zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-10 18:23:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: zsp:pr-2052
Branches Tags
zsp:main zsp:dependabot/npm_and_yarn/npm-minor-and-patch-7fb79db272 zsp:dependabot/github_actions/actions-minor-and-patch-366259472f zsp:dependabot/cargo/ecc2/rusqlite-0.40.1 zsp:dependabot/cargo/ecc2/crossterm-0.29.0 zsp:dependabot/cargo/ecc2/ureq-3.3.0 zsp:dependabot/cargo/ecc2/sha2-0.11.0 zsp:dependabot/cargo/ecc2/cargo-minor-and-patch-16116ca0d0 zsp:dependabot/npm_and_yarn/eslint-10.4.1 zsp:feat/taste-skill zsp:product/codex-worktree-adapter zsp:release/1.10.1-stable-20260531 zsp:fix/cost-tracker-harness-cost-cache zsp:pr-2052 zsp:feat/frontend-a11y-skill zsp:pr-2039 zsp:pr-2031 zsp:pr-2026 zsp:pr-2029 zsp:codex/may20-marketplace-pro-readback-release-sync zsp:pr-2011-gateguard-tokenize zsp:pr-2006-schema-fix zsp:pr-1989-head zsp:patch-1 zsp:fix/atomic-write-race-session-bridge zsp:feat/skill-uncloud zsp:fix/metrics-bridge-cost-double-count zsp:pr-1969-locale-install-support zsp:kpahel/main zsp:feat/windows-desktop-e2e-opt zsp:pr-1903 zsp:pr-1899 zsp:pr-1898 zsp:pr-1897 zsp:pr-1893 zsp:pr-1889 zsp:pr-1884 zsp:pr-1882 zsp:fix/gateguard-destructive-bash-tokenize zsp:feat/homelab-config-skills zsp:ecc/8d7d0577 zsp:pr-1803-quarkus zsp:contrib/motion-system-skills-1780 zsp:codex/review-pr-1757-ml-workflow zsp:fix/russian-readme-port zsp:tmp/pr-1504-salvage zsp:wip/ecc2-board-observability-local
zsp:v2.0.0 zsp:v2.0.0-rc.1 zsp:v1.10.0 zsp:v1.9.0 zsp:v1.8.0 zsp:v1.7.0 zsp:v1.6.0 zsp:v1.5.0 zsp:v1.4.1 zsp:v1.4.0 zsp:v1.3.0 zsp:v1.2.0 zsp:v0.6.0 zsp:v1.1.0 zsp:v1.0.0
..
compare: zsp:fix/metrics-bridge-cost-double-count
Branches Tags
zsp:main zsp:dependabot/npm_and_yarn/npm-minor-and-patch-7fb79db272 zsp:dependabot/github_actions/actions-minor-and-patch-366259472f zsp:dependabot/cargo/ecc2/rusqlite-0.40.1 zsp:dependabot/cargo/ecc2/crossterm-0.29.0 zsp:dependabot/cargo/ecc2/ureq-3.3.0 zsp:dependabot/cargo/ecc2/sha2-0.11.0 zsp:dependabot/cargo/ecc2/cargo-minor-and-patch-16116ca0d0 zsp:dependabot/npm_and_yarn/eslint-10.4.1 zsp:feat/taste-skill zsp:product/codex-worktree-adapter zsp:release/1.10.1-stable-20260531 zsp:fix/cost-tracker-harness-cost-cache zsp:pr-2052 zsp:feat/frontend-a11y-skill zsp:pr-2039 zsp:pr-2031 zsp:pr-2026 zsp:pr-2029 zsp:codex/may20-marketplace-pro-readback-release-sync zsp:pr-2011-gateguard-tokenize zsp:pr-2006-schema-fix zsp:pr-1989-head zsp:patch-1 zsp:fix/atomic-write-race-session-bridge zsp:feat/skill-uncloud zsp:fix/metrics-bridge-cost-double-count zsp:pr-1969-locale-install-support zsp:kpahel/main zsp:feat/windows-desktop-e2e-opt zsp:pr-1903 zsp:pr-1899 zsp:pr-1898 zsp:pr-1897 zsp:pr-1893 zsp:pr-1889 zsp:pr-1884 zsp:pr-1882 zsp:fix/gateguard-destructive-bash-tokenize zsp:feat/homelab-config-skills zsp:ecc/8d7d0577 zsp:pr-1803-quarkus zsp:contrib/motion-system-skills-1780 zsp:codex/review-pr-1757-ml-workflow zsp:fix/russian-readme-port zsp:tmp/pr-1504-salvage zsp:wip/ecc2-board-observability-local
zsp:v2.0.0 zsp:v2.0.0-rc.1 zsp:v1.10.0 zsp:v1.9.0 zsp:v1.8.0 zsp:v1.7.0 zsp:v1.6.0 zsp:v1.5.0 zsp:v1.4.1 zsp:v1.4.0 zsp:v1.3.0 zsp:v1.2.0 zsp:v0.6.0 zsp:v1.1.0 zsp:v1.0.0

6 Commits
pr-2052 ... fix/metric

Author SHA1 Message Date
Affaan Mustafa
f6d7067ff5 fix(hooks): persist metrics warning dedup 2026-05-17 21:32:08 -04:00
Affaan Mustafa
ef13690fc3 fix(hooks): suppress repeated metrics warning breadcrumbs 2026-05-17 21:09:47 -04:00
Jamkris
8cb9dac8ec docs(hooks): correct PreToolUse → PostToolUse in readSessionCost docblock 
greptile P2 nitpick: the previous commit's docblock said "on every
PreToolUse hook" but the module header (and the actual hook wiring
in `hooks/hooks.json`) identifies this script as a PostToolUse
hook — it runs *after* each tool invocation to update the running
session aggregate. One-word typo, no behavior change.
 2026-05-18 10:03:42 +09:00
Jamkris
cd176504d3 fix(hooks): log fail-open breadcrumb on parse/read errors in metrics bridge 
coderabbitai flagged: the two `catch` blocks in `readSessionCost`
silently swallowed every failure mode. A malformed `costs.jsonl`
row, a permission error opening the file, or any other unexpected
I/O failure would silently return zero cost — masking real
problems and feeding stale or zero numbers into
`ecc-context-monitor.js` (which then injects them as
`additionalContext` into the live model turn).

Fix two things, both fail-open-preserving:

1. **Inner JSON.parse catch** — count malformed lines and write
   one aggregated breadcrumb per call:

     [ecc-metrics-bridge] skipped N malformed line(s) in <path>

   Aggregating (rather than per-line) keeps a log-flooded
   `costs.jsonl` diagnosable without overwhelming stderr.

2. **Outer fs.readFileSync catch** — write a breadcrumb on real
   errors, but stay silent on `ENOENT`. The "no costs.jsonl yet"
   case is genuinely normal (no Stop event has fired this session)
   and producing noise on every PreToolUse before the first Stop
   would be reviewer-visible spam. All other error codes
   (`EACCES`, `EISDIR`, `EMFILE`, …) get:

     [ecc-metrics-bridge] failing open after <name> reading <path>: <msg>

In both cases the function still returns the zero-cost fallback
so the bridge never breaks tool execution — only the
diagnosability changes.

Two new regression tests in
`tests/hooks/ecc-metrics-bridge.test.js`:

  ✓ readSessionCost writes a stderr breadcrumb when malformed
    lines are skipped — feeds 4 rows (2 valid, 2 malformed),
    asserts the last valid row still wins AND captured stderr
    contains "skipped 2 malformed line(s)".

  ✓ readSessionCost stays silent when costs.jsonl does not exist
    (ENOENT) — uses a fresh tmp HOME with no metrics dir, asserts
    zero return AND empty stderr.

Test count: 16 → 18; `npm test` green; `yarn lint` clean.
 2026-05-18 10:03:21 +09:00
Jamkris
44e13541fa fix(hooks): scan full costs.jsonl when locating session row 
`readSessionCost` read only the trailing 8 KiB of
`~/.claude/metrics/costs.jsonl` to "avoid scanning entire file".
That ceiling is the opposite-sign sibling of the double-count bug
fixed in the previous commit: once a session's most recent
cumulative row gets pushed past the 8 KiB window by newer rows
from other sessions, the bridge silently reports `totalCost: 0`,
`totalIn: 0`, `totalOut: 0` for that session — same false signal
to `ecc-context-monitor.js`, same wrong number injected into the
live model turn as `additionalContext`.

`cost-tracker.js` has no rotation policy, so on any non-trivial
workstation costs.jsonl grows past 8 KiB within minutes of normal
use. For users who keep multiple concurrent sessions, this means
the second-and-later sessions silently report zero almost
immediately.

Reproduced before this commit:

  $ HOME=/tmp/eccc node -e '
      const fs = require("fs");
      const m = require("./scripts/hooks/ecc-metrics-bridge.js");
      // S1 row at file start, then 200 rows of OTHER-session noise (~16 KiB).
      // S1 is the row we want, but it sits past the 8 KiB tail.
      const s1 = `{"session_id":"S1","estimated_cost_usd":0.5,"input_tokens":500,"output_tokens":250}`;
      const other = `{"session_id":"OTHER","estimated_cost_usd":1,"input_tokens":100,"output_tokens":50}`;
      fs.mkdirSync("/tmp/eccc/.claude/metrics", { recursive: true });
      fs.writeFileSync("/tmp/eccc/.claude/metrics/costs.jsonl",
        [s1, ...Array(200).fill(other)].join("\\n") + "\\n");
      console.log(JSON.stringify(m.readSessionCost("S1")));'
  {"totalCost":0,"totalIn":0,"totalOut":0}

Expected: `{"totalCost":0.5, "totalIn":500, "totalOut":250}` (the
S1 row that exists in the file).
Actual: zero — the row is past the 8 KiB tail.

Fix: drop the `fs.openSync` + bounded `fs.readSync` + position
arithmetic in favour of `fs.readFileSync(costsPath, 'utf8')` and
iterate every line. Each row is ~150 bytes; even 100k rows is
~15 MB and a single sync read on PreToolUse is in the low ms.
If file rotation lands in `cost-tracker.js` later, this scan
becomes proportionally cheaper.

After this commit the reproduction above returns
`{"totalCost":0.5, "totalIn":500, "totalOut":250}`.

Regression test in `tests/hooks/ecc-metrics-bridge.test.js`:
`readSessionCost finds session row beyond the old 8 KiB tail
boundary`. The test asserts the costs.jsonl fixture is > 8 KiB
before reading so any reintroduction of a bounded tail would
re-fail the test (i.e. the assertion is the contract, not the
specific number 8192).

Together with the previous commit, both directions of the
metrics-bridge cost-reporting bug are closed.
 2026-05-18 08:45:48 +09:00
Jamkris
e61bb043ed fix(hooks): use last cumulative row for session cost in metrics bridge 
`ecc-metrics-bridge.js#readSessionCost` summed the
`estimated_cost_usd`, `input_tokens`, and `output_tokens` of
every matching row in `~/.claude/metrics/costs.jsonl`. That breaks
the documented contract of `scripts/hooks/cost-tracker.js`, which
explicitly states (in its module docblock):

  Cumulative behavior: Stop fires per assistant response, not
  per session. Each row therefore represents the cumulative
  session total up to that point. To get per-session cost, take
  the last row per session_id.

Summing N cumulative rows over-counts by roughly (N+1)/2 ×. For a
session with 3 rows at 0.01, 0.02, 0.03 USD (true running total
0.03), the bridge today reports 0.06 USD. The over-counted value
feeds `ecc-context-monitor.js`, which then trips its
COST_NOTICE_USD / COST_WARNING_USD / COST_CRITICAL_USD thresholds
on phantom spend AND injects the inflated number as
`additionalContext` into the live model turn — so the agent
itself is told a wrong cost.

Reproduced on `main` before this commit:

  $ cat > /tmp/eccc/.claude/metrics/costs.jsonl <<EOF
  {"session_id":"S1","estimated_cost_usd":0.01,"input_tokens":333,"output_tokens":166}
  {"session_id":"S1","estimated_cost_usd":0.02,"input_tokens":666,"output_tokens":333}
  {"session_id":"S1","estimated_cost_usd":0.03,"input_tokens":1000,"output_tokens":500}
  EOF

  $ HOME=/tmp/eccc node -e 'const m = require("./scripts/hooks/ecc-metrics-bridge.js"); \
      console.log(JSON.stringify(m.readSessionCost("S1")))'
  {"totalCost":0.06,"totalIn":1999,"totalOut":999}

Expected: `{"totalCost":0.03,"totalIn":1000,"totalOut":500}` (the
last cumulative row).
Actual: 2× over-count.

Fix: replace `+=` with `=` in the matching branch so the assigned
values reflect the most recent row encountered. The iteration
order is file order, which is also event time order, so the last
assignment wins — exactly the contract cost-tracker writes
against.

After this commit the reproduction above returns
`{"totalCost":0.03,"totalIn":1000,"totalOut":500}`.

Regression test in `tests/hooks/ecc-metrics-bridge.test.js`:
`readSessionCost returns the LAST cumulative row, not the sum
(cost-tracker contract)`. The existing
`readSessionCost does not include unrelated default-session rows`
test happened to pass even with the bug because it only had one
target-session row — single-row sessions are coincidentally
correct under both formulas. The new test uses three rows so the
two formulas diverge.

A second issue in the same function — the 8 KiB tail-only read
silently drops older rows once a session's recent cumulative
totals scroll past that window — is fixed in the next commit.
 2026-05-18 08:45:48 +09:00
132 changed files with 695 additions and 9476 deletions
Expand all files Collapse all files

2
.agents/plugins/marketplace.json
View File

@@ -1,7 +1,7 @@
{
"name": "ecc",
"interface": {
"displayName": "ECC"
"displayName": "Everything Claude Code"
},
"plugins": [
{

6
.claude-plugin/marketplace.json
View File

@@ -5,20 +5,20 @@
"email": "me@affaanmustafa.com"
},
"metadata": {
"description": "Harness-native ECC skills, hooks, rules, MCP conventions, and operator workflows"
"description": "Battle-tested Claude Code configurations from an Anthropic hackathon winner"
},
"plugins": [
{
"name": "ecc",
"source": "./",
"description": "Harness-native ECC operator layer - 60 agents, 232 skills, 75 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses",
"description": "The most comprehensive Claude Code plugin — 60 agents, 230 skills, 75 legacy command shims, selective install profiles, and production-ready hooks for TDD, security scanning, code review, and continuous learning",
"version": "2.0.0-rc.1",
"author": {
"name": "Affaan Mustafa",
"email": "me@affaanmustafa.com"
},
"homepage": "https://ecc.tools",
"repository": "https://github.com/affaan-m/ECC",
"repository": "https://github.com/affaan-m/everything-claude-code",
"license": "MIT",
"keywords": [
"agents",

4
.claude-plugin/plugin.json
View File

@@ -1,13 +1,13 @@
{
"name": "ecc",
"version": "2.0.0-rc.1",
"description": "Harness-native ECC plugin for engineering teams - 60 agents, 232 skills, 75 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses",
"description": "Battle-tested Claude Code plugin for engineering teams 60 agents, 230 skills, 75 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use",
"author": {
"name": "Affaan Mustafa",
"url": "https://x.com/affaanmustafa"
},
"homepage": "https://ecc.tools",
"repository": "https://github.com/affaan-m/ECC",
"repository": "https://github.com/affaan-m/everything-claude-code",
"license": "MIT",
"keywords": [
"claude-code",

6
.codex-plugin/README.md
View File

@@ -1,6 +1,6 @@
# .codex-plugin — Codex Native Plugin for ECC
This directory contains the **Codex plugin manifest** for ECC.
This directory contains the **Codex plugin manifest** for Everything Claude Code.
## Structure
@@ -24,10 +24,10 @@ track that marketplace source from the CLI:
```bash
# Add the public repo marketplace
codex plugin marketplace add affaan-m/ECC
codex plugin marketplace add affaan-m/everything-claude-code
# Or add a local checkout while developing
codex plugin marketplace add /absolute/path/to/ECC
codex plugin marketplace add /absolute/path/to/everything-claude-code
```
The marketplace entry points at the repository root so `.codex-plugin/plugin.json`,

8
.codex-plugin/plugin.json
View File

@@ -1,22 +1,22 @@
{
"name": "ecc",
"version": "2.0.0-rc.1",
"description": "Harness-native ECC workflows for Codex: shared skills, production-ready MCP configs, and selective-install-aligned conventions for TDD, security scanning, code review, and autonomous development.",
"description": "Battle-tested Codex workflows — 207 shared ECC skills, production-ready MCP configs, and selective-install-aligned conventions for TDD, security scanning, code review, and autonomous development.",
"author": {
"name": "Affaan Mustafa",
"email": "me@affaanmustafa.com",
"url": "https://x.com/affaanmustafa"
},
"homepage": "https://ecc.tools",
"repository": "https://github.com/affaan-m/ECC",
"repository": "https://github.com/affaan-m/everything-claude-code",
"license": "MIT",
"keywords": ["codex", "agents", "skills", "tdd", "code-review", "security", "workflow", "automation"],
"skills": "./skills/",
"mcpServers": "./.mcp.json",
"interface": {
"displayName": "ECC",
"displayName": "Everything Claude Code",
"shortDescription": "207 battle-tested ECC skills plus MCP configs for TDD, security, code review, and autonomous development.",
"longDescription": "ECC is a harness-native operator system for Codex and adjacent agent harnesses. It packages reusable skills, MCP configs, TDD workflows, security scanning, code review, architecture decisions, operator workflows, and release gates in one installable plugin.",
"longDescription": "Everything Claude Code (ECC) is a community-maintained collection of Codex-ready skills and MCP configs evolved over 10+ months of intensive daily use. It covers TDD workflows, security scanning, code review, architecture decisions, operator workflows, and more — all in one installable plugin.",
"developerName": "Affaan Mustafa",
"category": "Productivity",
"capabilities": ["Read", "Write"],

1
.github/CODEOWNERS vendored
View File

@@ -1 +0,0 @@
* @affaan-m

53
.github/workflows/release.yml vendored
View File

@@ -5,16 +5,13 @@ on:
tags: ['v*']
permissions:
contents: read
contents: write
id-token: write
jobs:
verify:
name: Verify Release
release:
name: Create Release
runs-on: ubuntu-latest
outputs:
already_published: ${{ steps.npm_publish_state.outputs.already_published }}
dist_tag: ${{ steps.npm_publish_state.outputs.dist_tag }}
package_file: ${{ steps.pack.outputs.package_file }}
steps:
- name: Checkout
@@ -96,46 +93,10 @@ jobs:
### Notes
- npm package: \`ecc-universal\`
- Claude marketplace/plugin identifier: \`ecc@ecc\`
- Claude marketplace/plugin identifier: \`everything-claude-code@everything-claude-code\`
- For migration tips and compatibility notes, see README and CHANGELOG.
EOF
- name: Pack npm artifact
id: pack
run: |
npm pack --json > npm-pack.json
PACKAGE_FILE=$(node -e "const fs = require('fs'); const data = JSON.parse(fs.readFileSync('npm-pack.json', 'utf8')); console.log(data[0].filename)")
echo "package_file=${PACKAGE_FILE}" >> "$GITHUB_OUTPUT"
- name: Upload release artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ecc-release-artifacts
path: |
release_body.md
${{ steps.pack.outputs.package_file }}
if-no-files-found: error
publish:
name: Publish Release
runs-on: ubuntu-latest
needs: verify
permissions:
contents: write
id-token: write
steps:
- name: Download release artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ecc-release-artifacts
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- name: Create GitHub Release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
@@ -145,7 +106,7 @@ jobs:
make_latest: ${{ contains(github.ref_name, '-') && 'false' || 'true' }}
- name: Publish npm package
if: needs.verify.outputs.already_published != 'true'
if: steps.npm_publish_state.outputs.already_published != 'true'
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish "${{ needs.verify.outputs.package_file }}" --access public --provenance --tag "${{ needs.verify.outputs.dist_tag }}"
run: npm publish --access public --provenance --tag "${{ steps.npm_publish_state.outputs.dist_tag }}"

53
.github/workflows/reusable-release.yml vendored
View File

@@ -28,16 +28,13 @@ on:
default: true
permissions:
contents: read
contents: write
id-token: write
jobs:
verify:
name: Verify Release
release:
name: Create Release
runs-on: ubuntu-latest
outputs:
already_published: ${{ steps.npm_publish_state.outputs.already_published }}
dist_tag: ${{ steps.npm_publish_state.outputs.dist_tag }}
package_file: ${{ steps.pack.outputs.package_file }}
steps:
- name: Checkout
@@ -114,45 +111,9 @@ jobs:
### Package Notes
- npm package: \`ecc-universal\`
- Claude marketplace/plugin identifier: \`ecc@ecc\`
- Claude marketplace/plugin identifier: \`everything-claude-code@everything-claude-code\`
EOF
- name: Pack npm artifact
id: pack
run: |
npm pack --json > npm-pack.json
PACKAGE_FILE=$(node -e "const fs = require('fs'); const data = JSON.parse(fs.readFileSync('npm-pack.json', 'utf8')); console.log(data[0].filename)")
echo "package_file=${PACKAGE_FILE}" >> "$GITHUB_OUTPUT"
- name: Upload release artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ecc-release-artifacts
path: |
release_body.md
${{ steps.pack.outputs.package_file }}
if-no-files-found: error
publish:
name: Publish Release
runs-on: ubuntu-latest
needs: verify
permissions:
contents: write
id-token: write
steps:
- name: Download release artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ecc-release-artifacts
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- name: Create GitHub Release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
@@ -163,7 +124,7 @@ jobs:
make_latest: ${{ contains(inputs.tag, '-') && 'false' || 'true' }}
- name: Publish npm package
if: needs.verify.outputs.already_published != 'true'
if: steps.npm_publish_state.outputs.already_published != 'true'
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish "${{ needs.verify.outputs.package_file }}" --access public --provenance --tag "${{ needs.verify.outputs.dist_tag }}"
run: npm publish --access public --provenance --tag "${{ steps.npm_publish_state.outputs.dist_tag }}"

4
.opencode/MIGRATION.md
View File

@@ -1,6 +1,6 @@
# Migration Guide: Claude Code to OpenCode
This guide helps you migrate from Claude Code to OpenCode while using the ECC configuration.
This guide helps you migrate from Claude Code to OpenCode while using the Everything Claude Code (ECC) configuration.
## Overview
@@ -365,4 +365,4 @@ If you need to switch back:
For issues specific to:
- **OpenCode CLI**: Report to OpenCode's issue tracker
- **ECC Configuration**: Report to [github.com/affaan-m/ECC](https://github.com/affaan-m/ECC)
- **ECC Configuration**: Report to [github.com/affaan-m/everything-claude-code](https://github.com/affaan-m/everything-claude-code)

8
.opencode/README.md
View File

@@ -3,13 +3,13 @@
> WARNING: This README is specific to OpenCode usage.
> If you installed ECC via npm (e.g. `npm install opencode-ecc`), refer to the root README instead.
ECC plugin for OpenCode - agents, commands, hooks, and skills.
Everything Claude Code (ECC) plugin for OpenCode - agents, commands, hooks, and skills.
## Installation
## Installation Overview
There are two ways to use ECC:
There are two ways to use Everything Claude Code (ECC):
1. **npm package (recommended for most users)**
Install via npm/bun/yarn and use the `ecc-install` CLI to set up rules and agents.
@@ -52,8 +52,8 @@ npx ecc-install typescript
Clone and run OpenCode in the repository:
```bash
git clone https://github.com/affaan-m/ECC
cd ECC
git clone https://github.com/affaan-m/everything-claude-code
cd everything-claude-code
opencode
```

27
.opencode/commands/harness-audit.md
View File

@@ -24,9 +24,9 @@ node scripts/harness-audit.js <scope> --format <text|json> [--root <path>]
This script is the source of truth for scoring and checks. Do not invent additional dimensions or ad-hoc points.
Rubric version: `2026-05-19`.
Rubric version: `2026-03-30`.
The script computes up to 12 fixed categories (`0-10` normalized each). The first seven are always applicable; GitHub Integration is always applicable; deploy-target categories are applicable only when a matching marker is detected.
The script computes 7 fixed categories (`0-10` normalized each):
1. Tool Coverage
2. Context Efficiency
@@ -35,11 +35,6 @@ The script computes up to 12 fixed categories (`0-10` normalized each). The firs
5. Eval Coverage
6. Security Guardrails
7. Cost Efficiency
8. GitHub Integration
9. Vercel Integration *(when `vercel.json` or `.vercel/` is present)*
10. Netlify Integration *(when `netlify.toml` or `.netlify/` is present)*
11. Cloudflare Integration *(when `wrangler.toml` or `wrangler.jsonc` is present)*
12. Fly Integration *(when `fly.toml` is present)*
Scores are derived from explicit file/rule checks and are reproducible for the same commit.
The script audits the current working directory by default and auto-detects whether the target is the ECC repo itself or a consumer project using ECC.
@@ -48,12 +43,11 @@ The script audits the current working directory by default and auto-detects whet
Return:
1. `overall_score` out of `max_score`. `max_score` depends on which categories are applicable to the target; never assume a fixed total.
2. `applicable_categories[]` and `category_count` describing which categories contributed.
3. Category scores and concrete findings.
4. Failed checks with exact file paths.
5. Top 3 actions from the deterministic output (`top_actions`).
6. Suggested ECC skills to apply next.
1. `overall_score` out of `max_score` (70 for `repo`; smaller for scoped audits)
2. Category scores and concrete findings
3. Failed checks with exact file paths
4. Top 3 actions from the deterministic output (`top_actions`)
5. Suggested ECC skills to apply next
## Checklist
@@ -65,15 +59,14 @@ Return:
## Example Result
```text
Harness Audit (repo, repo): 71/80
Harness Audit (repo): 66/70
- Tool Coverage: 10/10 (10/10 pts)
- Context Efficiency: 9/10 (9/10 pts)
- Quality Gates: 10/10 (10/10 pts)
- GitHub Integration: 2/10 (2/10 pts)
Top 3 Actions:
1) [GitHub Integration] Add at least one workflow under .github/workflows/. (.github/workflows/)
2) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
1) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
2) [Tool Coverage] Sync commands/harness-audit.md and .opencode/commands/harness-audit.md. (.opencode/commands/harness-audit.md)
3) [Eval Coverage] Increase automated test coverage across scripts/hooks/lib. (tests/)
```

8
.opencode/index.ts
View File

@@ -1,5 +1,5 @@
/**
* ECC Plugin for OpenCode
* Everything Claude Code (ECC) Plugin for OpenCode
*
* This package provides the published ECC OpenCode plugin module:
* - Plugin hooks (auto-format, TypeScript check, console.log warning, env injection, etc.)
@@ -26,8 +26,8 @@
*
* Option 2: Clone and use directly
* ```bash
* git clone https://github.com/affaan-m/ECC
* cd ECC
* git clone https://github.com/affaan-m/everything-claude-code
* cd everything-claude-code
* opencode
* ```
*
@@ -47,7 +47,7 @@ export const VERSION = "1.6.0"
export const metadata = {
name: "ecc-universal",
version: VERSION,
description: "ECC plugin for OpenCode",
description: "Everything Claude Code plugin for OpenCode",
author: "affaan-m",
features: {
agents: 13,

2
.opencode/instructions/INSTRUCTIONS.md
View File

@@ -1,4 +1,4 @@
# ECC - OpenCode Instructions
# Everything Claude Code - OpenCode Instructions
This document consolidates the core rules and guidelines from the Claude Code configuration for use with OpenCode.

8
.opencode/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "ecc-universal",
"version": "2.0.0-rc.1",
"description": "ECC plugin for OpenCode - agents, commands, hooks, and skills",
"description": "Everything Claude Code (ECC) plugin for OpenCode - agents, commands, hooks, and skills",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"type": "module",
@@ -47,12 +47,12 @@
"license": "MIT",
"repository": {
"type": "git",
"url": "git+https://github.com/affaan-m/ECC.git"
"url": "git+https://github.com/affaan-m/everything-claude-code.git"
},
"bugs": {
"url": "https://github.com/affaan-m/ECC/issues"
"url": "https://github.com/affaan-m/everything-claude-code/issues"
},
"homepage": "https://github.com/affaan-m/ECC#readme",
"homepage": "https://github.com/affaan-m/everything-claude-code#readme",
"publishConfig": {
"access": "public"
},

4
.opencode/plugins/ecc-hooks.ts
View File

@@ -1,5 +1,5 @@
/**
* ECC Plugin Hooks for OpenCode
* Everything Claude Code (ECC) Plugin Hooks for OpenCode
*
* This plugin translates Claude Code hooks to OpenCode's plugin system.
* OpenCode's plugin system is MORE sophisticated than Claude Code with 20+ events
@@ -453,7 +453,7 @@ export const ECCHooksPlugin: ECCHooksPluginFn = async ({
const contextBlock = [
"# ECC Context (preserve across compaction)",
"",
"## Active Plugin: ECC v2.0.0-rc.1",
"## Active Plugin: Everything Claude Code v2.0.0-rc.1",
"- Hooks: file.edited, tool.execute.before/after, session.created/idle/deleted, shell.env, compacting, permission.ask",
"- Tools: run-tests, check-coverage, security-audit, format-code, lint-check, git-summary, changed-files",
"- Agents: 13 specialized (planner, architect, tdd-guide, code-reviewer, security-reviewer, build-error-resolver, e2e-runner, refactor-cleaner, doc-updater, go-reviewer, go-build-resolver, database-reviewer, python-reviewer)",

2
.opencode/plugins/index.ts
View File

@@ -1,5 +1,5 @@
/**
* ECC Plugins for OpenCode
* Everything Claude Code (ECC) Plugins for OpenCode
*
* This module exports all ECC plugins for OpenCode integration.
* Plugins provide hook-based automation that mirrors Claude Code's hook system

4
AGENTS.md
View File

@@ -1,6 +1,6 @@
# Everything Claude Code (ECC) — Agent Instructions
This is a **production-ready AI coding plugin** providing 60 specialized agents, 232 skills, 75 commands, and automated hook workflows for software development.
This is a **production-ready AI coding plugin** providing 60 specialized agents, 230 skills, 75 commands, and automated hook workflows for software development.
**Version:** 2.0.0-rc.1
@@ -150,7 +150,7 @@ Troubleshoot failures: check test isolation → verify mocks → fix implementat
```
agents/ — 60 specialized subagents
skills/ — 232 workflow skills and domain knowledge
skills/ — 230 workflow skills and domain knowledge
commands/ — 75 slash commands
hooks/ — Trigger-based automations
rules/ — Always-follow guidelines (common + per-language)

98
README.md
View File

@@ -1,12 +1,12 @@
**Language:** English | [Português (Brasil)](docs/pt-BR/README.md) | [简体中文](README.zh-CN.md) | [繁體中文](docs/zh-TW/README.md) | [日本語](docs/ja-JP/README.md) | [한국어](docs/ko-KR/README.md) | [Türkçe](docs/tr/README.md) | [Русский](docs/ru/README.md) | [Tiếng Việt](docs/vi-VN/README.md) | [ไทย](docs/th/README.md)
# ECC
# Everything Claude Code
![ECC - the harness-native operator system for agentic work](assets/hero.png)
![Everything Claude Code — the performance system for AI agent harnesses](assets/hero.png)
[![Stars](https://img.shields.io/github/stars/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/stargazers)
[![Forks](https://img.shields.io/github/forks/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/network/members)
[![Contributors](https://img.shields.io/github/contributors/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/graphs/contributors)
[![Stars](https://img.shields.io/github/stars/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/stargazers)
[![Forks](https://img.shields.io/github/forks/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/network/members)
[![Contributors](https://img.shields.io/github/contributors/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/graphs/contributors)
[![npm ecc-universal](https://img.shields.io/npm/dw/ecc-universal?label=ecc-universal%20weekly%20downloads&logo=npm)](https://www.npmjs.com/package/ecc-universal)
[![npm ecc-agentshield](https://img.shields.io/npm/dw/ecc-agentshield?label=ecc-agentshield%20weekly%20downloads&logo=npm)](https://www.npmjs.com/package/ecc-agentshield)
[![GitHub App Install](https://img.shields.io/badge/GitHub%20App-150%20installs-2ea44f?logo=github)](https://github.com/marketplace/ecc-tools)
@@ -34,7 +34,7 @@
---
**The harness-native operator system for agentic work. From an Anthropic hackathon winner.**
**The performance optimization system for AI agent harnesses. From an Anthropic hackathon winner.**
Not just configs. A complete system: skills, instincts, memory optimization, continuous learning, security scanning, and research-first development. Production-ready agents, skills, hooks, rules, MCP configurations, and legacy command shims evolved over 10+ months of intensive daily use building real products.
@@ -59,7 +59,7 @@ ECC v2.0.0-rc.1 adds the public Hermes operator story on top of that reusable la
</a>
</td>
<td width="25%" align="center">
<a href="https://github.com/affaan-m/ECC/discussions">
<a href="https://github.com/affaan-m/everything-claude-code/discussions">
<strong>Community</strong>
<br />
<sub>Discussions · Q&amp;A · Show & Tell</sub>
@@ -123,7 +123,7 @@ This repo is the raw code only. The guides explain everything.
### v2.0.0-rc.1 — Surface Refresh, Operator Workflows, and ECC 2.0 Alpha (Apr 2026)
- **Dashboard GUI** — New Tkinter-based desktop application (`ecc_dashboard.py` or `npm run dashboard`) with dark/light theme toggle, font customization, and project logo in header and taskbar.
- **Public surface synced to the live repo** — metadata, catalog counts, plugin manifests, and install-facing docs now match the actual OSS surface: 60 agents, 232 skills, and 75 legacy command shims.
- **Public surface synced to the live repo** — metadata, catalog counts, plugin manifests, and install-facing docs now match the actual OSS surface: 60 agents, 230 skills, and 75 legacy command shims.
- **Operator and outbound workflow expansion** — `brand-voice`, `social-graph-ranker`, `connections-optimizer`, `customer-billing-ops`, `ecc-tools-cost-audit`, `google-workspace-ops`, `project-flow-ops`, and `workspace-surface-audit` round out the operator lane.
- **Media and launch tooling** — `manim-video`, `remotion-video-creation`, and upgraded social publishing surfaces make technical explainers and launch content part of the same system.
- **Framework and product surface growth** — `nestjs-patterns`, richer Codex/OpenCode install surfaces, and expanded cross-harness packaging keep the repo usable beyond Claude Code alone.
@@ -172,7 +172,7 @@ This repo is the raw code only. The guides explain everything.
### v1.4.1 — Bug Fix (Feb 2026)
- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/ECC/issues/148), [#161](https://github.com/affaan-m/ECC/pull/161))
- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/everything-claude-code/issues/148), [#161](https://github.com/affaan-m/everything-claude-code/pull/161))
### v1.4.0 — Multi-Language Rules, Installation Wizard & PM2 (Feb 2026)
@@ -196,7 +196,7 @@ This repo is the raw code only. The guides explain everything.
- **Session management** — `/sessions` command for session history
- **Continuous learning v2** — Instinct-based learning with confidence scoring, import/export, evolution
See the full changelog in [Releases](https://github.com/affaan-m/ECC/releases).
See the full changelog in [Releases](https://github.com/affaan-m/everything-claude-code/releases).
---
@@ -265,7 +265,7 @@ npx ecc install --profile minimal --target claude --with capability:machine-lear
```bash
# Add marketplace
/plugin marketplace add https://github.com/affaan-m/ECC
/plugin marketplace add https://github.com/affaan-m/everything-claude-code
# Install plugin
/plugin install ecc@ecc
@@ -275,7 +275,7 @@ npx ecc install --profile minimal --target claude --with capability:machine-lear
ECC now has three public identifiers, and they are not interchangeable:
- GitHub source repo: `affaan-m/ECC`
- GitHub source repo: `affaan-m/everything-claude-code`
- Claude marketplace/plugin identifier: `ecc@ecc`
- npm package: `ecc-universal`
@@ -295,8 +295,8 @@ This is intentional. Anthropic marketplace/plugin installs are keyed by a canoni
```bash
# Clone the repo first
git clone https://github.com/affaan-m/ECC.git
cd ECC
git clone https://github.com/affaan-m/everything-claude-code.git
cd everything-claude-code
# Install dependencies (pick your package manager)
npm install # or: pnpm install | yarn install | bun install
@@ -392,7 +392,7 @@ If you stacked methods, clean up in this order:
/plugin list ecc@ecc
```
**That's it!** You now have access to 60 agents, 232 skills, and 75 legacy command shims.
**That's it!** You now have access to 60 agents, 230 skills, and 75 legacy command shims.
### Dashboard GUI
@@ -494,7 +494,7 @@ Windows PowerShell:
This repo is a **Claude Code plugin** - install it directly or copy components manually.
```
ECC/
everything-claude-code/
|-- .claude-plugin/ # Plugin and marketplace manifests
| |-- plugin.json # Plugin metadata and component paths
| |-- marketplace.json # Marketplace catalog for /plugin marketplace add
@@ -812,7 +812,7 @@ Claude Code v2.1+ **automatically loads** `hooks/hooks.json` from any installed
Duplicate hooks file detected: ./hooks/hooks.json resolves to already-loaded file
```
**History:** This has caused repeated fix/revert cycles in this repo ([#29](https://github.com/affaan-m/ECC/issues/29), [#52](https://github.com/affaan-m/ECC/issues/52), [#103](https://github.com/affaan-m/ECC/issues/103)). The behavior changed between Claude Code versions, leading to confusion. We now have a regression test to prevent this from being reintroduced.
**History:** This has caused repeated fix/revert cycles in this repo ([#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103)). The behavior changed between Claude Code versions, leading to confusion. We now have a regression test to prevent this from being reintroduced.
---
@@ -824,7 +824,7 @@ The easiest way to use this repo - install as a Claude Code plugin:
```bash
# Add this repo as a marketplace
/plugin marketplace add https://github.com/affaan-m/ECC
/plugin marketplace add https://github.com/affaan-m/everything-claude-code
# Install the plugin
/plugin install ecc@ecc
@@ -838,7 +838,7 @@ Or add directly to your `~/.claude/settings.json`:
"ecc": {
"source": {
"source": "github",
"repo": "affaan-m/ECC"
"repo": "affaan-m/everything-claude-code"
}
}
},
@@ -854,21 +854,20 @@ This gives you instant access to all commands, agents, skills, and hooks.
>
> ```bash
> # Clone the repo first
> git clone https://github.com/affaan-m/ECC.git
> cd ECC
> git clone https://github.com/affaan-m/everything-claude-code.git
>
> # Option A: User-level rules (applies to all projects)
> mkdir -p ~/.claude/rules/ecc
> cp -r rules/common ~/.claude/rules/ecc/
> cp -r rules/typescript ~/.claude/rules/ecc/ # pick your stack
> cp -r rules/python ~/.claude/rules/ecc/
> cp -r rules/golang ~/.claude/rules/ecc/
> cp -r rules/php ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/ # pick your stack
> cp -r everything-claude-code/rules/python ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/golang ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/php ~/.claude/rules/ecc/
>
> # Option B: Project-level rules (applies to current project only)
> mkdir -p .claude/rules/ecc
> cp -r rules/common .claude/rules/ecc/
> cp -r rules/typescript .claude/rules/ecc/ # pick your stack
> cp -r everything-claude-code/rules/common .claude/rules/ecc/
> cp -r everything-claude-code/rules/typescript .claude/rules/ecc/ # pick your stack
> ```
---
@@ -879,35 +878,34 @@ If you prefer manual control over what's installed:
```bash
# Clone the repo
git clone https://github.com/affaan-m/ECC.git
cd ECC
git clone https://github.com/affaan-m/everything-claude-code.git
# Copy agents to your Claude config
cp agents/*.md ~/.claude/agents/
cp everything-claude-code/agents/*.md ~/.claude/agents/
# Copy rules directories (common + language-specific)
mkdir -p ~/.claude/rules/ecc
cp -r rules/common ~/.claude/rules/ecc/
cp -r rules/typescript ~/.claude/rules/ecc/ # pick your stack
cp -r rules/python ~/.claude/rules/ecc/
cp -r rules/golang ~/.claude/rules/ecc/
cp -r rules/php ~/.claude/rules/ecc/
cp -r rules/arkts ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/ # pick your stack
cp -r everything-claude-code/rules/python ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/golang ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/php ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/arkts ~/.claude/rules/ecc/
# Copy skills first (primary workflow surface)
# Recommended (new users): core/general skills only
mkdir -p ~/.claude/skills/ecc
cp -r .agents/skills/* ~/.claude/skills/ecc/
cp -r skills/search-first ~/.claude/skills/ecc/
cp -r everything-claude-code/.agents/skills/* ~/.claude/skills/ecc/
cp -r everything-claude-code/skills/search-first ~/.claude/skills/ecc/
# Optional: add niche/framework-specific skills only when needed
# for s in django-patterns django-tdd laravel-patterns springboot-patterns quarkus-patterns; do
# cp -r skills/$s ~/.claude/skills/ecc/
# cp -r everything-claude-code/skills/$s ~/.claude/skills/ecc/
# done
# Optional: keep maintained slash-command compatibility during migration
mkdir -p ~/.claude/commands
cp commands/*.md ~/.claude/commands/
cp everything-claude-code/commands/*.md ~/.claude/commands/
# Retired shims live in legacy-command-shims/commands/.
# Copy individual files from there only if you still need old names such as /tdd.
@@ -1085,7 +1083,7 @@ This shows all available agents, commands, and skills from the plugin.
<details>
<summary><b>My hooks aren't working / I see "Duplicate hooks file" errors</b></summary>
This is the most common issue. **Do NOT add a `"hooks"` field to `.claude-plugin/plugin.json`.** Claude Code v2.1+ automatically loads `hooks/hooks.json` from installed plugins. Explicitly declaring it causes duplicate detection errors. See [#29](https://github.com/affaan-m/ECC/issues/29), [#52](https://github.com/affaan-m/ECC/issues/52), [#103](https://github.com/affaan-m/ECC/issues/103).
This is the most common issue. **Do NOT add a `"hooks"` field to `.claude-plugin/plugin.json`.** Claude Code v2.1+ automatically loads `hooks/hooks.json` from installed plugins. Explicitly declaring it causes duplicate detection errors. See [#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103).
</details>
<details>
@@ -1130,11 +1128,11 @@ Yes. Use Option 2 (manual installation) and copy only what you need:
```bash
# Just agents
cp agents/*.md ~/.claude/agents/
cp everything-claude-code/agents/*.md ~/.claude/agents/
# Just rules
mkdir -p ~/.claude/rules/ecc/
cp -r rules/common ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
```
Each component is fully independent.
@@ -1147,7 +1145,7 @@ Yes. ECC is cross-platform:
- **Cursor**: Pre-translated configs in `.cursor/`. See [Cursor IDE Support](#cursor-ide-support).
- **Gemini CLI**: Experimental project-local support via `.gemini/GEMINI.md` and shared installer plumbing.
- **OpenCode**: Full plugin support in `.opencode/`. See [OpenCode Support](#opencode-support).
- **Codex**: First-class support for both macOS app and CLI, with adapter drift guards and SessionStart fallback. See PR [#257](https://github.com/affaan-m/ECC/pull/257).
- **Codex**: First-class support for both macOS app and CLI, with adapter drift guards and SessionStart fallback. See PR [#257](https://github.com/affaan-m/everything-claude-code/pull/257).
- **GitHub Copilot (VS Code)**: Instruction and prompt layer via `.github/copilot-instructions.md`, `.vscode/settings.json`, and `.github/prompts/`. See [GitHub Copilot Support](#github-copilot-support).
- **Antigravity**: Tightly integrated setup for workflows, skills, and flattened rules in `.agent/`. See [Antigravity Guide](docs/ANTIGRAVITY-GUIDE.md).
- **JoyCode / CodeBuddy**: Project-local selective install adapters for commands, agents, skills, and flattened rules. See [JoyCode Adapter Guide](docs/JOYCODE-GUIDE.md).
@@ -1425,7 +1423,7 @@ The configuration is automatically detected from `.opencode/opencode.json`.
|---------|-------------|----------|--------|
| Agents | PASS: 60 agents | PASS: 12 agents | **Claude Code leads** |
| Commands | PASS: 75 commands | PASS: 35 commands | **Claude Code leads** |
| Skills | PASS: 232 skills | PASS: 37 skills | **Claude Code leads** |
| Skills | PASS: 230 skills | PASS: 37 skills | **Claude Code leads** |
| Hooks | PASS: 8 event types | PASS: 11 events | **OpenCode has more!** |
| Rules | PASS: 29 rules | PASS: 13 instructions | **Claude Code leads** |
| MCP Servers | PASS: 14 servers | PASS: Full | **Full parity** |
@@ -1490,7 +1488,7 @@ OpenCode's plugin system is MORE sophisticated than Claude Code with 20+ event t
**Option 1: Use directly**
```bash
cd ECC
cd everything-claude-code
opencode
```
@@ -1587,7 +1585,7 @@ ECC is the **first plugin to maximize every major AI coding tool**. Here's how e
|---------|------------|------------|-----------|----------|----------------|
| **Agents** | 60 | Shared (AGENTS.md) | Shared (AGENTS.md) | 12 | N/A |
| **Commands** | 75 | Shared | Instruction-based | 35 | 6 prompts |
| **Skills** | 232 | Shared | 10 (native format) | 37 | Via instructions |
| **Skills** | 230 | Shared | 10 (native format) | 37 | Via instructions |
| **Hook Events** | 8 types | 15 types | None yet | 11 types | None |
| **Hook Scripts** | 20+ scripts | 16 scripts (DRY adapter) | N/A | Plugin hooks | N/A |
| **Rules** | 34 (common + lang) | 34 (YAML frontmatter) | Instruction-based | 13 instructions | 1 always-on file |
@@ -1719,7 +1717,7 @@ These configs work for my workflow. You should:
## Community Projects
Projects built on or inspired by ECC:
Projects built on or inspired by Everything Claude Code:
| Project | Description |
|---------|-------------|
@@ -1740,7 +1738,7 @@ This project is free and open source. Sponsors help keep it maintained and growi
## Star History
[![Star History Chart](https://api.star-history.com/svg?repos=affaan-m/ECC&type=Date)](https://star-history.com/#affaan-m/ECC&Date)
[![Star History Chart](https://api.star-history.com/svg?repos=affaan-m/everything-claude-code&type=Date)](https://star-history.com/#affaan-m/everything-claude-code&Date)
---

2
README.zh-CN.md
View File

@@ -160,7 +160,7 @@ Copy-Item -Recurse rules/typescript "$HOME/.claude/rules/"
/plugin list ecc@ecc
```
**完成!** 你现在可以使用 60 个代理、232 个技能和 75 个命令。
**完成!** 你现在可以使用 60 个代理、230 个技能和 75 个命令。
### multi-* 命令需要额外配置

2
agent.yaml
View File

@@ -1,5 +1,5 @@
spec_version: "0.1.0"
name: ecc
name: everything-claude-code
version: 2.0.0-rc.1
description: "Initial gitagent export surface for ECC's shared skill catalog, governance, and identity. Native agents, commands, and hooks remain authoritative in the repository while manifest coverage expands."
author: affaan-m

27
commands/harness-audit.md
View File

@@ -24,9 +24,9 @@ node scripts/harness-audit.js <scope> --format <text|json> [--root <path>]
This script is the source of truth for scoring and checks. Do not invent additional dimensions or ad-hoc points.
Rubric version: `2026-05-19`.
Rubric version: `2026-03-30`.
The script computes up to 12 fixed categories (`0-10` normalized each). The first seven are always applicable; GitHub Integration is always applicable; deploy-target categories are applicable only when a matching marker is detected.
The script computes 7 fixed categories (`0-10` normalized each):
1. Tool Coverage
2. Context Efficiency
@@ -35,11 +35,6 @@ The script computes up to 12 fixed categories (`0-10` normalized each). The firs
5. Eval Coverage
6. Security Guardrails
7. Cost Efficiency
8. GitHub Integration
9. Vercel Integration *(when `vercel.json` or `.vercel/` is present)*
10. Netlify Integration *(when `netlify.toml` or `.netlify/` is present)*
11. Cloudflare Integration *(when `wrangler.toml` or `wrangler.jsonc` is present)*
12. Fly Integration *(when `fly.toml` is present)*
Scores are derived from explicit file/rule checks and are reproducible for the same commit.
The script audits the current working directory by default and auto-detects whether the target is the ECC repo itself or a consumer project using ECC.
@@ -48,12 +43,11 @@ The script audits the current working directory by default and auto-detects whet
Return:
1. `overall_score` out of `max_score`. `max_score` depends on which categories are applicable to the target; never assume a fixed total.
2. `applicable_categories[]` and `category_count` describing which categories contributed.
3. Category scores and concrete findings.
4. Failed checks with exact file paths.
5. Top 3 actions from the deterministic output (`top_actions`).
6. Suggested ECC skills to apply next.
1. `overall_score` out of `max_score` (70 for `repo`; smaller for scoped audits)
2. Category scores and concrete findings
3. Failed checks with exact file paths
4. Top 3 actions from the deterministic output (`top_actions`)
5. Suggested ECC skills to apply next
## Checklist
@@ -65,15 +59,14 @@ Return:
## Example Result
```text
Harness Audit (repo, repo): 71/80
Harness Audit (repo): 66/70
- Tool Coverage: 10/10 (10/10 pts)
- Context Efficiency: 9/10 (9/10 pts)
- Quality Gates: 10/10 (10/10 pts)
- GitHub Integration: 2/10 (2/10 pts)
Top 3 Actions:
1) [GitHub Integration] Add at least one workflow under .github/workflows/. (.github/workflows/)
2) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
1) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
2) [Tool Coverage] Sync commands/harness-audit.md and .opencode/commands/harness-audit.md. (.opencode/commands/harness-audit.md)
3) [Eval Coverage] Increase automated test coverage across scripts/hooks/lib. (tests/)
```

445
docs/ECC-2.0-GA-ROADMAP.md
View File

@@ -12,222 +12,41 @@ execution truth is split across:
- merged PR evidence;
- handoffs under `~/.cluster-swarm/handoffs/`.
The May 19 release/growth execution map lives at
[`docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md`](releases/2.0.0/ecc-2-hypergrowth-release-command-center.md).
It is the operator surface for the final ECC 2.0 repo identity, video suite,
partner/sponsor funnel, consulting/talk funnel, and social launch plan.
## 2026-05-20 Delta
- The tracked platform audit is still green on May 20 with 0 open PRs,
0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps,
0 conflicting PRs, and 0 blocking dirty files across `affaan-m/ECC`,
`affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and
`ECC-Tools/ECC-website`.
- The new #2015 setup-location Q&A was answered and marked accepted. The
answer keeps install guidance conservative: do not install into `C:\`; use a
normal workspace, install the `ecc@ecc` Claude plugin once, copy only needed
rule folders when using manual rules, and avoid stacking plugin plus full
manual install.
- ECC-Tools PRs #80-#88 landed the next hosted-platform batch: runtime
receipts now require failure reasons; AgentShield fleet approval IDs survive
hosted security review and render into comments/check-runs; Linear follow-up
sync reuses deterministic external IDs; hosted AgentShield remediation items
sync to Linear; hosted job observability events are emitted for queued,
completed, blocked, failed, and budget-blocked states; and both hosted job
status comments and hosted depth-plan check-runs read back recent
observability/budget events. PR #88 adds the authenticated observability API
readback for operator dashboards and production smoke tests.
- AgentShield PR #94 landed the next cross-harness adapter slice: Zed and
VS Code are first-class adapter detections, `.zed/settings.json` and
`.zed/tasks.json` are discoverable scan inputs, and `.zed/setup.mjs` now
trips the same AI-tool persistence IOC rule as `.vscode/setup.mjs`.
- AgentShield PR #95 cleared the remaining default-branch Dependabot alert by
moving transitive `brace-expansion` 5.x lockfile entries to `5.0.6`; the
post-merge Dependabot open-alert API now returns `[]`, and local
`npm audit --audit-level=moderate` returns 0 vulnerabilities.
- ECC PR #2019 merged the Marketplace Pro selected-target release-gate sync
into this repo as `30f60710d4e0424fc70d9bbdc105009db141d9d8`. The post-merge
main CI run `26135974576` completed green across lint, coverage, security,
validation, and the full OS/package-manager matrix.
- ECC PR #2020 merged the selected-target announcement-gate mirror as
`c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`. The post-merge main CI run
`26136949698` completed green across lint, coverage, security, validation,
and the full OS/package-manager matrix.
- ECC-Tools PR #90 added the selected-target official announcement gate for
`billing:announcement-gate -- --select-ready-target`; safe production
preflight no longer requires a raw GitHub login and now blocks only on the
local/internal `INTERNAL_API_SECRET` input before live execution.
- ECC-Tools PR #91 added `--env-file` support to both billing gate scripts so
ignored local operator credential files can supply `INTERNAL_API_SECRET`,
Cloudflare auth, Wrangler auth mode, or target fallbacks without printing
secret contents. Verify, Security Audit, and Workers Builds passed before
merge as `72119a1`, and main CI run `26137280847` completed successfully after
merge.
- ECC-Tools PR #92 added a non-breaking `INTERNAL_OPERATOR_API_SECRET` bearer
accepted by privileged internal API routes without rotating the existing
`INTERNAL_API_SECRET`; Verify, Security Audit, and Workers Builds passed
before merge as `18d80197be779619283e0b37e2952bac53819a07`, and the merged
Worker was deployed to `api.ecc.tools`.
- The May 20 live native-payments gate now passes: the vault-backed Wrangler
readback selected a ready Marketplace Pro target with fingerprint
`e953a74209fe`, both key families present, webhook evidence ready, 0 KV
blockers, and the official
`npm run billing:announcement-gate -- --select-ready-target` returned
`announcementGateReady: true`, 0 required actions, 0 blockers, and audit
summary 6 pass / 1 warn / 0 fail through the new operator bearer path.
- ECC-Tools PR #93 recorded that live billing evidence in the app launch
checklist and distribution roadmap as
`d3d62df83fa075660fa4530c3e0edc311a4355fe`; public native-payments copy is no
longer blocked by billing evidence, but publication timing remains behind the
final release, plugin, live URL, and owner-approval gates.
- Linear ITO-54 and the ECC Platform Roadmap now have the May 20 ECC-Tools
hosted observability update comments
`74dcc101-3be5-4173-be13-62b80d54f569` and
`348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5`, after earlier PR #84/#85 comments
recorded remediation sync and hosted observability events. PR #88 is recorded
in Linear comments `291e2a4b-06e3-4672-a057-cdb141478161` and
`b2d35de0-ca49-44cb-982a-ddec229e7691`; AgentShield #94 is recorded in
ITO-49 comment `faed69dd-35f5-469d-acb5-ddde6a70d6a1` and project comment
`70187c1e-d481-4181-b418-09bd65d54b5e`; AgentShield #95 is recorded in
ITO-49 comment `371fc3e4-611f-4d20-a23f-67db1260b418`, ITO-57 comment
`bd06e252-15c1-4256-b667-caa3f64f5968`, and project comment
`22c2c388-2fd1-4dea-a939-6141f40c9a21`.
- Linear ITO-61 and the ECC Platform Roadmap now have the May 20 Marketplace
Pro release-gate comments `467d148a-712a-4777-aad9-95593e9f1739` and
`7642ee9c-3107-400c-a229-53e2895a8914`, recording ECC-Tools #89, ECC #2019,
the green post-merge CI run, and the remaining internal bearer-token gate.
The repo mirror now also records ECC-Tools #90 and #91 as the selected-target
announcement gate and billing gate env-file operator-path follow-up.
## 2026-05-19 Delta
- The public repo identity is now `affaan-m/ECC`; release, package, plugin,
workflow, and launch-copy surfaces should use that URL for current public
links.
- The late May 19 queue drain added the deterministic `release:approval-gate`
on ECC `main`, merged ECC-Tools billing-announcement redaction hardening, and
cleared the JARVIS Dependabot/deploy repair tail. The tracked platform audit
is now green with 0 open PRs, 0 open issues, and 0 discussion gaps across all
five tracked repos, but release/publication actions remain owner and live-URL
gated.
- The ECC 2.0 release story should lead with the product shape directly:
harness-native operator system, reusable skills/rules/hooks/MCP conventions,
`ecc2/` alpha control plane, Hermes as optional operator shell, and ECC Tools
Pro/Sponsors/consulting as the business surface.
- Copy should avoid presenting this as a repo rename or config-pack migration.
The release proof should show the system through install flow, cross-harness
demos, security evidence, hosted product evidence, and the video suite.
## Current Evidence
As of 2026-05-20:
As of 2026-05-17:
- GitHub queues are clean across `affaan-m/ECC`,
- GitHub queues are clean across `affaan-m/everything-claude-code`,
`affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and
`ECC-Tools/ECC-website`: the latest `platform-audit` sweep found 0 open PRs,
0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing
accepted answers, and 0 blocking dirty files. The current
`scripts/work-items.js list --json` output also reports `totalCount: 0`, so
there are no open or blocked local work items in the SQLite bridge.
- Owner-wide queue cleanup is also inside the requested budget:
`docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md` records the
live `gh search` sweep that closed 24 stale dependency-bot PRs and 72 stale
legacy payments/0EM roadmap issues, then closed the 9 remaining stale,
generated, conflicting, or test/noise PRs and the 5 remaining legacy,
outreach, or placeholder issues. The broader `affaan-m` owner namespace is
now at 0 open PRs and 0 open issues by live `gh search`. Archived repos
touched during closure were restored to archived state.
accepted answers, and 0 blocking dirty files when allowing the unrelated
local `docs/drafts/` directory. The May 17 queue batch merged #1961, #1963,
and #1953, closed/skipped incompatible #1962, and #1953 closed #1951.
- GitHub discussions are current across those tracked repos:
`affaan-m/ECC` has 60 total discussions and 0 without
maintainer touch after the May 19 #2003 AURA integration proposal was routed
as an external-adapter proposal, not core wallet/escrow coupling, and the
May 20 #2015 setup-location Q&A was answered and accepted; AgentShield,
`affaan-m/everything-claude-code` has 58 total discussions and 0 without
maintainer touch after May 15 maintainer updates on #73 and #1239; AgentShield,
JARVIS, ECC Tools, and the ECC Tools website have discussions disabled or 0
total discussions. `docs/architecture/discussion-response-playbook.md` now
supplies the ITO-59 response categories, public templates, security-escalation
path, and readback rules for future discussion batches.
total discussions.
- The current Linear roadmap contains 16 issue lanes (`ITO-44` through
`ITO-59`) and five milestones: Security and Access Baseline, ECC 2.0 Preview
and Publication, AgentShield Enterprise Iteration, ECC Tools Next-Level
Platform, and Legacy Audit and Salvage.
- Linear live sync is current for the May 19 PR #2002 merge and discussion
batch: the ECC platform project has the post-PR #2002 sync document
`ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment
`a6411e3a-8c8e-4a58-adba-687e77d4c543`, and issue comments on ITO-44,
ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56. ITO-47, ITO-48,
ITO-49, ITO-51, ITO-54, and ITO-56 were moved to In Progress because those
lanes now have current implementation/evidence and remaining gate/readback
work. ITO-57 still has the May 18 emergency supply-chain refresh comment
(`3fe5b2b7-c4fe-401c-a317-b40d72119cb3`). Linear project status updates are
disabled in this workspace, so project documents and comments are the
supported external status surface.
- The latest May 18 merge batch on `main` includes PR #1970 workflow-security
validator bypass fixes, PR #1971 metrics bridge cost-reporting and warning
de-dup fixes, PR #1972 `uncloud` skill activation structure, PR #1976
OpenAI/AstraFlow provider response guards, ECC-Tools Wrangler OAuth billing
readback mirror evidence, the `04d4d819` defensive-deny IOC scanner hardening
recheck, `7911af4a` release OIDC publishing-scope hardening, `97567a91`
release workflow line-ending normalization, and release evidence with a
refreshed operator dashboard.
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` records the
current May 19 queue-zero state, canonical ECC identity merge, release video
suite gate, partner/sponsor/talk outreach pack, owner approval packet
(`owner-approval-packet-2026-05-19.md`), current preview-pack smoke digest
`eebb8a66c33e`, local 2568-test suite, PR #2001 merge and GitHub Actions run
`26102500291` success, PR #2002's owner-approval dashboard gate refresh and
GitHub Actions run `26103853507`, PR #2004's Linear readiness evidence sync
and GitHub Actions run `26105012698`, plus PR #2005's post-PR #2004
evidence refresh and GitHub Actions run `26106321921`, PR #2008's supply-chain
evidence gate fix and GitHub Actions run `26108473648`, post-PR #2006 main CI
run `26109953093`, and PR #2009's project-registry hygiene GitHub Actions run
`26111313938`, post-PR #2009 main CI run `26111946778`, post-PR #2011
GateGuard main CI run `26113695068`, and post-PR #2013 release-approval-gate
main CI run `26128749863`. The late May 19 sync target also includes
ECC-Tools PR #79 billing-announcement redaction hardening and JARVIS PR #15
/ PR #16 queue/deploy repair, with JARVIS main CI, CodeQL, and Deploy green
after the workflow repair. The Linear external project status surface now has
both the post-PR #2002 sync document and the late-pass document
`ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, plus project
comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`. The supply-chain gate now
also records the `@types/node@25.7.0` pin and `brace-expansion` lock refresh
needed for current npm audit/signature verification.
- The May 20 ECC-Tools hosted-platform pass extends that evidence with PR #80
through PR #88, all merged after green GitHub Verify/Security Audit/Workers
Builds checks. Local validation for the final depth-plan observability slice
passed the focused hosted depth-plan route test, the full route suite
(89/89), typecheck, lint, full ECC-Tools Vitest suite (683/683), and
`git diff --check`. PR #88 additionally exposes authenticated hosted
observability readback at `/api/analysis/observability` for operator
dashboards and production smoke tests; its local verification passed
typecheck, lint, the full ECC-Tools Vitest suite (686/686), and
`git diff --check`.
- AgentShield PR #94 adds Zed and VS Code to the first-class adapter registry
after local verification with typecheck, lint, the focused core scanner/rule
tests, full `npm test` (1822 tests), `npm run build`, and `git diff --check`.
GitHub checks passed across GitGuardian, scan suite, self-scan,
self-scan examples, Node 18/20/22 CI, CodeRabbit, and Cubic after rerunning a
transient GitHub artifact-upload failure.
- AgentShield PR #95 resolves Dependabot #20 / `GHSA-jxxr-4gwj-5jf2` /
`CVE-2026-45149` by updating the vulnerable `brace-expansion` 5.x
transitive lockfile entries to `5.0.6`. Local validation passed
`npm audit --audit-level=moderate`, typecheck, lint, full `npm test`
(1822 tests), build, and whitespace checks; GitHub checks passed across
Verify Node 18/20/22, self-scan, self-scan examples, Test GitHub Action,
GitGuardian, CodeRabbit, and Cubic.
- `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md`
regenerates the ITO-44 prompt-to-artifact dashboard from live platform audit
evidence: PR queue, issue queue, discussion queue, local worktree gate,
dashboard generation, and supply-chain loop are current; the dashboard now
also tracks the `$1,728/mo` to `$10,000/mo` hypergrowth baseline, release
video-suite lane, partner/sponsor/talk outbound pack, and owner approval
packet; publication, plugin, billing, AgentShield, ECC Tools, Linear release
gate sync, and final outbound approval remain the next work.
- Linear live sync is current for the May 17 merge batch: ITO-57 has a new
supply-chain protection comment (`ca703b95-41a1-403e-9bc4-3d68edd4d4a3`),
and the ECC platform project has a new operator progress snapshot
(`6c4d1b92-95cf-4ea1-84fd-cbea36f24d1a`).
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` records the
May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript
and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack
local protection recheck, npm audit/signature checks, current operator
dashboard, and GitHub CI success for `99dd6ac0`.
- `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md`
regenerates the ITO-44 prompt-to-artifact dashboard from live platform audit
evidence: PR queue, issue queue, discussion queue, local worktree gate,
dashboard generation, and supply-chain loop are current; publication, plugin,
billing, AgentShield, ECC Tools, legacy, and Linear/productized sync lanes
remain the next work.
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md` records the
queue, discussion, Linear roadmap, ECC Tools access, Mini Shai-Hulud/TanStack
full-campaign follow-up, scheduled supply-chain watch coverage, no-lifecycle
@@ -242,16 +61,12 @@ As of 2026-05-20:
finding evidence paths, ECC-Tools #78 harness policy-route linking, PR #1947
supply-chain protection, and May 16 release-evidence
refresh.
- `npm run harness:audit -- --format json` reports 80/80 on current `main`.
- `npm run harness:audit -- --format json` reports 70/70 on current `main`.
- `npm run observability:ready` reports 21/21 readiness on current `main`,
including the GitHub/Linear/handoff/roadmap progress-sync contract.
- GitHub CI run `26017368895` completed successfully for
`04d4d81938b20ac2bac1f0025145ab77d6a59f5f`, including Validate Components,
- GitHub CI run `25983803011` completed successfully for
`99dd6ac0db20fce51713b6a1c92515d2453b769e`, including Validate Components,
Coverage, Lint, Security Scan, and the full Node/package-manager matrix.
- Supply-Chain Watch run `26009825837` completed successfully for
`3b7e0ba30a027ffd3319c2f145c63076c296d80a`, including no-lifecycle install,
npm audit/signature verification, scanner fixtures, advisory-source
fixtures, IOC/advisory artifact generation, and workflow-security validation.
- PR #1846 merged as `797f283036904128bb1b348ae62019eb9f08cf39` and made
npm registry signature verification a durable workflow-security gate:
workflows that run `npm audit` now need `npm audit signatures`.
@@ -446,105 +261,10 @@ As of 2026-05-20:
verify the Marketplace test account, internal API token presence, and
billing-readiness endpoint before making the privileged readback call.
- ECC-Tools commit `eb6941290b2fa70db01a51084e9e79a160238468`
recorded the first live production readback state: Cloudflare Worker secret
names include `INTERNAL_API_SECRET`, but no Marketplace-managed account could
pass the announcement gate yet.
- ECC-Tools commit `95d0bec69dbcf364ed084e983a40d0a94d443d16`
adds repeatable aggregate production KV readback with
`npm run billing:kv-readback`: the latest API-authenticated run found 253
`account-billing:*` records and 253 `billing-state:*` records, but 0
Marketplace-managed Pro `billing-state:*` records, so native-payments copy
remains blocked until `--require-ready` and the official internal
announcement gate pass.
- ECC-Tools commit `285967807ea7b5eb3146bc984fb2229db67d4290`
requires GitHub Marketplace webhook provenance on Pro billing-state records
before native-payments announcement readiness can pass. The CI run
`26013559229` succeeded for the pushed head.
- ECC-Tools commit `42653f9140c232961280d961ed76a6142433cfa1`
adds `npm run billing:kv-readback -- --wrangler` so operators can run the
aggregate production KV readback through an authenticated Wrangler OAuth
session instead of requiring a separate Cloudflare API token/global key. CI
run `26016223013` succeeded, and the latest live readback found 253
`account-billing:*` records and 253 `billing-state:*` records with 194
marketplace/free states, 59 Stripe/pro states, 0 Marketplace Pro states, 0
ready-like Marketplace Pro states, and 0 parse failures. Native-payments
copy remains blocked until a real Marketplace-managed Pro webhook creates
billing-state provenance and `--require-ready` plus the official internal
announcement gate pass.
- ECC-Tools commit `632e059e51b6e1297ba118807c8b5b2adbac74ce`
adds target account billing readback with `npm run billing:kv-readback -- --account <github-login> --require-ready`.
The report redacts the account login and raw KV keys, emits only a stable
fingerprint plus sanitized readiness booleans, and now requires both
`account-billing:<login>` and `billing-state:<login>` before a target
Marketplace Pro test account can pass the native-payments announcement
readback gate. CI run `26018941515` succeeded. The 2026-05-18 live recheck
split out Linear ITO-61 for the target-account blocker.
- ECC-Tools commit `d5f60db` adds sanitized Marketplace-source provenance
counts to `npm run billing:kv-readback`, including
`marketplaceSourceRecords`, `marketplaceSourceWithWebhookEvidence`,
`marketplaceSourceWithoutWebhookEvidence`, `byMarketplacePlanName`, and
`byMarketplaceEventAction`. The 2026-05-18 live Wrangler OAuth readback now
works and found 256 account-billing records, 256 billing-state records, 197
Marketplace-source records, 59 Stripe-source records, 53 Pro records, 0
Marketplace Pro records, 4 Marketplace webhook-provenance records, all
`Open Source` purchases, and 193 Marketplace-source records without webhook
provenance. Native-payments copy remains blocked by Linear ITO-61 until a
real Marketplace-managed Pro webhook creates target account provenance and
`billing:kv-readback -- --wrangler --wrangler-bin ./node_modules/.bin/wrangler --account <github-login> --require-ready`
plus the official internal announcement gate pass.
- ECC-Tools commit `13cd3fc` normalizes billing-state key casing so
Marketplace webhook writes and announcement readbacks agree on GitHub login
case; current-head CI `26037611421` passed. The code-side readback hardening
remains green, but it does not create live Marketplace Pro state.
- ECC-Tools commit `69ca535` surfaces hosted team-learning feedback controls:
harness compatibility and team-backlog routing now show retention days,
deletion route/SLA, and opt-out route before adaptive recommendations are
routed into team-owned queues. Linear ITO-52 is Done with CI `26054455434`.
- ECC-Tools commit `e56fc1a` updates the lockfile for
`brace-expansion@5.0.6` and fixed Dependabot alert 44 for CVE-2026-45149;
GitHub API reported `state: fixed` at `2026-05-18T19:10:15Z` and current-head
CI `26054671308` passed.
- ECC-Tools PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a`
and adds
`npm run billing:kv-readback -- --select-ready-target --require-ready` so
operators can prove a ready Marketplace Pro account without passing or
printing the login. The 2026-05-20 production Wrangler OAuth readback found
ready-like Marketplace Pro records with webhook provenance and 0 parse
failures. The selected target report printed only a stable fingerprint,
confirmed both key families, `marketplace` source, `pro` tier, seat ready,
webhook evidence ready, automatic overage disabled, and 0 blockers. The old
"no Marketplace-managed Pro target billing-state" blocker is cleared. Linear
comment `f14ed2fe-a219-470c-8119-63429e197027` records the redacted readback
counts.
- ECC-Tools PR #90 merged as
`16a5bb33ee5ce7c31d2ad8d041e5afac03308f05` after Verify, Security Audit,
and Workers Builds passed. It adds the selected-target official announcement
gate through `/api/billing/readiness?selectReadyTarget=1` and
`npm run billing:announcement-gate -- --select-ready-target`, so operators no
longer need to pass or print a raw GitHub login for the official
native-payments gate. The 2026-05-20 safe production preflight requested a
selected ready target and narrowed the remaining blocker to the missing
local/internal `INTERNAL_API_SECRET` bearer token. Native-payments copy remains
blocked until that token path is available and the live
`billing:announcement-gate -- --select-ready-target` call passes.
- ECC-Tools PR #91 merged as `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`
after Verify, Security Audit, and Workers Builds passed. It adds the billing
gate env-file operator path with `--env-file` support for the announcement
gate and KV readback scripts, plus sentinel tests proving loaded secrets and
account logins are not printed.
- ECC-Tools PR #92 merged as `18d80197be779619283e0b37e2952bac53819a07` after
Verify, Security Audit, and Workers Builds passed. It adds the optional
`INTERNAL_OPERATOR_API_SECRET` recovery bearer so operators can run privileged
internal readiness gates without replacing the primary `INTERNAL_API_SECRET`;
the merged Worker was deployed to `api.ecc.tools` before the live gate run.
- ECC-Tools PR #93 merged as `d3d62df83fa075660fa4530c3e0edc311a4355fe` after
Verify, Security Audit, and Workers Builds passed. It records the live
2026-05-20 billing evidence in the app launch checklist and roadmap:
selected ready Marketplace Pro target, fingerprint `e953a74209fe`, 0 KV
blockers, preflight ready, `announcementGateReady: true`, 0 required actions,
0 blockers, and audit summary 6 pass / 1 warn / 0 fail. Native-payments copy
is no longer blocked by billing evidence, but final announcement timing still
requires the release, plugin, live URL, and owner-approval gates.
records live production readback state: Cloudflare Worker secret names include
`INTERNAL_API_SECRET`, but the production KV namespace currently has no
`account-billing:*` or `billing-state:*` records, so no
Marketplace-managed account can pass the announcement gate yet.
- Handoff `ecc-supply-chain-audit-20260513-0645.md` under
`~/.cluster-swarm/handoffs/`
records the May 13 supply-chain sweep: no active lockfile/manifest hit for
@@ -803,44 +523,6 @@ As of 2026-05-20:
fleet summaries are collected as harness evidence, target paths are mapped to
Claude, Codex, OpenCode, MCP, plugin, and cross-harness owners, and routed
findings carry source evidence paths for operator review.
- ECC-Tools PR #79 merged as `67ee247ae1b7b50ecc1261ed5d62d65cc8390da8`
and redacts billing announcement gate account output: the billing preflight
and live readback now print stable account fingerprints and sanitized
readiness booleans instead of raw account logins or KV key names.
- ECC-Tools PR #80 merged as `4efc8cc858022f84c844690f3298633b081c4398`
and requires runtime receipt failure reasons before harness runtime receipts
can count as hosted observability evidence.
- ECC-Tools PR #81 merged as `1fbf635f492284f75ba7166c029c39eb8cc15794`
and preserves AgentShield fleet approval IDs through hosted security review
so policy-promotion follow-ups keep owner-review identity stable.
- ECC-Tools PR #82 merged as `7a7b4d096a176ae80b3a2076c09d45601e36013a`
and renders AgentShield fleet approval IDs in hosted comments and check-runs,
giving operators a direct bridge from hosted security review back to
AgentShield policy-promotion review items.
- ECC-Tools PR #83 merged as `b6b107f33961bef18a85fb619f3a976eb5d752dd`
and makes Linear follow-up sync reuse deterministic external IDs before title
fallback, preventing duplicate deferred backlog issues during repeated
`/ecc-tools followups sync-linear` runs.
- ECC-Tools PR #84 merged as `73bac7058071c55cb30c6b8ac6db779b3660c02c`
and syncs hosted AgentShield remediation items to Linear when the workspace
token/team are configured; hosted result comments now include created/reused
Linear remediation links.
- ECC-Tools PR #85 merged as `1637e0f2bfa0a889387f2c20675680ccc5528123`
and emits hosted job observability events for queued, completed, blocked,
failed, and budget-blocked states into `ANALYSIS_CACHE`, including budget
snapshots and result counts.
- ECC-Tools PR #86 merged as `5a9e94d3ff860307c3e7fd9fd065f0de2bd633dd`
and reads recent hosted observability events in
`/ecc-tools analyze --job status`, so status comments show budget snapshots,
blocked results, and budget-blocked outcomes alongside latest job runs.
- ECC-Tools PR #87 merged as `508fbc02b63cf1fcb5af2f3624608fa66e53b5d4`
and adds the same hosted observability readback to hosted depth-plan
check-runs, keeping the PR check surface aligned with status comments.
- ECC-Tools PR #88 merged as `c836ac3fb24ed7e2ae38cd61e41c9651ac9c00f8`
and exposes authenticated hosted observability API readback at
`/api/analysis/observability`, summarizing recent hosted events by event type
and job while skipping malformed stale KV records. The deployment runbook now
includes the production smoke command for operator/dashboard readback.
- AgentShield PR #90 merged as `6d1c57c92000541d65a3b6bc366f0322d7d0dacc`
and adds durable fleet `reviewItems`: `agentshield evidence-pack fleet --json`
now returns owner-ready review items with route, severity, repository/target
@@ -857,16 +539,6 @@ As of 2026-05-20:
policy SHA-256 digest, rejects tampered policy JSON, requires explicit pack
selection for multi-pack manifests, and supports dry-run JSON review before
writing the active `.agentshield/policy.json`.
- AgentShield PR #94 merged as `4caee27acfadb50a4cd024e738b5c3cbd4b0bb03`
and adds editor-native adapter coverage for Zed and VS Code. Zed
`.zed/settings.json`, `.zed/tasks.json`, and `.zed` hook-code files are now
scan inputs, adapter reports expose Zed MCP/tool-permission/task metadata and
VS Code workspace/task/extension metadata, and `.zed/setup.mjs` is covered by
the AI-tool persistence IOC rule.
- AgentShield PR #95 merged as `25d91f0002214c408da4ceaac7def20bad40ca10`
and clears the `brace-expansion` Dependabot alert. The lockfile now resolves
the vulnerable transitive 5.x copies to `5.0.6`; the remaining 1.x copy is
outside the advisory range.
- AgentShield main commit `87aec47fb55d04ea28d494852d4f664c268c5601`
extends policy promotion with durable `reviewItems` for manifest digest
evidence, policy-owner approval, protected rollout PR handoff, and runtime
@@ -932,7 +604,7 @@ As of 2026-05-20:
- Keep public PRs and issues below 20, with zero as the preferred release-lane
target.
- Maintain 80/80 harness audit and 21/21 observability readiness after every
- Maintain 70/70 harness audit and 21/21 observability readiness after every
GA-readiness batch.
- Do not publish release or social announcements until the GitHub release,
npm/package state, billing state, and plugin submission surfaces are verified
@@ -940,9 +612,7 @@ As of 2026-05-20:
- Do not treat closed stale PRs as discarded. Pair each cleanup batch with a
salvage pass: inspect the closed diffs, port useful compatible work on
maintainer-owned branches, and credit the source PR.
- Use Linear project documents/comments for project-level updates because
project status updates are disabled in this workspace; create or update
issues when a lane needs a durable execution owner.
- Do not create new Linear issues until the active issue limit is cleared.
## Prompt-To-Artifact Execution Checklist
@@ -951,23 +621,23 @@ is not complete unless the evidence column exists and has been freshly verified.
| Prompt requirement | Required artifact or gate | Current evidence | Status |
| --- | --- | --- | --- |
| Keep public PRs below 20 | Repo-family PR recheck | 0 open PRs across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on the late 2026-05-19 platform audit after merging ECC PR #2013, ECC-Tools PR #79, JARVIS PR #15, and JARVIS PR #16 | Complete |
| Keep public issues below 20 | Repo-family issue recheck | 0 open issues across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-19 after the live platform audit refresh | Complete |
| Manage repository discussions | Repo-family discussion recheck plus response playbook | Platform audit reports 0 discussion maintainer-touch gaps and 0 answerable Q&A missing accepted answers; trunk has 59 total discussions after #2003 was routed with a maintainer response; `docs/architecture/discussion-response-playbook.md` distinguishes support, maintainer coordination, stale/concluded, release, informational, and security-sensitive response paths | Complete |
| Manage PR discussions | PR review/comment closure plus merge/close state | ECC #1990-#2013 merged through the harness audit, canonical identity, release video suite, growth outreach, evidence refresh, visual QA, suite-count, owner-approval packet, owner-approval dashboard gate, Linear readiness evidence, supply-chain evidence gate, per-project Claude Code adapter, continuous-learning project-registry hygiene, GateGuard quoted git introspection, and deterministic release-approval gate batch; ECC-Tools #79 and JARVIS #15/#16 also merged; no open tracked PRs remain | Complete |
| Keep public PRs below 20 | Repo-family PR recheck | 0 open PRs across `everything-claude-code`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-17 after merging ECC #1961, #1963, and #1953 and closing/skipping incompatible #1962 | Complete |
| Keep public issues below 20 | Repo-family issue recheck | 0 open issues across `everything-claude-code`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-17; #1951 closed with #1953 | Complete |
| Manage repository discussions | Repo-family discussion recheck | Platform audit reports 0 discussion maintainer-touch gaps and 0 answerable Q&A missing accepted answers; trunk still has 58 total discussions | Complete |
| Manage PR discussions | PR review/comment closure plus merge/close state | ECC #1961, #1963, and #1953 merged after maintainer validation; no open tracked PRs remain | Complete |
| Salvage useful stale work | `docs/stale-pr-salvage-ledger.md` plus `docs/legacy-artifact-inventory.md` | Ledger records salvaged, superseded, skipped, and manual-review tails; #1815-#1818 added cost tracking, skill scout, frontend design guidance, code-reviewer false-positive guardrails, and the May 12 gap pass; #1687, #1609, #1563, #1564, and #1565 localization tails are attached to Linear ITO-55 for language-owner review and no automatic import remains release-blocking | Complete; repeat legacy scan before release |
| ECC 2.0 preview pack ready | Release docs, quickstart, publication readiness, release notes | `docs/releases/2.0.0-rc.1/` and readiness docs are in-tree; May 19/20 evidence records queue-zero state, canonical ECC identity, release video suite, growth outreach pack, owner approval packet, local 2568-test suite, PR #2001 merge and GitHub Actions run `26102500291`, PR #2002 owner-approval dashboard gate refresh and GitHub Actions run `26103853507`, PR #2004 Linear readiness evidence sync and GitHub Actions run `26105012698`, PR #2008 supply-chain evidence gate CI run `26108473648`, post-PR #2006 main CI run `26109953093`, PR #2009 project-registry hygiene GitHub Actions run `26111313938`, post-PR #2009 main CI run `26111946778`, post-PR #2011 GateGuard main CI run `26113695068`, post-PR #2013 release-approval main CI run `26128749863`, post-PR #2019 main CI run `26135974576`, post-PR #2020 main CI run `26136949698`, ECC-Tools #91 main CI run `26137280847`, May 20 operator dashboard, `owner-approval-packet-2026-05-19.md`, `release-approval-gate.js`, and preview-pack smoke digest `eebb8a66c33e` | Needs final release approval |
| ECC 2.0 preview pack ready | Release docs, quickstart, publication readiness, release notes | `docs/releases/2.0.0-rc.1/` and readiness docs are in-tree; May 17 evidence records queue-zero state, localized docs merge, supply-chain recheck, lint/test/security gates, operator dashboard, and successful GitHub CI on `99dd6ac0` | Needs final clean-checkout release approval |
| Hermes specialized skills included safely | Hermes setup/import docs and sanitized skill surface | Hermes setup and import playbook are public; secrets stay local | Needs final release review |
| Naming and rename readiness | Naming matrix across package/plugin/docs/social surfaces | `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` records current package, repo, Claude plugin, Codex plugin, OpenCode, and npm availability evidence | Complete for rc.1; post-rc rename remains future work |
| Claude and Codex plugin publication | Contact/submission path with required artifacts and status | Publication readiness, naming matrix, and May 12 dry-run evidence document plugin validation, clean-checkout Claude tag/install smoke, and Codex marketplace CLI shape | Needs explicit approval for real tag/push and marketplace submission |
| Articles, tweets, and announcements | X thread, LinkedIn copy, GitHub release copy, push checklist, partner/sponsor/talk pack | Draft launch collateral and approval-gated outreach copy exist under rc.1 release docs | Needs URL-backed refresh and human approval before posting or sending |
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, editor-native Zed/VS Code adapter coverage, Dependabot alert closure, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, fleet review ticket payloads, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, #78-#92, #94, and #95 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield #94 adds Zed/VS Code adapter detection, `.zed/settings.json` and `.zed/tasks.json` scan discovery, and `.zed/setup.mjs` AI-tool persistence IOC coverage; AgentShield #95 clears the `brace-expansion` Dependabot alert with a patched lockfile and 0 open Dependabot alerts after merge; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket payloads and expands current Mini Shai-Hulud IOC breadcrumbs with green local and remote CI; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, fleet review ticket payloads, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, hosted promotion judge audit traces, editor-native adapter coverage, and Dependabot closure landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, hosted promotion judge audit trace, native-payments readback, ready Marketplace Pro target selection, selected-target announcement gate, billing gate env-file operator path, hosted observability, AgentShield fleet-summary hosted routing, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#93 landed with test evidence across hosted analysis, hosted promotion readiness, model-judge execution, native-payments announcement gating, AgentShield evidence consumption, hosted remediation/Linear sync, hosted observability readback, ready Marketplace Pro target selection, selected-target official announcement gating, and env-file operator loading; ECC-Tools #89 merged as `512bca6` after Verify, Security Audit, and Workers Builds passed, and the 2026-05-20 production Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, and reported 0 blockers without printing the login; ECC-Tools #90 merged as `16a5bb3` after Verify, Security Audit, and Workers Builds passed, and production preflight now requests `/api/billing/readiness?selectReadyTarget=1` without a raw login; ECC-Tools #91 merged as `72119a1` with `--env-file` support for ignored local billing credentials and sentinel no-secret/no-login output tests; ECC-Tools #92 merged as `18d8019`, deployed the non-breaking `INTERNAL_OPERATOR_API_SECRET` path to `api.ecc.tools`, and the 2026-05-20 live selected-target gate returned `announcementGateReady: true` with 0 required actions and 0 blockers; ECC-Tools #93 merged as `d3d62df` to record the live billing evidence in the app launch checklist and roadmap | Repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind final release, plugin, live URL, and owner-approval gates |
| Articles, tweets, and announcements | X thread, LinkedIn copy, GitHub release copy, push checklist | Draft launch collateral exists under rc.1 release docs | Needs URL-backed refresh |
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, and #78-#92 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, and hosted promotion judge audit traces landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, analysis-depth readiness, hosted execution planning, hosted CI diagnostics, hosted security evidence review, hosted harness compatibility audit, hosted reference-set evaluation, hosted AI routing/cost review, hosted team backlog routing, hosted depth-plan check-run, PR-comment hosted job dispatch, hosted job result history/check-runs, hosted result status command, status-aware depth-plan recommendations, hosted promotion readiness, hosted promotion output scoring, hosted promotion retrieval planning, hosted promotion judge contract, gated hosted promotion judge execution, hosted promotion judge audit trace, payment-announcement readiness, billing announcement preflight, production Marketplace readback state, AgentShield fleet-summary hosted routing, hosted finding source-evidence surfacing, harness policy-route review, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#78 landed with test evidence, including AgentShield evidence-pack gap routing, canonical bundle recognition, supply-chain signature gates, PR draft follow-up Linear tracking, evidence-backed/deep-ready repository classification, the `/api/analysis/depth-plan` hosted job plan, `/api/analysis/jobs/ci-diagnostics`, `/api/analysis/jobs/security-evidence-review`, `/api/analysis/jobs/harness-compatibility-audit`, `/api/analysis/jobs/reference-set-evaluation`, `/api/analysis/jobs/ai-routing-cost-review`, `/api/analysis/jobs/team-backlog-routing`, the `ECC Tools / Hosted Depth Plan` check-run, `/ecc-tools analyze --job ...` PR-comment dispatch, non-blocking per-hosted-job result check-runs backed by 30-day result cache records, `/ecc-tools analyze --job status` cache lookup, cache-aware next-job recommendations in the depth-plan check-run, the `ECC Tools / Hosted Promotion Readiness` corpus-backed PR check-run, deterministic hosted-output scoring against cached completed job artifacts/findings, ranked retrieval/model-prompt planning, the fail-closed `hosted-promotion-judge.v1` request contract, opt-in live model-judge execution behind hosted evidence, entitlement, budget, provider, executor, strict JSON, and citation gates, hosted promotion judge request fingerprints plus allowed-citation audit trails, a fail-closed `/api/billing/readiness` `announcementGate` for native GitHub payments claims, `npm run billing:announcement-gate` plus `--preflight` as the non-secret operator verifier, hosted security findings for AgentShield fleet summaries, an `Evidence` column in hosted finding comments/check-runs, hosted harness findings that route AgentShield fleet target paths to harness owners, ECC-Tools commit `8658951` routing AgentShield policy-promotion Action outputs into hosted security review and promotion-readiness scoring, ECC-Tools commit `16c537f` rendering policy-promotion status/pack/count/digest values directly in hosted security job comments/check-runs, ECC-Tools commit `05d4e82` rendering model-judge audit traces without exposing raw provider output, ECC-Tools commit `91a441b` adding the safe billing announcement preflight path, and ECC-Tools commit `eb69412` recording that production has no Marketplace billing-state KV records yet | Next work is complete Marketplace purchase/webhook readback, then run the live announcement gate |
| GitGuardian/Dependabot/CodeRabbit-style checks | Non-blocking taxonomy, deterministic follow-up checks, and local supply-chain gates | ECC-Tools risk taxonomy check plus follow-up signals landed, including Skill Quality, Deep Analyzer Evidence, Analyzer Corpus Evidence, RAG/Evaluator Evidence, PR Review/Salvage Evidence, and AgentShield evidence-pack evidence; #1846 added npm registry signature gates; #1848 added the supply-chain incident-response playbook and `pull_request_target` cache-poisoning validator guard; #1851 added the privileged checkout credential-persistence guard; AgentShield #78, JARVIS #13, and ECC-Tools #53 applied the same hardening outside trunk | Current supply-chain gate complete; deeper hosted review features remain future |
| Harness-agnostic learning system | Audit, adapter matrix, observability, traces, promotion loop | Audit/adapters/observability gates plus `docs/architecture/evaluator-rag-prototype.md`, `examples/evaluator-rag-prototype/`, and ECC-Tools PR #40 define read-only stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison scenarios with trace, report, playbook, verifier, and predictive-check artifacts; ECC-Tools PRs #68-#72 now turn that corpus into a deterministic PR check-run gate with cached hosted-output scoring, ranked retrieval candidates, a model prompt seed, a fail-closed hosted model-judge request contract, and opt-in live model execution behind strict hosted-evidence gates | Deterministic hosted PR check, cached output scoring, retrieval planning, judge contract, and gated model execution integrated |
| Linear roadmap is detailed | Linear project document/comments plus repo mirror | Repo mirror exists and issue creation works again; the May 19 sync adds post-PR #2002 document `ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`, ITO-44/47/48/49/51/54/56 issue comments, and In Progress state for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass batch adds document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and ITO-44/50/54/56/61 comments for PR #2013, ECC-Tools #79, and JARVIS #15/#16 because project status updates are disabled in the workspace | Needs recurring document/comment updates after each significant merge batch |
| Linear roadmap is detailed | Linear project status plus repo mirror | Repo mirror exists; issue creation was retried on 2026-05-12 and remains blocked by the workspace free issue limit; the May 17 sync adds the queue-zero batch, Japanese localization merge, ITO-57 live supply-chain refresh comment, ECC platform project progress snapshot, and generated `operator:dashboard` prompt-to-artifact audit for recurring status updates | Needs recurring status updates after each significant merge batch |
| Flow separation and progress tracking | Flow lanes with owner artifacts and update cadence | This roadmap defines lanes below and `docs/architecture/progress-sync-contract.md` makes GitHub/Linear/handoff/roadmap sync part of the readiness gate | Active |
| Realtime Linear sync | Project documents/comments plus issue comments for lane updates | ECC-Tools #39 implements opt-in Linear API sync for deferred follow-up backlog items, and ECC-Tools #54 adds copy-ready PR drafts to that backlog when draft PR shells are not opened; `docs/architecture/progress-sync-contract.md` defines the local file-backed realtime boundary; May 18 and May 19 live connector comments were posted to the ECC platform project and lane issues after project status updates returned disabled | Needs workspace config/product rollout for hosted issue sync |
| Realtime Linear sync | Project updates while issue limit is blocked; issues later | ECC-Tools #39 implements opt-in Linear API sync for deferred follow-up backlog items, and ECC-Tools #54 adds copy-ready PR drafts to that backlog when draft PR shells are not opened; `docs/architecture/progress-sync-contract.md` defines the local file-backed realtime boundary while issue capacity is blocked; May 17 live connector comments were posted to ITO-57 and the ECC platform project | Needs workspace capacity/config rollout for productized issue sync |
| Observability for self-use | Local readiness gate, traces, status snapshots, HUD/status contract, risk ledger, progress-sync contract | `npm run observability:ready` reports 21/21 | Complete for local gate |
| Proper release and notifications | Release tag, npm publish state, plugin state, social posts | Publication readiness gate exists with May 12 dry-run and May 13 readiness evidence | Not complete; approval/live URLs required |
@@ -984,9 +654,9 @@ repo evidence and merge commits.
| Queue hygiene and salvage | GitHub PR/issue state, salvage ledger | Append ledger entries for any future stale closures | Every cleanup batch |
| Release and publication | rc.1 release docs, publication readiness doc | Naming matrix and plugin submission/contact checklist | Before any tag |
| Harness OS core | Audit, adapter matrix, observability docs, `ecc2/` | HUD/session-control acceptance spec | Weekly until GA |
| Evaluation and RAG | Reference-set validation, harness audit, traces, ECC-Tools corpus | Read-only evaluator/RAG prototype plus stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison fixtures; ECC-Tools #68 publishes the corpus as a hosted promotion readiness check-run, #69 scores cached hosted job outputs against the same corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 adds a fail-closed hosted model-judge request contract, and #72 executes that judge only when explicitly enabled and backed by hosted retrieval citations; ECC-Tools `16c537f` surfaces policy-promotion Action output values in hosted security comments/checks; ECC-Tools `05d4e82` adds hosted model-judge audit traces with request fingerprints and allowed-citation counts | Marketplace Pro billing-state verification with webhook provenance |
| AgentShield enterprise | AgentShield PR evidence and roadmap notes | Fleet routing landed in #89 after evidence-pack inspect/readback shipped in #88; #90 emits fleet `reviewItems`; #91 exports checksum-backed policy bundles; #92 promotes checksum-verified policies from those bundles into active policy files; #94 adds Zed and VS Code adapter detection, Zed project scan discovery, and `.zed/setup.mjs` persistence IOC coverage; #95 closes the `brace-expansion` Dependabot alert with 0 open alerts after merge; AgentShield `87aec47` adds policy promotion `reviewItems`; `28d08c7` adds package-manager hardening drift detection; `659f569` refreshes workflow action runtime pins; `ee585cd` corrects unsupported npm release-age guidance and keeps enforceable cooldown findings on pnpm/Yarn; `1124535` exposes package-manager hardening Action outputs for CI/hosted routing; `1593925` exposes policy-promotion Action outputs and runtime-smoke job-summary evidence; `840952a` adds fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs; ECC-Tools #76 consumes fleet summaries, #77 surfaces source evidence paths in hosted findings, #78 links fleet routes to harness owners, ECC-Tools `8658951` consumes policy-promotion Action outputs, and ECC-Tools `16c537f` renders operator-visible output values | Deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools app | ECC-Tools PR evidence, billing audit, risk taxonomy, evaluator/RAG corpus | ECC-Tools #53 published the supply-chain workflow hardening branch, #54 tracks copy-ready PR drafts in the Linear/project backlog, #55 classifies analysis-depth readiness, #56 exposes the hosted execution plan, #57 executes the first hosted CI diagnostics job, #58 executes the hosted security evidence review job, #59 executes the hosted harness compatibility audit, #60 executes the hosted reference-set evaluation, #61 executes the hosted AI routing/cost review, #62 executes hosted team backlog routing, #63 publishes the hosted depth-plan check-run, #64 dispatches hosted jobs from PR comments, #65 persists hosted result history/check-runs, #66 exposes hosted job status from PR comments, #67 makes depth-plan recommendations cache-aware, #68 publishes hosted promotion readiness from the evaluator/RAG corpus, #69 scores cached hosted job outputs against that corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 emits the gated `hosted-promotion-judge.v1` contract without live model calls, #72 adds opt-in live model-judge execution behind hosted-evidence and strict JSON/citation gates, #73 adds a fail-closed native-payments `announcementGate` to billing readiness, #74 adds `npm run billing:announcement-gate` for operator verification, #75 tightens the billing announcement gate for live Marketplace readback, #76 routes AgentShield fleet-summary evidence into hosted security findings, #77 adds source evidence paths to hosted finding output, #78 links AgentShield fleet target paths to hosted harness owner findings, `8658951` routes AgentShield policy-promotion Action outputs into hosted security review and promotion readiness, `16c537f` renders policy-promotion status/pack/count/digest values in hosted security comments/checks, `05d4e82` renders hosted promotion judge request fingerprints plus allowed-citation audit traces, `91a441b` adds billing announcement preflight output for required readback inputs, `eb69412` records the initial production readback state, `95d0bec` adds aggregate `billing:kv-readback` evidence, `2859678` requires Marketplace webhook provenance in billing readiness, `42653f9` adds Wrangler OAuth readback with live aggregate production counts, `632e059` adds sanitized target-account billing readback for the exact Marketplace test account, ECC-Tools #89 adds selected-ready-target KV readback, ECC-Tools #90 adds selected-target official announcement gating without raw login input, and ECC-Tools #91 adds `--env-file` support for ignored local billing credentials without printing secrets or logins | Obtain or rotate the local/internal `INTERNAL_API_SECRET` bearer-token path, via exported env or ignored `--env-file`, then run the live selected-target billing announcement gate |
| Evaluation and RAG | Reference-set validation, harness audit, traces, ECC-Tools corpus | Read-only evaluator/RAG prototype plus stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison fixtures; ECC-Tools #68 publishes the corpus as a hosted promotion readiness check-run, #69 scores cached hosted job outputs against the same corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 adds a fail-closed hosted model-judge request contract, and #72 executes that judge only when explicitly enabled and backed by hosted retrieval citations; ECC-Tools `16c537f` surfaces policy-promotion Action output values in hosted security comments/checks; ECC-Tools `05d4e82` adds hosted model-judge audit traces with request fingerprints and allowed-citation counts | Marketplace readback |
| AgentShield enterprise | AgentShield PR evidence and roadmap notes | Fleet routing landed in #89 after evidence-pack inspect/readback shipped in #88; #90 emits fleet `reviewItems`; #91 exports checksum-backed policy bundles; #92 promotes checksum-verified policies from those bundles into active policy files; AgentShield `87aec47` adds policy promotion `reviewItems`; `28d08c7` adds package-manager hardening drift detection; `659f569` refreshes workflow action runtime pins; `ee585cd` corrects unsupported npm release-age guidance and keeps enforceable cooldown findings on pnpm/Yarn; `1124535` exposes package-manager hardening Action outputs for CI/hosted routing; `1593925` exposes policy-promotion Action outputs and runtime-smoke job-summary evidence; ECC-Tools #76 consumes fleet summaries, #77 surfaces source evidence paths in hosted findings, #78 links fleet routes to harness owners, ECC-Tools `8658951` consumes policy-promotion Action outputs, and ECC-Tools `16c537f` renders operator-visible output values | Deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools app | ECC-Tools PR evidence, billing audit, risk taxonomy, evaluator/RAG corpus | ECC-Tools #53 published the supply-chain workflow hardening branch, #54 tracks copy-ready PR drafts in the Linear/project backlog, #55 classifies analysis-depth readiness, #56 exposes the hosted execution plan, #57 executes the first hosted CI diagnostics job, #58 executes the hosted security evidence review job, #59 executes the hosted harness compatibility audit, #60 executes the hosted reference-set evaluation, #61 executes the hosted AI routing/cost review, #62 executes hosted team backlog routing, #63 publishes the hosted depth-plan check-run, #64 dispatches hosted jobs from PR comments, #65 persists hosted result history/check-runs, #66 exposes hosted job status from PR comments, #67 makes depth-plan recommendations cache-aware, #68 publishes hosted promotion readiness from the evaluator/RAG corpus, #69 scores cached hosted job outputs against that corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 emits the gated `hosted-promotion-judge.v1` contract without live model calls, #72 adds opt-in live model-judge execution behind hosted-evidence and strict JSON/citation gates, #73 adds a fail-closed native-payments `announcementGate` to billing readiness, #74 adds `npm run billing:announcement-gate` for operator verification, #75 tightens the billing announcement gate for live Marketplace readback, #76 routes AgentShield fleet-summary evidence into hosted security findings, #77 adds source evidence paths to hosted finding output, #78 links AgentShield fleet target paths to hosted harness owner findings, `8658951` routes AgentShield policy-promotion Action outputs into hosted security review and promotion readiness, `16c537f` renders policy-promotion status/pack/count/digest values in hosted security comments/checks, `05d4e82` renders hosted promotion judge request fingerprints plus allowed-citation audit traces, `91a441b` adds billing announcement preflight output for required readback inputs, and `eb69412` records the live production KV readback state | Marketplace purchase/webhook readback, then live announcement gate |
| Linear progress | Linear project status updates, `docs/architecture/progress-sync-contract.md`, generated `operator:dashboard` output, and this mirror | Status update with queue/evidence/missing gates | Every significant merge batch |
The project status update should always include:
@@ -1046,7 +716,7 @@ Acceptance:
Zed-adjacent surfaces, dmux, Orca, Superset, Ghast, and terminal-only use.
- Each adapter has supported assets, unsupported surfaces, install path,
verification command, and risk notes.
- Harness audit remains 80/80 and gains a public onramp that explains how teams
- Harness audit remains 70/70 and gains a public onramp that explains how teams
use the scorecard.
- Reference findings are converted into concrete adapter, observability, or
operator-surface deltas.
@@ -1233,38 +903,17 @@ Acceptance:
security review and Hosted Promotion Readiness scoring, and ECC-Tools
commit `16c537f` renders promotion status, pack, review item count,
remaining action count, and digest in hosted security comments/check-runs.
AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket
payloads and expands current Mini Shai-Hulud IOC breadcrumbs, with green
local and remote CI. AgentShield commit `4e36aab` hardens CI package installs
after the expanded Mini Shai-Hulud refresh, with CI, Test GitHub Action,
Self-Scan, and Dependabot Update workflows green.
ECC-Tools commit `05d4e82` adds hosted promotion judge audit traces with
deterministic request fingerprints and allowed-citation counts, without
exposing raw provider output.
ECC-Tools commit `91a441b` adds a billing announcement preflight command
for checking Marketplace readback inputs before privileged API calls.
ECC-Tools commit `2859678` requires Marketplace webhook provenance in
billing-state before native-payments announcement readiness can pass.
ECC-Tools commit `42653f9` adds Wrangler OAuth KV readback and confirms the
current blocker is not Cloudflare read access; it is the absence of a
ready-like Marketplace Pro billing-state record with webhook provenance.
ECC-Tools commit `632e059` adds sanitized target-account readback, and PRs
#89/#90/#91 move the final operator path to selected-target readback,
selected-target announcement gating, and ignored env-file credential loading
without printing account logins or raw KV key names.
ECC-Tools PR #79 redacts the billing announcement gate account output;
PR #80 requires failure reasons in runtime receipts; PRs #81/#82 preserve
and render AgentShield fleet approval IDs; PR #83 makes Linear follow-up
sync idempotent by external ID; PR #84 syncs hosted AgentShield
remediation items into Linear; PR #85 emits hosted job observability events
including budget-blocked outcomes; PRs #86/#87 read those events back into
hosted status comments and hosted depth-plan check-runs; and PR #88 exposes
authenticated hosted observability API readback for operator dashboards.
2. Run `npm run billing:announcement-gate -- --preflight
--select-ready-target`, adding `--env-file /path/to/ecc-tools.env` when the
local bearer token is stored in an ignored operator file, then run the same
command without `--preflight` and require `announcementGate.ready === true`
before any native GitHub payments announcement.
The next slice is live operator approval/readback after Marketplace/payment
gates.
2. Run `npm run billing:announcement-gate -- --preflight --account
<github-login>`, then run the same command without `--preflight` against a
Marketplace-managed test account and require `announcementGate.ready ===
true` before any native GitHub payments announcement.
3. Enable/configure the merged Linear backlog sync path after workspace issue
capacity clears or the Linear workspace is upgraded, then verify PR-draft
salvage items land in the expected project.

3
docs/ECC-2.0-REFERENCE-ARCHITECTURE.md
View File

@@ -229,8 +229,7 @@ Required safeguards:
## Near-Term Implementation Order
1. Extend the harness adapter matrix and public scorecard onramp.
2. Keep the release/name/plugin publication checklist current with fresh
final-commit evidence before rc.1 publication.
2. Add the release/name/plugin publication checklist with evidence fields.
3. Define the HUD/status JSON contract and fixture directory.
4. Start AgentShield policy schema plus SARIF fixtures.
5. Audit ECC Tools billing and check-run surfaces.

14
docs/architecture/agentshield-enterprise-research-roadmap.md
View File

@@ -1,7 +1,6 @@
# AgentShield Enterprise Research Roadmap
Generated: 2026-05-12; refreshed with May 18 AgentShield fleet-ticket and
Mini Shai-Hulud IOC evidence.
Generated: 2026-05-12; refreshed with May 16 AgentShield PR #87, #88, and #89 evidence.
This is a planning artifact for the next AgentShield enterprise iteration. It
does not modify AgentShield code. The goal is to turn the current scanner,
@@ -117,21 +116,14 @@ AgentShield PR #89 merged as
`agentshield evidence-pack fleet <dirs...> [--json]`, verifies each pack through
the inspect path, aggregates finding, policy, baseline, supply-chain, and
remediation totals, and assigns each pack to a deterministic fleet route.
AgentShield commit `840952a7a07f820f24081c43df656d7f7295f23b` adds
Linear/operator-ready fleet review ticket payloads with priority, labels,
titles, and Markdown bodies. The same commit expands current Mini
Shai-Hulud/TanStack IOC coverage for the in-cluster Vault endpoint and
temporary lockfile breadcrumb, with local typecheck, lint, full tests,
`git diff --check`, and GitHub CI/Self-Scan/Action-test evidence.
The next iteration after fleet routing should not be "add more regex rules" by
default. ECC-Tools follow-up routing now consumes fleet summaries and surfaces
source evidence paths in hosted findings, and the first cross-harness policy
slice now links AgentShield fleet route target paths to harness-owner review.
AgentShield fleet output now also emits `reviewItems` with source evidence paths
and owner-ready recommendations plus copy-ready ticket payloads for routed
packs. The higher leverage move is durable operator approval/readback and
workflow automation for routed fleet findings.
and owner-ready recommendations for routed packs. The higher leverage move is
durable policy export and workflow automation for routed fleet findings.
## Enterprise Gaps

90
docs/architecture/discussion-response-playbook.md
View File

@@ -1,90 +0,0 @@
# Discussion Response Playbook
This playbook turns GitHub Discussions into the same operating queue as PRs,
issues, Linear work, and release evidence. It is an operator guide, not a
promise that every informational thread needs a public reply.
## Audit Loop
Run these checks before a release, after a major merge batch, and when Linear
ITO-59 is refreshed:
```bash
npm run discussion:audit -- --json
node scripts/platform-audit.js --json
```
The queue is current only when:
- discussion fetch errors are explained or fixed;
- `needsMaintainerTouch` is zero for support-like discussion categories;
- answerable Q&A discussions either have an accepted answer or a clear routing
note; and
- any product-scope thread is linked to a GitHub issue, Linear issue, roadmap
row, or explicit deferral.
Informational threads such as announcements, references, show-and-tell, or
maintainer-authored updates can remain visible without becoming response debt.
## Categories
| Category | Route | Required readback |
| --- | --- | --- |
| Product support or install confusion | Reply with the exact command/doc path; mark accepted answer for Q&A when the fix is complete | Discussion URL plus accepted-answer URL when applicable |
| Bug report | Ask for a minimal repro, version, harness, and logs; create or link a GitHub issue when reproducible | Issue URL or deferral reason |
| Feature request | Acknowledge the desired outcome and link the closest roadmap issue; do not imply commitment unless scoped | Linear/GitHub roadmap link |
| Security concern | Move exploit details and secrets to a private channel; keep the public reply short and non-operational | Private escalation note plus public safety reply |
| Release or billing question | Answer from the release URL ledger and publication-readiness gates; do not claim unpublished URLs, billing readiness, or plugin availability | Evidence artifact or blocker link |
| Show-and-tell, reference, or announcement | Leave as informational unless there is a direct question or a product-scope signal | Optional roadmap link if useful |
| Stale or concluded thread | Summarize the current state and link the durable doc/issue; avoid reviving low-signal threads | Closure note or explicit no-action rationale |
## Templates
### Public Support
Thanks for the report. The current supported path is:
```bash
<command>
```
The relevant doc is `<doc path or URL>`. If this does not match your setup,
please reply with the harness, OS, package manager, and the exact error text.
### Maintainer Coordination
I am routing this into `<issue or Linear key>` so it does not get lost in the
discussion queue. The next decision is `<specific decision>`. Until that lands,
the supported workaround is `<workaround or "none">`.
### Stale Or Concluded
This thread looks resolved or superseded by `<doc/issue/release>`. I am leaving
it visible for history, but it is no longer an active support queue item. New
repro details should go to `<issue/discussion path>`.
### Release Announcement
The current release status is `<rc/beta/GA state>`. Live URLs are recorded in
`docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md`. Anything marked
pending there should not be announced as shipped yet.
### Security Escalation
Thanks for flagging this. Please do not post exploit steps, tokens, customer
data, or secret values in the public thread. I am routing this through the
security response path and will keep the public thread limited to safe status
updates.
## Recording Outcomes
For each high-signal discussion, record one of these outcomes:
- replied publicly and accepted answer read back;
- linked to a GitHub issue or Linear issue;
- routed to the security response path;
- classified as informational; or
- explicitly deferred with a reason.
Mirror the summary into ITO-59 when the batch closes, and include the counts in
the next operator dashboard or publication evidence refresh.

11
docs/architecture/progress-sync-contract.md
View File

@@ -9,7 +9,7 @@ status update can claim a lane is current.
| Surface | Role | Current rule |
| --- | --- | --- |
| GitHub PRs/issues/discussions | Public queue and review state | Recheck live counts before every significant merge batch and before release approval. |
| Linear project | Executive roadmap and stakeholder status update | Use project documents and project/issue comments because project status updates are disabled in this workspace; create/reuse issues for durable execution lanes. |
| Linear project | Executive roadmap and stakeholder status update | Post project status updates while issue capacity blocks issue creation. Create/reuse issues only when workspace capacity is available. |
| Local handoff | Durable operator continuity | Update the active handoff after every merge batch, queue drain, skipped release gate, or blocked external action. |
| Repo roadmap | Auditable planning mirror | Keep `docs/ECC-2.0-GA-ROADMAP.md` aligned to merged PR evidence and unresolved gates. |
| `scripts/work-items.js` | Local tracker bridge | Sync GitHub PRs/issues into the SQLite work-items store for status snapshots and blocked follow-up. |
@@ -41,12 +41,9 @@ After a significant merge batch, update Linear and the handoff with:
4. Deferred or skipped work and the explicit reason.
5. The next one or two implementation slices.
When Linear project status updates are unavailable, use a project document plus
project/issue comments instead of creating placeholder issues. Issue capacity is
available for durable execution lanes, but do not use that issue capacity as a
substitute for evidence-backed project status. Create or reuse exact-title
issues only when the lane needs a durable execution owner, and link those issues
to repo evidence.
When Linear issue capacity is unavailable, use a project status update instead
of creating placeholder issues. When issue capacity is available, create or
reuse exact-title issues and link them to the repo evidence.
## Realtime Boundary

6
docs/business/metrics-and-sponsorship.md
View File

@@ -28,15 +28,15 @@ curl -s https://api.npmjs.org/downloads/point/last-month/ecc-agentshield
### GitHub repository adoption
```bash
gh api repos/affaan-m/ECC \
gh api repos/affaan-m/everything-claude-code \
--jq '{stars:.stargazers_count,forks:.forks_count,contributors_url:.contributors_url,open_issues:.open_issues_count}'
```
### GitHub traffic (maintainer access required)
```bash
gh api repos/affaan-m/ECC/traffic/views
gh api repos/affaan-m/ECC/traffic/clones
gh api repos/affaan-m/everything-claude-code/traffic/views
gh api repos/affaan-m/everything-claude-code/traffic/clones
```
### GitHub App installs

13
docs/business/social-launch-copy.md
View File

@@ -7,8 +7,7 @@ Use these templates as launch-ready starting points. Review channel tone before
```text
ECC v2.0.0-rc.1 preview pack is ready for final release review.
ECC 2.0 is the harness-native operator system for agentic work: skills, hooks,
rules, MCP conventions, release gates, and an optional Hermes operator shell.
The repo is moving from a Claude Code config pack into a cross-harness operating system for agentic work.
What ships:
- Hermes setup guide
@@ -16,8 +15,8 @@ What ships:
- cross-harness architecture docs
- Hermes import guidance for turning local operator workflows into public ECC skills
Start here: https://github.com/affaan-m/ECC
Release notes: https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
Start here: https://github.com/affaan-m/everything-claude-code
Release notes: https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
```
## X Post: Proof + Metrics
@@ -58,7 +57,7 @@ ECC v2.0.0-rc.1 pushes that further: reusable skills, thin harness adapters, and
```text
ECC v2.0.0-rc.1 preview pack is ready for final release review.
ECC 2.0 is the harness-native operator system for agentic work. The same reusable layer now reaches Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot workflows, and terminal-only operator lanes.
The practical shift: ECC is no longer just a Claude Code config pack. It is becoming a cross-harness operating system for agentic work.
This release-candidate surface includes:
- sanitized Hermes setup documentation
@@ -68,6 +67,6 @@ This release-candidate surface includes:
It does not include private workspace state, credentials, raw local exports, or personal datasets.
Repo: https://github.com/affaan-m/ECC
Release notes: https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
Repo: https://github.com/affaan-m/everything-claude-code
Release notes: https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
```

63
docs/drafts/release-1.10.1-announcement.md
View File

@@ -1,63 +0,0 @@
# ECC 1.10.1 release announcement draft
ECC 1.10.1 is the follow-up stabilization release to 1.10.0.
This release is focused on install correctness, cross-surface naming clarity, Windows/PowerShell recovery, Cursor project install correctness, and Claude Code hook compatibility. It is not a feature-heavy release.
## What landed in the stabilization pass
- npm/package/release surfaces are aligned and `ecc-universal@1.10.0` is live on npm
- Windows locale/path and PowerShell install-path regressions fixed
- Bash hook process-storm regression fixed
- Claude Code 2.1.x hook schema compatibility fixed
- Cursor native project install path repaired:
- `.cursor/hooks.json` now includes the required schema/version surface
- `.cursor/mcp.json` is written in the native Cursor project location
- continuous-learning-v2 now accepts `claude-desktop` as a valid entrypoint
- Windows observe path now skips `AppInstallerPythonRedirector.exe`
- docs now distinguish plugin installs from full manual installs more clearly
## What 1.10.1 is for
- make the current install surfaces predictable
- reduce stale naming/install guidance
- close the follow-up regressions from 1.10.0
- give users one stable update point instead of piecing together fixes across issues and discussions
## Included release fixes
- `#1543` Cursor native project hook + MCP install repair
- `#1524` Claude Code v2.1.116 argv-dup mitigation in `settings.local.json`
- `#1522` continuous-learning-v2 accepts `claude-desktop` as a valid entrypoint
- `#1511` Windows observe path skips `AppInstallerPythonRedirector.exe`
- `#1546` continuous-learning-v2 plugin quick start correction
- `#1535` hero overflow follow-up
## Important naming clarification
- Claude marketplace/plugin identifier: `everything-claude-code@everything-claude-code`
- npm package: `ecc-universal`
- GitHub repo: `affaan-m/everything-claude-code`
Those are intentionally different surfaces. The plugin identifier follows Anthropic marketplace rules; the npm package remains `ecc-universal`.
## Still being monitored
This should be announced as a stabilization release, not as “all edge cases are solved.”
We are still watching for:
- OS-specific edge cases across macOS, Windows, Linux
- shell-specific behavior differences
- Cursor vs Claude plugin install-path mismatches that only appear in older or mixed installs
- third-party provider/tool-name compatibility reports that still need current-main repro
Current watch-list examples:
- `#1520` likely obsolete unless repro returns on the current installer
- `#1516` not gating unless reproduced on current `main`
- `#1484` remains a Windows umbrella/watch-list issue rather than an active release gate
## Recommended update guidance
If you hit 1.10.0 install/runtime problems:
1. update to the latest package/plugin surface
2. avoid mixing plugin install plus full manual repo copy unless the docs explicitly say to
3. if problems persist, report:
- OS + shell
- Claude Code/Cursor version
- install method used
- exact stderr/output
- whether the issue is plugin install, npm install, repo sync, or Cursor project install

17
docs/releases/2.0.0-rc.1/launch-checklist.md
View File

@@ -12,8 +12,6 @@
- verify `preview-pack-manifest.md` lists the public release, Hermes, adapter,
observability, publication, and announcement artifacts before running final
publish checks
- verify `release-name-plugin-publication-checklist-2026-05-18.md` still
matches current GitHub, npm, Claude, Codex, OpenCode, and billing surfaces
- keep private tokens, personal docs, and raw workspace exports out of the repo
## Release Surface
@@ -21,12 +19,6 @@
- verify package, plugin, marketplace, OpenCode, and agent metadata stays at `2.0.0-rc.1`
- verify `ecc2/Cargo.toml` stays at `0.1.0` for rc.1; `ecc2/` remains an alpha control-plane scaffold
- complete `publication-readiness.md` with fresh evidence before any GitHub release, npm publish, plugin submission, or announcement post
- run `npm run release:approval-gate -- --format json` after owner approvals
and live URL readbacks are recorded; it must return ready true before any
publish, upload, social, or outbound action
- rerun the release name/plugin publication checklist before creating a
GitHub prerelease, publishing npm, pushing Claude plugin tags, recording the
Codex marketplace path, or posting public copy
- include `publication-evidence-2026-05-17.md` and
`operator-readiness-dashboard-2026-05-17.md` in the final evidence review,
then rerun publish-facing checks from the exact release commit
@@ -39,13 +31,7 @@
- publish the X thread from `x-thread.md`
- publish the LinkedIn draft from `linkedin-post.md`
- use `article-outline.md` for the longer writeup
- route sponsor, partner, consulting, conference, podcast, and GitHub
Discussion copy through `partner-sponsor-talks-pack.md`
- record one 30-60 second proof-of-work clip
- validate the release video suite with `npm run release:video-suite -- --format json`
after setting `ECC_VIDEO_SOURCE_ROOT` and `ECC_VIDEO_RELEASE_SUITE_ROOT`
- keep `video-suite-production.md` aligned with the actual primary launch
render, timeline, captions, and self-eval gate
## Demo Asset Suggestions
@@ -63,6 +49,3 @@ Use language like:
- "cross-harness operating system for agentic work"
- "ECC is the reusable substrate; Hermes is the operator shell"
- "private/local integrations land after sanitization"
Do not send sponsor, partner, consulting, conference, or podcast outreach
without explicit human approval.

3
docs/releases/2.0.0-rc.1/linkedin-post.md
View File

@@ -37,6 +37,3 @@ There is still more to harden before GA, especially around packaging, installers
Public publication is still approval-gated until the GitHub release, npm
`next` publish, plugin path, final URLs, and billing/native-payments claims have
live evidence.
The release URL ledger now separates links that already resolve from links that
must wait for the approval-gated release, package, plugin, and billing checks.

109
docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md
View File

@@ -1,18 +1,17 @@
# ECC v2.0.0-rc.1 Naming And Publication Matrix
Snapshot date: 2026-05-19.
Snapshot date: 2026-05-12.
This matrix records the rc.1 identity after the public repository rename to
`affaan-m/ECC`. It is evidence for planning, not a publication action.
This matrix answers the release question "ship as Everything Claude Code, ECC,
or a renamed surface?" for the rc.1 lane. It is evidence for planning, not a
publication action.
## Decision
For `v2.0.0-rc.1`, ship the public identity as **ECC**.
Use `affaan-m/ECC` as the canonical GitHub repo and `ECC` as the product name
in copy, plugin slugs, status surfaces, diagrams, and release collateral. Keep
the npm package and package entry points as `ecc-universal` until a separate
post-rc migration plan exists.
For `v2.0.0-rc.1`, keep the public identity as **Everything Claude Code (ECC)**.
Use **ECC** as the short product name in copy, plugin slugs, status surfaces,
and diagrams, but do not rename the GitHub repo, npm package, or package entry
points before the rc.1 release.
Reason:
@@ -20,31 +19,35 @@ Reason:
plugin slug;
- the exact npm package name `ecc` is already occupied by an unrelated elliptic
curve cryptography package;
- `affaan-m/ECC` is the live public GitHub repo;
- the repo name `affaan-m/ecc` is not present, but renaming
`affaan-m/everything-claude-code` before rc.1 would create avoidable URL,
package, docs, and marketplace churn;
- Claude and Codex plugin surfaces are already short enough as `ecc`;
- rc.1 should prove the release, plugin, and publication pipeline before any
npm/package rename.
broader brand migration.
## Current Values
| Surface | Current value | Evidence command | 2026-05-18 result | Release decision |
| Surface | Current value | Evidence command | 2026-05-12 result | Release decision |
| --- | --- | --- | --- | --- |
| Product display name | `ECC` | `rg -n "^# ECC\|displayName.*ECC\|affaan-m/ECC" README.md .codex-plugin/plugin.json docs/releases/2.0.0-rc.1` | Present across README, plugin manifests, release copy, and URL ledger | Keep for rc.1 and GA |
| GitHub repo | `affaan-m/ECC` | `git remote get-url origin` | `https://github.com/affaan-m/ECC.git` | Keep for rc.1 and GA |
| Product display name | `Everything Claude Code` | `rg -n "Everything Claude Code" README.md CHANGELOG.md docs/releases/2.0.0-rc.1` | Present across README, release notes, launch copy, and plugin manifests | Keep for rc.1 |
| Short name | `ECC` | README/release docs | Used as the short cross-harness brand | Keep and prefer in tight copy |
| GitHub repo | `affaan-m/everything-claude-code` | `git remote get-url origin` | `https://github.com/affaan-m/everything-claude-code.git` | Keep for rc.1 |
| Possible short repo | `affaan-m/ecc` | `gh repo view affaan-m/ecc` | Not found with current auth | Candidate after rc.1 only |
| npm package | `ecc-universal` | `node -p "require('./package.json').name"` | `ecc-universal` | Keep for rc.1 |
| npm package version | `2.0.0-rc.1` local, `1.10.0` registry latest | `node -p "require('./package.json').version"` and `npm view ecc-universal name version dist-tags --json` | Local rc.1 is ready; registry latest remains `1.10.0` and no `next` dist-tag exists yet | Publish rc as `next`, not `latest` |
| npm package version | `2.0.0-rc.1` local, `1.10.0` registry latest | `node -p "require('./package.json').version"` and `npm view ecc-universal name version dist-tags --json` | Local rc.1 is ready; registry latest remains `1.10.0` | Publish rc as `next`, not `latest` |
| Exact npm short name | `ecc` | `npm view ecc name version description repository.url --json` | Occupied by `ecc@0.0.2`, "Elliptic curve cryptography functions." | Do not use |
| Scoped npm short name | `@affaan-m/ecc` | `npm view @affaan-m/ecc name version --json` | Registry 404 | Possible future scoped package if npm scope policy permits |
| Former package name | `everything-claude-code` | `npm view everything-claude-code name version dist-tags --json` | Registry reports unpublished on 2026-02-07 | Do not revive for rc.1 |
| Claude plugin slug | `ecc` | `node -p "require('./.claude-plugin/plugin.json').name"` | `ecc` | Keep |
| Claude plugin version | `2.0.0-rc.1` | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin tag .claude-plugin --dry-run` | Validation passed on Claude Code `2.1.143`; dry run would create `ecc--v2.0.0-rc.1` | Ready for release-tag gate |
| Claude marketplace entry | `ecc` | `.claude-plugin/marketplace.json`; `claude plugin marketplace add --help`; Anthropic plugin marketplace docs | Version and repo point at current rc.1 surface; GitHub, git URL, remote marketplace JSON, and local path marketplace sources are supported | Keep |
| Claude plugin version | `2.0.0-rc.1` | `claude plugin validate .claude-plugin/plugin.json` | Validation passed on Claude Code `2.1.121` | Ready for release-tag gate |
| Claude marketplace entry | `ecc` | `.claude-plugin/marketplace.json` | Version and repo point at current rc.1 surface | Keep |
| Codex plugin slug | `ecc` | `node -p "require('./.codex-plugin/plugin.json').name"` | `ecc` | Keep |
| Codex plugin version | `2.0.0-rc.1` | `node tests/plugin-manifest.test.js`; `node tests/docs/ecc2-release-surface.test.js` | Plugin manifest passed 54/54; release surface passed 21/21 on Codex CLI `0.131.0` | Ready for Codex marketplace/manual marketplace gate |
| Codex repo marketplace | `ecc` | `.agents/plugins/marketplace.json`; `codex plugin marketplace add --help`; OpenAI Codex plugin docs | Repo marketplace add supports GitHub shorthand, Git URLs, SSH URLs, local roots, `--ref`, and `--sparse`; local and GitHub-ref temp-home add smokes passed | Use as rc.1 Codex distribution path |
| Codex plugin version | `2.0.0-rc.1` | `node tests/docs/ecc2-release-surface.test.js` | Release surface test passed | Ready for Codex marketplace/manual marketplace gate |
| Codex repo marketplace | `ecc` | `.agents/plugins/marketplace.json`; `codex plugin marketplace add --help` | Repo marketplace add supports GitHub shorthand and local roots; local temp-home add smoke passed | Use as rc.1 Codex distribution path |
| OpenCode package | `ecc-universal` | `node -p "require('./.opencode/package.json').name"` | `ecc-universal` | Keep |
| OpenCode build | Generated package output | `npm run build:opencode` | Passed | Ready for package dry-run gate |
| npm pack surface | Reduced runtime package | `NPM_CONFIG_USERCONFIG=/dev/null npm pack --dry-run --json` | Produced `ecc-universal-2.0.0-rc.1.tgz`, 2228 entries, 4,348,504 bytes packed, 13,024,929 bytes unpacked | Needs final release-commit rerun |
| npm pack surface | Reduced runtime package | `npm pack --dry-run --json` | Produced `ecc-universal-2.0.0-rc.1.tgz`, 969 entries, about 5.0 MB unpacked | Needs final release-commit rerun |
## Publication Paths
@@ -54,45 +57,33 @@ Reason:
| npm | `ecc-universal` local package version is `2.0.0-rc.1`; registry latest is `1.10.0` | Publish rc with `npm publish --tag next` after final `npm pack --dry-run` and release tests | Do not publish before final release commit |
| Claude plugin | `claude plugin validate .claude-plugin/plugin.json` passed; `claude plugin tag --help` confirms the release tag flow creates `{name}--v{version}` tags and can push them | Run `claude plugin tag .claude-plugin --dry-run` from the clean release commit, then tag/push only after release approval | No plugin release tag created in this pass |
| Claude marketplace | `.claude-plugin/marketplace.json` points at `ecc` and the public repo | Verify marketplace update/install path after tag exists | External marketplace propagation not verified |
| Codex plugin | `codex plugin marketplace` supports local and Git marketplace sources; `.codex-plugin/plugin.json` is present; `.agents/plugins/marketplace.json` exposes `ecc` from the repo root; temp-home local and GitHub-ref marketplace adds passed | Publish rc.1 docs with the repo-marketplace command, then monitor OpenAI's official Plugin Directory path | Do not claim official Plugin Directory listing before OpenAI submission evidence |
| Codex plugin | `codex plugin marketplace` supports add/upgrade/remove; `.codex-plugin/plugin.json` is present; `.agents/plugins/marketplace.json` exposes `ecc` from the repo root; temp-home local `codex plugin marketplace add` passed | Publish rc.1 docs with the repo-marketplace command, then monitor OpenAI's official Plugin Directory self-serve path | Official Plugin Directory publishing is documented as coming soon |
| OpenCode package | `.opencode/package.json` builds from source and ships inside npm package | Re-run `npm run build:opencode` and package dry-run from release commit | OpenCode CLI 1.2.21 does not expose a separate plugin publication command in this pass |
| ECC Tools billing claim | README and launch copy mention ECC Tools / marketplace context | ECC-Tools #89/#90/#91 add selected-target billing readback, selected-target announcement gating, and ignored `--env-file` support; #92 adds the non-breaking operator bearer path; #93 records the live selected-target gate pass | Billing evidence ready; repeat the live selected-target gate before any payment announcement |
| ECC Tools billing claim | README and launch copy mention ECC Tools / marketplace context | ECC-Tools #73 adds `/api/billing/readiness` `announcementGate`; run it against a Marketplace-managed test account before any payment announcement | Billing announcement code gate exists; live Marketplace account readback still pending |
| Social and longform copy | X thread, LinkedIn copy, article outline, GitHub release copy exist | Replace any stale URLs, then publish only after release/npm/plugin URLs work | Public URLs not final until release actions complete |
## ITO-46 Blocker Register
## Rename After rc.1
| Channel | Current status | Required metadata/evidence | Owner | Blocker or follow-up |
| --- | --- | --- | --- | --- |
| GitHub release | Approval-gated; no `v2.0.0-rc.1` prerelease yet | Tag, release URL, prerelease flag, final release notes, URL ledger | Release owner | Create only after final clean-checkout evidence |
| npm | `ecc-universal@2.0.0-rc.1` dry-run passed; registry latest is `1.10.0` | Pack summary, publish dry-run, `next` dist-tag readback, registry signature evidence | Package owner | Do not publish before approval and final release commit |
| Short npm name | `ecc` is occupied; `@affaan-m/ecc` returns 404 | Name availability outputs and migration plan | Release owner | Keep `ecc-universal` for rc.1; scoped rename is post-rc only |
| Claude plugin | `ecc@2.0.0-rc.1` validates; tag dry run would create `ecc--v2.0.0-rc.1` | `claude plugin validate .`, `claude plugin tag .claude-plugin --dry-run`, marketplace install/update smoke | Plugin owner | Real tag push and marketplace propagation require release approval |
| Claude marketplace | Docs and CLI support GitHub, git URL, remote marketplace JSON, and local path sources | Public repo marketplace JSON, support/contact metadata, post-tag install smoke | Plugin owner | No external official listing has been submitted in this pass |
| Codex repo marketplace | Local and GitHub-ref temp-home marketplace add smokes passed on Codex CLI `0.131.0` | `.codex-plugin/plugin.json`, `.agents/plugins/marketplace.json`, repo/personal marketplace evidence | Plugin owner | Official Plugin Directory listing requires OpenAI submission/listing evidence |
| Codex official Plugin Directory | OpenAI docs describe the curated official directory; ECC has not submitted or received listing evidence | Directory submission link or OpenAI approval path once available | Plugin owner | Track as an ITO-56/ITO-46 follow-up; do not claim an official listing |
| OpenCode package | `npm run build:opencode` passed | Built `.opencode` package metadata inside npm tarball | Package owner | No separate public plugin channel identified; follows npm |
| Billing/native payments | Marketplace Pro target readback, selected-target announcement preflight, env-file operator path, non-breaking operator bearer, and live selected-target gate have passed | 2026-05-20 selected-target readback, webhook provenance, selected-target announcement gate, ECC-Tools #91 `--env-file` support, ECC-Tools #92 operator bearer, ECC-Tools #93 live gate evidence | ECC Tools owner | Repeat the live gate immediately before rc.1 announcement; final copy still waits on release/plugin/live URL approvals |
| Social/longform copy | Drafts exist | Final live GitHub, npm, Claude, Codex, billing URLs | Release owner | Publish only after release/package/plugin URLs exist |
## Package Rename After rc.1
If the package layer moves from `ecc-universal` toward a shorter npm surface
after rc.1, do it as a staged migration:
If the project moves from "Everything Claude Code" toward "ECC" after rc.1,
do it as a staged migration:
1. Keep `ecc-universal` as the npm package until a replacement package has a
verified owner, deprecation plan, and install migration.
2. Keep `affaan-m/ECC` as the canonical repo for public docs, release notes,
plugin marketplace entries, npm metadata, and external links.
3. Reserve or create any new npm/package surfaces before announcing the
package rename.
4. Ship a compatibility guide that maps old commands, package names, plugin
2. Keep `affaan-m/everything-claude-code` as the canonical repo until release
notes, docs, plugin marketplace entries, npm metadata, and external links
are prepared for redirects.
3. Use `ECC` as the product name in new diagrams, status payloads, and
cross-harness docs immediately.
4. Reserve or create any new GitHub/npm/package surfaces before announcing the
rename.
5. Ship a compatibility guide that maps old commands, package names, plugin
slugs, and docs URLs to the new names.
## Evidence Captured In This Pass
```text
git rev-parse HEAD
67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b
7109ee08db7209c5d14809efcf832043020dfc57
node -p "require('./package.json').name + '@' + require('./package.json').version"
ecc-universal@2.0.0-rc.1
@@ -113,30 +104,19 @@ npm view ecc-universal name version dist-tags --json
registry latest is 1.10.0; no rc dist-tag exists yet.
claude plugin validate .claude-plugin/plugin.json
Validation passed on Claude Code 2.1.143.
claude plugin validate .
Validation passed with one warning: root CLAUDE.md is not loaded as plugin
context; ship plugin context through skills instead.
claude plugin tag .claude-plugin --dry-run
Would create and push tag ecc--v2.0.0-rc.1.
Validation passed on Claude Code 2.1.121.
node tests/docs/ecc2-release-surface.test.js
21 release-surface checks passed.
18 release-surface checks passed.
node tests/plugin-manifest.test.js
54 plugin-manifest checks passed.
node tests/scripts/npm-publish-surface.test.js
2 npm publish-surface checks passed.
npm run build:opencode
Passed.
npm pack --dry-run --json
Produced ecc-universal-2.0.0-rc.1.tgz, 2228 entries, 4,348,504 bytes
packed, and 13,024,929 bytes unpacked.
npm publish --tag next --dry-run
Dry run would publish ecc-universal@2.0.0-rc.1 to npm with tag next.
Produced ecc-universal-2.0.0-rc.1.tgz, 969 entries, about 5.0 MB unpacked.
codex plugin marketplace add --help
Supports GitHub shorthand, HTTP(S) Git URLs, SSH URLs, local marketplace roots,
@@ -145,9 +125,4 @@ Supports GitHub shorthand, HTTP(S) Git URLs, SSH URLs, local marketplace roots,
HOME="$(mktemp -d)" codex plugin marketplace add <local-checkout>
Added marketplace ecc and recorded the installed marketplace root as
<local-checkout> without touching the real Codex config.
HOME="$(mktemp -d)" codex plugin marketplace add affaan-m/ECC --ref "$(git rev-parse HEAD)"
Added marketplace ecc from the GitHub repo pinned to
67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b without touching the real Codex
config.
```

4
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md
View File

@@ -2,8 +2,8 @@
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-18T01:50:19.099Z
Commit: 000df72d6b9c5b11feb11deef609911943b48424
Generated: 2026-05-17T21:57:47.582Z
Commit: e6c16b40b80b3b323586c9e8341faa87c01a728c
Status: work remaining
## Current Status

51
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md
View File

@@ -1,51 +0,0 @@
# ECC Operator Readiness Dashboard
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-18T20:25:22.649Z
Commit: 4470e2e6702f17099d6feb137ba03ff00582c202
Status: work remaining
## Current Status
| Area | Status | Evidence |
| --- | --- | --- |
| PR queue | Current | 0 open PRs across tracked repos |
| Issue queue | Current | 0 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
## Prompt-To-Artifact Checklist
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync and project progress surface are current; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current | repeat advisory/source refresh and Linear sync after each significant supply-chain batch |
## Top Actions
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
- `ecc-tools-next-level`: create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate
## Next Work Order
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
2. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
3. Create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate before publishing native-payments copy.
4. Resume ITO-45, ITO-46, and ITO-56 only after the generated dashboard and final release gates are refreshed.

66
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md
View File

@@ -1,66 +0,0 @@
# ECC Operator Readiness Dashboard
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-20T01:28:52.541Z
Commit: a2bbc45504ff55f09e9e06be0e253d72f3c54f90
Status: work remaining
## Current Status
| Area | Status | Evidence |
| --- | --- | --- |
| PR queue | Current | 0 open PRs across tracked repos |
| Issue queue | Current | 0 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
## Growth Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | $1,728/mo | $10,000/mo | $8,272/mo |
Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.
## Prompt-To-Artifact Checklist
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
| Prepare final owner approval packet | docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md | current | owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions | review owner approvals from the final release commit before any publication or outbound action |
| Create a second-phase hypergrowth release command center | docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence | current | current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree | refresh after every MRR, channel, or approval-state change before public launch |
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current | repeat advisory/source refresh and Linear sync after each significant supply-chain batch |
## Top Actions
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
- `ecc-tools-next-level`: obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy
## Next Work Order
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
2. Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
6. Obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy.

66
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md
View File

@@ -1,66 +0,0 @@
# ECC Operator Readiness Dashboard
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-20T03:14:39.338Z
Commit: 66733b511b70cf1cb501e8a3298b1cbd9968a9a0
Status: work remaining
## Current Status
| Area | Status | Evidence |
| --- | --- | --- |
| PR queue | Current | 0 open PRs across tracked repos |
| Issue queue | Current | 0 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
## Growth Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | $1,728/mo | $10,000/mo | $8,272/mo |
Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.
## Prompt-To-Artifact Checklist
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
| Prepare final owner approval packet | docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md | current | owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions | review owner approvals from the final release commit before any publication or outbound action |
| Create a second-phase hypergrowth release command center | docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence | current | current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree | refresh after every MRR, channel, or approval-state change before public launch |
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, selected-target announcement gate, billing gate env-file operator path, non-breaking operator bearer path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler selected-target readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 20 Marketplace Pro release-gate comments on ITO-61 and the ECC platform roadmap; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current | repeat advisory/source refresh and Linear sync after each significant supply-chain batch |
## Top Actions
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
- `ecc-tools-next-level`: repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates
## Next Work Order
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
2. Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
6. Repeat KV readback and the selected-target billing announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates.

98
docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md
View File

@@ -1,98 +0,0 @@
# ECC v2.0.0-rc.1 Owner Approval Packet
Snapshot date: 2026-05-19.
This packet is the final human decision sheet for the rc.1 public launch. It
does not publish anything by itself. Use it to approve, defer, or block each
release action after the final evidence commands are rerun from the intended
release commit.
Source commit for the clean evidence baseline this packet extends:
`9819626459a662773be7d0b1c18d82c1316b8c36`.
## Current Evidence
| Evidence | Current recorded state | Repeat before approval |
| --- | --- | --- |
| Platform audit | ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files | yes |
| Preview pack smoke | ready true, digest `531328aaaa53`, 5/5 checks | yes |
| Release approval gate | ready false, digest `ef8f49f727b7`, 4/6 checks pass; owner decisions and live URL readbacks pending | yes |
| Video suite | ready true, 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates | yes |
| Release surface tests | 27/27 passed after this packet was added | yes |
| Full local suite | 2568/2568 passed before PR #2013 merged; focused GateGuard regression passed 91/91 again before PR #2011 merged | yes |
| GitHub CI | PR #1998, PR #1999, PR #2000, PR #2001, PR #2002, PR #2004, PR #2008, post-PR #2006 `main`, PR #2009, post-PR #2009 `main`, post-PR #2011 `main`, and post-PR #2013 `main` all merged or advanced after green required checks | verify current head |
## Decision Register
| Decision | Approve / defer / block | Evidence required first | Notes |
| --- | --- | --- | --- |
| GitHub prerelease | defer | final clean branch, URL ledger, release notes, attached video or video link | Approve only after final release notes contain live package/plugin/video URLs or explicitly marked blocked URLs. |
| npm `next` publish | defer | `npm pack --dry-run`, `npm publish --tag next --dry-run`, registry dist-tag readback plan | Keep `ecc-universal@2.0.0-rc.1` on `next`; do not move `latest` during rc.1. |
| Claude plugin tag | defer | `claude plugin validate .claude-plugin/plugin.json`, `claude plugin tag .claude-plugin --dry-run` | Create and push the real tag only after release approval. |
| Codex repo marketplace | defer | temp-home marketplace add smoke and current official Plugin Directory status | Claim repo-marketplace distribution only; do not claim official Plugin Directory listing without listing evidence. |
| ECC Tools billing language | defer | live readiness readback for the target account and billing/product state | Do not announce native payments or Marketplace-managed Pro until the gate is live. |
| Video upload | defer | owner selects primary launch cut plus short clips, self-eval stays clean | Upload only approved cuts; keep editable timeline/project output preserved. |
| X, LinkedIn, GitHub Discussion, longform | defer | live release, npm, plugin, video, and billing URL ledger updates | Personal-account posts and outbound copy need explicit approval. |
| Sponsor, partner, consulting, conference, podcast outreach | defer | final public URLs plus owner-approved outbound copy | Do not send drafts until the owner approves the exact batch. |
## Final URL Fill-In
Update these surfaces after the approved publication actions finish:
| Surface | Final value source | Update targets |
| --- | --- | --- |
| GitHub prerelease URL | `gh release view v2.0.0-rc.1 --repo affaan-m/ECC --json url` | release notes, URL ledger, social copy |
| npm rc package URL | `npm view ecc-universal@2.0.0-rc.1 version dist-tags --json` | URL ledger, quickstart, release notes |
| Claude plugin tag URL | pushed `ecc--v2.0.0-rc.1` tag or marketplace readback | URL ledger, plugin docs, release notes |
| Codex repo-marketplace evidence | temp-home `codex plugin marketplace add <local-checkout>` readback | URL ledger, publication readiness |
| Primary launch video URL | uploaded owner-approved primary launch video | GitHub release, X, LinkedIn, longform |
| Short clip URLs | uploaded approved clips | X thread, LinkedIn, partner/sponsor/talk pack |
| ECC Tools billing/readiness URL | live readiness readback or explicit blocked status | sponsor copy, Pro copy, release notes |
## Final Evidence Commands
Run these from the exact release commit before approving publication:
```bash
git status --short --branch
node scripts/platform-audit.js --json
npm run preview-pack:smoke -- --format json
npm run release:approval-gate -- --format json
npm run release:video-suite -- --format json
npm run harness:adapters -- --check
npm run harness:audit -- --format json
npm run observability:ready
npm run security:ioc-scan
npm audit --audit-level=moderate
npm audit signatures
node tests/docs/ecc2-release-surface.test.js
node tests/hooks/gateguard-fact-force.test.js
node tests/run-all.js
cd ecc2 && cargo test
```
## Approval Text
Use short, explicit approvals. Example:
```text
Approved for rc.1 GitHub prerelease, npm next publish, Claude plugin tag, and
release announcement after the final evidence commands pass from commit <sha>.
Video uploads approved for <primary-video> and <shorts-list>.
Outbound sponsor, partner, consulting, conference, and podcast messages remain
blocked until I approve the exact batch.
```
## Do Not Approve If
- The final branch is dirty or no longer matches the intended release commit.
- Any required evidence command fails or is skipped without a written deferral.
- The release copy claims live billing, plugin marketplace propagation, npm
`next`, or official Codex Plugin Directory listing before readback exists.
- Announcement copy contains stale URLs, private paths, or unresolved live-link
decisions.
- The selected video cut has black frames, missing audio, stale URLs, weak
product proof, or unreviewed captions.
- The outbound batch has not been reviewed exactly as it will be sent.
No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.

65
docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md
View File

@@ -1,65 +0,0 @@
# Owner-Wide Queue Cleanup - 2026-05-18
This note records the live GitHub queue cleanup outside the five ECC release
repos tracked by `scripts/platform-audit.js`.
## Commands
```bash
gh search prs --owner affaan-m --state open --json repository,number,title,url,author,updatedAt --limit 100
gh search issues --owner affaan-m --state open --json repository,number,title,url,updatedAt --limit 100
```
## Result
- Owner-wide open PRs after cleanup: 0.
- Owner-wide open issues after cleanup: 0.
- Stale dependency-bot PRs closed: 24.
- Stale legacy payments/0EM roadmap issues closed: 72.
- Final stale/generated/manual-review PRs closed: 9.
- Final legacy/outreach/placeholder issues closed: 5.
- Archived repos temporarily unarchived for stale dependency PR closure and
restored to archived state:
`affaan-m/stoictradingAI`, `affaan-m/dprc-autotrader-v2`,
`affaan-m/polycule-secure`, and `affaan-m/pragmAItism_defAInce`.
- The final archived-repo sweep temporarily unarchived and restored
`affaan-m/dprc-autotrader-v2` and `affaan-m/stoictradingAI`.
## Final PR Disposition
- `affaan-m/dprc-autotrader-v2#5`: closed stale generated ECC bundle with
failing checks and dependency-update base.
- `affaan-m/x-algorithm-score#2`: closed stale/conflicting external feature
PR with accidental local AI-tool directories noted in the PR body.
- `affaan-m/dexploy#28`: closed stale generated ECC skill PR with requested
changes.
- `affaan-m/zenith#5`: closed stale generated ECC skill PR.
- `affaan-m/zenith#4`: closed test/noise PR whose diff only added a
non-actionable script comment.
- `affaan-m/affaan-m#1`: closed stale/conflicting third-party README-card PR.
- `affaan-m/affaanmustafa.com#1`: closed stale Cloudflare Worker-name PR with
requested changes.
- `affaan-m/0em-payments-dashboard#11`: closed stale/conflicting Cloudflare
Worker-name PR.
- `affaan-m/0em-payments-dashboard#3`: closed stale/conflicting Cloudflare
Worker-name PR.
## Final Issue Disposition
- `affaan-m/dprc-autotrader-v2#3`: closed public integration pitch as not
planned for the archived repo.
- `affaan-m/stoictradingAI#20`: closed public outreach question as not planned
for the archived repo.
- `affaan-m/dexploy#27`: closed stale internal skill-creator test issue.
- `affaan-m/dexploy#25`: preserved useful deployment/localStorage and
Cloudflare findings in Linear `ITO-62`, then closed the stale GitHub issue.
- `affaan-m/telegram-mcp-ts#1`: closed stale empty placeholder issue.
## Disposition
The closed dependency PRs were stale generated version bumps and should be
regenerated from current bases if still needed. The closed generated ECC bundle
PRs should be regenerated from the current ECC Tools flow if those repositories
become active again. The closed legacy payments/0EM issues were old planning
items superseded by the ECC Tools native-payments, hosted analysis,
billing-readback, and Linear/project roadmap lanes.

208
docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md
View File

@@ -1,208 +0,0 @@
# ECC v2.0.0-rc.1 Partner, Sponsor, and Talks Pack
This pack turns the rc.1 release surface into outbound-ready copy for sponsors,
partners, consulting conversations, conference talks, podcast bookings, and
community announcements.
It is not a publish action. Use it after the release URL ledger, video suite,
and publication gates are current.
## Current Business Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | `$1,728/mo` | `$10,000/mo` | `$8,272/mo` |
| Core revenue lanes | Sponsors, ECC Tools Pro, consulting, talks | Repeatable growth loop | Approval-gated outbound |
| Launch proof | rc.1 preview pack, video suite, queue-zero audit | Public release package | Final URLs and human approval |
## Positioning Line
ECC 2.0 is the harness-native operator system for agentic work.
Use this short version in partner and sponsor messages:
```text
ECC gives teams one reusable layer for skills, hooks, rules, MCP conventions,
release gates, and operator workflows across Claude Code, Codex, OpenCode,
Cursor, Gemini, Zed, GitHub Copilot, and terminal-only workflows.
```
## Offer Ladder
| Motion | Best fit | Starting point | Primary ask |
| --- | --- | ---: | --- |
| Pilot sponsor | OSS-friendly team that wants early signal | `$200/mo` | GitHub Sponsors |
| Business sponsor | Tooling or AI infra company that wants logo and case-study surface | `$500/mo` | GitHub Sponsors or direct invoice |
| Strategic partner | Platform, marketplace, security, or developer-tool company | `$1,000+/mo` | Sponsor plus launch or integration plan |
| Consulting sprint | Team adopting agent harnesses internally | Scoped quote | Harness audit, rollout plan, and operating loop |
| Talk or podcast | Devtools, AI engineering, security, OSS, or founder audience | No fee required for high-leverage reach | Recording slot, demo slot, or conference proposal |
## Partner Targets
Prioritize partners that already benefit from a harness-agnostic operating
layer:
- AI coding platforms and IDEs;
- hosted agent and workflow orchestration tools;
- code review, security, and supply-chain vendors;
- model and inference providers;
- developer education, podcast, and conference organizers;
- teams adopting multiple harnesses at once.
## Sponsor Outbound
Subject:
```text
ECC 2.0 sponsor slot for cross-harness agent workflows
```
Body:
```text
Hey [name],
I am getting ECC v2.0.0-rc.1 ready for release review.
The project is now positioned around one reusable operator layer for agentic
work across Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot,
and terminal workflows.
The sponsor fit is pretty direct: ECC reaches the exact builders who are
standardizing their AI coding stack, security posture, and workflow automation.
The current public sponsor ladder is:
- Pilot Partner: $200/mo
- Business Sponsor: $500/mo
- Strategic Partner: $1,000+/mo
Business sponsors get logo placement and release visibility. Strategic partners
can turn it into a deeper integration or launch motion.
Repo: https://github.com/affaan-m/ECC
Sponsor: https://github.com/sponsors/affaan-m
Release notes: https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
If useful, I can send the short sponsor packet and a proposed first 30-day plan.
Affaan
```
## Platform Partner DM
```text
ECC 2.0 is getting close to rc.1.
The release is centered on cross-harness agent workflows: reusable skills,
hooks, rules, MCP conventions, release gates, and an optional Hermes operator
shell.
The partner angle is not "another prompt pack." It is a tested operating layer
for teams using more than one AI coding harness.
I think there is a real integration or co-launch angle here if your team wants
better setup, policy, security, or workflow portability for agent users.
Repo: https://github.com/affaan-m/ECC
```
## Consulting Intro
```text
I am open to a small number of ECC 2.0 implementation sprints for teams that
are standardizing AI coding workflows.
The useful scope is usually:
1. audit the current harness setup;
2. turn repeated workflows into ECC skills, hooks, and rules;
3. add release, security, and CI gates;
4. create a team operating loop that works across Claude Code, Codex, OpenCode,
Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows.
This is not generic AI consulting. The output is a working harness operating
system your team can keep using.
```
## Talk And Podcast Pitch
Title options:
- Building a Cross-Harness Operating System for AI Coding
- From Prompt Packs to Operator Systems
- What Breaks When Teams Adopt Too Many AI Coding Harnesses
- Security and Release Discipline for Agentic Coding Workflows
Short pitch:
```text
ECC started as an open-source workflow layer for Claude Code and is now moving
toward a cross-harness operating system for agentic work.
The talk is about the practical problems teams hit after the first AI coding
honeymoon: scattered prompts, duplicated setup, weak release gates, fragile
security posture, and no clear operating loop across tools.
I can show how ECC uses reusable skills, hooks, MCP conventions, release gates,
AgentShield-style security checks, and an optional Hermes operator shell to make
agentic work more measurable and portable.
```
## GitHub Discussion Announcement
```text
ECC v2.0.0-rc.1 preview pack is ready for final release review.
The main point: ECC 2.0 is the harness-native operator system for agentic work.
It now has a reviewed public surface for:
- reusable skills, hooks, rules, and MCP conventions;
- Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and
terminal workflows;
- Hermes as the optional operator shell;
- release, security, queue, discussion, Linear, observability, and video-suite
gates.
The release is still approval-gated until the GitHub prerelease, npm package,
plugin paths, final URLs, and billing claims have live evidence.
Feedback wanted: install friction, cross-harness gaps, partner integrations,
sponsor fit, and examples of teams using multiple AI coding harnesses.
```
## Video CTA Hooks
Use these with the release video suite:
- "If your AI coding setup only works in one harness, it is not an operating
system yet."
- "ECC 2.0 is the shared layer: skills, hooks, MCPs, release gates, and team
workflows across the tools people actually use."
- "OSS stays free. Sponsors, Pro, and implementation work fund the public
layer."
- "Start with one workflow lane: engineering, research, content, or outreach."
## Do Not Send Or Publish If
- The release URL ledger still has stale or placeholder links.
- `npm run release:video-suite -- --format json` is not green against the
intended video roots.
- The GitHub prerelease, npm package, plugin path, or billing claim is described
as live without evidence.
- The message claims native payments are ready before ECC Tools billing readback
passes.
- The recipient needs a custom promise that is not covered by `SPONSORS.md`,
`SPONSORING.md`, or a separate consulting scope.
- The user has not approved outbound sponsor, partner, consulting, or media
messages.
## Routing Links
- Repo: <https://github.com/affaan-m/ECC>
- Release notes: <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md>
- Quickstart: <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/quickstart.md>
- Sponsor: <https://github.com/sponsors/affaan-m>
- Sponsor tiers: <https://github.com/affaan-m/ECC/blob/main/SPONSORS.md>
- Sponsoring guide: <https://github.com/affaan-m/ECC/blob/main/SPONSORING.md>

34
docs/releases/2.0.0-rc.1/preview-pack-manifest.md
View File

@@ -15,28 +15,17 @@ surfaces, or posting announcements.
| `docs/architecture/cross-harness.md` | Shared substrate model for Claude Code, Codex, OpenCode, Cursor, Gemini, Hermes, and terminal-only use | Names portability boundaries and does not claim unsupported native parity |
| `docs/architecture/harness-adapter-compliance.md` | Adapter matrix and scorecard | Verified by `npm run harness:adapters -- --check` |
| `docs/architecture/observability-readiness.md` | Local operator-readiness gate | Verified by `npm run observability:ready` |
| `docs/architecture/progress-sync-contract.md` | GitHub, Linear, handoff, roadmap, and work-item sync boundary | Checked by `node scripts/platform-audit.js --json` |
| `docs/architecture/progress-sync-contract.md` | GitHub, Linear, handoff, roadmap, and work-item sync boundary | Checked by `node scripts/platform-audit.js --format json --allow-untracked docs/drafts/` |
| `scripts/preview-pack-smoke.js` | Deterministic preview-pack smoke gate | Verified by `npm run preview-pack:smoke` |
| `scripts/release-approval-gate.js` | Final owner-decision, live-URL, and launch-copy gate | Must return ready true before any release publish, package publish, plugin tag, video upload, announcement, or outbound batch |
| `docs/releases/2.0.0-rc.1/release-notes.md` | GitHub release copy source | Must be refreshed with final live release/package/plugin URLs before publication |
| `docs/releases/2.0.0-rc.1/quickstart.md` | Clone-to-first-workflow path | Covers clone, install, verify, first skill, and harness switch |
| `docs/releases/2.0.0-rc.1/launch-checklist.md` | Operator launch checklist | Must remain approval-gated for release, package, plugin, and announcement actions |
| `docs/releases/2.0.0-rc.1/publication-readiness.md` | Release gate | Requires fresh evidence from the exact release commit |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md` | Current May 15 queue, roadmap, security, supply-chain watch, no-lifecycle CI install hardening, AgentShield #86 evidence-pack provenance, ECC Tools billing-gate, Actions cache purge, and `ecc2` test evidence through PR #1941 | Must be superseded by a final clean-checkout evidence file before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md` | Current May 16/17 queue cleanup, recsys skill merge, GateGuard triage, PR #1947 supply-chain protection, AgentShield #87 plugin-cache confidence evidence, AgentShield #88 evidence-pack inspect/readback, AgentShield #89 evidence-pack fleet routing, AgentShield #90 fleet review items, AgentShield #91 policy export, AgentShield #92 policy promotion, ECC-Tools #76 fleet-summary consumption, ECC-Tools #77 hosted finding evidence paths, ECC-Tools #78 harness policy-route linking, dashboard refresh, and combined Node/Rust/release-surface gate evidence through the May 16 mirror | Must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` | May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack protection recheck, npm audit/signature checks, legacy and Linear progress routing, deterministic preview-pack smoke, operator dashboard refresh, Linear sync, and GitHub CI evidence for `27dc2918` | Superseded by the May 18 evidence snapshot; repeat from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md` | May 18 queue-zero state, #1970/#1971/#1972 merge batch, #1978 review/closure, supply-chain recheck, AgentShield evidence mirror, Linear sync, current-head CI/security scan success for `4470e2e6`, and ITO-46 naming/plugin publication closure | Superseded by the May 19 ECC identity, video, and growth evidence snapshot |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` | Current May 19/20 evidence for canonical ECC identity, release video suite, partner/sponsor/talk outreach pack, owner approval packet, release approval gate, May 20 operator dashboard, preview-pack smoke digest `eebb8a66c33e`, 2568-test local suite, PR #1998 visual QA CI success, PR #1999 dashboard evidence CI success, PR #2000 suite-count evidence success, PR #2001 owner approval packet CI success, PR #2002 owner-approval dashboard gate CI success, PR #2004 Linear readiness evidence sync CI success, PR #2008 supply-chain evidence gate CI success, post-PR #2006 main CI success, PR #2009 project-registry hygiene CI success, post-PR #2009 main CI success, post-PR #2011 GateGuard CI success, post-PR #2013 release-approval-gate CI success, PR #2017/#2018 AgentShield evidence sync, ECC-Tools #79 billing-announcement redaction hardening, ECC-Tools #80-#93 runtime-receipt, AgentShield approval-ID, Linear sync, remediation sync, hosted observability event/status/depth-plan/API readback, Marketplace Pro selected-target readback, selected-target announcement gate, env-file billing operator path, non-breaking operator bearer path, live `announcementGateReady: true`, AgentShield #94 Zed/VS Code adapter coverage, AgentShield #95 Dependabot alert closure, JARVIS #15/#16 queue/deploy repair, ECC #2019/#2020 Marketplace Pro gate sync, and the May 19/20 Linear sync comments | Current strongest readiness snapshot; must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 18 generated dashboard |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 19 generated dashboard |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 20 generated dashboard |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md` | Current prompt-to-artifact operator dashboard | Shows PR/issue/discussion/platform/supply-chain gates current and adds the current `$1,728/mo` to `$10,000/mo` hypergrowth, video owner-approval, Linear release-gate sync, selected-target billing gate, operator bearer path, live billing gate pass, and outbound-pack operating lanes |
| `docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md` | Final human decision sheet for release, package, plugin, video, billing, social, and outbound approvals | Must be reviewed by the owner before any publication or outbound action |
| `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md` | Live URL and approval-gated URL ledger for release copy | Must be regenerated from the final release commit before public announcements |
| `docs/releases/2.0.0-rc.1/video-suite-production.md` | Release video production manifest | Gates local media inventory, rough primary render, captions, timeline, self-eval, and no-private-path publication rules |
| `docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md` | Partner, sponsor, consulting, conference, podcast, and discussion copy | Must stay approval-gated and avoid live billing, release, package, or plugin claims without evidence |
| `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` | Naming, slug, and publication-path decision record | Keeps `ECC`, npm `ecc-universal`, and plugin slug `ecc` for rc.1 |
| `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md` | Release name, package, Claude plugin, Codex plugin, and publication-order checklist | Freezes rc.1 identity and requires final commit evidence before release, npm, plugin, billing, or announcement actions |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` | Current May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack protection recheck, npm audit/signature checks, legacy and Linear progress routing, deterministic preview-pack smoke, operator dashboard refresh, Linear sync, and GitHub CI evidence for `27dc2918` | Current strongest readiness snapshot; must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Current prompt-to-artifact operator dashboard | Shows PR/issue/discussion/platform/supply-chain gates current and publication, plugin, billing, AgentShield, ECC Tools, legacy, and Linear productization gaps still open |
| `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` | Naming, slug, and publication-path decision record | Keeps `Everything Claude Code / ECC`, npm `ecc-universal`, and plugin slug `ecc` for rc.1 |
| `docs/releases/2.0.0-rc.1/x-thread.md` | X launch draft | Must replace placeholders with live URLs after release/package/plugin publication |
| `docs/releases/2.0.0-rc.1/linkedin-post.md` | LinkedIn launch draft | Must replace placeholders with live URLs after release/package/plugin publication |
| `docs/releases/2.0.0-rc.1/article-outline.md` | Longform launch outline | Must stay release-candidate framed until GA evidence exists |
@@ -80,10 +69,8 @@ Run these from the exact release commit before publication:
```bash
git status --short --branch
node scripts/platform-audit.js --json
node scripts/platform-audit.js --format json --allow-untracked docs/drafts/
npm run preview-pack:smoke
npm run release:approval-gate -- --format json
npm run release:video-suite -- --format json
npm run harness:adapters -- --check
npm run harness:audit -- --format json
npm run observability:ready
@@ -100,21 +87,14 @@ cd ecc2 && cargo test
The preview pack is assembled, but publication is still blocked until these live
surfaces exist and are recorded in a final evidence file:
- final release URL ledger regenerated from the intended release commit;
- `npm run release:approval-gate -- --format json` returning ready true after
owner approvals and live URL readbacks are recorded;
- final release name/plugin publication checklist rerun from the intended
release commit;
- GitHub prerelease `v2.0.0-rc.1`;
- npm `ecc-universal@2.0.0-rc.1` on the `next` dist-tag;
- Claude plugin tag / marketplace propagation for `ecc@ecc`;
- Codex repo-marketplace distribution evidence plus official Plugin Directory
availability status;
- final announcement URLs in X, LinkedIn, GitHub release, and longform copy;
- ECC Tools billing/product readiness evidence remains fresh: the May 20
selected-target KV readback and live announcement gate passed through the
operator bearer path. Repeat the billing readback and gate immediately before
any native-payments announcement copy is published.
- ECC Tools billing/product readiness evidence before any native-payments
announcement copy is published.
## Result

150
docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md
View File

@@ -1,150 +0,0 @@
# ECC v2.0.0-rc.1 Publication Evidence - 2026-05-18
This is release-readiness evidence only. It does not create a GitHub release,
npm publication, plugin tag, marketplace submission, or announcement post.
## Source Commit
| Field | Evidence |
| --- | --- |
| Upstream main | `4470e2e6702f17099d6feb137ba03ff00582c202` |
| Git remote | `https://github.com/affaan-m/everything-claude-code.git` |
| Evidence scope | Current `main` after PR #1970 workflow-security validator bypass fixes, PR #1971 metrics bridge cost-reporting fixes, PR #1972 `uncloud` skill merge, PR #1973 stale script cleanup, issue #1974 cost-reporting verification/closure, PR #1976 OpenAI/AstraFlow provider response guards, PR #1978 review/closure, catalog/operator dashboard refresh, ECC-Tools Wrangler OAuth billing readback mirror, AgentShield `840952a` fleet-ticket and Mini Shai-Hulud IOC evidence mirror, Mini Shai-Hulud/TanStack protection recheck, defensive-deny IOC scanner hardening, release name/plugin publication checklist, readiness/smoke gate enforcement for that checklist, release OIDC publishing-scope hardening, workflow line-ending normalization, current-head CI/security scan, work-items sync, Linear progress sync, the ITO-46 publication-path dry-run refresh, ITO-46 Linear closure, and the post-closure operator dashboard refresh |
| Local status caveat | `git status --short --branch` was clean at dashboard generation time; generated evidence files are committed after the source snapshot they describe |
The actual release operator should repeat all publish-facing checks from the
final release commit with a strictly clean checkout before publishing.
## Queue And Discussion State
| Surface | Command | Result |
| --- | --- | --- |
| Trunk PRs | `gh pr list --limit 100 --json number,title,state,author,updatedAt,url` | 0 open PRs |
| Trunk issues | `gh issue list --limit 100 --json number,title,state,updatedAt,url,labels` | 0 open issues |
| Discussion audit | `npm run discussion:audit -- --json` | Ready; 58 sampled discussions in `affaan-m/everything-claude-code`, 0 needing maintainer touch, 0 answerable discussions missing accepted answer, and 0 fetch errors |
| Platform audit | `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | Ready; tracked repos report 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing accepted answers, and 0 blocking dirty files |
| Work-items sync | `node scripts/work-items.js sync-github --repo <tracked-repo>` for five tracked repos; `node scripts/status.js --json`; `node scripts/work-items.js list --json` | All five tracked repos synced with 0 open PRs/issues and no changed work items; local status reports 0 open, 0 blocked, and 0 closed work items |
| Operator dashboard | `npm run operator:dashboard -- --markdown --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Regenerated at `4470e2e6702f17099d6feb137ba03ff00582c202`; dashboard ready true, publication ready false because release, npm, plugin, billing, and announcement gates are approval-gated; 0 PRs, 0 issues, and 0 discussion gaps remain across tracked repos; AgentShield enterprise evidence includes `840952a`; ECC Tools native-payments gate now names the narrowed ITO-61 blocker: create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and `INTERNAL_API_SECRET`, then rerun target readback and the live announcement gate |
Tracked repositories in the platform audit and work-items sync were:
- `affaan-m/everything-claude-code`
- `affaan-m/agentshield`
- `affaan-m/JARVIS`
- `ECC-Tools/ECC-Tools`
- `ECC-Tools/ECC-website`
## Merge And Triage Batch
| Item | Result |
| --- | --- |
| PR #1970 | Merged workflow-security validator fixes for quoted `write-all` and `refs/pull/*` checkout bypasses; main includes `e06d0382` and `7bb31720` from that slice |
| PR #1971 | Merged metrics bridge cost-reporting fixes, full costs-file scan behavior, and persistent warning de-duplication across hook subprocesses; main includes commits through `9b1d8918` |
| PR #1972 | Merged `skills/uncloud/SKILL.md` with activation structure and uncloud command references; main includes `8b6aed0`, `2e5f30f`, and `caee7cf` |
| PR #1973 | Merged stale `skills/strategic-compact/suggest-compact.sh` removal after confirming the active hook is `scripts/hooks/suggest-compact.js`; remote main includes `812d4d06` |
| Issue #1974 | Closed after verifying current `origin/main` already reads the latest cumulative metrics bridge cost row and focused cost/metrics tests pass |
| Catalog/operator refresh | Pushed `81fca2ce` to refresh generated catalog count, URL ledger, and operator dashboard state after #1973/#1974 |
| PR #1976 | Merged provider response hardening for OpenAI-compatible and AstraFlow providers; main includes `eb0d8939` follow-up guards for empty/filtered provider choices, missing OpenAI `response.usage`, shared filtered-response error text, and credential-less provider construction validation |
| Provider guard validation | `uv run --extra dev pytest -q tests/test_provider_tools.py tests/test_astraflow_provider.py`, `uv run --extra dev pytest -q`, `node tests/run-all.js`, and `git diff --check` passed before merging #1976 follow-up into main: 11 provider-focused Python tests, 76 full Python tests, 2509 Node tests, and clean whitespace checks |
| Defensive-deny IOC scanner hardening | Pushed `04d4d819` so explicit Claude `permissions.deny` IOC entries are treated as defensive controls while the same IOC still fails in hooks, tasks, scripts, locks, and payload files; local `npm test` passed 2511/2511 and current-head CI `26017368895` passed 37/37 |
| Release name/plugin publication checklist | Pushed `6c0fbfb6` to add `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md`; the artifact freezes rc.1 as Everything Claude Code / ECC, keeps npm `ecc-universal`, keeps Claude/Codex plugin slug `ecc`, cites current Anthropic/OpenAI plugin publication paths, and blocks rename/npm publish/plugin tag/submission/billing/social actions until final release evidence exists; GitHub Actions CI `26034898420` passed |
| Dashboard and preview-pack checklist enforcement | Added `680aeff0` so `scripts/operator-readiness-dashboard.js` and `scripts/preview-pack-smoke.js` require the release-name/plugin publication checklist; local dashboard and smoke tests passed and preview-pack smoke now enforces 26 required artifacts |
| AgentShield enterprise evidence mirror | Added `2ba0c62d` and refreshed the dashboard generator/GA roadmap/AgentShield enterprise roadmap so the ECC release evidence names AgentShield `840952a` fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumb coverage |
| PR #1978 | Closed broad/failing outside Excel harness PR after review; recorded a corrected split path for a future smaller Excel harness proposal, install-target/tooling PR, plugin-runtime PR, and translation-automation PR |
| Announcement draft tracking | Added `docs/drafts/release-1.10.1-announcement.md` so the stabilization announcement draft is tracked instead of remaining as release-blocking untracked local state |
| Clean-worktree preview-pack smoke | Detached worktree at `680aeff0fb9a8598858e3105ba4742973ef386ab`; `node scripts/preview-pack-smoke.js --root <worktree> --format json` passed 5/5 with digest `0ed831dbd0cf`; 26 required artifacts, final verification commands, Hermes public sanitization boundary, and approval-gated publication blockers were all preserved |
| Public queues | Rechecked after the merge and issue-closure batch; 0 PRs, 0 issues, and 0 discussion gaps remain across tracked repos |
| Release OIDC publishing scope | Pushed `7911af4a` to keep the release workflow's trusted-publishing path scoped to release publication instead of broadening OIDC permissions across unrelated jobs; local workflow security validation passed |
| Release workflow normalization | Pushed `97567a91` to normalize release workflow line endings after the OIDC hardening slice; current-head CI `26050727969` passed for `97567a91e79e1ee4c291eb78f5f9c30c2046ac94` |
| Operator readiness evidence refresh | Pushed `0f1775e3`, `fe7b4f2b`, and `67e63e63` to refresh blocker evidence, regenerate the operator dashboard, and align publication readiness to the latest CI/security evidence; pushed `4470e2e6` to close ITO-46 publication-path evidence, then regenerated the dashboard at `4470e2e6702f17099d6feb137ba03ff00582c202`; current-head CI `26057806361` passed for `4470e2e6702f17099d6feb137ba03ff00582c202` |
## Supply-Chain And Security Evidence
| Gate | Command | Result |
| --- | --- | --- |
| Repo IOC scan | `npm run security:ioc-scan` | Passed; 198 files inspected |
| Home persistence IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --home --json` | Passed; 200 files inspected; `findings: []` |
| ECC workspace IOC recheck | `node scripts/ci/scan-supply-chain-iocs.js --root <local ECC root> --home --json` | Passed; 1212 files inspected; `findings: []`; exact local path is kept out of public release evidence |
| Narrow active persistence sweep | Targeted search over user-level Claude, VS Code, LaunchAgent/systemd, local-bin, `/tmp`, and `/private/tmp` campaign paths | Existing active targets: 2; no campaign marker hits |
| Scanner fixture tests | `node tests/ci/scan-supply-chain-iocs.test.js` | 20 passed, 0 failed, including defensive Claude deny-wall pass and hook-with-same-IOC fail-closed coverage |
| Advisory source refresh | `node scripts/ci/supply-chain-advisory-sources.js --refresh --json` | Ready with 9 sources; live refresh produced 1 OpenAI URL warning from Node fetch while primary TanStack, GitHub advisory, StepSecurity, Wiz, Socket, npm, and CISA sources returned OK |
| No-lifecycle install | `npm ci --ignore-scripts` | Completed cleanly; 213 packages installed, 0 vulnerabilities |
| npm audit | `npm audit --audit-level=high` | 0 vulnerabilities |
| npm signatures | `npm audit signatures` | 213 verified registry signatures; 17 verified attestations |
| Workflow security | `node scripts/ci/validate-workflow-security.js` | Validated 8 workflow files after the release OIDC publishing-scope hardening |
| AgentShield project scan | `npx --no-install ecc-agentshield scan --format json` | Grade A / 99; 0 critical, 0 high, 0 medium; 6 low docs-example skill telemetry/governance findings |
| Current-head CI security scan | `gh run view 26057806361 --repo affaan-m/everything-claude-code --json status,conclusion,headSha,jobs,url` | Completed successfully for `4470e2e6702f17099d6feb137ba03ff00582c202`; 37/37 CI jobs passed, including lint, workflow/component validation, coverage, cross-platform package-manager tests, npm audit, and supply-chain IOC scan |
| Latest Supply-Chain Watch | `gh run view 26010432490 --repo affaan-m/everything-claude-code --json status,conclusion,headSha,url` | Completed successfully for `25ac57ac40e9fc5a0606e76e6339e72c79748c99`; rerun from the final release commit before publication |
## ITO-46 Publication Path Refresh
| Gate | Command | Result |
| --- | --- | --- |
| Clean publication-path baseline | `git status --short --branch`; `git rev-parse HEAD`; `git remote get-url origin` | Clean `main` at `67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b`; remote `https://github.com/affaan-m/everything-claude-code.git` |
| Package/plugin identity readback | `node -p "JSON.stringify({pkg, claude, codex, opencode}, null, 2)"` | `ecc-universal@2.0.0-rc.1`; Claude plugin `ecc@2.0.0-rc.1`; Codex plugin `ecc@2.0.0-rc.1`; OpenCode package `ecc-universal@2.0.0-rc.1` |
| Name availability | `npm view ecc name version description repository.url --json`; `npm view @affaan-m/ecc name version --json`; `npm view ecc-universal name version dist-tags --json` | `ecc` is occupied by unrelated `ecc@0.0.2`; `@affaan-m/ecc` returns 404; `ecc-universal` registry latest remains `1.10.0` with no `next` dist-tag |
| Plugin manifest tests | `node tests/plugin-manifest.test.js` | 54 passed, 0 failed |
| Release surface tests | `node tests/docs/ecc2-release-surface.test.js` | 21 passed, 0 failed |
| Claude plugin validation | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin validate .`; `claude plugin tag .claude-plugin --dry-run` | Claude Code `2.1.143`; manifest validation passed; full plugin validation passed with one expected root `CLAUDE.md` context warning; tag dry run would create `ecc--v2.0.0-rc.1` |
| Claude marketplace source help | `claude plugin marketplace add --help`; `claude plugin marketplace update --help` | Marketplace add supports URL, local path, GitHub repo, `--scope`, and `--sparse`; update supports targeted or all-marketplace refresh |
| Codex marketplace help | `codex plugin marketplace add --help` | Codex CLI `0.131.0`; marketplace add supports local paths, `owner/repo[@ref]`, HTTPS Git URL, SSH Git URL, `--ref`, and `--sparse` |
| Codex local marketplace smoke | `HOME="$(mktemp -d)" codex plugin marketplace add ./` | Added marketplace `ecc` from the local checkout without touching the real Codex config |
| Codex GitHub-ref marketplace smoke | `HOME="$(mktemp -d)" codex plugin marketplace add affaan-m/everything-claude-code --ref "$(git rev-parse HEAD)"` | Added marketplace `ecc` from the public GitHub repo pinned to `67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b` without touching the real Codex config |
| npm package dry-run | `NPM_CONFIG_USERCONFIG=/dev/null npm pack --dry-run --json`; `NPM_CONFIG_USERCONFIG=/dev/null npm publish --tag next --dry-run` | Pack produced `ecc-universal-2.0.0-rc.1.tgz`, 2228 files, 4,348,504 bytes packed, 13,024,929 bytes unpacked, shasum `29d6a17029d80f5cb1df068880ba86c55a5d60f1`; publish dry-run would publish `ecc-universal@2.0.0-rc.1` with tag `next` |
| OpenCode package build | `npm run build:opencode` | Passed |
| Preview pack smoke | `npm run preview-pack:smoke` | Ready yes; digest `0ed831dbd0cf`; 5 passed, 0 failed |
| Official docs check | Anthropic `https://code.claude.com/docs/en/plugins` and `https://code.claude.com/docs/en/plugin-marketplaces`; OpenAI `https://developers.openai.com/codex/plugins/build` | Anthropic documents self-hosted marketplace sources; OpenAI documents repo/personal marketplaces and the official Plugin Directory. ECC has not created a real release tag, official listing, or npm publication in this pass |
| ITO-46 closure | Linear ITO-46 comment `9ef92056-ab23-4eed-bfdb-932dddc2b056`; Linear issue status `Done`; GitHub Actions `26057806361` | Publication-path docs now record every channel, name conflicts, package/plugin dry-run commands, and blocker register; Codex repo-marketplace distribution is verified but official Plugin Directory listing is not claimed before OpenAI submission/listing evidence |
## Linear Progress Sync
| Surface | Evidence |
| --- | --- |
| ITO-57 issue comments | `0b9931b9-1556-4ebc-a70c-f3635557625d` records May 18 queue counts, #1970/#1971/#1972/#1976 merge evidence, supply-chain verification, current-head CI URL, deferred gates, and next slices; reply `6fa15367-d994-4e53-ade3-9462477e1100` records the expanded TanStack/Mini Shai-Hulud recheck, defensive-deny scanner fix, current-head CI `26017368895`, and post-push platform audit; comment `3fe5b2b7-c4fe-401c-a317-b40d72119cb3` records the final emergency refresh against `97567a91`, AgentShield `4e36aab`, clean ECC/Ito/Documents workspace IOC scans, absent dead-man/persistence artifacts, and package-manager/Claude deny-wall posture; comment `43837404-c01c-4aaa-b5e2-1e784c136d69` records ECC-Tools `brace-expansion` alert 44 fixed in `e56fc1a` with CI `26054671308` and Dependabot API `state: fixed` |
| ITO-52 issue status | `f2e5a208-de91-4a3a-960b-5362d12aa5a4` records ECC-Tools `69ca535` team-learning feedback controls, local verification, and CI `26054455434`; Linear ITO-52 is Done |
| ITO-61 issue status | `6904e4fb-bec7-4787-90e2-759f077a628c` records the narrowed native-payments readback blocker: Wrangler OAuth now works, aggregate readback is clean, but there is still no Marketplace-managed Pro target billing-state with webhook provenance and the local announcement preflight is missing the target account plus `INTERNAL_API_SECRET` |
| ECC platform project comment | `e32e5b7a-287b-4bf4-9ed7-314389a157e1` records the earlier current public queue, security, #1976, and remaining-gate state at the project level; follow-up ITO-44 comments `a01eeef3-c69b-48c0-8804-a4682acfc1ef` and `6b0885cc-c4e9-40db-899b-f7b88b4aa046` record ITO-52 completion and the fixed ECC-Tools Dependabot alert |
| Project status update caveat | Linear returned "Project status updates are not enabled for this workspace"; project comment was used as the supported status surface |
## Current Publication Blockers
- GitHub prerelease `v2.0.0-rc.1` is still not created in this pass.
- npm `ecc-universal@2.0.0-rc.1` is still not published to the `next`
dist-tag.
- Claude plugin tag and marketplace propagation remain approval-gated.
- Codex repo-marketplace distribution is verified for rc.1, but official
Plugin Directory publishing remains blocked on OpenAI's self-serve publishing
surface.
- ECC Tools billing/native-payments copy remains blocked until a Marketplace
Pro purchase/webhook path writes ready production `billing-state:*`
provenance for the target Marketplace test account, then
`npm run billing:kv-readback -- --account <github-login> --require-ready`
with working Cloudflare API auth or repaired Wrangler OAuth, followed by
`npm run billing:announcement-gate -- --account <github-login>`, return
announcement-ready gates. The latest Wrangler OAuth aggregate readback found
256 `account-billing:*` records, 256 `billing-state:*` records, 197
Marketplace-source records, 59 Stripe-source records, 53 Pro records, 4
Marketplace webhook-provenance records, all `Open Source`, 0 Marketplace Pro
states, 0 ready-like Marketplace Pro states, and 0 parse failures. ECC-Tools
commit `632e059` adds the follow-up target-account readback mode, redacts
the account login and raw KV key names, and requires both target key families
before `--require-ready` can pass. ECC-Tools commit `13cd3fc` normalizes
billing-state key casing. The latest ITO-61 retry fails because no
Marketplace-managed Pro state exists and the announcement preflight is
missing the target account plus `INTERNAL_API_SECRET`; Linear ITO-61 tracks
the exact target-account acceptance criteria.
- Release notes, X, LinkedIn, GitHub release, and longform copy still need final
live URLs after release/package/plugin URLs exist.
- The local checkout is clean after the dashboard/evidence refresh, but a
strict clean-checkout release pass remains required before real publication.
## Result
The tracked public PR queue, issue queue, discussion queue, local work-items
bridge, release-name/plugin publication gate, and Mini Shai-Hulud/TanStack
protection loop are current on May 18, 2026 for current `main` through
`97567a91`, with follow-up ECC Tools billing-gate hardening in `632e059`
and AgentShield enterprise/security hardening through `4e36aab`.
This improves publication readiness but does not replace the approval-gated
release, package, plugin, billing, and announcement steps in
`publication-readiness.md`.

207
docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md
View File

@@ -1,207 +0,0 @@
# ECC v2.0.0-rc.1 Publication Evidence - 2026-05-19
This is release-readiness evidence only. It does not create a GitHub release,
npm publication, plugin tag, marketplace submission, billing announcement, or
social announcement.
## Source Commit
| Field | Evidence |
| --- | --- |
| Upstream main | `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2` |
| Git remote | `https://github.com/affaan-m/ECC.git` |
| Evidence scope | Current `main` after PR #1990 harness-audit GitHub integration scoring, PR #1991 canonical ECC identity gate, PR #1992 release video-suite gate, PR #1993 growth outreach pack, PR #1994 May 19 publication evidence refresh, PR #1995 operator dashboard refresh, PR #1996 primary render self-eval gate, PR #1997 publish-candidate gate, PR #1998 visual QA gate, PR #1999 video dashboard evidence refresh, PR #2000 suite-count evidence refresh, PR #2001 owner approval packet addition, PR #2002 owner approval dashboard gate refresh, PR #2004 Linear readiness evidence sync, PR #2005 post-PR #2004 evidence refresh, PR #2008 release supply-chain evidence gate fix, PR #2006 per-project Claude Code adapter, PR #2009 continuous-learning project registry hygiene fix, PR #2011 GateGuard quoted git introspection fix, PR #2013 deterministic release approval gate, PR #2017 AgentShield adapter evidence sync, PR #2018 AgentShield Dependabot evidence sync, ECC-Tools #80-#91 hosted observability/readback, Marketplace Pro selected-target, selected-target announcement gate, and env-file operator-path batch, AgentShield #94 Zed/VS Code adapter coverage, AgentShield #95 Dependabot alert closure, PR #2019 Marketplace Pro release-gate sync, and PR #2020 selected-target announcement gate sync |
| Local status caveat | `git status --short --branch` was clean after pulling `origin/main`; generated evidence files are committed after the source snapshot they describe |
The release operator must repeat all publish-facing checks from the exact final
release commit with a strictly clean checkout before publishing.
## Queue And Discussion State
| Surface | Command | Result |
| --- | --- | --- |
| Platform audit | `node scripts/platform-audit.js --json` | Ready true; tracked repos report 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, and 0 blocking dirty files |
| Trunk PRs | `gh pr list --repo affaan-m/ECC --state open --json number,title,url,author --limit 100` | `[]` |
| Trunk issues | `gh issue list --repo affaan-m/ECC --state open --json number,title,url,author --limit 100` | `[]` |
| Discussion audit through platform audit | `node scripts/platform-audit.js --json` | `affaan-m/ECC` discussions enabled; 60 sampled after #2015 setup-location Q&A was answered and accepted; 0 needing maintainer touch; 0 answerable without accepted answer |
| Worktree | `git status --short --branch` | `## main...origin/main` |
Tracked repositories in the platform audit were:
- `affaan-m/ECC`
- `affaan-m/agentshield`
- `affaan-m/JARVIS`
- `ECC-Tools/ECC-Tools`
- `ECC-Tools/ECC-website`
## Merge Batch
| Item | Result |
| --- | --- |
| PR #1990 | Merged GitHub integration harness-audit scoring and conflict salvage from the earlier unsafe PR lane |
| PR #1991 | Merged canonical ECC release identity gate across README, plugin/package metadata, OpenCode surfaces, Marketplace metadata, audit defaults, quickstart, release URL ledger, naming/publication matrix, and release tests |
| PR #1992 | Merged the release video-suite gate, production manifest, validator, package file surface, preview-pack smoke wiring, release-surface tests, and compact CI JSON output |
| PR #1993 | Merged the partner, sponsor, consulting, conference, podcast, GitHub Discussion, and video CTA pack for the hypergrowth outbound lane |
| PR #1994 | Merged the May 19 publication-evidence refresh, platform-audit evidence gate, preview-pack smoke evidence gate, and URL/readiness/roadmap references |
| PR #1995 | Merged the May 19 operator dashboard refresh with the `$1,728/mo` MRR baseline, `$10,000/mo` target, and release/video/outbound top actions |
| PR #1996 | Merged the primary launch render self-eval gate for duration, size, resolution, video stream, and audio stream checks |
| PR #1997 | Merged the publish-candidate gate for the primary launch MP4/captions plus five short clips in wide and vertical formats |
| PR #1998 | Merged the release video visual QA gate for publish candidates and black-frame segment detection |
| PR #1999 | Merged the operator dashboard refresh that moved the release video suite to current once publish-candidate evidence was recorded |
| PR #2000 | Merged the suite-count evidence refresh so the platform audit rejects stale local-suite totals |
| PR #2001 | Merged the final human decision sheet for release, package, plugin, video, billing, social, and outbound approvals; GitHub Actions run `26102500291` completed successfully |
| PR #2002 | Merged the owner-approval dashboard refresh so the operator dashboard fails closed when the final decision sheet is missing or incomplete; CI passed before merge |
| PR #2004 | Merged the May 19 Linear readiness evidence sync after PR #2002, including roadmap, dashboard, preview-pack manifest, publication evidence, operator dashboard generator, and release-surface test updates |
| PR #2005 | Merged the post-PR #2004 evidence refresh, keeping the May 19 readiness ledger, dashboard, roadmap, and release-surface references current on `main` |
| PR #2008 | Merged the release supply-chain evidence gate fix so platform-audit readiness keeps matching current publication evidence |
| PR #2006 | Merged the `claude-project` install target for per-project Claude Code adapter support, then fixed the manifest schema enum on top of the feature branch before merge |
| PR #2009 | Merged the continuous-learning project registry hygiene fix: non-git hook payloads stay global, no-remote linked worktrees migrate to the main worktree project ID, and `instinct-cli.py projects delete`, `merge`, and `gc` provide operator maintenance commands |
| PR #2011 | Merged the GateGuard read-only git introspection tokenizer fix so quoted `git show` pathspecs with spaces are preserved while quoted shell separators stay outside the bypass |
| PR #2013 | Merged the deterministic `release:approval-gate` so final publication, package, plugin, video, billing, social, and outbound actions remain blocked until owner decisions and live URL readbacks are complete |
| PR #2017 | Merged the AgentShield #94 evidence mirror as `906e06406e95742944ccb05065f95a7e4dd4a036`, syncing roadmap, publication evidence, preview-pack manifest, and supply-chain incident-response surfaces after full GitHub CI passed |
| PR #2018 | Merged the AgentShield #95 Dependabot evidence mirror as `68b4e45145968acd52e68d900f8422061ed7f4a2`, syncing the roadmap, publication evidence, and preview-pack manifest after full PR CI passed |
| PR #2019 | Merged the Marketplace Pro selected-target release-gate sync as `30f60710d4e0424fc70d9bbdc105009db141d9d8`, updating the roadmap, publication evidence, naming matrix, preview manifest, and operator dashboard after full PR CI passed |
| PR #2020 | Merged the selected-target announcement gate sync as `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, updating the roadmap, publication evidence, naming matrix, preview manifest, release URL ledger, platform audit surfaces, and operator dashboard after full PR CI passed |
## Post-Queue-Zero Sync - 2026-05-19 Late Pass
| Surface | Evidence |
| --- | --- |
| ECC approval gate | PR #2013 merged as `9819626459a662773be7d0b1c18d82c1316b8c36`; GitHub Actions run `26128749863` completed successfully; `npm run release:approval-gate -- --format json` remains intentionally blocked with digest `ef8f49f727b7`, 4/6 passing, and failures only on owner decisions plus live URL readbacks |
| ECC platform audit | `node scripts/platform-audit.js --json` at `2026-05-19T22:45:15Z` returned ready true, 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, and 0 dirty blockers across `affaan-m/ECC`, `affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` |
| ECC-Tools billing hardening | ECC-Tools PR #79 merged as `67ee247ae1b7b50ecc1261ed5d62d65cc8390da8`; preflight and live billing-announcement output now redact account login values to a stable fingerprint while preserving readiness blockers/actions; local validation passed targeted tests, full test suite 678/678, lint, typecheck, manual preflight, and `git diff --check`; post-merge main CI run `26129253509` completed successfully |
| JARVIS queue drain | JARVIS PR #15 merged the Dependabot `idna` 3.11 to 3.15 security bump as `4b3685d6ee23b4da1f1a7d22281c6b5d6c0a42c7`; PR checks and post-merge CI/CodeQL passed |
| JARVIS deploy repair | JARVIS PR #16 merged as `4369c34babd21d539c420866da51c7a8365f1c9e`; the deploy workflow no longer uses an invalid job-level `secrets.*` condition, Vercel deploy skips cleanly when secrets are absent, backend image build/push succeeds, and main CI, CodeQL, and Deploy runs `26129539376`, `26129539427`, and `26129539425` completed successfully |
| Linear roadmap sync | Linear document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and issue comments on ITO-44, ITO-50, ITO-54, ITO-56, and ITO-61 record the late-pass queue-zero, release-gate, billing-safety, and progress-sync state. |
## May 20 Hosted Observability And AgentShield Adapter Sync
| Surface | Evidence |
| --- | --- |
| ECC discussion queue | Discussion #2015 was answered and marked accepted with conservative setup guidance: do not install in `C:\`; use a normal workspace; install `ecc@ecc` once through the Claude plugin marketplace; copy only needed rule folders when using manual rules; do not stack plugin plus full manual install. |
| ECC platform audit | `node scripts/platform-audit.js --json` at `2026-05-20T00:25:38Z` returned ready true with 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, and 0 dirty blockers across `affaan-m/ECC`, `affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website`. |
| ECC platform audit recheck | `npm run platform:audit -- --json` at `2026-05-20T00:42:11Z` returned ready true with 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, 0 GitHub errors, and 0 dirty blockers across the same tracked repo set after AgentShield #94 merged. |
| ECC-Tools #80/#81/#82 | PR #80 merged runtime-receipt failure-reason enforcement as `4efc8cc858022f84c844690f3298633b081c4398`; PR #81 preserved AgentShield fleet approval IDs as `1fbf635f492284f75ba7166c029c39eb8cc15794`; PR #82 rendered those approval IDs in hosted security review comments/check-runs as `7a7b4d096a176ae80b3a2076c09d45601e36013a`. |
| ECC-Tools #83/#84 | PR #83 merged deterministic Linear external-ID reuse for deferred follow-ups as `b6b107f33961bef18a85fb619f3a976eb5d752dd`; PR #84 merged hosted AgentShield remediation sync to Linear as `73bac7058071c55cb30c6b8ac6db779b3660c02c`. Local validation covered focused route/client tests, typecheck, lint, full ECC-Tools test suite, and whitespace checks before merge; GitHub Verify, Security Audit, and Workers Builds passed. |
| ECC-Tools #85/#86/#87 | PR #85 merged hosted job observability events as `1637e0f2bfa0a889387f2c20675680ccc5528123`; PR #86 merged hosted status observability readback as `5a9e94d3ff860307c3e7fd9fd065f0de2bd633dd`; PR #87 merged hosted depth-plan observability readback as `508fbc02b63cf1fcb5af2f3624608fa66e53b5d4`. Local validation for the final depth-plan readback slice passed the focused hosted depth-plan route test, full route suite (89/89), typecheck, lint, full ECC-Tools Vitest suite (683/683), and `git diff --check`; GitHub Verify, Security Audit, and Workers Builds passed before merge. |
| ECC-Tools #88 | PR #88 merged authenticated hosted observability API readback as `c836ac3fb24ed7e2ae38cd61e41c9651ac9c00f8`. `GET /api/analysis/observability` now summarizes hosted events by event type and job for operator/dashboard readback, skips malformed stale KV records, and the deployment runbook includes the production smoke command. Local verification passed typecheck, lint, full ECC-Tools Vitest suite (686/686), and `git diff --check`; GitHub Verify, Security Audit, and Workers Builds passed before merge. |
| AgentShield #94 | PR #94 merged Zed/VS Code adapter coverage as `4caee27acfadb50a4cd024e738b5c3cbd4b0bb03`. AgentShield now reports Zed and VS Code as first-class harness adapters, discovers `.zed/settings.json`, `.zed/tasks.json`, and `.zed` hook-code files, and flags `.zed/setup.mjs` in the AI-tool persistence IOC rule alongside `.vscode/setup.mjs`. Local verification passed typecheck, lint, focused scanner/rule tests, full `npm test` (1822 tests), `npm run build`, and `git diff --check`; GitHub checks passed across GitGuardian, scan suite, self-scan, self-scan examples, Node 18/20/22 CI, CodeRabbit, and Cubic after rerunning a transient artifact-upload failure. |
| AgentShield #95 | PR #95 merged the `brace-expansion` Dependabot fix as `25d91f0002214c408da4ceaac7def20bad40ca10`. The lockfile now resolves vulnerable transitive `brace-expansion` 5.x entries to `5.0.6`, local `npm audit --audit-level=moderate` returns 0 vulnerabilities, and `gh api repos/affaan-m/agentshield/dependabot/alerts?state=open` returns `[]`. Local validation passed typecheck, lint, full `npm test` (1822 tests), build, audit, and whitespace checks; GitHub checks passed across Verify Node 18/20/22, self-scan, self-scan examples, Test GitHub Action, GitGuardian, CodeRabbit, and Cubic. |
| Linear roadmap sync | Linear ITO-54 comment `74dcc101-3be5-4173-be13-62b80d54f569` and ECC Platform Roadmap project comment `348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5` record the May 20 hosted observability status/depth-plan readback batch; Linear comments `291e2a4b-06e3-4672-a057-cdb141478161` and `b2d35de0-ca49-44cb-982a-ddec229e7691` add the #88 observability API readback; Linear ITO-49 comment `faed69dd-35f5-469d-acb5-ddde6a70d6a1` and project comment `70187c1e-d481-4181-b418-09bd65d54b5e` add the #94 AgentShield Zed/VS Code adapter evidence; Linear ITO-49 comment `371fc3e4-611f-4d20-a23f-67db1260b418`, ITO-57 comment `bd06e252-15c1-4256-b667-caa3f64f5968`, and project comment `22c2c388-2fd1-4dea-a939-6141f40c9a21` add the #95 AgentShield Dependabot alert closure; earlier comments on ITO-54, ITO-48, and the project record the #84 hosted remediation sync and #85 hosted observability event emission batches. |
## May 20 Marketplace Pro Release-Gate Sync
| Surface | Evidence |
| --- | --- |
| ECC-Tools #89 | PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a` after Verify, Security Audit, and Workers Builds passed. It added `billing:kv-readback -- --select-ready-target --require-ready`, allowing operators to select a ready Marketplace Pro target internally without passing or printing the login. |
| Live production readback | The 2026-05-20 Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, seat and webhook readiness, no overage, and 0 blockers, with account details redacted. The old missing Marketplace Pro target-state blocker is cleared. |
| ECC #2019 | PR #2019 merged as `30f60710d4e0424fc70d9bbdc105009db141d9d8`, syncing the selected-target readback evidence into the GA roadmap, rc.1 publication evidence, naming matrix, preview manifest, and operator dashboard. |
| ECC-Tools #90 | PR #90 merged as `16a5bb33ee5ce7c31d2ad8d041e5afac03308f05` after Verify, Security Audit, and Workers Builds passed. It added the selected-target official announcement gate through `/api/billing/readiness?selectReadyTarget=1` and `npm run billing:announcement-gate -- --select-ready-target`, keeping the raw account login out of command logs. |
| ECC #2020 | PR #2020 merged as `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, syncing ECC-Tools #90 into the roadmap, publication evidence, naming matrix, preview manifest, publication readiness, release URL ledger, platform audit surfaces, and operator dashboard. |
| ECC-Tools #91 | PR #91 merged as `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05` after Verify, Security Audit, and Workers Builds passed. It added `--env-file` to the billing announcement and KV readback scripts for ignored local operator credential files, with tests proving sentinel secrets and account logins are not printed. |
| ECC-Tools #92 | PR #92 merged as `18d80197be779619283e0b37e2952bac53819a07` after Verify, Security Audit, and Workers Builds passed. It added the non-breaking `INTERNAL_OPERATOR_API_SECRET` bearer accepted by privileged internal API routes without rotating the primary `INTERNAL_API_SECRET`, and the merged Worker was deployed to `api.ecc.tools`. |
| May 20 live selected-target gate | Vault-backed Wrangler readback passed with Marketplace Pro state, target fingerprint `e953a74209fe`, both key families, webhook evidence, seat readiness, no overage, and 0 blockers. After rotating the operator bearer, `npm run billing:announcement-gate -- --preflight --select-ready-target` returned ready and `npm run billing:announcement-gate -- --select-ready-target` returned `announcementGateReady: true`, 0 required actions, 0 blockers, and audit summary 6 pass / 1 warn / 0 fail. |
| ECC-Tools #93 | PR #93 merged as `d3d62df83fa075660fa4530c3e0edc311a4355fe`, recording the live billing announcement gate pass in the launch checklist and distribution roadmap while preserving final release/plugin/URL approval gates. |
| Post-merge main CI | ECC GitHub Actions runs `26135974576`, `26136949698`, and `26138015245` completed successfully on `main` for `30f60710d4e0424fc70d9bbdc105009db141d9d8`, `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, and `6e25458dbc15cd07cfb7a4e1f0b06f3eda41a043` across lint, coverage, security, validation, and the full OS/package-manager matrix. ECC-Tools main CI runs `26137280847`, `26138403065`, and `26138669148` completed successfully for `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`, `18d80197be779619283e0b37e2952bac53819a07`, and `d3d62df83fa075660fa4530c3e0edc311a4355fe`. |
| Post-merge local gates | `npm run platform:audit -- --json` returned ready true with 0 PRs, 0 issues, 0 discussion gaps, and 0 dirty blockers; `npm run preview-pack:smoke -- --format json` returned ready true with digest `531328aaaa53` before the May 20 dashboard rollover and `eebb8a66c33e` after adding the May 20 dashboard artifact; `git diff --check HEAD~1..HEAD` was clean. |
| Linear roadmap sync | Linear ITO-61 comment `467d148a-712a-4777-aad9-95593e9f1739` and ECC Platform Roadmap project comment `7642ee9c-3107-400c-a229-53e2895a8914` record ECC-Tools #89, ECC #2019, the green post-merge CI run, and the earlier internal bearer-token gate; Linear ITO-44 comment `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, ITO-56 comment `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, ITO-61 comment `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and project reply `1c74a3d0-f8ca-4306-997e-a37c53d49f97` record the ECC #2020 selected-target announcement-gate sync; a new Linear sync should record ECC-Tools #92/#93 and the live gate pass. |
| Remaining blocker | Native-payments billing evidence is ready as of the May 20 selected-target gate pass. Repeat KV readback and `billing:announcement-gate -- --select-ready-target` immediately before launch, and keep native-payments copy behind the final release, plugin, live URL, and owner-approval gates. |
## Release And Growth Evidence
| Gate | Command | Result |
| --- | --- | --- |
| Release-surface tests | `node tests/docs/ecc2-release-surface.test.js` | 28 passed, 0 failed |
| Preview-pack smoke | `npm run preview-pack:smoke -- --format json` | Ready true; digest `eebb8a66c33e`; 33 required artifacts; 5 passed, 0 failed |
| Release approval gate | `npm run release:approval-gate -- --format json` | Expected blocked; digest `ef8f49f727b7`; 4 passed, 2 failed; owner decisions and live URL readbacks remain approval-gated |
| Operator dashboard | `npm run operator:dashboard -- --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md` | Regenerated from the May 20 `main` baseline with platform audit ready true, 0 tracked PRs, 0 tracked issues, 0 discussion gaps, `$1,728/mo` current MRR, `$10,000/mo` target MRR, the release video suite marked current, Linear release-gate sync current, and top actions for plugin publication, notifications, outbound approval, AgentShield, and ECC Tools billing |
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build` | Current supply-chain refresh found 0 npm vulnerabilities, verified 254 registry signatures and 30 attestations, and accepted the Yarn lock after pinning `@types/node@25.7.0` plus refreshing `brace-expansion` to `5.0.6` / `1.1.14` |
| Release video suite | `npm run release:video-suite -- --format json --summary` with `ECC_VIDEO_SOURCE_ROOT` and `ECC_VIDEO_RELEASE_SUITE_ROOT` | Ready true; 15/15 source assets present; 13/13 render, timeline, caption, EDL, and segment artifacts present; 12/12 publish-candidate outputs present with zero detected black-frame segments; primary rough render self-eval passed at 144.759 seconds, 1920x1080, 1 audio stream, and 106.78 MB |
| Focused post-merge regression set | `node tests/hooks/detect-project-worktree.test.js`; `node tests/hooks/observe-subdirectory-detection.test.js`; `node tests/scripts/instinct-cli-projects.test.js`; `node tests/hooks/hooks.test.js` | 10/10, 6/6, 5/5, and 237/237 passed after PR #2009 merged |
| GateGuard PR #2011 regression | `node tests/hooks/gateguard-fact-force.test.js`; `npm test`; `git diff --check main...HEAD` | 91/91 passed on the PR branch; full local suite passed 2560/2560 before merge; whitespace check passed; focused GateGuard suite passed again on current `main` |
| Release approval gate PR #2013 validation | `npm test`; `npm run lint`; `git diff --check`; `npm run preview-pack:smoke -- --format json`; `npm run release:approval-gate -- --format json` | 2568/2568 tests passed before merge; lint and whitespace passed; preview pack stayed ready with digest `531328aaaa53`; release approval gate returned the expected blocked exit with digest `ef8f49f727b7` |
| Full local suite | `node tests/run-all.js` | 2568 passed, 0 failed before PR #2013 merge |
| PR #1998 CI | GitHub Actions run `26099020341` | Completed successfully for `d500de1e9f11c0446b6a1349bd98b522d31f9125`; all reported checks passed, including lint, validation, security scan, coverage, GitGuardian, CodeRabbit, Cubic, and the macOS/Ubuntu/Windows test matrix |
| PR #1999 CI | GitHub Actions run `26100148726` | Completed successfully for `90584b6d5e5814bc2ad9a4cd651bebd043de989d`; lint, validation, security scan, coverage, GitGuardian, CodeRabbit, and the macOS/Ubuntu/Windows test matrix passed; Cubic completed neutral and did not block merge |
| PR #2001 CI | GitHub Actions run `26102500291` | Completed successfully for `8148340ad14eb32c971346f0cb4cb9431ec0f5de`; required checks passed before merge |
| PR #2002 CI | GitHub Actions run `26103853507` | Completed successfully before merge; required checks passed, Cubic remained non-blocking, and PR #2002 merged into `main` as `c7d662c3c68719e5ef0b5305ca3f6782b3214224` |
| PR #2004 CI | GitHub Actions run `26105012698` | Completed successfully after rerunning the single failed Windows Node 18 yarn job; required checks passed, Cubic remained non-blocking, and PR #2004 merged into `main` as `ac7434ea8f39166b11e9d06ce64b38c4fb8d9202` |
| PR #2005 CI | GitHub Actions run `26106321921` | Completed successfully with 37 completed jobs, 0 failed jobs, and PR #2005 merged into `main` as `d6022d6b8dc5ef1393cf18ae40ee58f646f3754e` |
| PR #2008 CI | GitHub Actions run `26108473648` | Completed successfully across the required matrix before merge; non-blocking Cubic skipped after review |
| Post-PR #2006 main CI | GitHub Actions run `26109953093` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `98bd517451f38fa0150a53aab4234c2239a47b7e` |
| PR #2009 CI | GitHub Actions run `26111313938` | Completed successfully with 37 completed jobs, 0 failed jobs after replacing the brittle fake-worktree regression fixture with a real `git worktree add` setup |
| Post-PR #2009 main CI | GitHub Actions run `26111946778` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `bc519e5b8ed42f26c0a5a611756e04351c323f21` |
| Post-PR #2011 main CI | GitHub Actions run `26113695068` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `14d88e517b0c56a80c1a6392b1cde2474948d29f` |
| Post-PR #2013 main CI | GitHub Actions run `26128749863` | Completed successfully with `main` advanced to `9819626459a662773be7d0b1c18d82c1316b8c36` |
| Post-PR #2019 main CI | GitHub Actions run `26135974576` | Completed successfully with `main` advanced to `30f60710d4e0424fc70d9bbdc105009db141d9d8` |
| Post-PR #2020 main CI | GitHub Actions run `26136949698` | Completed successfully with `main` advanced to `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2` |
| ECC-Tools #91 main CI | GitHub Actions run `26137280847` | Completed successfully on ECC-Tools `main` with `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05` after the env-file billing gate support merged |
| ECC-Tools #92 main CI | GitHub Actions run `26138403065` | Completed successfully on ECC-Tools `main` with `18d80197be779619283e0b37e2952bac53819a07` after the operator bearer path merged |
| ECC-Tools #93 main CI | GitHub Actions run `26138669148` | Completed successfully on ECC-Tools `main` with `d3d62df83fa075660fa4530c3e0edc311a4355fe` after the live billing announcement evidence merged |
| Linear sync | Linear document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` plus project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`; late-pass document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f` plus project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`; May 20 ITO-61 comment `467d148a-712a-4777-aad9-95593e9f1739` plus project comment `7642ee9c-3107-400c-a229-53e2895a8914`; May 20 ITO-44 comment `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, ITO-56 comment `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, ITO-61 comment `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and project reply `1c74a3d0-f8ca-4306-997e-a37c53d49f97` | Project and issue lanes record PR #2002 evidence, discussion #2003 routing, owner-approval dashboard gate, and In Progress status for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass sync attaches PR #2013, ECC-Tools #79, and JARVIS #15/#16 evidence to ITO-44, ITO-50, ITO-54, ITO-56, and ITO-61; the May 20 sync attaches ECC-Tools #89/#90, ECC #2019/#2020 Marketplace Pro selected-target and selected-target announcement-gate evidence, and the remaining env-file/bearer-token gate to ITO-44, ITO-56, ITO-61, and the project |
| Public-path sanitization | `node scripts/ci/validate-no-personal-paths.js` through local suite and CI | Passed |
| Markdown and whitespace | `markdownlint` focused release docs plus `git diff --check` before PR #1999 | Passed |
## Product And Positioning Evidence
| Surface | Evidence |
| --- | --- |
| Canonical repo identity | Public URLs and release docs now use `https://github.com/affaan-m/ECC` where public links are needed |
| Release claim | Release notes and launch collateral frame ECC as the harness-native operator system for agentic work, not a Claude-only config pack |
| Video proof | `video-suite-production.md` gates the local rough render, timeline, captions, source inventory, publish-candidate clip set, self-eval, black-frame QA, and no-private-path publication rules |
| Growth proof | `partner-sponsor-talks-pack.md` provides approval-gated copy for sponsors, partners, consulting, talks, podcasts, GitHub Discussion, and video CTAs |
| Owner approval proof | `owner-approval-packet-2026-05-19.md` centralizes release, package, plugin, video, billing, social, and outbound decision gates |
| Business baseline | Hypergrowth command center and partner pack use `$1,728/mo` current MRR, `$10,000/mo` target MRR, and `$8,272/mo` gap |
| Operator dashboard | `operator-readiness-dashboard-2026-05-20.md` pulls the growth baseline into the same queue, publication, video, outbound, AgentShield, ECC Tools billing/env-file gate, Linear, and supply-chain control surface |
| Linear progress proof | Linear project document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` mirrors the post-PR #2002 state and records active lanes for launch materials, AgentShield, ECC Tools deep analysis, observability, and final release publication; Linear document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f` adds the PR #2013 approval gate, ECC-Tools #79 redaction hardening, and JARVIS #15/#16 queue/deploy repair evidence; May 20 Linear comments `74dcc101-3be5-4173-be13-62b80d54f569`, `348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5`, `291e2a4b-06e3-4672-a057-cdb141478161`, `b2d35de0-ca49-44cb-982a-ddec229e7691`, `faed69dd-35f5-469d-acb5-ddde6a70d6a1`, `70187c1e-d481-4181-b418-09bd65d54b5e`, `371fc3e4-611f-4d20-a23f-67db1260b418`, `bd06e252-15c1-4256-b667-caa3f64f5968`, `22c2c388-2fd1-4dea-a939-6141f40c9a21`, `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and `1c74a3d0-f8ca-4306-997e-a37c53d49f97` add ECC-Tools hosted observability readback evidence, AgentShield adapter evidence, AgentShield Dependabot alert closure, and Marketplace selected-target announcement-gate evidence to ITO-44, ITO-49, ITO-54, ITO-56, ITO-57, ITO-61, and the project |
## Current Publication Blockers
- GitHub prerelease `v2.0.0-rc.1` is still not created in this pass.
- npm `ecc-universal@2.0.0-rc.1` is still not published to the `next`
dist-tag.
- Claude plugin tag and marketplace propagation remain approval-gated.
- Codex repo-marketplace distribution is verified by prior evidence, but
official Plugin Directory publishing remains blocked on OpenAI submission or
listing evidence.
- ECC Tools billing/native-payments evidence is no longer blocked by the
internal bearer-token path or selected-target announcement gate. Repeat
`billing:kv-readback -- --select-ready-target --require-ready` and
`billing:announcement-gate -- --select-ready-target` immediately before
launch, and keep the copy behind the final release, plugin, live URL, and
owner-approval gates.
ECC-Tools PR #89 (`512bca6`) added `billing:kv-readback --
--select-ready-target --require-ready`; its 2026-05-20 production run cleared
the old missing-target-state blocker without printing the account login.
ECC-Tools PR #90 (`16a5bb3`) added the selected-target official announcement
gate, so production preflight no longer needs a raw GitHub login.
ECC-Tools PR #91 (`72119a1`) added `--env-file` support for ignored local
billing credentials without printing loaded secrets or account logins.
ECC-Tools PR #92 (`18d8019`) added the non-breaking operator bearer path, and
ECC-Tools PR #93 (`d3d62df`) recorded the live gate pass.
- Release notes, X, LinkedIn, GitHub release, GitHub Discussion, longform copy,
sponsor outreach, partner outreach, consulting copy, conference pitches, and
podcast pitches still need final live URLs plus human approval before posting
or sending.
- Discord/community links still need a real invite or bot/guild credential path
before public docs should route users there.
## Result
The tracked public PR queue, issue queue, discussion queue, canonical ECC
identity, release video suite, preview pack, growth outreach packet, per-project
Claude Code adapter surface, continuous-learning project registry hygiene,
GateGuard quoted git introspection fix, deterministic release approval gate,
ECC-Tools billing-announcement redaction hardening, selected-target billing
readback, selected-target announcement gate, billing gate env-file operator path,
ECC-Tools hosted observability readback, AgentShield Zed/VS Code adapter coverage,
AgentShield Dependabot alert closure, and JARVIS security/deploy queue repairs
are current on May 20, 2026 for ECC `main` through
`c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, ECC-Tools `main` through
`72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`, and AgentShield `main` through
`25d91f0002214c408da4ceaac7def20bad40ca10`. The remaining video work is owner
approval, upload, and public URL attachment, not render or QA production.
This improves publication readiness but does not replace the approval-gated
release, package, plugin, billing, Discord, and announcement steps in
`publication-readiness.md`.

75
docs/releases/2.0.0-rc.1/publication-readiness.md
View File

@@ -6,9 +6,6 @@ URLs from the exact commit being released.
For the current rc.1 naming decision and package/plugin publication path, see
[`naming-and-publication-matrix.md`](naming-and-publication-matrix.md).
For the May 18 release name, package, Claude plugin, Codex plugin, and
publication-order gate, see
[`release-name-plugin-publication-checklist-2026-05-18.md`](release-name-plugin-publication-checklist-2026-05-18.md).
For the assembled rc.1 preview pack boundary, see
[`preview-pack-manifest.md`](preview-pack-manifest.md).
For the May 12 dry-run evidence pass, see
@@ -38,48 +35,26 @@ Shai-Hulud/TanStack local protection recheck, legacy-tail and Linear progress
routing, deterministic preview-pack smoke gate, and current operator dashboard
refresh, see
[`publication-evidence-2026-05-17.md`](publication-evidence-2026-05-17.md).
For the May 18 current-head queue, workflow-security/metrics/uncloud merge
batch, PR #1978 review/closure, Mini Shai-Hulud/TanStack local and home
protection recheck, npm no-lifecycle install/audit/signature gates,
AgentShield project scan, AgentShield `840952a` enterprise/IOC evidence mirror,
release OIDC publishing-scope hardening, workflow normalization, later
dashboard/publication-readiness refreshes through `67e63e63`, work-items sync,
Linear progress comments, ITO-46 closure, operator dashboard refresh, and
current-head CI/security scan success through the May 19 identity, video, and
growth-pack merge batch, see
[`publication-evidence-2026-05-19.md`](publication-evidence-2026-05-19.md).
For the operator-facing prompt-to-artifact readiness dashboard from the same
May 16 pass, see
[`operator-readiness-dashboard-2026-05-15.md`](operator-readiness-dashboard-2026-05-15.md).
For the May 17 operator dashboard refresh, see
[`operator-readiness-dashboard-2026-05-17.md`](operator-readiness-dashboard-2026-05-17.md).
For the May 18 operator dashboard refresh, see
[`operator-readiness-dashboard-2026-05-18.md`](operator-readiness-dashboard-2026-05-18.md).
For the May 19 hypergrowth/operator dashboard, see
[`operator-readiness-dashboard-2026-05-19.md`](operator-readiness-dashboard-2026-05-19.md).
The current May 20 Marketplace Pro release-gate operator dashboard is
[`operator-readiness-dashboard-2026-05-20.md`](operator-readiness-dashboard-2026-05-20.md).
For the final owner decision sheet across release, npm, plugin, video, billing,
social, and outbound approvals, see
[`owner-approval-packet-2026-05-19.md`](owner-approval-packet-2026-05-19.md).
For the May 19 live/pending release URL ledger after the public repo rename, see
[`release-url-ledger-2026-05-19.md`](release-url-ledger-2026-05-19.md).
## Release Identity Matrix
| Surface | Expected value | Source of truth | Fresh check | Evidence artifact | Owner | Status |
| --- | --- | --- | --- | --- | --- | --- |
| Product name | ECC | `README.md`, plugin manifests, release notes | `rg -n "^# ECC\|displayName.*ECC\|affaan-m/ECC" README.md .codex-plugin/plugin.json docs/releases/2.0.0-rc.1` | `release-name-plugin-publication-checklist-2026-05-18.md` plus `release-url-ledger-2026-05-19.md` | Release owner | Evidence recorded |
| GitHub repo | `affaan-m/ECC` | Git remote and release URLs | `git remote get-url origin` | `release-url-ledger-2026-05-19.md` | Release owner | Evidence recorded |
| Git tag | `v2.0.0-rc.1` | GitHub releases | `gh release view v2.0.0-rc.1 --repo affaan-m/ECC` | `release not found` | Release owner | Blocked until release approval |
| Product name | Everything Claude Code / ECC | `README.md`, `CHANGELOG.md`, release notes | `rg -n "Everything Claude Code" README.md CHANGELOG.md docs/releases/2.0.0-rc.1` | `publication-evidence-2026-05-12.md` | Release owner | Evidence recorded |
| GitHub repo | `affaan-m/everything-claude-code` | Git remote and release URLs | `git remote get-url origin` | `publication-evidence-2026-05-12.md` | Release owner | Evidence recorded |
| Git tag | `v2.0.0-rc.1` | GitHub releases | `gh release view v2.0.0-rc.1 --repo affaan-m/everything-claude-code` | `release not found` | Release owner | Blocked until release approval |
| npm package | `ecc-universal` | `package.json` | `node -p "require('./package.json').name"` | `publication-evidence-2026-05-12.md` | Package owner | Evidence recorded |
| npm version | `2.0.0-rc.1` | `VERSION`, `package.json`, lockfiles | `node -p "require('./package.json').version"` | `publication-evidence-2026-05-12.md` | Package owner | Evidence recorded |
| npm dist-tag | `next` for rc, `latest` only for GA | npm registry | `npm view ecc-universal dist-tags --json` | Current registry only has `latest: 1.10.0`; `next` is pending publish | Package owner | Blocked until publish approval |
| Claude plugin slug | `ecc` / `ecc@ecc` install path | `.claude-plugin/plugin.json`, `.claude-plugin/marketplace.json` | `node tests/hooks/hooks.test.js` | `publication-evidence-2026-05-12.md` | Plugin owner | Evidence recorded |
| Claude plugin manifest | `2.0.0-rc.1`, no unsupported `agents` or explicit `hooks` fields | `.claude-plugin/plugin.json`, `.claude-plugin/PLUGIN_SCHEMA_NOTES.md` | `claude plugin validate .claude-plugin/plugin.json` | `publication-evidence-2026-05-12.md` | Plugin owner | Evidence recorded |
| Codex plugin manifest | `2.0.0-rc.1` with shared skill source | `.codex-plugin/plugin.json` | `node tests/docs/ecc2-release-surface.test.js` | `publication-evidence-2026-05-12.md` | Plugin owner | Evidence recorded |
| Codex repo marketplace | `ecc@2.0.0-rc.1` exposed through `.agents/plugins/marketplace.json` | `.agents/plugins/marketplace.json`, `.codex-plugin/README.md` | `HOME="$(mktemp -d)" codex plugin marketplace add <local-checkout>` | `publication-evidence-2026-05-15.md` | Plugin owner | Repo-marketplace path verified; do not claim official Plugin Directory listing before OpenAI submission evidence |
| Codex repo marketplace | `ecc@2.0.0-rc.1` exposed through `.agents/plugins/marketplace.json` | `.agents/plugins/marketplace.json`, `.codex-plugin/README.md` | `HOME="$(mktemp -d)" codex plugin marketplace add <local-checkout>` | `publication-evidence-2026-05-15.md` | Plugin owner | Repo-marketplace path verified; official Plugin Directory publishing coming soon |
| OpenCode package | `ecc-universal` plugin module | `.opencode/package.json`, `.opencode/index.ts` | `npm run build:opencode` | `publication-evidence-2026-05-12.md` | Package owner | Evidence recorded |
| Agent metadata | `2.0.0-rc.1` | `agent.yaml`, `.agents/plugins/marketplace.json` | `node tests/scripts/catalog.test.js` | `publication-evidence-2026-05-12.md` | Release owner | Evidence recorded |
| Migration copy | rc.1 upgrade path, not GA claim | `release-notes.md`, `quickstart.md`, `HERMES-SETUP.md` | `npx markdownlint-cli '**/*.md' --ignore node_modules` | `publication-evidence-2026-05-13.md` | Docs owner | Evidence recorded |
@@ -91,10 +66,10 @@ For the May 19 live/pending release URL ledger after the public repo rename, see
| GitHub release | Tag exists, release notes use final URLs, assets attached if needed | `gh release view v2.0.0-rc.1 --json tagName,url,isPrerelease` | `Blocker: release not found on 2026-05-12` | Release owner | Pending approval |
| npm package | `npm pack --dry-run` has expected files, version matches, rc goes to `next` | `npm pack --dry-run` and `npm publish --tag next --dry-run` where supported | `Blocker: actual publish requires approval; dry run passed with next tag` | Package owner | Dry-run passed |
| Claude plugin | Manifest validates, marketplace JSON points to public repo, install docs match slug | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin tag .claude-plugin --dry-run`; isolated temp-home install smoke | `Blocker: real tag creation/push requires approval` | Plugin owner | Clean-checkout dry-run and install smoke recorded |
| Codex plugin | Manifest version matches package and docs, repo marketplace points at the plugin root, and OpenAI's current official Plugin Directory status is recorded | `node tests/docs/ecc2-release-surface.test.js`; `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; temp-home `codex plugin marketplace add <local-checkout>` | `Blocker: official Plugin Directory listing requires OpenAI submission/listing evidence` | Plugin owner | Repo-marketplace distribution verified; official directory pending |
| Codex plugin | Manifest version matches package and docs, repo marketplace points at the plugin root, and OpenAI's current official Plugin Directory status is recorded | `node tests/docs/ecc2-release-surface.test.js`; `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; temp-home `codex plugin marketplace add <local-checkout>` | `Blocker: official Plugin Directory publishing and self-serve management are documented as coming soon` | Plugin owner | Repo-marketplace distribution verified; official directory pending |
| OpenCode package | Build output is regenerated from source and package metadata is current | `npm run build:opencode` | `Blocker: none for local build; public distribution still follows npm/plugin release` | Package owner | Evidence recorded |
| ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `env -u GITHUB_TOKEN gh repo view ECC-Tools/ECC-Tools --json nameWithOwner,isPrivate,viewerPermission` plus internal `/api/billing/readiness?selectReadyTarget=1` readback using the operator bearer path | `Ready: ECC-Tools #92 main CI and ECC-Tools #93 main CI passed; live selected-target readback returned announcementGate.ready === true on 2026-05-20; repeat before payment announcement` | ECC Tools owner | Billing evidence ready; final copy still waits on release/plugin/live URL approvals |
| Announcement copy | X, LinkedIn, GitHub release, and longform copy point to live URLs | placeholder-marker scan and `release-url-ledger-2026-05-19.md` | `Blocker: final live release/npm/plugin/billing URLs do not exist yet; live and pending URLs are separated in the May 19 ledger` | Release owner | URL ledger recorded; final URLs pending |
| ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `env -u GITHUB_TOKEN gh repo view ECC-Tools/ECC-Tools --json nameWithOwner,isPrivate,viewerPermission` plus internal `/api/billing/readiness?accountLogin=<marketplace-test-account>` readback | `Blocker: ECC-Tools #73 added announcementGate; live Marketplace test-account readback must return announcementGate.ready === true before payment announcement` | ECC Tools owner | Code gate recorded; live billing readback pending |
| Announcement copy | X, LinkedIn, GitHub release, and longform copy point to live URLs | `rg -n "TODO" docs/releases/2.0.0-rc.1` and repeat for `TBD` | `Blocker: final live release/npm/plugin URLs do not exist yet` | Release owner | Pending |
| Privileged workflow hardening | Release and maintenance workflows avoid persisted checkout tokens | `node scripts/ci/validate-workflow-security.js` | `Blocker:` | Release owner | Evidence recorded in post-hardening refresh |
## Required Command Evidence
@@ -103,25 +78,22 @@ Record the exact commit SHA and command output before any publication action:
| Evidence | Command | Required result | Recorded output |
| --- | --- | --- | --- |
| Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Current May 20 baseline `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`: `## main...origin/main`; repeat from the exact final publication commit before release |
| Preview-pack smoke | `npm run preview-pack:smoke` | Preview pack artifacts, Hermes boundary, final verification command list, and publication blockers pass | `publication-evidence-2026-05-19.md`: ready yes, digest `eebb8a66c33e`, 33 artifacts, 5 passed, 0 failed; repeat in the final strict clean-checkout release pass |
| Release approval gate | `npm run release:approval-gate -- --format json` | Ready true only after owner decision rows are approved, live release/package/plugin/video/billing URLs are recorded, and launch/outbound copy has no placeholders or private paths | Current May 19 state is intentionally blocked because owner decisions and live URL readbacks remain approval-gated |
| Harness audit | `npm run harness:audit -- --format json` | 80/80 passing | Current release gate: 80/80 across 8 applicable categories, 0 top actions |
| Adapter scorecard | `npm run harness:adapters -- --check` | PASS | Current release gate: PASS, 11 adapters |
| Observability readiness | `npm run observability:ready` | 21/21 passing | Current release gate: 21/21, ready true |
| Release safety gate | `npm run observability:ready -- --format json` | Release Safety category passing with publication readiness, supply-chain, workflow security, package surface, and release-surface evidence | Current release gate keeps Release Safety passing at 3/3; repeat the JSON gate from the exact final release commit |
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build`; `cd ecc2 && cargo audit -q`; Dependabot alerts; GitGuardian Security Checks | 0 vulnerabilities/alerts, registry signatures verified, package-manager locks accepted, GitGuardian clean | Current supply-chain branch: `npm audit` found 0 vulnerabilities; `npm audit signatures` verified 254 registry signatures and 30 attestations; Yarn immutable install accepted the lock after pinning `@types/node@25.7.0` and moving `brace-expansion` to `5.0.6` / `1.1.14`; PR #2008 CI `26108473648`, post-PR #2006 main CI `26109953093`, PR #2009 CI `26111313938`, and post-PR #2009 main CI `26111946778` completed with 0 failures |
| Root suite | `node tests/run-all.js` | 0 failures | Current May 19 local suite: 2568 passed, 0 failed before PR #2013 merged; post-PR #2009 focused regressions also passed for worktree detection, observe subdirectory/global fallback, project maintenance CLI, and the hooks suite |
| Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules` | 0 failures | Current release gate: focused lint passed for `publication-readiness.md`, `publication-evidence-2026-05-19.md`, and `docs/ECC-2.0-GA-ROADMAP.md` |
| Package surface | `node tests/scripts/npm-publish-surface.test.js` | 0 failures; no Python bytecode in npm tarball | Current release gate: 2/2 passed |
| Release surface | `node tests/docs/ecc2-release-surface.test.js` | 0 failures | Current release gate: 27/27 passed after refreshing the discussion-count assertion to the post-PR #2005 baseline |
| Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Pending final strict clean-checkout release pass; `publication-evidence-2026-05-17.md` records current `main` with unrelated untracked `docs/drafts/` |
| Preview-pack smoke | `npm run preview-pack:smoke` | Preview pack artifacts, Hermes boundary, final verification command list, and publication blockers pass | `publication-evidence-2026-05-17.md`: ready yes, digest `dfb1ed014607`, 5 passed, 0 failed; repeat in a final strict clean-checkout release pass |
| Harness audit | `npm run harness:audit -- --format json` | 70/70 passing | `publication-evidence-2026-05-17.md`: 70/70 |
| Adapter scorecard | `npm run harness:adapters -- --check` | PASS | `publication-evidence-2026-05-16.md`: PASS, 11 adapters |
| Observability readiness | `npm run observability:ready` | 21/21 passing | `publication-evidence-2026-05-17.md`: 21/21, ready yes |
| Release safety gate | `npm run observability:ready -- --format json` | Release Safety category passing with publication readiness, supply-chain, workflow security, package surface, and release-surface evidence | `publication-evidence-2026-05-13-post-hardening.md`: Release Safety 3/3 |
| Supply-chain verification | `npm audit --json`; `npm audit signatures`; `cd ecc2 && cargo audit -q`; Dependabot alerts; GitGuardian Security Checks | 0 vulnerabilities/alerts, registry signatures verified, GitGuardian clean | `publication-evidence-2026-05-17.md`: npm registry signatures and attestations verified, 0 high-or-higher npm vulnerabilities, supply-chain IOC scan clean |
| Root suite | `node tests/run-all.js` | 0 failures | `publication-evidence-2026-05-17.md`: `npm test` passed 2487/2487, 0 failed |
| Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules` | 0 failures | `publication-evidence-2026-05-17.md`: passed after ja-JP autonomous-loop anchor repair |
| Package surface | `node tests/scripts/npm-publish-surface.test.js` | 0 failures; no Python bytecode in npm tarball | `2/2` passed in May 12 evidence pass |
| Release surface | `node tests/docs/ecc2-release-surface.test.js` | 0 failures | `publication-evidence-2026-05-16.md`: 20/20 passed |
| Optional Rust surface | `cd ecc2 && cargo test` | 0 failures or explicit deferral | `publication-evidence-2026-05-16.md`: 462/462 passed, existing warnings only |
| Queue baseline | `node scripts/platform-audit.js --json` across trunk, AgentShield, JARVIS, ECC Tools, and ECC website | Under 20 open PRs and under 20 open issues | Current May 20 baseline after PR #2020: platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 conflicting PRs, and 0 blocking dirty files across tracked repos |
| Discussion baseline | `node scripts/platform-audit.js --json` and `node scripts/discussion-audit.js --json` | No unmanaged active discussion queue and no answerable Q&A missing an accepted answer | Post-PR #2005 baseline: platform audit sampled 59 trunk discussions, 0 needing maintainer touch, 0 answerable discussions missing accepted answer; `docs/architecture/discussion-response-playbook.md` records response templates and security escalation rules |
| Linear roadmap | Linear project and issue readback | Detailed roadmap exists with release, security, AgentShield, ECC Tools, legacy, and observability lanes | May 18 Linear comments include ITO-57 `3fe5b2b7-c4fe-401c-a317-b40d72119cb3` and ITO-44 `fb4a4f33-6c2d-421a-bbdb-63cfad3e3ee4`; earlier evidence records the project and 16 issue lanes |
| Operator readiness dashboard | `npm run operator:dashboard -- --json` | Current queue state mapped to macro-goal deliverables and incomplete gaps | Current May 20 dashboard is refreshed from the post-PR #2020 baseline; platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files, release video suite current, selected-target billing/env-file path mirrored, and publication gates still approval-gated |
| Release URL ledger | `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md` plus placeholder-marker scan | Live links and approval-gated links are separated before announcement copy is posted | Ledger records public repo/docs/npm/OpenAI Codex documentation URLs and blocks GitHub release/npm/plugin/billing/social URLs until approval-gated checks pass |
| Release name and plugin publication checklist | `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md` | Name/package/plugin values are frozen, final-release commands are listed, and Claude/Codex publication paths cite current official docs | Checklist keeps `ECC`, `ecc-universal`, and plugin slug `ecc` for rc.1; no npm rename, npm publish, plugin tag, official listing, billing claim, or announcement before final evidence |
| Queue baseline | `gh pr list` / `gh issue list` across trunk, AgentShield, JARVIS, ECC Tools, and ECC website | Under 20 open PRs and under 20 open issues | `publication-evidence-2026-05-17.md`: platform audit ready, 0 open PRs and 0 open issues across checked repos |
| Discussion baseline | `node scripts/discussion-audit.js --json` | No unmanaged active discussion queue and no answerable Q&A missing an accepted answer | `publication-evidence-2026-05-15.md`: 58 trunk discussions, 0 without maintainer touch; other tracked repos disabled or 0 |
| Linear roadmap | Linear project and issue readback | Detailed roadmap exists with release, security, AgentShield, ECC Tools, legacy, and observability lanes | `publication-evidence-2026-05-15.md`: project and 16 issue lanes recorded |
| Operator readiness dashboard | `npm run operator:dashboard -- --json --allow-untracked docs/drafts/` | Current queue state mapped to macro-goal deliverables and incomplete gaps | `publication-evidence-2026-05-17.md`: generated from `27dc2918`, platform ready true, dashboard ready true, 0 open PRs, 0 open issues, 0 discussion gaps |
## Do Not Publish If
@@ -142,7 +114,6 @@ Record the exact commit SHA and command output before any publication action:
3. Create or verify the GitHub prerelease.
4. Publish npm with the rc dist-tag.
5. Submit or update plugin marketplace surfaces.
6. Regenerate the release URL ledger and update release notes with final live
URLs.
6. Update release notes with final live URLs.
7. Publish GitHub release copy.
8. Publish X, LinkedIn, and longform copy only after the public URLs work.

4
docs/releases/2.0.0-rc.1/quickstart.md
View File

@@ -5,8 +5,8 @@ This path is for a new contributor who wants to verify the release surface befor
## Clone
```bash
git clone https://github.com/affaan-m/ECC.git
cd ECC
git clone https://github.com/affaan-m/everything-claude-code.git
cd everything-claude-code
```
Start from a clean checkout. Do not copy private operator state, raw workspace exports, tokens, or local Hermes files into the repo.

119
docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md
View File

@@ -1,119 +0,0 @@
# ECC v2.0.0-rc.1 Release Name And Plugin Publication Checklist
Snapshot date: 2026-05-18. Canonical repo decision refreshed 2026-05-19
after the public repo rename to `affaan-m/ECC`.
This checklist is the operator gate for release naming, package publication,
and Claude/Codex plugin distribution. It is not a publication action by itself.
Run it from the exact release commit before creating tags, publishing npm,
submitting marketplace forms, or posting announcements.
## Fixed rc.1 Decision
Ship `v2.0.0-rc.1` as **ECC**.
- Keep the GitHub repo at `affaan-m/ECC`.
- Keep the npm package as `ecc-universal`.
- Keep Claude and Codex plugin slugs as `ecc`.
- Publish the npm prerelease on the `next` dist-tag, not `latest`.
- Do not rename the npm package to `ecc` or `@affaan-m/ecc` before rc.1.
- Treat `affaan-m/ECC` as the canonical public repo for rc.1 and GA release
copy.
Reasons:
- `ecc-universal` is the current working install and package surface.
- `ecc` on npm is occupied by an unrelated elliptic-curve package.
- `@affaan-m/ecc` is unclaimed on npm, but would require a migration plan.
- `affaan-m/ECC` is now the live public GitHub repo.
- Claude and Codex already expose the desired short namespace as `ecc`.
## Current Surface Evidence
| Surface | Current value | Evidence command | 2026-05-18 result | Release action |
| --- | --- | --- | --- | --- |
| Git commit | `67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b` | `git rev-parse HEAD` | Recorded from clean `main` before this ITO-46 evidence refresh | Re-run from final release commit |
| GitHub repo | `affaan-m/ECC` | `git remote get-url origin` | `https://github.com/affaan-m/ECC.git` | Keep for rc.1 and GA |
| npm package | `ecc-universal@2.0.0-rc.1` local, `1.10.0` registry latest | `node -p "require('./package.json').name + '@' + require('./package.json').version"` and `npm view ecc-universal name version dist-tags --json` | Local rc.1 ready; registry still latest `1.10.0` | Publish rc.1 with `--tag next` after approval |
| Exact npm short name | `ecc` | `npm view ecc name version description repository.url --json` | Occupied by unrelated `ecc@0.0.2` | Do not use |
| Scoped npm short name | `@affaan-m/ecc` | `npm view @affaan-m/ecc name version --json` | 404 | Candidate only after migration plan |
| Claude plugin | `ecc@2.0.0-rc.1` | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin validate .`; `claude plugin tag .claude-plugin --dry-run` | Validation passed on Claude Code `2.1.143`; full plugin validation has one expected root `CLAUDE.md` context warning; dry run would create `ecc--v2.0.0-rc.1` | Run dry-run tag again from the final commit, then tag/push only after approval |
| Claude marketplace | `.claude-plugin/marketplace.json` | `claude plugin marketplace add --help`; Anthropic plugin marketplace docs | GitHub repo, git URL, remote marketplace JSON, and local path marketplace sources are supported | Verify post-tag marketplace install/update path after final evidence |
| Codex plugin | `ecc@2.0.0-rc.1` | `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; OpenAI Codex plugin docs | Plugin manifest passed 54/54; local and GitHub-ref repo marketplace smokes passed on Codex CLI `0.131.0` | Use repo marketplace for rc.1; do not claim official directory listing until OpenAI publishing path is available |
| OpenCode package | `ecc-universal@2.0.0-rc.1` | `node -p "require('./.opencode/package.json').name + '@' + require('./.opencode/package.json').version"` | Matches rc.1 package identity | Follow npm package publication |
| Billing claim | ECC Tools selected-target billing evidence ready | ECC Tools billing gate and Marketplace account readback | May 20 selected-target readback and live selected-target announcement gate passed with `announcementGateReady: true`; repeat immediately before announcement | Do not announce native payments until final release/plugin/live URL approvals are green |
## Required Gate
Run these checks from the final release commit and paste the exact output into
a fresh `publication-evidence-YYYY-MM-DD.md` file before release actions:
```bash
git status --short --branch
git rev-parse HEAD
git remote get-url origin
npm view ecc name version description repository.url --json
npm view @affaan-m/ecc name version --json
npm view ecc-universal name version dist-tags --json
node tests/plugin-manifest.test.js
node tests/docs/ecc2-release-surface.test.js
claude plugin validate .claude-plugin/plugin.json
claude plugin tag .claude-plugin --dry-run
codex plugin marketplace add --help
HOME="$(mktemp -d)" codex plugin marketplace add ./
HOME="$(mktemp -d)" codex plugin marketplace add affaan-m/ECC --ref "$(git rev-parse HEAD)"
npm pack --dry-run --json
npm publish --tag next --dry-run
npm run build:opencode
npm run preview-pack:smoke
npm run release:approval-gate -- --format json
```
If a command is unavailable on the release machine, record the exact error and
keep the related publication action blocked.
## Publication Order
| Step | Action | Required evidence | Stop condition |
| --- | --- | --- | --- |
| 1 | Freeze name and version | Package, Claude plugin, Codex plugin, OpenCode package, `VERSION`, and release docs all say `2.0.0-rc.1` | Any `preview`/`rc.1` mismatch |
| 2 | Verify clean release branch | `git status --short --branch` shows only the intended release commit and no unrelated drift | Any unexplained dirty file |
| 3 | Verify package and plugin manifests | `node tests/plugin-manifest.test.js` and `node tests/docs/ecc2-release-surface.test.js` pass | Manifest or release-surface failure |
| 4 | Dry-run package surface | `npm pack --dry-run --json`; `npm publish --tag next --dry-run` | Missing files, wrong dist-tag, or publish dry-run failure |
| 5 | Dry-run Claude distribution | `claude plugin validate`; `claude plugin tag .claude-plugin --dry-run`; marketplace source/help evidence | Validation, tag, or install-smoke failure |
| 6 | Verify Codex repo marketplace | `codex plugin marketplace add --help`; temp-home local and GitHub-ref repo marketplace add smoke; OpenAI official directory status recorded | Missing repo marketplace or unverified official-directory status |
| 7 | Verify OpenCode package | `npm run build:opencode` | Build failure |
| 8 | Regenerate release URL ledger | Live and approval-gated URLs separated in `release-url-ledger-YYYY-MM-DD.md` | Placeholder, private URL, or announcement URL drift |
| 9 | Create GitHub prerelease | `gh release view v2.0.0-rc.1 --json tagName,url,isPrerelease` | Missing URL or wrong prerelease flag |
| 10 | Publish npm rc | `npm view ecc-universal version dist-tags --json` shows rc.1 on `next` | rc.1 lands on `latest` or registry output is unclear |
| 11 | Publish/plugin-submit | Claude official submission and Codex repo marketplace evidence recorded | Form not submitted, listing not visible, or docs status changed |
| 12 | Announce | X, LinkedIn, GitHub release, and longform copy use final live URLs | Any final URL is still pending |
## Do Not Proceed
- Do not publish npm before `npm pack --dry-run --json` is captured from the
final release commit.
- Do not create or push Claude plugin tags before `claude plugin tag
.claude-plugin --dry-run` passes from the final release commit.
- Do not claim an official Codex Plugin Directory listing unless OpenAI
documents a public submission path or confirms the plugin has been listed.
- Do not announce billing, Marketplace, or native payments until ECC Tools live
Marketplace account readback returns ready.
- Do not rename the npm package until rc.1 is published and a migration guide
maps old install names to new names.
- Do not post social copy while any release, npm, plugin, or billing URL is
still approval-gated.
## External Distribution Sources
- Anthropic Claude Code plugin docs: `https://code.claude.com/docs/en/plugins`
- Anthropic Claude Code marketplace docs:
`https://code.claude.com/docs/en/plugin-marketplaces`
- OpenAI Codex plugin docs:
`https://developers.openai.com/codex/plugins/build#add-a-marketplace-from-the-cli`
As of this snapshot, Anthropic documents self-hosted marketplace distribution
through GitHub, git URL, remote marketplace JSON, and local path sources.
OpenAI documents repo/personal marketplace distribution for Codex and describes
an official Plugin Directory, but ECC has not submitted or received an official
directory listing in this pass.

22
docs/releases/2.0.0-rc.1/release-notes.md
View File

@@ -16,11 +16,7 @@ Claude Code remains a core target. Codex, OpenCode, Cursor, Gemini, and other ha
- Added Zed as a project-local planning/install target while keeping BYOK and OpenRouter secrets outside ECC-managed project files.
- Added command-registry coverage, platform audit, discussion audit, operator dashboard, Linear progress readiness, and preview-pack smoke gates.
- Added a local [observability readiness gate](../../architecture/observability-readiness.md) for loop status, session traces, harness audit, and ECC2 tool-risk logs.
- Refreshed the release-readiness evidence after the May 2026 Mini
Shai-Hulud/TanStack campaign follow-up, including full-campaign AgentShield
IOC coverage, queue-zero/discussion checks, a detailed Linear roadmap gate,
the May 18 operator dashboard snapshot, and a live/pending release URL
ledger for announcement gating.
- Refreshed the release-readiness evidence after the May 2026 Mini Shai-Hulud/TanStack campaign follow-up, including full-campaign AgentShield IOC coverage, queue-zero/discussion checks, a detailed Linear roadmap gate, and the May 17 operator dashboard snapshot.
## Since v1.10.0
@@ -46,11 +42,8 @@ feature branch:
- documentation expansion, Japanese localization, zh-CN to ja-JP parity
repair, and dependency readiness through TypeScript 6 and Node type updates;
- launch collateral for GitHub release copy, X, LinkedIn, article outline,
Telegram/Hermes handoff, demo prompts, partner/sponsor/talk outreach, and
the approval-gated launch checklist.
- a release URL ledger that separates links which already resolve from links
that must wait for the GitHub release, npm rc package, plugin tag/directory,
and ECC Tools billing readback.
Telegram/Hermes handoff, demo prompts, and the approval-gated launch
checklist.
## Why This Matters
@@ -91,12 +84,9 @@ What stays local:
2. Read the [Hermes setup guide](../../HERMES-SETUP.md).
3. Review the [cross-harness architecture](../../architecture/cross-harness.md).
4. Run the [observability readiness gate](../../architecture/observability-readiness.md).
5. Check the [release URL ledger](release-url-ledger-2026-05-19.md) before
using any announcement links.
6. Start with one workflow lane: engineering, research, content, or outreach.
7. Import only sanitized operator patterns into ECC skills.
8. Treat `ecc2/` as an alpha control plane until release packaging and installer
behavior is finalized.
5. Start with one workflow lane: engineering, research, content, or outreach.
6. Import only sanitized operator patterns into ECC skills.
7. Treat `ecc2/` as an alpha control plane until release packaging and installer behavior are finalized.
## Do Not Treat This As Published Yet

55
docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md
View File

@@ -1,55 +0,0 @@
# ECC v2.0.0-rc.1 Release URL Ledger
This ledger separates links that are already public from links that only become
valid after the approval-gated release, package, plugin, and announcement
steps. Regenerate it from the final release commit before posting any public
announcement.
Captured from source snapshot
`81fca2cea6f1399c52c8faa70f9a17e42f0bd447` on 2026-05-18. The ledger file
may be committed in a later docs-only refresh after the evidence snapshot it
describes.
## Live Now
| Surface | URL | Verification |
| --- | --- | --- |
| Repository | <https://github.com/affaan-m/everything-claude-code> | `git remote get-url origin` |
| Evidence source commit | <https://github.com/affaan-m/everything-claude-code/commit/81fca2cea6f1399c52c8faa70f9a17e42f0bd447> | `git rev-parse HEAD` at evidence capture |
| Release pack folder | <https://github.com/affaan-m/everything-claude-code/tree/main/docs/releases/2.0.0-rc.1> | Release pack evidence captured from `81fca2ce` |
| Release notes draft | <https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md> | In-tree release copy |
| Hermes setup guide | <https://github.com/affaan-m/everything-claude-code/blob/main/docs/HERMES-SETUP.md> | In-tree sanitized Hermes guide |
| May 18 evidence snapshot | <https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md> | Current strongest readiness evidence |
| May 18 operator dashboard | <https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md> | Prompt-to-artifact dashboard |
| Pushed-head CI | <https://github.com/affaan-m/everything-claude-code/actions/runs/26011460500> | CI passed 37/37 jobs for `81fca2ce`, including the supply-chain IOC scan job |
| Latest Supply-Chain Watch | <https://github.com/affaan-m/everything-claude-code/actions/runs/26010432490> | Supply-Chain Watch passed for `25ac57ac`; rerun from the final release commit before publication |
| npm package page | <https://www.npmjs.com/package/ecc-universal> | `npm view ecc-universal name version dist-tags --json` returned `latest: 1.10.0`; rc.1 is not published yet |
| Codex marketplace CLI docs | <https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace> | Official docs list `codex plugin marketplace add` for GitHub shorthand, Git URLs, SSH URLs, and local marketplace roots |
| Codex official Plugin Directory status | <https://developers.openai.com/codex/plugins/build#publish-official-public-plugins> | Official docs say public Plugin Directory publishing and self-serve management are coming soon |
## Approval-Gated URLs
| Surface | Intended URL or command | Gate before use |
| --- | --- | --- |
| GitHub prerelease | <https://github.com/affaan-m/everything-claude-code/releases/tag/v2.0.0-rc.1> | `gh release view v2.0.0-rc.1 --repo affaan-m/everything-claude-code --json tagName,url,isPrerelease` must return the prerelease |
| npm rc package | <https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1> | `npm publish --tag next` approval and post-publish `npm view ecc-universal dist-tags --json` |
| Claude plugin tag | `claude plugin tag .claude-plugin --dry-run`, then real tag only after approval | Clean release commit and plugin tag/push approval |
| Codex repo marketplace install | `codex plugin marketplace add affaan-m/everything-claude-code --ref v2.0.0-rc.1` | GitHub tag must exist; official Plugin Directory submission remains separate |
| ECC Tools native-payments announcement | ECC Tools Marketplace/App URL plus billing readiness readback | Marketplace-managed test account must return `announcementGate.ready === true` |
| Public announcements | X, LinkedIn, GitHub release, and longform URLs | GitHub release, npm, plugin, and billing URLs must resolve first |
## Pre-Post Check
Run these immediately before publication:
```bash
git status --short --branch
gh release view v2.0.0-rc.1 --repo affaan-m/everything-claude-code --json tagName,url,isPrerelease
npm view ecc-universal name version dist-tags --json
codex plugin marketplace add --help
rg -n "TODO|TBD|PLACEHOLDER" docs/releases/2.0.0-rc.1
npm run preview-pack:smoke
```
Do not post the social or notification copy until the approval-gated URLs above
resolve from a clean release commit.

55
docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md
View File

@@ -1,55 +0,0 @@
# ECC v2.0.0-rc.1 Release URL Ledger
This ledger separates links that are already public from links that only become
valid after the approval-gated release, package, plugin, and announcement
steps. Regenerate it from the final release commit before posting any public
announcement.
Refreshed on 2026-05-19 after the public repository rename to
`affaan-m/ECC`. The final release pass must replace commit-specific evidence
with output from the exact release commit.
## Live Now
| Surface | URL | Verification |
| --- | --- | --- |
| Repository | <https://github.com/affaan-m/ECC> | `git remote get-url origin` returns `https://github.com/affaan-m/ECC.git` |
| Release pack folder | <https://github.com/affaan-m/ECC/tree/main/docs/releases/2.0.0-rc.1> | In-tree release pack |
| Release notes draft | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md> | In-tree release copy |
| Hermes setup guide | <https://github.com/affaan-m/ECC/blob/main/docs/HERMES-SETUP.md> | In-tree sanitized Hermes guide |
| May 19 evidence snapshot | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md> | Current strongest identity, video, growth, and CI readiness evidence |
| May 18 evidence snapshot | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md> | Previous supply-chain and publication-path readiness evidence |
| May 18 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md> | Previous prompt-to-artifact dashboard |
| May 19 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md> | Previous prompt-to-artifact dashboard with hypergrowth, video, and outbound lanes |
| May 20 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md> | Current prompt-to-artifact dashboard with Marketplace Pro release-gate sync |
| npm package page | <https://www.npmjs.com/package/ecc-universal> | `npm view ecc-universal name version dist-tags --json` returned `latest: 1.10.0`; rc.1 is not published yet |
| Codex marketplace CLI docs | <https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace> | Official docs list `codex plugin marketplace add` for GitHub shorthand, Git URLs, SSH URLs, and local marketplace roots |
| Codex official Plugin Directory status | <https://developers.openai.com/codex/plugins/build#publish-official-public-plugins> | Official docs say public Plugin Directory publishing and self-serve management are coming soon |
## Approval-Gated URLs
| Surface | Intended URL or command | Gate before use |
| --- | --- | --- |
| GitHub prerelease | <https://github.com/affaan-m/ECC/releases/tag/v2.0.0-rc.1> | `gh release view v2.0.0-rc.1 --repo affaan-m/ECC --json tagName,url,isPrerelease` must return the prerelease |
| npm rc package | <https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1> | `npm publish --tag next` approval and post-publish `npm view ecc-universal dist-tags --json` |
| Claude plugin tag | `claude plugin tag .claude-plugin --dry-run`, then real tag only after approval | Clean release commit and plugin tag/push approval |
| Codex repo marketplace install | `codex plugin marketplace add affaan-m/ECC --ref v2.0.0-rc.1` | GitHub tag must exist; official Plugin Directory submission remains separate |
| ECC Tools native-payments announcement | ECC Tools Marketplace/App URL plus selected-target billing readiness readback through the operator bearer path | Marketplace-managed selected target returned `announcementGate.ready === true` on 2026-05-20; repeat immediately before publication |
| Public announcements | X, LinkedIn, GitHub release, and longform URLs | GitHub release, npm, plugin, and billing URLs must resolve first |
## Pre-Post Check
Run these immediately before publication:
```bash
git status --short --branch
gh release view v2.0.0-rc.1 --repo affaan-m/ECC --json tagName,url,isPrerelease
npm view ecc-universal name version dist-tags --json
codex plugin marketplace add --help
rg -n "TODO|TBD|PLACEHOLDER" docs/releases/2.0.0-rc.1
npm run preview-pack:smoke
npm run release:approval-gate -- --format json
```
Do not post the social or notification copy until the approval-gated URLs above
resolve from a clean release commit.

202
docs/releases/2.0.0-rc.1/video-suite-production.md
View File

@@ -1,202 +0,0 @@
# ECC 2.0 Video Suite Production Manifest
Snapshot date: 2026-05-19.
This is the production contract for the ECC 2.0 release video suite. It keeps
the public release story, local source inventory, render outputs, and self-eval
gate in one place without committing raw footage, private transcript exports, or
absolute local paths.
## Claim
ECC 2.0 is the harness-native operator system for agentic work.
The videos should prove that claim directly:
- one reusable layer across Claude Code, Codex, OpenCode, Cursor, Gemini, Zed,
GitHub Copilot, and terminal workflows;
- reusable skills, rules, hooks, agents, MCP conventions, release gates, and
operator workflows;
- `ecc2/` as the alpha control-plane/TUI direction, not the whole product;
- AgentShield and supply-chain gates as the enterprise trust layer;
- OSS stays free, with GitHub Sponsors, ECC Tools Pro, and consulting as the
funding surface.
Do not frame the launch as a rename, pivot, config pack, or Claude-only package.
## Private Inputs
Do not commit raw footage, transcript JSON, or timeline exports.
Operators should point the validator at local media using environment variables:
```bash
ECC_VIDEO_SOURCE_ROOT=/path/to/ecc_2_raws \
ECC_VIDEO_RELEASE_SUITE_ROOT=/path/to/ecc_2_release_suite \
npm run release:video-suite -- --format json
```
`ECC_VIDEO_SOURCE_ROOT` should contain proof images and may contain an `_edited/`
subdirectory with edited source clips. `ECC_VIDEO_RELEASE_SUITE_ROOT` should
contain `edl/`, `segments/`, `renders/`, `timelines/`, and `transcripts/`.
## Source Inventory
These basenames are the required local inputs for the release suite validator.
| Asset | Lane | Proof |
| --- | --- | --- |
| `longform-full-wide.mp4` | Primary launch video | operator system, control-plane direction, closing proof |
| `sf-longform-full.mp4` | Primary launch video | structured context opener |
| `sf-thread-2-whatisecc.mp4` | What is ECC | category clarity and GitHub App explanation |
| `sf-thread-4-security.mp4` | Security proof | AgentShield, hooks, MCP, permission risk |
| `thread-2-ghapp-money.mp4` | Money/proof clip | OSS plus paid hosting and services |
| `architecture-2-wide.mp4` | B-roll | harness-native architecture |
| `terminal-scan-2-wide.mp4` | Install proof | terminal workflow and install confidence |
| `new_site_raw.mp4` | B-roll | site and product surface |
| `coverage-montage-wide.mp4` | Coverage/social proof | distribution and social proof |
| `metrics-ticker-2-wide.mp4` | Money/proof clip | traction and funnel proof |
| `growth-timeline-2-wide.mp4` | Coverage/social proof | release momentum timeline |
| `gh_app_1.png` | Money/proof clip | hosted GitHub App surface |
| `star_history.png` | Coverage/social proof | OSS adoption chart |
| `x_analytics.png` | Coverage/social proof | social distribution proof |
| `100k.png` | Coverage/social proof | reach milestone proof |
## Deliverables
| Deliverable | Length | Aspect | Output |
| --- | ---: | --- | --- |
| Primary launch video | 90-150s | 16:9 | `ecc-2-primary-launch.mp4` |
| Install proof clip | 25-35s | 16:9 and 9:16 | `ecc-2-install-proof-*` |
| What is ECC clip | 45-60s | 16:9 and 9:16 | `ecc-2-what-is-ecc-*` |
| Security proof clip | 45-60s | 16:9 and 9:16 | `ecc-2-security-proof-*` |
| Money/proof clip | 30-45s | 16:9 and 9:16 | `ecc-2-money-proof-*` |
| Coverage/social proof clip | 30-45s | 16:9 and 9:16 | `ecc-2-social-proof-*` |
## Primary Launch Video
The rough v1 primary launch assembly is the current spine. It should stay
speech-led, with product proof covering jump cuts and older wording.
| Order | Source | In | Out | Use |
| --- | --- | ---: | ---: | --- |
| 01 | `sf-longform-full.mp4` | 161.12 | 177.68 | Cleaner opener: ECC as structured context with skills, commands, agents, hooks, and project setup. |
| 02 | `thread-2-ghapp-money.mp4` | 21.84 | 30.40 | Direct product thesis: agentic harness optimization. |
| 03 | `thread-2-ghapp-money.mp4` | 41.00 | 59.72 | Not another harness; ECC is the layer and tooling on top of harnesses. |
| 04 | `longform-full-wide.mp4` | 254.60 | 271.20 | Agentic IDE, observability, tracing, and multi-agent control-plane direction. |
| 05 | `sf-thread-2-whatisecc.mp4` | 40.08 | 60.60 | GitHub App analyzes repos and injects project-specific skills, prompts, and hooks. |
| 06 | `sf-thread-4-security.mp4` | 17.60 | 32.72 | Security risk setup: hooks, MCP servers, permissions. |
| 07 | `sf-thread-4-security.mp4` | 37.28 | 51.32 | AgentShield proof: rules, categories, grades, secrets, injection, exfiltration. |
| 08 | `thread-2-ghapp-money.mp4` | 59.72 | 75.96 | OSS-first business model plus managed GitHub App surface. |
| 09 | `longform-full-wide.mp4` | 507.34 | 525.62 | Close on workflows, tested shipping, and secure daily agent work. |
Required local rough v1 artifacts:
- `edl/primary-launch.edl.md`
- `timelines/primary-launch-v1.timeline.json`
- `renders/ecc-2-primary-launch-rough-v1.mp4`
- `renders/ecc-2-primary-launch-rough-v1.captions.srt`
- `segments/primary-launch-v1/01-structured-context.mp4`
- `segments/primary-launch-v1/02-agentic-harness-optimization.mp4`
- `segments/primary-launch-v1/03-not-another-harness.mp4`
- `segments/primary-launch-v1/04-agentic-ide-surface.mp4`
- `segments/primary-launch-v1/05-github-app-proof.mp4`
- `segments/primary-launch-v1/06-security-risk.mp4`
- `segments/primary-launch-v1/07-agentshield-proof.mp4`
- `segments/primary-launch-v1/08-oss-paid-model.mp4`
- `segments/primary-launch-v1/09-close-shipping-system.mp4`
## Publish-Candidate Outputs
The release validator also expects the current publish-candidate set under
`renders/publish-candidates/`. These are still local review files, not public
uploads or committed media.
| Output | Target |
| --- | --- |
| `ecc-2-primary-launch.mp4` | 90-150s, 1920x1080, audio |
| `ecc-2-primary-launch.captions.srt` | primary captions |
| `ecc-2-install-proof-wide.mp4` | 25-35s, 1920x1080, audio |
| `ecc-2-install-proof-vertical.mp4` | 25-35s, 1080x1920, audio |
| `ecc-2-what-is-ecc-wide.mp4` | 45-60s, 1920x1080, audio |
| `ecc-2-what-is-ecc-vertical.mp4` | 45-60s, 1080x1920, audio |
| `ecc-2-security-proof-wide.mp4` | 45-60s, 1920x1080, audio |
| `ecc-2-security-proof-vertical.mp4` | 45-60s, 1080x1920, audio |
| `ecc-2-money-proof-wide.mp4` | 30-45s, 1920x1080, audio |
| `ecc-2-money-proof-vertical.mp4` | 30-45s, 1080x1920, audio |
| `ecc-2-social-proof-wide.mp4` | 30-45s, 1920x1080, audio |
| `ecc-2-social-proof-vertical.mp4` | 30-45s, 1080x1920, audio |
## video-use compatible workflow
Use the same production shape as Video Use while keeping the ECC-specific media
stack intact:
1. Treat transcript and timeline data as the editing surface.
2. Keep visual inspection on demand: filmstrips, waveform/timeline composites,
or frame samples only at ambiguous cut points.
3. Propose the edit strategy and EDL before rendering.
4. Cut deterministically with FFmpeg.
5. Add proof overlays with Remotion or Manim where product claims need visual
evidence.
6. Export the MP4 plus editable timeline and caption state.
7. Run cut-boundary, audio, caption, black-frame, and product-claim self-eval
before any upload or social post.
Do not dump frames into the repo. Frame samples used for self-eval belong in the
local release suite workspace.
## Browser Capture Plan
Use Browser or equivalent desktop capture only for proof footage that must be
current on release day:
| Surface | Capture |
| --- | --- |
| GitHub repo | README hero, install block, sponsor links, release notes |
| Codex plugin | repo marketplace install path and local plugin README |
| OpenCode package | package install and plugin banner |
| ECC Tools Pro | billing/product page only after live readback confirms claims |
| AgentShield | CLI output, policy category view, supply-chain gate |
| `ecc2/` | alpha control-plane/TUI surface with alpha framing |
If a surface is not live, use a local browser capture and label it as local or
release-candidate proof. Do not claim marketplace, billing, or official
directory availability before evidence exists.
## Self-Eval Gate
Run the validator:
```bash
ECC_VIDEO_SOURCE_ROOT=/path/to/ecc_2_raws \
ECC_VIDEO_RELEASE_SUITE_ROOT=/path/to/ecc_2_release_suite \
npm run release:video-suite -- --format json
```
Then manually check the final render for:
- validator self-eval passes for the primary render: 90-150 seconds, at least
1280x720, video stream present, audio stream present, and non-empty output;
- validator self-eval passes for the publish-candidate set: primary MP4 plus
captions and five short clips in both wide and vertical formats;
- validator visual QA reports zero detected black-frame segments for every
publish-candidate MP4;
- no blank frames or accidental desktop exposure;
- no stale repo name, pivot, rename, or Claude-only framing in captions;
- no captions that rewrite speech into a false claim;
- no stale URLs, old install commands, or pre-rename repository links;
- no internal MRR numbers unless the post explicitly needs them;
- audio continuity across every cut;
- first 10 seconds clearly say what ECC is;
- final CTA routes to repo, sponsor, Pro, or consulting without clutter.
## Do Not Publish If
- `npm run release:video-suite` is not ready for the local source roots.
- The primary launch render is outside the 90-150 second target.
- Captions mention the old repository name.
- Product proof relies on private screens, secrets, customer data, or raw local
paths.
- The release URL, npm, plugin, billing, or marketplace claims outrun the
evidence in `publication-readiness.md`.

9
docs/releases/2.0.0-rc.1/x-thread.md
View File

@@ -71,13 +71,10 @@ The deeper local integrations stay local until they are sanitized, and publicati
11/ Start here:
Repo:
<https://github.com/affaan-m/ECC>
<https://github.com/affaan-m/everything-claude-code>
Hermes x ECC setup:
<https://github.com/affaan-m/ECC/blob/main/docs/HERMES-SETUP.md>
<https://github.com/affaan-m/everything-claude-code/blob/main/docs/HERMES-SETUP.md>
12/ Release notes:
<https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md>
URL ledger:
<https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md>
<https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md>

179
docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md
View File

@@ -1,179 +0,0 @@
# ECC 2.0 Hypergrowth Release Command Center
Snapshot date: 2026-05-19.
This is the execution map for turning ECC 2.0 into a complete public release,
partner funnel, sponsor funnel, consulting surface, and content launch. It is
written for operators. Use it to decide what ships, what gets announced, and
what stays blocked until evidence exists.
## Release Claim
ECC 2.0 is the harness-native operator system for agentic work.
The public proof must show the actual system:
- reusable skills, rules, hooks, MCP conventions, and release gates;
- Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and
terminal-only workflows as supported execution surfaces;
- `ecc2/` as the alpha control-plane/TUI direction;
- Hermes as the optional operator shell for chat, cron, handoffs, and daily
work routing;
- ECC Tools Pro, GitHub Sponsors, and consulting as the business surface that
funds the OSS layer.
Avoid language that frames this as a rename or a retreat from the old project.
The release copy should show the 2.0 product shape directly.
## Current Growth Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | `$1,728/mo` | `$10,000/mo` | `$8,272/mo` |
| Sponsor motion | Active GitHub Sponsors plus open inbound | Repeatable sponsor close loop | Approval-gated outbound |
| Consulting motion | Open, non-primary | Partner-ready packages | Public proof, talks, and intake |
| Content motion | Release video publish candidates ready | Weekly launch clips and founder proof | Owner approval, upload, and public URLs |
| Community motion | Discord exists | Useful coding/operator community | Invite, channels, pins, moderation |
MRR growth should come from four lanes at once:
- GitHub Sponsors and OSS partner sponsors;
- ECC Tools Pro subscriptions;
- consulting and implementation contracts;
- talks, podcasts, conference demos, and partner webinars that create inbound.
## Second Hypergrowth Phase
The release should behave like a proof engine, not a name-change announcement.
Every public surface should make the product obvious in the first screen,
clip, paragraph, or demo:
| Workstream | Public proof | Revenue path |
| --- | --- | --- |
| Product category | ECC as the harness-native operator system, not a Claude-only config pack | Converts confused OSS traffic into install, Pro, and sponsor intent |
| Harness coverage | Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows shown as execution surfaces | Partner conversations with tools, IDEs, model providers, and platform teams |
| Control plane | `ecc2/` alpha dashboard/status/session surface and Hermes operator shell clearly framed as directionally live | Consulting and team implementation sprints |
| Enterprise trust | AgentShield, supply-chain, release, observability, and CI gates shown as repeatable evidence | Security vendors, code-review vendors, platform sponsors, and enterprise pilots |
| Media engine | Primary launch video, five proof clips, browser captures, transcripts, EDLs, captions, and editable timelines | Social reach, podcast/talk booking, sponsor proof, partner demos |
| Community funnel | GitHub Discussions, Discord once approved, sponsor tiers, Pro, and consulting CTAs routed without clutter | Repeatable inbound, not one-off launch spikes |
The operating rhythm after launch should be weekly:
1. one product proof clip;
2. one security or release-discipline proof clip;
3. one partner/sponsor/talk outreach batch after owner approval;
4. one public discussion or community prompt;
5. one measurable funnel readback covering repo traffic, sponsor clicks, Pro
conversions, MRR movement, and inbound replies.
## Release Gates
| Lane | Done when | Current action |
| --- | --- | --- |
| Repo identity | README, package metadata, plugin metadata, release docs, workflows, and launch copy all use `affaan-m/ECC` where public URLs are needed | Canonical URL sweep |
| Package and plugin publication | `ecc-universal@2.0.0-rc.1` dry-runs clean, npm `next` is approved, Claude plugin tag dry-runs, Codex repo marketplace smoke passes, OpenCode build passes | Refresh publication evidence from final commit |
| Product proof | Quickstart, cross-harness architecture, demo prompts, `ecc2/` alpha boundary, AgentShield safety proof, and hosted ECC Tools links are consistent | Keep proof surfaces concrete |
| Revenue proof | Sponsor tiers, Pro pricing, consulting CTA, partner CTA, and billing-readback language are current | Do not announce billing claims before live readback |
| Content proof | Launch video, short-form clips, screenshots, release notes, GitHub Discussion, X, LinkedIn, and longform post are aligned | Pick final video cuts, upload after approval, and attach public URLs |
| Community proof | Discord invite, rules, channels, onboarding, and sponsor/community routing are ready | Needs invite/token decision before public links |
## Video Suite
The video lane should use the existing ECC video-editing skill plus the
`browser-use/video-use` model where useful: transcript as the editing surface,
strategy approval before render, deterministic cuts, timeline/project output
when available, and self-eval before publication.
Reference pattern: <https://github.com/browser-use/video-use>
Primary source classes already exist in the local ECC media library. Keep raw
absolute paths out of public docs; use basenames or a private production
manifest when handing work to an editor or agent.
| Deliverable | Length | Source material | Proof goal |
| --- | ---: | --- | --- |
| Primary launch video | 90-150s | `longform-full-wide.mp4`, `sf-longform-full.mp4`, `architecture-2-wide.mp4`, `terminal-scan-2-wide.mp4`, `new_site_raw.mp4` | ECC 2.0 as the operator system |
| Install proof | 30s | README install, terminal scan, quickstart, plugin install | Fewer-click adoption |
| What is ECC | 45-60s | `sf-thread-2-whatisecc.mp4`, `vertical-2-whatisecc.mp4`, `architecture-2-*` | Product category clarity |
| Security proof | 45-60s | `sf-thread-4-security.mp4`, AgentShield evidence, supply-chain gates | Enterprise trust |
| Money/proof clip | 30-45s | `thread-2-ghapp-money.mp4`, `metrics-ticker-2-*`, `gh_app_*.png` | Sponsor, Pro, and partner credibility |
| Coverage/social proof | 30-45s | `coverage-montage-wide.mp4`, `100k.png`, `star_history.png`, `x_analytics.png`, coverage screenshots | Distribution leverage |
Production steps:
1. Generate transcripts for the longform and shortform raw clips.
2. Build an edit decision list with hook, proof, demo, business CTA, and final
CTA segments.
3. Cut deterministically with FFmpeg.
4. Add overlays and data motion in Remotion or Manim.
5. Add captions, light color correction, audio normalization, and platform
reframes.
6. Run a self-eval pass for blank frames, bad captions, jump cuts, weak hook,
missing product proof, and stale URLs.
7. Export final MP4s plus the editable timeline/project state.
## Distribution Plan
| Channel | Asset | CTA |
| --- | --- | --- |
| GitHub Release | release notes, quickstart, launch video, sponsor link | star, install, sponsor |
| GitHub Discussion | short announcement and proof bullets | questions, feedback, sponsors |
| X | launch thread, 30s install clip, proof clips | repo, sponsor, Pro |
| LinkedIn | partner-friendly product proof, consulting CTA | sponsors, consulting, talks |
| YouTube/Shorts/Reels/TikTok | primary launch video and clips | repo, site, newsletter/community |
| Podcasts/talks | one-page pitch, demo outline, founder proof | bookings, partners |
| Sponsor outbound | direct sponsor note and tier table | GitHub Sponsors or Pro |
The source of truth for sponsor, partner, consulting, conference, podcast, and
GitHub Discussion copy is
`docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md`.
The source of truth for owner approval across release, package, plugin, video,
billing, social, and outbound actions is
`docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md`.
## Copy Rules
Use direct product language:
- `ECC 2.0 is the harness-native operator system for agentic work.`
- `One reusable layer across Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows.`
- `OSS stays free. Sponsors and Pro fund the work.`
- `Use ECC for skills, hooks, rules, MCP conventions, release gates, and operator workflows.`
Avoid:
- `we renamed the repo`;
- `pivot`;
- legacy config-pack framing;
- `Claude-only`;
- generic founder-journey language;
- claims about billing, marketplace payments, or official directory listings
before live evidence exists.
## First Build Order
1. Land the public repo identity fixes.
2. Refresh package, plugin, workflow, release, and launch-copy URLs.
3. Record final publication evidence from the exact release commit.
4. Keep the video suite manifest, transcripts, publish candidates, and visual QA
current with `npm run release:video-suite -- --format json`.
5. Browser-capture the README, ECC Tools app, install flow, and relevant proof
surfaces for b-roll.
6. Choose the owner-approved primary launch video and five short clips, then
upload and attach final public URLs.
7. Finalize GitHub release, X thread, LinkedIn post, Discussion announcement,
sponsor email copy, consulting intro, partner DM, and podcast/talk pitch.
8. Publish only after npm, plugin, release URL, and billing-readback gates are
either live or explicitly marked blocked.
## Owner Approvals
These actions need a human approval or credential before they move:
- sending annual-upgrade or sponsor emails;
- updating LinkedIn profile text;
- wiring Discord with a bot token and guild ID;
- publishing npm or creating plugin tags;
- announcing billing/native payments;
- sending partner, consulting, conference, podcast, or sponsor outreach;
- posting final social copy from personal accounts.

7
docs/security/supply-chain-incident-response.md
View File

@@ -26,9 +26,8 @@ credentials:
with historical malicious `node-ipc` versions also blocked by ECC because
they carried destructive or unauthorized file-writing behavior.
- The live IOC set includes persistence through Claude Code
`.claude/settings.json`, VS Code `.vscode/tasks.json`, Zed
`.zed/tasks.json`, and OS-level `gh-token-monitor` LaunchAgent/systemd
services. Some variants add
`.claude/settings.json`, VS Code `.vscode/tasks.json`, and OS-level
`gh-token-monitor` LaunchAgent/systemd services. Some variants add
`~/.config/gh-token-monitor/token` plus a dead-man-switch token description
`IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner`, malicious workflow
files such as `.github/workflows/codeql_analysis.yml`, and Python runtime
@@ -180,7 +179,7 @@ Escalate to a maintainer security review before any release or merge if:
- a dependency lockfile references a package named in an active advisory;
- `node scripts/ci/scan-supply-chain-iocs.js --home` finds Claude Code,
VS Code, Zed, or OS-level persistence indicators;
VS Code, or OS-level persistence indicators;
- a workflow combines `pull_request_target` with dependency installation,
cache restore/save, PR-head checkout, or write permissions;
- a release workflow combines `id-token: write` with shared cache usage;

18
docs/stale-pr-salvage-ledger.md
View File

@@ -108,24 +108,6 @@ porting.
| #1682/#1701 | Strategic compact hook-path fixes were merged directly or superseded by current docs fixes. |
| JARVIS #4/#5/#6 | Stale failing dependency-only PRs; future dependency state should be regenerated by Dependabot. |
## 2026-05-18 Owner-Wide Queue Cleanup
The ECC release repos were already clean, but an owner-wide `gh search` sweep
found stale queues in older public/private projects. The cleanup closed 24
stale dependency-bot PRs and 72 stale legacy payments/0EM roadmap issues,
then closed the final 9 stale/generated/conflicting/test PRs and 5
legacy/outreach/placeholder issues. The `affaan-m` owner namespace is now at 0
open PRs and 0 open issues by live `gh search`. The detailed before/after
evidence and final queue disposition are recorded in
`docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md`.
| Scope | Disposition |
| --- | --- |
| Dependabot PRs in `stoictradingAI`, `Behavioral_RL`, `dprc-autotrader-v2`, `x-algorithm-score`, `polycule-secure`, and `pragmAItism_defAInce` | Skipped as stale generated dependency bumps; regenerate from current base if still needed. |
| Legacy issues in `payments0-api`, `payments0-sdk`, `agent-payments-gateway`, `0EM_Frontend`, `0em-payments-dashboard`, and `yield-optimizer` | Superseded by ECC Tools native-payments, hosted analysis, billing-readback, and Linear/project roadmap lanes. |
| Archived repos touched for PR closure | `stoictradingAI`, `dprc-autotrader-v2`, `polycule-secure`, and `pragmAItism_defAInce` were restored to archived state after stale PR closure. |
| Final PR/issue sweep | Closed the remaining generated ECC bundles, stale Cloudflare rename PRs, stale README-card PR, test/noise PR, public outreach issues, and empty placeholder issue. Preserved `dexploy#25` findings in Linear `ITO-62` before closure. |
## Skipped
| Source PR | Reason |

4
docs/zh-CN/AGENTS.md
View File

@@ -1,6 +1,6 @@
# Everything Claude Code (ECC) — 智能体指令
这是一个**生产就绪的 AI 编码插件**,提供 60 个专业代理、232 项技能、75 条命令以及自动化钩子工作流,用于软件开发。
这是一个**生产就绪的 AI 编码插件**,提供 60 个专业代理、230 项技能、75 条命令以及自动化钩子工作流,用于软件开发。
**版本:** 2.0.0-rc.1
@@ -147,7 +147,7 @@
```
agents/ — 60 个专业子代理
skills/ — 232 个工作流技能和领域知识
skills/ — 230 个工作流技能和领域知识
commands/ — 75 个斜杠命令
hooks/ — 基于触发的自动化
rules/ — 始终遵循的指导方针(通用 + 每种语言)

6
docs/zh-CN/README.md
View File

@@ -224,7 +224,7 @@ Copy-Item -Recurse rules/typescript "$HOME/.claude/rules/"
/plugin list ecc@ecc
```
**搞定!** 你现在可以使用 60 个智能体、232 项技能和 75 个命令了。
**搞定!** 你现在可以使用 60 个智能体、230 项技能和 75 个命令了。
***
@@ -1138,7 +1138,7 @@ opencode
|---------|-------------|----------|--------|
| 智能体 | PASS: 60 个 | PASS: 12 个 | **Claude Code 领先** |
| 命令 | PASS: 75 个 | PASS: 35 个 | **Claude Code 领先** |
| 技能 | PASS: 232 项 | PASS: 37 项 | **Claude Code 领先** |
| 技能 | PASS: 230 项 | PASS: 37 项 | **Claude Code 领先** |
| 钩子 | PASS: 8 种事件类型 | PASS: 11 种事件 | **OpenCode 更多!** |
| 规则 | PASS: 29 条 | PASS: 13 条指令 | **Claude Code 领先** |
| MCP 服务器 | PASS: 14 个 | PASS: 完整 | **完全对等** |
@@ -1246,7 +1246,7 @@ ECC 是**第一个最大化利用每个主要 AI 编码工具的插件**。以
|---------|------------|------------|-----------|----------|
| **智能体** | 60 | 共享 (AGENTS.md) | 共享 (AGENTS.md) | 12 |
| **命令** | 75 | 共享 | 基于指令 | 35 |
| **技能** | 232 | 共享 | 10 (原生格式) | 37 |
| **技能** | 230 | 共享 | 10 (原生格式) | 37 |
| **钩子事件** | 8 种类型 | 15 种类型 | 暂无 | 11 种类型 |
| **钩子脚本** | 20+ 个脚本 | 16 个脚本 (DRY 适配器) | N/A | 插件钩子 |
| **规则** | 34 (通用 + 语言) | 34 (YAML 前页) | 基于指令 | 13 条指令 |

2
ecc2/Cargo.toml
View File

@@ -5,7 +5,7 @@ edition = "2021"
description = "ECC 2.0 — Agentic IDE control plane with TUI dashboard"
license = "MIT"
authors = ["Affaan Mustafa <me@affaanmustafa.com>"]
repository = "https://github.com/affaan-m/ECC"
repository = "https://github.com/affaan-m/everything-claude-code"
[features]
default = ["vendored-openssl"]

2
eslint.config.js
View File

@@ -3,7 +3,7 @@ const globals = require('globals');
module.exports = [
{
ignores: ['.opencode/dist/**', '.cursor/**', 'node_modules/**', '.venv/**', 'venv/**', 'coverage/**']
ignores: ['.opencode/dist/**', '.cursor/**', 'node_modules/**']
},
js.configs.recommended,
{

42
hooks/hooks.json
View File

@@ -7,7 +7,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/pre-bash-dispatcher.js"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/pre-bash-dispatcher.js"
}
],
"description": "Consolidated Bash preflight dispatcher for quality, tmux, push, and GateGuard checks",
@@ -18,7 +18,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:write:doc-file-warning scripts/hooks/doc-file-warning.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:write:doc-file-warning scripts/hooks/doc-file-warning.js standard,strict"
}
],
"description": "Doc file warning: warn about non-standard documentation files (exit code 0; warns only)",
@@ -29,7 +29,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:suggest-compact scripts/hooks/suggest-compact.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:suggest-compact scripts/hooks/suggest-compact.js standard,strict"
}
],
"description": "Suggest manual compaction at logical intervals",
@@ -40,7 +40,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:observe scripts/hooks/observe-runner.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplace\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplace\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:observe scripts/hooks/observe-runner.js standard,strict",
"async": true,
"timeout": 10
}
@@ -53,7 +53,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:governance-capture scripts/hooks/governance-capture.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:governance-capture scripts/hooks/governance-capture.js standard,strict",
"timeout": 10
}
],
@@ -65,7 +65,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:config-protection scripts/hooks/config-protection.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:config-protection scripts/hooks/config-protection.js standard,strict",
"timeout": 5
}
],
@@ -77,7 +77,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
}
],
"description": "Check MCP server health before MCP tool execution and block unhealthy MCP calls",
@@ -88,7 +88,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:gateguard-fact-force scripts/hooks/gateguard-fact-force.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:gateguard-fact-force scripts/hooks/gateguard-fact-force.js standard,strict",
"timeout": 5
}
],
@@ -102,7 +102,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:compact scripts/hooks/pre-compact.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:compact scripts/hooks/pre-compact.js standard,strict"
}
],
"description": "Save state before context compaction",
@@ -115,7 +115,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/session-start-bootstrap.js"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/session-start-bootstrap.js"
}
],
"description": "Load previous context and detect package manager on new session",
@@ -128,7 +128,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/post-bash-dispatcher.js",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/post-bash-dispatcher.js",
"async": true,
"timeout": 30
}
@@ -141,7 +141,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:quality-gate scripts/hooks/quality-gate.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:quality-gate scripts/hooks/quality-gate.js standard,strict",
"async": true,
"timeout": 30
}
@@ -154,7 +154,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:design-quality-check scripts/hooks/design-quality-check.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:design-quality-check scripts/hooks/design-quality-check.js standard,strict",
"timeout": 10
}
],
@@ -166,7 +166,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:accumulate scripts/hooks/post-edit-accumulator.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:accumulate scripts/hooks/post-edit-accumulator.js standard,strict"
}
],
"description": "Record edited JS/TS file paths for batch format+typecheck at Stop time",
@@ -177,7 +177,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:console-warn scripts/hooks/post-edit-console-warn.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:console-warn scripts/hooks/post-edit-console-warn.js standard,strict"
}
],
"description": "Warn about console.log statements after edits",
@@ -188,7 +188,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:governance-capture scripts/hooks/governance-capture.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:governance-capture scripts/hooks/governance-capture.js standard,strict",
"timeout": 10
}
],
@@ -200,7 +200,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:session-activity-tracker scripts/hooks/session-activity-tracker.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:session-activity-tracker scripts/hooks/session-activity-tracker.js standard,strict",
"timeout": 10
}
],
@@ -212,7 +212,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:observe scripts/hooks/observe-runner.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplace\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplace\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:observe scripts/hooks/observe-runner.js standard,strict",
"async": true,
"timeout": 10
}
@@ -225,7 +225,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-metrics-bridge scripts/hooks/ecc-metrics-bridge.js minimal,standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-metrics-bridge scripts/hooks/ecc-metrics-bridge.js minimal,standard,strict",
"timeout": 10
}
],
@@ -237,7 +237,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-context-monitor scripts/hooks/ecc-context-monitor.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-context-monitor scripts/hooks/ecc-context-monitor.js standard,strict",
"timeout": 10
}
],
@@ -251,7 +251,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
}
],
"description": "Track failed MCP tool calls, mark unhealthy servers, and attempt reconnect",

64
manifests/install-components.json
View File

@@ -525,70 +525,6 @@
"modules": [
"machine-learning"
]
},
{
"id": "locale:ja",
"family": "locale",
"description": "Japanese (ja-JP) translated reference docs installed to ~/.claude/docs/ja-JP/.",
"modules": [
"docs-ja-jp"
]
},
{
"id": "locale:zh-cn",
"family": "locale",
"description": "Simplified Chinese (zh-CN) translated reference docs installed to ~/.claude/docs/zh-CN/.",
"modules": [
"docs-zh-cn"
]
},
{
"id": "locale:ko-kr",
"family": "locale",
"description": "Korean (ko-KR) translated reference docs installed to ~/.claude/docs/ko-KR/.",
"modules": [
"docs-ko-kr"
]
},
{
"id": "locale:pt-br",
"family": "locale",
"description": "Brazilian Portuguese (pt-BR) translated reference docs installed to ~/.claude/docs/pt-BR/.",
"modules": [
"docs-pt-br"
]
},
{
"id": "locale:ru",
"family": "locale",
"description": "Russian (ru) translated reference docs installed to ~/.claude/docs/ru/.",
"modules": [
"docs-ru"
]
},
{
"id": "locale:tr",
"family": "locale",
"description": "Turkish (tr) translated reference docs installed to ~/.claude/docs/tr/.",
"modules": [
"docs-tr"
]
},
{
"id": "locale:vi-vn",
"family": "locale",
"description": "Vietnamese (vi-VN) translated reference docs installed to ~/.claude/docs/vi-VN/.",
"modules": [
"docs-vi-vn"
]
},
{
"id": "locale:zh-tw",
"family": "locale",
"description": "Traditional Chinese (zh-TW) translated reference docs installed to ~/.claude/docs/zh-TW/.",
"modules": [
"docs-zh-tw"
]
}
]
}

150
manifests/install-modules.json
View File

@@ -10,7 +10,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codebuddy",
@@ -34,7 +33,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -57,7 +55,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"opencode",
@@ -82,7 +79,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"opencode",
"codebuddy"
@@ -110,7 +106,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -182,7 +177,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -216,7 +210,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -262,7 +255,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -302,7 +294,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -335,7 +326,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -370,7 +360,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -413,7 +402,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -440,7 +428,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -462,7 +449,6 @@
"kind": "skills",
"description": "Media generation, technical explainers, and AI-assisted editing skills.",
"paths": [
"skills/blender-motion-state-inspection",
"skills/fal-ai-media",
"skills/manim-video",
"skills/remotion-video-creation",
@@ -472,7 +458,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"codex",
"opencode",
@@ -504,7 +489,6 @@
],
"targets": [
"claude",
"claude-project",
"codex",
"opencode"
],
@@ -530,7 +514,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -575,7 +558,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -609,7 +591,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -635,7 +616,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -672,7 +652,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -699,7 +678,6 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -715,134 +693,6 @@
"defaultInstall": false,
"cost": "medium",
"stability": "stable"
},
{
"id": "docs-ja-jp",
"kind": "docs",
"description": "Japanese (ja-JP) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/ja-JP"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-zh-cn",
"kind": "docs",
"description": "Simplified Chinese (zh-CN) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/zh-CN"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-ko-kr",
"kind": "docs",
"description": "Korean (ko-KR) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/ko-KR"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-pt-br",
"kind": "docs",
"description": "Brazilian Portuguese (pt-BR) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/pt-BR"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-ru",
"kind": "docs",
"description": "Russian (ru) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/ru"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-tr",
"kind": "docs",
"description": "Turkish (tr) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/tr"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-vi-vn",
"kind": "docs",
"description": "Vietnamese (vi-VN) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/vi-VN"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
},
{
"id": "docs-zh-tw",
"kind": "docs",
"description": "Traditional Chinese (zh-TW) translated reference docs for agents, commands, skills, and rules.",
"paths": [
"docs/zh-TW"
],
"targets": [
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
"cost": "heavy",
"stability": "stable"
}
]
}

40
package-lock.json generated
View File

@@ -21,7 +21,7 @@
"devDependencies": {
"@eslint/js": "^9.39.2",
"@opencode-ai/plugin": "^1.0.0",
"@types/node": "25.7.0",
"@types/node": "^25.8.0",
"c8": "^11.0.0",
"eslint": "^9.39.2",
"globals": "^17.4.0",
@@ -398,13 +398,13 @@
"license": "MIT"
},
"node_modules/@types/node": {
"version": "25.7.0",
"resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
"integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
"version": "25.8.0",
"resolved": "https://registry.npmjs.org/@types/node/-/node-25.8.0.tgz",
"integrity": "sha512-TCFSk8IZh+iLX1xtksoBVtdmgL+1IX0fC9BeU4QqFSuNdN/K+HUlhqOzEmSYYpZUVsLYcPqc9KX+60iDuninSQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"undici-types": "~7.21.0"
"undici-types": ">=7.24.0 <7.24.7"
}
},
"node_modules/@types/unist": {
@@ -497,9 +497,9 @@
"license": "MIT"
},
"node_modules/brace-expansion": {
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"version": "1.1.13",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -1210,9 +1210,9 @@
}
},
"node_modules/glob/node_modules/brace-expansion": {
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -1680,9 +1680,9 @@
}
},
"node_modules/markdownlint-cli/node_modules/brace-expansion": {
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2666,9 +2666,9 @@
}
},
"node_modules/test-exclude/node_modules/brace-expansion": {
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2745,9 +2745,9 @@
"dev": true
},
"node_modules/undici-types": {
"version": "7.21.0",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
"integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
"version": "7.24.6",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.24.6.tgz",
"integrity": "sha512-WRNW+sJgj5OBN4/0JpHFqtqzhpbnV0GuB+OozA9gCL7a993SmU+1JBZCzLNxYsbMfIeDL+lTsphD5jN5N+n0zg==",
"dev": true,
"license": "MIT"
},

25
package.json
View File

@@ -1,7 +1,7 @@
{
"name": "ecc-universal",
"version": "2.0.0-rc.1",
"description": "Harness-native agent operating system for Claude Code, Codex, OpenCode, Cursor, Gemini, and terminal workflows - skills, hooks, rules, MCP conventions, and operator control-plane patterns",
"description": "Complete collection of battle-tested Claude Code configs — agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use by an Anthropic hackathon winner",
"publishConfig": {
"access": "public"
},
@@ -34,11 +34,11 @@
"license": "MIT",
"repository": {
"type": "git",
"url": "git+https://github.com/affaan-m/ECC.git"
"url": "git+https://github.com/affaan-m/everything-claude-code.git"
},
"homepage": "https://github.com/affaan-m/ECC#readme",
"homepage": "https://github.com/affaan-m/everything-claude-code#readme",
"bugs": {
"url": "https://github.com/affaan-m/ECC/issues"
"url": "https://github.com/affaan-m/everything-claude-code/issues"
},
"files": [
".agents/",
@@ -56,14 +56,6 @@
"agent.yaml",
"agents/",
"commands/",
"docs/ja-JP/",
"docs/ko-KR/",
"docs/pt-BR/",
"docs/ru/",
"docs/tr/",
"docs/vi-VN/",
"docs/zh-CN/",
"docs/zh-TW/",
"hooks/",
"install.ps1",
"install.sh",
@@ -89,8 +81,6 @@
"scripts/operator-readiness-dashboard.js",
"scripts/platform-audit.js",
"scripts/preview-pack-smoke.js",
"scripts/release-approval-gate.js",
"scripts/release-video-suite.js",
"scripts/hooks/",
"scripts/install-apply.js",
"scripts/install-plan.js",
@@ -124,7 +114,6 @@
"skills/automation-audit-ops/",
"skills/autonomous-loops/",
"skills/backend-patterns/",
"skills/blender-motion-state-inspection/",
"skills/blueprint/",
"skills/brand-voice/",
"skills/carrier-relationship-management/",
@@ -301,7 +290,7 @@
"ecc-install": "scripts/install-apply.js"
},
"scripts": {
"postinstall": "echo '\\n ecc-universal installed!\\n Run: npx ecc typescript\\n Compat: npx ecc-install typescript\\n Docs: https://github.com/affaan-m/ECC\\n'",
"postinstall": "echo '\\n ecc-universal installed!\\n Run: npx ecc typescript\\n Compat: npx ecc-install typescript\\n Docs: https://github.com/affaan-m/everything-claude-code\\n'",
"catalog:check": "node scripts/ci/catalog.js --text",
"catalog:sync": "node scripts/ci/catalog.js --write --text",
"command-registry:generate": "node scripts/ci/generate-command-registry.js",
@@ -313,8 +302,6 @@
"observability:ready": "node scripts/observability-readiness.js",
"operator:dashboard": "node scripts/operator-readiness-dashboard.js",
"preview-pack:smoke": "node scripts/preview-pack-smoke.js",
"release:approval-gate": "node scripts/release-approval-gate.js",
"release:video-suite": "node scripts/release-video-suite.js",
"platform:audit": "node scripts/platform-audit.js",
"discussion:audit": "node scripts/discussion-audit.js",
"security:ioc-scan": "node scripts/ci/scan-supply-chain-iocs.js",
@@ -337,7 +324,7 @@
"devDependencies": {
"@eslint/js": "^9.39.2",
"@opencode-ai/plugin": "^1.0.0",
"@types/node": "25.7.0",
"@types/node": "^25.8.0",
"c8": "^11.0.0",
"eslint": "^9.39.2",
"globals": "^17.4.0",

1
schemas/ecc-install-config.schema.json
View File

@@ -19,7 +19,6 @@
"type": "string",
"enum": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",

5
schemas/install-components.schema.json
View File

@@ -26,7 +26,7 @@
"properties": {
"id": {
"type": "string",
"pattern": "^(baseline|lang|framework|capability|agent|skill|locale):[a-z0-9-]+$"
"pattern": "^(baseline|lang|framework|capability|agent|skill):[a-z0-9-]+$"
},
"family": {
"type": "string",
@@ -36,8 +36,7 @@
"framework",
"capability",
"agent",
"skill",
"locale"
"skill"
]
},
"description": {

4
schemas/install-modules.schema.json
View File

@@ -26,8 +26,7 @@
"hooks",
"platform",
"orchestration",
"skills",
"docs"
"skills"
]
},
"description": {
@@ -49,7 +48,6 @@
"type": "string",
"enum": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",

26
scripts/ci/check-unicode-safety.js
View File

@@ -114,31 +114,7 @@ function isDangerousInvisibleCodePoint(codePoint) {
(codePoint >= 0x202A && codePoint <= 0x202E) ||
(codePoint >= 0x2066 && codePoint <= 0x2069) ||
(codePoint >= 0xFE00 && codePoint <= 0xFE0F) ||
(codePoint >= 0xE0100 && codePoint <= 0xE01EF) ||
// Unicode Tag block (U+E0000U+E007F). Tag characters were proposed
// for language tagging in Unicode 3.1 and have been deprecated since
// Unicode 5.1, so no legitimate text uses them. They are the canonical
// vector for "ASCII smuggling" / "Tag smuggling" prompt injection:
// an attacker hides instructions inside ASCII-looking strings (PR
// bodies, SKILL.md, frontmatter), the LLM consumes the tag bytes,
// and the human reviewer sees nothing.
(codePoint >= 0xE0000 && codePoint <= 0xE007F) ||
// U+180E MONGOLIAN VOWEL SEPARATOR — formerly classified as a space
// separator, reclassified as a format control in Unicode 6.3; renders
// as zero-width and routinely abused for homograph / smuggling.
codePoint === 0x180E ||
// U+115F / U+1160 HANGUL CHOSEONG/JUNGSEONG FILLER — zero-width fillers
// used in Korean text shaping; abused as invisible characters.
codePoint === 0x115F ||
codePoint === 0x1160 ||
// U+2061U+2064 invisible math operators (FUNCTION APPLICATION,
// INVISIBLE TIMES, INVISIBLE SEPARATOR, INVISIBLE PLUS). Zero-width
// and not used outside math typesetting; legitimate Markdown / source
// does not contain them.
(codePoint >= 0x2061 && codePoint <= 0x2064) ||
// U+3164 HANGUL FILLER — zero-width filler reportedly used in Discord
// / Twitter smuggling attacks; not used in legitimate Korean text.
codePoint === 0x3164
(codePoint >= 0xE0100 && codePoint <= 0xE01EF)
);
}

65
scripts/ci/scan-supply-chain-iocs.js
View File

@@ -580,51 +580,12 @@ function addFinding(findings, severity, filePath, line, indicator, message) {
findings.push({ severity, filePath, line, indicator, message });
}
function isClaudeSettingsFile(filePath) {
const normalized = normalizedPath(filePath);
return /\/\.claude\/settings(?:\.local)?\.json$/.test(normalized);
}
function claudePermissionDenyRanges(filePath, text) {
if (!isClaudeSettingsFile(filePath)) return [];
let parsed;
try {
parsed = JSON.parse(text);
} catch {
return [];
}
const denyEntries = parsed?.permissions?.deny;
if (!Array.isArray(denyEntries)) return [];
const ranges = [];
for (const entry of denyEntries) {
if (typeof entry !== 'string' || entry.length === 0) continue;
for (const needle of [...new Set([JSON.stringify(entry), entry])]) {
let index = text.indexOf(needle);
while (index !== -1) {
ranges.push([index, index + needle.length]);
index = text.indexOf(needle, index + needle.length);
}
}
}
return ranges;
}
function indexInRanges(index, ranges) {
return ranges.some(([start, end]) => index >= start && index < end);
}
function scanFile(filePath, rootDir, findings) {
const base = path.basename(filePath);
const relativePath = path.relative(rootDir, filePath) || filePath;
const text = readText(filePath);
const lowerText = normalizeForMatch(text);
const hashFinding = MALICIOUS_FILE_HASHES[sha256File(filePath)];
const defensiveClaudeDenyRanges = claudePermissionDenyRanges(filePath, text);
if (hashFinding) {
addFinding(
@@ -660,22 +621,16 @@ function scanFile(filePath, rootDir, findings) {
}
for (const indicator of CRITICAL_TEXT_INDICATORS) {
const normalizedIndicator = normalizeForMatch(indicator);
let index = lowerText.indexOf(normalizedIndicator);
while (index !== -1) {
if (!indexInRanges(index, defensiveClaudeDenyRanges)) {
addFinding(
findings,
'critical',
relativePath,
lineForIndex(text, index),
indicator,
'Known active supply-chain IOC is present',
);
break;
}
index = lowerText.indexOf(normalizedIndicator, index + normalizedIndicator.length);
const index = lowerText.indexOf(normalizeForMatch(indicator));
if (index !== -1) {
addFinding(
findings,
'critical',
relativePath,
lineForIndex(text, index),
indicator,
'Known active supply-chain IOC is present',
);
}
}

10
scripts/ci/validate-install-manifests.js
View File

@@ -21,7 +21,6 @@ const COMPONENT_FAMILY_PREFIXES = {
language: 'lang:',
framework: 'framework:',
capability: 'capability:',
locale: 'locale:',
};
function readJson(filePath, label) {
@@ -164,12 +163,9 @@ function validateInstallManifests() {
if (profiles.full) {
const fullModules = new Set(profiles.full.modules);
for (const module of modules) {
if (module.kind === 'docs' && module.defaultInstall === false) {
continue;
}
if (!fullModules.has(module.id)) {
console.error(`ERROR: full profile is missing module ${module.id}`);
for (const moduleId of moduleIds) {
if (!fullModules.has(moduleId)) {
console.error(`ERROR: full profile is missing module ${moduleId}`);
hasErrors = true;
}
}

51
scripts/ci/validate-workflow-security.js
View File

@@ -21,31 +21,14 @@ const RULES = [
eventPattern: /\bpull_request_target\s*:/m,
description: 'pull_request_target must not checkout an untrusted pull_request head ref/repository',
expressionPattern: /\$\{\{\s*github\.event\.pull_request\.head\.(?:ref|sha|repo\.full_name)\s*\}\}/g,
// Even without the standard `github.event.pull_request.head.*` expression,
// a checkout under `pull_request_target` that fetches a `refs/pull/<N>/{head,merge}`
// ref pulls attacker-controlled code into a workflow with write-scoped
// tokens. GitHub's security guidance treats both forms equivalently;
// we match the ref value directly so any interpolation that resolves
// to such a ref (`refs/pull/${{ github.event.pull_request.number }}/merge`,
// a hardcoded `refs/pull/123/head`, a `${{ env.X }}` that the maintainer
// assumes is safe, etc.) trips the same rule.
refPattern: /^\s*ref:\s*['"]?[^'"\n]*refs\/(?:remotes\/)?pull\/[^'"\n\s]+/m,
},
];
const WRITE_PERMISSION_PATTERN = /^\s*(?:contents|issues|pull-requests|actions|checks|deployments|discussions|id-token|packages|pages|repository-projects|security-events|statuses):\s*write\b/m;
// `permissions: write-all` is GitHub Actions' shorthand for granting every
// scope write access. The named-scope pattern above misses it because there
// is no scope name on the left of the colon — just the literal `write-all`
// value at the permissions key. Treat both as equivalent for the purposes
// of the persist-credentials gate below. The optional single/double quotes
// match valid YAML `permissions: "write-all"` / `'write-all'` forms.
const WRITE_ALL_PATTERN = /^\s*permissions:\s*["']?write-all["']?\s*$/m;
const NPM_AUDIT_PATTERN = /\bnpm\s+audit\b(?!\s+signatures\b)/;
const NPM_AUDIT_SIGNATURES_PATTERN = /\bnpm\s+audit\s+signatures\b/;
const ACTIONS_CACHE_PATTERN = /uses:\s*['"]?actions\/cache@/m;
const ID_TOKEN_WRITE_PATTERN = /^\s*id-token:\s*write\b/m;
const TOP_LEVEL_JOBS_PATTERN = /^jobs:\s*$/m;
const UNSAFE_INSTALL_PATTERNS = [
{
pattern: /\bnpm\s+ci\b(?![^\n]*--ignore-scripts)/g,
@@ -122,8 +105,6 @@ function extractCheckoutSteps(source) {
function findViolations(filePath, source) {
const violations = [];
const checkoutSteps = extractCheckoutSteps(source);
const jobsIndex = source.search(TOP_LEVEL_JOBS_PATTERN);
const workflowHeader = jobsIndex >= 0 ? source.slice(0, jobsIndex) : source;
for (const rule of RULES) {
if (!rule.eventPattern.test(source)) {
@@ -131,13 +112,6 @@ function findViolations(filePath, source) {
}
for (const step of checkoutSteps) {
// Track whether the expression-based rule already produced a
// violation for this step. If it did, skip the refPattern fallback
// — a `refs/pull/${{ github.event.pull_request.head.sha }}/merge`
// value matches both patterns under the same rule, and the second
// push would print a duplicate ERROR line that says exactly the
// same thing with a different `expression:` echo.
let stepFlagged = false;
for (const match of step.text.matchAll(rule.expressionPattern)) {
violations.push({
filePath,
@@ -146,24 +120,11 @@ function findViolations(filePath, source) {
expression: match[0],
line: step.startLine + getLineNumber(step.text, match.index) - 1,
});
stepFlagged = true;
}
if (rule.refPattern && !stepFlagged) {
const refMatch = step.text.match(rule.refPattern);
if (refMatch) {
violations.push({
filePath,
event: rule.event,
description: rule.description,
expression: refMatch[0].trim(),
line: step.startLine + getLineNumber(step.text, refMatch.index) - 1,
});
}
}
}
}
if (WRITE_PERMISSION_PATTERN.test(source) || WRITE_ALL_PATTERN.test(source)) {
if (WRITE_PERMISSION_PATTERN.test(source)) {
for (const step of checkoutSteps) {
if (!/persist-credentials:\s*['"]?false['"]?\b/m.test(step.text)) {
violations.push({
@@ -178,16 +139,6 @@ function findViolations(filePath, source) {
}
if (ID_TOKEN_WRITE_PATTERN.test(workflowHeader)) {
violations.push({
filePath,
event: 'workflow-scoped id-token',
description: 'id-token: write must be scoped to a publish-only job, not the entire workflow',
expression: 'top-level id-token: write',
line: getLineNumber(source, source.search(ID_TOKEN_WRITE_PATTERN)),
});
}
for (const installRule of UNSAFE_INSTALL_PATTERNS) {
for (const match of source.matchAll(installRule.pattern)) {
violations.push({

2
scripts/discussion-audit.js
View File

@@ -11,7 +11,7 @@ const {
const SCHEMA_VERSION = 'ecc.discussion-audit.v1';
const DEFAULT_REPOS = Object.freeze([
'affaan-m/ECC',
'affaan-m/everything-claude-code',
'affaan-m/agentshield',
'affaan-m/JARVIS',
'ECC-Tools/ECC-Tools',

2
scripts/ecc.js
View File

@@ -130,7 +130,7 @@ Examples:
ecc sessions
ecc sessions session-active --json
ecc work-items upsert linear-ecc-20 --source linear --source-id ECC-20 --title "Review control-plane contract" --status blocked
ecc work-items sync-github --repo affaan-m/ECC
ecc work-items sync-github --repo affaan-m/everything-claude-code
ecc session-inspect claude:latest
ecc loop-status --json
ecc uninstall --target antigravity --dry-run

215
scripts/harness-audit.js
View File

@@ -12,53 +12,8 @@ const CATEGORIES = [
'Eval Coverage',
'Security Guardrails',
'Cost Efficiency',
'GitHub Integration',
'Vercel Integration',
'Netlify Integration',
'Cloudflare Integration',
'Fly Integration',
];
const RUBRIC_VERSION = '2026-05-19';
const PROVIDERS = {
Vercel: {
detect: (rootDir) =>
fileExists(rootDir, 'vercel.json') ||
fileExists(rootDir, '.vercel/project.json') ||
fileExists(rootDir, '.vercel'),
keyPattern: /vercel/i,
buildPattern: /vercel/i,
workflowPattern: /(vercel-action|vercel\s+(deploy|--prod))/i,
},
Netlify: {
detect: (rootDir) =>
fileExists(rootDir, 'netlify.toml') || fileExists(rootDir, '.netlify'),
keyPattern: /netlify/i,
buildPattern: /netlify/i,
workflowPattern: /(netlify\/actions|netlify\s+deploy)/i,
},
Cloudflare: {
detect: (rootDir) =>
fileExists(rootDir, 'wrangler.toml') || fileExists(rootDir, 'wrangler.jsonc'),
keyPattern: /\b(cloudflare|wrangler)\b/i,
buildPattern: /(wrangler|cloudflare)/i,
workflowPattern: /(cloudflare\/wrangler-action|wrangler\s+(deploy|publish))/i,
},
Fly: {
detect: (rootDir) => fileExists(rootDir, 'fly.toml'),
keyPattern: /fly[_-]?(api|io)/i,
buildPattern: /fly\s+(deploy|launch)/i,
workflowPattern: /(superfly\/flyctl-actions|flyctl\s+deploy|fly\s+deploy)/i,
},
};
function getApplicableProviders(rootDir) {
return Object.entries(PROVIDERS)
.filter(([_, spec]) => spec.detect(rootDir))
.map(([name]) => name);
}
function normalizeScope(scope) {
const value = (scope || 'repo').toLowerCase();
if (!['repo', 'hooks', 'skills', 'commands', 'agents'].includes(value)) {
@@ -652,172 +607,9 @@ function getRepoChecks(rootDir) {
pass: fileExists(rootDir, 'commands/model-route.md'),
fix: 'Add commands/model-route.md and route policies for cheap-default execution.',
},
...buildGithubChecks(rootDir),
];
}
// GitHub Integration is intentionally repo-scoped. Scoped audits such as hooks,
// skills, commands, and agents should keep reporting only that surface.
function buildGithubChecks(rootDir) {
return [
{
id: 'github-workflows',
category: 'GitHub Integration',
points: 3,
scopes: ['repo'],
path: '.github/workflows/',
description: 'GitHub Actions workflows are checked in',
pass: hasFileWithExtension(rootDir, '.github/workflows', ['.yml', '.yaml']),
fix: 'Add at least one workflow under .github/workflows/ so CI runs on every PR.',
},
{
id: 'github-pr-template',
category: 'GitHub Integration',
points: 2,
scopes: ['repo'],
path: '.github/PULL_REQUEST_TEMPLATE.md',
description: 'A pull request template is configured',
pass:
fileExists(rootDir, '.github/PULL_REQUEST_TEMPLATE.md') ||
fileExists(rootDir, '.github/pull_request_template.md'),
fix: 'Add .github/PULL_REQUEST_TEMPLATE.md so PR descriptions follow a consistent shape.',
},
{
id: 'github-issue-templates',
category: 'GitHub Integration',
points: 2,
scopes: ['repo'],
path: '.github/ISSUE_TEMPLATE/',
description: 'Issue templates are configured',
pass: hasFileWithExtension(rootDir, '.github/ISSUE_TEMPLATE', ['.md', '.yml', '.yaml']),
fix: 'Add at least one issue template under .github/ISSUE_TEMPLATE/.',
},
{
id: 'github-codeowners',
category: 'GitHub Integration',
points: 1,
scopes: ['repo'],
path: '.github/CODEOWNERS',
description: 'A CODEOWNERS file routes reviews',
pass:
fileExists(rootDir, 'CODEOWNERS') ||
fileExists(rootDir, '.github/CODEOWNERS') ||
fileExists(rootDir, 'docs/CODEOWNERS'),
fix: 'Add a CODEOWNERS file so PRs auto-request the right reviewers.',
},
{
id: 'github-dep-updates',
category: 'GitHub Integration',
points: 2,
scopes: ['repo'],
path: '.github/dependabot.yml',
description: 'Automated dependency updates are configured',
pass:
fileExists(rootDir, '.github/dependabot.yml') ||
fileExists(rootDir, '.github/dependabot.yaml') ||
fileExists(rootDir, 'renovate.json') ||
fileExists(rootDir, '.github/renovate.json') ||
fileExists(rootDir, '.renovaterc'),
fix: 'Add a Dependabot or Renovate config so dependency updates land automatically.',
},
];
}
function readAllWorkflowsText(rootDir) {
const dir = path.join(rootDir, '.github/workflows');
if (!fs.existsSync(dir)) {
return '';
}
const stack = [dir];
let combined = '';
while (stack.length > 0) {
const current = stack.pop();
const entries = fs.readdirSync(current, { withFileTypes: true });
for (const entry of entries) {
const nextPath = path.join(current, entry.name);
if (entry.isDirectory()) {
stack.push(nextPath);
} else if (entry.name.endsWith('.yml') || entry.name.endsWith('.yaml')) {
try {
combined += `${fs.readFileSync(nextPath, 'utf8')}\n`;
} catch (_error) {
// Ignore unreadable workflow files; the finding should stay deterministic.
}
}
}
}
return combined;
}
function buildProviderChecks(rootDir, provider, sharedContext) {
const spec = PROVIDERS[provider];
const packageJson = sharedContext.packageJson || {};
const scriptsText = Object.values(packageJson.scripts || {}).join('\n');
const category = `${provider} Integration`;
return [
{
id: `${provider.toLowerCase()}-config`,
category,
points: 3,
scopes: ['repo'],
path: `${provider} config`,
description: `${provider} deployment config is checked in`,
pass: spec.detect(rootDir),
fix: `Commit ${provider} configuration so deploys are reproducible from source.`,
},
{
id: `${provider.toLowerCase()}-build-script`,
category,
points: 2,
scopes: ['repo'],
path: 'package.json scripts',
description: `package.json scripts reference ${provider}`,
pass: spec.buildPattern.test(scriptsText),
fix: `Add a build or deploy script in package.json that runs ${provider}.`,
},
{
id: `${provider.toLowerCase()}-env-doc`,
category,
points: 2,
scopes: ['repo'],
path: '.env.example',
description: `${provider} env keys are documented in .env.example`,
pass: spec.keyPattern.test(sharedContext.envExample),
fix: `Document ${provider} environment variables in .env.example.`,
},
{
id: `${provider.toLowerCase()}-workflow-uses`,
category,
points: 3,
scopes: ['repo'],
path: '.github/workflows/',
description: `A GitHub workflow uses the ${provider} action or CLI`,
pass: spec.workflowPattern.test(sharedContext.workflowsText),
fix: `Reference the ${provider} action or CLI from a workflow under .github/workflows/.`,
},
];
}
function collectProviderChecks(rootDir, packageJson) {
const providers = getApplicableProviders(rootDir);
if (providers.length === 0) {
return [];
}
const sharedContext = {
packageJson: packageJson || {},
envExample: `${safeRead(rootDir, '.env.example')}\n${safeRead(rootDir, '.env.sample')}`,
workflowsText: readAllWorkflowsText(rootDir),
};
return providers.flatMap(provider => buildProviderChecks(rootDir, provider, sharedContext));
}
function getConsumerChecks(rootDir) {
const packageJson = safeParseJson(safeRead(rootDir, 'package.json'));
const gitignore = safeRead(rootDir, '.gitignore');
@@ -939,8 +731,6 @@ function getConsumerChecks(rootDir) {
pass: projectHooks.includes('PreToolUse') || projectHooks.includes('beforeSubmitPrompt') || fileExists(rootDir, '.claude/hooks.json'),
fix: 'Add project-local hook settings or hook definitions for prompt/tool guardrails.',
},
...buildGithubChecks(rootDir),
...collectProviderChecks(rootDir, packageJson),
];
}
@@ -974,7 +764,6 @@ function buildReport(scope, options = {}) {
const overallScore = checks
.filter(check => check.pass)
.reduce((sum, check) => sum + check.points, 0);
const applicableCategories = CATEGORIES.filter(name => categoryScores[name]?.max > 0);
const failedChecks = checks.filter(check => !check.pass);
const topActions = failedChecks
@@ -992,12 +781,10 @@ function buildReport(scope, options = {}) {
root_dir: rootDir,
target_mode: targetMode,
deterministic: true,
rubric_version: RUBRIC_VERSION,
rubric_version: '2026-03-30',
overall_score: overallScore,
max_score: maxScore,
categories: categoryScores,
applicable_categories: applicableCategories,
category_count: applicableCategories.length,
checks: checks.map(check => ({
id: check.id,
category: check.category,

24
scripts/hooks/ecc-context-monitor.js
View File

@@ -9,11 +9,10 @@
'use strict';
const crypto = require('crypto');
const fs = require('fs');
const os = require('os');
const path = require('path');
const { sanitizeSessionId, readBridge, renameWithRetry } = require('../lib/session-bridge');
const { sanitizeSessionId, readBridge } = require('../lib/session-bridge');
const CONTEXT_WARNING_PCT = 35;
const CONTEXT_CRITICAL_PCT = 25;
@@ -62,30 +61,15 @@ function readWarnState(sessionId) {
}
/**
* Write debounce state atomically (unique-suffix tmp then rename).
*
* The tmp path includes `process.pid` plus a random nonce so concurrent
* PostToolUse subprocesses writing to the same session's warn-state
* file do not clobber each other's tmp mid-write. Without the unique
* suffix, two writers race over a shared `${target}.tmp` and produce
* either a corrupted payload or an ENOENT throw on the second rename.
*
* Same pattern as `writeBridgeAtomic` in `scripts/lib/session-bridge.js`
* and `writeCostWarningIfChanged` in `scripts/hooks/ecc-metrics-bridge.js`.
*
* Write debounce state.
* @param {string} sessionId
* @param {object} state
*/
function writeWarnState(sessionId, state) {
const target = getWarnPath(sessionId);
const tmp = `${target}.${process.pid}.${crypto.randomBytes(4).toString('hex')}.tmp`;
const tmp = `${target}.tmp`;
fs.writeFileSync(tmp, JSON.stringify(state), 'utf8');
try {
renameWithRetry(tmp, target);
} catch (err) {
try { fs.unlinkSync(tmp); } catch { /* ignore */ }
throw err;
}
fs.renameSync(tmp, target);
}
/**

73
scripts/hooks/gateguard-fact-force.js
View File

@@ -119,65 +119,6 @@ function tokenize(segment) {
return segment.split(/\s+/).filter(Boolean);
}
/**
* Tokenize a short allowlisted shell command while preserving quoted
* arguments. This is intentionally smaller than a full shell parser: the
* caller rejects shell control characters before invoking it, so this only
* needs to keep spaces inside quotes together for read-only git commands.
*
* @param {string} input
* @returns {string[] | null}
*/
function tokenizeAllowlistedShellWords(input) {
const tokens = [];
let current = '';
let quote = null;
let escaped = false;
for (const char of String(input || '')) {
if (escaped) {
current += char;
escaped = false;
continue;
}
if (char === '\\') {
escaped = true;
continue;
}
if (quote) {
if (char === quote) {
quote = null;
} else {
current += char;
}
continue;
}
if (char === '"' || char === "'") {
quote = char;
continue;
}
if (/\s/.test(char)) {
if (current) {
tokens.push(current);
current = '';
}
continue;
}
current += char;
}
if (escaped) current += '\\';
if (quote) return null;
if (current) tokens.push(current);
return tokens;
}
/**
* Strip a leading path and trailing `.exe` from a command token so
* `/usr/bin/git`, `git.exe`, and `GIT` all normalize to `git`.
@@ -651,16 +592,8 @@ function isReadOnlyGitIntrospection(command) {
return false;
}
const segments = splitCommandSegments(trimmed);
if (segments.length !== 1) {
return false;
}
const tokens = tokenizeAllowlistedShellWords(trimmed);
if (!tokens) {
return false;
}
if (commandBasename(tokens[0]) !== 'git' || tokens.length < 2) {
const tokens = trimmed.split(/\s+/);
if (tokens[0] !== 'git' || tokens.length < 2) {
return false;
}
@@ -680,7 +613,7 @@ function isReadOnlyGitIntrospection(command) {
}
if (subcommand === 'show') {
return args.length === 1 && !args[0].startsWith('--') && /^[a-zA-Z0-9._:/ -]+$/.test(args[0]);
return args.length === 1 && !args[0].startsWith('--') && /^[a-zA-Z0-9._:/-]+$/.test(args[0]);
}
if (subcommand === 'branch') {

6
scripts/hooks/mcp-health-check.js
View File

@@ -26,10 +26,8 @@ const DEFAULT_BACKOFF_MS = 30 * 1000;
const MAX_BACKOFF_MS = 10 * 60 * 1000;
// The preflight HTTP probe only checks reachability; it does not have access to
// Claude Code's stored OAuth bearer token. Treat auth-gated responses as
// reachable so the real MCP client can attempt the authenticated call. A
// Streamable HTTP MCP server can also return 406 to a bare GET that omits
// Accept: text/event-stream; that still proves the endpoint is alive.
const HEALTHY_HTTP_CODES = new Set([200, 201, 202, 204, 301, 302, 303, 304, 307, 308, 400, 401, 403, 405, 406]);
// reachable so the real MCP client can attempt the authenticated call.
const HEALTHY_HTTP_CODES = new Set([200, 201, 202, 204, 301, 302, 303, 304, 307, 308, 400, 401, 403, 405]);
const RECONNECT_STATUS_CODES = new Set([401, 403, 429, 503]);
const FAILURE_PATTERNS = [
{ code: 401, pattern: /\b401\b|unauthori[sz]ed|auth(?:entication)?\s+(?:failed|expired|invalid)/i },

9
scripts/install-apply.js
View File

@@ -10,7 +10,6 @@ const os = require('os');
const {
SUPPORTED_INSTALL_TARGETS,
listLegacyCompatibilityLanguages,
listSupportedLocales,
} = require('./lib/install-manifests');
const {
LEGACY_INSTALL_TARGETS,
@@ -20,19 +19,16 @@ const {
function getHelpText() {
const languages = listLegacyCompatibilityLanguages();
const locales = listSupportedLocales();
return `
Usage: install.sh [--target <${LEGACY_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] <language> [<language> ...]
install.sh [--target <${SUPPORTED_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] --profile <name> [--with <component>]... [--without <component>]...
install.sh [--target <${SUPPORTED_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] --modules <id,id,...> [--with <component>]... [--without <component>]...
install.sh [--target <${SUPPORTED_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] --skills <skill-id[,skill-id...]>
install.sh [--target claude|claude-project] [--dry-run] [--json] --locale <locale-code>
install.sh [--dry-run] [--json] --config <path>
Targets:
claude (default) - Install ECC into ~/.claude/ with managed rules/skills under rules/ecc and skills/ecc
claude-project - Install ECC into ./.claude/ (per-project) with managed rules/skills under rules/ecc and skills/ecc
cursor - Install rules, hooks, and bundled Cursor configs to ./.cursor/
antigravity - Install rules, workflows, skills, and agents to ./.agent/
codex - Install shared agents/config into ~/.codex/
@@ -50,8 +46,6 @@ Options:
--skills <ids> Install one or more skill directories by ID, e.g. continuous-learning-v2
--without <component>
Exclude a user-facing install component
--locale <code> Install translated docs to ~/.claude/docs/<locale>/ (or ./.claude/docs/<locale>/ for claude-project)
(claude or claude-project target only; can be combined with --profile or --with)
--config <path> Load install intent from ecc-install.json
--dry-run Show the install plan without copying files
--json Emit machine-readable plan/result JSON
@@ -59,9 +53,6 @@ Options:
Available languages:
${languages.map(language => ` - ${language}`).join('\n')}
Available locales (--locale):
${locales.map(locale => ` - ${locale}`).join('\n')}
`;
}

18
scripts/lib/github-discussions.js
View File

@@ -4,7 +4,6 @@ const { spawnSync } = require('child_process');
const DEFAULT_DISCUSSION_FIRST = 100;
const MAINTAINER_ASSOCIATIONS = new Set(['OWNER', 'MEMBER', 'COLLABORATOR']);
const DISCUSSION_ENABLED_QUERY = 'query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } }';
const DISCUSSION_QUERY = 'query($owner: String!, $name: String!, $first: Int!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled discussions(first: $first, orderBy: {field: UPDATED_AT, direction: DESC}) { totalCount nodes { number title url updatedAt authorAssociation category { name isAnswerable } answer { url authorAssociation } comments(first: 20) { nodes { authorAssociation } } } } } }';
function splitRepo(repo) {
@@ -92,22 +91,6 @@ function summarizeDiscussion(discussion) {
function fetchDiscussionSummary(repo, options = {}) {
const { owner, name } = splitRepo(repo);
const first = Number.isFinite(options.first) ? options.first : DEFAULT_DISCUSSION_FIRST;
const enabledPayload = runGhJson([
'api',
'graphql',
'-f',
`owner=${owner}`,
'-f',
`name=${name}`,
'-f',
`query=${DISCUSSION_ENABLED_QUERY}`,
], options);
const enabledRepository = enabledPayload && enabledPayload.data && enabledPayload.data.repository;
if (!enabledRepository || !enabledRepository.hasDiscussionsEnabled) {
return emptyDiscussionSummary();
}
const payload = runGhJson([
'api',
'graphql',
@@ -147,7 +130,6 @@ function emptyDiscussionSummary() {
module.exports = {
DEFAULT_DISCUSSION_FIRST,
DISCUSSION_ENABLED_QUERY,
DISCUSSION_QUERY,
MAINTAINER_ASSOCIATIONS,
discussionNeedsAcceptedAnswer,

14
scripts/lib/install-executor.js
View File

@@ -555,12 +555,6 @@ function createLegacyCompatInstallPlan(options = {}) {
const sourceRoot = options.sourceRoot || getSourceRoot();
const projectRoot = options.projectRoot || process.cwd();
const target = options.target || 'claude';
const includeComponentIds = Array.isArray(options.includeComponentIds)
? [...options.includeComponentIds]
: [];
const excludeComponentIds = Array.isArray(options.excludeComponentIds)
? [...options.excludeComponentIds]
: [];
validateLegacyTarget(target);
@@ -577,14 +571,14 @@ function createLegacyCompatInstallPlan(options = {}) {
target,
profileId: null,
moduleIds: selection.moduleIds,
includeComponentIds,
excludeComponentIds,
includeComponentIds: [],
excludeComponentIds: [],
legacyLanguages: selection.legacyLanguages,
legacyMode: true,
requestProfileId: null,
requestModuleIds: [],
requestIncludeComponentIds: includeComponentIds,
requestExcludeComponentIds: excludeComponentIds,
requestIncludeComponentIds: [],
requestExcludeComponentIds: [],
mode: 'legacy-compat',
});
}

34
scripts/lib/install-manifests.js
View File

@@ -4,7 +4,7 @@ const path = require('path');
const { getInstallTargetAdapter, planInstallTargetScaffold } = require('./install-targets/registry');
const DEFAULT_REPO_ROOT = path.join(__dirname, '../..');
const SUPPORTED_INSTALL_TARGETS = ['claude', 'claude-project', 'cursor', 'antigravity', 'codex', 'gemini', 'opencode', 'codebuddy', 'joycode', 'qwen', 'zed'];
const SUPPORTED_INSTALL_TARGETS = ['claude', 'cursor', 'antigravity', 'codex', 'gemini', 'opencode', 'codebuddy', 'joycode', 'qwen', 'zed'];
const COMPONENT_FAMILY_PREFIXES = {
baseline: 'baseline:',
language: 'lang:',
@@ -12,28 +12,7 @@ const COMPONENT_FAMILY_PREFIXES = {
capability: 'capability:',
agent: 'agent:',
skill: 'skill:',
locale: 'locale:',
};
const SUPPORTED_LOCALES = Object.freeze(['ja', 'zh-CN', 'ko-KR', 'pt-BR', 'ru', 'tr', 'vi-VN', 'zh-TW']);
const LOCALE_ALIAS_TO_COMPONENT_ID = Object.freeze({
'ja': 'locale:ja',
'ja-JP': 'locale:ja',
'zh-CN': 'locale:zh-cn',
'zh': 'locale:zh-cn',
'ko-KR': 'locale:ko-kr',
'ko': 'locale:ko-kr',
'pt-BR': 'locale:pt-br',
'pt': 'locale:pt-br',
'ru': 'locale:ru',
'tr': 'locale:tr',
'vi-VN': 'locale:vi-vn',
'vi': 'locale:vi-vn',
'zh-TW': 'locale:zh-tw',
});
function listSupportedLocales() {
return [...SUPPORTED_LOCALES];
}
const LEGACY_COMPAT_BASE_MODULE_IDS_BY_TARGET = Object.freeze({
claude: [
'rules-core',
@@ -43,14 +22,6 @@ const LEGACY_COMPAT_BASE_MODULE_IDS_BY_TARGET = Object.freeze({
'platform-configs',
'workflow-quality',
],
'claude-project': [
'rules-core',
'agents-core',
'commands-core',
'hooks-runtime',
'platform-configs',
'workflow-quality',
],
cursor: [
'rules-core',
'agents-core',
@@ -636,14 +607,11 @@ function resolveInstallPlan(options = {}) {
module.exports = {
DEFAULT_REPO_ROOT,
SUPPORTED_INSTALL_TARGETS,
SUPPORTED_LOCALES,
LOCALE_ALIAS_TO_COMPONENT_ID,
getManifestPaths,
loadInstallManifests,
getInstallComponent,
listInstallComponents,
listLegacyCompatibilityLanguages,
listSupportedLocales,
listInstallModules,
listInstallProfiles,
resolveInstallPlan,

4
scripts/lib/install-targets/claude-home.js
View File

@@ -39,10 +39,6 @@ function getClaudeManagedDestinationPath(adapter, sourceRelativePath, input) {
);
}
if (normalizedSourcePath === 'docs' || normalizedSourcePath.startsWith('docs/')) {
return path.join(targetRoot, normalizedSourcePath);
}
return null;
}

91
scripts/lib/install-targets/claude-project.js
View File

@@ -1,91 +0,0 @@
const path = require('path');
const {
createInstallTargetAdapter,
createRemappedOperation,
isForeignPlatformPath,
normalizeRelativePath,
} = require('./helpers');
const CLAUDE_ECC_NAMESPACE = 'ecc';
function getClaudeManagedDestinationPath(adapter, sourceRelativePath, input) {
const normalizedSourcePath = normalizeRelativePath(sourceRelativePath);
const targetRoot = adapter.resolveRoot(input);
if (normalizedSourcePath === 'rules') {
return path.join(targetRoot, 'rules', CLAUDE_ECC_NAMESPACE);
}
if (normalizedSourcePath.startsWith('rules/')) {
return path.join(
targetRoot,
'rules',
CLAUDE_ECC_NAMESPACE,
normalizedSourcePath.slice('rules/'.length)
);
}
if (normalizedSourcePath === 'skills') {
return path.join(targetRoot, 'skills', CLAUDE_ECC_NAMESPACE);
}
if (normalizedSourcePath.startsWith('skills/')) {
return path.join(
targetRoot,
'skills',
CLAUDE_ECC_NAMESPACE,
normalizedSourcePath.slice('skills/'.length)
);
}
if (normalizedSourcePath === 'docs' || normalizedSourcePath.startsWith('docs/')) {
return path.join(targetRoot, normalizedSourcePath);
}
return null;
}
module.exports = createInstallTargetAdapter({
id: 'claude-project',
target: 'claude-project',
kind: 'project',
rootSegments: ['.claude'],
installStatePathSegments: ['ecc', 'install-state.json'],
nativeRootRelativePath: '.claude-plugin',
planOperations(input, adapter) {
const modules = Array.isArray(input.modules)
? input.modules
: (input.module ? [input.module] : []);
const planningInput = {
repoRoot: input.repoRoot,
projectRoot: input.projectRoot,
homeDir: input.homeDir,
};
return modules.flatMap(module => {
const paths = Array.isArray(module.paths) ? module.paths : [];
return paths
.filter(p => !isForeignPlatformPath(p, 'claude'))
.map(sourceRelativePath => {
const managedDestinationPath = getClaudeManagedDestinationPath(
adapter,
sourceRelativePath,
planningInput
);
if (managedDestinationPath) {
return createRemappedOperation(
adapter,
module.id,
sourceRelativePath,
managedDestinationPath,
{ strategy: 'preserve-relative-path' }
);
}
return adapter.createScaffoldOperation(module.id, sourceRelativePath, planningInput);
});
});
},
});

2
scripts/lib/install-targets/registry.js
View File

@@ -1,6 +1,5 @@
const antigravityProject = require('./antigravity-project');
const claudeHome = require('./claude-home');
const claudeProject = require('./claude-project');
const codebuddyProject = require('./codebuddy-project');
const codexHome = require('./codex-home');
const cursorProject = require('./cursor-project');
@@ -12,7 +11,6 @@ const zedProject = require('./zed-project');
const ADAPTERS = Object.freeze([
claudeHome,
claudeProject,
cursorProject,
antigravityProject,
codexHome,

2
scripts/lib/install/apply.js
View File

@@ -89,7 +89,7 @@ function isMcpConfigPath(filePath) {
}
function buildResolvedClaudeHooks(plan) {
if (!plan.adapter || (plan.adapter.target !== 'claude' && plan.adapter.target !== 'claude-project')) {
if (!plan.adapter || plan.adapter.target !== 'claude') {
return null;
}

38
scripts/lib/install/request.js
View File

@@ -1,6 +1,6 @@
'use strict';
const { validateInstallModuleIds, LOCALE_ALIAS_TO_COMPONENT_ID, listSupportedLocales } = require('../install-manifests');
const { validateInstallModuleIds } = require('../install-manifests');
const LEGACY_INSTALL_TARGETS = ['claude', 'cursor', 'antigravity'];
@@ -27,7 +27,6 @@ function parseInstallArgs(argv) {
includeComponentIds: [],
excludeComponentIds: [],
languages: [],
locale: null,
};
for (let index = 0; index < args.length; index += 1) {
@@ -61,13 +60,6 @@ function parseInstallArgs(argv) {
parsed.excludeComponentIds.push(componentId.trim());
}
index += 1;
} else if (arg === '--locale') {
const locale = args[index + 1] || '';
if (!locale || locale.startsWith('--')) {
throw new Error('Missing value for --locale');
}
parsed.locale = locale;
index += 1;
} else if (arg === '--dry-run') {
parsed.dryRun = true;
} else if (arg === '--json') {
@@ -89,28 +81,13 @@ function normalizeInstallRequest(options = {}) {
? options.config
: null;
const profileId = options.profileId || config?.profileId || null;
const target = options.target || config?.target || 'claude';
const moduleIds = validateInstallModuleIds(
dedupeStrings([...(config?.moduleIds || []), ...(options.moduleIds || [])])
);
const locale = options.locale || config?.locale || null;
const localeComponentId = locale ? LOCALE_ALIAS_TO_COMPONENT_ID[locale] : null;
if (locale && !localeComponentId) {
throw new Error(
`Unsupported locale: "${locale}". Supported locales: ${listSupportedLocales().join(', ')}`
);
}
if (locale && target !== 'claude' && target !== 'claude-project') {
throw new Error('--locale can only be used with --target claude or --target claude-project');
}
const requestedIncludeComponentIds = dedupeStrings([
const includeComponentIds = dedupeStrings([
...(config?.includeComponentIds || []),
...(options.includeComponentIds || []),
]);
const includeComponentIds = dedupeStrings([
...requestedIncludeComponentIds,
...(localeComponentId ? [localeComponentId] : []),
]);
const excludeComponentIds = dedupeStrings([
...(config?.excludeComponentIds || []),
...(options.excludeComponentIds || []),
@@ -119,14 +96,11 @@ function normalizeInstallRequest(options = {}) {
...(Array.isArray(options.legacyLanguages) ? options.legacyLanguages : []),
...(Array.isArray(options.languages) ? options.languages : []),
]).map(language => language.toLowerCase()));
const target = options.target || config?.target || 'claude';
const hasManifestBaseSelection = Boolean(profileId) || moduleIds.length > 0 || includeComponentIds.length > 0;
const hasNonLocaleManifestSelection = Boolean(profileId)
|| moduleIds.length > 0
|| requestedIncludeComponentIds.length > 0
|| excludeComponentIds.length > 0;
const usingManifestMode = hasManifestBaseSelection || excludeComponentIds.length > 0;
if (hasNonLocaleManifestSelection && legacyLanguages.length > 0) {
if (usingManifestMode && legacyLanguages.length > 0) {
throw new Error(
'Legacy language arguments cannot be combined with --profile, --modules, --with, --without, or manifest config selections'
);
@@ -137,9 +111,7 @@ function normalizeInstallRequest(options = {}) {
}
return {
mode: legacyLanguages.length > 0
? 'legacy-compat'
: (usingManifestMode ? 'manifest' : 'legacy-compat'),
mode: usingManifestMode ? 'manifest' : 'legacy-compat',
target,
profileId,
moduleIds,

2
scripts/lib/install/runtime.js
View File

@@ -28,8 +28,6 @@ function createInstallPlanFromRequest(request, options = {}) {
return createLegacyCompatInstallPlan({
target: request.target,
legacyLanguages: request.legacyLanguages,
includeComponentIds: request.includeComponentIds,
excludeComponentIds: request.excludeComponentIds,
projectRoot: options.projectRoot,
homeDir: options.homeDir,
claudeRulesDir: options.claudeRulesDir,

17
scripts/lib/resolve-ecc-root.js
View File

@@ -110,22 +110,7 @@ function resolveEccRoot(options = {}) {
* const _r = <paste INLINE_RESOLVE>;
* const sm = require(_r + '/scripts/lib/session-manager');
*/
function inlineSingleQuote(value) {
return `'${String(value).replace(/\\/g, '\\\\').replace(/'/g, "\\'")}'`;
}
function inlineArray(values) {
return `[${values.map(inlineSingleQuote).join(',')}]`;
}
function inlineNestedArray(values) {
return `[${values.map(inlineArray).join(',')}]`;
}
const INLINE_PLUGIN_ROOT_SEGMENTS = inlineNestedArray(PLUGIN_ROOT_SEGMENTS);
const INLINE_PLUGIN_CACHE_SLUGS = inlineArray(PLUGIN_CACHE_SLUGS);
const INLINE_RESOLVE = `(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of ${INLINE_PLUGIN_ROOT_SEGMENTS}){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ${INLINE_PLUGIN_CACHE_SLUGS}){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})()`;
const INLINE_RESOLVE = `(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of ${JSON.stringify(PLUGIN_ROOT_SEGMENTS)}){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ${JSON.stringify(PLUGIN_CACHE_SLUGS)}){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})()`;
module.exports = {
resolveEccRoot,

73
scripts/lib/session-bridge.js
View File

@@ -8,7 +8,6 @@
* without scanning large JSONL logs on every invocation.
*/
const crypto = require('crypto');
const fs = require('fs');
const os = require('os');
const path = require('path');
@@ -52,80 +51,15 @@ function readBridge(sessionId) {
}
/**
* Write bridge data atomically (write unique-suffix tmp then rename).
*
* The tmp path includes `process.pid` plus a random nonce so concurrent
* writers (e.g. PostToolUse `ecc-metrics-bridge` and the background
* `ecc-statusline`, both writing to the same session bridge) do not
* clobber each other's tmp file mid-write. With a fixed `.tmp` suffix
* two writers could both call `writeFileSync` against the same path
* before either reaches `renameSync`, causing one writer's payload to
* silently overwrite the other and the second `renameSync` to throw
* ENOENT once the rename consumes the file.
*
* Same pattern already used by `writeCostWarningIfChanged` in
* `scripts/hooks/ecc-metrics-bridge.js` (commit 9b1d8918) for the
* cost-warning cache; this commit applies it to the session-bridge
* primitive too.
*
* Write bridge data atomically (write .tmp then rename).
* @param {string} sessionId - Already-sanitized session ID
* @param {object} data
*/
function writeBridgeAtomic(sessionId, data) {
const target = getBridgePath(sessionId);
const tmp = `${target}.${process.pid}.${crypto.randomBytes(4).toString('hex')}.tmp`;
const tmp = `${target}.tmp`;
fs.writeFileSync(tmp, JSON.stringify(data), 'utf8');
try {
renameWithRetry(tmp, target);
} catch (err) {
try { fs.unlinkSync(tmp); } catch { /* ignore */ }
throw err;
}
}
/**
* Replace a file via rename, retrying briefly on transient OS-level errors.
*
* POSIX `rename(2)` is atomic between source and destination, so concurrent
* writers each rename onto the same target without conflict. Windows
* `MoveFileExW` is different: it fails with EPERM/EACCES/EBUSY if the
* target is currently being renamed by *another* process — a short race
* window that fires reliably under our PostToolUse + statusline concurrency.
*
* To stay portable, retry up to 5 times with exponential backoff (20 ms,
* 40, 80, 160, 320) on the Windows-only transient codes. POSIX runs hit
* the first try and exit immediately. Other error codes (ENOENT, ENOSPC,
* EROFS, …) re-throw without retry — they are not transient.
*
* Sleep uses `Atomics.wait` on a throwaway SharedArrayBuffer so the
* retry path does not busy-spin the CPU. This works on the main thread
* in Node ≥ 17 (and on workers in earlier versions).
*
* @param {string} tmp
* @param {string} target
*/
function renameWithRetry(tmp, target) {
const RETRY_CODES = new Set(['EPERM', 'EACCES', 'EBUSY']);
const MAX_ATTEMPTS = 5;
for (let attempt = 0; ; attempt++) {
try {
fs.renameSync(tmp, target);
return;
} catch (err) {
if (attempt + 1 >= MAX_ATTEMPTS || !RETRY_CODES.has(err.code)) {
throw err;
}
const delayMs = 20 << attempt;
try {
Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, delayMs);
} catch {
// Atomics.wait throws on the main thread in some older runtimes;
// fall back to a brief busy-wait so the retry path still has a delay.
const until = Date.now() + delayMs;
while (Date.now() < until) { /* spin */ }
}
}
}
fs.renameSync(tmp, target);
}
/**
@@ -142,7 +76,6 @@ module.exports = {
getBridgePath,
readBridge,
writeBridgeAtomic,
renameWithRetry,
resolveSessionId,
MAX_SESSION_ID_LENGTH
};

372
scripts/operator-readiness-dashboard.js
View File

@@ -335,59 +335,13 @@ function agentShieldEnterpriseGap(roadmap) {
function agentShieldEnterpriseEvidence(roadmap) {
if (roadmap.includes('hosted promotion judge audit traces')
|| roadmap.includes('operator-visible promotion output values')) {
return 'AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap';
return 'AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap';
}
return 'AgentShield enterprise PR evidence is mirrored in the GA roadmap';
}
function eccToolsNextLevelEvidence(roadmap) {
if (roadmap.includes('announcementGateReady` is `true')
|| roadmap.includes('Native GitHub payments announcement gate is ready')
|| roadmap.includes('d3d62df83fa075660fa4530c3e0edc311a4355fe')) {
return 'billing announcement gate, selected-target announcement gate, billing gate env-file operator path, non-breaking operator bearer path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler selected-target readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
}
if (roadmap.includes('selected-target official announcement gate')
|| roadmap.includes('billing gate env-file operator path')
|| roadmap.includes('72119a1')
|| roadmap.includes('16a5bb3')
|| roadmap.includes('select-ready-target')
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')) {
return 'billing announcement gate, selected-target announcement gate, billing gate env-file operator path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
}
if (roadmap.includes('69ca535')
|| roadmap.includes('team feedback controls')
|| roadmap.includes('e56fc1a')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
}
if (roadmap.includes('d5f60db')
|| roadmap.includes('Marketplace-source provenance counts')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, and sanitized Marketplace plan/action provenance counts are mirrored in the GA roadmap';
}
if (roadmap.includes('target account billing readback')
|| roadmap.includes('632e059')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap';
}
if (roadmap.includes('Wrangler OAuth readback')
|| roadmap.includes('42653f9')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap';
}
if (roadmap.includes('Marketplace webhook provenance')
|| roadmap.includes('2859678')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap';
}
if (roadmap.includes('billing:kv-readback')
|| roadmap.includes('95d0bec')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, and aggregate production billing KV readback are mirrored in the GA roadmap';
}
if (roadmap.includes('production Marketplace readback state')
|| roadmap.includes('eb69412')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, and production KV readback state are mirrored in the GA roadmap';
@@ -402,57 +356,6 @@ function eccToolsNextLevelEvidence(roadmap) {
}
function eccToolsNextLevelGap(roadmap) {
if (roadmap.includes('announcementGateReady` is `true')
|| roadmap.includes('Native GitHub payments announcement gate is ready')
|| roadmap.includes('d3d62df83fa075660fa4530c3e0edc311a4355fe')) {
return 'repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates';
}
if (roadmap.includes('selected-target official announcement gate')
|| roadmap.includes('billing gate env-file operator path')
|| roadmap.includes('72119a1')
|| roadmap.includes('16a5bb3')
|| roadmap.includes('select-ready-target')
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')
|| roadmap.includes('old "no Marketplace-managed Pro target billing-state" blocker is cleared')) {
return 'obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, via exported env or ignored --env-file, then run the live selected-target billing announcement gate before publishing native-payments copy';
}
if (roadmap.includes('1Password CLI authorization timed out')
|| roadmap.includes('Cloudflare API auth returned `Authentication error [code: 10000]`')) {
return 'authorize Cloudflare API or 1Password CLI access, configure the target Marketplace Pro account and INTERNAL_API_SECRET, create or replay Marketplace Pro webhook state, then rerun target readback and the live announcement gate';
}
if (roadmap.includes('Wrangler OAuth now works')
|| roadmap.includes('6904e4fb-bec7-4787-90e2-759f077a628c')) {
return 'create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate';
}
if (roadmap.includes('d5f60db')
|| roadmap.includes('Marketplace-source provenance counts')) {
return 'create or verify Marketplace-managed Pro target billing-state with webhook provenance, then run `billing:kv-readback -- --wrangler --wrangler-bin ./node_modules/.bin/wrangler --account <github-login> --require-ready`, followed by the live announcement gate';
}
if (roadmap.includes('target account billing readback')
|| roadmap.includes('632e059')) {
return 'create or verify Marketplace-managed Pro target billing-state with webhook provenance, then run `billing:kv-readback -- --account <github-login> --require-ready` with working Cloudflare API auth or repaired Wrangler OAuth, followed by the live announcement gate';
}
if (roadmap.includes('Wrangler OAuth readback')
|| roadmap.includes('42653f9')) {
return 'create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` with working Cloudflare API auth or repaired Wrangler OAuth, followed by the live announcement gate';
}
if (roadmap.includes('Marketplace webhook provenance')
|| roadmap.includes('2859678')) {
return 'replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate';
}
if (roadmap.includes('billing:kv-readback')
|| roadmap.includes('95d0bec')) {
return 'create or verify a Marketplace-managed Pro billing-state, then run the official live announcement gate';
}
if (roadmap.includes('production Marketplace readback state')
|| roadmap.includes('eb69412')) {
return 'complete Marketplace purchase/webhook readback, then run the live announcement gate';
@@ -469,7 +372,7 @@ function eccToolsNextLevelGap(roadmap) {
function supplyChainLocalProtectionEvidence({ roadmap, scripts }) {
if (scripts['security:advisory-sources'] === 'node scripts/ci/supply-chain-advisory-sources.js'
&& roadmap.includes('package-manager hardening Action outputs')) {
return 'scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current';
return 'scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; ITO-57 has May 17 Linear evidence updates';
}
return scripts['security:advisory-sources'] === 'node scripts/ci/supply-chain-advisory-sources.js'
@@ -487,19 +390,10 @@ function supplyChainLocalProtectionGap({ roadmap, scripts }) {
}
function hasCurrentLinearProgressSync({ roadmap, progressSync }) {
const hasOperatorProgressSurface = roadmap.includes('operator progress snapshot')
|| roadmap.includes('operator progress comment');
const hasMay19ProgressSurface = roadmap.includes('ecc-may-19-post-pr-2002-sync-64cef8f668e0')
&& roadmap.includes('a6411e3a-8c8e-4a58-adba-687e77d4c543')
&& roadmap.includes('ITO-56');
const hasMay20ReleaseGateSurface = roadmap.includes('467d148a-712a-4777-aad9-95593e9f1739')
&& roadmap.includes('7642ee9c-3107-400c-a229-53e2895a8914')
&& roadmap.includes('30f60710')
&& roadmap.includes('26135974576');
return roadmap.includes('Linear live sync is current')
&& (hasOperatorProgressSurface || hasMay19ProgressSurface || hasMay20ReleaseGateSurface)
&& includesAll(progressSync, [
return includesAll(roadmap, [
'Linear live sync is current',
'operator progress snapshot',
]) && includesAll(progressSync, [
'node scripts/work-items.js sync-github --repo <owner/repo>',
'node scripts/status.js --json',
'Linear remains the external status surface',
@@ -521,16 +415,7 @@ function linearProgressStatus(context) {
function linearProgressEvidence(context) {
if (hasCurrentLinearProgressSync(context)) {
if (context.roadmap.includes('467d148a-712a-4777-aad9-95593e9f1739')
&& context.roadmap.includes('7642ee9c-3107-400c-a229-53e2895a8914')) {
return 'Linear live sync is current with the May 20 Marketplace Pro release-gate comments on ITO-61 and the ECC platform roadmap; progress-sync contract defines the file-backed work-items/status path';
}
if (context.roadmap.includes('ecc-may-19-post-pr-2002-sync-64cef8f668e0')) {
return 'Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path';
}
return 'Linear live sync and project progress surface are current; progress-sync contract defines the file-backed work-items/status path';
return 'Linear live sync and project progress snapshot are current; progress-sync contract defines the file-backed work-items/status path';
}
return 'repo mirror and progress-sync contract are present';
@@ -575,70 +460,16 @@ function buildRequirement(id, requirement, artifact, status, evidence, gap) {
return { id, requirement, artifact, status, evidence, gap };
}
function extractLabeledCount(text, label) {
const pattern = new RegExp(`${label.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}:\\s*(\\d+)`, 'i');
const match = text.match(pattern);
if (!match) {
return null;
}
const parsed = Number.parseInt(match[1], 10);
return Number.isFinite(parsed) ? parsed : null;
}
function isCurrentOrComplete(status) {
return status === 'current' || status === 'complete';
}
function extractGrowthBaseline(hypergrowth) {
const mrrMatch = hypergrowth.match(/\| MRR \| `([^`]+)` \| `([^`]+)` \| `([^`]+)` \|/);
if (!mrrMatch) {
return {
currentMrr: 'unknown',
targetMrr: 'unknown',
gapMrr: 'unknown',
};
}
return {
currentMrr: mrrMatch[1],
targetMrr: mrrMatch[2],
gapMrr: mrrMatch[3],
};
}
function buildGrowthSummary(rootDir) {
const hypergrowth = readText(rootDir, 'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
const partnerPack = readText(rootDir, 'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md');
const baseline = extractGrowthBaseline(hypergrowth || partnerPack);
return {
...baseline,
lanes: [
'GitHub Sponsors and OSS partner sponsors',
'ECC Tools Pro subscriptions',
'consulting and implementation contracts',
'talks, podcasts, conference demos, and partner webinars',
],
};
}
function buildRequirements(rootDir, platformReport) {
const roadmap = readText(rootDir, 'docs/ECC-2.0-GA-ROADMAP.md');
const publicationReadiness = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-readiness.md');
const namingMatrix = readText(rootDir, 'docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md');
const releasePublicationChecklist = readText(rootDir, 'docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md');
const releaseUrlLedger = readText(rootDir, 'docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md');
const publicationEvidenceMay19 = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md');
const hypergrowthCommandCenter = readText(rootDir, 'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
const partnerSponsorTalksPack = readText(rootDir, 'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md');
const releaseVideoProduction = readText(rootDir, 'docs/releases/2.0.0-rc.1/video-suite-production.md');
const ownerQueueCleanup = readText(rootDir, 'docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md');
const ownerApprovalPacket = readText(rootDir, 'docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md');
const previewManifest = readText(rootDir, 'docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
const previewPackSmoke = readText(rootDir, 'scripts/preview-pack-smoke.js');
const releaseVideoSuite = readText(rootDir, 'scripts/release-video-suite.js');
const progressSync = readText(rootDir, 'docs/architecture/progress-sync-contract.md');
const observabilityReadiness = readText(rootDir, 'docs/architecture/observability-readiness.md');
const stalePrSalvage = readText(rootDir, 'docs/stale-pr-salvage-ledger.md');
@@ -664,77 +495,11 @@ function buildRequirements(rootDir, platformReport) {
]);
const hermesArtifactsReady = fileExists(rootDir, 'docs/HERMES-SETUP.md')
&& fileExists(rootDir, 'skills/hermes-imports/SKILL.md');
const hypergrowthCommandCenterReady = includesAll(hypergrowthCommandCenter, [
'harness-native operator system',
'$1,728/mo',
'$10,000/mo',
'Video Suite',
'Distribution Plan',
'Owner Approvals',
]) && includesAll(publicationEvidenceMay19, [
'Business baseline',
'$1,728/mo',
'$8,272/mo',
]);
const releaseVideoSuiteReady = scripts['release:video-suite'] === 'node scripts/release-video-suite.js'
&& fileExists(rootDir, 'scripts/release-video-suite.js')
&& includesAll(releaseVideoProduction, [
'ECC 2.0 Video Suite Production Manifest',
'Primary launch video',
'Self-Eval Gate',
'timeline',
])
&& includesAll(releaseVideoSuite, [
'ecc.release-video-suite.v1',
'video-source-assets-present',
'video-release-artifacts-present',
]);
const releaseVideoPublishCandidatesReady = releaseVideoSuiteReady
&& includesAll(publicationEvidenceMay19, [
'Ready true',
'15/15 source assets present',
'13/13 render, timeline, caption, EDL, and segment artifacts present',
'12/12 publish-candidate outputs present',
'zero detected black-frame segments',
'primary rough render self-eval passed',
]);
const partnerSponsorTalksReady = includesAll(partnerSponsorTalksPack, [
'Sponsor Outbound',
'Platform Partner DM',
'Consulting Intro',
'Talk And Podcast Pitch',
'GitHub Discussion Announcement',
'Do Not Send Or Publish If',
]);
const ownerApprovalPacketReady = includesAll(ownerApprovalPacket, [
'Owner Approval Packet',
'Decision Register',
'GitHub prerelease',
'npm `next` publish',
'Claude plugin tag',
'Video upload',
'Final URL Fill-In',
'Do Not Approve If',
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.'
]) && includesAll(previewManifest, ['owner-approval-packet-2026-05-19.md']);
const githubLive = !platformReport.github.skipped && platformReport.github.totals.errors === 0;
const ownerWideOpenPrs = extractLabeledCount(ownerQueueCleanup, 'Owner-wide open PRs after cleanup');
const ownerWideOpenIssues = extractLabeledCount(ownerQueueCleanup, 'Owner-wide open issues after cleanup');
const trackedPrQueueCurrent = githubLive
&& platformReport.github.totals.openPrs <= platformReport.thresholds.maxOpenPrs;
const trackedIssueQueueCurrent = githubLive
const queuesCurrent = githubLive
&& platformReport.github.totals.openPrs <= platformReport.thresholds.maxOpenPrs
&& platformReport.github.totals.openIssues <= platformReport.thresholds.maxOpenIssues;
const ownerPrQueueCurrent = ownerWideOpenPrs === null
|| ownerWideOpenPrs <= platformReport.thresholds.maxOpenPrs;
const ownerIssueQueueCurrent = ownerWideOpenIssues === null
|| ownerWideOpenIssues <= platformReport.thresholds.maxOpenIssues;
const ownerPrEvidence = ownerWideOpenPrs === null
? ''
: `; ${ownerWideOpenPrs} owner-wide open PRs after cleanup`;
const ownerIssueEvidence = ownerWideOpenIssues === null
? ''
: `; ${ownerWideOpenIssues} owner-wide open issues after cleanup`;
const discussionsCurrent = githubLive
&& platformReport.github.totals.discussionsNeedingMaintainerTouch === 0
&& platformReport.github.totals.discussionsMissingAcceptedAnswer === 0;
@@ -743,30 +508,22 @@ function buildRequirements(rootDir, platformReport) {
buildRequirement(
'public-pr-budget',
'Keep public PRs below 20',
ownerWideOpenPrs === null
? 'scripts/platform-audit.js live GitHub sweep'
: 'scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger',
trackedPrQueueCurrent && ownerPrQueueCurrent ? 'current' : 'in_progress',
'scripts/platform-audit.js live GitHub sweep',
queuesCurrent ? 'current' : 'in_progress',
githubLive
? `${platformReport.github.totals.openPrs} open PRs across ${platformReport.github.repos.length} tracked repos${ownerPrEvidence}`
? `${platformReport.github.totals.openPrs} open PRs across ${platformReport.github.repos.length} tracked repos`
: 'live GitHub queue readback was skipped or failed',
trackedPrQueueCurrent && ownerPrQueueCurrent
? 'repeat platform:audit and owner-wide gh search before release'
: 'run live platform:audit and owner-wide gh search, then drain PR queue'
queuesCurrent ? 'repeat before release' : 'run live platform:audit and drain PR queue'
),
buildRequirement(
'public-issue-budget',
'Keep public issues below 20',
ownerWideOpenIssues === null
? 'scripts/platform-audit.js live GitHub sweep'
: 'scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger',
trackedIssueQueueCurrent && ownerIssueQueueCurrent ? 'current' : 'in_progress',
'scripts/platform-audit.js live GitHub sweep',
queuesCurrent ? 'current' : 'in_progress',
githubLive
? `${platformReport.github.totals.openIssues} open issues across ${platformReport.github.repos.length} tracked repos${ownerIssueEvidence}`
? `${platformReport.github.totals.openIssues} open issues across ${platformReport.github.repos.length} tracked repos`
: 'live GitHub queue readback was skipped or failed',
trackedIssueQueueCurrent && ownerIssueQueueCurrent
? 'repeat platform:audit and owner-wide gh search before release'
: 'run live platform:audit and owner-wide gh search, then drain issue queue'
queuesCurrent ? 'repeat before release' : 'run live platform:audit and drain issue queue'
),
buildRequirement(
'repository-discussions',
@@ -822,20 +579,12 @@ function buildRequirements(rootDir, platformReport) {
buildRequirement(
'naming-and-plugin-publication',
'Prepare name-change, Claude plugin, and Codex plugin paths',
'naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness',
'naming-and-publication-matrix plus publication-readiness',
includesAll(namingMatrix, ['Claude plugin', 'Codex plugin', 'npm package', 'Publication Paths'])
&& includesAll(releasePublicationChecklist, [
'Ship `v2.0.0-rc.1` as **ECC**',
'affaan-m/ECC',
'ecc-universal',
'claude plugin tag .claude-plugin --dry-run',
'codex plugin marketplace add',
'Do not rename the npm package until rc.1 is published'
])
&& includesAll(publicationReadiness, ['Claude plugin', 'Codex plugin'])
? 'in_progress'
: 'not_complete',
'naming matrix, release publication checklist, and plugin readiness gates exist',
'naming matrix and plugin readiness gates exist',
'real tag/push, marketplace submission, and final channel choice remain approval-gated'
),
buildRequirement(
@@ -847,64 +596,8 @@ function buildRequirements(rootDir, platformReport) {
&& fileExists(rootDir, 'docs/releases/2.0.0-rc.1/linkedin-post.md')
? 'in_progress'
: 'not_complete',
includesAll(releaseUrlLedger, ['Live Now', 'Approval-Gated URLs', 'Codex marketplace CLI docs'])
? 'release notes, X thread, LinkedIn draft, and URL ledger are present'
: 'release notes, X thread, and LinkedIn draft are present',
includesAll(releaseUrlLedger, ['Live Now', 'Approval-Gated URLs', 'Codex marketplace CLI docs'])
? 'final live release/npm/plugin/billing URLs and publish approval still pending'
: 'URL-backed refresh and publish approval still pending'
),
buildRequirement(
'owner-approval-packet',
'Prepare final owner approval packet',
'docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md',
ownerApprovalPacketReady ? 'current' : 'not_complete',
ownerApprovalPacketReady
? 'owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions'
: 'owner approval packet is missing or incomplete',
ownerApprovalPacketReady
? 'review owner approvals from the final release commit before any publication or outbound action'
: 'add the owner decision sheet before publication review'
),
buildRequirement(
'hypergrowth-command-center',
'Create a second-phase hypergrowth release command center',
'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence',
hypergrowthCommandCenterReady ? 'current' : 'in_progress',
hypergrowthCommandCenterReady
? 'current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree'
: 'hypergrowth command center or May 19 business baseline evidence is incomplete',
hypergrowthCommandCenterReady
? 'refresh after every MRR, channel, or approval-state change before public launch'
: 'add current MRR, target gap, channel plan, video lane, and approval boundaries'
),
buildRequirement(
'release-video-suite',
'Produce the ECC 2.0 release video suite',
'docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite',
releaseVideoPublishCandidatesReady ? 'current' : releaseVideoSuiteReady ? 'in_progress' : 'not_complete',
releaseVideoPublishCandidatesReady
? 'video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence'
: releaseVideoSuiteReady
? 'video production manifest and deterministic video-suite gate are wired for launch video, short clips, captions, timeline, and self-eval evidence'
: 'video production manifest or release:video-suite gate is incomplete',
releaseVideoPublishCandidatesReady
? 'final owner approval, upload, and public video URLs remain approval-gated'
: releaseVideoSuiteReady
? 'render final owner-approved MP4s, captions, platform reframes, and editable timeline before posting'
: 'wire release:video-suite and production manifest before final content work'
),
buildRequirement(
'partner-sponsor-talks-pack',
'Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy',
'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md',
partnerSponsorTalksReady ? 'in_progress' : 'not_complete',
partnerSponsorTalksReady
? 'sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted'
: 'partner, sponsor, consulting, talk, or discussion copy is missing',
partnerSponsorTalksReady
? 'replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts'
: 'draft the full outbound pack and approval gate'
'release notes, X thread, and LinkedIn draft are present',
'URL-backed refresh and publish approval still pending'
),
buildRequirement(
'agentshield-enterprise-iteration',
@@ -994,18 +687,12 @@ function buildReport(options) {
fix: item.gap,
}));
const head = runCommand('git', ['rev-parse', 'HEAD'], { cwd: rootDir });
const growth = buildGrowthSummary(rootDir);
const releaseVideoRequirement = requirements.find(item => item.id === 'release-video-suite');
const releaseVideoWorkOrder = releaseVideoRequirement && releaseVideoRequirement.status === 'current'
? 'Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.'
: 'Render the owner-approved primary launch video, short clips, captions, reframes, and editable timeline from the video-suite production manifest.';
return {
schema_version: SCHEMA_VERSION,
generatedAt,
root: rootDir,
head,
growth,
ready: incompleteRequirements.length === 0,
dashboardReady: platformReport.ready,
publicationReady: false,
@@ -1025,11 +712,9 @@ function buildReport(options) {
top_actions: topActions,
next_work_order: [
'Regenerate this dashboard from the final release commit before publication evidence is recorded.',
'Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.',
releaseVideoWorkOrder,
'Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.',
'Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.',
'Repeat KV readback and the selected-target billing announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates.',
'Complete ECC Tools Marketplace purchase/webhook readback, then run preflight and the live announcement gate before publishing native-payments copy.',
'Resume ITO-45, ITO-46, and ITO-56 only after the generated dashboard and final release gates are refreshed.',
],
};
}
@@ -1048,9 +733,6 @@ function renderText(report) {
`Dashboard ready: ${report.dashboardReady}`,
`Publication ready: ${report.publicationReady}`,
'',
'Growth baseline:',
` MRR: ${report.growth ? report.growth.currentMrr : 'unknown'} -> ${report.growth ? report.growth.targetMrr : 'unknown'} (gap ${report.growth ? report.growth.gapMrr : 'unknown'})`,
'',
'Platform:',
` PRs: ${report.platform.openPrs}`,
` Issues: ${report.platform.openIssues}`,
@@ -1098,14 +780,6 @@ function renderMarkdown(report) {
`| Dashboard generation | ${report.dashboardReady ? 'Current' : 'Needs work'} | platform audit ready: ${report.platform.ready}; GitHub skipped: ${report.platform.githubSkipped} |`,
`| Publication | ${report.publicationReady ? 'Ready' : 'Not complete'} | release, npm, plugin, billing, and announcement gates are tracked below |`,
'',
'## Growth Baseline',
'',
'| Metric | Current | Target | Gap |',
'| --- | ---: | ---: | ---: |',
`| MRR | ${markdownEscape(report.growth ? report.growth.currentMrr : 'unknown')} | ${markdownEscape(report.growth ? report.growth.targetMrr : 'unknown')} | ${markdownEscape(report.growth ? report.growth.gapMrr : 'unknown')} |`,
'',
'Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.',
'',
'## Prompt-To-Artifact Checklist',
'',
'| Objective requirement | Artifact or gate | Status | Evidence | Gap |',

16
scripts/platform-audit.js
View File

@@ -11,7 +11,7 @@ const {
const SCHEMA_VERSION = 'ecc.platform-audit.v1';
const DEFAULT_REPOS = Object.freeze([
'affaan-m/ECC',
'affaan-m/everything-claude-code',
'affaan-m/agentshield',
'affaan-m/JARVIS',
'ECC-Tools/ECC-Tools',
@@ -426,8 +426,8 @@ function buildLocalEvidenceChecks(rootDir) {
const roadmap = readText(rootDir, 'docs/ECC-2.0-GA-ROADMAP.md');
const progressSync = readText(rootDir, 'docs/architecture/progress-sync-contract.md');
const supplyChain = readText(rootDir, 'docs/security/supply-chain-incident-response.md');
const evidence = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md');
const operatorDashboard = readText(rootDir, 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md');
const evidence = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md');
const operatorDashboard = readText(rootDir, 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-15.md');
return [
buildCheck(
@@ -472,23 +472,21 @@ function buildLocalEvidenceChecks(rootDir) {
),
buildCheck(
'release-evidence-current',
includesAll(evidence, ['Release video suite', 'growth outreach', 'Operator dashboard', 'GitGuardian', 'macOS/Ubuntu/Windows test matrix', '2568 passed']) ? 'pass' : 'fail',
'rc.1 evidence includes current release, video, growth, and CI artifacts',
{ path: 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md' }
includesAll(evidence, ['TanStack', 'Mini Shai-Hulud', 'Node IPC follow-up', 'node-ipc', 'IOC scan']) ? 'pass' : 'fail',
'rc.1 evidence includes current supply-chain verification artifacts',
{ path: 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md' }
),
buildCheck(
'operator-readiness-dashboard',
includesAll(operatorDashboard, [
'This dashboard is generated by `npm run operator:dashboard`',
'Growth Baseline',
'hypergrowth release command center',
'Prompt-To-Artifact Checklist',
'PR queue',
'Not complete',
'Next Work Order',
]) ? 'pass' : 'fail',
'operator dashboard maps macro-goal requirements to current evidence and open gaps',
{ path: 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md' }
{ path: 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-15.md' }
),
];
}

15
scripts/preview-pack-smoke.js
View File

@@ -18,7 +18,6 @@ const REQUIRED_ARTIFACTS = [
'docs/architecture/observability-readiness.md',
'docs/architecture/progress-sync-contract.md',
'scripts/preview-pack-smoke.js',
'scripts/release-approval-gate.js',
`${RELEASE_DIR}/release-notes.md`,
`${RELEASE_DIR}/quickstart.md`,
`${RELEASE_DIR}/launch-checklist.md`,
@@ -26,18 +25,8 @@ const REQUIRED_ARTIFACTS = [
`${RELEASE_DIR}/publication-evidence-2026-05-15.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-16.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-17.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-18.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-19.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-17.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-18.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-19.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-20.md`,
`${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`,
`${RELEASE_DIR}/release-url-ledger-2026-05-19.md`,
`${RELEASE_DIR}/video-suite-production.md`,
`${RELEASE_DIR}/partner-sponsor-talks-pack.md`,
`${RELEASE_DIR}/naming-and-publication-matrix.md`,
`${RELEASE_DIR}/release-name-plugin-publication-checklist-2026-05-18.md`,
`${RELEASE_DIR}/x-thread.md`,
`${RELEASE_DIR}/linkedin-post.md`,
`${RELEASE_DIR}/article-outline.md`,
@@ -47,10 +36,8 @@ const REQUIRED_ARTIFACTS = [
const REQUIRED_VERIFICATION_COMMANDS = [
'git status --short --branch',
'node scripts/platform-audit.js --json',
'node scripts/platform-audit.js --format json --allow-untracked docs/drafts/',
'npm run preview-pack:smoke',
'npm run release:approval-gate -- --format json',
'npm run release:video-suite -- --format json',
'npm run harness:adapters -- --check',
'npm run harness:audit -- --format json',
'npm run observability:ready',

553
scripts/release-approval-gate.js
View File

@@ -1,553 +0,0 @@
#!/usr/bin/env node
'use strict';
const crypto = require('crypto');
const fs = require('fs');
const path = require('path');
const RELEASE = '2.0.0-rc.1';
const RELEASE_DIR = `docs/releases/${RELEASE}`;
const SCHEMA_VERSION = 'ecc.release-approval-gate.v1';
const SCRIPT_PATH = 'scripts/release-approval-gate.js';
const OWNER_PACKET_PATH = `${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`;
const URL_LEDGER_PATH = `${RELEASE_DIR}/release-url-ledger-2026-05-19.md`;
const PREVIEW_MANIFEST_PATH = `${RELEASE_DIR}/preview-pack-manifest.md`;
const REQUIRED_COMMAND = 'npm run release:approval-gate -- --format json';
const REQUIRED_DECISIONS = [
{
id: 'github-prerelease',
label: 'GitHub prerelease',
},
{
id: 'npm-next-publish',
label: 'npm `next` publish',
},
{
id: 'claude-plugin-tag',
label: 'Claude plugin tag',
},
{
id: 'codex-repo-marketplace',
label: 'Codex repo marketplace',
},
{
id: 'ecc-tools-billing-language',
label: 'ECC Tools billing language',
},
{
id: 'video-upload',
label: 'Video upload',
},
{
id: 'social-and-longform',
label: 'X, LinkedIn, GitHub Discussion, longform',
},
{
id: 'outbound-growth',
label: 'Sponsor, partner, consulting, conference, podcast outreach',
},
];
const REQUIRED_URL_SURFACES = [
{
id: 'github-prerelease-url',
label: 'GitHub prerelease URL',
exampleUrl: 'https://github.com/affaan-m/ECC/releases/tag/v2.0.0-rc.1',
},
{
id: 'npm-rc-package-url',
label: 'npm rc package URL',
exampleUrl: 'https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1',
},
{
id: 'claude-plugin-tag-url',
label: 'Claude plugin tag URL',
exampleUrl: 'https://github.com/affaan-m/ECC/releases/tag/ecc--v2.0.0-rc.1',
},
{
id: 'codex-repo-marketplace-evidence',
label: 'Codex repo-marketplace evidence',
exampleUrl: 'https://github.com/affaan-m/ECC/tree/v2.0.0-rc.1/.codex-plugin',
},
{
id: 'primary-launch-video-url',
label: 'Primary launch video URL',
exampleUrl: 'https://x.com/affaanmustafa/status/0000000000000000000',
},
{
id: 'short-clip-urls',
label: 'Short clip URLs',
exampleUrl: 'https://x.com/affaanmustafa/status/0000000000000000001',
},
{
id: 'ecc-tools-billing-readiness-url',
label: 'ECC Tools billing/readiness URL',
exampleUrl: 'https://github.com/ECC-Tools',
},
];
const ANNOUNCEMENT_FILES = [
`${RELEASE_DIR}/release-notes.md`,
`${RELEASE_DIR}/x-thread.md`,
`${RELEASE_DIR}/linkedin-post.md`,
`${RELEASE_DIR}/article-outline.md`,
`${RELEASE_DIR}/partner-sponsor-talks-pack.md`,
'docs/business/social-launch-copy.md',
];
function usage() {
console.log([
'Usage: node scripts/release-approval-gate.js [--format <text|json>] [--root <dir>]',
'',
'Final approval gate for ECC 2.0 rc.1 publication and outbound actions.',
'',
'Options:',
' --format <text|json> Output format (default: text)',
' --json Alias for --format json',
' --root <dir> Repository root to inspect (default: cwd)',
' --help, -h Show this help',
].join('\n'));
}
function readArgValue(args, index, flagName) {
const value = args[index + 1];
if (!value || value.startsWith('--')) {
throw new Error(`${flagName} requires a value`);
}
return value;
}
function parseArgs(argv) {
const args = argv.slice(2);
const parsed = {
format: 'text',
help: false,
root: path.resolve(process.cwd()),
};
for (let index = 0; index < args.length; index += 1) {
const arg = args[index];
if (arg === '--help' || arg === '-h') {
parsed.help = true;
continue;
}
if (arg === '--json') {
parsed.format = 'json';
continue;
}
if (arg === '--format') {
parsed.format = readArgValue(args, index, arg).toLowerCase();
index += 1;
continue;
}
if (arg.startsWith('--format=')) {
parsed.format = arg.slice('--format='.length).toLowerCase();
continue;
}
if (arg === '--root') {
parsed.root = path.resolve(readArgValue(args, index, arg));
index += 1;
continue;
}
if (arg.startsWith('--root=')) {
parsed.root = path.resolve(arg.slice('--root='.length));
continue;
}
throw new Error(`Unknown argument: ${arg}`);
}
if (!['text', 'json'].includes(parsed.format)) {
throw new Error(`Invalid format: ${parsed.format}. Use text or json.`);
}
return parsed;
}
function readText(rootDir, relativePath) {
try {
return fs.readFileSync(path.join(rootDir, relativePath), 'utf8');
} catch (_error) {
return '';
}
}
function fileExists(rootDir, relativePath) {
return fs.existsSync(path.join(rootDir, relativePath));
}
function safeParseJson(text) {
if (!text.trim()) {
return null;
}
try {
return JSON.parse(text);
} catch (_error) {
return null;
}
}
function normalizeLabel(value) {
return String(value)
.replace(/[`*_]/g, '')
.replace(/\s+/g, ' ')
.trim()
.toLowerCase();
}
function normalizeState(value) {
return String(value)
.replace(/[`*_]/g, '')
.replace(/\s+/g, ' ')
.trim()
.toLowerCase();
}
function splitMarkdownRow(row) {
const trimmed = row.trim();
if (!trimmed.startsWith('|') || !trimmed.endsWith('|')) {
return [];
}
return trimmed
.slice(1, -1)
.split('|')
.map(cell => cell.trim());
}
function parseDecisionRegister(packet) {
const decisions = new Map();
for (const line of packet.split('\n')) {
const cells = splitMarkdownRow(line);
if (cells.length < 4) {
continue;
}
const [decision, state] = cells;
const normalizedDecision = normalizeLabel(decision);
if (
!normalizedDecision
|| normalizedDecision === 'decision'
|| /^-+$/.test(normalizedDecision)
) {
continue;
}
decisions.set(normalizedDecision, normalizeState(state));
}
return decisions;
}
function isApproved(state) {
return state === 'approve' || state === 'approved';
}
function lineNumberForIndex(text, index) {
return text.slice(0, index).split('\n').length;
}
function findAnnouncementOffenders(rootDir, relativePaths) {
const offenders = [];
const privatePathPattern = /\/Users\/(?!\.\.\.)[A-Za-z0-9._-]+|\/home\/(?!user|runner)[A-Za-z0-9._-]+/g;
const anglePlaceholderPattern = /<(?!(?:https?:\/\/|mailto:|#))[^>\n]*(?:url|link|todo|tbd|placeholder)[^>\n]*>/gi;
const barePlaceholderPattern = /\bTODO\b|\bTBD\b|\bPLACEHOLDER\b/g;
for (const relativePath of relativePaths) {
const text = readText(rootDir, relativePath);
if (!text) {
offenders.push({
path: relativePath,
line: 1,
marker: 'missing file',
});
continue;
}
for (const match of text.matchAll(privatePathPattern)) {
offenders.push({
path: relativePath,
line: lineNumberForIndex(text, match.index),
marker: match[0],
});
}
for (const match of text.matchAll(anglePlaceholderPattern)) {
offenders.push({
path: relativePath,
line: lineNumberForIndex(text, match.index),
marker: match[0],
});
}
for (const match of text.matchAll(barePlaceholderPattern)) {
offenders.push({
path: relativePath,
line: lineNumberForIndex(text, match.index),
marker: match[0],
});
}
}
return offenders;
}
function ledgerBlockers(ledger) {
const blockers = [];
if (/^##\s+Approval-Gated URLs\s*$/im.test(ledger)) {
blockers.push('approval-gated URL section still present');
}
for (const [pattern, label] of [
[/not published yet/i, 'not-published marker still present'],
[/must return/i, 'must-return readback marker still present'],
[/Gate before use/i, 'gate-before-use column still present'],
[/\bpending\b/i, 'pending marker still present'],
[/\bblocked\b/i, 'blocked marker still present'],
]) {
if (pattern.test(ledger)) {
blockers.push(label);
}
}
return blockers;
}
function makeCheck(id, status, evidence, fix) {
return {
id,
status,
evidence,
fix: status === 'pass' ? '' : fix,
};
}
function topActionsForChecks(checks) {
const actions = [];
const failedIds = new Set(checks.filter(check => check.status !== 'pass').map(check => check.id));
if (failedIds.has('release-approval-script-registered')) {
actions.push('Wire release:approval-gate into package.json, package files, and the preview-pack manifest.');
}
if (failedIds.has('owner-decisions-approved')) {
actions.push('Approve, defer, or block each owner decision row explicitly after final evidence is rerun from the release commit.');
}
if (failedIds.has('release-url-ledger-finalized')) {
actions.push('Replace approval-gated URL ledger rows with live readback URLs from the approved release, package, plugin, video, and billing surfaces.');
}
if (failedIds.has('final-evidence-command-listed')) {
actions.push('Add release:approval-gate to the final evidence command lists before asking for publication approval.');
}
if (failedIds.has('announcement-copy-finalized')) {
actions.push('Remove unresolved placeholders and private local paths from launch, social, and outbound copy.');
}
if (failedIds.has('public-action-guard-present')) {
actions.push('Restore the explicit no-outbound/no-publish authorization boundary in the owner packet.');
}
return actions;
}
function buildReport(options = {}) {
const rootDir = path.resolve(options.root || process.cwd());
const packageJson = safeParseJson(readText(rootDir, 'package.json')) || {};
const packageScripts = packageJson.scripts || {};
const packageFiles = Array.isArray(packageJson.files) ? packageJson.files : [];
const ownerPacket = readText(rootDir, OWNER_PACKET_PATH);
const ledger = readText(rootDir, URL_LEDGER_PATH);
const manifest = readText(rootDir, PREVIEW_MANIFEST_PATH);
const decisions = parseDecisionRegister(ownerPacket);
const missingDecisions = [];
const unapprovedDecisions = [];
for (const decision of REQUIRED_DECISIONS) {
const state = decisions.get(normalizeLabel(decision.label));
if (!state) {
missingDecisions.push(decision.label);
} else if (!isApproved(state)) {
unapprovedDecisions.push(`${decision.label}=${state}`);
}
}
const missingUrlSurfaces = REQUIRED_URL_SURFACES
.filter(surface => !ledger.includes(surface.label))
.map(surface => surface.label);
const urlBlockers = ledgerBlockers(ledger);
const announcementOffenders = findAnnouncementOffenders(rootDir, ANNOUNCEMENT_FILES);
const commandListedIn = [
ownerPacket.includes(REQUIRED_COMMAND) ? OWNER_PACKET_PATH : '',
ledger.includes(REQUIRED_COMMAND) ? URL_LEDGER_PATH : '',
manifest.includes(REQUIRED_COMMAND) ? PREVIEW_MANIFEST_PATH : '',
].filter(Boolean);
const checks = [
makeCheck(
'release-approval-script-registered',
packageScripts['release:approval-gate'] === `node ${SCRIPT_PATH}`
&& packageFiles.includes(SCRIPT_PATH)
&& fileExists(rootDir, SCRIPT_PATH)
&& manifest.includes(`\`${SCRIPT_PATH}\``)
&& manifest.includes(REQUIRED_COMMAND)
? 'pass'
: 'fail',
'package script, npm package file entry, local script, and preview-pack manifest reference',
'Add release:approval-gate to package scripts, package files, and preview-pack-manifest.md.'
),
makeCheck(
'owner-decisions-approved',
missingDecisions.length === 0 && unapprovedDecisions.length === 0 ? 'pass' : 'fail',
missingDecisions.length === 0 && unapprovedDecisions.length === 0
? `${REQUIRED_DECISIONS.length} owner decision rows are approved`
: `missing decisions: ${missingDecisions.join(', ') || 'none'}; pending decisions: ${unapprovedDecisions.join(', ') || 'none'}`,
'Set every required owner decision row to approve only after the final release evidence has been rerun.'
),
makeCheck(
'release-url-ledger-finalized',
ledger
&& missingUrlSurfaces.length === 0
&& urlBlockers.length === 0
? 'pass'
: 'fail',
ledger && missingUrlSurfaces.length === 0 && urlBlockers.length === 0
? `${REQUIRED_URL_SURFACES.length} final URL surfaces are recorded without approval-gated blockers`
: `missing URL surfaces: ${missingUrlSurfaces.join(', ') || 'none'}; blockers: ${urlBlockers.join(', ') || 'none'}`,
'Regenerate the release URL ledger after the approved publication actions and record live readback URLs.'
),
makeCheck(
'final-evidence-command-listed',
commandListedIn.length === 3 ? 'pass' : 'fail',
commandListedIn.length === 3
? `${REQUIRED_COMMAND} is listed in owner packet, URL ledger, and preview manifest`
: `${REQUIRED_COMMAND} listed in: ${commandListedIn.join(', ') || 'none'}`,
'List release:approval-gate in every final evidence command block.'
),
makeCheck(
'announcement-copy-finalized',
announcementOffenders.length === 0 ? 'pass' : 'fail',
announcementOffenders.length === 0
? `${ANNOUNCEMENT_FILES.length} launch/outbound copy files have no placeholders or private paths`
: `offenders: ${announcementOffenders.map(item => `${item.path}:${item.line}`).join(', ')}`,
'Replace placeholders with live URLs and remove private local paths from launch/outbound copy.'
),
makeCheck(
'public-action-guard-present',
ownerPacket.includes(
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.'
)
? 'pass'
: 'fail',
'owner packet preserves the explicit no-public-action authorization boundary',
'Restore the owner-packet sentence that blocks outbound, posts, package publish, plugin tags, and billing announcements.'
),
];
const failed = checks.filter(check => check.status !== 'pass');
const digest = crypto
.createHash('sha256')
.update(JSON.stringify(checks.map(check => [check.id, check.status, check.evidence])))
.digest('hex')
.slice(0, 12);
return {
schema_version: SCHEMA_VERSION,
release: RELEASE,
ready: failed.length === 0,
digest,
summary: {
passed: checks.length - failed.length,
failed: failed.length,
total: checks.length,
},
top_actions: topActionsForChecks(checks),
checks,
};
}
function renderText(report) {
const lines = [
'ECC release approval gate',
`Release: ${report.release}`,
`Ready: ${report.ready ? 'yes' : 'no'}`,
`Digest: ${report.digest}`,
'',
'Checks:',
];
for (const check of report.checks) {
lines.push(`- ${check.status} ${check.id}: ${check.evidence}`);
if (check.fix) {
lines.push(` fix: ${check.fix}`);
}
}
if (report.top_actions.length > 0) {
lines.push('');
lines.push('Top actions:');
for (const action of report.top_actions) {
lines.push(`- ${action}`);
}
}
lines.push('');
lines.push(`Passed: ${report.summary.passed}`);
lines.push(`Failed: ${report.summary.failed}`);
return `${lines.join('\n')}\n`;
}
function main() {
let parsed;
try {
parsed = parseArgs(process.argv);
} catch (error) {
console.error(`Error: ${error.message}`);
process.exit(1);
}
if (parsed.help) {
usage();
return;
}
const report = buildReport({ root: parsed.root });
if (parsed.format === 'json') {
console.log(JSON.stringify(report, null, 2));
} else {
process.stdout.write(renderText(report));
}
if (!report.ready) {
process.exit(2);
}
}
if (require.main === module) {
main();
}
module.exports = {
ANNOUNCEMENT_FILES,
REQUIRED_COMMAND,
REQUIRED_DECISIONS,
REQUIRED_URL_SURFACES,
buildReport,
parseArgs,
renderText,
};

1096
scripts/release-video-suite.js
View File

File diff suppressed because it is too large Load Diff

164
skills/blender-motion-state-inspection/SKILL.md
View File

@@ -1,164 +0,0 @@
---
name: blender-motion-state-inspection
description: Use this skill when inspecting Blender characters, rigs, poses, animation retargeting, ground contact, facing direction, or model-vs-motion alignment where screenshots alone are not enough.
origin: ECC
tools: Read, Write, Edit, Bash, Grep, Glob
---
# Blender Motion State Inspection
## When to Use
- A Blender character looks twisted, mirrored, flattened, offset, or foot-sliding in an animation.
- A user asks whether an imported avatar, armature, or retargeted motion matches an expected pose.
- You need to compare rendered evidence with structured facts such as bones, bounding boxes, contacts, and facing vectors.
- A workflow depends on deciding whether a model is a character, prop, proxy mesh, control rig, or broken import.
## Core Principle
Do not judge animated 3D assets only from screenshots. Screenshots are review evidence, but they hide axis conventions, bone names, object scale, local transforms, parented meshes, material slots, and frame-by-frame contact state.
First extract structured Blender state, then use viewport screenshots or renders to confirm what the facts imply.
## How It Works
1. Establish the clean scene and asset baseline before judging motion.
2. Extract structured facts from Blender using an exporter or Blender Python run inside Blender's own interpreter.
3. Sample the frames most likely to expose contact, orientation, scale, and retargeting errors.
4. Compare the measured facts against the user's expected pose, direction, ground plane, and render goal.
5. Return a concise report that separates confirmed facts, likely causes, and required fixes.
## Inspection Workflow
1. Inventory the scene.
- List meshes, armatures, empties, cameras, lights, modifiers, parent relationships, and hidden objects.
- Separate character meshes from helper/proxy geometry before judging the avatar.
- Record object-space and world-space bounding boxes.
2. Identify the skeleton.
- Capture armature names, pose bones, bone heads/tails, roll, parent chains, constraints, and rest-pose axes.
- Map semantic bones such as hips, spine, neck, head, shoulders, elbows, hands, thighs, knees, ankles, and feet.
- Flag missing left/right pairs and unusual naming schemes.
3. Determine forward, up, and side axes.
- Use the pelvis, spine, shoulders, hips, head, and feet together; do not rely on a single mesh normal.
- Compare local armature axes with world axes and imported file conventions such as glTF Y-up vs Blender Z-up.
- Mark likely mirrored or backwards imports when face/head/feet direction conflicts with root motion.
4. Sample animation frames.
- Inspect first, middle, contact, airborne, and extreme frames.
- Record root location, root heading, pelvis height, torso lean, limb directions, foot clearance, and mesh bounds.
- For long or fast motion, sample more densely around flips, landings, turns, collisions, and floor contacts.
5. Check model integrity before retargeting blame.
- Confirm the clean baseline shape before applying animation.
- Preserve original mesh, materials, armature, and skinning unless the user explicitly asks for repair.
- Treat unexplained sphere-like blobs, giant proxy meshes, or crushed bodies as import/selection issues until proven otherwise.
6. Diagnose contact and motion issues.
- Ground penetration: compare lowest foot or shoe vertices with floor height per frame.
- Foot sliding: compare foot world positions across planted frames.
- Leg crossover: compare left/right thigh, knee, ankle, and foot side ordering.
- Twist damage: compare bone swing direction separately from roll/twist around the limb axis.
- Scale drift: compare animated mesh bounds against the clean baseline bounds.
7. Report facts before opinions.
- Include frame numbers, object names, bone names, world coordinates, and thresholds.
- Separate confirmed failures from visual suspicions.
- Attach screenshots only after the structured state explains what to look for.
## Recommended Report Shape
```markdown
## Blender Motion Inspection
### Scene Inventory
- Character candidates:
- Armatures:
- Helper/proxy objects:
- Cameras/lights:
### Orientation
- World up:
- Character forward:
- Root heading:
- Mirrored/backwards risk:
### Baseline Integrity
- Clean mesh bounds:
- Animated mesh bounds:
- Materials/skin preserved:
- Suspicious non-character meshes:
### Frame Findings
| Frame | Finding | Evidence |
| --- | --- | --- |
| 1 | Clean baseline pose | hips/spine/feet aligned |
| 96 | Foot penetrates floor | left_foot min_z = -0.04 |
### Verdict
- Pass/fail:
- Required fix:
- Render readiness:
```
## Examples
### Walk Cycle With Foot Sliding
Scenario: a retargeted character appears to skate during a walk cycle, but the front camera angle makes the foot contact hard to judge.
Apply the workflow:
- Inventory the scene: character mesh `HeroBody`, armature `HeroRig`, ground plane `Floor`, no hidden proxy meshes.
- Identify the skeleton: semantic feet are `foot.L` and `foot.R`; hips are `pelvis`; root bone is `root`.
- Sample animation frames: inspect frames 1, 18, 24, 30, 42, and 48 around planted-foot moments.
- Diagnose contact and motion issues: compare world-space foot locations during planted frames.
Extracted facts:
| Frame | Fact | Evidence |
| --- | --- | --- |
| 18 | Left foot is planted | `foot.L min_z = 0.004`, toe and heel both near floor |
| 24 | Left foot slides while planted | `foot.L x = 0.21 -> 0.28` over six frames |
| 30 | Pelvis keeps moving forward | `pelvis y = 1.14 -> 1.31` |
Verdict: fail for render readiness. The motion needs foot-lock cleanup or retargeting constraint review; the body mesh does not need proportion changes.
### Backwards Imported Character
Scenario: a character looks correct in a still frame, but the animation moves opposite the expected travel direction.
Apply the workflow:
- Determine forward, up, and side axes: compare head, chest, feet, and root motion.
- Sample animation frames: inspect frame 1 and the midpoint of the travel path.
- Report facts before opinions: include the root heading and model-facing direction separately.
Extracted facts:
| Frame | Fact | Evidence |
| --- | --- | --- |
| 1 | Character face points toward world `-Y` | head/chest vector from `neck` to `head` resolves to `-Y` |
| 72 | Root motion travels toward world `+Y` | `root y = 0.0 -> 2.8` |
| 72 | Feet remain visually forward-facing opposite travel | toe bones point `-Y` while displacement is `+Y` |
Verdict: likely backwards import or retargeting forward-axis mismatch. Fix the import/retarget axis mapping before editing animation curves.
## Practical Thresholds
- Assume Blender's default meter-scale units unless the scene unit scale says otherwise.
- Treat ground penetration above 1-2 cm as visible unless the floor is soft or intentionally stylized.
- Treat a sudden scale change above 5% as a likely rig, constraint, or transform inheritance problem.
- Treat left/right ankle side-order flips during airborne inverted motion as leg crossover risk even if it recovers later.
- Treat root heading jumps above 30 degrees per frame as suspicious unless the source motion includes a snap turn.
## Anti-Patterns
- Do not modify body proportions to force pose matching unless the task is explicitly mesh repair.
- Do not bake away the clean baseline before recording it.
- Do not use one rendered camera angle as proof that a pose is correct.
- Do not delete helper objects until you have recorded why they are not part of the character.
- Do not assume an avatar faces +Y, -Y, +X, or -X without checking head, feet, torso, and root motion together.
## Tooling Notes
If a Blender state exporter is available, prefer JSON that includes meshes, armatures, pose bones, materials, contacts, bounding boxes, and sampled animation frames. If no exporter exists, run a small Blender Python script through Blender itself, for example `blender --background scene.blend --python collect_motion_state.py`, because `bpy` is not available in a normal system Python interpreter.

8
skills/continuous-learning-v2/hooks/observe.sh
View File

@@ -116,13 +116,7 @@ except(KeyError, TypeError, ValueError):
# If cwd was provided in stdin, use it for project detection
if [ -n "$STDIN_CWD" ] && [ -d "$STDIN_CWD" ]; then
_GIT_ROOT=$(git -C "$STDIN_CWD" rev-parse --show-toplevel 2>/dev/null || true)
if [ -n "$_GIT_ROOT" ]; then
export CLAUDE_PROJECT_DIR="$_GIT_ROOT"
unset CLV2_NO_PROJECT
else
unset CLAUDE_PROJECT_DIR
export CLV2_NO_PROJECT=1
fi
export CLAUDE_PROJECT_DIR="${_GIT_ROOT:-$STDIN_CWD}"
fi
# ─────────────────────────────────────────────

42
skills/continuous-learning-v2/scripts/detect-project.sh
View File

@@ -75,42 +75,16 @@ _clv2_normalize_remote_url() {
fi
}
_clv2_main_worktree_root() {
local root="$1"
[ -z "$root" ] && return 0
command -v git >/dev/null 2>&1 || return 0
git -C "$root" worktree list --porcelain 2>/dev/null | while IFS= read -r line; do
case "$line" in
worktree\ *)
printf '%s\n' "${line#worktree }"
break
;;
esac
done
}
_clv2_detect_project() {
local project_root=""
local project_name=""
local project_id=""
local source_hint=""
if [ "${CLV2_NO_PROJECT:-0}" = "1" ]; then
_CLV2_PROJECT_ID="global"
_CLV2_PROJECT_NAME="global"
_CLV2_PROJECT_ROOT=""
_CLV2_PROJECT_DIR="${_CLV2_HOMUNCULUS_DIR}"
mkdir -p "$_CLV2_PROJECT_DIR"
return 0
fi
# 1. Try CLAUDE_PROJECT_DIR env var
if [ -n "$CLAUDE_PROJECT_DIR" ] && [ -d "$CLAUDE_PROJECT_DIR" ] && command -v git &>/dev/null; then
project_root=$(git -C "$CLAUDE_PROJECT_DIR" rev-parse --show-toplevel 2>/dev/null || true)
if [ -n "$project_root" ]; then
source_hint="env"
fi
if [ -n "$CLAUDE_PROJECT_DIR" ] && [ -d "$CLAUDE_PROJECT_DIR" ]; then
project_root="$CLAUDE_PROJECT_DIR"
source_hint="env"
fi
# 2. Try git repo root from CWD (only if git is available)
@@ -127,7 +101,6 @@ _clv2_detect_project() {
_CLV2_PROJECT_NAME="global"
_CLV2_PROJECT_ROOT=""
_CLV2_PROJECT_DIR="${_CLV2_HOMUNCULUS_DIR}"
mkdir -p "$_CLV2_PROJECT_DIR"
return 0
fi
@@ -160,14 +133,7 @@ _clv2_detect_project() {
normalized_remote=$(_clv2_normalize_remote_url "$remote_url")
fi
local fallback_root="$project_root"
if [ -z "$remote_url" ]; then
local main_worktree_root
main_worktree_root=$(_clv2_main_worktree_root "$project_root")
[ -n "$main_worktree_root" ] && fallback_root="$main_worktree_root"
fi
local hash_input="${normalized_remote:-${remote_url:-$fallback_root}}"
local hash_input="${normalized_remote:-${remote_url:-$project_root}}"
# Prefer Python for consistent SHA256 behavior across shells/platforms.
# Pass the value via env var and encode as UTF-8 inside Python so the hash
# is locale-independent (shells vary between UTF-8 / CP932 / CP1252, which

331
skills/continuous-learning-v2/scripts/instinct-cli.py
View File

@@ -22,7 +22,6 @@ import os
import subprocess
import sys
import re
import shutil
import urllib.request
from pathlib import Path
from datetime import datetime, timedelta, timezone
@@ -195,64 +194,26 @@ def _yaml_quote(value: str) -> str:
# Project Detection (Python equivalent of detect-project.sh)
# ─────────────────────────────────────────────
def _git_repo_root(cwd: Optional[str] = None) -> Optional[str]:
args = ["git"]
if cwd:
args.extend(["-C", cwd])
args.extend(["rev-parse", "--show-toplevel"])
try:
result = subprocess.run(args, capture_output=True, text=True, timeout=5)
if result.returncode == 0:
return result.stdout.strip()
except (subprocess.TimeoutExpired, FileNotFoundError):
pass
return None
def _main_worktree_root(project_root: str) -> str:
"""Return the main worktree root when project_root is a linked worktree."""
try:
result = subprocess.run(
["git", "-C", project_root, "worktree", "list", "--porcelain"],
capture_output=True, text=True, timeout=5
)
except (subprocess.TimeoutExpired, FileNotFoundError):
return project_root
if result.returncode != 0:
return project_root
for line in result.stdout.splitlines():
if line.startswith("worktree "):
main_root = line.split(" ", 1)[1].strip()
return main_root or project_root
return project_root
def detect_project() -> dict:
"""Detect current project context. Returns dict with id, name, root, project_dir."""
project_root = None
if os.environ.get("CLV2_NO_PROJECT") == "1":
return {
"id": "global",
"name": "global",
"root": "",
"project_dir": HOMUNCULUS_DIR,
"instincts_personal": GLOBAL_PERSONAL_DIR,
"instincts_inherited": GLOBAL_INHERITED_DIR,
"evolved_dir": GLOBAL_EVOLVED_DIR,
"observations_file": GLOBAL_OBSERVATIONS_FILE,
}
# 1. CLAUDE_PROJECT_DIR env var
env_dir = os.environ.get("CLAUDE_PROJECT_DIR")
if env_dir and os.path.isdir(env_dir):
project_root = _git_repo_root(env_dir)
project_root = env_dir
# 2. git repo root
if not project_root:
project_root = _git_repo_root()
try:
result = subprocess.run(
["git", "rev-parse", "--show-toplevel"],
capture_output=True, text=True, timeout=5
)
if result.returncode == 0:
project_root = result.stdout.strip()
except (subprocess.TimeoutExpired, FileNotFoundError):
pass
# Normalize: strip trailing slashes to keep basename and hash stable
if project_root:
@@ -289,10 +250,9 @@ def detect_project() -> dict:
if remote_url:
remote_url = _strip_remote_credentials(remote_url)
fallback_root = _main_worktree_root(project_root) if not remote_url else project_root
legacy_hash_source = remote_url if remote_url else project_root
normalized_remote = _normalize_remote_url(remote_url) if remote_url else ""
hash_source = normalized_remote if normalized_remote else (remote_url if remote_url else fallback_root)
hash_source = normalized_remote if normalized_remote else legacy_hash_source
project_id = _project_hash(hash_source)
project_dir = PROJECTS_DIR / project_id
@@ -392,26 +352,6 @@ def load_registry() -> dict:
return {}
def _write_registry(registry: dict) -> None:
"""Write the project registry atomically."""
REGISTRY_FILE.parent.mkdir(parents=True, exist_ok=True)
tmp_file = REGISTRY_FILE.parent / f".{REGISTRY_FILE.name}.tmp.{os.getpid()}"
with open(tmp_file, "w", encoding="utf-8") as f:
json.dump(registry, f, indent=2)
f.write("\n")
f.flush()
os.fsync(f.fileno())
os.replace(tmp_file, REGISTRY_FILE)
def _validate_project_id(project_id: str) -> bool:
if not project_id or len(project_id) > 128:
return False
if "/" in project_id or "\\" in project_id or ".." in project_id:
return False
return bool(re.match(r"^[A-Za-z0-9][A-Za-z0-9._-]*$", project_id))
# ─────────────────────────────────────────────
# Instinct Parser
# ─────────────────────────────────────────────
@@ -496,96 +436,6 @@ def _load_instincts_from_dir(directory: Path, source_type: str, scope_label: str
return instincts
def _project_counts(project_id: str) -> dict:
project_dir = PROJECTS_DIR / project_id
personal_dir = project_dir / "instincts" / "personal"
inherited_dir = project_dir / "instincts" / "inherited"
observations_file = project_dir / "observations.jsonl"
personal_count = len(_load_instincts_from_dir(personal_dir, "personal", "project"))
inherited_count = len(_load_instincts_from_dir(inherited_dir, "inherited", "project"))
observations_count = 0
if observations_file.exists():
try:
with open(observations_file, encoding="utf-8") as f:
observations_count = sum(1 for _ in f)
except OSError:
observations_count = 0
return {
"personal": personal_count,
"inherited": inherited_count,
"observations": observations_count,
"total": personal_count + inherited_count + observations_count,
}
def _remove_project_storage(project_id: str) -> None:
project_dir = PROJECTS_DIR / project_id
if project_dir.exists():
shutil.rmtree(project_dir)
def _project_instinct_ids(project_dir: Path, source_type: str) -> set[str]:
instinct_dir = project_dir / "instincts" / source_type
return {
inst.get("id")
for inst in _load_instincts_from_dir(instinct_dir, source_type, "project")
if inst.get("id")
}
def _merge_instinct_dir(from_dir: Path, into_dir: Path, existing_ids: set[str]) -> tuple[int, int]:
moved = 0
skipped = 0
if not from_dir.exists():
return moved, skipped
into_dir.mkdir(parents=True, exist_ok=True)
for file_path in sorted(from_dir.iterdir()):
if not file_path.is_file() or file_path.suffix.lower() not in ALLOWED_INSTINCT_EXTENSIONS:
continue
try:
instincts = parse_instinct_file(file_path.read_text(encoding="utf-8"))
except (OSError, UnicodeDecodeError):
instincts = []
instinct_ids = [inst.get("id") for inst in instincts if inst.get("id")]
if any(instinct_id in existing_ids for instinct_id in instinct_ids):
skipped += 1
continue
target_path = into_dir / file_path.name
if target_path.exists():
target_path = into_dir / f"{file_path.stem}-{_project_hash(str(file_path))}{file_path.suffix}"
shutil.copy2(file_path, target_path)
existing_ids.update(instinct_ids)
moved += 1
return moved, skipped
def _append_observations(from_project_dir: Path, into_project_dir: Path) -> int:
from_file = from_project_dir / "observations.jsonl"
if not from_file.exists():
return 0
into_file = into_project_dir / "observations.jsonl"
into_file.parent.mkdir(parents=True, exist_ok=True)
try:
lines = from_file.read_text(encoding="utf-8").splitlines()
except (OSError, UnicodeDecodeError):
return 0
if not lines:
return 0
with open(into_file, "a", encoding="utf-8") as f:
for line in lines:
if line.strip():
f.write(line.rstrip("\n") + "\n")
return len([line for line in lines if line.strip()])
def load_all_instincts(project: dict, include_global: bool = True) -> list[dict]:
"""Load all instincts: project-scoped + global.
@@ -1330,14 +1180,7 @@ def _promote_auto(project: dict, force: bool, dry_run: bool) -> int:
# ─────────────────────────────────────────────
def cmd_projects(args) -> int:
"""List or maintain known projects and their instinct counts."""
if getattr(args, "project_action", None) == "delete":
return _cmd_projects_delete(args)
if getattr(args, "project_action", None) == "merge":
return _cmd_projects_merge(args)
if getattr(args, "project_action", None) == "gc":
return _cmd_projects_gc(args)
"""List all known projects and their instinct counts."""
registry = load_registry()
if not registry:
@@ -1382,143 +1225,6 @@ def cmd_projects(args) -> int:
return 0
def _cmd_projects_delete(args) -> int:
registry = load_registry()
project_id = args.project_id
if not _validate_project_id(project_id):
print(f"Invalid project ID: {project_id}", file=sys.stderr)
return 1
if project_id not in registry and not (PROJECTS_DIR / project_id).exists():
print(f"Project '{project_id}' not found.", file=sys.stderr)
return 1
counts = _project_counts(project_id)
print(f"Project: {project_id}")
print(f" Instincts: {counts['personal']} personal, {counts['inherited']} inherited")
print(f" Observations: {counts['observations']} events")
if args.dry_run:
print(f"\n[DRY RUN] Would delete project '{project_id}' from registry and storage.")
return 0
if not args.force:
if counts["total"] > 0:
print("\nWarning: this project has instincts or observations.")
response = input(f"Delete project '{project_id}'? [y/N] ")
if response.lower() != "y":
print("Cancelled.")
return 0
registry.pop(project_id, None)
_write_registry(registry)
_remove_project_storage(project_id)
print(f"\nDeleted project '{project_id}'.")
return 0
def _cmd_projects_gc(args) -> int:
registry = load_registry()
candidates = [
project_id
for project_id in sorted(registry)
if _validate_project_id(project_id) and _project_counts(project_id)["total"] == 0
]
if not candidates:
print("No zero-value project entries found.")
return 0
print(f"Zero-value project entries: {len(candidates)}")
for project_id in candidates:
pinfo = registry.get(project_id, {})
print(f" - {pinfo.get('name', project_id)} [{project_id}]")
if args.dry_run:
print(f"\n[DRY RUN] Would delete {len(candidates)} project entr{'y' if len(candidates) == 1 else 'ies'}.")
return 0
if not args.force:
response = input(f"\nDelete {len(candidates)} zero-value project entr{'y' if len(candidates) == 1 else 'ies'}? [y/N] ")
if response.lower() != "y":
print("Cancelled.")
return 0
for project_id in candidates:
registry.pop(project_id, None)
_remove_project_storage(project_id)
_write_registry(registry)
print(f"\nDeleted {len(candidates)} zero-value project entr{'y' if len(candidates) == 1 else 'ies'}.")
return 0
def _cmd_projects_merge(args) -> int:
from_id = args.from_id
into_id = args.into_id
if not _validate_project_id(from_id) or not _validate_project_id(into_id):
print("Invalid project ID.", file=sys.stderr)
return 1
if from_id == into_id:
print("Cannot merge a project into itself.", file=sys.stderr)
return 1
registry = load_registry()
if from_id not in registry:
print(f"Source project '{from_id}' not found.", file=sys.stderr)
return 1
if into_id not in registry:
print(f"Destination project '{into_id}' not found.", file=sys.stderr)
return 1
from_counts = _project_counts(from_id)
into_counts = _project_counts(into_id)
print(f"Merge: {from_id} -> {into_id}")
print(f" Source: {from_counts['personal']} personal, {from_counts['inherited']} inherited, {from_counts['observations']} observations")
print(f" Destination before merge: {into_counts['personal']} personal, {into_counts['inherited']} inherited, {into_counts['observations']} observations")
if args.dry_run:
print("\n[DRY RUN] Would merge source project into destination and remove source.")
return 0
if not args.force:
response = input(f"\nMerge '{from_id}' into '{into_id}' and remove source? [y/N] ")
if response.lower() != "y":
print("Cancelled.")
return 0
from_project_dir = PROJECTS_DIR / from_id
into_project_dir = PROJECTS_DIR / into_id
into_project_dir.mkdir(parents=True, exist_ok=True)
personal_existing = _project_instinct_ids(into_project_dir, "personal")
inherited_existing = _project_instinct_ids(into_project_dir, "inherited")
personal_moved, personal_skipped = _merge_instinct_dir(
from_project_dir / "instincts" / "personal",
into_project_dir / "instincts" / "personal",
personal_existing,
)
inherited_moved, inherited_skipped = _merge_instinct_dir(
from_project_dir / "instincts" / "inherited",
into_project_dir / "instincts" / "inherited",
inherited_existing,
)
observations_moved = _append_observations(from_project_dir, into_project_dir)
registry.pop(from_id, None)
destination = registry.get(into_id, {})
destination["last_seen"] = datetime.now(timezone.utc).isoformat().replace("+00:00", "Z")
registry[into_id] = destination
_write_registry(registry)
_remove_project_storage(from_id)
print("\nMerged project registry entry.")
print(f" Moved instincts: {personal_moved + inherited_moved}")
print(f" Skipped duplicate instincts: {personal_skipped + inherited_skipped}")
print(f" Appended observations: {observations_moved}")
return 0
# ─────────────────────────────────────────────
# Generate Evolved Structures
# ─────────────────────────────────────────────
@@ -1780,19 +1486,6 @@ def main() -> int:
# Projects (new in v2.1)
projects_parser = subparsers.add_parser('projects', help='List known projects and instinct counts')
projects_subparsers = projects_parser.add_subparsers(dest='project_action')
projects_delete = projects_subparsers.add_parser('delete', help='Delete a project registry entry')
projects_delete.add_argument('project_id', help='Project ID to delete')
projects_delete.add_argument('--dry-run', action='store_true', help='Preview without deleting')
projects_delete.add_argument('--force', action='store_true', help='Skip confirmation')
projects_merge = projects_subparsers.add_parser('merge', help='Merge one project registry entry into another')
projects_merge.add_argument('from_id', help='Source project ID')
projects_merge.add_argument('into_id', help='Destination project ID')
projects_merge.add_argument('--dry-run', action='store_true', help='Preview without merging')
projects_merge.add_argument('--force', action='store_true', help='Skip confirmation')
projects_gc = projects_subparsers.add_parser('gc', help='Delete zero-value project registry entries')
projects_gc.add_argument('--dry-run', action='store_true', help='Preview without deleting')
projects_gc.add_argument('--force', action='store_true', help='Skip confirmation')
# Prune (pending instinct TTL)
prune_parser = subparsers.add_parser('prune', help='Delete pending instincts older than TTL')

115
skills/social-publisher/SKILL.md
View File

@@ -1,115 +0,0 @@
---
name: social-publisher
description: Agent-driven scheduling and publishing of social media posts across 13 platforms via SocialClaw. Use when the user wants to publish to X, LinkedIn, Instagram, Facebook Pages, TikTok, Discord, Telegram, YouTube, Reddit, WordPress, or Pinterest — or when managing campaigns, uploading media, or monitoring post delivery status.
origin: community
---
# Social Publisher (SocialClaw)
Connects Claude Code to [SocialClaw](https://getsocialclaw.com) for agent-driven social media publishing across 13 platforms through a single workspace API key.
## When to Activate
- publish content to X, LinkedIn, Instagram, TikTok, or other platforms
- schedule a post campaign across multiple platforms at once
- upload media for use in social posts
- validate a post schedule before going live
- monitor publishing run status and delivery analytics
## Setup
```bash
# Required: workspace API key from https://getsocialclaw.com/dashboard
export SC_API_KEY="<workspace-key>"
# Verify access
curl -sS -H "Authorization: Bearer $SC_API_KEY" https://getsocialclaw.com/v1/keys/validate
# Install CLI (optional but recommended)
npm install -g socialclaw@0.1.12
socialclaw login --api-key <workspace-key>
```
## Core Workflow
### 1. List connected accounts
```bash
socialclaw accounts list --json
```
If not connected:
```bash
socialclaw accounts connect --provider x --open
socialclaw accounts connect --provider linkedin --open
```
### 2. Upload media (optional)
```bash
socialclaw assets upload --file ./image.png --json
# → { "asset_id": "..." }
```
### 3. Build schedule.json
```json
{
"posts": [
{
"provider": "x",
"account_id": "<account-id>",
"text": "Post text here",
"scheduled_at": "2026-06-01T10:00:00Z"
}
]
}
```
### 4. Validate before publishing
```bash
socialclaw validate -f schedule.json --json
```
### 5. Publish
```bash
socialclaw apply -f schedule.json --json
# → { "run_id": "..." }
```
### 6. Monitor
```bash
socialclaw status --run-id <run-id> --json
socialclaw posts list --json
```
## Supported Providers
| Provider | Key |
|----------|-----|
| X (Twitter) | `x` |
| LinkedIn profile | `linkedin` |
| LinkedIn page | `linkedin_page` |
| Instagram Business | `instagram_business` |
| Instagram standalone | `instagram` |
| Facebook Page | `facebook` |
| TikTok | `tiktok` |
| YouTube | `youtube` |
| Reddit | `reddit` |
| WordPress | `wordpress` |
| Discord | `discord` |
| Telegram | `telegram` |
| Pinterest | `pinterest` |
## Security
- Outbound requests go to `getsocialclaw.com` only
- Provider OAuth is in the SocialClaw dashboard — no per-provider secrets exposed to the agent
- `SC_API_KEY` is a workspace-scoped key
## Related Skills
- `x-api` — direct X/Twitter API operations
- `social-graph-ranker` — network analysis for outreach targeting
## Source
- npm: `npm install -g socialclaw@0.1.12`
- Dashboard: https://getsocialclaw.com/dashboard

54
skills/strategic-compact/suggest-compact.sh Executable file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
# Strategic Compact Suggester
# Runs on PreToolUse or periodically to suggest manual compaction at logical intervals
#
# Why manual over auto-compact:
# - Auto-compact happens at arbitrary points, often mid-task
# - Strategic compacting preserves context through logical phases
# - Compact after exploration, before execution
# - Compact after completing a milestone, before starting next
#
# Hook config (in ~/.claude/settings.json):
# {
# "hooks": {
# "PreToolUse": [{
# "matcher": "Edit|Write",
# "hooks": [{
# "type": "command",
# "command": "~/.claude/skills/strategic-compact/suggest-compact.sh"
# }]
# }]
# }
# }
#
# Criteria for suggesting compact:
# - Session has been running for extended period
# - Large number of tool calls made
# - Transitioning from research/exploration to implementation
# - Plan has been finalized
# Track tool call count (increment in a temp file)
# Use CLAUDE_SESSION_ID for session-specific counter (not $$ which changes per invocation)
SESSION_ID="${CLAUDE_SESSION_ID:-${PPID:-default}}"
COUNTER_FILE="/tmp/claude-tool-count-${SESSION_ID}"
THRESHOLD=${COMPACT_THRESHOLD:-50}
# Initialize or increment counter
if [ -f "$COUNTER_FILE" ]; then
count=$(cat "$COUNTER_FILE")
count=$((count + 1))
echo "$count" > "$COUNTER_FILE"
else
echo "1" > "$COUNTER_FILE"
count=1
fi
# Suggest compact after threshold tool calls
if [ "$count" -eq "$THRESHOLD" ]; then
echo "[StrategicCompact] $THRESHOLD tool calls reached - consider /compact if transitioning phases" >&2
fi
# Suggest at regular intervals after threshold
if [ "$count" -gt "$THRESHOLD" ] && [ $((count % 25)) -eq 0 ]; then
echo "[StrategicCompact] $count tool calls - good checkpoint for /compact if context is stale" >&2
fi

343
skills/uncloud/SKILL.md
View File

@@ -1,343 +0,0 @@
---
name: uncloud
description: Use when managing an Uncloud cluster — deploying services, configuring Caddy ingress, adding static proxy routes for non-cluster devices, publishing ports, scaling, inspecting logs, or managing machines and volumes with the `uc` CLI.
origin: ECC
---
# Uncloud Cluster Management
Reference for the `uc` CLI — a decentralised self-hosting platform using Docker containers, WireGuard mesh networking, and Caddy reverse proxy.
## When to Activate
Use this skill when working with Uncloud clusters, especially when:
- Bootstrapping or joining machines with `uc machine`
- Deploying services from Compose files with `uc deploy`
- Publishing HTTP, HTTPS, TCP, or UDP ports through Uncloud
- Configuring Caddy ingress with `x-caddy`, `x-ports`, or `--caddyfile`
- Routing external LAN devices through the cluster proxy
- Inspecting logs, service state, volumes, DNS, or machine placement
## How It Works
Uncloud runs Docker services across peer machines connected by a WireGuard mesh. Each machine is an equal cluster member; services communicate on the overlay network and Caddy runs globally to terminate public HTTP/HTTPS traffic. Compose files can use Uncloud extensions for ingress, placement, and generated Caddy configuration, while the `uc` CLI handles image distribution, scheduling, scaling, logs, and cluster state.
## Examples
```bash
uc machine init user@host --name machine-1
uc service run --name web -p app.example.com:8080/https nginx:latest
uc deploy
```
## Core Concepts
- **No central control plane** — all machines are equal peers connected by WireGuard
- **Caddy** runs as a global service on every machine; auto-obtains TLS from Let's Encrypt
- **Overlay network** — services communicate via `10.210.0.0/16` by default; DNS provided inside the mesh
- **Caddyfile is autogenerated** — never edit it directly; use `x-caddy` / `--caddyfile` instead
---
## CLI Quick Reference
### Machines
| Command | Purpose |
|---------|---------|
| `uc machine init user@host` | Bootstrap first machine / new cluster |
| `uc machine add user@host` | Join machine to existing cluster |
| `uc machine ls` | List machines |
| `uc machine update NAME --public-ip IP` | Update public IP for ingress |
| `uc machine rm NAME` | Remove machine |
Key `init` flags: `--name`, `--network 10.210.0.0/16`, `--no-caddy`, `--no-dns`, `--public-ip auto\|IP\|none`
### Services
| Command | Purpose |
|---------|---------|
| `uc service ls` / `uc ls` | List services |
| `uc service run IMAGE` | Run a single container service |
| `uc deploy` | Deploy from `compose.yaml` |
| `uc deploy --no-build` | Deploy already-pushed images without rebuilding |
| `uc deploy --recreate` | Force service recreation |
| `uc scale SERVICE N` | Set replica count |
| `uc service logs SERVICE` | View logs |
| `uc service exec SERVICE` | Shell into container |
| `uc service inspect SERVICE` | Detailed info |
| `uc service rm SERVICE` | Remove service (keeps named volumes) |
| `uc ps` | All containers across cluster |
### Images
```bash
uc image push myapp:latest # Push local image to all machines
uc image push myapp:latest -m machine1,machine2 # Push to specific machines
uc images # List images in cluster
```
### Volumes
```bash
uc volume ls # All volumes
uc volume ls -m machine1 # On specific machine
uc volume create NAME -m MACHINE
uc volume rm NAME
```
### Caddy
```bash
uc caddy config # Show current generated Caddyfile (read-only)
uc caddy deploy # Deploy/upgrade Caddy across cluster
```
### DNS & Context
```bash
uc dns show # Show reserved *.uncld.dev domain
uc dns reserve # Reserve a new domain
uc ctx ls # List cluster contexts
uc ctx use prod # Switch context
```
---
## Port Publishing
### HTTP/HTTPS (via Caddy reverse proxy)
```
-p [hostname:]container_port[/protocol]
```
| Example | Meaning |
|---------|---------|
| `-p 8080/https` | HTTPS with auto `service-name.cluster-domain` hostname |
| `-p app.example.com:8080/https` | HTTPS with custom hostname |
| `-p 8080/http` | HTTP only, no TLS |
### TCP/UDP (host-bound, bypasses Caddy)
```
-p [host_ip:]host_port:container_port[/protocol]@host
```
| Example | Meaning |
|---------|---------|
| `-p 5432:5432@host` | TCP 5432 on all interfaces |
| `-p 127.0.0.1:5432:5432@host` | TCP 5432 loopback only |
| `-p 53:5353/udp@host` | UDP |
---
## Compose File Extensions
Uncloud adds these extensions on top of Docker Compose:
### `x-ports` — publish ports with domains
```yaml
services:
app:
image: app:latest
x-ports:
- example.com:8000/https
- www.example.com:8000/https
- api.example.com:9000/https
```
### `x-caddy` — custom Caddy config for service
```yaml
services:
app:
image: app:latest
x-caddy: |
example.com {
redir https://www.example.com{uri} permanent
}
www.example.com {
reverse_proxy {{upstreams 8000}} {
import common_proxy
}
basic_auth /admin/* {
admin $2a$14$...
}
}
```
Template functions available inside `x-caddy`:
- `{{upstreams [service] [port]}}` — healthy container IPs
- `{{.Name}}` — service name
- `{{.Upstreams}}` — map of all services → IPs
### `x-machines` — placement constraints
```yaml
services:
db:
image: postgres:18
x-machines: db-machine # Single machine name
app:
image: app:latest
x-machines:
- machine-1
- machine-2
```
### Full multi-service example
```yaml
services:
api:
build: ./api
x-ports:
- api.example.com:3000/https
environment:
DATABASE_URL: postgres://db:5432/mydb
web:
build: ./web
x-ports:
- example.com:8000/https
- www.example.com:8000/https
environment:
API_URL: http://api:3000
db:
image: postgres:18
environment:
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- db-data:/var/lib/postgresql/data
x-machines: db-machine
volumes:
db-data:
```
---
## Routing to External (Non-Cluster) Devices
To expose an external device (e.g. BMC, NAS, router UI) via Caddy without running a real container:
**1. Create a Caddyfile snippet** (e.g. `~/device.caddyfile`):
```caddyfile
https://device.example.com {
reverse_proxy https://192.168.1.x {
transport http {
tls_insecure_skip_verify # needed for self-signed BMC certs
}
}
log
}
```
For plaintext upstream: `reverse_proxy http://192.168.1.x:port`
**2. Register as a named service with no-op container:**
```bash
uc service run \
--name device-bmc \
--caddyfile ~/device.caddyfile \
registry.k8s.io/pause:3.9
```
`pause` is a minimal no-op container — it does nothing, but gives Uncloud a service entry to attach the Caddyfile to.
**3. Verify:**
```bash
uc caddy config # device.example.com block should appear
```
> `--caddyfile` cannot be combined with non-`@host` published ports.
**DNS tip:** A wildcard record (`*.yourdomain.com → cluster-public-ip`) means any new subdomain works immediately — no DNS change needed per service.
---
## Service DNS (Internal)
Services inside the cluster resolve each other by name:
| DNS name | Resolves to |
|----------|------------|
| `service-name` | Any healthy container |
| `service-name.internal` | Same |
| `rr.service-name.internal` | Round-robin |
| `nearest.service-name.internal` | Machine-local first |
---
## Scaling & Global Services
```bash
uc scale web 5 # 5 replicas (spread across machines)
uc scale web 1 # Scale down
```
```yaml
services:
caddy:
deploy:
mode: global # One container on every machine
```
---
## Image Tag Templates (in compose.yaml)
```yaml
image: myapp:{{gitdate "20060102"}}.{{gitsha 7}}
image: myapp:{{gitsha 7}}.${GITHUB_RUN_ID:-local}
```
| Function | Output |
|----------|--------|
| `{{gitsha N}}` | First N chars of commit SHA |
| `{{gitdate "format"}}` | Git commit date in Go format |
| `{{date "format"}}` | Current date |
---
## Common Workflows
**Deploy from source:**
```bash
uc deploy # Build + push + deploy
uc build --push && uc deploy --no-build # Separate steps
```
**Inspect a service:**
```bash
uc inspect web
uc logs -f web
uc logs --since 1h web
uc exec web # Opens shell
uc exec web /bin/sh -c "env" # Run specific command
```
**Zero-downtime deploys** happen automatically; Uncloud waits for health checks before terminating old containers.
**Force recreate:**
```bash
uc deploy --recreate
```
---
## Common Mistakes
| Mistake | Fix |
|---------|-----|
| Editing the Caddyfile directly | Use `x-caddy` in compose or `--caddyfile` on `uc service run` |
| Proxying an HTTPS upstream with self-signed cert | Add `transport http { tls_insecure_skip_verify }` |
| `uc caddy config` shows no user-defined blocks | Caddy admin socket unreachable — check `uc inspect caddy` and `uc logs caddy` |
| Service can't reach external LAN IP from container | Verify Caddy container's host can route to target network |
| Volumes lost after `uc service rm` | Named volumes persist; only anonymous volumes are auto-removed |

5
src/llm/providers/astraflow.py
View File

@@ -15,7 +15,6 @@ from llm.core.interface import (
RateLimitError,
)
from llm.core.types import LLMInput, LLMOutput, ModelInfo, ProviderType, ToolCall
from llm.providers.constants import EMPTY_FILTERED_RESPONSE_ERROR
ASTRAFLOW_BASE_URL = "https://api.umodelverse.ai/v1"
ASTRAFLOW_CN_BASE_URL = "https://api.modelverse.cn/v1"
@@ -56,7 +55,7 @@ class _AstraflowBaseProvider(LLMProvider):
env_model = os.environ.get(self.model_env)
fallback_model = os.environ.get(self.fallback_model_env) if self.fallback_model_env else None
self.default_model = default_model or env_model or fallback_model or DEFAULT_ASTRAFLOW_MODEL
self.client = OpenAI(api_key=self.api_key, base_url=self.base_url, _enforce_credentials=False)
self.client = OpenAI(api_key=self.api_key, base_url=self.base_url)
self._models = [
ModelInfo(
name=self.default_model,
@@ -80,8 +79,6 @@ class _AstraflowBaseProvider(LLMProvider):
params["tools"] = [tool.to_openai_tool() for tool in llm_input.tools]
response = self.client.chat.completions.create(**params)
if not response.choices or response.choices[0].message is None:
raise ValueError(EMPTY_FILTERED_RESPONSE_ERROR)
choice = response.choices[0]
tool_calls = None

Some files were not shown because too many files have changed in this diff Show More