By thomfilg
Config-driven file/directory guard. Lock blocks declare protected paths + an unlock phrase; a PreToolUse hook blocks Edit/Write/Bash/Task mutations unless the user speaks the phrase. Also conceals paths (hard read+write deny, no unlock) and can harden MCP secrets behind a setuid OS boundary. Stores are local, worktree, or global like synapsys.
Audit a project's secrets/conceal posture — config, file ownership/mode, broker presence, .mcp.json wiring, and whether the agent uid is actually denied. Use when the user says "audit secrets", "secrets status", "is my secrets safe set up", "check the conceal boundary", or asks whether the secrets are actually protected.
Conceal a file or folder behind the Heimdall read-deny guard. Use when the user says "conceal <path>", "hide <path> from the agent", "block agent reads of <path>", "make <path> unreadable", or wants a path the agent cannot read OR write. Adds an anchored deny pattern to .claude/heimdall-conceal.json so the agent's Read/Grep/Glob/Edit/Write/MultiEdit and Bash references to the path (or anything under a folder) are HARD-denied — there is no unlock phrase. Layer-2 only (no sudo), active immediately. For an OS-level secrets boundary use /heimdall:harden. This is distinct from /heimdall:protect, which only blocks writes and is liftable by an unlock phrase.
Harden a project's MCP secrets behind a setuid OS boundary (Layer 1). Use when the user says "harden secrets", "set up the secrets safe", "lock my mcp secrets at the OS level", "install the setuid broker", or asks for a real (not just hook-level) boundary around a credentials file. Creates/uses .claude/heimdall-conceal.json, then guides the privileged setup (creates a runner uid, locks the file, installs the setuid broker, rewrites .mcp.json). This is the OS-level companion to /heimdall:conceal (which is hook-only, no sudo).
Configure Heimdall file/directory protection storage and scan for paths to protect. Use when the user says "install heimdall", "set up heimdall", "set up protection", "configure heimdall", "create lock store", "initialize heimdall", or asks to start guarding files. Picks local (./.claude/heimdall), worktree (../.claude/heimdall), global (~/.claude/heimdall/<project>), or shared (~/.claude/heimdall-shared, user-wide across every project), then suggests protectable paths.
List Heimdall lock blocks. Use when the user says "list locks", "show protected files", "what's protected", "what is heimdall guarding", "show heimdall config", "list protection", or asks to inspect or audit what's locked. Displays each store, its lock blocks, unlock phrases, and the resolved file/dir targets.
Executes bash commands
Hook triggers when Bash tool is used
Modifies files
Hook triggers on file write and edit operations
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
A Claude Code plugin marketplace. Three plugins live in this repo under plugins/:
| Plugin | Path | Purpose |
|---|---|---|
work-workflow | plugins/work/ | Deterministic /work orchestrator — ticket → PR delivery via a typed state machine |
synapsys | plugins/synapsys/ | Context-triggered memory injection |
maestro | plugins/maestro/ | Multi-agent orchestration over per-ticket tmux sessions |
Repo-level files (package.json, pnpm-lock.yaml, node_modules/, biome.json, .env) are workspace-wide dev tooling. Plugin assets (agents, hooks, skills, scripts, docs) live entirely inside each plugin's directory.
/plugin marketplace add thomfilg/claude-plugin-work
/plugin install work-workflow@latest
/plugin install synapsys@latest
/plugin install maestro@latest
pnpm test # full unit suite (work-workflow)
pnpm quality # static-code gate (full repo)
pnpm quality:changed # gate on files changed vs main
pnpm format # biome format --write .
CI: .github/workflows/ci.yml runs tests + quality on every PR. .github/workflows/bump-version.yml auto-bumps the work-workflow version on every push to main, derived from the conventional-commit type in the merge subject.
Multi-agent orchestrator. Bootstraps per-ticket tmux sessions in isolated worktrees, conducts them (auto-restart on silence, surface real prompts to the operator), and exposes a file-mailbox signal channel.
Self-contained workflow plugin with agents, hooks, skills, and orchestration. Includes 18 specialized agents, agent-specific hooks, and 25 skills.
Context-triggered memory injection. Memories declare trigger patterns + lifecycle events in frontmatter; matching memories are injected into Claude's context on the right hook.
npx claudepluginhub thomfilg/ai-plugin-work --plugin heimdallMemory compression system for Claude Code - persist context across sessions
Ultra-compressed communication mode. Cuts 65% of output tokens (measured) while keeping full technical accuracy by speaking like a caveman.
Multi-model consensus engine integrating OpenAI Codex CLI, Gemini CLI, and Claude CLI for collaborative code review and problem-solving.
Standalone image generation plugin using Nano Banana MCP server. Generates and edits images, icons, diagrams, patterns, and visual assets via Gemini image models. No Gemini CLI dependency required.
The most comprehensive Claude Code plugin — 38 agents, 156 skills, 72 legacy command shims, selective install profiles, and production-ready hooks for TDD, security scanning, code review, and continuous learning