Ultra planning: web-sourced skills/tools/permissions bundle for coding agents.
Project description
ultra-plan
ultra-plan is a CLI that produces a reviewable bundle of skills, tools, MCP servers, and permission patches for a task by delegating discovery to a headless agent (Claude Code by default; opencode also supported). The bundle is written to disk; nothing is installed.
WHAT IS IN A BUNDLE
A bundle is a directory under --out (default ./ultra-plan/<slug>/)
containing:
bundle.json canonical, validated bundle
preflight-settings.json permissions used during planning (claude)
preflight-config.json permissions used during planning (opencode)
index.html, app.js, style.css review UI (served locally)
After you click Confirm in the review UI, the server also writes:
expected-outcome.md deliverables and success criteria
skills.json enabled skills only
tools.json enabled tools only
permissions.json proposed settings.json patch
plan.md implementation plan
prompt-recommendations.md instructions for the executing agent
When execute runs, the directory also gains settings.json (Claude) or
opencode.json (opencode), materialized from the bundle's permissions and
MCP configuration.
INSTALLING
pip install -e .
Requires Python 3.10+. The claude CLI (or opencode) must be on $PATH
for live runs.
USING IT
ultra-plan "<task>" [flags]
ultra-plan run "<task>" [flags]
ultra-plan review <dir>
ultra-plan execute <dir> [flags]
run plans a task: it invokes the agent headless, validates the resulting
bundle against JSON schemas, starts a local review server, and opens a
browser. On confirm the final bundle is persisted to --out.
review re-opens the review UI for an existing bundle directory.
execute reads bundle.json, materializes agent config into the bundle
directory, builds an execution prompt from the plan, prompt recommendations,
expected outcome, and original task, and launches the configured agent. By
default execute is interactive; --headless runs non-interactively with
JSON output.
For the full flag list run ultra-plan <command> --help.
SECURITY
The planning agent runs against attacker-controlled web content (search results, fetched pages, MCP registries), so the preflight run is hardened against prompt injection:
- The agent subprocess inherits only a small allowlist of environment
variables; tokens, API keys, and
AWS_*/GITHUB_*secrets are dropped. - The materialized
settings.jsondeniesRead,Write,Edit,NotebookEdit, andBashregardless of any--allowedToolspassed in. WebFetchdeniesfile://,http://localhost,http://127.0.0.1, andhttp://169.254.169.254(cloud metadata).- Prompts are piped via stdin, so leading
-cannot be parsed as a flag. - The agent runs in a fresh temp
cwdcontaining onlysettings.json. - The preflight permissions are persisted to the bundle directory as
preflight-settings.json(claude) orpreflight-config.json(opencode) for transparency and audit purposes.
These protections apply to run only. execute runs with the tools and
permissions you confirmed in the review UI — review them before executing.
See src/ultra_plan/agents/_env.py for the environment allowlist.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ultra_plan-0.1.4.tar.gz.
File metadata
- Download URL: ultra_plan-0.1.4.tar.gz
- Upload date:
- Size: 50.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c3bcddec6b88820097cb31390fc333d416ea21b359b7160f61e585033ff6acf8
|
|
| MD5 |
8888f1d1653cc462289b9a314db24de1
|
|
| BLAKE2b-256 |
72c480205de75c5b34d14d32019779ebcbf2e7665b5627141a26e6197549f6a8
|
Provenance
The following attestation bundles were made for ultra_plan-0.1.4.tar.gz:
Publisher:
release.yml on avrilfanomar/ultra-planning
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ultra_plan-0.1.4.tar.gz -
Subject digest:
c3bcddec6b88820097cb31390fc333d416ea21b359b7160f61e585033ff6acf8 - Sigstore transparency entry: 1554291837
- Sigstore integration time:
-
Permalink:
avrilfanomar/ultra-planning@307a8d58b2f9934764172c65384c5e63efc3f032 -
Branch / Tag:
refs/tags/v0.1.4 - Owner: https://github.com/avrilfanomar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@307a8d58b2f9934764172c65384c5e63efc3f032 -
Trigger Event:
push
-
Statement type:
File details
Details for the file ultra_plan-0.1.4-py3-none-any.whl.
File metadata
- Download URL: ultra_plan-0.1.4-py3-none-any.whl
- Upload date:
- Size: 41.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1d279e804ebf9a17ab05d3edc8923334b2d207f171dd760d927ba1fbdf8d7718
|
|
| MD5 |
1d34a62525fcdc0fd88e9d446321efd8
|
|
| BLAKE2b-256 |
ec791f84fa9372b39df55250850b30bb69a8ce22a67221b2c8e6e21d5e426224
|
Provenance
The following attestation bundles were made for ultra_plan-0.1.4-py3-none-any.whl:
Publisher:
release.yml on avrilfanomar/ultra-planning
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ultra_plan-0.1.4-py3-none-any.whl -
Subject digest:
1d279e804ebf9a17ab05d3edc8923334b2d207f171dd760d927ba1fbdf8d7718 - Sigstore transparency entry: 1554291838
- Sigstore integration time:
-
Permalink:
avrilfanomar/ultra-planning@307a8d58b2f9934764172c65384c5e63efc3f032 -
Branch / Tag:
refs/tags/v0.1.4 - Owner: https://github.com/avrilfanomar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@307a8d58b2f9934764172c65384c5e63efc3f032 -
Trigger Event:
push
-
Statement type: