Commit Graph

31 Commits

  • Merge pull request #2221 from hretheum/feat/add-brand-discovery-competitive-skills
    feat(skills): add brand-discovery and competitive benchmarking pipeline. Catalog counts reconciled.
  • fix(ci): catalog sync, markdownlint, unicode safety, unsupported frontmatter key
    catalog:sync: update skill count 261→265 in README.md, AGENTS.md,
    docs/zh-CN/AGENTS.md, .claude-plugin/plugin.json
    
    markdownlint:
    - MD009: strip trailing spaces in 10_purpose-why, 20_positioning,
      40_personality-archetype, 50_voice-tone, 60_narrative-story, 90_SYNTHESIS
      (both skills/ and .agents/skills/ copies)
    - MD037: wrap ___ placeholders in backticks in 70_founder-tension.md:39
    - MD028: replace blank lines inside blockquotes with bare > in 90_SYNTHESIS.md
    
    unicode-safety: replace U+2194 (↔) with ASCII <-> in 50_voice-tone.md and
    competitive-report-structure/SKILL.md (both copies)
    
    codex-validator: remove unsupported `origin: community` key from
    brand-discovery, competitive-platform-analysis, competitive-report-structure,
    benchmark-methodology SKILL.md files (both copies)
  • release: 2.0.0 — the agent harness operating system
    Graduate 2.0.0-rc.1 to stable. Bump version across package, plugin,
    marketplace, OpenCode, agent metadata, VERSION, and all localized docs.
    Add 2.0.0 release notes + README sections (en/zh/pt-BR/tr), CHANGELOG
    entry, and the ECC community Discord bot (dependency-free gateway client
    + guild command registrar). Update copilot-support and release-surface
    tests for the sponsored-review migration and the 2.0.0 surface.
  • feat: add ECC2 local control pane (#2131)
    * feat: add ECC2 local control pane
    
    * fix: refresh control pane package locks
    
    * test: harden control pane coverage
    
    * test: allow portable control pane shutdown
    
    * test: retry local control pane fetches
    
    * fix: harden control pane error handling
    
    * fix: wrap control pane metadata
  • fix: CI fixes, security audit, remotion skill, lead-intelligence, npm audit (#1039)
    * fix(ci): resolve cross-platform test failures
    
    - Sanity check script (check-codex-global-state.sh) now falls back to
      grep -E when ripgrep is not available, fixing the codex-hooks sync
      test on all CI platforms. Patterns converted to POSIX ERE for
      portability.
    - Unicode safety test accepts both / and \ path separators so the
      executable-file assertion passes on Windows.
    - Gacha test sets PYTHONUTF8=1 so Python uses UTF-8 stdout encoding on
      Windows instead of cp1252, preventing UnicodeEncodeError on box-drawing
      characters.
    - Quoted-hook-path test skipped on Windows where NTFS disallows
      double-quote characters in filenames.
    
    * feat: port remotion-video-creation skill (29 rules), restore missing files
    
    New skill:
    - remotion-video-creation: 29 domain-specific Remotion rules covering 3D/Three.js,
      animations, audio, captions, charts, compositions, fonts, GIFs, Lottie,
      measuring, sequencing, tailwind, text animations, timing, transitions,
      trimming, and video embedding. Ported from personal skills.
    
    Restored:
    - autonomous-agent-harness/SKILL.md (was in commit but missing from worktree)
    - lead-intelligence/ (full directory restored from branch commit)
    
    Updated:
    - manifests/install-modules.json: added remotion-video-creation to media-generation
    - README.md + AGENTS.md: synced counts to 139 skills
    
    Catalog validates: 30 agents, 60 commands, 139 skills.
    
    * fix(security): pin MCP server versions, add dependabot, pin github-script SHA
    
    Critical:
    - Pin all npx -y MCP server packages to specific versions in .mcp.json
      to prevent supply chain attacks via version hijacking:
      - @modelcontextprotocol/server-github@2025.4.8
      - @modelcontextprotocol/server-memory@2026.1.26
      - @modelcontextprotocol/server-sequential-thinking@2025.12.18
      - @playwright/mcp@0.0.69 (was 0.0.68)
    
    Medium:
    - Add .github/dependabot.yml for weekly npm + github-actions updates
      with grouped minor/patch PRs
    - Pin actions/github-script to SHA (was @v7 tag, now pinned to commit)
    
    * feat: add social-graph-ranker skill — weighted network proximity scoring
    
    New skill: social-graph-ranker
    - Weighted social graph traversal with exponential decay across hops
    - Bridge Score: B(m) = Σ w(t) · λ^(d(m,t)-1) ranks mutuals by target proximity
    - Extended Score incorporates 2nd-order network (mutual-of-mutual connections)
    - Final ranking includes engagement bonus for responsive connections
    - Runs in parallel with lead-intelligence skill for combined warm+cold outreach
    - Supports X API + LinkedIn CSV for graph harvesting
    - Outputs tiered action list: warm intros, direct outreach, network gap analysis
    
    Added to business-content install module. Catalog validates: 30/60/140.
    
    * fix(security): npm audit fix — resolve all dependency vulnerabilities
    
    Applied npm audit fix --force to resolve:
    - minimatch ReDoS (3 vulnerabilities, HIGH)
    - smol-toml DoS (MODERATE)
    - brace-expansion memory exhaustion (MODERATE)
    - markdownlint-cli upgraded from 0.47.0 to 0.48.0
    
    npm audit now reports 0 vulnerabilities.
    
    * fix: resolve markdown lint and yarn lockfile sync
    
    - MD047: ensure single trailing newline on all remotion rule files
    - MD012: remove consecutive blank lines in lottie, measuring-dom-nodes, trimming
    - MD034: wrap bare URLs in angle brackets (tailwind, transcribe-captions)
    - yarn.lock: regenerated to sync with npm audit changes in package.json
    
    * fix: replace unicode arrows in lead-intelligence (CI unicode safety check)
  • feat(codex): add Codex native plugin manifest and fix Claude plugin.json
    - Add .codex-plugin/plugin.json — Codex-native plugin manifest with
      skills reference and MCP server config pointer
    - Add .codex-plugin/.mcp.json — standalone MCP server config bundle
      (github, context7, exa, memory, playwright, sequential-thinking)
    - Add .codex-plugin/README.md — installation guide and server reference
    - Fix .claude-plugin/plugin.json — add missing agents[] (28 explicit
      file paths per validator rules), skills[], and commands[] arrays;
      remove hooks field (auto-loaded by Claude Code v2.1+ convention)
    - Add tests/plugin-manifest.test.js — 16 CI tests enforcing
      PLUGIN_SCHEMA_NOTES.md rules (no hooks, arrays throughout, explicit
      agent paths, version required, .mcp.json structural checks)
    - Update package.json: add .codex-plugin/ to files[], add plugin
      manifest test to npm test chain
    
    Refs: .claude-plugin/PLUGIN_SCHEMA_NOTES.md
  • chore(deps-dev): bump picomatch
    Bumps the npm_and_yarn group with 1 update in the / directory: [picomatch](https://github.com/micromatch/picomatch).
    
    
    Updates `picomatch` from 4.0.3 to 4.0.4
    - [Release notes](https://github.com/micromatch/picomatch/releases)
    - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
    - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4)
    
    ---
    updated-dependencies:
    - dependency-name: picomatch
      dependency-version: 4.0.4
      dependency-type: indirect
      dependency-group: npm_and_yarn
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
  • fix: safe Codex config sync — merge AGENTS.md + add-only MCP servers (#723)
    * fix: replace bash TOML surgery with Node add-only MCP merge
    
    The old sync script used awk/sed to remove and re-append MCP server
    sections in config.toml, causing credential extraction races, duplicate
    TOML tables, and 3 fragile code paths with 9 remove_section_inplace
    calls each.
    
    Replace with a Node script (scripts/codex/merge-mcp-config.js) that
    uses @iarna/toml to parse the config, then appends only missing ECC
    servers — preserving all existing content byte-for-byte. Warns on
    config drift, supports legacy aliases (context7 → context7-mcp), and
    adds --update-mcp flag for explicit refresh.
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    * fix: address PR #723 review findings for Codex MCP merge
    
    - Use package-manager abstraction (scripts/lib/package-manager.js)
      instead of hardcoding pnpm — respects CLAUDE_PACKAGE_MANAGER,
      lock files, and project config
    - Add Yarn 1.x fallback to npx (yarn dlx unsupported in classic)
    - Add missing exa server to match .codex/config.toml baseline
    - Wire up findSubSections for --update-mcp nested subtable removal
      (fixes Greptile P1: Object.keys only returned top-level keys)
    - Fix resolvedLabel to prefer canonical entry over legacy alias
      when both exist (fixes context7/context7-mcp spurious warning)
    - Fix removeSectionFromText to handle inline TOML comments
    - Fix dry-run + --update-mcp to show removals before early return
    - Update README parity table: 4 → 7 servers, TOML-parser-based
    - Add non-npm install variants to README Codex quick start
    - Update package-lock.json for @iarna/toml
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    * fix: address PR #723 review comments (preflight, marker validation)
    
    - Add Node.js and merge-mcp-config.js to preflight checks so the
      script fails fast before partial writes (CodeRabbit)
    - Validate marker counts: require exactly 1 BEGIN + 1 END in correct
      order for clean replacement (CodeRabbit)
    - Corrupted markers: strip all marker lines and re-append fresh block,
      preserving user content outside markers instead of overwriting
    - Move MCP_MERGE_SCRIPT to preflight section, remove duplicate
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    ---------
    
    Co-authored-by: Claude <noreply@anthropic.com>
    Co-authored-by: Happy <yesreply@happy.engineering>
  • chore(deps-dev): bump flatted (#675)
    Bumps the npm_and_yarn group with 1 update in the / directory: [flatted](https://github.com/WebReflection/flatted).
    
    
    Updates `flatted` from 3.3.3 to 3.4.2
    - [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2)
    
    ---
    updated-dependencies:
    - dependency-name: flatted
      dependency-version: 3.4.2
      dependency-type: indirect
      dependency-group: npm_and_yarn
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • chore: prepare v1.9.0 release (#666)
    - Bump version to 1.9.0 in package.json, package-lock.json, .opencode/package.json
    - Add v1.9.0 changelog with 212 commits covering selective install architecture,
      6 new agents, 15+ new skills, session/state infrastructure, observer fixes,
      12 language ecosystems, and community contributions
    - Update README with v1.9.0 release notes and complete agents tree (27 agents)
    - Add pytorch-build-resolver to AGENTS.md agent table
    - Update documentation counts to 27 agents, 109 skills, 57 commands
    - Update version references in zh-CN README
    - All 1421 tests passing, catalog counts verified
  • Add PowerShell installer wrapper and update documentation (#532)
    * Add install.ps1 PowerShell wrapper and tests
    
    Add a Windows-native PowerShell wrapper (install.ps1) that resolves symlinks and delegates to the Node-based installer runtime. Update README with PowerShell usage examples and cross-platform npx entrypoint guidance. Point the ecc-install bin to the Node installer (scripts/install-apply.js) in package.json (and refresh package-lock), include install.ps1 in package files, and add tests: a new install-ps1.test.js and a tweak to install-sh.test.js to skip on Windows. These changes provide native Windows installer support while keeping npm-compatible cross-platform invocation.
    
    * Improve tests for Windows HOME/USERPROFILE
    
    Make tests more cross-platform by ensuring HOME and USERPROFILE are kept in sync and by normalizing test file paths for display.
    
    - tests/lib/session-adapters.test.js: set USERPROFILE when temporarily setting HOME and restore previous USERPROFILE on teardown.
    - tests/run-all.js: use a normalized displayPath (forward-slash separated) for logging and error messages so output is consistent across platforms.
    - tests/scripts/ecc.test.js & tests/scripts/session-inspect.test.js: build envOverrides from options.env and add HOME <-> USERPROFILE fallbacks so spawned child processes receive both variables when only one is provided.
    
    These changes prevent test failures and inconsistent logs on Windows where USERPROFILE is used instead of HOME.
    
    * Fix Windows paths and test flakiness
    
    Improve cross-platform behavior and test stability.
    
    - Remove unused createLegacyInstallPlan import from install-lifecycle.js.
    - Change resolveInstallConfigPath to use path.normalize(path.join(cwd, configPath)) to produce normalized relative paths.
    - Tests: add toBashPath and normalizedRelativePath helpers to normalize Windows paths for bash and comparisons.
    - Make cleanupTestDir retry rmSync on transient Windows errors (EPERM/EBUSY/ENOTEMPTY) with short backoff using sleepMs.
    - Ensure spawned test processes receive USERPROFILE and convert repo/detect paths to bash format when invoking bash.
    
    These changes reduce Windows-specific failures and flakiness in the test suite and tidy up a small unused import.
  • feat: add SQLite state store and query CLI (#510)
    * feat: add SQLite state store and ECC status CLI
    
    * fix: replace better-sqlite3 with sql.js to eliminate native module CI failures
    
    better-sqlite3 requires native C++ compilation (node-gyp, prebuild-install)
    which fails in CI across npm/pnpm on all platforms:
    - npm ci: lock file out of sync with native transitive deps
    - pnpm: native bindings not found at runtime
    - Windows: native compilation fails entirely
    
    sql.js is a pure JavaScript/WASM SQLite implementation with zero native
    dependencies. The adapter in index.js wraps the sql.js API to match the
    better-sqlite3 interface used by migrations.js and queries.js.
    
    Key implementation detail: sql.js db.export() implicitly ends active
    transactions, so the adapter defers disk writes (saveToDisk) until
    after transaction commit via an inTransaction guard flag.
    
    createStateStore is now async (sql.js requires async WASM init).
    Updated status.js, sessions-cli.js, and tests accordingly.
  • feat: expand session adapter registry with structured targets
    - Registry accepts { type, value } structured targets
    - Add --list-adapters and --target-type CLI flags to session-inspect
    - Export adapter type from claude-history and dmux-tmux adapters
    - 71 new session adapter tests, 34 new session-inspect tests
    - All 1142 tests passing
  • feat: architecture improvements — test discovery, hooks schema, catalog, command map, coverage, cross-harness docs
    - AGENTS.md: sync skills count to 65+
    - tests/run-all.js: glob-based test discovery for *.test.js
    - scripts/ci/validate-hooks.js: validate hooks.json with ajv + schemas/hooks.schema.json
    - schemas/hooks.schema.json: hookItem.type enum command|notification
    - scripts/ci/catalog.js: catalog agents, commands, skills (--json | --md)
    - docs/COMMAND-AGENT-MAP.md: command → agent/skill map
    - docs/ARCHITECTURE-IMPROVEMENTS.md: improvement recommendations
    - package.json: ajv, c8 devDeps; npm run coverage
    - CONTRIBUTING.md: Cross-Harness and Translations section
    - .gitignore: coverage/
    
    Made-with: Cursor
  • fix: remove internal sponsor/partner notes from public README
    The "Traction & Distribution" section contained internal business
    context (sponsor-call checklists, partner reporting instructions)
    that doesn't belong in a user-facing README. Moved to docs/business/.
  • feat: add comprehensive CI/CD pipeline
    Adds GitHub Actions workflows for CI, maintenance, and releases with multi-platform testing matrix.