By NilsWidal
Automates the RePPITS development workflow (Research, Propose, Plan, Implement, Test, Secure) with configurable compliance gates (HIPAA, SOC 2, ISO 27001, HITRUST) and an autonomous goal-loop that iterates on a prioritized backlog. Includes shared team signals hub, token compression, and resumable tasks.
Implement the work described in an issue or task.
Run a **dedicated goal-loop**: pursue a standing goal by repeatedly working down a prioritized backlog, learning each cycle, until the goal is met. This is the outer loop that wraps RePPITS (`/run` is its "act" step).
Break the chosen proposal into a concrete implementation plan.
Generate two solution proposals grounded in existing research and a feature or project request.
Research and document the existing codebase exactly as it is today; no suggestions or evaluations.
Executes bash commands
Hook triggers when Bash tool is used
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Executables (bin/) — files in this plugin's bin/directory are added to the Bash tool's PATH while the plugin is enabled.
██╗ ██████╗ ██████╗ ███████╗ ████████╗ ███████╗ ██████╗
██║ ██╔═══██╗ ██╔══██╗ ██╔════╝ ╚══██╔══╝ ██╔════╝ ██╔══██╗
██║ ██████╗ ██║ ██║ ██████╔╝ ███████╗ ██║ █████╗ ██████╔╝
██║ ██╔═══██╗ ██║ ██║ ██╔══██╗ ╚════██║ ██║ ██╔══╝ ██╔══██╗
███████╗ ╚██████╔╝ ╚██████╔╝ ██████╔╝ ███████║ ██║ ███████╗ ██║ ██║
╚══════╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝ ╚═╝ ╚══════╝ ╚═╝ ╚═╝
AI that plans, builds, verifies & secures every change — solo or team
plan → build → verify → secure · goal-loops · shared signals · configurable compliance · independent verification · local-first
🦞 Loobster — loop + lobster. Run
bin/loobster.shfor the animated red version of the mascot.📖 Docs: nilswidal.github.io/loobster — a team-focused docs site (source in
docs/, served via GitHub Pages; seedocs/DEPLOY.md).
Loobster is a cross-tool loop harness — it runs in Claude Code and Codex (and any agent that reads AGENTS.md / .agents/skills) — that turns AI-assisted development into a repeatable, reviewable, secure loop. It right-sizes each task, plans before it builds, can run autonomously between approval gates, and proves its work with an independent verifier instead of trusting itself. It coordinates whole teams through a shared signals hub, and runs the compliance frameworks you choose against every diff.
Under the hood it follows the RePPITS method — Research, Propose, Plan, Implement, Test, Secure — created by Mihail Eric (the RePPIT framework, from the creator of Stanford's first AI software engineering course). Healthcare (HIPAA/HITRUST) is one aspect, alongside ISO 27001 and SOC 2 — enable only what your repo needs.
AI-assisted development is shifting from one-shot prompts to durable, autonomous loops — the loop, not the prompt, is becoming the unit of work. An agent that plans, builds, tests, and retries against a goal does far more than one that answers once. The catch: an unsupervised loop is only as trustworthy as its guardrails. Left alone, a loop will happily rubber-stamp its own output, drift from scope, or burn the context window.
Loobster is the harness that makes a loop safe to let run:
It stands on two foundations: RePPIT (Mihail Eric) gives the phase structure a loop iterates over, and headroom (Tejas Chopra) gives the token economics that make long loops viable. Loobster wires both into the agent's control loop.
npx claudepluginhub nilswidal/loobster --plugin loobsterSecurity agents — security, compliance, privacy specialists
AI-powered development workflow automation - Phase-based planning, implementation orchestration, preflight code quality checks with security scanning, ship-it workflow, and development principles generator for CLAUDE.md
A team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.
Universal quality control orchestrator and final authority for any software development project. Dynamically discovers and coordinates with available sub-agents, performs comprehensive multi-dimensional quality assessment, security validation, and deployment readiness verification. Adapts to any project type, programming language, or development framework while maintaining enterprise-grade quality standards. Examples: <example>Context: Code changes ready for review across any project. user: 'Please review this code before commit' assistant: 'I'll use the 1-ceo-quality-control-agent to orchestrate comprehensive quality validation, discover available specialists, and perform final security scanning before approval.' <commentary>Universal quality control requires comprehensive validation across all dimensions regardless of project type.</commentary></example> <example>Context: Multi-agent work completion needing validation. user: 'Several agents completed their tasks, need quality review' assistant: 'Let me engage the 1-ceo-quality-control-agent to coordinate comprehensive validation across all completed work and ensure quality standards.' <commentary>Multi-agent coordination and quality validation applies to any development project.</commentary></example>
Session-level orchestration — wave planning, VCS integration, quality gates, persistence, and safety checks
Governed workflow skills, reviewer agents, and enforcement hooks for govctl