codeforge-dev 1.10.0 → 1.11.0

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-init/SKILL.md

@@ -5,14 +5,14 @@ description: >-
   "set up specs", "bootstrap specs", "start using specs", "create spec
   directory", "init specs for this project", or needs to set up the
   .specs/ directory structure for a project that doesn't have one yet.
-version: 0.1.0
+version: 0.2.0
 ---
 
 # Initialize Specification Directory
 
 ## Mental Model
 
-Before any spec can be created, the project needs a `.specs/` directory with its supporting files: a ROADMAP (what each version delivers) and a BACKLOG (deferred items). This skill bootstraps that structure so `/spec-new` has a home.
+Before any spec can be created, the project needs a `.specs/` directory with its supporting files: a MILESTONES tracker (what each milestone delivers) and a BACKLOG (deferred items). This skill bootstraps that structure so `/spec-new` has a home.
 
 ---
 
@@ -25,7 +25,7 @@ Glob: .specs/**/*.md
 ```
 
 **If `.specs/` already exists:**
-- Report current state: how many specs, versions, whether ROADMAP.md and BACKLOG.md exist
+- Report current state: how many specs, domains, whether MILESTONES.md and BACKLOG.md exist
 - Suggest `/spec-check` to audit health instead
 - Do NOT recreate or overwrite anything
 - Stop here
@@ -36,9 +36,9 @@ Glob: .specs/**/*.md
 
 Create the `.specs/` directory at the project root.
 
-### Step 3: Create ROADMAP.md
+### Step 3: Create MILESTONES.md
 
-Write `.specs/ROADMAP.md` using the template from `references/roadmap-template.md`.
+Write `.specs/MILESTONES.md` using the template from `references/milestones-template.md`.
 
 ### Step 4: Create BACKLOG.md
 
@@ -63,15 +63,16 @@ Summarize what was created:
 
 Created:
 - `.specs/` directory
-- `.specs/ROADMAP.md` — version tracking table
+- `.specs/MILESTONES.md` — milestone tracker
 - `.specs/BACKLOG.md` — deferred items list
 
 Next steps:
 - Add features to `BACKLOG.md` with priority grades (P0–P3)
-- Pull features into a version in `ROADMAP.md` when ready to scope
-- Use `/spec-new <feature-name> <version>` to create a spec
+- Pull features into a milestone in `MILESTONES.md` when ready to scope
+- Use `/spec-new <feature-name>` to create a spec (domain is inferred)
 - Use `/spec-refine <feature-name>` to validate before implementation
-- After implementing, use `/spec-update` to close the loop
+- After implementing, use `/spec-review <feature-name>` to verify against the spec
+- Then use `/spec-update` to close the loop
 - Use `/spec-check` to audit spec health at any time
 ```
 
@@ -87,7 +88,7 @@ Next steps:
 ## Ambiguity Policy
 
 - If the user runs this in a workspace root with multiple projects, ask which project to initialize.
-- If `.specs/` exists but is missing ROADMAP.md or BACKLOG.md, offer to create only the missing files.
+- If `.specs/` exists but is missing MILESTONES.md or BACKLOG.md, offer to create only the missing files.
 
 ---
 
@@ -95,5 +96,5 @@ Next steps:
 
 | File | Contents |
 |------|----------|
-| `references/roadmap-template.md` | Starter ROADMAP with version table format |
+| `references/milestones-template.md` | Starter MILESTONES with milestone table format |
 | `references/backlog-template.md` | Starter BACKLOG with item format |

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-init/references/backlog-template.md

@@ -1,6 +1,6 @@
 # Backlog
 
-Priority-graded feature and infrastructure backlog. Items are pulled into versions when ready to scope and spec. See `ROADMAP.md` for the versioning workflow.
+Priority-graded feature and infrastructure backlog. Items are pulled into milestones when ready to scope and spec. See `MILESTONES.md` for the milestone workflow.
 
 ## P0 — High Priority
 

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-init/references/milestones-template.md

@@ -0,0 +1,32 @@
+# Milestones
+
+> Features are organized by domain in `.specs/`. Milestones group features
+> into deliverable increments. See `BACKLOG.md` for the feature backlog.
+
+## How Milestones Work
+
+1. **Backlog** — All desired features live in `BACKLOG.md`, graded by priority.
+2. **Milestone scoping** — When ready to plan a deliverable, pull features from the backlog.
+3. **Spec first** — Each feature gets a spec (via `/spec-new`) before implementation begins.
+4. **Ship** — A milestone is done when all its specs are implemented and verified.
+
+Only the **current milestone** is defined in detail. Everything else is backlog.
+
+## Released
+
+_None yet._
+
+## Current
+
+### [Milestone Name]
+
+- [ ] `domain/feature-name.md` — [Brief description]
+- [ ] `domain/feature-name.md` — [Brief description]
+
+## Next
+
+> Scoped from `BACKLOG.md` when the current milestone is complete.
+
+## Out of Scope
+
+- [Items explicitly not planned]

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-new/SKILL.md

@@ -5,7 +5,7 @@ description: >-
   "new feature spec", "write a spec for", "spec this feature",
   "start a new spec", "plan a feature", or needs to create a new
   specification file from the standard template.
-version: 0.1.0
+version: 0.2.0
 ---
 
 # Create New Feature Specification
@@ -14,7 +14,7 @@ version: 0.1.0
 
 A specification is a contract between the person requesting a feature and the person building it. Writing the spec BEFORE implementation forces you to think through edge cases, acceptance criteria, and scope boundaries while changes are cheap — before any code exists.
 
-Every project uses `.specs/` as the specification directory. Specs are version-organized, independently loadable, and should aim for ~200 lines.
+Every project uses `.specs/` as the specification directory. Specs are domain-organized, independently loadable, and should aim for ~200 lines.
 
 ---
 
@@ -22,33 +22,32 @@ Every project uses `.specs/` as the specification directory. Specs are version-o
 
 ### Step 1: Parse Arguments
 
-Extract the feature name and version from `$ARGUMENTS`:
+Extract the feature name from `$ARGUMENTS`:
 - **Feature name**: kebab-case identifier (e.g., `session-history`, `auth-flow`)
-- **Version**: semver string (e.g., `v0.3.0`)
 
-If arguments are missing, ask the user for:
-1. Feature name (what is being built)
-2. Target version (which release this belongs to)
+If the feature name is missing, ask the user what they want to spec.
 
-**Note:** Features should be pulled from the project's backlog (`BACKLOG.md`) into a version before creating a spec. If the feature isn't in the backlog yet, add it first, then assign it to a version.
+**Note:** Features should be pulled from the project's backlog (`BACKLOG.md`) into a milestone before creating a spec. If the feature isn't in the backlog yet, add it first, then assign it to a milestone.
 
-### Step 2: Determine File Path
+### Step 2: Determine Domain and File Path
 
-- **Multi-feature version** (directory already exists or multiple features planned):
-  `.specs/{version}/{feature-name}.md`
-- **Single-feature version** (one spec covers the whole version):
-  `.specs/{version}.md`
+Analyze the feature name and description to infer an appropriate domain folder:
+- Look at existing domain folders in `.specs/` for a natural fit
+- Consider the feature's area: `auth`, `search`, `ui`, `api`, `onboarding`, etc.
+- Present the inferred domain to the user for confirmation or override
+
+The file path is always: `.specs/{domain}/{feature-name}.md`
 
 If `.specs/` does not exist at the project root, create it.
 
-If `.specs/{version}/` does not exist and you're using the directory form, create it.
+If `.specs/{domain}/` does not exist, create it.
 
 ### Step 3: Create the Spec File
 
 Write the file using the standard template from `references/template.md`.
 
 Pre-fill:
-- **Version**: from arguments
+- **Domain**: from the inferred/confirmed domain
 - **Status**: `planned`
 - **Last Updated**: today's date (YYYY-MM-DD)
 - **Approval**: `draft`
@@ -73,7 +72,7 @@ After creating the file, guide the user through filling it out:
 ### Step 5: Validate
 
 Before finishing:
-- [ ] If the file exceeds ~200 lines, consider splitting into sub-specs
+- [ ] If the file exceeds ~200 lines, consider splitting into separate specs in the domain folder
 - [ ] No source code, SQL, or type definitions reproduced inline
 - [ ] Status is `planned` and Approval is `draft`
 - [ ] All required sections present (even if some are "N/A" or "TBD")
@@ -88,7 +87,7 @@ The `/spec-refine` skill walks through every `[assumed]` requirement with the us
 
 ## Sizing Guidelines
 
-- **Aim for ~200 lines per spec.** If a feature needs more, consider splitting into sub-specs with a parent `_overview.md` linking them.
+- **Aim for ~200 lines per spec.** If a feature needs more, consider splitting into separate specs in the domain folder.
 - **Reference, don't reproduce.** Write `see src/engine/db/migrations/002.sql lines 48-70` — never paste the SQL.
 - **Independently loadable.** Each spec file must be useful without loading any other file.
 - **EARS format for requirements.** Use the `specification-writing` skill for templates and examples.
@@ -97,7 +96,7 @@ The `/spec-refine` skill walks through every `[assumed]` requirement with the us
 
 ## Ambiguity Policy
 
-- If the user doesn't specify a version, ask — do not assume.
+- If the user doesn't specify a domain, infer one from the feature name and existing `.specs/` structure, then confirm with the user.
 - If the feature scope is unclear, write a minimal spec with `## Open Questions` listing what needs clarification.
 - If a spec already exists for this feature, inform the user and suggest `/spec-update` instead.
 

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-new/references/template.md

@@ -9,7 +9,7 @@ Standard template for all feature specifications. Copy this structure when creat
 ```markdown
 # Feature: [Name]
 
-**Version:** v0.X.0
+**Domain:** [domain-name]
 **Status:** planned
 **Last Updated:** YYYY-MM-DD
 **Approval:** draft
@@ -22,6 +22,8 @@ Standard template for all feature specifications. Copy this structure when creat
 
 [Testable criteria. Use Given/When/Then for complex flows, checklists for simple features, or tables for business rules. Every criterion must be verifiable.]
 
+[Markers: `[ ]` = not started, `[~]` = implemented but not yet verified, `[x]` = verified (tests pass). During `/spec-build`, criteria progress from `[ ]` to `[~]` during implementation, then to `[x]` after review.]
+
 - [ ] [Criterion 1]
 - [ ] [Criterion 2]
 - [ ] [Criterion 3]
@@ -126,4 +128,12 @@ Standard template for all feature specifications. Copy this structure when creat
 | `draft` | Spec has unvalidated assumptions — NOT approved for implementation |
 | `user-approved` | All requirements are `[user-approved]` — ready for implementation |
 
-**Workflow:** `/spec-new` creates → `/spec-refine` validates → implementation begins → `/spec-update` closes the loop.
+## Acceptance Criteria Markers
+
+| Marker | Meaning |
+|--------|---------|
+| `[ ]` | Not started |
+| `[~]` | Implemented, not yet verified — code written, tests not confirmed |
+| `[x]` | Verified — tests pass, behavior confirmed |
+
+**Workflow:** `/spec-new` creates → `/spec-refine` validates → `/spec-build` implements + closes the loop (or implement manually → `/spec-review` verifies → `/spec-update` closes the loop).

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-review/SKILL.md

@@ -0,0 +1,229 @@
+---
+name: spec-review
+description: >-
+  This skill should be used when the user asks to "review the spec",
+  "check spec adherence", "verify implementation", "spec-review",
+  "does code match spec", "audit implementation", or needs a standalone
+  deep implementation review that reads the code and confirms full
+  adherence to a specification.
+version: 0.1.0
+---
+
+# Spec Implementation Review
+
+## Mental Model
+
+A spec is a contract — but contracts only matter if someone verifies them. `/spec-review` is the verification step: given a spec and the code that claims to implement it, does the code actually do what the spec says?
+
+This is a standalone, single-spec, deep implementation review. Unlike `/spec-check` (which audits metadata health across all specs without reading code) and unlike `/spec-build` Phase 4 (which is locked inside the build workflow), `/spec-review` can be invoked independently at any time after implementation exists.
+
+Use cases:
+
+- **Manual implementation** — you built a feature without `/spec-build` and want to verify the work before running `/spec-update`
+- **Post-change regression check** — re-verify after modifying an already-implemented feature
+- **Pre-release audit** — confirm a feature still matches its spec before shipping
+- **Onboarding verification** — check if what's in the code matches what the spec says
+
+```
+Lifecycle positioning:
+
+/spec-new → /spec-refine → implement (manually or via /spec-build) → /spec-review → /spec-update
+
+Or with /spec-build (which has its own Phase 4):
+/spec-new → /spec-refine → /spec-build (includes review) → done
+
+/spec-review is independent — usable at any time after implementation exists.
+```
+
+---
+
+## Relationship to Other Skills
+
+| Skill | What it does | How `/spec-review` differs |
+|-------|-------------|---------------------------|
+| `/spec-check` | Batch metadata audit (all specs, no code reading) | Single-spec deep code audit |
+| `/spec-build` Phase 4 | Same depth, but embedded in the build workflow | Standalone, invokable independently |
+| `/spec-update` | Updates spec metadata after implementation | `/spec-review` audits first, then recommends `/spec-update` |
+
+---
+
+## Spec Edits During Review
+
+`/spec-review` makes limited spec edits — just enough to record what it verified:
+
+- Upgrade `[ ]` or `[~]` → `[x]` for criteria verified by passing tests
+- Downgrade `[x]` → `[ ]` if a previously-verified criterion now fails (regression)
+- Add entries to `## Discrepancies` for gaps found
+- Update `## Key Files` if paths are stale (files moved/deleted/added)
+- Update `**Last Updated:**` date
+
+It does NOT change `**Status:**` or add `## Implementation Notes` — that's `/spec-update`'s job. Clear boundary: `/spec-review` verifies and records findings; `/spec-update` closes the loop.
+
+---
+
+## Workflow
+
+### Step 1: Discovery
+
+**Find the spec.** Match `$ARGUMENTS` (feature name or path) against:
+
+```
+Glob: .specs/**/*.md
+```
+
+If ambiguous, list matching specs and ask which one to review.
+
+**Read the full spec.** Extract:
+
+- All FR-* and NFR-* requirements with their EARS-format text
+- All acceptance criteria with current markers (`[ ]`, `[~]`, `[x]`)
+- Key Files — every file path listed
+- Out of Scope — boundaries to respect
+- Discrepancies — any existing entries
+
+**Gate check.** `/spec-review` works on any spec with implementation to review:
+
+| Approval | Status | Action |
+|----------|--------|--------|
+| `user-approved` | `planned` | Proceed (reviewing work done against approved spec) |
+| `user-approved` | `partial` or `implemented` | Proceed (re-reviewing) |
+| `draft` | any | **Warn**: "This spec is `draft`. Requirements may not be validated. Consider running `/spec-refine` first. Proceed anyway?" |
+
+Unlike `/spec-build` which hard-blocks on `draft` (because it's about to write code), `/spec-review` is read-heavy — reviewing existing code against a draft spec is still useful, even if the spec itself isn't finalized.
+
+**Read every Key File.** Read all files listed in the spec's `## Key Files` section. These are the files the spec author identified as implementing the feature. Understanding them is prerequisite to the audit.
+
+---
+
+### Step 2: Requirement Coverage Audit
+
+Walk every FR-* and NFR-* requirement from the spec. Use the Spec Implementation Review Checklist at `spec-build/references/review-checklist.md` sections 4A and 4D as the authoritative guide.
+
+**For each FR-* requirement:**
+
+1. Identify the file(s) and function(s) that implement it
+2. Verify the implementation matches the EARS-format requirement text
+3. Confirm the requirement is fully addressed (not partially)
+4. Note if the requirement was met through a different approach than planned
+
+**For each NFR-* requirement:**
+
+1. Identify how the non-functional requirement is enforced
+2. Verify measurable NFRs have been tested or measured
+3. Confirm the NFR is met under expected conditions, not just ideal conditions
+
+**Cross-checks:**
+
+- Every FR-* has corresponding code — no requirements were skipped
+- Every NFR-* has corresponding enforcement — no hand-waving
+- No code was written that doesn't map to a requirement (scope creep check)
+- Out of Scope items from the spec were NOT implemented
+
+---
+
+### Step 3: Acceptance Criteria Verification
+
+For each acceptance criterion, locate or write the corresponding test. Use the Spec Implementation Review Checklist at `spec-build/references/review-checklist.md` sections 4B and 4C as the authoritative guide.
+
+**For each criterion:**
+
+1. Locate the corresponding test (unit, integration, or manual verification)
+2. If no test exists: **write one** — verification requires evidence, "no test exists" is not a valid review outcome
+3. Run the test
+4. If test passes → upgrade marker to `[x]` in the spec
+5. If test fails → note the failure, set marker to `[ ]`, document the issue
+
+**Summary checks:**
+
+- Count total criteria vs. verified `[x]` — report the ratio
+- Flag any criteria still `[ ]` (not started or regressed)
+- Flag any criteria that cannot be tested — document why and note as discrepancy
+- Verify tests actually test the criterion, not just exercise the code path
+
+**Code quality spot-check** per checklist section 4C:
+
+- Error handling at appropriate boundaries
+- No hardcoded values that should be configurable
+- Functions short and single-purpose
+- Nesting depth within limits
+- No regressions in existing tests
+
+---
+
+### Step 4: Report & Spec Updates
+
+#### Summary Report
+
+Present a structured report:
+
+```
+## Spec Implementation Review
+
+**Spec:** [feature name] ([spec file path])
+**Date:** YYYY-MM-DD
+**Reviewer:** /spec-review
+
+### Requirement Coverage
+- Functional: N/M addressed
+- Non-Functional: N/M addressed
+- Gaps: [list or "None"]
+
+### Acceptance Criteria
+- [x] Verified: N
+- [~] Implemented, pending: N
+- [ ] Not started / regressed: N
+- Failures: [list or "None"]
+
+### Code Quality
+- Issues found: [list or "None"]
+- Regressions: [list or "None"]
+
+### Spec Consistency
+- Key Files updates needed: [list or "None"]
+- Discrepancies: [list or "None"]
+
+### Recommendation
+[ ] All clear — run `/spec-update` to close the loop
+[ ] Fix issues first: [specific list]
+[ ] Requires user input: [specific questions]
+```
+
+#### Spec Edits
+
+Apply limited edits to the spec file:
+
+1. **Acceptance criteria markers** — update based on test results:
+   - Passed tests: upgrade `[ ]` or `[~]` → `[x]`
+   - Failed tests: downgrade `[x]` → `[ ]` (regression), keep `[ ]` or `[~]` as-is
+2. **Discrepancies** — add entries for any gaps found between spec and implementation
+3. **Key Files** — update paths if files moved, were deleted, or new files were created
+4. **Last Updated** — set to today's date
+
+Do NOT modify `**Status:**` or `## Implementation Notes` — those are `/spec-update`'s responsibility.
+
+#### Next Action
+
+Based on the review outcome, recommend:
+
+- **All clear**: "Run `/spec-update` to close the loop and mark the spec as implemented."
+- **Issues found**: "Fix the issues listed above, then re-run `/spec-review` to verify."
+- **User input needed**: Present specific questions and wait for direction.
+
+---
+
+## Ambiguity Policy
+
+- If `$ARGUMENTS` matches multiple specs, list them and ask which to review.
+- If a spec has no acceptance criteria, warn and offer to review requirements only.
+- If Key Files reference paths that don't exist, flag them as stale in the report and update the spec's Key Files section.
+- If the spec has no requirements section, warn that there's nothing to audit against and suggest running `/spec-new` or `/spec-update` to add requirements.
+- If all criteria are already `[x]`, still run the full review — regressions happen.
+
+---
+
+## Anti-Patterns
+
+- **Skipping test verification**: Marking criteria as `[x]` without running actual tests. Every `[x]` must be backed by a passing test or confirmed behavior.
+- **Reviewing without reading code**: The review must read the implementation files, not just check metadata. That's what `/spec-check` is for.
+- **Modifying implementation**: `/spec-review` is a review, not a fix. Report issues; don't fix them. The user decides what to do next.
+- **Changing spec status**: `/spec-review` records findings. `/spec-update` changes status. Respect the boundary.

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/spec-update/SKILL.md

@@ -26,6 +26,8 @@ Before performing an as-built update, check the spec's `**Approval:**` status:
 
 This is a warning, not a blocker — the user decides whether to refine first or update as-is.
 
+For manually-implemented features (not using `/spec-build`), consider running `/spec-review` first to verify implementation adherence before updating the spec.
+
 ---
 
 ## The 6-Step Workflow
@@ -56,6 +58,7 @@ Review each acceptance criterion in the spec:
 - Mark as `[x]` if the criterion is met and verified (tests pass, behavior confirmed)
 - Leave as `[ ]` if not yet implemented
 - Add a note next to deferred criteria explaining why
+- If a criterion is marked `[~]` (implemented but not yet verified from a `/spec-build` run), treat it as `[ ]` — verify it now and upgrade to `[x]` if confirmed, or leave as `[ ]` if unverifiable
 
 If criteria were met through different means than originally planned, note the deviation.
 
@@ -81,7 +84,7 @@ Verify paths exist before listing them. Use absolute project-relative paths.
 ### Step 6: Update Metadata
 
 - Set `**Last Updated:**` to today's date (YYYY-MM-DD)
-- Verify `**Version:**` is correct
+- Verify `**Domain:**` is correct
 - Preserve the `**Approval:**` status — do NOT downgrade `user-approved` to `draft`
 - If the as-built update introduces new decisions not in the original spec, add them to `## Resolved Questions` if the user confirmed them, or `## Open Questions` if they were assumed during implementation
 
@@ -121,9 +124,10 @@ Before finishing the update:
 - [ ] Implementation Notes document deviations from original spec
 - [ ] File paths in Key Files are accurate and verified
 - [ ] Last Updated date is today
+- [ ] `**Domain:**` is correct for the spec's location
 - [ ] `**Approval:**` status is preserved (not downgraded)
 - [ ] New implementation decisions are tracked in Resolved Questions or Open Questions
-- [ ] If the spec has grown past ~200 lines, note it and suggest splitting in a future pass
+- [ ] If the spec has grown past ~200 lines, note it and suggest splitting into separate specs in the domain folder
 - [ ] If `**Approval:**` is still `draft`, user was warned and confirmed proceeding
 - [ ] No source code was pasted inline (references only)
 

package/.devcontainer/plugins/devs-marketplace/plugins/code-directive/skills/specification-writing/SKILL.md

@@ -176,7 +176,7 @@ Every spec file starts with metadata:
 
 ```
 # Feature: [Name]
-**Version:** v0.X.0
+**Domain:** [domain-name]
 **Status:** implemented | partial | planned
 **Last Updated:** YYYY-MM-DD
 **Approval:** draft | user-approved

package/.devcontainer/plugins/devs-marketplace/plugins/codeforge-lsp/.claude-plugin/plugin.json

@@ -1,7 +1,40 @@
 {
-  "name": "codeforge-lsp",
-  "description": "LSP servers for CodeForge (Python, TypeScript, Go)",
-  "author": {
-    "name": "AnExiledDev"
-  }
+	"name": "codeforge-lsp",
+	"description": "LSP servers for CodeForge (Python, TypeScript, Go)",
+	"author": {
+		"name": "AnExiledDev"
+	},
+	"lspServers": {
+		"pyright": {
+			"command": "pyright-langserver",
+			"args": ["--stdio"],
+			"extensionToLanguage": {
+				".py": "python",
+				".pyi": "python"
+			}
+		},
+		"typescript": {
+			"command": "typescript-language-server",
+			"args": ["--stdio"],
+			"extensionToLanguage": {
+				".ts": "typescript",
+				".tsx": "typescriptreact",
+				".js": "javascript",
+				".jsx": "javascriptreact",
+				".mts": "typescript",
+				".cts": "typescript",
+				".mjs": "javascript",
+				".cjs": "javascript"
+			}
+		},
+		"gopls": {
+			"command": "gopls",
+			"args": ["serve"],
+			"extensionToLanguage": {
+				".go": "go",
+				".mod": "go.mod",
+				".sum": "go.sum"
+			}
+		}
+	}
 }

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/.claude-plugin/plugin.json

@@ -0,0 +1,7 @@
+{
+	"name": "workspace-scope-guard",
+	"description": "Enforces working directory scope — blocks writes and warns on reads outside the project",
+	"author": {
+		"name": "AnExiledDev"
+	}
+}

package/.devcontainer/plugins/devs-marketplace/plugins/workspace-scope-guard/hooks/hooks.json

@@ -0,0 +1,17 @@
+{
+	"description": "Enforce workspace scope for file operations",
+	"hooks": {
+		"PreToolUse": [
+			{
+				"matcher": "Read|Write|Edit|NotebookEdit|Glob|Grep",
+				"hooks": [
+					{
+						"type": "command",
+						"command": "python3 ${CLAUDE_PLUGIN_ROOT}/scripts/guard-workspace-scope.py",
+						"timeout": 5
+					}
+				]
+			}
+		]
+	}
+}