Productizes this marketplace's own audit methodology (the F1–F13 failure classes) as deterministic, pure-shell/awk REGRESSION detectors plus breadth+depth review sub-agents. Scans every plugin's hooks, guards, manifests, and vendored libs; emits HIGH/MEDIUM/LOW/ADVISORY findings to .claude/auditor/FINDINGS.md; and records a HIGH count in the STATUS contract so the pipeline release gate can enforce 0-high. Silent on a clean tree, fires only on a regression. No python dependency — identical on python-less / Windows hosts.
Based on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Depth-first critical auditor. Use to reason hard about the few riskiest areas the scout or the detectors surfaced — fail-open paths, traversal, auth, data-loss, and broken invariants — and confirm or refute each as a real, defensible finding. Read-only; writes findings to disk. Use proactively during /auditor:run.
Breadth-first audit scout. Use to sweep a change (or the repo) for logic, security, and invariant risks across the whole touched surface, grounded in the explorer memory and the diff. Read-only; writes findings to disk. Use proactively during /auditor:run.
Methodology for auditing this marketplace against its own F1–F13 failure classes — the deterministic static detectors, the finding line format, and how the review sub-agents add logic/security/invariant findings on top. Use when running /auditor:run or as an auditor sub-agent.
The severity taxonomy for audit findings — how to assign HIGH / MEDIUM / LOW / ADVISORY so the release gate enforces the right things and never false-blocks. Use when an auditor sub-agent or /auditor:run records a finding.
A Claude Code plugin marketplace for agentic backend engineering.
Plugin #1 — explorer: explore a codebase once, then any future session understands
it (what / why / how) by reading .claude/explorer/ — no re-exploring.
Plugin #2 — builder: spec-driven implementation that reads the explorer memory as
ground truth, gates the plan (clarity + technical plan, 9/10 each), implements only what the
spec says, runs hybrid QA, and keeps the durable memory in sync — plus a reproduce-first
bug-fix mode that turns vague, repro-less bug reports into verified, regression-safe fixes.
Six plugins compose into a single "1–2 command → prod-ready" pipeline — five do the work, the
sixth conducts them. Each module writes a small machine-readable STATUS.json under
.claude/<module>/, and the conductor reads those summaries instead of re-deriving anything.
| Plugin | Role (one line) |
|---|---|
explorer | Explore a backend codebase once; persist a durable .claude/explorer/ memory so later sessions recall (what / why / how) instead of re-scanning. |
builder | Spec-driven, gated implementation against that memory (plan → implement → hybrid QA → memory-sync), plus reproduce-first bug-fix mode. |
auditor | Deterministic F1–F13 regression detectors + breadth/depth sub-agents; records a high count the release gate enforces (0-high). |
reviewer | Reviews this change (diff vs HEAD) against the recorded invariants/risk map, the approved scope, and surviving callers; records a blocking count (0-blocking). |
ops | Deploy/release readiness — a build/test ledger + version-consistency + deploy/observability sub-agents; records a blocking count (0-blocking). |
pipeline | The conductor: sequences the five above and renders the deterministic release verdict. It explores/builds nothing itself — it coordinates and gates. |
Install any subset from the same marketplace (the conductor uses whichever modules are present — absent ones simply SKIP in the gate):
/plugin marketplace add hafizmirhamza276-lab/backend-agentic-marketplace
/plugin install explorer@backend-agentic-marketplace
/plugin install builder@backend-agentic-marketplace
/plugin install auditor@backend-agentic-marketplace
/plugin install reviewer@backend-agentic-marketplace
/plugin install ops@backend-agentic-marketplace
/plugin install pipeline@backend-agentic-marketplace
With the plugins installed, conduct an entire change or fix from a single command. The conductor runs each module in order and reads back only short STATUS summaries (protecting its own context):
/pipeline:run "<spec or short note>" # change: explore → build → audit → review → ops → release-gate
/pipeline:fix "<bug symptom>" # bug: same sequence, but the build runs reproduce-first BUG-FIX MODE
/pipeline:status # cheap consolidated dashboard (no sub-agents)
If the explorer memory is missing or stale, /pipeline:run bootstraps exploration first; if it
needs a spec, it asks you to write one. It stops and reports the moment a gate blocks.
Both commands end at the deterministic release gate
(plugins/pipeline/scripts/verify-release.sh — pure shell/awk, no python dependency). It
aggregates seven checks from the modules' STATUS + artifacts and renders RELEASE READY only
when none fail:
explored_commit == git HEAD);PLAN.md exists — every ## Tasks item has a coverage-map line in CHANGELOG.md;BUG.md exists (repro red→green + characterization/linked green);high == 0 (SKIP — advisory — when the auditor hasn't run);blocking == 0 (SKIP when absent);blocking == 0 (SKIP when absent).Advisory by default (it reports and exits 0); under PIPELINE_ENFORCE=1 (or
.claude/pipeline/settings.json → "enforce_release": true) it hard-blocks (exit 2) on any
required failure and writes the verdict + table to .claude/pipeline/RELEASE.md. The verdict is
honest — a SKIP means that module is advisory/absent, not that it passed — and confidence is never
stated as "100%".
In Claude Code, add the marketplace and install the plugins:
/plugin marketplace add hafizmirhamza276-lab/backend-agentic-marketplace
/plugin install explorer@backend-agentic-marketplace
/plugin install builder@backend-agentic-marketplace
Install only explorer if that's all you need — but builder depends on the explorer memory,
so run explorer first either way (see below).
explorerOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimnpx claudepluginhub hafizmirhamza276-lab/backend-agentic-marketplace --plugin auditorExplore a backend codebase once with breadth (Sonnet) + depth (Opus) sub-agents, then persist a durable .claude/explorer/ memory so future sessions understand the code without re-exploring.
Conductor plugin that sequences the explorer -> builder flow and gates it behind a deterministic RELEASE GATE. Reads the per-module STATUS contract and durable memory, runs exploration first when memory is missing or stale, then the spec-driven build (or BUG-FIX MODE), then verifies release-readiness (fresh memory, builder done with full coverage map, bug-fix net green, changelog present, auditor 0-high when present). Advisory by default; enforce via settings.enforce_release or PIPELINE_ENFORCE=1. Pure shell/awk gate — no python dependency.
Spec-driven agentic implementation for Claude Code. Reads the explorer codebase memory as ground truth, plans a requested change with clarity + technical-plan gates, decomposes it into atomic edge-case-hardened tasks (micro-level precision), implements only what the spec says with a per-edit lint/type feedback loop and hybrid retrieval, runs hybrid QA, and keeps the durable memory in sync. Includes a reproduce-first BUG-FIX MODE that turns vague, repro-less bug reports into verified, regression-safe fixes via a failing reproduction + characterization tests + a deterministic regression gate.
Reviews a CHANGE (the working-tree diff vs HEAD) against the explorer MEMORY.md invariants and risk map, the approved PLAN scope, and the codebase's surviving callers. Deterministic, pure-shell/awk checks (R1 caller-integrity, R2 convention-regression — BLOCKING; R3 risk-touch, R4 scope-discipline — CONCERN) plus breadth+depth review sub-agents. Emits BLOCKING/CONCERN/NOTE findings to .claude/reviewer/REVIEW.md and records a BLOCKING count in the STATUS contract so the pipeline release gate can enforce 0-blocking. Orthogonal to the auditor (change-vs-invariants, not whole-tree regression). Silent on a clean/in-spec change; no python dependency.
Assesses DEPLOY/RELEASE readiness of the codebase. Deterministic, pure-shell/awk checks kept deliberately LEAN — O1 test-ledger (a recorded RED build/test → BLOCKING; no ledger → CONCERN) and O2 version-consistency (a marketplace entry's version ≠ that plugin's plugin.json version → CONCERN) — plus breadth+depth ops sub-agents that inventory the CI/deploy/observability surface and reason about readiness as ADVISORY CONCERN/NOTE findings. Emits BLOCKING/CONCERN/NOTE to .claude/ops/OPS.md and records a BLOCKING count in the STATUS contract so the pipeline release gate can enforce 0-blocking. Fuzzy deploy judgment lives in the agents, never in a false-firing detector. Silent on a verified, consistent tree; no python dependency.
Harness-native ECC plugin for engineering teams - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems
v9.52.0 - Reliability wave: tangle contextual review correction loop with hard round ceiling, progress-supervised review rounds (per-agent stall watch, descendant-tree kills), council diversity and agy pin fixes, marketplace generator source-of-truth fix, provider troubleshooting runbook and cost-expectations docs. Run /octo:setup.
Complete creative writing suite with 10 specialized agents covering the full writing process: research gathering, character development, story architecture, world-building, dialogue coaching, editing/review, outlining, content strategy, believability auditing, and prose style/voice analysis. Includes genre-specific guides, templates, and quality checklists.
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.