https://ice-ice-bear.github.io/tags/lsp/Recent content in Lsp on ICE-ICE-BEAR-BLOGHugo -- gohugo.ioenFri, 03 Apr 2026 00:00:00 +0900https://ice-ice-bear.github.io/posts/2026-04-03-claude-code-plugin-marketplace/Fri, 03 Apr 2026 00:00:00 +0900https://ice-ice-bear.github.io/posts/2026-04-03-claude-code-plugin-marketplace/<img src="https://ice-ice-bear.github.io/" alt="Featured image of post Claude Code Plugin Marketplace: A Deep Dive" /><h2 id="overview">Overview </h2><p>Claude Code now ships a full plugin marketplace ecosystem. This is not just an extension installer — it is a complete distribution system with centralized discovery, version pinning, automatic updates, permission controls, and support for multiple source backends including GitHub, npm, GitLab, and local paths. This post breaks down every layer of the system from plugin authoring to marketplace distribution and permission management.</p> <h2 id="marketplace-architecture">Marketplace Architecture </h2><p>The plugin system is organized into three tiers: the marketplace catalog, individual plugin sources, and the local cache. The flow from developer to end user involves several distinct stages.</p> <pre class="mermaid" style="visibility:hidden">flowchart TD A["Developer &lt;br/&gt; Authors Plugin"] --> B["plugin.json &lt;br/&gt; Manifest"] B --> C["marketplace.json &lt;br/&gt; Catalog Entry"] C --> D{"Distribution Source"} D --> E["GitHub &lt;br/&gt; owner/repo"] D --> F["GitLab &lt;br/&gt; git URL"] D --> G["npm &lt;br/&gt; package registry"] D --> H["Relative Path &lt;br/&gt; ./plugins/..."] E --> I["End User"] F --> I G --> I H --> I I --> J["&lt;br/&gt;/plugin marketplace add&lt;br/&gt;Register Catalog"] J --> K["&lt;br/&gt;/plugin install&lt;br/&gt;Install Plugin"] K --> L["~/.claude/plugins/cache &lt;br/&gt; Local Cache"] L --> M["Claude Code &lt;br/&gt; Plugin Active"]</pre><h2 id="creating-plugins">Creating Plugins </h2><h3 id="plugin-directory-structure">Plugin Directory Structure </h3><p>Every plugin revolves around a <code>.claude-plugin/plugin.json</code> manifest. The most common mistake is placing functional directories inside <code>.claude-plugin/</code>. Only <code>plugin.json</code> belongs there — everything else lives at the plugin root.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">my-plugin/ </span></span><span class="line"><span class="cl">├── .claude-plugin/ </span></span><span class="line"><span class="cl">│ └── plugin.json ← manifest only </span></span><span class="line"><span class="cl">├── skills/ </span></span><span class="line"><span class="cl">│ └── code-review/ </span></span><span class="line"><span class="cl">│ └── SKILL.md </span></span><span class="line"><span class="cl">├── commands/ </span></span><span class="line"><span class="cl">├── agents/ </span></span><span class="line"><span class="cl">├── hooks/ </span></span><span class="line"><span class="cl">│ └── hooks.json </span></span><span class="line"><span class="cl">├── .mcp.json ← MCP server config </span></span><span class="line"><span class="cl">├── .lsp.json ← LSP server config </span></span><span class="line"><span class="cl">├── bin/ ← executables added to Bash PATH </span></span><span class="line"><span class="cl">└── settings.json ← default settings on plugin enable </span></span></code></pre></div><h3 id="the-pluginjson-manifest">The plugin.json Manifest </h3><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;quality-review-plugin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Adds a /quality-review skill for quick code reviews&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;version&#34;</span><span class="p">:</span> <span class="s2">&#34;1.0.0&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;author&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;Your Name&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;email&#34;</span><span class="p">:</span> <span class="s2">&#34;you@example.com&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;homepage&#34;</span><span class="p">:</span> <span class="s2">&#34;https://github.com/you/quality-review-plugin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;repository&#34;</span><span class="p">:</span> <span class="s2">&#34;https://github.com/you/quality-review-plugin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;license&#34;</span><span class="p">:</span> <span class="s2">&#34;MIT&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>The <code>name</code> field defines the skill namespace. A plugin named <code>quality-review-plugin</code> exposes its <code>hello</code> skill as <code>/quality-review-plugin:hello</code>. This namespacing prevents conflicts when multiple plugins define skills with the same name. To change the prefix, update <code>name</code> in <code>plugin.json</code>.</p> <h3 id="adding-skills">Adding Skills </h3><p>Skills live under <code>skills/</code>, where the folder name becomes the skill name. Claude automatically invokes model-driven skills based on task context when a <code>description</code> is provided in the frontmatter.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-markdown" data-lang="markdown"><span class="line"><span class="cl">--- </span></span><span class="line"><span class="cl">name: code-review </span></span><span class="line"><span class="cl">description: Reviews code for best practices and potential issues. Use when reviewing code, checking PRs, or analyzing code quality. </span></span><span class="line"><span class="cl">--- </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">When reviewing code, check for: </span></span><span class="line"><span class="cl"><span class="k">1.</span> Code organization and structure </span></span><span class="line"><span class="cl"><span class="k">2.</span> Error handling </span></span><span class="line"><span class="cl"><span class="k">3.</span> Security concerns </span></span><span class="line"><span class="cl"><span class="k">4.</span> Test coverage </span></span></code></pre></div><p>The <code>$ARGUMENTS</code> placeholder captures any text the user provides after the skill name, enabling dynamic input: <code>/my-plugin:hello Alex</code>.</p> <h3 id="adding-lsp-servers">Adding LSP Servers </h3><p>The official marketplace already provides LSP plugins for TypeScript, Python, Rust, Go, C/C++, Java, Kotlin, PHP, Lua, Swift, and C#. For unsupported languages, define a custom <code>.lsp.json</code> at the plugin root:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;go&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;command&#34;</span><span class="p">:</span> <span class="s2">&#34;gopls&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;args&#34;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&#34;serve&#34;</span><span class="p">],</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;extensionToLanguage&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;.go&#34;</span><span class="p">:</span> <span class="s2">&#34;go&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>Once installed, Claude gains two capabilities automatically: <strong>automatic diagnostics</strong> after every file edit (type errors, missing imports, syntax issues) and <strong>code navigation</strong> (jump to definition, find references, call hierarchies).</p> <h3 id="default-settings">Default Settings </h3><p>Plugins can ship a <code>settings.json</code> to configure defaults when the plugin is enabled. Currently only the <code>agent</code> key is supported, which activates one of the plugin&rsquo;s custom agents as the main thread:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;agent&#34;</span><span class="p">:</span> <span class="s2">&#34;security-reviewer&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h2 id="the-marketplace-schema">The Marketplace Schema </h2><h3 id="marketplacejson-structure">marketplace.json Structure </h3><p>The marketplace catalog lives at <code>.claude-plugin/marketplace.json</code> in the repository root.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;company-tools&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;owner&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;DevTools Team&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;email&#34;</span><span class="p">:</span> <span class="s2">&#34;devtools@example.com&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;metadata&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Internal developer tools marketplace&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;version&#34;</span><span class="p">:</span> <span class="s2">&#34;1.0.0&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;pluginRoot&#34;</span><span class="p">:</span> <span class="s2">&#34;./plugins&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;plugins&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;code-formatter&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="s2">&#34;./plugins/formatter&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Automatic code formatting on save&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;version&#34;</span><span class="p">:</span> <span class="s2">&#34;2.1.0&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;author&#34;</span><span class="p">:</span> <span class="p">{</span> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;DevTools Team&#34;</span> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;deployment-tools&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="s2">&#34;github&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;repo&#34;</span><span class="p">:</span> <span class="s2">&#34;company/deploy-plugin&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">},</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;description&#34;</span><span class="p">:</span> <span class="s2">&#34;Deployment automation tools&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>The <code>metadata.pluginRoot</code> field is a convenience shortcut: setting it to <code>&quot;./plugins&quot;</code> lets you write <code>&quot;source&quot;: &quot;formatter&quot;</code> instead of <code>&quot;source&quot;: &quot;./plugins/formatter&quot;</code> for each plugin entry.</p> <p><strong>Reserved names</strong>: The following are blocked for third-party use: <code>claude-code-marketplace</code>, <code>claude-code-plugins</code>, <code>claude-plugins-official</code>, <code>anthropic-marketplace</code>, <code>anthropic-plugins</code>, <code>agent-skills</code>, <code>knowledge-work-plugins</code>, <code>life-sciences</code>. Names that impersonate official marketplaces (like <code>official-claude-plugins</code>) are also blocked.</p> <h3 id="plugin-source-types">Plugin Source Types </h3><table> <thead> <tr> <th>Source</th> <th>Format</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td>Relative path</td> <td><code>&quot;./plugins/my-plugin&quot;</code></td> <td>Git-based distribution only; fails with URL-based delivery</td> </tr> <tr> <td>GitHub</td> <td><code>{&quot;source&quot;: &quot;github&quot;, &quot;repo&quot;: &quot;owner/repo&quot;}</code></td> <td>Supports <code>ref</code> and <code>sha</code> pinning</td> </tr> <tr> <td>Git URL</td> <td><code>{&quot;source&quot;: &quot;url&quot;, &quot;url&quot;: &quot;https://...&quot;}</code></td> <td>Works with GitLab, Bitbucket, self-hosted</td> </tr> <tr> <td>Git subdirectory</td> <td><code>{&quot;source&quot;: &quot;git-subdir&quot;, &quot;url&quot;: &quot;...&quot;, &quot;path&quot;: &quot;tools/plugin&quot;}</code></td> <td>Sparse clone for monorepos</td> </tr> <tr> <td>npm</td> <td><code>{&quot;source&quot;: &quot;npm&quot;, &quot;package&quot;: &quot;pkg-name&quot;}</code></td> <td>Installed via <code>npm install</code></td> </tr> </tbody> </table> <p><strong>Critical distinction</strong>: The marketplace source (where to fetch <code>marketplace.json</code>) and plugin sources (where to fetch individual plugins) are independent concepts. The marketplace source supports <code>ref</code> only; plugin sources support both <code>ref</code> (branch/tag) and <code>sha</code> (exact commit).</p> <h3 id="version-pinning-with-sha">Version Pinning with sha </h3><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;my-plugin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="s2">&#34;github&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;repo&#34;</span><span class="p">:</span> <span class="s2">&#34;owner/plugin-repo&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;ref&#34;</span><span class="p">:</span> <span class="s2">&#34;v2.0.0&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;sha&#34;</span><span class="p">:</span> <span class="s2">&#34;a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>Using <code>sha</code> pins to an exact commit, guaranteeing reproducible installs regardless of branch updates. This is the recommended approach for production environments.</p> <h3 id="strict-mode">Strict Mode </h3><p>The <code>strict</code> field (default: <code>true</code>) controls whether <code>plugin.json</code> is the authority for component definitions. When <code>strict: true</code>, the plugin manifest takes precedence. Set <code>strict: false</code> to allow marketplace-level overrides:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;my-plugin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="s2">&#34;./plugins/my-plugin&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;strict&#34;</span><span class="p">:</span> <span class="kc">false</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h2 id="distribution-strategies">Distribution Strategies </h2><h3 id="github-recommended">GitHub (Recommended) </h3><p>Push your repository with a <code>.claude-plugin/marketplace.json</code> at the root. Users add it with:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">/plugin marketplace add your-org/your-marketplace-repo </span></span></code></pre></div><p>For specific branches or tags:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">/plugin marketplace add https://gitlab.com/company/plugins.git#v1.0.0 </span></span></code></pre></div><h3 id="team-auto-configuration">Team Auto-Configuration </h3><p>Add marketplace configuration to <code>.claude/settings.json</code> in a shared repository. When team members trust the folder, Claude Code automatically registers the marketplace:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;extraKnownMarketplaces&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;name&#34;</span><span class="p">:</span> <span class="s2">&#34;company-tools&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;source&#34;</span><span class="p">:</span> <span class="s2">&#34;github&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;repo&#34;</span><span class="p">:</span> <span class="s2">&#34;myorg/claude-plugins&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h3 id="container-pre-population">Container Pre-Population </h3><p>For CI/CD and containerized environments, <code>forcedPlugins</code> in managed settings installs plugins automatically without user interaction. This is the standard approach for enterprise deployments.</p> <h3 id="auto-update-configuration">Auto-Update Configuration </h3><p>Official Anthropic marketplaces have auto-update enabled by default. Third-party marketplaces default to disabled. To keep plugin updates enabled while managing Claude Code updates manually:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">DISABLE_AUTOUPDATER</span><span class="o">=</span><span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="nb">export</span> <span class="nv">FORCE_AUTOUPDATE_PLUGINS</span><span class="o">=</span><span class="m">1</span> </span></span></code></pre></div><h2 id="cli-reference">CLI Reference </h2><table> <thead> <tr> <th>Command</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>/plugin marketplace add &lt;source&gt;</code></td> <td>Register a marketplace</td> </tr> <tr> <td><code>/plugin marketplace list</code></td> <td>List registered marketplaces</td> </tr> <tr> <td><code>/plugin marketplace update &lt;name&gt;</code></td> <td>Fetch latest catalog</td> </tr> <tr> <td><code>/plugin marketplace remove &lt;name&gt;</code></td> <td>Remove marketplace and its plugins</td> </tr> <tr> <td><code>/plugin install &lt;name&gt;@&lt;marketplace&gt;</code></td> <td>Install a plugin</td> </tr> <tr> <td><code>/plugin disable &lt;name&gt;@&lt;marketplace&gt;</code></td> <td>Disable without uninstalling</td> </tr> <tr> <td><code>/plugin enable &lt;name&gt;@&lt;marketplace&gt;</code></td> <td>Re-enable a disabled plugin</td> </tr> <tr> <td><code>/plugin uninstall &lt;name&gt;@&lt;marketplace&gt;</code></td> <td>Remove a plugin</td> </tr> <tr> <td><code>/reload-plugins</code></td> <td>Reload all plugins without restarting</td> </tr> </tbody> </table> <p>Installation scopes:</p> <ul> <li><strong>User scope</strong> (default): applies across all projects</li> <li><strong>Project scope</strong>: shared with collaborators via <code>.claude/settings.json</code></li> <li><strong>Local scope</strong>: personal, current repository only</li> </ul> <h2 id="permission-system-integration">Permission System Integration </h2><h3 id="rule-evaluation-order">Rule Evaluation Order </h3><p>Permissions follow a strict deny → ask → allow precedence. The first matching rule wins, so deny rules always take precedence over allow rules.</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;permissions&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;allow&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Bash(npm run *)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Bash(git commit *)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;WebFetch(domain:github.com)&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">],</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;deny&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Bash(git push *)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Read(~/.ssh/**)&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h3 id="permission-modes">Permission Modes </h3><table> <thead> <tr> <th>Mode</th> <th>Behavior</th> </tr> </thead> <tbody> <tr> <td><code>default</code></td> <td>Prompts on first use of each tool</td> </tr> <tr> <td><code>acceptEdits</code></td> <td>Auto-accepts file edits for the session</td> </tr> <tr> <td><code>plan</code></td> <td>Analysis only; no file modification or command execution</td> </tr> <tr> <td><code>auto</code></td> <td>Background safety checks then auto-approve (research preview)</td> </tr> <tr> <td><code>dontAsk</code></td> <td>Denies all tools not pre-approved</td> </tr> <tr> <td><code>bypassPermissions</code></td> <td>Skips all prompts (isolated environments only)</td> </tr> </tbody> </table> <p><code>bypassPermissions</code> still prompts for writes to <code>.git</code>, <code>.claude</code>, <code>.vscode</code>, <code>.idea</code>, and <code>.husky</code> to prevent accidental corruption.</p> <h3 id="fine-grained-rule-syntax">Fine-Grained Rule Syntax </h3><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;permissions&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;allow&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Bash(npm run build)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Bash(git * main)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;mcp__puppeteer__puppeteer_navigate&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Agent(Explore)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Read(/src/**)&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">],</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;deny&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Agent(Plan)&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Edit(//etc/**)&#34;</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>Path pattern prefixes for Read/Edit rules:</p> <ul> <li><code>//path</code> — absolute path from filesystem root</li> <li><code>~/path</code> — relative to home directory</li> <li><code>/path</code> — relative to project root</li> <li><code>path</code> or <code>./path</code> — relative to current directory</li> </ul> <h3 id="extending-permissions-with-hooks">Extending Permissions with Hooks </h3><p><code>PreToolUse</code> hooks run before the permission prompt and can dynamically block or approve tool calls:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-json" data-lang="json"><span class="line"><span class="cl"><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;hooks&#34;</span><span class="p">:</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;PreToolUse&#34;</span><span class="p">:</span> <span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;matcher&#34;</span><span class="p">:</span> <span class="s2">&#34;Bash&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nt">&#34;hooks&#34;</span><span class="p">:</span> <span class="p">[{</span> <span class="nt">&#34;type&#34;</span><span class="p">:</span> <span class="s2">&#34;command&#34;</span><span class="p">,</span> <span class="nt">&#34;command&#34;</span><span class="p">:</span> <span class="s2">&#34;validate-command.sh&#34;</span> <span class="p">}]</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"> <span class="p">]</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><p>A hook exiting with code 2 blocks the call even if an allow rule would otherwise permit it. A hook returning &ldquo;allow&rdquo; does not bypass deny rules — those still apply.</p> <h3 id="permissions-vs-sandboxing">Permissions vs Sandboxing </h3><p>These are complementary, not interchangeable:</p> <ul> <li><strong>Permissions</strong> control which tools Claude Code can use and which paths/domains it can access</li> <li><strong>Sandboxing</strong> provides OS-level enforcement for Bash command filesystem and network access</li> </ul> <p>A <code>Read(./.env)</code> deny rule blocks the <code>Read</code> tool, but does not prevent <code>cat .env</code> in Bash. For true OS-level file access control, enable sandboxing alongside permission rules.</p> <h2 id="official-marketplace-plugin-catalog">Official Marketplace Plugin Catalog </h2><p>The official marketplace (<code>claude-plugins-official</code>) is automatically available in every Claude Code installation.</p> <p><strong>Code Intelligence (LSP)</strong>: clangd-lsp, csharp-lsp, gopls-lsp, jdtls-lsp, kotlin-lsp, lua-lsp, php-lsp, pyright-lsp, rust-analyzer-lsp, swift-lsp, typescript-lsp</p> <p><strong>External Integrations</strong>: github, gitlab, atlassian (Jira/Confluence), asana, linear, notion, figma, vercel, firebase, supabase, slack, sentry</p> <p><strong>Development Workflows</strong>: commit-commands, pr-review-toolkit, agent-sdk-dev, plugin-dev</p> <p><strong>Output Styles</strong>: explanatory-output-style, learning-output-style</p> <p>To submit a plugin: <a class="link" href="https://claude.ai/settings/plugins/submit" target="_blank" rel="noopener" >claude.ai/settings/plugins/submit</a> or <a class="link" href="https://platform.claude.com/plugins/submit" target="_blank" rel="noopener" >platform.claude.com/plugins/submit</a></p> <h2 id="quick-links">Quick Links </h2><ul> <li><a class="link" href="https://code.claude.com/docs/en/plugin-marketplaces" target="_blank" rel="noopener" >Create and distribute a plugin marketplace</a></li> <li><a class="link" href="https://code.claude.com/docs/en/plugins" target="_blank" rel="noopener" >Create plugins guide</a></li> <li><a class="link" href="https://code.claude.com/docs/en/discover-plugins" target="_blank" rel="noopener" >Discover and install prebuilt plugins</a></li> <li><a class="link" href="https://code.claude.com/docs/en/permissions" target="_blank" rel="noopener" >Configure permissions</a></li> <li><a class="link" href="https://claude.ai/settings/plugins/submit" target="_blank" rel="noopener" >Official plugin submission (Claude.ai)</a></li> <li><a class="link" href="https://platform.claude.com/plugins/submit" target="_blank" rel="noopener" >Official plugin submission (Console)</a></li> <li><a class="link" href="https://claude.com/plugins" target="_blank" rel="noopener" >Plugin catalog browser</a></li> </ul> <h2 id="insights">Insights </h2><p><strong>Plugin vs standalone configuration is a distribution decision, not a technical one.</strong> Both approaches support the same set of features. The real question is: does this configuration need to be shared? Standalone <code>.claude/</code> is faster to iterate on; plugins are the right choice once you need versioned, shareable, marketplace-distributed functionality. The only functional trade-off is that plugin skills get namespaced (<code>/my-plugin:hello</code> instead of <code>/hello</code>).</p> <p><strong>Marketplace source and plugin source independence is the key architectural insight.</strong> A single marketplace catalog at <code>acme-corp/plugin-catalog</code> can reference plugins from a dozen different repositories, each pinned to different branches or commits. This separation lets you evolve the catalog and the plugins independently.</p> <p><strong>Relative paths in marketplace.json are a subtle footgun.</strong> They work only when users add the marketplace via Git (GitHub, GitLab, git URL). If you distribute your <code>marketplace.json</code> via a direct URL, relative paths silently fail to resolve. Always use GitHub, npm, or git URL sources when targeting URL-based distribution.</p> <p><strong>Pin to <code>sha</code> in production.</strong> Using <code>ref</code> (branch or tag) means a branch push or tag move can silently change what gets installed. SHA pinning guarantees reproducibility. Pair with release channels (separate <code>stable</code> and <code>beta</code> branches) for a proper versioning workflow.</p> <p><strong>The <code>bypassPermissions</code> mode is for containers only.</strong> It looks tempting for development speed, but it removes meaningful protection from prompt injection attacks. The <code>acceptEdits</code> mode offers a better balance: it auto-approves file edits while still prompting for Bash commands and web fetches. For fully automated pipelines, use <code>bypassPermissions</code> inside a sandboxed container where damage is bounded.</p>