sup-standards

sup-internal — Superbalist's Claude Code plugin marketplace

This repository is the org-wide Claude Code plugin marketplace for Superbalist, maintained by Platform Engineering. It distributes shared Claude Code tooling — skills, slash commands, subagents, and safety hooks — to every developer in the organization.

It currently ships one plugin:

• sup-standards — Conventional Commit and secure-code-review skills, a /pr-description command, a code-reviewer subagent, and a PreToolUse hook that blocks accidental secret commits.

Two ways to install

1. Org admin — GitHub sync (production)

An org owner connects this repo under Organization settings → Plugins (GitHub sync). Once connected, the marketplace is distributed to everyone in the org, and plugins can be marked Required. See Connecting as a managed marketplace below. This is the production distribution path.

2. Developer — local marketplace (testing)

To test changes from a local clone before they merge:

# From the repo root
claude plugin marketplace add ./
claude plugin install sup-standards@sup-internal

This adds the marketplace from the local path and installs the plugin so you can try skills, the /pr-description command, the code-reviewer agent, and the secret-blocking hook locally.

Project-scope dogfooding

This repo dogfoods its own plugin. The committed .claude/settings.json registers sup-internal as a local marketplace and enables sup-standards at project scope. That means anyone who clones this repo and runs Claude Code here automatically gets the plugin enabled — no manual install needed — so contributors review the marketplace using the very tooling it ships.

(Machine-specific overrides belong in .claude/settings.local.json, which is git-ignored.)

Local test commands

# Validate the marketplace + plugins exactly as CI does (stdlib Python only)
python3 .github/scripts/validate_plugins.py

# Add and install locally
claude plugin marketplace add .
claude plugin install sup-standards@sup-internal

Marketplace constraints (do not violate)

Because this is a private/internal github.com marketplace, these rules are hard requirements — CI enforces them:

• Relative sources only. Every plugin source in .claude-plugin/marketplace.json is a relative path inside this repo (e.g. ./plugins/sup-standards). github/url/git/npm/pip source types fail for private org marketplaces.
• No path traversal. A plugin may only reference files inside its own folder — only that directory is copied into the cache on install. No ../.
• repository is a string, version is valid semver, and every skill/command/agent has YAML frontmatter with a description.

See CONTRIBUTING.md for the full workflow.

Connecting as a managed marketplace

See the one-paragraph summary at the end of the setup notes, or in short: an org owner opens Organization settings → Plugins, connects this GitHub repo as a synced marketplace, enables Sync automatically so merges to main propagate to all developers, and sets sup-standards to Required so every developer receives it.