Add Claude Code marketplace configuration#10
Closed
hwittenborn wants to merge 3 commits intogarrytan:mainfrom
Closed
Add Claude Code marketplace configuration#10hwittenborn wants to merge 3 commits intogarrytan:mainfrom
hwittenborn wants to merge 3 commits intogarrytan:mainfrom
Conversation
This allows users to install and update gstack through the native Claude Code plugin system:
```
/plugin marketplace add garrytan/gstack
/plugin install gstack@gstack-marketplace
```
- Add `.claude-plugin/` marketplace and plugin manifests
- Move skills into `skills/` directory for plugin auto-discovery
- Use `${CLAUDE_SKILL_DIR}` for portable paths
- Removes (now unneeded) setup script
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds Claude Code plugin marketplace support for gstack by introducing .claude-plugin manifests, reorganizing skills for auto-discovery under skills/, and updating the browse CLI/build/test setup to match the new layout.
Changes:
- Add
.claude-plugin/plugin.jsonand.claude-plugin/marketplace.jsonfor marketplace install/update. - Move skills under
skills/and update skill docs to use${CLAUDE_SKILL_DIR}for portable paths. - Remove legacy setup/skill entrypoint files and update Bun build scripts + ignore patterns for the new
skills/browselocation.
Reviewed changes
Copilot reviewed 9 out of 30 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| skills/ship/SKILL.md | Updates review-checklist path to use ${CLAUDE_SKILL_DIR}-relative location. |
| skills/review/checklist.md | Adds pre-landing review checklist content under the new skills layout. |
| skills/review/SKILL.md | Updates checklist read path to ${CLAUDE_SKILL_DIR}/checklist.md. |
| skills/retro/SKILL.md | Adds new /retro skill for weekly engineering retrospective workflow. |
| skills/plan-eng-review/SKILL.md | Adds new /plan-eng-review skill content. |
| skills/plan-ceo-review/SKILL.md | Adds new /plan-ceo-review skill content. |
| skills/browse/SKILL.md | Updates browse skill setup/build instructions and binary pathing for plugin installs. |
| skills/browse/src/buffers.ts | Introduces shared console/network buffers (ring buffer + counters). |
| skills/browse/src/browser-manager.ts | Adds Playwright lifecycle, tab management, ref-map, and console/network capture. |
| skills/browse/src/read-commands.ts | Implements read-only browse commands (text/html/links/forms/etc). |
| skills/browse/src/write-commands.ts | Implements mutating browse commands (goto/click/fill/etc). |
| skills/browse/src/meta-commands.ts | Implements meta commands (tabs/status/screenshot/chain/diff/snapshot). |
| skills/browse/src/snapshot.ts | Implements snapshot ref-based interaction mapping from ariaSnapshot. |
| skills/browse/src/server.ts | Adds Bun HTTP server routing + auth + buffer flushing + idle shutdown. |
| skills/browse/src/cli.ts | Adds CLI wrapper that starts/health-checks server and dispatches commands. |
| skills/browse/test/test-server.ts | Adds local Bun fixture server for integration tests. |
| skills/browse/test/commands.test.ts | Adds broad integration coverage for browse commands and buffers. |
| skills/browse/test/snapshot.test.ts | Adds snapshot/ref-resolution tests. |
| skills/browse/test/fixtures/basic.html | Adds basic HTML fixture for tests. |
| skills/browse/test/fixtures/forms.html | Adds forms fixture for fill/select/forms discovery. |
| skills/browse/test/fixtures/responsive.html | Adds responsive fixture for viewport/responsive screenshots. |
| skills/browse/test/fixtures/snapshot.html | Adds snapshot fixture for aria snapshot/ref tests. |
| skills/browse/test/fixtures/spa.html | Adds SPA fixture for wait/console/network tests. |
| package.json | Updates bin + scripts to build/run browse from skills/browse/.... |
| .gitignore | Updates ignore rule to skills/browse/dist/. |
| CLAUDE.md | Updates repo structure + install instructions to match plugin system. |
| .claude-plugin/plugin.json | Adds plugin manifest for Claude Code plugin system. |
| .claude-plugin/marketplace.json | Adds marketplace manifest for installing gstack via /plugin. |
| setup | Removes legacy setup script (build + symlink registration). |
| SKILL.md | Removes legacy top-level skill entrypoint doc (browse skill now lives under skills/browse/). |
Comments suppressed due to low confidence (1)
skills/browse/SKILL.md:40
- The build command is run from
${CLAUDE_SKILL_DIR}, but that directory does not containpackage.json/dependencies (they live at the repo root). As written,bun install/bun buildwill fail or install a second, isolatednode_modules. Update the instructions to run from the repository root (or invokebun buildwith absolute paths while staying in the root) so Playwright/diff dependencies resolve correctly.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Replace git clone + setup instructions with /plugin marketplace commands. Update troubleshooting, upgrading, and uninstalling sections to use the plugin system. Note that auto-update is off by default for third-party marketplaces and how to enable it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 31 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
All browse/ references updated to skills/browse/ to match the new plugin layout. Remove old "deploying to active skill" section that referenced the manual install flow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 32 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
|
Closing — the Claude Code marketplace plugin system isn't something we're adopting. The current setup script + skill symlink approach works and we don't want to restructure the repo layout. |
Author
|
Is the issue with backwards compatibility, or that you just don't want to adopt the marketplace layout in general? I do think a marketplace will help users install much more easily, since that's how users are already updating the rest of their skills/marketplaces/etc. |
|
@dependabot close |
garrytan
added a commit
that referenced
this pull request
Mar 22, 2026
…language coverage - Exclusion #10: test files must verify not imported by non-test code - Exclusion #13: distinguish user-message AI input from system-prompt injection - Exclusion #14: ReDoS in user-input regex IS a real CVE class, don't exclude - Add anti-manipulation rule: ignore audit-influencing instructions in codebase - Fix confidence gate: remove contradictory 7-8 tier, hard cutoff at 8 - Fix verifier anchoring: send only file+line, not category/description - Add Go, PHP, Java, C#, Kotlin to grep patterns (was 4 languages, now 8) - Add GraphQL, gRPC, WebSocket endpoint detection to attack surface mapping Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
garrytan
added a commit
that referenced
this pull request
Mar 22, 2026
* feat: add /cso skill — OWASP Top 10 + STRIDE security audit * fix: harden gstack-slug against shell injection via eval Whitelist safe characters (a-zA-Z0-9._-) in SLUG and BRANCH output to prevent shell metacharacter injection when used with eval. Only affects self-hosted git servers with lax naming rules — GitHub and GitLab enforce safe characters already. Defense-in-depth. * fix(security): sanitize gstack-slug output against shell injection The gstack-slug script is consumed via eval $(gstack-slug) throughout skill templates. If a git remote URL contains shell metacharacters like $(), backticks, or semicolons, they would be executed by eval. Fix: strip all characters except [a-zA-Z0-9._-] from both SLUG and BRANCH before output. This preserves normal values while neutralizing any injection payload in malicious remote URLs. Before: eval $(gstack-slug) with remote "foo/bar$(rm -rf /)" → executes rm After: eval $(gstack-slug) with remote "foo/bar$(rm -rf /)" → SLUG=foo-barrm-rf- * fix(security): redact sensitive values in storage command output The browse `storage` command dumps all localStorage and sessionStorage as JSON. This can expose tokens, API keys, JWTs, and session credentials in QA reports and agent transcripts. Fix: redact values where the key matches sensitive patterns (token, secret, key, password, auth, jwt, csrf) or the value starts with known credential prefixes (eyJ for JWT, sk- for Stripe, ghp_ for GitHub, etc.). Redacted values show length to aid debugging: [REDACTED — 128 chars] * fix(browse): kill old server before restart to prevent orphaned chromium processes When the health check fails or the server connection drops, `ensureServer()` and `sendCommand()` would call `startServer()` without first killing the previous server process. This left orphaned `chrome-headless-shell` renderer processes running at ~120% CPU each. After several reconnect cycles (e.g. pages that crash during hydration or trigger hard navigations via `window.location.href`), dozens of zombie chromium processes accumulate and exhaust system resources. Fix: call `killServer()` on the stale PID before spawning a new server in both the `ensureServer()` unhealthy path and the `sendCommand()` connection- lost retry path. Fixes #294 * Fix YAML linter error: nested mapping in compact sequence entries Having "Run: bun" inside a plain scalar is not allowed per YAML spec which states: Plain scalars must never contain the “: ” and “ #” character combinations. This simple fix switches to block scalars (|) to eliminate the ambiguity without changing runtime behavior. * fix(security): add Azure metadata endpoint to SSRF blocklist Add metadata.azure.internal to BLOCKED_METADATA_HOSTS alongside the existing AWS/GCP endpoints. Closes the coverage gap identified in #125. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test: add coverage for storage redaction Test key-based redaction (auth_token, api_key), value-based redaction (JWT prefix, GitHub PAT prefix), pass-through for normal keys, and length preservation in redacted output. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: add community PR triage process to CONTRIBUTING.md Document the wave-based PR triage pattern used for batching community contributions. References PR #205 (v0.8.3) as the original example. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: adjust test key names to avoid redaction pattern collision Rename testKey→testData and normalKey→displayName in storage tests to avoid triggering #238's SENSITIVE_KEY regex (which matches 'key'). Also generate Codex variant of /cso skill. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update project documentation for v0.9.10.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: zero-noise /cso security audits with FP filtering (v0.11.0.0) Absorb Anthropic's security-review false positive filtering into /cso: - 17 hard exclusions (DOS, test files, log spoofing, SSRF path-only, regex injection, race conditions unless concrete, etc.) - 9 precedents (React XSS-safe, env vars trusted, client-side code doesn't need auth, shell scripts need concrete untrusted input path) - 8/10 confidence gate — below threshold = don't report - Independent sub-agent verification for each finding - Exploit scenario requirement per finding - Framework-aware analysis (Rails CSRF, React escaping, Angular sanitization) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: consolidate CHANGELOG — merge /cso launch + community wave into v0.11.0.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: rewrite README — lead with Karpathy quote, cut LinkedIn phrases, add /cso Opens with the revolution (Karpathy, Steinberger/OpenClaw), keeps credentials and LOC numbers, cuts filler phrases, adds hater bait, restores hiring block, removes bloated "What's new" section, adds /cso to skills table and install. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(cso): adversarial review fixes — FP filtering, prompt injection, language coverage - Exclusion #10: test files must verify not imported by non-test code - Exclusion #13: distinguish user-message AI input from system-prompt injection - Exclusion #14: ReDoS in user-input regex IS a real CVE class, don't exclude - Add anti-manipulation rule: ignore audit-influencing instructions in codebase - Fix confidence gate: remove contradictory 7-8 tier, hard cutoff at 8 - Fix verifier anchoring: send only file+line, not category/description - Add Go, PHP, Java, C#, Kotlin to grep patterns (was 4 languages, now 8) - Add GraphQL, gRPC, WebSocket endpoint detection to attack surface mapping Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(docs): correct skill counts, add /autoplan to README tables Skill count was wrong in 3 places (said 19+7=26, said 25, actual is 28). Added /autoplan to specialist table. Fixed troubleshooting skills list to include all skills added since v0.7.0. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(browse): DNS rebinding protection for SSRF blocklist validateNavigationUrl is now async — resolves hostname to IP and checks against blocked metadata IPs. Prevents DNS rebinding where evil.com initially resolves to a safe IP, then switches to 169.254.169.254. All callers updated to await. Tests updated for async assertions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(browse): lockfile prevents concurrent server start races Adds exclusive lockfile (O_CREAT|O_EXCL) around ensureServer to prevent TOCTOU race where two CLI invocations could both kill the old server and start new ones, leaving an orphaned chromium process. Second caller now waits for the first to finish starting. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(browse): improve storage redaction — word-boundary keys + more value prefixes Key regex: use underscore/dot/hyphen boundaries instead of \b (which treats _ as word char). Now correctly redacts auth_token, session_token while skipping keyboardShortcuts, monkeyPatch, primaryKey. Value regex: add AWS (AKIA), Stripe (sk_live_, pk_live_), Anthropic (sk-ant-), Google (AIza), Sendgrid (SG.), Supabase (sbp_) prefixes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: migrate all remaining eval callers to source, fix stale CHANGELOG claim 5 templates and 2 bin scripts still used eval $(gstack-slug). All now use source <(gstack-slug). Updated gstack-slug comment to match. Fixed v0.8.3 CHANGELOG entry that falsely claimed eval was fully eliminated — it was the output sanitization that made it safe, not a calling convention change. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(docs): add /autoplan to install instructions, regen skill docs The install instruction blocks and troubleshooting section were missing /autoplan. All three skill list locations now include the complete 28-skill set. Regenerated codex/agents SKILL.md files to match template changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update project documentation for v0.11.0.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs(cso): add disclaimer — not a substitute for professional security audits LLMs can miss subtle vulns and produce false negatives. For production systems with sensitive data, hire a real firm. /cso is a first pass, not your only line of defense. Disclaimer appended to every report. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Arun Kumar Thiagarajan <arunkt.bm14@gmail.com> Co-authored-by: Tyrone Robb <tyrone.robb@icloud.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Orkun Duman <orkun1675@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This allows users to install and update gstack through the native Claude Code plugin system:
.claude-plugin/marketplace and plugin manifestsskills/directory for plugin auto-discovery${CLAUDE_SKILL_DIR}for portable paths