Stats
Actions
Available In
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
Autonomous, security-default software-engineering operator. Turns a rough idea into a PRD, executes it as sandboxed user-stories with evidence-backed quality gates, and stops before production deploy.
Audit the target project before autonomous work — stack, tests, package manager, risks, CI/CD, deployment surfaces, missing guardrails.
End-to-end autonomous build. Idea → grilled spec → PRD → stories → sandboxed execution → evidence → final PR-ready report.
Run a measured self-healing experiment — baseline → one mutation → fixed eval → keep/revert. Never weakens safety gates.
Final review fan-out — code-reviewer, security-auditor, test-engineer (and architect if architectural change). Synthesizes a single go/no-go decision.
Release-readiness flow. Argument: $ARGUMENTS
Use only for ADR-worthy decisions — new module, new boundary, new framework, cross-cutting concern, or detected ball-of-mud entropy. Produces ADRs and proposes deepening as new user stories. Refuses speculative abstractions for hypothetical futures.
Use to build the canonical project/domain map other Superbuilder agents will reuse. Detects package manager via lockfile order, indexes ADRs and docs (without summarizing), produces stack.json, domain.md, tree.md, gates.json, risks.md under .superbuilder/context/.
Use to build exactly one user story inside a Sandcastle sandbox on a per-story branch. Writes the smallest diff that satisfies acceptance criteria, runs only story-relevant gates, never deploys, never touches main, never silently adds dependencies.
Use after intake and context-sync to convert the refined idea into a PRD and a vertical-slice user-story plan in .superbuilder/prd.json. Does not write product code. Refuses to proceed without explicit human approval of the plan.
Use to challenge a vague or weak software idea before any planning. Triggers when user dumps a rough idea, says "build me X" without acceptance criteria, or asks the assistant to start work on under-specified scope. Refuses overbuilt, unsafe, vague, or legally risky proposals and counter-proposes narrower variants. Also used in discovery mode for non-technical users who don't yet have a clear idea.
Use when a user doesn't yet have a clear picture of what they want to build. Runs an adaptive one-question-at-a-time discovery conversation, takes notes throughout, and presents a plain-English action plan for user approval before handing off to the technical pipeline. Invoked by /superbuild when the user chooses "figure it out together" at the detection step.
Use when a user dumps a rough software idea, asks Superbuilder to "build X", or invokes /superbuilder:superbuild. Grills the idea until success criteria, primary user, scope edges, and risks are explicit. Pushes back on vague, overbuilt, or unsafe proposals before any planning happens.
Use after intake-refine to build a project/domain map before any planning or coding. Detects package manager, reads existing docs and ADRs, captures domain language, and produces a context packet other agents will reuse. Required before write-prd or plan-stories.
Use after context-sync to produce a PRD that is implementation-grade — every section answers "what gets built, what doesn't, how do we know it's done." Reads .superbuilder/intake.md and .superbuilder/context/*. Hands a finished PRD to plan-stories. Refuses to skip sections.
Use after PRD approval to materialize .superbuilder/prd.json with vertical-slice user stories. Each story has acceptance criteria, files-likely-touched, dependencies, risk level, and an empty evidence object. Refuses to produce stories that aren't independently testable.
Executes bash commands
Hook triggers when Bash tool is used
Modifies files
Hook triggers on file write and edit operations
Uses power tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Uses Bash, Write, or Edit tools
Uses Bash, Write, or Edit tools
A Claude Code plugin that turns an existing LLM into a proactive, security-default software-engineering operator.
You dump a rough idea once, approve a plan once, and Superbuilder coordinates implementation, testing, review, security audit, and PR preparation inside controlled safety boundaries — stopping before production deploy until you explicitly approve.
/superbuilder:superbuild, superaudit, superstatus, superreview, superheal, supersources, supership.bin/ dispatchers wrapping a TypeScript orchestrator.orchestrator/ — story scheduler, gate runner, Sandcastle adapter, PRD validator, package-manager detection.This release is a foundation, not a turnkey product. See docs/LIMITATIONS.md for what's wired, what's stubbed, and what is intentionally out of scope. The architecture, schemas, security model, and skill/agent surface are complete; the autonomous Sandcastle execution path needs verification against the upstream Sandcastle API before relying on it for unattended runs.
user idea
│
▼
/superbuilder:superbuild
│
▼
product-griller ──► planner ──► context-cartographer
│ │
▼ ▼
.superbuilder/intake.md .superbuilder/context/* + PRD.md
│
▼
03-plan-stories ──► .superbuilder/prd.json (schemaVersion v2)
│
▼
PLAN APPROVAL (AskUserQuestion)
│
▼
orchestrator (bin/superbuilder-run)
├─► createSandbox(branch=superbuilder/<US>-<slug>)
│ ├─► implementer
│ ├─► test-engineer
│ └─► reviewer + security-auditor + (architect)
├─► gates: typecheck, lint, test, integration, security, secret scan,
│ dep audit, license, browser, a11y, perf
└─► evidence/<US>/* + passes:true → merge to superbuilder/integration
│
▼
/superbuilder:supership (Phase 1 always; Phase 2 only with approval)
Every critical edge has a hook checkpoint; see docs/SECURITY.md.
git clone <this-repo> superbuilder
( cd superbuilder/orchestrator && npm install && npm run build )
claude --plugin-dir "$(pwd)/superbuilder"
# in your target project:
> /superbuilder:superaudit
> /superbuilder:superbuild
Full install instructions: docs/INSTALL.md.
| Source | Role |
|---|---|
| Matt Pocock skills | alignment, grilling, domain language, triage, TDD, diagnosis, architecture |
| Addy Osmani agent-skills | canonical SDLC: spec, plan, build, verify, review, ship, gates |
| Ralph | PRD/story/progress state machine pattern (not the unsafe shell loop) |
| Sandcastle | only autonomous coding-agent execution engine |
| Karpathy autoresearch | eval-driven, measured self-improvement (method only) |
Detailed source map and per-source decisions: docs/SOURCE-MAP.md.
.superbuilder/evidence/<US>/.deploymentAllowed: true in the PRD, a signed approval file, AND the literal approve-deploy flag.noSandbox() for autonomous execution. Manual interactive debugging only.humanApprovalRequiredFor.falsePassRate must remain 0; security regression none..claude-plugin/plugin.json
skills/00..11-*/SKILL.md
agents/*.md
commands/*.md
hooks/hooks.json + hooks/scripts/*.sh
bin/superbuilder, superbuilder-run, -heal, -sources, -gates
orchestrator/{package.json, tsconfig.json, src/*.ts}
docs/{ARCHITECTURE,SECURITY,SOURCE-MAP,EVALS,INSTALL,LIMITATIONS}.md
MIT.
npx claudepluginhub solomonsjoseph/superbuilder-skillComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
JeffallanHarness-native ECC plugin for engineering teams - 67 agents, 271 skills, 92 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses
affaan-mv9.44.1 — Patch release for Gemini environment/version detection and qwen auth gating. Run /octo:setup.
nyldnA growing collection of Claude-compatible academic workflow bundles. Covers scientific figures, manuscript writing and polishing, reviewer assessment, citation retrieval, data availability, paper reading, literature search, response letters, paper-to-PPTX conversion, and evidence-grounded Chinese invention patent drafting. Rules are organized as reusable skill folders with explicit workflows and quality checks.
Yuan1z0825Comprehensive PR review agents specializing in comments, tests, error handling, type design, code quality, and code simplification
anthropicsComprehensive feature development workflow with specialized agents for codebase exploration, architecture design, and quality review
anthropics