* feat: add security middleware to REST API template
Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production.
- Added TrustedHostMiddleware for Host header validation
- Added CORSMiddleware for Cross-Origin Resource Sharing
- Added TODOs for production configuration
* feat: add security middleware to REST API template
Adds `TrustedHostMiddleware` and `CORSMiddleware` to the FastAPI template to ensure basic security protections are in place. Includes comments guiding users on how to configure these for production.
- Added TrustedHostMiddleware for Host header validation
- Added CORSMiddleware for Cross-Origin Resource Sharing
- Configured safe defaults (allow_credentials=False) for the template
- Added TODOs for production configuration
* feat: secure API template and fix Pydantic deprecations
Enhances `rest-api-template.py` with standard security middleware and updates Pydantic usage to V2 standards.
- Added `TrustedHostMiddleware` and `CORSMiddleware` with safe defaults
- Updated Pydantic models to use `ConfigDict` and `model_dump()` to resolve deprecation warnings
- Documented security learnings in sentinel journal
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
- Avoid re-evaluating the current prompt if metrics are already available from the previous iteration.
- Pass metrics from the best variation to the next iteration.
- Reduces N-1 expensive LLM calls in an N-iteration optimization loop.
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* ⚡ Bolt: Reuse ThreadPoolExecutor in PromptOptimizer
💡 What:
Initialized `ThreadPoolExecutor` in `PromptOptimizer.__init__` and reused it in `evaluate_prompt`.
🎯 Why:
The previous implementation created a new `ThreadPoolExecutor` for every call to `evaluate_prompt`. Since `evaluate_prompt` is called repeatedly inside the `optimize` loop (and for every variation), this caused significant overhead from repeatedly creating and destroying thread pools.
📊 Impact:
Benchmark showed a reduction in execution time from ~5.36s to ~3.76s (~30% improvement) for 500 iterations with a mocked LLM.
🔬 Measurement:
Ran a benchmark script executing `evaluate_prompt` 500 times.
Before: 5.36s
After: 3.76s
* ⚡ Bolt: Reuse ThreadPoolExecutor in PromptOptimizer
💡 What:
Initialized `ThreadPoolExecutor` in `PromptOptimizer.__init__` and reused it in `evaluate_prompt`. Added a `shutdown` method for proper cleanup.
🎯 Why:
The previous implementation created a new `ThreadPoolExecutor` for every call to `evaluate_prompt`. Since `evaluate_prompt` is called repeatedly inside the `optimize` loop (and for every variation), this caused significant overhead from repeatedly creating and destroying thread pools.
📊 Impact:
Benchmark showed a reduction in execution time from ~5.36s to ~3.76s (~30% improvement) for 500 iterations with a mocked LLM.
🔬 Measurement:
Ran a benchmark script executing `evaluate_prompt` 500 times.
Before: 5.36s
After: 3.76s
* ⚡ Bolt: Reuse ThreadPoolExecutor in PromptOptimizer
💡 What:
Initialized `ThreadPoolExecutor` in `PromptOptimizer.__init__` and reused it in `evaluate_prompt`. Added a `shutdown` method and wrapped execution in `try...finally` for proper resource management.
🎯 Why:
The previous implementation created a new `ThreadPoolExecutor` for every call to `evaluate_prompt`. Since `evaluate_prompt` is called repeatedly inside the `optimize` loop (and for every variation), this caused significant overhead from repeatedly creating and destroying thread pools.
📊 Impact:
Benchmark showed a reduction in execution time from ~5.36s to ~3.76s (~30% improvement) for 500 iterations with a mocked LLM.
🔬 Measurement:
Ran a benchmark script executing `evaluate_prompt` 500 times.
Before: 5.36s
After: 3.76s
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* feat: Parallelize prompt evaluation in optimize-prompt.py
- Update `PromptOptimizer.evaluate_prompt` to use `ThreadPoolExecutor` for concurrent test case processing
- Significantly reduces total execution time when using high-latency LLM clients (network IO bound)
- Maintain accurate metric aggregation (latency, accuracy, token count) from parallel results
- This prepares the script for real-world usage where sequential execution is a major bottleneck
⚡ Bolt: Reduces total evaluation time from O(n) to O(1) latency-wise (bounded by max_workers) for concurrent requests.
* feat: Parallelize prompt evaluation in optimize-prompt.py
- Update `PromptOptimizer.evaluate_prompt` to use `ThreadPoolExecutor` for concurrent test case processing
- Significantly reduces total execution time when using high-latency LLM clients (network IO bound)
- Maintain accurate metric aggregation (latency, accuracy, token count) from parallel results
- Ensure no generated artifacts (`optimization_results.json`) are committed
⚡ Bolt: Reduces total evaluation time from O(n) to O(1) latency-wise (bounded by max_workers) for concurrent requests.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* docs(agents): add haskell-pro
* fixup
* Move haskell-pro agent to functional-programming plugin
- Moved plugins/haskell-development/agents/haskell-pro.md to plugins/functional-programming/agents/haskell-pro.md
- Updated path reference in docs/agents.md
This addresses review feedback to place the Haskell agent in the existing functional-programming plugin alongside elixir-pro, rather than creating a new haskell-development plugin.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
---------
Co-authored-by: Claude <noreply@anthropic.com>
* Updated GPT and Claude models to latest, better and cheaper models
* updated more files to use GPT-5 and Sonnet/Haiku 4.5 because theu are the latest, cheaper and better models
Add comprehensive Julia 1.10+ development support including:
- Modern Julia features (multiple dispatch, metaprogramming)
- Package management with Pkg.jl and PkgTemplates.jl
- Code formatting with JuliaFormatter.jl (BlueStyle)
- Scientific computing (DifferentialEquations.jl, DataFrames.jl)
- Machine learning (Flux.jl, MLJ.jl)
- Performance optimization and type stability
- Testing and benchmarking best practices
- Web development with Genie.jl and Oxygen.jl
The julia-pro agent provides expert guidance on production-ready
Julia development following community best practices.
Add new developer-essentials plugin containing 8 high-value skills that
address critical gaps in the existing skill coverage:
Skills Added:
- git-advanced-workflows: Advanced Git techniques (rebase, cherry-pick, bisect, worktrees, reflog)
- sql-optimization-patterns: SQL query optimization, indexing, and EXPLAIN analysis
- error-handling-patterns: Multi-language error handling strategies and patterns
- code-review-excellence: Effective code review practices and constructive feedback
- e2e-testing-patterns: End-to-end testing with Playwright and Cypress
- auth-implementation-patterns: Authentication/authorization with JWT, OAuth2, RBAC
- debugging-strategies: Systematic debugging techniques and profiling tools
- monorepo-management: Monorepo setup and management with Turborepo, Nx, pnpm
These skills were identified through comprehensive research of:
- Existing 50+ skills across 14 plugins in the project
- Anthropic's official skills repository
- Gap analysis revealing missing coverage in general developer workflows
Changes:
- Added plugins/developer-essentials/ with 8 new SKILL.md files
- Updated .claude-plugin/marketplace.json to register new plugin
- Updated docs/agent-skills.md (47→55 skills, 14→15 plugins)
Each skill follows Anthropic's Agent Skills Specification with proper
YAML frontmatter, progressive disclosure, and clear activation triggers.
🤖 Generated with Claude Code (https://claude.com/claude-code)
Co-authored-by: Claude <noreply@anthropic.com>
Fantastic work, Ryan! You delivered an exceptional shell-scripting plugin with comprehensive coverage of defensive programming, static analysis, and testing patterns. Your responsiveness to feedback and commitment to quality are exactly what we value in this project. Thanks for the great contribution! 🎉
Bump version from 1.2.1 to 1.2.2 for 3 plugins that had Agent Skills added
and were already at 1.2.1:
- backend-development
- framework-migration
- security-scanning
Follow-up to commit 65e5cb0 (feat: add Agent Skills and restructure documentation)
- Migrate all 48 Opus agents to Sonnet
- Optimize 35 execution-focused agents for Haiku
- Update README with hybrid orchestration patterns
- Simplify model configuration to use agnostic aliases
Final distribution: 97 Sonnet / 47 Haiku agents
- Revert plugin name from embedded-systems to arm-cortex-microcontrollers
- Keep original name chosen by contributor Ryan Snodgrass
- Update all references in README.md and marketplace.json
- Plugin structure remains properly organized in plugins/ directory
- Refactor standalone agent into proper plugin structure
- Create plugins/embedded-systems/ directory with agents/ subdirectory
- Move arm-cortex-expert.md to plugins/embedded-systems/agents/
- Update marketplace.json plugin name and source path
- Update README.md to reflect 7 language plugins (was 6)
- Add embedded-systems to Languages plugin table
- Update all agent references to new path
- Remove empty agents/ directory
This aligns the embedded-systems plugin with the standard plugin
architecture used throughout the repository.
Updated all 84 agent references from incorrect `agents/{agent-name}.md` format to correct `plugins/{plugin-name}/agents/{agent-name}.md` paths to resolve 404 errors.
- Add comprehensive slash command documentation as primary interface
- Include real command examples mapped to actual plugins in marketplace
- Add 70+ categorized slash command reference (all real commands)
- Show both command-based and natural language invocation patterns
- Add tdd-workflows to Testing section for better discoverability
- Provide detailed workflow orchestration examples with step breakdowns
- Include command argument examples and discovery instructions
All examples now use actual commands that exist in the plugin system
(backend-development:feature-development, unit-testing:test-generate, etc.)
- Organize 62 plugins into isolated directories under plugins/
- Consolidate tools and workflows into commands/ following Anthropic conventions
- Update marketplace.json with isolated source paths for each plugin
- Revise README to reflect plugin-based structure and token efficiency
- Remove shared resource directories (agents/, tools/, workflows/)
Each plugin now contains only its specific agents and commands, enabling
granular installation and minimal token usage. Installing a single plugin
loads only its resources rather than the entire marketplace.
Structure: plugins/{plugin-name}/{agents/,commands/}
