The seven highest-leverage moves
Ranked by leverage: what unlocks the most agent capability across the most repos for the least ongoing maintenance. The first two are structural — nothing else compounds without them.
Stand up a GTCX plugin marketplace
The distribution backbone. Today every skill, hook, and agent lives only in one machine's ~/.claude — nothing propagates to the 17 repos. A single internal marketplace (a git repo of bundled skills + agents + hooks) turns "institutionalize" from copy-paste into enabledPlugins.
Build the custom subagent fleet
~/.claude/agents/ is empty — 0 defined. You run 33 slash commands through the generic agent. Named subagents (scaffolder, reviewer, test-author, security-auditor, migrator) carry their own system prompt, tool allowlist, and model tier — the unit of reusable, routable autonomy.
Codify the model-routing policy
Your MODEL_CAPABILITY_MAP.md still references Opus 4.6 / Sonnet 4.6. Refresh to the current tier (Opus 4.8 · Sonnet 5 · Haiku 4.5 · Fable 5) and bind roles to tiers in agent frontmatter + workflow phases, with fallbackModel for overload.
Institutionalize the hooks catalog
The deletion-staging hook is live and proven — it is hook #1 of a standard set: format-on-write, test-on-change, session-start orientation, and an append-only agent audit log (the "black box" for provable walk-back).
Add a managed / policy settings tier
Guardrails that must be non-overridable — destructive-git gating, marketplace allowlist, model allowlist, org CLAUDE.md — belong in managed settings, not user files. This is the difference between a convention and a control.
Ship a repo-bootstrap generator
One skill that scaffolds a new repo agent-first: CLAUDE.md, .claude/settings.json, the .mcp.json baseline, the staged-deletion path, and CI hooks — so "clone to productive agent" is under five minutes.
Wire observability & FinOps for agents
OTEL export + the audit-log hook + cost-per-successful-task tracking. Prevents agent sprawl and gives the walk-back trail enterprise trust requires. You are stacking the reliability of every primitive — measure it.
Current state of the estate
What exists today, verified against ~/.claude and this repo. The strengths are real; the gaps are all in distribution and specialization.
| Component | Location | Status | Note |
|---|---|---|---|
| Permission model | ~/.claude/settings.json | Strong | Allow-all Bash + ask-gated destructive git, global. |
| Deletion-staging hook | ~/.claude/hooks/stage-deletions.sh | Strong | PreToolUse, verified firing. Blocks raw deletes → staging. |
| Slash-command library | ~/.claude/commands/ · 33 | Strong | Deep: audit, sprint, design, roadmap, onboarding. |
| Strategy corpus | ~/.claude/*.md | Strong | Primitives, MAS scaling, deployment hurdles already written. |
| Custom subagents | ~/.claude/agents/ | Gap | Empty. No named, routable specialist agents. |
| Plugin marketplace | ~/.claude/plugins/config.json | Gap | Empty {} — no ecosystem distribution path. |
| Model-routing policy | MODEL_CAPABILITY_MAP.md | Partial | Exists but stale (4.6-era); not bound to config. |
| MCP baseline | connected servers | Partial | Rich set connected; not standardized as a per-repo .mcp.json. |
| Managed / policy tier | managed-settings.json | Gap | Guardrails live in user files — overridable, not enforced. |
| Repo scaffolding | — | Gap | No agent-first bootstrap generator. |
The four capability pillars
Each pillar: where GTCX is now → the standard to adopt → which settings layer owns it → how it reaches all 17 repos.
Spin up repos
scaffold agent-first● Current
New repos are hand-configured. CLAUDE.md, settings, MCP, and hooks are copied ad hoc or missing — each repo starts cold for agents.
● Standard
- A
/bootstrap-reposkill that emits CLAUDE.md,.claude/settings.json,.mcp.json, the staged-deletion path, and CI lint/test/build hooks. - Inherit global guardrails automatically; only repo-specific overrides are written locally.
- Bar: clone → productive agent in < 5 min.
● Owns
● Rollout
Ship the generator via the marketplace; run it once per repo. Drift caught by a deploy:check-style CI gate that diffs each repo's .claude/ against the template.
Run commands
autonomy, gated● Current
Strong: global allow-all Bash, ask-gated destructive git, and a firing deletion hook. This pillar is the most mature — the work is to formalize and enforce it.
● Standard
allow: ["Bash"]for autonomy;askfor reversible-risky (push, reset --hard); hook-denyfor irreversible deletes.- Enable the OS sandbox (
sandbox.enabled) with a network allowlist for untrusted execution. - CI parity: same lint + typecheck + test + build gate a PR must pass runs in-agent.
● Owns
● Rollout
Move the destructive-action rules from user settings into managed-settings.json with allowManagedPermissionRulesOnly so they cannot be weakened per-repo.
Deploy subagents
the unit of autonomy● Current
Every task runs through the generic agent. No named specialists, no defined tool-scoping, no orchestration beyond a single thread.
● Standard
- A defined fleet in
~/.claude/agents/: scaffolder, reviewer, test-author, security-auditor, migrator, explorer — each with scoped tools + model. - Workflows for deterministic fan-out:
pipeline()by default,parallel()only at real barriers; adversarial verify stages. isolation: "worktree"when agents mutate files concurrently; background/remote for long jobs.
● Owns
● Rollout
Author agents once, bundle in the marketplace plugin. Supervision hierarchy: a lead thread spawns and merges; conflict detection via worktree isolation.
Route by model
right tier, right task● Current
Routing lives in a stale doc, not in config. No fallbackModel, no per-role tiering, no effort-level policy.
● Standard
- Bind role→tier in agent frontmatter and per
phasein workflows (see tiers below). fallbackModelfor overload;effortLevelscaled to task hardness.availableModels(policy) to bound cost centrally.
● Owns
● Rollout
Refresh MODEL_CAPABILITY_MAP.md to current tiers, then encode it — the map becomes executable config, not advice.
Deep reasoning, system architecture, multi-file refactors, adversarial review, judge panels, hard debugging.
Best price/performance for implementation. Full-stack code, test authoring, most refactors — the fleet workhorse.
Fast + cheap at volume: search fan-out, formatting, lint fixes, structured extraction, hook evaluations.
High-throughput generative surface. Route per the refreshed capability map where speed × volume dominates.
Cross-cutting foundations
The plumbing that sits under all four pillars. These are the primitives that make reliability a property of engineering, not of model intelligence.
| Foundation | What it does for the org | Config surface | Layer |
|---|---|---|---|
| Skills & commands | Reusable, invocable expertise; the "clone-to-productive" bar. | .claude/skills · commands · marketplace | Global + MP |
| MCP baseline | Standard connected tools (GitHub, Figma, Vercel, filesystem, memory) with a safe auto-approve set. | .mcp.json · enableAllProjectMcpServers · allowedMcpServers | Project + Policy |
| Hooks catalog | Event-driven guarantees: staging, format, test-on-change, orientation, audit. | hooks.{PreToolUse,PostToolUse,SessionStart,Stop} | Global |
| Memory & context | Persistent facts + plans; context hygiene across a multi-repo estate. | autoMemory · CLAUDE.md · plansDirectory | Global + Project |
| Governance | Non-overridable org guardrails, attribution, marketplace + model allowlists. | managed-settings.json · strictKnownMarketplaces · claudeMd | Policy |
| Observability | Audit trail + FinOps: provable walk-back and cost-per-successful-task. | OTEL env · audit-log hook | Global + Policy |
Phased adoption roadmap
A real sequence — each phase produces artifacts the next depends on. Phase 0 is structural and unblocks everything; do not parallelize past it.
extraKnownMarketplaces.~/.claude/agents/.fallbackModel..mcp.json — committed, with the safe auto-approve set defined./bootstrap-repo applied to every repo; new repos start compliant..claude/ diffed against the template; violations flagged.Appendix — copy-paste config
Drop-in snippets for the Phase-0 artifacts. Paths assume ~/.claude (global) unless noted. Verify against your Claude Code version's settings schema before committing to policy.
--- name: reviewer description: Adversarial code reviewer. Verifies correctness bugs and reuse/simplification on a diff. Reports, does not edit. tools: Read, Grep, Glob, Bash model: claude-opus-4-8 --- You are a staff engineer reviewing the current diff. Rank findings most-severe first; verify each before reporting. Prefer fewer, high-confidence findings.
{
"model": "claude-opus-4-8",
"fallbackModel": ["claude-sonnet-5", "default"],
"effortLevel": "high"
}
{
"extraKnownMarketplaces": {
"gtcx-agentic": {
"source": {
"source": "github",
"repo": "gtcx/gtcx-agentic",
"path": ".claude-plugin/marketplace.json"
}
}
},
"enabledPlugins": { "agentic-core@gtcx-agentic": true }
}
{
"permissions": {
"ask": ["Bash(git push *)", "Bash(rm -rf *)"],
"disableBypassPermissionsMode": "disable"
},
"allowManagedPermissionRulesOnly": false,
"availableModels": ["opus", "sonnet", "haiku"],
"strictKnownMarketplaces": [
{ "source": "github", "repo": "gtcx/gtcx-agentic" }
]
}
pipeline(files, f => agent(reviewPrompt(f), { phase: 'Review', model: 'claude-sonnet-5' }), r => agent(verifyPrompt(r), { phase: 'Verify', model: 'claude-opus-4-8', effort: 'high' }) )
repo slugs, the plugin manifest, and whether allowManagedPermissionRulesOnly should be true are org decisions to confirm during the Phase-1 pilot.