Blueprint · advanced · 9 steps

Build a Claude Code Harness Extension

Build a code-review swarm as a Claude Code plugin — sub-agents, hooks, custom slash commands, an MCP tool server, and a background audit worker, packaged as a publishable plugin.

← All blueprints

STEP 01Step 1: What We're BuildingA publishable Claude Code plugin that turns Claude Code into a code-review swarm — three specialized sub-agents coordinated by hooks, augmented with a custom MCP tool server, slash commands, and a background audit worker.5 min→STEP 02Step 2: Set Up Claude Code and the Plugin SkeletonInstall Claude Code, scaffold the `harness-codereview` plugin directory, and write the manifest that tells Claude Code which sub-agents, hooks, slash commands, and MCP servers the plugin will provide.3 min→STEP 03Step 3: Define Three Sub-AgentsWrite the three sub-agent definitions — `style-reviewer`, `correctness-reviewer`, `security-reviewer` — each with its own scoped tool list, persona, and output contract; this step is where the plugin's domain knowledge actually lives.5 min→STEP 04Step 4: Write the Orchestrator with HooksWrite the four hook scripts (`PreToolUse`, `PostToolUse`, `Stop`, `SessionStart`) that wire the three sub-agents together — appending findings to a shared scratchpad on `PostToolUse`, aggregating into a final report on `Stop`.5 min→STEP 05Step 5: Add an MCP Server for Static Analysis ToolsBuild an MCP server in TypeScript that exposes `lint`, `test`, and `semgrep` as tools — wrapping the static analysis CLIs your sub-agents need into a portable, harness-agnostic tool layer.5 min→STEP 06Step 6: Add Slash Commands for On-Demand ReviewsDefine `/review`, `/review-strict`, and `/review-explain` as slash commands — markdown templates Claude Code expands into prompts that dispatch the three sub-agents in parallel and aggregate their findings.4 min→STEP 07Step 7: Add a Background Audit WorkerWrite a background worker triggered by `SessionStart` that audits the last five commits — flagging anything that looks regression-prone — so that whenever Claude Code opens a session in the project, the user sees pre-reviewed findings before they ask.4 min→STEP 08Step 8: Add Permission Scopes and Injection DefenseTighten the plugin's permission model — refine `PreToolUse` blocking, add output sanitization, and surface explicit settings for users to control what the plugin's sub-agents and MCP tools can do — so the plugin is safe enough for unattended autopilot.5 min→STEP 09Step 9: Package and Share as a PluginPolish the plugin for redistribution — version it, write the README, set up a marketplace via a git repo, and walk through what someone else (or your future self) would do to install it.7 min→