Orchestration framework for Claude Code with 15 skills, 10 agents, 9 commands, and production hooks.
# Setup
& "C:\Program Files\Git\bin\bash.exe" setup.sh
# Start
claude| Category | Skill | Triggers |
|---|---|---|
| Backend | fastapi-crud |
endpoint, API, CRUD, model |
database |
migration, PostgreSQL, pgvector, Alembic | |
auth |
JWT, OAuth, login, RBAC, password | |
caching |
Redis, cache, rate limiting, pub/sub | |
websocket |
WebSocket, real-time, chat, broadcast | |
api-design |
REST, versioning, pagination, errors | |
monitoring |
logging, metrics, tracing, health check | |
| Frontend | frontend-design |
React, Vue, Tailwind, component |
| DevOps | docker |
Dockerfile, container, compose |
ci-cd |
GitHub Actions, pipeline, deploy | |
| Security | vuln-analysis |
vulnerability, CVE, CWE, injection |
exploit-dev |
PoC, exploit, payload | |
patch-gen |
patch, fix, remediation | |
gui-automation |
desktop automation, Agent S | |
| Shared | ethics + vuln-taxonomy |
referenced by security skills |
User request → @pm-spec → @architect → @coder → @reviewer → @tester
| Agent | Model | Role |
|---|---|---|
pm-spec |
opus | Requirements → specs |
architect |
opus | System design → ADRs |
coder |
sonnet | Implementation |
reviewer |
opus | Code review (read-only) |
tester |
sonnet | QA + test automation |
designer |
sonnet | UI/UX design |
devops |
sonnet | Infrastructure + deploy |
researcher |
opus | Technical research + web search |
offsec-specialist |
opus | Security testing (RAPTOR) |
gui-automation-specialist |
opus | Desktop automation |
| Command | Description |
|---|---|
/plan |
Plan feature with architect |
/review |
Multi-agent code review |
/scan |
Security scan (RAPTOR) |
/exploit |
Generate PoC |
/patch |
Generate security fix |
/fuzz |
Binary fuzzing (AFL++) |
/forensics |
GitHub forensic analysis |
/deploy |
Guided deployment |
/handoff |
Save session context |
| Event | Hook | Purpose |
|---|---|---|
| PreToolUse:Bash | pre_bash_firewall.sh |
Block destructive + security tools |
| PreToolUse:Edit | pre_edit_protect.sh |
Protect sensitive files |
| PreToolUse:PR | pre_pr_check.sh |
Tests + lint before PR |
| PostToolUse:Edit | post_edit_format.sh |
Auto-format (black, prettier) |
| PostToolUse:Bash | post_bash_log.sh |
Command logging |
| PostToolUse:Bash | post_scan_raptor.sh |
RAPTOR tier loading |
| Stop | stop_validate.sh |
Pre-completion validation |
| SubagentStop | subagent_checkpoint.sh |
Auto-checkpoint (opt-in) |
| SessionStart | session_start_context.sh |
Load session context |
| UserPromptSubmit | codebase_map.sh |
Inject codebase structure |
| ContextUpdate | context_warning.sh |
Context usage warnings |
All hooks share lib/common.sh library for deduplication.
export SECURITY_MODE=1Commands: /scan → /exploit → /patch
Personas: "Use Mark Dowd persona", "Use Pentester persona"
.claude/
├── agents/ # 10 agent definitions + README
├── commands/ # 9 slash commands
├── skills/ # 15 domain skills
│ ├── shared/ # ethics.md, vuln-taxonomy.md
│ └── <name>/ # SKILL.md + references/ + scripts/
├── hooks/
│ ├── hooks.json # 7 lifecycle events
│ └── scripts/ # 11 hook scripts + lib/common.sh
└── settings.json # permissions, env, hooks config
docs/
├── GOTCHAS.md # Self-improving failure patterns
tiers/
├── analysis-guidance.md
├── recovery.md
└── personas/ # 8 security expert personas
See CONTRIBUTING.md.