arc-kit

Name: arc-kit
Author: tractorjuice

Warning

The Enterprise Architecture Governance Harness — strategy, architecture, delivery, and assurance for AI coding assistants

2,009stars

249forks

JavaScript

Installation

# Add to your Claude Code skills
git clone https://github.com/tractorjuice/arc-kit

Getting Started

Guides for using ai agents skills like arc-kit.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportWarning

Last scanned: 6/20/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "basic-ftp: basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "dompurify: DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "js-yaml: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ws: ws: Uninitialized memory disclosure",
      "severity": "high"
    }
  ],
  "status": "WARNING",
  "scannedAt": "2026-06-20T07:50:09.414Z",
  "npmAuditRan": true,
  "pipAuditRan": true,
  "promptInjectionRan": true
}

README.md

Frequently Asked Questions

What is arc-kit?

arc-kit is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by tractorjuice. The Enterprise Architecture Governance Harness — strategy, architecture, delivery, and assurance for AI coding assistants. It has 2,009 GitHub stars.

Is arc-kit safe to use?

arc-kit returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.

How do I install arc-kit?

Clone the repository with "git clone https://github.com/tractorjuice/arc-kit" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is arc-kit written in?

arc-kit is primarily written in JavaScript. It is open-source under tractorjuice on GitHub, so you can review or fork the full source.

Are there alternatives to arc-kit?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh arc-kit against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

218,379

paperbanana unreal-mcp

ArcKit: The Enterprise Architecture Governance Harness

Build better enterprise architecture through structured strategy, design, delivery, and assurance workflows.

ArcKit is a toolkit for enterprise architects that transforms architecture governance from scattered documents into a systematic, AI-assisted workflow for:

🏛️ Establishing and enforcing architecture principles
👥 Analyzing stakeholder drivers, goals, and outcomes
🛡️ Risk management (HM Treasury Orange Book)
💼 Business case justification (HM Treasury Green Book SOBC)
📋 Creating comprehensive requirements documents
🗄️ Data modeling with ERD, GDPR compliance, and data governance
🔬 Technology research with build vs buy analysis (web search powered)
☁️ Azure-specific research using Microsoft Learn MCP for authoritative documentation
🗺️ Strategic planning with Wardley Mapping
📊 Generating visual architecture diagrams (Mermaid)
🤝 Managing vendor RFP and selection processes
✅ Conducting formal design reviews (HLD/DLD)
🔧 ServiceNow service management design
🔗 Maintaining requirements traceability
📎 Citation traceability for external documents (inline [DOC-CN] markers with source quotes)

Star History

Quick Start

Installation

Claude Code (premier experience) — install the ArcKit plugin (requires v2.1.172+):

First, make sure Claude Code is on the latest version:

claude install latest

Then in Claude Code:

/plugin marketplace add tractorjuice/arc-kit

Then install from the Discover tab. The marketplace ships 13 plugins — install only the jurisdictions you need:

# Core (75 commands — UK Government civilian + generic enterprise)
claude plugin install arckit

# UK + UAE federal
claude plugin install arckit arckit-uae

# Everything (150 commands across UK + UAE + FR + CA + EU + AT + AU + US + UK-NHS + UK-GCloud)
claude plugin install arckit arckit-{uae,fr,ca,eu,at,au,us,uk-nhs,uk-gcloud}

All 13 plugins come from the same tractorjuice/arc-kit marketplace. The 11 community plugins (arckit-uae, arckit-fr, arckit-ca, arckit-eu, arckit-at, arckit-au, arckit-au-energy, arckit-us, arckit-uk-finance, arckit-uk-nhs, arckit-uk-gcloud) require the arckit core plugin. arckit-au-energy (sector) additionally requires arckit-au (jurisdiction), which it composes — install with claude plugin install arckit arckit-au arckit-au-energy. arckit-uk-gcloud is a proprietary, Claude Code only supplier-side G-Cloud bid-authoring overlay — it is not distributed to the non-Claude extension formats. One tooling plugin — arckit-fde — is a lean, Claude Code only plugin with one command, /arckit-fde:create, that generates a brandable (white-label) Forward Deploy Engineering consulting website into docs/ (GitHub Pages ready), with UK Public Sector and Generic market presets; no dependencies, not converted to non-Claude formats, no governance doc-types.

Tip: lighter marketplace clone. The command above clones the full arc-kit monorepo (~100 MB) because it hosts five other AI-assistant distributions, 147 vendored Wardley maps, and research docs you don't need. To fetch just the plugin's directories, add the marketplace via the CLI with --sparse:
claude plugin marketplace add tractorjuice/arc-kit --sparse .claude-plugin arckit-claude
This uses git sparse-checkout to limit the clone to .claude-plugin/ (the marketplace catalog) and plugins/arckit-claude/ (the plugin itself). Works with Claude Code's documented marketplace sparse flag. Claude Code is the primary development platform for ArcKit and provides the most complete experience: all 75 official commands, 10 autonomous research agents, automation hooks, bundled MCP servers (AWS Knowledge, Microsoft Learn, Google Developer Knowledge, govreposcrape, uk-tenders), and automatic updates via the marketplace. See Why Claude Code? below.

Why v2.1.172? v2.1.172 fixed wildcard-domain WebFetch permission rules (WebFetch(domain:*.gov.uk)) that never matched subdomains on earlier clients — that is exactly the shape ArcKit recommends for confining research-agent traffic in OFFICIAL-SENSITIVE deployments (see the security-hooks guide), so the floor makes that guidance actually hold. It also includes the Claude Fable 5 runtime (GA in v2.1.170), and ArcKit defaults to the latest model tier. It carries forward the v2.1.156 fix for an Opus 4.8 bug where modified thinking blocks caused API errors — relevant to /arckit:* commands and the research agents that lean on extended thinking, the floor for adopting Opus 4.8 cleanly. v2.1.154 shipped Opus 4.8 (now defaulting to high effort, owning /effort xhigh) and defaultEnabled: false for plugins — ArcKit's 10 community overlays (arckit-uae, arckit-fr, arckit-ca, arckit-eu, arckit-at, arckit-au, arckit-au-energy, arckit-us, arckit-uk-finance, arckit-uk-nhs) now set this so installing the marketplace surfaces them without auto-enabling all ten; users opt in to only the jurisdiction or sector they need, while core arckit stays default-enabled. v2.1.144 fixed a bug where new sessions were titled from plugin monitor output instead of the user's first prompt — ArcKit's stale-artifact-scan monitor was the canonical hit, producing sessions named "Detect ArcKit artifacts with overdue reviews…" instead of the user's actual question. Same release fixed the Skill tool failing with permission errors in headless mode (regression in v2.1.141) which affected /arckit:* runs via claude -p / CI. v2.1.143 added plugin dependency enforcement so claude plugin disable arckit now surfaces a copy-pasteable disable-chain hint when a community overlay (arckit-au, arckit-uae, etc.) depends on it, instead of silently breaking the overlay. v2.1.139 added the hook args: string[] exec form — ArcKit's 16 registered hooks now use this form so the harness execs node <path> directly instead of parsing a shell-quoted command string. This eliminates a whole class of quoting / metacharacter bugs in the ${CLAUDE_PLUGIN_ROOT}-substituted paths. The same release also fixed subagents not discovering project / user / plugin skills (affects ArcKit's 16 agents) and made /mcp reconnect pick up .mcp.json edits without a restart. Builds on v2.1.136 (fix: env vars from SessionStart hooks going stale — relevant to the inject-arckit-context pattern; fix: MCP servers from .mcp.json disappearing after /clear), v2.1.133 (subagent skill discovery fix, hooks receive effort.level), and v2.1.129 (plugin manifest's monitors/themes moved under a top-level experimental block — ArcKit's stale-artifact-scan background monitor which warns when projects/ artefacts are past their Next Review Date or stuck in DRAFT for 14+ days is declared via that key and will not load on older clients; ENABLE_PROMPT_CACHING_1H regression fix). Carries forward the v2.1.121 unlocks: MCP alwaysLoad eager-loads AWS Knowledge and Microsoft Learn tools at session start (skips a discovery round-trip on /arckit:aws-research and /arckit:azure-research), and PostToolUse hookSpecificOutput.updatedToolOutput so provenance-stamp and manifest hooks surface their effects to the model in-band; the v2.1.118–119 release-flow unlocks: claude plugin tag --dry-run validates plugin/marketplace version agreement, and the session-telemetry hook records duration_ms on every tool call; the v2.1.117 unlocks: Opus 4.7 /context correctly sized to 1M instead of 200K (long research sessions no longer autocompact early) and agent frontmatter mcpServers loading for --agent sessions; the v2.1.111+ unlocks: Opus 4.7 xhigh effort tier, Auto mode without --enable-auto-mode, read-only bash glob patterns without permission prompts; and the v2.1.97 fixes: claude plugin update correctly detects new commits for git-based plugins (critical for ArcKit distribution), MCP HTTP/SSE memory leak fix (~50 MB/hr, affects ArcKit's 5 bundled servers), proper 429 exponential backoff (benefits 10 research agents), Stop/SubagentStop hooks no longer fail on long sessions (affects session-learner), and subagent working directory leak fix.

Gemini CLI — install the ArcKit extension:

gemini extensions install https://github.com/tractorjuice/arckit-gemini

Zero-config: all 75 official commands, templates, scripts, and bundled MCP servers (AWS Knowledge, Microsoft Learn). Updates via `gemini exte