ccboot-mcp-server

ccboot doesn't just set up Claude Code — it prevents Claude from shipping broken code.

An MCP server that generates, validates, and manages Claude Code configuration artifacts with built-in enforcement. When you run ccboot_init_project, you get a project where:

• Claude cannot mark a task complete without tests passing
• Claude cannot commit code with empty catch blocks or any types
• Claude cannot skip error handling or leave TODO comments in finished code
• Claude gets blocked by hooks if it tries dangerous operations
• Claude gets audited by a code quality scanner that catches shortcuts

Why v1.2.0?

v1.0 generated files. v1.2 generates files that enforce quality standards.

| Before (v1.0) | After (v1.2) | |---------------|--------------| | Generic CLAUDE.md templates | Opinionated templates with mandatory practices | | Placeholder hook configs | Working enforcement hooks that block bad code | | "Add your instructions here" | Specific, actionable instructions that Claude follows | | Manual code review | Automatic ccboot_audit_code_quality scans |

Features

• Enforcement by Default — Every project gets test-enforcement, linting, and secret-detection hooks
• Code Quality Auditing — Scan for empty catch blocks, any types, TODO comments, hardcoded secrets, large files, long functions
• Quality Scoring — Get a 0-100 score for your codebase with actionable fix recommendations
• Full Project Bootstrap — Generate complete Claude Code configurations tailored to your tech stack
• Smart Detection — Automatically detects frameworks, build tools, and project structure
• 16 Specialized Tools — Scaffolding, knowledge management, validation, auditing, and enterprise compliance
• 18+ Templates — Battle-tested templates for CLAUDE.md, skills, agents, and hooks
• Compliance Packs — HIPAA, SOC2, PCI-DSS, and SOX compliance configurations
• Security Hooks — Block dangerous commands (rm -rf, force push) and detect secret leaks

Installation

Quick Install (Recommended)

claude mcp add ccboot -- npx @vaspera/ccboot-mcp-server

Manual Installation

npm install -g @vaspera/ccboot-mcp-server
claude mcp add ccboot -- ccboot-mcp-server

Local Development

git clone https://github.com/vaspera/ccboot-mcp-server.git
cd ccboot-mcp-server
npm install
npm run build
claude mcp add --scope local ccboot -- npx tsx src/index.ts

Verification

# List registered MCP servers
claude mcp list

# Inside a Claude Code session
/mcp

Tools Reference

Tier 1: Core Scaffolding

| Tool | Description | |------|-------------| | ccboot_init_project | Full project bootstrap with CLAUDE.md, skills, hooks, and settings | | ccboot_generate_claudemd | Create or update CLAUDE.md with smart tech stack detection | | ccboot_create_skill | Scaffold a skill with YAML frontmatter and directory structure | | ccboot_create_agent | Create a subagent definition with role-based defaults | | ccboot_create_hook | Generate hook configurations for any lifecycle event | | ccboot_create_command | Create a slash command as a user-invocable skill |

Tier 2: Knowledge & Management

| Tool | Description | |------|-------------| | ccboot_create_knowledge | Add reference documents (ADR, runbook, API, schema, style) | | ccboot_create_adr | Generate Architecture Decision Records with auto-numbering | | ccboot_list_artifacts | List all Claude Code artifacts with validation status | | ccboot_validate_config | Deep validation with auto-fix capability | | ccboot_audit_context | Analyze context budget and token consumption | | ccboot_audit_code_quality | NEW Scan codebase for quality issues: empty catch blocks, any types, TODO comments, secrets, large files, long functions. Returns quality score (0-100) |

Tier 3: Enterprise & Compliance

| Tool | Description | |------|-------------| | ccboot_apply_compliance | Apply HIPAA, SOC2, PCI-DSS, or SOX compliance packs | | ccboot_create_ci_workflow | Generate GitHub Actions workflow for Claude Code PR review | | ccboot_create_security_hook | Block dangerous commands with configurable strictness | | ccboot_generate_mcp_config | Create .mcp.json with recommended service configurations |

Usage Examples

Bootstrap a New Project

Ask Claude: "Initialize this project with Claude Code configuration"

This runs ccboot_init_project which:

1. Detects your tech stack (Next.js, FastAPI, Spring Boot, etc.)
2. Generates a tailored CLAUDE.md
3. Creates .claude/ directory with settings.json
4. Adds recommended skills and hooks
5. Sets up .claudeignore

Generate CLAUDE.md for an Existing Project

Ask Claude: "Generate a CLAUDE.md file for this Next.js project"

The tool analyzes your codebase and creates context-aware instructions including:

• Build and test commands from package.json
• Framework-specific architecture rules
• Detected database and ORM configurations
• CI/CD and deployment patterns

Create a Custom Skill

Ask Claude: "Create a code review skill that runs on PR tasks"

ccboot_create_skill({
  name: "code-review",
  description: "Comprehensive code review with security and performance checks",
  invocation: "auto",
  context: "fork",
  allowed_tools: ["Read", "Grep", "Glob"]
})

Add Security Hooks

Ask Claude: "Add security hooks to block dangerous commands"

ccboot_create_security_hook({
  project_path: ".",
  strictness: "strict"
})

This blocks:

• rm -rf /, rm -rf ~, rm -rf .
• git push --force, git push -f
• DROP TABLE, DROP DATABASE, TRUNCATE
• git reset --hard, chmod 777
• curl | sh, wget | sh

Apply Compliance Pack

Ask Claude: "Apply HIPAA compliance configuration"

ccboot_apply_compliance({
  project_path: ".",
  standard: "hipaa",
  scope: "full"
})

This generates:

• Audit logging hooks
• PHI handling skill
• Data classification CLAUDE.md sections
• Security hooks for sensitive data protection

Audit Code Quality

Ask Claude: "Audit the code quality of this project"

ccboot_audit_code_quality({
  project_path: ".",
  language: "typescript",
  output_format: "json"
})

Scans for:

• Empty catch blocks (swallowed errors)
• any type usage (type safety violations)
• TODO/FIXME/HACK comments (incomplete work)
• Hardcoded secrets and API keys
• Files over 400 lines
• Functions over 50 lines
• Missing error handling
• Console.log statements in production code

Returns a quality score (0-100) calculated as: 100 - (15 × critical) - (5 × high) - (2 × medium) - (1 × low)

Validate All Configurations

Ask Claude: "Validate my Claude Code configuration"

ccboot_validate_config({
  project_path: ".",
  fix_mode: "auto_fix"
})

Checks for:

• Missing name/description in skill frontmatter
• Invalid JSON in hooks and settings
• CLAUDE.md exceeding 500 lines
• Broken file references
• Naming convention violations

Supported Tech Stacks

| Stack | Detection Files | |-------|----------------| | Next.js | next.config.js, next.config.ts, next.config.mjs | | React | src/App.tsx, src/App.jsx | | Vue / Nuxt | vue.config.js, nuxt.config.ts | | Angular | angular.json | | Svelte | svelte.config.js | | Express | app.js, server.js | | FastAPI | main.py, app/main.py | | Django | manage.py, settings.py | | Flask | app.py, wsgi.py | | Spring Boot | pom.xml, build.gradle | | Rails | Gemfile, config/routes.rb | | Laravel | artisan, composer.json | | Go | go.mod | | Rust | Cargo.toml | | .NET | *.csproj, *.sln |

Hook Events

The server supports all 18 Claude Code lifecycle events:

| Event | Description | Blocking | |-------|-------------|----------| | SessionStart | Session begins or resumes | No | | SessionEnd | Session terminates | No | | InstructionsLoaded | CLAUDE.md loaded | No | | UserPromptSubmit | User submits prompt | Yes | | PreToolUse | Before tool execution | Yes | | PostToolUse | After tool succeeds | Yes | | PostToolUseFailure | After tool fails | Yes | | PermissionRequest | Permission dialog appears | Yes | | SubagentStart | Subagent spawned | No | | SubagentStop | Subagent finished | Yes | | Stop | Claude finishes responding | Yes | | Notification | Claude sends notification | No | | TeammateIdle | Agent teammate going idle | Yes | | TaskCompleted | Task marked complete | Yes | | ConfigChange | Configuration changes | Yes | | PreCompact | Before context compaction | No | | WorktreeCreate | Worktree being created | Yes | | WorktreeRemove | Worktree being removed | No |

Templates

CLAUDE.md Templates

• nextjs — Next.js + Prisma + Tailwind
• react-spa — React SPA with REST/GraphQL
• fastapi — Python FastAPI backend
• springboot — Java Spring Boot enterprise
• monorepo — Multi-package monorepo

Skill Templates

• code-review — Comprehensive code review
• test-writer — Test generation
• documentation — Documentation generation
• security-scan — OWASP security checks
• performance-audit — Performance analysis

Agent Templates

• explore — Read-only codebase investigation
• plan — Architecture planning
• test-runner — Test execution and analysis
• security-auditor — Vulnerability scanning

Hook Templates

• format-on-write — Auto-format with Prettier/Black/gofmt
• lint-on-write — Auto-lint with ESLint/Ruff/Clippy
• test-enforcement — Run tests after code changes and block completion until green
• danger-blocker — Block dangerous commands (rm -rf, force push, DROP TABLE)
• secret-detector — Detect and block secret leaks before commits

Knowledge Templates

• adr — Architecture Decision Records
• runbook — Operational runbooks
• api — API documentation
• schema — Database schema documentation
• style — Code style guides

Configuration

Project Settings (.claude/settings.json)

{
  "permissions": {
    "allow": [
      "Bash(npm run build)",
      "Bash(npm run test *)",
      "Bash(git status)",
      "Bash(git diff *)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Read(./.env)",
      "Read(./.env.*)"
    ]
  }
}

MCP Configuration (.mcp.json)

{
  "mcpServers": {
    "ccboot": {
      "command": "npx",
      "args": ["@vaspera/ccboot-mcp-server"]
    }
  }
}

Development

# Build
npm run build

# Lint
npm run lint

# Test
npm run test

# Dev mode with watch
npm run dev

Architecture

src/
├── index.ts          # Entry point, server init, transport
├── types.ts          # Shared TypeScript interfaces
├── constants.ts      # Enums, defaults, limits
├── tools/
│   ├── scaffolding.ts   # Core scaffolding tools
│   ├── knowledge.ts     # Knowledge management tools
│   ├── management.ts    # Validation and audit tools
│   └── enterprise.ts    # Compliance and security tools
├── services/
│   ├── file-ops.ts           # Atomic writes, path ops
│   ├── template-engine.ts    # Variable substitution
│   ├── validation.ts         # Config validators
│   ├── project-analyzer.ts   # Stack detection
│   └── claudemd-generator.ts # CLAUDE.md generation
└── schemas/
    ├── common.ts        # Shared Zod schemas
    └── scaffolding.ts   # Tool input schemas

templates/
├── claudemd/    # CLAUDE.md templates
├── skills/      # Skill templates
├── agents/      # Agent templates
├── hooks/       # Hook templates
└── knowledge/   # Knowledge doc templates

Requirements

• Node.js 18+
• Claude Code CLI
• Claude Pro, Max, or API subscription

License

ISC

Author

Vaspera Capital

Built for Claude Code v1.0+