zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-01 06:33:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b611f1b3764ec9f6732078eea2def95e49c22b9
everything-claude-code/AGENTS.md
Affaan Mustafa 6cc85ef2ed fix: CI fixes, security audit, remotion skill, lead-intelligence, npm audit (#1039) 
* fix(ci): resolve cross-platform test failures

- Sanity check script (check-codex-global-state.sh) now falls back to
  grep -E when ripgrep is not available, fixing the codex-hooks sync
  test on all CI platforms. Patterns converted to POSIX ERE for
  portability.
- Unicode safety test accepts both / and \ path separators so the
  executable-file assertion passes on Windows.
- Gacha test sets PYTHONUTF8=1 so Python uses UTF-8 stdout encoding on
  Windows instead of cp1252, preventing UnicodeEncodeError on box-drawing
  characters.
- Quoted-hook-path test skipped on Windows where NTFS disallows
  double-quote characters in filenames.

* feat: port remotion-video-creation skill (29 rules), restore missing files

New skill:
- remotion-video-creation: 29 domain-specific Remotion rules covering 3D/Three.js,
  animations, audio, captions, charts, compositions, fonts, GIFs, Lottie,
  measuring, sequencing, tailwind, text animations, timing, transitions,
  trimming, and video embedding. Ported from personal skills.

Restored:
- autonomous-agent-harness/SKILL.md (was in commit but missing from worktree)
- lead-intelligence/ (full directory restored from branch commit)

Updated:
- manifests/install-modules.json: added remotion-video-creation to media-generation
- README.md + AGENTS.md: synced counts to 139 skills

Catalog validates: 30 agents, 60 commands, 139 skills.

* fix(security): pin MCP server versions, add dependabot, pin github-script SHA

Critical:
- Pin all npx -y MCP server packages to specific versions in .mcp.json
  to prevent supply chain attacks via version hijacking:
  - @modelcontextprotocol/server-github@2025.4.8
  - @modelcontextprotocol/server-memory@2026.1.26
  - @modelcontextprotocol/server-sequential-thinking@2025.12.18
  - @playwright/mcp@0.0.69 (was 0.0.68)

Medium:
- Add .github/dependabot.yml for weekly npm + github-actions updates
  with grouped minor/patch PRs
- Pin actions/github-script to SHA (was @v7 tag, now pinned to commit)

* feat: add social-graph-ranker skill — weighted network proximity scoring

New skill: social-graph-ranker
- Weighted social graph traversal with exponential decay across hops
- Bridge Score: B(m) = Σ w(t) · λ^(d(m,t)-1) ranks mutuals by target proximity
- Extended Score incorporates 2nd-order network (mutual-of-mutual connections)
- Final ranking includes engagement bonus for responsive connections
- Runs in parallel with lead-intelligence skill for combined warm+cold outreach
- Supports X API + LinkedIn CSV for graph harvesting
- Outputs tiered action list: warm intros, direct outreach, network gap analysis

Added to business-content install module. Catalog validates: 30/60/140.

* fix(security): npm audit fix — resolve all dependency vulnerabilities

Applied npm audit fix --force to resolve:
- minimatch ReDoS (3 vulnerabilities, HIGH)
- smol-toml DoS (MODERATE)
- brace-expansion memory exhaustion (MODERATE)
- markdownlint-cli upgraded from 0.47.0 to 0.48.0

npm audit now reports 0 vulnerabilities.

* fix: resolve markdown lint and yarn lockfile sync

- MD047: ensure single trailing newline on all remotion rule files
- MD012: remove consecutive blank lines in lottie, measuring-dom-nodes, trimming
- MD034: wrap bare URLs in angle brackets (tailwind, transcribe-captions)
- yarn.lock: regenerated to sync with npm audit changes in package.json

* fix: replace unicode arrows in lead-intelligence (CI unicode safety check)
2026-03-31 15:08:55 -04:00

7.7 KiB
Raw Blame History

Everything Claude Code (ECC) — Agent Instructions

This is a production-ready AI coding plugin providing 30 specialized agents, 140 skills, 60 commands, and automated hook workflows for software development.

Version: 1.9.0

Core Principles

  1. Agent-First — Delegate to specialized agents for domain tasks
  2. Test-Driven — Write tests before implementation, 80%+ coverage required
  3. Security-First — Never compromise on security; validate all inputs
  4. Immutability — Always create new objects, never mutate existing ones
  5. Plan Before Execute — Plan complex features before writing code

Available Agents

Agent Purpose When to Use
planner Implementation planning Complex features, refactoring
architect System design and scalability Architectural decisions
tdd-guide Test-driven development New features, bug fixes
code-reviewer Code quality and maintainability After writing/modifying code
security-reviewer Vulnerability detection Before commits, sensitive code
build-error-resolver Fix build/type errors When build fails
e2e-runner End-to-end Playwright testing Critical user flows
refactor-cleaner Dead code cleanup Code maintenance
doc-updater Documentation and codemaps Updating docs
docs-lookup Documentation and API reference research Library/API documentation questions
cpp-reviewer C++ code review C++ projects
cpp-build-resolver C++ build errors C++ build failures
go-reviewer Go code review Go projects
go-build-resolver Go build errors Go build failures
kotlin-reviewer Kotlin code review Kotlin/Android/KMP projects
kotlin-build-resolver Kotlin/Gradle build errors Kotlin build failures
database-reviewer PostgreSQL/Supabase specialist Schema design, query optimization
python-reviewer Python code review Python projects
java-reviewer Java and Spring Boot code review Java/Spring Boot projects
java-build-resolver Java/Maven/Gradle build errors Java build failures
chief-of-staff Communication triage and drafts Multi-channel email, Slack, LINE, Messenger
loop-operator Autonomous loop execution Run loops safely, monitor stalls, intervene
harness-optimizer Harness config tuning Reliability, cost, throughput
rust-reviewer Rust code review Rust projects
rust-build-resolver Rust build errors Rust build failures
pytorch-build-resolver PyTorch runtime/CUDA/training errors PyTorch build/training failures
typescript-reviewer TypeScript/JavaScript code review TypeScript/JavaScript projects

Agent Orchestration

Use agents proactively without user prompt:

  • Complex feature requests → planner
  • Code just written/modified → code-reviewer
  • Bug fix or new feature → tdd-guide
  • Architectural decision → architect
  • Security-sensitive code → security-reviewer
  • Multi-channel communication triage → chief-of-staff
  • Autonomous loops / loop monitoring → loop-operator
  • Harness config reliability and cost → harness-optimizer

Use parallel execution for independent operations — launch multiple agents simultaneously.

Security Guidelines

Before ANY commit:

  • No hardcoded secrets (API keys, passwords, tokens)
  • All user inputs validated
  • SQL injection prevention (parameterized queries)
  • XSS prevention (sanitized HTML)
  • CSRF protection enabled
  • Authentication/authorization verified
  • Rate limiting on all endpoints
  • Error messages don't leak sensitive data

Secret management: NEVER hardcode secrets. Use environment variables or a secret manager. Validate required secrets at startup. Rotate any exposed secrets immediately.

If security issue found: STOP → use security-reviewer agent → fix CRITICAL issues → rotate exposed secrets → review codebase for similar issues.

Coding Style

Immutability (CRITICAL): Always create new objects, never mutate. Return new copies with changes applied.

File organization: Many small files over few large ones. 200-400 lines typical, 800 max. Organize by feature/domain, not by type. High cohesion, low coupling.

Error handling: Handle errors at every level. Provide user-friendly messages in UI code. Log detailed context server-side. Never silently swallow errors.

Input validation: Validate all user input at system boundaries. Use schema-based validation. Fail fast with clear messages. Never trust external data.

Code quality checklist:

  • Functions small (<50 lines), files focused (<800 lines)
  • No deep nesting (>4 levels)
  • Proper error handling, no hardcoded values
  • Readable, well-named identifiers

Testing Requirements

Minimum coverage: 80%

Test types (all required):

  1. Unit tests — Individual functions, utilities, components
  2. Integration tests — API endpoints, database operations
  3. E2E tests — Critical user flows

TDD workflow (mandatory):

  1. Write test first (RED) — test should FAIL
  2. Write minimal implementation (GREEN) — test should PASS
  3. Refactor (IMPROVE) — verify coverage 80%+

Troubleshoot failures: check test isolation → verify mocks → fix implementation (not tests, unless tests are wrong).

Development Workflow

  1. Plan — Use planner agent, identify dependencies and risks, break into phases
  2. TDD — Use tdd-guide agent, write tests first, implement, refactor
  3. Review — Use code-reviewer agent immediately, address CRITICAL/HIGH issues
  4. Capture knowledge in the right place
    • Personal debugging notes, preferences, and temporary context → auto memory
    • Team/project knowledge (architecture decisions, API changes, runbooks) → the project's existing docs structure
    • If the current task already produces the relevant docs or code comments, do not duplicate the same information elsewhere
    • If there is no obvious project doc location, ask before creating a new top-level file
  5. Commit — Conventional commits format, comprehensive PR summaries

Git Workflow

Commit format: <type>: <description> — Types: feat, fix, refactor, docs, test, chore, perf, ci

PR workflow: Analyze full commit history → draft comprehensive summary → include test plan → push with -u flag.

Architecture Patterns

API response format: Consistent envelope with success indicator, data payload, error message, and pagination metadata.

Repository pattern: Encapsulate data access behind standard interface (findAll, findById, create, update, delete). Business logic depends on abstract interface, not storage mechanism.

Skeleton projects: Search for battle-tested templates, evaluate with parallel agents (security, extensibility, relevance), clone best match, iterate within proven structure.

Performance

Context management: Avoid last 20% of context window for large refactoring and multi-file features. Lower-sensitivity tasks (single edits, docs, simple fixes) tolerate higher utilization.

Build troubleshooting: Use build-error-resolver agent → analyze errors → fix incrementally → verify after each fix.

Project Structure

agents/          — 30 specialized subagents
skills/          — 140 workflow skills and domain knowledge
commands/        — 60 slash commands
hooks/           — Trigger-based automations
rules/           — Always-follow guidelines (common + per-language)
scripts/         — Cross-platform Node.js utilities
mcp-configs/     — 14 MCP server configurations
tests/           — Test suite

Success Metrics

  • All tests pass with 80%+ coverage
  • No security vulnerabilities
  • Code is readable and maintainable
  • Performance is acceptable
  • User requirements are met
Reference in New Issue View Git Blame Copy Permalink