# Runbook — Claude Code setup (per machine) The repo carries the project's Claude Code config that *travels with git* — `.claude/commands/`, `.claude/hooks/`, and `.claude/settings.json` (hooks, permissions, and the **declared** plugin set). But **plugins and MCP servers are local per machine** — they are not synced by your Claude account and not stored in git (see ADR-014, "Reproducibility of the toolchain"). So a fresh clone needs a one-time setup. This runbook is that setup. ## 1. Plugins (the active set) The repo's `.claude/settings.json` declares `extraKnownMarketplaces` + `enabledPlugins`, so on a fresh clone Claude Code should **prompt** you to trust the marketplace and install the set. If it doesn't, install them explicitly: ```text /plugin marketplace add anthropics/claude-plugins-official /plugin install superpowers@claude-plugins-official /plugin install context7@claude-plugins-official /plugin install terraform@claude-plugins-official /plugin install claude-md-management@claude-plugins-official ``` | Plugin | Why it's in the set | |---|---| | `superpowers` | Brainstorm → ADR, writing-plans, subagent-driven development, TDD — the project methodology | | `context7` | Up-to-date, version-matched library docs (ADR-014) | | `terraform` | boma provisions with Terraform (ADR-006) | | `claude-md-management` | The project is doc/ADR-governance heavy | **Intentionally not installed:** `code-simplifier` (little code to simplify in a YAML/docs repo) — dropped as a kaizen "bias-to-remove." ## 2. Plugins to enable *when* the work starts (deferred) Don't install these until their trigger lands — then add them here and to `enabledPlugins`: | Plugin | Enable when | |---|---| | `security-guidance`, `semgrep` | Building `/security-review` (TODO 8.5) — semgrep does IaC scanning | | `playwright` | Web services exist to test headlessly (TODO 2.2) | | `hookify` | Authoring the next guard hook | | `skill-creator` | Building the next skill (`/security-review`, `/retro`) | ## 3. Other local prerequisites - **`rbw` (Vaultwarden client)** — install and `rbw unlock` once per session; the vault password client and the pre-commit vault guard depend on it (ADR-002). - **The venv-activate hook** — this repo expects the Python `.venv` active for Bash commands. If you use the user-level `~/.claude/hooks/activate-venv.sh` pattern, replicate it; otherwise `source .venv/bin/activate` per session after `make setup`. ## 4. A note on user-level settings The dangerous-mode permission prompt (`skipDangerousModePermissionPrompt`) is a *personal* `~/.claude/settings.json` preference, not carried here. Given ADR-002's "operator/agent error" threat, prefer leaving that prompt **on** unless you deliberately rely on bypass mode. ## Verifying After setup, a quick check: the project commands (`/review-repo`, `/capacity-review`, `/lint`, `/deploy`, `/new-role`) and the `superpowers` skills should be available, and `context7` / `terraform` MCP tools should resolve.