Plugin

lacp-hardening

Name: lacp-hardening
Author: 0xnyk

Harden AI coding agent sessions for production use by enforcing structured behavioral modes like TDD and debugging, blocking dangerous commands with pre-tool guards, running continuous QA tests on file writes, scoring output quality with 4D metrics, generating handoff artifacts, and persisting session context memory.

npx claudepluginhub 0xnyk/lacp --plugin lacp-hardening

Component Overview

Commands

Skills

Hooks

Component Details

Commands (1)

hardening-status

/hardening-status

Show LACP hardening status — active hooks, context mode, eval checkpoint state, recent quality gate decisions

Skills (3)

context-modes

/context-modes

Structured work modes for agent sessions. Set LACP_CONTEXT_MODE to activate: tdd (red-green-refactor), debugging (4-phase root cause), sprint (pre-agreed criteria), verification (evidence-before-claims), brainstorm (design first), think (pause-and-reflect), orchestrate (task decomposition). Each mode injects behavioral rules at session start.

quality-gate

/quality-gate

Production quality gate for agent sessions. Activates on session stop to evaluate work quality using 4-dimension weighted scoring (completeness, honesty, deferral ratio, work evidence). Catches rationalization patterns, verifies test claims, and generates handoff artifacts for session continuity. Use sprint contracts to define done-criteria before building.

session-hardening

/session-hardening

Production hardening for agent sessions. Includes pretool guards (blocks rm -rf, co-author injection, publishing without approval, data exfiltration), continuous QA (runs tests every N file writes), and session context injection (git state, focus brief, handoff artifacts). Activates automatically via hooks.

Hooks (1)

Review workflow modifications before installing

Event Hooks

Bash

File writes

6 hooks across 5 events

README

LACP

Control-plane-grade agent harness for Claude, Codex & Hermes.

LACP is a harness-first execution framework with policy-gated operations, verification/evidence loops, 5-layer memory, and auditable agent workflows — all local-first, zero external dependencies.

Alpha Release — LACP v0.9.0 is under active development. The native REPL, multi-provider routing, hermes-style tool display, and memory system are functional but evolving fast. APIs and CLI interfaces may change between releases. Report issues.

Quick Start
Why teams adopt LACP
Use-case recipes
Documentation
Architecture
Features
Prerequisites
Install Options
Who It's For
Testing
Security
Contributing

What LACP is (by harness definition)

LACP is an agent harness with control-plane governance:

Harness layer: tasks, verification contracts, evidence manifests, replayable run loops
Control-plane layer: risk tiers, budget gates, context/session contracts, approvals, provenance

This keeps the core value clear: not just generating output, but producing auditable, policy-compliant outcomes.

Policy gates	Risk tiers (safe/review/critical), budget ceilings, context contracts, and session fingerprints — every agent invocation is gated and auditable.
5-layer memory	Session memory, Obsidian knowledge graph, ingestion pipeline, code intelligence (GitNexus), and agent identity with hash-chained provenance.
Hook pipeline	Modular Python hooks for Claude Code — session context injection, pretool guards, write validation, and stop quality gates with local LLM eval.
Obsidian brain	First-class vault management, mycelium-inspired memory consolidation, QMD indexing, and config-as-code with auto-optimization.
Multi-agent orchestration	dmux/tmux session management, git worktree isolation, swarm workflows, and Claude native worktree backend.
Local-first security	Zero external CI by default, no secrets in config, environment-driven credentials, TTL approval tokens for remote execution.
Execution tiers	trusted_local, local_sandbox, and remote_sandbox (Daytona/E2B) with policy-driven routing and provider override.
Evidence pipelines	Browser e2e, API e2e, smart-contract e2e harnesses with manifest evidence, auth checks, and PR preflight gates.

Quick Start

Install

# Homebrew (recommended)
brew tap 0xNyk/lacp && brew install lacp

# or cURL bootstrap
curl -fsSL https://raw.githubusercontent.com/0xNyk/lacp/main/install.sh | bash

Bootstrap & Verify

lacp bootstrap-system --profile starter --with-verify
lacp doctor --json | jq '.ok,.summary'

After bootstrap: .env is created, dependencies installed, directories scaffolded, Obsidian vault wired, and verification artifacts produced.

For the full setup and daily operator flow, start with the Runbook and Local Dev Loop.

First Gated Command

# Route a task through LACP policy gates
lacp run --task "hello world" --repo-trust trusted -- echo "LACP is working"

# Make claude/codex/hermes default to LACP routing (reversible)
lacp adopt-local --json | jq

Why teams adopt LACP

Predictable execution: every run passes through deterministic policy and budget gates.
Auditability by default: artifacts, provenance, and verification logs are first-class outputs.
Local-first security posture: remote execution is opt-in and secrets stay environment-scoped.
Multi-agent without chaos: worktree/session isolation keeps parallel runs reproducible.

Use-case recipes

View full README on GitHub

Similar Plugins

fullstack-dev-skills

8.6k

204

Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.

Stats

Version1.0.0

Parent Repo Stars179

Parent Repo Forks21

MaintenanceGood

LicenseMIT

AddedApr 9, 2026

Actions

View on GitHub View README Plugin Marketplace JSON Homepage

Available In

lacp-plugins201

Safety Signals

Caution

Executes bash commands

Hook triggers when Bash tool is used

Modifies files

Hook triggers on file write and edit operations

LACP

Control-plane-grade agent harness for Claude, Codex & Hermes.

LACP is a harness-first execution framework with policy-gated operations, verification/evidence loops, 5-layer memory, and auditable agent workflows — all local-first, zero external dependencies.

Alpha Release — LACP v0.9.0 is under active development. The native REPL, multi-provider routing, hermes-style tool display, and memory system are functional but evolving fast. APIs and CLI interfaces may change between releases. Report issues.

Quick Start
Why teams adopt LACP
Use-case recipes
Documentation
Architecture
Features
Prerequisites
Install Options
Who It's For
Testing
Security
Contributing

What LACP is (by harness definition)

LACP is an agent harness with control-plane governance:

Harness layer: tasks, verification contracts, evidence manifests, replayable run loops
Control-plane layer: risk tiers, budget gates, context/session contracts, approvals, provenance

This keeps the core value clear: not just generating output, but producing auditable, policy-compliant outcomes.

Policy gates	Risk tiers (safe/review/critical), budget ceilings, context contracts, and session fingerprints — every agent invocation is gated and auditable.
5-layer memory	Session memory, Obsidian knowledge graph, ingestion pipeline, code intelligence (GitNexus), and agent identity with hash-chained provenance.
Hook pipeline	Modular Python hooks for Claude Code — session context injection, pretool guards, write validation, and stop quality gates with local LLM eval.
Obsidian brain	First-class vault management, mycelium-inspired memory consolidation, QMD indexing, and config-as-code with auto-optimization.
Multi-agent orchestration	dmux/tmux session management, git worktree isolation, swarm workflows, and Claude native worktree backend.
Local-first security	Zero external CI by default, no secrets in config, environment-driven credentials, TTL approval tokens for remote execution.
Execution tiers	trusted_local, local_sandbox, and remote_sandbox (Daytona/E2B) with policy-driven routing and provider override.
Evidence pipelines	Browser e2e, API e2e, smart-contract e2e harnesses with manifest evidence, auth checks, and PR preflight gates.

Quick Start

Install

# Homebrew (recommended)
brew tap 0xNyk/lacp && brew install lacp

# or cURL bootstrap
curl -fsSL https://raw.githubusercontent.com/0xNyk/lacp/main/install.sh | bash

Bootstrap & Verify

lacp bootstrap-system --profile starter --with-verify
lacp doctor --json | jq '.ok,.summary'

After bootstrap: .env is created, dependencies installed, directories scaffolded, Obsidian vault wired, and verification artifacts produced.

For the full setup and daily operator flow, start with the Runbook and Local Dev Loop.

First Gated Command

# Route a task through LACP policy gates
lacp run --task "hello world" --repo-trust trusted -- echo "LACP is working"

# Make claude/codex/hermes default to LACP routing (reversible)
lacp adopt-local --json | jq

Why teams adopt LACP

Predictable execution: every run passes through deterministic policy and budget gates.
Auditability by default: artifacts, provenance, and verification logs are first-class outputs.
Local-first security posture: remote execution is opt-in and secrets stay environment-scoped.
Multi-agent without chaos: worktree/session isolation keeps parallel runs reproducible.

lacp-hardening

Component Overview

Component Details

Commands (1)

Skills (3)

Hooks (1)

README

LACP

Contents

What LACP is (by harness definition)

Quick Start

Install

Bootstrap & Verify

First Gated Command

Why teams adopt LACP

Use-case recipes

Similar Plugins

fullstack-dev-skills

lacp-hardening

Component Overview

Component Details

Commands (1)

Skills (3)

Hooks (1)

README

LACP

Contents

What LACP is (by harness definition)

Quick Start

Install

Bootstrap & Verify

First Gated Command

Why teams adopt LACP

Use-case recipes

Similar Plugins

fullstack-dev-skills

everything-claude-code

claude-code-toolkit

prompts.chat

claude-md-management

agent-teams