npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@qball-inc/the-bulwark

v1.3.0

Published

Full-lifecycle SDLC guardrailing framework for Claude Code — from product ideation and planning through implementation, code review, and test validation. Enterprise-grade skills and agents for AI-human peer collaboration.

Readme


Latest stable release: v1.3.0

v1.3.0 (2026-06-23) — Fewer prompts, sharper reviews. This release cuts permission-prompt friction and makes code review smarter about what it's reviewing. Every bundled skill and agent now pre-authorizes exactly the tools it needs, so routine operations stop interrupting you for approval. The code-review skill is now language-aware — it detects each changed file's language and runs only the checks that apply, backed by universal per-language recipes that skip gracefully when a tool isn't installed. And a new opt-in permission hook (off by default) can auto-approve tool calls scoped to Bulwark's own bundled files, for users who want an even quieter workflow.

See the v1.3.0 release notes and the full CHANGELOG.

What is The Bulwark?

The Bulwark is a Claude Code plugin that adds automated quality enforcement to your development workflow. It ships 30 skills, 15 custom agents, and 8 hooks that run programmatic checks on every code change you make.

Claude Code is remarkably capable on its own — but capability without consistency is a problem. Without guardrails you get code that skips type checks, reviews that miss issues a single pass can't cover, test suites full of mocks that verify calls instead of behavior, and estimates that vary wildly between sessions. The Bulwark makes enforcement automatic: hooks run quality checks after every write, skills orchestrate single-focus multi-agent pipelines, and rules are injected at session start and enforced throughout. You don't have to remember to ask Claude to run tests or check types — it just happens.

Who it's for: builders who want to stay in the driver's seat while giving Claude semi-autonomy over structured workflows; teams that need repeatable, auditable AI-assisted development; users on Claude Max or Enterprise plans (the multi-agent pipelines are token-intensive — Pro Plus works for single-agent skills but hits rate limits on pipelines).

→ For the design (defense-in-depth, multi-agent pipelines), see How it works and architecture.md.

Quick install

Two ways to install. Pick whichever works for you.

# Option A — npm
claude /plugin install npm:@qball-inc/the-bulwark

# Option B — marketplace (one-time add, then install)
claude /plugin marketplace add QBall-Inc/plugins-market
claude /plugin install the-bulwark@qball-inc

After installing, restart your session and run the guided setup:

/the-bulwark:init

This walks you through Rules.md injection, CLAUDE.md configuration, and optional tooling (LSP, Justfile scaffolding, statusline), auto-detecting brownfield projects.

Full walkthrough + prerequisites: Getting started.

Trouble installing? See the FAQ.

Adoption

The Bulwark is growing through word of mouth. These charts auto-update daily — GitHub clone traffic (top) and npm downloads (bottom), each shown daily and as a cumulative running total. Data is self-snapshotted to a traffic-stats branch because GitHub purges clone traffic after 14 days.

Common workflows

Each workflow chains skills into a repeatable pipeline. The diagrams are the shape; the linked guides have the detail and full sample prompts.

Initialize — set up governance in any project.

flowchart LR
    A["/the-bulwark:init"] --> B[Rules.md + CLAUDE.md] --> C[optional: LSP · Justfile · statusline]

Greenfield — idea to executable plan. → Feature development

flowchart LR
    A[product-ideation] --> B[bulwark-research] --> C[bulwark-brainstorm] --> D[plan-creation] --> E[plan-to-tasks] --> F[implement]

Brownfield — onboard onto an existing codebase. → Feature development

flowchart LR
    A["subagent-prompting (map the codebase)"] --> B["planned: codebase & documentation understanding"] --> C[bulwark-research] --> D[bulwark-brainstorm] --> E[plan-creation] --> F[plan-to-tasks] --> G[implement]

The codebase & documentation understanding skill is planned, not yet shipped — today, use subagent-prompting to map the code first.

New feature — add to an existing plan. → Research & planning

flowchart LR
    A[bulwark-research] --> B[bulwark-brainstorm] --> C["plan-creation (sub-plan linked to master)"] --> D[plan-to-tasks] --> E[implement]

Analyze · Fix · Verify — the issue lifecycle. → Fixing bugs

flowchart LR
    A["Analyze (issue-debugging)"] --> B["Fix (fix-bug)"] --> C["Verify (bulwark-fix-validator)"]
/the-bulwark:issue-debugging  Analyze the root cause of <symptom>; no code change.
/the-bulwark:fix-bug          Fix <bug> end-to-end and prove the fix with tests.
# Verify a fix you already applied: validate it against the debug report.

Documentation

Hooks

Eight hooks run automatically — no manual invocation. All use ${CLAUDE_PLUGIN_ROOT} for path resolution, so they work wherever the plugin is installed.

| Hook | Event | What it does | |------|-------|--------------| | enforce-quality.sh | PostToolUse | Runs just typecheck/lint/build after every Write/Edit/MultiEdit on code; flags failures. Skips tmp/, logs/, .claude/, docs/. | | suggest-pipeline-stop.sh | Stop | Suggests relevant review/audit pipelines; file-type-aware, per-file registry, post-fix grace period. | | inject-protocol.sh | SessionStart | Injects the governance protocol; loads Rules.md; shows the activation banner. | | cleanup-stale.sh | SessionStart | Deletes logs/+tmp/ files older than 10 days (preserves .gitkeep). | | cleanup-review-registry.sh | SessionStart | Wipes stale review-accumulator state so pipeline gating works across sessions. | | check-template-drift.sh | SessionStart | Detects CLAUDE.md/Rules.md drift from canonical templates; feeds init --update. | | track-pipeline-start.sh | SubagentStart | Logs pipeline invocation metadata for observability. | | track-pipeline-stop.sh | SubagentStop | Logs pipeline completion metadata for observability. |

The Bulwark also ships one optional, opt-in hook (off by default) that auto-approves access to its own bundled files, so Claude Code stops re-prompting for assets you already trusted at install — handy if you don't run in auto mode. Full detail, safety boundaries, and how to enable it: hooks reference.

Registries & guides

FAQ & troubleshooting

Common install and runtime issues — SSH clone failures, hooks not firing, just not found, rate-limited pipelines, and more — are covered in the FAQ. If your issue isn't there, open an issue.

Roadmap

Language-aware code review, an evaluation framework for skills/agents, a codebase-understanding skill for brownfield onboarding, enterprise traceability, and more. No timeline commitments — see docs/roadmap.md for the direction.

Releases & changelog

Contributing

Issues and PRs are welcome. The Bulwark is developed in a private repo and mirrored here, so contributions follow a specific porting model — see CONTRIBUTING.md before opening a PR. The fastest way to help: open an issue for a bug or feature request.

Credits

Built with just (Casey Rodarmor) and Claude Code (Anthropic). Badges by shields.io.

License

MIT