Stats
Actions
Available In
Tags
Help us improve
Share bugs, ideas, or general feedback.
Plugin
reppit-health
Guides developers through a structured, compliant feature workflow (Research, Propose, Plan, Implement, Test, Secure) for healthcare software, with automated security compliance gates (HIPAA, SOC2, HITRUST) against uncommitted changes and optional Linear issue integration.
$
npx claudepluginhub carainc/reppit-health --plugin reppit-healthPopularity
Stars
Med: 0·Avg: 282
Installs
Med: 0·Avg: 1
What's Inside
Slash Commands7
Arguments
/implement
Implement the work described in an issue or task.
Behavior
/make-plan
Break the chosen proposal into a concrete implementation plan.
Behavior
/make-proposals
Generate two solution proposals grounded in existing research and a feature or project request.
Arguments
/reppit
Run the full RePPITS workflow: Research → Propose → Plan → Implement → Test → Secure.
Behavior contract
/research-codebase
Research and document the existing codebase exactly as it is today; no suggestions or evaluations.
README
RePPIT Health
A Claude Code plugin that runs a secure development workflow for healthcare software.
RePPIT Health implements the RePPITS methodology, Research, Propose, Plan, Implement, Test, Secure, extending the RePPIT framework by Mihail Eric (Head of AI, creator of Stanford's first AI software engineering course) with HIPAA, SOC2, and HITRUST compliance gates for healthcare and healthtech teams.
What you get
Seven slash commands, available in Claude Code, Cursor, and any client that supports the Claude Code plugin spec:
| Command | What it does |
|---|---|
/reppit <topic-or-issue> | Run the full Research → Propose → Plan → Implement → Test → Secure workflow, with explicit approval gates between phases |
/research-codebase | Document the existing codebase exactly as it is today (no suggestions, no RCA) |
/make-proposals | Generate up to two solution proposals grounded in research |
/make-plan | Break the chosen proposal into ordered Linear issues (or local plans/*.md if Linear MCP is not configured) |
/implement <issue> | Implement a single Linear issue, with optional Ralph Loop mode |
/review-code | Review all uncommitted changes, post findings to Linear |
/secure | Run HIPAA, SOC2, and HITRUST checklists against your diff, separating code-verifiable findings from organizational controls |
Research --> Propose --> Plan --> Implement --> Test --> Secure --> Done
^ ^ ^ ^ ^ |
| refine | refine | refine | fix loop | fix |
└────┘ └────┘ └────┘ └────┘ └──┘ |
^ |
└── fix & test ───┘
Install
From the plugin marketplace (recommended)
In Claude Code (≥ 1.0.33):
/plugin marketplace add carainc/reppit-health
/plugin install reppit-health@carainc-reppit-health
That's it. The slash commands are immediately available.
From a local clone
git clone https://github.com/carainc/reppit-health.git
Then in Claude Code:
/plugin marketplace add ./reppit-health
/plugin install reppit-health@carainc-reppit-health
Useful for trying changes before pushing.
Quick start
In any project directory:
/reppit Add a patient intake form
or with a Linear issue:
/reppit CAR-123
The plugin walks Research → Propose → Plan → Implement → Test → Secure and pauses at each gate for your approval. You can also invoke any phase directly, e.g. /secure to audit current uncommitted changes without running the full flow.
Compliance checklists
Checklists live in compliance/ inside the installed plugin:
hipaa-checklist.md— Administrative, physical, and technical safeguards (§164.308-312), PHI detection, minimum necessary, BAA verification, breach notification, telehealth compliancesoc2-checklist.md— All Trust Service Criteria (CC1-CC9), Availability (A1), Confidentiality (C1), Processing Integrity (PI1), Privacy (P1), plus injection prevention and secrets managementhitrust-checklist.md— All 14 CSF v11 control categories (00-13): access control, risk management, encryption, operations, incident management, business continuity, privacy practices, cross-tenant isolationorg-controls-audit.md— Schedule and tracking for organizational controls that can't be verified from code alone
Each item gets a PASS / WARN / FAIL / SKIPPED status. Items marked [org] (physical safeguards, board oversight, BAAs with subprocessors) are surfaced separately so they don't get auto-passed by a green diff.
Per-workspace overrides
If you want to customize a checklist for a specific repo, drop a file at .claude/compliance/<framework>-checklist.md in that workspace. /secure reads workspace overrides first, then falls back to the plugin's defaults.
Linear integration (optional)
If the Linear MCP is configured in Claude Code, the plugin will:
- Read issues mentioned in
/implement <issue-id> - Save research and proposal documents as Linear documents
- Create parent + sub-issue structures during
/make-plan - Post review and security findings as comments on the relevant issue
If Linear is not configured, the plugin falls back to local .md files in research/, plans/, and the conversation transcript. Both modes work end-to-end.
Credits
- RePPIT methodology — Mihail Eric, Head of AI, creator of Stanford's first AI software engineering course
- RePPIT Health plugin — Cara
License
Apache 2.0, see LICENSE.
Stats
Version0.2.0
Stars21
Forks1
MaintenanceExcellent
LicenseApache-2.0
Last Commit
Added
Available In
Tags
Categories
Help us improve
Share bugs, ideas, or general feedback.
