Add a Claude Code Plugin

[owtaylor]

This is a draft of a Claude Code Plugin that achieves out-of-the box "Guarded Code Execution" functionality.

The plugin configures:

• Our MCP server, run with a new --external-script-checks cli parameter
• A "userConfig" setting for the toolset (fixed/run_script/both)
• Hooks:
  • A PreToolUse "prompt" hook that feeds the tool arguments to a model to do the gatekeeper checks (does the script match the
  • A second PreToolUse "command" hook that decides what run_script calls need confirmation
  • A PermissionRequest hook that auto-approves run_script calls that don't need explicit permission.

Other parts of the patch:

• --external-script-checks makes the run_script toolset preset only a single run_script tool disabling the "gatekeeper" and "user in the loop" parts of our guardrails. The implementation is a bit messy - FastMCP 3 would make it easier.
• The eval/gatekeeper framework gains an --external-checks mode that tests things using the plugin prompt rather than the gatekeeper prompt (with the arguments as JSON etc).
• There's a "plugin marketplace" that just includes the single plugin.
• The build configuration is extended so if the mcp-app HTML file is missing, it's just ignored. This allows uvx git+https://github.com/owtaylor/linux-mcp-server.git to work for demo purposes without needing --external-script-checks support on PyPI

Demo

Trying it out:

Within Claude Code:

/plugin marketplace add owtaylor/linux-mcp-server
/plugin install linux-mcp-server            
/reload-plugins

The good

• Really easy to get going
• No validate_script overhead for the model
• Approval happens after validation
• Can use it with just a Claude Pro subscription
• No fiddling around with tool use permissions - the right thing just happens

The bad

• Specific to Claude Code
• userConfig settings are a bit buggy and fragile

The ugly

• Naming: A linux-mcp-server plugin that includes a linux-mcp-server MCP server
• The approval prompts have quite a bit of noise:

(The "Yes" and "Yes, and don't ask again..." options have exactly the same behavior ... which is that it will continue to ask again only for read-write script and not read-only scripts.)

Other clients?

• Cursor has all the same pieces - plugins, hooks, and prompt hooks, so doing the exactly same thing should be theoretically possible, though hard to be sure in advance of trying it.
• Codex has plugins and hooks, but not prompt hooks. It is possible to read ~/.code/auth_json and make direct API calls in a command hook - and probably within the spirit. (It's explicitly OK to use your ChatGPT Plus/Pro account with OpenCode / OpenClaw)

[github-actions]

For team members: test commit 1661feb in internal GitLab

[codecov]

Codecov Report

❌ Patch coverage is 53.96825% with 29 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
src/linux_mcp_server/tools/run_script_external.py	0.00%	21 Missing ⚠️
src/linux_mcp_server/server.py	45.45%	4 Missing and 2 partials ⚠️
src/linux_mcp_server/tools/__init__.py	80.00%	1 Missing and 1 partial ⚠️

Flag	Coverage Δ
unittests	96.29% <53.96%> (-0.63%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/linux_mcp_server/config.py	100.00% <100.00%> (ø)
src/linux_mcp_server/tools/run_script.py	97.14% <100.00%> (-0.11%)	⬇️
src/linux_mcp_server/tools/run_script_common.py	100.00% <100.00%> (ø)
src/linux_mcp_server/tools/__init__.py	93.33% <80.00%> (-6.67%)	⬇️
src/linux_mcp_server/server.py	64.56% <45.45%> (-0.98%)	⬇️
src/linux_mcp_server/tools/run_script_external.py	0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.