Documentation

PRD 01

Plugin Ecosystem

What it does

Declarative extension model for Claude Code. Drop files in ~/.claude/plugins/local/ and they become agents, skills, commands, hooks, or MCP integrations.

Set up a new plugin

1. Create directory: ~/.claude/plugins/local/my-plugin/
2. Add plugin.json with name, version, and hook manifest
3. Add hooks/hooks.json for lifecycle wiring (SessionStart, PreToolUse, PostToolUse, Stop, etc.)
4. Add skills/{name}/SKILL.md for domain knowledge, agents/{name}.md for personas, or commands/{name}.md for slash commands
5. Critical: PostToolUse and Stop hooks must be wired in ~/.claude/settings.json, not just plugin hooks.json

Common workflows

• Enable a plugin: add to enabledPlugins in ~/.claude/settings.json
• Validate a plugin: run /plugin-validator slash command
• Debug hooks: tail ~/.claude/plugins/local/{name}/state/*.log

PRD 02

Multi-Agent Orchestration

What it does

Conductor plugin orchestrates 38 specialized agents through tiered workflows. Every agent dispatch is independently validated by Gemini.

Start a new workflow

/conduct new "Build user authentication feature"

The conductor classifies the request using a 5-signal matrix (scope, type, risk, ambiguity, intent sensitivity) into TRIVIAL / MINOR / STANDARD / MAJOR tier, then executes the tier-appropriate phase sequence.

Check workflow status

/conduct status

Shows current phase, step, task queue, verification gates, token budget by model tier, and Gemini validation stats.

Resume an interrupted workflow

/conduct resume

Validate completeness

/conduct validate

Runs conductor-completeness-validator with 12 domain-specific check suites.

PRD 03

Context Management

What it does

Monitors context window utilization with a 4-tier escalation system (green / yellow / orange / red) and manages auto-memory persistence across sessions.

Check current context budget

The status line shows utilization percentage in real time. When yellow (50%+), context-guard begins recommending compaction. Orange (70%+) triggers active warnings. Red (85%+) forces compact-before-continue.

Customize CLAUDE.md

• Global: ~/.claude/CLAUDE.md — persists across all projects
• Project-level: CLAUDE.md in project root — loaded when working in that project
• Auto-memory: ~/.claude/projects/-Users-{user}/memory/MEMORY.md — managed automatically

Force compaction

/compact

PRD 04

Persistent Vector Memory

What it does

Qdrant-backed vector memory with 69 MCP tools (9 added recently for GraphRAG and stigmergy). Ollama embeddings (nomic-embed-text). 32 scheduled n8n workflows for consolidation, pruning, and lifecycle management.

Store a memory

memory_store({
  content: "Preference: always use tabs over spaces in this project",
  type: "preference",
  tags: ["formatting", "project-x"]
})

Recall memories

memory_recall({
  query: "tab vs space preference",
  project: "project-x",
  limit: 5
})

Query the knowledge graph (GraphRAG)

graph_query({ query: "MATCH (a:Agent)-[:BUILT]->(f:Feature) RETURN a.name, f.name" })
graph_traverse({ start_id: "agent:builder", max_depth: 3 })
graph_time_travel({ node_id: "feature:auth", as_of: "2026-04-01T00:00:00Z" })

Diagnose memory pipeline

debug-memory --verbose

Checks Ollama, Qdrant, MCP server, n8n workflows, plugin hooks, and memory dashboard.

PRD 05

Agent Governance

What it does

Identity cards with 5 trust levels, 3-tier tool classification (exempt / standard / elevated), append-only audit bus, and runtime policy enforcement via PreToolUse hooks.

Add governance for a new agent

Create YAML at ~/.claude/plugins/local/governance/state/manifests/{agent-id}.yaml:

agent_id: "my-agent"
manifest_id: "gov-my-agent"
trust_level: 3
data_classification: "internal"
permitted_tools: ["Read", "Edit", "Bash"]
human_required: false

Review audit events

/governance-audit

Check pending human gates

/governance-review

Health status

/governance-status

PRD 06

Memory Dashboard

What it does

FastAPI + HTMX web UI at http://localhost:8092 with D3.js knowledge graph visualization, Chart.js analytics, and collection browsing.

Access

open http://localhost:8092

Key views

• Knowledge graph: Force-directed D3 visualization of memory links and entity relationships
• Collections: Browse all 69 Qdrant collections with point counts and last-modified timestamps
• Analytics: Memory growth over time, tag distribution, hot/warm/cold tier breakdown
• Maintenance: Manual prune, consolidate, reindex controls

PRD 07

Markdown-for-Agents

What it does

HTTP proxy at http://localhost:8090 that converts any URL's HTML to clean markdown for agent consumption. Playwright fallback handles JavaScript-rendered pages.

Fetch a URL as markdown

curl -s http://localhost:8090/https://example.com/docs

Prepend the target URL path to the proxy. Works with any HTTPS URL.

Force Playwright rendering (for SPAs)

curl -s "http://localhost:8090/https://spa-site.com?_render=js"

Check service health

curl -s http://localhost:8090/health

PRD 08

Code Assurance Platform

What it does

37-tool scan platform running on localhost:7002. Combines SAST, DAST, SCA, secrets scanning, mutation testing, supply chain verification, and AI-security scans into 12 scan profiles.

Start a scan

curl -X POST http://localhost:7002/api/scans \
  -H "X-User-Id: dev@codehardener.local" \
  -d '{"projectId": "{id}", "profile": "comprehensive"}'

Available scan profiles

• quick — 30 seconds (pre-commit)
• standard — 2 minutes (CI pipeline)
• deep — 10 minutes (pre-merge)
• security-focused — SAST + DAST + secrets only
• pre-release — full audit + mutation testing + attestation
• compliance — scans for SOC 2 / ISO 27001 / GLBA applicable controls

View findings

curl http://localhost:7002/api/findings?scanId={id}&status=open

Generate attestation bundle

Successful scans automatically generate Ed25519-signed attestation with SLSA L3 provenance. Download via /api/reports/{id}/download.

PRD 09

Agentic Data Plane

What it does

TypeScript service on localhost:8099 providing 6 integrated capabilities: DAG lineage, quality validation, pipeline observability, PII/PHI classification, financial reconciliation, and regulatory compliance.

Record data lineage

curl -X POST http://localhost:8099/api/v1/lineage/source \
  -H "Authorization: Bearer {jwt}" \
  -d '{"pipeline_id": "p1", "source_id": "s1", ...}'

Run reconciliation

POST /api/v1/reconciliation/reconcile
{
  "pipeline_id": "premium-calc",
  "pipeline_run_id": "run-2026-04-21",
  "source_sys": "rating-engine",
  "target_sys": "policy-admin",
  "stages": [ { ... } ]
}

Replay a calculation

POST /api/v1/reconciliation/computations/{recordId}/replay

Classify data in motion

POST /api/v1/classification/scan
{ "data_stream": "...", "tier_override": null }

PRD 10

Agent Economics

What it does

Per-interaction cost metering, four-tier budget hierarchy (organization / project / agent_class / agent_instance), model routing, semantic caching, prompt cache tracking, and CPSO (Cost Per Successful Outcome) metric.

Record a cost event

POST /api/v1/economics/costs
{
  "agent_id": "conductor-builder",
  "session_id": "sess-123",
  "model_used": "sonnet",
  "input_tokens": 12500,
  "output_tokens": 8200,
  "latency_ms": 4200,
  "task_type": "code_generation",
  "cache_read_tokens": 10000
}

Set a budget

POST /api/v1/economics/hierarchy
{ "level": "project", "name": "project-x", "monthly_cap_usd": 500,
  "warn_pct": 70, "throttle_pct": 85, "pause_pct": 95 }

Check budget status

POST /api/v1/economics/hierarchy/enforce
{ "project_id": "project-x", "agent_class": "builder", "agent_instance": "builder-001" }

Get CPSO report

GET /api/v1/economics/cpso/project-x?days=30

Get semantic cache stats

GET /api/v1/economics/cache/stats

PRD 11

Agent Runtime Security

What it does

Behavioral monitor, identity lifecycle manager, memory integrity verifier, guardian agent, and threat detection engine. Located in governance/lib/security/.

Baseline agent behavior

The behavioral monitor automatically builds a baseline from the first 100 agent invocations per agent_id. Anomalies (unusual tool call patterns, off-hours activity, permission escalation attempts) are flagged as events.

Review guardian interventions

When the Guardian agent TERMINATEs a session, it automatically opens an incident record (see Regulatory Compliance). View active interventions via the audit bus.

Rotate agent credentials

Ephemeral per-session credentials are rotated automatically. Manual rotation via the identity lifecycle manager.

PRD 12

Self-Healing Workflows

What it does

Automated failure recovery with 7-category classification (transient, model, data, permission, logic, infrastructure, external) and YAML-based recovery playbook. Conductor skill loaded at ~/.claude/plugins/local/conductor/skills/self-healing/.

How it triggers

When conductor-recovery-engine is dispatched after an agent failure, it reads references/failure-taxonomy.yaml to classify the error, then applies the strategy from references/recovery-playbook.yaml: retry (transient), reroute (permission), degrade (model overload), or escalate.

Resume from checkpoint

Conductor-checkpoint saves workflow state at phase boundaries. After recovery, execution resumes from the last good checkpoint rather than restarting.

PRD 13

Event-Driven Automation

What it does

Central event dispatcher with 10-category taxonomy (session, memory, agent, governance, security, infra, schedule, git, external, recovery) routing to 32 n8n workflows.

Browse n8n workflows

open http://localhost:5679

Check workflow health

curl -H "X-N8N-API-KEY: $KEY" http://localhost:5679/api/v1/workflows

Emit an event

Agents use conductor-event-router to emit events. The router reads references/event-taxonomy.yaml to validate and references/routing-rules.yaml to dispatch.

PRD 14

Process Knowledge Base

What it does

Structured business rules, decision trees, SOPs, and edge-case catalogs for agent decision points. Organized by domain with full provenance.

Query domain knowledge

v1 interface (authoritative today): agents read YAML files directly.

Read tool: references/domains/insurance-underwriting.yaml

v2 interface (semantic): via memory_recall.

memory_recall({ query: "underwriting rule for motorcycle policies", project: "process_knowledge" })

Add a new rule

Edit references/domains/{domain}.yaml, add the rule with provenance (source, effective_date, approved_by). Commit to git for version history.

PRD 15

Outcome Measurement

What it does

Passive observer tracking 9 outcome metrics: completion rate, TTR, first-pass rate, rework frequency, quality trend, recovery rate, context efficiency, cost per successful outcome (CPSO), and value attribution.

Generate an outcome report

Dispatch conductor-outcome-collector after workflow completion. It reads conductor-state.json + Gemini validations + governance audit events and computes metrics.

Track CPSO over time

GET /api/v1/economics/cpso/{projectId}?days=90

Review regression alerts

Any metric degrading 15%+ from rolling average triggers an event. Check via /governance-audit --category outcome_regression.

PRD 16

Predictive Scaling

What it does

Workload pattern analysis from Qdrant trajectories. Adaptive model routing, cache pre-warming, and cost forecasting with confidence intervals. Statistical analysis only — no ML training.

Get model recommendation

GET /api/v1/economics/recommend/{taskType}?complexity=medium

Forecast monthly cost

Dispatch conductor-prediction-engine — returns p25/p50/p75/p95 cost projections with confidence intervals based on current trajectory.

PRD 17

A2A Agent Interoperability

What it does

FastAPI gateway on localhost:8098 exposing 15 conductor agents to external callers via REST, MCP Bridge, and Google A2A protocol adapters.

Discover available agents

curl http://localhost:8098/.well-known/agent.json

Returns Google A2A-compliant Agent Card with all 15 exposed agents, capabilities, authentication requirements, and rate limits.

Invoke an agent

curl -X POST http://localhost:8098/api/v1/agents/conductor-builder/invoke \
  -H "X-API-Key: {key}" \
  -d '{"prompt": "Implement auth", "context": {...}, "caller_id": "ext-001"}'

Returns {job_id, status}. Poll for result:

GET /api/v1/jobs/{job_id}

PRD 18

Regulatory Compliance & Audit Trail

What it does

Human attribution, cryptographically-chained immutable audit, evidence packages, GDPR data subject rights, model cards, and incident response. Framework coverage for NAIC / SOX / GDPR / NY DFS Part 500 / SOC 2 / ISO 27001 / GLBA.

Initialize a session with human attribution

POST /api/v1/compliance/sessions
{
  "human_user_id": "usr-marc-vance",
  "authenticated_by": "mfa_totp",
  "role": "senior_engineer",
  "responsible_party": "Marc Vance",
  "data_classification_ceiling": "confidential",
  "purpose": "claims_processing_automation",
  "lawful_basis": "legitimate_interest",
  "mfa_verified": true
}

Record a chained audit event

POST /api/v1/compliance/audit-events
{
  "session_id": "sess_...",
  "human_user_id": "usr-marc-vance",
  "nhi_agent_id": "conductor-builder",
  "event_type": "tool_use_elevated",
  "tool": "Edit",
  "data_classification": "confidential",
  "policy_decision": "allow",
  "policy_rationale": "trust_level_3_standard_tier"
}

Generate an evidence package

POST /api/v1/compliance/evidence-packages/{sessionId}

Returns signed, versioned package with session record, audit trail, gate decisions, artifacts, and Ed25519 signature.

Submit a GDPR data subject request

POST /api/v1/compliance/dsr
{ "subject_id": "data-subject-123", "right_type": "erasure" }

30-day SLA automatically tracked. Erasure cascades across Qdrant, Postgres, n8n, vector memory.

Register a model card

POST /api/v1/compliance/models
{
  "model_id": "anthropic-claude-sonnet-4-6",
  "vendor": "Anthropic PBC",
  "intended_use": "code_generation, reasoning",
  "prohibited_uses": ["sole_underwriting_decision"],
  "third_party_risk_tier": "critical",
  "annual_review_due": "2027-04-01",
  "naic_responsible_person": "Marc Vance"
}

Open an incident (NY DFS 72-hour clock)

POST /api/v1/compliance/incidents
{ "classification": "confidential", "trigger_source": "guardian_terminate",
  "affected_session_ids": ["sess_..."] }