OmniForge

<p align="center"> <h1 align="center">OmniForge</h1> <p align="center"> <em>AI-powered merge request toolkit — review, fix, and create GitLab MRs with multi-agent intelligence</em> </p> <p align="center"> <a href="#quick-start">Quick Start</a> &middot; <a href="#how-it-works">How It Works</a> &middot; <a href="#mcp-tools">MCP Tools</a> &middot; <a href="#contributing">Contribute</a> </p> <p align="center"> <a href="https://github.com/nexiouscaliver/OmniForge/releases/latest"> <img src="https://img.shields.io/github/v/release/nexiouscaliver/OmniForge?label=latest&color=brightgreen" alt="Latest Release"> </a> <a href="https://github.com/nexiouscaliver/OmniForge/blob/main/LICENSE"> <img src="https://img.shields.io/badge/license-MIT-blue" alt="License: MIT"> </a> <img src="https://img.shields.io/badge/python-3.10%2B-3776AB?logo=python&logoColor=white" alt="Python 3.10+"> <img src="https://img.shields.io/badge/Claude_Code-Plugin-blueviolet?logo=anthropic&logoColor=white" alt="Claude Code Plugin"> <img src="https://img.shields.io/badge/MCP_Tools-13-orange" alt="MCP Tools: 13"> <a href="https://github.com/nexiouscaliver/OmniForge/pulls"> <img src="https://img.shields.io/badge/PRs-welcome-brightgreen" alt="PRs Welcome"> </a> </p> </p>

---

What is OmniForge?

The merge request lifecycle has friction at every stage. Reviews are inconsistent — reviewers get tired, skip files, or rubber-stamp changes. Fixing review findings is tedious manual work. Creating MRs with proper descriptions is a chore nobody enjoys.

OmniForge automates all three stages. It is a unified Claude Code plugin that covers the full MR lifecycle: multi-agent adversarial review, automated finding resolution, and MR creation with auto-populated metadata. Three skills, one plugin, zero context switching.

Included Skills

| Skill | Command | Description | |-------|---------|-------------| | OmniReview | /omnireview-gitlab | Multi-agent adversarial MR review with 3 parallel agents, confidence scoring, and cross-correlation | | OmniFix | /omnifix-gitlab | Automated finding fixer — triages, applies fixes, verifies, commits, and resolves discussion threads | | OmniCreate | /omnicreate-gitlab | MR creation with auto-populated title and description from commit history |

---

Quick Start

Prerequisites

1. Claude Code installed and working (get it here)
2. uv (Python package runner) — required for the MCP tool server:

   # macOS/Linux
   curl -LsSf https://astral.sh/uv/install.sh | sh
   
   # Or via Homebrew (macOS)
   brew install uv
   
   # Verify
   uv --version
   

   The MCP server uses uv run --with mcp[cli] to auto-resolve Python dependencies at runtime — no manual pip install needed.
3. glab CLI — required for GitLab MR operations:

   # macOS
   brew install glab
   
   # Linux — see https://gitlab.com/gitlab-org/cli#installation
   
   # Authenticate
   glab auth login
   

4. Git (version 2.15+ for worktree support)
5. A GitLab repository cloned locally

Installation

Option A: Install as Plugin (Recommended)

Two commands in your terminal (outside Claude Code):

# 1. Add OmniForge as a marketplace source
claude plugin marketplace add https://github.com/nexiouscaliver/OmniForge.git

# 2. Install the plugin
claude plugin install omniforge@omniforge-marketplace

This installs all three skills, the MCP server, and all agent templates in one step. Claude Code manages updates and uninstall automatically.

To update later:

claude plugin marketplace update omniforge-marketplace
claude plugin update omniforge

To uninstall:

claude plugin uninstall omniforge
claude plugin marketplace remove omniforge-marketplace

Option B: Load from Local Directory (Development/Testing)

If you have cloned the repo locally and want to test without installing:

claude --plugin-dir /path/to/OmniForge/plugins/omniforge

Option C: Manual Personal Skill (No MCP Server)

If you prefer a manual installation as a personal skill (without the MCP tool server):

# 1. Clone the repository
git clone https://github.com/nexiouscaliver/OmniForge.git

# 2. Install the review skill
mkdir -p ~/.claude/skills/omnireview-gitlab/references
cp OmniForge/plugins/omniforge/skills/omnireview-gitlab/SKILL.md ~/.claude/skills/omnireview-gitlab/
cp OmniForge/plugins/omniforge/skills/omnireview-gitlab/references/* ~/.claude/skills/omnireview-gitlab/references/

# 3. Install OmniFix (fix skill)
mkdir -p ~/.claude/skills/omnifix-gitlab/references
cp OmniForge/plugins/omniforge/skills/omnifix-gitlab/SKILL.md ~/.claude/skills/omnifix-gitlab/
cp OmniForge/plugins/omniforge/skills/omnifix-gitlab/references/* ~/.claude/skills/omnifix-gitlab/references/

# 4. Install OmniCreate (create skill)
mkdir -p ~/.claude/skills/omnicreate-gitlab
cp OmniForge/plugins/omniforge/skills/omnicreate-gitlab/SKILL.md ~/.claude/skills/omnicreate-gitlab/

# 5. Clean up
rm -rf OmniForge

Note: Manual installation does not include the MCP tool server. Skills fall back to running bash commands directly, which works but is slower and less error-handled.

After Installation

Restart your Claude Code session for the plugin to be detected. Claude Code loads plugins at session start — any running session will not see OmniForge until restarted.

Once restarted, open Claude Code in any GitLab repository and run your first review:

/omnireview-gitlab 136

---

How It Works

/omnireview-gitlab — Multi-Agent MR Review

OmniForge runs three independent AI review agents simultaneously, each in its own isolated copy of your codebase via git worktrees. Each agent examines the merge request from a different angle. When they finish, their findings are cross-referenced, scored for confidence, filtered for false positives, and delivered as a single consolidated report.

The Three Agents

MR Analyst — "Is this merge request well-crafted?"

Focuses on process quality — the things that have nothing to do with code but everything to do with whether a change is safe to merge:

• Examines every commit — are messages clear? Is each commit atomic?
• Checks the MR description — does it explain what changed and why?
• Reviews all discussion threads — are reviewer concerns addressed or left hanging?
• Evaluates scope — is this MR focused, or is it sneaking in unrelated changes?
• Verifies CI/CD pipeline status

Codebase Reviewer — "Is this code correct, clean, and well-integrated?"

Performs a deep code review that goes beyond the diff. It has full access to your codebase and traces call chains, checks test coverage, and verifies architectural consistency:

• Reads the complete files that were changed (not just the diff lines)
• Traces imports, callers, and dependencies to understand impact
• Checks for logic errors, edge cases, and race conditions
• Verifies test coverage — are new features actually tested?
• Evaluates architecture — does this change fit existing codebase patterns?
• Flags performance concerns like N+1 queries or blocking async calls

Security Reviewer — "Can this change be exploited?"

Thinks like an attacker. Systematically walks through the OWASP Top 10 checklist and looks for vulnerabilities both in the changes and in how they interact with existing code:

• Injection — SQL, XSS, command injection, path traversal
• Broken access control — missing authorization, privilege escalation
• Cryptographic failures — hardcoded secrets, weak algorithms
• Authentication issues — JWT validation, session handling
• Data exposure — PII leaks, overly broad API responses
• SSRF, misconfigurations, vulnerable dependencies, and more
• Scans for hardcoded secrets, API keys, and credentials in the diff and commit history

7-Phase Review Pipeline

                         MR !123
                            |
                            v
              +--------------------------+
              |  Phase 1: GATHER         |
              |  Fetch MR metadata,      |
              |  diff, comments, commits |
              +--------------------------+
                            |
                            v
              +--------------------------+
              |  Phase 2: ISOLATE        |
              |  Create 3 git worktrees  |
              |  on the MR source branch |
              +--------------------------+
                            |
                            v
        +-------------------+-------------------+
        |                   |                   |
        v                   v                   v
+----------------+  +----------------+  +----------------+
|  MR Analyst    |  |  Codebase      |  |  Security      |
|                |  |  Reviewer      |  |  Reviewer      |
|  Commits,      |  |  Code quality, |  |  OWASP Top 10, |
|  discussions,  |  |  architecture, |  |  secrets,       |
|  MR hygiene    |  |  testing       |  |  auth/authz     |
+----------------+  +----------------+  +----------------+
        |                   |                   |
        v                   v                   v
              +--------------------------+
              |  Phase 4: CONSOLIDATE    |
              |  Confidence scoring,     |
              |  cross-correlation,      |
              |  deduplication           |
              +--------------------------+
                            |
                            v
              +--------------------------+
              |  Phase 5: REPORT         |
              |  Structured findings     |
              |  with verdict            |
              +--------------------------+
                            |
                            v
              +--------------------------+
              |  Phase 6: ACT