Recreates the v1.10 hero banner design (sourced from commit 602894ef)
that PR #2225 replaced with a plain HTML header:
- Wordmark and breadcrumb now read ECC / affaan-m/ECC
- Version badge reads v2.0.0 · Jun 2026, eyebrow updated to V2.0
- Top-left mark is the actual assets/ecc-icon.svg lettermark (amber E,
coral CC) instead of a generic coral square
- Catalog columns refreshed with live counts (261 skills, 64 agents,
84 commands, 409 catalog) and real item names from the repo
- Harness pills updated to the current README list (Claude Code, Codex,
Cursor, OpenCode, Gemini, Zed, Copilot)
- SVG source committed as assets/hero.svg so future edits never need
image archaeology; rendered to PNG at 2400x1350 via sharp
README hero line restored to the markdown image; badges, sponsor table,
and guide cards from #2225 kept intact.
* docs(zh-CN): translate ecc-guide and parallel-execution-optimizer skills
Adds Simplified Chinese translations for two untranslated skills,
following the existing docs/zh-CN/skills/ conventions (frontmatter
name/origin preserved, code blocks and output templates kept in
English, prose fully translated).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* docs(zh-CN): polish two phrasings per review
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* docs(zh-CN): add Chinese translation of SKILL-DEVELOPMENT-GUIDE
Translate the comprehensive Skill Development Guide to Chinese,
enabling Chinese-speaking contributors to learn how to create
effective ECC skills.
* fix(docs): correct all relative links in zh-CN translation
Fix CONTRIBUTING.md link to zh-CN local copy, and skills links
to point to repo-root skills/ directory instead of non-existent
docs/skills/.
---------
Co-authored-by: lege962 <1515808962@qq.com>
Co-authored-by: legeZZZ <277193585+legeZZZ@users.noreply.github.com>
- add ecc2/rust-toolchain.toml pinning stable 1.96 (deps now require
edition2024, which needs rustc 1.85+; local 1.84 could no longer build)
- make git test fixtures hermetic: disable core.hooksPath inside temp
repos so global identity-checking pre-push hooks cannot fail tests
* fix(hooks): fail open on oversized stdin instead of echoing truncated JSON (#2222)
run-with-flags.js capped stdin at 1MB but every fallthrough path still
echoed the truncated string to stdout. The harness parses hook stdout as
JSON, got a document cut mid-stream, and blocked the tool call — so any
Edit/Write with a >1MB hook payload was permanently blocked by every
registered pre-write hook, before ECC_HOOK_PROFILE / ECC_DISABLED_HOOKS
gating could run.
- Exit 0 with empty stdout (no opinion) when the stdin cap trips, before
any echo or gating logic.
- Flush stdout via write callback before process.exit: exiting right
after stdout.write() dropped everything past the ~64KB pipe buffer,
cutting even sub-cap pass-through payloads mid-JSON.
Regression tests cover the enabled, disabled, and missing-arg paths for
oversized payloads plus full echo of sub-cap >64KB payloads.
* fix(codex): stop emitting invalid exa url entry, align merge with connector policy (#2224)
The Codex MCP merge declared exa with a url key, but Codex's
[mcp_servers.*] TOML schema is stdio-only — the url key makes the
entire config.toml fail to load, bricking both the codex CLI and the
desktop app. Every install/update re-injected the line because the
urlEntry branch treated the broken entry as present.
- ECC_SERVERS now emits only the current default set per
docs/MCP-CONNECTOR-POLICY.md: chrome-devtools (stdio, command/args).
Retired servers (supabase, playwright, context7, exa, github, memory,
sequential-thinking) are never re-emitted; existing user-managed
entries are untouched.
- The merge now repairs the exact ECC-emitted broken form (url-only
exa entry) on every run so re-running the installer fixes broken
configs instead of preserving them. User stdio exa entries
(command + mcp-remote) are left alone.
- check-codex-global-state.sh requires chrome-devtools instead of the
retired set, and flags url-only exa entries with a repair hint.
Tests cover repair, re-run idempotence, stdio-entry preservation, and
no-retired-server emission in add, update, dry-run, and disabled modes.
* fix(hooks): never echo truncated stdin from Stop hooks (#2090)
Stop hooks follow the ECC pass-through convention (echo stdin on
stdout), but every echoing Stop hook capped stdin and echoed the capped
string. The Stop payload carries last_assistant_message, so a long
final assistant message produced a JSON document cut mid-stream on
stdout, which the harness reports as 'Stop hook error: JSON validation
failed' across the whole Stop chain.
Reproduced: a Stop payload with a >64KB last_assistant_message run
through run-with-flags + cost-tracker emitted exactly 65536 bytes of
invalid JSON (cost-tracker capped stdin at 64KB — far below realistic
Stop payloads).
- cost-tracker: raise the cap to 1MB (matching all other hooks) and
suppress the pass-through echo when stdin was truncated.
- check-console-log, stop-format-typecheck, desktop-notify: suppress
the echo when stdin was truncated; flush stdout before process.exit
so sub-cap payloads are not cut at the ~64KB pipe buffer.
- All hooks keep exiting 0 (fail-open); diagnostics go to stderr.
New stop-hooks-stdout test asserts the contract for every registered
Stop hook: stdout is empty or valid JSON, exit code 0 — for realistic
100KB payloads and oversized >1MB payloads, via the production runner
and via direct invocation. Updated the old hooks.test.js case that
codified the truncated-echo behavior.
* fix(hooks): dampen GateGuard fact-force repetition in long sessions (#2142)
In long autonomous sessions the fact-force gate produced 10+
near-identical 'state facts -> blocked -> restate -> retry' blocks in
one context window, which measurably raises the odds of the model
collapsing into a degenerate single-token repetition loop.
- Track a per-session fact_force_denials counter in GateGuard state
(merged max across concurrent writers, reset with the session, robust
to malformed on-disk values).
- The first GATEGUARD_FACT_FORCE_FULL_DENIALS denials (default 3) keep
the full four-fact block; later denials emit a condensed single-line
message that carries the denial ordinal, so consecutive denials are
structurally different and never textually identical.
- True retries of the same target remain allowed without re-prompting
(unchanged). Destructive-Bash and routine-Bash gates are unchanged,
as are the ECC_GATEGUARD=off / ECC_DISABLED_HOOKS escape hatches.
Eight new tests cover budget counting, condensed format, ordinal
advancement, retry pass-through, env tuning, malformed state, MultiEdit
dampening, and destructive-gate exemption.
* fix(hooks): keep security hooks able to block on oversized stdin (#2222)
Refine the truncation fail-open: instead of skipping the hook entirely,
the runner now suppresses only its own raw-echo when stdin was
truncated. The hook still executes and receives the truncated flag
(run() context / ECC_HOOK_INPUT_TRUNCATED), so config-protection keeps
blocking truncated protected-config payloads (its test requires exit 2)
while pass-through hooks fail open with empty stdout as before.
* style: apply repo formatter to touched hook files
- Replace off-brand hero PNG (wrong product name + baked version) with a
centered HTML header using assets/ecc-icon.svg, h1, and tagline
- Consolidate duplicated sponsor sections: polished centered sponsor table
at top (CodeRabbit, Greptile, community sponsors, sponsor links); bottom
section reduced to a one-liner pointing to SPONSORS.md
- Convert guide links to visual cards using the guides' own header images,
linked to the local guide files
- Fix broken tmux video URL in the shortform guide to the in-repo asset
Reduce the default .mcp.json to one connector (chrome-devtools) per the
new policy in docs/MCP-CONNECTOR-POLICY.md: a default earns its slot only
if it is universal AND MCP beats a CLI/API wrapped in a skill. June 2026
audit verdicts: github -> gh via github-ops skill; context7 -> REST via
documentation-lookup; exa -> harness-native search (+ exa-search skill);
memory -> native harness memory + instincts; playwright -> playwright CLI
skills (vendor moved agent flows off MCP); sequential-thinking -> native
extended thinking. All six remain opt-in in mcp-configs/mcp-servers.json.
Tests updated: plugin-manifest policy assertions + install-apply Cursor
expectations.
Co-authored-by: ECC Test <ecc@example.test>
Graduate 2.0.0-rc.1 to stable. Bump version across package, plugin,
marketplace, OpenCode, agent metadata, VERSION, and all localized docs.
Add 2.0.0 release notes + README sections (en/zh/pt-BR/tr), CHANGELOG
entry, and the ECC community Discord bot (dependency-free gateway client
+ guild command registrar). Update copilot-support and release-surface
tests for the sponsored-review migration and the 2.0.0 surface.
On a published GitHub release, post the notes to the ECC Discord
#announcements channel (via bot), pin it, and cross-post to GitHub
Discussions (Announcements category). Release data flows through env vars
(no shell interpolation of untrusted input). Secrets: DISCORD_BOT_TOKEN,
DISCORD_ANNOUNCE_CHANNEL_ID (repo secrets), GITHUB_TOKEN.
Ties the 2.0.0/1.11.0 official release to the community launch.
Co-authored-by: ECC Test <ecc@example.test>
* feat: add orch-* orchestrator skill family
Lightweight wrappers that orchestrate existing ECC agents through a gated Research -> Plan -> TDD -> Review -> Commit pipeline, right-sized per task.
- orch-pipeline: shared engine (phases, size classifier, two gates, agent map)
- orch-add-feature/change-feature/fix-defect/refine-code/build-mvp: thin wrappers delegating to the engine
* chore: register orch-* family in catalog, command registry, and agent.yaml (post-rebase onto green main)
---------
Co-authored-by: ECC Test <ecc@example.test>
ROOT CAUSE: hooks load plugin-hook-bootstrap.js via
`node -e "...; process.argv.splice(1,0,s); require(s)"`. On Node 21+,
require.main is `undefined` under --eval, so the `if (require.main === module)`
guard was false and main() never ran — every plugin hook silently no-op'd
(e.g. the MCP-health PreToolUse hook stopped blocking). CI (Node 18/20) hid
this; it only surfaces on Node 21+. Fix: also run main() when require.main is
undefined (the eval-bootstrap case), while staying dormant on real imports.
Also clears pre-existing main debt the full local suite enforces:
- catalog:sync — README/docs agent+skill counts drifted after recent merges
- tests/ci/supply-chain-watch-workflow: update checkout SHA to the merged v6.0.3 (#2183)
- markdownlint + check-unicode-safety --write across docs/skills
Suite: 2683/2683 green under Node v25; lint + unicode clean.
Co-authored-by: ECC Test <ecc@example.test>
CONTRIBUTING.md still pointed at the old `affaan-m/everything-claude-code`
repo URL in the Quick Start fork instructions and in the Issues link at
the bottom. Both relied on GitHub's silent rename-redirect, but the
literal `cd everything-claude-code` after `gh repo fork` would land in
the wrong directory now that the repo is `affaan-m/ECC`.
REPO-ASSESSMENT.md and EVALUATION.md were both 2026-03-21 personal
fork-audit artifacts written from one user's specific install. They
describe the project as a fork at `Infiniteyieldai/everything-claude-code`
v1.9.0 with 28 agents / 116 skills / 59 commands and pin the recommended
mode at "use as upstream tracker". None of that is true anymore (this
IS the upstream, v2.0.0-rc.1, currently 61 / 246 / 76). EVALUATION.md in
particular still references a defunct branch (`claude/evaluate-repo-comparison-ASZ9Y`)
and describes a "Current Setup" of zero installed components as if it
were universal, which it is not.
Neither file is referenced by anything else in the repo (`rg` confirmed)
and they actively mislead new contributors and visitors. Delete both.
A targeted line-by-line refresh of EVALUATION.md was considered but
rejected: bringing only the totals up to date (61/246/76) would leave
the rest of the document — v1.9.0 references, branch metadata, the
zero-component "Current Setup" — internally inconsistent (CodeRabbit
flagged this on the first revision of this PR). Wholesale removal is
the honest fix.
Translated copies (e.g. docs/pt-BR/README.md still has the 28/116/59
numbers) are intentionally left for a follow-up i18n PR to keep this
diff small.
The `/instinct-status` slash command template expanded
`${CLAUDE_PLUGIN_ROOT}` directly and documented a manual-install
fallback to `~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py`.
When users had both an active plugin install (under
`~/.claude/plugins/cache/<slug>/<org>/<version>/`) and a legacy
`~/.claude/skills/continuous-learning-v2/` directory left over from a
previous manual install, an empty `CLAUDE_PLUGIN_ROOT` (which Claude
Code does not always populate in slash-command shell contexts) silently
made the command read the stale legacy install while the active plugin
hooks and observer wrote to the new XDG path. The user saw "No
instincts found" while the system was actively learning — exactly the
divergence the bug reporter spent hours diagnosing.
Replace the brittle two-block template with the same inline resolver
pattern that `hooks/hooks.json` and `/sessions` / `/skill-health`
already use: env var → standard install → known plugin roots → plugin
cache walk → fallback. The resolver is the canonical `INLINE_RESOLVE`
constant from `scripts/lib/resolve-ecc-root.js`, so no new code is
introduced — just consistent adoption of the existing pattern.
Apply the same fix to all five copies of the command:
- commands/instinct-status.md (canonical)
- .opencode/commands/instinct-status.md
- docs/zh-CN/commands/instinct-status.md
- docs/ja-JP/commands/instinct-status.md
- docs/tr/commands/instinct-status.md
Extend tests/lib/command-plugin-root.test.js with an assertion that the
canonical instinct-status.md uses the inline resolver and no longer
hard-codes the legacy `~/.claude/skills/...` fallback (regression
guard).
zh-CN copy: polish the Chinese phrasing per LanguageTool feedback
(`使用与 ... 相同的解析器` → `以与 ... 相同的解析器`) so the verb is
introduced by an explicit preposition instead of reading as an awkward
verb-object construction.
* docs: add Urdu (ur) README translation
Adds docs/ur/README.md — a full Urdu translation of the main README.
Urdu is spoken by 230M+ people globally, with a large developer community
in Pakistan. This follows the same structure as existing translations
(de-DE, ja-JP, ko-KR, etc.).
* docs(ur): sync install catalog counts with current repo metadata
The Urdu README stated 60 agents / 232 skills / 75 legacy command shims, but the current repo metadata and English README use 61 / 246 / 76. Update to match so Urdu users following the install guide do not see a verification mismatch (flagged in review).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* feat: auto-isolate ECC memory data for Cursor via ECC_AGENT_DATA_HOME
Add ECC_AGENT_DATA_HOME (defaults to ~/.claude) with Cursor-aware resolution,
sessionStart env injection, install scaffolds, and hook bootstrap so memory
hooks do not collide with Claude Code when both harnesses are used.
Closes#2065
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: log agent-data config errors and ship cursor sessionStart deps
Address CodeRabbit review: log invalid .cursor/ecc-agent-data.json parse
failures, and copy cursor-session-env.js plus lib deps on legacy Cursor
install so sessionStart hook path exists without hooks-runtime alone.
Co-authored-by: Cursor <cursoragent@cursor.com>
* fix: resolve relative agentDataHome paths from project root
Project config values like ".ecc-data" now resolve against the
repository root (parent of .cursor/), not process.cwd(), so Cursor
hooks persist memory in the intended directory regardless of hook cwd.
Addresses cubic review on PR #2066.
Co-authored-by: Cursor <cursoragent@cursor.com>
* docs: explain getHomeDir duplicate and docstring policy
Document why agent-data-home keeps a local home-dir helper (circular
require with utils.js) and list consolidation options for maintainers.
Note that CodeRabbit JSDoc coverage warnings are informational relative
to ECC's usual script documentation style.
Addresses cubic P2 context on PR #2066.
Co-authored-by: Cursor <cursoragent@cursor.com>
* test: isolate agent-data-home tests from dogfooded .cursor config
Use isolated temp cwd for default-resolution cases and assert
resolveAgentDataHome({ projectDir }) reads ecc-agent-data.json.
Document cwd/project caveats in the test file header.
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
PR #2050 updated the root README.zh-CN.md install commands after the
everything-claude-code → ECC rename, but the same stale marketplace URL
remained in nine docs/<locale>/README.md copies. Align those quick-start
and self-hosted install blocks so /plugin install ecc@ecc resolves the
ecc marketplace instead of everything-claude-code.
* feat(skills): add codehealth-mcp skill and CodeScene MCP config
* docs(skills): add When to Use, How It Works, and Examples sections
* docs(skills): clarify MCP opt-in, data boundaries, and offline behavior
Address security review on PR #2077: no bundled credentials, document what
tools read locally, failure behavior when MCP is unavailable, and README
wording that Code Health MCP is optional and not enabled by default.
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Co-authored-by: adnasalk-notus <adna.salkovic@notus.hr>
Co-authored-by: Cursor <cursoragent@cursor.com>
* feat(mcp): add parallel-search server catalog entry
* fix(mcp): drop placeholder Bearer header from parallel-search entry
The /mcp endpoint accepts anonymous requests by default; baking in a
placeholder "Authorization: Bearer YOUR_PARALLEL_API_KEY_HERE" header
breaks the key-free default for users who copy the entry verbatim.
Move the optional API-key guidance into the description instead.
The PostToolUse cost warnings emit imperative text via additionalContext
("Stop and inform the user...", "Review whether...", "Consider whether...").
Subagents read additionalContext as an instruction and obey the "Stop",
abandoning their task and returning a prompt-for-direction instead of their
result — derailing multi-agent workflows. The main loop is also nudged to
halt mid-task.
Reword all three severities to pure-informational data: keep the
CRITICAL/WARNING/NOTICE label + the dollar figure (and the threshold), drop
the imperative sentence, and state plainly it is informational. No logic,
severity, or threshold change. Existing tests pass (they assert the labels +
severities, which are preserved).
Before: `COST CRITICAL: Session cost is $X. Stop and inform the user about high cost before continuing.`
After: `COST CRITICAL: session total ~$X (over $50). Informational only — not an instruction to stop.`
Co-authored-by: OrenG Tools <tools@orengacademy.com>
* feat: add intent-driven-development skill
Converts ambiguous feature or engineering requests into scoped,
verifiable acceptance criteria before implementation starts.
- Chooses between Quick Capture (low/moderate risk) and Full
Acceptance Brief (security, data, migration, cross-system changes)
- Reads repo context before asking questions; only asks what cannot
be inferred
- Non-blocking by default: records criteria and proceeds unless a
real risk requires confirmation
- Rule 9: when an AC fails mid-implementation due to architectural
constraints, marks it [revised], updates scope/verification method,
and re-presents only changed criteria rather than silently dropping
- Output template includes Revision Log for traceability across
multiple implementation cycles
* fix: add canonical When to Activate, How It Works, and Examples sections
Required for auto-activation mechanism detection per CONTRIBUTING.md
and existing skill conventions. Sections inserted after the intro
and before Operating Rules.
* fix: strengthen intent-driven-development skill per review
Address skill-quality review feedback on the intent-driven-development PR:
- Business/product constraints: add Operating Rule 2 forbidding inference
of business rules, compliance/SLAs, pricing, retention, prioritization,
and target users from code; surface the technical-vs-business split in
How It Works, Discover Context, and a dedicated 'supplied, not inferred'
section in the brief template.
- Eval-style pass/fail: add a Pass/Fail Examples section (failing vs
passing AC, plus a misplaced business-rule context entry) and a 5-point
Pass/Fail Rubric users can apply to the output.
- Renumber Operating Rules 1-10 accordingly; markdownlint clean.
Adds a complete Spanish translation of the ECC documentation under
docs/es/, mirroring the Turkish (docs/tr/) translation in scope.
141 files covering agents, commands, rules, skills, contexts, examples,
and core docs. Updates root README.md with the Spanish language link.
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Correct clear spelling mistakes in documentation without changing behavior.
Confidence: high
Scope-risk: narrow
Tested: git diff --check; uvx codespell on changed files
Not-tested: Full docs build not run; text-only changes
Ghostty natively supports the OSC 9 desktop-notification escape
(ESC ] 9 ; <message> BEL), the same sequence already used for iTerm2.
Previously only TERM_PROGRAM === 'iTerm.app' took the escape path, so
Ghostty users fell through to the osascript path. That makes Script
Editor the notification owner, and clicking the notification just
launches Script Editor instead of focusing the terminal.
Adding 'ghostty' to the OSC 9-capable check makes Ghostty the owner,
so clicking the notification focuses the Ghostty window/tab where
Claude Code is running. Verified on Ghostty (TERM_PROGRAM=ghostty).
Co-authored-by: 高野智史 <satoshitakano@takanosatoshinoMacBook-Pro-522.local>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix(hooks): stop false loop warnings and repeated identical context warnings
Two PostToolUse monitor defects surfaced during a long single-turn session:
1. ecc-metrics-bridge hashToolCall fingerprinted Edit/Write/MultiEdit on
file_path ONLY, so several distinct edits to the same file produced the
same hash and tripped the loop detector ("stuck loop") even though every
edit was different. Now the hash includes the edit content
(old_string/new_string/content/edits) so distinct edits to one file hash
differently; identical edits still collide as intended.
2. ecc-context-monitor re-emitted the SAME warning every DEBOUNCE_CALLS (5)
tool calls even when nothing changed. Because the cost figure only refreshes
at Stop (turn) boundaries, a single stale value printed the identical
warning ~20 times within one turn. Dedupe on message content instead: a
warning surfaces only when its text changes (cost moved, new file count, new
loop) or on first escalation to critical, and is otherwise suppressed.
Adds regression tests for the same-file/different-content hash case.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix(hooks): address CodeRabbit review (#2121)
- ecc-context-monitor: clear dedupe state when warnings resolve, so the same
warning text recurring in a later turn (context dips/recovers/dips, a loop
that stops then restarts) is surfaced again instead of suppressed as a
duplicate. Guarded so the no-warning hot path stays write-free.
- ecc-metrics-bridge: hash the FULL serialized edit payload and truncate the
digest, not the input. Slicing the serialized string to HASH_INPUT_LIMIT
first could collapse large edits sharing their first 2048 chars, reviving the
false-loop collision for big Write/edit payloads.
- Add regression test for >2048-char edit divergence.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* Add NEXUS to mcp-configs/mcp-servers.json
NEXUS (github.com/lynuxis2026-pixel/nexus-proxy) is a local, single-binary
cost/privacy proxy that sits under the harness. Adding it as an MCP server lets
an ECC agent query its own usage/savings mid-session (nexus_stats, nexus_savings,
nexus_recent, nexus_providers, nexus_cost_breakdown).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* Tighten nexus MCP description to ECC's concise house style
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: ludicolijn1985-blip <ludicolijn1985@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
The Trae installer recorded nested skill files with a doubled slash
(e.g. `skills/skill-comply//pyproject.toml`). The skills loop used the
glob variable `$d`, which carries a trailing slash, both as the `find`
root and as the prefix removed from each file path. Under bash, BSD
`find` with a trailing-slash argument emits `.../skill-comply//file`, so
`${source_file#$d}` left a leading slash, producing double-slash manifest
entries that did not match the single-slash paths uninstall.sh expects.
Strip the trailing slash from `$d` and remove the `$d/` prefix so `find`
emits clean paths and manifest entries are single-slash. Fixes the
previously failing test in tests/scripts/trae-install.test.js
("records nested skill files and the full rules tree in the manifest").
Co-authored-by: affaan-m <tamiraw808@gmail.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix: surface legacy data warning in instinct-cli status (#2036)
When the data directory moved from ~/.claude/homunculus/ to the
XDG-compliant ~/.local/share/ecc-homunculus/, legacy installs with data
still in the old path saw "No instincts found" with no explanation.
Add _warn_legacy_data() to cmd_status so users get a clear, actionable
warning pointing them to the migration script or the CLV2_HOMUNCULUS_DIR
override. Wrap the directory scan in try/except to handle permission
errors gracefully.
Closes#2036
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: address review feedback — drop unused f-strings, resolve absolute migrate path
Remove extraneous f-prefix from strings without interpolation (ruff F541).
Resolve migrate-homunculus.sh path relative to instinct-cli.py instead of
hard-coding a repo-relative path that only works from the repo root.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: quote migrate script path to handle spaces
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: kky <lingmu141592@gmail.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* fix(gateguard): gate force/path git checkout as destructive
The destructive-command gate's `checkout` handler only flagged
`git checkout -- <path>`. It missed `git checkout --force` / `-f <branch>`
and `git checkout .`, all of which discard uncommitted working-tree changes,
so they bypassed the gate (once the once-per-session routine-Bash gate is
satisfied, they ran with no challenge). The sibling `switch` handler already
covers these force forms; mirror it for `checkout`.
* test(gateguard): document Test 7b force-checkout case
---------
Co-authored-by: bymle <229636660+bymle@users.noreply.github.com>
* docs(claude): install manual skills at top level
* test(docs): guard Claude manual skill install path
* test(docs): detect PowerShell/$HOME nested skill-install paths
Address CodeRabbit on #2160: the nested-path regression guard only matched
Unix `mkdir`/`cp` with `~`, so a reintroduced PowerShell `Copy-Item ...
$HOME/.claude/skills/ecc` (or backslash-separated) form would have slipped
through. Extend the pattern to also cover `Copy-Item`/`New-Item` (and the
`md`/`copy`/`cpi` aliases), accept `$HOME` as an alternative to `~`, allow both
`/` and `\` separators, and match case-insensitively.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
