> ## Documentation Index
> Fetch the complete documentation index at: https://docs.root.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Claude Code

> Automatically detect and patch vulnerabilities in Claude Code

The Root.io plugin for Claude Code automatically detects vulnerable packages and suggests Root.io patches as you edit dependency files.

## Prerequisites

* Claude Code v1.x or later
* Complete the [AI Integrations prerequisites](/ai-integrations/overview#prerequisites) (Root.io account, `rootio_patcher` CLI, registry configuration)

## Installation

### Plugin Marketplace (Recommended)

Install directly through Claude Code's built-in plugin system:

```
/plugin marketplace add github:rootio-avr/root-ai
/plugin install rootio-patcher@rootio
```

This is the easiest way to install and keep the plugin up to date. If Claude Code is already open, run `/reload-plugins` to activate without restarting.

### Manual Install

If you prefer to install manually or already have `rootio_patcher` installed:

```bash theme={null}
# Clone the repository
git clone https://github.com/rootio-avr/root-ai.git

# From your project root, copy the plugin files
cp -r root-ai/platforms/claude-code/.claude-plugin .claude-plugin
cp -r root-ai/platforms/claude-code/hooks .claude/hooks
cp -r root-ai/platforms/claude-code/skills .claude/skills

# Wire the PostToolUse hook
mkdir -p .claude
cat > .claude/settings.json <<'EOF'
{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "bash \".claude/hooks/post-edit.sh\"",
            "timeout": 30
          }
        ]
      }
    ]
  }
}
EOF
```

### Verify Installation

Restart Claude Code and check that the plugin loaded:

```bash theme={null}
ls .claude-plugin/plugin.json
ls .claude/hooks/post-edit.sh
ls .claude/skills/rootio-patcher/SKILL.md
```

All three files should exist.

## How It Works

The Claude Code integration uses a **PostToolUse hook** that triggers automatically when you edit dependency files.

**Triggers when:**

* Edit or Write tool modifies: `package.json`, `pom.xml`, `requirements.txt`, `pyproject.toml`, `Pipfile`

**Behavior:**

1. Runs `rootio_patcher` in dry-run mode
2. If patches are available, Claude receives a notification with vulnerability counts
3. Claude offers to apply the patches
4. If you approve, Claude runs `rootio_patcher` with `--dry-run=false`

The hook runs in the background and only notifies Claude when patches are found, so it doesn't interrupt your workflow.

## Example Interaction

When you edit a dependency file:

1. **You or Claude edits** `package.json` to add a new dependency
2. **Hook runs automatically** - `rootio_patcher npm remediate` runs in the background
3. **Claude is notified** - "Found 3 vulnerable packages with Root.io patches available"
4. **Claude offers to fix** - "Would you like me to apply the Root.io patches?"
5. **You approve** - Claude runs `rootio_patcher npm remediate --dry-run=false` and `npm install`

## Manual Usage

You can also manually trigger the vulnerability check by mentioning the skill:

```
"Check for Root.io patches"
```

Or invoke the patcher directly through Claude:

```
"Run rootio_patcher to check for npm patches"
```

For complete CLI usage, see the [Root Patcher CLI documentation](/rlc/patcher).