Add confidence plugin

.claude-plugin/marketplace.json

@@ -35,7 +35,7 @@
         "url": "https://github.com/adobe/skills.git",
         "path": "plugins/creative-cloud/adobe-for-creativity",
         "ref": "main",
-        "sha": "c467bf831064ebda26f39dd30c02d7cce03eb26c"
+        "sha": "cdf8738152076ea5850354c1a3de21d88e377c2e"
       },
       "homepage": "https://github.com/adobe/skills/tree/main/plugins/creative-cloud/adobe-for-creativity"
     },
@@ -381,7 +381,7 @@
         "url": "https://github.com/awslabs/startups.git",
         "path": "advisor/plugins/aws-startup-advisor",
         "ref": "main",
-        "sha": "3eae13125da8cc923f010b19321137efd0e69a66"
+        "sha": "944e5b17bb4b6a84a76b6382e3f5d7fa9abd7bbd"
       },
       "homepage": "https://github.com/awslabs/startups"
     },
@@ -392,7 +392,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/microsoft/azure-skills.git",
-        "sha": "82492494405b948c8422766ddae390714bbd78ed"
+        "sha": "966330ee4fc61978b6e324993687e917125a1f36"
       },
       "homepage": "https://github.com/microsoft/azure-skills"
     },
@@ -502,7 +502,7 @@
         "url": "https://github.com/carta/plugins.git",
         "path": "plugins/carta-cap-table",
         "ref": "main",
-        "sha": "5e119d7848e1f495092df4e41ac43e609e3293d1"
+        "sha": "9de95825cd0eef06abc819e99591270ce5a77e95"
       },
       "homepage": "https://carta.com"
     },
@@ -518,7 +518,7 @@
         "url": "https://github.com/carta/plugins.git",
         "path": "plugins/carta-crm",
         "ref": "main",
-        "sha": "5e119d7848e1f495092df4e41ac43e609e3293d1"
+        "sha": "9de95825cd0eef06abc819e99591270ce5a77e95"
       },
       "homepage": "https://carta.com"
     },
@@ -534,7 +534,7 @@
         "url": "https://github.com/carta/plugins.git",
         "path": "plugins/carta-investors",
         "ref": "main",
-        "sha": "5e119d7848e1f495092df4e41ac43e609e3293d1"
+        "sha": "9de95825cd0eef06abc819e99591270ce5a77e95"
       },
       "homepage": "https://carta.com"
     },
@@ -720,7 +720,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/cloudflare/skills.git",
-        "sha": "8ff55f2a574f498bbf89675279d92b7a61f4d521"
+        "sha": "e16d698f6be2beb3a100138ac7eb072499bf429f"
       },
       "description": "Skills for the Cloudflare developer platform: Workers, Durable Objects, Agents SDK, MCP servers, Wrangler CLI, and web performance.",
       "category": "deployment",
@@ -804,7 +804,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/CodSpeedHQ/codspeed.git",
-        "sha": "9e21a9c0415c848d1c6d7e66c221f7524433899d"
+        "sha": "32229fdfb99928e5e946b8b53c26f4696fdbda09"
       },
       "homepage": "https://codspeed.io"
     },
@@ -819,6 +819,20 @@
       "category": "productivity",
       "homepage": "https://github.com/anthropics/claude-plugins-public/tree/main/plugins/commit-commands"
     },
+    {
+      "name": "confidence",
+      "description": "Access Confidence feature flags, experiments, and migration tools directly from Claude Code.",
+      "author": {
+        "name": "Spotify Confidence"
+      },
+      "category": "development",
+      "source": {
+        "source": "url",
+        "url": "https://github.com/spotify/confidence-ai-plugins.git",
+        "sha": "2da1d97dfb319335d9d85f9da8c090c82d296a60"
+      },
+      "homepage": "https://confidence.spotify.com"
+    },
     {
       "name": "context7",
       "description": "Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.",
@@ -918,7 +932,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/dash0hq/dash0-agent-plugin.git",
-        "sha": "e1a46f085171787382465b7148070da36127119f"
+        "sha": "19f4a5f96306bd316a124fcf35d56d54d8f99aa1"
       },
       "homepage": "https://dash0.com/"
     },
@@ -1022,7 +1036,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/datarobot-oss/datarobot-agent-skills.git",
-        "sha": "6937e65a4f652ecc08b8b53bd7e79f6e3d1f69b3"
+        "sha": "9e12eca2a8246674aaa6d7bc3b6cf267163d932e"
       },
       "homepage": "https://datarobot.com"
     },
@@ -1361,7 +1375,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/heygen-com/hyperframes.git",
-        "sha": "3b3ece81d1a0b36038e67e58d9ca620e4a3122e9"
+        "sha": "b158870d8f1cd2241d00eb46fa0d2d1c2aa9dfb7"
       },
       "homepage": "https://hyperframes.heygen.com"
     },
@@ -1572,20 +1586,6 @@
       },
       "homepage": "https://github.com/gemini-cli-extensions/looker"
     },
-    {
-      "name": "lovable",
-      "description": "Build, iterate on, deploy, and manage Lovable apps from Claude Code. Bundles the official Lovable MCP server (remote, OAuth 2.1) and adds focused commands for the common build/iterate/database workflows, with credit- and publish-safety prompts.",
-      "author": {
-        "name": "Lovable"
-      },
-      "category": "development",
-      "source": {
-        "source": "url",
-        "url": "https://github.com/lovablelabs/mcp.git",
-        "sha": "9321737a737cf719db44c8124507f75e0bd0d270"
-      },
-      "homepage": "https://lovable.dev"
-    },
     {
       "name": "lua-lsp",
       "description": "Lua language server for code intelligence",
@@ -1736,7 +1736,7 @@
         "url": "https://github.com/awslabs/startups.git",
         "path": "migrate/plugins/migration-to-aws",
         "ref": "main",
-        "sha": "3eae13125da8cc923f010b19321137efd0e69a66"
+        "sha": "944e5b17bb4b6a84a76b6382e3f5d7fa9abd7bbd"
       },
       "homepage": "https://github.com/awslabs/startups"
     },
@@ -1867,7 +1867,7 @@
         "url": "https://github.com/NVIDIA/skills.git",
         "path": "plugins/nvidia-skills",
         "ref": "main",
-        "sha": "b0c4c9abca3e0b493d96a1574c9678daf086c4b5"
+        "sha": "5b2a1e80d0e03fc3c9f60e69a727cdfcc9ab8d4c"
       },
       "homepage": "https://github.com/NVIDIA/skills"
     },
@@ -2023,7 +2023,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/PostHog/ai-plugin.git",
-        "sha": "071b9b841a987aa93409d4db1499237a5120bc63"
+        "sha": "fd9992ff9f74b97ae8cd4a21e69d07687c5369ca"
       },
       "homepage": "https://posthog.com/docs/model-context-protocol"
     },
@@ -2191,7 +2191,7 @@
         "source": "url",
         "url": "https://github.com/RevenueCat/rc-claude-code-plugin.git",
         "path": "revenuecat",
-        "sha": "e0470e8f5413decb0dc67156057b4b5cfc6df447"
+        "sha": "473fd504bf13d25e76bf4a0267b42be3794f6266"
       },
       "homepage": "https://www.revenuecat.com"
     },
@@ -2243,7 +2243,7 @@
         "source": "url",
         "url": "https://github.com/RevenueCat/rc-claude-code-plugin.git",
         "path": "revenuecat",
-        "sha": "e0470e8f5413decb0dc67156057b4b5cfc6df447"
+        "sha": "473fd504bf13d25e76bf4a0267b42be3794f6266"
       },
       "homepage": "https://www.revenuecat.com"
     },
@@ -2376,7 +2376,7 @@
         "url": "https://github.com/SAP/open-ux-tools.git",
         "path": "packages/fiori-mcp-server",
         "ref": "main",
-        "sha": "384fb88f5b4662ec0f7e1ac81689ebccaa9d7cb8"
+        "sha": "b204616c3622abdd40e18c4c1fc09c397978d9e2"
       },
       "homepage": "https://github.com/SAP/open-ux-tools/tree/main/packages/fiori-mcp-server"
     },
@@ -2415,7 +2415,7 @@
     {
       "name": "security-guidance",
       "description": "Security review for Claude-generated code. Pattern-based warnings on edits, LLM-powered diff review on Stop, and an agentic commit reviewer that catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes.",
-      "version": "2.0.7",
+      "version": "2.0.6",
       "author": {
         "name": "Anthropic",
         "email": "support@anthropic.com"
@@ -2443,7 +2443,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/getsentry/sentry-for-claude.git",
-        "sha": "765cca4683e77271900fdf3521a555a04528baaf"
+        "sha": "d65bd23b6779a30564ff2bd3ee6d35746dab86fb"
       },
       "homepage": "https://github.com/getsentry/sentry-for-claude/tree/main"
     },
@@ -2576,7 +2576,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/SonarSource/sonarqube-agent-plugins.git",
-        "sha": "25460dd53961fb4dba3c4b9026b29dfbbd3d87e0"
+        "sha": "5434d7f5cf7aa6e04ff491d59ae98ed6cda64bd0"
       },
       "homepage": "https://www.sonarsource.com"
     },
@@ -2884,7 +2884,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/explorium-ai/vibeprospecting-plugin.git",
-        "sha": "14cb2971a99661382f5a56a9caa7c2d526c4e444"
+        "sha": "aa5903f52d79e7f2a5f9c324c6fff7d5a5d92631"
       },
       "homepage": "https://www.vibeprospecting.ai/product/claude-plugin"
     },
@@ -2909,7 +2909,7 @@
       "source": {
         "source": "url",
         "url": "https://github.com/wix/skills.git",
-        "sha": "561315d22a49544d6518d3a753973d3a95dfafcc"
+        "sha": "a62c26eb185e5dc1cc05fef27ddf654a68e15165"
       },
       "homepage": "https://dev.wix.com/docs/wix-cli/guides/development/about-wix-skills"
     },

plugins/security-guidance/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "security-guidance",
-  "version": "2.0.7",
+  "version": "2.0.6",
   "description": "Security review for Claude-generated code. Pattern-based warnings on edits, LLM-powered diff review on Stop, and an agentic commit reviewer that catches injection, XSS, SSRF, hardcoded secrets, and 25+ other vulnerability classes.",
   "author": {
     "name": "David Dworken",

plugins/security-guidance/hooks/ensure_agent_sdk.py

@@ -318,46 +318,6 @@ def _probe_has_pip() -> bool:
         return False
 
 
-def _probe_alt_python() -> int:
-    """When the hook interpreter is <3.10 (HOOK_PY_INCOMPATIBLE), look for a
-    3.10+ interpreter at well-known install locations that aren't necessarily
-    on the hook's PATH — Homebrew (/opt/homebrew, /usr/local), python.org
-    framework builds, and the `py`/distro layouts. Returns the HIGHEST version
-    found encoded as major*100+minor (e.g. 312), or 0 if none.
-
-    Purpose (telemetry only, for now): size how many of the macOS Python-3.9
-    cohort actually HAVE a newer interpreter that sg-python.sh's PATH probe
-    missed — i.e. how many are RECOVERABLE by an explicit-path search vs.
-    genuinely 3.9-only. Emitted as sdk_alt_py. Existence-checks the versioned
-    binaries (cheap); a later explicit-path search would version-verify before
-    exec'ing. Probed only on the incompatible path, so healthy sessions never
-    pay for it."""
-    candidates = []
-    for minor in (14, 13, 12, 11, 10):
-        candidates += [
-            f"/opt/homebrew/bin/python3.{minor}",        # Apple-Silicon Homebrew
-            f"/usr/local/bin/python3.{minor}",           # Intel Homebrew / python.org shim
-            f"/Library/Frameworks/Python.framework/Versions/3.{minor}/bin/python3",  # python.org
-            f"/usr/bin/python3.{minor}",                 # distro-managed (Linux)
-        ]
-    best = 0
-    for path in candidates:
-        try:
-            if os.access(path, os.X_OK):
-                # path name encodes the minor; parse it back to a code
-                base = os.path.basename(path)
-                minor = None
-                if base.startswith("python3."):
-                    minor = int(base.split(".")[1])
-                elif "/Versions/3." in path:
-                    minor = int(path.split("/Versions/3.")[1].split("/")[0])
-                if minor is not None:
-                    best = max(best, 300 + minor)
-        except (OSError, ValueError, IndexError):
-            continue
-    return best
-
-
 def _pip_err_from_stderr(stderr_b):
     """Categorize a pip-install stderr into a known err_kind (the pip subset
     of SDK_BOOTSTRAP_ERR_CODES). Used by the --target fallback; mirrors the
@@ -828,14 +788,6 @@ if __name__ == "__main__":
         # per healthy session.
         if _encode_err_kind(err_kind) == 11:
             metrics["sdk_has_pip"] = _probe_has_pip()
-    # When the hook interpreter is <3.10 (HOOK_PY_INCOMPATIBLE), probe for a
-    # 3.10+ interpreter at known non-PATH locations. Non-zero sdk_alt_py =
-    # this user is RECOVERABLE by an explicit-path search in sg-python.sh; 0 =
-    # genuinely 3.9-only (needs a user install). Sizes the macOS Py-3.9 cohort
-    # (~13.6% of macOS sessions) before we build the search. Incompatible path
-    # only — healthy sessions never run it.
-    if outcome == HOOK_PY_INCOMPATIBLE:
-        metrics["sdk_alt_py"] = _probe_alt_python()
     # Interpreter version (major*100 + minor, e.g. 309 / 312), emitted on
     # every bootstrap. Disambiguates the macOS cohort (Apple 3.9 vs a 3.10+
     # with broken ensurepip) for both venv_ensurepip_fail AND