security-suite

Scott's Claude Code Setup

Modular Claude Code plugin suite for productive development. The core plugin provides 10 slash commands, 8 specialized AI agents, and 4 skills. Specialized sub-plugins add beads epic workflows, browser automation, mutation testing, and more.

Quick Install

# Install from the plugins marketplace
/plugin marketplace add citadelgrad/scott-cc

Or browse the marketplace at https://claudecode.dev/plugins to discover this and other plugins.

What's Inside

Development Commands (10)

• /scott-cc:new-task - Analyze task complexity and create implementation plan
• /scott-cc:code-explain - Generate detailed explanations
• /scott-cc:code-optimize - Performance optimization
• /scott-cc:code-cleanup - Refactoring and cleanup
• /scott-cc:lint - Linting and fixes
• /scott-cc:docs-generate - Documentation generation
• /scott-cc:component-new - Create React components
• /scott-cc:page-new - Create Next.js pages
• /scott-cc:security-cheatsheet - Comprehensive security reference
• /scott-cc:gha - Debug failing GitHub Actions runs and audit workflow YAML

Specialized AI Agents (8)

• api-debugger - Full-stack API debugging with browser integration
• backend-architect - Backend systems with data integrity & security
• deep-research-agent - Comprehensive research with adaptive strategies
• emergent-behavior - Analyze systems for emergent properties
• frontend-architect - Performant, accessible UI architecture
• refactoring-expert - Systematic refactoring and clean code
• requirements-analyst - Transform ideas into concrete specifications
• system-architect - Scalable system architecture design

Skills (4)

• python-simplifier - DRY/KISS code quality standards for Python
• typescript-simplifier - DRY/KISS code quality standards for TypeScript/JavaScript
• context7 - Fetch up-to-date documentation for any library
• context-file-optimizer - Audit and rewrite AI agent context files (AGENTS.md, CLAUDE.md)

Hooks

• ghostty-bell (Stop event) - Ghostty terminal tab indicator when Claude finishes responding
  • Adds bell to the Ghostty tab title (clears on focus)
  • Bounces the dock icon
  • Sends a macOS desktop notification with a brief summary of the work done
  • Requires Ghostty terminal (v1.2.0+)

Specialized Plugins

Install these sub-plugins from the marketplace for additional capabilities:

• beads-epic-builder - Plan, build, and swarm beads epics (2 agents, 2 commands)
• browser-automation - Browser testing & validation (2 agents, 2 skills)
• research-tools - Learning guides, tech stack research, technical writing (3 agents, 1 skill)
• security-suite - Security advisory and vulnerability scanning (2 agents)
• performance-optimization - Performance engineering and profiling (1 agent)
• mutation-testing - Comprehensive mutation testing suite (5 agents, 1 skill)

Beads Epic Builder

The beads-epic-builder plugin provides three ways to work with beads epics:

1. Plan an Epic

The epic-planner agent guides features from concept to implementation-ready tasks:

User describes feature
         |
         v
   Research (adaptive depth)
         |
         v
   Research Approval Gate
         |
         v
   Create PRD Document
         |
         v
   Create SPEC Document
         |
         v
   Document Approval Gate
         |
         v
   Create Beads Epic + Tasks

2. Build Sequentially: /build-feature <epic-id>

The feature-builder agent implements tasks one at a time through 6 phases:

/build-feature <epic-id> [--resume]
         |
         v
  Phase 1: Epic Setup (verify, test requirements audit)
  Phase 2: Architecture Review (conditional agent spawning)
  Phase 3: Implementation (task-by-task via beads)
  Phase 4: Quality Review (DRY/KISS via simplifier skills)
  Phase 5: Validation (tests, lint, types, security)
  Phase 6: Final Review (commit, close epic)

Each phase writes a checkpoint for --resume support.

3. Build in Parallel: /epic-swarm <epic-id>

Spawns parallel worker agents in isolated git worktrees:

/epic-swarm <epic-id> [--max-parallel 3] [--no-review] [--dry-run]
         |
         v
  Phase 1: Load epic, build dependency-aware wave plan
  Phase 2: Execute waves (parallel workers in worktrees)
           - Wave 1: independent tasks run simultaneously
           - Wave 2: tasks depending on Wave 1
           - Wave N: continue until done
           - Merge branches, run tests, close tasks after each wave
  Phase 3: CE code review (architecture, simplicity, security, performance)
  Phase 4: Ship (commit, push)

Checkpointing after every wave survives context compaction.