masseater · masseater · Apr 5, 2026 · Apr 4, 2026 · Apr 4, 2026 · Apr 4, 2026
diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json
@@ -38,13 +38,13 @@
 			"name": "devkit",
 			"source": "./plugins/devkit",
 			"description": "Development toolkit — tech stack definitions, project setup, and quality automation",
-			"version": "0.3.7"
+			"version": "0.3.8"
 		},
 		{
 			"name": "discord-notify",
 			"source": "./plugins/discord-notify",
 			"description": "Discord通知 — idle時にセッションの最新メッセージをDiscordスレッドに投稿",
-			"version": "0.0.2"
+			"version": "0.0.3"
 		},
 		{
 			"name": "eslint-lsp",
@@ -56,13 +56,13 @@
 			"name": "github-workflow",
 			"source": "./plugins/github-workflow",
 			"description": "Git/GitHub ワークフロー支援 — Stop 時にブランチ状態とコンフリクトを通知",
-			"version": "0.0.6"
+			"version": "0.0.7"
 		},
 		{
 			"name": "mutils",
 			"source": "./plugins/mutils",
 			"description": "汎用ユーティリティ（フック・スキル）",
-			"version": "0.18.8"
+			"version": "0.18.9"
 		},
 		{
 			"name": "plan",

diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -0,0 +1,43 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: ["config:recommended"],
+  prConcurrentLimit: 10,
+  automerge: true,
+  automergeType: "pr",
+  packageRules: [
+    {
+      matchUpdateTypes: ["major"],
+      automerge: false,
+    },
+    {
+      matchUpdateTypes: ["lockFileMaintenance"],
+      automerge: true,
+    },
+    {
+      groupName: "biomejs",
+      matchPackageNames: ["@biomejs/biome"],
+    },
+    {
+      groupName: "typescript",
+      matchPackageNames: ["typescript", "@typescript/native-preview"],
+    },
+    {
+      groupName: "radix-ui",
+      matchPackagePrefixes: ["@radix-ui/"],
+    },
+    {
+      groupName: "storybook",
+      matchPackagePrefixes: ["@storybook/"],
+    },
+    {
+      groupName: "tanstack",
+      matchPackagePrefixes: ["@tanstack/"],
+    },
+    {
+      groupName: "tailwindcss",
+      matchPackagePrefixes: ["@tailwindcss/"],
+      matchPackageNames: ["tailwindcss", "tailwind-merge"],
+    },
+  ],
+  schedule: ["before 6am on Saturday"],
+}
diff --git a/.gitignore b/.gitignore
@@ -12,9 +12,11 @@
 node_modules/
 dist/
 .turbo/
+.husky/_/
 docs/api/
 .serena/
 
 !.claude/.turbo
 coverage/
 .specstory/
+.agents/tmp/
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -0,0 +1,82 @@
+#!/bin/sh
+set -eu
+
+bunx lint-staged
+
+printf '%s\n' "Running security check..."
+
+staged_diff=$(git diff --cached)
+
+if [ -z "$staged_diff" ]; then
+  printf '%s\n' "No staged changes. Skipping security check."
+  exit 0
+fi
+
+temp_file=$(mktemp)
+prompt_file=$(mktemp)
+
+cleanup() {
+  rm -f "$temp_file" "$prompt_file"
+}
+
+trap cleanup EXIT HUP INT TERM
+
+printf '%s' "$staged_diff" > "$temp_file"
+
+cat > "$prompt_file" <<'EOF'
+以下のgit diffの内容をセキュリティの観点で分析してください。
+
+チェック項目:
+- APIキー、パスワード、トークンなどの機密情報のハードコード
+- 危険な関数やコマンドの使用（eval, exec, system呼び出しなど）
+- SQLインジェクション、XSSなどの脆弱性
+- 企業の機密情報や非公開の技術情報
+- セキュリティ設定の不適切な変更
+- ユーザー固有の記述（例：PC名、ユーザー名など）。
+  - tmpファイルなどgitにコミットされないファイルなら問題ない。
+
+問題がある場合は「SECURITY_RISK:」で始まる行で具体的に指摘してください。
+問題がない場合は「OK」とだけ回答してください。
+
+差分内容:
+```diff
+EOF
+
+cat "$temp_file" >> "$prompt_file"
+printf '\n```\n' >> "$prompt_file"
+
+if ! command -v claude >/dev/null 2>&1; then
+  printf '%s\n' "claude command not found. Unable to run security check."
+  exit 1
+fi
+
+saved_claudecode=${CLAUDECODE-}
+unset CLAUDECODE
+
+if ! result=$(claude --permission-mode default --settings '{"disableAllHooks": true}' --append-system-prompt-file "$prompt_file" -p "pls review" 2>/dev/null); then
+  if [ -n "$saved_claudecode" ]; then
+    export CLAUDECODE="$saved_claudecode"
+  fi
+  printf '%s\n' "Security check failed because claude did not return a valid response."
+  exit 1
+fi
+
+if [ -n "$saved_claudecode" ]; then
+  export CLAUDECODE="$saved_claudecode"
+fi
+
+printf '%s\n' "========== RESULT =========="
+printf '%s\n' "$result"
+
+if printf '%s\n' "$result" | grep -q "SECURITY_RISK:"; then
+  printf '%s\n' "Security risk detected. Commit aborted."
+  exit 1
+fi
+
+if printf '%s\n' "$result" | grep -qw "OK"; then
+  printf '%s\n' "Security check passed."
+  exit 0
+fi
-if printf '%s\n' "$result" | grep -qw "OK"; then
-  printf '%s\n' "Security check passed."
-  exit 0
-fi
+normalized_result=$(printf '%s' "$result" | tr -d '\r' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+if [ "$normalized_result" = "OK" ]; then
+  printf '%s\n' "Security check passed."
+  exit 0
+fi
-if printf '%s\n' "$result" | grep -qw "OK"; then
-  printf '%s\n' "Security check passed."
-  exit 0
-fi
+normalized_result=$(printf '%s' "$result" | tr -d '\r' | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+if [ "$normalized_result" = "OK" ]; then
+  printf '%s\n' "Security check passed."
+  exit 0
+fi
+
+printf '%s\n' "Security check result was ambiguous. Commit aborted."
+exit 1
diff --git a/.husky/pre-push b/.husky/pre-push
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -eu
+
+bun run build
+bun run typecheck
+bun run check
+bun run test
+bun run knip
+
+bun run hooks:plugin-list-sync
+bunx oxfmt AGENTS.md .claude-plugin/marketplace.json
+
+if [ -n "$(git status --porcelain -- AGENTS.md .claude-plugin/marketplace.json)" ]; then
+  git add AGENTS.md .claude-plugin/marketplace.json
+
+  if [ -n "$(git diff --cached --name-only -- AGENTS.md .claude-plugin/marketplace.json)" ]; then
+    git commit -m "chore: auto-sync plugin list"
+  fi
+fi
+
+bun run docs
+bunx oxfmt docs/api/
+
+if [ -n "$(git status --porcelain -- docs/api)" ]; then
+  git add docs/api
+
+  if [ -n "$(git diff --cached --name-only -- docs/api)" ]; then
+    git commit -m "docs: auto-sync API reference"
+  fi
+fi
diff --git a/.prettierignore b/.prettierignore
@@ -0,0 +1 @@
+.claude-plugin/marketplace.json
diff --git a/AGENTS.md b/AGENTS.md
@@ -52,6 +52,6 @@ Claude Codeプラグインのマーケットプレイスリポジトリ。全プ
 
 ## 開発
 
-コマンド: [docs/dev-commands.md](docs/dev-commands.md) / Git Hooks: lefthook（`brew install lefthook && lefthook install`）
+コマンド: [docs/dev-commands.md](docs/dev-commands.md) / Git Hooks: husky + lint-staged（`bun install` で自動設定）
 
 公式ドキュメント: [plugins](https://code.claude.com/docs/en/plugins) | [hooks](https://code.claude.com/docs/en/hooks) | [skills](https://code.claude.com/docs/en/skills) | [sub-agents](https://code.claude.com/docs/en/sub-agents)