Search everything...

Stats

Actions

Available In

Help us improve

Share bugs, ideas, or general feedback.

shield - Claude Code Plugin | ClaudePluginHub

Plugin

shield

Name: shield
Author: infraspecdev

By infraspecdev

Unified SDLC plugin — research, planning, PM integration, implementation, and continuous review with multi-domain support and specialist agents.

npx claudepluginhub infraspecdev/tesseract --plugin shield

Popularity

Stars

Above avg

Med: 0·Avg: 274

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands13

analyze-plan

/analyze-plan

Analyze terraform plan output for security, cost, and destructive action impact

implement

/implement

Start TDD-based feature implementation with progress tracking

init

/init

Set up Shield for a new project — creates .shield.json and ~/.shield/ config structure

migrate

/migrate

Migrate from old plugins (infra-review, clickup-sprint-planner, dev-workflow) to Shield

plan-review

/plan-review

Run multi-agent plan review with scored analysis

Agents8

agile-coach-reviewer

/agile-coach-reviewer

Use this agent when evaluating sprint-readiness, story quality, sizing, dependency ordering, or acceptance criteria testability. Always dispatch for plans with stories.

architecture-reviewer

/architecture-reviewer

Use this agent when reviewing service topology, scalability, high availability, network design, Terraform component structure, or Atmos integration patterns. Dispatch for plan reviews or infrastructure code reviews.

cost-reviewer

/cost-reviewer

Use this agent when reviewing cost optimization — resource right-sizing, environment tiering, NAT gateway patterns, expensive resource toggles, and FinOps best practices. Dispatch for plan reviews or infrastructure code reviews.

dx-engineer-reviewer

/dx-engineer-reviewer

Use this agent when evaluating plan clarity, actionability, software architecture quality, or developer experience. Always dispatch for plans with stories.

operations-reviewer

/operations-reviewer

Use this agent when reviewing operational readiness — monitoring, logging, failure modes, backup strategy, capacity planning, tagging, blast radius, and day-2 operations. Dispatch for plan reviews or infrastructure code reviews.

Skills16

terraform-plan-analyzer

/plan-analysis

Use when analyzing Terraform plan output for security, cost, and operational impact — parses terraform plan JSON to surface destructive changes, IAM modifications, cost-impacting resources, and drift before apply

terraform-security-audit

/security-audit

Use when auditing Terraform code for security vulnerabilities, reviewing IAM policies, checking encryption, or validating network isolation in AWS components

terraform-test-coverage

/test-coverage

Use when reviewing Terraform test files (.tftest.hcl), assessing test coverage, or designing new tests for components using mock_provider and plan-only assertions

pm-analysis

/pm-analysis

Use when any workflow needs a product lens — user impact analysis, prioritization, scope discipline, or stakeholder framing. Triggers on product analysis, PM review, user impact, business value.

research

/research

Use when comparing approaches, evaluating tools, building evidence-based decisions, or the user needs citations and industry backing. Triggers on /research, investigate, compare, evaluate.

Hooks1

Event Hooks

File writes

2 hooks across 2 events

Stats

Version2.7.0

ReleasedMar 20, 2026

LanguagePython

Stars2

MaintenanceExcellent

LicenseMIT

Last CommitMar 20, 2026

AddedMar 26, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge.

Available In

tesseract2

Safety Signals

Caution

Modifies files

Hook triggers on file write and edit operations

Uses power tools

Uses Bash, Write, or Edit tools

Help us improve

Share bugs, ideas, or general feedback.

README

Tesseract

A Claude Code plugin marketplace.

In the Marvel universe, the Tesseract was a crystalline container that held the Space Stone — one of the six Infinity Stones, each holding power over a fundamental aspect of existence. Whoever possessed the Tesseract didn't just hold an object; they held the potential to reshape reality itself.

This Tesseract holds something similar. Not Infinity Stones, but plugins — each one a concentrated capability that transforms how you build software. The container is simple. What it holds is powerful.

What's Inside

Plugin	What It Does
Shield	A unified software development lifecycle plugin — research, planning, project management integration, implementation, and continuous code review with specialist agents

Deprecated Plugins

The following plugins have been consolidated into Shield and are no longer maintained as separate plugins:

Plugin	Replaced By
`infra-review`	Shield's domain-specific review skills (`terraform/`, `atmos/`, `github-actions/`) and multi-mode reviewer agents
`clickup-sprint-planner`	Shield's PM adapter system (`/pm-sync`, `/pm-status`) with the ClickUp adapter at `shield/adapters/clickup/`
`dev-workflow`	Shield's general skills (`/research`, `/implement`, `/plan`) and superpowers integration

If you have existing projects using these plugins (e.g., infra-plans/ directories with sprint-planner.json), run /shield init in your project to migrate. Shield detects old plugin config and offers to set up the new .shield.json marker and ~/.shield/ config structure.

Tesseract: The Marketplace

Tesseract is a plugin marketplace — a registry that contains one or more Claude Code plugins. You add the marketplace once, then install whichever plugins you need.

# Add the marketplace (one-time)
/plugin marketplace add infraspecdev/tesseract

# Install a plugin from it
/plugin install shield@tesseract

# Enable auto-updates to stay current
/plugin update --auto-update shield@tesseract

Each plugin in the marketplace is independently versioned and released. You can install one, some, or all of them.

Plugins

Shield

Named after Marvel's S.H.I.E.L.D. — the Strategic Homeland Intervention, Enforcement and Logistics Division — the organization that gathers intelligence, plans operations, assembles specialists, and executes missions.

Except here, the homeland is your codebase — and the existential threats are unreviewed pull requests, missing test coverage, security holes hiding in plain sight, and acceptance criteria so vague they'd make Nick Fury weep.

Shield assembles a team of specialist agents and orchestrates them through a structured engineering pipeline. A planner who breaks initiatives into executable stories with testable acceptance criteria. A security reviewer who thinks like an attacker. A cost analyst who's seen $10k/month NAT gateway bills in dev environments. An architect who's debugged cascading failures at 3 AM. An agile coach who ensures stories are sprint-ready. A developer experience engineer who ensures plans are clear enough to execute without questions.

It shields you from the mistakes that haunt on-call rotations — because the best incident is the one that never happened.

Design Philosophy

One pipeline, many domains. Shield follows a single workflow — research, plan, build, review — but adapts to the domain you're working in. Terraform gets provider-specific research and HashiCorp Configuration Language-aware review. Atmos gets stack hygiene checks. Future domains (Python, TypeScript, Kubernetes) slot in by adding a directory, not by rewriting orchestration.

Continuous review, not gatekeeping. Review isn't a phase at the end — it happens after planning (are the stories actionable?), after each implementation step (did we introduce issues?), and as a final consolidated check. You choose which findings to fix, which to defer, and which to discuss.

Project management as a pluggable adapter. The pipeline doesn't know about ClickUp or Jira. It knows about abstract operations — sync stories, get status, link to epic. Each project management tool implements these operations through its own adapter. Adding a new tool means writing an adapter, not touching any skill or agent.

Agents are specialists. Each agent has a clear domain (security, cost, architecture, operations) and operates in modes depending on context — lightweight checks when reviewing a plan document, deep checklists when reviewing Terraform code. One agent file, multiple depths.

Your config, your rules. The plugin adapts to your setup:

Pick your domains (terraform, atmos, or both)
Pick your project management tool per project (clickup, jira, or future adapters)
Override which reviewers always run or never run per project

View full README on GitHub

Similar Plugins

sdlc-team-security

38·

Security agents — security, compliance, privacy specialists

2mo

v1.0.0

SteveGJones

shipyard

57·2·

Ship software systematically: project lifecycle, TDD, parallel agents, code review, security auditing, and infrastructure validation

2mo

v4.7.0

lgbarn

great_cto

38·4·

Engineering process for solo founders and teams up to 50 engineers. Agents do architecture, code review, QA, and security. You make two decisions per feature.

today

v2.39.0

avelikiy

sdlc

133·6·

Complete SDLC framework with 58 specialized agents for software development lifecycle management. Phase-based workflows (Inception→Elaboration→Construction→Transition), security reviews, testing orchestration, and deployment automation.

2mo

v2024.12.4

jmagly

executive-quality-assurance

53·

Universal quality control orchestrator and final authority for any software development project. Dynamically discovers and coordinates with available sub-agents, performs comprehensive multi-dimensional quality assessment, security validation, and deployment readiness verification. Adapts to any project type, programming language, or development framework while maintaining enterprise-grade quality standards. Examples: <example>Context: Code changes ready for review across any project. user: 'Please review this code before commit' assistant: 'I'll use the 1-ceo-quality-control-agent to orchestrate comprehensive quality validation, discover available specialists, and perform final security scanning before approval.' <commentary>Universal quality control requires comprehensive validation across all dimensions regardless of project type.</commentary></example> <example>Context: Multi-agent work completion needing validation. user: 'Several agents completed their tasks, need quality review' assistant: 'Let me engage the 1-ceo-quality-control-agent to coordinate comprehensive validation across all completed work and ensure quality standards.' <commentary>Multi-agent coordination and quality validation applies to any development project.</commentary></example>

2mo

v1.0.0

devsforge

sdlc-wizard

29·

SDLC enforcement for AI agents — TDD, planning, self-review, CI shepherd

v1.78.0

BaseInfinity

Help us improve

Find plugins for your project

Help us improve

shield

Popularity

What's Inside

Help us improve

Health & Quality

Confidence

README

Tesseract

What's Inside

Deprecated Plugins

Tesseract: The Marketplace

Plugins

Shield

Design Philosophy

Similar Plugins

sdlc-team-security

shipyard

great_cto

sdlc

executive-quality-assurance

sdlc-wizard

More by infraspecdev

infra-review

dev-workflow

clickup-sprint-planner

Tesseract

What's Inside

Deprecated Plugins

Tesseract: The Marketplace

Plugins

Shield

Design Philosophy