An open API service indexing awesome lists of open source software.

https://github.com/nddev-it-com/rldyour-claudecode

rldyour AI CLI configuration for Claude Code: plugin marketplace, MCP/LSP, Serena memory, security review, browser/design workflows, and reviewer agents.
https://github.com/nddev-it-com/rldyour-claudecode

agpl-3 ai-agents ai-cli anthropic browser-automation claude-code claude-code-plugin design-system developer-tools hooks lsp marketplace mcp model-context-protocol nddev plugins rldyour sdlc security-tools serena

Last synced: 2 days ago
JSON representation

rldyour AI CLI configuration for Claude Code: plugin marketplace, MCP/LSP, Serena memory, security review, browser/design workflows, and reviewer agents.

Awesome Lists containing this project

README

          

# rldyour-claudecode

`rldyour-claudecode` is the rldyour AI CLI configuration for Claude Code: plugin marketplace, MCP/LSP, Serena memory, security review, browser/design workflows, and reviewer agents. It is a controlled catalog for the owner's own plugins, MCP servers, skills, subagents, slash commands, hooks, rules, and workflows. Nothing is treated as enabled or correct unless the owner explicitly decides it.

## Current Baseline

| Field | Value |
|---|---|
| Adapter version | `1.7.18` |
| Runtime baseline | Claude Code `2.1.196` (`@anthropic-ai/claude-code`) |
| GitHub release tag | `1.7.18` |

Runtime pin sources: `package.json`, `references/claude-baseline.json`, `config/mcp-runtime-versions.env`. Compatibility floor: `v2.1.146+`.

## What This Repository Provides

This is a configuration package for Claude Code, not a fork of the upstream Anthropic Claude Code runtime. It provides a structured plugin marketplace (`marketplace.json`) with ten first-party plugins covering SDLC orchestration, MCP transport, Serena-first semantic code workflow, security review, browser/design automation, LSP routing, and architecture-quality rules. The adapter does not ship a modified Claude Code binary and does not touch any user account beyond what normal Claude Code plugin and MCP configuration requires.

## Native Boundaries

Claude Code reads these native config surfaces from this repository:

- `.claude-plugin/marketplace.json` - active installable plugin catalog with per-entry relative sources (`source: "./plugins/"`); this repo intentionally does not use `metadata.pluginRoot`.
- `plugins//.claude-plugin/plugin.json` - plugin manifest. Each manifest declares `dependencies` as an array; `rldyour-mcps` is the base layer (no dependencies); all other plugins depend on it; `rldyour-flow` additionally depends on `rldyour-serena-mcp`.
- Manifest-linked files: `skills//SKILL.md`, `agents/.md`, `commands/.md`, `hooks/hooks.json`, `.mcp.json`, `references/`, `scripts/`.

Source-only files (not automatically projected to the runtime): `docs/`, `config/`, `.serena/`, `AGENTS.md`, `.claude/CLAUDE.md`. Durable AI context files are tracked on `main`; runtime-local Serena state remains ignored.

Extension surfaces active in this adapter: skills, slash commands, subagents, hook scripts, MCP server definitions (via `rldyour-mcps`), and one LSP integration (via `rldyour-lsps`).

## Install / Update / ry-repair

**System install (owner workstation):**

```bash
claude plugin marketplace add /path/to/rldyour-claudecode
claude plugin install rldyour-mcps@rldyour-claudecode
claude plugin install rldyour-serena-mcp@rldyour-claudecode
claude plugin install rldyour-flow@rldyour-claudecode
# ...repeat for each enabled plugin
```

After changing `marketplace.json`, a plugin manifest, hooks, skills, agents, or `.mcp.json`, restart Claude Code so the runtime reloads plugin definitions.

**Owner full-auto launcher** (`cl` alias installed via `scripts/install_yolo_launchers.sh --apply` in the root control-plane repo):

```bash
claude --dangerously-skip-permissions
```

**Convergence / repair:**

```bash
# /ry-repair runs inside Claude Code (skill from rldyour-flow plugin)
# offline/check mode:
plugins/rldyour-flow/scripts/flow_post_task_state.py
```

**Runtime doctor / plugin validation:**

```bash
claude plugin validate .
for p in plugins/*/; do claude plugin validate "$p"; done
scripts/validate_marketplace.sh
```

**First-time repository state check on a fresh checkout:**

```bash
git status -sb
```

## Active Catalog

**10 first-party plugins** (38 skills, 11 slash commands, 8 subagents, 9 hook scripts in 2 manifests, 47 scripts total, 16 references). CI: 11 workflows + 1 dependabot config. Serena memories: 24.

| Plugin | Version | Skills | Commands | Agents | Hooks | Scripts | References | MCP | LSP |
|---|---|---|---|---|---|---|---|---|---|
| `rldyour-mcps` | `1.7.18` | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
| `rldyour-explore` | `1.7.18` | 2 | 1 | 1 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-serena-mcp` | `1.7.18` | 2 | 0 | 1 | 4 | 3 | 0 | 0 | 0 |
| `rldyour-security` | `1.7.18` | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-browser` | `1.7.18` | 6 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-design` | `1.7.18` | 5 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-lsps` | `1.7.18` | 4 | 0 | 0 | 0 | 2 | 3 | 0 | 1 |
| `rldyour-flow` | `1.7.18` | 8 | 7 | 6 | 5 | 7 | 7 | 0 | 0 |
| `rldyour-orchestrator` | `1.7.18` | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| `rldyour-rules` | `1.7.18` | 7 | 1 | 0 | 0 | 0 | 6 | 0 | 0 |

Run `python3 scripts/generate_inventory.py` to refresh counts.

Plugin briefs:

- **`rldyour-mcps`** - single-owner MCP transport (11 pinned servers: Serena, Sequential Thinking, Chrome DevTools, Context7, DeepWiki, Grep, shadcn, Dart/Flutter, Figma, OpenAI Docs, GitHub).
- **`rldyour-serena-mcp`** - Serena-first semantic code workflow, numbered fact-only `.serena` memory sync via `flow-memory-sync` subagent, lifecycle hooks (UserPromptSubmit, PreToolUse:Bash, PostToolUse:Bash, Stop).
- **`rldyour-flow`** - autonomous SDLC orchestration with seven slash commands (`ry-init`, `ry-start`, `ry-newp`, `ry-review`, `ry-deploy`, `ry-sync`, `ry-repair`), six reviewer subagents (architecture/quality/consistency/integration/verification/security tracks), advisory SessionStart, PreToolUse:Bash, PostToolUse:Bash, and Stop hooks, scoped context packs, instruction docs sync, and post-task synchronization.
- **`rldyour-explore`** - deep multi-source research via `ry-explore` subagent (`model: opus[1m]`, `effort: max`) and tech/web research skills routing through Context7, DeepWiki, Grep, and authoritative web sources.
- **`rldyour-security`** - non-blocking OWASP Top 10 2025 secure-implementation guidance plus the `ry-sec-review` defensive review skill.
- **`rldyour-browser`** - provider-routed browser workflows for Webwright, Playwright CLI, and Chrome DevTools MCP.
- **`rldyour-design`** - Figma → code, centralized token-based design system, strict Feature-Sliced Design frontend architecture, shadcn/ui, ReactBits, and browser-validation workflows.
- **`rldyour-lsps`** - language-server routing, health checks, brew-first setup profiles, and Serena LSP integration guidance.
- **`rldyour-orchestrator`** - macOS cmux orchestrator/worker role skills (opt-in; not the default execution mode).
- **`rldyour-rules`** - quality-first engineering rules, architecture boundaries, implementation discipline, dependency compatibility (SLSA Level 2, SBOM, lockfile discipline), verification gates, project-instruction policy, MADR 4.0.0 ADR policy, and `ry-rules-review`.

MCP permissions and model policy: declared in `plugins/rldyour-flow/references/` and `config/rldyour-contract.json`; projected to `docs/contract-matrix.md`.

## Browser / Design / DevTools Routing

Three browser providers are active in this adapter, each with a distinct role:

- **Webwright** (`rldyour-browser` skills) - primary autonomous browser workflow skill for end-to-end web task automation, validation, and data extraction.
- **Playwright CLI** (`rldyour-browser` skills) - CLI-driven Playwright test automation, spec generation, and assertion workflows.
- **Chrome DevTools MCP** (`rldyour-mcps`, server `chrome-devtools`) - low-level DevTools Protocol access for performance profiling, network inspection, console capture, screenshot, and heap snapshots; always served through the pinned MCP server.

Design workflows route through `rldyour-design`: Figma → code via the Figma MCP server, centralized design tokens, Feature-Sliced Design frontend architecture, shadcn/ui component integration, ReactBits patterns, and browser-validation confirmation steps.

Skill routing: Claude Code resolves the correct provider through skill descriptions; both Russian and English trigger phrases are included in every `SKILL.md` description block for consistent routing across owner prompts.

## Repository Context / Serena Memory

`main` tracks product history and durable AI context together: plugin manifests, skills, agents, commands, hooks, scripts, references, docs, CI, `AGENTS.md`, `.claude/CLAUDE.md`, `.serena/project.yml`, and `.serena/memories/**`. Runtime-local Serena cache, reviews, diagnostics, markers, locks, local project files, browser artifacts, and secrets remain ignored and must not be committed.

This is the default rldyour-owned repository policy. In external or colleague-owned repositories, `.rldyour/project-policy.json` is the executable source of truth and may disable tracked AI context or change instruction-doc tracking rules.

Serena memory domains are governed by `config/rldyour-contract.json` (root control-plane). Memory freshness is enforced by the `rldyour-serena-mcp` Stop hook and by post-task sync (`ry-sync` / `flow-post-task-sync`). Only numbered, fact-only `.serena/memories/*.md` files are stored; plans, chat history, and speculation are never committed to memory.

Tracked context validation commands:

```bash
git status -sb
python3 scripts/validate_repository_context_policy.py --strict
python3 scripts/validate_no_fullrepo_residue.py --strict
python3 scripts/validate_serena_memory_schema.py --scope all --strict-mode strict-all
python3 scripts/validate_serena_memory_semantics.py --scope all --strict-current-facts --strict-metadata-dates --strict-evidence-commits
```

Local product repositories that consume this marketplace can install the rldyour Git pre-push guard:

```bash
scripts/install_local_git_hooks.sh --dry-run
scripts/install_local_git_hooks.sh --apply
```

The guard is branch-aware: source branches allow durable AI context while still blocking secrets, runtime markers, browser artifacts, and local env files.

## Security Boundary

Secrets, tokens, cookies, and private keys are never stored in this repository. MCP server definitions are pinned with exact package versions in `plugins/rldyour-mcps/.mcp.json`; `@latest` and unpinned `uvx --from` specs are explicitly prohibited. MCP trust boundary: servers listed in `rldyour-mcps` are the only approved external tool providers; any new server requires an intentional version pin and capability smoke test before being added to the manifest.

Owner full-auto posture: the standard launch mode is `claude --dangerously-skip-permissions` (the `cl` launcher alias). This is explicitly owner-directed; it is not appropriate for shared workstations or multi-user environments. Permissions configured in Claude Code user settings are not a sandbox - they are advisory defaults that the owner has consciously overridden.

Hook scripts are advisory enforcement gates. The single registered Stop hook (`rldyour-flow/hooks/stop_lifecycle_dispatcher.sh`, 45 s timeout) computes post-task state and emits guidance; the main workflow (not the hook) performs memory sync, commits, pushes, and git synchronization.

Every callable skill includes compact Russian and English trigger phrases in `SKILL.md` frontmatter so routing remains deterministic and auditable. Repository documentation is written in English; owner-facing communication defaults to Russian unless explicitly changed.

## Validation

**Fast / static (no network, no installed tools required):**

```bash
python3 scripts/validate_contract.py
python3 scripts/generate_contract_matrix.py --check
python3 scripts/validate_skill_routing.py
python3 scripts/validate_plugin_versions.py
python3 scripts/validate_instruction_docs.py --require-agent-docs
python3 -m py_compile scripts/*.py
git diff --check && git diff --cached --check
```

**Adapter-deep (requires local checkout, no live network):**

```bash
claude plugin validate .
for p in plugins/*/; do claude plugin validate "$p"; done
scripts/validate_marketplace.sh
plugins/rldyour-flow/scripts/flow_post_task_state.py | python3 -m json.tool
plugins/rldyour-serena-mcp/scripts/serena_memory_state.py | python3 -m json.tool
plugins/rldyour-flow/scripts/instruction_docs_state.py --json | python3 -m json.tool
python3 scripts/release_manifest.py
```

**Installed-runtime smoke tests (requires Claude Code and MCP runtimes):**

```bash
scripts/smoke_mcp_runtime.sh # MCP servers reachable + pins parsed (~30s)
scripts/smoke_mcp_capabilities.sh # JSON-RPC initialize + tools/list per server (~2m cold)
scripts/smoke_mcp_capabilities.sh --server # narrow to one server
scripts/smoke_mcp_capabilities.sh --skip-uvx # skip slow uvx cold-starts
scripts/smoke_hooks.sh # Serena + flow hook scripts dry-run
scripts/smoke_serena_memory_taxonomy.sh # analyzer schema/targets + memory freshness
```

**Live-network:**

```bash
python3 scripts/check_mcp_runtime_versions.py # detect drift against config/mcp-runtime-versions.env
```

NOT_PROVEN policy: any validation that requires a live network call, a running Claude Code session, or an installed MCP runtime reports `NOT_PROVEN` when those are unavailable; it does not fail the static lane. CI runs `claude plugin validate`, JSON/Python/shell syntax checks, and frontmatter verification on every push and pull request via `.github/workflows/validate.yml`. The scheduled `dependency-check.yml` monitors pinned MCP runtime versions for upstream drift.

## Release / Rollback

Releases are tag-driven: each public product version requires a matching numeric GitHub Release at `github.com/NDDev-it-com/rldyour-claudecode/releases`. A `VERSION` file bump alone is not sufficient - the GitHub Release must exist.

Marketplace release version lives in `VERSION`. Per-plugin behavior versions stay in `plugins//.claude-plugin/plugin.json`. Release notes live in `CHANGELOG.md` (Keep-a-Changelog format).

```bash
python3 scripts/release_manifest.py # build release metadata bundle
scripts/collect_diagnostics.sh # local diagnostics bundle for failure triage
```

Reference documents:

- `docs/adr/` - Architecture Decision Records (MADR 4.0.0). Twelve ADRs cover irreversible decisions: tracked-on-main context policy, dual-doc split, bilingual descriptions, reviewer transport, local GitHub MCP, ownership boundaries, MCP pinning, CI baseline, release/tag conventions, macOS egress trust gap, hook freshness invariants, and the owner full-auto standard. Start with `docs/adr/README.md`.
- `docs/release-process.md` - versioning, CHANGELOG, release evidence, `claude plugin tag --push` flow.
- `docs/rollback-restore.md` - safe restore from previous tags or tracked context snapshots.
- `docs/dependency-updates.md` - pinned MCP runtime update policy.
- `docs/observability.md` - diagnostics, CI artifacts, hook lifecycle debugging, failure triage.

Default version movement is patch (`+0.0.1`) after a public GitHub Release exists. Minor (`+0.1.0`) and major (`+1.0.0`) bumps are owner-directed decisions only and are coordinated through the root control-plane release orchestrator.

## Support / License

**License:** [AGPL-3.0-or-later](LICENSE). This project and all first-party marketplace plugins are licensed under the GNU Affero General Public License v3.0 or later.

**Author:** Danil Silantyev (github:rldyourmnd), CEO NDDev.

**Issues:** [github.com/NDDev-it-com/rldyour-claudecode/issues](https://github.com/NDDev-it-com/rldyour-claudecode/issues) - bug reports, regression evidence, missing-component requests.

**Discussions:** [github.com/NDDev-it-com/rldyour-claudecode/discussions](https://github.com/NDDev-it-com/rldyour-claudecode/discussions) - general questions, workflow advice, plugin behaviour clarifications, sharing usage patterns.

**Releases:** [github.com/NDDev-it-com/rldyour-claudecode/releases](https://github.com/NDDev-it-com/rldyour-claudecode/releases) - numeric product tags (`X.Y.Z`) with release notes from CHANGELOG.

**Security contact:** Report vulnerabilities via [GitHub Security Advisories](https://github.com/NDDev-it-com/rldyour-claudecode/security/advisories) for this repository. Do not open public issues for security reports.

This is a personal marketplace - response time is best-effort, no SLA. Feel free to fork and tailor to your own workflow.