24 Commits

  • feat(skills): add codehealth-mcp skill and CodeScene MCP config (#2077)
    * feat(skills): add codehealth-mcp skill and CodeScene MCP config
    
    * docs(skills): add When to Use, How It Works, and Examples sections
    
    * docs(skills): clarify MCP opt-in, data boundaries, and offline behavior
    
    Address security review on PR #2077: no bundled credentials, document what
    tools read locally, failure behavior when MCP is unavailable, and README
    wording that Code Health MCP is optional and not enabled by default.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    ---------
    
    Co-authored-by: adnasalk-notus <adna.salkovic@notus.hr>
    Co-authored-by: Cursor <cursoragent@cursor.com>
  • feat(mcp): add parallel-search server catalog entry (#2085)
    * feat(mcp): add parallel-search server catalog entry
    
    * fix(mcp): drop placeholder Bearer header from parallel-search entry
    
    The /mcp endpoint accepts anonymous requests by default; baking in a
    placeholder "Authorization: Bearer YOUR_PARALLEL_API_KEY_HERE" header
    breaks the key-free default for users who copy the entry verbatim.
    Move the optional API-key guidance into the description instead.
  • Add NEXUS to mcp-configs/mcp-servers.json (local cost/privacy proxy) (#2125)
    * Add NEXUS to mcp-configs/mcp-servers.json
    
    NEXUS (github.com/lynuxis2026-pixel/nexus-proxy) is a local, single-binary
    cost/privacy proxy that sits under the harness. Adding it as an MCP server lets
    an ECC agent query its own usage/savings mid-session (nexus_stats, nexus_savings,
    nexus_recent, nexus_providers, nexus_cost_breakdown).
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    * Tighten nexus MCP description to ECC's concise house style
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: ludicolijn1985-blip <ludicolijn1985@gmail.com>
    Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
  • feat(mcp): add Squish Memory server catalog entry (#2039)
    Adds Squish Memory to the MCP server catalog. Pre-validated in a synthetic current-main merge.
  • feat: salvage plan orchestrate workflow
    - add plan-orchestrate skill from closed PR #1603
    
    - add Longhand MCP config from closed PR #1503
    
    - sync catalog counts to 54 agents, 207 skills, 70 commands
  • feat(skills): add evalview-agent-testing skill and MCP server (#828)
    * feat(skills): add evalview-agent-testing skill and MCP server
    
    Add EvalView as a regression testing skill for AI agents. EvalView
    snapshots agent behavior (tool calls, parameters, output), then diffs
    against baselines after every change — catching regressions before they
    ship.
    
    Skill covers:
    - CLI workflow (init → snapshot → check → monitor)
    - Python API (gate() / gate_async() for autonomous loops)
    - Quick mode (no LLM judge, $0, sub-second)
    - CI/CD integration (GitHub Actions with PR comments)
    - MCP integration (8 tools for Claude Code)
    - Multi-turn test cases
    - OpenClaw integration for autonomous agents
    
    Also adds evalview MCP server to mcp-servers.json.
    
    * fix(skills): pin action SHA and remove unvetted external links
    
    - Pin hidai25/eval-view action to commit SHA instead of @main
    - Replace external GitHub links with PyPI package link (vetted registry)
    
    Addresses cubic-dev-ai review feedback.
    
    * fix(skills): replace third-party action with pip install + CLI
    
    Use plain pip install + evalview CLI instead of a third-party GitHub
    Action. No external actions, no secrets passed to unvetted code.
    
    Addresses cubic-dev-ai supply-chain review feedback.
    
    * fix(skills): add destructive revert warning for gate_or_revert
    
    Add prominent warning that gate_or_revert runs git checkout,
    discarding uncommitted changes. Documents the revert_cmd override
    for safer alternatives like git stash.
    
    Addresses cubic-dev-ai review feedback.
    
    * fix(skills): pin pip version range and document fail-on tradeoffs
    
    - Pin evalview to >=0.5,<1 to prevent breaking CI on major upgrades
    - Document --fail-on REGRESSION vs --strict tradeoff so users
      understand what gates and what passes through
    
    Addresses greptile-apps review feedback.
    
    * fix: use python3 -m evalview for venv compatibility in MCP config
    
    Follows the same pattern as insaits entry. Resolves correctly even
    when evalview is installed in a virtual environment that isn't on
    the system PATH.
    
    * fix: align MCP install command with mcp-servers.json pattern
    
    Use python3 -m evalview mcp serve consistently across both the
    skill docs and the MCP config catalog.
    
    * fix: use evalview CLI entry point for MCP command
    
    pip install evalview installs the evalview binary to PATH, so using
    it directly is consistent with the install docs and avoids python3
    version mismatch issues.
    
    * fix: pin install version to match CI section
    
    * fix: pin all pip install references consistently
    
    * fix: add API key placeholder and pin install version in MCP config
    
    Add OPENAI_API_KEY env placeholder matching other entries. Note that
    the key is optional — deterministic checks work without it. Pin
    install version to match skill docs.
    
    * fix: guard score_delta format for non-scored statuses
    
    ---------
    
    Co-authored-by: Affaan Mustafa <me@affaanmustafa.com>
  • feat: add omega-memory MCP server to mcp-configs
    Adds omega-memory — persistent agent memory with semantic search,
    multi-agent coordination, and knowledge graphs. Available on PyPI
    as `omega-memory` (pip install omega-memory).
    
    https://github.com/omega-memory/omega-memory
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • feat(skills): add laravel-plugin-discovery skill with LaraPlugins MCP
    - Add laraplugins MCP server to mcp-configs/mcp-servers.json
    - Create laravel-plugin-discovery skill for Laravel package discovery
    - Supports searching by keyword, health score, Laravel/PHP version
    - No API key required - free for Laravel community
  • Add Claude DevFleet multi-agent orchestration skill (#505)
    * Add Claude DevFleet multi-agent orchestration skill
    
    Adds a skill for Claude DevFleet — a multi-agent coding platform that dispatches
    Claude Code agents to work on missions in parallel, each in an isolated git worktree.
    
    The skill teaches Claude Code how to use DevFleet's 11 MCP tools to plan projects,
    dispatch agents, monitor progress, and read structured reports.
    
    Setup: claude mcp add devfleet --transport sse http://localhost:18801/mcp/sse
    Repo: https://github.com/LEC-AI/claude-devfleet
    
    * Add DevFleet MCP config and /devfleet command
    
    - Add devfleet entry to mcp-configs/mcp-servers.json for discovery
    - Add /devfleet slash command for multi-agent orchestration workflow
    
    * Add orchestration flow diagrams to skill and command
    
    - Add visual flow to SKILL.md showing plan → dispatch → auto-chain → report
    - Add flow to /devfleet command showing the trigger sequence
    
    * Fix review feedback: frontmatter, workflow docs, HTTP transport
    
    - Add YAML description frontmatter to commands/devfleet.md
    - Fix manual workflow in SKILL.md to capture project_id from create_project
    - Change mcp-servers.json from deprecated SSE to Streamable HTTP transport
    
    * Address all review comments
    
    * Add monitoring/reporting steps to full auto pattern
    
    Addresses review feedback: the full auto example now includes polling
    for completion and retrieving reports, matching the other patterns.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * Update skills/claude-devfleet/SKILL.md
    
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    
    * Update skills/claude-devfleet/SKILL.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    * Update commands/devfleet.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    * Fix review feedback
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Avdhesh Singh Chouhan <avdhesh.acro@gmail.com>
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
  • feat(commands): add /docs; feat(mcp-configs): document Context7 (#530)
    * feat(commands): add /docs; feat(agents): add docs-lookup; feat(mcp-configs): document Context7; docs: add MCP subsection to CONTRIBUTING
    
    Made-with: Cursor
    
    * fix: address PR review — use Context7 MCP tool names in docs-lookup agent; CONTRIBUTING Agent Fields + MCP wording; mcp-config description; /docs quoted example; treat fetched docs as untrusted
    
    Made-with: Cursor
    
    * docs-lookup: note that harness may expose Context7 tools under prefixed names
    
    Made-with: Cursor
    
    * docs-lookup: examples use prefixed tool names (mcp__context7__*) for resolution
    
    Made-with: Cursor
  • fix: address CodeRabbit review — convert to PreToolUse, add type annotations, logging
    Critical fixes:
    - Convert hook from PostToolUse to PreToolUse so exit(2) blocking works
    - Change all python references to python3 for cross-platform compat
    - Add insaits-security-wrapper.js to bridge run-with-flags.js to Python
    
    Standard fixes:
    - Wrap hook with run-with-flags.js so users can disable via
      ECC_DISABLED_HOOKS="pre:insaits-security"
    - Add "async": true to hooks.json entry
    - Add type annotations to all function signatures (Dict, List, Tuple, Any)
    - Replace all print() statements with logging module (stderr)
    - Fix silent OSError swallow in write_audit — now logs warning
    - Remove os.environ.setdefault('INSAITS_DEV_MODE') — pass dev_mode=True
      through monitor constructor instead
    - Update hooks/README.md: moved to PreToolUse table, "detects" not
      "catches", clarify blocking vs non-blocking behavior
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • feat: add InsAIts PostToolUse security monitoring hook
    - Add insaits-security-monitor.py: real-time AI security monitoring
      hook that catches credential exposure, prompt injection,
      hallucinations, and 20+ other anomaly types
    - Update hooks.json with InsAIts PostToolUse entry
    - Update hooks/README.md with InsAIts in PostToolUse table
    - Add InsAIts MCP server entry to mcp-configs/mcp-servers.json
    
    InsAIts (https://github.com/Nomadu27/InsAIts) is an open-source
    runtime security layer for multi-agent AI. It runs 100% locally
    and writes tamper-evident audit logs to .insaits_audit_session.jsonl.
    
    Install: pip install insa-its
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
  • feat(ecc): prune plugin 43→12 items, promote 7 rules to .claude/rules/ (#245)
    ECC community plugin pruning: removed 530+ non-essential files
    (.cursor/, .opencode/, docs/ja-JP, docs/zh-CN, docs/zh-TW,
    language-specific skills/agents/rules). Retained 4 agents,
    3 commands, 5 skills. Promoted 13 rule files (8 common + 5
    typescript) to .claude/rules/ for CC native loading. Extracted
    reusable patterns to EXTRACTED-PATTERNS.md.
  • Initial release: Complete Claude Code configuration collection
    Battle-tested configs from 10+ months of daily Claude Code usage.
    Won Anthropic x Forum Ventures hackathon building zenith.chat.
    
    Includes:
    - 9 specialized agents (planner, architect, tdd-guide, code-reviewer, etc.)
    - 9 slash commands (tdd, plan, e2e, code-review, etc.)
    - 8 rule files (security, coding-style, testing, git-workflow, etc.)
    - 7 skills (coding-standards, backend-patterns, frontend-patterns, etc.)
    - Hooks configuration (PreToolUse, PostToolUse, Stop)
    - MCP server configurations (15 servers)
    - Plugin/marketplace documentation
    - Example configs (project CLAUDE.md, user CLAUDE.md, statusline)
    
    Read the full guide: https://x.com/affaanmustafa/status/2012378465664745795