zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-14 04:01:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
2,061 Commits 41 Branches 15 Tags
02fb7370872c05a767f6bac3c0ffbd1419bc5133
Commit Graph

81 Commits

Author SHA1 Message Date
dependabot[bot] 02fb737087 chore(deps): bump actions/setup-node 
Bumps the actions-minor-and-patch group with 1 update in the / directory: [actions/setup-node](https://github.com/actions/setup-node).


Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/53b83947a5a98c8d113130e565377fae1a50d02f...48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-06-10 01:23:04 +00:00
ECC Test 3e30f1a56a ci: harden workflows and sponsor code review config 2026-06-09 21:20:17 -04:00
ECC Test 10c303e609 ci: harden release announce checkout 2026-06-09 21:03:22 -04:00
ECC Test 3c5bcc2b66 security: harden advisory intake and dependency coverage 2026-06-09 20:46:14 -04:00
Affaan Mustafa edebcc89ef feat(discord): release -> #announcements auto-post + pin + GitHub Discussions (#2201) 
On a published GitHub release, post the notes to the ECC Discord
#announcements channel (via bot), pin it, and cross-post to GitHub
Discussions (Announcements category). Release data flows through env vars
(no shell interpolation of untrusted input). Secrets: DISCORD_BOT_TOKEN,
DISCORD_ANNOUNCE_CHANNEL_ID (repo secrets), GITHUB_TOKEN.

Ties the 2.0.0/1.11.0 official release to the community launch.

Co-authored-by: ECC Test <ecc@example.test>
 2026-06-08 22:38:03 -04:00
dependabot[bot] 09e2bc58d3 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#2183) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-07 13:25:31 +08:00
dependabot[bot] 870c5eb21b chore(deps): bump actions/stale to 10.3.0 (#2045) 
Bumps actions/stale from 10.2.0 to 10.3.0. Verified by the full CI matrix on the PR.
 2026-05-25 14:06:27 -04:00
Affaan Mustafa af9b2c1c4c feat: extend harness audit integration scoring (#1990) 
Salvages the useful harness-audit scoring work from #1989 while preserving the current hook registry and newer plugin install detection. Adds GitHub integration checks, conditional deploy-provider categories, dynamic applicable category metadata, and CODEOWNERS coverage.
 2026-05-19 06:20:54 -04:00
Affaan Mustafa 9ee1e15564 docs: define ECC 2.0 hypergrowth release lane 
Refresh the active 2.0 release surface for the affaan-m/ECC repo identity, update package/plugin/workflow launch metadata, and add an operator command center for release video, partner, sponsor, consulting, and social launch execution.
 2026-05-19 05:42:38 -04:00
Affaan Mustafa 7911af4a39 security: scope release oidc publishing 2026-05-18 13:41:10 -04:00
dependabot[bot] cde0b12180 chore(deps): bump pnpm/action-setup from 6.0.6 to 6.0.8 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 6.0.6 to 6.0.8.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/91ab88e2619ed1f46221f0ba42d1492c02baf788...0e279bb959325dab635dd2c09392533439d90093)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-17 01:33:19 -04:00
Affaan Mustafa a8e3bcb00f Add supply-chain advisory source refresh 2026-05-15 23:09:54 -04:00
Affaan Mustafa f7035b5644 Harden CI installs against supply-chain lifecycle hooks 2026-05-15 17:29:03 -04:00
Affaan Mustafa 6951b8d5d2 Add scheduled supply-chain watch workflow 2026-05-15 16:56:49 -04:00
Affaan Mustafa c2c54e7c0b ci: restore dependency caches without saving (#1934) 2026-05-15 13:51:51 -04:00
Affaan Mustafa 13585f1092 feat: add platform and supply-chain audit commands (#1926) 2026-05-15 08:06:26 -04:00
Affaan Mustafa f7315016c0 feat: add command registry and coverage checks (#1906) 
Salvages the useful parts of #1897 without generated .caliber state or stale counts.

- adds a deterministic command registry generator and drift check
- commits the current command registry for 75 commands
- validates the rc.1 README catalog summary against live counts
- adds a single Ubuntu Node 20 coverage job instead of running coverage in every matrix cell

Co-authored-by: jodunk <jodunk@users.noreply.github.com>
 2026-05-14 22:02:36 -04:00
Affaan Mustafa 7d15a2282b security: add supply-chain IOC scanner (#1904) 2026-05-14 21:15:35 -04:00
Affaan Mustafa 209abd403b ci: disable checkout credential persistence in privileged workflows (#1851) 2026-05-13 01:15:49 -04:00
Affaan Mustafa 797f283036 ci: require npm audit signature checks 
Require npm registry signature verification wherever workflow npm audit checks run.

- add npm audit signatures to CI Security Scan and maintenance security audit jobs
- teach the workflow security validator to reject npm audit without signature verification
- keep the repair and Copilot prompt tests portable across Windows path/case and CRLF frontmatter behavior

Validation:
- node tests/run-all.js (2376 passed, 0 failed)
- CI current-head matrix green on #1846
 2026-05-12 23:48:56 -04:00
Girish Kanjiyani 766f4ee1d8 feat: add GitHub Copilot prompt support 
Adds GitHub Copilot VS Code instruction and prompt files for ECC workflows, with VS Code prompt frontmatter/settings aligned to current docs and tests covering the surface.

Co-authored-by: Girish Kanjiyani <girish.kanjiyani5040@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-12 23:00:00 -04:00
Affaan Mustafa daf0355531 ci: harden workflow install boundaries 
- run non-test workflow installs with npm ci --ignore-scripts where lifecycle scripts are not needed\n- reject plain npm ci in workflows with write permissions\n- reject actions/cache in id-token: write workflows to reduce OIDC publish cache-poisoning risk
 2026-05-12 21:55:36 -04:00
Affaan Mustafa 33db548be3 ci: ignore install scripts in release workflows (#1839) 2026-05-12 21:36:36 -04:00
Affaan Mustafa 6fbf58d590 ci: keep package manager cache failures non-blocking 2026-05-12 18:03:30 -04:00
Affaan Mustafa e674a7dbd7 fix: harden CI validators 
Ports personal-path validator hardening and quoted checkout detection onto current main.
 2026-05-11 03:08:43 -04:00
dependabot[bot] c013479019 build(deps): bump pnpm/action-setup from 6.0.0 to 6.0.6 (#1708) 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 6.0.0 to 6.0.6.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/08c4be7e2e672a47d11bd04269e27e5f3e8529cb...91ab88e2619ed1f46221f0ba42d1492c02baf788)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 01:12:31 -04:00
dependabot[bot] 01b171947c chore(deps): bump actions/cache from 5.0.4 to 5.0.5 (#1497) 
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-11 01:11:50 -04:00
Affaan Mustafa 0a87323eda feat(ecc2): finalize rc1 release surface 2026-04-28 22:10:04 -04:00
Affaan Mustafa 6b7bd7156c fix: relax pnpm strict build checks in CI 2026-04-15 16:44:58 -07:00
Affaan Mustafa 8b5c0c1b07 fix: allow manual release workflow dispatch 2026-04-14 21:02:23 -07:00
Affaan Mustafa b5c4d2beb9 fix: wire npm auth into release publish 2026-04-14 20:43:22 -07:00
Affaan Mustafa 34380326c8 fix: publish npm releases and clarify install identifiers 2026-04-14 20:42:28 -07:00
Affaan Mustafa 85e331e49a Merge pull request #1369 from affaan-m/dependabot/github_actions/pnpm/action-setup-6.0.0 
build(deps): bump pnpm/action-setup from 5.0.0 to 6.0.0
 2026-04-13 01:05:16 -07:00
Affaan Mustafa 5c4570baa5 Merge pull request #1370 from affaan-m/dependabot/github_actions/softprops/action-gh-release-3.0.0 
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
 2026-04-13 00:30:59 -07:00
Affaan Mustafa 1a950e4f83 fix: allow pnpm cache probe under node 18 2026-04-13 00:21:42 -07:00
Affaan Mustafa ef7613c526 fix: use corepack pnpm on node 18 2026-04-13 00:17:17 -07:00
Affaan Mustafa bd207aabe1 fix: use pnpm 9 for node 18 workflow jobs 2026-04-13 00:13:54 -07:00
Affaan Mustafa 6eadf786f5 fix: pin pnpm version for setup action v6 2026-04-13 00:10:39 -07:00
Affaan Mustafa db8247d701 chore: update release action version comments 2026-04-12 23:54:26 -07:00
Affaan Mustafa adb46a95a6 chore: update pnpm action version comments 2026-04-12 23:53:57 -07:00
Affaan Mustafa 48e5a1fa75 Merge pull request #1371 from affaan-m/dependabot/github_actions/actions/github-script-9.0.0 
build(deps): bump actions/github-script from 8.0.0 to 9.0.0
 2026-04-12 23:53:17 -07:00
Affaan Mustafa 2fb041c6de Merge pull request #1368 from affaan-m/dependabot/github_actions/actions/upload-artifact-7.0.1 
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
 2026-04-12 23:53:01 -07:00
Affaan Mustafa 3792b69a38 fix: block unsafe privileged workflow checkouts 2026-04-12 23:23:01 -07:00
Affaan Mustafa 28edd197c2 fix: harden release surface version and packaging sync (#1388) 
* fix: keep ecc release surfaces version-synced

* fix: keep lockfile release version in sync

* fix: remove release version drift from locks and tests

* fix: keep root release metadata version-synced

* fix: keep codex marketplace metadata version-synced

* fix: gate release workflows on full metadata sync

* fix: ship all versioned release metadata

* fix: harden manual release path

* fix: keep localized release docs version-synced

* fix: sync install architecture version examples

* test: cover shipped plugin metadata in npm pack

* fix: verify final npm payload in release script

* fix: ship opencode lockfile in npm package

* docs: sync localized release highlights

* fix: stabilize windows ci portability

* fix: tighten release script version sync

* fix: prefer repo-relative hook file paths

* fix: make npm pack test shell-safe on windows
 2026-04-12 22:33:32 -07:00
dependabot[bot] 57de4129da build(deps): bump actions/github-script from 8.0.0 to 9.0.0 
Bumps [actions/github-script](https://github.com/actions/github-script) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-12 04:52:39 +00:00
dependabot[bot] 5ae63b301f build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-12 04:52:35 +00:00
dependabot[bot] 4b92288a27 build(deps): bump pnpm/action-setup from 5.0.0 to 6.0.0 
Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](https://github.com/pnpm/action-setup/compare/fc06bc1257f339d1d5d8b3a19a8cae5388b55320...08c4be7e2e672a47d11bd04269e27e5f3e8529cb)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-12 04:52:33 +00:00
dependabot[bot] 45faeb90a7 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-12 04:52:29 +00:00
Affaan Mustafa 4967dad08c ci: gate releases on opencode payload verification 2026-04-06 14:08:08 -07:00
Affaan Mustafa c2199710c2 chore: bump actions stale workflow 2026-04-05 15:22:27 -07:00