Claude Code Plugin

Context is everything. Share it.

Turn your AI sessions into
rich, collaborative design docs

Stop sharing walls of text. Run /planpush and get a visual breakdown — diagrams, tables, flows — your team can actually read, comment on, and stay in sync. Self-hosted and open source.

See how it works Get Started
AI Planning Session
/planpush
your-server.example/p/a3f8c1
J
S
M

Auth Service Redesign

Pushed by jordan · 4 min ago · v3 · 13 comments
3

Authentication Flow

Client App
CDN / WAF
API Gateway
Auth Service
Token Store
JWT (15m)
Refresh (30d)
Validate
Audit Log
2

Affected Services

auth-service Major
acme/auth-service
New OAuth + device flow, JWT issuer, token rotation
api-gateway Moderate
acme/api-gateway
JWT validation middleware, rate limiter config
web-client Moderate
acme/web-client
Login UI, token refresh interceptor, session mgmt page
mobile-app Minor
acme/mobile-ios
Update token refresh logic, add device ID header
admin-dashboard New
acme/admin-dashboard
Audit log viewer, session management, OAuth client admin
notification-svc Minor
acme/notifications
New login alert emails, suspicious activity webhooks
1

Key Decisions

Accepted JWT + refresh token pair instead of opaque session tokens
Accepted GitHub OAuth for identity — no password storage
Accepted Dual-write migration — old + new auth in parallel during rollout
Open Redis vs PostgreSQL for token store — perf testing needed
Open Audit log retention — 90 days vs 1 year (compliance TBD)
2

Session Model

FieldTypeNotes
iduuidPrimary key
user_iduuidFK → users
token_hashvarchar(64)SHA-256 of refresh token
expires_attimestamptz30-day sliding window (UTC)
device_idvarchar(128)New — multi-device tracking
ip_addressinetNew — last known IP
user_agenttextNew — device fingerprint

OAuth Client Model

FieldTypeNotes
iduuidPrimary key
client_idvarchar(64)Public identifier
client_secret_hashvarchar(64)bcrypt hash
redirect_urisjsonbAllowed callback URLs
scopestext[]Permitted scope list
rate_limitintCustom req/min (default 60)
1

Audit Log Model

FieldTypeNotes
idbigserialAuto-increment PK
event_typevarchar(32)login | logout | token_refresh | revoke
actor_iduuidFK → users (nullable for system)
ip_addressinetRequest origin
metadatajsonbEvent-specific payload
created_attimestamptzImmutable, partitioned by month

Schema Migrations

1
Add columns to sessions device_id, ip_address, user_agent — all nullable initially
2
Create oauth_clients table New table, no data migration needed
3
Create audit_logs table Partitioned by month, 90-day retention policy
4
Backfill device_id from user_agent parsing Batch job — ~2M rows, estimated 15 min

Auth Service

GET /auth/callback GitHub OAuth callback
GET /api/auth/device Start device flow (CLI)
POST /api/auth/token Exchange refresh for access token
GET /api/auth/me Current user + active sessions
DELETE /api/auth/sessions Revoke all sessions (new)
DELETE /api/auth/sessions/:id Revoke single device (new)
1

API Gateway Breaking

MW validateJwt() Replaces session cookie check (breaking)
MW rateLimit() Per-client rate limiting via oauth_clients.rate_limit (new)
POST /api/webhooks/auth Receives auth events for downstream propagation (new)

Admin API

GET /admin/audit-log Query audit events (filterable) (new)
POST /admin/oauth-clients Register new OAuth client (new)
DELETE /admin/users/:id/sessions Force-logout a user (admin-only) (new)

Login Screen

1

Session Manager UI

Active Sessions
Chrome · macOS San Francisco, CA · Current session
Active
Firefox · Ubuntu New York, NY · 2 hours ago
Claude Code CLI Portland, OR · 5 hours ago

Audit Log Viewer

Recent Events Filter: All
sarah · Chrome · 192.168.1.42 2m ago
token_refresh mike · Firefox · 10.0.0.15 5m ago
revoke jordan · CLI device · 172.16.0.8 12m ago

Migration Phases

Phase 1 — Schema & Infra Done
Deploy new tables, add columns, create audit_logs. No user-facing changes. All services read old auth.
Phase 2 — Dual-Write Current
Auth service writes both old session cookies AND new JWT tokens. Gateway accepts both. Mobile gets new SDK. 2-week soak period.
Phase 3 — Cutover Planned
Flip gateway to JWT-only. Remove session cookie writes. Old tokens honored for 30 days then hard-cut.
2

Risk Assessment

High
JWT secret rotation failure All sessions invalidated if signing key is lost. Mitigation: dual-key support, encrypted backup.
Med
Mobile app version skew Old app versions won't send device_id. Mitigation: graceful fallback, force-update after Phase 3.
Low
Audit log volume ~500K events/day at current scale. Monthly partitioning + 90-day retention keeps storage manageable.

Rollback Plan

Phase 2 rollback
Disable JWT writes via feature flag (AUTH_DUAL_WRITE=false). Gateway falls back to session cookies. No data loss — old auth path is still warm.
Phase 3 rollback
Re-enable dual-write, revert gateway to accept both. 30-day token TTL means all active JWTs still valid. Users may need to re-login once.

Comments

13
S
sarah 2m ago
Authentication Flow

Do we need a circuit breaker between the gateway and auth service? If token store goes down we'll cascade.

J
jordan 1m ago
Authentication Flow

Good point. Adding a 5s timeout + fallback to cached JWK for validation. Token issuance will 503.

M
mike 12m ago Resolved
Authentication Flow

Do we need PKCE for the device flow? Standard RFC 8628 should be fine here.

M
mike 5m ago
Affected Services

Are we sure mobile is "Minor"? They need to update token refresh, add device-id header, AND handle the new 401 format. Feels more like Moderate.

S
sarah 4m ago
Affected Services

Agreed with Mike. Also — who owns the mobile changes? iOS team hasn't been looped in yet.

S
sarah 3m ago
Key Decisions

Dual-write is the right call. Can we add a metric for "% of requests using new auth" so we know when it's safe to cut over?

M
mike 6m ago
Session Model

device_id + ip_address + user_agent — should we add a composite index? We'll query by device for the session manager UI.

S
sarah 5m ago
Session Model

Storing raw IP as inet is great for filtering, but we'll need to handle GDPR deletion. Add it to the data retention policy doc.

J
jordan 3m ago
Audit Log Model

Monthly partitioning should work. Let's add a cron job to drop partitions older than retention window instead of row-level deletes.

M
mike 8m ago
Gateway Endpoints

Breaking change on validateJwt() — do we need to version the gateway API? Or is the dual-write period enough to cover it?

J
jordan 1m ago
Session Manager UI

Should "Revoke All" require a confirmation modal? One misclick and you log out every device including mobile.

S
sarah 30s ago
Risk Assessment

JWT secret rotation should be automated. Can we use AWS Secrets Manager with scheduled rotation? Manual rotation = guaranteed incident.

M
mike 15m ago Resolved
Risk Assessment

Should we load-test the audit log writes? Answered: yes, included in Phase 1 deliverables.

How it works

From zero to a shareable design doc.

🐳
01

Deploy & install

Pre-built image on Docker Hub (frannsoftdev/planpush), or clone the repo and build locally. Set up auth (a GitHub OAuth App or your Okta OIDC app), configure your .env, and docker compose up. Install the Claude Code plugin.

🚀
02

Run /planpush

Have a planning conversation with Claude, then run the command. It reads your conversation and generates a visual design doc — diagrams, tables, flows — not just a text dump.

👥
03

Team views & comments

Share the URL from your server. Your team sees the live doc, leaves anchored comments, and gets Slack notifications.

Get started

Deploy the server, install the plugin, sign in with GitHub or Okta SSO, and push your first design doc.

Setup Guide →
Claude Code
Features

Everything your team needs to stay aligned

📄

Not another markdown file

Architecture diagrams, data flow charts, API surface tables, UI mockups, decision matrices — all generated as a visual HTML doc. Your team skims structure, not paragraphs. Especially useful for large changes where a wall of text would get ignored.

🎯

You direct the output

Run /planpush focus on the data model to shape what gets emphasized. Guide the doc like you'd guide a teammate writing it for you.

💬

Anchored comments

Comments attach to specific elements. They survive regeneration and stay relevant as the plan evolves.

🔔

Slack notifications

New comments, plan updates, and resolved items post to your Slack channel automatically.

🔄

Incremental updates

Run /planpush again mid-conversation. Only changed sections update — the URL stays the same.

🏠

Your data, your server

Self-hosted on your own infrastructure. SQLite by default, optional PostgreSQL for remote databases. Deploy with Docker or run directly with Node.js.

🔒

Private by default

Sign in with GitHub (org-membership gated) or your enterprise IdP. Plans stay private to their owner until published, and only authorized users can view them.

🏢

Enterprise SSO & roles

Single sign-on via Okta (OpenID Connect). Role-based access — admin, project manager, developer, QA — mapped from your Okta groups and re-synced on every login. SCIM provisioning, single logout, and instant session revocation for clean offboarding.

📊

Team dashboard

Sessions, activity feed, comments, and API tokens in one place. Search, filter, and sort — all client-side, no round-trips. Views are role-scoped — admins and project managers see everything; developers and QA see what they own.

🕓

Version history

Every push is snapshotted. Browse older versions at /p/my-plan?v=2 — each version records who pushed it and when, so you always know where the design has been.

Stop pasting markdown
into Slack

Host it yourself, install the plugin, and your team gets a visual design doc they'll actually read.

Terminal 
 git clone https://github.com/Frannsoft/planpush.dev.git
 cp .env.example .env  # configure auth (GitHub OAuth or Okta SSO)
 docker compose up -d