feat(ecc): prune plugin 43→12 items, promote 7 rules to .claude/rules/ (#245)

ECC community plugin pruning: removed 530+ non-essential files (.cursor/, .opencode/, docs/ja-JP, docs/zh-CN, docs/zh-TW, language-specific skills/agents/rules). Retained 4 agents, 3 commands, 5 skills. Promoted 13 rule files (8 common + 5 typescript) to .claude/rules/ for CC native loading. Extracted reusable patterns to EXTRACTED-PATTERNS.md.
2026-04-01 06:33:27 +08:00 · 2026-02-20 15:34:51 +09:00
parent 24047351c2
commit 1bd68ff534
536 changed files with 253 additions and 111479 deletions
--- a/.opencode/commands/security.md
+++ b/.opencode/commands/security.md
@@ -1,89 +0,0 @@
---
-description: Run comprehensive security review
-agent: security-reviewer
-subtask: true
---
-
-# Security Review Command
-
-Conduct a comprehensive security review: $ARGUMENTS
-
-## Your Task
-
-Analyze the specified code for security vulnerabilities following OWASP guidelines and security best practices.
-
-## Security Checklist
-
-### OWASP Top 10
-
-1. **Injection** (SQL, NoSQL, OS command, LDAP)
-   - Check for parameterized queries
-   - Verify input sanitization
-   - Review dynamic query construction
-
-2. **Broken Authentication**
-   - Password storage (bcrypt, argon2)
-   - Session management
-   - Multi-factor authentication
-   - Password reset flows
-
-3. **Sensitive Data Exposure**
-   - Encryption at rest and in transit
-   - Proper key management
-   - PII handling
-
-4. **XML External Entities (XXE)**
-   - Disable DTD processing
-   - Input validation for XML
-
-5. **Broken Access Control**
-   - Authorization checks on every endpoint
-   - Role-based access control
-   - Resource ownership validation
-
-6. **Security Misconfiguration**
-   - Default credentials removed
-   - Error handling doesn't leak info
-   - Security headers configured
-
-7. **Cross-Site Scripting (XSS)**
-   - Output encoding
-   - Content Security Policy
-   - Input sanitization
-
-8. **Insecure Deserialization**
-   - Validate serialized data
-   - Implement integrity checks
-
-9. **Using Components with Known Vulnerabilities**
-   - Run `npm audit`
-   - Check for outdated dependencies
-
-10. **Insufficient Logging & Monitoring**
-    - Security events logged
-    - No sensitive data in logs
-    - Alerting configured
-
-### Additional Checks
-
- [ ] Secrets in code (API keys, passwords)
- [ ] Environment variable handling
- [ ] CORS configuration
- [ ] Rate limiting
- [ ] CSRF protection
- [ ] Secure cookie flags
-
-## Report Format
-
-### Critical Issues
-[Issues that must be fixed immediately]
-
-### High Priority
-[Issues that should be fixed before release]
-
-### Recommendations
-[Security improvements to consider]
-
---
-
-**IMPORTANT**: Security issues are blockers. Do not proceed until critical issues are resolved.