# loadout - Doramagic AI Context Pack

> Positioning: a pre-install experience and judgment asset. It helps the host AI get off to a good start, but it does not mean the project has already been installed, run, or validated.

## Sufficiency Principle

- **Sufficiency over compression**: The AI Context Pack should be sufficient for the host AI to understand the project's value, capability boundaries, entrypoints, risks, and evidence sources before starting work; it may be layered, but it does not aim for the shortest possible summary.
- **Compression policy**: Compress only noise and duplication, never context that affects judgment or the quality of the work.

## How the Host AI Should Use This

You are reading the AI Context Pack that Doramagic compiled for loadout. Treat it as pre-work context: help the user understand who it fits, what it can do, how to start, what must be verified after install, and where the risks are. Do not claim that you have already installed, run, or executed the target project.

## Claim Consumption Rules

- **Fact source**: Repo Evidence + Claim/Evidence Graph; the Human Wiki only supplies salience, terminology, and narrative structure.
- **Minimum status for a fact**: `supported`
- `supported`: May be used as a project fact, but the answer must cite the claim_id and evidence path.
- `weak`: Usable only as a low-confidence lead; the user must be asked to keep verifying.
- `inferred`: Usable only for risk notes or open questions; must not be packaged as a project fact.
- `unverified`: Must not be used as fact; state clearly that evidence is insufficient.
- `contradicted`: Must show the conflicting sources and must not force a single version on the user's behalf.

## Who It Fits Best

- **AI researchers or builders of research-oriented Agents**: The README clearly centers on research, experiment, or paper workflows. Evidence: `README.md` Claim: `clm_0004` supported 0.86
- **Developers already using host AIs such as Claude/Codex/Cursor/Gemini**: The README or plugin config mentions multiple host AIs. Evidence: `README.md` Claim: `clm_0005` supported 0.86
- **Users who want to bring professional workflows into a host AI**: The repo contains Skill documents. Evidence: `plugins/loadout/skills/browse/SKILL.md`, `plugins/loadout/skills/recommend/SKILL.md` Claim: `clm_0006` supported 0.86

## What It Can Do

- **AI Skill / Agent Instruction Asset Library** (Previewable before install): The project contains Skill or Agent instruction files that a host AI can read, useful for bringing professional workflows into hosts like Claude, Codex, or Cursor. Evidence: `plugins/loadout/skills/browse/SKILL.md`, `plugins/loadout/skills/recommend/SKILL.md` Claim: `clm_0001` supported 0.86
- **Multi-Host Install and Distribution** (Verify after install): The project contains plugin or marketplace configuration, indicating it targets install and distribution across one or more AI hosts. Evidence: `.claude-plugin/marketplace.json`, `plugins/loadout/.claude-plugin/plugin.json` Claim: `clm_0002` supported 0.86
- **Command-Line Startup or Install Flow** (Verify after install): The project documentation contains runnable commands; real use requires running them in a local or host environment. Evidence: `README.md` Claim: `clm_0003` supported 0.86

## How to Start

- `/plugin marketplace add sukoji/loadout` Evidence: `README.md` Claim: `clm_0007` supported 0.86
- `/plugin install loadout@loadout` Evidence: `README.md` Claim: `clm_0008` supported 0.86
- `npx claude-loadout            # interactive` Evidence: `README.md` Claim: `clm_0009` supported 0.86
- `npx claude-loadout --dry-run  # just show the recommendation` Evidence: `README.md` Claim: `clm_0010` supported 0.86
- `npx claude-loadout --all      # apply the whole recommended loadout` Evidence: `README.md` Claim: `clm_0011` supported 0.86
- `npx claude-loadout doctor     # audit tokens, hook deps, security gaps (read-only)` Evidence: `README.md` Claim: `clm_0012` supported 0.86
- `npx claude-loadout export     # team loadout → .loadout.json` Evidence: `README.md` Claim: `clm_0013` supported 0.86
- `npx claude-loadout apply -f .loadout.json   # apply shared manifest` Evidence: `README.md` Claim: `clm_0014` supported 0.86
- `npx claude-loadout --help     # full flag list` Evidence: `README.md` Claim: `clm_0015` supported 0.86
- `npx claude-loadout --target codex        # writes ~/.codex-style .codex/config.toml` Evidence: `README.md` Claim: `clm_0016` supported 0.86

## Continue-or-Stop Decision Card

- **Current recommendation**: Sandbox-trial permissions first
- **Why**: The project has signals of install commands, host configuration, or local writes; do not go straight into your primary environment—trial it in isolation first.

### 30-Second Read

- **What to do now**: Sandbox-trial permissions first
- **Minimum safe next step**: Run Prompt Preview first; if you still want to install, trial only in an isolated environment
- **Do not trust yet**: Tool permission boundaries cannot be trusted before install.
- **Continuing will touch**: Command execution, Host AI configuration, Local environment or project files

### What You Can Trust Now

- **Target-audience signal: AI researchers or builders of research-oriented Agents** (supported): Backed by a supported claim or project evidence, but that still is not the same as real install results. Evidence: `README.md` Claim: `clm_0004` supported 0.86
- **Target-audience signal: Developers already using host AIs such as Claude/Codex/Cursor/Gemini** (supported): Backed by a supported claim or project evidence, but that still is not the same as real install results. Evidence: `README.md` Claim: `clm_0005` supported 0.86
- **Target-audience signal: Users who want to bring professional workflows into a host AI** (supported): Backed by a supported claim or project evidence, but that still is not the same as real install results. Evidence: `plugins/loadout/skills/browse/SKILL.md`, `plugins/loadout/skills/recommend/SKILL.md` Claim: `clm_0006` supported 0.86
- **Capability exists: AI Skill / Agent Instruction Asset Library** (supported): You can trust that the project contains signals of this capability; whether it fits your specific task still needs trial or after-install verification. Evidence: `plugins/loadout/skills/browse/SKILL.md`, `plugins/loadout/skills/recommend/SKILL.md` Claim: `clm_0001` supported 0.86
- **Capability exists: Multi-Host Install and Distribution** (supported): You can trust that the project contains signals of this capability; whether it fits your specific task still needs trial or after-install verification. Evidence: `.claude-plugin/marketplace.json`, `plugins/loadout/.claude-plugin/plugin.json` Claim: `clm_0002` supported 0.86
- **Capability exists: Command-Line Startup or Install Flow** (supported): You can trust that the project contains signals of this capability; whether it fits your specific task still needs trial or after-install verification. Evidence: `README.md` Claim: `clm_0003` supported 0.86

### What You Cannot Trust Yet

- **Tool permission boundaries cannot be trusted before install.** (unverified): MCP/tool projects usually touch files, the network, the browser, or external APIs, so permissions and logs must be checked for real.
- **Real output quality cannot be trusted before install.** (unverified): Prompt Preview can only show how it guides you; it cannot prove result quality in the real project.
- **Host AI version compatibility cannot be trusted before install.** (unverified): Host loading rules and version differences across Claude, Cursor, Codex, Gemini, and others must be verified in a real environment.
- **That it will not pollute your existing host AI's behavior cannot be trusted directly.** (inferred): Skill, plugin, and AGENTS/CLAUDE/GEMINI instructions may change the host AI's default behavior. Evidence: `.claude-plugin/marketplace.json`, `CLAUDE.md`, `plugins/loadout/.claude-plugin/plugin.json`, `plugins/loadout/skills/browse/SKILL.md` et al.
- **Safe rollback cannot be assumed by default.** (unverified): Unless the project clearly provides uninstall and recovery instructions, verify in an isolated environment first.
- **After a real install, is it compatible with the user's current host AI version?** (unverified): Compatibility can only be verified in the actual host environment. Evidence: `.claude-plugin/marketplace.json`, `plugins/loadout/.claude-plugin/plugin.json`
- **Does the project's output quality meet the user's specific task?** (unverified): The pre-install preview can only show flow and boundaries; it cannot replace real evaluation.
- **Do the install commands require network access, permissions, or global writes?** (unverified): This affects install risk in both enterprise and personal environments. Evidence: `README.md`

### What Continuing Will Touch

- **Command execution**: Package managers, network downloads, the local plugin directory, project config, or the user's home directory. Why: Running the very first command can already change your environment; decide whether it is worth running first. Evidence: `README.md`
- **Host AI configuration**: The plugin, Skill, or rule-loading config of hosts like Claude/Codex/Cursor/Gemini/OpenCode. Why: Host configuration changes how the AI works afterward and may conflict with the user's existing rules. Evidence: `.claude-plugin/marketplace.json`, `CLAUDE.md`, `plugins/loadout/.claude-plugin/plugin.json`, `plugins/loadout/skills/browse/SKILL.md` et al.
- **Local environment or project files**: Install results, plugin caches, project config, or local dependency directories. Why: The write scope and rollback path cannot be proven before install and need isolated verification. Evidence: `.claude-plugin/marketplace.json`, `README.md`, `plugins/loadout/.claude-plugin/plugin.json`
- **Host AI context**: The AI Context Pack, Prompt Preview, Skill routing, risk rules, and project facts. Why: Importing context affects the host AI's later judgment, so avoid packaging unverified items as facts.

### Minimum Safe Next Steps

- **Run Prompt Preview first**: Use a pre-install interactive trial to judge whether the way of working fits; it needs no authorization or environment change. (applies when: Applies to any project, especially when output quality is unknown.)
- **Trial-install only in an isolated directory or a test account**: Avoid letting install commands pollute your primary host AI, real projects, or home directory. (applies when: When there are signals of command execution, plugin config, or local writes.)
- **Back up your host AI configuration first**: Skill, plugin, and rule files may change the default behavior of Claude/Cursor/Codex. (applies when: When there is a plugin manifest, a Skill, or a host rule entrypoint.)
- **After install, verify just one minimal task**: Verify loading, compatibility, output quality, and rollback first, then decide whether to use it deeply. (applies when: When moving from a trial into a real workflow.)

### Exit Plan

- **Preserve the pre-install state**: Record the original host config and project state so you can later judge whether it is recoverable.
- **Be ready to remove the host plugin / Skill / rule entrypoint**: If behavior is off after the trial install, you can restore the host AI to its pre-trial state.
- **Record the install commands and written paths**: Without clear uninstall instructions, you at least need to know which directories or configs to clean up manually.
- **If there is no rollback path, do not enter your primary environment**: No rollback is a blocker before continuing; do not proceed on trust or luck.

## What Can Only Be Previewed

- Explain who the project fits and what it can do
- Demonstrate a typical conversation flow based on project docs
- Help the user decide whether it is worth installing or researching further

## What Must Be Verified After Install

- Actually installing the Skill, plugin, or CLI
- Running scripts, modifying local files, or accessing external services
- Verifying real output quality, performance, and compatibility

## Boundary & Risk Decision Card

- **Mistaking the pre-install preview for a real run**: The user may overestimate how much configuration, permission, and compatibility verification the project has already done. Mitigation: Clearly separate prompt_preview_can_do from runtime_required. Claim: `clm_0023` inferred 0.45
- **Host AI plugin or Skill rule conflicts**: New rules may change how the user's existing host AI behaves. Mitigation: Inspect the plugin manifest and Skill files before installing, and test in isolation if needed. Evidence: `.claude-plugin/marketplace.json`, `plugins/loadout/.claude-plugin/plugin.json` Claim: `clm_0024` supported 0.86
- **Command execution will modify the local environment**: Install commands may write to the user's home directory, the host plugin directory, or project configuration. Mitigation: Run in an isolated environment or a test account first. Evidence: `README.md` Claim: `clm_0025` supported 0.86
- **To confirm**: After a real install, is it compatible with the user's current host AI version?. Why: Compatibility can only be verified in the actual host environment.
- **To confirm**: Does the project's output quality meet the user's specific task?. Why: The pre-install preview can only show flow and boundaries; it cannot replace real evaluation.
- **To confirm**: Do the install commands require network access, permissions, or global writes?. Why: This affects install risk in both enterprise and personal environments.

## Pre-Work Working Context

### Loading Order

- First read how_to_use.host_ai_instruction to establish the boundaries of this pre-install judgment asset.
- Read claim_graph_summary to confirm facts come from the Claim/Evidence Graph, not the Human Wiki narrative.
- Then read intended_users, capabilities, and quick_start_candidates to judge whether the user is a match.
- When you need to carry out a concrete task, check role_skill_index first, then evidence_index.
- For real install, file modification, network access, performance, or compatibility questions, turn to risk_card and boundaries.runtime_required.

### Task Routes

- **AI Skill / Agent Instruction Asset Library**: Use role_skill_index / evidence_index to help the user pick a usable role, Skill, or workflow first. Boundary: Can be experienced via a pre-install Prompt. Evidence: `plugins/loadout/skills/browse/SKILL.md`, `plugins/loadout/skills/recommend/SKILL.md` Claim: `clm_0001` supported 0.86
- **Multi-Host Install and Distribution**: State that this is an after-install capability first, then give a pre-install checklist. Boundary: Must be verified after a real install or run. Evidence: `.claude-plugin/marketplace.json`, `plugins/loadout/.claude-plugin/plugin.json` Claim: `clm_0002` supported 0.86
- **Command-Line Startup or Install Flow**: State that this is an after-install capability first, then give a pre-install checklist. Boundary: Must be verified after a real install or run. Evidence: `README.md` Claim: `clm_0003` supported 0.86

### Context Scale

- Total files: 53
- Important-file coverage: 40/53
- Evidence index entries: 49
- Role / Skill entries: 2

### Handling Insufficient Evidence

- **missing_evidence**: State that evidence is insufficient and ask the user for the target file, a README section, or after-install verification records; do not fill in facts.
- **out_of_scope_request**: State that the task is beyond the current AI Context Pack's evidence scope and suggest the user check the Human Manual or verify after a real install.
- **runtime_request**: Provide a pre-install checklist and command sources, but do not run commands for the user or claim they have been run.
- **source_conflict**: Show the conflicting sources side by side, mark them as unverified, and do not force a single version.

## Prompt Recipes

### Fit assessment

- Goal: Judge whether this project fits the user's current task.
- Expected output: A fit conclusion, key reasons, evidence citations, what can be previewed before install, what must be verified after install, and a next-step recommendation.

```text
Based on the AI Context Pack for loadout, ask me 3 necessary questions first, then judge whether it fits my task. The answer must cover: who it fits, what it can do, what it cannot do, whether it is worth installing, and where the evidence comes from. Every project fact must cite evidence_refs, source_paths, or a claim_id.
```

### Pre-install experience

- Goal: Let the user feel the core workflow before installing, while avoiding packaging the preview as real capability or a marketing promise.
- Expected output: An experience script with boundary labels, an after-install verification checklist, and a cautious recommendation; with no real-run promises or strong marketing language.

```text
Treat loadout as a pre-install experience asset, not an already-installed tool or a real runtime environment.

Output exactly four parts:
1. Ask me 3 necessary questions first.
2. Give an "experience script": use the three labels [Previewable before install], [Must verify after install], and [Insufficient evidence] to show how it might guide the workflow.
3. Give an after-install verification checklist: list which capabilities can only be confirmed after a real install, real host loading, and a real project run.
4. Give a cautious recommendation: only "worth researching/trialing further", "add information before deciding", or "not recommended to continue"; do not endorse the project.

Hard boundaries:
- Do not claim you have installed, run, executed tests, modified files, or produced real results.
- Do not write promise-like phrasing such as "auto-adapts", "guarantees passing", "perfect fit", or "strongly recommend installing".
- If you describe how it works after install, you must use a conditional such as "if installed successfully and the host loads the Skill correctly, it might...".
- The experience script may only be written as "example lines / hypothetical flow": use "might ask / might suggest / might show", not "has written, has generated, has passed, is running, is generating".
- Prompt Preview does not hand out install commands; if the user is ready to trial, only prompt them to read Quick Start and the Risk Card first and to verify in an isolated environment.
- Every project fact must come from a supported claim, evidence_refs, or source_paths; inferred/unverified items can only be risks or open questions.

```

### Role / Skill selection

- Goal: Pick the best-matching asset from the project's roles or Skills.
- Expected output: A list of candidate roles or Skills, each with an applicable scenario, evidence paths, risk boundary, and whether after-install verification is needed.

```text
Read role_skill_index and recommend 3-5 of the most relevant roles or Skills for my target task. For each recommendation, state the applicable scenario, likely output, risk boundary, and evidence_refs.
```

### Risk pre-check

- Goal: Identify environment, permission, rule-conflict, and quality risks before installing or adopting.
- Expected output: A checklist of environment, permission, dependency, license, host-conflict, quality risk, and unknown items.

```text
Based on risk_card, boundaries, and quick_start_candidates, give me a pre-install risk pre-check list. Do not run commands for me; only explain what I should check, why, and what impact a failure would have.
```

### Host AI kickoff instruction

- Goal: Turn the project context into a host AI instruction for the start of a conversation.
- Expected output: A pre-work instruction with clear boundaries and clear evidence citations, suitable to copy to a host AI.

```text
Based on the AI Context Pack for loadout, generate a pre-work instruction I can paste to my host AI. This instruction must obey not_runtime=true and must not claim the project has been installed, run, or produced real results.
```

## Role / Skill Index

- Indexed 2 role / Skill / project-doc entries.

- **browse** (skill): Browse the Loadout catalog of curated Claude Code extensions by domain frontend, backend, data/ML, devops, mobile, security, docs without changing anything. Use when the user wants to see what's available for a given kind of project, or asks "what MCP/skills/hooks exist for X" but isn't ready to install. Activation hint: When the user's task is highly relevant to the workflow described by “browse”, use it for a pre-install experience first, then decide whether to install. Evidence: `plugins/loadout/skills/browse/SKILL.md`
- **recommend** (skill): Profile the current project and recommend a domain-matched loadout of Claude Code extensions MCP servers, hooks, settings, skills , then apply the ones the user picks. Use when the user wants to set up, gear up, or optimize Claude Code for this repo, asks "what skills/MCP should I use here", runs /loadout, or opens a fresh project and wants the right tooling configured. Activation hint: When the user's task is highly relevant to the workflow described by “recommend”, use it for a pre-install experience first, then decide whether to install. Evidence: `plugins/loadout/skills/recommend/SKILL.md`

## Evidence Index

- Indexed 49 evidence entries.

- **Loadout catalog — by domain** (documentation): Curated Claude Code extensions, organized by the kind of project you're working on. Generated from the canonical catalog — do not edit by hand run npm run build:docs . Evidence: `docs/domains/README.md`
- **Loadout looks at your project and sets up Claude Code for it — automatically.** (documentation): Loadout looks at your project and sets up Claude Code for it — automatically. Evidence: `README.md`
- **Package** (package_manifest): { "name": "claude-loadout", "version": "0.3.17", "description": "Profile your project and gear up your coding agent with the right MCP servers, skills, and hooks. Claude Code, Codex, Cursor, opencode, Gemini CLI & OpenClaw. A recommender + installer, not a list you read.", "type": "module", "bin": { "loadout": "cli/index.js" }, "files": "cli", "plugins/loadout/catalog", "README.md", "LICENSE" , "scripts": { "start": "node cli/index.js", "validate": "node scripts/validate-catalog.mjs", "test:recommend": "node scripts/test-recommend.mjs", "test:mcps": "node scripts/test-mcps.mjs", "verify:mcp": "node scripts/verify-mcp-packages.mjs", "test": "node scripts/validate-catalog.mjs && node scripts/… Evidence: `package.json`
- **Loadout — browse the catalog** (skill_instruction): Read-only. Show what's in the catalog for a chosen domain; do not modify any files. Evidence: `plugins/loadout/skills/browse/SKILL.md`
- **Loadout — recommend & apply** (skill_instruction): Your job: look at THIS project, figure out what it is, and hand the user a short, ranked loadout of Claude Code extensions worth adding — then apply exactly the ones they choose. You are a recommender and installer, not a list-dumper. Never paste the whole catalog. Evidence: `plugins/loadout/skills/recommend/SKILL.md`
- **Marketplace** (structured_config): { "$schema": "https://json.schemastore.org/claude-code-marketplace.json", "name": "loadout", "description": "Loadout — profile your project and gear up Claude Code with the right skills, MCP servers, and hooks. Not a list you read; a loadout you apply.", "owner": { "name": "sukoji" }, "plugins": { "name": "loadout", "source": "./plugins/loadout", "description": "Analyze your repo, recommend a domain-matched loadout of Claude Code extensions, and apply the ones you pick — MCP servers, hooks, settings, and skills.", "version": "0.3.17", "category": "workflow", "keywords": "setup", "recommender", "mcp", "skills", "hooks", "onboarding", "curated" , "homepage": "https://github.com/sukoji/loadout… Evidence: `.claude-plugin/marketplace.json`
- **Plugin** (structured_config): { "$schema": "https://json.schemastore.org/claude-code-plugin-manifest.json", "name": "loadout", "displayName": "Loadout", "version": "0.3.17", "description": "Profile your project and gear up Claude Code with the right skills, MCP servers, and hooks.", "author": { "name": "sukoji" }, "homepage": "https://github.com/sukoji/loadout", "repository": "https://github.com/sukoji/loadout", "license": "MIT", "keywords": "setup", "recommender", "mcp", "skills", "hooks", "onboarding", "curated" } Evidence: `plugins/loadout/.claude-plugin/plugin.json`
- **CLAUDE.md — Loadout** (documentation): If you are resuming work on this project, read HANDOFF.md HANDOFF.md first. It has the current status, the task board, and how to verify the build. This file is the short always-loaded version. Evidence: `CLAUDE.md`
- **Contributing to Loadout** (documentation): Loadout is only as good as its catalog. Adding a well-tagged entry is the highest-value contribution. Evidence: `CONTRIBUTING.md`
- **License** (source_file): Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software" , to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Evidence: `LICENSE`
- **Changelog** (documentation): All notable changes to Loadout are documented here. Format loosely follows Keep a Changelog https://keepachangelog.com/ ; versions follow SemVer https://semver.org/ . Evidence: `CHANGELOG.md`
- **Loadout은 당신의 프로젝트를 보고, 거기에 맞게 Claude Code를 자동으로 세팅합니다.** (documentation): Loadout은 당신의 프로젝트를 보고, 거기에 맞게 Claude Code를 자동으로 세팅합니다. Evidence: `README.ko.md`
- **Backend / API** (documentation): Servers, APIs, databases — Node, Python, Go, Rust, Java services. Evidence: `docs/domains/backend-api.md`
- **Data / ML / Notebooks** (documentation): Python data work, training pipelines, analysis, and reporting. Evidence: `docs/domains/data-ml.md`
- **DevOps / Infra** (documentation): CI/CD, Docker, Terraform, Kubernetes, cloud automation. Evidence: `docs/domains/devops.md`
- **Docs / Writing / Office** (documentation): Documentation, reports, and real Word/Excel/PDF/PPT deliverables. Evidence: `docs/domains/docs-writing.md`
- **Frontend / Web UI** (documentation): React, Vue, Svelte, Next — anything that ships to a browser. Evidence: `docs/domains/frontend.md`
- **Game Development** (documentation): Godot, Unity, Unreal — gameplay code, editor scripting, and engine tooling. Evidence: `docs/domains/game-dev.md`
- **General / Any project** (documentation): The always-useful baseline every repo benefits from. Evidence: `docs/domains/general.md`
- **Mobile** (documentation): iOS, Android, React Native, Flutter apps. Evidence: `docs/domains/mobile.md`
- **Research / Academic** (documentation): Literature review, notebooks, papers, and experiment repos — when discovery and writing matter as much as code. Evidence: `docs/domains/research.md`
- **Security-sensitive** (documentation): Auth, payments, PII, or anything where a mistake is expensive. Evidence: `docs/domains/security.md`
- **Community** (structured_config): { "id": "caveman", "tier": "community", "verified": false, "type": "skill", "name": "Caveman token saver ", "description": "Community skill that makes the agent answer in terse 'caveman' style, cutting ~65–75% of output tokens while keeping technical accuracy. Levels: /caveman lite full ultra, plus Caveman Compress for CLAUDE.md.", "domains": "general" , "signals": "always" , "official": false, "homepage": "https://github.com/JuliusBrussee/caveman", "install": { "type": "manual", "note": "Community ~14k★ , UNVERIFIED by Loadout — review the repo before installing. Works with Claude Code and 40+ other agents.", "commands": } }, { "id": "community-marketplace", "tier": "community", "verified"… Evidence: `plugins/loadout/catalog/community.json`
- **Domains** (structured_config): { "id": "frontend", "title": "Frontend / Web UI", "title ko": "프론트엔드 / 웹 UI", "blurb": "React, Vue, Svelte, Next — anything that ships to a browser.", "signals": "react", "next", "vue", "svelte", "vite", "tailwind", "angular", "package.json" , "loadout": "context7", "playwright", "chrome-devtools", "figma", "format-js-on-edit", "eslint-fix-on-edit", "superpowers", "code-review", "init-claude-md" }, { "id": "backend-api", "title": "Backend / API", "title ko": "백엔드 / API", "blurb": "Servers, APIs, databases — Node, Python, Go, Rust, Java services.", "signals": "express", "fastify", "nestjs", "django", "flask", "fastapi", "go.mod", "Cargo.toml", "pom.xml", "prisma", "drizzle", "postgres" , "lo… Evidence: `plugins/loadout/catalog/domains.json`
- **Ecosystem** (structured_config): { "id": "42crunch-api-security-testing", "tier": "official", "type": "skill", "name": "42crunch-api-security-testing", "description": "Automate API security directly in Claude Code with 42Crunch - automatically audit OpenAPI specs, detect vulnerabilities aligned with OWASP API Security risks including BOLA/BFLA , and apply AI-powered fixes. Designed for AI-assisted development workflows, it provides continuous guardrails through an audit- scan- remediate- validate loop, ensuring APIs meet enterprise security standards before deployment.", "domains": "security" , "signals": , "official": true, "category": "security", "homepage": "https://42crunch.com", "install": { "type": "plugin", "marketp… Evidence: `plugins/loadout/catalog/ecosystem.json`
- **Hooks** (structured_config): { "id": "format-js-on-edit", "type": "hook", "name": "Auto-format JS/TS on edit Prettier ", "description": "After Claude writes or edits a file, run Prettier on that exact file so the diff is always clean. Keeps you from reviewing formatting noise.", "domains": "frontend", "backend-api" , "signals": "package.json", "prettier", "react", "next", "vue", "svelte" , "note": "Requires jq and npx prettier available. On Windows, run Claude Code from Git Bash/WSL for this shell form, or adapt the command.", "settings": { "hooks": { "PostToolUse": { "matcher": "Write Edit", "hooks": { "type": "command", "command": "jq -r '.tool input.file path' grep -Eq '\\. js jsx ts tsx css scss json md html vue sv… Evidence: `plugins/loadout/catalog/hooks.json`
- **Mcp** (structured_config): { "id": "filesystem", "type": "mcp", "name": "Filesystem", "description": "Give Claude scoped read/write access to specific directories outside the project root — useful for cross-repo work, shared asset folders, or a downloads dir.", "domains": "general", "backend-api", "data-ml", "devops" , "signals": "always" , "auth": false, "official": true, "homepage": "https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem", "config": { "command": "npx", "args": "-y", "@modelcontextprotocol/server-filesystem", "." } }, { "id": "git", "type": "mcp", "name": "Git", "description": "Structured git operations status, log, diff, blame, branch as first-class tools instead of shell parsing.… Evidence: `plugins/loadout/catalog/mcp.json`
- **Skills** (structured_config): { "id": "superpowers", "type": "skill", "name": "Superpowers", "description": "A large, battle-tested framework of skills and subagents for planning, TDD, debugging, and disciplined execution. One of the most popular community skill packs; accepted into the official marketplace.", "domains": "general", "backend-api", "frontend", "data-ml" , "signals": "always" , "homepage": "https://github.com/obra/superpowers", "install": { "type": "plugin", "marketplace": "obra/superpowers", "plugin": "superpowers", "commands": "/plugin marketplace add obra/superpowers", "/plugin install superpowers@superpowers" } }, { "id": "office-docs", "type": "skill", "name": "Office documents pdf / docx / pptx / xls… Evidence: `plugins/loadout/catalog/skills.json`
- **Index** (source_file): const c = color, s = $ ⋮---- async function main ⋮---- function parseTargets args ⋮---- function printTargets ⋮---- function printHelp ⋮---- function parseOutputPath args, flags ⋮---- function parseManifestPath args ⋮---- function runExport args, flags ⋮---- function runApplyManifest args, flags ⋮---- function runDoctor flags = new Set ⋮---- function parseSelection answer, top ⋮---- function authLabel item ⋮---- function describeSignals signals ⋮---- function printReceipt r ⋮---- function printTargetReceipt r Evidence: `cli/index.js`
- **Apply** (source_file): // Apply selected catalog items to the project config. Returns a receipt describing what happened. export function apply selected, root = process.cwd ⋮---- function readJson path ⋮---- function writeJson path, doc ⋮---- // Deep-merge source into target. Arrays are concatenated so hook event arrays append, // not replace . Objects merge recursively. Scalars from source win. function deepMerge target, source Evidence: `cli/lib/apply.mjs`
- **Doctor** (source_file): export function doctor root = process.cwd ⋮---- function auditMcpServers mcpDoc, catalog, findings, file = ".mcp.json", mcpLocations ⋮---- function auditCrossAgentMcp root, catalog, findings, mcpLocations ⋮---- function trackMcp id, file, mcpLocations ⋮---- function auditDuplicateMcp mcpLocations, findings ⋮---- function auditMcpEntry id, cfg, catalog, findings, file, mcpLocations ⋮---- function auditTokens mcpDoc, findings ⋮---- function auditHooks settingsDoc, findings ⋮---- function auditSecurity hasEnv, settingsDoc, findings ⋮---- function auditGaps root, catalog, findings ⋮---- function commandExists name Evidence: `cli/lib/doctor.mjs`
- **Manifest** (source_file): // Build a shareable team loadout manifest from the current project profile. export function buildManifest catalog, root = process.cwd , opts = ⋮---- export function buildRecommendPreview signals, domains, items, community, installed, opts = ⋮---- export function writeManifest manifest, outPath ⋮---- export function readManifestIds path ⋮---- export function resolveManifestItems catalog, ids ⋮---- export function previewManifestApply catalog, manifestPath, opts = ⋮---- export function applyManifest catalog, manifestPath, root = process.cwd , opts = ⋮---- function normalizeTargets targets Evidence: `cli/lib/manifest.mjs`
- **Paths** (source_file): export function openclawHome ⋮---- export function openclawConfigPath Evidence: `cli/lib/paths.mjs`
- **Recommend** (source_file): // Signals too broad to justify a Tier-2 official plugin on their own. ⋮---- // On Windows, prefer native hook variants when catalog provides them. function resolveItemId id, byId ⋮---- // Score domains against project signals and build a ranked, de-duplicated loadout. // Tier 1 curated recs come from domain loadouts; Tier 2 official enter by signal match; // Tier 3 community surface only when opts.discover is set, and are never auto-applied. export function recommend ⋮---- // top 2 signal-matched domains + always keep general ⋮---- // Tier 2: official-marketplace plugins — only when signals are specific enough. ⋮---- function officialSignalMatch matched ⋮---- function rankEntries a, b ⋮---… Evidence: `cli/lib/recommend.mjs`
- **Scan** (source_file): // Walk a shallow slice of the project and collect "signals" — lowercase tokens // framework names, filenames, file extensions that the catalog matches against. export function scanProject root = process.cwd ⋮---- const add = s ⋮---- const has = p const read = p = ⋮---- // package.json + dependency names ⋮---- // normalize a few common scoped/aliased packages to catalog signals ⋮---- / ignore malformed package.json / ⋮---- // Python ⋮---- // Other ecosystems ⋮---- // shallow extension sweep top level + one dir down for .tf / .ipynb / .xcodeproj etc. ⋮---- function isDir root, rel ⋮---- function sweepExtensions root, signals, depth = 2 ⋮---- const walk = dir, d = ⋮---- function addExtensionS… Evidence: `cli/lib/scan.mjs`
- **Targets** (source_file): // Cross-agent target adapters. MCP servers are portable across modern agents; each target // only differs in WHERE its config lives and WHAT shape an MCP entry takes. Verified formats: // Claude Code .mcp.json { mcpServers: { NAME: {command,args,env} {type:"http",url} } } // Cursor .cursor/mcp.json same "mcpServers" shape as Claude // Gemini CLI .gemini/settings.json same "mcpServers" shape as Claude // opencode opencode.json { mcp: { NAME: {type:"local",command: ... ,enabled,environment} } } // Codex .codex/config.toml mcp servers.NAME command=".." args= .. env={..} // OpenClaw ~/.openclaw/openclaw.json { mcp: { servers: { NAME: {command,args,env} } } } http → transport ⋮---- export funct… Evidence: `cli/lib/targets.mjs`
- **Test Doctor** (source_file): function assert name, cond ⋮---- function hasMsg list, needle Evidence: `scripts/test-doctor.mjs`
- **Test Manifest** (source_file): function assert name, cond Evidence: `scripts/test-manifest.mjs`
- **Test Recommend** (source_file): // Regression checks for recommend ranking — run before release. ⋮---- function assert name, cond, detail = "" ⋮---- function topNames signals ⋮---- // ML research repo should surface research tools, not random python marketplace plugins. ⋮---- // LaTeX + bib repo should match research domain. ⋮---- // Frontend repo should still prioritize browser tooling. ⋮---- // Jupyter + numpy research repo LOOP 5 . ⋮---- // FastAPI backend should get API-appropriate tools, not frontend noise. ⋮---- // Godot game project. Evidence: `scripts/test-recommend.mjs`
- **Test Scan** (source_file): function assert name, cond Evidence: `scripts/test-scan.mjs`
- **HANDOFF — resume this project cold** (documentation): Read this file first. It exists so any session a new Claude Code session, or a human can pick up Loadout development without the original chat context. If a session dies mid-task, start here. Evidence: `HANDOFF.md`
- **LOOP — Loadout improvement until claims are earned** (documentation): LOOP — Loadout improvement until claims are earned Evidence: `LOOP.md`
- **.gitignore** (source_file): node modules/ .log .DS Store .env .env. dist/ coverage/ .claude/settings.local.json .loadout.json Evidence: `.gitignore`
- **Banner** (source_file): Loadout Gear up Claude Code for your project in one command — profiles your repo, then recommends and applies the right MCP servers, hooks and skills. Evidence: `assets/banner.svg`
- **Demo** (source_file): Loadout demo A terminal running npx claude-loadout : it detects the stack, recommends Playwright, a Prettier hook, and Context7, you pick 1,2,3, and it applies them to .mcp.json and .claude/settings.json. .l1{animation:l1 10s infinite}.l2{animation:l2 10s infinite}.l3{animation:l3 10s infinite} .l4{animation:l4 10s infinite}.l5{animation:l5 10s infinite}.l6{animation:l6 10s infinite} .l7{animation:l7 10s infinite}.l8{animation:l8 10s infinite}.l9{animation:l9 10s infinite} .cur{animation:blink 1s steps 1 infinite} @keyframes blink{0%,49%{opacity:1}50%,100%{opacity:0}} @keyframes l1{0%,2%{opacity:0}5%,95%{opacity:1}100%{opacity:0}} @keyframes l2{0%,13%{opacity:0}16%,95%{opacity:1}100%{opacit… Evidence: `assets/demo.svg`
- **Build Docs** (source_file): // Regenerates the browsable per-domain catalog pages under docs/domains/ from the // canonical catalog JSON, plus a domains index. Keeps the human-readable "list" // side of the repo in sync with the data the recommender actually uses. ⋮---- function itemLine item Evidence: `scripts/build-docs.mjs`
- **Ingest Official** (source_file): // Tier 2 ingestion: pull Anthropic's official plugin marketplace a trusted, vetted source and // transform its entries into Loadout catalog candidates in plugins/loadout/catalog/ecosystem.json. // These are surfaced by signal match or via --discover and installed with /plugin — never // auto-written to config. Curated entries Tier 1 always win on id collisions. // // Run: node scripts/ingest-official.mjs needs network ⋮---- // tech tokens to look for in name+description → signals that align with what scan.mjs detects ⋮---- function deriveSignals text ⋮---- if curated.has id seen.has id { skipped++; continue; } // Tier 1 wins Evidence: `scripts/ingest-official.mjs`
- **Validate Catalog** (source_file): // Validates the catalog: unique ids, required fields per kind, and that every // domain loadout references an item that actually exists. Exits non-zero on any error. ⋮---- // unique ids ⋮---- // required fields const need = item, field = ⋮---- // domain integrity Evidence: `scripts/validate-catalog.mjs`
- **Verify Mcp Packages** (source_file): // Accuracy gate: confirm every npx-based MCP server in the catalog points at a real, published // npm package a wrong install command is worse than no entry, since Loadout applies it . // stdio-via-uvx and HTTP servers are reported as "manual" — verify those against their homepage. Evidence: `scripts/verify-mcp-packages.mjs`

## Rules the Host AI Must Follow

- **Treat this asset as pre-work context, not a runtime environment.**: The AI Context Pack contains only an evidence-backed understanding of the project, not the project's executable state. Evidence: `docs/domains/README.md`, `README.md`, `package.json`
- **When answering the user, distinguish what can be previewed from what can only be verified after install.**: The consumer value of the pre-install experience comes from reducing bad installs and misjudgments, not from pretending to be a real run. Evidence: `docs/domains/README.md`, `README.md`, `package.json`

## Questions the User Should Answer First

- Which host AI or local environment do you plan to use it in?
- Do you just want to experience the workflow first, or are you ready to actually install?
- What matters most to you: install cost, output quality, or conflicts with your existing rules?

## Acceptance Checks

- Every capability claim can be traced back to a file path in evidence_refs.
- AI_CONTEXT_PACK.md does not package previews as a real run.
- The user can understand who it fits, what it can do, how to start, and the risk boundaries within 3 minutes.

---

## Doramagic Context Augmentation

The following sections strengthen the repository context for a host AI. Human Manual data is a reading route, and pitfall notes become operating constraints.

## Human Manual Outline

Usage rule: this is only a reading route and salience signal, not factual authority. Concrete claims must still return to repo evidence or Claim Graph.

Host AI hard rules:
- Do not treat page titles, section order, summaries, or importance values as factual project evidence.
- When explaining the Human Manual outline, state that it is only a reading route or salience signal.
- Capability, installation, compatibility, runtime state, and risk claims must cite repo evidence, source paths, or Claim Graph.

- **Overview and Getting Started**: importance `high`
  - source_paths: README.md, README.ko.md, package.json, CHANGELOG.md, plugins/loadout/.claude-plugin/plugin.json
- **System Architecture and Core Pipeline (scan → match → rank → apply)**: importance `high`
  - source_paths: cli/index.js, cli/lib/scan.mjs, cli/lib/recommend.mjs, cli/lib/apply.mjs, cli/lib/manifest.mjs
- **Catalog Schema, Domains, and Three-Tier Coverage**: importance `high`
  - source_paths: plugins/loadout/catalog/domains.json, plugins/loadout/catalog/ecosystem.json, plugins/loadout/catalog/mcp.json, plugins/loadout/catalog/hooks.json, plugins/loadout/catalog/skills.json
- **Multi-Agent Targets, Team Loadouts, Doctor, and Operations**: importance `high`
  - source_paths: cli/lib/targets.mjs, cli/lib/doctor.mjs, cli/lib/manifest.mjs, cli/lib/paths.mjs, .claude-plugin/marketplace.json

## Repo Inspection Evidence

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `6144f8aee5fb97ebc734879f81804603ed1b2983`
- inspected_files: `README.md`, `package.json`, `docs/domains/README.md`, `docs/domains/backend-api.md`, `docs/domains/data-ml.md`, `docs/domains/devops.md`, `docs/domains/docs-writing.md`, `docs/domains/frontend.md`, `docs/domains/game-dev.md`, `docs/domains/general.md`, `docs/domains/mobile.md`, `docs/domains/research.md`, `docs/domains/security.md`

Host AI hard rules:
- Without repo_clone_verified=true, do not claim that the source code has been read.
- Without repo_inspection_verified=true, do not write README, docs, or package-file conclusions as facts.
- Without quick_start_verified=true, do not claim that the Quick Start path has run successfully.

## Doramagic Pitfall Constraints

These rules come from Doramagic discovery, validation, or compilation findings. The host AI must treat them as operating constraints, not background notes.

### Constraint 1: Capability evidence risk requires verification

- Trigger: README/documentation is current enough for a first validation pass.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/sukoji/loadout
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 2: Security or permission risk requires verification

- Trigger: no_demo
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/sukoji/loadout
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 3: Security or permission risk requires verification

- Trigger: no_demo
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/sukoji/loadout
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 4: Maintenance risk requires verification

- Trigger: issue_or_pr_quality=unknown。
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/sukoji/loadout
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 5: Maintenance risk requires verification

- Trigger: release_recency=unknown。
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/sukoji/loadout
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.
