Skip to content
Open source · Apache-2.0 · Claude Code, Cursor, Codex

Autonomous development,inside the lines.

Maverick is a Claude Code plugin and CLI that takes AI from a GitHub issue to a merged pull request — with quality, security, and scope boundaries enforced mechanically, not hoped for.

$claude plugin install maverick@thermite
Issue → merged PR
one command
Guardrails
at the tool call
State of truth
GitHub, not disk
maverick — do-issue-solo

The gap

LLMs write code fast. They don’t come with judgment.

Attended, a developer catches these in real time. Unattended — the whole point of agentic development — nobody does, and every gap becomes a production risk. Maverick supplies the judgment as enforceable rules.

✕ missing

No operational instinct

Models don’t add structured logging, alerting, or monitoring unless told. Production becomes undiagnosable.

✕ missing

No security reasoning

They reproduce vulnerable patterns from training data — injection, secrets exposure, weak auth — without noticing.

✕ missing

No test discipline

Code that looks right ships with the bugs you can’t see. Without tests, there’s no safety net when no one is watching.

✕ missing

No workflow discipline

Commits to main, skipped CI, untraceable changes, and one giant diff where a decomposed plan belonged.

How it works

One command runs the whole delivery pipeline.

/maverick:do-issue-solo 128 drives every phase below. Each step is a real, resumable checkpoint written to GitHub — kill the machine mid-run and another instance picks up exactly where it left off.

  1. 01

    Claim

    Atomic claim + lease on the issue. Multi-instance safe.

  2. 02

    Understand & design

    A structured solution design, posted to the issue.

  3. 03

    Decompose

    Broken into ordered tasks — or sub-issues for an epic.

  4. 04

    Implement

    Task by task: verify, commit, push. Durable at each step.

  5. 05

    Docs gate

    Stale docs updated, new components documented. Always runs.

  6. 06

    Security gate

    Diff + impact set reviewed. Blocking findings halt the run.

  7. 07

    Review

    A read-only reviewer returns a binary PASS / FAIL verdict.

  8. 08

    Merge

    Auth-scan, App-approved, auto-merged. Claim released.

Invariants:GitHub is the source of truth·push after every task·review is binary, absent verdict ⇒ FAIL·crash-safe & resumable

The difference

Guardrails the model can’t forget.

Most AI safety is a prompt — advice the model may ignore under pressure. Maverick’s hard limits are a hook that runs outside the model’s reasoning, denying dangerous actions deterministically. Defence in depth, with a real floor.

  1. Scope-guard hook

    mechanical

    Blocks the action at the tool-call boundary — before any layer above sees it.

  2. Best-practice skills

    guidance

    Project-specific standards loaded into the model’s context as it works.

  3. Local verification

    pre-push

    Lint, typecheck, and tests must pass before anything is pushed.

  4. CI pipeline

    remote

    The project’s own checks, waited on with bounded timeouts.

  5. Agent review

    binary gate

    A read-only reviewer returns a parsed PASS / FAIL verdict.

  6. Human review

    final

    Anything ejected lands with a person, with the full trail attached.

PreToolUse hook

Four hard limits, four ways to hold

  • Destructive git — force-push, hard reset, branch deletion
  • Commits & pushes on protected branches
  • Infrastructure edits — CI configs, Dockerfiles, IaC
  • Production systems & credential patterns
interactive → asks you
autonomous → denied outright
production → denied in every mode

Autonomous work can only cross a boundary against a verified authorization on the issue itself — an agent can never self-grant. Backed by a second layer of permission rules, so it holds even if hooks are off.

What’s inside

A toolkit, not a wrapper.

Skills, agents, hooks, and a CLI that carries the deterministic parts of the workflow. Everything below ships in 4.0.0.

Mechanical scope enforcement

Destructive git, protected branches, infra edits, and production patterns are gated at the tool call — ask when a human is present, deny when they’re not.

Binary review gate

A read-only reviewer, pinned to a strong model, returns a machine-parsed PASS / FAIL. A missing or ambiguous verdict fails safe. No silent low-quality merges.

One durable state surface

Phase, branch, and artefacts live in a GitHub marker — not a local file. Any instance recovers full state by reading the issue.

Multi-instance coordination

Claims, leases, and heartbeats let many agents work an epic in parallel without collision. A dead machine’s claim expires and another takes over.

Project-specific skills

Maverick scans your codebase and generates skills that describe how your project actually does logging, testing, CI — so guidance fits your stack.

Deterministic core

The hot loop — coordination, resume, checklists, block propagation, waits — is CLI verbs with real exit codes, not prose the model re-derives each run.

Runs where you need it

Local, or a drop-in GitHub Action: label an issue and Maverick completes it on a hosted runner. A decision matrix covers hosted vs self-hosted compute.

Auditable by construction

Every design, task, gate outcome, and verdict is posted to the issue and PR. A timed workflow report is generated for every run.

Who it’s for

The same guarantees, from three angles.

Move fast — without wrecking the repo when you look away.

One command, done

Describe the work in a GitHub issue and run one skill. It designs, builds, tests, reviews, and opens the PR.

Catches what you don’t know to check

Missing tests, leaked secrets, a force-push about to nuke history — the guardrails stop it, so you don’t have to be the expert on everything.

It asks before the scary stuff

In an interactive session, boundary-crossing actions pause for your yes. You stay in control without babysitting every step.

Real code, real branch, real PR

No hidden magic — you get a normal pull request you can read, tweak, and merge.

41
skills
workflows + best practices
5
specialist agents
analyst, planner, reviewer…
8
pipeline phases
claim → merge
0
silent merges
every gate is auditable

The full issue-to-merge pipeline is validated end-to-end against a live repository, including crash recovery via stale-claim takeover.

Get started

Two ways in. Both take minutes.

Use it locally in Claude Code, or wire up the GitHub Action and let a label do the work. No cloud infrastructure required either way.

LocalClaude Code plugin + CLI
$claude plugin marketplace add thermiteau/maverick
$claude plugin install maverick@thermite

Then, inside Claude Code:

/maverick:do-init# set up an existing repo
/maverick:do-issue-solo 42# work an issue end-to-end
/maverick:do-issue-guided 42# same, with checkpoints
HostedGitHub Action on-ramp
  1. 1

    Install the Claude GitHub App — and add your ANTHROPIC_API_KEY secret.

  2. 2

    Copy the workflow — templates/github/claude-maverick.yml into .github/workflows/.

  3. 3

    Label an issue claude-do — Maverick works it on a hosted runner — design to merged PR.

@claude mentions also work — ask for a fix or review right in a PR thread.