Core library fixes:
- session-manager.js: wrap all statSync calls in try-catch to prevent
TOCTOU crashes when files are deleted between readdir and stat
- session-manager.js: use birthtime||ctime fallback for Linux compat
- session-manager.js: remove redundant existsSync before readFile
- utils.js: fix findFiles TOCTOU race on statSync inside readdir loop
Hook improvements:
- Add 1MB stdin buffer limits to all PostToolUse hooks to prevent
unbounded memory growth from large payloads
- suggest-compact.js: use fd-based atomic read+write for counter file
to reduce race window between concurrent invocations
- session-end.js: log when transcript file is missing, check
replaceInFile return value for failed timestamp updates
- start-observer.sh: log claude CLI failures instead of silently
swallowing them, check observations file exists before analysis
Test fixes:
- Fix blocking hook tests to send matching input (dev server command)
and expect correct exit code 2 instead of 1
- Sync .cursor/observe.sh with corrected main version (use stdin pipe
instead of broken heredoc json.loads pattern)
- Fix suggest-compact.sh to use CLAUDE_SESSION_ID instead of $$ which
gives a new PID per invocation, preventing counter from incrementing
* fix: resolve multiple reported issues (#205, #182, #188, #172, #173)
- fix(observe.sh): replace triple-quote JSON parsing with stdin pipe to
prevent ~49% parse failures on payloads with quotes/backslashes/unicode
- fix(hooks.json): correct matcher syntax to use simple tool name regexes
instead of unsupported logical expressions; move command/path filtering
into hook scripts; use exit code 2 for blocking hooks
- fix(skills): quote YAML descriptions containing colons in 3 skill files
and add missing frontmatter to 2 skill files for Codex CLI compatibility
- feat(rules): add paths: filters to all 15 language-specific rule files
so they only load when working on matching file types
- fix(agents): align model fields with CONTRIBUTING.md recommendations
(opus for planner/architect, sonnet for reviewers/workers, haiku for
doc-updater)
* ci: use AgentShield GitHub Action instead of npx
Switch from npx ecc-agentshield to uses: affaan-m/agentshield@v1
for proper GitHub Action demo and marketplace visibility.
New skill: /security-scan wraps ecc-agentshield to audit .claude/ configs
for vulnerabilities, misconfigs, and injection risks.
Covers: CLAUDE.md secrets, settings.json permissions, MCP server risks,
hook injection, agent tool restrictions. Produces A-F security grade.
Also adds AgentShield section to Ecosystem Tools in README with
links to GitHub repo and npm package.
- Remove trailing whitespace from inline code
- Add blank line before table
- Fix heading levels to ensure proper hierarchy
- Convert bare URLs to markdown links
parse_instinct_file() was appending the instinct and resetting state
when frontmatter ended (second ---), before any content lines could be
collected. This caused all content (Action, Evidence, Examples) to be
lost during import.
Fix: only set in_frontmatter=False when frontmatter ends. The existing
logic at the start of next frontmatter (or EOF) correctly appends the
instinct with its collected content.
Fixes#148
Add a new skill that guides users through selective installation of
ECC skills and rules via AskUserQuestion. Clones the repo to /tmp,
lets users choose components and install level (user/project), verifies
path correctness, offers optimization, and cleans up on completion.
Co-authored-by: Hor1zonZzz <Hor1zonZzz@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Fixes#113
The instinct commands referenced hardcoded paths that only work with
manual installation (~/.claude/skills/...). When installed as a plugin,
files are at ~/.claude/plugins/cache/.../skills/...
Changes:
- Updated instinct-status, instinct-import, evolve commands to use
${CLAUDE_PLUGIN_ROOT} with fallback to manual path
- Updated observe.sh hook documentation with both install methods
- Updated SKILL.md with plugin vs manual installation instructions
- Removed duplicate commands from skills/continuous-learning-v2/commands/
(already exist in commands/)
Users should use ${CLAUDE_PLUGIN_ROOT} in their hooks config when
installed as a plugin.
Add Go-specific agents, skills, and commands for idiomatic Go development:
Agents:
- go-reviewer: Go code review for concurrency, error handling, security
- go-build-resolver: Fix Go build errors with minimal changes
Skills:
- golang-patterns: Idiomatic Go patterns, best practices, conventions
- golang-testing: TDD, table-driven tests, benchmarks, fuzzing
Commands:
- /go-review: Invoke Go code reviewer
- /go-test: Go TDD workflow with coverage
- /go-build: Fix Go build/vet/lint errors
Also updates README.md to document the new Go support.
