refactor(vendor): restructure plugins aikido through notion into per-plugin dirs

vendor/aikido-latest/_vendor.json

@@ -0,0 +1,16 @@
+{
+  "name": "aikido",
+  "version": "latest",
+  "source": "https://claude.com/plugins/aikido",
+  "vendored_at": "2026-03-21T12:00:13Z",
+  "license": "See individual files",
+  "skills_imported": ["scan", "setup"],
+  "quality_check": {
+    "passed": true,
+    "checked_at": "2026-03-21"
+  },
+  "content_hashes": {
+    "skills/scan/SKILL.md": "sha256:9c30e88f0bf9626c621635dd5885ba27a0936a2f29e91f83da60cec452abd178",
+    "skills/setup/SKILL.md": "sha256:a5cfdb4b2714d6c9144e5431aef6756fe8adf49daddf6082cab669da171b685d"
+  }
+}

vendor/aikido-latest/skills/scan/SKILL.md

@@ -0,0 +1,21 @@
+---
+name: scan
+description: Runs an Aikido security scan on generated, added, or modified code files to detect SAST vulnerabilities and exposed secrets. Use when the user wants to scan code for security issues, after writing or modifying code, or when they mention Aikido, security scan, or SAST. Always run an Aikido scan after generating code to verify the generated code is free of security issues.
+---
+
+When scanning the code for security vulnerabilities using the Aikido MCP server:
+
+1. Identify all files that were generated, added, or modified in this session (or that the user has mentioned).
+2. For each file, read its full content.
+3. Run **aikido-mcp:aikido_full_scan** with all files and their full content. Stay within the 50-file limit per request — batch into multiple calls if needed.
+4. If any security issues are found:
+   - Explain each issue clearly: title, description, severity, file location, and line numbers.
+   - Apply fixes guided by the remediation provided by Aikido.
+   - After applying all fixes, run **aikido-mcp:aikido_full_scan** again to verify that the issues were resolved and no new issues were introduced.
+   - **Stopping the loop:** If you can explain why the applied fix is safe (e.g. the fix correctly addresses the finding and the remaining scan output is a false positive or acceptable), you may stop and report to the user. Otherwise, repeat the fix-and-rescan cycle up to 3 attempts; if issues remain after that, report them to the user instead of continuing.
+5. Report the final scan result to the user — confirm all clear or list any unresolved issues with explanation.
+
+If the Aikido MCP server is not available or fails to start, inform the user:
+
+> The Aikido MCP server is required for security scanning but is not available.
+> Install it following the setup guide at [reference.md](reference.md).

vendor/aikido-latest/skills/scan/reference.md

@@ -0,0 +1,10 @@
+# Aikido MCP Setup
+
+To install and configure the Aikido MCP, use the **setup skill** (`aikido:setup`). It configures your API key and verifies the MCP server. You can pass your API key as an argument for automatic configuration:
+
+- **With API key:** `/aikido:setup <your-api-key>`
+- **Without API key:** `/aikido:setup` (you’ll be guided to get your key from https://app.aikido.dev → Settings → Integrations → IDE Plugins)
+
+After setting the key, restart Claude Code so the MCP server picks it up.
+
+For manual steps, see: https://help.aikido.dev/mcp/anthropic-claude-code-mcp

vendor/aikido-latest/skills/setup/SKILL.md

@@ -0,0 +1,39 @@
+---
+name: setup
+description: Configures the Aikido plugin by setting up the API key and verifying the MCP server. Accepts an optional API key argument to configure automatically. Use when the user wants to set up or verify the Aikido plugin, after installing it, or when aikido_full_scan fails or is unavailable.
+arguments:
+  - name: aikido-api-key
+    description: Your Aikido API key from https://app.aikido.dev → Settings → Integrations → IDE Plugins. When provided, the key is configured automatically in Claude Code's MCP settings.
+    required: false
+---
+
+When helping the user configure the Aikido security plugin:
+
+## If the user provided an API key as an argument:
+
+1. Read `~/.claude/settings.json` (create it as `{}` if it doesn't exist).
+2. Merge `AIKIDO_API_KEY` into the `env` object, preserving all other existing settings. The result should look like:
+   ```json
+   {
+     "env": {
+       "AIKIDO_API_KEY": "<key>"
+     }
+   }
+   ```
+3. Write the updated JSON back to `~/.claude/settings.json`.
+4. Confirm to the user that the API key has been saved to their Claude Code user settings and will apply to all projects.
+5. Inform the user that they need to restart Claude Code for the MCP server to pick up the new key.
+6. Offer to verify the setup after restart by running **aikido-mcp:aikido_full_scan** with a test payload.
+
+## If no API key was provided:
+
+1. Check whether the Aikido MCP server is currently available by calling **aikido-mcp:aikido_full_scan** with a minimal test payload: one file with path `test.js` and content `// test`.
+2. If it responds successfully, confirm to the user that the Aikido plugin is already configured and ready to use.
+3. If it fails or is unavailable, guide the user through the setup:
+   a. Tell the user to get their API key from **https://app.aikido.dev** → Settings → Integrations → IDE Plugins.
+   b. Suggest running the skill with the key directly:
+      ```
+      /aikido:setup <my-key>
+      ```
+   c. Remind the user to restart Claude Code after setting the key so the MCP server picks it up.
+   d. Offer to verify the setup after they have set the key by running the test scan again.

vendor/atlassian-latest/_vendor.json

@@ -0,0 +1,19 @@
+{
+  "name": "atlassian",
+  "version": "latest",
+  "source": "https://claude.com/plugins/atlassian",
+  "vendored_at": "2026-03-21T12:00:13Z",
+  "license": "See individual files",
+  "skills_imported": ["capture-tasks-from-meeting-notes", "generate-status-report", "search-company-knowledge", "spec-to-backlog", "triage-issue"],
+  "quality_check": {
+    "passed": true,
+    "checked_at": "2026-03-21"
+  },
+  "content_hashes": {
+    "skills/capture-tasks-from-meeting-notes/SKILL.md": "sha256:44940f580f884976f74dd416b2267a7c8dad9718526158596d51fa8781079707",
+    "skills/generate-status-report/SKILL.md": "sha256:d5548b058a8454a1545003091e4acbea6b2fb0f3ac222b08550e6daa9aafe443",
+    "skills/search-company-knowledge/SKILL.md": "sha256:580f5c5f5b66968a394e56b5f92a99cb28a88396f1af6618991ca746cefc591d",
+    "skills/spec-to-backlog/SKILL.md": "sha256:082876467b45a40e86cc617dbcd1eecf9044c3ff63367cfb62b6dccb51cf440d",
+    "skills/triage-issue/SKILL.md": "sha256:4ce1808138ea8871e5a113e4f7b7ae28dc8e78a36df4cb7c87f9666c20620e0c"
+  }
+}