Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.root.io/llms.txt

Use this file to discover all available pages before exploring further.

The Root.io plugin for Claude Code automatically detects vulnerable packages and suggests Root.io patches as you edit dependency files.

Prerequisites

Installation

Install directly through Claude Code’s built-in plugin system: 
/plugin marketplace add github:rootio-avr/root-ai
/plugin install rootio-patcher@rootio
This is the easiest way to install and keep the plugin up to date. If Claude Code is already open, run /reload-plugins to activate without restarting.

Manual Install

If you prefer to install manually or already have rootio_patcher installed: 
# Clone the repository
git clone https://github.com/rootio-avr/root-ai.git

# From your project root, copy the plugin files
cp -r root-ai/platforms/claude-code/.claude-plugin .claude-plugin
cp -r root-ai/platforms/claude-code/hooks .claude/hooks
cp -r root-ai/platforms/claude-code/skills .claude/skills

# Wire the PostToolUse hook
mkdir -p .claude
cat > .claude/settings.json <<'EOF'
{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "bash \".claude/hooks/post-edit.sh\"",
            "timeout": 30
          }
        ]
      }
    ]
  }
}
EOF

Verify Installation

Restart Claude Code and check that the plugin loaded: 
ls .claude-plugin/plugin.json
ls .claude/hooks/post-edit.sh
ls .claude/skills/rootio-patcher/SKILL.md
All three files should exist.

How It Works

The Claude Code integration uses a PostToolUse hook that triggers automatically when you edit dependency files. Triggers when:
  • Edit or Write tool modifies: package.json, pom.xml, requirements.txt, pyproject.toml, Pipfile
Behavior:
  1. Runs rootio_patcher in dry-run mode
  2. If patches are available, Claude receives a notification with vulnerability counts
  3. Claude offers to apply the patches
  4. If you approve, Claude runs rootio_patcher with --dry-run=false
The hook runs in the background and only notifies Claude when patches are found, so it doesn’t interrupt your workflow.

Example Interaction

When you edit a dependency file:
  1. You or Claude edits package.json to add a new dependency
  2. Hook runs automatically - rootio_patcher npm remediate runs in the background
  3. Claude is notified - “Found 3 vulnerable packages with Root.io patches available”
  4. Claude offers to fix - “Would you like me to apply the Root.io patches?”
  5. You approve - Claude runs rootio_patcher npm remediate --dry-run=false and npm install

Manual Usage

You can also manually trigger the vulnerability check by mentioning the skill: 
"Check for Root.io patches"
Or invoke the patcher directly through Claude: 
"Run rootio_patcher to check for npm patches"
For complete CLI usage, see the Root Patcher CLI documentation.