Adds three NetSuite agent skills to the official marketplace:
- netsuite-aiconnector-service-skill: runtime guidance for the NetSuite
AI Service Connector (tool selection, output formatting, SuiteQL
safety checklist)
- netsuite-sdf-roles-and-permissions: SDF permission ID lookup and
least-privilege role authoring (ADMI_, LIST_, REGT_, REPO_, TRAN_)
- netsuite-uif-spa-reference: API/type reference for @uif-js/core and
@uif-js/component
All three ship from oracle/netsuite-suitecloud-sdk (packages/agent-skills/)
using git-subdir + strict:false + skills[] — the same shape stagehand uses
for skill-only distributions.
* Add auto-SHA-bump workflow for marketplace plugins
Weekly CI action that discovers stale SHA pins in marketplace.json
and opens a batched PR with updated SHAs. Adapted from the
claude-plugins-community-internal bump-plugin-shas workflow for
the single-file marketplace.json format.
- discover_bumps.py: checks 56 SHA-pinned plugins against upstream
repos, oldest-stale-first rotation, capped at 20 bumps/run
- bump-plugin-shas.yml: weekly Monday schedule + manual dispatch
with dry_run and per-plugin targeting options
Entries without SHA pins (intentionally tracking HEAD) are never
touched. Existing validate-marketplace CI runs on the resulting PR.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Fix input interpolation and add BASE_BRANCH overlay
- Pass workflow_dispatch inputs through env vars instead of direct
${{ inputs.* }} interpolation in run blocks (avoids shell injection)
- Add marketplace.json overlay from main so the workflow can be tested
via dispatch from a feature branch against main's real plugin data
Both patterns match claude-plugins-community-internal's implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Use GitHub App token for PR creation
The anthropics org disables "Allow GitHub Actions to create and approve
pull requests", so GITHUB_TOKEN cannot call gh pr create. Split the
workflow: GITHUB_TOKEN pushes the branch, then the same GitHub App
used by -internal's bump workflow (app-id 2812036) creates the PR.
Prerequisite: app must be installed on this repo and the PEM secret
(CLAUDE_DIRECTORY_BOT_PRIVATE_KEY) must exist in repo settings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* Use --force-with-lease for bump branch push
Prevents push failure if the branch exists from a previous same-day
run whose PR was merged but whose branch wasn't auto-deleted.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Standardize 12 git-subdir plugin entries from owner/repo shorthand to
full https://github.com/owner/repo.git URLs for consistency with the
existing HTTPS entries.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
DMChannel.recipientId can be null when client.channels.fetch() returns
a DM channel with a cold cache. The inbound gate correctly uses
msg.author.id, but fetchAllowedChannel relied on recipientId, so
replies to allowlisted DMs intermittently failed with "channel not
allowlisted" after session restart.
Maintain a channelId→userId map populated during inbound handling and
fall back to it when recipientId is null.
Fixesanthropics/claude-code#40576Fixesanthropics/claude-code#41647🏠 Remote-Dev: homespace
A single ETIMEDOUT/ECONNRESET/DNS failure during long-polling rejected
bot.start(); the catch block returned and polling stopped permanently.
The MCP server process stayed alive (stdin keeps it running), so outbound
reply/react tools kept working — but the bot was deaf to inbound messages
until a full restart. Users see 'typing...' then nothing, indistinguishable
from the harness-side gate bug.
Now all errors retry with the same capped backoff (max 15s). attempt resets
to 0 in onStart so backoff doesn't accumulate across a long-running session.
Co-authored-by: Claude <noreply@anthropic.com>
Official Base44 plugin — full-stack app development with CLI project management
and JavaScript/TypeScript SDK skills. MIT licensed, skills-only (no MCP server).
Partner escalation from #plugin-partner-escalations.
Already merged on -internal (PR #1466, 2026-04-07).
Partner escalation from #plugin-partner-escalations (Lucas Smedley).
Spotify Ads Manager — skills-only plugin for managing ad campaigns
via Claude Code. Already published in community marketplace.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Allow SonarSource to ship updates without requiring SHA bump PRs.
The plugin tracks the default branch (main) going forward.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(telegram): prevent zombie pollers from blocking new sessions
The MCP server runs as a grandchild of the CLI (via `bun run start` →
shell → `bun server.ts`). When the CLI is killed uncleanly (SIGKILL,
crash, terminal close), the grandchild survives as an orphan and keeps
long-polling getUpdates indefinitely. Telegram allows only one consumer
per token, so every subsequent session sees 409 Conflict and the
existing retry loop spins forever.
Three layered mitigations:
- PID lockfile (STATE_DIR/bot.pid): on startup, SIGTERM any stale holder
before claiming the slot, so a fresh session always wins.
- Orphan watchdog: every 5s check for parent reparenting (POSIX ppid
change) or a dead stdin pipe, and self-terminate. Covers cases where
the existing stdin end/close events never fire through the wrapper.
- 409 retry cap: give up after 8 attempts (~28s) instead of looping
forever, and bail immediately if shutdown has begun.
Also adds a SIGHUP handler and removes the pidfile on clean shutdown
(only if still owned by this process).
* chore(telegram): bump version to 0.0.5
---------
Co-authored-by: Claude <noreply@anthropic.com>
- analyze-sessions.mjs: track per-session start/end/tokens and emit
by_day[] in JSON output (date, dow, tokens, peak concurrency,
per-session spans). Hoist shared token-sum in commit loop.
- template.html: new "session timeline by day" section — horizontal
day pills (% of total + session count) drive a lane-packed gantt of
concurrent sessions, colored by project, with hover details and
←/→ keyboard nav. Extract drillList() helper and use it for both
top-prompts and cache-breaks (5 visible + "show more" toggle).
URL-source plugin pointing to cap-js/mcp-server which already has
.claude-plugin/plugin.json and .mcp.json at repo root.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Promotes zoom-plugin from community-internal (PR #1567, merged
2026-04-07) to official. Uses url source pointing at
github.com/zoom/zoom-plugin without a SHA pin to track upstream.
Ref: DIR-77, DIR-79
Promotes expo from community to official. Uses git-subdir source
(expo/skills @ plugins/expo, ref main) without a SHA pin so it
tracks upstream. Description cleaned to remove the reviewer-note
preamble that leaked into the community entry.
Ref: DIR-77, DIR-79
