v2.2.1

Fixed

AI-Statusline Plugin (v1.2.3)

• Fixed rate limit percentage display - Rate limit percentages now round to 2 decimal places instead of showing long floating-point numbers (e.g., 5h:12.35% instead of 5h:12.345678%)
  • Bash: uses jq (. * 100 | round) / 100 for rounding, extracts integer part for color threshold comparisons
  • PowerShell: uses [math]::Round($val, 2) instead of [int] cast which truncated to whole numbers

v2.2.0 - Supply Chain Security Hardening

What's New

AI-Security Plugin (v1.5.0)

New skill: /security-supply-chain - Harden your project against npm supply chain attacks.

• Detects package manager (pnpm, npm, Yarn, Bun) and validates compatibility
• Configures pnpm's minimum-release-age in .npmrc to quarantine newly published packages
• Interactive timeframe selection with previews (24 hours, 3 days, 7 days, or custom)
• Scans CI/CD configs for frozen lockfile usage and offers to add frozen-lockfile=true
• Checks pnpm version and offers upgrade if below 10.16.0 minimum
• Recommends pnpm migration for npm/Yarn/Bun users who lack quarantine protection
• Creates two defense layers: time-based quarantine (local dev) + frozen lockfile (CI/CD)

Background

Motivated by the axios@1.14.1 / axios@0.30.4 supply chain compromise on March 31, 2026, where malicious versions injected a remote access trojan via the plain-crypto-js dependency.

Learn more: Stop Supply Chain Attacks: Why Your Build Pipeline Should Use Locked Dependencies

Full Changelog: v2.1.0...v2.2.0

v2.1.0 - AI Modernize, AI Compliance & Workflow Principles

What's New

AI-Modernize Plugin (v1.0.0) - NEW

Codebase modernization assessment that identifies technical debt, anti-patterns, and quality issues from older AI-generated or legacy code.

• /modernize-audit - Full interactive assessment with 12 configurable categories:
  SOLID/DRY/KISS violations, type safety, error handling, security, performance, testing gaps, architecture debt, frontend debt, dependency health, AI hallucination artifacts, modern pattern gaps, configuration/DevOps
• /modernize-scan ./path - Quick scan that accepts a file or directory path, runs all categories with defaults
• Modernization Score (0-100) with category breakdown
• AI-assisted remediation time estimates (not manual development time)
• Phased modernization roadmap with prioritized checklist
• "Why Older AI Models Did This" educational context for each finding

AI-Compliance Plugin (v1.0.0) - NEW

Open-source license compliance auditing and attribution file generation.

• /compliance-license-audit - Interactive license audit across 8 package ecosystems (npm, pip, NuGet, Go, Rust, Ruby, PHP, Java)
  • Classifies licenses: Permissive, Weak Copyleft, Strong Copyleft, Unknown
  • License compatibility analysis against your project's license
  • Flags copyleft contamination risks with configurable risk tolerance
  • Direct and transitive dependency analysis via lock files
  • License Compliance Score (0-100)
• /compliance-notice-generate - Generates NOTICE, THIRD-PARTY-NOTICES.md, ATTRIBUTION.md, or licenses.json files to fulfill attribution obligations

AI-Workflow Plugin (v1.3.0 -> v1.4.0)

• /workflow-principles - Generate context-aware Development Principles for CLAUDE.md
  • Auto-discovers project structure (monorepo, tech stack, frameworks, shared packages, git config)
  • 10 principle categories: SOLID, DRY, KISS, YAGNI, Modularity, Component Architecture, Type Safety, Error Handling, Testing, Git Workflow
  • Uses real package names, paths, and library names from your project
  • Supports both project CLAUDE.md and user-level ~/.claude/CLAUDE.md
  • Smart merge with existing CLAUDE.md content

Full Changelog

https://github.com/charlesjones-dev/claude-code-plugins-dev/blob/main/CHANGELOG.md

v2.0.2

AI-Statusline Plugin v1.2.2 - Rate Limit Usage Display

What's New

Added rate limit usage display for Claude Code 2.1.80+. The status line now shows your 5-hour and 7-day rate limit consumption with color-coded thresholds:

• Green - under 50% usage
• Yellow - 50-79% usage
• Red - 80%+ usage

Example: 5h:12% 7d:4%

Details

• New SHOW_RATE_LIMITS configuration option (enabled by default)
• Reads rate_limits.five_hour.used_percentage and rate_limits.seven_day.used_percentage from the Claude Code statusline JSON
• Both Bash and PowerShell script templates updated
• Gracefully hidden on older Claude Code versions where the rate_limits field is absent
• Updated model name references from Opus 4.5 to Opus 4.6

Requirements

• Claude Code 2.1.80+ for rate limit display (all other features work on any version)

v2.0.1

Fixed

AI-Statusline Plugin (v1.2.1)

• Fixed PowerShell script template bugs
  • Fixed stdin reading using reserved $input automatic variable; replaced with [System.Console]::In.ReadToEnd() so the script actually receives JSON data when invoked via -File
  • Fixed progress bar using ASCII +/- instead of Unicode block characters to match bash template and documentation
  • Fixed segment separator using " | " instead of " · " to match bash template and README examples
  • Fixed unquoted paths in Split-Path and git -C that would break on directories with spaces
  • Fixed confusing cost format string '${0:F2}' that resembles a variable reference; clarified with string concatenation
  • Fixed Unicode character encoding by setting [Console]::OutputEncoding to UTF-8 and using [char] codes instead of literal Unicode in source file

v2.0.0

Breaking Changes

• Migrate all plugins from commands/ to skills/ directory structure - All plugins now use skills/{skill-name}/SKILL.md format instead of commands/{command-name}.md. This aligns with Claude Code's native skill system for better discoverability and execution.

New

• ai-writing plugin (v1.0.0) - Writing humanizer skill with interactive workflow

  • /writing-humanize: Detect and remove AI writing patterns from text
  • Interactive AskUserQuestion flow for input source, content type, and intensity
  • 6 grouped pattern categories (inflated language, fake depth, unnatural grammar, formatting tells, chatbot artifacts, weak endings)
  • Content-type rules (technical docs, README, blog post, PR/commit)
  • Developer-specific patterns for README inflation, doc over-explanation, PR padding

• workflow-ship skill - End-to-end shipping workflow (/workflow-ship)

  • Runs preflight checks, auto-fixes issues, commits, pushes, and creates a PR

• git-commit-push-pr skill - Interactive branch selection and PR creation (/git-commit-push-pr)

Improved

• security-audit: Structured report template with severity scoring, OWASP compliance matrix, and remediation roadmap
• accessibility-audit: Interactive WCAG version/level selection, Playwright MCP visual testing support, URL scanning
• performance-audit: Structured report template with Core Web Vitals analysis
• security-init: Rewritten with interactive AskUserQuestion flow
• statusline-wizard: Migrated to skills format

Removed

• ai-plugins plugin - Scaffolding tools removed (superseded by skills structure)
• All commands/ directories replaced by skills/ directories

Other

• Update copyright year to 2026 in all LICENSE files

v1.9.1 - Security Scanning for Preflight Checks

What's New

AI-Workflow Plugin v1.1.0

The /workflow-preflight command now auto-detects and runs security scanning tools alongside type checking, linting, formatting, and tests.

Dependency Vulnerability Scanning:

• pnpm/npm/yarn audit for Node.js projects
• pip-audit and safety for Python
• cargo audit for Rust

Semgrep SAST Detection:

• Config files: .semgreprc.yml, .semgrep.yml, .semgrep/
• CI workflows: Extracts --config flags from GitHub Actions
• README documentation: Finds documented security commands
• Docker fallback when CLI not installed

Platform Support:

• Windows Docker: Automatic MSYS_NO_PATHCONV=1 prefix to prevent Git Bash path
  conversion errors

ESLint Security:

• Detects eslint-plugin-security in devDependencies and notes when security linting is
  active

Full Changelog

v1.9.0...v1.9.1

v1.9.0 - AI-Learn: Socratic Learning Mode

A new plugin that transforms Claude from a code generator into a patient coding mentor, guiding you through problem-solving without giving direct answers.

Commands:

• /learn - Activates teaching mode with a 5-phase flow:
  • Assessment → Foundation → Guided Implementation → Error Discovery → Reinforcement
  • Uses Socratic questioning instead of direct answers
  • Provides hints and guidance rather than solutions
  • Includes escape hatch for users who explicitly need answers
• /learn-review - Socratic code review that helps you discover issues yourself:
  • Reviews code through targeted questions
  • Guides you to find bugs by tracing through edge cases
  • Probes design decisions to deepen understanding
  • Question banks for logic, performance, readability, and security

Why use it?

Research shows that productive struggle leads to better knowledge retention than passive consumption. This plugin helps you actually learn to code rather than just copy-paste solutions.

v1.8.0 - Section 508 / WCAG 2.0 AA Support

What's New

AI-Accessibility Plugin (v1.3.0)

• Added Section 508 / WCAG 2.0 AA option to /accessibility-audit command
  • New "508 / WCAG 2.0 AA" option in WCAG version selection
  • Supports US federal accessibility requirements aligned with WCAG 2.0 Level AA

Installation

/plugin marketplace add charlesjones-dev/claude-code-plugins-dev
/plugin install ai-accessibility@claude-code-plugins-dev

v1.7.1 - AI-Statusline Plugin Windows Fix

Fixed

AI-Statusline Plugin (v1.1.1)

• Fixed PowerShell progress bar using incompatible Unicode characters
  • Replaced ▓ and ░ with ASCII-compatible # and - characters
  • Ensures progress bar displays correctly on Windows environments