# cc10x - Claude Code Orchestrator
> **Orchestration plugin for Claude Code with 5 workflows: review, plan, build, debug, validate.**
cc10x provides structured workflows that coordinate 24 domain skills, 5 workflow skills, and 9 subagents to deliver consistent, production-grade code.
## What cc10x Provides
cc10x provides structured workflows for Claude Code:
- **Systematic workflows** that enforce TDD, security checks, and quality gates
- **24 domain skills** that activate when needed
- **5 workflow skills** for orchestration and workflow management
- **9 specialized subagents** working in parallel contexts
- **Evidence-first verification** that requires proof before completion
- **Memory integration** that learns from your patterns
---
## What Makes cc10x Different
### π― **Orchestrator-First Architecture**
**The cc10x-orchestrator is the MANDATORY entry point for all workflows**:
- **Single Entry Point**: All workflows MUST be activated through the orchestrator, not directly
- **Automatic Activation**: Orchestrator activates automatically on any user request (review, plan, build, debug, validate)
- **Centralized Coordination**: Orchestrator coordinates skill loading, subagent invocation, and validation
- **Validation Enforcement**: All validation mechanisms (Skills Inventory Check, Subagents Inventory Check, Phase Checklists) only work when orchestrator runs
**Result**: Consistent, validated execution across all workflows.
### π― **Functionality-First Approach**
**Every workflow starts with understanding functionality**:
- **Phase 0: Functionality Analysis** (MANDATORY FIRST STEP)
- Understands user flows, admin flows, system flows
- Verifies functionality works before applying specialized checks
- Extracts acceptance criteria and requirements
- Documents flows and integration points
**Result**: Workflows understand what needs to be done before doing it.
### π― **Deterministic Workflow Selection**
cc10x uses explicit keyword mapping to select the right workflow:
```bash
"Review this auth module" β REVIEW workflow β
"Plan payment processing" β PLAN workflow β
"Build user dashboard" β BUILD workflow β
"Debug memory leak" β DEBUG workflow β
"Validate implementation" β VALIDATION workflow β
```
**Result**: Correct workflow selection based on keywords.
### π― **Automatic Context Preset Detection**
cc10x automatically detects task type and loads appropriate context:
- **Frontend tasks**: Detects React/Vue components β loads frontend preset
- **Backend tasks**: Detects API/server code β loads backend preset
- **Full-stack tasks**: Detects both β loads app preset
**Result**: Right context loaded automatically, no manual configuration needed.
### π§ **Memory Integration**
cc10x learns from your patterns:
- **Complexity patterns**: Similar tasks? It remembers how you scored them
- **Failure modes**: Common bugs? It remembers the fixes
- **Component orders**: Dependency patterns? It builds in the right sequence
- **User preferences**: Your review depth, test coverage targets, build approach
**Result**: Workflows improve with usage.
### π **Evidence-First Verification**
No "trust me, it works" claims. cc10x requires proof:
```bash
β
Tests run β exit code 0
β
Coverage >80% β verified
β
Build succeeds β confirmed
β
Integration tests pass β validated
```
**Result**: Code completion requires evidence.
### π¨ **Progressive Disclosure Architecture**
Skills load in 3 levelsβexactly when needed:
- **Level 1**: Metadata (always loaded) - ~100 tokens
- **Level 2**: Instructions (when triggered) - ~5k tokens
- **Level 3**: Resources (on-demand) - unlimited
**Result**: Skills load only when needed.
---
## π Quick Start
### Installation
```bash
# Step 1: Add the marketplace
/plugin marketplace add romiluz13/cc10x
# Step 2: Install the plugin
/plugin install cc10x@romiluz13
# Step 3: Restart Claude Code
# Done. That's it.
```
### Your First Workflow
```bash
# Just ask naturally - cc10x detects intent
"Review this authentication code for security issues"
```
**cc10x executes**:
1. **Phase 0**: Functionality Analysis β Understands what the code does
2. Detects `review` intent β triggers REVIEW workflow
3. Loads security, quality, performance, UX, accessibility skills (parallel)
4. Delegates to 3 specialized subagents (risk-security, performance-quality, ux-accessibility) in parallel
5. Synthesizes findings with severity levels
6. Provides file:line citations and remediation steps
**Output**: Security audit with findings and fixes.
---
## π The Five Workflows
### 1. **REVIEW** - Multi-Dimensional Code Analysis
**When**: Before PRs, security audits, performance optimization
**What You Get**:
- β
OWASP Top 10 security scanning
- β
Performance bottleneck detection
- β
Code quality metrics (complexity, duplication, maintainability)
- β
UX friction point analysis
- β
WCAG accessibility compliance
**Example Output**:
```markdown
## Security Findings
**Critical** (must fix):
- [src/auth.ts:42] SQL injection risk: User input not sanitized
- [src/payment.ts:89] Missing CSRF token validation
**High** (should fix):
- [src/api/users.ts:156] Rate limiting not implemented
```
### 2. **PLAN** - Feature Planning
**When**: New features, architecture decisions, system design
**What You Get**:
- β
Requirements analysis with acceptance criteria
- β
Architecture design with component breakdown
- β
Risk identification (7 dimensions: data flow, dependencies, timing, UX, security, performance, failure modes)
- β
Implementation roadmap with file manifest
- β
Deployment strategy with rollback plans
**Example Output**:
```markdown
## Architecture Design
**Components**:
1. UserService (new) - Handles user CRUD operations
2. AuthGuard (new) - Route protection middleware
3. LoginComponent (modify) - Update existing component
**Dependencies**:
UserService β AuthGuard β LoadComponent
**Risks**:
- Data flow: User data validation (HIGH) - Mitigation: Input sanitization
- Security: Token storage (CRITICAL) - Mitigation: HttpOnly cookies
```
### 3. **BUILD** - TDD-Driven Implementation
**When**: Implementing features, building components, adding functionality
**What You Get**:
- β
RED β GREEN β REFACTOR cycle enforcement
- β
Component implementation with tests
- β
Code quality verification
- β
Integration testing
- β
Evidence-based completion verification
**Example Output**:
```markdown
## Component: UserService
**TDD Cycle**:
1. β
RED: Test written (test/user-service.spec.ts:12) β exit 1
2. β
GREEN: Implementation complete (src/user-service.ts:45) β exit 0
3. β
REFACTOR: Code cleaned, tests green β exit 0
**Verification**:
- Unit tests: 100% coverage β
- Integration tests: Pass β
- Build: Success β
```
### 4. **DEBUG** - Systematic Bug Investigation
**When**: Production issues, bugs, unexpected behavior
**What You Get**:
- β
Log-first evidence gathering (no assumption-driven debugging)
- β
Root cause identification
- β
Targeted fix implementation
- β
Regression prevention
- β
Verification of fix effectiveness
**Example Output**:
```markdown
## Bug Investigation
**Root Cause**:
Memory leak in event listener not cleaned up (src/listener.ts:67)
**Evidence**:
- Logs show memory growth pattern
- Stack trace points to listener.ts:67
- Fix pattern: Remove listener on component unmount
**Fix Applied**:
- Added cleanup in useEffect return (src/listener.ts:78) β
- Regression test added (test/listener.spec.ts:42) β
```
### 5. **VALIDATE** - Cross-Artifact Consistency
**When**: Verifying implementation matches plan, checking test coverage, validating docs
**What You Get**:
- β
Plan β Code alignment matrix
- β
Code β Test coverage analysis
- β
Documentation freshness verification
- β
Drift detection (planned vs implemented)
**Example Output**:
```markdown
## Validation Report
**Alignment Matrix**:
| Requirement | Code Location | Test Coverage | Status |
|-------------|---------------|---------------|--------|
| User Auth | src/auth.ts:42 | β
95% | Aligned |
| Payment Flow | src/payment.ts:100 | β οΈ 65% | Partial |
**Coverage Gaps**:
- src/payment.ts:65-89 (below 70% threshold)
**Documentation**:
- API docs: 10 fresh, 2 stale (outdated endpoints)
```
---
## The Architecture
### 24 Domain Skills
Domain experts that activate automatically:
**Code Quality & Security**:
- `code-review-patterns` - Security, quality, and performance analysis (consolidates security-patterns, code-quality-patterns, performance-patterns)
- OWASP Top 10, injection prevention, SOLID principles, complexity metrics, bottleneck identification
**Design & Planning**:
- `planning-patterns` - Requirements analysis and feature planning (consolidates requirements-analysis, feature-planning)
- `architecture-patterns` - System design, component boundaries, API design, integration patterns
- `risk-analysis` - 7-stage risk framework with mitigation strategies
**User Experience**:
- `frontend-patterns` - UX, UI design, and accessibility (consolidates ux-patterns, ui-design, accessibility-patterns)
- Loading states, error handling, visual hierarchy, WCAG compliance, keyboard navigation
**Implementation**:
- `test-driven-development` - RED β GREEN β REFACTOR discipline
- `component-design-patterns` - Composition, reusability, API design
- `deployment-patterns` - 3-level rollback, staged rollouts, monitoring
**Operations**:
- `debugging-patterns` - Systematic debugging, log analysis, root cause analysis (consolidates systematic-debugging, log-analysis-patterns, root-cause-analysis)
- LOG FIRST methodology, structured logging, evidence-based investigation
### 5 Workflow Skills
Orchestration and workflow management:
- `cc10x-orchestrator` - Primary orchestrator, intent detection, workflow coordination
- `review-workflow` - Review workflow coordination
- `planning-workflow` - Planning workflow coordination
- `build-workflow` - Build workflow coordination
- `debug-workflow` - Debug workflow coordination
### 5 Specialized Subagents
Separate context windows, focused expertise:
**Review Subagents**:
- `code-reviewer` - Comprehensive review covering security, quality, performance, UX, and accessibility (consolidates analysis-risk-security, analysis-performance-quality, analysis-ux-accessibility)
**Plan Subagents**:
- `planner` - Comprehensive planning covering architecture, risks, API design, component design, testing, and deployment (consolidates planning-architecture-risk, planning-design-deployment)
**Build Subagents**:
- `component-builder` - TDD implementation, component building
- `code-reviewer` - Quality and security verification
- `integration-verifier` - Integration testing, evidence-based completion
**Debug Subagents**:
- `bug-investigator` - Log analysis, root cause identification, fix implementation
---
## π Key Features
### β
**Functionality-First Mandate**
**Every workflow enforces Phase 0: Functionality Analysis FIRST**:
- Understands what functionality needs to be built/reviewed/debugged
- Documents user flows, admin flows, system flows
- Verifies functionality works before applying specialized checks
- Extracts acceptance criteria and requirements
**Prevents**: Building/reviewing/debugging without understanding what needs to be done.
### β
**Complexity Gating**
cc10x assesses task complexity (1-5 scale) after functionality analysis:
- **1-2**: Simple changes β Recommends direct implementation
- **3**: Moderate β Planning workflow adds value
- **4-5**: Complex β Comprehensive planning critical
**Prevents**: Over-engineering simple tasks, under-planning complex ones.
### β
**Component Failure Cascading**
If Component A fails, Components B and C that depend on it are automatically blocked:
```markdown
Component Failure Cascade Detected:
- Component 1: FAILED (build error)
- Component 2: BLOCKED (depends on Component 1)
- Component 3: BLOCKED (depends on Component 1)
Options:
1. Fix Component 1 first β Then continue
2. Skip Component 1 β Build separately
3. Abort workflow β Restart after fix
```
**Prevents**: Building on broken foundations.
### β
**Requirements Completeness Threshold**
Plan workflow gates if >3 critical questions unanswered:
- Core Goal missing β +1 critical question
- Key Entities empty β +1 critical question
- User Stories missing acceptance criteria β +1 per story
**Prevents**: Planning with incomplete requirements.
### β
**Investigation Timeout**
Debug workflow escalates after 3 investigation attempts:
```markdown
Investigation Timeout (3 attempts):
Root cause not identified after 3 attempts.
Options:
1. Add strategic logging β Capture bug naturally
2. Request more data β User provides environment details
3. Skip investigation β Mark as "needs manual investigation"
```
**Prevents**: Infinite investigation loops.
### β
**Subagent Output Validation**
Every subagent output is validated against expected format:
- β
Format matches template
- β
Required fields present
- β
File:line citations included
- β
No placeholder text ("TODO", "TBD")
- β
Output is actionable
**Prevents**: Incomplete or invalid subagent outputs.
### β
**Web Fetch Caching**
External documentation is cached with TTL-based expiration:
- API specs: 7-day TTL
- Library docs: 14-day TTL
- Framework docs: 30-day TTL
- Standards: 90-day TTL
**Result**: Faster workflows, fewer external fetches.
### β
**Workflow State Persistence**
Workflows can resume after interruption:
```json
{
"workflow": "build",
"phase": "Phase_2_Component_Queue",
"timestamp": "2025-10-29T10:00:00Z",
"state": {
"components": [...],
"completed_components": [...],
"current_component": "ComponentName"
},
"next_phase": "Phase_3_Component_Execution_Loop"
}
```
**Result**: No lost progress on long-running workflows.
---
## π Real-World Examples
### Example 1: Security Audit Before Production
```bash
"Review our payment processing code for security vulnerabilities"
```
**cc10x executes**:
1. Detects `review` intent β REVIEW workflow
2. Loads code-review-patterns skill (consolidates security-patterns, code-quality-patterns, performance-patterns)
3. Delegates to code-reviewer subagent (consolidates analysis-risk-security, analysis-performance-quality, analysis-ux-accessibility)
4. Scans payment code for OWASP Top 10 issues, performance bottlenecks, and code quality issues
5. Returns findings with severity levels and fixes
**Time**: 3 minutes
**Output**: Found 2 critical SQL injection risks before production
### Example 2: Complete Feature Implementation
```bash
"Build user authentication with JWT tokens and refresh tokens"
```
**cc10x executes**:
1. **Phase 0**: Functionality Analysis β Understands auth requirements and flows
2. Detects `build` intent β BUILD workflow
3. Assesses complexity: 4 (multi-file, security-critical)
4. Breaks into components: UserModel β AuthService β LoginComponent β AuthGuard
5. For each component: RED β GREEN β REFACTOR with tests (sequential per component)
6. Independent components run in parallel
7. Code review by code-reviewer subagent (after builder)
8. Integration verification by integration-verifier subagent (after reviewer)
9. Evidence verification: Tests pass, coverage >80%, build succeeds
**Time**: 45 minutes
**Output**: Production-ready auth system with 95% test coverage
### Example 3: Production Bug Investigation
```bash
"Debug the memory leak in our data pipeline"
```
**cc10x executes**:
1. **Phase 0**: Functionality Analysis β Understands expected vs observed behavior
2. Detects `debug` intent β DEBUG workflow
3. Loads debugging-patterns skill (consolidates systematic-debugging, log-analysis-patterns, root-cause-analysis)
4. Delegates to bug-investigator subagent
5. LOG FIRST: Gathers logs, metrics, stack traces
6. Root cause: Event listener not cleaned up
7. Targeted fix: Added cleanup in useEffect return
8. Regression test: Added test to prevent future leaks
9. Verification: Memory leak resolved, tests pass
**Time**: 15 minutes
**Output**: Memory leak fixed with prevention strategy
---
## When to Use cc10x
### Use cc10x for:
- **Complex features** (complexity 4-5) that need systematic planning
- **Security-critical code** that requires thorough review
- **Production bugs** that need root cause analysis
- **Large codebases** where quality gates matter
- **Team projects** where consistency is critical
### Not needed for:
- **Trivial changes** (complexity 1-2) - cc10x will recommend direct implementation
- **Quick experiments** - Use Claude Code directly
- **One-off scripts** - Overkill for simple tasks
---
## ποΈ Architecture Overview
```
cc10x Orchestrator
βββ Phase 0: Functionality Analysis (MANDATORY FIRST)
β βββ Understand user/admin/system flows
β βββ Verify functionality works
β βββ Extract acceptance criteria
βββ Context Preset Detection (automatic)
β βββ Detect task type (frontend/backend/app)
β βββ Load appropriate context preset
βββ Intent Detection (explicit keyword mapping)
βββ Complexity Assessment (1-5 scale)
βββ Workflow Selection (review/plan/build/debug/validate)
β
βββ REVIEW Workflow
β βββ Phase 0: Functionality Analysis β
β βββ Load: code-review-patterns, frontend-patterns (parallel)
β βββ Delegate: code-reviewer β integration-verifier (if integration changes detected)
β βββ Output: Findings with severity, file:line citations, remediation steps
β
βββ PLAN Workflow
β βββ Phase 0: Functionality Analysis β
β βββ Load: planning-patterns, architecture-patterns, risk-analysis (parallel)
β βββ Delegate: planner
β βββ Output: Architecture design, risk register, implementation roadmap
β
βββ BUILD Workflow
β βββ Phase 0: Functionality Analysis β
β βββ Load: test-driven-development, code-review-patterns, verification-before-completion (parallel)
β βββ Delegate: component-builder β code-reviewer β integration-verifier (sequential per component)
β βββ Output: Components with tests, verification summary
β
βββ DEBUG Workflow
β βββ Phase 0: Functionality Analysis β
β βββ Load: debugging-patterns, code-review-patterns (parallel)
β βββ Delegate: bug-investigator β code-reviewer β integration-verifier (sequential per bug)
β βββ Output: Root cause, fix, regression test
β
βββ VALIDATE Workflow
βββ Phase 0: Functionality Analysis β
βββ Load: planning-patterns, verification-before-completion (parallel)
βββ Output: Alignment matrix, coverage analysis, documentation freshness
```
---
## π¦ Getting Started Checklist
- [ ] Add marketplace: `/plugin marketplace add romiluz13/cc10x`
- [ ] Install cc10x: `/plugin install cc10x@romiluz13`
- [ ] Restart Claude Code
- [ ] Try REVIEW: `"Review this code for security issues"`
- [ ] Try PLAN: `"Plan a user authentication feature"`
- [ ] Try BUILD: `"Build a user profile component"`
- [ ] Try DEBUG: `"Debug this error: [paste error]"`
- [ ] Try VALIDATE: `"Validate this implementation matches the plan"`
**That's it. You're ready to use cc10x workflows.**
---
## Workflow Comparison
### Without cc10x:
```bash
You: "Review this code"
Claude: *scans code, gives generic feedback*
You: "Check for security issues"
Claude: *maybe finds some, maybe doesn't*
You: "What about performance?"
Claude: *separate conversation, lost context*
You: "Is it accessible?"
Claude: *starts over again*
```
**Result**: Inconsistent reviews, missed issues, wasted time.
### With cc10x:
```bash
You: "Review this code"
cc10x: *triggers REVIEW workflow*
β Loads code-review-patterns and frontend-patterns skills
β Delegates to code-reviewer subagent (consolidated review expertise)
β Synthesizes findings with severity levels
β Provides file:line citations and fixes
```
**Output**: Security audit with findings and fixes.
---
## Getting Started
1. **Start Simple**: Use REVIEW workflow for code audits
2. **Scale Up**: Use PLAN workflow for new features
3. **Go Deep**: Use BUILD workflow for TDD implementation
4. **Master It**: Use DEBUG workflow for systematic investigation
5. **Verify**: Use VALIDATE workflow for consistency checks
---
## Documentation
- **Skills Reference**: See `plugins/cc10x/skills/` for individual skill docs
- **Subagents Reference**: See `plugins/cc10x/subagents/` for subagent specs
- **Workflow Details**: See `plugins/cc10x/skills/cc10x-orchestrator/workflows/`
---
## License
MIT License - Use freely, modify as needed.
---
## Contributing
- β Star the repository
- π Report issues
- π‘ Suggest improvements
- π€ Contribute skills or workflows
---
## Installation
```bash
# Step 1: Add the marketplace
/plugin marketplace add romiluz13/cc10x
# Step 2: Install the plugin
/plugin install cc10x@romiluz13
```
---
_cc10x v4.9.0 | Production Ready | Built for Claude Code_