tp-wiki

Skill teaching direct `claude` CLI usage via the Bash tool — six conceptual operations (execute, session, context, review, agent, config) expressed as native `claude -p` invocations and subcommands (`claude ultrareview`, `claude agents`, `claude doctor`, `claude mcp`, `claude plugin`). No binary, no MCP server, no Rust toolchain required. For agents that need to drive Claude Code programmatically without an MCP transport. No specialist subagents — this plugin ships one skill and zero agents.

Principled Claude Code plugin for the dev lifecycle: plan, review, debug, refactor, multi-agent orchestration, ideation, spec-driven work, test strategy. Live Claude Code/Agent SDK/API docs via the `/cc-docs` slash command (which dispatches `tp-researcher`). (Security review moved to tp-security in 1.22.0. Subagent roster reduced to 3 universal keepers in 1.23.0: `tp-critic` for review, `tp-explorer` for codebase mapping, `tp-researcher` for external research — specialized reviewer roles use lens prompts at the call site.)

Marketplace discipline enforcement — single `validate-plugin` skill + `tp-roster-auditor` agent + `scripts/audit.py` CI guard. Audits any Claude Code marketplace for the 5-rule discipline set: agent roster cap (default 6 keepers + 1 read-only-tools exception), spawn-lens contract (`lens:`/`scope:`/`question:` within 200 chars), fork-skill rationale (every `context: fork` skill has `references/fork-rationale.md`), description quality (≤1536 chars, verb-led first 200, CONTRAST vs adjacent), and catalog discipline (`plugin.json` version matches marketplace + description mentions roster). Use when user says 'audit my marketplace', 'check discipline', 'roster check', 'validate before commit', 'discipline-check'. NOT for: marketplace schema validation (use `claude plugin validate`); NOT for: implementation work (use the relevant domain skill).

First Principles Framework — structured reasoning in an isolated forked context with hypothesis generation, evidence validation, and auditable decision records. PROPOSE / MAINTAIN / QUERY modes. Verification stages spawn `tp-critic` with FPF-specific lenses.

Git workflow automation — conventional commits, PR creation, issue analysis, git notes, worktrees, and inline PR review comments. PR reviews fan out `tp-critic` per changed file with the 'review this diff for bug, security, and contract errors' lens.

Principled MCP (Model Context Protocol) expertise hub — a single skill `mcp-expertise` with five modes covering the full MCP server lifecycle: DESIGN (tool decomposition, output contract, JSON-RPC error discipline, capability negotiation, security checklist, naming, Claude-Optimal validation), SCHEMA (JSON Schema 2020-12 authoring, additionalProperties:false discipline, discriminator enums, constraint discipline, description writing, pitfalls catalog, schemars cheatsheet), IMPLEMENT (Rust with rmcp 0.3 + schemars + tokio, transport choice stdio vs Streamable HTTP, stderr-only logging, error mapping via rmcp::ErrorData, testing with MCP Inspector CLI mode; implementation runs inline in the main agent or forked orchestrator), CLIENT (agent as MCP consumer — the four installation paths, JSON-RPC discovery flow, calling pattern, consumer-side debugging, rmcp client SDK for stdio and Streamable HTTP), and QUALITY (8-dimension Claude-Optimal rubric, forked orchestrator spawns 8 parallel `mcp-quality-judge` subagents in isolated contexts — the single domain exemplar of the lens-prompt pattern). The §3 worked example in `mcp-expertise/references/design-decomposition.md` uses a synthetic `git-cli` decomposition. Hub is a pure router; mechanism lives in `references/`. Includes 1 subagent: `mcp-quality-judge` (QUALITY leaf, background, yellow) — the only marketplace subagent that preloads its domain skill via `skills: [mcp-expertise]`.

Principled Rust project skills — single `rust` hub with a `Modes:` directive covering the full Rust lifecycle: SCAFFOLD (lib/bin decision, Cargo.toml template edition 2024, MSRV 1.81, feature flag design, lib+bin code layout, rustdoc, edition migration), WORKSPACE (when to split, virtual workspace template, workspace inheritance, Cargo.lock policy, MSRV coordination, cross-crate patterns, workspace publishing), QUALITY (canonical 6-job CI, clippy + rustfmt policy, cargo-nextest, coverage, supply-chain ladder, dev-experience tooling), RELEASE (Cargo semver, changelog tooling, cargo publish playbook, supply-chain maintenance, feature deprecation), REVIEW (holistic existing-project health audit via 5 parallel tp-critic lenses — source-code health & idioms, dependency hygiene, build & test health, public API surface, supply chain). Each mode dispatches `tp-critic` with Rust-specific lenses (Cargo.toml audit, CI configuration, supply chain, pre-publish, source-code, dependency hygiene, build/test health, public API surface); the inline Rust idiom-polish checklist handles code cleanup.

Structured agent-driven development with multi-judge evaluation — runs a single solution in an isolated forked context with self-critique, and scores it via parallel isolated-context judges. EXECUTE mode (implement + verify) and JUDGE mode (multi-judge debate). One specialist subagent (`sadd-judge` for rubric-based candidate scoring).

Principled security review skills — single `security` hub with a `Modes:` directive covering the pre-production security review lifecycle: SAST (static application security testing for injection, auth bypass, SSRF, deserialization, access control), DEPENDENCY-AUDIT (CVE scanning, lockfile drift, typosquatting, supply-chain integrity), SECRETS-DETECTION (API keys, tokens, credentials, private keys via pattern matching and entropy analysis), COMPLIANCE (OWASP ASVS, GDPR, SOC2, PCI-DSS, HIPAA evidence mapping and gap analysis). All four modes spawn `tp-critic` with a mode-specific lens (OWASP / supply-chain / secrets / compliance).

Session analytics — CAPTURE (headless behavioral artifact collection), INSPECT (structured data extraction; parses JSONL in isolated context), REVIEW (behavioral anti-pattern diagnosis via `tp-critic` w/ lens), ISSUE (sanitized GitHub issue reporting; `tp-critic` w/ lens for privacy scrub), CROSS-ANALYZE (parallel multi-perspective analysis), ADJUDICATE (evidence + adversarial validation). Six modes; the 4 deleted `session-*` agents collapsed into `tp-critic` / `tp-explorer` per-mode.