2062 Commits

  • release: 2.0.0 — the agent harness operating system
    Graduate 2.0.0-rc.1 to stable. Bump version across package, plugin,
    marketplace, OpenCode, agent metadata, VERSION, and all localized docs.
    Add 2.0.0 release notes + README sections (en/zh/pt-BR/tr), CHANGELOG
    entry, and the ECC community Discord bot (dependency-free gateway client
    + guild command registrar). Update copilot-support and release-surface
    tests for the sponsored-review migration and the 2.0.0 surface.
  • feat(discord): release -> #announcements auto-post + pin + GitHub Discussions (#2201)
    On a published GitHub release, post the notes to the ECC Discord
    #announcements channel (via bot), pin it, and cross-post to GitHub
    Discussions (Announcements category). Release data flows through env vars
    (no shell interpolation of untrusted input). Secrets: DISCORD_BOT_TOKEN,
    DISCORD_ANNOUNCE_CHANNEL_ID (repo secrets), GITHUB_TOKEN.
    
    Ties the 2.0.0/1.11.0 official release to the community launch.
    
    Co-authored-by: ECC Test <ecc@example.test>
  • feat: add orch-* orchestrator skill family (#2153)
    * feat: add orch-* orchestrator skill family
    
    Lightweight wrappers that orchestrate existing ECC agents through a gated Research -> Plan -> TDD -> Review -> Commit pipeline, right-sized per task.
    
    - orch-pipeline: shared engine (phases, size classifier, two gates, agent map)
    - orch-add-feature/change-feature/fix-defect/refine-code/build-mvp: thin wrappers delegating to the engine
    
    * chore: register orch-* family in catalog, command registry, and agent.yaml (post-rebase onto green main)
    
    ---------
    
    Co-authored-by: ECC Test <ecc@example.test>
  • fix: make plugin hooks run on Node 21+ and green the suite under modern Node (#2184)
    ROOT CAUSE: hooks load plugin-hook-bootstrap.js via
    `node -e "...; process.argv.splice(1,0,s); require(s)"`. On Node 21+,
    require.main is `undefined` under --eval, so the `if (require.main === module)`
    guard was false and main() never ran — every plugin hook silently no-op'd
    (e.g. the MCP-health PreToolUse hook stopped blocking). CI (Node 18/20) hid
    this; it only surfaces on Node 21+. Fix: also run main() when require.main is
    undefined (the eval-bootstrap case), while staying dormant on real imports.
    
    Also clears pre-existing main debt the full local suite enforces:
    - catalog:sync — README/docs agent+skill counts drifted after recent merges
    - tests/ci/supply-chain-watch-workflow: update checkout SHA to the merged v6.0.3 (#2183)
    - markdownlint + check-unicode-safety --write across docs/skills
    
    Suite: 2683/2683 green under Node v25; lint + unicode clean.
    
    Co-authored-by: ECC Test <ecc@example.test>
  • feat(skills): add laravel-security, laravel-tdd, and php-reviewer agent (#2122)
    * feat(skills): add laravel-security, laravel-tdd, and php-reviewer agent
    
    * fix: resolve code review findings across laravel-security, laravel-tdd, and php-reviewer
    
    - laravel-security: replace env() with config() in runtime code,
      replace wildcard trusted proxies with CIDR ranges, remove blanket
      api/* CSRF exclusion, fix validated() return type, add null-safe
      rate limiter user access, sync mimes/extensions allowlists,
      replace #[Encrypted] with ShouldBeEncrypted, fix RateLimited args
    - laravel-tdd: remove global withoutExceptionHandling() from setUp,
      remove contradictory assertNothingOutgoing(), fix undefined
      variable, replace invalid PHPUnit --min-coverage flag
    - php-reviewer: fix Python contamination, add automated check
      requirement to approval criteria
    
    * fix: align php-reviewer approval criteria and use config dot-notation keys
    
    - agents/php-reviewer.md: sync approval criteria with .txt file version
      (add automated checks requirement for consistency across harnesses)
    - skills/laravel-security/SKILL.md: replace raw env names with proper
      Laravel dot-notation config keys (app.key, services.stripe.*, etc.)
      so config() returns valid values instead of null
    
    * fix: remove unnecessary secret validation for SMTP password
  • docs: fix renamed-repo links, drop stale assessment artifacts (#2058)
    CONTRIBUTING.md still pointed at the old `affaan-m/everything-claude-code`
    repo URL in the Quick Start fork instructions and in the Issues link at
    the bottom. Both relied on GitHub's silent rename-redirect, but the
    literal `cd everything-claude-code` after `gh repo fork` would land in
    the wrong directory now that the repo is `affaan-m/ECC`.
    
    REPO-ASSESSMENT.md and EVALUATION.md were both 2026-03-21 personal
    fork-audit artifacts written from one user's specific install. They
    describe the project as a fork at `Infiniteyieldai/everything-claude-code`
    v1.9.0 with 28 agents / 116 skills / 59 commands and pin the recommended
    mode at "use as upstream tracker". None of that is true anymore (this
    IS the upstream, v2.0.0-rc.1, currently 61 / 246 / 76). EVALUATION.md in
    particular still references a defunct branch (`claude/evaluate-repo-comparison-ASZ9Y`)
    and describes a "Current Setup" of zero installed components as if it
    were universal, which it is not.
    
    Neither file is referenced by anything else in the repo (`rg` confirmed)
    and they actively mislead new contributors and visitors. Delete both.
    
    A targeted line-by-line refresh of EVALUATION.md was considered but
    rejected: bringing only the totals up to date (61/246/76) would leave
    the rest of the document — v1.9.0 references, branch metadata, the
    zero-component "Current Setup" — internally inconsistent (CodeRabbit
    flagged this on the first revision of this PR). Wholesale removal is
    the honest fix.
    
    Translated copies (e.g. docs/pt-BR/README.md still has the 28/116/59
    numbers) are intentionally left for a follow-up i18n PR to keep this
    diff small.
  • fix(commands): resolve active plugin root in /instinct-status (#2037) (#2059)
    The `/instinct-status` slash command template expanded
    `${CLAUDE_PLUGIN_ROOT}` directly and documented a manual-install
    fallback to `~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py`.
    When users had both an active plugin install (under
    `~/.claude/plugins/cache/<slug>/<org>/<version>/`) and a legacy
    `~/.claude/skills/continuous-learning-v2/` directory left over from a
    previous manual install, an empty `CLAUDE_PLUGIN_ROOT` (which Claude
    Code does not always populate in slash-command shell contexts) silently
    made the command read the stale legacy install while the active plugin
    hooks and observer wrote to the new XDG path. The user saw "No
    instincts found" while the system was actively learning — exactly the
    divergence the bug reporter spent hours diagnosing.
    
    Replace the brittle two-block template with the same inline resolver
    pattern that `hooks/hooks.json` and `/sessions` / `/skill-health`
    already use: env var → standard install → known plugin roots → plugin
    cache walk → fallback. The resolver is the canonical `INLINE_RESOLVE`
    constant from `scripts/lib/resolve-ecc-root.js`, so no new code is
    introduced — just consistent adoption of the existing pattern.
    
    Apply the same fix to all five copies of the command:
      - commands/instinct-status.md (canonical)
      - .opencode/commands/instinct-status.md
      - docs/zh-CN/commands/instinct-status.md
      - docs/ja-JP/commands/instinct-status.md
      - docs/tr/commands/instinct-status.md
    
    Extend tests/lib/command-plugin-root.test.js with an assertion that the
    canonical instinct-status.md uses the inline resolver and no longer
    hard-codes the legacy `~/.claude/skills/...` fallback (regression
    guard).
    
    zh-CN copy: polish the Chinese phrasing per LanguageTool feedback
    (`使用与 ... 相同的解析器` → `以与 ... 相同的解析器`) so the verb is
    introduced by an explicit preposition instead of reading as an awkward
    verb-object construction.
  • docs: add Urdu (ur) README translation (#2061)
    * docs: add Urdu (ur) README translation
    
    Adds docs/ur/README.md — a full Urdu translation of the main README.
    Urdu is spoken by 230M+ people globally, with a large developer community
    in Pakistan. This follows the same structure as existing translations
    (de-DE, ja-JP, ko-KR, etc.).
    
    * docs(ur): sync install catalog counts with current repo metadata
    
    The Urdu README stated 60 agents / 232 skills / 75 legacy command shims, but the current repo metadata and English README use 61 / 246 / 76. Update to match so Urdu users following the install guide do not see a verification mismatch (flagged in review).
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
  • feat: Cursor-independent ECC memory via ECC_AGENT_DATA_HOME (#2066)
    * feat: auto-isolate ECC memory data for Cursor via ECC_AGENT_DATA_HOME
    
    Add ECC_AGENT_DATA_HOME (defaults to ~/.claude) with Cursor-aware resolution,
    sessionStart env injection, install scaffolds, and hook bootstrap so memory
    hooks do not collide with Claude Code when both harnesses are used.
    
    Closes #2065
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * fix: log agent-data config errors and ship cursor sessionStart deps
    
    Address CodeRabbit review: log invalid .cursor/ecc-agent-data.json parse
    failures, and copy cursor-session-env.js plus lib deps on legacy Cursor
    install so sessionStart hook path exists without hooks-runtime alone.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * fix: resolve relative agentDataHome paths from project root
    
    Project config values like ".ecc-data" now resolve against the
    repository root (parent of .cursor/), not process.cwd(), so Cursor
    hooks persist memory in the intended directory regardless of hook cwd.
    
    Addresses cubic review on PR #2066.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * docs: explain getHomeDir duplicate and docstring policy
    
    Document why agent-data-home keeps a local home-dir helper (circular
    require with utils.js) and list consolidation options for maintainers.
    Note that CodeRabbit JSDoc coverage warnings are informational relative
    to ECC's usual script documentation style.
    
    Addresses cubic P2 context on PR #2066.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    * test: isolate agent-data-home tests from dogfooded .cursor config
    
    Use isolated temp cwd for default-resolution cases and assert
    resolveAgentDataHome({ projectDir }) reads ecc-agent-data.json.
    Document cwd/project caveats in the test file header.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    ---------
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
  • fix(docs): sync marketplace add URL across translated READMEs (#2050) (#2068)
    PR #2050 updated the root README.zh-CN.md install commands after the
    everything-claude-code → ECC rename, but the same stale marketplace URL
    remained in nine docs/<locale>/README.md copies. Align those quick-start
    and self-hosted install blocks so /plugin install ecc@ecc resolves the
    ecc marketplace instead of everything-claude-code.
  • feat(skills): add codehealth-mcp skill and CodeScene MCP config (#2077)
    * feat(skills): add codehealth-mcp skill and CodeScene MCP config
    
    * docs(skills): add When to Use, How It Works, and Examples sections
    
    * docs(skills): clarify MCP opt-in, data boundaries, and offline behavior
    
    Address security review on PR #2077: no bundled credentials, document what
    tools read locally, failure behavior when MCP is unavailable, and README
    wording that Code Health MCP is optional and not enabled by default.
    
    Co-authored-by: Cursor <cursoragent@cursor.com>
    
    ---------
    
    Co-authored-by: adnasalk-notus <adna.salkovic@notus.hr>
    Co-authored-by: Cursor <cursoragent@cursor.com>
  • feat(mcp): add parallel-search server catalog entry (#2085)
    * feat(mcp): add parallel-search server catalog entry
    
    * fix(mcp): drop placeholder Bearer header from parallel-search entry
    
    The /mcp endpoint accepts anonymous requests by default; baking in a
    placeholder "Authorization: Bearer YOUR_PARALLEL_API_KEY_HERE" header
    breaks the key-free default for users who copy the entry verbatim.
    Move the optional API-key guidance into the description instead.
  • fix(context-monitor): make cost warnings informational, not commands (#2091)
    The PostToolUse cost warnings emit imperative text via additionalContext
    ("Stop and inform the user...", "Review whether...", "Consider whether...").
    Subagents read additionalContext as an instruction and obey the "Stop",
    abandoning their task and returning a prompt-for-direction instead of their
    result — derailing multi-agent workflows. The main loop is also nudged to
    halt mid-task.
    
    Reword all three severities to pure-informational data: keep the
    CRITICAL/WARNING/NOTICE label + the dollar figure (and the threshold), drop
    the imperative sentence, and state plainly it is informational. No logic,
    severity, or threshold change. Existing tests pass (they assert the labels +
    severities, which are preserved).
    
    Before: `COST CRITICAL: Session cost is $X. Stop and inform the user about high cost before continuing.`
    After:  `COST CRITICAL: session total ~$X (over $50). Informational only — not an instruction to stop.`
    
    Co-authored-by: OrenG Tools <tools@orengacademy.com>
  • feat: add intent-driven-development skill (#2092)
    * feat: add intent-driven-development skill
    
    Converts ambiguous feature or engineering requests into scoped,
    verifiable acceptance criteria before implementation starts.
    
    - Chooses between Quick Capture (low/moderate risk) and Full
      Acceptance Brief (security, data, migration, cross-system changes)
    - Reads repo context before asking questions; only asks what cannot
      be inferred
    - Non-blocking by default: records criteria and proceeds unless a
      real risk requires confirmation
    - Rule 9: when an AC fails mid-implementation due to architectural
      constraints, marks it [revised], updates scope/verification method,
      and re-presents only changed criteria rather than silently dropping
    - Output template includes Revision Log for traceability across
      multiple implementation cycles
    
    * fix: add canonical When to Activate, How It Works, and Examples sections
    
    Required for auto-activation mechanism detection per CONTRIBUTING.md
    and existing skill conventions. Sections inserted after the intro
    and before Operating Rules.
    
    * fix: strengthen intent-driven-development skill per review
    
    Address skill-quality review feedback on the intent-driven-development PR:
    
    - Business/product constraints: add Operating Rule 2 forbidding inference
      of business rules, compliance/SLAs, pricing, retention, prioritization,
      and target users from code; surface the technical-vs-business split in
      How It Works, Discover Context, and a dedicated 'supplied, not inferred'
      section in the brief template.
    - Eval-style pass/fail: add a Pass/Fail Examples section (failing vs
      passing AC, plus a misplaced business-rule context entry) and a 5-point
      Pass/Fail Rubric users can apply to the output.
    - Renumber Operating Rules 1-10 accordingly; markdownlint clean.
  • docs: add Spanish (es) translation (#2095)
    Adds a complete Spanish translation of the ECC documentation under
    docs/es/, mirroring the Turkish (docs/tr/) translation in scope.
    141 files covering agents, commands, rules, skills, contexts, examples,
    and core docs. Updates root README.md with the Spanish language link.
    
    Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
  • feat: add inherit-legacy-style — prevent AI code style drift in legac… (#2098)
    * feat: add inherit-legacy-style — prevent AI code style drift in legacy projects
    
    - 4-dimension meta-architecture scan (File Anatomy, State & Control Flow, Infrastructure, Error Handling)
    - Scale-adaptive (small=full read, large=smart sampling)
    - Signal-threshold noise reduction with one-at-a-time grilling protocol
    - Generates .ai-style-rules.md with persistent CLAUDE.md hook
    - Language- and framework-agnostic
    
    * fix: add AskUserQuestion to allowed-tools, add When to Use/How It Works/Examples sections per bot review
    
    ---------
    
    Co-authored-by: wulinzai <linsywu@gmail.com>
  • feat: expand Kiro adapter to full language coverage (#2101)
    * feat: expand Kiro adapter to full language coverage
    
    - Add 17 new agents (typescript, rust, kotlin, java, cpp, django, swift,
      fsharp, pytorch, mle, performance-optimizer) in both .md and .json formats
    - Add 25 new skills (rust, kotlin, java/spring, django, fastapi, nestjs,
      react, nextjs, cpp, swift, mle/pytorch, deep-research, strategic-compact,
      autonomous-loops, content-hash-cache-pattern)
    - Add 6 new language-specific steering files (rust, kotlin, java, cpp, php, ruby)
    - Add 3 new hooks (rust-check-on-edit, python-lint-on-edit, security-check-on-create)
    - Update README with expanded component inventory and documentation
    - Fix install.sh line endings for macOS compatibility
    
    Total Kiro components: 33 agents, 43 skills, 22 steering files, 13 hooks
    
    * fix: resolve P1/P2 violations in Kiro agents, skills, and steering
    
    - java-patterns.md: remove reference to non-existent quarkus-patterns skill
    - kotlin-patterns.md: fix insecure BuildConfig recommendation for secrets
    - swift-actor-persistence: fix Swift version claim (5.9+) and Dictionary crash
    - java-reviewer.md: add recursive framework detection + robust diff chain
    - kotlin-reviewer.md: replace unreliable diff detection with fallback chain
    - rust-reviewer.md: add diff fallback + make CI gating mandatory
    - jpa-patterns: add DISTINCT to fetch-join query to prevent duplicates
    - django-reviewer.md: add migration safety check, narrow save() rule,
      fix pytest-django behavior description
    
    * fix: resolve remaining violations in Kiro agents, skills, and docs
    
    Agents:
    - java-build-resolver.md: remove quarkus-patterns ref, fix 'Initialise' spelling
    - java-reviewer.json: remove quarkus-patterns ref from prompt
    - mle-reviewer.md, cpp-build-resolver.md, java-build-resolver.md,
      performance-optimizer.md: fix allowedTools 'read' -> 'fs_read'
    
    Hooks:
    - rust-check-on-edit: fix description to match askAgent behavior
    
    Skills:
    - content-hash-cache-pattern: hyphenate 'Content-Hash-Based'
    - cpp-testing: hyphenate 'real-time'
    - django-security: use placeholder secrets, fix CSRF_COOKIE_HTTPONLY=False
    - nestjs-patterns: add Logger to HttpExceptionFilter for non-Http errors
    - react-patterns: add React 19 compatibility note for useActionState
    - rust-patterns: remove edition-specific 'Rust 2024+' reference
    - springboot-patterns: cap exponential backoff, recommend Resilience4j
    - springboot-security: fix invalid @Query SQL injection example
    - swift-protocol-di-testing: add thread-safety doc comment to mock
    
    Docs:
    - README.md: fix Project Structure counts (33/43/22/13)
    
    * fix: sync README tree with counts, restore local diff in kotlin-reviewer, correct django FK index guidance
    
    - README.md: Project Structure tree now lists all 33 agents, 43 skills,
      22 steering files, and 13 hooks (was showing old subset)
    - kotlin-reviewer.md: restore git diff --staged / git diff for local
      pre-commit review before falling back to HEAD~1
    - django-reviewer.md: clarify that ForeignKey fields are indexed by
      default; only flag missing db_index on non-FK filter columns
  • docs: fix typos in security guide (#2106)
    Correct clear spelling mistakes in documentation without changing behavior.
    
    Confidence: high
    Scope-risk: narrow
    Tested: git diff --check; uvx codespell on changed files
    Not-tested: Full docs build not run; text-only changes
  • feat(desktop-notify): route OSC 9 notifications through Ghostty (#2114)
    Ghostty natively supports the OSC 9 desktop-notification escape
    (ESC ] 9 ; <message> BEL), the same sequence already used for iTerm2.
    Previously only TERM_PROGRAM === 'iTerm.app' took the escape path, so
    Ghostty users fell through to the osascript path. That makes Script
    Editor the notification owner, and clicking the notification just
    launches Script Editor instead of focusing the terminal.
    
    Adding 'ghostty' to the OSC 9-capable check makes Ghostty the owner,
    so clicking the notification focuses the Ghostty window/tab where
    Claude Code is running. Verified on Ghostty (TERM_PROGRAM=ghostty).
    
    Co-authored-by: 高野智史 <satoshitakano@takanosatoshinoMacBook-Pro-522.local>
    Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • fix(hooks): stop false loop warnings and repeated identical context warnings (#2121)
    * fix(hooks): stop false loop warnings and repeated identical context warnings
    
    Two PostToolUse monitor defects surfaced during a long single-turn session:
    
    1. ecc-metrics-bridge hashToolCall fingerprinted Edit/Write/MultiEdit on
       file_path ONLY, so several distinct edits to the same file produced the
       same hash and tripped the loop detector ("stuck loop") even though every
       edit was different. Now the hash includes the edit content
       (old_string/new_string/content/edits) so distinct edits to one file hash
       differently; identical edits still collide as intended.
    
    2. ecc-context-monitor re-emitted the SAME warning every DEBOUNCE_CALLS (5)
       tool calls even when nothing changed. Because the cost figure only refreshes
       at Stop (turn) boundaries, a single stale value printed the identical
       warning ~20 times within one turn. Dedupe on message content instead: a
       warning surfaces only when its text changes (cost moved, new file count, new
       loop) or on first escalation to critical, and is otherwise suppressed.
    
    Adds regression tests for the same-file/different-content hash case.
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    
    * fix(hooks): address CodeRabbit review (#2121)
    
    - ecc-context-monitor: clear dedupe state when warnings resolve, so the same
      warning text recurring in a later turn (context dips/recovers/dips, a loop
      that stops then restarts) is surfaced again instead of suppressed as a
      duplicate. Guarded so the no-warning hot path stays write-free.
    - ecc-metrics-bridge: hash the FULL serialized edit payload and truncate the
      digest, not the input. Slicing the serialized string to HASH_INPUT_LIMIT
      first could collapse large edits sharing their first 2048 chars, reviving the
      false-loop collision for big Write/edit payloads.
    - Add regression test for >2048-char edit divergence.
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • Add NEXUS to mcp-configs/mcp-servers.json (local cost/privacy proxy) (#2125)
    * Add NEXUS to mcp-configs/mcp-servers.json
    
    NEXUS (github.com/lynuxis2026-pixel/nexus-proxy) is a local, single-binary
    cost/privacy proxy that sits under the harness. Adding it as an MCP server lets
    an ECC agent query its own usage/savings mid-session (nexus_stats, nexus_savings,
    nexus_recent, nexus_providers, nexus_cost_breakdown).
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    * Tighten nexus MCP description to ECC's concise house style
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: ludicolijn1985-blip <ludicolijn1985@gmail.com>
    Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
  • fix(trae): strip trailing slash so skill manifest entries are single-slash (#2126)
    The Trae installer recorded nested skill files with a doubled slash
    (e.g. `skills/skill-comply//pyproject.toml`). The skills loop used the
    glob variable `$d`, which carries a trailing slash, both as the `find`
    root and as the prefix removed from each file path. Under bash, BSD
    `find` with a trailing-slash argument emits `.../skill-comply//file`, so
    `${source_file#$d}` left a leading slash, producing double-slash manifest
    entries that did not match the single-slash paths uninstall.sh expects.
    
    Strip the trailing slash from `$d` and remove the `$d/` prefix so `find`
    emits clean paths and manifest entries are single-slash. Fixes the
    previously failing test in tests/scripts/trae-install.test.js
    ("records nested skill files and the full rules tree in the manifest").
    
    Co-authored-by: affaan-m <tamiraw808@gmail.com>
    Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • fix: surface legacy data warning in instinct-cli status (#2127)
    * fix: surface legacy data warning in instinct-cli status (#2036)
    
    When the data directory moved from ~/.claude/homunculus/ to the
    XDG-compliant ~/.local/share/ecc-homunculus/, legacy installs with data
    still in the old path saw "No instincts found" with no explanation.
    
    Add _warn_legacy_data() to cmd_status so users get a clear, actionable
    warning pointing them to the migration script or the CLV2_HOMUNCULUS_DIR
    override. Wrap the directory scan in try/except to handle permission
    errors gracefully.
    
    Closes #2036
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    * fix: address review feedback — drop unused f-strings, resolve absolute migrate path
    
    Remove extraneous f-prefix from strings without interpolation (ruff F541).
    Resolve migrate-homunculus.sh path relative to instinct-cli.py instead of
    hard-coding a repo-relative path that only works from the repo root.
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    * fix: quote migrate script path to handle spaces
    
    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: kky <lingmu141592@gmail.com>
    Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
  • fix(gateguard): gate force/path git checkout as destructive (#2158)
    * fix(gateguard): gate force/path git checkout as destructive
    
    The destructive-command gate's `checkout` handler only flagged
    `git checkout -- <path>`. It missed `git checkout --force` / `-f <branch>`
    and `git checkout .`, all of which discard uncommitted working-tree changes,
    so they bypassed the gate (once the once-per-session routine-Bash gate is
    satisfied, they ran with no challenge). The sibling `switch` handler already
    covers these force forms; mirror it for `checkout`.
    
    * test(gateguard): document Test 7b force-checkout case
    
    ---------
    
    Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>
  • docs(claude): install manual skills at top level (#2160)
    * docs(claude): install manual skills at top level
    
    * test(docs): guard Claude manual skill install path
    
    * test(docs): detect PowerShell/$HOME nested skill-install paths
    
    Address CodeRabbit on #2160: the nested-path regression guard only matched
    Unix `mkdir`/`cp` with `~`, so a reintroduced PowerShell `Copy-Item ...
    $HOME/.claude/skills/ecc` (or backslash-separated) form would have slipped
    through. Extend the pattern to also cover `Copy-Item`/`New-Item` (and the
    `md`/`copy`/`cpi` aliases), accept `$HOME` as an alternative to `~`, allow both
    `/` and `\` separators, and match case-insensitively.
    
    Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
  • fix: truncate corrupted legacy command shims (#2167)
    tdd.md, e2e.md, and orchestrate.md in legacy-command-shims/commands/ still
    carried their full pre-shim command bodies concatenated below the shim
    headers: a stray '})' and orphaned code fence in tdd.md, leftover Playwright
    test bodies plus a foreign project-specific 'PMX-Specific Critical Flows'
    section in e2e.md, and orphaned report-template fragments in orchestrate.md.
    The trailing bodies also contradicted the shim headers by claiming the
    commands invoke agents directly.
    
    Truncate each file at the end of its Delegation section. The other nine
    legacy shims are clean 20-23 line shims and are untouched.
  • fix: refresh stale technical content in agents, rules, and skills (#2168)
    Several published examples contained APIs that no longer exist, code that
    does not run, or model versions that drifted from reality:
    
    - agents/performance-optimizer.md used the web-vitals v3 API
      (getCLS/getFID/getLCP/getFCP/getTTFB) and reported FID. web-vitals v4
      renamed the imports to onCLS/onINP/onLCP/onFCP/onTTFB and FID was
      replaced by INP (target < 200ms)
    - rules/common/performance.md pinned stale model versions in the
      model-selection guidance; refresh to the versions the repo itself uses
      (agent.yaml pins claude-opus-4-6) and add the PowerShell variant for
      MAX_THINKING_TOKENS next to the bash export
    - skills/python-patterns/SKILL.md: both get_value examples referenced
      default_value without declaring the parameter (NameError); add
      default_value: Any = None to the EAFP and LBYL signatures
    - skills/frontend-patterns/SKILL.md: the custom useQuery example rebuilt
      refetch whenever callers passed inline fetchers/options, re-triggering
      the effect after every state update (infinite fetch loop). Keep the
      latest fetcher/options in refs so refetch stays referentially stable.
      The PASS-labelled useMemo example mutated its input with in-place sort;
      copy before sorting
    - skills/coding-standards/SKILL.md repeated the same PASS-labelled
      in-place-sort-in-useMemo example; same fix
    - rules/typescript/security.md used a vendor-specific OPENAI_API_KEY in
      generic guidance; switch to a neutral API_KEY
    
    Every hand-maintained copy of the affected content is synced in the same
    change: locale mirrors (ja-JP, ko-KR, pt-BR, tr, zh-CN, zh-TW - each only
    where it carries the affected file) and the .agents/.kiro/.cursor harness
    mirrors. Two structural divergences are left alone and noted here:
    .kiro/steering/performance.md has no extended-thinking control list to
    carry the PowerShell variant, and docs/zh-TW/rules/performance.md keeps an
    older condensed thinking section without the budget-cap line.
    rules/zh/performance.md is intentionally untouched - the rules/zh tree is
    being retired in a separate change
  • docs: align command docs with shipped behavior (#2169)
    - multi-{plan,execute,backend,frontend,workflow}.md: add an in-file
      prerequisite note for the external ccg-workflow runtime. README.md already
      warns these commands need codeagent-wrapper and the .ccg prompt tree, but
      users meeting them via the installed slash commands never see the README;
      the commands-core module still installs all five by default
    - quality-gate.md: describe what scripts/hooks/quality-gate.js actually does.
      The doc advertised '/quality-gate [path] [--fix] [--strict]' with lint/type
      checks, but the script reads the file path from hook stdin JSON, toggles
      behavior via ECC_QUALITY_GATE_FIX / ECC_QUALITY_GATE_STRICT env vars, and
      runs formatters only (Biome/Prettier, gofmt, ruff format)
    - claude-devfleet SKILL.md: add a Setup section pointing at the DevFleet
      server repository (github.com/LEC-AI/claude-devfleet, already disclosed in
      mcp-configs/mcp-servers.json) plus the SECURITY.md port-verification note;
      the skill previously assumed a running instance with no way to obtain one
    - regenerate docs/COMMAND-REGISTRY.json for the quality-gate description
  • fix: retire rules/zh from the always-loaded default rules install (#2170)
    rules/zh shipped ~17KB of Chinese rule text into the auto-loaded rules tree
    of every default install (rules-core installs the bare 'rules' path with
    defaultInstall: true), with no paths: frontmatter gating. The content had
    also drifted behind both rules/common and the maintained translations in
    docs/zh-CN/rules/common (e.g. zh/coding-style.md 48 lines vs the 52-line
    docs/zh-CN copy), and 'zh' was already dropped from the installer's language
    help in favor of the gated docs-zh-cn locale module (--locale zh-CN).
    
    - move rules/zh/code-review.md to docs/zh-CN/rules/common/code-review.md:
      the only file with no counterpart in the maintained locale tree (fills a
      zh-CN parity gap with rules/common/code-review.md)
    - delete the remaining 10 rules/zh files, all older duplicates of
      docs/zh-CN/rules/common content
    - update trae-install test to assert the rules tree via rules/web instead
    
    Not addressed here: rules/README.md (~5.5KB of installer docs) still ships
    into the auto-loaded tree via the bare 'rules' module path; filtering README
    files from rule-tree expansion is a separate decision
  • test: skip chmod-based permission tests when running as root (#2171)
    Two tests provoke EACCES via chmod (saveAliases backup double failure,
    appendSessionContent on a read-only file) and already skip on win32, but
    root ignores file modes so both fail when the suite runs as root (for
    example in a default Docker container). Every other chmod-based test in
    the repo already guards with process.getuid?.() === 0; these two were the
    only ones missing the guard. Apply the same skip condition and message.
  • fix: close install manifest packaging gaps (#2172)
    - commands-core now ships scripts/harness-audit.js and scripts/skills-health.js:
      the module installs the whole commands/ dir, so /harness-audit and
      /skill-health were installed without their backing engines on
      manifest-driven installs (the original 1.10.0 failure mode)
    - agentic-patterns now ships scripts/claw.js: the module installs the
      nanoclaw-repl skill, whose workflow operates scripts/claw.js
    - package.json files array gains scripts/skills-health.js so the npm publish
      surface stays aligned with the module graph (claw.js and harness-audit.js
      were already listed)
    - orchestration drops commands/multi-workflow.md and commands/sessions.md
      from its explicit paths: both are already shipped by commands-core, which
      is a declared dependency of the module, so the duplicate ownership produced
      two copy operations per destination in install-state. The two scripts/lib
      entries are kept because hooks-runtime is NOT a declared dependency and a
      standalone orchestration install still needs them
  • fix: send claude prompt via stdin so Windows shell mode does not mangle it (#2174)
    askClaude() passed the full multi-line prompt as a claude
    
    Fix: keep only the short, safe flags (--model, -p) as args and send the prompt over stdin via spawnSync input. The prompt never touches the shell command line, so multi-line/special-char prompts arrive intact. claude -p reads stdin on macOS/Linux too, so behavior is unchanged there.
    
    Verified on Windows 11 (Node 24, claude CLI via npm): real turns now return correct responses, and node tests/scripts/claw.test.js passes 19/19.
    
    Co-authored-by: skausage-ops <268783127+skausage-ops@users.noreply.github.com>
  • fix(skills): keep curl credentials out of argv (#2175)
    * fix(skills): avoid curl credential argv leaks
    
    * test(ci): guard secret curl examples
  • test: guard broken-symlink tests so the suite passes on Windows (#2176)
    * test: guard broken-symlink tests so the suite passes on Windows
    
    Four test cases create a dangling symlink with fs.symlinkSync() to exercise
    statSync catch branches, but did not guard for platforms where symlink
    creation is not permitted. On Windows without Developer Mode / admin rights,
    fs.symlinkSync throws EPERM, so these tests fail and `npm test` is red:
    
      - tests/ci/validators.test.js (Round 73, validate-commands skill entry)
      - tests/lib/session-manager.test.js (Round 83, getAllSessions)
      - tests/lib/session-manager.test.js (Round 84, getSessionById)
      - tests/lib/utils.test.js (Round 84, findFiles)
    
    Wrap each symlinkSync in try/catch and skip cleanly on failure, mirroring the
    existing convention already used in this repo (validators.test.js Round 57 and
    hooks/config-protection.test.js). On Linux/macOS and admin Windows the symlink
    still succeeds and the tests run unchanged; only the unsupported-symlink path
    now skips instead of failing.
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    
    * test: only skip symlink tests on EPERM/EACCES, rethrow other errors
    
    Address CodeRabbit review: the catch blocks swallowed every error, which could
    mask a real test/setup failure as a false skip. Inspect err.code and only take
    the skip path for EPERM/EACCES (symlink creation blocked, e.g. Windows without
    Developer Mode); rethrow anything else so genuine failures still surface.
    
    Per the repo coding guideline: never silently swallow errors.
    
    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
  • feat(skills): add kubernetes-patterns skill (#2178)
    * feat(skills): add kubernetes-patterns skill
    
    * fix(skills): address CodeRabbit review on kubernetes-patterns
    
    - Add When to Use alias section (repo skill-format requirement)
    - Add How It Works overview section (required schema)
    - Add Examples quick-reference table (required schema)
    - Fix RBAC: split into Pattern A (no API, token disabled) and
      Pattern B (needs API, token enabled) to resolve contradiction
      between automountServiceAccountToken: false and Role/RoleBinding
    - Fix missing -n my-namespace flag on OOMKilled kubectl describe command
  • fix(dev-server-block): stop blocking dev-<suffix> scripts (#2179)
    `DEV_PATTERN`'s trailing `\b` treats a hyphen as a word boundary, so
    `dev\b` matched the `dev` prefix of distinct npm scripts like
    `dev-setup` / `dev-docs` / `dev-build` and blocked them with exit 2.
    Replace the trailing `\b` with `(?![\w-])` so the dev server still
    matches (`dev`, `dev;`, `dev:ssr`) but `dev-<suffix>` scripts pass.
    
    Adds regression tests for dev-setup/dev-docs/dev-build (allowed) and
    dev:ssr (still blocked).
    
    Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>
  • fix(session-end): preserve $-sequences in user messages when rewriting summary (#2180)
    The regenerated summary block embeds raw user-message text and was passed
    as the *replacement* argument to String.prototype.replace, where $-sequences
    ($&, $$, $`, $') are special. A user message containing $& re-injected the
    entire matched block (duplicating the summary markers) and $$ collapsed to $,
    silently corrupting the persisted session summary. buildSummarySection only
    escapes newlines and backticks, not $.
    
    Fix: use function replacers (() => summaryBlock) at both rewrite sites so the
    replacement text is treated literally. Adds an end-to-end regression test.
    
    Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>
  • fix(project-detect): match packageKeys on boundaries, not substrings (#2181)
    Framework detection matched a dependency against a framework's packageKeys
    with unbounded substring containment (dep.includes(key)), so any dependency
    whose name merely contained a key was misclassified: `preact` and even
    `reactive` were both detected as `react`.
    
    Match only when the dependency equals the key, or the key is a prefix
    immediately followed by a delimiter (/ . _ -). This still matches every real
    case (react-dom, @remix-run/node, spring-boot-starter, org.springframework.boot,
    github.com/labstack/echo/v4, phoenix_live_view) while excluding preact/reactive
    (and incidentally nextra). Adds regression tests.
    
    Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>