https://github.com/nddev-it-com/rldyour-claudecode
rldyour AI CLI configuration for Claude Code: plugin marketplace, MCP/LSP, Serena memory, security review, browser/design workflows, and reviewer agents.
https://github.com/nddev-it-com/rldyour-claudecode
agpl-3 ai-agents ai-cli anthropic browser-automation claude-code claude-code-plugin design-system developer-tools hooks lsp marketplace mcp model-context-protocol nddev plugins rldyour sdlc security-tools serena
Last synced: 2 days ago
JSON representation
rldyour AI CLI configuration for Claude Code: plugin marketplace, MCP/LSP, Serena memory, security review, browser/design workflows, and reviewer agents.
- Host: GitHub
- URL: https://github.com/nddev-it-com/rldyour-claudecode
- Owner: NDDev-it-com
- License: agpl-3.0
- Created: 2026-05-07T00:36:41.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2026-06-23T16:37:20.000Z (9 days ago)
- Last Synced: 2026-06-23T17:15:32.501Z (9 days ago)
- Topics: agpl-3, ai-agents, ai-cli, anthropic, browser-automation, claude-code, claude-code-plugin, design-system, developer-tools, hooks, lsp, marketplace, mcp, model-context-protocol, nddev, plugins, rldyour, sdlc, security-tools, serena
- Language: Python
- Homepage: https://github.com/NDDev-it-com/rldyour-claudecode
- Size: 2.19 MB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Notice: NOTICE
- Agents: AGENTS.md
Awesome Lists containing this project
README
# rldyour-claudecode
`rldyour-claudecode` is the rldyour AI CLI configuration for Claude Code: plugin marketplace, MCP/LSP, Serena memory, security review, browser/design workflows, and reviewer agents. It is a controlled catalog for the owner's own plugins, MCP servers, skills, subagents, slash commands, hooks, rules, and workflows. Nothing is treated as enabled or correct unless the owner explicitly decides it.
## Current Baseline
| Field | Value |
|---|---|
| Adapter version | `1.7.18` |
| Runtime baseline | Claude Code `2.1.196` (`@anthropic-ai/claude-code`) |
| GitHub release tag | `1.7.18` |
Runtime pin sources: `package.json`, `references/claude-baseline.json`, `config/mcp-runtime-versions.env`. Compatibility floor: `v2.1.146+`.
## What This Repository Provides
This is a configuration package for Claude Code, not a fork of the upstream Anthropic Claude Code runtime. It provides a structured plugin marketplace (`marketplace.json`) with ten first-party plugins covering SDLC orchestration, MCP transport, Serena-first semantic code workflow, security review, browser/design automation, LSP routing, and architecture-quality rules. The adapter does not ship a modified Claude Code binary and does not touch any user account beyond what normal Claude Code plugin and MCP configuration requires.
## Native Boundaries
Claude Code reads these native config surfaces from this repository:
- `.claude-plugin/marketplace.json` - active installable plugin catalog with per-entry relative sources (`source: "./plugins/"`); this repo intentionally does not use `metadata.pluginRoot`.
- `plugins//.claude-plugin/plugin.json` - plugin manifest. Each manifest declares `dependencies` as an array; `rldyour-mcps` is the base layer (no dependencies); all other plugins depend on it; `rldyour-flow` additionally depends on `rldyour-serena-mcp`.
- Manifest-linked files: `skills//SKILL.md`, `agents/.md`, `commands/.md`, `hooks/hooks.json`, `.mcp.json`, `references/`, `scripts/`.
Source-only files (not automatically projected to the runtime): `docs/`, `config/`, `.serena/`, `AGENTS.md`, `.claude/CLAUDE.md`. Durable AI context files are tracked on `main`; runtime-local Serena state remains ignored.
Extension surfaces active in this adapter: skills, slash commands, subagents, hook scripts, MCP server definitions (via `rldyour-mcps`), and one LSP integration (via `rldyour-lsps`).
## Install / Update / ry-repair
**System install (owner workstation):**
```bash
claude plugin marketplace add /path/to/rldyour-claudecode
claude plugin install rldyour-mcps@rldyour-claudecode
claude plugin install rldyour-serena-mcp@rldyour-claudecode
claude plugin install rldyour-flow@rldyour-claudecode
# ...repeat for each enabled plugin
```
After changing `marketplace.json`, a plugin manifest, hooks, skills, agents, or `.mcp.json`, restart Claude Code so the runtime reloads plugin definitions.
**Owner full-auto launcher** (`cl` alias installed via `scripts/install_yolo_launchers.sh --apply` in the root control-plane repo):
```bash
claude --dangerously-skip-permissions
```
**Convergence / repair:**
```bash
# /ry-repair runs inside Claude Code (skill from rldyour-flow plugin)
# offline/check mode:
plugins/rldyour-flow/scripts/flow_post_task_state.py
```
**Runtime doctor / plugin validation:**
```bash
claude plugin validate .
for p in plugins/*/; do claude plugin validate "$p"; done
scripts/validate_marketplace.sh
```
**First-time repository state check on a fresh checkout:**
```bash
git status -sb
```
## Active Catalog
**10 first-party plugins** (38 skills, 11 slash commands, 8 subagents, 9 hook scripts in 2 manifests, 47 scripts total, 16 references). CI: 11 workflows + 1 dependabot config. Serena memories: 24.
| Plugin | Version | Skills | Commands | Agents | Hooks | Scripts | References | MCP | LSP |
|---|---|---|---|---|---|---|---|---|---|
| `rldyour-mcps` | `1.7.18` | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
| `rldyour-explore` | `1.7.18` | 2 | 1 | 1 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-serena-mcp` | `1.7.18` | 2 | 0 | 1 | 4 | 3 | 0 | 0 | 0 |
| `rldyour-security` | `1.7.18` | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-browser` | `1.7.18` | 6 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-design` | `1.7.18` | 5 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-lsps` | `1.7.18` | 4 | 0 | 0 | 0 | 2 | 3 | 0 | 1 |
| `rldyour-flow` | `1.7.18` | 8 | 7 | 6 | 5 | 7 | 7 | 0 | 0 |
| `rldyour-orchestrator` | `1.7.18` | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-rules` | `1.7.18` | 7 | 1 | 0 | 0 | 0 | 6 | 0 | 0 |
Run `python3 scripts/generate_inventory.py` to refresh counts.
Plugin briefs:
- **`rldyour-mcps`** - single-owner MCP transport (11 pinned servers: Serena, Sequential Thinking, Chrome DevTools, Context7, DeepWiki, Grep, shadcn, Dart/Flutter, Figma, OpenAI Docs, GitHub).
- **`rldyour-serena-mcp`** - Serena-first semantic code workflow, numbered fact-only `.serena` memory sync via `flow-memory-sync` subagent, lifecycle hooks (UserPromptSubmit, PreToolUse:Bash, PostToolUse:Bash, Stop).
- **`rldyour-flow`** - autonomous SDLC orchestration with seven slash commands (`ry-init`, `ry-start`, `ry-newp`, `ry-review`, `ry-deploy`, `ry-sync`, `ry-repair`), six reviewer subagents (architecture/quality/consistency/integration/verification/security tracks), advisory SessionStart, PreToolUse:Bash, PostToolUse:Bash, and Stop hooks, scoped context packs, instruction docs sync, and post-task synchronization.
- **`rldyour-explore`** - deep multi-source research via `ry-explore` subagent (`model: opus[1m]`, `effort: max`) and tech/web research skills routing through Context7, DeepWiki, Grep, and authoritative web sources.
- **`rldyour-security`** - non-blocking OWASP Top 10 2025 secure-implementation guidance plus the `ry-sec-review` defensive review skill.
- **`rldyour-browser`** - provider-routed browser workflows for Webwright, Playwright CLI, and Chrome DevTools MCP.
- **`rldyour-design`** - Figma → code, centralized token-based design system, strict Feature-Sliced Design frontend architecture, shadcn/ui, ReactBits, and browser-validation workflows.
- **`rldyour-lsps`** - language-server routing, health checks, brew-first setup profiles, and Serena LSP integration guidance.
- **`rldyour-orchestrator`** - macOS cmux orchestrator/worker role skills (opt-in; not the default execution mode).
- **`rldyour-rules`** - quality-first engineering rules, architecture boundaries, implementation discipline, dependency compatibility (SLSA Level 2, SBOM, lockfile discipline), verification gates, project-instruction policy, MADR 4.0.0 ADR policy, and `ry-rules-review`.
MCP permissions and model policy: declared in `plugins/rldyour-flow/references/` and `config/rldyour-contract.json`; projected to `docs/contract-matrix.md`.
## Browser / Design / DevTools Routing
Three browser providers are active in this adapter, each with a distinct role:
- **Webwright** (`rldyour-browser` skills) - primary autonomous browser workflow skill for end-to-end web task automation, validation, and data extraction.
- **Playwright CLI** (`rldyour-browser` skills) - CLI-driven Playwright test automation, spec generation, and assertion workflows.
- **Chrome DevTools MCP** (`rldyour-mcps`, server `chrome-devtools`) - low-level DevTools Protocol access for performance profiling, network inspection, console capture, screenshot, and heap snapshots; always served through the pinned MCP server.
Design workflows route through `rldyour-design`: Figma → code via the Figma MCP server, centralized design tokens, Feature-Sliced Design frontend architecture, shadcn/ui component integration, ReactBits patterns, and browser-validation confirmation steps.
Skill routing: Claude Code resolves the correct provider through skill descriptions; both Russian and English trigger phrases are included in every `SKILL.md` description block for consistent routing across owner prompts.
## Repository Context / Serena Memory
`main` tracks product history and durable AI context together: plugin manifests, skills, agents, commands, hooks, scripts, references, docs, CI, `AGENTS.md`, `.claude/CLAUDE.md`, `.serena/project.yml`, and `.serena/memories/**`. Runtime-local Serena cache, reviews, diagnostics, markers, locks, local project files, browser artifacts, and secrets remain ignored and must not be committed.
This is the default rldyour-owned repository policy. In external or colleague-owned repositories, `.rldyour/project-policy.json` is the executable source of truth and may disable tracked AI context or change instruction-doc tracking rules.
Serena memory domains are governed by `config/rldyour-contract.json` (root control-plane). Memory freshness is enforced by the `rldyour-serena-mcp` Stop hook and by post-task sync (`ry-sync` / `flow-post-task-sync`). Only numbered, fact-only `.serena/memories/*.md` files are stored; plans, chat history, and speculation are never committed to memory.
Tracked context validation commands:
```bash
git status -sb
python3 scripts/validate_repository_context_policy.py --strict
python3 scripts/validate_no_fullrepo_residue.py --strict
python3 scripts/validate_serena_memory_schema.py --scope all --strict-mode strict-all
python3 scripts/validate_serena_memory_semantics.py --scope all --strict-current-facts --strict-metadata-dates --strict-evidence-commits
```
Local product repositories that consume this marketplace can install the rldyour Git pre-push guard:
```bash
scripts/install_local_git_hooks.sh --dry-run
scripts/install_local_git_hooks.sh --apply
```
The guard is branch-aware: source branches allow durable AI context while still blocking secrets, runtime markers, browser artifacts, and local env files.
## Security Boundary
Secrets, tokens, cookies, and private keys are never stored in this repository. MCP server definitions are pinned with exact package versions in `plugins/rldyour-mcps/.mcp.json`; `@latest` and unpinned `uvx --from` specs are explicitly prohibited. MCP trust boundary: servers listed in `rldyour-mcps` are the only approved external tool providers; any new server requires an intentional version pin and capability smoke test before being added to the manifest.
Owner full-auto posture: the standard launch mode is `claude --dangerously-skip-permissions` (the `cl` launcher alias). This is explicitly owner-directed; it is not appropriate for shared workstations or multi-user environments. Permissions configured in Claude Code user settings are not a sandbox - they are advisory defaults that the owner has consciously overridden.
Hook scripts are advisory enforcement gates. The single registered Stop hook (`rldyour-flow/hooks/stop_lifecycle_dispatcher.sh`, 45 s timeout) computes post-task state and emits guidance; the main workflow (not the hook) performs memory sync, commits, pushes, and git synchronization.
Every callable skill includes compact Russian and English trigger phrases in `SKILL.md` frontmatter so routing remains deterministic and auditable. Repository documentation is written in English; owner-facing communication defaults to Russian unless explicitly changed.
## Validation
**Fast / static (no network, no installed tools required):**
```bash
python3 scripts/validate_contract.py
python3 scripts/generate_contract_matrix.py --check
python3 scripts/validate_skill_routing.py
python3 scripts/validate_plugin_versions.py
python3 scripts/validate_instruction_docs.py --require-agent-docs
python3 -m py_compile scripts/*.py
git diff --check && git diff --cached --check
```
**Adapter-deep (requires local checkout, no live network):**
```bash
claude plugin validate .
for p in plugins/*/; do claude plugin validate "$p"; done
scripts/validate_marketplace.sh
plugins/rldyour-flow/scripts/flow_post_task_state.py | python3 -m json.tool
plugins/rldyour-serena-mcp/scripts/serena_memory_state.py | python3 -m json.tool
plugins/rldyour-flow/scripts/instruction_docs_state.py --json | python3 -m json.tool
python3 scripts/release_manifest.py
```
**Installed-runtime smoke tests (requires Claude Code and MCP runtimes):**
```bash
scripts/smoke_mcp_runtime.sh # MCP servers reachable + pins parsed (~30s)
scripts/smoke_mcp_capabilities.sh # JSON-RPC initialize + tools/list per server (~2m cold)
scripts/smoke_mcp_capabilities.sh --server # narrow to one server
scripts/smoke_mcp_capabilities.sh --skip-uvx # skip slow uvx cold-starts
scripts/smoke_hooks.sh # Serena + flow hook scripts dry-run
scripts/smoke_serena_memory_taxonomy.sh # analyzer schema/targets + memory freshness
```
**Live-network:**
```bash
python3 scripts/check_mcp_runtime_versions.py # detect drift against config/mcp-runtime-versions.env
```
NOT_PROVEN policy: any validation that requires a live network call, a running Claude Code session, or an installed MCP runtime reports `NOT_PROVEN` when those are unavailable; it does not fail the static lane. CI runs `claude plugin validate`, JSON/Python/shell syntax checks, and frontmatter verification on every push and pull request via `.github/workflows/validate.yml`. The scheduled `dependency-check.yml` monitors pinned MCP runtime versions for upstream drift.
## Release / Rollback
Releases are tag-driven: each public product version requires a matching numeric GitHub Release at `github.com/NDDev-it-com/rldyour-claudecode/releases`. A `VERSION` file bump alone is not sufficient - the GitHub Release must exist.
Marketplace release version lives in `VERSION`. Per-plugin behavior versions stay in `plugins//.claude-plugin/plugin.json`. Release notes live in `CHANGELOG.md` (Keep-a-Changelog format).
```bash
python3 scripts/release_manifest.py # build release metadata bundle
scripts/collect_diagnostics.sh # local diagnostics bundle for failure triage
```
Reference documents:
- `docs/adr/` - Architecture Decision Records (MADR 4.0.0). Twelve ADRs cover irreversible decisions: tracked-on-main context policy, dual-doc split, bilingual descriptions, reviewer transport, local GitHub MCP, ownership boundaries, MCP pinning, CI baseline, release/tag conventions, macOS egress trust gap, hook freshness invariants, and the owner full-auto standard. Start with `docs/adr/README.md`.
- `docs/release-process.md` - versioning, CHANGELOG, release evidence, `claude plugin tag --push` flow.
- `docs/rollback-restore.md` - safe restore from previous tags or tracked context snapshots.
- `docs/dependency-updates.md` - pinned MCP runtime update policy.
- `docs/observability.md` - diagnostics, CI artifacts, hook lifecycle debugging, failure triage.
Default version movement is patch (`+0.0.1`) after a public GitHub Release exists. Minor (`+0.1.0`) and major (`+1.0.0`) bumps are owner-directed decisions only and are coordinated through the root control-plane release orchestrator.
## Support / License
**License:** [AGPL-3.0-or-later](LICENSE). This project and all first-party marketplace plugins are licensed under the GNU Affero General Public License v3.0 or later.
**Author:** Danil Silantyev (github:rldyourmnd), CEO NDDev.
**Issues:** [github.com/NDDev-it-com/rldyour-claudecode/issues](https://github.com/NDDev-it-com/rldyour-claudecode/issues) - bug reports, regression evidence, missing-component requests.
**Discussions:** [github.com/NDDev-it-com/rldyour-claudecode/discussions](https://github.com/NDDev-it-com/rldyour-claudecode/discussions) - general questions, workflow advice, plugin behaviour clarifications, sharing usage patterns.
**Releases:** [github.com/NDDev-it-com/rldyour-claudecode/releases](https://github.com/NDDev-it-com/rldyour-claudecode/releases) - numeric product tags (`X.Y.Z`) with release notes from CHANGELOG.
**Security contact:** Report vulnerabilities via [GitHub Security Advisories](https://github.com/NDDev-it-com/rldyour-claudecode/security/advisories) for this repository. Do not open public issues for security reports.
This is a personal marketplace - response time is best-effort, no SLA. Feel free to fork and tailor to your own workflow.