feat(rtk): add RTK plugin with PreToolUse hook for token optimization

[amondnet]

Summary

Add RTK (Rust Token Killer) as a marketplace plugin that reduces LLM token consumption by 60-90% by intercepting Bash tool calls and rewriting commands through rtk rewrite.

Changes

• plugins/rtk/.claude-plugin/plugin.json — plugin metadata
• plugins/rtk/hooks/hooks.json — PreToolUse hook matching Bash tool
• plugins/rtk/hooks/rtk-rewrite.sh — thin delegator to rtk rewrite; falls back to bunx @pleaseai/rtk when native binary is not installed
• plugins/rtk/skills/rtk-optimization/SKILL.md — skill for RTK meta-commands (rtk gain, rtk discover, rtk proxy)
• plugins/rtk/README.md — plugin documentation
• .claude-plugin/marketplace.json — registered rtk in the tooling category

Behavior

• Native rtk installed: uses rtk rewrite directly (requires >= 0.23.0)
• rtk not installed: falls back to bunx @pleaseai/rtk rewrite
• Neither available: silently passes through — safe to install without RTK
• jq not available: silently passes through

Test Plan

• Verify directory structure: ls plugins/rtk/
• Verify script syntax: bash -n plugins/rtk/hooks/rtk-rewrite.sh
• Verify executable: test -x plugins/rtk/hooks/rtk-rewrite.sh
• Verify marketplace entry: jq '.plugins[] | select(.name == "rtk")' .claude-plugin/marketplace.json
• Install plugin and confirm hook fires on Bash tool calls

---

Summary by cubic

Adds an rtk plugin that rewrites Bash tool commands via rtk rewrite to compress output and cut token usage by 60–90%. Includes safe fallbacks, docs, marketplace registration, a spec-compliant hook output, and safeguards for compound commands.

• New Features

  • PreToolUse hook routes Bash through rtk rewrite (uses native rtk >= 0.23.0) and returns hookSpecificOutput so hooks are recognized.
  • Safe fallbacks: bunx @pleaseai/rtk when needed; pass-through if rtk/jq missing or no rewrite applies.
  • Transparent proxy with guardrails: emits permissionDecision: "allow" with a reason; checks .claude Bash(...) deny rules across project and global using CLAUDE_PROJECT_DIR, and defers to normal permission flow if matched.

• Bug Fixes

  • Passthrough for compound commands (;, &&, ||, |, &, newlines, $(), backticks) to avoid auto-approving hidden denied subcommands.
  • Removed unsupported repository field from plugin.json.

^{Written for commit 7936381. Summary will update on new commits.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
claude-code-plugins	Ready	Preview, Comment	Mar 9, 2026 2:15am

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates the Rust Token Killer (RTK) as a new marketplace plugin, significantly enhancing the platform's ability to optimize LLM token usage. By transparently rewriting Bash command outputs, it aims to reduce token consumption without altering the information content, thereby improving efficiency and potentially reducing operational costs for users interacting with shell commands.

Highlights

• New RTK Plugin: Introduced the RTK (Rust Token Killer) plugin to reduce LLM token consumption by 60-90% by optimizing Bash command outputs.
• PreToolUse Hook Integration: Implemented a PreToolUse hook that intercepts Bash tool calls and rewrites commands via rtk rewrite for token efficiency.
• Flexible RTK Execution: The rtk-rewrite.sh script prioritizes a native rtk binary (version >= 0.23.0) and falls back to bunx @pleaseai/rtk if the native binary is not found or is outdated.
• New Skill Definition: Added a new skill (rtk-optimization) to provide guidance on RTK meta-commands like rtk gain, rtk discover, and rtk proxy.
• Marketplace Integration: Registered the rtk plugin in the .claude-plugin/marketplace.json under the tooling category.

Changelog

• .claude-plugin/marketplace.json
  • Added a new entry for the 'rtk' plugin, including its name, description, category, keywords, tags, and source path.
• plugins/rtk/.claude-plugin/plugin.json
  • Created the plugin metadata file for RTK, specifying its name, version, description, author, homepage, repository, license, and keywords.
• plugins/rtk/README.md
  • Added comprehensive documentation for the RTK plugin, detailing its purpose, how it works, prerequisites (RTK >= 0.23.0, jq), installation steps, verification, manual usage, and notes on its safe operation.
• plugins/rtk/hooks/hooks.json
  • Created a new hook configuration file, defining a PreToolUse hook that matches the Bash tool and executes the rtk-rewrite.sh script with a 5-second timeout.
• plugins/rtk/hooks/rtk-rewrite.sh
  • Implemented a Bash script that acts as the PreToolUse hook. It detects if jq is available, determines the appropriate rtk command (native binary or bunx fallback), extracts the command from the tool input, delegates rewriting to rtk rewrite, and outputs the rewritten command if changes occurred, otherwise passes through silently.
• plugins/rtk/skills/rtk-optimization/SKILL.md
  • Created a new skill definition file for 'RTK Token Optimization'. It describes RTK's function, lists key meta-commands (rtk gain, rtk discover, rtk proxy), provides installation and initialization instructions, explains how the plugin works, outlines requirements, and includes token savings examples.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new rtk plugin to optimize token usage for shell commands. However, the PreToolUse hook implementation contains a security risk as it automatically allows rewritten commands without user intervention, potentially leading to unauthorized command execution. It is recommended to remove this automatic permission grant to ensure users can review and approve modified commands. Additionally, there are suggestions to improve code clarity in the hook script and align the plugin metadata with repository conventions.

[cubic-dev-ai]

2 issues found across 6 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="plugins/rtk/hooks/rtk-rewrite.sh">

<violation number="1" location="plugins/rtk/hooks/rtk-rewrite.sh:22">
P2: `sort -V` in the version guard is not portable to macOS/BSD `sort`, so native RTK detection can fail on supported systems.</violation>

<violation number="2" location="plugins/rtk/hooks/rtk-rewrite.sh:51">
P1: Returning `permissionDecision: "allow"` automatically grants execution permission for rewritten commands, bypassing Claude's built-in user approval prompt for shell commands. This is a security risk: if an attacker can influence the command being run (e.g., via prompt injection), the rewritten command executes without any user review. Remove `permissionDecision` and return only the `updatedInput` so Claude's normal permission flow still applies.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

2 issues found across 6 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="plugins/rtk/.claude-plugin/plugin.json">

<violation number="1" location="plugins/rtk/.claude-plugin/plugin.json:10">
P2: Remove the unsupported `repository` field from the plugin manifest.

(Based on your team's feedback about not referencing a `repository` field in plugin.json.) [FEEDBACK_USED]</violation>
</file>

<file name="plugins/rtk/hooks/rtk-rewrite.sh">

<violation number="1" location="plugins/rtk/hooks/rtk-rewrite.sh:41">
P2: Handle jq parse failures and pass through instead of exiting under `set -euo pipefail` when the hook input isn’t valid JSON.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

1 issue found across 1 file (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="plugins/rtk/hooks/rtk-rewrite.sh">

<violation number="1" location="plugins/rtk/hooks/rtk-rewrite.sh:94">
P0: Security bypass: denied commands embedded after command separators (`;`, `&&`, `||`, `|`), newlines, or inside command substitution (`$(…)`, backticks) evade the prefix-only deny check and get auto-approved. Before reaching the `_matches_deny` call, the script should detect these compound-command patterns and `passthrough` so the normal permission system handles them.

For example, `echo ok; sudo rm -rf /` passes the deny check because the command starts with `echo`, not `sudo`.

(Based on your team's feedback about checking for command separators before auto-allowing and running deny checks before chaining/substitution.) [FEEDBACK_USED]</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

1 issue found across 2 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="plugins/rtk/hooks/rtk-rewrite.sh">

<violation number="1" location="plugins/rtk/hooks/rtk-rewrite.sh:76">
P1: The compound-command safety check misses the `&` separator, leaving a chaining path unguarded before auto-allow.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}