Point Claude at any repo — Lazarus makes it run, tells you what to fix, and makes the page worth showing.
Nothing changes until you approve a plan. A guard blocks rm -rf / before it ever runs.
Install · Watch it work · The journeys · The guard · GitAlive · FAQ
Run these in any claude session — one at a time:
/plugin marketplace add https://github.com/CognitiveCodeAI/lazarus
/plugin install lazarus@cognitivecode
/reload-plugins
No config, no API keys, no signup — installed globally, active in every repo you open.
Important
Don't skip /reload-plugins — skills and the guard only go live after it (or a restart). And use the full https://… URL: the short form clones over SSH and fails without SSH keys.
Then open any repo and just say "make this run locally."
Six skills, but you only ever choose a goal. Every journey is plan → you approve → execute:
| You want… | Just say… | The journey | You get |
|---|---|---|---|
| 🔧 It running | "make this run locally" · "why won't this start?" | discover → 🧑 → repair |
A ratified plan, the blockers fixed, a CLAUDE.md of verified commands |
| 🧭 It assessed — then fixed | "audit this repo" · "refactor or rewrite?" | audit → 🧑 → audit-repair |
A 12-section principal-engineer report; its Top 10 executed one finding at a time |
| ⚡ It alive to visitors | "polish my README" · "ready to go public?" | gitalive → 🧑 → gitalive-repair |
A standards-cited repo-page audit; the fixes, behind your gate |
Start anywhere — the skills route you. repair with no plan offers to run discover; every apply phase refuses to run without its ratified report. Each report is also a complete deliverable on its own. Commands are /lazarus:<skill>, but plain English triggers the same thing.
A PreToolUse hook inspects every shell command before it runs and refuses the dangerous ones — rm -rf /, force-push, DROP TABLE, terraform destroy, and ~25 more. It is not a politely-worded instruction the model can talk itself out of: it runs outside the model, fails closed, and composes with hooks you already have.
🧟♂️ IT'S ALIVE — now make the repo page prove it. Your README is the first thing anyone checks to decide whether a project is worth their time. gitalive audits everything a visitor sees before the source — README, LICENSE, CONTRIBUTING, security policy, templates, accessibility — against cited standards, never taste. gitalive-repair fixes what you ratify, asking for facts only you own (which license? what security contact?) and running zero shell commands.
The transformation is real — GitAlive's first run on this very repo caught a CI pipeline wearing no badge, a project name living only inside a PNG, and contributor docs one plugin behind, all fixed behind the ratify gate. Deliberate choices stay quiet: waive an item once and re-runs never nag you about it.
lazarus/ ← the marketplace
├── plugins/lazarus 🧟 core — the six skills, the repo-explorer subagent, the guard
├── plugins/lazarus-github 📋 optional — files an audit's Top 10 as GitHub Issues
└── plugins/lazarus-forge 🛠️ optional — pre-build design review for new skills/plugins
Outward-facing integrations ship as opt-in siblings, never in core — the three-command install stays zero-config, and a gh/API failure can only reach someone who asked for it. The companion is one command: /plugin install lazarus-github@cognitivecode, then /lazarus-github:issues turns CODEBASE_AUDIT.md §11 into ratified, deduplicated GitHub Issues — re-runs never file twice.
🧠 Deep dive: how it stays honest (the anti-hallucination design)
Long-running agents have a documented failure mode: they quietly turn guesses into established facts over many turns, then act on them. Lazarus is engineered against that.
- Confidence tags on every claim. Everything written to
DISCOVERY.mdis tagged[VERIFIED](observed in a real command),[INFERRED](one strong signal), or[ASSUMED](a guess). A claim cannot be promoted to[VERIFIED]without actually executing and observing it. Only[VERIFIED]facts are ever allowed into aCLAUDE.md. - A mechanical Definition of Done. Discovery doesn't end with a vibe ("looks done"). It ends with runnable assertions —
installexits 0, the start command stays up 30s, one real end-to-end smoke check passes. - Forensic file separation. What we believed before (
DISCOVERY.md) and what we observed during (VERIFICATION_REPORT.md) are separate files, never edited in place — so you can always see what was assumed vs. proven. - Plan Mode is the enforcement, not a request. The read-only skills run read-only at the tool level — a structural guarantee, not "please don't edit anything."
🔬 Deep dive: how the guard actually works
One bash script (scripts/check-destructive.sh), wired via hooks/hooks.json:
- Reads tool input as JSON on stdin and extracts
.tool_input.commandprecisely — never coarse text-matching, so a scary word in a file path never causes a false block. (Hooks that read a$CLAUDE_TOOL_INPUT_commandenv var silently pass everything — that variable doesn't exist. This one was built against the real contract.) - Four parsers, fail-closed.
jq→python3→python→perl(coreJSON::PP, stock on macOS/Linux). If none exist, it blocks every bash command rather than letting them through. exit 2= deny. Claude sees the stderr and adjusts instead of retrying blindly.
Customizing the blocklist is one regex in one file — fork, extend for your environment, and every install picks it up.
📚 Deep dive: the research it's built on
- Verified/inferred/assumed split — agents convert assumptions into facts over long runs (arXiv 2602.16666).
- Test-pass, not just build-pass — fix-related agent PRs fail most often at tests, not builds (arXiv 2602.00164).
- Definition-of-Done as evolving constraints — repo repair is "search over evolving behavioral constraints" (arXiv 2604.04580).
- Bias against rewrite — un-merged agent PRs tend to be the large, sprawling ones (arXiv 2601.15195).
- README content research — what visitors look for, and what's most often missing (Prana et al., EMSE 2019) — grounds the GitAlive rubric, alongside GitHub's community profile, CommonMark, and WCAG.
- Cheap read-only exploration on Haiku — mapping a huge repo on a small model captures the structure at a fraction of the cost.
I installed it but the commands (or the guard) do nothing. Why?
You almost certainly skipped
/reload-plugins. Run it once (or restart claude) and all six /lazarus:* commands appear.
Will it actually change my code without asking?
The audit skills (
discover, audit, gitalive) are read-only. The apply skills (repair, audit-repair, gitalive-repair) change files — but only after you ratify a plan, with the guard active throughout (and gitalive-repair can't run commands at all). You own the one decision that matters: what "done" means.
Do I need jq installed?
No. The guard uses whichever of
jq/python3/python/perl is present (stock macOS/Linux always has one), and blocks rather than allows if none are.
Does it work on Windows?
Use WSL. The guard is a bash hook; in a bare
cmd/PowerShell session it can't execute, which means no protection.
How do updates work?
/plugin update lazarus@cognitivecode (and the same for any companions), then /reload-plugins. The plugin is git-SHA-versioned — updates always pull the latest main; tags like v0.8.0 are just changelog markers. Check yours with /plugin list.
Can I customize the blocked-command list?
Yes — one regex in
scripts/check-destructive.sh. Fork and point your team at your fork's marketplace.
If Lazarus saved you an afternoon, drop a star — it's how the next person staring at a dead repo finds this, and it's how I decide what to build next.
✅ Just shipped: GitAlive ⚡ — the repo-page journey, renamed and spotlighted (see the before/after above — it's this very repo). Got an idea or a repo Lazarus choked on? Open an issue or start a discussion — I read every one.