From f082b78c0bd44602927340d649637ccf56265ff9 Mon Sep 17 00:00:00 2001 From: lmiranda Date: Fri, 30 Jan 2026 18:06:04 -0500 Subject: [PATCH] fix: address critical issues from codebase analysis - Add hooks declarations to 9 plugins missing them in marketplace.json - Change .mcp.json to use relative paths (portable across users) - Fix pr-review hook schema to use standard nested hooks structure - Fix token exposure in cmdb-assistant startup-check.sh (use curl -K) - Update version to 5.4.1 in marketplace.json, README.md - Fix CANONICAL-PATHS.md version (was incorrectly showing 5.5.0) All 12 plugins now have hooks properly registered. All validations pass. Co-Authored-By: Claude Opus 4.5 --- .claude-plugin/marketplace.json | 13 +++++- .mcp.json | 10 ++--- README.md | 2 +- docs/CANONICAL-PATHS.md | 2 +- plugins/cmdb-assistant/hooks/startup-check.sh | 41 +++++++++++++------ plugins/pr-review/hooks/hooks.json | 8 +++- 6 files changed, 53 insertions(+), 23 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index aaea0c4..1a62daa 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -6,7 +6,7 @@ }, "metadata": { "description": "Project management plugins with Gitea and NetBox integrations", - "version": "5.4.0" + "version": "5.4.1" }, "plugins": [ { @@ -20,6 +20,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/projman/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "development", "tags": ["sprint", "agile", "gitea", "project-management"], "license": "MIT" @@ -42,7 +43,7 @@ }, { "name": "code-sentinel", - "version": "1.0.0", + "version": "1.0.1", "description": "Security scanning and code refactoring tools", "source": "./plugins/code-sentinel", "author": { @@ -83,6 +84,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/cmdb-assistant/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "infrastructure", "tags": ["cmdb", "netbox", "dcim", "ipam", "data-quality", "validation"], "license": "MIT" @@ -98,6 +100,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/claude-config-maintainer/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "development", "tags": ["claude-md", "configuration", "optimization"], "license": "MIT" @@ -113,6 +116,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/clarity-assist/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "productivity", "tags": ["prompts", "requirements", "clarification", "nd-friendly"], "license": "MIT" @@ -128,6 +132,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/git-flow/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "development", "tags": ["git", "workflow", "commits", "branching"], "license": "MIT" @@ -143,6 +148,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/pr-review/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "development", "tags": ["code-review", "pull-requests", "security", "quality"], "license": "MIT" @@ -158,6 +164,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/data-platform/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "data", "tags": ["pandas", "postgresql", "postgis", "dbt", "data-engineering", "etl"], "license": "MIT" @@ -173,6 +180,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/viz-platform/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "visualization", "tags": ["dash", "plotly", "mantine", "charts", "dashboards", "theming", "dmc"], "license": "MIT" @@ -188,6 +196,7 @@ }, "homepage": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace/src/branch/main/plugins/contract-validator/README.md", "repository": "https://gitea.hotserv.cloud/personal-projects/leo-claude-mktplace.git", + "hooks": ["./hooks/hooks.json"], "category": "development", "tags": ["validation", "contracts", "compatibility", "agents", "interfaces", "cross-plugin"], "license": "MIT" diff --git a/.mcp.json b/.mcp.json index 4379e58..ffd82ea 100644 --- a/.mcp.json +++ b/.mcp.json @@ -1,23 +1,23 @@ { "mcpServers": { "gitea": { - "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/gitea/run.sh", + "command": "./mcp-servers/gitea/run.sh", "args": [] }, "netbox": { - "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/netbox/run.sh", + "command": "./mcp-servers/netbox/run.sh", "args": [] }, "viz-platform": { - "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/viz-platform/run.sh", + "command": "./mcp-servers/viz-platform/run.sh", "args": [] }, "data-platform": { - "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/data-platform/run.sh", + "command": "./mcp-servers/data-platform/run.sh", "args": [] }, "contract-validator": { - "command": "/home/lmiranda/.claude/plugins/marketplaces/leo-claude-mktplace/mcp-servers/contract-validator/run.sh", + "command": "./mcp-servers/contract-validator/run.sh", "args": [] } } diff --git a/README.md b/README.md index b4583cb..51b746c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Leo Claude Marketplace - v5.4.0 +# Leo Claude Marketplace - v5.4.1 A collection of Claude Code plugins for project management, infrastructure automation, and development workflows. diff --git a/docs/CANONICAL-PATHS.md b/docs/CANONICAL-PATHS.md index 8334a1d..2b92a7c 100644 --- a/docs/CANONICAL-PATHS.md +++ b/docs/CANONICAL-PATHS.md @@ -2,7 +2,7 @@ **This file defines ALL valid paths in this repository. No exceptions. No inference. No assumptions.** -Last Updated: 2026-01-30 (v5.5.0) +Last Updated: 2026-01-30 (v5.4.1) --- diff --git a/plugins/cmdb-assistant/hooks/startup-check.sh b/plugins/cmdb-assistant/hooks/startup-check.sh index 46f0b46..8dce0fc 100755 --- a/plugins/cmdb-assistant/hooks/startup-check.sh +++ b/plugins/cmdb-assistant/hooks/startup-check.sh @@ -25,11 +25,24 @@ if [[ -z "${NETBOX_API_URL:-}" ]] || [[ -z "${NETBOX_API_TOKEN:-}" ]]; then exit 0 fi +# Helper function to make authenticated API calls +# Token passed via curl config to avoid exposure in process listings +netbox_curl() { + local url="$1" + curl -s -K - </dev/null +-H "Authorization: Token ${NETBOX_API_TOKEN}" +-H "Accept: application/json" +url = "${url}" +EOF +} + # Quick API connectivity test (5s timeout) -HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -m 5 \ - -H "Authorization: Token $NETBOX_API_TOKEN" \ - -H "Accept: application/json" \ - "${NETBOX_API_URL}/" 2>/dev/null || echo "000") +HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -m 5 -K - </dev/null || echo "000" +-H "Authorization: Token ${NETBOX_API_TOKEN}" +-H "Accept: application/json" +url = "${NETBOX_API_URL}/" +EOF +) if [[ "$HTTP_CODE" == "000" ]]; then echo "$PREFIX NetBox API unreachable (timeout/connection error)" @@ -40,10 +53,12 @@ elif [[ "$HTTP_CODE" != "200" ]]; then fi # Check for VMs without site assignment (data quality) -VMS_RESPONSE=$(curl -s -m 5 \ - -H "Authorization: Token $NETBOX_API_TOKEN" \ - -H "Accept: application/json" \ - "${NETBOX_API_URL}/virtualization/virtual-machines/?site__isnull=true&limit=1" 2>/dev/null || echo '{"count":0}') +VMS_RESPONSE=$(curl -s -m 5 -K - </dev/null || echo '{"count":0}' +-H "Authorization: Token ${NETBOX_API_TOKEN}" +-H "Accept: application/json" +url = "${NETBOX_API_URL}/virtualization/virtual-machines/?site__isnull=true&limit=1" +EOF +) VMS_NO_SITE=$(echo "$VMS_RESPONSE" | grep -o '"count":[0-9]*' | cut -d: -f2 || echo "0") @@ -52,10 +67,12 @@ if [[ "$VMS_NO_SITE" -gt 0 ]]; then fi # Check for devices without platform -DEVICES_RESPONSE=$(curl -s -m 5 \ - -H "Authorization: Token $NETBOX_API_TOKEN" \ - -H "Accept: application/json" \ - "${NETBOX_API_URL}/dcim/devices/?platform__isnull=true&limit=1" 2>/dev/null || echo '{"count":0}') +DEVICES_RESPONSE=$(curl -s -m 5 -K - </dev/null || echo '{"count":0}' +-H "Authorization: Token ${NETBOX_API_TOKEN}" +-H "Accept: application/json" +url = "${NETBOX_API_URL}/dcim/devices/?platform__isnull=true&limit=1" +EOF +) DEVICES_NO_PLATFORM=$(echo "$DEVICES_RESPONSE" | grep -o '"count":[0-9]*' | cut -d: -f2 || echo "0") diff --git a/plugins/pr-review/hooks/hooks.json b/plugins/pr-review/hooks/hooks.json index 529b5ec..544f8e2 100644 --- a/plugins/pr-review/hooks/hooks.json +++ b/plugins/pr-review/hooks/hooks.json @@ -2,8 +2,12 @@ "hooks": { "SessionStart": [ { - "type": "command", - "command": "${CLAUDE_PLUGIN_ROOT}/hooks/startup-check.sh" + "hooks": [ + { + "type": "command", + "command": "${CLAUDE_PLUGIN_ROOT}/hooks/startup-check.sh" + } + ] } ] }