Code Guardian
Claude Code plugins for the INFYNON suite — package security, API flow testing, and shared coding memory.
Plugins
infynon-pkg — Package Security Manager
Universal secure package installation, CVE scanning, auto-fix, dependency auditing, and vulnerability monitoring across 14 ecosystems (npm, yarn, pnpm, bun, pip, uv, poetry, cargo, go, gem, composer, nuget, hex, pub).
infynon-weave — API Flow Testing
AI-driven node-based API flow testing with security probes, TUI visualization, assertion engine, context threading, and automated flow building.
infynon-trace — Shared Coding Memory
Three-layer memory operating system for codebases:
- Canonical memory — architecture decisions, API contracts, security constraints (highest trust, promoted only)
- Team memory — handoffs, PR notes, caveats, branch context (medium trust, agent-writable)
- User memory — personal observations, task context, experiments (low trust, promotable)
With session hooks (auto-load on start, capture on end), Redis and SQL backends, TUI inspection, and promotion workflows.
Installation
Step 1: Install INFYNON CLI
INFYNON CLI: github.com/d4rkNinja/infynon-cli
Check if already installed:
infynon --version
npm (Recommended — all platforms, no Rust required)
npm install -g infynon
Linux / macOS
curl -fsSL https://raw.githubusercontent.com/d4rkNinja/infynon-cli/main/scripts/install.sh | bash
Windows (PowerShell)
irm https://raw.githubusercontent.com/d4rkNinja/infynon-cli/main/scripts/install.ps1 | iex
Build from Source (requires Rust)
cargo install --git https://github.com/d4rkNinja/infynon-cli
Pre-built binaries also available on the Releases page for Windows x64, Linux x64/ARM64 (musl), macOS x64/ARM64.
Verify:
infynon --version
infynon pkg --help
infynon trace --help
Step 2: Install Claude Code Plugins
# Add the marketplace
/plugin marketplace add d4rkNinja/code-guardian
# Install plugins
/plugin install infynon-pkg@d4rkNinja
/plugin install infynon-weave@d4rkNinja
/plugin install infynon-trace@d4rkNinja
# Activate
/reload-plugins
Or load locally for development:
claude --plugin-dir ./infynon-pkg --plugin-dir ./infynon-weave --plugin-dir ./infynon-trace
How These Plugins Work
These are contextual skills — once installed, Claude Code automatically knows how to help users with INFYNON. Claude will:
- Check if INFYNON is installed and guide through installation if not found
- Recommend the right
infynon commands based on what the user is trying to do
- Detect lock files and suggest security scans
- Help manage coding memory across canonical, team, and user layers
- Run session hooks to load/save memory automatically
- Guide users through TUI keyboard shortcuts
- Explain vulnerability scan results and fix options
- Recommend CI-friendly flags (
--strict, --auto-fix, --skip-vulnerable, --agent)
Skills
| Plugin | Skill | Auto-triggers When |
|---|
| infynon-pkg | package-security | User asks about package vulnerabilities, CVE scanning, dependency auditing, or Claude detects lock files in the project |
| infynon-pkg | cve-triage | User needs help interpreting CVE scan results or prioritizing fixes |
| infynon-pkg | eagle-eye-monitor | User wants continuous vulnerability monitoring with email alerts |
| infynon-weave | api-testing | User asks about API testing, flow building, security probes, or Claude detects .infynon/api/ in the project |
| infynon-trace | memory-ops | User asks about coding memory, notes, handoffs, or Claude detects .infynon/trace/ in the project |
| infynon-trace | canonical-memory | User asks about architecture decisions, truth memory, or validated knowledge |
| infynon-trace | session-hooks | Session starts or ends, user asks about memory hooks |
Agents
| Plugin | Agent | Purpose |
|---|
| infynon-pkg | pkg-guardian | Deep package security analysis, CVE triage, migration guidance, CI setup |
| infynon-weave | api-guardian | API flow design, node wiring, security probe interpretation, CI pipelines |
| infynon-trace | trace-guardian | Memory layer management, promotion workflows, session hooks, backend setup |
Hooks (Opt-In)
Trace hooks are installed per-project in .claude/settings.json when the user explicitly asks. They are never auto-installed or placed in system-level settings.