personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit fixes — metadata.json, stale profiles, canonical paths, validation #441

Merged
lmiranda merged 2 commits from fix/audit-metadata-profiles-validation into development 2026-02-05 02:39:17 +00:00
Conversation 0 Commits 2 Files Changed 6 +77 -23
6 changed files with 77 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
.claude-plugin/marketplace-full.json
View File

@@ -6,12 +6,12 @@
},
"metadata": {
"description": "Project management plugins with Gitea and NetBox integrations",
"version": "7.0.0"
"version": "7.1.0"
},
"plugins": [
{
"name": "projman",
"version": "3.4.0",
"version": "7.1.0",
"description": "Sprint planning and project management with Gitea integration",
"source": "./plugins/projman",
"author": {
@@ -27,7 +27,7 @@
},
{
"name": "doc-guardian",
"version": "1.1.0",
"version": "7.1.0",
"description": "Automatic documentation drift detection and synchronization",
"source": "./plugins/doc-guardian",
"author": {
@@ -43,7 +43,7 @@
},
{
"name": "code-sentinel",
"version": "1.0.1",
"version": "7.1.0",
"description": "Security scanning and code refactoring tools",
"source": "./plugins/code-sentinel",
"author": {
@@ -59,7 +59,7 @@
},
{
"name": "project-hygiene",
"version": "0.1.0",
"version": "7.1.0",
"description": "Post-task cleanup hook that removes temp files and manages orphaned files",
"source": "./plugins/project-hygiene",
"author": {
@@ -75,7 +75,7 @@
},
{
"name": "cmdb-assistant",
"version": "1.2.0",
"version": "7.1.0",
"description": "NetBox CMDB integration with data quality validation and machine registration",
"source": "./plugins/cmdb-assistant",
"author": {
@@ -91,7 +91,7 @@
},
{
"name": "claude-config-maintainer",
"version": "1.2.0",
"version": "7.1.0",
"description": "CLAUDE.md and settings.local.json optimization for Claude Code projects",
"source": "./plugins/claude-config-maintainer",
"author": {
@@ -107,7 +107,7 @@
},
{
"name": "clarity-assist",
"version": "1.2.0",
"version": "7.1.0",
"description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
"source": "./plugins/clarity-assist",
"author": {
@@ -123,7 +123,7 @@
},
{
"name": "git-flow",
"version": "1.2.0",
"version": "7.1.0",
"description": "Git workflow automation with intelligent commit messages and branch management",
"source": "./plugins/git-flow",
"author": {
@@ -139,7 +139,7 @@
},
{
"name": "pr-review",
"version": "1.1.0",
"version": "7.1.0",
"description": "Multi-agent pull request review with confidence scoring and actionable feedback",
"source": "./plugins/pr-review",
"author": {
@@ -155,7 +155,7 @@
},
{
"name": "data-platform",
"version": "1.3.0",
"version": "7.1.0",
"description": "Data engineering tools with pandas, PostgreSQL/PostGIS, and dbt integration",
"source": "./plugins/data-platform",
"author": {
@@ -171,7 +171,7 @@
},
{
"name": "viz-platform",
"version": "1.1.0",
"version": "7.1.0",
"description": "Visualization tools with Dash Mantine Components validation, Plotly charts, and theming",
"source": "./plugins/viz-platform",
"author": {
@@ -187,7 +187,7 @@
},
{
"name": "contract-validator",
"version": "1.2.0",
"version": "7.1.0",
"description": "Cross-plugin compatibility validation and Claude.md agent verification",
"source": "./plugins/contract-validator",
"author": {

14
.claude-plugin/marketplace-lean.json
View File

@@ -6,12 +6,12 @@
},
"metadata": {
"description": "Project management plugins with Gitea and NetBox integrations",
"version": "7.0.0"
"version": "7.1.0"
},
"plugins": [
{
"name": "projman",
"version": "3.4.0",
"version": "7.1.0",
"description": "Sprint planning and project management with Gitea integration",
"source": "./plugins/projman",
"author": {
@@ -27,7 +27,7 @@
},
{
"name": "git-flow",
"version": "1.2.0",
"version": "7.1.0",
"description": "Git workflow automation with intelligent commit messages and branch management",
"source": "./plugins/git-flow",
"author": {
@@ -43,7 +43,7 @@
},
{
"name": "pr-review",
"version": "1.1.0",
"version": "7.1.0",
"description": "Multi-agent pull request review with confidence scoring and actionable feedback",
"source": "./plugins/pr-review",
"author": {
@@ -59,7 +59,7 @@
},
{
"name": "clarity-assist",
"version": "1.2.0",
"version": "7.1.0",
"description": "Prompt optimization and requirement clarification with ND-friendly accommodations",
"source": "./plugins/clarity-assist",
"author": {
@@ -75,7 +75,7 @@
},
{
"name": "code-sentinel",
"version": "1.0.1",
"version": "7.1.0",
"description": "Security scanning and code refactoring tools",
"source": "./plugins/code-sentinel",
"author": {
@@ -91,7 +91,7 @@
},
{
"name": "doc-guardian",
"version": "1.1.0",
"version": "7.1.0",
"description": "Automatic documentation drift detection and synchronization",
"source": "./plugins/doc-guardian",
"author": {

11
CHANGELOG.md
View File

@@ -6,6 +6,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
## [Unreleased]
### Fixed
- Confirmed projman `metadata.json` exists with gitea MCP mapping
- Synced `marketplace-full.json` and `marketplace-lean.json` to current version (were stale)
- Added `metadata.json` validation to `validate-marketplace.sh` — rejects `mcp_servers` in `plugin.json`, verifies MCP server references
- Updated `CANONICAL-PATHS.md` to current version
### Changed
- Deprecated `switch-profile.sh` in favor of `claude-launch.sh`
---
## [7.1.0] - 2026-02-04

18
docs/CANONICAL-PATHS.md
View File

@@ -2,7 +2,7 @@
**This file defines ALL valid paths in this repository. No exceptions. No inference. No assumptions.**
Last Updated: 2026-01-30 (v5.4.1)
Last Updated: 2026-02-04 (v7.1.0)
---
@@ -12,10 +12,18 @@ Last Updated: 2026-01-30 (v5.4.1)
leo-claude-mktplace/
├── .claude/ # Claude Code local settings
├── .claude-plugin/ # Marketplace manifest
── marketplace.json
── marketplace.json
│ ├── marketplace-lean.json # Lean profile (6 core plugins)
│ └── marketplace-full.json # Full profile (all plugins)
├── .mcp-lean.json # Lean profile MCP config (gitea only)
├── .mcp-full.json # Full profile MCP config (all servers)
├── .scratch/ # Transient work (auto-cleaned)
├── docs/ # All documentation
│ ├── architecture/ # Draw.io diagrams and specs
│ ├── prompts/ # Shared prompt templates
│ │ └── INDEX.md # Prompt template index
│ ├── project-lessons-learned/ # Project-level lessons (not sprint-specific)
│ │ └── INDEX.md # Lessons index
│ ├── CANONICAL-PATHS.md # This file - single source of truth
│ ├── COMMANDS-CHEATSHEET.md # All commands quick reference
│ ├── CONFIGURATION.md # Centralized configuration guide
@@ -150,7 +158,9 @@ leo-claude-mktplace/
│ ├── validate-marketplace.sh # Marketplace compliance validation
│ ├── verify-hooks.sh # Verify all hooks use correct event types
│ ├── setup-venvs.sh # Setup MCP server venvs (create only, never delete)
── release.sh # Release automation with version bumping
── release.sh # Release automation with version bumping
│ ├── claude-launch.sh # Task-specific launcher with profile selection
│ └── switch-profile.sh # DEPRECATED: use claude-launch.sh instead
├── CLAUDE.md
├── README.md
├── LICENSE
@@ -168,6 +178,7 @@ leo-claude-mktplace/
|---------|---------|---------|
| Plugin location | `plugins/{plugin-name}/` | `plugins/projman/` |
| Plugin manifest | `plugins/{plugin-name}/.claude-plugin/plugin.json` | `plugins/projman/.claude-plugin/plugin.json` |
| Plugin MCP mapping (optional) | `plugins/{plugin-name}/.claude-plugin/metadata.json` | `plugins/projman/.claude-plugin/metadata.json` |
| Plugin commands | `plugins/{plugin-name}/commands/` | `plugins/projman/commands/` |
| Plugin agents | `plugins/{plugin-name}/agents/` | `plugins/projman/agents/` |
| Plugin skills | `plugins/{plugin-name}/skills/` | `plugins/projman/skills/` |
@@ -305,6 +316,7 @@ All MCP servers are defined in `.mcp.json` at repository root:
| Date | Change | By |
|------|--------|-----|
| 2026-02-04 | v7.1.0: Added profile configs, prompts/, project-lessons-learned/, metadata.json, deprecated switch-profile.sh | Claude Code |
| 2026-01-30 | v5.5.0: Removed plugin-level mcp-servers symlinks - all MCP config now in root .mcp.json | Claude Code |
| 2026-01-26 | v5.0.0: Added contract-validator plugin and MCP server | Claude Code |
| 2026-01-26 | v4.1.0: Added viz-platform plugin and MCP server | Claude Code |

2
scripts/switch-profile.sh
View File

@@ -4,6 +4,8 @@
set -euo pipefail
echo "⚠️ DEPRECATED: use scripts/claude-launch.sh instead." >&2
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
MARKETPLACE_DIR="$ROOT_DIR/.claude-plugin"

29
scripts/validate-marketplace.sh
View File

@@ -206,6 +206,35 @@ for plugin_dir in "$PLUGINS_DIR"/*/; do
echo "$plugin_name valid"
done
echo ""
echo "=== Validating Plugin Metadata (MCP Mappings) ==="
for plugin_dir in "$PLUGINS_DIR"/*/; do
plugin_name=$(basename "$plugin_dir")
metadata_json="$plugin_dir.claude-plugin/metadata.json"
if jq -e '.mcp_servers' "$plugin_dir.claude-plugin/plugin.json" >/dev/null 2>&1; then
echo "ERROR: $plugin_name/plugin.json contains 'mcp_servers' — move to metadata.json"
exit 1
fi
if [[ -f "$metadata_json" ]]; then
if ! jq empty "$metadata_json" 2>/dev/null; then
echo "ERROR: Invalid JSON in $plugin_name/.claude-plugin/metadata.json"
exit 1
fi
mcp_servers=$(jq -r '.mcp_servers // [] | .[]' "$metadata_json" 2>/dev/null)
for server in $mcp_servers; do
if [[ ! -d "$ROOT_DIR/mcp-servers/$server" ]]; then
echo "ERROR: $plugin_name metadata.json references '$server' but mcp-servers/$server/ missing"
exit 1
fi
echo "$plugin_name$server"
done
fi
done
echo "✓ Plugin metadata validation passed"
# CRITICAL: Validate marketplace.json file references
echo ""
echo "=== Validating Marketplace File References (CRITICAL) ==="