[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-plugin-wshobson-review-agent-governance-zh-CN":3,"guides-for-wshobson-review-agent-governance":270,"similar-k1799mce4k5xggmr7am617fws9865mdp":271},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":21,"identity":211,"isFallback":216,"parentExtension":217,"providers":252,"relations":256,"repo":257,"workflow":268},1778003443243.3276,"k1799mce4k5xggmr7am617fws9865mdp",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Require a human approval signal before an AI agent can post PR reviews, comments, merges, or writes to CI configuration. Joins protect-mcp and signed-audit-trails in the governance category; composes with protect-mcp for runtime enforcement.",{},"Review Agent Governance","https://github.com/wshobson/agents/tree/HEAD/plugins/review-agent-governance",[15,16,17,18,19,20],"governance","security","auditing","mcp","cedar","hooks",{"_creationTime":22,"_id":23,"extensionId":5,"locale":24,"result":25,"trustSignals":200,"workflow":209},1778016883287.233,"kn79wpzx2ztsgnkwq3qbb6034986488p","en",{"checks":26,"evaluatedAt":190,"extensionSummary":191,"promptVersionExtension":192,"promptVersionScoring":193,"rationale":194,"score":195,"summary":196,"tags":197,"targetMarket":198,"tier":199},[27,32,35,38,42,45,50,54,57,60,64,68,71,75,78,81,84,87,90,93,97,101,105,109,113,116,119,122,126,129,132,135,138,141,144,148,151,154,157,160,163,166,169,172,176,179,182,186],{"category":28,"check":29,"severity":30,"summary":31},"Practical Utility","Problem relevance","pass","The description clearly states the problem of AI agents posting sensitive review actions without human approval and provides context on the potential damage.",{"category":28,"check":33,"severity":30,"summary":34},"Unique selling proposition","The plugin offers a unique value proposition by providing human-in-the-loop gating for AI review actions with cryptographically auditable receipts, going beyond simple prompt engineering.",{"category":28,"check":36,"severity":30,"summary":37},"Production readiness","The plugin is production-ready, providing hooks for PreToolUse and PostToolUse, integrating with Cedar for policy enforcement, and generating signed receipts for auditability.",{"category":39,"check":40,"severity":30,"summary":41},"Scope","Single responsibility principle","The plugin has a single, focused responsibility: gating AI agent actions on the review surface and providing auditable receipts. It does not extend into unrelated domains.",{"category":39,"check":43,"severity":30,"summary":44},"Description quality","The description accurately reflects the plugin's functionality, detailing its purpose, mechanism (Cedar policy, approval flags/commands), and gated actions.",{"category":46,"check":47,"severity":48,"summary":49},"Invocation","Scoped tools","not_applicable","This plugin primarily uses hooks and commands, not a broad set of discrete tools.",{"category":51,"check":52,"severity":30,"summary":53},"Documentation","Configuration & parameter reference","The README clearly documents configuration options like REVIEW_APPROVAL_FLAG and REVIEW_GOVERNANCE_POLICY, and explains how to use the slash commands and flag files.",{"category":39,"check":55,"severity":30,"summary":56},"Tool naming","The commands '/approve-review' and '/list-pending' are descriptive and align with the plugin's purpose.",{"category":39,"check":58,"severity":30,"summary":59},"Minimal I/O surface","The commands and hooks operate on specific files and use environment variables as intended, without exposing unnecessary internal details.",{"category":61,"check":62,"severity":30,"summary":63},"License","License usability","The extension is licensed under the MIT License, which is a permissive open-source license, clearly indicated by a LICENSE file and mentioned in plugin.json.",{"category":65,"check":66,"severity":48,"summary":67},"Maintenance","Commit recency","No commit history is available for evaluation.",{"category":65,"check":69,"severity":30,"summary":70},"Dependency Management","The plugin specifies exact versions for its npm dependencies like 'protect-mcp@0.5.5', indicating good dependency management practices.",{"category":72,"check":73,"severity":30,"summary":74},"Security","Secret Management","Secrets used by the plugin, such as the Ed25519 signing key, are handled via environment variables or local files with clear instructions to add them to .gitignore, preventing leakage.",{"category":72,"check":76,"severity":30,"summary":77},"Injection","The plugin uses Cedar policies and signed receipts, which are designed to be tamper-evident and resist injection attacks. Arguments to commands are handled via environment variables or carefully quoted strings.",{"category":72,"check":79,"severity":30,"summary":80},"Transitive Supply-Chain Grenades","The plugin relies on `protect-mcp` and standard command-line tools, with explicit version pinning for dependencies, mitigating supply-chain risks.",{"category":72,"check":82,"severity":30,"summary":83},"Sandbox Isolation","The plugin operates within defined directories for receipts and policies, uses environment variables for configuration, and relies on standard command-line tools, respecting sandbox boundaries.",{"category":72,"check":85,"severity":30,"summary":86},"Sandbox escape primitives","The plugin's scripts and hooks do not appear to contain sandbox-escape primitives; they use standard commands and rely on the host environment.",{"category":72,"check":88,"severity":30,"summary":89},"Data Exfiltration","The plugin's primary function is to prevent unauthorized actions, not to exfiltrate data. Signed receipts are intended for auditing, not external submission without explicit user action. It specifically gates sensitive outbound calls like Slack/Discord webhooks.",{"category":72,"check":91,"severity":30,"summary":92},"Hidden Text Tricks","The bundled files (README, policies, scripts) appear to be free of hidden steering tricks, using standard formatting and encoding.",{"category":94,"check":95,"severity":30,"summary":96},"Hooks","Opaque code execution","The hook commands primarily consist of readable bash scripts and calls to `protect-mcp`, avoiding obfuscated code, eval, or remote script execution.",{"category":98,"check":99,"severity":30,"summary":100},"Portability","Structural Assumption","The plugin makes reasonable assumptions about file paths for policies and receipts, configurable via environment variables, and uses standard shell constructs.",{"category":102,"check":103,"severity":48,"summary":104},"Trust","Issues Attention","No issue data available for evaluation.",{"category":106,"check":107,"severity":30,"summary":108},"Versioning","Release Management","The plugin.json manifest specifies a version ('0.1.0'), indicating proper release management.",{"category":110,"check":111,"severity":30,"summary":112},"Code Execution","Validation","The plugin relies on Cedar for policy validation and uses careful argument handling in its scripts, ensuring inputs are treated appropriately.",{"category":72,"check":114,"severity":30,"summary":115},"Unguarded Destructive Operations","The core function of this plugin is to *prevent* destructive operations via policy. Any actual destructive operations are gated by Cedar and require explicit human approval.",{"category":110,"check":117,"severity":30,"summary":118},"Error Handling","The bash scripts use `set -euo pipefail` for robust error handling, and the plugin's design inherently provides structured feedback via Cedar denials and signed receipts.",{"category":110,"check":120,"severity":30,"summary":121},"Logging","The plugin generates signed receipts for every action (approved or denied) under `./review-receipts/`, providing a detailed audit trail.",{"category":123,"check":124,"severity":30,"summary":125},"Compliance","GDPR","The plugin focuses on controlling AI agent actions, not processing personal data. Any data passed through for signing would be subject to the `protect-mcp` policy's GDPR compliance.",{"category":123,"check":127,"severity":30,"summary":128},"Target market","The plugin's functionality is general and does not appear to be geographically or jurisdictionally restricted; it is applicable globally for controlling AI agent review actions.",{"category":98,"check":130,"severity":30,"summary":131},"Runtime stability","The plugin uses standard bash commands and relies on Node.js for protect-mcp, making it portable across POSIX-like environments.",{"category":39,"check":133,"severity":30,"summary":134},"Tool surface size","The plugin exposes two well-defined commands ('/approve-review', '/list-pending') and integrates via hooks, keeping the surface area minimal.",{"category":46,"check":136,"severity":30,"summary":137},"Name collisions","The plugin's commands and hooks are specific to its function and do not appear to collide with Claude Code built-ins or other common tools.",{"category":46,"check":139,"severity":30,"summary":140},"Overlapping near-synonym tools","The provided commands are distinct and serve unique purposes (approve vs. list pending).",{"category":46,"check":142,"severity":30,"summary":143},"Hooks-off mechanism","The README documents setting the REVIEW_APPROVAL_FLAG to './.never-approve' as a way to effectively disable the approval bypass and force policy evaluation.",{"category":46,"check":145,"severity":146,"summary":147},"Hook matcher tightness","warning","The 'PreToolUse' and 'PostToolUse' hooks both use a 'matcher: \"*\"', which applies the hook to every tool call, potentially impacting performance and indicating a lack of fine-grained scoping where possible.",{"category":72,"check":149,"severity":30,"summary":150},"Hook security","Destructive actions are gated by Cedar and require explicit human approval. The plugin uses environment variables for configuration, allowing session-specific control without uninstalling.",{"category":94,"check":152,"severity":48,"summary":153},"Silent prompt rewriting","The plugin does not have a UserPromptSubmit hook that rewrites prompts.",{"category":72,"check":155,"severity":48,"summary":156},"Permission Hook","The plugin does not implement a PermissionRequest hook.",{"category":123,"check":158,"severity":30,"summary":159},"Hook privacy","The plugin's hooks are focused on action gating and receipt generation, not on sending logging or telemetry data over the network without user consent.",{"category":110,"check":161,"severity":30,"summary":162},"Hook dependency","The hook scripts are readable bash and rely on `protect-mcp` with pinned versions, avoiding opaque code execution.",{"category":51,"check":164,"severity":30,"summary":165},"Install / Setup Instructions","The README provides clear, step-by-step instructions for installation, policy copying, and workflow setup.",{"category":51,"check":167,"severity":30,"summary":168},"Feature Transparency","The README explicitly details the two hooks used ('PreToolUse', 'PostToolUse'), their purpose, and how they interact with Cedar and the approval mechanism.",{"category":51,"check":170,"severity":30,"summary":171},"Phantom features","All documented features, including the hooks, commands, Cedar policy, and receipt generation, have corresponding implementations in the code and manifests.",{"category":173,"check":174,"severity":30,"summary":175},"Convention","Layout convention adherence","The plugin structure follows Claude Code conventions, with plugin.json in `.claude-plugin/` and scripts/policies organized logically within the plugin directory.",{"category":173,"check":177,"severity":30,"summary":178},"Plugin state","The plugin manages state (policies, receipts, keys) in project-relative directories and documents adding these to .gitignore, adhering to best practices for state management.",{"category":72,"check":180,"severity":30,"summary":181},"Keychain-stored secrets","The plugin utilizes environment variables and local files for sensitive configuration like signing keys and approval flags, rather than storing secrets directly in settings.json.",{"category":183,"check":184,"severity":30,"summary":185},"Dependencies","Tagged release sourcing","The plugin explicitly pins the version of its `protect-mcp` dependency (`protect-mcp@0.5.5`), ensuring it pulls from a tagged release.",{"category":187,"check":188,"severity":30,"summary":189},"Installation","Clean uninstall","The plugin primarily uses hooks and commands within the project directory; it does not install background daemons or services that would prevent a clean uninstall.",1778016824185,"It enforces approval for PR reviews, comments, merges, and CI configuration changes using Cedar policies and generates cryptographically signed receipts for every action. The plugin includes commands to approve actions and list denied attempts, with clear documentation on setup and verification.","2.0.0","3.4.0","The plugin is exceptionally well-documented, secure, and follows best practices for AI agent governance. The use of Cedar and signed receipts provides strong audibility. The only minor finding is the broad matcher in the hooks, which could be slightly more optimized.",95,"This plugin provides robust human-in-the-loop governance for AI agent actions on review surfaces, ensuring auditable control over sensitive operations.",[15,16,17,18,19,20],"global","verified",{"codeQuality":201,"collectedAt":202,"documentation":203,"maintenance":205,"security":206,"testCoverage":208},{},1778016811549,{"descriptionLength":204,"readmeSize":8},241,{},{"hasNpmPackage":207,"smitheryVerified":207},false,{"hasCi":207,"hasTests":207},{"updatedAt":210},1778016883287,{"githubOwner":212,"githubRepo":213,"locale":24,"slug":214,"type":215},"wshobson","agents","review-agent-governance","plugin",true,{"_creationTime":218,"_id":219,"community":220,"display":221,"identity":233,"parentExtension":236,"providers":237,"relations":245,"workflow":247},1778003443243.2886,"k175qypm0s8m8k6a0fkxpxfj1n865ax9",{"reviewCount":8},{"description":222,"installMethods":223,"name":224,"sourceUrl":225,"tags":226},"Production-ready workflow orchestration with 79 focused plugins, 184 specialized agents, and 150 skills - optimized for granular installation and minimal token usage",{},"Claude Code Plugins: Orchestration and Automation","https://github.com/wshobson/agents",[227,228,229,230,231,232],"workflow-orchestration","ai-agents","plugins","development-tools","automation","developer-experience",{"githubOwner":212,"githubRepo":213,"locale":24,"slug":234,"type":235},"claude-code-workflows","marketplace",null,{"extract":238,"smithery":244},{"commitSha":239,"license":240,"marketplace":241},"ece811f23310a37ceb43496dbac0e244fe6845b6","MIT",{"name":234,"pluginCount":242,"version":243},81,"1.6.0",{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":207},{"repoId":246},"kd72tes1veaz04ac7p0d68ya4h8650m7",{"anyEnrichmentAt":248,"extractAt":249,"githubAt":250,"invalidatedAt":248,"llmAt":251,"smitheryAt":248,"updatedAt":248},1778016735335,1778003520097,1778003532786,1778016730286,{"extract":253,"llm":254,"smithery":255},{"commitSha":239,"license":240},{"promptVersionExtension":192,"promptVersionScoring":193,"score":195,"targetMarket":198,"tier":199},{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":207},{"parentExtensionId":219,"repoId":246},{"_creationTime":258,"_id":246,"identity":259,"providers":260,"workflow":266},1777995558409.8196,{"githubOwner":212,"githubRepo":213,"sourceUrl":225},{"discover":261},{"sources":262},[263,264,265],"skills-sh","smithery","vskill",{"discoverAt":267,"extractAt":249,"updatedAt":249},1777995558409,{"anyEnrichmentAt":269,"extractAt":249,"githubAt":250,"llmAt":210,"smitheryAt":269,"updatedAt":210},1778016861516,[],[272,294,329,361,392],{"_creationTime":273,"_id":274,"community":275,"display":276,"identity":286,"providers":287,"relations":292,"workflow":293},1778003443243.3267,"k173antev34n0d1ntkn4qm912x865qqc",{"reviewCount":8},{"description":277,"installMethods":278,"name":279,"sourceUrl":280,"tags":281},"Cedar policy enforcement + Ed25519 signed receipts for every Claude Code tool call. First cryptographic governance plugin — decisions are policy-gated before they run and every decision produces a tamper-evident receipt verifiable offline.",{},"protect-mcp","https://github.com/wshobson/agents/tree/HEAD/plugins/protect-mcp",[16,15,282,283,284,19,285],"audit","policy","receipts","cli",{"githubOwner":212,"githubRepo":213,"locale":24,"slug":279,"type":215},{"extract":288,"llm":289,"smithery":291},{"commitSha":239,"license":240},{"promptVersionExtension":192,"promptVersionScoring":193,"score":290,"targetMarket":198,"tier":199},96,{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":207},{"parentExtensionId":219,"repoId":246},{"anyEnrichmentAt":269,"extractAt":249,"githubAt":250,"llmAt":210,"smitheryAt":269,"updatedAt":210},{"_creationTime":295,"_id":296,"community":297,"display":298,"identity":312,"providers":315,"relations":321,"workflow":324},1777995627391.5356,"k177z2t3rfgaw0zrb7qprpnndh864r09",{"reviewCount":8},{"description":299,"installMethods":300,"name":301,"sourceUrl":302,"tags":303},"Data observability plugin - health monitoring, alerts, schema drift, freshness tracking",{},"AnomalyArmor Agents","https://github.com/anomalyarmor/agents",[304,18,305,306,307,308,309,310,16,311],"data-observability","python","alerts","freshness","schema-drift","data-quality","monitoring","pipeline",{"githubOwner":313,"githubRepo":213,"locale":24,"slug":314,"type":215},"anomalyarmor","armor",{"extract":316,"llm":318,"smithery":320},{"commitSha":317},"7c56d4a0fc8feccdfa8e85cc11ff1010b18c3a89",{"promptVersionExtension":192,"promptVersionScoring":193,"score":319,"targetMarket":198,"tier":199},99,{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":207},{"parentExtensionId":322,"repoId":323},"k173vznv6dcx28h1c568068tnx864f8n","kd7966c5zsgty1d4tqde2rgz1n8658b1",{"anyEnrichmentAt":325,"extractAt":326,"githubAt":327,"llmAt":328,"smitheryAt":325,"updatedAt":328},1777995723550,1777995627391,1777995627861,1777995897177,{"_creationTime":330,"_id":331,"community":332,"display":333,"identity":343,"providers":347,"relations":353,"workflow":356},1778054452948.4272,"k179khyq4dvq0ytvdcepec984d8666wk",{"reviewCount":8},{"description":334,"name":335,"sourceUrl":336,"tags":337},"Comprehensive toolkit for developing Claude Code plugins. Includes 7 expert skills covering hooks, MCP integration, commands, agents, and best practices. AI-assisted plugin creation and validation.","Plugin Development Toolkit","https://github.com/anthropics/claude-plugins-official/tree/HEAD/plugins/plugin-dev",[338,339,20,213,340,18,285,231,341,342],"development","plugin-creation","skills","guidance","best-practices",{"githubOwner":344,"githubRepo":345,"locale":24,"slug":346,"type":215},"anthropics","claude-plugins-official","plugin-dev",{"extract":348,"llm":351,"smithery":352},{"commitSha":349,"license":350},"06f52cd3ac3e47ecb45228a86183ea2a86e9d6ff","Apache-2.0",{"promptVersionExtension":192,"promptVersionScoring":193,"score":319,"targetMarket":198,"tier":199},{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":207},{"parentExtensionId":354,"repoId":355},"k171b9714j6pgfxqht22y94q4x866sck","kd798hf3w99qz2xt1fqtgq7gf9865e31",{"anyEnrichmentAt":357,"extractAt":358,"githubAt":359,"llmAt":360,"smitheryAt":357,"updatedAt":360},1778054509977,1778054452948,1778054454391,1778054703946,{"_creationTime":362,"_id":363,"community":364,"display":365,"identity":377,"providers":381,"relations":385,"workflow":388},1778053078370.9028,"k17dwt2y8zcwbj9r1ccgc0mwvs867jac",{"reviewCount":8},{"description":366,"installMethods":367,"name":368,"sourceUrl":369,"tags":370},"Complete Claude Code plugin development system. PROACTIVELY activate when users want to: (1) Create/build plugins with 2025 features, (2) Add skills/commands/agents/hooks, (3) Validate plugin structure, (4) Publish to marketplace, (5) Get plugin development guidance. Provides: agent-first design patterns, progressive disclosure skills, hook automation, MCP integration, marketplace publishing. Includes plugin-expert agent and validation utilities.",{},"Plugin Master","https://github.com/josiahsiegel/claude-plugin-marketplace/tree/HEAD/plugins/plugin-master",[371,372,373,20,18,374,235,375,231,376],"plugin-development","agent","skill","commands","validation","devops",{"githubOwner":378,"githubRepo":379,"locale":24,"slug":380,"type":215},"josiahsiegel","claude-plugin-marketplace","plugin-master",{"extract":382,"llm":384},{"commitSha":383,"license":240},"a05d923c8a3551d4274eef152649583d693b9b67",{"promptVersionExtension":192,"promptVersionScoring":193,"score":319,"targetMarket":198,"tier":199},{"parentExtensionId":386,"repoId":387},"k1741p5y8fyyp90j4zdea56w61867nj3","kd75az366mhppxzk11c689vzen865qkv",{"anyEnrichmentAt":389,"extractAt":390,"githubAt":389,"llmAt":391,"updatedAt":391},1778053080008,1778053078370,1778053164925,{"_creationTime":393,"_id":394,"community":395,"display":396,"identity":405,"providers":407,"relations":412,"workflow":413},1778054452948.4253,"k1767a8yk98h8qcz0rkh7t64an867zws",{"reviewCount":8},{"description":397,"installMethods":398,"name":399,"sourceUrl":400,"tags":401},"Skills for designing and building MCP servers that work seamlessly with Claude. Guides you through deployment models (remote HTTP, MCPB, local), tool design patterns, auth, and interactive MCP apps.",{},"MCP Server Development Suite","https://github.com/anthropics/claude-plugins-official/tree/HEAD/plugins/mcp-server-dev",[18,402,338,403,305,404,16,215],"server","typescript","documentation",{"githubOwner":344,"githubRepo":345,"locale":24,"slug":406,"type":215},"mcp-server-dev",{"extract":408,"llm":409,"smithery":411},{"commitSha":349,"license":350},{"promptVersionExtension":192,"promptVersionScoring":193,"score":410,"targetMarket":198,"tier":199},98,{"qualityScore":8,"totalActivations":8,"uniqueUsers":8,"useCount":8,"verified":207},{"parentExtensionId":354,"repoId":355},{"anyEnrichmentAt":357,"extractAt":358,"githubAt":359,"llmAt":360,"smitheryAt":357,"updatedAt":360}]