Claude Code plugin
Ship as a native Claude Code marketplace entry. Slash commands, keyword triggers, and the AWS hosted MCP layer work out of the box.
Extend Claude Code and Kiro with AgenticOps plugins and skills. OMA closes the loop between design, construction, and operations — humans approve at checkpoints, agents execute everything in between.
$ claude --use-plugin oma
Initializing OMA AgenticOps plugin…
✔ Identity context synced with AWS
✔ MCP servers pinned (eks 0.1.28, cloudwatch 0.0.25, …)
✔ Skills: autopilot-deploy, self-improving-loop, cost-governance
Claude > "How can I help you today?"
$ deploy rag-qa-agent:v2.3.1 to staging
Seamless integration
Ship as a native Claude Code marketplace entry. Slash commands, keyword triggers, and the AWS hosted MCP layer work out of the box.
install/kiro.sh symlinks every skill into ~/.kiro/skills/ and wires kiro-agents profiles with pinned MCP server versions.
Tier-0 mode, project memory, and audit logs live in .omao/. Both harnesses read and write the same directory — switch without losing context.
Structured intake, requirements, user stories, and workflow planning. Every artifact is the contract Construction will honor.
Component design, code generation with human-approved gates, risk discovery across 12 categories, and TDD for agentic systems.
Autopilot deploys, continuous eval, incident response, cost governance, and the self-improving loop that feeds learnings back into Construction.
AgenticOps capabilities
autopilot-deploy runs canary 1% → 10% → 50% → 100% with SLO-gated circuit breakers. Each stage waits for continuous-eval before promotion; regression trips auto-rollback.
incident-response classifies SEV1–4, pulls the matching runbook, issues diagnostic MCP queries, and drafts a remediation script for approval. SEV1 pages on-call; it never acts.
cost-governance attributes spend per agent, vetoes deploys that would breach the monthly ceiling, and drafts Opus → Sonnet → Haiku downgrade PRs. budget.yaml runs in a simpleeval sandbox — no Python eval, no RCE vector.
Every skill is reachable as a slash command in Claude Code or a direct skill call in Kiro. The full state lives under .omao/ and is portable between harnesses.
> /plugin marketplace add https://github.com/aws-samples/sample-oh-my-aidlcops> /plugin install agentic-platform agenticops modernization> /oma:platform-bootstrap[1/5] Gather Context … ok[2/5] Pre-flight … ok
Five plugins
EKS + vLLM + Inference Gateway + Langfuse. Skills for bootstrap, GPU planning, routing, observability, and guardrails. MCP servers pinned to exact PyPI versions — no @latest.
self-improving-loop, autopilot-deploy, incident-response, continuous-eval, cost-governance, audit-trail. Humans approve, agents execute.
structured-intake, requirements-analysis, user-stories, workflow-planning. Produces the artifacts Construction consumes as a single source of truth.
component-design, code-generation, test-strategy, risk-discovery, quality-gates. LLM calls are mocked in tests; golden evals gate every merge.
workload-assessment, modernization-strategy (6R), to-be-architecture, containerization, cutover-planning. Uses Kiro-style stage-gated progression.
Secure by default
Every .mcp.json and agent profile references awslabs MCP servers by exact PyPI version. No @latest supply-chain surprises.
The Kiro agent profile does not enable --allow-write or --allow-sensitive-data-access by default; opt in explicitly.
langfuse-observability uses a bucket-scoped customer-managed policy. AmazonS3FullAccess is called out as a Bad Example.
cost-governance evaluates budget.yaml rules with simpleeval. Python eval() on user-editable config is a documented RCE vector.
.omao/state, .omao/plans, .omao/logs, audit-trail output, and project memory are gitignored. Verbatim prompts never leave the machine.
session-start.sh requires jq or python3 and refuses to emit shell-interpolated JSON, preventing state-file injection into context.
Clone the repo, run one install script, and start with a Tier-0 workflow that fits your team.