694 Commits

  • chore: prepare v1.9.0 release (#666)
    - Bump version to 1.9.0 in package.json, package-lock.json, .opencode/package.json
    - Add v1.9.0 changelog with 212 commits covering selective install architecture,
      6 new agents, 15+ new skills, session/state infrastructure, observer fixes,
      12 language ecosystems, and community contributions
    - Update README with v1.9.0 release notes and complete agents tree (27 agents)
    - Add pytorch-build-resolver to AGENTS.md agent table
    - Update documentation counts to 27 agents, 109 skills, 57 commands
    - Update version references in zh-CN README
    - All 1421 tests passing, catalog counts verified
  • fix: resolve Windows CI failures and markdown lint (#667)
    - Replace node -e with temp file execution in validator tests to avoid
      Windows shebang parsing failures (node -e cannot handle scripts that
      originally contained #!/usr/bin/env node shebangs)
    - Remove duplicate blank line in skills/rust-patterns/SKILL.md (MD012)
  • docs: add Antigravity setup and usage guide (#552)
    * docs: add Antigravity setup and usage guide
    
    Addresses #462 — users were confused about Antigravity skills setup.
    
    Adds a comprehensive guide covering:
    - Install mapping (ECC → .agent/ directory)
    - Directory structure after install
    - openai.yaml agent config format
    - Managing installs (list, doctor, uninstall)
    - Cross-target comparison table
    - Troubleshooting common issues
    - How to contribute skills with Antigravity support
    
    Also links the guide from the README FAQ section.
    
    * fix: address review feedback on Antigravity guide
    
    - Remove spurious skills/ row from install mapping table, add note
      clarifying .agents/skills/ is static repo layout not installer-mapped
    - Fix repair section: doctor.js diagnoses, repair.js restores
    - Fix .agents/ → .agent/ path typo in custom skills section
    - Clarify 3-step workflow for adding Antigravity skills
    - Fix antigravity-project → antigravity in comparison table
    - Fix "flatten" → "flattened" grammar in README
    - Clarify openai.yaml full nested path structure
    
    * fix: clarify .agents/ vs .agent/ naming and fix Cursor comparison
    
    - Explain that .agents/ (with 's') is ECC source, .agent/ (no 's')
      is Antigravity runtime — installer copies between them
    - Fix Cursor Agents/Skills column: Cursor has no explicit agents/skills
      mapping (only rules), changed from 'skills/' to 'N/A'
    
    * fix: correct installer behavior claims and command style
    
    - Fix .agents/ vs .agent/ note: clarify that only rules, commands, and
      agents (no dot) are explicitly mapped by the installer. The dot-prefixed
      .agents/ directory falls through to default scaffold, not a direct copy.
    - Fix contributor workflow: remove false auto-deploy claim for openai.yaml.
      Clarify .agents/ is static repo layout, not installer-deployed.
    - Fix uninstall command: use direct script call (node scripts/uninstall.js)
      for consistency with doctor.js, repair.js, list-installed.js.
    
    * fix: add missing agents/ step to contributor workflow
    
    Contributors must add an agent definition at agents/ (no dot) for the
    installer to deploy it to .agent/skills/ at runtime. Without this step,
    skills only exist in the static .agents/ layout and are never deployed.
    
    ---------
    
    Co-authored-by: vazidmansuri005 <vazidmansuri005@users.noreply.github.com>
  • feat(skills): add architecture-decision-records skill (#555)
    * feat(skills): add architecture-decision-records skill
    
    Adds a skill that captures architectural decisions made during coding
    sessions as structured ADR documents (Michael Nygard format).
    
    Features:
    - Auto-detects decision moments from conversation signals
    - Records context, alternatives considered with pros/cons, and consequences
    - Maintains numbered ADR files in docs/adr/ with an index
    - Supports ADR lifecycle (proposed → accepted → deprecated/superseded)
    - Categorizes decisions worth recording vs trivial ones to skip
    - Integrates with planner, code-reviewer, and codebase-onboarding skills
    
    Includes Antigravity support via .agents/skills/ and openai.yaml.
    
    * fix: address review feedback on ADR skill
    
    - Add missing "why did we choose X?" read-ADR trigger to .agents/ copy
    - Add canonical-reference link to .agents/ SKILL.md pointing to full version
    - Remove integration reference to non-existent codebase-onboarding skill
    
    * fix: add initialization step and sync .agents/ trigger
    
    - Add Step 1 to workflow: initialize docs/adr/ directory, README.md
      index, and template.md on first use when directory doesn't exist
    - Add "API design" to .agents/ alternatives trigger to match canonical
      version
    
    * fix: address ADR workflow gaps and implicit signal safety
    
    - Init step: seed README.md with index table header so Step 8 can
      append rows correctly on first ADR
    - Add read-path workflow: graceful handling when docs/adr/ is empty
      or absent ("No ADRs found, would you like to start?")
    - Implicit signals: add "do not auto-create without user confirmation"
      guard, tighten triggers to require conclusion/rationale not just
      discussion, remove overly broad "testing strategy" trigger
    
    * fix: require user confirmation before creating files
    
    - Canonical SKILL.md: init step now asks user before creating docs/adr/
    - .agents/ condensed version: add confirmation gate for implicit signals
      and explicit consent step before any file writes
    
    * fix: require user approval before writing ADR file, add refusal path
    
    * fix: remove .agents/ duplicate, keep canonical in skills/
    
    ---------
    
    Co-authored-by: vazidmansuri005 <vazidmansuri005@users.noreply.github.com>
  • feat(commands): add /context-budget optimizer command (#554)
    * feat(commands): add /context-budget optimizer command
    
    Adds a command that audits context window token consumption across
    agents, skills, rules, MCP servers, and CLAUDE.md files.
    
    Detects bloated agent descriptions, redundant components, MCP
    over-subscription, and CLAUDE.md bloat. Produces a prioritized
    report with specific token savings per optimization.
    
    Directly relevant to #434 (agent descriptions too verbose, ~26k
    tokens causing performance warnings).
    
    * fix: address review feedback on context-budget command
    
    - Add $ARGUMENTS to enable --verbose flag passthrough
    - Fix MCP token estimate: 45 tools × ~500 tokens = ~22,500 (was ~2,200)
    - Fix heavy agents example: all 3 now exceed 200-line threshold
    - Fix description threshold: warning at >30 words, fail at >50 words
    - Add Step 4 instructions (was empty)
    - Fix audit cadence: "quarterly" → "regularly" + "monthly" consistently
    - Fix Output Format heading level under Step 4
    - Replace "Antigravity" with generic "harness versions"
    - Recalculate total overhead to match corrected MCP numbers
    
    * fix: correct MCP tool count and savings percentage in sample output
    
    - Fix MCP tool count: table now shows 87 tools matching the issues
      section (was 45 in table vs 87 in issues)
    - Fix savings percentage: 5,100 / 66,400 = 7.7% (was 20.6%)
    - Recalculate total overhead and effective context to match
    
    * fix: correct sample output arithmetic
    
    - Fix total overhead: 66,400 → 66,100 to match component table sum
      (12,400 + 6,200 + 2,800 + 43,500 + 1,200 = 66,100)
    - Fix MCP savings: ~1,500 → ~27,500 tokens (55 tools × 500 tokens/tool)
      to match the per-tool formula defined in Step 1
    - Reorder optimizations by savings (MCP removal is now #1)
    - Fix total savings and percentage (31,100 / 66,100 = 47.0%)
    
    * fix: distinguish always-on vs on-demand agent overhead
    
    Agent descriptions are always loaded into Task tool routing context,
    but the full agent body is only loaded when invoked. The audit now
    measures both: description-only tokens as always-on overhead and
    full-file tokens as worst-case overhead. This resolves the
    contradiction between Step 1 (counting full files) and Tip 1 (saying
    only descriptions are loaded per session).
    
    * fix: simplify agent accounting and resolve inconsistencies
    
    - Revert to single agent overhead metric (full file tokens) — simpler
      and matches what the report actually displays
    - Add back 200-line threshold for heavy agents in Step 1
    - Fix heavy agents action to match issue type (split/trim, not
      description-only)
    - Remove .agents/skills/ scan path (doesn't exist in ECC repo)
    - Consolidate description threshold to single 30-word check
    
    * fix: add model assumption and verbose mode activation
    
    - Step 4: assume 200K context window by default (Claude has no way to
      introspect its model at runtime)
    - Step 4: add explicit instruction to check $ARGUMENTS for --verbose
      flag and include additional output when present
    
    * fix: handle .agents/skills/ duplicates in skill scan
    
    Skills scan now checks .agents/skills/ for Codex harness copies and
    skips identical duplicates to avoid double-counting overhead.
    
    * fix: add savings estimate to heavy agents action for consistency
    
    * feat(skills): add context-budget backing skill, slim command to delegator
    
    * fix: use structurally detectable classification criteria instead of session frequency
    
    ---------
    
    Co-authored-by: vazidmansuri005 <vazidmansuri005@users.noreply.github.com>
  • feat(skills): add codebase-onboarding skill (#553)
    * feat(skills): add codebase-onboarding skill
    
    Adds a skill that systematically analyzes an unfamiliar codebase and
    produces two artifacts: a structured onboarding guide and a starter
    CLAUDE.md tailored to the project's conventions.
    
    Four-phase workflow:
    1. Reconnaissance — parallel detection of manifests, frameworks, entry
       points, directory structure, tooling, and test setup
    2. Architecture mapping — tech stack, patterns, key directories, request
       lifecycle tracing
    3. Convention detection — naming, error handling, async patterns, git
       workflow from recent history
    4. Artifact generation — scannable onboarding guide + project-specific
       CLAUDE.md
    
    Includes Antigravity support via .agents/skills/ and openai.yaml.
    
    * fix: address review feedback on codebase-onboarding skill
    
    - Rename headings to match skill format: When to Activate → When to Use,
      Onboarding Workflow → How It Works
    - Add Examples section with 3 usage scenarios
    - Mark Phase 4 Next.js paths as example with HTML comments
    - Fix CLAUDE.md generation to read/enhance existing file first
    - Replace abbreviated .agents/ SKILL.md with full copy per repo convention
    
    * fix: add example marker to Common Tasks template section
    
    Adds <!-- Example for a Node.js project --> comment to Common Tasks,
    matching the markers already on Key Entry Points and Where to Look.
    Syncs .agents/ copy.
    
    * fix: add missing example markers and shorten default_prompt
    
    - Add example comment to Tech Stack table in Phase 4 template
    - Add example comment to Key Directories block in Phase 2
    - Shorten openai.yaml default_prompt to match repo convention (~60 chars)
    - Sync .agents/ SKILL.md copy
    
    * fix: add empty-repo fallback and remove hardcoded output path
    
    - Phase 3: add fallback for repos with no git history
    - Example 1: remove hardcoded docs/ path assumption, output to
      conversation or project root instead
    - Sync .agents/ copy
    
    * fix: remove .agents/ duplicate, keep canonical in skills/
    
    * fix: clarify Example 1 output destination
    
    * fix: add shallow-clone fallback to git conventions detection
    
    ---------
    
    Co-authored-by: vazidmansuri005 <vazidmansuri005@users.noreply.github.com>
  • feat(skills): add agent-eval for head-to-head coding agent comparison (#540)
    * feat(skills): add agent-eval for head-to-head coding agent comparison
    
    * fix(skills): address PR #540 review feedback for agent-eval skill
    
    - Remove duplicate "When to Use" section (kept "When to Activate")
    - Add Installation section with pip install instructions
    - Change origin from "community" to "ECC" per repo convention
    - Add commit field to YAML task example for reproducibility
    - Fix pass@k mislabeling to "pass rate across repeated runs"
    - Soften worktree isolation language to "reproducibility isolation"
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * Pin agent-eval install to specific commit hash
    
    Address PR review feedback: pin the VCS install to commit
    6d062a2 to avoid supply-chain risk from unpinned external deps.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Joaquin Hui Gomez <joaquinhui1995@gmail.com>
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
  • Merge pull request #664 from ymdvsymd/fix/observer-sandbox-access-661
    fix(clv2): add --allowedTools to observer Haiku invocation (#661)
  • Merge pull request #665 from ymdvsymd/fix/worktree-project-id-mismatch
    fix(clv2): use -e instead of -d for .git check in detect-project.sh
  • fix(clv2): use -e instead of -d for .git check in detect-project.sh
    In git worktrees, .git is a file (not a directory) containing a gitdir
    pointer. The -d test fails for worktree checkouts, causing project
    detection to fall through to the "global" fallback. Changing to -e
    (exists) handles both regular repos and worktrees correctly.
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • fix(clv2): add --allowedTools to observer Haiku invocation (#661)
    The observer's Haiku subprocess cannot access files outside the project
    sandbox (/tmp/ for observations, ~/.claude/homunculus/ for instincts).
    Adding --allowedTools "Read,Write" grants the necessary file access
    while keeping the subprocess constrained by --max-turns and timeout.
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • fix: update catalog counts and resolve lint error
    - Update agent count 26→27 in README.md (quick-start + comparison table) and AGENTS.md (summary + project structure)
    - Update skill count 108→109 in README.md (quick-start + comparison table) and AGENTS.md (summary)
    - Rename unused variable provenance → _provenance in tests/lib/skill-dashboard.test.js
  • feat(skills): add pytorch-patterns skill (#550)
    Adds pytorch-patterns skill covering model architecture, training loops, data loading, and GPU optimization patterns.
  • feat(agents): add pytorch-build-resolver agent (#549)
    Adds pytorch-build-resolver agent for PyTorch runtime/CUDA error resolution, following established agent format.
  • feat(agents): add typescript-reviewer agent (#647)
    Adds typescript-reviewer agent following the established agent format, covering type safety, async correctness, security, and React/Next.js patterns.
  • feat(rules): add Java language rules (#645)
    Adds Java language rules (coding-style, hooks, patterns, security, testing) following the established language rule conventions.
  • fix(observe): allow sdk-ts entrypoint in observation hook (#614)
    Clean surgical fix allowing sdk-ts entrypoint in observe hook for Agent SDK sessions. Has APPROVED review.
  • fix: resolve 8 test failures on main (install pipeline, orchestrator, repair) (#564)
    - Add duplicate slug detection in buildOrchestrationPlan to reject
      worker names that collapse to the same slug
    - Use buildTemplateVariables() for launcher command interpolation
      so _sh and _raw suffixes are available in templates
  • feat: add C++ language support and hook tests (#539)
    - agents: cpp-build-resolver, cpp-reviewer
    - commands: cpp-build, cpp-review, cpp-test
    - rules: cpp/ (coding-style, hooks, patterns, security, testing)
    - tests: 9 new hook test files with comprehensive coverage
    
    Cherry-picked from PR #436.
  • feat: add Codex CLI customization scripts (#336)
    * chore(codex): add global ecc sync script and pnpm mcp config
    
    * chore(codex): include codex supplement when syncing agents
    
    * feat(codex): add global git safety hooks and QA/rule prompt packs
    
    * feat(codex): add global regression sanity check command
    
    ---------
    
    Co-authored-by: TGreen87 <your-email@example.com>
  • feat(design): skill health dashboard mockup (#518)
    * feat(Design): skill health dashboard mockup
    
    * fix(comments): code according to comments
  • feat(agents): add java-reviewer agent (#528)
    * Add java-reviewer agent for Java and Spring Boot code review
    
    * Fix java-reviewer: update tools format, git diff scope, diagnostic commands, AGENTS.md registration
    
    * Fix: correct skill reference, add command injection check, update agent count to 17
    
    * Fix: report-only disclaimer, path traversal, split ScriptEngine, escalation note, agent count 19
  • fix: add 62 missing skills to install manifests — full profile now covers all 105 skills (#537)
    The "full" install profile only referenced 43 of 105 skills. Added the
    remaining 62 to existing modules or new purpose-built modules:
    
    Existing modules extended:
    - framework-language: +18 (C++, Kotlin, Perl, Rust, Laravel, MCP, Android)
    - database: +1 (database-migrations)
    - workflow-quality: +6 (ai-regression-testing, configure-ecc, e2e-testing,
      plankton-code-quality, project-guidelines-example, skill-stocktake)
    - security: +2 (laravel-security, perl-security)
    
    New modules (5):
    - swift-apple: 6 skills (SwiftUI, concurrency, persistence, Liquid Glass)
    - agentic-patterns: 17 skills (agent harness, autonomous loops, LLM pipelines)
    - devops-infra: 2 skills (deployment-patterns, docker-patterns)
    - supply-chain-domain: 8 skills (logistics, procurement, manufacturing)
    - document-processing: 2 skills (nutrient, visa-doc-translate)
    
    Also added matching install-components entries and updated the "full"
    profile to include all 19 modules. Passes validate-install-manifests.
  • fix: observer memory explosion with throttling, re-entrancy guard, and tail sampling (#536)
    Three fixes for the positive feedback loop causing runaway memory usage:
    
    1. SIGUSR1 throttling in observe.sh: Signal observer only every 20
       observations (configurable via ECC_OBSERVER_SIGNAL_EVERY_N) instead
       of on every tool call. Uses a counter file to track invocations.
    
    2. Re-entrancy guard in observer-loop.sh on_usr1(): ANALYZING flag
       prevents parallel Claude analysis processes from spawning when
       signals arrive while analysis is already running.
    
    3. Cooldown + tail-based sampling in observer-loop.sh:
       - 60s cooldown between analyses (ECC_OBSERVER_ANALYSIS_COOLDOWN)
       - Only last 500 lines sent to LLM (ECC_OBSERVER_MAX_ANALYSIS_LINES)
         instead of the entire observations file
    
    Closes #521
  • docs: add npm install step before running install.sh (#526)
    The install script requires the ajv package (a devDependency) for
    config validation. Without running npm install first, users get
    "Cannot find module 'ajv'" when running ./install.sh.
    
    Co-authored-by: Jeffrey Jordan <jeffreyjordan@dizplai.com>
  • chore(config): governance and config foundation (#292)
    * chore(config): governance and config foundation (PR #272 split 1/6)
    
    Add repository governance and configuration files:
    - CODEOWNERS: review authority model
    - ISSUE_TEMPLATE: Copilot task template
    - PULL_REQUEST_TEMPLATE: comprehensive review checklist
    - .env.example: environment variable documentation
    - .tool-versions: asdf/mise compatibility (Node 20, Python 3.12)
    - .gitignore: expanded coverage (build, test, Python, tmp)
    - .markdownlint.json: add MD009 trailing whitespace rule
    - VERSION: 0.1.0
    
    This is PR 1 of 6 from the PR #272 decomposition plan.
    Dependency chain: PR-1 → PR-2 → PR-3 → PR-4/5/6 (parallel)
    
    * chore(config): remove fork-specific CODEOWNERS from upstream PR
    
    CODEOWNERS references @alfraido86-jpg (fork owner). Submitting this to
    upstream would override @affaan-m's review authority. CODEOWNERS belongs
    in the fork only, not in upstream contributions.
    
    Ref: SAM finding F9 (run-048 audit)
    
    * chore: address CodeRabbit review feedback on PR #292
    
    - Scope markdownlint config to repo files (globs pattern)
    - Add pre-commit hook checkbox to PR template
    
    Ref: CodeRabbit review on PR #292
    
    * fix(config): address CodeRabbit nitpicks N2 and N3
    
    N2: Move pre-commit hooks checkbox higher in security checklist.
    N3: Replace global MD009 disable with scoped config (br_spaces: 2).
    
    * fix(config): use recursive glob for node_modules exclusion (N4)
  • fix: export run() to avoid Windows spawnSync issues (#431)
    - session-end-marker.js now exports run() function
    - Enables in-process execution via run-with-flags.js
    - Avoids spawnSync cross-platform issues on Windows
    - Maintains backward compatibility with direct CLI execution
    
    Fixes #429
    
    Co-authored-by: 阳虎 <yanghu@yanghudeMacBook-Pro.local>
  • fix(continuous-learning-v2): add lazy-start observer logic (#508)
    * feat(continuous-learning-v2): add lazy-start observer logic
    
    Auto-starts observer when observer.enabled: true in config and no .observer.pid exists.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(continuous-learning-v2): address PR review concerns
    
    - Use flock for atomic check-then-act to prevent race conditions
    - Check both project-scoped AND global PID files before starting
    - Support CLV2_CONFIG override for config file path
    - Check disabled file in lazy-start logic
    - Use double-check pattern after acquiring lock
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(observe.sh): address PR review comments
    
    - Add stale PID cleanup via _CHECK_OBSERVER_RUNNING function
    - Add macOS fallback using lockfile when flock unavailable
    - Fix CLV2_CONFIG override: use EFFECTIVE_CONFIG for both check and read
    - Use proper Python context manager (with open() as f)
    - Deduplicate signaled PIDs to avoid duplicate USR1 signals
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(observe.sh): wrap macOS lockfile fallback in subshell with trap
    
    - Wrap lockfile block in subshell so exit 0 only terminates that block
    - Add trap for EXIT to clean up lock file on script interruption
    - Add -l 30 (30 second expiry) to prevent permanent lock file stuck
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * fix(observe.sh): address remaining PR review comments
    
    - Validate PID is a positive integer before kill calls to prevent
      signaling invalid targets (e.g. -1 could signal all processes)
    - Pass config path via env var instead of interpolating shell variable
      into Python -c string to prevent injection/breakage on special paths
    - Check CLV2_CONFIG-derived directory for disabled file so disable
      guard respects the same config source as lazy-start
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
  • fix(ci): enforce catalog count integrity (#525)
    * fix(ci): enforce catalog count integrity
    
    * test: harden catalog structure parsing
  • Add Claude DevFleet multi-agent orchestration skill (#505)
    * Add Claude DevFleet multi-agent orchestration skill
    
    Adds a skill for Claude DevFleet — a multi-agent coding platform that dispatches
    Claude Code agents to work on missions in parallel, each in an isolated git worktree.
    
    The skill teaches Claude Code how to use DevFleet's 11 MCP tools to plan projects,
    dispatch agents, monitor progress, and read structured reports.
    
    Setup: claude mcp add devfleet --transport sse http://localhost:18801/mcp/sse
    Repo: https://github.com/LEC-AI/claude-devfleet
    
    * Add DevFleet MCP config and /devfleet command
    
    - Add devfleet entry to mcp-configs/mcp-servers.json for discovery
    - Add /devfleet slash command for multi-agent orchestration workflow
    
    * Add orchestration flow diagrams to skill and command
    
    - Add visual flow to SKILL.md showing plan → dispatch → auto-chain → report
    - Add flow to /devfleet command showing the trigger sequence
    
    * Fix review feedback: frontmatter, workflow docs, HTTP transport
    
    - Add YAML description frontmatter to commands/devfleet.md
    - Fix manual workflow in SKILL.md to capture project_id from create_project
    - Change mcp-servers.json from deprecated SSE to Streamable HTTP transport
    
    * Address all review comments
    
    * Add monitoring/reporting steps to full auto pattern
    
    Addresses review feedback: the full auto example now includes polling
    for completion and retrieving reports, matching the other patterns.
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    * Update skills/claude-devfleet/SKILL.md
    
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    
    * Update skills/claude-devfleet/SKILL.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    * Update commands/devfleet.md
    
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
    
    * Fix review feedback
    
    Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Avdhesh Singh Chouhan <avdhesh.acro@gmail.com>
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
    Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
    Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
  • feat(skill): add data-scraper-agent — AI-powered public data collection for any source (#503)
    * feat(skill): add data-scraper-agent skill
    
    Workflow skill for building AI-powered public data collection agents.
    Covers any scraping target: job boards, prices, news, GitHub, sports, events.
    
    - Full architecture guide (config.yaml, scraper/, ai/, storage/)
    - Gemini Flash free tier client with 4-model fallback chain
    - Batch API pattern (5 items/call) — stays within free tier
    - Feedback learning loop from user decisions
    - Notion / Sheets / Supabase storage templates
    - GitHub Actions cron schedule (100% free)
    - Anti-patterns table, free tier limits reference, quality checklist
    - Real-world examples and reference implementation (job-hunt-agent)
    
    * fix(skill): address PR #503 review violations in data-scraper-agent
    
    - Read batch_size from config.yaml instead of hardcoded constant
    - Branch main.py on storage.provider; label example as Notion-only
    - Replace undefined sync_feedback() with load_feedback() + comment
    - Add commented Playwright browser install step to CI workflow
    - Add permissions: contents: write; remove silent `git push || true`
    - Remove external unvetted repo link from Reference Implementation
    - Move import json to top of pipeline.py block (was after usage)
    - Guard context.md read with exists() check; fall back to empty string
    - Replace deprecated datetime.utcnow() with datetime.now(timezone.utc)
    - Remove duplicate config.yaml entry from project directory template
  • feat(skills): add team-builder skill (#501)
    * feat(skills): add team-builder skill
    
    Interactive agent picker that dynamically discovers agent markdown files,
    presents a browsable domain menu, and dispatches selected agents in parallel
    on a user-defined task with synthesized results.
    
    * fix: address PR #501 review feedback
    
    - Support both flat and subdirectory agent layouts
    - Multi-path discovery with fallback probe order
    - Empty-discovery fallback with helpful error message
    - Enforce 5-agent cap at selection time
    - Rename sections for clarity (Process → How It Works)
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    * fix: resolve PR #501 round 2 review feedback
    
    - Fix contradictory probe-order semantics: merge-all, not first-wins
    - Fix flat-layout domain extraction: frequency-based (2+ files) heuristic
    - Add multi-word domain limitation note for flat layout
    - Define deterministic ordering for overflow selection (alphabetical)
    - Clarify TeamCreate as Claude Code tool, not undefined reference
    - Shorten description frontmatter to ~60 chars
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    * fix: resolve PR #501 round 3 review feedback
    
    - Flat layout example now shows 2+ files per prefix (marketing, sales)
      to match the documented 2+ rule
    - Add filename-based fallback when agent file has no # Heading
    - Add failure handling for parallel agent spawns in Step 4
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Sebastien Tang <128077249+Sabdenrog@users.noreply.github.com>
    Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • feat: add ai-regression-testing skill (#433)
    Patterns for catching regressions introduced by AI coding agents.
    Covers sandbox/production parity testing, API response shape
    verification, and integration with bug-check workflows.
    
    Based on real-world experience where AI (Claude Code) introduced
    the same bug 4 times because the same model wrote and reviewed
    the code — only automated tests caught it.
    
    Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
  • feat: add laravel skills (#420)
    * feat: add laravel skills
    
    * docs: fix laravel patterns example
    
    * docs: add laravel api example
    
    * docs: update readme and configure-ecc for laravel skills
    
    * docs: reference laravel skills in php rules
    
    * docs: add php import guidance
    
    * docs: expand laravel skills with more pattern, security, testing, and verification examples
    
    * docs: add laravel routing, security, testing, and sail guidance
    
    * docs: fix laravel example issues from code review
    
    * docs: fix laravel examples and skills per review findings
    
    * docs: resolve remaining laravel review fixes
    
    * docs: refine laravel patterns and tdd guidance
    
    * docs: clarify laravel queue healthcheck guidance
    
    * docs: fix laravel examples and test guidance
    
    * docs: correct laravel tdd and api example details
    
    * docs: align laravel form request auth semantics
    
    * docs: fix laravel coverage, imports, and scope guidance
    
    * docs: align laravel tdd and security examples with guidance
    
    * docs: tighten laravel form request authorization examples
    
    * docs: fix laravel tdd and queue job examples
    
    * docs: harden laravel rate limiting and policy examples
    
    * docs: fix laravel pagination, validation, and verification examples
    
    * docs: align laravel controller response with envelope
    
    * docs: strengthen laravel password validation example
    
    * docs: address feedback regarding examples
    
    * docs: improve guidance and examples for pest usage
    
    * docs: clarify laravel upload storage and authorization notes
    
    * docs: tighten up examples
  • Add PowerShell installer wrapper and update documentation (#532)
    * Add install.ps1 PowerShell wrapper and tests
    
    Add a Windows-native PowerShell wrapper (install.ps1) that resolves symlinks and delegates to the Node-based installer runtime. Update README with PowerShell usage examples and cross-platform npx entrypoint guidance. Point the ecc-install bin to the Node installer (scripts/install-apply.js) in package.json (and refresh package-lock), include install.ps1 in package files, and add tests: a new install-ps1.test.js and a tweak to install-sh.test.js to skip on Windows. These changes provide native Windows installer support while keeping npm-compatible cross-platform invocation.
    
    * Improve tests for Windows HOME/USERPROFILE
    
    Make tests more cross-platform by ensuring HOME and USERPROFILE are kept in sync and by normalizing test file paths for display.
    
    - tests/lib/session-adapters.test.js: set USERPROFILE when temporarily setting HOME and restore previous USERPROFILE on teardown.
    - tests/run-all.js: use a normalized displayPath (forward-slash separated) for logging and error messages so output is consistent across platforms.
    - tests/scripts/ecc.test.js & tests/scripts/session-inspect.test.js: build envOverrides from options.env and add HOME <-> USERPROFILE fallbacks so spawned child processes receive both variables when only one is provided.
    
    These changes prevent test failures and inconsistent logs on Windows where USERPROFILE is used instead of HOME.
    
    * Fix Windows paths and test flakiness
    
    Improve cross-platform behavior and test stability.
    
    - Remove unused createLegacyInstallPlan import from install-lifecycle.js.
    - Change resolveInstallConfigPath to use path.normalize(path.join(cwd, configPath)) to produce normalized relative paths.
    - Tests: add toBashPath and normalizedRelativePath helpers to normalize Windows paths for bash and comparisons.
    - Make cleanupTestDir retry rmSync on transient Windows errors (EPERM/EBUSY/ENOTEMPTY) with short backoff using sleepMs.
    - Ensure spawned test processes receive USERPROFILE and convert repo/detect paths to bash format when invoking bash.
    
    These changes reduce Windows-specific failures and flakiness in the test suite and tidy up a small unused import.
  • feat(skills): add mcp-server-patterns (#531)
    * feat(skills): add mcp-server-patterns
    
    Made-with: Cursor
    
    * chore: add mcp-server-patterns to .agents/skills and .cursor/skills (cross-harness)
    
    Made-with: Cursor
    
    * fix: address PR review — When to Use / How It Works / Examples sections; Prompts primitive; stdio connect example; Streamable HTTP; resource handler(uri); SDK API note (tool vs registerTool)
    
    Made-with: Cursor
    
    * mcp-server-patterns: replace invalid StdioServerTransport.create() with version-agnostic note
    
    Made-with: Cursor
    
    * mcp-server-patterns: remove GitHub link, document SDK signature variance
    
    Made-with: Cursor
  • feat(commands): add /docs; feat(mcp-configs): document Context7 (#530)
    * feat(commands): add /docs; feat(agents): add docs-lookup; feat(mcp-configs): document Context7; docs: add MCP subsection to CONTRIBUTING
    
    Made-with: Cursor
    
    * fix: address PR review — use Context7 MCP tool names in docs-lookup agent; CONTRIBUTING Agent Fields + MCP wording; mcp-config description; /docs quoted example; treat fetched docs as untrusted
    
    Made-with: Cursor
    
    * docs-lookup: note that harness may expose Context7 tools under prefixed names
    
    Made-with: Cursor
    
    * docs-lookup: examples use prefixed tool names (mcp__context7__*) for resolution
    
    Made-with: Cursor
  • feat(agents): add Rust language support (#523)
    * feat(agents): add Rust language support — reviewer, build resolver, patterns, and testing
    
    Add Rust-specific agents and skills following the established Go/Kotlin pattern:
    - agents/rust-reviewer.md: ownership, lifetimes, unsafe audit, clippy, error handling
    - agents/rust-build-resolver.md: cargo build errors, borrow checker, dependency resolution
    - skills/rust-patterns/SKILL.md: idiomatic Rust patterns and best practices
    - skills/rust-testing/SKILL.md: TDD, unit/integration/async/property-based testing
    
    * fix(agents): correct Rust examples for accuracy and consistency
    
    - unsafe fn: add inner unsafe {} block for Rust 2024 edition compliance
    - edition: update from 2021 to 2024 as current default
    - rstest: add missing fixture import
    - mockall: add missing predicate::eq import
    - concurrency: use sync_channel (bounded) and expect() over unwrap()
      to align with rust-reviewer's HIGH-priority review checks
    
    * fix(skills): correct compilation issues in Rust code examples
    
    - collect: add .copied() for &str iterator into String
    - tokio import: remove unused sleep, keep Duration
    - async test: add missing Duration import
    
    * fix(skills): move --no-fail-fast before test-binary args
    
    --no-fail-fast is a Cargo option, not a test binary flag.
    Placing it after -- forwards it to the test harness where it is
    unrecognized.
    
    * fix(agents): distinguish missing cargo-audit from real audit failures
    
    Check if cargo-audit is installed before running it, so actual
    vulnerability findings are not suppressed by the fallback message.
    
    * fix: address automated review findings across all Rust files
    
    - build-resolver: prefer scoped cargo update over full refresh
    - testing: add Cargo.toml bench config with harness = false for criterion
    - testing: condense TDD example to stay under 500-line limit
    - patterns: use expect() over unwrap() on JoinHandle for consistency
    - patterns: add explicit lifetime to unsafe FFI return reference
    - reviewer: replace misleading "string interpolation" with concrete alternatives
    
    * fix: align with CONTRIBUTING.md conventions
    
    - skills: rename "When to Activate" to "When to Use" per template
    - reviewer: add cargo check gate before starting review
    
    * fix(agents): guard cargo-audit and cargo-deny with availability checks
    
    Match the pattern used in rust-build-resolver to avoid command-not-found
    errors when optional tools are not installed.
    
    * fix: address second round of automated review findings
    
    - testing: split TDD example into separate code blocks to avoid
      duplicate fn definition in single block
    - build-resolver/reviewer: use if/then/else instead of && ... ||
      chaining for cargo-audit/deny to avoid masking real failures
    - build-resolver: add MSRV caveat to edition upgrade guidance
    
    * feat: add Rust slash commands for build, review, and test
    
    Add commands/rust-build.md, commands/rust-review.md, and
    commands/rust-test.md to provide consistent user entrypoints
    matching the existing Go and Kotlin command patterns.
    
    * fix(commands): improve rust-build accuracy and tone
    
    - Restructure-first borrow fix example instead of clone-first
    - Realistic cargo test output format (per-test lines, not per-file)
    - Align "Parse Errors" step with actual resolver behavior
    - Prefer restructuring over cloning in common errors table
    
    * fix: address cubic-dev-ai review findings on commands
    
    - Gate review on all automated checks, not just cargo check
    - Use git diff HEAD~1 / git diff main...HEAD for PR file selection
    - Fix #[must_use] guidance: Result is already must_use by type
    - Remove error-masking fallback on cargo tree --duplicates
    
    * fix: address remaining review findings across all bots
    
    - Add rust-reviewer and rust-build-resolver to AGENTS.md registry
    - Update agent count from 16 to 18
    - Mark parse_config doctest as no_run (body is todo!())
    - Add "How It Works" section to both Rust skills
    - Replace cargo install with taiki-e/install-action in CI snippet
    - Trim tarpaulin section to stay under 500-line limit
    
    * fix(agents): align rust-reviewer invocation with command spec
    
    - Use git diff HEAD~1 / main...HEAD instead of bare git diff
    - Add cargo test as explicit step before review begins
    
    * fix(skills): address cubic review on patterns and testing
    
    - Remove Tokio-specific language from How It Works summary
    - Add cargo-llvm-cov install note in coverage section
    - Revert no_run on doctest examples (illustrative code, not compiled)
    
    * fix(skills): use expect on thread join for consistency
    
    Replace handle.join().unwrap() with .expect("worker thread panicked")
    to match the .expect("mutex poisoned") pattern used above.
    
    * fix(agents): gate review on all automated checks, not just cargo check
    
    Consolidate check/clippy/fmt/test into a single gate step that
    stops and reports if any fail, matching the command spec.
    
    * fix(skills): replace unwrap with expect in channel example
    
    Use .expect("receiver disconnected") on tx.send() for consistency
    with the .expect() convention used in all other concurrency examples.
    
    * fix: address final review round — OpenCode mirrors, counts, examples
    
    - Add .opencode/commands/rust-{build,review,test}.md mirrors
    - Add .opencode/prompts/agents/rust-{build-resolver,reviewer}.txt mirrors
    - Fix AGENTS.md count to 20 (add missing kotlin agents to table)
    - Fix review example: all checks pass (consistent with gate policy)
    - Replace should_panic doctest with is_err() (consistent with best practices)
    - Trim testing commands to stay at 500-line limit
    
    * fix: address cubic and greptile review on OpenCode files and agents
    
    - Fix crate::module import guidance (internal path, not Cargo.toml)
    - Add cargo fmt --check to verification steps
    - Fix TDD GREEN example to handle error path (validate(input)?)
    - Scope .context() guidance to anyhow/eyre application code
    - Update command count from 40 to 51
    - Add tokio channel variants to unbounded channel warning
    - Preserve JoinError context in spawned task panic message
    
    * fix: stale command count, channel guidance, cargo tree fallback
    
    - Fix stale command count in Project Structure section (40→51)
    - Clarify unbounded channel rule: context-appropriate bounded alternatives
    - Remove dead cargo tree fallback (exits 0 even with no duplicates)
    - Sync OpenCode reviewer mirror with tokio channel coverage
  • fix: resolve all CI test failures (19 fixes across 6 files) (#519)
    - canonical-session: fall back to JSON file recording when the loaded
      state-store module has no writer methods (factory vs instance)
    - install-executor: skip node_modules and .git dirs in listFilesRecursive
      to prevent ETIMEDOUT copying thousands of .opencode dependency files
    - ecc.js: increase maxBuffer to 10MB for spawned subcommands to prevent
      ENOBUFS on large install plan JSON output
    - install-apply.test: update Cursor and Antigravity path assertions to
      match flattened rule layout and remapped dirs (workflows, skills)
    - ecc.test: increase maxBuffer in test runner to handle large output
    - orchestrate-codex-worker.sh: guard against unreadable task file before
      cat, write failure status and handoff artifacts on early exit
  • feat: add SQLite state store and query CLI (#510)
    * feat: add SQLite state store and ECC status CLI
    
    * fix: replace better-sqlite3 with sql.js to eliminate native module CI failures
    
    better-sqlite3 requires native C++ compilation (node-gyp, prebuild-install)
    which fails in CI across npm/pnpm on all platforms:
    - npm ci: lock file out of sync with native transitive deps
    - pnpm: native bindings not found at runtime
    - Windows: native compilation fails entirely
    
    sql.js is a pure JavaScript/WASM SQLite implementation with zero native
    dependencies. The adapter in index.js wraps the sql.js API to match the
    better-sqlite3 interface used by migrations.js and queries.js.
    
    Key implementation detail: sql.js db.export() implicitly ends active
    transactions, so the adapter defers disk writes (saveToDisk) until
    after transaction commit via an inTransaction guard flag.
    
    createStateStore is now async (sql.js requires async WASM init).
    Updated status.js, sessions-cli.js, and tests accordingly.