The idea.
A one-off production build is worth more if the hard-won patterns survive it. I open-sourced mine (MIT) as a self-hosted Claude Code plugin marketplace.
- 10 skills
- 2 review agents
- 3 commands
- 1 guardrail hook
Guardrails as code.
The plugin enforces a two-tier invariant system. A non-blocking PreToolUse hook (Python, with a graceful grep fallback and zero dependencies) catches issues as they happen, and an /invariant-check scan sweeps the whole tree.
It flags banned terms, hardcoded hex, physical CSS, and in-memory rate limiting, the mistakes that quietly break a regulated, bilingual build.
Review agents.
Two agents do the reviewing. A compliance-auditor runs KSA/SFDA checks and reports with file:line evidence; an adversarial-reviewer spans correctness, invariants, SEO/accessibility, and security.
Their rules live in a tunable config, so the whole system re-points to a new client without touching code.