Enable a compliance extension pack for this project.
/extensions enable <domain>/<name>
The pack_id argument must be in <domain>/<name> format (e.g., compliance/hipaa, security/baseline).
compliance/hipaa, security/baseline) so its rules apply to toolkit workflows/extensions enable compliance/hipaa
What you’ll see: Enabled compliance/hipaa v1.0.0 (restrictiveness 5, source original). Evidence will be generated on next /pr run. — plus a conflict count if the pack’s rules overlap with already-enabled packs.
/extensions enable compliance/hipaa # opt in to a pack (format: <domain>/<name>)
/extensions enable security/baseline # enable a second pack — conflicts auto-resolve
.claude/extensions/.enabled.json with the pack ID, version, timestamp, your git email, and a source field (always "manual" for this command). Re-enables also add a re_enabled_at timestamp./pr run..claude/extensions/.enabled.json — the project’s enabled-pack and waiver registry. Example entry:
{
"pack_id": "compliance/hipaa",
"version": "1.0.0",
"enabled_at": "2026-07-05T12:00:00Z",
"enabled_by_email": "user@example.com",
"source": "manual"
}
A re-enable adds "re_enabled_at": "<iso8601>" to the new entry while leaving the prior disabled entry untouched.
.claude/extensions/<pack-kebab>/conflict-log.md — one line per auto-resolved rule conflict| Problem | Fix |
|---|---|
Pack {pack_id} not found |
Check the ID format is <domain>/<name> and run /extensions list to see available packs |
Pack {pack_id} has malformed frontmatter |
The pack’s opt-in file is missing required keys (version/restrictiveness) — fix or re-install the pack |
jq required for /extensions enable |
Install jq — this command manipulates JSON state |
Could not acquire lock |
Another /extensions command is running; if not, remove .claude/extensions/.lock |
Pack ... is already enabled |
Nothing to do — the command is idempotent |