Search everything...

Stats

Actions

Available In

Clean Room

Name: Clean Room
Author: whit3rabbit

By whit3rabbit

Spec-first clean-room workflow for authorized source analysis without replacement code.

npx claudepluginhub whit3rabbit/clean-room-skill --plugin clean-room

Popularity

Stars

Above avg

Med: 0·Avg: 285

Installs

Med: 0·Avg: 1

What's Inside

Agents7

clean-architect

/clean-architect

Plans clean implementation from approved clean behavioral specs and the clean destination foundation without reading contaminated source or chat history.

clean-implementer-verifier-shell

/clean-implementer-verifier-shell

Shell-capable Agent 3 profile for isolated clean implementation verification homes.

clean-polish-reviewer

/clean-polish-reviewer

Performs final source-denied clean code polish, repository hygiene, verification review, and constrained implementation-root commit after Agent 3 completes.

clean-qa-editor

/clean-qa-editor

Implements the clean implementation plan, verifies the clean destination code, records implementation status, and emits one terminal report for Agent 0.

contaminated-handoff-sanitizer

/contaminated-handoff-sanitizer

Reviews Agent 1 draft specs from a fresh source-denied contaminated context, removes identifying material, and approves only scrubbed artifacts for clean handoff.

Skills8

attended

/attended

Starts the Clean Room startup wizard in attended controller mode for authorized source-to-implementation work with human review pauses at clean-room gates.

clean-room

/clean-room

Use for authorized clean-room, reverse-engineering, source-to-implementation, compatibility rewrite, or migration tasks. Produces clean behavioral specs, implementation plans, clean code changes, verification reports, QC reports, open questions, and test plans without moving source expression into the clean implementation.

init

/init

Records Clean Room initialization preferences, separated artifact locations, model policy, schema profile, and clean-safe rule defaults before a clean-room run starts or resumes.

preflight

/preflight

Creates or reviews the required Clean Room preflight goal contract before source discovery, decomposition, attended execution, or unattended execution.

refocus

/refocus

Audits an existing Clean Room run and steers it back to missed gates without expanding declared scope.

Stats

Version0.6.0

ReleasedJun 16, 2026

LanguageJavaScript

Stars1

MaintenanceExcellent

LicenseMIT

Last CommitJun 16, 2026

AddedJun 8, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

clean-room-skill1

Safety Signals

Caution

Uses power tools

Uses Bash, Write, or Edit tools

README

Clean Room

Clean Room is an agent workflow for turning authorized source analysis into clean behavioral specs, clean implementation plans, and clean destination code. When no indexable source code is available, it can use authorized screenshots/images as contaminated fallback evidence for behavior specs.

It is a POC based on ideas from malus.sh. It is an engineering risk-reduction workflow, not legal advice, and it does not create a legal safe harbor.

What This Is / Does

Use this package when you need documented separation between source-reading work and clean implementation work.

It installs:

Clean-room skills for Codex, Claude Code, and other agent runtime layouts.
Role-agent prompts for contaminated analysis, clean planning, clean implementation, and final polish.
JSON schemas and examples for durable workflow artifacts.
Hook guardrails that help keep source material out of clean artifacts.
A small CLI for runtime installation, bootstrap folders, preflight contracts, canonical artifact templating and validation, hook smoke tests, and the bounded inner clean-room runner.

The workflow creates clean behavioral spec packages and clean implementation outputs. It does not generate replacement code directly from source.

Core boundary:

Contaminated roles may read authorized source or fallback visual evidence and write contaminated artifacts.
Source-denied roles may read only clean artifacts, implementation roots, schemas, and approved public/reference roots.
Clean implementation code is written only under the clean implementation root.
Raw source, raw screenshots, source or visual paths, private identifiers, raw diffs, copied comments, copied UI text, and source-shaped pseudocode must not cross into clean handoff artifacts.

Clean Room Architecture

For the full boundary model, see docs/ARCHITECTURE.md. For CLI and troubleshooting details, see docs/REFERENCE.md.

Install

Requires Node.js >=22.

Recommended path:

npm install -g clean-room-skill
clean-room-skill

The first command installs the CLI. The second command starts the interactive installer for runtime files, skills, agents, and hooks.

For a direct global runtime install, pass the runtime flag:

clean-room-skill --claude --global --yes
clean-room-skill --codex --global --yes
clean-room-skill --opencode --global --yes
clean-room-skill --all --global --yes

If you do not want the CLI installed globally, run the same installer once through npx:

npx clean-room-skill@latest --claude --global --yes
npx clean-room-skill@latest --codex --global --yes
npx clean-room-skill@latest --all --global --yes

Those npx commands install the selected runtime files globally. You do not need to keep running npx to use the installed Claude Code, Pi, Codex, or other runtime entry points.

For edge cases such as ccsilo variants or modified Claude directories, add --config-dir <path-to-claude-config-root> to target that Claude config root explicitly. If Claude is launched through a wrapper, set CLEAN_ROOM_CLAUDE_EXECUTABLE=/absolute/path/to/wrapper; the installer runs that exact executable and rejects relative, cwd-local, and node_modules/.bin paths.

Claude global installs use Claude's plugin system for skills and agents, so entry points are namespaced as /clean-room:init, /clean-room:preflight, and /clean-room. The installer still manages hook files and migrates older standalone Claude skill copies out of the config root on reinstall or update.

Hook modes:

--hooks=safe: default. Hooks are installed but enforce only during clean-room role sessions with the required environment.
--hooks=strict: fail-closed hook mode for dedicated Codex, Claude, or OpenCode clean-room homes.
--hooks=copy-only or --no-hooks: copy hook files without registering runtime hook config.

Verified runtimes are Codex, Claude Code, and OpenCode. OpenCode support uses native skills, commands, and a generated local plugin bridge for hook enforcement. Other runtime layouts are installed on a best-effort basis. See docs/REFERENCE.md for the full support table and install roots.

Marketplace install is also supported.

Codex:

codex plugin marketplace add https://github.com/whit3rabbit/clean-room-skill.git

Claude Code:

/plugin marketplace add https://github.com/whit3rabbit/clean-room-skill.git
/plugin install clean-room@clean-room-skill

Pi:

pi install npm:clean-room-skill@latest
npx clean-room-skill@latest --pi --global --yes

View full README on GitHub

Clean Room

Popularity

What's Inside

Confidence

README

Clean Room

What This Is / Does

Install

Similar Plugins

ecc

fullstack-dev-skills

reverse-engineering

feature-dev

context7-plugin

Clean Room

What This Is / Does

Install

Popularity

Health & Quality

Similar Plugins

ecc

fullstack-dev-skills

reverse-engineering

feature-dev

context7-plugin