Git-Fg/taches-principled

Skill teaching direct `claude` CLI usage via the Bash tool — six conceptual operations (execute, session, context, review, agent, config) expressed as native `claude -p` invocations and subcommands (`claude ultrareview`, `claude agents`, `claude doctor`, `claude mcp`, `claude plugin`). No binary, no MCP server, no Rust toolchain required. For agents that need to drive Claude Code programmatically without an MCP transport. No specialist subagents — this plugin ships one skill and zero agents.

Principled Claude Code plugin for the dev lifecycle: plan, review, debug, refactor, multi-agent orchestration, ideation, spec-driven work, test strategy. Live Claude Code/Agent SDK/API docs via the `/cc-docs` slash command (which dispatches `tp-researcher`). (Security review moved to tp-security in 1.22.0. Subagent roster reduced to 3 universal keepers in 1.23.0: `tp-critic` for review, `tp-explorer` for codebase mapping, `tp-researcher` for external research — specialized reviewer roles use lens prompts at the call site.)

Marketplace discipline enforcement — single `validate-plugin` skill + `tp-roster-auditor` agent + `scripts/audit.py` CI guard. Audits any Claude Code marketplace for the 5-rule discipline set: agent roster cap (default 6 keepers + 1 read-only-tools exception), spawn-lens contract (`lens:`/`scope:`/`question:` within 200 chars), fork-skill rationale (every `context: fork` skill has `references/fork-rationale.md`), description quality (≤1536 chars, verb-led first 200, CONTRAST vs adjacent), and catalog discipline (`plugin.json` version matches marketplace + description mentions roster). Use when user says 'audit my marketplace', 'check discipline', 'roster check', 'validate before commit', 'discipline-check'. NOT for: marketplace schema validation (use `claude plugin validate`); NOT for: implementation work (use the relevant domain skill).

First Principles Framework — structured reasoning in an isolated forked context with hypothesis generation, evidence validation, and auditable decision records. PROPOSE / MAINTAIN / QUERY modes. Verification stages spawn `tp-critic` with FPF-specific lenses.

Git workflow automation — conventional commits, PR creation, issue analysis, git notes, worktrees, and inline PR review comments. PR reviews fan out `tp-critic` per changed file with the 'review this diff for bug, security, and contract errors' lens.

Principled MCP (Model Context Protocol) expertise hub — a single skill `mcp-expertise` with five modes covering the full MCP server lifecycle: DESIGN (tool decomposition, output contract, JSON-RPC error discipline, capability negotiation, security checklist, naming, Claude-Optimal validation), SCHEMA (JSON Schema 2020-12 authoring, additionalProperties:false discipline, discriminator enums, constraint discipline, description writing, pitfalls catalog, schemars cheatsheet), IMPLEMENT (Rust with rmcp 0.3 + schemars + tokio, transport choice stdio vs Streamable HTTP, stderr-only logging, error mapping via rmcp::ErrorData, testing with MCP Inspector CLI mode; implementation runs inline in the main agent or forked orchestrator), CLIENT (agent as MCP consumer — the four installation paths, JSON-RPC discovery flow, calling pattern, consumer-side debugging, rmcp client SDK for stdio and Streamable HTTP), and QUALITY (8-dimension Claude-Optimal rubric, forked orchestrator spawns 8 parallel `mcp-quality-judge` subagents in isolated contexts — the single domain exemplar of the lens-prompt pattern). The §3 worked example in `mcp-expertise/references/design-decomposition.md` uses a synthetic `git-cli` decomposition. Hub is a pure router; mechanism lives in `references/`. Includes 1 subagent: `mcp-quality-judge` (QUALITY leaf, background, yellow) — the only marketplace subagent that preloads its domain skill via `skills: [mcp-expertise]`.

Principled Rust project skills — single `rust` hub with a `Modes:` directive covering the full Rust lifecycle: SCAFFOLD (lib/bin decision, Cargo.toml template edition 2024, MSRV 1.81, feature flag design, lib+bin code layout, rustdoc, edition migration), WORKSPACE (when to split, virtual workspace template, workspace inheritance, Cargo.lock policy, MSRV coordination, cross-crate patterns, workspace publishing), QUALITY (canonical 6-job CI, clippy + rustfmt policy, cargo-nextest, coverage, supply-chain ladder, dev-experience tooling), RELEASE (Cargo semver, changelog tooling, cargo publish playbook, supply-chain maintenance, feature deprecation), REVIEW (holistic existing-project health audit via 5 parallel tp-critic lenses — source-code health & idioms, dependency hygiene, build & test health, public API surface, supply chain). Each mode dispatches `tp-critic` with Rust-specific lenses (Cargo.toml audit, CI configuration, supply chain, pre-publish, source-code, dependency hygiene, build/test health, public API surface); the inline Rust idiom-polish checklist handles code cleanup.

Structured agent-driven development with multi-judge evaluation — runs a single solution in an isolated forked context with self-critique, and scores it via parallel isolated-context judges. EXECUTE mode (implement + verify) and JUDGE mode (multi-judge debate). One specialist subagent (`sadd-judge` for rubric-based candidate scoring).

Principled security review skills — single `security` hub with a `Modes:` directive covering the pre-production security review lifecycle: SAST (static application security testing for injection, auth bypass, SSRF, deserialization, access control), DEPENDENCY-AUDIT (CVE scanning, lockfile drift, typosquatting, supply-chain integrity), SECRETS-DETECTION (API keys, tokens, credentials, private keys via pattern matching and entropy analysis), COMPLIANCE (OWASP ASVS, GDPR, SOC2, PCI-DSS, HIPAA evidence mapping and gap analysis). All four modes spawn `tp-critic` with a mode-specific lens (OWASP / supply-chain / secrets / compliance).

Session analytics — CAPTURE (headless behavioral artifact collection), INSPECT (structured data extraction; parses JSONL in isolated context), REVIEW (behavioral anti-pattern diagnosis via `tp-critic` w/ lens), ISSUE (sanitized GitHub issue reporting; `tp-critic` w/ lens for privacy scrub), CROSS-ANALYZE (parallel multi-perspective analysis), ADJUDICATE (evidence + adversarial validation). Six modes; the 4 deleted `session-*` agents collapsed into `tp-critic` / `tp-explorer` per-mode.

Search, query, ingest, and verify a personal wiki, knowledge base, or notes system. Use when user mentions 'wiki', 'KB', 'knowledge base', 'look up in my notes', 'find in my wiki', 'lint wiki', 'check wiki consistency', 'add to wiki', 'ingest into wiki', or 'populate wiki'. QUERY dispatches the read-only `wiki-searcher` subagent; INGEST and LINT run inline in the hub against the resolved wiki path (with optional `tp-critic` w/ lens 'wiki audit' for large wikis).