* feat(agents): add Rust language support — reviewer, build resolver, patterns, and testing
Add Rust-specific agents and skills following the established Go/Kotlin pattern:
- agents/rust-reviewer.md: ownership, lifetimes, unsafe audit, clippy, error handling
- agents/rust-build-resolver.md: cargo build errors, borrow checker, dependency resolution
- skills/rust-patterns/SKILL.md: idiomatic Rust patterns and best practices
- skills/rust-testing/SKILL.md: TDD, unit/integration/async/property-based testing
* fix(agents): correct Rust examples for accuracy and consistency
- unsafe fn: add inner unsafe {} block for Rust 2024 edition compliance
- edition: update from 2021 to 2024 as current default
- rstest: add missing fixture import
- mockall: add missing predicate::eq import
- concurrency: use sync_channel (bounded) and expect() over unwrap()
to align with rust-reviewer's HIGH-priority review checks
* fix(skills): correct compilation issues in Rust code examples
- collect: add .copied() for &str iterator into String
- tokio import: remove unused sleep, keep Duration
- async test: add missing Duration import
* fix(skills): move --no-fail-fast before test-binary args
--no-fail-fast is a Cargo option, not a test binary flag.
Placing it after -- forwards it to the test harness where it is
unrecognized.
* fix(agents): distinguish missing cargo-audit from real audit failures
Check if cargo-audit is installed before running it, so actual
vulnerability findings are not suppressed by the fallback message.
* fix: address automated review findings across all Rust files
- build-resolver: prefer scoped cargo update over full refresh
- testing: add Cargo.toml bench config with harness = false for criterion
- testing: condense TDD example to stay under 500-line limit
- patterns: use expect() over unwrap() on JoinHandle for consistency
- patterns: add explicit lifetime to unsafe FFI return reference
- reviewer: replace misleading "string interpolation" with concrete alternatives
* fix: align with CONTRIBUTING.md conventions
- skills: rename "When to Activate" to "When to Use" per template
- reviewer: add cargo check gate before starting review
* fix(agents): guard cargo-audit and cargo-deny with availability checks
Match the pattern used in rust-build-resolver to avoid command-not-found
errors when optional tools are not installed.
* fix: address second round of automated review findings
- testing: split TDD example into separate code blocks to avoid
duplicate fn definition in single block
- build-resolver/reviewer: use if/then/else instead of && ... ||
chaining for cargo-audit/deny to avoid masking real failures
- build-resolver: add MSRV caveat to edition upgrade guidance
* feat: add Rust slash commands for build, review, and test
Add commands/rust-build.md, commands/rust-review.md, and
commands/rust-test.md to provide consistent user entrypoints
matching the existing Go and Kotlin command patterns.
* fix(commands): improve rust-build accuracy and tone
- Restructure-first borrow fix example instead of clone-first
- Realistic cargo test output format (per-test lines, not per-file)
- Align "Parse Errors" step with actual resolver behavior
- Prefer restructuring over cloning in common errors table
* fix: address cubic-dev-ai review findings on commands
- Gate review on all automated checks, not just cargo check
- Use git diff HEAD~1 / git diff main...HEAD for PR file selection
- Fix #[must_use] guidance: Result is already must_use by type
- Remove error-masking fallback on cargo tree --duplicates
* fix: address remaining review findings across all bots
- Add rust-reviewer and rust-build-resolver to AGENTS.md registry
- Update agent count from 16 to 18
- Mark parse_config doctest as no_run (body is todo!())
- Add "How It Works" section to both Rust skills
- Replace cargo install with taiki-e/install-action in CI snippet
- Trim tarpaulin section to stay under 500-line limit
* fix(agents): align rust-reviewer invocation with command spec
- Use git diff HEAD~1 / main...HEAD instead of bare git diff
- Add cargo test as explicit step before review begins
* fix(skills): address cubic review on patterns and testing
- Remove Tokio-specific language from How It Works summary
- Add cargo-llvm-cov install note in coverage section
- Revert no_run on doctest examples (illustrative code, not compiled)
* fix(skills): use expect on thread join for consistency
Replace handle.join().unwrap() with .expect("worker thread panicked")
to match the .expect("mutex poisoned") pattern used above.
* fix(agents): gate review on all automated checks, not just cargo check
Consolidate check/clippy/fmt/test into a single gate step that
stops and reports if any fail, matching the command spec.
* fix(skills): replace unwrap with expect in channel example
Use .expect("receiver disconnected") on tx.send() for consistency
with the .expect() convention used in all other concurrency examples.
* fix: address final review round — OpenCode mirrors, counts, examples
- Add .opencode/commands/rust-{build,review,test}.md mirrors
- Add .opencode/prompts/agents/rust-{build-resolver,reviewer}.txt mirrors
- Fix AGENTS.md count to 20 (add missing kotlin agents to table)
- Fix review example: all checks pass (consistent with gate policy)
- Replace should_panic doctest with is_err() (consistent with best practices)
- Trim testing commands to stay at 500-line limit
* fix: address cubic and greptile review on OpenCode files and agents
- Fix crate::module import guidance (internal path, not Cargo.toml)
- Add cargo fmt --check to verification steps
- Fix TDD GREEN example to handle error path (validate(input)?)
- Scope .context() guidance to anyhow/eyre application code
- Update command count from 40 to 51
- Add tokio channel variants to unbounded channel warning
- Preserve JoinError context in spawned task panic message
* fix: stale command count, channel guidance, cargo tree fallback
- Fix stale command count in Project Structure section (40→51)
- Clarify unbounded channel rule: context-appropriate bounded alternatives
- Remove dead cargo tree fallback (exits 0 even with no duplicates)
- Sync OpenCode reviewer mirror with tokio channel coverage
* Introduces /aside — a mid-task side conversation command inspired by
Claude Code's native /btw feature. Allows users to ask a question while
Claude is actively working without losing task context or touching any files.
Key behaviors:
- Freezes current task state before answering (read-only during aside)
- Delivers answers in a consistent ASIDE / Back to task format
- Auto-resumes the active task after answering
- Handles edge cases: no question given, answer reveals a blocker,
question implies a task redirect, chained asides, ambiguous questions,
and answers that suggest code changes without making them
* Two documentation inconsistencies fixed:
* Fixed 4 pre-existing lint errors in skills/videodb/ that were causing CI to fail across all PR checks: - api-reference.md: add blockquote continuation line to fix MD028 - capture-reference.md: wrap bare URL to fix MD034 - SKILL.md: wrap bare URL to fix MD034
* feat: add project cooldown log to prevent rapid observer re-spawn
Adds session-guardian.sh, called by observer-loop.sh before each Haiku
spawn. It reads ~/.claude/observer-last-run.log and blocks the cycle if
the same project was observed within OBSERVER_INTERVAL_SECONDS (default
300s).
Prevents self-referential loops where a spawned session triggers
observe.sh, which signals the observer before the cooldown has elapsed.
Uses a mkdir-based lock for safe concurrent access across multiple
simultaneously-observed projects. Log entries use tab-delimited format
to handle paths containing spaces. Fails open on lock contention.
Config:
OBSERVER_INTERVAL_SECONDS default: 300
OBSERVER_LAST_RUN_LOG default: ~/.claude/observer-last-run.log
No external dependencies. Works on macOS, Linux, Windows (Git Bash/MSYS2).
* feat: extend session-guardian with time window and idle detection gates
Adds Gate 1 (active hours check) and Gate 3 (system idle detection) to
session-guardian.sh, building on the per-project cooldown log from PR 1.
Gate 1 — Time Window:
- OBSERVER_ACTIVE_HOURS_START/END (default 800–2300 local time)
- Uses date +%k%M with 10# prefix to avoid octal crash at midnight
- Toolless on all platforms; set both vars to 0 to disable
Gate 3 — Idle Detection:
- macOS: ioreg + awk (built-in, no deps)
- Linux: xprintidle if available, else fail open
- Windows (Git Bash/MSYS2): PowerShell GetLastInputInfo via Add-Type
- Unknown/headless: always returns 0 (fail open)
- OBSERVER_MAX_IDLE_SECONDS=0 disables gate
Fixes in this commit:
- 10# base-10 prefix prevents octal arithmetic crash on midnight minutes
containing digits 8 or 9 (e.g. 00:08 = "008" is invalid octal)
- PowerShell output piped through tr -d '\r' to strip Windows CRLF;
also uses [long] cast to avoid TickCount 32-bit overflow after 24 days
- mktemp now uses log file directory instead of TMPDIR to ensure
same-filesystem mv on Linux (atomic rename instead of copy+unlink)
- mkdir -p failure exits 0 (fail open) rather than crashing under set -e
- Numeric validation on last_spawn prevents arithmetic error on corrupt log
Gate execution order: 1 (time, ~0ms) → 2 (cooldown, ~1ms) → 3 (idle, ~50ms)
* fix: harden session guardian gates
---------
Co-authored-by: Affaan Mustafa <affaan@dcube.ai>
* fix(observe): add 5-layer automated session guard to prevent self-loop observations
observe.sh currently fires for ALL hook events including automated/programmatic
sessions: the ECC observer's own Haiku analysis runs, claude-mem observer
sessions, CI pipelines, and any other tool that spawns `claude --print`.
This causes an infinite feedback loop where automated sessions generate
observations that trigger more automated analysis, burning Haiku tokens with
no human activity.
Add a 5-layer guard block after the `disabled` check:
Layer 1: agent_id payload field — only present in subagent hooks; skip any
subagent-scoped session (always automated by definition).
Layer 2: CLAUDE_CODE_ENTRYPOINT env var — Claude Code sets this to sdk-ts,
sdk-py, sdk-cli, mcp, or remote for programmatic/SDK invocations.
Skip if any non-cli entrypoint is detected. This is universal: catches
any tool using the Anthropic SDK without requiring tool cooperation.
Layer 3: ECC_HOOK_PROFILE=minimal — existing ECC mechanism; respect it here
to suppress non-essential hooks in observer contexts.
Layer 4: ECC_SKIP_OBSERVE=1 — cooperative env var any external tool can set
before spawning automated sessions (explicit opt-out contract).
Layer 5: CWD path exclusions — skip sessions whose working directory matches
known observer-session path patterns. Configurable via
ECC_OBSERVE_SKIP_PATHS (comma-separated substrings, default:
"observer-sessions,.claude-mem").
Also fix observer-loop.sh to set ECC_SKIP_OBSERVE=1 and ECC_HOOK_PROFILE=minimal
before spawning the Haiku analysis subprocess, making the observer loop
self-aware and closing the ECC→ECC self-observation loop without needing
external coordination.
Fixes: observe.sh fires unconditionally on automated sessions (#398)
* fix(observe): address review feedback — reorder guards cheapest-first, fix empty pattern bug
Two issues flagged by Copilot and CodeRabbit in PR #399:
1. Layer ordering: the agent_id check spawns a Python subprocess but ran
before the cheap env-var checks (CLAUDE_CODE_ENTRYPOINT, ECC_HOOK_PROFILE,
ECC_SKIP_OBSERVE). Reorder to put all env-var checks first (Layers 1-3),
then the subprocess-requiring agent_id check (Layer 4). Automated sessions
that set env vars — the common case — now exit without spawning Python.
2. Empty pattern bug in Layer 5: if ECC_OBSERVE_SKIP_PATHS contains a trailing
comma or spaces after commas (e.g. "path1, path2" or "path1,"), _pattern
becomes empty or whitespace-only, and the glob *""* matches every CWD,
silently disabling all observations. Fix: trim leading/trailing whitespace
from each pattern and skip empty patterns with `continue`.
* fix: fail closed for non-cli entrypoints
---------
Co-authored-by: Affaan Mustafa <affaan@dcube.ai>
* feat(skills): add prompt-optimizer skill and /prompt-optimize command
Adds a prompt-optimizer skill that analyzes draft prompts, matches them
to ECC components (skills/commands/agents), and outputs a ready-to-paste
optimized prompt. Advisory role only — never executes the task.
Features:
- 6-phase analysis pipeline (project detection, intent, scope, component
matching, missing context, workflow + model recommendation)
- Auto-detects project tech stack from package.json, go.mod, etc.
- Maps intents to ECC commands, skills, and agents by type and tech stack
- Recommends correct model tier (Sonnet vs Opus) based on task complexity
- Outputs Full + Quick versions of the optimized prompt
- Hard gate: never executes the task, only produces advisory output
- AskUserQuestion trigger when 3+ critical context items are missing
- Multi-prompt splitting guidance for HIGH/EPIC scope tasks
- Feedback footer for iterative refinement
Also adds /prompt-optimize command as an explicit invocation entry point.
* fix: keep prompt optimizer advisory-only
* fix: refine prompt optimizer guidance
---------
Co-authored-by: Affaan Mustafa <affaan@dcube.ai>
* fix: restore ci compatibility on windows
* fix: normalize hook path assertions on windows
* fix: relax repo root assertion on windows
* fix: keep hook root assertion strict on windows
- Redirect observer output to temp log before appending to main log
- Check temp log for confirmation/permission language immediately after start
- Fail closed with exit 2 if detected, preventing retry loops
- Fix path traversal regex prefix confusion in perl-security skill
- Revert v1.4.0 changelog entry (Perl not part of that release)
- Rename $a/$b to $x/$y to avoid shadowing sort globals
- Replace return undef with bare return per perlcritic rules
