fix(claude): support skills-dir plugin installs

.agents/plugins/marketplace.json

@@ -6,7 +6,7 @@
   "plugins": [
     {
       "name": "frontend-skills",
-      "version": "4.11.0",
+      "version": "4.11.1",
       "description": "React/TypeScript frontend + Go backend enforcement harness. 92 wired hooks, 101 scripts, 66 skills (includes /diagnose feedback-loop-first 6-phase debugger, /triage multi-tracker (gh + acli) state machine, green-not-done warnings gate via `test-warning-check` + `ci-warning-audit`, /steelman anti-sycophancy guard, /snyk-ux-security with JS+Go tracks, exploitability-triage first gate, top-level-first upgrade ladder, `govulncheck`), 9 agents, 5 routines. 21 LLM failure modes (7 Karpathy single-agent + 14 MAST multi-agent, Cemri et al. NeurIPS 2025). OWASP+STRIDE, Core Web Vitals gate, bun/yarn lockfile parity, MCP ban with CLI redirect, worktree isolation, agent-browser integration. Opus 4.7 tuned. POSIX-friendly.",
       "source": {
         "source": "local",
@@ -17,7 +17,7 @@
         "authentication": "ON_INSTALL"
       },
       "category": "Development",
-      "x-updatedAt": "2026-05-26",
+      "x-updatedAt": "2026-06-10",
       "x-includes": {
         "instructions": [
           "CLAUDE.md",
@@ -26,6 +26,7 @@
         "settings": "settings.json"
       },
       "x-changelog": {
+        "4.11.1": "2026-06-10 -- Simplify Claude Code v2.1.157+ installation: primary Claude install now clones the repo into `~/.claude/skills/frontend-skills` and verifies `frontend-skills@skills-dir` through `claude plugin list`, with marketplace install retained as a legacy fallback. `verify-install.sh` detects skills-directory plugins, drops stale cache namespace fallback, and keeps clean-HOME smoke coverage. Moves metrics summary to `SessionEnd`, fixes adversarial reviewer frontmatter validation, and hardens branch-safety and scope-lock evals for detached worktrees and pure questions. Full eval suite: 2200/2200.",
         "4.11.0": "2026-05-26 -- Add `/visual-review` skill for browser-based frontend QA before PRs. The workflow runs standalone and is wired into `/go`, `/commit-push`, `/commit-push-pr`, self-reviewer, and code-reviewer for frontend diffs, requiring visual review evidence or an explicit skip reason. Ships platform/environment fingerprinting (browser, user agent, platform, viewport, visualViewport, DPR, media preferences, locale/direction), a platform risk map, Web Weekly-informed visual/a11y/perf checks, and 79 eval assertions. Skills 65 -> 66.",
         "4.10.6": "2026-05-25 -- Codex marketplace install fix: expose root plugin through root plugin path so Codex marketplace source path is a plugin directory while retaining root-relative plugin packaging.",
         "4.10.5": "2026-05-25 -- Vendor remaining mattpocock/skills into repo, caveman-compress new skill docs, add vendoring evals, and fix detached-HEAD branch-safety eval coverage.",

.claude-plugin/marketplace.json

@@ -11,12 +11,12 @@
     {
       "name": "frontend-skills",
       "description": "React/TypeScript frontend + Go backend enforcement harness. 92 wired hooks (101 scripts) enforce patterns on every edit. Green != done: `test-warning-check` + `ci-warning-audit` block passing tests with DeprecationWarning / React `act()` / unhandled rejection noise (local + `gh run view --log` on green CI). 66 skills from TDD through CI-green PR, including /diagnose feedback-loop-first 6-phase debugger + /triage multi-tracker (gh + acli) state machine + /steelman anti-sycophancy guard + /snyk-ux-security JS+Go per-path vuln sweep (exploitability-triage first gate via `bun why`/`go mod why`/`govulncheck`; top-level direct dep bump first, parent dep second, resolutions/overrides/replace last resort only; React 18 pin + changelog-walked majors + no-deferral escalation; Go `go get -u` + `go mod tidy` + `govulncheck` verify). 21 LLM failure modes enforced (7 Karpathy single-agent + 14 MAST multi-agent, Cemri et al. NeurIPS 2025). OWASP + STRIDE + snyk/bun audit. Core Web Vitals perf gate. bun.lock + yarn.lock parity enforced. Worktree isolation + branch safety. MCP ban with CLI redirect (~20x savings). Agent-browser integration (~91% token reduction). 9 agents (3-hat plan review + karpathy reference), 5 routines. Opus 4.7 tuned. POSIX-friendly.",
-      "version": "4.11.0",
+      "version": "4.11.1",
       "source": {
         "source": "github",
         "repo": "redpanda-data/ui-harness"
       },
-      "x-updatedAt": "2026-05-26",
+      "x-updatedAt": "2026-06-10",
       "x-includes": {
         "instructions": [
           "CLAUDE.md",
@@ -25,6 +25,7 @@
         "settings": "settings.json"
       },
       "x-changelog": {
+        "4.11.1": "2026-06-10 -- Simplify Claude Code v2.1.157+ installation: primary Claude install now clones the repo into `~/.claude/skills/frontend-skills` and verifies `frontend-skills@skills-dir` through `claude plugin list`, with marketplace install retained as a legacy fallback. `verify-install.sh` detects skills-directory plugins, drops stale cache namespace fallback, and keeps clean-HOME smoke coverage. Moves metrics summary to `SessionEnd`, fixes adversarial reviewer frontmatter validation, and hardens branch-safety and scope-lock evals for detached worktrees and pure questions. Full eval suite: 2200/2200.",
         "4.11.0": "2026-05-26 -- Add `/visual-review` skill for browser-based frontend QA before PRs. The workflow runs standalone and is wired into `/go`, `/commit-push`, `/commit-push-pr`, self-reviewer, and code-reviewer for frontend diffs, requiring visual review evidence or an explicit skip reason. Ships platform/environment fingerprinting (browser, user agent, platform, viewport, visualViewport, DPR, media preferences, locale/direction), a platform risk map, Web Weekly-informed visual/a11y/perf checks, and 79 eval assertions. Skills 65 -> 66.",
         "4.10.6": "2026-05-25 -- Codex marketplace install fix: expose root plugin through root plugin path so Codex marketplace source path is a plugin directory while retaining root-relative plugin packaging.",
         "4.10.5": "2026-05-25 -- Vendor remaining mattpocock/skills into repo, caveman-compress new skill docs, add vendoring evals, and fix detached-HEAD branch-safety eval coverage.",

.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "frontend-skills",
   "description": "React/TypeScript frontend + Go backend enforcement harness. 92 wired hooks across 101 scripts enforce patterns on every edit. Green != done: `test-warning-check` surfaces warnings on passing test/lint/type runs (DeprecationWarning, React `act()`, unhandled rejection, `@ts-ignore`); `ci-warning-audit` Stop-hook scans `gh run view --log` on green CI for deprecations / console warnings / skipped tests. 66 skills from TDD through CI-green PR, including /steelman anti-sycophancy guard + /snyk-ux-security per-path vuln sweep (JS + Go ecosystems; exploitability-triage first gate via `bun why`/`go mod why`/`govulncheck`; top-level direct dep bump first, parent dep bump second, resolutions/overrides/replace as last resort only with follow-up TODO to remove; React 18 pin + changelog-walked major bumps + no-deferral escalation; Go `snyk test --file=go.mod` + `go get -u` + `go mod tidy` + `govulncheck` verify). Session exit blocked while PR review threads remain unresolved. TypeScript escape hatches blocked at Edit. tsconfig strictness weakening blocked. Worktree isolation + branch safety hook-enforced. bun.lock + yarn.lock parity enforced (Snyk IO doesn't parse bun.lock). 21 LLM failure modes enforced: 7 Karpathy single-agent + 14 MAST multi-agent (Cemri et al. NeurIPS 2025). OWASP + STRIDE subset + snyk/bun audit. Core Web Vitals perf gate. MCP ban with CLI redirect (~20x token savings). Agent-browser wrap (~91% token reduction for AI browsing). 3-hat plan review (product/engineering/design). 9 agents (adds plan hats + karpathy reference), 5 routines. Opus 4.7 tuned, POSIX-friendly.",
-  "version": "4.11.0",
+  "version": "4.11.1",
   "author": {
     "name": "Redpanda Data"
   },
@@ -100,7 +100,7 @@
     "./agents/self-reviewer.md",
     "./agents/verifier.md"
   ],
-  "x-updatedAt": "2026-05-26",
+  "x-updatedAt": "2026-06-10",
   "x-includes": {
     "instructions": [
       "CLAUDE.md",
@@ -110,6 +110,7 @@
     "manifestSource": "skill-manifest.json"
   },
   "x-changelog": {
+    "4.11.1": "2026-06-10 -- Simplify Claude Code v2.1.157+ installation: primary Claude install now clones the repo into `~/.claude/skills/frontend-skills` and verifies `frontend-skills@skills-dir` through `claude plugin list`, with marketplace install retained as a legacy fallback. `verify-install.sh` detects skills-directory plugins, drops stale cache namespace fallback, and keeps clean-HOME smoke coverage. Moves metrics summary to `SessionEnd`, fixes adversarial reviewer frontmatter validation, and hardens branch-safety and scope-lock evals for detached worktrees and pure questions. Full eval suite: 2200/2200.",
     "4.11.0": "2026-05-26 -- Add `/visual-review` skill for browser-based frontend QA before PRs. The workflow runs standalone and is wired into `/go`, `/commit-push`, `/commit-push-pr`, self-reviewer, and code-reviewer for frontend diffs, requiring visual review evidence or an explicit skip reason. Ships platform/environment fingerprinting (browser, user agent, platform, viewport, visualViewport, DPR, media preferences, locale/direction), a platform risk map, Web Weekly-informed visual/a11y/perf checks, and 79 eval assertions. Skills 65 -> 66.",
     "4.10.6": "2026-05-25 -- Codex marketplace install fix: expose root plugin through root plugin path so Codex marketplace source path is a plugin directory while retaining root-relative plugin packaging.",
     "4.10.5": "2026-05-25 -- Vendor remaining mattpocock/skills into repo, caveman-compress new skill docs, add vendoring evals, and fix detached-HEAD branch-safety eval coverage.",

.claude/hooks/intent-detect.sh

@@ -113,17 +113,18 @@ if [ -n "$_pr_number" ]; then
 fi
 
 # ── Scope-lock: prefer committing to current feature branch ─────
-# Auto-detected from branch state, not prompt keywords.
+# Add only when some workflow directive already fired. Pure questions should
+# stay silent even on feature branches.
 
-_current_branch=$(git branch --show-current 2>/dev/null || true)
-case "$_current_branch" in
-  main|master|develop|"") ;;
-  *)
-    if [ -n "$directives" ]; then
+if [ -n "$directives" ]; then
+  _current_branch=$(git branch --show-current 2>/dev/null || true)
+  case "$_current_branch" in
+    main|master|develop|"") ;;
+    *)
       directives="$directives\n[SCOPE-LOCK] On feature branch '$_current_branch'. Prefer committing here. Ask before creating new branches or PRs unless explicitly instructed."
-    fi
-    ;;
-esac
+      ;;
+  esac
+fi
 
 # ── Risk tier (informs auto mode confidence) ────────────────────
 # low: tests, components, refactoring — fully guarded by hooks

.claude/settings.json

@@ -164,6 +164,13 @@
             "args": [
               "session-end.sh"
             ]
+          },
+          {
+            "type": "command",
+            "command": ".claude/hooks/run-hook.sh",
+            "args": [
+              "metrics-summary-stop.sh"
+            ]
           }
         ]
       }

.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "frontend-skills",
-  "version": "4.11.0",
+  "version": "4.11.1",
   "description": "React/TypeScript frontend + Go backend enforcement harness. 92 wired hooks (101 scripts) enforce patterns on every edit. Green != done: `test-warning-check` (local Bash PostToolUse) + `ci-warning-audit` (Stop, scans `gh run view --log`) block passing tests with DeprecationWarning / React `act()` / unhandled rejection / `@ts-ignore` noise. 66 skills from TDD through CI-green PR, including /diagnose feedback-loop-first 6-phase debugger + /triage multi-tracker (gh + acli) state machine + /steelman anti-sycophancy guard + /snyk-ux-security JS+Go per-path vuln sweep (exploitability-triage first gate, top-level-first upgrade ladder, React 18 pin, `govulncheck` for Go). 21 LLM failure modes (7 Karpathy single-agent + 14 MAST multi-agent, Cemri et al. NeurIPS 2025), OWASP + STRIDE, Core Web Vitals gate, bun.lock + yarn.lock parity, worktree isolation + branch safety, MCP ban with CLI redirect (~20x savings), agent-browser integration (~91% token reduction). 9 agents (3 plan-review hats + karpathy reference), 5 routines. Single-source manifest codegen. Opus 4.7 tuned. POSIX-friendly.",
   "author": {
     "name": "Redpanda Data",
@@ -44,7 +44,7 @@
       "Review this PR and fix all findings"
     ]
   },
-  "x-updatedAt": "2026-05-26",
+  "x-updatedAt": "2026-06-10",
   "x-includes": {
     "instructions": [
       "CLAUDE.md",
@@ -53,6 +53,7 @@
     "settings": "settings.json"
   },
   "x-changelog": {
+    "4.11.1": "2026-06-10 -- Simplify Claude Code v2.1.157+ installation: primary Claude install now clones the repo into `~/.claude/skills/frontend-skills` and verifies `frontend-skills@skills-dir` through `claude plugin list`, with marketplace install retained as a legacy fallback. `verify-install.sh` detects skills-directory plugins, drops stale cache namespace fallback, and keeps clean-HOME smoke coverage. Moves metrics summary to `SessionEnd`, fixes adversarial reviewer frontmatter validation, and hardens branch-safety and scope-lock evals for detached worktrees and pure questions. Full eval suite: 2200/2200.",
     "4.11.0": "2026-05-26 -- Add `/visual-review` skill for browser-based frontend QA before PRs. The workflow runs standalone and is wired into `/go`, `/commit-push`, `/commit-push-pr`, self-reviewer, and code-reviewer for frontend diffs, requiring visual review evidence or an explicit skip reason. Ships platform/environment fingerprinting (browser, user agent, platform, viewport, visualViewport, DPR, media preferences, locale/direction), a platform risk map, Web Weekly-informed visual/a11y/perf checks, and 79 eval assertions. Skills 65 -> 66.",
     "4.10.6": "2026-05-25 -- Codex marketplace install fix: expose root plugin through root plugin path so Codex marketplace source path is a plugin directory while retaining root-relative plugin packaging.",
     "4.10.5": "2026-05-25 -- Vendor remaining mattpocock/skills into repo, caveman-compress new skill docs, add vendoring evals, and fix detached-HEAD branch-safety eval coverage.",

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 4.11.1
+
+2026-06-10 -- Simplify Claude Code v2.1.157+ installation: primary Claude install now clones the repo into `~/.claude/skills/frontend-skills` and verifies `frontend-skills@skills-dir` through `claude plugin list`, with marketplace install retained as a legacy fallback. `verify-install.sh` detects skills-directory plugins, drops stale cache namespace fallback, and keeps clean-HOME smoke coverage. Moves metrics summary to `SessionEnd`, fixes adversarial reviewer frontmatter validation, and hardens branch-safety and scope-lock evals for detached worktrees and pure questions. Full eval suite: 2200/2200.
+
 ## 4.11.0
 
 2026-05-26 -- Add `/visual-review` skill for browser-based frontend QA before PRs. The workflow runs standalone and is wired into `/go`, `/commit-push`, `/commit-push-pr`, self-reviewer, and code-reviewer for frontend diffs, requiring visual review evidence or an explicit skip reason. Ships platform/environment fingerprinting (browser, user agent, platform, viewport, visualViewport, DPR, media preferences, locale/direction), a platform risk map, Web Weekly-informed visual/a11y/perf checks, and 79 eval assertions. Skills 65 -> 66. Full visual-review eval suite: 79/79.