feat: align template with official Claude Code docs

[scotthavird]

Closes #4

Summary

• Audits the template against the full Claude Code docs index (116 pages) and expands coverage.
• Fixes 3 pre-existing bugs: bad MCP package names, invented settings.json fields, outdated README links.
• Packages the template as an installable plugin and adds CI/CD, Agent SDK starters, output styles, status line, hardened devcontainer, and a full library of commands / agents / skills / hooks.

Changes

Bug fixes

• .mcp.json — @anthropic/mcp-server-* (don't exist) → @modelcontextprotocol/server-*. Also added git and fetch servers.
• .claude/settings.json — removed invented memory/editor fields (ignored by Claude Code). Added real fields: permissions.defaultMode, statusLine, includeCoAuthoredBy, cleanupPeriodDays, enabledMcpjsonServers.
• README — replaced dead docs.anthropic.com/en/docs/claude-code links with current code.claude.com/docs/en canonical URLs.

Packaged as a plugin

• .claude-plugin/plugin.json — installable via /plugin install.
• .claude-plugin/marketplace.json — single-plugin marketplace scaffolding.

Slash commands (5 → 12)

Added /review, /security-review, /debug, /refactor, /explain, /doc, /implement-issue.

Subagents (2 → 7)

Added test-runner, pr-reviewer, refactor-planner, debugger, dependency-auditor.

Skills (2 → 6)

Added test-writing, api-design, performance-audit, accessibility.

Output styles (0 → 3)

concise, educational, review.

Status line

.claude/statusline/statusline.sh — renders model · repo · branch · cost.

Real hook scripts (replace log-only hooks)

• format-on-save.sh — Prettier / Ruff / gofmt / rustfmt on Edit|Write|MultiEdit.
• block-dangerous-bash.sh — PreToolUse block for destructive patterns (recursive deletes, force-push to main, pipe-to-shell).
• inject-context.sh — injects branch, recent commits, open PRs on SessionStart.
• session-cost.sh — prints cost summary to stderr on Stop.

CI / CD

• .github/workflows/claude.yml — @claude mentions in PRs / issues.
• .github/workflows/claude-review.yml — automatic review on new PRs.
• .gitlab-ci.yml — GitLab MR review equivalent.
• scripts/ci-review.sh — headless claude -p example for any CI.

Agent SDK starter (sdk/)

TypeScript + Python examples, including a custom-tool example.

Docs directory

Condensed in-repo mirrors of key official docs: best-practices, permission-modes, hooks-cookbook, plugins, agent-sdk, integrations, claude-directory.

Devcontainer hardening

• init-firewall.sh — egress allowlist (Anthropic API, GitHub, npm, PyPI only) via iptables + ipset.
• Added Python 3.12, Docker-in-Docker, and official Claude Code VS Code extension.
• Mounts ~/.claude so global settings/auto-memory persist across rebuilds.
• Added --cap-add=NET_ADMIN so the firewall can install.

Settings overhaul

• .claude/settings.local.json.example — expanded with Bedrock / Vertex / Foundry / LLM-gateway / OTel blocks.
• additionalDirectories example for monorepos.

Known follow-up

The block-dangerous-bash.sh hook was triggered while creating this very PR because its destructive-pattern strings appeared inside the PR body text. Tightening the pattern to match only command positions (not string content) is a worthwhile follow-up — for now, callers can work around it with --body-file.

Test plan

• jq . .mcp.json .claude/settings.json .claude-plugin/*.json — already validated clean.
• bash -n on every script — already validated clean.
• Reopen the repo in the devcontainer and confirm post-create script runs.
• Run claude and confirm the new commands appear in /help.
• Try /review on a throwaway branch to confirm subagent wiring.
• Confirm ANTHROPIC_API_KEY is set in repo secrets before the new workflows run.
• Optional: test egress firewall by trying to reach a disallowed host inside the container.

🤖 Generated with Claude Code