Marketplace

mistervitopro-plugin-marketplace

A collection of Claude Code plugins by MisterVitoPro

npx claudepluginhub mistervitopro/qa-claude-market

README

View full README on GitHub

3 Plugins

code-atlas

0·

Scan a codebase and generate a comprehensive architecture index with graph-schema and query capability — directory map, key files, tech stack, patterns, dependencies, build commands, and queryable knowledge graph

v2.1.0

MisterVitoPro

plan-runner

0·

Take a Markdown implementation plan, run it through a parallel agent swarm with per-wave verification, and generate a bug-fix plan for re-runs; optional TDD red-green mode with per-task red/green gate evidence

v0.5.0

MisterVitoPro

jupiter

0·

Consolidate scattered specs into a canonical master-spec tree with a navigable index, and append stubs for undocumented public surface found in code

2mo

v0.1.1

MisterVitoPro

Stats

Plugins3

UpdatedJun 11, 2026

Links

View on GitHub View Marketplace JSON

QA Swarm Plugin

AI-powered code quality analyzer that finds security, performance, architecture, and correctness issues across your codebase using specialized agents -- then fixes them via TDD.

4 core agents scan in parallel (security & error handling, performance & resources, correctness, architecture)
Up to 6 optional agents activate based on your project type (config review, type safety, supply chain, etc.)
Source files are pre-read and embedded in agent prompts for zero-overhead analysis
Findings are deduplicated, ranked P0-P3, tagged with confidence levels, and corroborated across agents
Fixes are implemented test-first -- failing tests are written before code is changed

Quick Start

# Install
claude plugin marketplace add MisterVitoPro/qa-swarm

# Analyze your codebase
/qa-swarm:attack "find bugs in the authentication and authorization flow"

# After the swarm completes, implement fixes using the generated file paths
/qa-swarm:implement docs/qa-swarm/2026-04-02-report.md docs/qa-swarm/2026-04-02-spec.md docs/qa-swarm/2026-04-02-tests.md

Why QA Swarm?

Most code review approaches give you one lens at a time. QA Swarm runs 4-10 specialized agents in parallel, each with a distinct expertise. When 3+ agents independently flag the same issue, you know it's real.

	QA Swarm	Manual Review	Linters (ESLint, etc.)	GitHub Code Scanning
Parallel analysis	4-10 agents	1 reviewer	1-2 tools	1 tool
Cross-specialty	Security + perf + architecture + more, simultaneously	Depends on reviewer	Single lens per rule	Single lens
Implements fixes	Yes, TDD-driven	Reviewer suggests, you implement	No	No
Corroboration	Flags issues found by multiple agents	No	No	No
Confidence scoring	Confirmed / Likely / Suspected	Informal	Binary (pass/fail)	Binary
Time	~2-5 minutes	Hours to days	Seconds	Minutes

Best for: Pre-release audits, onboarding to unfamiliar codebases, quarterly deep dives, and catching issues that slip past linters and CI.

Complements (not replaces): Pre-commit hooks, unit tests, and domain-expert code review.

Sample Output

After running /qa-swarm:attack, you get a ranked report like this:

# QA Swarm Report
**Date:** 2026-04-02
**Prompt:** "find bugs in the authentication and authorization flow"
**Agents deployed:** 7 (4 core + 3 optional)

## Summary
- P0 Critical: 2 findings
- P1 High: 5 findings
- P2 Medium: 8 findings
- P3 Low: 3 findings
- Total: 18 findings (6 confirmed, 8 likely, 4 suspected)

## P0 - Critical

### [P0-001] SQL injection in user lookup query
**Confidence:** Confirmed | **Corroborated by:** 3 agents (Security & Error, Correctness, Architecture)
**Location:** src/auth/users.ts:47 in `findUserByEmail`
**Description:** User-supplied email is interpolated directly into a SQL query
without parameterization. An attacker can inject arbitrary SQL via the login form.
**Evidence:**
  const user = await db.query(`SELECT * FROM users WHERE email = '${email}'`);
**Suggested fix:** Use parameterized queries: `db.query('SELECT * FROM users WHERE email = $1', [email])`
**Related files:** src/auth/login.ts, src/middleware/validate.ts

### [P0-002] JWT secret hardcoded in source
**Confidence:** Confirmed | **Corroborated by:** 2 agents (Security & Error, Configuration & Env)
**Location:** src/auth/jwt.ts:12 in `signToken`
**Description:** JWT signing secret is a hardcoded string literal. Anyone with
source access can forge valid tokens.
**Evidence:**
  const SECRET = "super-secret-key-do-not-share";
**Suggested fix:** Move to environment variable: `process.env.JWT_SECRET`
**Related files:** src/auth/verify.ts, .env.example

## P1 - High
...

You also get an implementation spec (step-by-step fix plan, scaled by priority) and a TDD test plan (failing tests written before any code changes).

All files are saved to docs/qa-swarm/{date}-report.md, {date}-spec.md, and {date}-tests.md.

Installation

claude plugin marketplace add MisterVitoPro/qa-swarm
claude plugin install qa-swarm
# Restart Claude Code to activate

Or load directly for a single session:

claude --plugin-dir /path/to/qa-swarm

Usage

Run QA Analysis

/qa-swarm:attack "check all API endpoints for security and input validation issues"

/qa-swarm:attack "review the database layer for data integrity and performance problems"

/qa-swarm:attack "find bugs in the authentication and authorization flow"

After the swarm completes:

Optionally run /clear to free up context (the swarm uses many tokens; clearing helps if your session is running low)
Run /qa-swarm:implement with the generated file paths

mistervitopro-plugin-marketplace

README

3 Plugins

code-atlas

plan-runner

jupiter

mistervitopro-plugin-marketplace

README

QA Swarm Plugin

Quick Start

Why QA Swarm?

Sample Output

Installation

Usage

Run QA Analysis

Implement Fixes

3 Plugins

code-atlas

plan-runner

jupiter

Related Marketplaces

claude-code-workflows

claude-plugins-official

voltagent-subagents

QA Swarm Plugin

Quick Start

Why QA Swarm?

Sample Output

Installation

Usage

Run QA Analysis

Implement Fixes

Related Marketplaces

claude-code-workflows

claude-plugins-official

voltagent-subagents