Claude Code Plugin · FSL-1.1

Zensu for Claude Code

Plugin that turns Claude Code into a Product Lifecycle Manager. Vanilla or opt-in strict TDD, parallel 5-perspective code review, feature tracking — bundled as one install.

3
agents
zensu-plm · code-reviewer · review-aspect
14
slash skills
bootstrap · implement · tdd · security · ghost +9
13
automatic hooks
plan → TDD → review → auto-fix
0
MCP tools loaded
typed zensu CLI keeps your context lean
How it works

Three layers. One flow.

Plan with zensu-plm. Build with /zensu:tdd in the main thread. Track in the web dashboard. Each layer does one job — they hand off automatically.

Planning

zensu-plm

  • /zensu:bootstrap
  • /zensu:ghost-scan
  • /zensu:implement
Implementation

/zensu:tdd

  • RED → IMPL → GREEN
  • 5× review-aspect
  • code-reviewer
  • auto-fix loop
  • self-review
Tracking

Zensu Platform

  • Feature dashboard
  • Release gates
  • Security posture
  • Tier matrix
  • Docs & wiki
  • Assignments & ownership
Install

One command. Everything wired.

The plugin registers agents, skills, and hooks, and drives the typed zensu CLI. OAuth opens automatically on first use — no API key needed unless you're in CI.

Recommended

Project scope

Per-project install. Hooks fire for this repo only. .zensu/config.json overrides defaults.

# Inside your repo
claude plugin marketplace add MKITConsulting/zensu-claude-code
claude plugin install zensu --scope project

User scope (global)

Available across every project. Configure once via ~/.zensu/config.json.

# Anywhere on your machine
claude plugin marketplace add MKITConsulting/zensu-claude-code
claude plugin install zensu --scope user

For CI / headless agents

OAuth isn't available in CI. Authenticate the zensu CLI with an API key instead of the browser flow.

# GitHub Actions, GitLab CI, etc. — ZENSU_API_KEY from your CI secrets
echo "$ZENSU_API_KEY" | zensu auth login --with-token -
What's inside

Inside the install.

Agents plan. Skills act. Hooks chain the workflow without manual handoff.

3 specialist agents

zensu-plm orchestrates the lifecycle. review-aspect runs the 5 review perspectives in parallel — one each, read-only. code-reviewer consolidates them: conventions, bugs, architecture, tests, security.

14 slash skills

/zensu:bootstrap · /zensu:implement · /zensu:tdd · /zensu:cover · /zensu:autopilot · /zensu:plan-review · /zensu:pr-team-review · /zensu:pr-fix-findings · /zensu:security-review · /zensu:ghost-scan · /zensu:pulse · /zensu:self-review · /zensu:reset-review-limit · /zensu:zensu-help

13 automatic hooks

Plan-approved → TDD. Implementation → parallel 5-aspect review → in-thread auto-fix loop with a max-rounds guard → self-review. A Stop-hook backstop guarantees the chain; plus session banner, pulse, a test-run witness log, and a context-compaction nudge that suggests /compact before long sessions hit the wall.

Typed zensu CLI

Feature CRUD, security analysis, tier matrix, user journeys, roadmaps, ghost scans, bootstrap, wiki, knowledge search, source-file linking — typed zensu commands the skills drive, no MCP tool surface loaded into your session.

Privacy-first journal

Pulse logs tool usage and feature context — never code content. 90-day retention, configurable.

Self-hostable

Point the zensu CLI at your own endpoint with ZENSU_API_URL=… (or --api-url) to keep all data on your infrastructure. Works without a Zensu account at all.

Source-available

FSL-1.1-Apache-2.0. Use it for any Permitted Purpose — internal, commercial, forks, client work — and each release converts to Apache 2.0 after two years. Source on GitHub; no license server, no telemetry beyond the Zensu API you configure.

Token economy

Specialized agents. Lean sessions.

Every Zensu agent works in its own context, not yours. zensu-plm drives the typed zensu CLI and carries the lifecycle conventions so your session never loads them, then hands back a one-line summary. When the review chain fires, five read-only review-aspect agents spawn in parallel — each loads one checklist (conventions, bugs, architecture, tests, security) and nothing else. Each returns just its findings; the main thread merges them. Many expert perspectives, one merged report, your token budget intact.

Context-compaction nudge

A UserPromptSubmit hook watches context-window usage and, once it crosses a threshold (default 50%), nudges the main thread to suggest /compact — fail-open, and it never runs /compact itself. Tune or disable via the context config node.

Workflows

Four paths through the lifecycle.

Slash commands compose. Hooks chain them. You ship faster because the handoff is automated.

New product

From idea to release

Bootstrap, plan, hand off — five steps.

  1. Bootstrap

    Vision → product, features, journeys, security profiles.

    /zensu:bootstrap
  2. Implement

    Load context, plan, hand off.

    /zensu:implement ZEN-001
  3. TDD auto-runs

    Plan-approved hook asks whether to run /zensu:tdd, then delegates on yes — in the main thread.

    /zensu:tddhook
  4. Review auto-runs

    Implementation done → 5 parallel review-aspect agents, merged by code-reviewer.

    review-aspect ×5code-reviewer
  5. Release gate

    STRIDE threat model + security checks.

    /zensu:security-review
Existing codebase

Adopt incrementally

Ghost-scan, classify, fill gaps without a rewrite.

  1. Ghost-scan

    Discover features, journeys & docs via multi-agent fan-out.

    /zensu:ghost-scan
  2. Review candidates

    Batch approve, filter by component.

    ghost_batch_review
  3. Security baseline

    Classify, tag OWASP/compliance.

    /zensu:security-review
  4. Fill test gaps

    TDD over untested features.

    /zensu:tdd
Quick feature

One ticket, full guardrails

TDD plus 5-perspective review on a single feature.

  1. Implement

    Context-aware, no full bootstrap.

    /zensu:implement ZEN-042/zensu:tdd
  2. Auto-review

    Hooks trigger code-reviewer.

    code-reviewerhook
Code + a plan

Reconcile both

Existing code plus a forward plan — scan what's built, plan the rest.

  1. Ghost-scan

    Discover what's already built — features, journeys & docs.

    /zensu:ghost-scan
  2. Plan the rest

    Add the plan's not-yet-built items as planned features.

    create_featurestatus=planned
  3. Implement from there

    Build out the planned features under TDD + review.

    /zensu:implement/zensu:tdd
Why this plugin is different

Strict TDD you can't fake.

Out of the box Zensu runs vanilla: you implement directly, with the evidence audits and review chain still on. Opt in — answer yes at plan approval, or set hooks.tddImplementation: true — and /zensu:tdd runs the full RED → IMPL → GREEN cycle in the main thread under a PreToolUse FSM gate that blocks every Edit, Write, or MultiEdit that doesn't match the declared phase. IMPL can't fire without a prior RED_FAIL marker for the same step, and a Stop-hook backstop guarantees the review chain runs. Enforced by the harness, not by prompt discipline.

Configurable

Agentic loop. Your control.

Every layer of the autonomous chain — plan-approved → TDD → code review → auto-fix — is opt-out, gated, or capped. Configure once via ~/.zensu/config.json globally, or per-project via $CLAUDE_PROJECT_DIR/.zensu/config.json. The loop runs only as far as you let it.

Update

Two commands to the latest.

The plugin ships from the GitHub marketplace. Refresh the marketplace, pull the new version into the cache, then restart the session — it reloads only at SessionStart.

Pull the update

marketplace update re-reads the manifest from GitHub; plugin update pulls that version into the cache.

# Refresh, then update
claude plugin marketplace update zensu
claude plugin update zensu@zensu

Verify & restart

Confirm the new version, then restart the session (/exit and reopen) — the plugin reloads at SessionStart.

# zensu row shows the new version
claude plugin list

Stuck on the old version?

A stale cache keeps the old build. Force a clean reinstall.

# Hard reinstall
claude plugin uninstall zensu@zensu
claude plugin marketplace update zensu
claude plugin install zensu@zensu

Install the plugin. Ship the feature.

FSL-1.1-Apache-2.0, source-available. Works without a Zensu account — and auto-links artifacts when connected.