From f7ccda739f7cbc8d4cc97d1bbc622f8a61da457a Mon Sep 17 00:00:00 2001 From: Matt Piccolella Date: Mon, 11 May 2026 13:50:41 -0700 Subject: [PATCH 1/6] Tighten handoff param patterns to block prompt injection via spaces Param values for matter_id and clause are interpolated directly into the steering-prompt templates. Their patterns previously permitted spaces, which would let a hostile document smuggle a natural-language sentence into the prompt through a field that looks like an ID. Restrict both to slug shape (no spaces); descriptive context belongs in the note/event fields, which are never interpolated and are wrapped in the data frame. Also render templates via format_map with an empty-string default so an optional param the template references (e.g. playbook_monitor's clause) degrades gracefully instead of raising KeyError, and ignore __pycache__. --- .gitignore | 2 ++ scripts/orchestrate.py | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c4f0a29..af69b71 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ /logs/ /outputs/ /.claude/ +__pycache__/ +*.pyc diff --git a/scripts/orchestrate.py b/scripts/orchestrate.py index 65534f1..0087043 100755 --- a/scripts/orchestrate.py +++ b/scripts/orchestrate.py @@ -53,6 +53,13 @@ ALLOWED_TARGETS = { # Closed schema of permitted handoff intents. Parameters are typed and # pattern-constrained. The orchestrator builds the steering prompt from a # per-intent template below — untrusted free text never becomes the prompt. +# +# Pattern rule: parameters that are interpolated into HANDOFF_TEMPLATES must +# stay slug-shaped — no spaces. A space-permitting pattern lets a hostile +# document smuggle a natural-language sentence into the steering prompt +# through a field that looks like an ID. Descriptive context belongs in the +# `note`/`event` fields, which are never interpolated and are wrapped in the +# data frame before reaching the model. HANDOFF_INTENTS: dict[str, dict] = { "slack_send_message": { "required": ["channel", "report_path"], @@ -79,7 +86,7 @@ HANDOFF_INTENTS: dict[str, dict] = { "required": ["matter_id"], "properties": { "matter_id": {"type": "string", "maxLength": 64, - "pattern": r"^[A-Za-z0-9 ._/:#-]+$"}, + "pattern": r"^[A-Za-z0-9._/:#-]+$"}, "note": {"type": "string", "maxLength": 500}, }, }, @@ -87,7 +94,7 @@ HANDOFF_INTENTS: dict[str, dict] = { "required": [], "properties": { "clause": {"type": "string", "maxLength": 80, - "pattern": r"^[A-Za-z0-9 ._/-]+$"}, + "pattern": r"^[A-Za-z0-9._/-]+$"}, "note": {"type": "string", "maxLength": 500}, }, }, @@ -271,7 +278,13 @@ def extract_handoff(text: str, source_agent: str = "unknown") -> dict | None: sanitized_event = sanitize_event(raw_event) if raw_event else "" # Build the steering input from the typed template — NOT from free text. - steering_input = HANDOFF_TEMPLATES[intent].format(**params) + # Render via format_map with a default so optional params that the + # template references (e.g. playbook_monitor's `clause`) degrade to an + # empty string instead of raising KeyError. + class _Defaulted(dict): + def __missing__(self, _key): # noqa: D105 — small render shim + return "" + steering_input = HANDOFF_TEMPLATES[intent].format_map(_Defaulted(params)) if sanitized_event: steering_input += "\n\n" + frame_handoff(source_agent, sanitized_event) From 68ed72ecbac38d54f980372961ba2523a0b70ae1 Mon Sep 17 00:00:00 2001 From: Matt Piccolella Date: Mon, 11 May 2026 13:53:00 -0700 Subject: [PATCH 2/6] Ad-hoc questions use the practice profile without invoking a skill MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The rich practice context from setup — jurisdiction footprint, risk posture, playbook positions — was only accessible through structured skills. A lawyer asking a quick question in the plugin's domain got a generalist answer. Now the plugin CLAUDE.md instructs Claude to read the practice profile and apply the plugin's guardrails for ANY question in the domain, not just skill invocations. A configured plugin feels like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this is everything in between. --- ai-governance-legal/.claude-plugin/plugin.json | 4 ++-- ai-governance-legal/CLAUDE.md | 14 ++++++++++++++ commercial-legal/.claude-plugin/plugin.json | 4 ++-- commercial-legal/CLAUDE.md | 14 ++++++++++++++ corporate-legal/.claude-plugin/plugin.json | 4 ++-- corporate-legal/CLAUDE.md | 14 ++++++++++++++ employment-legal/.claude-plugin/plugin.json | 4 ++-- employment-legal/CLAUDE.md | 14 ++++++++++++++ ip-legal/.claude-plugin/plugin.json | 2 +- ip-legal/CLAUDE.md | 14 ++++++++++++++ law-student/.claude-plugin/plugin.json | 6 +++--- law-student/CLAUDE.md | 14 ++++++++++++++ legal-builder-hub/.claude-plugin/plugin.json | 6 +++--- legal-builder-hub/CLAUDE.md | 14 ++++++++++++++ legal-clinic/.claude-plugin/plugin.json | 6 +++--- legal-clinic/CLAUDE.md | 14 ++++++++++++++ litigation-legal/.claude-plugin/plugin.json | 6 +++--- litigation-legal/CLAUDE.md | 14 ++++++++++++++ privacy-legal/.claude-plugin/plugin.json | 4 ++-- privacy-legal/CLAUDE.md | 14 ++++++++++++++ product-legal/.claude-plugin/plugin.json | 4 ++-- product-legal/CLAUDE.md | 14 ++++++++++++++ regulatory-legal/.claude-plugin/plugin.json | 4 ++-- regulatory-legal/CLAUDE.md | 14 ++++++++++++++ 24 files changed, 195 insertions(+), 27 deletions(-) diff --git a/ai-governance-legal/.claude-plugin/plugin.json b/ai-governance-legal/.claude-plugin/plugin.json index 3d3cc26..6a28758 100644 --- a/ai-governance-legal/.claude-plugin/plugin.json +++ b/ai-governance-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "ai-governance-legal", - "version": "0.3.2", + "version": "0.3.3", "description": "Triages proposed AI use cases against your registry, runs impact assessments across the regimes in scope, reviews vendor AI terms for training-on-data and liability gaps, and keeps your AI policy current with practice.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/ai-governance-legal/CLAUDE.md b/ai-governance-legal/CLAUDE.md index 289371b..cc1e9b3 100644 --- a/ai-governance-legal/CLAUDE.md +++ b/ai-governance-legal/CLAUDE.md @@ -377,6 +377,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/ai-governance-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/ai-governance-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/ai-governance-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/commercial-legal/.claude-plugin/plugin.json b/commercial-legal/.claude-plugin/plugin.json index aa4aac4..b5119df 100644 --- a/commercial-legal/.claude-plugin/plugin.json +++ b/commercial-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "commercial-legal", - "version": "0.4.2", + "version": "0.4.3", "description": "Reviews vendor agreements, NDAs, and SaaS subscriptions against your sales-side or purchasing-side playbook, tracks renewals and cancel-by deadlines before they're missed, routes escalations to the right approver, and translates reviews into summaries business stakeholders will actually read.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/commercial-legal/CLAUDE.md b/commercial-legal/CLAUDE.md index 8bdb718..f8db2c5 100644 --- a/commercial-legal/CLAUDE.md +++ b/commercial-legal/CLAUDE.md @@ -397,6 +397,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/commercial-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/commercial-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/commercial-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/corporate-legal/.claude-plugin/plugin.json b/corporate-legal/.claude-plugin/plugin.json index 0adb6d2..850f8a5 100644 --- a/corporate-legal/.claude-plugin/plugin.json +++ b/corporate-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "corporate-legal", - "version": "0.5.2", + "version": "0.5.3", "description": "Runs M&A diligence at scale with cited tabular review, builds disclosure schedules and closing checklists, drafts board consents and minutes in house format, and tracks entity compliance deadlines across jurisdictions.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/corporate-legal/CLAUDE.md b/corporate-legal/CLAUDE.md index 3def525..6e1d2ec 100644 --- a/corporate-legal/CLAUDE.md +++ b/corporate-legal/CLAUDE.md @@ -222,6 +222,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/corporate-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/corporate-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/corporate-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/employment-legal/.claude-plugin/plugin.json b/employment-legal/.claude-plugin/plugin.json index 2709ed2..dd32608 100644 --- a/employment-legal/.claude-plugin/plugin.json +++ b/employment-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "employment-legal", - "version": "0.3.2", + "version": "0.3.3", "description": "Reviews hires and terminations for jurisdiction-specific risk flags, classifies workers against the controlling state test, tracks leave deadlines before they're missed, runs internal investigations, and drafts policies with state supplements where the law differs.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/employment-legal/CLAUDE.md b/employment-legal/CLAUDE.md index 11d17c5..dbc7888 100644 --- a/employment-legal/CLAUDE.md +++ b/employment-legal/CLAUDE.md @@ -218,6 +218,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/employment-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/employment-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/employment-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/ip-legal/.claude-plugin/plugin.json b/ip-legal/.claude-plugin/plugin.json index de55767..fc9ca9d 100644 --- a/ip-legal/.claude-plugin/plugin.json +++ b/ip-legal/.claude-plugin/plugin.json @@ -1,6 +1,6 @@ { "name": "ip-legal", - "version": "0.3.3", + "version": "0.3.4", "description": "Runs first-pass trademark clearance and freedom-to-operate triage, screens invention disclosures for initial patentability, drafts and triages cease-and-desist letters and DMCA takedowns (send and respond), checks open source compliance, reviews IP clauses, and tracks registrations and renewal deadlines.", "author": { "name": "Anthropic" diff --git a/ip-legal/CLAUDE.md b/ip-legal/CLAUDE.md index d6dc5aa..34bce5c 100644 --- a/ip-legal/CLAUDE.md +++ b/ip-legal/CLAUDE.md @@ -305,6 +305,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/ip-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/ip-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/ip-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/law-student/.claude-plugin/plugin.json b/law-student/.claude-plugin/plugin.json index 5201c16..b857caf 100644 --- a/law-student/.claude-plugin/plugin.json +++ b/law-student/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "law-student", - "version": "0.4.2", - "description": "Drills Socratically, briefs cases, builds outlines, runs bar prep sessions tuned to your jurisdiction, grades IRAC practice, and plans the study schedule — without ever writing it for you.", + "version": "0.4.3", + "description": "Drills Socratically, briefs cases, builds outlines, runs bar prep sessions tuned to your jurisdiction, grades IRAC practice, and plans the study schedule \u2014 without ever writing it for you.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/law-student/CLAUDE.md b/law-student/CLAUDE.md index 79fd949..951c8ef 100644 --- a/law-student/CLAUDE.md +++ b/law-student/CLAUDE.md @@ -251,6 +251,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/law-student/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/law-student:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/law-student:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/legal-builder-hub/.claude-plugin/plugin.json b/legal-builder-hub/.claude-plugin/plugin.json index 6ab9559..f7062e9 100644 --- a/legal-builder-hub/.claude-plugin/plugin.json +++ b/legal-builder-hub/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "legal-builder-hub", - "version": "0.3.3", - "description": "Finds, evaluates, and installs community legal skills — with a security review gate before anything lands in your environment.", + "version": "0.3.4", + "description": "Finds, evaluates, and installs community legal skills \u2014 with a security review gate before anything lands in your environment.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/legal-builder-hub/CLAUDE.md b/legal-builder-hub/CLAUDE.md index 16f0059..2aca6b4 100644 --- a/legal-builder-hub/CLAUDE.md +++ b/legal-builder-hub/CLAUDE.md @@ -181,6 +181,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/legal-builder-hub/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/legal-builder-hub:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/legal-builder-hub:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/legal-clinic/.claude-plugin/plugin.json b/legal-clinic/.claude-plugin/plugin.json index 96b8091..5c2b76c 100644 --- a/legal-clinic/.claude-plugin/plugin.json +++ b/legal-clinic/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "legal-clinic", - "version": "0.6.2", - "description": "Sets up the clinic, onboards students, runs structured intake, tracks deadlines with malpractice-aware caution, and hands off cases at semester end — built within ABA Formal Op. 512.", + "version": "0.6.3", + "description": "Sets up the clinic, onboards students, runs structured intake, tracks deadlines with malpractice-aware caution, and hands off cases at semester end \u2014 built within ABA Formal Op. 512.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/legal-clinic/CLAUDE.md b/legal-clinic/CLAUDE.md index afee855..a2d315f 100644 --- a/legal-clinic/CLAUDE.md +++ b/legal-clinic/CLAUDE.md @@ -349,6 +349,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/legal-clinic/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/legal-clinic:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/legal-clinic:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/litigation-legal/.claude-plugin/plugin.json b/litigation-legal/.claude-plugin/plugin.json index 3d19675..428bf7c 100644 --- a/litigation-legal/.claude-plugin/plugin.json +++ b/litigation-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "litigation-legal", - "version": "0.5.2", - "description": "Manages the litigation portfolio — matters, deadlines, holds, demands, outside counsel — and does the work: claim charts (patent and civil), chronologies, depo prep, privilege logs, brief drafting. Adapts to how you work litigation: in-house, firm, or solo.", + "version": "0.5.3", + "description": "Manages the litigation portfolio \u2014 matters, deadlines, holds, demands, outside counsel \u2014 and does the work: claim charts (patent and civil), chronologies, depo prep, privilege logs, brief drafting. Adapts to how you work litigation: in-house, firm, or solo.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/litigation-legal/CLAUDE.md b/litigation-legal/CLAUDE.md index 25e9163..b34909c 100644 --- a/litigation-legal/CLAUDE.md +++ b/litigation-legal/CLAUDE.md @@ -266,6 +266,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/litigation-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/litigation-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/litigation-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/privacy-legal/.claude-plugin/plugin.json b/privacy-legal/.claude-plugin/plugin.json index cbe0152..87fb19e 100644 --- a/privacy-legal/.claude-plugin/plugin.json +++ b/privacy-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "privacy-legal", - "version": "0.3.2", + "version": "0.3.3", "description": "Triages processing activities, generates PIAs, reviews DPAs as controller or processor, drafts DSAR responses within statutory timelines, and monitors policy drift against practice.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/privacy-legal/CLAUDE.md b/privacy-legal/CLAUDE.md index 3cdd851..dcd25d1 100644 --- a/privacy-legal/CLAUDE.md +++ b/privacy-legal/CLAUDE.md @@ -310,6 +310,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/privacy-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/privacy-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/privacy-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/product-legal/.claude-plugin/plugin.json b/product-legal/.claude-plugin/plugin.json index ca19d52..b14286f 100644 --- a/product-legal/.claude-plugin/plugin.json +++ b/product-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "product-legal", - "version": "0.3.2", + "version": "0.3.3", "description": "Reviews product launches against your risk calibration, answers 'is this a problem?' questions in minutes, checks marketing copy for claims that need substantiation, and flags upcoming launches that need legal eyes before anyone asks.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/product-legal/CLAUDE.md b/product-legal/CLAUDE.md index 2fed66f..67c41da 100644 --- a/product-legal/CLAUDE.md +++ b/product-legal/CLAUDE.md @@ -227,6 +227,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/product-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/product-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/product-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? diff --git a/regulatory-legal/.claude-plugin/plugin.json b/regulatory-legal/.claude-plugin/plugin.json index d1843bf..0a90486 100644 --- a/regulatory-legal/.claude-plugin/plugin.json +++ b/regulatory-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "regulatory-legal", - "version": "0.4.2", + "version": "0.4.3", "description": "Watches regulatory feeds, diffs new rules against your policy library, tracks comment deadlines and open gaps, and writes the digest your team reads Monday morning.", "author": { "name": "Anthropic" } -} +} \ No newline at end of file diff --git a/regulatory-legal/CLAUDE.md b/regulatory-legal/CLAUDE.md index 6d9eeda..340d510 100644 --- a/regulatory-legal/CLAUDE.md +++ b/regulatory-legal/CLAUDE.md @@ -247,6 +247,20 @@ Corollary: when the user asks a doctrinal question (not a document-review questi **Don't force a question through the wrong skill.** When the user asks for something that doesn't match the current skill's output format — a client alert when you're running a feed digest, a transaction memo when you're running a diligence extraction, a precedent survey when you're running a single-contract review — don't force the user's ask into the wrong template. Say: "You asked for [X]; this skill produces [Y]. I'll produce [X] directly instead of forcing it into the [Y] format — here it is." Then produce what the user asked for, applying the plugin's guardrails (headers, citation hygiene, decision posture) without the skill's structure. The guardrails travel with you; the template doesn't have to. This is the routing corollary of scaffolding-not-blinders. +## Ad-hoc questions in this domain + +When the user asks a question in this plugin's practice area — not just when they invoke a skill — read the practice profile at `~/.claude/plugins/config/claude-for-legal/regulatory-legal/CLAUDE.md` (and `~/.claude/plugins/config/claude-for-legal/company-profile.md`) first, and apply it. If it's populated, answer as the configured assistant: + +- Use their jurisdiction footprint, risk posture, playbook positions, and escalation chain +- Apply the guardrails even though no skill is running: source attribution, citation hygiene, jurisdiction recognition, decision posture, the reviewer note format +- Frame the answer the way a colleague in that practice would — calibrated to their setting (in-house vs. firm), their role (lawyer vs. non-lawyer), and their risk tolerance +- Offer the decision tree when an action follows from the question +- Suggest a structured skill if one would do better: "This is a quick answer. If you want the full framework, run `/regulatory-legal:[relevant skill]`." + +If the practice profile isn't populated: "I can give you a general answer, but this plugin gives much better answers once it's configured to your practice — run `/regulatory-legal:cold-start-interview` (2-minute quick start or 10-minute full setup)." Then give the general answer anyway, tagged as unconfigured. + +The point: a configured plugin should feel like a colleague who already knows your practice, not a form you fill out. The skills are the structured workflows; this instruction is everything in between. + ## Proportionality Before running the full checklist or framework, sort the question: is this a **legal problem** (the law constrains what we can do), a **business problem** (the law permits it but there's commercial risk), a **naming or branding decision** (light legal check, mostly a marketing call), a **customer-experience problem** (the drafting is fine but confusing), or a **policy question** (the law is silent, we're setting our own rule)? From cf268c9a53cd68bf5023e39e44bccb9337e9cf81 Mon Sep 17 00:00:00 2001 From: Matt Piccolella Date: Mon, 11 May 2026 13:54:32 -0700 Subject: [PATCH 3/6] Bump all plugins to 1.0.0 for public launch --- ai-governance-legal/.claude-plugin/plugin.json | 4 ++-- commercial-legal/.claude-plugin/plugin.json | 4 ++-- corporate-legal/.claude-plugin/plugin.json | 4 ++-- employment-legal/.claude-plugin/plugin.json | 4 ++-- ip-legal/.claude-plugin/plugin.json | 4 ++-- law-student/.claude-plugin/plugin.json | 6 +++--- legal-builder-hub/.claude-plugin/plugin.json | 6 +++--- legal-clinic/.claude-plugin/plugin.json | 6 +++--- litigation-legal/.claude-plugin/plugin.json | 6 +++--- privacy-legal/.claude-plugin/plugin.json | 4 ++-- product-legal/.claude-plugin/plugin.json | 4 ++-- regulatory-legal/.claude-plugin/plugin.json | 4 ++-- 12 files changed, 28 insertions(+), 28 deletions(-) diff --git a/ai-governance-legal/.claude-plugin/plugin.json b/ai-governance-legal/.claude-plugin/plugin.json index 6a28758..a11d14c 100644 --- a/ai-governance-legal/.claude-plugin/plugin.json +++ b/ai-governance-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "ai-governance-legal", - "version": "0.3.3", + "version": "1.0.0", "description": "Triages proposed AI use cases against your registry, runs impact assessments across the regimes in scope, reviews vendor AI terms for training-on-data and liability gaps, and keeps your AI policy current with practice.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/commercial-legal/.claude-plugin/plugin.json b/commercial-legal/.claude-plugin/plugin.json index b5119df..f2a85c4 100644 --- a/commercial-legal/.claude-plugin/plugin.json +++ b/commercial-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "commercial-legal", - "version": "0.4.3", + "version": "1.0.0", "description": "Reviews vendor agreements, NDAs, and SaaS subscriptions against your sales-side or purchasing-side playbook, tracks renewals and cancel-by deadlines before they're missed, routes escalations to the right approver, and translates reviews into summaries business stakeholders will actually read.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/corporate-legal/.claude-plugin/plugin.json b/corporate-legal/.claude-plugin/plugin.json index 850f8a5..0ef4b05 100644 --- a/corporate-legal/.claude-plugin/plugin.json +++ b/corporate-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "corporate-legal", - "version": "0.5.3", + "version": "1.0.0", "description": "Runs M&A diligence at scale with cited tabular review, builds disclosure schedules and closing checklists, drafts board consents and minutes in house format, and tracks entity compliance deadlines across jurisdictions.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/employment-legal/.claude-plugin/plugin.json b/employment-legal/.claude-plugin/plugin.json index dd32608..325deca 100644 --- a/employment-legal/.claude-plugin/plugin.json +++ b/employment-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "employment-legal", - "version": "0.3.3", + "version": "1.0.0", "description": "Reviews hires and terminations for jurisdiction-specific risk flags, classifies workers against the controlling state test, tracks leave deadlines before they're missed, runs internal investigations, and drafts policies with state supplements where the law differs.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/ip-legal/.claude-plugin/plugin.json b/ip-legal/.claude-plugin/plugin.json index fc9ca9d..3ddca1b 100644 --- a/ip-legal/.claude-plugin/plugin.json +++ b/ip-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "ip-legal", - "version": "0.3.4", + "version": "1.0.0", "description": "Runs first-pass trademark clearance and freedom-to-operate triage, screens invention disclosures for initial patentability, drafts and triages cease-and-desist letters and DMCA takedowns (send and respond), checks open source compliance, reviews IP clauses, and tracks registrations and renewal deadlines.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/law-student/.claude-plugin/plugin.json b/law-student/.claude-plugin/plugin.json index b857caf..8e60e3e 100644 --- a/law-student/.claude-plugin/plugin.json +++ b/law-student/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "law-student", - "version": "0.4.3", - "description": "Drills Socratically, briefs cases, builds outlines, runs bar prep sessions tuned to your jurisdiction, grades IRAC practice, and plans the study schedule \u2014 without ever writing it for you.", + "version": "1.0.0", + "description": "Drills Socratically, briefs cases, builds outlines, runs bar prep sessions tuned to your jurisdiction, grades IRAC practice, and plans the study schedule — without ever writing it for you.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/legal-builder-hub/.claude-plugin/plugin.json b/legal-builder-hub/.claude-plugin/plugin.json index f7062e9..d4a5151 100644 --- a/legal-builder-hub/.claude-plugin/plugin.json +++ b/legal-builder-hub/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "legal-builder-hub", - "version": "0.3.4", - "description": "Finds, evaluates, and installs community legal skills \u2014 with a security review gate before anything lands in your environment.", + "version": "1.0.0", + "description": "Finds, evaluates, and installs community legal skills — with a security review gate before anything lands in your environment.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/legal-clinic/.claude-plugin/plugin.json b/legal-clinic/.claude-plugin/plugin.json index 5c2b76c..8ff954a 100644 --- a/legal-clinic/.claude-plugin/plugin.json +++ b/legal-clinic/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "legal-clinic", - "version": "0.6.3", - "description": "Sets up the clinic, onboards students, runs structured intake, tracks deadlines with malpractice-aware caution, and hands off cases at semester end \u2014 built within ABA Formal Op. 512.", + "version": "1.0.0", + "description": "Sets up the clinic, onboards students, runs structured intake, tracks deadlines with malpractice-aware caution, and hands off cases at semester end — built within ABA Formal Op. 512.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/litigation-legal/.claude-plugin/plugin.json b/litigation-legal/.claude-plugin/plugin.json index 428bf7c..2730e0d 100644 --- a/litigation-legal/.claude-plugin/plugin.json +++ b/litigation-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "litigation-legal", - "version": "0.5.3", - "description": "Manages the litigation portfolio \u2014 matters, deadlines, holds, demands, outside counsel \u2014 and does the work: claim charts (patent and civil), chronologies, depo prep, privilege logs, brief drafting. Adapts to how you work litigation: in-house, firm, or solo.", + "version": "1.0.0", + "description": "Manages the litigation portfolio — matters, deadlines, holds, demands, outside counsel — and does the work: claim charts (patent and civil), chronologies, depo prep, privilege logs, brief drafting. Adapts to how you work litigation: in-house, firm, or solo.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/privacy-legal/.claude-plugin/plugin.json b/privacy-legal/.claude-plugin/plugin.json index 87fb19e..f1586f1 100644 --- a/privacy-legal/.claude-plugin/plugin.json +++ b/privacy-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "privacy-legal", - "version": "0.3.3", + "version": "1.0.0", "description": "Triages processing activities, generates PIAs, reviews DPAs as controller or processor, drafts DSAR responses within statutory timelines, and monitors policy drift against practice.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/product-legal/.claude-plugin/plugin.json b/product-legal/.claude-plugin/plugin.json index b14286f..5fe710e 100644 --- a/product-legal/.claude-plugin/plugin.json +++ b/product-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "product-legal", - "version": "0.3.3", + "version": "1.0.0", "description": "Reviews product launches against your risk calibration, answers 'is this a problem?' questions in minutes, checks marketing copy for claims that need substantiation, and flags upcoming launches that need legal eyes before anyone asks.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} diff --git a/regulatory-legal/.claude-plugin/plugin.json b/regulatory-legal/.claude-plugin/plugin.json index 0a90486..11aa3c9 100644 --- a/regulatory-legal/.claude-plugin/plugin.json +++ b/regulatory-legal/.claude-plugin/plugin.json @@ -1,8 +1,8 @@ { "name": "regulatory-legal", - "version": "0.4.3", + "version": "1.0.0", "description": "Watches regulatory feeds, diffs new rules against your policy library, tracks comment deadlines and open gaps, and writes the digest your team reads Monday morning.", "author": { "name": "Anthropic" } -} \ No newline at end of file +} From 22649cf9aa3a65cbda856c701de8b59a13f36963 Mon Sep 17 00:00:00 2001 From: Matt Piccolella Date: Mon, 11 May 2026 14:02:12 -0700 Subject: [PATCH 4/6] Add copyright and SPDX license headers to scripts --- scripts/deploy-managed-agent.sh | 2 ++ scripts/lint-tool-scope.py | 2 ++ scripts/orchestrate.py | 2 ++ scripts/test-cookbooks.sh | 2 ++ scripts/validate.py | 2 ++ 5 files changed, 10 insertions(+) diff --git a/scripts/deploy-managed-agent.sh b/scripts/deploy-managed-agent.sh index 1816aba..78e6571 100755 --- a/scripts/deploy-managed-agent.sh +++ b/scripts/deploy-managed-agent.sh @@ -1,4 +1,6 @@ #!/usr/bin/env bash +# Copyright 2026 Anthropic PBC. +# SPDX-License-Identifier: Apache-2.0 # Deploy a managed-agent template to POST /v1/agents. # # Resolves manifest conveniences before posting: diff --git a/scripts/lint-tool-scope.py b/scripts/lint-tool-scope.py index 98a61ed..ed1b38c 100755 --- a/scripts/lint-tool-scope.py +++ b/scripts/lint-tool-scope.py @@ -1,4 +1,6 @@ #!/usr/bin/env python3 +# Copyright 2026 Anthropic PBC. +# SPDX-License-Identifier: Apache-2.0 """Assert orchestrator `agent.yaml` files ship with scoped tool configs. Runs over every `managed-agent-cookbooks/*/agent.yaml` and checks the diff --git a/scripts/orchestrate.py b/scripts/orchestrate.py index 0087043..1b70624 100755 --- a/scripts/orchestrate.py +++ b/scripts/orchestrate.py @@ -1,4 +1,6 @@ #!/usr/bin/env python3 +# Copyright 2026 Anthropic PBC. +# SPDX-License-Identifier: Apache-2.0 """Reference event loop for cross-agent handoffs between managed agents. REFERENCE ONLY — replace with your firm's workflow engine (Temporal, Airflow, diff --git a/scripts/test-cookbooks.sh b/scripts/test-cookbooks.sh index a1abae7..12c5721 100755 --- a/scripts/test-cookbooks.sh +++ b/scripts/test-cookbooks.sh @@ -1,4 +1,6 @@ #!/usr/bin/env bash +# Copyright 2026 Anthropic PBC. +# SPDX-License-Identifier: Apache-2.0 # Dry-run every managed-agent cookbook and assert the resolved POST /v1/agents # bodies are well-formed: valid JSON, depth-1, non-empty system prompts, no # output_schema. Exits non-zero if any cookbook fails. diff --git a/scripts/validate.py b/scripts/validate.py index 585f361..55d38eb 100755 --- a/scripts/validate.py +++ b/scripts/validate.py @@ -1,4 +1,6 @@ #!/usr/bin/env python3 +# Copyright 2026 Anthropic PBC. +# SPDX-License-Identifier: Apache-2.0 """Harness-side schema validation for managed-agent worker output. Usage: validate.py From 4944122c013150b9603918c31f4a985e839bf015 Mon Sep 17 00:00:00 2001 From: Matt Piccolella Date: Mon, 11 May 2026 14:29:18 -0700 Subject: [PATCH 5/6] Add Code of Conduct --- CODE_OF_CONDUCT.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..1bdb202 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,37 @@ +# Code of Conduct + +## Our commitment + +We are committed to providing a welcoming and respectful environment for everyone who participates in this project, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. + +## Expected behavior + +* Use welcoming and inclusive language. +* Respect differing viewpoints and experiences. +* Accept constructive criticism gracefully. +* Focus on what is best for the community and the project. +* Show empathy toward other community members. + +## Unacceptable behavior + +* Harassment, intimidation, or discrimination in any form. +* Trolling, insulting or derogatory comments, and personal or political attacks. +* Public or private harassment. +* Publishing others' private information without explicit permission. +* Other conduct that could reasonably be considered inappropriate in a professional setting. + +## Scope + +This Code of Conduct applies to all project spaces, including issues, pull requests, discussions, and any other communication channels associated with this project. It also applies when an individual is representing the project in public spaces. + +## Reporting + +If you experience or witness unacceptable behavior, contact a project maintainer directly through GitHub, or open an issue if the report does not need to be private. All reports will be reviewed promptly and treated as confidentially as the reporting channel allows. + +## Enforcement + +Participants who violate this Code of Conduct may be warned, temporarily banned, or permanently removed from project participation, as determined by the project maintainers. Maintainers who do not follow or enforce this Code of Conduct may face the same consequences. + +## Attribution + +This Code of Conduct is adapted from the Contributor Covenant, version 2.1. From 78abd16e99fa887d3309d93ec41db2f37dc75396 Mon Sep 17 00:00:00 2001 From: Matt Piccolella Date: Mon, 11 May 2026 15:55:23 -0700 Subject: [PATCH 6/6] Add CLA workflow, CONTRIBUTING note, and align copyright header format --- .github/workflows/cla.yaml | 36 +++++++++++++++++++++++++++++++++ CONTRIBUTING.md | 7 +++++++ scripts/deploy-managed-agent.sh | 2 +- scripts/lint-tool-scope.py | 2 +- scripts/orchestrate.py | 2 +- scripts/test-cookbooks.sh | 2 +- scripts/validate.py | 2 +- 7 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/cla.yaml diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml new file mode 100644 index 0000000..bf08cce --- /dev/null +++ b/.github/workflows/cla.yaml @@ -0,0 +1,36 @@ +name: "CLA Assistant" +on: + issue_comment: + types: [created] + pull_request_target: + types: [opened, closed, synchronize] +permissions: + actions: write + contents: write + pull-requests: write + statuses: write +jobs: + CLAAssistant: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - name: "CLA Assistant" + if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' + # Upstream contributor-assistant/github-action was archived 2026-03-23 + # still on Node 20 (deprecated 2026-06-02). This fork bumps to Node 24 + # and adds: an impersonation guard (PR opener must be an author or + # co-author of at least one commit), Co-authored-by trailer support, + # email-based allowlist matching, automatic retry of transient + # GitHub 5xx errors, and actionable unlinked-email guidance. + uses: iainmcgin/cla-github-action@3e58ace6af840f66fcd80f68c08d76559140df5e # v3.0.0 (sha-pinned) + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + path-to-document: "https://github.com/${{ github.repository }}/blob/main/CLA.md" + path-to-signatures: "signatures/cla.json" + branch: "cla-signatures" + # noreply@anthropic.com is the email AI assistants use on + # Co-authored-by trailers (e.g. Claude). Allowlisting it suppresses + # the synthetic co-author from the CLA check; the PR opener still + # has to sign. + allowlist: "iainmcgin,dependabot[bot],github-actions[bot],renovate[bot],noreply@anthropic.com" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6934bad..730c60f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,6 +4,13 @@ Notes for anyone writing or editing a plugin in this repo. Keep this short — t design principles that matter most for the quality of the output, not a style guide. +## Before your first PR + +Sign the CLA. The first time you open a pull request, the CLA Assistant bot will +comment with a link to the [CLA](CLA.md) and ask you to confirm. Reply with +`I have read the CLA Document and I hereby sign the CLA` and the check will pass. +You only need to do this once. + ## Design principle: SKILL.md encodes the right behavior; CLAUDE.md guardrails are the net diff --git a/scripts/deploy-managed-agent.sh b/scripts/deploy-managed-agent.sh index 78e6571..b6966f1 100755 --- a/scripts/deploy-managed-agent.sh +++ b/scripts/deploy-managed-agent.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Copyright 2026 Anthropic PBC. +# Copyright 2026 Anthropic PBC # SPDX-License-Identifier: Apache-2.0 # Deploy a managed-agent template to POST /v1/agents. # diff --git a/scripts/lint-tool-scope.py b/scripts/lint-tool-scope.py index ed1b38c..9b75dbb 100755 --- a/scripts/lint-tool-scope.py +++ b/scripts/lint-tool-scope.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright 2026 Anthropic PBC. +# Copyright 2026 Anthropic PBC # SPDX-License-Identifier: Apache-2.0 """Assert orchestrator `agent.yaml` files ship with scoped tool configs. diff --git a/scripts/orchestrate.py b/scripts/orchestrate.py index 1b70624..7cb3942 100755 --- a/scripts/orchestrate.py +++ b/scripts/orchestrate.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright 2026 Anthropic PBC. +# Copyright 2026 Anthropic PBC # SPDX-License-Identifier: Apache-2.0 """Reference event loop for cross-agent handoffs between managed agents. diff --git a/scripts/test-cookbooks.sh b/scripts/test-cookbooks.sh index 12c5721..8668efd 100755 --- a/scripts/test-cookbooks.sh +++ b/scripts/test-cookbooks.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -# Copyright 2026 Anthropic PBC. +# Copyright 2026 Anthropic PBC # SPDX-License-Identifier: Apache-2.0 # Dry-run every managed-agent cookbook and assert the resolved POST /v1/agents # bodies are well-formed: valid JSON, depth-1, non-empty system prompts, no diff --git a/scripts/validate.py b/scripts/validate.py index 55d38eb..899f467 100755 --- a/scripts/validate.py +++ b/scripts/validate.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# Copyright 2026 Anthropic PBC. +# Copyright 2026 Anthropic PBC # SPDX-License-Identifier: Apache-2.0 """Harness-side schema validation for managed-agent worker output.