By waterplanai
Configure and enforce security guardrails in agentic workflows to protect credentials, block destructive bash commands, restrict file writes and edits, mitigate supply chain risks, and limit Playwright browser access. Use interactive YAML prompts for customization and pre-tool hooks for authentication and blocking.
npx claudepluginhub waterplanai/agentic-config --plugin ac-safetyProject-agnostic, composable configuration system for AI-assisted development workflows.
claude plugin marketplace add WaterplanAI/agentic-config
# For dev branch: `claude plugin marketplace add </path/to/dev/branch>` OR `./dev.sh`
claude plugin install ac-workflow@agentic-plugins
claude plugin install ac-git@agentic-plugins
claude plugin install ac-qa@agentic-plugins
claude plugin install ac-tools@agentic-plugins
claude plugin install ac-meta@agentic-plugins
claude plugin install ac-safety@agentic-plugins
claude plugin install ac-audit@agentic-plugins
Note: Auto-updates are disabled by default for third-party marketplaces. Enable them via
/plugins> Marketplaces > agentic-plugins > Enable auto-update to stay in sync with new releases automatically.
See Getting Started for full setup.
A centralized configuration system with a Claude Code plugin architecture first in v0.2.0.
Future releases will extend the same plugin approach to additional tools (Cursor, Codex CLI, Gemini CLI, and Antigravity).
Core principles:
claude plugin install, no symlinks| Plugin | Focus | Skills |
|---|---|---|
ac-workflow | Spec workflow, MUX orchestration | 6 |
ac-git | Git automation, PRs, releases | 7 |
ac-qa | QA, E2E testing, browser automation | 7 |
ac-tools | Utilities, integrations, bootstrap | 17 |
ac-meta | Meta-prompting, self-improvement | 2 |
ac-safety | Security guardrails (credential, write-scope, destructive-bash, supply-chain, playwright) | 2 |
ac-audit | Tool audit logging (JSONL append-only log) | 1 |
MUX workflows (ac-workflow plugin) delegate to background agents via Task(run_in_background=True). Background agents cannot surface interactive permission prompts -- any unapproved tool is auto-denied.
Recommended: Run Claude Code with --dangerously-skip-permissions for MUX workflows:
claude --dangerously-skip-permissions
Alternatively, pre-authorize specific tools via CLI:
claude --allowedTools "Skill Bash Read Write Edit Grep Glob"
All plugins in this repository are designed and tested with full tool permissions enabled.
A secure runtime for Claude Code. Intercepts every tool call with policy-based allow/block/ask decisions, evasion detection, path fencing, file snapshots, and audit logging.
Executes bash commands
Hook triggers when Bash tool is used
Modifies files
Hook triggers on file write and edit operations
Share bugs, ideas, or general feedback.
665 safety hooks for Claude Code — prevent file deletion, credential leaks, git disasters, and token waste during autonomous AI coding sessions
Runtime security for AI agents. Blocks destructive actions before execution, routes high-risk operations through human approval, and maintains an immutable audit trail. Covers OWASP MCP Top 10, ASI Top 10, and Agentic Skills Top 10.
Runtime security plugin for Claude Code with balanced default hooks plus the Runwall inline MCP gateway for shell, git, MCP, secret, and exfiltration risks.
Safety for Agents - Agent Detection & Response (ADR) for Claude Code
Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference)