feat(terminal): add TUI app and Claude Code plugin

.claude-plugin/marketplace.json

@@ -0,0 +1,29 @@
+{
+  "name": "clawdstrike",
+  "owner": {
+    "name": "Backbay Labs",
+    "email": "hello@backbay.io"
+  },
+  "metadata": {
+    "description": "ClawdStrike security plugins for Claude Code — runtime policy enforcement, threat hunting, and audit tools.",
+    "version": "0.1.0"
+  },
+  "plugins": [
+    {
+      "name": "clawdstrike",
+      "source": "./clawdstrike-plugin",
+      "description": "Runtime security enforcement for AI coding agents — policy hooks, audit receipts, threat hunting, and 15 MCP security tools.",
+      "version": "0.1.0",
+      "author": {
+        "name": "Backbay Labs",
+        "email": "hello@backbay.io"
+      },
+      "homepage": "https://github.com/backbay-labs/clawdstrike",
+      "repository": "https://github.com/backbay-labs/clawdstrike",
+      "license": "Apache-2.0",
+      "keywords": ["security", "policy", "audit", "edr", "agent-security", "mcp", "threat-hunting"],
+      "category": "security",
+      "tags": ["security", "policy-enforcement", "audit-trail", "threat-hunting", "mcp-tools"]
+    }
+  ]
+}

README.md

@@ -205,6 +205,24 @@ openclaw plugins enable clawdstrike-security
 
 [Configure the plugin](docs/src/guides/openclaw-integration.md#configuration) in your project's `openclaw.json`.
 
+### Claude Code Plugin
+
+Clawdstrike ships as a native [Claude Code](https://docs.anthropic.com/en/docs/claude-code) plugin. Every tool call Claude makes is checked against your security policy before execution, with a full audit trail of signed receipts.
+
+```shell
+# From inside Claude Code:
+/plugin marketplace add backbay-labs/clawdstrike
+/plugin install clawdstrike@clawdstrike
+```
+
+Or from a local clone:
+
+```bash
+claude --plugin-dir ./clawdstrike-plugin
+```
+
+The plugin adds 6 hooks (pre-tool, post-tool, session lifecycle, prompt injection screening), 15 MCP tools, 3 auto-triggering skills, 6 slash commands, and a specialist security reviewer agent. See [`clawdstrike-plugin/README.md`](clawdstrike-plugin/README.md) for the full reference.
+
 ### Additional SDKs & Bindings
 
 Framework adapters: [OpenAI](packages/adapters/clawdstrike-openai/README.md) · [Claude](packages/adapters/clawdstrike-claude/README.md) · [Vercel AI](docs/src/guides/vercel-ai-integration.md) · [LangChain](docs/src/guides/langchain-integration.md)

apps/README.md

@@ -7,6 +7,7 @@ Current apps:
 1. `apps/desktop/` - Tauri desktop app.
 2. `apps/agent/` - Tauri agent app.
 3. `apps/cloud-dashboard/` - web dashboard app.
+4. `apps/terminal/` - ClawdStrike TUI (security-aware AI agent orchestration)
 
 Ownership and maturity:
 

apps/terminal/.gitignore

@@ -0,0 +1,175 @@
+# Based on https://raw.githubusercontent.com/github/gitignore/main/Node.gitignore
+
+# Logs
+
+logs
+_.log
+npm-debug.log_
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Caches
+
+.cache
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+
+report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
+
+# Runtime data
+
+pids
+_.pid
+_.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+
+lib-cov
+
+# Coverage directory used by tools like istanbul
+
+coverage
+*.lcov
+
+# nyc test coverage
+
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+
+bower_components
+
+# node-waf configuration
+
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+
+build/Release
+
+# Dependency directories
+
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+
+web_modules/
+
+# TypeScript cache
+
+*.tsbuildinfo
+
+# Optional npm cache directory
+
+.npm
+
+# Optional eslint cache
+
+.eslintcache
+
+# Optional stylelint cache
+
+.stylelintcache
+
+# Microbundle cache
+
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+
+.node_repl_history
+
+# Output of 'npm pack'
+
+*.tgz
+
+# Yarn Integrity file
+
+.yarn-integrity
+
+# dotenv environment variable files
+
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+
+.parcel-cache
+
+# Next.js build output
+
+.next
+out
+
+# Nuxt.js build / generate output
+
+.nuxt
+dist
+
+# Gatsby files
+
+# Comment in the public line in if your project uses Gatsby and not Next.js
+
+# https://nextjs.org/blog/next-9-1#public-directory-support
+
+# public
+
+# vuepress build output
+
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+
+.temp
+
+# Docusaurus cache and generated files
+
+.docusaurus
+
+# Serverless directories
+
+.serverless/
+
+# FuseBox cache
+
+.fusebox/
+
+# DynamoDB Local files
+
+.dynamodb/
+
+# TernJS port file
+
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+
+.vscode-test
+
+# yarn v2
+
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+# IntelliJ based IDEs
+.idea
+
+# Finder (MacOS) folder config
+.DS_Store