modifies Docker Compose in production | Containers crash. Deployment breaks. | **Blocked.** Production configs are protected. |\n| Security audit asks \"what did your AI do?\" | Shrug. No records. | **Full audit trail.** Every action timestamped and logged. |\n| Agent scaffolds over your existing project | Existing configs overwritten. Framework conflicts. | **Brownfield-safe.** Stack detected, conflicts flagged, permission asked. |\n\n---\n\n## Available Patterns (60)\n\n| Category | Patterns |\n|----------|---------|\n| **Authentication** | Auth0, Clerk, NextAuth.js, Supabase Auth, Custom JWT |\n| **Payments** | Stripe, PayPal, LemonSqueezy |\n| **Email** | SendGrid, Resend, AWS SES, Mailgun |\n| **Analytics** | PostHog, Plausible, Mixpanel, Google Analytics |\n| **Database** | Prisma+PostgreSQL, Drizzle, Supabase, MongoDB |\n| **Storage** | AWS S3, Cloudinary, Supabase Storage, Cloudflare R2 |\n| **Search** | Algolia, Meilisearch, Typesense, pgvector, Elasticsearch |\n| **Vector Database** | Qdrant, Milvus, Pinecone, Chroma |\n| **Monitoring** | Sentry, LogRocket, Datadog |\n| **CI/CD** | GitHub Actions, Vercel, Docker, Railway |\n| **Realtime** | WebSocket, Pusher, Ably, Supabase Realtime |\n| **Project Management** | Linear, Jira, Shortcut |\n| **Communication** | Slack, Discord, Twilio |\n| **E-commerce** | Shopify, Medusa |\n| **Design** | Figma API, Storybook |\n| **Support** | Intercom, Zendesk |\n| **Crawlers** | Firecrawl, Puppeteer |\n| **Hosting** | Vercel, Netlify, Railway, Fly.io |\n| **Domains** | Cloudflare DNS |\n| **Cloud** | AWS SDK, GCP, Azure |\n| **CMS** | Contentful, Sanity, Strapi |\n\nEvery blueprint includes: correct packages, architecture patterns, implementation steps, environment variables, error handling, and common pitfalls to avoid.\n\n**Add to your project:**\n\n```bash\n# Install the MCP server\nnpm install -g @qlucent/fishi-patterns\n\n# Add to Claude Code config (~/.claude/settings.json)\n{\n  \"mcpServers\": {\n    \"fishi-patterns\": {\n      \"command\": \"fishi-patterns\",\n      \"args\": []\n    }\n  }\n}\n\n# Then in Claude Code:\n# \"Search for a Stripe payment blueprint\"\n# \"Find an auth integration for Next.js\"\n```\n\n---\n\n## The Full Framework\n\nFor teams and projects that want the complete governed pipeline — not just safety, but the entire SDLC.\n\n### How It Works\n\n```\nMaster Agent (Opus)\nStrategy \u0026 Phase Gates Only\n         |\n    _____|_____________________\n   |          |         |      |\nPlanning   Dev Lead  Quality  Ops Lead\n  Lead                Lead\n   |          |         |      |\nresearch   backend   testing  devops\nplanning   frontend  security docs\narchitect  fullstack          writing\ndeep-research  uiux\n```\n\n**Master** makes strategic decisions and manages phase gates — never writes code.\n**Coordinators** break objectives into tasks, assign workers, review output.\n**Workers** execute in isolated sandboxed git worktrees, submit PRs back.\n\n### 9-Phase Pipeline\n\n| Phase | What Happens | Gate |\n|-------|-------------|------|\n| 1. Discovery | Domain analysis, user research, competitive intel | -- |\n| 2. PRD | Product requirements with acceptance criteria | Approval |\n| 3. Architecture | System design, tech stack, data models | Approval |\n| 4. Sprint Planning | Epics, stories, task breakdown | Approval |\n| 5. Development | Agents code in isolated worktrees, submit PRs | Per-sprint |\n| 6. QA \u0026 Security | Testing, SAST scanning, OWASP audit | Approval |\n| 7. Deployment | CI/CD setup, infrastructure, launch prep | Approval |\n| 8. Documentation | API docs, architecture guides, user docs | -- |\n| 9. Launch | Go-live, monitoring, post-launch review | Final |\n\n### Key Capabilities\n\n- **22+ specialized agents** across 3 layers (Master, Coordinators, Workers)\n- **Brownfield intelligence** — auto-detects language, framework, ORM, tests, patterns, tech debt\n- **Domain specialists** — SaaS, Marketplace, Mobile/PWA, AI/ML architectures\n- **Deep research agent** — competitive analysis, tech evaluation, best practices\n- **Built-in TaskBoard** — track progress across sprints without leaving Claude Code\n- **Checkpoint/rollback** — snapshot and restore at any point\n- **Security scanning** — native SAST + OWASP checks, no external tools\n- **Vibe mode** — skip gates, auto-approve, ship fast when you want to\n\n### Built with FISHI\n\n**[Meld](https://project-qkhag.vercel.app/)** — A full-stack todo + note app built entirely by FISHI's agents. React 18, Vite, Supabase, TanStack Query, Zustand, TipTap, Tailwind CSS. Discovery through 5 sprints to production. ([Source](https://github.com/kpkaranam/meld))\n\n### Installation\n\n```bash\n# Interactive wizard\nnpx @qlucent/fishi init\n\n# One-liner with description\nnpx @qlucent/fishi init \"Build a real-time chat app with WebSocket\"\n\n# Existing project (brownfield-safe)\ncd my-existing-project\nnpx @qlucent/fishi init\n# Auto-detects stack, merges configs safely, never overwrites without permission\n```\n\n---\n\n## Contributing\n\nWe welcome contributions — especially new integration patterns.\n\n- **Add a pattern:** Single markdown file. See [CONTRIBUTING.md](CONTRIBUTING.md) for the template and workflow.\n- **Report issues:** [GitHub Issues](https://github.com/kpkaranam/fishi/issues)\n- **Discuss:** [GitHub Discussions](https://github.com/kpkaranam/fishi/discussions)\n\n---\n\n## License\n\n[MIT](LICENSE) — free forever, no commercial intent.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpkaranam%2Ffishi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkpkaranam%2Ffishi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkpkaranam%2Ffishi/lists"}