femto
A Claude Code plugin that forces an AI coding agent to demonstrate domain-specific mastery — via a Socratic probe graded by a separate model — before it is permitted to emit code against the gated domain.
What it is
Femto is a layer, not an agent. You still open Claude Code. Femto loads into it and activates on repos that opt in. It ships as three parts working together:
Domain packs — markdown files defining Knowledge Components (KCs) with invariants, mechanisms, common failures, diagnostic heuristics, and per-bullet authoritative citations.
An MCP server that runs a Socratic probe as a multi-turn dialogue, tracks per-KC coverage, and delegates grading to a separate subagent so the probe and the grader are never the same model in the same turn.
A PreToolUse hook that inspects session state and blocks
Edit / Write / Bash when the gate is
not yet satisfied. Deterministic — independent of the agent’s compliance
with skill instructions.
Who it’s for
Work where the stakes justify the friction: multi-tenancy, authentication, data handling, safety-adjacent systems, onboarding to unfamiliar domains. For compliance-grade work (HIPAA / PCI / SOC2 / NIST controls, internal policies), femto composes with packs your org authors in its own repo — see the three content tiers. Femto is explicitly not for high-time-pressure emergencies — the incentive gradient points at disconnection and the org will not mandate the tool under those conditions.
The commitment — strong with transparency
Femto does not claim guaranteed understanding. It commits to:
- No designed-in bypass. No skip-pedagogy toggle, no “I’m an expert” mode.
- Stacked grading signals. The grader is a separate subagent on a
different model from the probe; the hook reads
grader.mddirectly from disk rather than trusting the probe’s own summary. - Measured, published per-domain false-pass rate. Every pack ships with a harness, test cases, and numbers (AUC / FPR / TPR) you can inspect and replicate. See Metrics.
- No “guaranteed understanding” language. Bounded probability, not absolute.
A pack is marked alpha until its harness meets a minimum size and fidelity
spot-check against real sessions. Until then its published numbers are
labeled not_yet_published.
Install
/plugin marketplace add patrickmvla/femto /plugin install femto@femto-marketplace
Opt-in per repo by committing a .femto/config.yaml. Disabling femto on a
repo requires a committed config change, visible in code review — an
individual engineer under deadline pressure cannot silently disconnect it.
Read next
- Quickstart — walk through one multi-tenancy session end to end.
- Concepts — the KC model, the Socratic probe, the Gate 1 reading.
- Packs — shipped domain packs and their maturity status.
- Metrics — per-pack reliability numbers with disclosure labels.
- Contributing — PR a new pack, add KCs, submit test cases.