From maverick
Initializes a repository for Maverick: verifies the GitHub App, installs/updates the CLI, writes project config, scaffolds docs and skills, runs a cybersecurity audit, and opens a PR.
How this skill is triggered — by the user, by Claude, or both
Slash command
/maverick:do-initThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Set up the current repository for Maverick — install the CLI if needed, validate the Maverick GitHub App, write the project-level config, scaffold docs and project skills, run the cybersecurity audit, then commit everything and open a pull request for the user to approve.
Set up the current repository for Maverick — install the CLI if needed, validate the Maverick GitHub App, write the project-level config, scaffold docs and project skills, run the cybersecurity audit, then commit everything and open a pull request for the user to approve.
This skill runs in its own forked context (context: fork) — you are
executing it directly; there is no separate agent to dispatch. Follow the
process below exactly and end with the structured result in the Return
section. Do not modify the user's project source code, perform git
operations beyond what the process prescribes, or provision
infrastructure.
Run command -v maverick to check whether the CLI is already on PATH.
If maverick is not on PATH, dispatch the /maverick:do-install skill and wait for it to complete. After the install returns, re-run command -v maverick to confirm the binary is now resolvable. If it still is not (e.g. ~/.local/bin is not on the user's PATH), report the install message verbatim to the user and stop — they need to fix PATH and re-invoke /maverick:do-init manually.
If maverick is on PATH, verify the installed CLI matches the loaded plugin. A stale binary from an earlier plugin version can be missing subcommands the rest of this skill depends on (e.g. maverick integration, maverick preflight).
maverick --versiongrep -Po '(?<=^version = ")[^"]+' "${CLAUDE_PLUGIN_ROOT}/pyproject.toml"uv tool install --force from the plugin root, so it overwrites whatever is currently installed. After it returns, re-run maverick --version and confirm it now matches the plugin version. If it still does not, surface the mismatch to the user and stop.do-init cannot complete without a CLI version that matches the plugin. The remaining steps invoke maverick directly and depend on subcommands that may have been added in newer versions.
Run:
uv run maverick preflight do-init
This runs the same gh_app_configured runtime check the issue-driven
workflows enforce. If it exits non-zero, halt do-init immediately and
report the stderr output verbatim to the user. The remaining steps make
file changes and open a PR; running them on a machine without a working
GitHub App is wasted work because nothing downstream of do-init will
function until the App is set up.
Maverick does not create the GitHub App. That is a manual human action. If preflight fails, surface this to the user verbatim:
The Maverick GitHub App is not configured. Maverick cannot create it for you — you need to do this manually before re-running
/maverick:do-init.
Create a new GitHub App at https://github.com/settings/apps/new with these permissions: contents: read, metadata: read, pull-requests: write, issues: write.
Generate and download a private key for the App. Save it to
~/.maverick/maverick-gh-app.pem(or any path you prefer).Install the App on the repo(s) you want Maverick to operate on. Note the
installation_idfrom the install URL.Add a
gh_appblock to~/.maverick/config.json:{ "gh_app": { "app_id": <integer>, "installation_id": <integer>, "private_key_path": "~/.maverick/maverick-gh-app.pem" } }Verify with
maverick gh-app status— it should print"configured": true.Re-run
/maverick:do-init.
Run:
uv run maverick init
This detects the project's tech stack, writes .maverick/config.json with the detected modules and a fresh integration block (init: true, all other flags false), and prints a summary of what was detected. If a config already exists, the command preserves any integration flags that are already true — re-running is safe.
Write .maverick/settings.json containing {} if the file does not already exist. This is where project-specific overrides go later; an empty object is the correct default. Do not overwrite an existing file.
Dispatch /maverick:do-docs. The greenfield mode of that skill flips integration.tech_docs_scaffolded to true automatically when it completes.
Dispatch /maverick:do-upskill. It iterates every topic in topics.json and writes per-topic skills under docs/maverick/skills/, then flips integration.upskill to true.
Dispatch /maverick:do-cybersecurity-review. It scans the existing codebase for common security risks (secrets, dependency vulnerabilities, auth/input-validation patterns), writes findings to docs/security-audit.md, and flips integration.cybersecurity_reviewed to true. The review is surface-only — it reports, it does not modify code. Any FAIL findings should be tracked as follow-up issues by the user.
The earlier steps wrote a number of new and modified files. Commit them on a fresh branch and open a PR for the user to approve.
Sanity-check the working tree. Run git status --porcelain. The only changed paths should be:
.maverick/config.json, .maverick/settings.jsondocs/maverick/skills/... (from do-upskill)docs/... content created by do-docs greenfielddocs/security-audit.md (from do-cybersecurity-review)If git status shows changes outside these paths, abort and report to the user — they have unrelated uncommitted work that should be handled first.
Resolve base + branch. Capture the current branch as the PR base:
base="$(git branch --show-current)"
Choose a branch name chore/maverick-init. If a branch with that name already exists locally or on origin, abort and tell the user — a previous init attempt may be in-flight.
Create the branch and stage maverick paths only.
git checkout -b chore/maverick-init
git add .maverick/
[ -d docs/maverick ] && git add docs/maverick/
[ -f docs/security-audit.md ] && git add docs/security-audit.md
# Stage anything else under docs/ that do-docs greenfield created.
git add -u docs/ && git add docs/
Do not use git add -A or git add . — the goal is to stage only what do-init produced, not anything the user happened to leave in the tree.
Commit with a conventional message:
git commit -m "chore: initialise Maverick"
Push and open the PR:
git push -u origin chore/maverick-init
gh pr create --base "$base" \
--title "chore: initialise Maverick" \
--body "$(cat <<'EOF'
## Summary
This PR was generated by `/maverick:do-init`. Review the changes and merge when ready.
### What's in this PR
- `.maverick/` — project config and integration tracking
- `docs/maverick/skills/` — generated project-specific skills
- `docs/security-audit.md` — initial cybersecurity audit findings (review FAIL items)
- Other `docs/` content scaffolded by `do-docs`
### Verify after merge
```bash
uv run maverick integration get
EOF )"
Capture the PR URL from the gh pr create output and pass it through to the report in the next step.
Print a final summary to the user:
uv run maverick integration getagent-code-reviewer subagent during do-issue-solo / do-epic. If the project later wants the optional CI-side gate (multi-machine workflows, untrusted environments, audit needs), point the user at mav-bp-remote-code-review for the manual scaffold steps.The integration checklist gives the user (and any future Maverick session) a clear view of what's been completed and what's still pending.
npx claudepluginhub thermiteau/maverick --plugin maverickAudits a project's codebase against Maverick standard practices, checking linting, tests, CI/CD, security, and more. Useful when onboarding an existing project or on demand.
Scaffolds a long-running agent harness with context docs, AGENTS.md, style guides, session hooks, drift detection, and setup reports. Use when a project needs Maestro-owned project setup.
Initializes and configures projects: detects tech stacks, scaffolds new apps, creates task files, sets branch strategies, handles git submodules, exports to other AI platforms.