By 2233admin
Zero-token scope enforcement for AI coding agents. Intercepts file edits via hooks to block out-of-scope changes.
Run Salacia garbage collection — analyze drift patterns, rotate audit logs, merge learned patterns into memory. Use when: 'salacia gc', 'clean salacia', 'salacia refine', 'optimize scope', 'salacia learn'.
Initialize Salacia scope contract for the current task. Use when starting a new coding task to define which files the agent is allowed to modify. Triggers on: 'salacia init', 'scope contract', 'init salacia', 'guard scope'.
Show Salacia audit statistics — event counts, top drifted files, learned promotions. Triggers on: 'salacia stats', 'scope stats', 'drift stats', 'guard stats', 'salacia report'.
Show current Salacia scope contract and drift status. Use when checking what files are in scope, current drift score, or reviewing the contract. Triggers on: 'salacia status', 'scope status', 'drift status', 'guard status'.
Modifies files
Hook triggers on file write and edit operations
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Zero-token scope enforcement for AI coding agents.
A Claude Code plugin that intercepts file edits in real-time, blocking out-of-scope changes without consuming any LLM tokens. The interception runs as a Node.js shell process — completely outside the model context.
AI coding agents (Claude Code, Codex, Cursor, etc.) are bad at staying in scope. You ask it to fix the scheduler, it "helpfully" refactors config, updates README, and touches .env. On SWE-bench, scope drift is a leading cause of agent failure.
Current solutions:
salacia-guard takes a different approach: enforce scope at the tool level, not the prompt level. The model can "think" whatever it wants — if it tries to edit a protected file, the edit is blocked before it happens. Zero tokens spent on enforcement.
Agent receives task
│
├─ /salacia-init generates .salacia/contract.json
│ (which files are allowed, soft-allowed, protected)
│
├─ Agent works normally...
│
├─ Agent calls Edit("packages/core/src/scheduler.ts")
│ └─ PreToolUse hook → guard.mjs → in scope → ✅ allow (silent)
│
├─ Agent calls Edit(".env")
│ └─ PreToolUse hook → guard.mjs → protected → 🛡️ BLOCK
│ └─ Agent sees: "Salacia: BLOCKED — .env is a protected path"
│
├─ Agent calls Edit("README.md")
│ └─ PostToolUse hook → guard.mjs → out of scope → tracked
│ └─ drift score += 5, warn if threshold exceeded
│
└─ /salacia-status shows drift report
Key insight: hooks run as shell commands, not LLM calls. Interception is free.
This plugin draws from several research projects and papers. We didn't invent the ideas — we made them practical for everyday use.
| Paper | What we took | What we didn't |
|---|---|---|
| Salacia (StartripAI, 2025) | Contract concept: define allowed paths before execution. Drift scoring formula (out-of-scope=+5, protected=+40). | Their pre-pass layers (fault localization, repo map, intent IR). Their system is a SWE-bench harness; ours is a runtime guard. |
| AgentFL (2024) | Three-step navigation idea (understand→navigate→confirm) validated that fault localization helps agents. $0.074/bug is the bar. | Their multi-agent architecture. We're simpler — single hook script. |
| ContextCov (2025) | Agent instructions → executable constraints. Confirmed that scope can be derived from task description. | Their formal constraint language. We use glob patterns — good enough. |
| Project | What we took | Link |
|---|---|---|
| commit-prophet | Co-change coupling algorithm: coupling(A,B) = co_changes(A,B) / max(changes(A), changes(B)). We ported the core ~50 lines. | GitHub |
| Axon | Coupling threshold ≥0.3 as the default for "related files". Validated by their Tree-sitter knowledge graph. | GitHub |
| CodeScene | Commercial validation that temporal coupling works. Their "change coupling" feature proved the concept at scale. | codescene.com |
What's original in salacia-guard:
Zero-token enforcement via hooks. Everyone else injects scope into the prompt (costs tokens, model can ignore it). We enforce at the tool call level. The model literally cannot edit a protected file.
Soft/hard two-layer scope. Prior work treats scope as binary (in/out). We add a "soft allowed" zone for co-change companions — files that are related but not explicitly in scope. They don't trigger drift penalties but are tracked. This alone cut our false-positive rate from 67% to 27%.
Sibling directory inference. If the contract allows execution/scheduler.ts, we automatically soft-allow execution/**. Simple heuristic, massive impact — 21 files saved from false-positive in our test suite.
Mid-pattern glob matching. Sounds trivial, but config*.ts matching config.ts and configReader.ts is not handled by naive glob implementations. We added regex fallback for * in filename position.
The Salacia paper (StartripAI) implements 5 layers: fault localization → repo map → intent IR → contract → verify & retry. That's a SWE-bench harness — it wraps the entire agent execution.
npx claudepluginhub 2233admin/salacia-guardReviewed team memory compiler for Obsidian vaults — MCP server (50 vault ops), knowledge-work roles, and thinking/research commands
Multi-agent orchestration system for Claude Code
Search and browse system prompts from 40+ AI coding tools. Covers Cursor, Windsurf, Claude Code, Devin, Manus, v0, Lovable, VSCode Agent, and more.
Audit your Claude Code harness for dead weight. Annotate hooks, MCPs, and skills with their origin purpose, then flag what the model has outgrown.
Battle-tested Claude Code plugin for engineering teams — 53 agents, 192 skills, 69 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Personal Claude Code + Codex dev stack: security hooks, AI-first code conventions, /security-review, /repo-map, /stack-check, portable statusline. Designed to complement other skills-based plugins, not replace them.
Governor: always-on compact professional output, telemetry, context slimming, tool-output filtering, prompt guidance, and drift guardrails for Claude Code Max users.
(Alpha) Persistent memory, architectural decisions, and safety guardrails for Claude Code. Your agent starts every session with full project context — stack, decisions, patterns, safety rules, and a handoff from the previous session.
Hand off context to any AI coding agent. Creates comprehensive handoff documents that capture the current task, progress, modified files, and all relevant context needed to seamlessly continue work in any AI assistant (Claude Code, Cursor, Copilot, Aider, etc.).
Coordinate multiple AI agents working on the same codebase. Prevents merge conflicts before code is written.
Mindful AI coding framework — discipline over cleverness. Skill + 21 slash commands + 8 specialist agents + 5 runtime hooks + 15 default checklists + Master Orchestrator + Gravity hub. Works on any model tier (Opus/Sonnet/Haiku). Integrates Claude Design for visual work.