Codebloom
Codebloom transforms Claude Code into a disciplined coding partner, ensuring structured workflows.
Codebloom
π«π· Version franΓ§aise
Claude Code, structured β plan, verify, ship. No rush, no slop, no drift.
A Claude Code plugin that turns your AI agent into a structured teammate: it explains before coding, verifies before shipping, and documents before pushing.
Who this is for
If you use Claude Code seriously β not just to autocomplete a line β you know the drill. It rushes in, refactors five files when you asked for one, invents function names that don't exist, forgets the convention you just set, and declares done before running the tests. Codebloom is the missing workflow layer that fixes this.
It's built for:
- The solo dev who writes code with Claude every day, juggles three or four projects, and keeps hitting the same oversights.
- The freelance / consultant who jumps between WordPress, Node, Python, Rails, Flutter β and wants one consistent guardrail across all of them.
- The tech lead who needs to standardize how the team uses Claude Code, so reviews, tests, and conventional commits aren't optional anymore.
If none of that sounds like you, you probably don't need Codebloom. If it does, keep reading.
The problem
By default, Claude Code is a brilliant but undisciplined teammate. Ask it to fix one bug, it refactors five files. Ask it a question, it writes code. Ask it to review, it praises the diff and moves on. The result is a workflow that feels fast until the third time you undo something it "helpfully" changed.
Concretely:
- It rushes in. You ask for a share button, it modifies 8 files and installs a library.
- It over-engineers. Strategy patterns for a single function,
anytypes, flags for features you never asked for. - It hallucinates references. Function names that don't exist, WordPress hooks invented on the spot, API signatures that look plausible but aren't real.
- It forgets context. Your design system, your conventions, your
CLAUDE.mdβ ignored the moment the session gets long. - It says "done" without verifying. No test run, no build check, no proof. Just
β finished. - It flatters. "Great question!", "You're absolutely right!", "I hope this helps!" β tokens you pay for, zero signal.
Codebloom fixes each of these with a layered system: 15 auto-invoked skills, 7 specialized agents working in isolated background contexts, 6 slash commands that structure your session, and 7 inviolable rules injected into every project's CLAUDE.md.
Before / After
A real request, a real difference.
Without Codebloom:
You: "Add rate limiting to the /api/users endpoint"
Claude: [opens 6 files, installs express-rate-limit, refactors the auth
middleware, changes the error handler signature, adds Redis as a
dependency, "β done!" β no tests run, no security check]
You: "... I just wanted rate limiting on one route."
With Codebloom:
You: "Add rate limiting to the /api/users endpoint"
Claude: "Plan:
- Add express-rate-limit middleware scoped to /api/users only
- In-memory store, 100 req/min per IP
- Files touched: routes/users.ts (1 line), middleware/rateLimit.ts (new)
- Out of scope: auth middleware, error handler, global config
Go?"
You: "Go"
Claude: [implements, 2 files, minimal diff]
[you run /codebloom:push]
Claude: "Agents kicked off in parallel for the gate:
β³ reviewer β quality/security/footprint
β³ tester β test suite
β³ security-auditor β sensitive zones touched: /api/
β³ researcher β new dependency: [email protected]"
[pipeline runs in parallel, isolated contexts]
Claude: "β
reviewer 9.1/10, clean
β
tester 47/47 pass
β
security-auditor 8.8/10, zero critical
β
researcher [email protected] β maintained, MIT, CVE-free
π Aggregated report: 0 blockers, 2 suggestions β TODO.md [review]
Ready to commit."
Same goal. Different outcome. The difference is not magic β it's a pipeline of skills and agents that enforce the discipline you'd apply yourself if you had infinite time.
The core loop
Every session with Codebloom goes through 4 moments. Skills and agents auto-invoke at each step.
1. Plan
Before touching a file, Claude stops and presents a plan: files it will change, what it will add, what's out of scope. You approve, it codes. You push back, it adjusts. No drive-by refactors. No tant qu'on y est.
intent-check enforces this on every message β a question gets a text answer, never code. Vague goals are reformulated into verifiable ones: "add validation" becomes "write tests for invalid inputs, make them pass".
2. Code
Minimal diff. No drive-by refactors. Every modified line must trace back to your request. code-quality enforces Karpathy principles (don't guess, code minimum, surgical, verify), zero invention of references, and the 3-strike rule (don't loop on the same error without changing approach).
context-guard saves tokens by delegating heavy explorations to subagents past 5 files and killing sycophantic openers/closers.
3. Verify
Before any commit, /codebloom:push runs a parallel pipeline of specialized agents in isolated background contexts:
- Always:
reviewer(quality/security/footprint) +tester(run tests, check regressions) - If the diff touches
auth|jwt|token|password|crypto|upload|.env|admin: +security-auditor - If a new dependency was added: +
researcher - If it's a structural change (new command, new dossier, new API): +
doc-writer - If you touched a file modified β₯5 times in the last 7 days: +
git-historian
Claude waits for all of them. An aggregated report is shown, classified by severity. π΄ blockers stop the commit β fix, rerun the impacted agents, loop until green. π important findings ask for your decision. π‘ suggestions are auto-capitalized into TODO.md with source tags ([review], [sec], [test], [audit], [research], [hotspot]) so nothing gets lost.
4. Ship
Once the gate passes, Codebloom handles the rest:
- Updates
CHANGELOG.md(Keep a Changelog format) - Runs a health-check on
CLAUDE.md(size, obsolete commands, broken imports) - Syncs structural changes via
doc-writer - Bumps the WordPress plugin zip if applicable (cross-platform, no
rmprompts) - Writes a conventional commit message (
feat:,fix:,refactor:,chore:β¦) - Pushes
Quick start
/plugin marketplace add vendeesign/codebloom
/plugin install codebloom@codebloom
That's it. Then in any project:
/codebloom:setup β configure once per project
/codebloom:hello β start of every session
(you work) β guardrails auto-load
/codebloom:push β end of session: verify, document, commit, push
What's inside
15 auto-invoked skills
Skills are contextual guardrails. Claude loads them automatically based on what you're doing β no command needed.
Permanent (active every session):
| Skill | Role |
|---|---|
intent-check | Classifies every message before acting. Question β text answer, never code. Instruction β plan β approval β code. |
code-quality | STOP β plan β approval β code. Karpathy principles, zero invention, trace-test, debugging 5 phases, 3-strike rule, verification before completion. |
context-guard | Saves tokens, anti-cascade, delegates to subagents past 5 files. Anti-sycophancy, parseable output (no em-dashes in code), tool-first. |
Contextual (load based on what you're touching):
| Skill | Loads when |
|---|---|
ui-design | Writing HTML/CSS/JSX/Vue/Svelte/Astro/Tailwind. Distinctive typography, WCAG AA, zero cyan/indigo/violet/glassmorphism. |
backend | Writing routes/controllers/services/models in Express, FastAPI, Laravel, Django, Rails, Spring, Gin, ASP.NET, and more. |
mobile | Writing Kotlin/Android, SwiftUI/iOS, Flutter, React Native/Expo. |
security | Touching auth, JWT, bcrypt, SQL, crypto, CORS, CSP, upload. OWASP Top 10 + STRIDE. |
wp-pack | WordPress project detected (Plugin Name: or Theme Name: header). Auto detect β bump β zip β verify. |
dependency-check | Running npm install, composer require, pip install, cargo add, go get, gem install. Native possible? Size? Maintenance? CVE? |
git-conventions | Running git commit, git push, git branch, git rebase, creating PRs. Conventional commits, destructive guards. |
discovery | Requirements are vague, multi-interpretable, or complex. Guided interview process. |
doc-sync | Reminder after significant changes that docs should follow. |
demo-page | User asks for a mockup, preview, prototype. Pixel-perfect HTML validation before code. |
create-skill / create-agent | Guided creation of a new skill or agent through structured prompts. |
7 specialized agents
Agents work in isolated background contexts. Their output is compact β it doesn't pollute your conversation. Every agent has:
- Zero-invention rule β nothing cited without being confirmed by a tool.
- Capitalization into TODO.md β non-critical findings end up as
- [ ] [tag] descriptionso you can triage later. - Isolated context β each agent runs in its own window, returns a compact summary, never pollutes the main conversation.
| Agent | Role | Auto-trigger |
|---|---|---|
reviewer | 2-pass review: spec compliance (does the code do what was asked?) then code quality. 3-angle analysis (project conformity, 2-pass quality, git context). False-positive filtering. Confidence per finding. | /push step 2 |
tester | Detects framework (vitest/jest/pytest/phpunit/cargo testβ¦), generates AAA tests with mandatory edge cases (null/empty/boundary/concurrency/dates), runs suite, reports regressions. | /push step 2 |
security-auditor | 4 parallel scans (deps, secrets, configs, vulnerable code). Weighted 0-100 score on 6 categories. Grade A-F. Remediation per finding. | /push when diff matches sensitive patterns |
researcher | Investigates lib/API/pattern: official doc first, patterns in the project, alternatives comparison, CVE, deprecations. Sources required. | /push when a new dep appears in the manifest |
doc-writer | Syncs CHANGELOG, CLAUDE.md, README, API_DOC, DESIGN_SYSTEM to the real code state. Never touches source code. | /push on structural changes |
auditor | Full health audit on 9 axes: deps, architecture, dead code, security, quality, tests, docs, config, perf. Scored report with prioritized actions. | /codebloom:audit or on demand |
git-historian | Archaeology: timeline, hotspots, bus factor, bug-introduction tracking, velocity. Read-only strict. | Velocity + top 3 hotspots shown in every /hello. Full analysis on demand. |
6 slash commands
| Command | What it does |
|---|---|
/codebloom:setup | Configure a new or existing project. Generates a lean CLAUDE.md (best practices, ~80 lines), .claude/settings.json with safe permissions, TODO.md, CHANGELOG.md, DEV_TIME.md. On existing projects: analyzes package.json/composer.json/Makefile/.env.example to pre-fill the template. |
/codebloom:update | Update Codebloom in the project. Syncs the inviolable rules block (versioned via <!-- codebloom:rules:start vN -->), migrates the CLAUDE.md format on first run (with CLAUDE.md.backup + user validation), refreshes .claude/settings.json permissions. |
/codebloom:hello | Start-of-session briefing: branch, last commit, backlog, 7-day velocity, top 3 hotspots, CLAUDE.md health. Detects upstream Codebloom updates. Starts the screenshot watcher. |
/codebloom:push | End-of-session pipeline. Parallel gate agents (conditional), aggregated report, blocking on π΄, user decision on π , capitalization on π‘, CLAUDE.md health-check, CHANGELOG sync, version bump, conventional commit, push. |
/codebloom:todo | Quick backlog: add (classified automatically), list, or execute entries. Integrates with the tagged capitalization from agents. |
/codebloom:audit | On-demand full audit β 4 parallel agents (quality, security, tests, health) with interactive fix proposals. |
The inviolable rules
Codebloom injects a versioned block of 7 inviolable rules into every project's CLAUDE.md. This block is a safety net that works even when auto-invoked skills fail to load. Synchronized automatically by /codebloom:update, editable by you outside the markers.
1. STOP before writing code β plan β approval β code, always
2. Question β text answer β never Write/Edit on a question
3. Zero invention β cite only what a tool confirmed
4. Trace-test on every diff β each line must trace to the request
5. Orphans vs pre-existing β clean your own mess, leave the rest
6. Verification before completion β no "done" without fresh proof
7. User override β your explicit instructions always win
These are the minimum contract. Everything else is guidance β these seven are enforced.
Tooling & goodies
Codebloom ships with a handful of cross-platform tools that sit quietly in the background and make the daily workflow more bearable. Zero config β all of them are enabled the moment you install the plugin.
Statusline
A permanent status bar at the bottom of Claude Code, with everything you actually want to see during a session:
Model: Opus 4.6 | /home/user/project | Session: 1h23 | Cost: $1.45
Context: 35% | 70k/200k tokens | 42k consumed
5h: $1.45/$5.00 ββββββββββββββββββββ 48% | Reset 2h13 | Weekly: ββββββββββ 28%
Model, CWD, session duration, cumulative cost, context usage, 5-hour rate limit window with progress bar and reset countdown, weekly quota. Cached every 5 minutes to avoid rate-limit hits, with a 24-hour stale window and 429 backoff.
Cross-platform notifications
Claude notifies you when it finishes a turn or is waiting for your input β so you can tab away without missing the moment it needs you.
| Platform | Audio | Visual |
|---|---|---|
| Windows | SystemSounds | Orange taskbar flash (FlashWindowEx) |
| macOS | afplay | Native notification (display notification) |
| Linux | paplay | notify-send desktop notification |
Powered by hooks/notify.js, a single Node.js script that Claude Code runs natively. Zero setup.
Screenshot β Claude Code
/codebloom:hello starts a watcher on your screenshots folder. Take a screenshot β the path is automatically copied to your clipboard β paste it into Claude Code to send the image. No save dialog, no drag-and-drop, no friction.
WordPress zip builder
A Node.js cross-platform packaging script (hooks/wp-pack.js) that handles PowerShell Compress-Archive on Windows and zip on Unix. It auto-detects plugin/theme headers, bumps version, cleans old zips via fs.unlinkSync (zero rm permission prompts during packaging), and verifies the final zip before handing it back.
Philosophy
- Karpathy minimalism β three similar lines beat a premature abstraction. If 200 lines could be 50, rewrite. No abstractions for single-use code. No features beyond what was asked.
- Zero invention β if a path, function, or API wasn't confirmed by a tool (
Read,Grep,Glob,Bash,WebFetch), it doesn't get cited. Hallucinations are the fastest way to lose trust β especially in agent pipelines where downstream systems break on fake values. - Trace-test β every modified line must be justifiable by the user's request. Drive-by refactors are reverted on sight.
- Anti-slop β UI output is distinctive: Fraunces or Instrument Serif, not Inter everywhere. Earth tones, not indigo-violet gradients. No glassmorphism. No
bg-indigo-500buttons by default. - User override β every rule bends to explicit user instructions. The plugin guides the default behavior, never fights you.
- Skills over CLAUDE.md bloat β your
CLAUDE.mdstays under ~120 lines (warns past 150, alerts past 200). Contextual knowledge lives in skills that auto-load, not in a bloated instruction file the model eventually ignores. This follows Anthropic's official best practices.
Requirements
- Claude Code installed
- Git configured
- Node.js (bundled with Claude Code β powers the cross-platform hooks)
Install
/plugin marketplace add vendeesign/codebloom
/plugin install codebloom@codebloom
Then in any project:
/codebloom:setup
Update
/plugin marketplace update codebloom
/plugin update codebloom@codebloom
Then in each project (once):
/codebloom:update
/codebloom:hello tells you when a new version is available on the marketplace.
Contributing
Commands, skills, and agents are Markdown files with YAML frontmatter. Easy to read, easy to edit, easy to fork. See CONTRIBUTING.md.
License
MIT β free to use, modify, distribute, fork.
Support
If Codebloom saves you hours of work every week and you want to keep it growing:
Solana (SOL): CNJ81Uz9mjeudEcV2xcqPzwT9WPDLB3sifjfpLcbSWzw