feat: add Cursor, Codex, and OpenCode harnesses — maximize every AI coding tool

- AGENTS.md: universal cross-tool file read by Claude Code, Cursor, Codex, and OpenCode - .cursor/: 15 hook events via hooks.json, 16 hook scripts with DRY adapter pattern, 29 rules (9 common + 20 language-specific) with Cursor YAML frontmatter - .codex/: reference config.toml, Codex-specific AGENTS.md supplement, 10 skills ported to .agents/skills/ with openai.yaml metadata - .opencode/: 3 new tools (format-code, lint-check, git-summary), 3 new hooks (shell.env, experimental.session.compacting, permission.ask), expanded instructions, version bumped to 1.6.0 - README: fixed Cursor section, added Codex section, added cross-tool parity table - install.sh: now copies hooks.json + hooks/ for --target cursor
2026-03-30 13:43:26 +08:00 · 2026-02-25 10:45:29 -08:00
parent a9b104fc23
commit d70bab85e3
83 changed files with 6249 additions and 212 deletions
--- a/.codex/AGENTS.md
+++ b/.codex/AGENTS.md
@@ -0,0 +1,55 @@
+# ECC for Codex CLI
+
+This supplements the root `AGENTS.md` with Codex-specific guidance.
+
+## Model Recommendations
+
+| Task Type | Recommended Model |
+|-----------|------------------|
+| Routine coding, tests, formatting | o4-mini |
+| Complex features, architecture | o3 |
+| Debugging, refactoring | o4-mini |
+| Security review | o3 |
+
+## Skills Discovery
+
+Skills are auto-loaded from `.agents/skills/`. Each skill contains:
+- `SKILL.md` — Detailed instructions and workflow
+- `agents/openai.yaml` — Codex interface metadata
+
+Available skills:
+- tdd-workflow — Test-driven development with 80%+ coverage
+- security-review — Comprehensive security checklist
+- coding-standards — Universal coding standards
+- frontend-patterns — React/Next.js patterns
+- backend-patterns — API design, database, caching
+- e2e-testing — Playwright E2E tests
+- eval-harness — Eval-driven development
+- strategic-compact — Context management
+- api-design — REST API design patterns
+- verification-loop — Build, test, lint, typecheck, security
+
+## MCP Servers
+
+Configure in `~/.codex/config.toml` under `[mcp_servers]`. See `.codex/config.toml` for reference configuration with GitHub, Context7, Memory, and Sequential Thinking servers.
+
+## Key Differences from Claude Code
+
+| Feature | Claude Code | Codex CLI |
+|---------|------------|-----------|
+| Hooks | 8+ event types | Not yet supported |
+| Context file | CLAUDE.md + AGENTS.md | AGENTS.md only |
+| Skills | Skills loaded via plugin | `.agents/skills/` directory |
+| Commands | `/slash` commands | Instruction-based |
+| Agents | Subagent Task tool | Single agent model |
+| Security | Hook-based enforcement | Instruction + sandbox |
+| MCP | Full support | Command-based only |
+
+## Security Without Hooks
+
+Since Codex lacks hooks, security enforcement is instruction-based:
+1. Always validate inputs at system boundaries
+2. Never hardcode secrets — use environment variables
+3. Run `npm audit` / `pip audit` before committing
+4. Review `git diff` before every push
+5. Use `sandbox_mode = "workspace-write"` in config
--- a/.codex/config.toml
+++ b/.codex/config.toml
@@ -0,0 +1,80 @@
+# Everything Claude Code (ECC) — Codex CLI Reference Configuration
+#
+# Copy this file to ~/.codex/config.toml to apply globally.
+# Or keep it in your project root for project-level config.
+#
+# Docs: https://github.com/openai/codex
+
+# Model selection
+model = "o4-mini"
+model_provider = "openai"
+
+# Permissions
+[permissions]
+# "untrusted" = no writes, "on-request" = ask per action, "never" = full auto
+approval_policy = "on-request"
+# "off", "workspace-read", "workspace-write", "danger-full-access"
+sandbox_mode = "workspace-write"
+
+# Notifications (macOS)
+[notify]
+command = "terminal-notifier -title 'Codex ECC' -message 'Task completed!' -sound default"
+on_complete = true
+
+# History - persistent instructions applied to every session
+[history]
+# These are prepended to every conversation
+persistent_instructions = """
+Follow ECC principles:
+1. Test-Driven Development (TDD) - write tests first, 80%+ coverage required
+2. Immutability - always create new objects, never mutate
+3. Security-First - validate all inputs, no hardcoded secrets
+4. Conventional commits: feat|fix|refactor|docs|test|chore|perf|ci: description
+5. File organization: many small files (200-400 lines, 800 max)
+6. Error handling: handle at every level, never swallow errors
+7. Input validation: schema-based validation at system boundaries
+"""
+
+# MCP Servers
+# Codex supports command-based MCP servers
+[mcp_servers.github]
+command = "npx"
+args = ["-y", "@modelcontextprotocol/server-github"]
+
+[mcp_servers.context7]
+command = "npx"
+args = ["-y", "@upstash/context7-mcp@latest"]
+
+[mcp_servers.memory]
+command = "npx"
+args = ["-y", "@modelcontextprotocol/server-memory"]
+
+[mcp_servers.sequential-thinking]
+command = "npx"
+args = ["-y", "@modelcontextprotocol/server-sequential-thinking"]
+
+# Additional MCP servers (uncomment as needed):
+# [mcp_servers.supabase]
+# command = "npx"
+# args = ["-y", "supabase-mcp-server@latest", "--read-only"]
+#
+# [mcp_servers.firecrawl]
+# command = "npx"
+# args = ["-y", "firecrawl-mcp"]
+#
+# [mcp_servers.railway]
+# command = "npx"
+# args = ["-y", "@anthropic/railway-mcp"]
+
+# Features
+[features]
+web_search_request = true
+
+# Profiles — switch with CODEX_PROFILE=<name>
+[profiles.strict]
+approval_policy = "on-request"
+sandbox_mode = "workspace-read"
+
+[profiles.yolo]
+approval_policy = "never"
+sandbox_mode = "workspace-write"