feat: ecosystem miners — index plugins, agents, hooks, MCP servers

[shahe-dev]

Summary

Adds two new miners that index the Claude Code plugin ecosystem as graph nodes:

• plugin-miner walks ~/.claude/plugins/installed_plugins.json, indexing each installed plugin plus its nested skills/ and agents/ directories. Skills are scored against the project's detected stack (reusing detectStack output) and linked to their parent plugin via provided_by edges. Skills scoring EXTRACTED or INFERRED also get relevant_to edges to matching project files.

• config-miner parses global and project-local settings JSON, indexing configured hooks and MCP servers. No scoring — these are always-on infrastructure, confidence fixed at EXTRACTED 1.0.

One shared utility (src/graph/stack-detect.ts) provides language/framework detection from a GraphNode[] snapshot, so future miners that need project context don't reinvent the detection logic.

Schema discipline

Follows the skills-miner convention — no new NodeKind values. All new nodes use kind: \"concept\" with a metadata.subkind discriminator (plugin, agent, hook, mcp_server).

Two additive EdgeRelation values: provided_by (skill/agent → plugin) and relevant_to (skill/agent → file, gated on non-AMBIGUOUS confidence to keep the graph sparse).

Why

The skills-miner you shipped in v0.2 indexes SKILL.md files but treats each skill as orphan metadata — you can see the skill, not the plugin that provided it, the agents it ships alongside, or the hooks / MCP servers configured in the same tree. With these two miners, queries like "what plugins does this project use" and "what hooks fire in this repo" start returning real answers from the graph.

Backward compatibility

• No schema migration. New EdgeRelation values are additive.
• Both miners are gated behind the existing options.withSkills flag in core.ts, so default engram init behavior is unchanged and empty-project + stress tests stay isolated from the real ~/.claude tree.
• ENGRAM_SKIP_ECOSYSTEM=1 env var provides a second-level escape hatch for CI.

Tests

Full suite: 548/548 pass (520 baseline from v0.5.3 + 28 new).

• tests/graph/stack-detect.test.ts — 6 tests covering language/framework detection and the "non-file non-class nodes are ignored" invariant.
• tests/plugin-miner-scoring.test.ts — 6 tests covering the full EXTRACTED / INFERRED / AMBIGUOUS decision table.
• tests/plugin-miner.test.ts — 7 integration tests against a fixture plugin tree (2 skills, 1 agent), covering silent failure on missing ~/.claude, the env-var escape hatch, provided_by edges, scoring, relevant_to gating, and plugins with no skills/agents dirs.
• tests/config-miner.test.ts — 8 tests covering global + local settings merge, MCP-servers-global-only precedence, malformed JSON handling, and the env-var escape hatch.
• One smoke test appended to tests/core.test.ts confirming both miners are invokable via the pipeline integration.

Verified

• Built and manually verified against a real project: 261 → 731 nodes after enabling. Plugin / agent / skill / hook / mcp nodes appear as expected with correct provided_by edges.
• ENGRAM_SKIP_ECOSYSTEM=1 verified: node count drops by exactly the ecosystem contribution (731 → 488).
• Windows + Node 25 clean (uses toPosixPath from your v0.3.2 fix for all sourceFile writes).

Design docs

Full design rationale and implementation plan are in the PR branch at docs/superpowers/specs/2026-04-14-engram-ecosystem-miners-design.md and docs/superpowers/plans/2026-04-14-engram-ecosystem-miners.md. Happy to strip those from the PR if you'd rather keep the repo's doc tree clean — they're my workflow artifacts, not prescriptive.

Commits

1. feat(schema): add provided_by and relevant_to edge relations
2. feat(graph): add stack-detect utility
3. feat(plugin-miner): relevance scoring with stack awareness
4. feat(plugin-miner): index plugins, skills, and agents
5. feat(config-miner): index hooks and MCP servers
6. feat(core): wire both miners into pipeline, gated on withSkills
7. docs: changelog entry

Each commit has tests + builds green. Happy to split into two PRs (plugin-miner and config-miner) if that's easier to review.

[NickCirv]

Hey @shahe-dev — thanks for this, reading through the plugin-miner + config-miner design it's in the same vein as skills-miner but going the next mile by tying skills/agents back to their plugin via provided_by and scoring them against detected stack via relevant_to. That's the right shape.

Before we dig in for merge, two asks:

1. Please rebase onto current main. The branch forked pre-v2.0.0 (548 baseline tests) and main is now at 673 tests with v2.0.0 Ecosystem + v2.0.1 Windows CI fix + v2.0.2 security hotfix all landed since Apr 14. Several files your diff touches have moved — src/core.ts, src/miners/skills-miner.ts (v0.5.3 Node-25 dirent fix), and src/graph/schema.ts (v2 migrations). I'd rather not do the rebase for you because the semantic choices around ecosystem + skills interaction are subtle (e.g. when your provided_by edge meets skills-miner's existing triggered_by edge) and you'll do a better job than a mechanical 3-way merge.

2. Happy to split into two PRs if that simplifies review. You already offered. Given the surface area (2.7K additions, 7 commits, two new miners, new edge relations, new env-var escape hatch), reviewing plugin-miner first and config-miner second lets us land the primary capability fast and iterate on the config path separately. If you'd rather keep it as one PR, that's fine too — just depends on how split-ready the commit graph already is.

Not blocking the v2.1.0 cycle (currently stacking on top of #9 + #8 + #5 — security hotfix already shipped as 2.0.2). Target merge window for this one is v2.2.

When the rebase is done, CI needs maintainer approval to run (first-time contributor default on Actions) — ping me and I'll approve.

[shahe-dev]

Rebased onto current main (5567d61, v3.0.2). Test count is now 906 passing / 6 pre-existing failures in tests/watcher.test.ts — same 6 failures present on upstream main independent of this branch.

Re your "subtle interaction" question between provided_by and triggered_by: I checked empirically by running the rebased branch against my real ~/.claude tree. The two relations sit on the same skill nodes without conflict — they answer different questions:

• triggered_by: keyword → skill (what summons it)
• provided_by: skill → plugin (who ships it)

Live counts on a real session: 201 provided_by + 85 triggered_by + 66 relevant_to, with 173 skills, 23 plugins, 33 agents, 4 hooks, 2 mcp_servers indexed. No edge collisions; schema migration to v8 runs clean.

Re splitting into two PRs: I'd prefer to keep it as one — commits are already topical (4 plugin-miner, 2 config-miner, 1 wiring, 2 docs) and config-miner is small enough that splitting feels like overhead. Happy to split if you'd rather; just say the word.

CI needs your maintainer approval to run on the new push when you have a moment.

One thing flagged but not blocking: v3.0.0 added valid_until and invalidated_by_commit columns for bi-temporal mistake validity. My miners write metadata.subkind cleanly without touching those new columns, so they're harmless — but if you want my plugin/agent/hook/mcp nodes to support pre-mortem invalidation too, that's a follow-up PR worth scoping.