The marketplace plugin ids dropped the
agentic-prefix in June 2026:
agentic-dev-team→dev-teamagentic-security-assessment→security-assessmentAlready installed? Run
/upgradefrom your existing dev-team install; Step 0 detects the legacy ids and migrates them in-place using install-first-then-uninstall so a failed install never leaves you without a plugin.Fresh install? Use the new ids:
claude plugin install dev-team@bfinster claude plugin install security-assessment@bfinster # optional companionThe GitHub repository name (
bdfinst/agentic-dev-team) was not changed; only the published plugin ids in thebfinstermarketplace.
Two Claude Code plugins for engineering workflows. Install one or both.
dev-teamgives Claude Code a full persona-driven development team: an Orchestrator that routes tasks, specialist agents (engineer, QA, architect, reviewers…), skills that encode reusable knowledge, and the four-command feature workflow/specs → /plan → /build → /pr.security-assessmentis the security companion. It adds a deterministic-first/security-assessmentpipeline (SAST + LLM judgment + FP-reduction + exec report), a/cross-repo-analysiscommand for multi-repo attack chains, and an adversarial ML red-team harness (/redteam-model) for self-owned model endpoints.
The two plugins share a primitives contract (codebase-recon, ACCEPTED-RISKS.md, unified finding envelope) that lives in dev-team. Install that plugin first; add the security companion when you need it.
| Plugin | What it does | Key commands | Required tools | Optional tools |
|---|---|---|---|---|
| dev-team | Persona-driven development team, reviewer swarm, TDD-gated build loop | /specs, /plan, /build, /pr, /code-review, /triage |
jq, gh |
semgrep, playwright, hadolint/trivy/grype; auto-detected formatters and test/type/lint runners |
| security-assessment | Tool-first security assessment + red-team pipeline | /security-assessment, /cross-repo-analysis, /redteam-model, /export-pdf |
dev-team, Python ≥ 3.10, tier-1 SAST (semgrep, gitleaks, trivy, hadolint, actionlint) |
grype, PDF-export deps |
Plugin names link to each plugin's README, where the full tool list and per-tool install commands live. Claude Code itself is assumed. First time here? Start with dev-team; add security-assessment only when you run full /security-assessment pipelines against target repos.
Start here — most users install only this plugin. Required tools (jq, gh) are listed in the Plugins table above.
claude plugin marketplace add bdfinst/agentic-dev-team
claude plugin install dev-team@bfinsterThe owner/repo shorthand and the full https://github.com/bdfinst/agentic-dev-team URL are equivalent. For self-hosted or other git hosts, install scopes (user/project/local), and the upgrade/re-point commands, see the plugin install guide.
Then, in your project, install tool dependencies and generate config:
/init-dev-team
/setup
/init-dev-teaminstalls the tools the plugin depends on —jqandpython3(mutation gate), language-specific mutation testing (Stryker for JS/TS, pitest for Java/Kotlin, Stryker.NET for C#), an optional CodeGraph index for code intelligence, and an opt-in model-availability probe for restricted API endpoints./setupdetects your stack and generates project-level config and hooks, including the automated pre-commit review gate.
After /setup, run /specs to start a feature, or ask a question and let the Orchestrator route it.
Add this plugin only if you want the /security-assessment pipeline. Install dev-team first.
claude plugin install security-assessment@bfinsterFor a self-hosted git host, see the plugin install guide; for a local clone, see Local development in CONTRIBUTING.
Run /upgrade from any Claude Code session with dev-team installed. It:
- Detects legacy plugin ids (
agentic-dev-team@*,agentic-security-assessment@*) and migrates them in place using install-first-then-uninstall, so a failed install never leaves you without a working plugin. - Reads the current installed scope from
claude plugin listand passes--scope <scope>toclaude plugin update, so project- and local-scope installs upgrade correctly rather than silently failing against theuserdefault. - Asks before enabling marketplace-level auto-update (the same
extraKnownMarketplaces.<marketplace>.autoUpdateflag the/pluginUI toggles); decline to keep manual control. - Reports the previous and new version, and prompts you to restart Claude Code so the new code loads.
Migration-only runs (post-rename) exit after Step 0 with an ACTION REQUIRED line — restart Claude Code first, then re-run /upgrade if you want the auto-update prompt.
Manual fallback when /upgrade is unavailable:
claude plugin update --scope <scope> dev-team@bfinster
claude plugin update --scope <scope> security-assessment@bfinsterThen install the tier-1 static-analysis tools:
# macOS
./plugins/security-assessment/install-macos.sh # tier-1 only
./plugins/security-assessment/install-macos.sh --all # tier-1 + optional + PDF deps
./plugins/security-assessment/install-macos.sh --dry-run # preview without running
# Windows (requires Scoop)
.\plugins\security-assessment\install-windows.ps1Verify: ./plugins/security-assessment/install.sh
Four commands drive feature development from idea to pull request:
/specs → /plan → /build → /pr
| Step | Command | What it does |
|---|---|---|
| 1. Specify | /specs |
Describe the change and its goals — Intent, Architecture notes, Acceptance Criteria. A consistency gate must pass before moving on. Skip for bug fixes, refactors, or trivial changes. |
| 2. Plan | /plan |
Decompose the feature into vertical slices, author each slice's Gherkin scenarios, and lay out the TDD steps that satisfy them. Four plan-review personas (Acceptance Test, Design, UX, Strategic critics) challenge the plan before the human sees it. Human approves before any code is written. |
| 3. Build | /build |
Execute the approved plan slice by slice. Each step follows RED-GREEN-REFACTOR with inline review checkpoints (spec-compliance first, then quality agents). Produces verification evidence. |
| 4. Ship | /pr |
Run quality gates (tests, typecheck, lint, code review) and open a pull request. |
Each step produces artifacts the next step consumes. The spec describes what and why; the plan turns that into per-slice behavioral contracts (Gherkin) and how. Human review gates sit between transitions.
For bug fixes or simple tasks, skip /specs and start at /plan — or go straight to implementation.
| Command | When to use |
|---|---|
/code-review |
Run review agents, auto-fix actionable issues, re-run until clean (up to 5 iterations) |
/continue |
Resume an in-progress build or plan across sessions |
/browse |
Visual QA via Playwright |
/benchmark |
Runtime performance metrics (Core Web Vitals, resource sizes) against baselines |
/careful / /freeze / /guard |
Safety modes for production-critical sessions |
/triage |
Investigate a bug and file a GitHub issue with a TDD fix plan |
Every git commit is automatically gated by /code-review. A PreToolUse hook detects commit attempts and blocks them until a passing review exists for the exact set of staged files.
Flow: attempt commit → hook blocks → Claude runs /code-review → if pass/warn, a .review-passed gate file is written → next commit attempt succeeds.
Bypass: git commit --no-verify skips the review gate.
/security-assessment <path> runs a six-phase pipeline against one or more target repos. Deterministic tools do the detection; LLM agents handle the judgment stages.
| Phase | Runs | Output |
|---|---|---|
| 0. Recon | codebase-recon agent |
memory/recon-<slug>.{json,md} |
| 1. Tool-first detection | semgrep, gitleaks, trivy, hadolint, actionlint, custom rulesets | unified findings stream |
| 1b. Judgment | security-review, business-logic-domain-review agents |
appended findings |
| 1c. Suppression | ACCEPTED-RISKS.md gate (deterministic) |
filtered stream + audit log |
| 2. FP-reduction | 5-stage rubric (reachability, environment, controls, dedup, severity) | disposition register |
| 2b. Severity floors | deterministic domain-class calibration | floor-adjusted scores |
| 3. Narrative + compliance | tool-finding-narrative-annotator, compliance-mapping skill |
4-domain narrative + compliance JSON |
| 4. Cross-repo | service-comm parser, shared-cred hash match (multi-target only) | mermaid diagram + SARIF |
| 5. Exec report | exec-report-generator agent |
publication-ready 7-section markdown |
Zero-install flow: scripts/run-assessment-local.sh runs the same pipeline from the repo checkout without installing the plugin. Auto-detects the claude CLI; degrades to deterministic-only when absent. See the user guide for the full runbook.
Adversarial ML red-team: /redteam-model probes a self-owned model endpoint (localhost / RFC1918 by default; public targets require a signed authorization.md). Eight probes covering recon, evasion, extraction, and report synthesis.
Developing, testing, or releasing the plugins? See CONTRIBUTING.md — local-dev setup (including live installs via symlinks), the /agent-eval and /agent-audit test commands, the security comparative-testing harness, how to add agents and skills, and the release process.
| Guide | Description |
|---|---|
| Getting Started | User tutorial — the workflow, suggested skills, and worked examples |
| Contributing | Local development, testing, adding agents/skills, releasing |
| Architecture | Context management, quality assurance, governance, multi-LLM routing |
| Agents | Agent roster, persona template, adding/removing/customizing |
| Skills & Commands | Skills catalog, slash-commands catalog |
| Eval System | How review-agent accuracy is measured and graded |
| Security Assessment User Guide | Path-A (plugin) vs. Path-B (zero-install) runbook, tool install matrix |
| Comparative Testing | Fixture repo, ground truth, scoring methodology |
This repository uses CodeGraph for semantic code intelligence.