zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-16 23:23:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,406 Commits 7 Branches 13 Tags
5027803711e125490159a3f6197cbb3b69165f27
Commit Graph

1406 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
5027803711 build(deps-dev): bump the minor-and-patch group across 1 directory with 2 updates 
Bumps the minor-and-patch group with 2 updates in the / directory: @opencode-ai/plugin and [globals](https://github.com/sindresorhus/globals).


Updates `@opencode-ai/plugin` from 1.3.15 to 1.4.3

Updates `globals` from 17.4.0 to 17.5.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0)

---
updated-dependencies:
- dependency-name: "@opencode-ai/plugin"
  dependency-version: 1.4.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: globals
  dependency-version: 17.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 08:06:13 +00:00
Affaan Mustafa
e0ddb331f6 Merge pull request #1367 from ozoz5/feat/gateguard 
feat(hooks,skills): add gateguard fact-forcing pre-action gate
 2026-04-13 01:05:20 -07:00
Affaan Mustafa
85e331e49a Merge pull request #1369 from affaan-m/dependabot/github_actions/pnpm/action-setup-6.0.0 
build(deps): bump pnpm/action-setup from 5.0.0 to 6.0.0
 2026-04-13 01:05:16 -07:00
Affaan Mustafa
5eedc8adb4 Merge pull request #1377 from Anish29801/feat/dashboard-gui 
Feat/dashboard gui
 2026-04-13 01:04:14 -07:00
Affaan Mustafa
c64cc69eb2 Merge pull request #1363 from gnpthbalaji/feat/accessibility 
feat(agent + skill): a11y-architect agent and accessibility skill
 2026-04-13 00:59:57 -07:00
Affaan Mustafa
6c67566767 fix: keep gateguard session state alive 2026-04-13 00:58:50 -07:00
Affaan Mustafa
deb3b1dc14 fix: make dashboard GUI build surfaces opt-in safe 2026-04-13 00:56:56 -07:00
Affaan Mustafa
2e44beabc1 test: isolate gateguard state dir cleanup 2026-04-13 00:53:57 -07:00
Affaan Mustafa
e2b5353fec Merge pull request #1398 from affaan-m/fix/opencode-plugin-version-sync 
fix: sync OpenCode hook banner version
 2026-04-13 00:52:40 -07:00
Affaan Mustafa
9ae51bc3c1 Merge pull request #1393 from affaan-m/fix/cursor-rule-mdc-install 
fix: install Cursor rules as .mdc files
 2026-04-13 00:52:03 -07:00
Affaan Mustafa
7f7e2c2c52 fix: remove duplicate tools frontmatter key 2026-04-13 00:51:40 -07:00
Affaan Mustafa
7a33b2b3c9 Merge pull request #1395 from affaan-m/fix/npm-publish-surface 
fix: narrow npm publish surface to the module graph
 2026-04-13 00:46:15 -07:00
seto
dd2962ee92 fix: 5 bugs + 2 tests from 3-agent deep bughunt 
Bugs fixed:
- B1: JS gate messages still said "cat one real record" -> redacted/synthetic
- B2: Destructive bash key used 200-char truncation (collision bypass) -> SHA256 hash
- B3: sanitizePath only stripped \n\r -> now strips null bytes, bidi overrides, all control chars
- B4: Tool name matching was case-sensitive (latent bypass) -> lookup map normalization
- B5: SKILL.md Gate Types missing MultiEdit -> added with explanation

Tests added:
- T1: MultiEdit gate denies first unchecked file (CRITICAL - was untested)
- T2: MultiEdit allows after all files gated

11/11 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 16:32:46 +09:00
Affaan Mustafa
5c4570baa5 Merge pull request #1370 from affaan-m/dependabot/github_actions/softprops/action-gh-release-3.0.0 
build(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
 2026-04-13 00:30:59 -07:00
Affaan Mustafa
1a950e4f83 fix: allow pnpm cache probe under node 18 2026-04-13 00:21:42 -07:00
seto
8cd6378c81 fix: cubic-dev-ai round 3 — SKILL.md consistency 
P2: Description now says "Edit/Write/Bash (including MultiEdit)"
    instead of listing MultiEdit as a separate top-level gate

P2: Write Gate and Anti-Patterns now use same "redacted or synthetic
    values" wording as Edit Gate (was still "cat one real record")

All 3 gate doc sections now consistent. 9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 16:19:01 +09:00
Affaan Mustafa
ef7613c526 fix: use corepack pnpm on node 18 2026-04-13 00:17:17 -07:00
Affaan Mustafa
a0a1eda8fc fix: sync opencode hook banner version 2026-04-13 00:15:55 -07:00
Affaan Mustafa
bd207aabe1 fix: use pnpm 9 for node 18 workflow jobs 2026-04-13 00:13:54 -07:00
seto
4dbed5ff5b fix: cubic-dev-ai round 2 — 3 issues across SKILL.md + pruning 
P1: Gate message asked for raw production data records — changed to
    "redacted or synthetic values" to prevent sensitive data exfiltration

P2: SKILL.md description now includes MultiEdit (was missing after
    MultiEdit gate was added in previous commit)

P2: Session key pruning now caps __prefixed keys at 50 to prevent
    unbounded growth even in theoretical edge cases

9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 16:11:33 +09:00
Affaan Mustafa
6eadf786f5 fix: pin pnpm version for setup action v6 2026-04-13 00:10:39 -07:00
Affaan Mustafa
9e607ebb30 fix: prefer cursor native hooks during install 2026-04-13 00:07:15 -07:00
Affaan Mustafa
30f6ae4253 test: align cursor manifest expectations 2026-04-12 23:58:59 -07:00
Affaan Mustafa
c826305060 fix: keep runtime schemas in npm package 2026-04-12 23:56:58 -07:00
Affaan Mustafa
db8247d701 chore: update release action version comments 2026-04-12 23:54:26 -07:00
Affaan Mustafa
adb46a95a6 chore: update pnpm action version comments 2026-04-12 23:53:57 -07:00
Affaan Mustafa
48e5a1fa75 Merge pull request #1371 from affaan-m/dependabot/github_actions/actions/github-script-9.0.0 
build(deps): bump actions/github-script from 8.0.0 to 9.0.0
 2026-04-12 23:53:17 -07:00
Affaan Mustafa
2fb041c6de Merge pull request #1368 from affaan-m/dependabot/github_actions/actions/upload-artifact-7.0.1 
build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
 2026-04-12 23:53:01 -07:00
Affaan Mustafa
7374ef6a73 fix: normalize cursor rule installs 2026-04-12 23:51:58 -07:00
Affaan Mustafa
bd2aec48ed fix: narrow npm publish surface to the module graph 2026-04-12 23:48:53 -07:00
Affaan Mustafa
6dc6b9266a Merge pull request #1394 from affaan-m/fix/grader-after-step-classified 
fix(grader): handle forward after_step references
 2026-04-12 23:47:25 -07:00
seto
5540282dcb fix: remove unnecessary disk I/O + fix test cleanup 
- isChecked() no longer calls saveState() — read-only operation
  should not write to disk (was causing 3x writes per tool call)
- Test cleanup uses fs.rmSync(recursive) instead of fs.rmdirSync
  which failed with ENOTEMPTY when .tmp files remained

9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 15:41:58 +09:00
seto
67256194a0 fix: P1 test state-file PID mismatch + P2 session key eviction 
P1 (cubic-dev-ai): Test process PID differs from spawned hook PID,
so test was seeding/clearing wrong state file. Fix: pass fixed
CLAUDE_SESSION_ID='gateguard-test-session' to spawned hooks.

P2 (cubic-dev-ai): Pruning checked array could evict __bash_session__
and other session keys, causing gates to re-fire mid-session. Fix:
preserve __prefixed keys during pruning, only evict file-path entries.

9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 15:40:13 +09:00
Affaan Mustafa
5b0e123c10 Merge pull request #1392 from affaan-m/fix/hook-failed-to-load 
fix: document supported Claude hook install path
 2026-04-12 23:39:33 -07:00
Affaan Mustafa
bb96fdc9dc test: wait for http mcp fixtures to accept connections 2026-04-12 23:38:46 -07:00
seto
6ed1c643e7 fix: MultiEdit gate bypass — handle edits[].file_path correctly 
P1 bug reported by greptile-apps: MultiEdit uses toolInput.edits[].file_path,
not toolInput.file_path. The gate was silently allowing all MultiEdit calls.

Fix: separate MultiEdit into its own branch that iterates edits array
and gates on the first unchecked file_path.

9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 15:37:39 +09:00
Affaan Mustafa
0fcb43ea90 fix(grader): handle forward after_step references 2026-04-12 23:36:16 -07:00
Affaan Mustafa
133e881ce0 fix: install Cursor rules as mdc files 2026-04-12 23:32:39 -07:00
seto
45823fcede fix: session-scoped state to prevent cross-session race 
Addresses reviewer feedback from @affaan-m:

1. State keyed by CLAUDE_SESSION_ID / ECC_SESSION_ID
   - Falls back to pid-based isolation when env vars absent
   - State file: state-{sessionId}.json (was .session_state.json)

2. Atomic write+rename semantics
   - Write to temp file, then fs.renameSync to final path
   - Prevents partial reads from concurrent hooks

3. Bounded checked list (MAX_CHECKED_ENTRIES = 500)
   - Prunes to last 500 entries when cap exceeded
   - Stale session files auto-deleted after 1 hour

9/9 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-13 15:30:34 +09:00
Affaan Mustafa
18c90a7a17 fix: document supported claude hook install path 2026-04-12 23:29:45 -07:00
Affaan Mustafa
9da8e5f6ac Merge pull request #1391 from affaan-m/fix/workflow-run-fork-security 
fix: block unsafe privileged workflow checkouts
 2026-04-12 23:23:56 -07:00
Affaan Mustafa
3792b69a38 fix: block unsafe privileged workflow checkouts 2026-04-12 23:23:01 -07:00
Affaan Mustafa
a2ad68e7e6 Merge pull request #1390 from affaan-m/fix/slash-command-plugin-root 
fix: use shared slash-command plugin root resolver
 2026-04-12 23:16:14 -07:00
Affaan Mustafa
1b17c5c9d8 test: match published claude plugin name 2026-04-12 23:14:38 -07:00
Affaan Mustafa
94e8f29d19 fix: use shared slash-command plugin root resolver 2026-04-12 23:10:29 -07:00
Affaan Mustafa
de8a7dfef8 Merge pull request #1383 from YASoftwareDev/fix/plugin-name-ecc-to-everything-claude-code 
fix: rename plugin id from ecc to everything-claude-code in manifests
 2026-04-12 23:03:54 -07:00
Affaan Mustafa
2b09308224 Merge pull request #1384 from KeWang0622/fix/lint-md028-eqeqeq 
fix: resolve markdownlint MD028 + ESLint eqeqeq lint failures
 2026-04-12 23:03:19 -07:00
Affaan Mustafa
5f55484fa9 Merge pull request #1385 from KeWang0622/fix/block-no-verify-hook 
fix: route block-no-verify hook through run-with-flags.js
 2026-04-12 23:02:19 -07:00
Affaan Mustafa
e29da39eaf Merge pull request #1389 from affaan-m/fix/hook-plugin-root-resolution 
fix: stop duplicating managed Claude hooks into settings
 2026-04-12 23:00:04 -07:00
Affaan Mustafa
f4c7aac5b8 fix: remove unused hook install test constant 2026-04-12 22:51:03 -07:00