13 Commits

  • fix: port continuous-learning observer fixes
    Ports continuous-learning observer signal, storage, remote normalization, and v1 deprecation fixes onto current main.
  • feat: add security guides and sanitize external links across repo
    New articles:
    - the-security-guide.md: "The Shorthand Guide to Securing Your Agent" (595 lines)
      Attack vectors, sandboxing, sanitization, OWASP Top 10, observability
    - the-openclaw-guide.md: "The Hidden Danger of OpenClaw" (470 lines)
      Security analysis of OpenClaw, MiniClaw thesis, industry evidence
    
    External link sanitization (22 files across EN, zh-CN, zh-TW, ja-JP, .cursor):
    - Removed third-party GitHub links from skills and guides
    - Replaced with inline descriptions to prevent transitive prompt injection
    - Kept official org links (Anthropic, Google, Supabase, Mixedbread)
  • fix: add origin metadata to skills for traceability
    Add origin field to all skill files to track their source repository.
    This enables users to identify where distributed skills originated from.
    Fixes affaan-m/everything-claude-code#246
  • feat(ecc): prune plugin 43→12 items, promote 7 rules to .claude/rules/ (#245)
    ECC community plugin pruning: removed 530+ non-essential files
    (.cursor/, .opencode/, docs/ja-JP, docs/zh-CN, docs/zh-TW,
    language-specific skills/agents/rules). Retained 4 agents,
    3 commands, 5 skills. Promoted 13 rule files (8 common + 5
    typescript) to .claude/rules/ for CC native loading. Extracted
    reusable patterns to EXTRACTED-PATTERNS.md.
  • docs: add 'When to Activate' sections to 14 skill definitions
    Add activation triggers to skills that were missing them, helping
    Claude Code determine when to load each skill contextually.
  • fix: migrate hooks to stdin JSON input, fix duplicate main() calls, add threshold validation
    - Migrate session-end.js and evaluate-session.js from CLAUDE_TRANSCRIPT_PATH
      env var to stdin JSON transcript_path (correct hook input mechanism)
    - Remove duplicate main() calls that ran before stdin was read, causing
      session files to be created with empty data
    - Add range validation (1-10000) on COMPACT_THRESHOLD in suggest-compact.js
      to prevent negative or absurdly large thresholds
    - Add integration/hooks.test.js to tests/run-all.js so CI runs all 97 tests
    - Update evaluate-session.sh to parse transcript_path from stdin JSON
    - Update hooks.test.js to pass transcript_path via stdin instead of env var
    - Sync .cursor/ copies
  • fix: harden CI validators, shell scripts, and expand test suite
    - Add try-catch around readFileSync in validate-agents, validate-commands,
      validate-skills to handle TOCTOU races and file read errors
    - Add validate-hooks.js and all test suites to package.json test script
      (was only running 4/5 validators and 0/4 test files)
    - Fix shell variable injection in observe.sh: use os.environ instead of
      interpolating $timestamp/$OBSERVATIONS_FILE into Python string literals
    - Fix $? always being 0 in start-observer.sh: capture exit code before
      conditional since `if !` inverts the status
    - Add OLD_VERSION validation in release.sh and use pipe delimiter in sed
      to avoid issues with slash-containing values
    - Add jq dependency check in evaluate-session.sh before parsing config
    - Sync .cursor/ copies of all modified shell scripts
  • feat: v1.1.0 release - session ID tracking, async hooks, new skills
    - Add session ID to session filenames (Issue #62)
    - Add getSessionIdShort() helper for unique per-session tracking
    - Add async hooks documentation with example
    - Create iterative-retrieval skill for progressive context refinement
    - Add continuous-learning-v2 skill with instinct-based learning
    - Add ecc.tools ecosystem section to README
    - Update skills list in README
    
    All 67 tests passing.
  • feat: package as Claude Code plugin with marketplace distribution
    - Add .claude-plugin/plugin.json manifest for direct installation
    - Add .claude-plugin/marketplace.json for marketplace distribution
    - Reorganize skills to proper skill-name/SKILL.md format
    - Update hooks.json with relative paths for portability
    - Add new skills: continuous-learning, strategic-compact, eval-harness, verification-loop
    - Add new commands: checkpoint, eval, orchestrate, verify
    - Update README with plugin installation instructions
    
    Install via:
      /plugin marketplace add affaan-m/everything-claude-code
      /plugin install everything-claude-code@everything-claude-code
  • feat: add continuous learning skill with session examples
    Stop hook-based pattern extraction - no README, comments in .sh file.