security-engineering
Delegate security engineering tasks to an AI agent that performs vulnerability assessments, fixes issues like SQL injection and XSS, implements authentication with OAuth/JWT and RBAC, protects PII, conducts threat modeling, code reviews, and ensures OWASP/GDPR compliance in your codebase.
npx claudepluginhub thebushidocollective/han --plugin do-securityComponent Overview
Component Details
README
Han
Ship-ready code from your AI coding agent. 139+ plugins for quality gates, tooling, memory, and specialized agents — so your AI writes code that's ready to merge.
Getting Started
Two commands. That's it.
# 1. Install the CLI
curl -fsSL https://han.guru/install.sh | bash
# 2. Auto-detect and install plugins for your project
han plugin install --auto
Next time you use Claude Code, validation hooks run automatically when you finish a conversation.
Alternative Installation
# Homebrew (macOS/Linux)
brew install thebushidocollective/tap/han
How It Works
- Install - One command installs the CLI and auto-detects plugins for your stack
- Code - Claude writes code as usual. No workflow changes needed
- Validate - Stop hooks run automatically. Linters, formatters, type checkers, and tests are all verified
- Learn - Local metrics track success rates and calibrate confidence. Nothing leaves your machine
Plugin Categories
139 plugins across six categories:
| Category | Description | Examples |
|---|---|---|
| Core | Essential infrastructure. Auto-installs han binary, provides metrics and MCP servers | Always required |
| Languages | Validation plugins for your language/runtime | TypeScript, Rust, Python, Go, Ruby |
| Validation | Linters, formatters, and quality tools | Biome, ESLint, ShellCheck, Pytest |
| Disciplines | Specialized AI agents for engineering domains | Security, accessibility, API design, architecture |
| Services | MCP servers for external platforms | GitHub, GitLab, Linear |
| Tools | MCP servers for development utilities | Playwright, Blueprints, Context7 |
Browse all plugins at han.guru/plugins
Why It Works
- Smart Caching - Only runs validation when relevant files change. Native Rust hashing keeps it fast
- Local Metrics - Tracks task success and confidence calibration. All data stays on your machine
- Zero Config - Binary auto-installs on first session.
--autoflag detects your stack automatically - Any Stack - TypeScript, Python, Rust, Go, Ruby, Elixir. If there's a linter, there's a plugin
CLI Commands
# Install plugins
han plugin install # Interactive mode
han plugin install --auto # Auto-detect your stack
han plugin install <name> # Install specific plugin
# Manage plugins
han plugin search <query> # Search marketplace
han plugin uninstall <name> # Remove plugin
# Run hooks manually
han hook run <plugin> <hook> # Run a specific hook
han hook explain # Show configured hooks
# MCP server
han mcp # Start MCP server for natural language hook execution
Documentation
Full documentation at han.guru/docs
Contributing
See CONTRIBUTING.md for how to create new plugins.
License
MIT License - see LICENSE
Built by The Bushido Collective
Similar Plugins
code-quality-expert
Expert code review specialist. Proactively reviews code for quality, security, and maintainability. Use immediately after writing or modifying code.
security-agent
Specialized security review subagent
security-guidance
Security best practices advisor with vulnerability detection and fixes
secure-development
Secure coding, OWASP guidance, input validation, cryptography, authentication, and secrets management for secure application development.
agents-quality-security
Agents for code review, security audits, debugging, and quality assurance
More by thebushidocollective
Uses power tools
Uses Bash, Write, or Edit tools
Help us improve
Share bugs, ideas, or general feedback.