Commit Graph

20 Commits

  • feat(install): add CodeBuddy(Tencent) adaptation with installation scripts (#1038)
    * feat(install): add CodeBuddy(Tencent) adaptation with installation scripts
    
    * fix: add codebuddy to SUPPORTED_INSTALL_TARGETS
    
    * fix(codebuddy): resolve installer path issues, unused vars, and uninstall safety
  • fix: CI fixes, security audit, remotion skill, lead-intelligence, npm audit (#1039)
    * fix(ci): resolve cross-platform test failures
    
    - Sanity check script (check-codex-global-state.sh) now falls back to
      grep -E when ripgrep is not available, fixing the codex-hooks sync
      test on all CI platforms. Patterns converted to POSIX ERE for
      portability.
    - Unicode safety test accepts both / and \ path separators so the
      executable-file assertion passes on Windows.
    - Gacha test sets PYTHONUTF8=1 so Python uses UTF-8 stdout encoding on
      Windows instead of cp1252, preventing UnicodeEncodeError on box-drawing
      characters.
    - Quoted-hook-path test skipped on Windows where NTFS disallows
      double-quote characters in filenames.
    
    * feat: port remotion-video-creation skill (29 rules), restore missing files
    
    New skill:
    - remotion-video-creation: 29 domain-specific Remotion rules covering 3D/Three.js,
      animations, audio, captions, charts, compositions, fonts, GIFs, Lottie,
      measuring, sequencing, tailwind, text animations, timing, transitions,
      trimming, and video embedding. Ported from personal skills.
    
    Restored:
    - autonomous-agent-harness/SKILL.md (was in commit but missing from worktree)
    - lead-intelligence/ (full directory restored from branch commit)
    
    Updated:
    - manifests/install-modules.json: added remotion-video-creation to media-generation
    - README.md + AGENTS.md: synced counts to 139 skills
    
    Catalog validates: 30 agents, 60 commands, 139 skills.
    
    * fix(security): pin MCP server versions, add dependabot, pin github-script SHA
    
    Critical:
    - Pin all npx -y MCP server packages to specific versions in .mcp.json
      to prevent supply chain attacks via version hijacking:
      - @modelcontextprotocol/server-github@2025.4.8
      - @modelcontextprotocol/server-memory@2026.1.26
      - @modelcontextprotocol/server-sequential-thinking@2025.12.18
      - @playwright/mcp@0.0.69 (was 0.0.68)
    
    Medium:
    - Add .github/dependabot.yml for weekly npm + github-actions updates
      with grouped minor/patch PRs
    - Pin actions/github-script to SHA (was @v7 tag, now pinned to commit)
    
    * feat: add social-graph-ranker skill — weighted network proximity scoring
    
    New skill: social-graph-ranker
    - Weighted social graph traversal with exponential decay across hops
    - Bridge Score: B(m) = Σ w(t) · λ^(d(m,t)-1) ranks mutuals by target proximity
    - Extended Score incorporates 2nd-order network (mutual-of-mutual connections)
    - Final ranking includes engagement bonus for responsive connections
    - Runs in parallel with lead-intelligence skill for combined warm+cold outreach
    - Supports X API + LinkedIn CSV for graph harvesting
    - Outputs tiered action list: warm intros, direct outreach, network gap analysis
    
    Added to business-content install module. Catalog validates: 30/60/140.
    
    * fix(security): npm audit fix — resolve all dependency vulnerabilities
    
    Applied npm audit fix --force to resolve:
    - minimatch ReDoS (3 vulnerabilities, HIGH)
    - smol-toml DoS (MODERATE)
    - brace-expansion memory exhaustion (MODERATE)
    - markdownlint-cli upgraded from 0.47.0 to 0.48.0
    
    npm audit now reports 0 vulnerabilities.
    
    * fix: resolve markdown lint and yarn lockfile sync
    
    - MD047: ensure single trailing newline on all remotion rule files
    - MD012: remove consecutive blank lines in lottie, measuring-dom-nodes, trimming
    - MD034: wrap bare URLs in angle brackets (tailwind, transcribe-captions)
    - yarn.lock: regenerated to sync with npm audit changes in package.json
    
    * fix: replace unicode arrows in lead-intelligence (CI unicode safety check)
  • fix: add antigravity to platform-configs targets
    Fixes #813. The platform-configs module was missing antigravity from its
    targets array, causing all 13+ dependent modules to be skipped when
    installing with --target antigravity --profile full.
  • fix(install): add rust, cpp, csharp to legacy language alias map (#747)
    * fix(install): add rust, cpp, csharp to legacy language alias map
    
    The legacy installer compatibility layer in install-manifests.js was
    missing entries for rust, cpp, and csharp — languages that have
    rules/ directories and (for rust/cpp) install-components.json entries.
    
    Running `./install.sh rust` fails with "Unknown legacy language: rust"
    because LEGACY_LANGUAGE_ALIAS_TO_CANONICAL and
    LEGACY_LANGUAGE_EXTRA_MODULE_IDS didn't include these languages.
    
    Fixes the issue reported in #694 by @mpiton.
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    * fix(install): complete csharp legacy support and add resolution tests
    
    - Add lang:csharp component to install-components.json with
      framework-language module (matching cpp/rust pattern)
    - Update csharp mapping in LEGACY_LANGUAGE_EXTRA_MODULE_IDS from
      empty array to ['framework-language']
    - Add end-to-end resolution tests for rust, cpp, and csharp verifying
      framework-language module is included in resolved moduleIds
    
    Addresses review feedback from Copilot, Greptile, CodeRabbit, and Cubic.
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    ---------
    
    Co-authored-by: Claude <noreply@anthropic.com>
    Co-authored-by: Happy <yesreply@happy.engineering>
  • feat: implement --with/--without selective install flags (#679)
    Add agent: and skill: component families to the install component
    catalog, enabling fine-grained selective install via CLI flags:
    
      ecc install --profile developer --with lang:typescript --without capability:orchestration
      ecc install --with lang:python --with agent:security-reviewer
    
    Changes:
    - Add agent: family (9 entries) and skill: family (10 entries) to
      manifests/install-components.json for granular component addressing
    - Update install-components.schema.json to accept agent: and skill:
      family prefixes
    - Register agent and skill family prefixes in COMPONENT_FAMILY_PREFIXES
      (scripts/lib/install-manifests.js)
    - Add 41 comprehensive tests covering CLI parsing, request normalization,
      component catalog validation, plan resolution, target filtering,
      error handling, and end-to-end install with --with/--without flags
    
    Closes #470
  • fix: add 62 missing skills to install manifests — full profile now covers all 105 skills (#537)
    The "full" install profile only referenced 43 of 105 skills. Added the
    remaining 62 to existing modules or new purpose-built modules:
    
    Existing modules extended:
    - framework-language: +18 (C++, Kotlin, Perl, Rust, Laravel, MCP, Android)
    - database: +1 (database-migrations)
    - workflow-quality: +6 (ai-regression-testing, configure-ecc, e2e-testing,
      plankton-code-quality, project-guidelines-example, skill-stocktake)
    - security: +2 (laravel-security, perl-security)
    
    New modules (5):
    - swift-apple: 6 skills (SwiftUI, concurrency, persistence, Liquid Glass)
    - agentic-patterns: 17 skills (agent harness, autonomous loops, LLM pipelines)
    - devops-infra: 2 skills (deployment-patterns, docker-patterns)
    - supply-chain-domain: 8 skills (logistics, procurement, manufacturing)
    - document-processing: 2 skills (nutrient, visa-doc-translate)
    
    Also added matching install-components entries and updated the "full"
    profile to include all 19 modules. Passes validate-install-manifests.