What IT services does KGA provide?

KGA provides comprehensive IT support services including software installation and setup, SaaS system maintenance, application configuration, technical support, digital consulting (including website development), security services, and data management & backup solutions.

What areas do you cover?

Based in Kosai, Shizuoka, we provide remote support nationwide across Japan. On-site support is available primarily in the Tokai region.

Can I consult before signing a contract?

Yes, initial consultation and estimates are completely free. We will listen to your IT challenges and propose the optimal solution.

Is emergency support available?

Yes, the Premium plan includes 24-hour emergency support. The Standard plan also provides priority response during business hours.

Can you set up international TV apps?

Yes, we support the installation and configuration of international TV applications and media players. We help set up environments for legal access to international content.

Do you offer multilingual support?

We support 9 languages: Japanese, English, Portuguese, Korean, Chinese, Malay, Filipino, Vietnamese, and Spanish.

Are there any setup or hidden fees?

No. All prices displayed are final and tax-included. There are no setup fees, hidden charges, or surprise invoices. What you see is exactly what you pay.

Can I change plans later?

Yes. You can upgrade, downgrade, or cancel at any time. Upgrades take effect immediately and we will prorate the difference. Downgrades take effect at the next renewal cycle.

Which payment methods do you accept?

We accept all major credit cards (Visa, Mastercard, JCB, American Express) through Komoju, as well as bank transfers and convenience store payments in Japan. Invoicing is available for Business IT Plan customers.

Do you offer refunds?

Yes. We offer a 14-day money-back guarantee on all annual plans — no questions asked. Monthly Business IT Plan subscriptions can be cancelled at any time with prorated refunds for unused service.

What is the difference between the annual plans and the Business IT Plan?

Annual plans cover app configuration and support for individuals and small teams. The Business IT Plan is a comprehensive monthly subscription for companies that require website development, system management, automation, security, and a dedicated account manager.

Do you provide support in English?

Yes. Our team provides full multilingual support in Japanese, English, Portuguese, Korean, Chinese, Malay, Filipino, Vietnamese, and Spanish — by email, chat, and scheduled video calls.

Claude Plugins Ecosystem: Building MCP Servers, Slash Commands & Hooks — KGA Tech Blog

The Explosive Growth of the Claude Code Plugin Ecosystem

In 2026, Anthropic's officially supported Claude Code plugin specification advanced to v1.2. The Plugin Marketplace exceeded 420 public plugins as of April, and maintainers earning thousands of dollars per month from what started as side projects have begun to emerge. A culture of "package your own workflow and share it with others" has taken hold, reaching a maturity level similar to the GitHub Actions ecosystem.

Plugins fall into four broad categories: slash commands (interactions like `/loop` and `/review`), MCP servers (external tool integrations), hooks (automation triggers), and subagent definition files. Combining these, entire development workflows can be packaged declaratively.

Three Plugins Worth Watching

get-shit-done is the most talked-about workflow plugin. It delegates TODO list management to Claude and uses a Stop hook to automatically detect unfinished work. The Stop hook, registered in `.claude/settings.json`, inspects for incomplete tasks before a session ends and re-injects a prompt if continuation is needed.

simplify is a review-oriented plugin that checks the complexity of modified code. It automatically detects cyclomatic complexity, duplicated logic, and unused imports. It runs via a PostToolUse hook immediately after Edit/Write operations, and automatically proposes refactoring when thresholds are exceeded. It delivers significant efficiency gains on large-scale refactoring projects.

ultrareview is a subagent-type plugin that automates code review at the PR level. It takes the output of `gh pr diff`, generates a review report across three axes — security, performance, and maintainability — and internally launches multiple subagents in parallel, each providing a different perspective, which are then integrated.

How to Build Your Own Plugin

Plugins are fundamentally defined by placing `manifest.json`, `commands/*.md`, `hooks.json`, and `mcp.json` under a `.claude/plugins/<name>/` directory. Declare the plugin name, version, and entry points in `manifest.json`; placing Markdown files in the `commands` directory is all it takes to register slash commands.

To bundle an MCP server, write the stdio startup command in `mcp.json`. For Node.js, the recommended path is via `npx`; for Python, via `uvx`. The key constraint is to avoid absolute path dependencies in startup commands. Plugins published to the Plugin Marketplace must work across diverse environments, so only PATH-resolvable command names are permitted.

Hooks are registered in `hooks.json` for the following triggers: PreToolUse, PostToolUse, UserPromptSubmit, Stop, and SessionStart. Each entry specifies a matcher (regex for tool names) and a command (shell to execute) — a format that will feel intuitive to anyone familiar with GitHub Actions workflow syntax.

Security for Shell-Executing Plugins

The ability for plugins to execute arbitrary shell commands is the ecosystem's greatest risk factor. In February 2026, a real incident occurred where a malicious MCP server exfiltrated `.ssh/id_rsa` via an external POST, prompting Anthropic to add sandbox enforcement mode in v1.2.

Three critical defenses: First, restrict execution with an `allowed_commands` whitelist — declare a permitted command set in `prePlugin`, and block any shell calls outside of it. Second, restrict external communication with a `network_access` flag — enable it on an opt-in basis only when required. Third, require signatures on plugin manifests (Sigstore-compatible) so that author identity and tamper status can be verified.

At KGA, before any internal plugin is published, a static analysis gate scans for `exec`, `spawn`, `curl`, and `wget`. If dangerous patterns are detected, CI fails. A linter that warns on environment variable access is also used to catch the often-overlooked risk of secret leakage via environment variables — a blind spot for many individual developers.

Plugin Design Best Practices

Not over-loading a single plugin with too many features is the top priority. Composing small, clearly scoped plugins — in the style of get-shit-done — is easier for users to understand and maintain than a sprawling monolithic plugin. The `manifest.json` description should specify the use case concretely, with the opening line communicating exactly what is automated at a glance.

Also, hook logic must always be designed for idempotency. A PostToolUse hook should be safe to execute multiple times, and stateful operations should use a lock file under `.claude/state/` for mutual exclusion. Concurrent hook execution during multi-instance operation is a common source of destructive behavior.

Finally, don't neglect testing the plugin in isolation. `claude --plugin-test <path>` allows dry-run execution, so integrate it into CI and validate before merging to the main branch. A self-regulating quality assurance mechanism within the community is essential for the plugin culture to mature.

Claude Plugins Ecosystem: Building MCP Servers, Slash Commands & Hooks

The Explosive Growth of the Claude Code Plugin Ecosystem

Three Plugins Worth Watching

How to Build Your Own Plugin

Security for Shell-Executing Plugins

Plugin Design Best Practices

Let's solve your technical challenges together.