Add bigquery-data-analytics plugin

2026-06-20 00:24:58 +00:00 · 2026-06-04 19:12:02 -05:00
11 changed files with 131 additions and 1084 deletions
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -19,7 +19,7 @@
        "url": "https://github.com/42Crunch-AI/claude-plugins.git",
        "path": "plugins/api-security-testing",
        "ref": "v1.5.5",
-        "sha": "db2fb7e53e3d93a863930b6f6b7895be5ee01f21"
+        "sha": "1db609845441d4fa8862019191e4138e61f77e67"
      },
      "homepage": "https://42crunch.com"
    },
@@ -57,7 +57,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/SalesforceAIResearch/agentforce-adlc.git",
-        "sha": "fad761fce6cba119d23792b3a96a3bf33e23c566"
+        "sha": "1db738befed88c2ee6d068482cfd64a10c97e2ef"
      },
      "homepage": "https://github.com/SalesforceAIResearch/agentforce-adlc"
    },
@@ -127,20 +127,6 @@
      },
      "homepage": "https://cloud.google.com/alloydb"
    },
    {
      "name": "alloydb-omni",
      "description": "Create, connect, and interact with an AlloyDB Omni database and data.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/alloydb-omni.git",
        "sha": "fbf2476630629f32ce0029bbd62d225950fdfd6d"
      },
      "homepage": "https://github.com/gemini-cli-extensions/alloydb-omni"
    },
    {
      "name": "amazon-location-service",
      "description": "Guide developers through adding maps, places search, geocoding, routing, and other geospatial features with Amazon Location Service, including authentication setup, SDK integration, and best practices.",
@@ -191,7 +177,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/apollographql/skills.git",
-        "sha": "605089108a198e412f7f0c1926c91eb94a6d1727"
+        "sha": "9ccf13477e116ec095ba9b606212492ffbd42926"
      },
      "homepage": "https://www.apollographql.com"
    },
@@ -275,7 +261,7 @@
        "url": "https://github.com/auth0/agent-skills.git",
        "path": "plugins/auth0",
        "ref": "main",
-        "sha": "bdf0dc23f8b17446b2c94bc9f2e5a58d3f1bc114"
+        "sha": "9d93554c5d91bd087a46f4d6825f80c3eb981945"
      },
      "homepage": "https://auth0.com/docs/quickstart/agent-skills"
    },
@@ -291,7 +277,7 @@
        "url": "https://github.com/aws/agent-toolkit-for-aws.git",
        "path": "plugins/aws-agents",
        "ref": "main",
-        "sha": "55b9acfefdcf0866b6bc6cc56c16e6e18e65bd2b"
+        "sha": "df13dea64baaa1b7031b25d1b2f380756131efec"
      },
      "homepage": "https://github.com/aws/agent-toolkit-for-aws"
    },
@@ -320,7 +306,7 @@
        "url": "https://github.com/aws/agent-toolkit-for-aws.git",
        "path": "plugins/aws-core",
        "ref": "main",
-        "sha": "55b9acfefdcf0866b6bc6cc56c16e6e18e65bd2b"
+        "sha": "df13dea64baaa1b7031b25d1b2f380756131efec"
      },
      "homepage": "https://github.com/aws/agent-toolkit-for-aws"
    },
@@ -336,7 +322,7 @@
        "url": "https://github.com/aws/agent-toolkit-for-aws.git",
        "path": "plugins/aws-data-analytics",
        "ref": "main",
-        "sha": "55b9acfefdcf0866b6bc6cc56c16e6e18e65bd2b"
+        "sha": "df13dea64baaa1b7031b25d1b2f380756131efec"
      },
      "homepage": "https://github.com/aws/agent-toolkit-for-aws"
    },
@@ -381,7 +367,7 @@
        "url": "https://github.com/awslabs/startups.git",
        "path": "advisor/plugins/aws-startup-advisor",
        "ref": "main",
-        "sha": "1dd909352dc228f978c2685724cb38e64efe6be4"
+        "sha": "30808e64b08ba13aedcecade5a27bfbff06dba09"
      },
      "homepage": "https://github.com/awslabs/startups"
    },
@@ -392,7 +378,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/microsoft/azure-skills.git",
-        "sha": "02a614f6ee1f052826f834d65c61e430ad152c8e"
+        "sha": "58fd90942ab5045481bf1632fa0c2d7746367e13"
      },
      "homepage": "https://github.com/microsoft/azure-skills"
    },
@@ -472,7 +458,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/brightdata/skills.git",
-        "sha": "bd5bd76bc889f54b744bab3db3cbd42751a1e5b0"
+        "sha": "68651246ad1819b98a1fc15ce10239e55406ff37"
      },
      "homepage": "https://docs.brightdata.com"
    },
@@ -502,7 +488,7 @@
        "url": "https://github.com/carta/plugins.git",
        "path": "plugins/carta-cap-table",
        "ref": "main",
-        "sha": "9eb312908f4a2e2d15e4e935320981433a549f77"
+        "sha": "ea02da68e7be8bf4bc2bffe8f1fd7253f8d0b101"
      },
      "homepage": "https://carta.com"
    },
@@ -518,7 +504,7 @@
        "url": "https://github.com/carta/plugins.git",
        "path": "plugins/carta-crm",
        "ref": "main",
-        "sha": "9eb312908f4a2e2d15e4e935320981433a549f77"
+        "sha": "ea02da68e7be8bf4bc2bffe8f1fd7253f8d0b101"
      },
      "homepage": "https://carta.com"
    },
@@ -534,7 +520,7 @@
        "url": "https://github.com/carta/plugins.git",
        "path": "plugins/carta-investors",
        "ref": "main",
-        "sha": "9eb312908f4a2e2d15e4e935320981433a549f77"
+        "sha": "ea02da68e7be8bf4bc2bffe8f1fd7253f8d0b101"
      },
      "homepage": "https://carta.com"
    },
@@ -561,7 +547,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/ChromeDevTools/chrome-devtools-mcp.git",
-        "sha": "702d3734f276a18efd67561ae00b88ce954cc515"
+        "sha": "89718901174be7c0c58a1a2b29281ab2f053cd53"
      },
      "homepage": "https://github.com/ChromeDevTools/chrome-devtools-mcp"
    },
@@ -655,7 +641,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/ClickHouse/clickhouse-claude-code-plugin.git",
-        "sha": "ecbd47627d7e7b3de15b297b91e0abf3e6ebc746"
+        "sha": "1f30864b720960a797e5c7f6138d328bec3984cb"
      },
      "homepage": "https://github.com/ClickHouse/clickhouse-claude-code-plugin"
    },
@@ -669,24 +655,10 @@
      "source": {
        "source": "url",
        "url": "https://github.com/ClickHouse/agent-skills.git",
-        "sha": "544384f4fab1d6ed59f16a354d1c68296dfa6007"
+        "sha": "46ef08ccf32fa28587b64e0c79106ff437dc8fcb"
      },
      "homepage": "https://clickhouse.com"
    },
    {
      "name": "cloud-sql-mysql",
      "description": "Connect and interact with a Cloud SQL for MySQL database and data.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/cloud-sql-mysql.git",
        "sha": "983c804fe7dc58b3e58021960e7e1831a10e08b9"
      },
      "homepage": "https://github.com/gemini-cli-extensions/cloud-sql-mysql"
    },
    {
      "name": "cloud-sql-postgresql",
      "description": "Create, connect, and interact with a Cloud SQL for PostgreSQL database and data.",
@@ -701,26 +673,12 @@
      },
      "homepage": "https://cloud.google.com/sql"
    },
    {
      "name": "cloud-sql-sqlserver",
      "description": "Connect to Cloud SQL for SQL Server",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/cloud-sql-sqlserver.git",
        "sha": "8e1490ec8f659a5711655d2fa4241597a63d4883"
      },
      "homepage": "https://github.com/gemini-cli-extensions/cloud-sql-sqlserver"
    },
    {
      "name": "cloudflare",
      "source": {
        "source": "url",
        "url": "https://github.com/cloudflare/skills.git",
-        "sha": "c5b7b06b073fa0b4abbd63964630f97d81da69c4"
+        "sha": "60147cbb773649eadca89cee92b4e0caf02234b4"
      },
      "description": "Skills for the Cloudflare developer platform: Workers, Durable Objects, Agents SDK, MCP servers, Wrangler CLI, and web performance.",
      "category": "deployment",
@@ -752,7 +710,7 @@
    },
    {
      "name": "code-modernization",
-      "description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured preflight / assess / map / extract-rules / brief / reimagine / transform / harden workflow, an interactive topology viewer, and specialist review agents",
+      "description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured assess / map / extract-rules / reimagine / transform / harden workflow and specialist review agents",
      "author": {
        "name": "Anthropic",
        "email": "support@anthropic.com"
@@ -804,7 +762,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/CodSpeedHQ/codspeed.git",
-        "sha": "c6112f168b405df8e7310b12a9b80484cd01ac14"
+        "sha": "f79d57d207f039e44a31a976564715f7731e71b6"
      },
      "homepage": "https://codspeed.io"
    },
@@ -872,7 +830,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/CrowdStrike/foundry-skills.git",
-        "sha": "c542c932956fd19177a62b94577f288c832d4680"
+        "sha": "b3f4ecb48333d6007117a29650daa1989a228b5c"
      },
      "homepage": "https://github.com/CrowdStrike/foundry-skills"
    },
@@ -918,7 +876,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/dash0hq/dash0-agent-plugin.git",
-        "sha": "5ff7aa5b8e52e10d10e45ea8e2f7cbebc86758bf"
+        "sha": "8801a21931d80c543c0f51a4b7eef4cd1311c1b5"
      },
      "homepage": "https://dash0.com/"
    },
@@ -998,20 +956,6 @@
      },
      "homepage": "https://datahub.com"
    },
    {
      "name": "dataproc",
      "description": "Manage Dataproc clusters and jobs.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/dataproc.git",
        "sha": "20eec06eee7683311689f4a1437cbb14ac8cd33e"
      },
      "homepage": "https://github.com/gemini-cli-extensions/dataproc"
    },
    {
      "name": "datarobot-agent-skills",
      "description": "DataRobot skills for AI/ML workflows — model training, deployment, predictions, feature engineering, monitoring, explainability, data preparation, App Framework CI/CD, and external agent monitoring.",
@@ -1022,7 +966,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/datarobot-oss/datarobot-agent-skills.git",
-        "sha": "b5a8f7a4bc4d31a1f139a232efbba6127af0474a"
+        "sha": "90a33c0c87362f28be88c14c0ef0f3469e6d2596"
      },
      "homepage": "https://datarobot.com"
    },
@@ -1035,7 +979,7 @@
        "url": "https://github.com/microsoft/Dataverse-skills.git",
        "path": ".github/plugins/dataverse",
        "ref": "main",
-        "sha": "2d50cf65f80efc17ac50632222d61fb374115a70"
+        "sha": "ab906c960db0f2da83c2cb92a3fd162ccaba9cb9"
      },
      "homepage": "https://github.com/microsoft/Dataverse-skills"
    },
@@ -1064,7 +1008,7 @@
        "url": "https://github.com/wonderwhy-er/DesktopCommanderMCP.git",
        "path": "plugins/claude",
        "ref": "main",
-        "sha": "7a9b2ff0339a7fdc29c06a9957b323ef478a1dde"
+        "sha": "cf857bf061cb3b0e8673717dcac1f0fa2ecbdd40"
      },
      "homepage": "https://desktopcommander.app"
    },
@@ -1126,7 +1070,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/exa-labs/exa-mcp-server.git",
-        "sha": "f08388256c5806f457fae777b5528eb02a48e703"
+        "sha": "ad888a188cdefbe832c9feed2c3a97d1cb93cb35"
      },
      "homepage": "https://exa.ai/docs/reference/exa-mcp"
    },
@@ -1150,7 +1094,7 @@
        "url": "https://github.com/expo/skills.git",
        "path": "plugins/expo",
        "ref": "main",
-        "sha": "c38860242118df93d4ec4381a34f4144fff61928"
+        "sha": "fdd3df12151a208853fe540ffea9a67773446377"
      },
      "homepage": "https://github.com/expo/skills/blob/main/plugins/expo/README.md"
    },
@@ -1220,20 +1164,6 @@
      },
      "homepage": "https://github.com/firecrawl/firecrawl-claude-plugin.git"
    },
    {
      "name": "firestore-native",
      "description": "Connect and interact with Firestore databases, collections, and documents.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/firestore-native.git",
        "sha": "f88103bd0ccfe9e1e7a3a7d849de26d197978c9a"
      },
      "homepage": "https://github.com/gemini-cli-extensions/firestore-native"
    },
    {
      "name": "forge-skills",
      "description": "Forge-focused skills and MCP configuration for Atlassian Forge: scaffold and deploy apps (forge create, templates, dev spaces), build Teamwork Graph connectors for Rovo Search/Rovo Chat, pre-deploy review, systematic debugging, plus Forge docs and Atlassian Design System lookups via MCP.",
@@ -1244,7 +1174,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/atlassian/forge-skills.git",
-        "sha": "02103cca4addb4c42d64d4e18a9d1a7f186edf6c"
+        "sha": "2014fae5b1529a22629129b1564ae522593eb46d"
      },
      "homepage": "https://developer.atlassian.com/platform/forge/"
    },
@@ -1270,7 +1200,7 @@
        "source": "github",
        "repo": "fullstorydev/fullstory-skills",
        "commit": "1ec5865e7ab1449f9a0859d164c4b6a8c53b6e2f",
-        "sha": "b20614e2d08d7a7c70775bb62b5af640f60b024b"
+        "sha": "384555c3919a0631a096de1172998c8d855a0f26"
      },
      "homepage": "https://www.fullstory.com"
    },
@@ -1333,7 +1263,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/huggingface/skills.git",
-        "sha": "d7223848c3895fbd447faf2aec73e0a6cdd7fdcd"
+        "sha": "14cea99d5cd028974dbdd8bc12118882cd7a1b67"
      },
      "homepage": "https://github.com/huggingface/skills.git"
    },
@@ -1347,7 +1277,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/hunter-io/claude-plugin.git",
-        "sha": "494b0bd6ac252c7c8d78402cb51c7f635b1469ad"
+        "sha": "69c4e59ee573f4ccd8aa38bbc89e356bc8e7f876"
      },
      "homepage": "https://hunter.io"
    },
@@ -1361,7 +1291,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/heygen-com/hyperframes.git",
-        "sha": "25420bf4cfc37b179b4efeace9db25a7178b61bf"
+        "sha": "8228932e17e3371d5cf77ac5d5988f5322892dad"
      },
      "homepage": "https://hyperframes.heygen.com"
    },
@@ -1415,24 +1345,10 @@
        "source": "github",
        "repo": "jfrog/claude-plugin",
        "commit": "259c8e718266c16e99b4f30ae9b1ed0f9f00d98d",
-        "sha": "117febaa29cbe9449cfb42d1c39b83b858d801a1"
+        "sha": "8324c7fc9a5561398fe57b8a56db53bdbf1e2cda"
      },
      "homepage": "https://jfrog.com"
    },
    {
      "name": "knowledge-catalog",
      "description": "Connect to Knowledge Catalog to discover, manage, monitor, and govern data and AI artifacts across your data platform",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/knowledge-catalog.git",
        "sha": "317e96fdd12aa61778b950192aff627efdc21099"
      },
      "homepage": "https://github.com/gemini-cli-extensions/knowledge-catalog"
    },
    {
      "name": "kotlin-lsp",
      "description": "Kotlin language server for code intelligence",
@@ -1544,20 +1460,6 @@
      },
      "homepage": "https://github.com/pydantic/skills/tree/main/plugins/logfire"
    },
    {
      "name": "looker",
      "description": "Connect to Looker and interact with your data using LookML.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/looker.git",
        "sha": "e912c0342f1bfd436e9236aaef7cc732239c80f7"
      },
      "homepage": "https://github.com/gemini-cli-extensions/looker"
    },
    {
      "name": "lua-lsp",
      "description": "Lua language server for code intelligence",
@@ -1643,7 +1545,7 @@
        "url": "https://github.com/modelcontextprotocol/ext-apps.git",
        "path": "plugins/mcp-apps",
        "ref": "main",
-        "sha": "ca1d29894fabbd1558885a9ec8620dcb01d7457e"
+        "sha": "a9907802937f1da067cbc4aa48b283cd4cfa7dc8"
      },
      "homepage": "https://modelcontextprotocol.io"
    },
@@ -1708,7 +1610,7 @@
        "url": "https://github.com/awslabs/startups.git",
        "path": "migrate/plugins/migration-to-aws",
        "ref": "main",
-        "sha": "1dd909352dc228f978c2685724cb38e64efe6be4"
+        "sha": "30808e64b08ba13aedcecade5a27bfbff06dba09"
      },
      "homepage": "https://github.com/awslabs/startups"
    },
@@ -1770,7 +1672,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/netlify/context-and-tools.git",
-        "sha": "5f777ba63df12f4eb189be4c58bd35d0c8316505"
+        "sha": "cffaf74f79128620b8200956222aeb819f5f8fd5"
      },
      "homepage": "https://github.com/netlify/context-and-tools"
    },
@@ -1839,7 +1741,7 @@
        "url": "https://github.com/NVIDIA/skills.git",
        "path": "plugins/nvidia-skills",
        "ref": "main",
-        "sha": "0482ebce81bd8f2d39990317bb3cfb07637e39fd"
+        "sha": "e695a8397463bbb64d787b3cd88d3c58889be633"
      },
      "homepage": "https://github.com/NVIDIA/skills"
    },
@@ -1855,24 +1757,10 @@
        "url": "https://github.com/oracle-samples/oracle-aidp-samples.git",
        "path": "ai/claude-code-plugins/oracle-ai-data-platform-workbench-spark-connectors",
        "ref": "main",
-        "sha": "00cedef34c99d642d969f87965736768de01cbd6"
+        "sha": "dcd5a5a19537bf9aaa9dd4f48514bc4402bfbc40"
      },
      "homepage": "https://docs.oracle.com/en/cloud/paas/ai-data-platform/index.html"
    },
    {
      "name": "oracledb",
      "description": "Connect, query, and interact with Oracle Databases and their data.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/oracledb.git",
        "sha": "56239109760fd8ea838a56c946400347467bfa6d"
      },
      "homepage": "https://github.com/gemini-cli-extensions/oracledb"
    },
    {
      "name": "outputai",
      "description": "Output.ai workflow development toolkit for Claude Code. Adds 5 specialist agents (planner, builder, debugger, prompt writer, quality reviewer), 40+ slash-command skills covering scaffolding, debugging, evaluation, and credential management, plus a SessionStart hook that auto-loads Output SDK conventions so Claude understands the framework before the first prompt.",
@@ -1885,7 +1773,7 @@
        "url": "https://github.com/growthxai/output.git",
        "path": "coding_assistants/claude/plugins/outputai",
        "ref": "main",
-        "sha": "2cc4685ebadfba9586f01890df48e1b25bd1049a"
+        "sha": "d3c9b1f472358527386f7cc2bb6d4833d9bfe034"
      },
      "homepage": "https://output.ai"
    },
@@ -1933,7 +1821,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/gopigment/ai-plugins.git",
-        "sha": "f7bb2190a3f072bd9be5175bde6a0aa9596fcaaa"
+        "sha": "abf36e64750d1323a4cc5fe79161597668231224"
      },
      "homepage": "https://www.pigment.com"
    },
@@ -1995,7 +1883,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/PostHog/ai-plugin.git",
-        "sha": "db4a86632293ca66eec9a6d278786ddb22c1787e"
+        "sha": "a487311487bc369ee75e70c893d0a0c5ed478ba8"
      },
      "homepage": "https://posthog.com/docs/model-context-protocol"
    },
@@ -2088,7 +1976,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/qdrant/skills.git",
-        "sha": "82337ccd4be601e52871f101844d57b2adbac52b"
+        "sha": "cace39df5cc46f7f0c192ced7391d767749142a0"
      },
      "homepage": "https://skills.qdrant.tech"
    },
@@ -2127,7 +2015,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/quarkusio/quarkus-agent-mcp.git",
-        "sha": "e711107a1171507212dd0edd17b5a922212c3a97"
+        "sha": "01847d5d2eca02bc5751cce18deb41ad76a7a873"
      },
      "homepage": "https://quarkus.io"
    },
@@ -2140,7 +2028,7 @@
        "url": "https://github.com/railwayapp/railway-skills.git",
        "path": "plugins/railway",
        "ref": "main",
-        "sha": "1df604ebd18f528ff16b84975125ecff944cc036"
+        "sha": "831130cda8a659e8c47addd28be2744e9e67d31c"
      },
      "homepage": "https://docs.railway.com/ai/claude-code-plugin"
    },
@@ -2163,7 +2051,7 @@
        "source": "url",
        "url": "https://github.com/RevenueCat/rc-claude-code-plugin.git",
        "path": "revenuecat",
-        "sha": "473fd504bf13d25e76bf4a0267b42be3794f6266"
+        "sha": "b34f9bebe02ceb7e3f32e6d7d081cdfb2e7c37a6"
      },
      "homepage": "https://www.revenuecat.com"
    },
@@ -2203,7 +2091,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/resend/resend-skills.git",
-        "sha": "0888546d6a69149c8d2402d46f395f5dddb1c720"
+        "sha": "0f598ef55623e37a76f972e93a53ffa91c1dc9d1"
      },
      "homepage": "https://resend.com"
    },
@@ -2215,7 +2103,7 @@
        "source": "url",
        "url": "https://github.com/RevenueCat/rc-claude-code-plugin.git",
        "path": "revenuecat",
-        "sha": "473fd504bf13d25e76bf4a0267b42be3794f6266"
+        "sha": "b34f9bebe02ceb7e3f32e6d7d081cdfb2e7c37a6"
      },
      "homepage": "https://www.revenuecat.com"
    },
@@ -2314,7 +2202,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/sanity-io/agent-toolkit.git",
-        "sha": "66f0ec5d9167b3ccb8b3450e5ec34f3b523d4139"
+        "sha": "7e04973754975e73b306b1d4dbae561160d797e9"
      },
      "homepage": "https://www.sanity.io"
    },
@@ -2348,7 +2236,7 @@
        "url": "https://github.com/SAP/open-ux-tools.git",
        "path": "packages/fiori-mcp-server",
        "ref": "main",
-        "sha": "fbfe8c32fb9fc64583aa72ac03ab64f553c407ee"
+        "sha": "b326a9a52b1da51effed574587e31fe5a2755b96"
      },
      "homepage": "https://github.com/SAP/open-ux-tools/tree/main/packages/fiori-mcp-server"
    },
@@ -2380,7 +2268,7 @@
        "url": "https://github.com/spotify/save-to-spotify.git",
        "path": "plugin",
        "ref": "main",
-        "sha": "cd4ea68111d96769b09c0b0d2199e692cf00a73c"
+        "sha": "35527660378c769bcbcfba89d8086d8b9fc4fccb"
      },
      "homepage": "https://github.com/spotify/save-to-spotify"
    },
@@ -2415,7 +2303,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/getsentry/sentry-for-claude.git",
-        "sha": "030b01fb76b21f5d7ef6af5a3c3dfa658a9b5024"
+        "sha": "849303a8411c242d250885ffe714235a3bc2f5fe"
      },
      "homepage": "https://github.com/getsentry/sentry-for-claude/tree/main"
    },
@@ -2431,7 +2319,7 @@
        "url": "https://github.com/getsentry/cli.git",
        "path": "plugins/sentry-cli",
        "ref": "main",
-        "sha": "9e9fe0fb6444f18ed109058b2749cced3c21f87e"
+        "sha": "5b78ddaf28252cb514007526025b138569445fd4"
      },
      "homepage": "https://sentry.io"
    },
@@ -2496,7 +2384,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/Shopify/Shopify-AI-Toolkit.git",
-        "sha": "a8e87a7cff153479eb77230d9c232484a1f3062f"
+        "sha": "859be93bfc858f183ff5eb40183e35a4d91d2950"
      },
      "homepage": "https://shopify.dev"
    },
@@ -2534,7 +2422,7 @@
        "url": "https://github.com/Snowflake-Labs/snowflake-ai-kit.git",
        "path": "plugins/cortex-code",
        "ref": "main",
-        "sha": "6a22eb1ff3b451c35e40468a118bbee54610c9bd"
+        "sha": "c3f720020a3b6c8927f97362c2e5884e959acd53"
      },
      "homepage": "https://docs.snowflake.com/en/user-guide/cortex-code"
    },
@@ -2574,20 +2462,6 @@
      },
      "homepage": "https://sourcegraph.com"
    },
    {
      "name": "spanner",
      "description": "Connect and interact with Spanner data using natural language.",
      "author": {
        "name": "Google LLC"
      },
      "category": "database",
      "source": {
        "source": "url",
        "url": "https://github.com/gemini-cli-extensions/spanner.git",
        "sha": "d4678e2bc04f60f3dfcdb6b916df28e63a0d615f"
      },
      "homepage": "https://github.com/gemini-cli-extensions/spanner"
    },
    {
      "name": "spotify-ads-api",
      "description": "Manage Spotify ad campaigns with natural language. Create campaigns, ad sets, ads, pull reports, and handle OAuth — all through conversation.",
@@ -2608,7 +2482,7 @@
        "url": "https://github.com/stripe/ai.git",
        "path": "providers/claude/plugin",
        "ref": "main",
-        "sha": "b8f6adcb5d05f6ff01334411561ee8cb1ec014c6"
+        "sha": "e27ee0091ed20f7557f3241e00ade3d4846af9d6"
      },
      "homepage": "https://github.com/stripe/ai/tree/main/providers/claude/plugin"
    },
@@ -2631,7 +2505,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/supabase-community/supabase-plugin.git",
-        "sha": "2ed49769b1ec2f6703a14290af484df651336150"
+        "sha": "3217ac038647f6901a166f3264a32f01833f73ba"
      },
      "homepage": "https://github.com/supabase-community/supabase-plugin"
    },
@@ -2676,7 +2550,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/JetBrains/teamcity-cli.git",
-        "sha": "67e21f0be908daa7ca1e04c8016d1bc81750baee"
+        "sha": "3cc3013c0f8106ffc845b34fb322d763803bcb0e"
      },
      "homepage": "https://www.jetbrains.com/teamcity/"
    },
@@ -2707,7 +2581,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/togethercomputer/skills.git",
-        "sha": "fb94cc1402900eb608c31e7102fc23566f8b0363"
+        "sha": "9772f2a2f83e2184c341dd2650ac4c7efb76c33b"
      },
      "homepage": "https://www.together.ai"
    },
@@ -2769,7 +2643,7 @@
        "url": "https://github.com/UI5/plugins-coding-agents.git",
        "path": "plugins/ui5",
        "ref": "main",
-        "sha": "9b3d7d80356f687725f9584988e4038dbead0d53"
+        "sha": "767ac53cb056a0c900374ccea0df96c54b769eb2"
      },
      "homepage": "https://github.com/UI5/plugins-coding-agents"
    },
@@ -2787,7 +2661,7 @@
        "url": "https://github.com/UI5/plugins-coding-agents.git",
        "path": "plugins/ui5-typescript-conversion",
        "ref": "main",
-        "sha": "9b3d7d80356f687725f9584988e4038dbead0d53"
+        "sha": "767ac53cb056a0c900374ccea0df96c54b769eb2"
      },
      "homepage": "https://github.com/UI5/plugins-coding-agents"
    },
@@ -2803,7 +2677,7 @@
        "url": "https://github.com/val-town/plugins.git",
        "path": "plugin",
        "ref": "main",
-        "sha": "02631f998eda9b88d73d699703b062db059d506b"
+        "sha": "e01069e11ea6e46b8d2d5fd2945f2dd4d33e6a57"
      },
      "homepage": "https://val.town"
    },
@@ -2856,7 +2730,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/explorium-ai/vibeprospecting-plugin.git",
-        "sha": "aa5903f52d79e7f2a5f9c324c6fff7d5a5d92631"
+        "sha": "7ed0c4e2965ee315132c3c714609b46b23b5edc0"
      },
      "homepage": "https://www.vibeprospecting.ai/product/claude-plugin"
    },
@@ -2881,7 +2755,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/wix/skills.git",
-        "sha": "188ed338f39d70e5aef7f9a2582bbf338f223b78"
+        "sha": "f99715fc149208608a148c0fe0ed16c0f80ee734"
      },
      "homepage": "https://dev.wix.com/docs/wix-cli/guides/development/about-wix-skills"
    },
@@ -2934,7 +2808,7 @@
        "url": "https://github.com/zapier/zapier-mcp.git",
        "path": "plugins/zapier",
        "ref": "main",
-        "sha": "770167c572deaf74c588b45d88003ddf2145d608"
+        "sha": "f34a7854febed415c9ef766eec1c66529ef0668e"
      },
      "homepage": "https://github.com/zapier/zapier-mcp/tree/main/plugins/zapier"
    },
@@ -2988,7 +2862,7 @@
      "source": {
        "source": "url",
        "url": "https://github.com/zscaler/zscaler-mcp-server.git",
-        "sha": "f84ce4f0ed48047614a4202ac311cbdf00ea9a10"
+        "sha": "be37fb604a07dc9c5a4c3e009312c4f11acaa6d3"
      },
      "homepage": "https://github.com/zscaler/zscaler-mcp-server"
    }
--- a/plugins/code-modernization/.claude-plugin/plugin.json
+++ b/plugins/code-modernization/.claude-plugin/plugin.json
@@ -1,6 +1,6 @@
 {
  "name": "code-modernization",
-  "description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured preflight / assess / map / extract-rules / brief / reimagine / transform / harden workflow, an interactive topology viewer, and specialist review agents",
+  "description": "Modernize legacy codebases (COBOL, legacy Java/C++, monolith web apps) with a structured assess → map → extract-rules → brief → reimagine/transform → harden workflow and specialist review agents",
  "author": {
    "name": "Anthropic",
    "email": "support@anthropic.com"
--- a/plugins/code-modernization/README.md
+++ b/plugins/code-modernization/README.md
@@ -7,7 +7,7 @@ A structured workflow and set of specialist agents for modernizing legacy codeba
 Legacy modernization fails most often not because the target technology is wrong, but because teams skip steps: they transform code before understanding it, reimagine architecture before extracting business rules, or ship without a harness that would catch behavior drift. This plugin enforces a sequence:
 ```
-preflight → assess → map → extract-rules → brief → reimagine | transform → harden
+assess → map → extract-rules → brief → reimagine | transform → harden
 ```
 The discovery commands (`assess`, `map`, `extract-rules`) build artifacts under `analysis/<system>/`. The `brief` command synthesizes them into an approval gate. The build commands (`reimagine`, `transform`) write new code under `modernized/`. The `harden` command audits the legacy system and produces a reviewable remediation patch. Each step has a dedicated slash command, and specialist agents (legacy analyst, business rules extractor, architecture critic, security auditor, test engineer) are invoked from within those commands — or directly — to keep the work honest.
@@ -20,36 +20,25 @@ Commands take a `<system-dir>` argument and assume the system being modernized l
 mkdir -p legacy && ln -s /path/to/your/legacy/codebase legacy/billing
 ```
-## What to give Claude
+## Optional tooling
-The commands degrade gracefully, but each of these makes the output meaningfully better — run `/modernize-preflight <system-dir>` to check all of them at once and get a readiness report:
+`/modernize-assess` works best with [`scc`](https://github.com/boyter/scc) (LOC + complexity + COCOMO) or [`cloc`](https://github.com/AlDanial/cloc), and falls back to `find`/`wc` if neither is installed. Portfolio mode also benefits from [`lizard`](https://github.com/terryyin/lizard) (cyclomatic complexity). The commands degrade gracefully without them, but the metrics will be coarser.
 - **Analysis tools**: [`scc`](https://github.com/boyter/scc) (LOC + complexity + COCOMO) or [`cloc`](https://github.com/AlDanial/cloc); [`lizard`](https://github.com/terryyin/lizard) for portfolio mode. Without them, metrics fall back to `find`/`wc` and get coarser.
 - **A working build toolchain** for the legacy stack (e.g. GnuCOBOL for COBOL) — required before `/modernize-transform` can prove behavioral equivalence, and verified by preflight with a real smoke compile against your code.
 - **The whole system in the tree**: deployment descriptors (JCL, CICS definitions, route configs), copybooks/includes, and DDL/schemas. Entry-point detection and data lineage in `/modernize-map` are guesswork without them.
 - **Production telemetry** (optional): an observability MCP server or batch job logs enable the runtime overlay in `/modernize-assess` and timing annotations on critical paths.
 ## Commands
 The commands are designed to be run in order, but each produces a standalone artifact so you can stop, review, and resume.
 ### `/modernize-preflight <system-dir> [target-stack]`
 Environment readiness check, meant to run first: detects the legacy stack, checks analysis tooling, **smoke-compiles a real source file** with the legacy toolchain (the errors this surfaces — missing copybooks, wrong dialect flags — are the ones that otherwise appear mid-transform), inventories missing includes / deployment descriptors / binary-only artifacts, and probes for telemetry. Produces `analysis/<system>/PREFLIGHT.md` with a per-command Ready / Ready-with-gaps / Not-ready verdict.
 ### `/modernize-assess <system-dir>`  — or — `/modernize-assess --portfolio <parent-dir>`
 Inventory the legacy codebase: languages, line counts, complexity, build system, integrations, technical debt, security posture, documentation gaps, and a COCOMO-derived effort estimate. Produces `analysis/<system>/ASSESSMENT.md` and `analysis/<system>/ARCHITECTURE.mmd`. Spawns `legacy-analyst` (×2) and `security-auditor` in parallel for deep reads. With `--portfolio`, sweeps every subdirectory of a parent directory and writes a sequencing heat-map to `analysis/portfolio.html`.
 ### `/modernize-map <system-dir>`
-
+Build a dependency and topology map of the **legacy** system: program/module call graph, data lineage (programs ↔ data stores), entry points, dead-end candidates, and one traced critical-path business flow. Writes a re-runnable extraction script and produces `analysis/<system>/topology.json` (machine-readable), `analysis/<system>/TOPOLOGY.html` (rendered Mermaid + architect observations), and standalone `call-graph.mmd`, `data-lineage.mmd`, and `critical-path.mmd`.
 ![Interactive topology map of AWS CardDemo — domains as containers, modules sized by lines of code, dependency edges colored by kind, entry points ringed](assets/topology-viewer-screenshot.jpg)
 Build a dependency and topology map of the **legacy** system: program/module call graph, data lineage (programs ↔ data stores), entry points, dead-end candidates, and 2–4 traced business flows each anchored to a persona (the claimant, the operator, the auditor — not the maintainer). Writes a re-runnable extraction script and produces `analysis/<system>/topology.json` plus `analysis/<system>/TOPOLOGY.html` — an **interactive zoomable map** (circle-pack of domains/modules sized by LOC, dependency edges with per-kind toggles, search, click-for-details sidebar, and a walkthrough mode that plays each persona flow as a numbered path with a plain-language narrative). Built from a template shipped with the plugin, so it works on systems far too dense for a static diagram. Small domain-level `call-graph.mmd`, `data-lineage.mmd`, and `critical-path.mmd` are still exported for docs and PRs.
 ### `/modernize-extract-rules <system-dir> [module-pattern]`
 Mine the business rules embedded in the legacy code — calculations, validations, eligibility, state transitions, policies — into Given/When/Then "Rule Cards" with `file:line` citations and confidence ratings. Spawns three `business-rules-extractor` agents in parallel (calculations, validations, lifecycle). Produces `analysis/<system>/BUSINESS_RULES.md` and `analysis/<system>/DATA_OBJECTS.md`.
 ### `/modernize-brief <system-dir> [target-stack]`
-Synthesize the discovery artifacts into a phased **Modernization Brief** — the single document a steering committee approves and engineering executes: target architecture, strangler-fig phase plan with entry/exit criteria, persona-based business walkthroughs (the section non-technical approvers actually read), behavior contract, validation strategy, open questions, and an approval block. Reads `ASSESSMENT.md`, `TOPOLOGY.html`, and `BUSINESS_RULES.md` and **stops if any are missing** — run the discovery commands first. Produces `analysis/<system>/MODERNIZATION_BRIEF.md` and enters plan mode as a human-in-the-loop gate.
+Synthesize the discovery artifacts into a phased **Modernization Brief** — the single document a steering committee approves and engineering executes: target architecture, strangler-fig phase plan with entry/exit criteria, behavior contract, validation strategy, open questions, and an approval block. Reads `ASSESSMENT.md`, `TOPOLOGY.html`, and `BUSINESS_RULES.md` and **stops if any are missing** — run the discovery commands first. Produces `analysis/<system>/MODERNIZATION_BRIEF.md` and enters plan mode as a human-in-the-loop gate.
 ### `/modernize-reimagine <system-dir> <target-vision>`
 Greenfield rebuild from extracted intent rather than a structural port. Mines a spec (`analysis/<system>/AI_NATIVE_SPEC.md`), designs a target architecture and has it adversarially reviewed (`analysis/<system>/REIMAGINED_ARCHITECTURE.md`), then **scaffolds services with executable acceptance tests** under `modernized/<system>-reimagined/` and writes a `CLAUDE.md` knowledge handoff for the new system. Two human-in-the-loop checkpoints. Spawns `business-rules-extractor`, `legacy-analyst` (×2), `architecture-critic`, and general-purpose scaffolding agents.
@@ -57,9 +46,6 @@ Greenfield rebuild from extracted intent rather than a structural port. Mines a
 ### `/modernize-transform <system-dir> <module> <target-stack>`
 Surgical, single-module strangler-fig rewrite. Plans first (HITL gate), then writes characterization tests via `test-engineer`, then an idiomatic target implementation under `modernized/<system>/<module>/`, proves equivalence by running the tests, and produces `TRANSFORMATION_NOTES.md` mapping legacy → modern with deliberate deviations called out. Reviewed by `architecture-critic`.
 ### `/modernize-status <system-dir>`
 Read-only progress report: artifact inventory with timestamps per workflow stage, staleness flags (e.g. a brief older than the assessment it was built from), secrets-hygiene checks (quarantine file gitignored and never committed), and the single most useful next command. Run it anytime you come back to a modernization after a break.
 ### `/modernize-harden <system-dir>`
 Security hardening pass on the **legacy** system: OWASP/CWE scan, dependency CVEs, secrets, injection. Spawns `security-auditor`. Produces `analysis/<system>/SECURITY_FINDINGS.md` ranked Critical / High / Medium / Low and a reviewed `analysis/<system>/security_remediation.patch` with minimal fixes for the Critical/High findings. The patch is reviewed by a second `security-auditor` pass before you see it. **Never edits `legacy/`** — you review and apply the patch yourself when ready, then re-run to verify. Useful as a pre-modernization step when the legacy system will keep running in production during the migration.
@@ -95,21 +81,17 @@ This plugin ships commands and agents, but modernization projects benefit from a
      "Edit(modernized/**)"
    ],
    "deny": [
-      "Edit(legacy/**)",
+      "Edit(legacy/**)"
      "Write(legacy/**)"
    ]
  }
 }
 ```
-Adjust `legacy/` and `modernized/` to match your actual layout. The key invariants: `Edit`/`Write` under `legacy/` are denied, and writes are scoped to `analysis/` (for documents) and `modernized/` (for the new code). Note this guards the file tools — shell commands that mutate files (`sed -i`, `git apply`) still go through the normal Bash permission prompt, so review those prompts with the same invariant in mind. Every command in this plugin respects this — `/modernize-harden` writes a patch to `analysis/` rather than editing `legacy/` in place.
+Adjust `legacy/` and `modernized/` to match your actual layout. The key invariants: `Edit` under `legacy/` is denied, and writes are scoped to `analysis/` (for documents) and `modernized/` (for the new code). Every command in this plugin respects this — `/modernize-harden` writes a patch to `analysis/` rather than editing `legacy/` in place.
 ## Typical Workflow
 ```bash
 # 0. Check the environment is ready (tools, toolchain, source completeness)
 /modernize-preflight billing
 # 1. Inventory the legacy system (or sweep a portfolio of them)
 /modernize-assess billing
@@ -130,9 +112,6 @@ Adjust `legacy/` and `modernized/` to match your actual layout. The key invarian
 # 6. Security-harden the legacy system that's still in production
 /modernize-harden billing
 # Anytime: where am I, what's stale, what's next
 /modernize-status billing
 ```
 ## License
--- a/plugins/code-modernization/assets/topology-viewer-screenshot.jpg
+++ b/plugins/code-modernization/assets/topology-viewer-screenshot.jpg
--- a/plugins/code-modernization/assets/topology-viewer.html
+++ b/plugins/code-modernization/assets/topology-viewer.html
--- a/plugins/code-modernization/commands/modernize-brief.md
+++ b/plugins/code-modernization/commands/modernize-brief.md
@@ -8,19 +8,10 @@ single document a steering committee approves and engineering executes.
 Target stack: `$2` (if blank, recommend one based on the assessment findings).
-Read `analysis/$1/ASSESSMENT.md`, `analysis/$1/topology.json` (plus the
+Read `analysis/$1/ASSESSMENT.md`, `analysis/$1/TOPOLOGY.html` (and the `.mmd`
-`.mmd` files alongside it — do NOT read `TOPOLOGY.html`, it's an
+files alongside it), and `analysis/$1/BUSINESS_RULES.md` first. If any are
-interactive viewer with the data minified inside), and
+missing, say so and stop — they come from `/modernize-assess`, `/modernize-map`,
-`analysis/$1/BUSINESS_RULES.md` first. If any are missing, say so and
+and `/modernize-extract-rules` respectively. Run those first.
 stop — they come from `/modernize-assess`, `/modernize-map`, and
 `/modernize-extract-rules` respectively. Run those first.
 **Staleness check:** compare modification times. If any input is newer
 than an existing `MODERNIZATION_BRIEF.md`, the brief is being justifiably
 regenerated; but if an existing brief is newer than all inputs and the
 user re-ran this command anyway, ask what changed. Either way, note the
 input timestamps in the brief's header so reviewers can see what it was
 built from.
 ## The Brief
@@ -40,38 +31,28 @@ fewest-dependencies first. For each phase:
 - Scope (which legacy modules, which target services)
 - Entry criteria (what must be true to start)
 - Exit criteria (what tests/metrics prove it's done)
- Estimated effort (person-months, same unit as the assessment's COCOMO
+- Estimated effort (person-weeks, derived from COCOMO + complexity data)
  figure — convert deliberately if you present weeks)
 - Risk level + top 2 risks + mitigation
 Render the phases as a Mermaid `gantt` chart.
-### 4. Business Walkthroughs
+### 4. Behavior Contract
 For each persona flow in `analysis/$1/topology.json` (`flows` — produced
 by `/modernize-map`), a short narrative table: persona, what happens in
 business language, which legacy modules implement it today, and which
 phase from §3 replaces each. This is the section non-technical approvers
 actually read — it connects "Phase 2" to "what happens when a customer
 files a claim". If topology.json has no flows, derive 2–3 walkthroughs
 from the entry points and say they need SME confirmation.
 ### 5. Behavior Contract
 List the **P0 rules** from BUSINESS_RULES.md (the ones tagged `Priority: P0` —
 money, regulatory, data integrity) that MUST be proven equivalent before any
 phase ships. These become the regression suite. Flag any P0 rule with
 Confidence < High as a blocker requiring SME confirmation before its phase
 starts.
-### 6. Validation Strategy
+### 5. Validation Strategy
 State which combination applies: characterization tests, contract tests,
 parallel-run / dual-execution diff, property-based tests, manual UAT.
 Justify per phase.
-### 7. Open Questions
+### 6. Open Questions
 Anything requiring human/SME decision before Phase 1 starts. Each as a
 checkbox the approver must tick.
-### 8. Approval Block
+### 7. Approval Block
 ```
 Approved by: ________________  Date: __________
 Approval covers: Phase 1 only | Full plan
@@ -79,7 +60,6 @@ Approval covers: Phase 1 only | Full plan
 ## Present
-Present a summary of the brief and **stop — write nothing further until
+Enter **plan mode** and present a summary of the brief. Do NOT proceed to any
-the user explicitly approves** (use plan mode if the session supports
+transformation until the user explicitly approves. This gate is the
-it). This gate is the human-in-the-loop control point; "no objection" is
+human-in-the-loop control point.
 not approval.
--- a/plugins/code-modernization/commands/modernize-map.md
+++ b/plugins/code-modernization/commands/modernize-map.md
@@ -55,124 +55,50 @@ re-run and audited. Have it write a machine-readable
 `analysis/$1/topology.json` and print a human summary. Run it; show the
 summary (cap at ~200 lines for very large estates).
 `topology.json` must follow this schema — it feeds the interactive viewer:
 ```json
 {
  "system": "<display name>",
  "root": {
    "id": "sys", "name": "<system>", "kind": "system",
    "children": [
      { "id": "dom:<domain>", "name": "<Domain>", "kind": "domain",
        "children": [
          { "id": "<MODULE>", "name": "<MODULE>", "kind": "module",
            "language": "cobol", "loc": 1234, "file": "src/MODULE.cbl" }
        ] },
      { "id": "dom:data", "name": "Data stores", "kind": "domain",
        "children": [
          { "id": "ds:<NAME>", "name": "<NAME>", "kind": "datastore" }
        ] }
    ]
  },
  "edges": [
    { "source": "<id>", "target": "<id>", "kind": "call" }
  ],
  "entryPoints": ["<id>", "..."],
  "deadEnds": ["<id>", "..."],
  "observations": ["<architect observation>", "..."],
  "flows": [
    { "name": "<business flow>", "persona": "<who experiences it>",
      "description": "<one sentence, plain language>",
      "steps": [
        { "label": "<business-language step>", "nodes": ["<id>", "<id>"] }
      ] }
  ]
 }
 ```
 - Group leaf modules under `domain` containers (use the domains from
  `/modernize-assess` if available). Leaf kinds: `module`, `datastore`,
  `job`, `screen`. `loc` drives circle size — include it for modules.
 - Edge kinds: `call` (direct), `dispatch` (dynamic/router), `read`,
  `write`. Every edge endpoint must be a leaf id that exists in the tree.
 - `deadEnds`: the dead-end candidates from the extraction, rendered with
  a dashed outline in the viewer. Apply the suppression rules above —
  anything that could be the target of an unresolved dynamic call does
  NOT belong here; record that uncertainty in `observations` instead.
 - **Datastore ids and names must be logical identifiers** — DD name,
  dataset name, table/schema name, at most host:port. If the resolved
  config value is a URL or DSN, strip userinfo and credential query
  params before it goes anywhere in topology.json: the file gets
  committed and the viewer displays names verbatim. Never copy raw
  config values into `observations`.
 - `observations`: 3–7 architect observations — tight coupling clusters,
  single points of failure, service-extraction candidates, data stores
  with too many writers, dispatch targets the extraction could not
  resolve.
 - `flows` is the **persona walkthrough** section — see below.
 ## Persona flows
 Trace **2–4 end-to-end business flows**, each anchored to a persona —
 the people who experience the system, not the people who maintain it
 (e.g. for a benefits system: the claimant, the caseworker, the auditor;
 for billing: the customer, the billing operator). For each flow:
 - `name` + one-sentence `description` in plain business language —
  something a steering committee member relates to ("a claimant files a
  weekly claim"), not a data-flow label ("CLM batch ingest").
 - `steps`: 3–8 steps, each with a business-language `label` and the
  `nodes` (programs + data stores) that implement that step, in
  execution order.
 This is the bridge between the technical map and non-technical
 stakeholders: the same diagram answers "which program does X" for
 engineers and "what happens when someone files a claim" for everyone else.
 ## Render
-`analysis/$1/TOPOLOGY.html` is an **interactive map**: a zoomable
+From the extracted data, generate **three Mermaid diagrams** and write them
-circle-pack of the whole system (domains as containers, modules sized by
+to `analysis/$1/TOPOLOGY.html` as a self-contained page that renders in any
-LOC) with dependency edges, search, per-node detail sidebar, edge-kind
+browser.
 toggles, and a flow-walkthrough mode that plays each persona flow as a
 numbered path. Build it from the template that ships with this plugin —
 do not hand-write the viewer:
-```bash
+The HTML page must use: dark `#1e1e1e` background, `#d4d4d4` text,
-python3 - "${CLAUDE_PLUGIN_ROOT}/assets/topology-viewer.html" analysis/$1 <<'EOF'
+`#cc785c` for `<h2>`/accents, `system-ui` font, all CSS **inline** (no
-import json, sys
+external stylesheets). Load Mermaid from a CDN in `<head>`:
-tpl_path, out_dir = sys.argv[1], sys.argv[2]
+
-tpl = open(tpl_path).read()
+```html
-marker = "/*__TOPOLOGY_DATA__*/ null"
+<script type="module">
-assert marker in tpl, f"injection marker not found in {tpl_path}"
+  import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs';
-data = json.dumps(json.load(open(f"{out_dir}/topology.json")))
+  mermaid.initialize({ startOnLoad: true, theme: 'dark' });
-open(f"{out_dir}/TOPOLOGY.html", "w").write(
+</script>
    tpl.replace(marker, "/*__TOPOLOGY_DATA__*/ " + data))
 print(f"wrote {out_dir}/TOPOLOGY.html")
 EOF
 ```
-The viewer is fully self-contained (the d3 subset it needs is inlined in
+Each diagram goes in a `<pre class="mermaid">...</pre>` block. Do **not**
-the template) — it works offline and on air-gapped networks. If the
+wrap diagrams in markdown ` ``` ` fences inside the HTML.
 `python3` invocation fails to find the template,
 `${CLAUDE_PLUGIN_ROOT}` was not substituted — report that rather than
 hand-writing a viewer.
-Mermaid stays for **small, exportable** diagrams. Generate standalone
+1. **`graph TD` — Module call graph.** Cluster by domain (use `subgraph`).
-`.mmd` files for reuse in docs and PRs — but keep each under ~40 edges;
+   Highlight entry points in a distinct style. Cap at ~40 nodes — if larger,
-collapse to domain level if the full graph is bigger (dense Mermaid
+   show domain-level with one expanded domain.
 becomes unreadable, which is exactly what the interactive map is for):
- `analysis/$1/call-graph.mmd` — domain-level `graph TD`, entry points
+2. **`graph LR` — Data lineage.** Programs → data stores.
-  highlighted
+   Mark read vs write edges.
- `analysis/$1/data-lineage.mmd` — `graph LR`, programs → data stores,
+
-  read vs write marked
+3. **`flowchart TD` — Critical path.** Trace ONE end-to-end business flow
- `analysis/$1/critical-path.mmd` — `flowchart TD` of the primary flow
+   (e.g., "monthly billing run" or "process payment") through every program
-  from `flows`, annotated with p50/p99 wall-clock if telemetry is
+   and data store it touches, in execution order. If production telemetry is
-  available (see `/modernize-assess` Step 4)
+   available (see `/modernize-assess` Step 4), annotate each step with its
   p50/p99 wall-clock.
 Also export the three diagrams as standalone `.mmd` files for re-use:
 `analysis/$1/call-graph.mmd`, `analysis/$1/data-lineage.mmd`,
 `analysis/$1/critical-path.mmd`.
 ## Annotate
 Below each `<pre class="mermaid">` block in TOPOLOGY.html, add a `<ul>`
 with 3-5 **architect observations**: tight coupling clusters, single
 points of failure, candidates for service extraction, data stores
 touched by too many writers.
 ## Present
-Tell the user to open `analysis/$1/TOPOLOGY.html` in a browser, and to
+Tell the user to open `analysis/$1/TOPOLOGY.html` in a browser.
 try: search for a module, click it to see its connections, and pick a
 persona flow from the walkthrough dropdown.
--- a/plugins/code-modernization/commands/modernize-preflight.md
+++ b/plugins/code-modernization/commands/modernize-preflight.md
@@ -1,98 +0,0 @@
 ---
 description: Environment readiness check — analysis tools, build toolchain, source completeness, telemetry access
 argument-hint: <system-dir> [target-stack]
 ---
 Check whether this environment is ready to analyze — and eventually
 transform — `legacy/$1`, and tell the user exactly what to fix before the
 other commands run into it. Modernization sessions fail late and
 confusingly when this isn't done: assessment metrics silently degrade
 without analysis tools, characterization tests can't run without a build
 toolchain, and dependency maps come out wrong when half the source isn't
 in the tree.
 Run every check even when an early one fails — the point is one complete
 readiness report, not the first error.
 ## Check 1 — Detect the stack
 Fingerprint `legacy/$1` from file extensions and manifests: languages,
 build system, deployment/config descriptors. This drives which checks
 below apply. Report what was detected and the rough file split.
 ## Check 2 — Analysis tooling
 For each, check availability (`command -v`) and report version, what it's
 used for, and what degrades without it:
 | Tool | Used by | Without it |
 |---|---|---|
 | `scc` (or `cloc`) | assess | LOC/complexity fall back to `find`+`wc`; COCOMO estimate gets coarser |
 | `lizard` | assess --portfolio | complexity estimated from decision-keyword counts |
 | `glow` | all | markdown artifacts render as plain text |
 | `delta` | transform | side-by-side diffs fall back to `diff -y` |
 Include the platform's install one-liner for anything missing
 (`brew install scc`, `apt install cloc`, `pip install lizard`, …).
 ## Check 3 — Build toolchain (smoke test, not just presence)
 Identify the compiler/interpreter for the detected legacy stack — e.g.
 GnuCOBOL (`cobc`) for COBOL, JDK + Maven/Gradle for Java, `cc`/`make` for
 C, `dotnet` for .NET. Then **prove it works on this codebase**: pick one
 representative source file and run a syntax-only compile
 (`cobc -fsyntax-only`, `javac`, `gcc -fsyntax-only`, …).
 A failed smoke test is the most valuable output of this command — report
 the actual error and diagnose it: missing copybook/include path, missing
 dialect flag (`-std=ibm` etc.), fixed vs free format, missing dependency
 jar. These are the errors that otherwise surface mid-`/modernize-transform`
 with much less context.
 If the user passed a `[target-stack]`, do the same for it: runtime,
 package manager, test framework (`mvn -v`, `npm -v`, `pytest --version`, …).
 ## Check 4 — Source completeness
 The dependency map is only as good as what's in the tree. Check for the
 detected stack's equivalents of:
 - **Referenced-but-missing includes** — copybooks (`COPY X` with no
  `X.cpy`), headers, imports that resolve nowhere. Count and list the top
  missing names.
 - **Deployment/config descriptors** — JCL for batch COBOL, CICS CSD
  definitions, `web.xml`/route configs, cron/scheduler definitions.
  Without these, entry-point detection and the code↔storage join in
  `/modernize-map` are guesswork.
 - **Data definitions** — DDL, schemas, copybook record layouts, ORM
  mappings.
 - **Binary-only artifacts** — load modules, jars, DLLs with no matching
  source. These become unmappable black boxes; flag them now.
 ## Check 5 — Optional context
 - **Production telemetry** — is an observability/APM MCP server connected,
  or are batch job logs / runtime exports available? (Enables the runtime
  overlay in `/modernize-assess` Step 4 and timing annotations in
  `/modernize-map`.)
 - **Version control history** — is `legacy/$1` under git with meaningful
  history? (Change-frequency data sharpens risk ranking.)
 ## Report
 Write `analysis/$1/PREFLIGHT.md`: a status table — one row per check,
 status ✅ / ⚠️ / ❌, what was found, and the fix for anything not green —
 followed by a **Ready / Ready-with-gaps / Not ready** verdict per command:
 - `assess` + `map` + `extract-rules` — need Checks 1–2 green-ish and
  Check 4's missing-include count low
 - `brief` — needs only the three discovery artifacts; no tooling
 - `transform` + `reimagine` — additionally need Check 3 green for the
  **target** stack. A red legacy toolchain downgrades these to
  Ready-with-gaps, not Not-ready: equivalence testing falls back to
  recorded traces / golden-master fixtures instead of dual execution
  (common and expected for CICS/IMS code that has no local runtime)
 - `harden` — needs Check 2 plus any stack-specific SAST tooling found
 Print the table in the session too, and end with the single most
 important fix if anything is red.
--- a/plugins/code-modernization/commands/modernize-reimagine.md
+++ b/plugins/code-modernization/commands/modernize-reimagine.md
@@ -3,11 +3,7 @@ description: Multi-agent greenfield rebuild — extract specs from legacy, desig
 argument-hint: <system-dir> <target-vision>
 ---
-The first token of `$ARGUMENTS` is the system dir (`$1`); **everything
+**Reimagine** `legacy/$1` as: $2
 after it is the target vision** — it is usually multiple words, so do not
 truncate it to one token. Below, `<vision>` means that full remainder.
 **Reimagine** `legacy/$1` as: <vision>
 This is not a port — it's a rebuild from extracted intent. The legacy system
 becomes the *specification source*, not the structural template. This command
@@ -23,8 +19,7 @@ Spawn concurrently and show the user that all three are running:
 2. **legacy-analyst** — "Catalog every external interface of legacy/$1:
   inbound (screens, APIs, batch triggers, queues) and outbound (reports,
   files, downstream calls, DB writes). For each: name, direction, payload
-   shape, frequency/SLA if discernible. Mask any credential embedded in
+   shape, frequency/SLA if discernible."
   endpoints or payload examples per your secret-handling rules."
 3. **legacy-analyst** — "Identify the core domain entities in legacy/$1 and
   their relationships. Return as an entity list + Mermaid erDiagram."
@@ -37,9 +32,6 @@ Collect results. Write `analysis/$1/AI_NATIVE_SPEC.md` containing:
 - **Non-functional requirements** inferred from legacy (batch windows, volumes)
 - **Behavior Contract** (the Given/When/Then rules — these are the acceptance tests)
 Credential values are masked everywhere in the spec; connection details
 appear as env-var placeholders (`${DATABASE_URL}`), never literals.
 ## Phase B — HITL checkpoint #1
 Present the spec summary. Ask the user **one focused question**: "Which of
@@ -48,21 +40,20 @@ should deliberately drop?" Wait for the answer. Record it in the spec.
 ## Phase C — Architecture (single agent, then critique)
-Design the target architecture for "<vision>":
+Design the target architecture for "$2":
 - Mermaid C4 Container diagram
 - Service boundaries with rationale (which rules/entities live where)
 - Technology choices with one-line justification each
 - Data migration approach from legacy stores
 Then spawn **architecture-critic**: "Review this proposed architecture for
-<vision> against the spec in analysis/$1/AI_NATIVE_SPEC.md. Identify over-engineering,
+$2 against the spec in analysis/$1/AI_NATIVE_SPEC.md. Identify over-engineering,
 missed requirements, scaling risks, and simpler alternatives." Incorporate
 the critique. Write the result to `analysis/$1/REIMAGINED_ARCHITECTURE.md`.
 ## Phase D — HITL checkpoint #2
-Present the architecture and **stop — scaffold nothing until the user
+Enter plan mode. Present the architecture. Wait for approval.
 explicitly approves** (use plan mode if the session supports it).
 ## Phase E — Parallel scaffolding
@@ -74,9 +65,7 @@ in parallel**:
 and AI_NATIVE_SPEC.md. Create: project skeleton, domain model, API stubs
 matching the interface contracts, and **executable acceptance tests** for every
 behavior-contract rule assigned to this service (mark unimplemented ones as
-expected-failure/skip with the rule ID). No credential literal from legacy
+expected-failure/skip with the rule ID). Write to modernized/$1-reimagined/<service-name>/."
 code becomes a test fixture or config default — use fake same-shape values
 and env-var placeholders. Write to modernized/$1-reimagined/<service-name>/."
 Show the agents' progress. When all complete, run the acceptance test suites
 and report: total tests, passing (scaffolded behavior), pending (rule IDs
@@ -88,9 +77,7 @@ Write `modernized/$1-reimagined/CLAUDE.md` — the persistent context file for
 the new system, containing: architecture summary, service responsibilities,
 where the spec lives, how to run tests, and the legacy→modern traceability
 map. This file IS the knowledge graph that future agents and engineers will
-load — and it gets committed: connection details and credentials appear
+load.
 only as env-var names with a pointer to where they're provisioned, never
 as values.
 Report: services scaffolded, acceptance tests defined, % behaviors with a
 home, location of all artifacts.
--- a/plugins/code-modernization/commands/modernize-status.md
+++ b/plugins/code-modernization/commands/modernize-status.md
@@ -1,54 +0,0 @@
 ---
 description: Where am I in the modernization workflow — artifact inventory, staleness, secrets hygiene, next step
 argument-hint: <system-dir>
 ---
 Report where the modernization of `$1` stands, in one screen. This is a
 read-only command — inspect, never modify.
 ## 1 — Artifact inventory
 Check `analysis/$1/` and `modernized/$1*/` and build a table — one row per
 workflow stage, with the artifact's presence and modification time:
 | Stage | Artifacts |
 |---|---|
 | preflight | `PREFLIGHT.md` |
 | assess | `ASSESSMENT.md`, `ARCHITECTURE.mmd` |
 | map | `topology.json`, `TOPOLOGY.html`, `*.mmd`, `extract_topology.*` |
 | extract-rules | `BUSINESS_RULES.md`, `DATA_OBJECTS.md` |
 | brief | `MODERNIZATION_BRIEF.md` (note whether the approval block is signed) |
 | harden | `SECURITY_FINDINGS.md`, `security_remediation.patch` |
 | transform / reimagine | each `modernized/$1*/<module>/` dir — note test presence and whether `TRANSFORMATION_NOTES.md` exists |
 ## 2 — Staleness
 Flag any artifact older than an upstream artifact it derives from:
 - `MODERNIZATION_BRIEF.md` older than `ASSESSMENT.md`, `topology.json`,
  or `BUSINESS_RULES.md` → the brief no longer reflects discovery;
  recommend re-running `/modernize-brief`.
 - `TOPOLOGY.html` older than `topology.json` → re-run the injection step
  from `/modernize-map`.
 - Any `TRANSFORMATION_NOTES.md` older than `BUSINESS_RULES.md` → the
  module may not implement the latest rule set; list which.
 ## 3 — Secrets hygiene
 - Does `analysis/.gitignore` exist and cover `SECRETS.local.md` /
  `*.local.patch`? (`git check-ignore` when in a git repo.)
 - If `SECRETS.local.md` exists: confirm it is NOT tracked
  (`git ls-files --error-unmatch`, expect failure) and has never been
  committed (`git log --all --oneline -- <path>`, expect empty). If
  either check fails, say so prominently and recommend rotation plus
  history scrubbing.
 ## 4 — Verdict
 End with three lines:
 - **Where you are** — the furthest completed stage and roughly how much
  of the system it covers (e.g. "mapped 100%, 2 of 14 modules
  transformed").
 - **What's stale** — or "nothing".
 - **Next command** — the single most useful next step, with a one-line
  reason.
--- a/plugins/code-modernization/commands/modernize-transform.md
+++ b/plugins/code-modernization/commands/modernize-transform.md
@@ -9,37 +9,10 @@ equivalence.
 This is a surgical, single-module transformation — one vertical slice of the
 strangler fig. Output goes to `modernized/$1/$2/`.
-## Step 0a — Toolchain check (fail fast on target, adapt on legacy)
+## Step 0 — Plan (HITL gate)
 Verify the build environment **before** planning, not when the tests
 first run:
 - **Target stack ($3) — required.** Runtime, package manager, and test
  framework all respond (`java -version` + `mvn -v`, `node -v` + `npm -v`,
  `python3 -V` + `pytest --version`, …). If any are missing, stop and
  report what to install — the new code and its tests cannot run without
  them, so a plan gate now would just defer the failure an hour. Suggest
  `/modernize-preflight $1 $3` for the full readiness report.
 - **Legacy stack — advisory, never a blocker.** Try a syntax-only compile
  of the module being transformed (e.g. `cobc -fsyntax-only`). Legacy
  code often *cannot* build locally by nature, not by misconfiguration —
  CICS/IMS programs have no local translator, and the real runtime may be
  a mainframe you don't have. A failed or impossible legacy compile does
  **not** stop the transform; it changes the equivalence strategy:
  - dual-execution proof is off the table — characterization tests
    assert against **recorded traces / golden-master fixtures** (real
    production outputs, captured reports/screens, SME-confirmed
    examples) instead of live legacy runs
  - say so explicitly in the Step 0b plan and later in
    TRANSFORMATION_NOTES.md ("equivalence is trace-based; legacy was not
    executable in this environment"), so reviewers know the strength of
    the proof they're approving
 ## Step 0b — Plan (HITL gate)
 Read the source module and any business rules in `analysis/$1/BUSINESS_RULES.md`
-that reference it. Then present the plan and **stop — write no code until
+that reference it. Then **enter plan mode** and present:
 the user explicitly approves** (use plan mode if the session supports it):
 - Which source files are in scope
 - The target module structure (packages/classes/files you'll create)
 - Which business rules / behaviors this module implements
@@ -57,9 +30,7 @@ identify every observable behavior, and encode each as a test case with
 concrete input → expected output pairs derived from the legacy logic.
 Target framework: <appropriate for $3>. Write to
 `modernized/$1/$2/src/test/`. These tests define 'done' — the new code
-must pass all of them. Follow your secret-handling rules: no credential
+must pass all of them."
 literal from legacy code becomes a fixture; substitute fake same-shape
 values and read anything genuinely live from environment variables."
 Show the user the test file. Get a 👍 before proceeding.
@@ -97,10 +68,6 @@ Then show a visual diff of one representative behavior, legacy vs modern:
 ```bash
 delta --side-by-side <(sed -n '<lines>p' legacy/$1/<file>) modernized/$1/$2/src/main/<file>
 ```
 (Fall back to `diff -y --width=160` if `delta` isn't installed.) Never
 pick a credential-bearing line range for this diff, and mask any
 credential-like literal quoted in TRANSFORMATION_NOTES.md — the notes
 live in `modernized/` and get committed.
 ## Step 5 — Architecture review