hai/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-05-20 11:19:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hai:fix/guard-llm-provider-choices
Branches Tags
hai:main hai:codex/may20-native-payments-live-gate-sync hai:fix/guard-llm-provider-choices hai:fix/pre-bash-quality-windows-shims hai:fix/mcp-health-crash-probe-timeout hai:fix/ecc2-session-adapter-lint hai:fix/insaits-wrapper-fail-open-status hai:fix/insaits-wrapper-windows-shim hai:fix/ecc2-windows-release-test-newlines hai:feat/ecc2-rc1-preview-surface hai:feat/ecc2-board-observability-integration hai:fix/bash-hook-dispatcher-forkstorm
hai:v1.10.0 hai:v1.9.0 hai:v1.8.0 hai:v1.7.0 hai:v1.6.0 hai:v1.5.0 hai:v1.4.1 hai:v1.4.0 hai:v1.3.0 hai:v1.2.0 hai:v0.6.0 hai:v1.1.0 hai:v1.0.0
...
compare: hai:codex/may20-native-payments-live-gate-sync
Branches Tags
hai:codex/may20-native-payments-live-gate-sync hai:main hai:fix/guard-llm-provider-choices hai:fix/pre-bash-quality-windows-shims hai:fix/mcp-health-crash-probe-timeout hai:fix/ecc2-session-adapter-lint hai:fix/insaits-wrapper-fail-open-status hai:fix/insaits-wrapper-windows-shim hai:fix/ecc2-windows-release-test-newlines hai:feat/ecc2-rc1-preview-surface hai:feat/ecc2-board-observability-integration hai:fix/bash-hook-dispatcher-forkstorm
hai:v1.10.0 hai:v1.9.0 hai:v1.8.0 hai:v1.7.0 hai:v1.6.0 hai:v1.5.0 hai:v1.4.1 hai:v1.4.0 hai:v1.3.0 hai:v1.2.0 hai:v0.6.0 hai:v1.1.0 hai:v1.0.0

87 Commits
fix/guard- ... codex/may2

Author SHA1 Message Date
Affaan Mustafa
d4ea027980 docs: sync live native payments gate evidence 2026-05-19 23:15:02 -04:00
Affaan Mustafa
6e25458dbc Sync billing gate env-file evidence (#2021) 2026-05-19 22:43:19 -04:00
Affaan Mustafa
c2471fe5c5 docs: sync selected-target announcement gate (#2020) 2026-05-19 22:09:45 -04:00
Affaan Mustafa
30f60710d4 Sync Marketplace Pro readback release gate (#2019) 
* docs: sync marketplace pro readback gate

* docs: refresh operator dashboard after readback sync

* docs: sanitize marketplace readback summary

* docs: refresh operator dashboard after marketplace readback
 2026-05-19 21:39:03 -04:00
Affaan Mustafa
68b4e45145 docs: sync AgentShield dependabot evidence (#2018) 2026-05-19 21:13:36 -04:00
Affaan Mustafa
906e06406e docs: sync AgentShield adapter evidence 2026-05-19 20:54:15 -04:00
Affaan Mustafa
3cb8c48e74 docs: sync May 20 ECC Tools evidence 2026-05-19 20:29:56 -04:00
Affaan Mustafa
b3c015c744 docs: sync late May 19 release roadmap state 2026-05-19 19:02:43 -04:00
Affaan Mustafa
9819626459 Add release approval gate 2026-05-19 18:18:54 -04:00
Affaan Mustafa
2c0d226439 docs(release): record post-gateguard evidence 2026-05-19 13:51:02 -04:00
luyua9
14d88e517b fix(gateguard): preserve quoted git introspection args 2026-05-19 13:24:17 -04:00
Affaan Mustafa
3c388b7295 docs(release): refresh operator dashboard snapshot 2026-05-19 13:17:23 -04:00
Affaan Mustafa
8bf4de56b2 docs(release): refresh hypergrowth evidence 2026-05-19 13:17:23 -04:00
Affaan Mustafa
bc519e5b8e fix(learning): add project registry maintenance 2026-05-19 12:51:18 -04:00
Affaan Mustafa
98bd517451 fix(install): allow claude-project manifest target 2026-05-19 12:14:27 -04:00
Mhd Ghaith Al Abtah
b2c2616ab4 test(install-targets): add positive rules assertion to claude-project foreign-path test 
Addresses CodeRabbit review: the negative-only assertions could have
passed on an empty plan. Add a positive assertion that the non-foreign
'rules' path is still planned under .claude/rules/ecc so regression to
zero ops would fail loudly.
 2026-05-19 12:14:27 -04:00
Mhd Ghaith Al Abtah
7004a66243 feat(install-targets): add claude-project (per-project Claude Code) adapter 
Completes the install-target matrix for Claude Code. Until now, ECC's
Claude support was home-scope only (~/.claude/) via the `claude` target.
This adds a project-scope counterpart (./.claude/) via a new
`claude-project` target so teams can install ECC per-repo without
contaminating ~/.claude/ — matching the existing project-scope adapters
for Cursor, Antigravity, Gemini, CodeBuddy, Joycode, and Zed.

Symmetric with `claude`:
- Same namespace under rules/ecc and skills/ecc
- Same docs/<locale> handling for --locale
- Same hooks placeholder substitution for hooks.json
- Reuses claude-home's destination-mapping logic 1:1

Use cases:
- Monorepos with multiple Flow-managed projects
- Teams that want ECC scoped per-project without touching ~/.claude/
- Per-project skill/rule isolation when global install isn't desirable

No breaking change: existing --target claude continues to route to
claude-home (user-scope) unchanged. New target is opt-in.

Tests
-----
- 4 new tests in tests/lib/install-targets.test.js
  (root resolution, lookup-by-id, plan parity with claude, foreign-path filtering)
- All install-target regression guards (schema enum / SUPPORTED_INSTALL_TARGETS)
  still pass
- End-to-end smoke: `--target claude-project --profile minimal --dry-run`
  emits 359 ops with destinations rooted at <projectRoot>/.claude/ (parity
  with --target claude which emits 359 ops rooted at ~/.claude/)
 2026-05-19 12:14:27 -04:00
Affaan Mustafa
27e4036075 Fix release supply-chain evidence gate 2026-05-19 11:59:42 -04:00
Affaan Mustafa
d6022d6b8d docs: refresh may 19 evidence after linear sync merge 2026-05-19 11:26:32 -04:00
Affaan Mustafa
ac7434ea8f docs: sync may 19 linear readiness evidence 2026-05-19 11:06:56 -04:00
Affaan Mustafa
c7d662c3c6 Track owner approval packet in dashboard 2026-05-19 10:40:31 -04:00
Affaan Mustafa
8148340ad1 chore: add release owner approval packet (#2001) 2026-05-19 10:18:22 -04:00
Affaan Mustafa
e7a7b2aaa3 chore: refresh suite count evidence (#2000) 2026-05-19 09:58:53 -04:00
Affaan Mustafa
3304848beb chore: refresh video dashboard evidence (#1999) 2026-05-19 09:39:10 -04:00
Affaan Mustafa
b62f80750d chore: add release video visual qa 2026-05-19 09:16:35 -04:00
Affaan Mustafa
855e8c8336 chore: gate release video publish candidates 2026-05-19 08:54:50 -04:00
Affaan Mustafa
f3cd006252 chore: add release video self-eval gate 2026-05-19 08:35:02 -04:00
Affaan Mustafa
d135e03da0 docs: refresh May 19 operator dashboard 2026-05-19 08:13:26 -04:00
Affaan Mustafa
c07276a347 docs: refresh May 19 publication evidence 2026-05-19 07:53:51 -04:00
Affaan Mustafa
7a0645ed47 docs: add ECC 2 growth outreach pack (#1993) 2026-05-19 07:33:41 -04:00
Affaan Mustafa
e209afc8c1 chore: gate ECC release video suite (#1992) 2026-05-19 07:13:52 -04:00
Affaan Mustafa
8141f6904f chore: gate canonical ECC release identity (#1991) 2026-05-19 06:42:17 -04:00
Affaan Mustafa
af9b2c1c4c feat: extend harness audit integration scoring (#1990) 
Salvages the useful harness-audit scoring work from #1989 while preserving the current hook registry and newer plugin install detection. Adds GitHub integration checks, conditional deploy-provider categories, dynamic applicable category metadata, and CODEOWNERS coverage.
 2026-05-19 06:20:54 -04:00
Affaan Mustafa
9ee1e15564 docs: define ECC 2.0 hypergrowth release lane 
Refresh the active 2.0 release surface for the affaan-m/ECC repo identity, update package/plugin/workflow launch metadata, and add an operator command center for release video, partner, sponsor, consulting, and social launch execution.
 2026-05-19 05:42:38 -04:00
Affaan Mustafa
2199b22351 docs: keep renamed README install paths usable 
Adjust README manual-install snippets after the affaan-m/ECC repo rename so cloned paths use the new ECC checkout or relative paths.
 2026-05-19 05:23:31 -04:00
Karnav Pargi
b66fa78fe8 Apply suggestion from @karnavpargi 2026-05-19 05:23:31 -04:00
Karnav Pargi
673dff977f Update README links to new repository name 'ECC' 
Changed `everything-claude-code` to `ECC`
 2026-05-19 05:23:31 -04:00
Affaan Mustafa
6cb194a3c6 fix(hooks): avoid escaped quotes in plugin bootstrap 
Generate the inline hook root resolver with single-quoted JavaScript literals so Windows Git Bash does not choke on nested escaped double quotes before Node starts. Refresh hooks.json and add regression coverage for parsed hook commands and installed hook manifests.
 2026-05-19 05:15:42 -04:00
Jamkris
f93e8f6869 fix(hooks): use shared renameWithRetry in writeWarnState (ecc-context-monitor) 
Mirror the previous commit's Windows-EPERM retry on the companion
`writeWarnState` in `scripts/hooks/ecc-context-monitor.js`. Same
race: two PostToolUse subprocesses writing concurrent debounce
state racing on `MoveFileExW`, target-in-use throwing EPERM on
Windows even though each writer's tmp path is now unique.

Implementation: import `renameWithRetry` from `scripts/lib/session-bridge.js`
(exported in the previous commit) instead of duplicating the helper.
The retry policy, backoff schedule, and main-thread `Atomics.wait`
strategy stay identical to `writeBridgeAtomic`.

Three writers in the repo now share the same atomic-write contract:
- `writeBridgeAtomic` (scripts/lib/session-bridge.js) — round 1 +
  this round's retry
- `writeWarnState` (this file) — round 1 + this round's retry via shared helper
- `writeCostWarningIfChanged` (scripts/hooks/ecc-metrics-bridge.js) —
  out of scope for this PR (already uses unique tmp suffix; a future
  consolidation could move it to the shared helper too).

Local: `yarn test` green, `yarn lint` clean. The companion test
suite for `ecc-context-monitor.js` does not currently exercise
concurrent `writeWarnState` writes, but the helper it now uses is
covered by the `tests/lib/session-bridge.test.js` concurrent-write
regression added in round 1's last commit.
 2026-05-19 04:57:10 -04:00
Jamkris
116e61d8cb fix(lib): retry rename on Windows EPERM/EACCES/EBUSY in writeBridgeAtomic 
PR #1983 round 1 introduced unique-suffix tmp paths so two concurrent
writers no longer share a single `.tmp` file. That fix is correct
under POSIX semantics — `rename(2)` is atomic between source and
destination, so each writer renames onto the same target without
conflict.

Windows `MoveFileExW` is not the same. It fails with
EPERM / EACCES / EBUSY when the target is currently being renamed
by *another* process — a short race window that fires reliably under
this hook's PostToolUse + statusline concurrency. Round 1's CI run
made this visible:

  Test (windows-latest, Node 18.x, npm) — FAILURE
  Error: EPERM: operation not permitted, rename
    'C:\…\ecc-metrics-test-bridge-race-….json.9504.4aef575a.tmp' ->
    'C:\…\ecc-metrics-test-bridge-race-….json'
      at writeBridgeAtomic (scripts/lib/session-bridge.js:79:8)

All nine Windows matrix cells (Node 18 / 20 / 22 × npm / pnpm / yarn)
hit the same path. POSIX matrices (Linux + macOS) passed unchanged.

Fix: extract a `renameWithRetry(tmp, target)` helper that retries
`fs.renameSync` up to 5 times on EPERM / EACCES / EBUSY with
exponential backoff (20 ms → 320 ms total). Other error codes
(ENOENT, ENOSPC, EROFS, …) re-throw on the first attempt — they are
not transient. POSIX runs hit the first try and exit immediately.

The backoff uses `Atomics.wait` on a throwaway `SharedArrayBuffer`
so the retry path does not busy-spin the CPU; verified on Node ≥ 17
that this works on the main thread. There is a `try/catch` fallback
to a brief busy-wait for older runtimes where `Atomics.wait` is
restricted to workers.

`writeBridgeAtomic` calls the helper instead of `fs.renameSync` and
keeps its existing best-effort tmp cleanup on terminal failure.

`renameWithRetry` is added to `module.exports` so the companion
`writeWarnState` in `scripts/hooks/ecc-context-monitor.js` can
adopt the same retry policy without duplicating the helper. That
adoption lands in the next commit.

Local: `node tests/lib/session-bridge.test.js` 14/14, `yarn test`
green, `yarn lint` clean. The round-1 test (two concurrent child
writers, 200 iterations each) now passes on macOS without retrying
at all (POSIX path) and is expected to pass on Windows via the new
retry loop.
 2026-05-19 04:57:10 -04:00
Jamkris
d904edc615 test(lib): make concurrent-write test actually concurrent + use regex matcher for assert.throws 
Two round-1 review findings in `tests/lib/session-bridge.test.js`,
both about test correctness rather than the underlying fix:

1. **greptile P1 + coderabbitai Major + cubic P2 (all three): concurrent-write test ran sequentially.**

   The test spawned two child processes with two consecutive
   `spawnSync` calls. Because `spawnSync` blocks until the child
   exits, the second writer started *after* the first finished —
   the two writers never overlapped, so the rename race the fix
   targets was never actually exercised. The test would have passed
   with the old broken `${target}.tmp` suffix.

   Fix: introduce a one-off "race runner" helper that runs inside
   its own subprocess and uses async `spawn` to start both writers
   simultaneously. The runner waits for both to exit (the event
   loop is local to the runner subprocess, so this stays compatible
   with the synchronous test harness used elsewhere in this file)
   and reports both exit codes plus stderrs on stdout. The test
   then calls the runner via `spawnSync` and parses the result.
   Both writer children now overlap for the duration of their 200
   `writeBridgeAtomic` calls each, which is enough wall time to
   reliably trigger the rename race against the pre-fix code.

   Verified: with the fixed `${target}.${pid}.${nonce}.tmp` suffix,
   the test passes; with the old fixed `${target}.tmp` suffix
   reintroduced, it fails as expected (one writer hits ENOENT on
   roughly half its rename calls).

2. **greptile P2 + cubic P3: `assert.throws` used a string as the second argument.**

   Node deprecated passing a string as the second argument to
   `assert.throws` years ago: the string is silently treated as
   the assertion failure message (what to print when the function
   does *not* throw) rather than as an error matcher. The check
   passed for any thrown error, not just the rename failure.

   Fix: pass a regex matcher as the second arg and keep the
   explanatory text as the third. The regex matches `EISDIR`,
   `EPERM`, `ENOTDIR`, or `ENOENT` because `renameSync` of a
   regular tmp file onto an existing directory raises different
   codes on Linux / macOS / BSD — making the matcher portable
   across CI runners.

Test count unchanged at 14; `npm test` green; `npm run lint` clean.

The two helper files (`tests/__tmp_bridge_writer.js`,
`tests/__tmp_bridge_race_runner.js`) are written and unlinked
inside the test's try/finally so they never persist beyond the
test run.
 2026-05-19 04:57:10 -04:00
Jamkris
5acb01a276 test(lib): concurrent writeBridgeAtomic + tmp-cleanup regression 
Two regression tests pin down the previous two commits' atomic-rename
fixes:

1. **concurrent writes don't throw ENOENT or corrupt the file** —
   spawns two child Node processes (`tests/__tmp_bridge_writer.js`
   created in-test, cleaned up in finally) that each call
   `writeBridgeAtomic(sid, …)` 200 times against the same session
   ID with independent payloads. Asserts both subprocesses exit 0
   (the previous implementation produced ENOENT on roughly 50% of
   rename calls, all swallowed by the in-test catch) and the final
   bridge file is parseable JSON belonging to one of the two writers
   (last-writer-wins is fine; the contract is *no corruption* and
   *no rename ENOENT*, not data preservation).

2. **tmp file cleanup on rename failure** — pre-creates a directory
   at the target bridge path so `renameSync(tmp, target)` fails,
   calls `writeBridgeAtomic`, asserts the call throws AND that no
   tmp file with the writer's `pid.<nonce>.tmp` prefix is left
   behind in `os.tmpdir()`. The previous code had no cleanup; the
   fix's `try/catch + unlinkSync` keeps tmpdir from accumulating
   orphan files across repeated rename failures.

The first test deliberately writes independent payloads from each
subprocess so this regression doesn't try to claim a property the
fix doesn't actually deliver (read-modify-write race in the caller
is a separate issue and out of scope per PR body).

Test count: 12 → 14 in `tests/lib/session-bridge.test.js`;
`npm test` green; `npm run lint` clean.
 2026-05-19 04:57:10 -04:00
Jamkris
7c2f71315b fix(hooks): use unique tmp suffix in writeWarnState (ecc-context-monitor) 
Mirror the previous commit's `writeBridgeAtomic` fix on the
companion `writeWarnState` in `ecc-context-monitor.js`. Same shape:
fixed `${target}.tmp` → `${target}.${process.pid}.${randomNonce}.tmp`,
plus best-effort cleanup of the tmp file on `renameSync` failure
(throws original error after cleanup).

`writeWarnState` debounces the context-monitor's threshold alarms
(`COST_NOTICE_USD`, `COST_WARNING_USD`, `COST_CRITICAL_USD`, plus the
context-remaining and loop-detection ones). Without unique suffixes,
two PostToolUse subprocesses racing on the warn-state file produce
either a corrupted JSON debounce-state on disk or an ENOENT throw
that the hook catches and swallows — either way the next warn-state
read returns the default `{callsSinceWarn: 0, lastSeverity: null}`
and the threshold alarms re-fire or stop firing erratically. Users
see warning messages flicker or vanish; debounce no longer works.

Three call sites in this repo now share the same atomic-write
contract:
- `writeBridgeAtomic` (scripts/lib/session-bridge.js) — primary
- `writeCostWarningIfChanged` (scripts/hooks/ecc-metrics-bridge.js) — cost cache
- `writeWarnState` (this file) — debounce state

`yarn lint` clean. Regression test covering both `writeBridgeAtomic`
and `writeWarnState` under concurrent load lands in the next commit.
 2026-05-19 04:57:10 -04:00
Jamkris
28548f67ba fix(lib): use unique tmp suffix in writeBridgeAtomic to eliminate ENOENT race 
`writeBridgeAtomic` wrote to a fixed `${target}.tmp` path before
calling `renameSync`. When two processes write to the same session
bridge concurrently (e.g. PostToolUse `ecc-metrics-bridge` + the
background `ecc-statusline`, both calling `writeBridgeAtomic(sessionId, ...)`),
the canonical atomic-rename race fires:

  1. Process A: writeFileSync(target.tmp, JSON_A) — tmp file exists.
  2. Process B: writeFileSync(target.tmp, JSON_B) — tmp file overwritten.
  3. Process A: renameSync(target.tmp, target) — succeeds; target = JSON_B
     (A's payload silently corrupted en-route).
  4. Process B: renameSync(target.tmp, target) — throws ENOENT (the
     rename consumed the file).

Every caller in the repo wraps `writeBridgeAtomic` in `try {} catch {}`,
so the ENOENT exception is swallowed and the user-visible symptom is
just "the bridge file occasionally contains the wrong process's
payload" with no diagnostic.

Reproduced before this commit:

  $ # two concurrent writers, each calling writeBridgeAtomic 500 times
  $ # against the same session ID
  [A] errors=244   # 244 ENOENT exceptions swallowed
  [B] errors=248   # ditto

After this commit the same workload reports 0 errors in both
subprocesses: tmp paths no longer collide.

Fix: change `${target}.tmp` to
`${target}.${process.pid}.${crypto.randomBytes(4).toString('hex')}.tmp`,
matching the pattern already used by `writeCostWarningIfChanged` in
`scripts/hooks/ecc-metrics-bridge.js` (commit 9b1d8918). The pid +
4-byte nonce gives each writer process a distinct tmp path, so step 2
above no longer overwrites step 1's payload and step 4 no longer
races step 3.

Also added: on `renameSync` failure, attempt `fs.unlinkSync(tmp)` so
a writer that fails (disk full, permission, parent dir gone) does
not leak its tmp file. The cleanup is best-effort and the original
error is still re-thrown.

**Scope clarification.** This commit closes the atomic-rename
primitive's race only. The *read-modify-write* race in callers —
two writers each read the same bridge state, increment, and write
back, the second clobbering the first — is a separate concern that
needs locking or per-writer logs, and is intentionally out of scope
for this PR. The cost-tracker / metrics-bridge callers tolerate
last-writer-wins on their cumulative aggregates today and this
commit does not change that contract.

The companion `writeWarnState` in `ecc-context-monitor.js` has the
same fixed-suffix pattern and the same race; that fix lands in the
next commit so each can be reviewed against its own diff.
 2026-05-19 04:57:10 -04:00
Jamkris
33ed494adf test(ci): regression coverage for newly-covered invisible code points 
9 new test cases pin down the two previous commits' denylist
extensions. Each verifies both detection (validator exit non-zero +
the expected `dangerous-invisible U+<HEX>` line on stderr) and,
where applicable, `--write` sanitization.

Coverage:

Tag block (commit 1):
- U+E0041 TAG LATIN CAPITAL LETTER A — the range's printable ASCII
  shadow; this is the byte sequence demonstrated in published ASCII
  smuggling proofs of concept.
- U+E007F CANCEL TAG — the range end.

Other invisibles (commit 2):
- U+180E MONGOLIAN VOWEL SEPARATOR
- U+115F HANGUL CHOSEONG FILLER
- U+1160 HANGUL JUNGSEONG FILLER
- U+2061 FUNCTION APPLICATION (range start)
- U+2064 INVISIBLE PLUS (range end)
- U+3164 HANGUL FILLER

Detection table is data-driven (one loop, one assertion per row) so
adding the next invisible to the denylist also gets a paired
regression test by simply appending to NEWLY_COVERED_RANGES.

Plus a `--write` integration test:
- writes a markdown file containing both Tag block (5 chars) and
  U+180E, runs `--write`, asserts both removed and surrounding text
  preserved character-for-character ('# Title\n\nBenigntext.\n').
- re-runs the validator without `--write` and asserts exit 0,
  confirming the sanitizer's output is idempotent under the
  extended denylist.

Test count: 5 → 14 in this file; full `yarn test` green; `yarn lint`
clean.
 2026-05-18 21:20:36 -04:00
Jamkris
b068069b9b fix(ci): cover other widely-cited invisible code points in check-unicode-safety 
Extend `isDangerousInvisibleCodePoint` with five additional code
points / ranges that are routinely cited in invisible-character
smuggling references but were not in the previous denylist:

- **U+180E** MONGOLIAN VOWEL SEPARATOR. Formerly classified as a
  space separator (Zs) until Unicode 6.3 reclassified it as Cf
  (Format control). Renders as zero-width; widely abused for
  homograph attacks and prompt smuggling.

- **U+115F** HANGUL CHOSEONG FILLER and **U+1160** HANGUL JUNGSEONG
  FILLER. Zero-width fillers used in Korean text shaping. Both are
  cited as common LLM-injection vectors in Korean / multilingual
  threat models.

- **U+2061–U+2064** invisible math operators (FUNCTION APPLICATION,
  INVISIBLE TIMES, INVISIBLE SEPARATOR, INVISIBLE PLUS). Zero-width
  and only meaningful inside math typesetting. No legitimate
  Markdown or source code uses them.

- **U+3164** HANGUL FILLER. Reported in real-world Discord and
  Twitter smuggling incidents; not used in legitimate Korean text.

Reproduced before this commit: a file containing any one of these
code points passed `check-unicode-safety.js` silently.

After this commit each one is reported as
`dangerous-invisible U+<HEX>` and `--write` mode strips it.

Verified by writing 8 single-character probe files
(`probe-0x180E.md`, `probe-0x115F.md`, …) and confirming exit=1 with
each violation listed.

ECC repo self-scan reports only the pre-existing `U+2605` BLACK
STAR warnings (unchanged) and exits with the same status (no new
in-repo violations introduced). Existing 5 unicode-safety tests
still pass; `yarn lint` clean.

Regression coverage for both the previous commit's Tag block fix
and this commit's additions lands in the next commit.
 2026-05-18 21:20:36 -04:00
Jamkris
e3483fda15 fix(ci): cover Unicode Tag block (U+E0000–U+E007F) in check-unicode-safety 
`isDangerousInvisibleCodePoint` enumerated seven ranges of invisible/
bidi/variation-selector code points but omitted the Unicode Tag block
(U+E0000–U+E007F). Tag characters were proposed for language tagging
in Unicode 3.1 and have been deprecated since Unicode 5.1, so no
legitimate text uses them. They are the canonical vector for
"ASCII Smuggling" / "Tag Smuggling" LLM prompt injection: an attacker
hides instructions inside an ASCII-looking string, the model reads
the tag bytes, the human reviewer sees nothing. Demonstrated against
multiple LLM assistants during 2024–2025.

`check-unicode-safety.js` is the repo's last line of defence before
contributor content reaches agent context; the same script also runs
in `--write` auto-sanitize mode on `.md` / `.mdx` / `.txt`. Today it
silently passes tag-block characters through unchanged in both
detection mode and `--write` mode.

Reproduced before this commit:

  $ mkdir -p /tmp/uni-test && node -e "
      const fs = require('fs');
      const hidden = [...Array(5)].map((_,i) =>
        String.fromCodePoint(0xE0041 + i)).join('');
      fs.writeFileSync('/tmp/uni-test/innocent.md',
        '# Title\\n\\nBenign text' + hidden + ' more.\\n');"

  $ ECC_UNICODE_SCAN_ROOT=/tmp/uni-test \
      node scripts/ci/check-unicode-safety.js
  Unicode safety check passed.
  $ echo $?
  0

Expected: tag-block characters reported as `dangerous-invisible`
violations (exit 1) and stripped under `--write`.
Actual: validator passes, `--write` leaves the bytes intact.

Fix: extend the denylist with one new range
`(codePoint >= 0xE0000 && codePoint <= 0xE007F)`. The change is
purely additive; the existing seven ranges are untouched.

After this commit the same reproduction returns:

  $ ECC_UNICODE_SCAN_ROOT=/tmp/uni-test \
      node scripts/ci/check-unicode-safety.js
  Unicode safety violations detected:
  innocent.md:3:12 dangerous-invisible U+E0041
  innocent.md:3:14 dangerous-invisible U+E0042
  innocent.md:3:16 dangerous-invisible U+E0043
  innocent.md:3:18 dangerous-invisible U+E0044
  innocent.md:3:20 dangerous-invisible U+E0045
  exit=1

`--write` mode also strips the bytes (verified: file length 47 → 42
after sanitize, regex `/[\u{E0000}-\u{E007F}]/u` no longer matches).

Existing 5 unicode-safety tests still pass; `yarn lint` clean. The
ECC repo's own self-scan (`node scripts/ci/check-unicode-safety.js`
with no `ECC_UNICODE_SCAN_ROOT`) reports the same warnings as before
this commit and exits with the same status (no regressions on
in-repo content).

A handful of other widely-cited invisible code points are missing
from the denylist (`U+180E`, `U+115F`, `U+1160`, `U+2061–U+2064`,
`U+3164`); those are addressed in the next commit so each fix
remains independently reviewable. Regression coverage for both
fixes lands two commits later.
 2026-05-18 21:20:36 -04:00
Affaan Mustafa
cb81f1b0fe docs: narrow ecc tools billing blocker 2026-05-18 16:45:31 -04:00
Affaan Mustafa
7e2cdeaeb5 docs: refresh rc1 operator evidence 2026-05-18 16:27:09 -04:00
Affaan Mustafa
4470e2e670 docs: refresh rc1 publication evidence 2026-05-18 16:12:37 -04:00
Affaan Mustafa
67e63e63f9 docs: align publication readiness evidence 2026-05-18 15:36:39 -04:00
Affaan Mustafa
fe7b4f2ba3 docs: regenerate operator readiness dashboard 2026-05-18 15:24:25 -04:00
Affaan Mustafa
0f1775e30b docs: refresh release blockers evidence 2026-05-18 15:23:48 -04:00
Affaan Mustafa
12ac22e674 docs: add discussion response playbook 2026-05-18 14:39:11 -04:00
Affaan Mustafa
c032e07b1e docs: refresh may 18 release evidence 2026-05-18 14:24:50 -04:00
Affaan Mustafa
97567a91e7 test: normalize release workflow line endings 2026-05-18 13:53:26 -04:00
Affaan Mustafa
7911af4a39 security: scope release oidc publishing 2026-05-18 13:41:10 -04:00
Affaan Mustafa
386326df8e fix: treat MCP HTTP 406 probes as reachable 2026-05-18 12:48:52 -04:00
Affaan Mustafa
b41e6fb3d0 docs: refresh publication readiness gate 2026-05-18 10:49:49 -04:00
Affaan Mustafa
99e01ded7d docs: refresh operator dashboard evidence 2026-05-18 10:32:26 -04:00
Affaan Mustafa
2ba0c62d8a docs: mirror agentshield fleet ticket evidence 2026-05-18 10:24:21 -04:00
Affaan Mustafa
9abe721bfe docs: refresh release readiness evidence 2026-05-18 09:30:14 -04:00
Affaan Mustafa
680aeff0fb test: enforce release publication checklist in readiness gates 2026-05-18 09:10:51 -04:00
Affaan Mustafa
6c0fbfb6c5 docs: add release plugin publication checklist 2026-05-18 08:56:17 -04:00
Affaan Mustafa
0e88e6a4dd docs: refresh zero queue dashboard 2026-05-18 06:37:10 -04:00
Affaan Mustafa
cdc92de42a docs: finish owner queue cleanup 2026-05-18 06:35:44 -04:00
Affaan Mustafa
25dc518e1d docs: regenerate owner queue dashboard 2026-05-18 06:17:31 -04:00
Affaan Mustafa
08807e7fd6 docs: record owner-wide queue cleanup 2026-05-18 06:16:45 -04:00
Affaan Mustafa
feeaa97511 docs: regenerate operator readiness dashboard 2026-05-18 05:38:44 -04:00
Affaan Mustafa
5e8f412cb5 docs: refresh ecc tools billing blocker evidence 2026-05-18 05:38:14 -04:00
Affaan Mustafa
4d6fc194ea fix: include blender skill in install manifest 2026-05-18 04:54:17 -04:00
Affaan Mustafa
aae735d458 docs: regenerate operator readiness dashboard 2026-05-18 04:30:43 -04:00
Affaan Mustafa
ff3eaff137 docs: refresh billing readback gate evidence 2026-05-18 04:30:09 -04:00
Da Wei
922d2d8f8b Add Blender motion state inspection skill 
Adds the Blender motion state inspection skill with maintainer refinements for tools metadata, usage guidance, meter-scale threshold assumptions, and Blender interpreter notes.
 2026-05-18 04:11:31 -04:00
Affaan Mustafa
bf17737969 test: stabilize repair lifecycle on Windows 2026-05-18 03:48:51 -04:00
Affaan Mustafa
f92f15199c docs: refresh target billing dashboard evidence 2026-05-18 03:28:36 -04:00
Affaan Mustafa
fb4b0c8dce docs: mirror target billing readback gate 2026-05-18 03:27:42 -04:00
Affaan Mustafa
aa634df9e5 docs: record clean preview pack smoke 2026-05-18 02:48:41 -04:00
Affaan Mustafa
742bc58d97 docs: refresh release evidence after ioc scanner hardening 2026-05-18 02:45:30 -04:00
Affaan Mustafa
04d4d81938 fix: ignore defensive ioc deny rules 2026-05-18 02:29:59 -04:00
Affaan Mustafa
99e9f118bd docs: refresh evidence head after billing mirror 2026-05-18 02:18:22 -04:00
Affaan Mustafa
f010f78332 docs: refresh dashboard after wrangler billing mirror 2026-05-18 02:04:21 -04:00
Affaan Mustafa
e53933de1b docs: refine billing readback dashboard blocker 2026-05-18 02:03:37 -04:00
Affaan Mustafa
10313d847a docs: mirror ecc tools wrangler billing readback 2026-05-18 02:00:46 -04:00
Affaan Mustafa
aa4ae863f8 docs: refresh release evidence after provider guard merge 2026-05-18 01:30:51 -04:00
Affaan Mustafa
80f6c27957 Merge PR #1976 provider response guards 2026-05-18 01:05:37 -04:00
Affaan Mustafa
044d1863d0 test: skip insaits monitor subprocesses without python 2026-05-18 00:47:05 -04:00
113 changed files with 7806 additions and 553 deletions
Expand all files Collapse all files

2
.agents/plugins/marketplace.json
View File

@@ -1,7 +1,7 @@
{
"name": "ecc",
"interface": {
"displayName": "Everything Claude Code"
"displayName": "ECC"
},
"plugins": [
{

6
.claude-plugin/marketplace.json
View File

@@ -5,20 +5,20 @@
"email": "me@affaanmustafa.com"
},
"metadata": {
"description": "Battle-tested Claude Code configurations from an Anthropic hackathon winner"
"description": "Harness-native ECC skills, hooks, rules, MCP conventions, and operator workflows"
},
"plugins": [
{
"name": "ecc",
"source": "./",
"description": "The most comprehensive Claude Code plugin — 60 agents, 231 skills, 75 legacy command shims, selective install profiles, and production-ready hooks for TDD, security scanning, code review, and continuous learning",
"description": "Harness-native ECC operator layer - 60 agents, 232 skills, 75 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses",
"version": "2.0.0-rc.1",
"author": {
"name": "Affaan Mustafa",
"email": "me@affaanmustafa.com"
},
"homepage": "https://ecc.tools",
"repository": "https://github.com/affaan-m/everything-claude-code",
"repository": "https://github.com/affaan-m/ECC",
"license": "MIT",
"keywords": [
"agents",

4
.claude-plugin/plugin.json
View File

@@ -1,13 +1,13 @@
{
"name": "ecc",
"version": "2.0.0-rc.1",
"description": "Battle-tested Claude Code plugin for engineering teams 60 agents, 231 skills, 75 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use",
"description": "Harness-native ECC plugin for engineering teams - 60 agents, 232 skills, 75 legacy command shims, reusable hooks, rules, MCP conventions, and operator workflows for Claude Code plus adjacent agent harnesses",
"author": {
"name": "Affaan Mustafa",
"url": "https://x.com/affaanmustafa"
},
"homepage": "https://ecc.tools",
"repository": "https://github.com/affaan-m/everything-claude-code",
"repository": "https://github.com/affaan-m/ECC",
"license": "MIT",
"keywords": [
"claude-code",

6
.codex-plugin/README.md
View File

@@ -1,6 +1,6 @@
# .codex-plugin — Codex Native Plugin for ECC
This directory contains the **Codex plugin manifest** for Everything Claude Code.
This directory contains the **Codex plugin manifest** for ECC.
## Structure
@@ -24,10 +24,10 @@ track that marketplace source from the CLI:
```bash
# Add the public repo marketplace
codex plugin marketplace add affaan-m/everything-claude-code
codex plugin marketplace add affaan-m/ECC
# Or add a local checkout while developing
codex plugin marketplace add /absolute/path/to/everything-claude-code
codex plugin marketplace add /absolute/path/to/ECC
```
The marketplace entry points at the repository root so `.codex-plugin/plugin.json`,

8
.codex-plugin/plugin.json
View File

@@ -1,22 +1,22 @@
{
"name": "ecc",
"version": "2.0.0-rc.1",
"description": "Battle-tested Codex workflows — 207 shared ECC skills, production-ready MCP configs, and selective-install-aligned conventions for TDD, security scanning, code review, and autonomous development.",
"description": "Harness-native ECC workflows for Codex: shared skills, production-ready MCP configs, and selective-install-aligned conventions for TDD, security scanning, code review, and autonomous development.",
"author": {
"name": "Affaan Mustafa",
"email": "me@affaanmustafa.com",
"url": "https://x.com/affaanmustafa"
},
"homepage": "https://ecc.tools",
"repository": "https://github.com/affaan-m/everything-claude-code",
"repository": "https://github.com/affaan-m/ECC",
"license": "MIT",
"keywords": ["codex", "agents", "skills", "tdd", "code-review", "security", "workflow", "automation"],
"skills": "./skills/",
"mcpServers": "./.mcp.json",
"interface": {
"displayName": "Everything Claude Code",
"displayName": "ECC",
"shortDescription": "207 battle-tested ECC skills plus MCP configs for TDD, security, code review, and autonomous development.",
"longDescription": "Everything Claude Code (ECC) is a community-maintained collection of Codex-ready skills and MCP configs evolved over 10+ months of intensive daily use. It covers TDD workflows, security scanning, code review, architecture decisions, operator workflows, and more — all in one installable plugin.",
"longDescription": "ECC is a harness-native operator system for Codex and adjacent agent harnesses. It packages reusable skills, MCP configs, TDD workflows, security scanning, code review, architecture decisions, operator workflows, and release gates in one installable plugin.",
"developerName": "Affaan Mustafa",
"category": "Productivity",
"capabilities": ["Read", "Write"],

1
.github/CODEOWNERS vendored Normal file
View File

@@ -0,0 +1 @@
* @affaan-m

53
.github/workflows/release.yml vendored
View File

@@ -5,13 +5,16 @@ on:
tags: ['v*']
permissions:
contents: write
id-token: write
contents: read
jobs:
release:
name: Create Release
verify:
name: Verify Release
runs-on: ubuntu-latest
outputs:
already_published: ${{ steps.npm_publish_state.outputs.already_published }}
dist_tag: ${{ steps.npm_publish_state.outputs.dist_tag }}
package_file: ${{ steps.pack.outputs.package_file }}
steps:
- name: Checkout
@@ -93,10 +96,46 @@ jobs:
### Notes
- npm package: \`ecc-universal\`
- Claude marketplace/plugin identifier: \`everything-claude-code@everything-claude-code\`
- Claude marketplace/plugin identifier: \`ecc@ecc\`
- For migration tips and compatibility notes, see README and CHANGELOG.
EOF
- name: Pack npm artifact
id: pack
run: |
npm pack --json > npm-pack.json
PACKAGE_FILE=$(node -e "const fs = require('fs'); const data = JSON.parse(fs.readFileSync('npm-pack.json', 'utf8')); console.log(data[0].filename)")
echo "package_file=${PACKAGE_FILE}" >> "$GITHUB_OUTPUT"
- name: Upload release artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ecc-release-artifacts
path: |
release_body.md
${{ steps.pack.outputs.package_file }}
if-no-files-found: error
publish:
name: Publish Release
runs-on: ubuntu-latest
needs: verify
permissions:
contents: write
id-token: write
steps:
- name: Download release artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ecc-release-artifacts
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- name: Create GitHub Release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
@@ -106,7 +145,7 @@ jobs:
make_latest: ${{ contains(github.ref_name, '-') && 'false' || 'true' }}
- name: Publish npm package
if: steps.npm_publish_state.outputs.already_published != 'true'
if: needs.verify.outputs.already_published != 'true'
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access public --provenance --tag "${{ steps.npm_publish_state.outputs.dist_tag }}"
run: npm publish "${{ needs.verify.outputs.package_file }}" --access public --provenance --tag "${{ needs.verify.outputs.dist_tag }}"

53
.github/workflows/reusable-release.yml vendored
View File

@@ -28,13 +28,16 @@ on:
default: true
permissions:
contents: write
id-token: write
contents: read
jobs:
release:
name: Create Release
verify:
name: Verify Release
runs-on: ubuntu-latest
outputs:
already_published: ${{ steps.npm_publish_state.outputs.already_published }}
dist_tag: ${{ steps.npm_publish_state.outputs.dist_tag }}
package_file: ${{ steps.pack.outputs.package_file }}
steps:
- name: Checkout
@@ -111,9 +114,45 @@ jobs:
### Package Notes
- npm package: \`ecc-universal\`
- Claude marketplace/plugin identifier: \`everything-claude-code@everything-claude-code\`
- Claude marketplace/plugin identifier: \`ecc@ecc\`
EOF
- name: Pack npm artifact
id: pack
run: |
npm pack --json > npm-pack.json
PACKAGE_FILE=$(node -e "const fs = require('fs'); const data = JSON.parse(fs.readFileSync('npm-pack.json', 'utf8')); console.log(data[0].filename)")
echo "package_file=${PACKAGE_FILE}" >> "$GITHUB_OUTPUT"
- name: Upload release artifacts
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ecc-release-artifacts
path: |
release_body.md
${{ steps.pack.outputs.package_file }}
if-no-files-found: error
publish:
name: Publish Release
runs-on: ubuntu-latest
needs: verify
permissions:
contents: write
id-token: write
steps:
- name: Download release artifacts
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: ecc-release-artifacts
- name: Setup Node.js
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
- name: Create GitHub Release
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
with:
@@ -124,7 +163,7 @@ jobs:
make_latest: ${{ contains(inputs.tag, '-') && 'false' || 'true' }}
- name: Publish npm package
if: steps.npm_publish_state.outputs.already_published != 'true'
if: needs.verify.outputs.already_published != 'true'
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access public --provenance --tag "${{ steps.npm_publish_state.outputs.dist_tag }}"
run: npm publish "${{ needs.verify.outputs.package_file }}" --access public --provenance --tag "${{ needs.verify.outputs.dist_tag }}"

4
.opencode/MIGRATION.md
View File

@@ -1,6 +1,6 @@
# Migration Guide: Claude Code to OpenCode
This guide helps you migrate from Claude Code to OpenCode while using the Everything Claude Code (ECC) configuration.
This guide helps you migrate from Claude Code to OpenCode while using the ECC configuration.
## Overview
@@ -365,4 +365,4 @@ If you need to switch back:
For issues specific to:
- **OpenCode CLI**: Report to OpenCode's issue tracker
- **ECC Configuration**: Report to [github.com/affaan-m/everything-claude-code](https://github.com/affaan-m/everything-claude-code)
- **ECC Configuration**: Report to [github.com/affaan-m/ECC](https://github.com/affaan-m/ECC)

8
.opencode/README.md
View File

@@ -3,13 +3,13 @@
> WARNING: This README is specific to OpenCode usage.
> If you installed ECC via npm (e.g. `npm install opencode-ecc`), refer to the root README instead.
Everything Claude Code (ECC) plugin for OpenCode - agents, commands, hooks, and skills.
ECC plugin for OpenCode - agents, commands, hooks, and skills.
## Installation
## Installation Overview
There are two ways to use Everything Claude Code (ECC):
There are two ways to use ECC:
1. **npm package (recommended for most users)**
Install via npm/bun/yarn and use the `ecc-install` CLI to set up rules and agents.
@@ -52,8 +52,8 @@ npx ecc-install typescript
Clone and run OpenCode in the repository:
```bash
git clone https://github.com/affaan-m/everything-claude-code
cd everything-claude-code
git clone https://github.com/affaan-m/ECC
cd ECC
opencode
```

27
.opencode/commands/harness-audit.md
View File

@@ -24,9 +24,9 @@ node scripts/harness-audit.js <scope> --format <text|json> [--root <path>]
This script is the source of truth for scoring and checks. Do not invent additional dimensions or ad-hoc points.
Rubric version: `2026-03-30`.
Rubric version: `2026-05-19`.
The script computes 7 fixed categories (`0-10` normalized each):
The script computes up to 12 fixed categories (`0-10` normalized each). The first seven are always applicable; GitHub Integration is always applicable; deploy-target categories are applicable only when a matching marker is detected.
1. Tool Coverage
2. Context Efficiency
@@ -35,6 +35,11 @@ The script computes 7 fixed categories (`0-10` normalized each):
5. Eval Coverage
6. Security Guardrails
7. Cost Efficiency
8. GitHub Integration
9. Vercel Integration *(when `vercel.json` or `.vercel/` is present)*
10. Netlify Integration *(when `netlify.toml` or `.netlify/` is present)*
11. Cloudflare Integration *(when `wrangler.toml` or `wrangler.jsonc` is present)*
12. Fly Integration *(when `fly.toml` is present)*
Scores are derived from explicit file/rule checks and are reproducible for the same commit.
The script audits the current working directory by default and auto-detects whether the target is the ECC repo itself or a consumer project using ECC.
@@ -43,11 +48,12 @@ The script audits the current working directory by default and auto-detects whet
Return:
1. `overall_score` out of `max_score` (70 for `repo`; smaller for scoped audits)
2. Category scores and concrete findings
3. Failed checks with exact file paths
4. Top 3 actions from the deterministic output (`top_actions`)
5. Suggested ECC skills to apply next
1. `overall_score` out of `max_score`. `max_score` depends on which categories are applicable to the target; never assume a fixed total.
2. `applicable_categories[]` and `category_count` describing which categories contributed.
3. Category scores and concrete findings.
4. Failed checks with exact file paths.
5. Top 3 actions from the deterministic output (`top_actions`).
6. Suggested ECC skills to apply next.
## Checklist
@@ -59,14 +65,15 @@ Return:
## Example Result
```text
Harness Audit (repo): 66/70
Harness Audit (repo, repo): 71/80
- Tool Coverage: 10/10 (10/10 pts)
- Context Efficiency: 9/10 (9/10 pts)
- Quality Gates: 10/10 (10/10 pts)
- GitHub Integration: 2/10 (2/10 pts)
Top 3 Actions:
1) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
2) [Tool Coverage] Sync commands/harness-audit.md and .opencode/commands/harness-audit.md. (.opencode/commands/harness-audit.md)
1) [GitHub Integration] Add at least one workflow under .github/workflows/. (.github/workflows/)
2) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
3) [Eval Coverage] Increase automated test coverage across scripts/hooks/lib. (tests/)
```

8
.opencode/index.ts
View File

@@ -1,5 +1,5 @@
/**
* Everything Claude Code (ECC) Plugin for OpenCode
* ECC Plugin for OpenCode
*
* This package provides the published ECC OpenCode plugin module:
* - Plugin hooks (auto-format, TypeScript check, console.log warning, env injection, etc.)
@@ -26,8 +26,8 @@
*
* Option 2: Clone and use directly
* ```bash
* git clone https://github.com/affaan-m/everything-claude-code
* cd everything-claude-code
* git clone https://github.com/affaan-m/ECC
* cd ECC
* opencode
* ```
*
@@ -47,7 +47,7 @@ export const VERSION = "1.6.0"
export const metadata = {
name: "ecc-universal",
version: VERSION,
description: "Everything Claude Code plugin for OpenCode",
description: "ECC plugin for OpenCode",
author: "affaan-m",
features: {
agents: 13,

2
.opencode/instructions/INSTRUCTIONS.md
View File

@@ -1,4 +1,4 @@
# Everything Claude Code - OpenCode Instructions
# ECC - OpenCode Instructions
This document consolidates the core rules and guidelines from the Claude Code configuration for use with OpenCode.

8
.opencode/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "ecc-universal",
"version": "2.0.0-rc.1",
"description": "Everything Claude Code (ECC) plugin for OpenCode - agents, commands, hooks, and skills",
"description": "ECC plugin for OpenCode - agents, commands, hooks, and skills",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"type": "module",
@@ -47,12 +47,12 @@
"license": "MIT",
"repository": {
"type": "git",
"url": "git+https://github.com/affaan-m/everything-claude-code.git"
"url": "git+https://github.com/affaan-m/ECC.git"
},
"bugs": {
"url": "https://github.com/affaan-m/everything-claude-code/issues"
"url": "https://github.com/affaan-m/ECC/issues"
},
"homepage": "https://github.com/affaan-m/everything-claude-code#readme",
"homepage": "https://github.com/affaan-m/ECC#readme",
"publishConfig": {
"access": "public"
},

4
.opencode/plugins/ecc-hooks.ts
View File

@@ -1,5 +1,5 @@
/**
* Everything Claude Code (ECC) Plugin Hooks for OpenCode
* ECC Plugin Hooks for OpenCode
*
* This plugin translates Claude Code hooks to OpenCode's plugin system.
* OpenCode's plugin system is MORE sophisticated than Claude Code with 20+ events
@@ -453,7 +453,7 @@ export const ECCHooksPlugin: ECCHooksPluginFn = async ({
const contextBlock = [
"# ECC Context (preserve across compaction)",
"",
"## Active Plugin: Everything Claude Code v2.0.0-rc.1",
"## Active Plugin: ECC v2.0.0-rc.1",
"- Hooks: file.edited, tool.execute.before/after, session.created/idle/deleted, shell.env, compacting, permission.ask",
"- Tools: run-tests, check-coverage, security-audit, format-code, lint-check, git-summary, changed-files",
"- Agents: 13 specialized (planner, architect, tdd-guide, code-reviewer, security-reviewer, build-error-resolver, e2e-runner, refactor-cleaner, doc-updater, go-reviewer, go-build-resolver, database-reviewer, python-reviewer)",

2
.opencode/plugins/index.ts
View File

@@ -1,5 +1,5 @@
/**
* Everything Claude Code (ECC) Plugins for OpenCode
* ECC Plugins for OpenCode
*
* This module exports all ECC plugins for OpenCode integration.
* Plugins provide hook-based automation that mirrors Claude Code's hook system

4
AGENTS.md
View File

@@ -1,6 +1,6 @@
# Everything Claude Code (ECC) — Agent Instructions
This is a **production-ready AI coding plugin** providing 60 specialized agents, 231 skills, 75 commands, and automated hook workflows for software development.
This is a **production-ready AI coding plugin** providing 60 specialized agents, 232 skills, 75 commands, and automated hook workflows for software development.
**Version:** 2.0.0-rc.1
@@ -150,7 +150,7 @@ Troubleshoot failures: check test isolation → verify mocks → fix implementat
```
agents/ — 60 specialized subagents
skills/ — 231 workflow skills and domain knowledge
skills/ — 232 workflow skills and domain knowledge
commands/ — 75 slash commands
hooks/ — Trigger-based automations
rules/ — Always-follow guidelines (common + per-language)

98
README.md
View File

@@ -1,12 +1,12 @@
**Language:** English | [Português (Brasil)](docs/pt-BR/README.md) | [简体中文](README.zh-CN.md) | [繁體中文](docs/zh-TW/README.md) | [日本語](docs/ja-JP/README.md) | [한국어](docs/ko-KR/README.md) | [Türkçe](docs/tr/README.md) | [Русский](docs/ru/README.md) | [Tiếng Việt](docs/vi-VN/README.md) | [ไทย](docs/th/README.md)
# Everything Claude Code
# ECC
![Everything Claude Code — the performance system for AI agent harnesses](assets/hero.png)
![ECC - the harness-native operator system for agentic work](assets/hero.png)
[![Stars](https://img.shields.io/github/stars/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/stargazers)
[![Forks](https://img.shields.io/github/forks/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/network/members)
[![Contributors](https://img.shields.io/github/contributors/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/graphs/contributors)
[![Stars](https://img.shields.io/github/stars/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/stargazers)
[![Forks](https://img.shields.io/github/forks/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/network/members)
[![Contributors](https://img.shields.io/github/contributors/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/graphs/contributors)
[![npm ecc-universal](https://img.shields.io/npm/dw/ecc-universal?label=ecc-universal%20weekly%20downloads&logo=npm)](https://www.npmjs.com/package/ecc-universal)
[![npm ecc-agentshield](https://img.shields.io/npm/dw/ecc-agentshield?label=ecc-agentshield%20weekly%20downloads&logo=npm)](https://www.npmjs.com/package/ecc-agentshield)
[![GitHub App Install](https://img.shields.io/badge/GitHub%20App-150%20installs-2ea44f?logo=github)](https://github.com/marketplace/ecc-tools)
@@ -34,7 +34,7 @@
---
**The performance optimization system for AI agent harnesses. From an Anthropic hackathon winner.**
**The harness-native operator system for agentic work. From an Anthropic hackathon winner.**
Not just configs. A complete system: skills, instincts, memory optimization, continuous learning, security scanning, and research-first development. Production-ready agents, skills, hooks, rules, MCP configurations, and legacy command shims evolved over 10+ months of intensive daily use building real products.
@@ -59,7 +59,7 @@ ECC v2.0.0-rc.1 adds the public Hermes operator story on top of that reusable la
</a>
</td>
<td width="25%" align="center">
<a href="https://github.com/affaan-m/everything-claude-code/discussions">
<a href="https://github.com/affaan-m/ECC/discussions">
<strong>Community</strong>
<br />
<sub>Discussions · Q&amp;A · Show & Tell</sub>
@@ -123,7 +123,7 @@ This repo is the raw code only. The guides explain everything.
### v2.0.0-rc.1 — Surface Refresh, Operator Workflows, and ECC 2.0 Alpha (Apr 2026)
- **Dashboard GUI** — New Tkinter-based desktop application (`ecc_dashboard.py` or `npm run dashboard`) with dark/light theme toggle, font customization, and project logo in header and taskbar.
- **Public surface synced to the live repo** — metadata, catalog counts, plugin manifests, and install-facing docs now match the actual OSS surface: 60 agents, 231 skills, and 75 legacy command shims.
- **Public surface synced to the live repo** — metadata, catalog counts, plugin manifests, and install-facing docs now match the actual OSS surface: 60 agents, 232 skills, and 75 legacy command shims.
- **Operator and outbound workflow expansion** — `brand-voice`, `social-graph-ranker`, `connections-optimizer`, `customer-billing-ops`, `ecc-tools-cost-audit`, `google-workspace-ops`, `project-flow-ops`, and `workspace-surface-audit` round out the operator lane.
- **Media and launch tooling** — `manim-video`, `remotion-video-creation`, and upgraded social publishing surfaces make technical explainers and launch content part of the same system.
- **Framework and product surface growth** — `nestjs-patterns`, richer Codex/OpenCode install surfaces, and expanded cross-harness packaging keep the repo usable beyond Claude Code alone.
@@ -172,7 +172,7 @@ This repo is the raw code only. The guides explain everything.
### v1.4.1 — Bug Fix (Feb 2026)
- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/everything-claude-code/issues/148), [#161](https://github.com/affaan-m/everything-claude-code/pull/161))
- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/ECC/issues/148), [#161](https://github.com/affaan-m/ECC/pull/161))
### v1.4.0 — Multi-Language Rules, Installation Wizard & PM2 (Feb 2026)
@@ -196,7 +196,7 @@ This repo is the raw code only. The guides explain everything.
- **Session management** — `/sessions` command for session history
- **Continuous learning v2** — Instinct-based learning with confidence scoring, import/export, evolution
See the full changelog in [Releases](https://github.com/affaan-m/everything-claude-code/releases).
See the full changelog in [Releases](https://github.com/affaan-m/ECC/releases).
---
@@ -265,7 +265,7 @@ npx ecc install --profile minimal --target claude --with capability:machine-lear
```bash
# Add marketplace
/plugin marketplace add https://github.com/affaan-m/everything-claude-code
/plugin marketplace add https://github.com/affaan-m/ECC
# Install plugin
/plugin install ecc@ecc
@@ -275,7 +275,7 @@ npx ecc install --profile minimal --target claude --with capability:machine-lear
ECC now has three public identifiers, and they are not interchangeable:
- GitHub source repo: `affaan-m/everything-claude-code`
- GitHub source repo: `affaan-m/ECC`
- Claude marketplace/plugin identifier: `ecc@ecc`
- npm package: `ecc-universal`
@@ -295,8 +295,8 @@ This is intentional. Anthropic marketplace/plugin installs are keyed by a canoni
```bash
# Clone the repo first
git clone https://github.com/affaan-m/everything-claude-code.git
cd everything-claude-code
git clone https://github.com/affaan-m/ECC.git
cd ECC
# Install dependencies (pick your package manager)
npm install # or: pnpm install | yarn install | bun install
@@ -392,7 +392,7 @@ If you stacked methods, clean up in this order:
/plugin list ecc@ecc
```
**That's it!** You now have access to 60 agents, 231 skills, and 75 legacy command shims.
**That's it!** You now have access to 60 agents, 232 skills, and 75 legacy command shims.
### Dashboard GUI
@@ -494,7 +494,7 @@ Windows PowerShell:
This repo is a **Claude Code plugin** - install it directly or copy components manually.
```
everything-claude-code/
ECC/
|-- .claude-plugin/ # Plugin and marketplace manifests
| |-- plugin.json # Plugin metadata and component paths
| |-- marketplace.json # Marketplace catalog for /plugin marketplace add
@@ -812,7 +812,7 @@ Claude Code v2.1+ **automatically loads** `hooks/hooks.json` from any installed
Duplicate hooks file detected: ./hooks/hooks.json resolves to already-loaded file
```
**History:** This has caused repeated fix/revert cycles in this repo ([#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103)). The behavior changed between Claude Code versions, leading to confusion. We now have a regression test to prevent this from being reintroduced.
**History:** This has caused repeated fix/revert cycles in this repo ([#29](https://github.com/affaan-m/ECC/issues/29), [#52](https://github.com/affaan-m/ECC/issues/52), [#103](https://github.com/affaan-m/ECC/issues/103)). The behavior changed between Claude Code versions, leading to confusion. We now have a regression test to prevent this from being reintroduced.
---
@@ -824,7 +824,7 @@ The easiest way to use this repo - install as a Claude Code plugin:
```bash
# Add this repo as a marketplace
/plugin marketplace add https://github.com/affaan-m/everything-claude-code
/plugin marketplace add https://github.com/affaan-m/ECC
# Install the plugin
/plugin install ecc@ecc
@@ -838,7 +838,7 @@ Or add directly to your `~/.claude/settings.json`:
"ecc": {
"source": {
"source": "github",
"repo": "affaan-m/everything-claude-code"
"repo": "affaan-m/ECC"
}
}
},
@@ -854,20 +854,21 @@ This gives you instant access to all commands, agents, skills, and hooks.
>
> ```bash
> # Clone the repo first
> git clone https://github.com/affaan-m/everything-claude-code.git
> git clone https://github.com/affaan-m/ECC.git
> cd ECC
>
> # Option A: User-level rules (applies to all projects)
> mkdir -p ~/.claude/rules/ecc
> cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/ # pick your stack
> cp -r everything-claude-code/rules/python ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/golang ~/.claude/rules/ecc/
> cp -r everything-claude-code/rules/php ~/.claude/rules/ecc/
> cp -r rules/common ~/.claude/rules/ecc/
> cp -r rules/typescript ~/.claude/rules/ecc/ # pick your stack
> cp -r rules/python ~/.claude/rules/ecc/
> cp -r rules/golang ~/.claude/rules/ecc/
> cp -r rules/php ~/.claude/rules/ecc/
>
> # Option B: Project-level rules (applies to current project only)
> mkdir -p .claude/rules/ecc
> cp -r everything-claude-code/rules/common .claude/rules/ecc/
> cp -r everything-claude-code/rules/typescript .claude/rules/ecc/ # pick your stack
> cp -r rules/common .claude/rules/ecc/
> cp -r rules/typescript .claude/rules/ecc/ # pick your stack
> ```
---
@@ -878,34 +879,35 @@ If you prefer manual control over what's installed:
```bash
# Clone the repo
git clone https://github.com/affaan-m/everything-claude-code.git
git clone https://github.com/affaan-m/ECC.git
cd ECC
# Copy agents to your Claude config
cp everything-claude-code/agents/*.md ~/.claude/agents/
cp agents/*.md ~/.claude/agents/
# Copy rules directories (common + language-specific)
mkdir -p ~/.claude/rules/ecc
cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/ # pick your stack
cp -r everything-claude-code/rules/python ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/golang ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/php ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/arkts ~/.claude/rules/ecc/
cp -r rules/common ~/.claude/rules/ecc/
cp -r rules/typescript ~/.claude/rules/ecc/ # pick your stack
cp -r rules/python ~/.claude/rules/ecc/
cp -r rules/golang ~/.claude/rules/ecc/
cp -r rules/php ~/.claude/rules/ecc/
cp -r rules/arkts ~/.claude/rules/ecc/
# Copy skills first (primary workflow surface)
# Recommended (new users): core/general skills only
mkdir -p ~/.claude/skills/ecc
cp -r everything-claude-code/.agents/skills/* ~/.claude/skills/ecc/
cp -r everything-claude-code/skills/search-first ~/.claude/skills/ecc/
cp -r .agents/skills/* ~/.claude/skills/ecc/
cp -r skills/search-first ~/.claude/skills/ecc/
# Optional: add niche/framework-specific skills only when needed
# for s in django-patterns django-tdd laravel-patterns springboot-patterns quarkus-patterns; do
# cp -r everything-claude-code/skills/$s ~/.claude/skills/ecc/
# cp -r skills/$s ~/.claude/skills/ecc/
# done
# Optional: keep maintained slash-command compatibility during migration
mkdir -p ~/.claude/commands
cp everything-claude-code/commands/*.md ~/.claude/commands/
cp commands/*.md ~/.claude/commands/
# Retired shims live in legacy-command-shims/commands/.
# Copy individual files from there only if you still need old names such as /tdd.
@@ -1083,7 +1085,7 @@ This shows all available agents, commands, and skills from the plugin.
<details>
<summary><b>My hooks aren't working / I see "Duplicate hooks file" errors</b></summary>
This is the most common issue. **Do NOT add a `"hooks"` field to `.claude-plugin/plugin.json`.** Claude Code v2.1+ automatically loads `hooks/hooks.json` from installed plugins. Explicitly declaring it causes duplicate detection errors. See [#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103).
This is the most common issue. **Do NOT add a `"hooks"` field to `.claude-plugin/plugin.json`.** Claude Code v2.1+ automatically loads `hooks/hooks.json` from installed plugins. Explicitly declaring it causes duplicate detection errors. See [#29](https://github.com/affaan-m/ECC/issues/29), [#52](https://github.com/affaan-m/ECC/issues/52), [#103](https://github.com/affaan-m/ECC/issues/103).
</details>
<details>
@@ -1128,11 +1130,11 @@ Yes. Use Option 2 (manual installation) and copy only what you need:
```bash
# Just agents
cp everything-claude-code/agents/*.md ~/.claude/agents/
cp agents/*.md ~/.claude/agents/
# Just rules
mkdir -p ~/.claude/rules/ecc/
cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
cp -r rules/common ~/.claude/rules/ecc/
```
Each component is fully independent.
@@ -1145,7 +1147,7 @@ Yes. ECC is cross-platform:
- **Cursor**: Pre-translated configs in `.cursor/`. See [Cursor IDE Support](#cursor-ide-support).
- **Gemini CLI**: Experimental project-local support via `.gemini/GEMINI.md` and shared installer plumbing.
- **OpenCode**: Full plugin support in `.opencode/`. See [OpenCode Support](#opencode-support).
- **Codex**: First-class support for both macOS app and CLI, with adapter drift guards and SessionStart fallback. See PR [#257](https://github.com/affaan-m/everything-claude-code/pull/257).
- **Codex**: First-class support for both macOS app and CLI, with adapter drift guards and SessionStart fallback. See PR [#257](https://github.com/affaan-m/ECC/pull/257).
- **GitHub Copilot (VS Code)**: Instruction and prompt layer via `.github/copilot-instructions.md`, `.vscode/settings.json`, and `.github/prompts/`. See [GitHub Copilot Support](#github-copilot-support).
- **Antigravity**: Tightly integrated setup for workflows, skills, and flattened rules in `.agent/`. See [Antigravity Guide](docs/ANTIGRAVITY-GUIDE.md).
- **JoyCode / CodeBuddy**: Project-local selective install adapters for commands, agents, skills, and flattened rules. See [JoyCode Adapter Guide](docs/JOYCODE-GUIDE.md).
@@ -1423,7 +1425,7 @@ The configuration is automatically detected from `.opencode/opencode.json`.
|---------|-------------|----------|--------|
| Agents | PASS: 60 agents | PASS: 12 agents | **Claude Code leads** |
| Commands | PASS: 75 commands | PASS: 35 commands | **Claude Code leads** |
| Skills | PASS: 231 skills | PASS: 37 skills | **Claude Code leads** |
| Skills | PASS: 232 skills | PASS: 37 skills | **Claude Code leads** |
| Hooks | PASS: 8 event types | PASS: 11 events | **OpenCode has more!** |
| Rules | PASS: 29 rules | PASS: 13 instructions | **Claude Code leads** |
| MCP Servers | PASS: 14 servers | PASS: Full | **Full parity** |
@@ -1488,7 +1490,7 @@ OpenCode's plugin system is MORE sophisticated than Claude Code with 20+ event t
**Option 1: Use directly**
```bash
cd everything-claude-code
cd ECC
opencode
```
@@ -1585,7 +1587,7 @@ ECC is the **first plugin to maximize every major AI coding tool**. Here's how e
|---------|------------|------------|-----------|----------|----------------|
| **Agents** | 60 | Shared (AGENTS.md) | Shared (AGENTS.md) | 12 | N/A |
| **Commands** | 75 | Shared | Instruction-based | 35 | 6 prompts |
| **Skills** | 231 | Shared | 10 (native format) | 37 | Via instructions |
| **Skills** | 232 | Shared | 10 (native format) | 37 | Via instructions |
| **Hook Events** | 8 types | 15 types | None yet | 11 types | None |
| **Hook Scripts** | 20+ scripts | 16 scripts (DRY adapter) | N/A | Plugin hooks | N/A |
| **Rules** | 34 (common + lang) | 34 (YAML frontmatter) | Instruction-based | 13 instructions | 1 always-on file |
@@ -1717,7 +1719,7 @@ These configs work for my workflow. You should:
## Community Projects
Projects built on or inspired by Everything Claude Code:
Projects built on or inspired by ECC:
| Project | Description |
|---------|-------------|
@@ -1738,7 +1740,7 @@ This project is free and open source. Sponsors help keep it maintained and growi
## Star History
[![Star History Chart](https://api.star-history.com/svg?repos=affaan-m/everything-claude-code&type=Date)](https://star-history.com/#affaan-m/everything-claude-code&Date)
[![Star History Chart](https://api.star-history.com/svg?repos=affaan-m/ECC&type=Date)](https://star-history.com/#affaan-m/ECC&Date)
---

2
README.zh-CN.md
View File

@@ -160,7 +160,7 @@ Copy-Item -Recurse rules/typescript "$HOME/.claude/rules/"
/plugin list ecc@ecc
```
**完成!** 你现在可以使用 60 个代理、231 个技能和 75 个命令。
**完成!** 你现在可以使用 60 个代理、232 个技能和 75 个命令。
### multi-* 命令需要额外配置

2
agent.yaml
View File

@@ -1,5 +1,5 @@
spec_version: "0.1.0"
name: everything-claude-code
name: ecc
version: 2.0.0-rc.1
description: "Initial gitagent export surface for ECC's shared skill catalog, governance, and identity. Native agents, commands, and hooks remain authoritative in the repository while manifest coverage expands."
author: affaan-m

27
commands/harness-audit.md
View File

@@ -24,9 +24,9 @@ node scripts/harness-audit.js <scope> --format <text|json> [--root <path>]
This script is the source of truth for scoring and checks. Do not invent additional dimensions or ad-hoc points.
Rubric version: `2026-03-30`.
Rubric version: `2026-05-19`.
The script computes 7 fixed categories (`0-10` normalized each):
The script computes up to 12 fixed categories (`0-10` normalized each). The first seven are always applicable; GitHub Integration is always applicable; deploy-target categories are applicable only when a matching marker is detected.
1. Tool Coverage
2. Context Efficiency
@@ -35,6 +35,11 @@ The script computes 7 fixed categories (`0-10` normalized each):
5. Eval Coverage
6. Security Guardrails
7. Cost Efficiency
8. GitHub Integration
9. Vercel Integration *(when `vercel.json` or `.vercel/` is present)*
10. Netlify Integration *(when `netlify.toml` or `.netlify/` is present)*
11. Cloudflare Integration *(when `wrangler.toml` or `wrangler.jsonc` is present)*
12. Fly Integration *(when `fly.toml` is present)*
Scores are derived from explicit file/rule checks and are reproducible for the same commit.
The script audits the current working directory by default and auto-detects whether the target is the ECC repo itself or a consumer project using ECC.
@@ -43,11 +48,12 @@ The script audits the current working directory by default and auto-detects whet
Return:
1. `overall_score` out of `max_score` (70 for `repo`; smaller for scoped audits)
2. Category scores and concrete findings
3. Failed checks with exact file paths
4. Top 3 actions from the deterministic output (`top_actions`)
5. Suggested ECC skills to apply next
1. `overall_score` out of `max_score`. `max_score` depends on which categories are applicable to the target; never assume a fixed total.
2. `applicable_categories[]` and `category_count` describing which categories contributed.
3. Category scores and concrete findings.
4. Failed checks with exact file paths.
5. Top 3 actions from the deterministic output (`top_actions`).
6. Suggested ECC skills to apply next.
## Checklist
@@ -59,14 +65,15 @@ Return:
## Example Result
```text
Harness Audit (repo): 66/70
Harness Audit (repo, repo): 71/80
- Tool Coverage: 10/10 (10/10 pts)
- Context Efficiency: 9/10 (9/10 pts)
- Quality Gates: 10/10 (10/10 pts)
- GitHub Integration: 2/10 (2/10 pts)
Top 3 Actions:
1) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
2) [Tool Coverage] Sync commands/harness-audit.md and .opencode/commands/harness-audit.md. (.opencode/commands/harness-audit.md)
1) [GitHub Integration] Add at least one workflow under .github/workflows/. (.github/workflows/)
2) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json)
3) [Eval Coverage] Increase automated test coverage across scripts/hooks/lib. (tests/)
```

434
docs/ECC-2.0-GA-ROADMAP.md
View File

@@ -12,48 +12,217 @@ execution truth is split across:
- merged PR evidence;
- handoffs under `~/.cluster-swarm/handoffs/`.
The May 19 release/growth execution map lives at
[`docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md`](releases/2.0.0/ecc-2-hypergrowth-release-command-center.md).
It is the operator surface for the final ECC 2.0 repo identity, video suite,
partner/sponsor funnel, consulting/talk funnel, and social launch plan.
## 2026-05-20 Delta
- The tracked platform audit is still green on May 20 with 0 open PRs,
0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps,
0 conflicting PRs, and 0 blocking dirty files across `affaan-m/ECC`,
`affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and
`ECC-Tools/ECC-website`.
- The new #2015 setup-location Q&A was answered and marked accepted. The
answer keeps install guidance conservative: do not install into `C:\`; use a
normal workspace, install the `ecc@ecc` Claude plugin once, copy only needed
rule folders when using manual rules, and avoid stacking plugin plus full
manual install.
- ECC-Tools PRs #80-#88 landed the next hosted-platform batch: runtime
receipts now require failure reasons; AgentShield fleet approval IDs survive
hosted security review and render into comments/check-runs; Linear follow-up
sync reuses deterministic external IDs; hosted AgentShield remediation items
sync to Linear; hosted job observability events are emitted for queued,
completed, blocked, failed, and budget-blocked states; and both hosted job
status comments and hosted depth-plan check-runs read back recent
observability/budget events. PR #88 adds the authenticated observability API
readback for operator dashboards and production smoke tests.
- AgentShield PR #94 landed the next cross-harness adapter slice: Zed and
VS Code are first-class adapter detections, `.zed/settings.json` and
`.zed/tasks.json` are discoverable scan inputs, and `.zed/setup.mjs` now
trips the same AI-tool persistence IOC rule as `.vscode/setup.mjs`.
- AgentShield PR #95 cleared the remaining default-branch Dependabot alert by
moving transitive `brace-expansion` 5.x lockfile entries to `5.0.6`; the
post-merge Dependabot open-alert API now returns `[]`, and local
`npm audit --audit-level=moderate` returns 0 vulnerabilities.
- ECC PR #2019 merged the Marketplace Pro selected-target release-gate sync
into this repo as `30f60710d4e0424fc70d9bbdc105009db141d9d8`. The post-merge
main CI run `26135974576` completed green across lint, coverage, security,
validation, and the full OS/package-manager matrix.
- ECC PR #2020 merged the selected-target announcement-gate mirror as
`c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`. The post-merge main CI run
`26136949698` completed green across lint, coverage, security, validation,
and the full OS/package-manager matrix.
- ECC-Tools PR #90 added the selected-target official announcement gate for
`billing:announcement-gate -- --select-ready-target`; safe production
preflight no longer requires a raw GitHub login and now blocks only on the
local/internal `INTERNAL_API_SECRET` input before live execution.
- ECC-Tools PR #91 added `--env-file` support to both billing gate scripts so
ignored local operator credential files can supply `INTERNAL_API_SECRET`,
Cloudflare auth, Wrangler auth mode, or target fallbacks without printing
secret contents. Verify, Security Audit, and Workers Builds passed before
merge as `72119a1`, and main CI run `26137280847` completed successfully after
merge.
- ECC-Tools PR #92 added a non-breaking `INTERNAL_OPERATOR_API_SECRET` bearer
accepted by privileged internal API routes without rotating the existing
`INTERNAL_API_SECRET`; Verify, Security Audit, and Workers Builds passed
before merge as `18d80197be779619283e0b37e2952bac53819a07`, and the merged
Worker was deployed to `api.ecc.tools`.
- The May 20 live native-payments gate now passes: the vault-backed Wrangler
readback selected a ready Marketplace Pro target with fingerprint
`e953a74209fe`, both key families present, webhook evidence ready, 0 KV
blockers, and the official
`npm run billing:announcement-gate -- --select-ready-target` returned
`announcementGateReady: true`, 0 required actions, 0 blockers, and audit
summary 6 pass / 1 warn / 0 fail through the new operator bearer path.
- ECC-Tools PR #93 recorded that live billing evidence in the app launch
checklist and distribution roadmap as
`d3d62df83fa075660fa4530c3e0edc311a4355fe`; public native-payments copy is no
longer blocked by billing evidence, but publication timing remains behind the
final release, plugin, live URL, and owner-approval gates.
- Linear ITO-54 and the ECC Platform Roadmap now have the May 20 ECC-Tools
hosted observability update comments
`74dcc101-3be5-4173-be13-62b80d54f569` and
`348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5`, after earlier PR #84/#85 comments
recorded remediation sync and hosted observability events. PR #88 is recorded
in Linear comments `291e2a4b-06e3-4672-a057-cdb141478161` and
`b2d35de0-ca49-44cb-982a-ddec229e7691`; AgentShield #94 is recorded in
ITO-49 comment `faed69dd-35f5-469d-acb5-ddde6a70d6a1` and project comment
`70187c1e-d481-4181-b418-09bd65d54b5e`; AgentShield #95 is recorded in
ITO-49 comment `371fc3e4-611f-4d20-a23f-67db1260b418`, ITO-57 comment
`bd06e252-15c1-4256-b667-caa3f64f5968`, and project comment
`22c2c388-2fd1-4dea-a939-6141f40c9a21`.
- Linear ITO-61 and the ECC Platform Roadmap now have the May 20 Marketplace
Pro release-gate comments `467d148a-712a-4777-aad9-95593e9f1739` and
`7642ee9c-3107-400c-a229-53e2895a8914`, recording ECC-Tools #89, ECC #2019,
the green post-merge CI run, and the remaining internal bearer-token gate.
The repo mirror now also records ECC-Tools #90 and #91 as the selected-target
announcement gate and billing gate env-file operator-path follow-up.
## 2026-05-19 Delta
- The public repo identity is now `affaan-m/ECC`; release, package, plugin,
workflow, and launch-copy surfaces should use that URL for current public
links.
- The late May 19 queue drain added the deterministic `release:approval-gate`
on ECC `main`, merged ECC-Tools billing-announcement redaction hardening, and
cleared the JARVIS Dependabot/deploy repair tail. The tracked platform audit
is now green with 0 open PRs, 0 open issues, and 0 discussion gaps across all
five tracked repos, but release/publication actions remain owner and live-URL
gated.
- The ECC 2.0 release story should lead with the product shape directly:
harness-native operator system, reusable skills/rules/hooks/MCP conventions,
`ecc2/` alpha control plane, Hermes as optional operator shell, and ECC Tools
Pro/Sponsors/consulting as the business surface.
- Copy should avoid presenting this as a repo rename or config-pack migration.
The release proof should show the system through install flow, cross-harness
demos, security evidence, hosted product evidence, and the video suite.
## Current Evidence
As of 2026-05-18:
As of 2026-05-20:
- GitHub queues are clean across `affaan-m/everything-claude-code`,
- GitHub queues are clean across `affaan-m/ECC`,
`affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and
`ECC-Tools/ECC-website`: the latest `platform-audit` sweep found 0 open PRs,
0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing
accepted answers, and 0 blocking dirty files when allowing the unrelated
local `docs/drafts/` directory. The May 18 sync also refreshed
`scripts/work-items.js sync-github` across all five tracked repos, leaving
no open or blocked local work items.
accepted answers, and 0 blocking dirty files. The current
`scripts/work-items.js list --json` output also reports `totalCount: 0`, so
there are no open or blocked local work items in the SQLite bridge.
- Owner-wide queue cleanup is also inside the requested budget:
`docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md` records the
live `gh search` sweep that closed 24 stale dependency-bot PRs and 72 stale
legacy payments/0EM roadmap issues, then closed the 9 remaining stale,
generated, conflicting, or test/noise PRs and the 5 remaining legacy,
outreach, or placeholder issues. The broader `affaan-m` owner namespace is
now at 0 open PRs and 0 open issues by live `gh search`. Archived repos
touched during closure were restored to archived state.
- GitHub discussions are current across those tracked repos:
`affaan-m/everything-claude-code` has 58 total discussions and 0 without
maintainer touch after May 15 maintainer updates on #73 and #1239; AgentShield,
`affaan-m/ECC` has 60 total discussions and 0 without
maintainer touch after the May 19 #2003 AURA integration proposal was routed
as an external-adapter proposal, not core wallet/escrow coupling, and the
May 20 #2015 setup-location Q&A was answered and accepted; AgentShield,
JARVIS, ECC Tools, and the ECC Tools website have discussions disabled or 0
total discussions.
total discussions. `docs/architecture/discussion-response-playbook.md` now
supplies the ITO-59 response categories, public templates, security-escalation
path, and readback rules for future discussion batches.
- The current Linear roadmap contains 16 issue lanes (`ITO-44` through
`ITO-59`) and five milestones: Security and Access Baseline, ECC 2.0 Preview
and Publication, AgentShield Enterprise Iteration, ECC Tools Next-Level
Platform, and Legacy Audit and Salvage.
- Linear live sync is current for the May 18 merge and supply-chain batch:
ITO-57 has a new current-head supply-chain protection comment
(`0b9931b9-1556-4ebc-a70c-f3635557625d`), and the ECC platform project has
a new operator progress comment (`e32e5b7a-287b-4bf4-9ed7-314389a157e1`).
Linear project status updates are disabled in this workspace, so the project
comment is the supported external status surface.
- Linear live sync is current for the May 19 PR #2002 merge and discussion
batch: the ECC platform project has the post-PR #2002 sync document
`ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment
`a6411e3a-8c8e-4a58-adba-687e77d4c543`, and issue comments on ITO-44,
ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56. ITO-47, ITO-48,
ITO-49, ITO-51, ITO-54, and ITO-56 were moved to In Progress because those
lanes now have current implementation/evidence and remaining gate/readback
work. ITO-57 still has the May 18 emergency supply-chain refresh comment
(`3fe5b2b7-c4fe-401c-a317-b40d72119cb3`). Linear project status updates are
disabled in this workspace, so project documents and comments are the
supported external status surface.
- The latest May 18 merge batch on `main` includes PR #1970 workflow-security
validator bypass fixes, PR #1971 metrics bridge cost-reporting and warning
de-dup fixes, PR #1972 `uncloud` skill activation structure, and
`3b7e0ba3` catalog/operator dashboard refresh.
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md` records the
May 18 queue-zero state, current-head TanStack/Mini Shai-Hulud protection
recheck, no-lifecycle npm install, npm audit/signature checks, AgentShield
project `.claude` scan, Linear sync, work-items sync, operator dashboard
refresh, and current-head Supply-Chain Watch success for `3b7e0ba3`.
- `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md`
de-dup fixes, PR #1972 `uncloud` skill activation structure, PR #1976
OpenAI/AstraFlow provider response guards, ECC-Tools Wrangler OAuth billing
readback mirror evidence, the `04d4d819` defensive-deny IOC scanner hardening
recheck, `7911af4a` release OIDC publishing-scope hardening, `97567a91`
release workflow line-ending normalization, and release evidence with a
refreshed operator dashboard.
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` records the
current May 19 queue-zero state, canonical ECC identity merge, release video
suite gate, partner/sponsor/talk outreach pack, owner approval packet
(`owner-approval-packet-2026-05-19.md`), current preview-pack smoke digest
`eebb8a66c33e`, local 2568-test suite, PR #2001 merge and GitHub Actions run
`26102500291` success, PR #2002's owner-approval dashboard gate refresh and
GitHub Actions run `26103853507`, PR #2004's Linear readiness evidence sync
and GitHub Actions run `26105012698`, plus PR #2005's post-PR #2004
evidence refresh and GitHub Actions run `26106321921`, PR #2008's supply-chain
evidence gate fix and GitHub Actions run `26108473648`, post-PR #2006 main CI
run `26109953093`, and PR #2009's project-registry hygiene GitHub Actions run
`26111313938`, post-PR #2009 main CI run `26111946778`, post-PR #2011
GateGuard main CI run `26113695068`, and post-PR #2013 release-approval-gate
main CI run `26128749863`. The late May 19 sync target also includes
ECC-Tools PR #79 billing-announcement redaction hardening and JARVIS PR #15
/ PR #16 queue/deploy repair, with JARVIS main CI, CodeQL, and Deploy green
after the workflow repair. The Linear external project status surface now has
both the post-PR #2002 sync document and the late-pass document
`ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, plus project
comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`. The supply-chain gate now
also records the `@types/node@25.7.0` pin and `brace-expansion` lock refresh
needed for current npm audit/signature verification.
- The May 20 ECC-Tools hosted-platform pass extends that evidence with PR #80
through PR #88, all merged after green GitHub Verify/Security Audit/Workers
Builds checks. Local validation for the final depth-plan observability slice
passed the focused hosted depth-plan route test, the full route suite
(89/89), typecheck, lint, full ECC-Tools Vitest suite (683/683), and
`git diff --check`. PR #88 additionally exposes authenticated hosted
observability readback at `/api/analysis/observability` for operator
dashboards and production smoke tests; its local verification passed
typecheck, lint, the full ECC-Tools Vitest suite (686/686), and
`git diff --check`.
- AgentShield PR #94 adds Zed and VS Code to the first-class adapter registry
after local verification with typecheck, lint, the focused core scanner/rule
tests, full `npm test` (1822 tests), `npm run build`, and `git diff --check`.
GitHub checks passed across GitGuardian, scan suite, self-scan,
self-scan examples, Node 18/20/22 CI, CodeRabbit, and Cubic after rerunning a
transient GitHub artifact-upload failure.
- AgentShield PR #95 resolves Dependabot #20 / `GHSA-jxxr-4gwj-5jf2` /
`CVE-2026-45149` by updating the vulnerable `brace-expansion` 5.x
transitive lockfile entries to `5.0.6`. Local validation passed
`npm audit --audit-level=moderate`, typecheck, lint, full `npm test`
(1822 tests), build, and whitespace checks; GitHub checks passed across
Verify Node 18/20/22, self-scan, self-scan examples, Test GitHub Action,
GitGuardian, CodeRabbit, and Cubic.
- `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md`
regenerates the ITO-44 prompt-to-artifact dashboard from live platform audit
evidence: PR queue, issue queue, discussion queue, local worktree gate,
dashboard generation, and supply-chain loop are current; publication, plugin,
billing, AgentShield, ECC Tools, legacy, and Linear/productized sync lanes
remain the next work.
dashboard generation, and supply-chain loop are current; the dashboard now
also tracks the `$1,728/mo` to `$10,000/mo` hypergrowth baseline, release
video-suite lane, partner/sponsor/talk outbound pack, and owner approval
packet; publication, plugin, billing, AgentShield, ECC Tools, Linear release
gate sync, and final outbound approval remain the next work.
- `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` records the
May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript
and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack
@@ -73,11 +242,11 @@ As of 2026-05-18:
finding evidence paths, ECC-Tools #78 harness policy-route linking, PR #1947
supply-chain protection, and May 16 release-evidence
refresh.
- `npm run harness:audit -- --format json` reports 70/70 on current `main`.
- `npm run harness:audit -- --format json` reports 80/80 on current `main`.
- `npm run observability:ready` reports 21/21 readiness on current `main`,
including the GitHub/Linear/handoff/roadmap progress-sync contract.
- GitHub CI run `26009328404` completed successfully for
`3b7e0ba30a027ffd3319c2f145c63076c296d80a`, including Validate Components,
- GitHub CI run `26017368895` completed successfully for
`04d4d81938b20ac2bac1f0025145ab77d6a59f5f`, including Validate Components,
Coverage, Lint, Security Scan, and the full Node/package-manager matrix.
- Supply-Chain Watch run `26009825837` completed successfully for
`3b7e0ba30a027ffd3319c2f145c63076c296d80a`, including no-lifecycle install,
@@ -282,18 +451,100 @@ As of 2026-05-18:
pass the announcement gate yet.
- ECC-Tools commit `95d0bec69dbcf364ed084e983a40d0a94d443d16`
adds repeatable aggregate production KV readback with
`npm run billing:kv-readback`: the latest run found 252
`account-billing:*` records and 252 `billing-state:*` records, but 0
`npm run billing:kv-readback`: the latest API-authenticated run found 253
`account-billing:*` records and 253 `billing-state:*` records, but 0
Marketplace-managed Pro `billing-state:*` records, so native-payments copy
remains blocked until `--require-ready` and the official internal
announcement gate pass.
- ECC-Tools commit `285967807ea7b5eb3146bc984fb2229db67d4290`
requires GitHub Marketplace webhook provenance on Pro billing-state records
before native-payments announcement readiness can pass. The CI run
`26013559229` succeeded for the pushed head, but live readback is still
blocked until the Cloudflare credential in the vault is replaced with a
valid token or key/email pair and a real Marketplace-managed Pro webhook
creates billing-state provenance.
`26013559229` succeeded for the pushed head.
- ECC-Tools commit `42653f9140c232961280d961ed76a6142433cfa1`
adds `npm run billing:kv-readback -- --wrangler` so operators can run the
aggregate production KV readback through an authenticated Wrangler OAuth
session instead of requiring a separate Cloudflare API token/global key. CI
run `26016223013` succeeded, and the latest live readback found 253
`account-billing:*` records and 253 `billing-state:*` records with 194
marketplace/free states, 59 Stripe/pro states, 0 Marketplace Pro states, 0
ready-like Marketplace Pro states, and 0 parse failures. Native-payments
copy remains blocked until a real Marketplace-managed Pro webhook creates
billing-state provenance and `--require-ready` plus the official internal
announcement gate pass.
- ECC-Tools commit `632e059e51b6e1297ba118807c8b5b2adbac74ce`
adds target account billing readback with `npm run billing:kv-readback -- --account <github-login> --require-ready`.
The report redacts the account login and raw KV keys, emits only a stable
fingerprint plus sanitized readiness booleans, and now requires both
`account-billing:<login>` and `billing-state:<login>` before a target
Marketplace Pro test account can pass the native-payments announcement
readback gate. CI run `26018941515` succeeded. The 2026-05-18 live recheck
split out Linear ITO-61 for the target-account blocker.
- ECC-Tools commit `d5f60db` adds sanitized Marketplace-source provenance
counts to `npm run billing:kv-readback`, including
`marketplaceSourceRecords`, `marketplaceSourceWithWebhookEvidence`,
`marketplaceSourceWithoutWebhookEvidence`, `byMarketplacePlanName`, and
`byMarketplaceEventAction`. The 2026-05-18 live Wrangler OAuth readback now
works and found 256 account-billing records, 256 billing-state records, 197
Marketplace-source records, 59 Stripe-source records, 53 Pro records, 0
Marketplace Pro records, 4 Marketplace webhook-provenance records, all
`Open Source` purchases, and 193 Marketplace-source records without webhook
provenance. Native-payments copy remains blocked by Linear ITO-61 until a
real Marketplace-managed Pro webhook creates target account provenance and
`billing:kv-readback -- --wrangler --wrangler-bin ./node_modules/.bin/wrangler --account <github-login> --require-ready`
plus the official internal announcement gate pass.
- ECC-Tools commit `13cd3fc` normalizes billing-state key casing so
Marketplace webhook writes and announcement readbacks agree on GitHub login
case; current-head CI `26037611421` passed. The code-side readback hardening
remains green, but it does not create live Marketplace Pro state.
- ECC-Tools commit `69ca535` surfaces hosted team-learning feedback controls:
harness compatibility and team-backlog routing now show retention days,
deletion route/SLA, and opt-out route before adaptive recommendations are
routed into team-owned queues. Linear ITO-52 is Done with CI `26054455434`.
- ECC-Tools commit `e56fc1a` updates the lockfile for
`brace-expansion@5.0.6` and fixed Dependabot alert 44 for CVE-2026-45149;
GitHub API reported `state: fixed` at `2026-05-18T19:10:15Z` and current-head
CI `26054671308` passed.
- ECC-Tools PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a`
and adds
`npm run billing:kv-readback -- --select-ready-target --require-ready` so
operators can prove a ready Marketplace Pro account without passing or
printing the login. The 2026-05-20 production Wrangler OAuth readback found
ready-like Marketplace Pro records with webhook provenance and 0 parse
failures. The selected target report printed only a stable fingerprint,
confirmed both key families, `marketplace` source, `pro` tier, seat ready,
webhook evidence ready, automatic overage disabled, and 0 blockers. The old
"no Marketplace-managed Pro target billing-state" blocker is cleared. Linear
comment `f14ed2fe-a219-470c-8119-63429e197027` records the redacted readback
counts.
- ECC-Tools PR #90 merged as
`16a5bb33ee5ce7c31d2ad8d041e5afac03308f05` after Verify, Security Audit,
and Workers Builds passed. It adds the selected-target official announcement
gate through `/api/billing/readiness?selectReadyTarget=1` and
`npm run billing:announcement-gate -- --select-ready-target`, so operators no
longer need to pass or print a raw GitHub login for the official
native-payments gate. The 2026-05-20 safe production preflight requested a
selected ready target and narrowed the remaining blocker to the missing
local/internal `INTERNAL_API_SECRET` bearer token. Native-payments copy remains
blocked until that token path is available and the live
`billing:announcement-gate -- --select-ready-target` call passes.
- ECC-Tools PR #91 merged as `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`
after Verify, Security Audit, and Workers Builds passed. It adds the billing
gate env-file operator path with `--env-file` support for the announcement
gate and KV readback scripts, plus sentinel tests proving loaded secrets and
account logins are not printed.
- ECC-Tools PR #92 merged as `18d80197be779619283e0b37e2952bac53819a07` after
Verify, Security Audit, and Workers Builds passed. It adds the optional
`INTERNAL_OPERATOR_API_SECRET` recovery bearer so operators can run privileged
internal readiness gates without replacing the primary `INTERNAL_API_SECRET`;
the merged Worker was deployed to `api.ecc.tools` before the live gate run.
- ECC-Tools PR #93 merged as `d3d62df83fa075660fa4530c3e0edc311a4355fe` after
Verify, Security Audit, and Workers Builds passed. It records the live
2026-05-20 billing evidence in the app launch checklist and roadmap:
selected ready Marketplace Pro target, fingerprint `e953a74209fe`, 0 KV
blockers, preflight ready, `announcementGateReady: true`, 0 required actions,
0 blockers, and audit summary 6 pass / 1 warn / 0 fail. Native-payments copy
is no longer blocked by billing evidence, but final announcement timing still
requires the release, plugin, live URL, and owner-approval gates.
- Handoff `ecc-supply-chain-audit-20260513-0645.md` under
`~/.cluster-swarm/handoffs/`
records the May 13 supply-chain sweep: no active lockfile/manifest hit for
@@ -552,6 +803,44 @@ As of 2026-05-18:
fleet summaries are collected as harness evidence, target paths are mapped to
Claude, Codex, OpenCode, MCP, plugin, and cross-harness owners, and routed
findings carry source evidence paths for operator review.
- ECC-Tools PR #79 merged as `67ee247ae1b7b50ecc1261ed5d62d65cc8390da8`
and redacts billing announcement gate account output: the billing preflight
and live readback now print stable account fingerprints and sanitized
readiness booleans instead of raw account logins or KV key names.
- ECC-Tools PR #80 merged as `4efc8cc858022f84c844690f3298633b081c4398`
and requires runtime receipt failure reasons before harness runtime receipts
can count as hosted observability evidence.
- ECC-Tools PR #81 merged as `1fbf635f492284f75ba7166c029c39eb8cc15794`
and preserves AgentShield fleet approval IDs through hosted security review
so policy-promotion follow-ups keep owner-review identity stable.
- ECC-Tools PR #82 merged as `7a7b4d096a176ae80b3a2076c09d45601e36013a`
and renders AgentShield fleet approval IDs in hosted comments and check-runs,
giving operators a direct bridge from hosted security review back to
AgentShield policy-promotion review items.
- ECC-Tools PR #83 merged as `b6b107f33961bef18a85fb619f3a976eb5d752dd`
and makes Linear follow-up sync reuse deterministic external IDs before title
fallback, preventing duplicate deferred backlog issues during repeated
`/ecc-tools followups sync-linear` runs.
- ECC-Tools PR #84 merged as `73bac7058071c55cb30c6b8ac6db779b3660c02c`
and syncs hosted AgentShield remediation items to Linear when the workspace
token/team are configured; hosted result comments now include created/reused
Linear remediation links.
- ECC-Tools PR #85 merged as `1637e0f2bfa0a889387f2c20675680ccc5528123`
and emits hosted job observability events for queued, completed, blocked,
failed, and budget-blocked states into `ANALYSIS_CACHE`, including budget
snapshots and result counts.
- ECC-Tools PR #86 merged as `5a9e94d3ff860307c3e7fd9fd065f0de2bd633dd`
and reads recent hosted observability events in
`/ecc-tools analyze --job status`, so status comments show budget snapshots,
blocked results, and budget-blocked outcomes alongside latest job runs.
- ECC-Tools PR #87 merged as `508fbc02b63cf1fcb5af2f3624608fa66e53b5d4`
and adds the same hosted observability readback to hosted depth-plan
check-runs, keeping the PR check surface aligned with status comments.
- ECC-Tools PR #88 merged as `c836ac3fb24ed7e2ae38cd61e41c9651ac9c00f8`
and exposes authenticated hosted observability API readback at
`/api/analysis/observability`, summarizing recent hosted events by event type
and job while skipping malformed stale KV records. The deployment runbook now
includes the production smoke command for operator/dashboard readback.
- AgentShield PR #90 merged as `6d1c57c92000541d65a3b6bc366f0322d7d0dacc`
and adds durable fleet `reviewItems`: `agentshield evidence-pack fleet --json`
now returns owner-ready review items with route, severity, repository/target
@@ -568,6 +857,16 @@ As of 2026-05-18:
policy SHA-256 digest, rejects tampered policy JSON, requires explicit pack
selection for multi-pack manifests, and supports dry-run JSON review before
writing the active `.agentshield/policy.json`.
- AgentShield PR #94 merged as `4caee27acfadb50a4cd024e738b5c3cbd4b0bb03`
and adds editor-native adapter coverage for Zed and VS Code. Zed
`.zed/settings.json`, `.zed/tasks.json`, and `.zed` hook-code files are now
scan inputs, adapter reports expose Zed MCP/tool-permission/task metadata and
VS Code workspace/task/extension metadata, and `.zed/setup.mjs` is covered by
the AI-tool persistence IOC rule.
- AgentShield PR #95 merged as `25d91f0002214c408da4ceaac7def20bad40ca10`
and clears the `brace-expansion` Dependabot alert. The lockfile now resolves
the vulnerable transitive 5.x copies to `5.0.6`; the remaining 1.x copy is
outside the advisory range.
- AgentShield main commit `87aec47fb55d04ea28d494852d4f664c268c5601`
extends policy promotion with durable `reviewItems` for manifest digest
evidence, policy-owner approval, protected rollout PR handoff, and runtime
@@ -633,7 +932,7 @@ As of 2026-05-18:
- Keep public PRs and issues below 20, with zero as the preferred release-lane
target.
- Maintain 70/70 harness audit and 21/21 observability readiness after every
- Maintain 80/80 harness audit and 21/21 observability readiness after every
GA-readiness batch.
- Do not publish release or social announcements until the GitHub release,
npm/package state, billing state, and plugin submission surfaces are verified
@@ -641,7 +940,9 @@ As of 2026-05-18:
- Do not treat closed stale PRs as discarded. Pair each cleanup batch with a
salvage pass: inspect the closed diffs, port useful compatible work on
maintainer-owned branches, and credit the source PR.
- Do not create new Linear issues until the active issue limit is cleared.
- Use Linear project documents/comments for project-level updates because
project status updates are disabled in this workspace; create or update
issues when a lane needs a durable execution owner.
## Prompt-To-Artifact Execution Checklist
@@ -650,23 +951,23 @@ is not complete unless the evidence column exists and has been freshly verified.
| Prompt requirement | Required artifact or gate | Current evidence | Status |
| --- | --- | --- | --- |
| Keep public PRs below 20 | Repo-family PR recheck | 0 open PRs across `everything-claude-code`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-17 after merging ECC #1961, #1963, and #1953 and closing/skipping incompatible #1962 | Complete |
| Keep public issues below 20 | Repo-family issue recheck | 0 open issues across `everything-claude-code`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-17; #1951 closed with #1953 | Complete |
| Manage repository discussions | Repo-family discussion recheck | Platform audit reports 0 discussion maintainer-touch gaps and 0 answerable Q&A missing accepted answers; trunk still has 58 total discussions | Complete |
| Manage PR discussions | PR review/comment closure plus merge/close state | ECC #1961, #1963, and #1953 merged after maintainer validation; no open tracked PRs remain | Complete |
| Keep public PRs below 20 | Repo-family PR recheck | 0 open PRs across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on the late 2026-05-19 platform audit after merging ECC PR #2013, ECC-Tools PR #79, JARVIS PR #15, and JARVIS PR #16 | Complete |
| Keep public issues below 20 | Repo-family issue recheck | 0 open issues across `ECC`, AgentShield, JARVIS, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` on 2026-05-19 after the live platform audit refresh | Complete |
| Manage repository discussions | Repo-family discussion recheck plus response playbook | Platform audit reports 0 discussion maintainer-touch gaps and 0 answerable Q&A missing accepted answers; trunk has 59 total discussions after #2003 was routed with a maintainer response; `docs/architecture/discussion-response-playbook.md` distinguishes support, maintainer coordination, stale/concluded, release, informational, and security-sensitive response paths | Complete |
| Manage PR discussions | PR review/comment closure plus merge/close state | ECC #1990-#2013 merged through the harness audit, canonical identity, release video suite, growth outreach, evidence refresh, visual QA, suite-count, owner-approval packet, owner-approval dashboard gate, Linear readiness evidence, supply-chain evidence gate, per-project Claude Code adapter, continuous-learning project-registry hygiene, GateGuard quoted git introspection, and deterministic release-approval gate batch; ECC-Tools #79 and JARVIS #15/#16 also merged; no open tracked PRs remain | Complete |
| Salvage useful stale work | `docs/stale-pr-salvage-ledger.md` plus `docs/legacy-artifact-inventory.md` | Ledger records salvaged, superseded, skipped, and manual-review tails; #1815-#1818 added cost tracking, skill scout, frontend design guidance, code-reviewer false-positive guardrails, and the May 12 gap pass; #1687, #1609, #1563, #1564, and #1565 localization tails are attached to Linear ITO-55 for language-owner review and no automatic import remains release-blocking | Complete; repeat legacy scan before release |
| ECC 2.0 preview pack ready | Release docs, quickstart, publication readiness, release notes | `docs/releases/2.0.0-rc.1/` and readiness docs are in-tree; May 18 evidence records queue-zero state, #1970/#1971/#1972 merge batch, supply-chain recheck, npm no-lifecycle install/audit/signature gates, Linear sync, operator dashboard, and successful current-head Supply-Chain Watch on `3b7e0ba3` | Needs final clean-checkout release approval |
| ECC 2.0 preview pack ready | Release docs, quickstart, publication readiness, release notes | `docs/releases/2.0.0-rc.1/` and readiness docs are in-tree; May 19/20 evidence records queue-zero state, canonical ECC identity, release video suite, growth outreach pack, owner approval packet, local 2568-test suite, PR #2001 merge and GitHub Actions run `26102500291`, PR #2002 owner-approval dashboard gate refresh and GitHub Actions run `26103853507`, PR #2004 Linear readiness evidence sync and GitHub Actions run `26105012698`, PR #2008 supply-chain evidence gate CI run `26108473648`, post-PR #2006 main CI run `26109953093`, PR #2009 project-registry hygiene GitHub Actions run `26111313938`, post-PR #2009 main CI run `26111946778`, post-PR #2011 GateGuard main CI run `26113695068`, post-PR #2013 release-approval main CI run `26128749863`, post-PR #2019 main CI run `26135974576`, post-PR #2020 main CI run `26136949698`, ECC-Tools #91 main CI run `26137280847`, May 20 operator dashboard, `owner-approval-packet-2026-05-19.md`, `release-approval-gate.js`, and preview-pack smoke digest `eebb8a66c33e` | Needs final release approval |
| Hermes specialized skills included safely | Hermes setup/import docs and sanitized skill surface | Hermes setup and import playbook are public; secrets stay local | Needs final release review |
| Naming and rename readiness | Naming matrix across package/plugin/docs/social surfaces | `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` records current package, repo, Claude plugin, Codex plugin, OpenCode, and npm availability evidence | Complete for rc.1; post-rc rename remains future work |
| Claude and Codex plugin publication | Contact/submission path with required artifacts and status | Publication readiness, naming matrix, and May 12 dry-run evidence document plugin validation, clean-checkout Claude tag/install smoke, and Codex marketplace CLI shape | Needs explicit approval for real tag/push and marketplace submission |
| Articles, tweets, and announcements | X thread, LinkedIn copy, GitHub release copy, push checklist | Draft launch collateral exists under rc.1 release docs | Needs URL-backed refresh |
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, and #78-#92 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, and hosted promotion judge audit traces landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, analysis-depth readiness, hosted execution planning, hosted CI diagnostics, hosted security evidence review, hosted harness compatibility audit, hosted reference-set evaluation, hosted AI routing/cost review, hosted team backlog routing, hosted depth-plan check-run, PR-comment hosted job dispatch, hosted job result history/check-runs, hosted result status command, status-aware depth-plan recommendations, hosted promotion readiness, hosted promotion output scoring, hosted promotion retrieval planning, hosted promotion judge contract, gated hosted promotion judge execution, hosted promotion judge audit trace, payment-announcement readiness, billing announcement preflight, aggregate production billing KV readback, Marketplace webhook provenance, AgentShield fleet-summary hosted routing, hosted finding source-evidence surfacing, harness policy-route review, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#78 landed with test evidence, including AgentShield evidence-pack gap routing, canonical bundle recognition, supply-chain signature gates, PR draft follow-up Linear tracking, evidence-backed/deep-ready repository classification, the `/api/analysis/depth-plan` hosted job plan, `/api/analysis/jobs/ci-diagnostics`, `/api/analysis/jobs/security-evidence-review`, `/api/analysis/jobs/harness-compatibility-audit`, `/api/analysis/jobs/reference-set-evaluation`, `/api/analysis/jobs/ai-routing-cost-review`, `/api/analysis/jobs/team-backlog-routing`, the `ECC Tools / Hosted Depth Plan` check-run, `/ecc-tools analyze --job ...` PR-comment dispatch, non-blocking per-hosted-job result check-runs backed by 30-day result cache records, `/ecc-tools analyze --job status` cache lookup, cache-aware next-job recommendations in the depth-plan check-run, the `ECC Tools / Hosted Promotion Readiness` corpus-backed PR check-run, deterministic hosted-output scoring against cached completed job artifacts/findings, ranked retrieval/model-prompt planning, the fail-closed `hosted-promotion-judge.v1` request contract, opt-in live model-judge execution behind hosted evidence, entitlement, budget, provider, executor, strict JSON, and citation gates, hosted promotion judge request fingerprints plus allowed-citation audit trails, a fail-closed `/api/billing/readiness` `announcementGate` for native GitHub payments claims, `npm run billing:announcement-gate` plus `--preflight` as the non-secret operator verifier, hosted security findings for AgentShield fleet summaries, an `Evidence` column in hosted finding comments/check-runs, hosted harness findings that route AgentShield fleet target paths to harness owners, ECC-Tools commit `8658951` routing AgentShield policy-promotion Action outputs into hosted security review and promotion-readiness scoring, ECC-Tools commit `16c537f` rendering policy-promotion status/pack/count/digest values directly in hosted security job comments/check-runs, ECC-Tools commit `05d4e82` rendering model-judge audit traces without exposing raw provider output, ECC-Tools commit `91a441b` adding the safe billing announcement preflight path, ECC-Tools commit `eb69412` recording the initial production readback state, ECC-Tools commit `95d0bec` adding `npm run billing:kv-readback` with 252 aggregate account-billing and billing-state records but 0 Marketplace Pro billing-state records, and ECC-Tools commit `2859678` requiring webhook-derived Marketplace provenance before announcement readiness | Next work is replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate |
| Articles, tweets, and announcements | X thread, LinkedIn copy, GitHub release copy, push checklist, partner/sponsor/talk pack | Draft launch collateral and approval-gated outreach copy exist under rc.1 release docs | Needs URL-backed refresh and human approval before posting or sending |
| AgentShield enterprise iteration | Policy gates, SARIF, packs, provenance, corpus, HTML reports, exception lifecycle audit, baseline drift Action/CLI surfaces, evidence-pack redaction, harness adapter registry, editor-native Zed/VS Code adapter coverage, Dependabot alert closure, enterprise research roadmap, supply-chain hardened release path, CI-safe baseline fingerprints, corpus accuracy recommendations, remediation workflow phases, env proxy hijack corpus coverage, Mini Shai-Hulud full-campaign package IOCs, CI-provenance evidence packs, plugin-cache runtime-confidence triage, evidence-pack consumer readback, fleet-level evidence-pack routing, fleet review items, fleet review ticket payloads, checksum-backed policy export, checksum-verified policy promotion, policy promotion review items, package-manager hardening drift detection, npm age-gate guidance correction, workflow action-runtime pin refresh, package-manager hardening Action outputs, policy-promotion Action outputs, ECC-Tools hosted consumption of promotion Action outputs, ECC-Tools operator-visible promotion output values, and ECC-Tools hosted promotion judge audit traces | PRs #53, #55-#64, #67-#69, #78-#92, #94, and #95 landed with test evidence, ECC-Tools #76 consumes the fleet-summary output in hosted security review, #77 surfaces source evidence paths in hosted finding output, and #78 links fleet routes to harness owner review; AgentShield #91 adds `agentshield policy export` bundles for branch-protection review and downstream promotion; AgentShield #92 adds `agentshield policy promote` with digest verification, tamper rejection, explicit pack selection, dry-run review, and JSON output before writing active policy; AgentShield #94 adds Zed/VS Code adapter detection, `.zed/settings.json` and `.zed/tasks.json` scan discovery, and `.zed/setup.mjs` AI-tool persistence IOC coverage; AgentShield #95 clears the `brace-expansion` Dependabot alert with a patched lockfile and 0 open Dependabot alerts after merge; AgentShield commit `87aec47` adds `reviewItems` for digest evidence, owner review, protected rollout PR handoff, and runtime smoke testing with green local and remote CI; AgentShield commit `28d08c7` adds package-manager hardening drift detection for plaintext registry credentials, lifecycle-script enablement, and weak pnpm/Yarn release-age cooldowns with green local and remote CI; AgentShield commit `659f569` refreshes all workflow action runtime pins to SHA-pinned checkout v6.0.2 and setup-node v6.4.0 with green remote CI and no remaining action-runtime deprecation annotation; AgentShield commit `ee585cd` corrects npm release-age guidance by flagging unsupported npm age keys and keeping enforceable cooldown findings on pnpm/Yarn with green local and remote CI; AgentShield commit `1124535` exposes package-manager hardening status/count outputs and a redacted job-summary section for registry credentials, lifecycle scripts, and release-age gates with green local and remote CI; AgentShield commit `1593925` exposes policy-promotion status/count/digest outputs plus job-summary review items for owner approval, protected rollout, and runtime smoke, and marks runtime smoke verified when the same Action job scans with the promoted policy; AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket payloads and expands current Mini Shai-Hulud IOC breadcrumbs with green local and remote CI; ECC-Tools commit `8658951` routes those policy-promotion Action outputs into hosted security review findings and Hosted Promotion Readiness scoring; ECC-Tools commit `16c537f` renders policy-promotion status, pack, review item count, action-required count, and digest in hosted security job comments/check-runs; ECC-Tools commit `05d4e82` renders hosted promotion judge request fingerprints and allowed-citation counts without raw provider output; native PDF export deferred in favor of self-contained HTML plus print-to-PDF until explicit enterprise demand appears; `docs/architecture/agentshield-enterprise-research-roadmap.md` now has baseline drift, evidence-pack bundle, redaction, adapter-registry, supply-chain hardening, hashed baseline fingerprints, corpus accuracy recommendation, remediation workflow, env proxy hijack corpus, Mini Shai-Hulud full-campaign package-table, `ci-context.json` provenance, `plugin-cache` confidence, `evidence-pack inspect` readback, `evidence-pack fleet` routing, fleet `reviewItems`, fleet review ticket payloads, policy export, policy promotion, policy promotion `reviewItems`, package-manager hardening Action outputs, policy-promotion Action outputs, hosted consumption of promotion Action outputs, operator-visible promotion output values, hosted promotion judge audit traces, editor-native adapter coverage, and Dependabot closure landed | Next workflow automation should deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools next-level app | Billing audit, PR checks, deep analyzer, sync backlog, evaluator/RAG corpus, hosted promotion judge audit trace, native-payments readback, ready Marketplace Pro target selection, selected-target announcement gate, billing gate env-file operator path, hosted observability, AgentShield fleet-summary hosted routing, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output hosted telemetry, and operator-visible promotion output values | PRs #26-#43 plus #53-#93 landed with test evidence across hosted analysis, hosted promotion readiness, model-judge execution, native-payments announcement gating, AgentShield evidence consumption, hosted remediation/Linear sync, hosted observability readback, ready Marketplace Pro target selection, selected-target official announcement gating, and env-file operator loading; ECC-Tools #89 merged as `512bca6` after Verify, Security Audit, and Workers Builds passed, and the 2026-05-20 production Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, and reported 0 blockers without printing the login; ECC-Tools #90 merged as `16a5bb3` after Verify, Security Audit, and Workers Builds passed, and production preflight now requests `/api/billing/readiness?selectReadyTarget=1` without a raw login; ECC-Tools #91 merged as `72119a1` with `--env-file` support for ignored local billing credentials and sentinel no-secret/no-login output tests; ECC-Tools #92 merged as `18d8019`, deployed the non-breaking `INTERNAL_OPERATOR_API_SECRET` path to `api.ecc.tools`, and the 2026-05-20 live selected-target gate returned `announcementGateReady: true` with 0 required actions and 0 blockers; ECC-Tools #93 merged as `d3d62df` to record the live billing evidence in the app launch checklist and roadmap | Repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind final release, plugin, live URL, and owner-approval gates |
| GitGuardian/Dependabot/CodeRabbit-style checks | Non-blocking taxonomy, deterministic follow-up checks, and local supply-chain gates | ECC-Tools risk taxonomy check plus follow-up signals landed, including Skill Quality, Deep Analyzer Evidence, Analyzer Corpus Evidence, RAG/Evaluator Evidence, PR Review/Salvage Evidence, and AgentShield evidence-pack evidence; #1846 added npm registry signature gates; #1848 added the supply-chain incident-response playbook and `pull_request_target` cache-poisoning validator guard; #1851 added the privileged checkout credential-persistence guard; AgentShield #78, JARVIS #13, and ECC-Tools #53 applied the same hardening outside trunk | Current supply-chain gate complete; deeper hosted review features remain future |
| Harness-agnostic learning system | Audit, adapter matrix, observability, traces, promotion loop | Audit/adapters/observability gates plus `docs/architecture/evaluator-rag-prototype.md`, `examples/evaluator-rag-prototype/`, and ECC-Tools PR #40 define read-only stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison scenarios with trace, report, playbook, verifier, and predictive-check artifacts; ECC-Tools PRs #68-#72 now turn that corpus into a deterministic PR check-run gate with cached hosted-output scoring, ranked retrieval candidates, a model prompt seed, a fail-closed hosted model-judge request contract, and opt-in live model execution behind strict hosted-evidence gates | Deterministic hosted PR check, cached output scoring, retrieval planning, judge contract, and gated model execution integrated |
| Linear roadmap is detailed | Linear project status plus repo mirror | Repo mirror exists; issue creation was retried on 2026-05-12 and remains blocked by the workspace free issue limit; the May 18 sync adds queue-zero/work-items state, #1970/#1971/#1972 merge evidence, ITO-57 current-head supply-chain refresh comment `0b9931b9-1556-4ebc-a70c-f3635557625d`, ECC platform progress comment `e32e5b7a-287b-4bf4-9ed7-314389a157e1`, and generated `operator:dashboard` prompt-to-artifact audit for recurring status updates | Needs recurring status updates after each significant merge batch |
| Linear roadmap is detailed | Linear project document/comments plus repo mirror | Repo mirror exists and issue creation works again; the May 19 sync adds post-PR #2002 document `ecc-may-19-post-pr-2002-sync-64cef8f668e0`, project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`, ITO-44/47/48/49/51/54/56 issue comments, and In Progress state for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass batch adds document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and ITO-44/50/54/56/61 comments for PR #2013, ECC-Tools #79, and JARVIS #15/#16 because project status updates are disabled in the workspace | Needs recurring document/comment updates after each significant merge batch |
| Flow separation and progress tracking | Flow lanes with owner artifacts and update cadence | This roadmap defines lanes below and `docs/architecture/progress-sync-contract.md` makes GitHub/Linear/handoff/roadmap sync part of the readiness gate | Active |
| Realtime Linear sync | Project comments while issue/status capacity is blocked; issues later | ECC-Tools #39 implements opt-in Linear API sync for deferred follow-up backlog items, and ECC-Tools #54 adds copy-ready PR drafts to that backlog when draft PR shells are not opened; `docs/architecture/progress-sync-contract.md` defines the local file-backed realtime boundary while issue capacity is blocked; May 18 live connector comments were posted to ITO-57 and the ECC platform project after project status updates returned disabled | Needs workspace capacity/config rollout for productized issue sync |
| Realtime Linear sync | Project documents/comments plus issue comments for lane updates | ECC-Tools #39 implements opt-in Linear API sync for deferred follow-up backlog items, and ECC-Tools #54 adds copy-ready PR drafts to that backlog when draft PR shells are not opened; `docs/architecture/progress-sync-contract.md` defines the local file-backed realtime boundary; May 18 and May 19 live connector comments were posted to the ECC platform project and lane issues after project status updates returned disabled | Needs workspace config/product rollout for hosted issue sync |
| Observability for self-use | Local readiness gate, traces, status snapshots, HUD/status contract, risk ledger, progress-sync contract | `npm run observability:ready` reports 21/21 | Complete for local gate |
| Proper release and notifications | Release tag, npm publish state, plugin state, social posts | Publication readiness gate exists with May 12 dry-run and May 13 readiness evidence | Not complete; approval/live URLs required |
@@ -684,8 +985,8 @@ repo evidence and merge commits.
| Release and publication | rc.1 release docs, publication readiness doc | Naming matrix and plugin submission/contact checklist | Before any tag |
| Harness OS core | Audit, adapter matrix, observability docs, `ecc2/` | HUD/session-control acceptance spec | Weekly until GA |
| Evaluation and RAG | Reference-set validation, harness audit, traces, ECC-Tools corpus | Read-only evaluator/RAG prototype plus stale-salvage, billing-readiness, CI-failure-diagnosis, harness-config-quality, AgentShield policy-exception, skill-quality evidence, deep-analyzer evidence, and RAG/evaluator comparison fixtures; ECC-Tools #68 publishes the corpus as a hosted promotion readiness check-run, #69 scores cached hosted job outputs against the same corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 adds a fail-closed hosted model-judge request contract, and #72 executes that judge only when explicitly enabled and backed by hosted retrieval citations; ECC-Tools `16c537f` surfaces policy-promotion Action output values in hosted security comments/checks; ECC-Tools `05d4e82` adds hosted model-judge audit traces with request fingerprints and allowed-citation counts | Marketplace Pro billing-state verification with webhook provenance |
| AgentShield enterprise | AgentShield PR evidence and roadmap notes | Fleet routing landed in #89 after evidence-pack inspect/readback shipped in #88; #90 emits fleet `reviewItems`; #91 exports checksum-backed policy bundles; #92 promotes checksum-verified policies from those bundles into active policy files; AgentShield `87aec47` adds policy promotion `reviewItems`; `28d08c7` adds package-manager hardening drift detection; `659f569` refreshes workflow action runtime pins; `ee585cd` corrects unsupported npm release-age guidance and keeps enforceable cooldown findings on pnpm/Yarn; `1124535` exposes package-manager hardening Action outputs for CI/hosted routing; `1593925` exposes policy-promotion Action outputs and runtime-smoke job-summary evidence; ECC-Tools #76 consumes fleet summaries, #77 surfaces source evidence paths in hosted findings, #78 links fleet routes to harness owners, ECC-Tools `8658951` consumes policy-promotion Action outputs, and ECC-Tools `16c537f` renders operator-visible output values | Deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools app | ECC-Tools PR evidence, billing audit, risk taxonomy, evaluator/RAG corpus | ECC-Tools #53 published the supply-chain workflow hardening branch, #54 tracks copy-ready PR drafts in the Linear/project backlog, #55 classifies analysis-depth readiness, #56 exposes the hosted execution plan, #57 executes the first hosted CI diagnostics job, #58 executes the hosted security evidence review job, #59 executes the hosted harness compatibility audit, #60 executes the hosted reference-set evaluation, #61 executes the hosted AI routing/cost review, #62 executes hosted team backlog routing, #63 publishes the hosted depth-plan check-run, #64 dispatches hosted jobs from PR comments, #65 persists hosted result history/check-runs, #66 exposes hosted job status from PR comments, #67 makes depth-plan recommendations cache-aware, #68 publishes hosted promotion readiness from the evaluator/RAG corpus, #69 scores cached hosted job outputs against that corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 emits the gated `hosted-promotion-judge.v1` contract without live model calls, #72 adds opt-in live model-judge execution behind hosted-evidence and strict JSON/citation gates, #73 adds a fail-closed native-payments `announcementGate` to billing readiness, #74 adds `npm run billing:announcement-gate` for operator verification, #75 tightens the billing announcement gate for live Marketplace readback, #76 routes AgentShield fleet-summary evidence into hosted security findings, #77 adds source evidence paths to hosted finding output, #78 links AgentShield fleet target paths to hosted harness owner findings, `8658951` routes AgentShield policy-promotion Action outputs into hosted security review and promotion readiness, `16c537f` renders policy-promotion status/pack/count/digest values in hosted security comments/checks, `05d4e82` renders hosted promotion judge request fingerprints plus allowed-citation audit traces, `91a441b` adds billing announcement preflight output for required readback inputs, `eb69412` records the initial production readback state, `95d0bec` adds aggregate `billing:kv-readback` evidence, and `2859678` requires Marketplace webhook provenance in billing readiness | Replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then live readback and announcement gate |
| AgentShield enterprise | AgentShield PR evidence and roadmap notes | Fleet routing landed in #89 after evidence-pack inspect/readback shipped in #88; #90 emits fleet `reviewItems`; #91 exports checksum-backed policy bundles; #92 promotes checksum-verified policies from those bundles into active policy files; #94 adds Zed and VS Code adapter detection, Zed project scan discovery, and `.zed/setup.mjs` persistence IOC coverage; #95 closes the `brace-expansion` Dependabot alert with 0 open alerts after merge; AgentShield `87aec47` adds policy promotion `reviewItems`; `28d08c7` adds package-manager hardening drift detection; `659f569` refreshes workflow action runtime pins; `ee585cd` corrects unsupported npm release-age guidance and keeps enforceable cooldown findings on pnpm/Yarn; `1124535` exposes package-manager hardening Action outputs for CI/hosted routing; `1593925` exposes policy-promotion Action outputs and runtime-smoke job-summary evidence; `840952a` adds fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs; ECC-Tools #76 consumes fleet summaries, #77 surfaces source evidence paths in hosted findings, #78 links fleet routes to harness owners, ECC-Tools `8658951` consumes policy-promotion Action outputs, and ECC-Tools `16c537f` renders operator-visible output values | Deepen live operator approval/readback after Marketplace/payment gates |
| ECC Tools app | ECC-Tools PR evidence, billing audit, risk taxonomy, evaluator/RAG corpus | ECC-Tools #53 published the supply-chain workflow hardening branch, #54 tracks copy-ready PR drafts in the Linear/project backlog, #55 classifies analysis-depth readiness, #56 exposes the hosted execution plan, #57 executes the first hosted CI diagnostics job, #58 executes the hosted security evidence review job, #59 executes the hosted harness compatibility audit, #60 executes the hosted reference-set evaluation, #61 executes the hosted AI routing/cost review, #62 executes hosted team backlog routing, #63 publishes the hosted depth-plan check-run, #64 dispatches hosted jobs from PR comments, #65 persists hosted result history/check-runs, #66 exposes hosted job status from PR comments, #67 makes depth-plan recommendations cache-aware, #68 publishes hosted promotion readiness from the evaluator/RAG corpus, #69 scores cached hosted job outputs against that corpus, #70 emits ranked retrieval candidates plus a model prompt seed, #71 emits the gated `hosted-promotion-judge.v1` contract without live model calls, #72 adds opt-in live model-judge execution behind hosted-evidence and strict JSON/citation gates, #73 adds a fail-closed native-payments `announcementGate` to billing readiness, #74 adds `npm run billing:announcement-gate` for operator verification, #75 tightens the billing announcement gate for live Marketplace readback, #76 routes AgentShield fleet-summary evidence into hosted security findings, #77 adds source evidence paths to hosted finding output, #78 links AgentShield fleet target paths to hosted harness owner findings, `8658951` routes AgentShield policy-promotion Action outputs into hosted security review and promotion readiness, `16c537f` renders policy-promotion status/pack/count/digest values in hosted security comments/checks, `05d4e82` renders hosted promotion judge request fingerprints plus allowed-citation audit traces, `91a441b` adds billing announcement preflight output for required readback inputs, `eb69412` records the initial production readback state, `95d0bec` adds aggregate `billing:kv-readback` evidence, `2859678` requires Marketplace webhook provenance in billing readiness, `42653f9` adds Wrangler OAuth readback with live aggregate production counts, `632e059` adds sanitized target-account billing readback for the exact Marketplace test account, ECC-Tools #89 adds selected-ready-target KV readback, ECC-Tools #90 adds selected-target official announcement gating without raw login input, and ECC-Tools #91 adds `--env-file` support for ignored local billing credentials without printing secrets or logins | Obtain or rotate the local/internal `INTERNAL_API_SECRET` bearer-token path, via exported env or ignored `--env-file`, then run the live selected-target billing announcement gate |
| Linear progress | Linear project status updates, `docs/architecture/progress-sync-contract.md`, generated `operator:dashboard` output, and this mirror | Status update with queue/evidence/missing gates | Every significant merge batch |
The project status update should always include:
@@ -745,7 +1046,7 @@ Acceptance:
Zed-adjacent surfaces, dmux, Orca, Superset, Ghast, and terminal-only use.
- Each adapter has supported assets, unsupported surfaces, install path,
verification command, and risk notes.
- Harness audit remains 70/70 and gains a public onramp that explains how teams
- Harness audit remains 80/80 and gains a public onramp that explains how teams
use the scorecard.
- Reference findings are converted into concrete adapter, observability, or
operator-surface deltas.
@@ -932,19 +1233,38 @@ Acceptance:
security review and Hosted Promotion Readiness scoring, and ECC-Tools
commit `16c537f` renders promotion status, pack, review item count,
remaining action count, and digest in hosted security comments/check-runs.
AgentShield commit `840952a` adds Linear/operator-ready fleet review ticket
payloads and expands current Mini Shai-Hulud IOC breadcrumbs, with green
local and remote CI. AgentShield commit `4e36aab` hardens CI package installs
after the expanded Mini Shai-Hulud refresh, with CI, Test GitHub Action,
Self-Scan, and Dependabot Update workflows green.
ECC-Tools commit `05d4e82` adds hosted promotion judge audit traces with
deterministic request fingerprints and allowed-citation counts, without
exposing raw provider output.
ECC-Tools commit `91a441b` adds a billing announcement preflight command
for checking Marketplace readback inputs before privileged API calls.
ECC-Tools commit `2859678` requires Marketplace webhook provenance in
billing-state before native-payments announcement readiness can pass. The
next slice is live operator approval/readback after the Cloudflare
credential and Marketplace/payment gates are fixed.
2. Run `npm run billing:announcement-gate -- --preflight --account
<github-login>`, then run the same command without `--preflight` against a
Marketplace-managed test account and require `announcementGate.ready ===
true` before any native GitHub payments announcement.
billing-state before native-payments announcement readiness can pass.
ECC-Tools commit `42653f9` adds Wrangler OAuth KV readback and confirms the
current blocker is not Cloudflare read access; it is the absence of a
ready-like Marketplace Pro billing-state record with webhook provenance.
ECC-Tools commit `632e059` adds sanitized target-account readback, and PRs
#89/#90/#91 move the final operator path to selected-target readback,
selected-target announcement gating, and ignored env-file credential loading
without printing account logins or raw KV key names.
ECC-Tools PR #79 redacts the billing announcement gate account output;
PR #80 requires failure reasons in runtime receipts; PRs #81/#82 preserve
and render AgentShield fleet approval IDs; PR #83 makes Linear follow-up
sync idempotent by external ID; PR #84 syncs hosted AgentShield
remediation items into Linear; PR #85 emits hosted job observability events
including budget-blocked outcomes; PRs #86/#87 read those events back into
hosted status comments and hosted depth-plan check-runs; and PR #88 exposes
authenticated hosted observability API readback for operator dashboards.
2. Run `npm run billing:announcement-gate -- --preflight
--select-ready-target`, adding `--env-file /path/to/ecc-tools.env` when the
local bearer token is stored in an ignored operator file, then run the same
command without `--preflight` and require `announcementGate.ready === true`
before any native GitHub payments announcement.
3. Enable/configure the merged Linear backlog sync path after workspace issue
capacity clears or the Linear workspace is upgraded, then verify PR-draft
salvage items land in the expected project.

3
docs/ECC-2.0-REFERENCE-ARCHITECTURE.md
View File

@@ -229,7 +229,8 @@ Required safeguards:
## Near-Term Implementation Order
1. Extend the harness adapter matrix and public scorecard onramp.
2. Add the release/name/plugin publication checklist with evidence fields.
2. Keep the release/name/plugin publication checklist current with fresh
final-commit evidence before rc.1 publication.
3. Define the HUD/status JSON contract and fixture directory.
4. Start AgentShield policy schema plus SARIF fixtures.
5. Audit ECC Tools billing and check-run surfaces.

14
docs/architecture/agentshield-enterprise-research-roadmap.md
View File

@@ -1,6 +1,7 @@
# AgentShield Enterprise Research Roadmap
Generated: 2026-05-12; refreshed with May 16 AgentShield PR #87, #88, and #89 evidence.
Generated: 2026-05-12; refreshed with May 18 AgentShield fleet-ticket and
Mini Shai-Hulud IOC evidence.
This is a planning artifact for the next AgentShield enterprise iteration. It
does not modify AgentShield code. The goal is to turn the current scanner,
@@ -116,14 +117,21 @@ AgentShield PR #89 merged as
`agentshield evidence-pack fleet <dirs...> [--json]`, verifies each pack through
the inspect path, aggregates finding, policy, baseline, supply-chain, and
remediation totals, and assigns each pack to a deterministic fleet route.
AgentShield commit `840952a7a07f820f24081c43df656d7f7295f23b` adds
Linear/operator-ready fleet review ticket payloads with priority, labels,
titles, and Markdown bodies. The same commit expands current Mini
Shai-Hulud/TanStack IOC coverage for the in-cluster Vault endpoint and
temporary lockfile breadcrumb, with local typecheck, lint, full tests,
`git diff --check`, and GitHub CI/Self-Scan/Action-test evidence.
The next iteration after fleet routing should not be "add more regex rules" by
default. ECC-Tools follow-up routing now consumes fleet summaries and surfaces
source evidence paths in hosted findings, and the first cross-harness policy
slice now links AgentShield fleet route target paths to harness-owner review.
AgentShield fleet output now also emits `reviewItems` with source evidence paths
and owner-ready recommendations for routed packs. The higher leverage move is
durable policy export and workflow automation for routed fleet findings.
and owner-ready recommendations plus copy-ready ticket payloads for routed
packs. The higher leverage move is durable operator approval/readback and
workflow automation for routed fleet findings.
## Enterprise Gaps

90
docs/architecture/discussion-response-playbook.md Normal file
View File

@@ -0,0 +1,90 @@
# Discussion Response Playbook
This playbook turns GitHub Discussions into the same operating queue as PRs,
issues, Linear work, and release evidence. It is an operator guide, not a
promise that every informational thread needs a public reply.
## Audit Loop
Run these checks before a release, after a major merge batch, and when Linear
ITO-59 is refreshed:
```bash
npm run discussion:audit -- --json
node scripts/platform-audit.js --json
```
The queue is current only when:
- discussion fetch errors are explained or fixed;
- `needsMaintainerTouch` is zero for support-like discussion categories;
- answerable Q&A discussions either have an accepted answer or a clear routing
note; and
- any product-scope thread is linked to a GitHub issue, Linear issue, roadmap
row, or explicit deferral.
Informational threads such as announcements, references, show-and-tell, or
maintainer-authored updates can remain visible without becoming response debt.
## Categories
| Category | Route | Required readback |
| --- | --- | --- |
| Product support or install confusion | Reply with the exact command/doc path; mark accepted answer for Q&A when the fix is complete | Discussion URL plus accepted-answer URL when applicable |
| Bug report | Ask for a minimal repro, version, harness, and logs; create or link a GitHub issue when reproducible | Issue URL or deferral reason |
| Feature request | Acknowledge the desired outcome and link the closest roadmap issue; do not imply commitment unless scoped | Linear/GitHub roadmap link |
| Security concern | Move exploit details and secrets to a private channel; keep the public reply short and non-operational | Private escalation note plus public safety reply |
| Release or billing question | Answer from the release URL ledger and publication-readiness gates; do not claim unpublished URLs, billing readiness, or plugin availability | Evidence artifact or blocker link |
| Show-and-tell, reference, or announcement | Leave as informational unless there is a direct question or a product-scope signal | Optional roadmap link if useful |
| Stale or concluded thread | Summarize the current state and link the durable doc/issue; avoid reviving low-signal threads | Closure note or explicit no-action rationale |
## Templates
### Public Support
Thanks for the report. The current supported path is:
```bash
<command>
```
The relevant doc is `<doc path or URL>`. If this does not match your setup,
please reply with the harness, OS, package manager, and the exact error text.
### Maintainer Coordination
I am routing this into `<issue or Linear key>` so it does not get lost in the
discussion queue. The next decision is `<specific decision>`. Until that lands,
the supported workaround is `<workaround or "none">`.
### Stale Or Concluded
This thread looks resolved or superseded by `<doc/issue/release>`. I am leaving
it visible for history, but it is no longer an active support queue item. New
repro details should go to `<issue/discussion path>`.
### Release Announcement
The current release status is `<rc/beta/GA state>`. Live URLs are recorded in
`docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md`. Anything marked
pending there should not be announced as shipped yet.
### Security Escalation
Thanks for flagging this. Please do not post exploit steps, tokens, customer
data, or secret values in the public thread. I am routing this through the
security response path and will keep the public thread limited to safe status
updates.
## Recording Outcomes
For each high-signal discussion, record one of these outcomes:
- replied publicly and accepted answer read back;
- linked to a GitHub issue or Linear issue;
- routed to the security response path;
- classified as informational; or
- explicitly deferred with a reason.
Mirror the summary into ITO-59 when the batch closes, and include the counts in
the next operator dashboard or publication evidence refresh.

11
docs/architecture/progress-sync-contract.md
View File

@@ -9,7 +9,7 @@ status update can claim a lane is current.
| Surface | Role | Current rule |
| --- | --- | --- |
| GitHub PRs/issues/discussions | Public queue and review state | Recheck live counts before every significant merge batch and before release approval. |
| Linear project | Executive roadmap and stakeholder status update | Post project status updates while issue capacity blocks issue creation. Create/reuse issues only when workspace capacity is available. |
| Linear project | Executive roadmap and stakeholder status update | Use project documents and project/issue comments because project status updates are disabled in this workspace; create/reuse issues for durable execution lanes. |
| Local handoff | Durable operator continuity | Update the active handoff after every merge batch, queue drain, skipped release gate, or blocked external action. |
| Repo roadmap | Auditable planning mirror | Keep `docs/ECC-2.0-GA-ROADMAP.md` aligned to merged PR evidence and unresolved gates. |
| `scripts/work-items.js` | Local tracker bridge | Sync GitHub PRs/issues into the SQLite work-items store for status snapshots and blocked follow-up. |
@@ -41,9 +41,12 @@ After a significant merge batch, update Linear and the handoff with:
4. Deferred or skipped work and the explicit reason.
5. The next one or two implementation slices.
When Linear issue capacity is unavailable, use a project status update instead
of creating placeholder issues. When issue capacity is available, create or
reuse exact-title issues and link them to the repo evidence.
When Linear project status updates are unavailable, use a project document plus
project/issue comments instead of creating placeholder issues. Issue capacity is
available for durable execution lanes, but do not use that issue capacity as a
substitute for evidence-backed project status. Create or reuse exact-title
issues only when the lane needs a durable execution owner, and link those issues
to repo evidence.
## Realtime Boundary

6
docs/business/metrics-and-sponsorship.md
View File

@@ -28,15 +28,15 @@ curl -s https://api.npmjs.org/downloads/point/last-month/ecc-agentshield
### GitHub repository adoption
```bash
gh api repos/affaan-m/everything-claude-code \
gh api repos/affaan-m/ECC \
--jq '{stars:.stargazers_count,forks:.forks_count,contributors_url:.contributors_url,open_issues:.open_issues_count}'
```
### GitHub traffic (maintainer access required)
```bash
gh api repos/affaan-m/everything-claude-code/traffic/views
gh api repos/affaan-m/everything-claude-code/traffic/clones
gh api repos/affaan-m/ECC/traffic/views
gh api repos/affaan-m/ECC/traffic/clones
```
### GitHub App installs

13
docs/business/social-launch-copy.md
View File

@@ -7,7 +7,8 @@ Use these templates as launch-ready starting points. Review channel tone before
```text
ECC v2.0.0-rc.1 preview pack is ready for final release review.
The repo is moving from a Claude Code config pack into a cross-harness operating system for agentic work.
ECC 2.0 is the harness-native operator system for agentic work: skills, hooks,
rules, MCP conventions, release gates, and an optional Hermes operator shell.
What ships:
- Hermes setup guide
@@ -15,8 +16,8 @@ What ships:
- cross-harness architecture docs
- Hermes import guidance for turning local operator workflows into public ECC skills
Start here: https://github.com/affaan-m/everything-claude-code
Release notes: https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
Start here: https://github.com/affaan-m/ECC
Release notes: https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
```
## X Post: Proof + Metrics
@@ -57,7 +58,7 @@ ECC v2.0.0-rc.1 pushes that further: reusable skills, thin harness adapters, and
```text
ECC v2.0.0-rc.1 preview pack is ready for final release review.
The practical shift: ECC is no longer just a Claude Code config pack. It is becoming a cross-harness operating system for agentic work.
ECC 2.0 is the harness-native operator system for agentic work. The same reusable layer now reaches Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot workflows, and terminal-only operator lanes.
This release-candidate surface includes:
- sanitized Hermes setup documentation
@@ -67,6 +68,6 @@ This release-candidate surface includes:
It does not include private workspace state, credentials, raw local exports, or personal datasets.
Repo: https://github.com/affaan-m/everything-claude-code
Release notes: https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
Repo: https://github.com/affaan-m/ECC
Release notes: https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
```

63
docs/drafts/release-1.10.1-announcement.md Normal file
View File

@@ -0,0 +1,63 @@
# ECC 1.10.1 release announcement draft
ECC 1.10.1 is the follow-up stabilization release to 1.10.0.
This release is focused on install correctness, cross-surface naming clarity, Windows/PowerShell recovery, Cursor project install correctness, and Claude Code hook compatibility. It is not a feature-heavy release.
## What landed in the stabilization pass
- npm/package/release surfaces are aligned and `ecc-universal@1.10.0` is live on npm
- Windows locale/path and PowerShell install-path regressions fixed
- Bash hook process-storm regression fixed
- Claude Code 2.1.x hook schema compatibility fixed
- Cursor native project install path repaired:
- `.cursor/hooks.json` now includes the required schema/version surface
- `.cursor/mcp.json` is written in the native Cursor project location
- continuous-learning-v2 now accepts `claude-desktop` as a valid entrypoint
- Windows observe path now skips `AppInstallerPythonRedirector.exe`
- docs now distinguish plugin installs from full manual installs more clearly
## What 1.10.1 is for
- make the current install surfaces predictable
- reduce stale naming/install guidance
- close the follow-up regressions from 1.10.0
- give users one stable update point instead of piecing together fixes across issues and discussions
## Included release fixes
- `#1543` Cursor native project hook + MCP install repair
- `#1524` Claude Code v2.1.116 argv-dup mitigation in `settings.local.json`
- `#1522` continuous-learning-v2 accepts `claude-desktop` as a valid entrypoint
- `#1511` Windows observe path skips `AppInstallerPythonRedirector.exe`
- `#1546` continuous-learning-v2 plugin quick start correction
- `#1535` hero overflow follow-up
## Important naming clarification
- Claude marketplace/plugin identifier: `everything-claude-code@everything-claude-code`
- npm package: `ecc-universal`
- GitHub repo: `affaan-m/everything-claude-code`
Those are intentionally different surfaces. The plugin identifier follows Anthropic marketplace rules; the npm package remains `ecc-universal`.
## Still being monitored
This should be announced as a stabilization release, not as “all edge cases are solved.”
We are still watching for:
- OS-specific edge cases across macOS, Windows, Linux
- shell-specific behavior differences
- Cursor vs Claude plugin install-path mismatches that only appear in older or mixed installs
- third-party provider/tool-name compatibility reports that still need current-main repro
Current watch-list examples:
- `#1520` likely obsolete unless repro returns on the current installer
- `#1516` not gating unless reproduced on current `main`
- `#1484` remains a Windows umbrella/watch-list issue rather than an active release gate
## Recommended update guidance
If you hit 1.10.0 install/runtime problems:
1. update to the latest package/plugin surface
2. avoid mixing plugin install plus full manual repo copy unless the docs explicitly say to
3. if problems persist, report:
- OS + shell
- Claude Code/Cursor version
- install method used
- exact stderr/output
- whether the issue is plugin install, npm install, repo sync, or Cursor project install

17
docs/releases/2.0.0-rc.1/launch-checklist.md
View File

@@ -12,6 +12,8 @@
- verify `preview-pack-manifest.md` lists the public release, Hermes, adapter,
observability, publication, and announcement artifacts before running final
publish checks
- verify `release-name-plugin-publication-checklist-2026-05-18.md` still
matches current GitHub, npm, Claude, Codex, OpenCode, and billing surfaces
- keep private tokens, personal docs, and raw workspace exports out of the repo
## Release Surface
@@ -19,6 +21,12 @@
- verify package, plugin, marketplace, OpenCode, and agent metadata stays at `2.0.0-rc.1`
- verify `ecc2/Cargo.toml` stays at `0.1.0` for rc.1; `ecc2/` remains an alpha control-plane scaffold
- complete `publication-readiness.md` with fresh evidence before any GitHub release, npm publish, plugin submission, or announcement post
- run `npm run release:approval-gate -- --format json` after owner approvals
and live URL readbacks are recorded; it must return ready true before any
publish, upload, social, or outbound action
- rerun the release name/plugin publication checklist before creating a
GitHub prerelease, publishing npm, pushing Claude plugin tags, recording the
Codex marketplace path, or posting public copy
- include `publication-evidence-2026-05-17.md` and
`operator-readiness-dashboard-2026-05-17.md` in the final evidence review,
then rerun publish-facing checks from the exact release commit
@@ -31,7 +39,13 @@
- publish the X thread from `x-thread.md`
- publish the LinkedIn draft from `linkedin-post.md`
- use `article-outline.md` for the longer writeup
- route sponsor, partner, consulting, conference, podcast, and GitHub
Discussion copy through `partner-sponsor-talks-pack.md`
- record one 30-60 second proof-of-work clip
- validate the release video suite with `npm run release:video-suite -- --format json`
after setting `ECC_VIDEO_SOURCE_ROOT` and `ECC_VIDEO_RELEASE_SUITE_ROOT`
- keep `video-suite-production.md` aligned with the actual primary launch
render, timeline, captions, and self-eval gate
## Demo Asset Suggestions
@@ -49,3 +63,6 @@ Use language like:
- "cross-harness operating system for agentic work"
- "ECC is the reusable substrate; Hermes is the operator shell"
- "private/local integrations land after sanitization"
Do not send sponsor, partner, consulting, conference, or podcast outreach
without explicit human approval.

109
docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md
View File

@@ -1,17 +1,18 @@
# ECC v2.0.0-rc.1 Naming And Publication Matrix
Snapshot date: 2026-05-12.
Snapshot date: 2026-05-19.
This matrix answers the release question "ship as Everything Claude Code, ECC,
or a renamed surface?" for the rc.1 lane. It is evidence for planning, not a
publication action.
This matrix records the rc.1 identity after the public repository rename to
`affaan-m/ECC`. It is evidence for planning, not a publication action.
## Decision
For `v2.0.0-rc.1`, keep the public identity as **Everything Claude Code (ECC)**.
Use **ECC** as the short product name in copy, plugin slugs, status surfaces,
and diagrams, but do not rename the GitHub repo, npm package, or package entry
points before the rc.1 release.
For `v2.0.0-rc.1`, ship the public identity as **ECC**.
Use `affaan-m/ECC` as the canonical GitHub repo and `ECC` as the product name
in copy, plugin slugs, status surfaces, diagrams, and release collateral. Keep
the npm package and package entry points as `ecc-universal` until a separate
post-rc migration plan exists.
Reason:
@@ -19,35 +20,31 @@ Reason:
plugin slug;
- the exact npm package name `ecc` is already occupied by an unrelated elliptic
curve cryptography package;
- the repo name `affaan-m/ecc` is not present, but renaming
`affaan-m/everything-claude-code` before rc.1 would create avoidable URL,
package, docs, and marketplace churn;
- `affaan-m/ECC` is the live public GitHub repo;
- Claude and Codex plugin surfaces are already short enough as `ecc`;
- rc.1 should prove the release, plugin, and publication pipeline before any
broader brand migration.
npm/package rename.
## Current Values
| Surface | Current value | Evidence command | 2026-05-12 result | Release decision |
| Surface | Current value | Evidence command | 2026-05-18 result | Release decision |
| --- | --- | --- | --- | --- |
| Product display name | `Everything Claude Code` | `rg -n "Everything Claude Code" README.md CHANGELOG.md docs/releases/2.0.0-rc.1` | Present across README, release notes, launch copy, and plugin manifests | Keep for rc.1 |
| Short name | `ECC` | README/release docs | Used as the short cross-harness brand | Keep and prefer in tight copy |
| GitHub repo | `affaan-m/everything-claude-code` | `git remote get-url origin` | `https://github.com/affaan-m/everything-claude-code.git` | Keep for rc.1 |
| Possible short repo | `affaan-m/ecc` | `gh repo view affaan-m/ecc` | Not found with current auth | Candidate after rc.1 only |
| Product display name | `ECC` | `rg -n "^# ECC\|displayName.*ECC\|affaan-m/ECC" README.md .codex-plugin/plugin.json docs/releases/2.0.0-rc.1` | Present across README, plugin manifests, release copy, and URL ledger | Keep for rc.1 and GA |
| GitHub repo | `affaan-m/ECC` | `git remote get-url origin` | `https://github.com/affaan-m/ECC.git` | Keep for rc.1 and GA |
| npm package | `ecc-universal` | `node -p "require('./package.json').name"` | `ecc-universal` | Keep for rc.1 |
| npm package version | `2.0.0-rc.1` local, `1.10.0` registry latest | `node -p "require('./package.json').version"` and `npm view ecc-universal name version dist-tags --json` | Local rc.1 is ready; registry latest remains `1.10.0` | Publish rc as `next`, not `latest` |
| npm package version | `2.0.0-rc.1` local, `1.10.0` registry latest | `node -p "require('./package.json').version"` and `npm view ecc-universal name version dist-tags --json` | Local rc.1 is ready; registry latest remains `1.10.0` and no `next` dist-tag exists yet | Publish rc as `next`, not `latest` |
| Exact npm short name | `ecc` | `npm view ecc name version description repository.url --json` | Occupied by `ecc@0.0.2`, "Elliptic curve cryptography functions." | Do not use |
| Scoped npm short name | `@affaan-m/ecc` | `npm view @affaan-m/ecc name version --json` | Registry 404 | Possible future scoped package if npm scope policy permits |
| Former package name | `everything-claude-code` | `npm view everything-claude-code name version dist-tags --json` | Registry reports unpublished on 2026-02-07 | Do not revive for rc.1 |
| Claude plugin slug | `ecc` | `node -p "require('./.claude-plugin/plugin.json').name"` | `ecc` | Keep |
| Claude plugin version | `2.0.0-rc.1` | `claude plugin validate .claude-plugin/plugin.json` | Validation passed on Claude Code `2.1.121` | Ready for release-tag gate |
| Claude marketplace entry | `ecc` | `.claude-plugin/marketplace.json` | Version and repo point at current rc.1 surface | Keep |
| Claude plugin version | `2.0.0-rc.1` | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin tag .claude-plugin --dry-run` | Validation passed on Claude Code `2.1.143`; dry run would create `ecc--v2.0.0-rc.1` | Ready for release-tag gate |
| Claude marketplace entry | `ecc` | `.claude-plugin/marketplace.json`; `claude plugin marketplace add --help`; Anthropic plugin marketplace docs | Version and repo point at current rc.1 surface; GitHub, git URL, remote marketplace JSON, and local path marketplace sources are supported | Keep |
| Codex plugin slug | `ecc` | `node -p "require('./.codex-plugin/plugin.json').name"` | `ecc` | Keep |
| Codex plugin version | `2.0.0-rc.1` | `node tests/docs/ecc2-release-surface.test.js` | Release surface test passed | Ready for Codex marketplace/manual marketplace gate |
| Codex repo marketplace | `ecc` | `.agents/plugins/marketplace.json`; `codex plugin marketplace add --help` | Repo marketplace add supports GitHub shorthand and local roots; local temp-home add smoke passed | Use as rc.1 Codex distribution path |
| Codex plugin version | `2.0.0-rc.1` | `node tests/plugin-manifest.test.js`; `node tests/docs/ecc2-release-surface.test.js` | Plugin manifest passed 54/54; release surface passed 21/21 on Codex CLI `0.131.0` | Ready for Codex marketplace/manual marketplace gate |
| Codex repo marketplace | `ecc` | `.agents/plugins/marketplace.json`; `codex plugin marketplace add --help`; OpenAI Codex plugin docs | Repo marketplace add supports GitHub shorthand, Git URLs, SSH URLs, local roots, `--ref`, and `--sparse`; local and GitHub-ref temp-home add smokes passed | Use as rc.1 Codex distribution path |
| OpenCode package | `ecc-universal` | `node -p "require('./.opencode/package.json').name"` | `ecc-universal` | Keep |
| OpenCode build | Generated package output | `npm run build:opencode` | Passed | Ready for package dry-run gate |
| npm pack surface | Reduced runtime package | `npm pack --dry-run --json` | Produced `ecc-universal-2.0.0-rc.1.tgz`, 969 entries, about 5.0 MB unpacked | Needs final release-commit rerun |
| npm pack surface | Reduced runtime package | `NPM_CONFIG_USERCONFIG=/dev/null npm pack --dry-run --json` | Produced `ecc-universal-2.0.0-rc.1.tgz`, 2228 entries, 4,348,504 bytes packed, 13,024,929 bytes unpacked | Needs final release-commit rerun |
## Publication Paths
@@ -57,33 +54,45 @@ Reason:
| npm | `ecc-universal` local package version is `2.0.0-rc.1`; registry latest is `1.10.0` | Publish rc with `npm publish --tag next` after final `npm pack --dry-run` and release tests | Do not publish before final release commit |
| Claude plugin | `claude plugin validate .claude-plugin/plugin.json` passed; `claude plugin tag --help` confirms the release tag flow creates `{name}--v{version}` tags and can push them | Run `claude plugin tag .claude-plugin --dry-run` from the clean release commit, then tag/push only after release approval | No plugin release tag created in this pass |
| Claude marketplace | `.claude-plugin/marketplace.json` points at `ecc` and the public repo | Verify marketplace update/install path after tag exists | External marketplace propagation not verified |
| Codex plugin | `codex plugin marketplace` supports add/upgrade/remove; `.codex-plugin/plugin.json` is present; `.agents/plugins/marketplace.json` exposes `ecc` from the repo root; temp-home local `codex plugin marketplace add` passed | Publish rc.1 docs with the repo-marketplace command, then monitor OpenAI's official Plugin Directory self-serve path | Official Plugin Directory publishing is documented as coming soon |
| Codex plugin | `codex plugin marketplace` supports local and Git marketplace sources; `.codex-plugin/plugin.json` is present; `.agents/plugins/marketplace.json` exposes `ecc` from the repo root; temp-home local and GitHub-ref marketplace adds passed | Publish rc.1 docs with the repo-marketplace command, then monitor OpenAI's official Plugin Directory path | Do not claim official Plugin Directory listing before OpenAI submission evidence |
| OpenCode package | `.opencode/package.json` builds from source and ships inside npm package | Re-run `npm run build:opencode` and package dry-run from release commit | OpenCode CLI 1.2.21 does not expose a separate plugin publication command in this pass |
| ECC Tools billing claim | README and launch copy mention ECC Tools / marketplace context | ECC-Tools #73 adds `/api/billing/readiness` `announcementGate`; run it against a Marketplace-managed test account before any payment announcement | Billing announcement code gate exists; live Marketplace account readback still pending |
| ECC Tools billing claim | README and launch copy mention ECC Tools / marketplace context | ECC-Tools #89/#90/#91 add selected-target billing readback, selected-target announcement gating, and ignored `--env-file` support; #92 adds the non-breaking operator bearer path; #93 records the live selected-target gate pass | Billing evidence ready; repeat the live selected-target gate before any payment announcement |
| Social and longform copy | X thread, LinkedIn copy, article outline, GitHub release copy exist | Replace any stale URLs, then publish only after release/npm/plugin URLs work | Public URLs not final until release actions complete |
## Rename After rc.1
## ITO-46 Blocker Register
If the project moves from "Everything Claude Code" toward "ECC" after rc.1,
do it as a staged migration:
| Channel | Current status | Required metadata/evidence | Owner | Blocker or follow-up |
| --- | --- | --- | --- | --- |
| GitHub release | Approval-gated; no `v2.0.0-rc.1` prerelease yet | Tag, release URL, prerelease flag, final release notes, URL ledger | Release owner | Create only after final clean-checkout evidence |
| npm | `ecc-universal@2.0.0-rc.1` dry-run passed; registry latest is `1.10.0` | Pack summary, publish dry-run, `next` dist-tag readback, registry signature evidence | Package owner | Do not publish before approval and final release commit |
| Short npm name | `ecc` is occupied; `@affaan-m/ecc` returns 404 | Name availability outputs and migration plan | Release owner | Keep `ecc-universal` for rc.1; scoped rename is post-rc only |
| Claude plugin | `ecc@2.0.0-rc.1` validates; tag dry run would create `ecc--v2.0.0-rc.1` | `claude plugin validate .`, `claude plugin tag .claude-plugin --dry-run`, marketplace install/update smoke | Plugin owner | Real tag push and marketplace propagation require release approval |
| Claude marketplace | Docs and CLI support GitHub, git URL, remote marketplace JSON, and local path sources | Public repo marketplace JSON, support/contact metadata, post-tag install smoke | Plugin owner | No external official listing has been submitted in this pass |
| Codex repo marketplace | Local and GitHub-ref temp-home marketplace add smokes passed on Codex CLI `0.131.0` | `.codex-plugin/plugin.json`, `.agents/plugins/marketplace.json`, repo/personal marketplace evidence | Plugin owner | Official Plugin Directory listing requires OpenAI submission/listing evidence |
| Codex official Plugin Directory | OpenAI docs describe the curated official directory; ECC has not submitted or received listing evidence | Directory submission link or OpenAI approval path once available | Plugin owner | Track as an ITO-56/ITO-46 follow-up; do not claim an official listing |
| OpenCode package | `npm run build:opencode` passed | Built `.opencode` package metadata inside npm tarball | Package owner | No separate public plugin channel identified; follows npm |
| Billing/native payments | Marketplace Pro target readback, selected-target announcement preflight, env-file operator path, non-breaking operator bearer, and live selected-target gate have passed | 2026-05-20 selected-target readback, webhook provenance, selected-target announcement gate, ECC-Tools #91 `--env-file` support, ECC-Tools #92 operator bearer, ECC-Tools #93 live gate evidence | ECC Tools owner | Repeat the live gate immediately before rc.1 announcement; final copy still waits on release/plugin/live URL approvals |
| Social/longform copy | Drafts exist | Final live GitHub, npm, Claude, Codex, billing URLs | Release owner | Publish only after release/package/plugin URLs exist |
## Package Rename After rc.1
If the package layer moves from `ecc-universal` toward a shorter npm surface
after rc.1, do it as a staged migration:
1. Keep `ecc-universal` as the npm package until a replacement package has a
verified owner, deprecation plan, and install migration.
2. Keep `affaan-m/everything-claude-code` as the canonical repo until release
notes, docs, plugin marketplace entries, npm metadata, and external links
are prepared for redirects.
3. Use `ECC` as the product name in new diagrams, status payloads, and
cross-harness docs immediately.
4. Reserve or create any new GitHub/npm/package surfaces before announcing the
rename.
5. Ship a compatibility guide that maps old commands, package names, plugin
2. Keep `affaan-m/ECC` as the canonical repo for public docs, release notes,
plugin marketplace entries, npm metadata, and external links.
3. Reserve or create any new npm/package surfaces before announcing the
package rename.
4. Ship a compatibility guide that maps old commands, package names, plugin
slugs, and docs URLs to the new names.
## Evidence Captured In This Pass
```text
git rev-parse HEAD
7109ee08db7209c5d14809efcf832043020dfc57
67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b
node -p "require('./package.json').name + '@' + require('./package.json').version"
ecc-universal@2.0.0-rc.1
@@ -104,19 +113,30 @@ npm view ecc-universal name version dist-tags --json
registry latest is 1.10.0; no rc dist-tag exists yet.
claude plugin validate .claude-plugin/plugin.json
Validation passed on Claude Code 2.1.121.
Validation passed on Claude Code 2.1.143.
claude plugin validate .
Validation passed with one warning: root CLAUDE.md is not loaded as plugin
context; ship plugin context through skills instead.
claude plugin tag .claude-plugin --dry-run
Would create and push tag ecc--v2.0.0-rc.1.
node tests/docs/ecc2-release-surface.test.js
18 release-surface checks passed.
21 release-surface checks passed.
node tests/scripts/npm-publish-surface.test.js
2 npm publish-surface checks passed.
node tests/plugin-manifest.test.js
54 plugin-manifest checks passed.
npm run build:opencode
Passed.
npm pack --dry-run --json
Produced ecc-universal-2.0.0-rc.1.tgz, 969 entries, about 5.0 MB unpacked.
Produced ecc-universal-2.0.0-rc.1.tgz, 2228 entries, 4,348,504 bytes
packed, and 13,024,929 bytes unpacked.
npm publish --tag next --dry-run
Dry run would publish ecc-universal@2.0.0-rc.1 to npm with tag next.
codex plugin marketplace add --help
Supports GitHub shorthand, HTTP(S) Git URLs, SSH URLs, local marketplace roots,
@@ -125,4 +145,9 @@ Supports GitHub shorthand, HTTP(S) Git URLs, SSH URLs, local marketplace roots,
HOME="$(mktemp -d)" codex plugin marketplace add <local-checkout>
Added marketplace ecc and recorded the installed marketplace root as
<local-checkout> without touching the real Codex config.
HOME="$(mktemp -d)" codex plugin marketplace add affaan-m/ECC --ref "$(git rev-parse HEAD)"
Added marketplace ecc from the GitHub repo pinned to
67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b without touching the real Codex
config.
```

20
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md
View File

@@ -2,8 +2,8 @@
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-18T04:36:06.644Z
Commit: c276639bc7571bb7624b5917dfdb8a7735531714
Generated: 2026-05-18T20:25:22.649Z
Commit: 4470e2e6702f17099d6feb137ba03ff00582c202
Status: work remaining
## Current Status
@@ -13,7 +13,7 @@ Status: work remaining
| PR queue | Current | 0 open PRs across tracked repos |
| Issue queue | Current | 0 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 1 ignored dirty entries |
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
@@ -21,16 +21,16 @@ Status: work remaining
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep | current | 0 open PRs across 5 tracked repos | repeat before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep | current | 0 open issues across 5 tracked repos | repeat before release |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus publication-readiness | in_progress | naming matrix and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap | replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync and project progress surface are current; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
@@ -41,11 +41,11 @@ Status: work remaining
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
- `ecc-tools-next-level`: replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate
- `ecc-tools-next-level`: create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate
## Next Work Order
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
2. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
3. Replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate before publishing native-payments copy.
3. Create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate before publishing native-payments copy.
4. Resume ITO-45, ITO-46, and ITO-56 only after the generated dashboard and final release gates are refreshed.

66
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md Normal file
View File

@@ -0,0 +1,66 @@
# ECC Operator Readiness Dashboard
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-20T01:28:52.541Z
Commit: a2bbc45504ff55f09e9e06be0e253d72f3c54f90
Status: work remaining
## Current Status
| Area | Status | Evidence |
| --- | --- | --- |
| PR queue | Current | 0 open PRs across tracked repos |
| Issue queue | Current | 0 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
## Growth Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | $1,728/mo | $10,000/mo | $8,272/mo |
Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.
## Prompt-To-Artifact Checklist
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
| Prepare final owner approval packet | docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md | current | owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions | review owner approvals from the final release commit before any publication or outbound action |
| Create a second-phase hypergrowth release command center | docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence | current | current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree | refresh after every MRR, channel, or approval-state change before public launch |
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current | repeat advisory/source refresh and Linear sync after each significant supply-chain batch |
## Top Actions
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
- `ecc-tools-next-level`: obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy
## Next Work Order
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
2. Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
6. Obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, then run the live billing announcement gate for the selected Marketplace Pro target before publishing native-payments copy.

66
docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md Normal file
View File

@@ -0,0 +1,66 @@
# ECC Operator Readiness Dashboard
This dashboard is generated by `npm run operator:dashboard`. It is an operator snapshot, not release approval.
Generated: 2026-05-20T03:14:39.338Z
Commit: 66733b511b70cf1cb501e8a3298b1cbd9968a9a0
Status: work remaining
## Current Status
| Area | Status | Evidence |
| --- | --- | --- |
| PR queue | Current | 0 open PRs across tracked repos |
| Issue queue | Current | 0 open issues across tracked repos |
| Discussions | Current | 0 need maintainer touch; 0 missing accepted answer |
| Local worktree | Current | 0 blocking dirty files; 0 ignored dirty entries |
| Dashboard generation | Current | platform audit ready: true; GitHub skipped: false |
| Publication | Not complete | release, npm, plugin, billing, and announcement gates are tracked below |
## Growth Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | $1,728/mo | $10,000/mo | $8,272/mo |
Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.
## Prompt-To-Artifact Checklist
| Objective requirement | Artifact or gate | Status | Evidence | Gap |
| --- | --- | --- | --- | --- |
| Keep public PRs below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open PRs across 5 tracked repos; 0 owner-wide open PRs after cleanup | repeat platform:audit and owner-wide gh search before release |
| Keep public issues below 20 | scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger | current | 0 open issues across 5 tracked repos; 0 owner-wide open issues after cleanup | repeat platform:audit and owner-wide gh search before release |
| Respond and manage repository discussions | scripts/platform-audit.js discussion summary | current | 0 need maintainer touch; 0 answerable discussions missing accepted answer | repeat before release |
| Build ITO-44 completion dashboard into a repeatable command | npm run operator:dashboard | complete | operator:dashboard package script exists | keep generated dashboard attached to publication evidence |
| ECC 2.0 preview pack ready | docs/releases/2.0.0-rc.1/preview-pack-manifest.md | current | preview pack manifest and deterministic smoke gate are in-tree | repeat clean-checkout preview-pack smoke before publication |
| Include Hermes specialized skills safely | docs/HERMES-SETUP.md and skills/hermes-imports/SKILL.md | current | Hermes setup/import artifacts are covered by preview-pack smoke | repeat preview-pack smoke before release review |
| Prepare name-change, Claude plugin, and Codex plugin paths | naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness | in_progress | naming matrix, release publication checklist, and plugin readiness gates exist | real tag/push, marketplace submission, and final channel choice remain approval-gated |
| Prepare release notes, articles, tweets, and push notifications | docs/releases/2.0.0-rc.1 social and release-copy files | in_progress | release notes, X thread, LinkedIn draft, and URL ledger are present | final live release/npm/plugin/billing URLs and publish approval still pending |
| Prepare final owner approval packet | docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md | current | owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions | review owner approvals from the final release commit before any publication or outbound action |
| Create a second-phase hypergrowth release command center | docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence | current | current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree | refresh after every MRR, channel, or approval-state change before public launch |
| Produce the ECC 2.0 release video suite | docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite | current | video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence | final owner approval, upload, and public video URLs remain approval-gated |
| Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy | docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md | in_progress | sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted | replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts |
| Advance AgentShield enterprise iteration | AgentShield PR evidence plus enterprise roadmap | in_progress | AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap | deepen live operator approval/readback after Marketplace/payment gates |
| Advance ECC Tools native payments and AI-native harness-agnostic app | ECC Tools PR evidence, billing gate, hosted analysis lanes | in_progress | billing announcement gate, selected-target announcement gate, billing gate env-file operator path, non-breaking operator bearer path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler selected-target readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap | repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates |
| Audit, prune, or attach legacy work | docs/stale-pr-salvage-ledger.md and legacy inventory | current | legacy salvage ledger and inventory are current; all localization tails are attached to Linear ITO-55 for manual language-owner review | repeat legacy scan before release |
| Keep Linear roadmap detailed and progress tracking synchronized | Linear project mirror plus progress-sync contract | current | Linear live sync is current with the May 20 Marketplace Pro release-gate comments on ITO-61 and the ECC platform roadmap; progress-sync contract defines the file-backed work-items/status path | repeat Linear/project status update and local work-items sync after each significant merge batch |
| Provide ECC 2.0 observability for self-use | observability readiness gate | complete | observability:ready command and readiness doc exist | runtime/dashboard implementation can continue after release gates |
| Keep Mini Shai-Hulud/TanStack protection loop current | supply-chain watch plus runbook plus AgentShield package-manager hardening | current | scheduled supply-chain watch emits IOC/advisory-source refresh artifacts; ECC scanner covers gh-token-monitor token-store persistence; AgentShield now detects known AI-tool persistence IOCs, npm lifecycle/token drift, unsupported npm age-key drift, and pnpm/Yarn cooldown drift; current-head watch evidence and ITO-57 May 18 Linear evidence updates are current | repeat advisory/source refresh and Linear sync after each significant supply-chain batch |
## Top Actions
- `naming-and-plugin-publication`: real tag/push, marketplace submission, and final channel choice remain approval-gated
- `release-notes-and-notifications`: final live release/npm/plugin/billing URLs and publish approval still pending
- `partner-sponsor-talks-pack`: replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts
- `agentshield-enterprise-iteration`: deepen live operator approval/readback after Marketplace/payment gates
- `ecc-tools-next-level`: repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates
## Next Work Order
1. Regenerate this dashboard from the final release commit before publication evidence is recorded.
2. Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.
3. Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.
4. Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.
5. Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.
6. Repeat KV readback and the selected-target billing announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates.

98
docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md Normal file
View File

@@ -0,0 +1,98 @@
# ECC v2.0.0-rc.1 Owner Approval Packet
Snapshot date: 2026-05-19.
This packet is the final human decision sheet for the rc.1 public launch. It
does not publish anything by itself. Use it to approve, defer, or block each
release action after the final evidence commands are rerun from the intended
release commit.
Source commit for the clean evidence baseline this packet extends:
`9819626459a662773be7d0b1c18d82c1316b8c36`.
## Current Evidence
| Evidence | Current recorded state | Repeat before approval |
| --- | --- | --- |
| Platform audit | ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files | yes |
| Preview pack smoke | ready true, digest `531328aaaa53`, 5/5 checks | yes |
| Release approval gate | ready false, digest `ef8f49f727b7`, 4/6 checks pass; owner decisions and live URL readbacks pending | yes |
| Video suite | ready true, 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates | yes |
| Release surface tests | 27/27 passed after this packet was added | yes |
| Full local suite | 2568/2568 passed before PR #2013 merged; focused GateGuard regression passed 91/91 again before PR #2011 merged | yes |
| GitHub CI | PR #1998, PR #1999, PR #2000, PR #2001, PR #2002, PR #2004, PR #2008, post-PR #2006 `main`, PR #2009, post-PR #2009 `main`, post-PR #2011 `main`, and post-PR #2013 `main` all merged or advanced after green required checks | verify current head |
## Decision Register
| Decision | Approve / defer / block | Evidence required first | Notes |
| --- | --- | --- | --- |
| GitHub prerelease | defer | final clean branch, URL ledger, release notes, attached video or video link | Approve only after final release notes contain live package/plugin/video URLs or explicitly marked blocked URLs. |
| npm `next` publish | defer | `npm pack --dry-run`, `npm publish --tag next --dry-run`, registry dist-tag readback plan | Keep `ecc-universal@2.0.0-rc.1` on `next`; do not move `latest` during rc.1. |
| Claude plugin tag | defer | `claude plugin validate .claude-plugin/plugin.json`, `claude plugin tag .claude-plugin --dry-run` | Create and push the real tag only after release approval. |
| Codex repo marketplace | defer | temp-home marketplace add smoke and current official Plugin Directory status | Claim repo-marketplace distribution only; do not claim official Plugin Directory listing without listing evidence. |
| ECC Tools billing language | defer | live readiness readback for the target account and billing/product state | Do not announce native payments or Marketplace-managed Pro until the gate is live. |
| Video upload | defer | owner selects primary launch cut plus short clips, self-eval stays clean | Upload only approved cuts; keep editable timeline/project output preserved. |
| X, LinkedIn, GitHub Discussion, longform | defer | live release, npm, plugin, video, and billing URL ledger updates | Personal-account posts and outbound copy need explicit approval. |
| Sponsor, partner, consulting, conference, podcast outreach | defer | final public URLs plus owner-approved outbound copy | Do not send drafts until the owner approves the exact batch. |
## Final URL Fill-In
Update these surfaces after the approved publication actions finish:
| Surface | Final value source | Update targets |
| --- | --- | --- |
| GitHub prerelease URL | `gh release view v2.0.0-rc.1 --repo affaan-m/ECC --json url` | release notes, URL ledger, social copy |
| npm rc package URL | `npm view ecc-universal@2.0.0-rc.1 version dist-tags --json` | URL ledger, quickstart, release notes |
| Claude plugin tag URL | pushed `ecc--v2.0.0-rc.1` tag or marketplace readback | URL ledger, plugin docs, release notes |
| Codex repo-marketplace evidence | temp-home `codex plugin marketplace add <local-checkout>` readback | URL ledger, publication readiness |
| Primary launch video URL | uploaded owner-approved primary launch video | GitHub release, X, LinkedIn, longform |
| Short clip URLs | uploaded approved clips | X thread, LinkedIn, partner/sponsor/talk pack |
| ECC Tools billing/readiness URL | live readiness readback or explicit blocked status | sponsor copy, Pro copy, release notes |
## Final Evidence Commands
Run these from the exact release commit before approving publication:
```bash
git status --short --branch
node scripts/platform-audit.js --json
npm run preview-pack:smoke -- --format json
npm run release:approval-gate -- --format json
npm run release:video-suite -- --format json
npm run harness:adapters -- --check
npm run harness:audit -- --format json
npm run observability:ready
npm run security:ioc-scan
npm audit --audit-level=moderate
npm audit signatures
node tests/docs/ecc2-release-surface.test.js
node tests/hooks/gateguard-fact-force.test.js
node tests/run-all.js
cd ecc2 && cargo test
```
## Approval Text
Use short, explicit approvals. Example:
```text
Approved for rc.1 GitHub prerelease, npm next publish, Claude plugin tag, and
release announcement after the final evidence commands pass from commit <sha>.
Video uploads approved for <primary-video> and <shorts-list>.
Outbound sponsor, partner, consulting, conference, and podcast messages remain
blocked until I approve the exact batch.
```
## Do Not Approve If
- The final branch is dirty or no longer matches the intended release commit.
- Any required evidence command fails or is skipped without a written deferral.
- The release copy claims live billing, plugin marketplace propagation, npm
`next`, or official Codex Plugin Directory listing before readback exists.
- Announcement copy contains stale URLs, private paths, or unresolved live-link
decisions.
- The selected video cut has black frames, missing audio, stale URLs, weak
product proof, or unreviewed captions.
- The outbound batch has not been reviewed exactly as it will be sent.
No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.

65
docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md Normal file
View File

@@ -0,0 +1,65 @@
# Owner-Wide Queue Cleanup - 2026-05-18
This note records the live GitHub queue cleanup outside the five ECC release
repos tracked by `scripts/platform-audit.js`.
## Commands
```bash
gh search prs --owner affaan-m --state open --json repository,number,title,url,author,updatedAt --limit 100
gh search issues --owner affaan-m --state open --json repository,number,title,url,updatedAt --limit 100
```
## Result
- Owner-wide open PRs after cleanup: 0.
- Owner-wide open issues after cleanup: 0.
- Stale dependency-bot PRs closed: 24.
- Stale legacy payments/0EM roadmap issues closed: 72.
- Final stale/generated/manual-review PRs closed: 9.
- Final legacy/outreach/placeholder issues closed: 5.
- Archived repos temporarily unarchived for stale dependency PR closure and
restored to archived state:
`affaan-m/stoictradingAI`, `affaan-m/dprc-autotrader-v2`,
`affaan-m/polycule-secure`, and `affaan-m/pragmAItism_defAInce`.
- The final archived-repo sweep temporarily unarchived and restored
`affaan-m/dprc-autotrader-v2` and `affaan-m/stoictradingAI`.
## Final PR Disposition
- `affaan-m/dprc-autotrader-v2#5`: closed stale generated ECC bundle with
failing checks and dependency-update base.
- `affaan-m/x-algorithm-score#2`: closed stale/conflicting external feature
PR with accidental local AI-tool directories noted in the PR body.
- `affaan-m/dexploy#28`: closed stale generated ECC skill PR with requested
changes.
- `affaan-m/zenith#5`: closed stale generated ECC skill PR.
- `affaan-m/zenith#4`: closed test/noise PR whose diff only added a
non-actionable script comment.
- `affaan-m/affaan-m#1`: closed stale/conflicting third-party README-card PR.
- `affaan-m/affaanmustafa.com#1`: closed stale Cloudflare Worker-name PR with
requested changes.
- `affaan-m/0em-payments-dashboard#11`: closed stale/conflicting Cloudflare
Worker-name PR.
- `affaan-m/0em-payments-dashboard#3`: closed stale/conflicting Cloudflare
Worker-name PR.
## Final Issue Disposition
- `affaan-m/dprc-autotrader-v2#3`: closed public integration pitch as not
planned for the archived repo.
- `affaan-m/stoictradingAI#20`: closed public outreach question as not planned
for the archived repo.
- `affaan-m/dexploy#27`: closed stale internal skill-creator test issue.
- `affaan-m/dexploy#25`: preserved useful deployment/localStorage and
Cloudflare findings in Linear `ITO-62`, then closed the stale GitHub issue.
- `affaan-m/telegram-mcp-ts#1`: closed stale empty placeholder issue.
## Disposition
The closed dependency PRs were stale generated version bumps and should be
regenerated from current bases if still needed. The closed generated ECC bundle
PRs should be regenerated from the current ECC Tools flow if those repositories
become active again. The closed legacy payments/0EM issues were old planning
items superseded by the ECC Tools native-payments, hosted analysis,
billing-readback, and Linear/project roadmap lanes.

208
docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md Normal file
View File

@@ -0,0 +1,208 @@
# ECC v2.0.0-rc.1 Partner, Sponsor, and Talks Pack
This pack turns the rc.1 release surface into outbound-ready copy for sponsors,
partners, consulting conversations, conference talks, podcast bookings, and
community announcements.
It is not a publish action. Use it after the release URL ledger, video suite,
and publication gates are current.
## Current Business Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | `$1,728/mo` | `$10,000/mo` | `$8,272/mo` |
| Core revenue lanes | Sponsors, ECC Tools Pro, consulting, talks | Repeatable growth loop | Approval-gated outbound |
| Launch proof | rc.1 preview pack, video suite, queue-zero audit | Public release package | Final URLs and human approval |
## Positioning Line
ECC 2.0 is the harness-native operator system for agentic work.
Use this short version in partner and sponsor messages:
```text
ECC gives teams one reusable layer for skills, hooks, rules, MCP conventions,
release gates, and operator workflows across Claude Code, Codex, OpenCode,
Cursor, Gemini, Zed, GitHub Copilot, and terminal-only workflows.
```
## Offer Ladder
| Motion | Best fit | Starting point | Primary ask |
| --- | --- | ---: | --- |
| Pilot sponsor | OSS-friendly team that wants early signal | `$200/mo` | GitHub Sponsors |
| Business sponsor | Tooling or AI infra company that wants logo and case-study surface | `$500/mo` | GitHub Sponsors or direct invoice |
| Strategic partner | Platform, marketplace, security, or developer-tool company | `$1,000+/mo` | Sponsor plus launch or integration plan |
| Consulting sprint | Team adopting agent harnesses internally | Scoped quote | Harness audit, rollout plan, and operating loop |
| Talk or podcast | Devtools, AI engineering, security, OSS, or founder audience | No fee required for high-leverage reach | Recording slot, demo slot, or conference proposal |
## Partner Targets
Prioritize partners that already benefit from a harness-agnostic operating
layer:
- AI coding platforms and IDEs;
- hosted agent and workflow orchestration tools;
- code review, security, and supply-chain vendors;
- model and inference providers;
- developer education, podcast, and conference organizers;
- teams adopting multiple harnesses at once.
## Sponsor Outbound
Subject:
```text
ECC 2.0 sponsor slot for cross-harness agent workflows
```
Body:
```text
Hey [name],
I am getting ECC v2.0.0-rc.1 ready for release review.
The project is now positioned around one reusable operator layer for agentic
work across Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot,
and terminal workflows.
The sponsor fit is pretty direct: ECC reaches the exact builders who are
standardizing their AI coding stack, security posture, and workflow automation.
The current public sponsor ladder is:
- Pilot Partner: $200/mo
- Business Sponsor: $500/mo
- Strategic Partner: $1,000+/mo
Business sponsors get logo placement and release visibility. Strategic partners
can turn it into a deeper integration or launch motion.
Repo: https://github.com/affaan-m/ECC
Sponsor: https://github.com/sponsors/affaan-m
Release notes: https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md
If useful, I can send the short sponsor packet and a proposed first 30-day plan.
Affaan
```
## Platform Partner DM
```text
ECC 2.0 is getting close to rc.1.
The release is centered on cross-harness agent workflows: reusable skills,
hooks, rules, MCP conventions, release gates, and an optional Hermes operator
shell.
The partner angle is not "another prompt pack." It is a tested operating layer
for teams using more than one AI coding harness.
I think there is a real integration or co-launch angle here if your team wants
better setup, policy, security, or workflow portability for agent users.
Repo: https://github.com/affaan-m/ECC
```
## Consulting Intro
```text
I am open to a small number of ECC 2.0 implementation sprints for teams that
are standardizing AI coding workflows.
The useful scope is usually:
1. audit the current harness setup;
2. turn repeated workflows into ECC skills, hooks, and rules;
3. add release, security, and CI gates;
4. create a team operating loop that works across Claude Code, Codex, OpenCode,
Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows.
This is not generic AI consulting. The output is a working harness operating
system your team can keep using.
```
## Talk And Podcast Pitch
Title options:
- Building a Cross-Harness Operating System for AI Coding
- From Prompt Packs to Operator Systems
- What Breaks When Teams Adopt Too Many AI Coding Harnesses
- Security and Release Discipline for Agentic Coding Workflows
Short pitch:
```text
ECC started as an open-source workflow layer for Claude Code and is now moving
toward a cross-harness operating system for agentic work.
The talk is about the practical problems teams hit after the first AI coding
honeymoon: scattered prompts, duplicated setup, weak release gates, fragile
security posture, and no clear operating loop across tools.
I can show how ECC uses reusable skills, hooks, MCP conventions, release gates,
AgentShield-style security checks, and an optional Hermes operator shell to make
agentic work more measurable and portable.
```
## GitHub Discussion Announcement
```text
ECC v2.0.0-rc.1 preview pack is ready for final release review.
The main point: ECC 2.0 is the harness-native operator system for agentic work.
It now has a reviewed public surface for:
- reusable skills, hooks, rules, and MCP conventions;
- Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and
terminal workflows;
- Hermes as the optional operator shell;
- release, security, queue, discussion, Linear, observability, and video-suite
gates.
The release is still approval-gated until the GitHub prerelease, npm package,
plugin paths, final URLs, and billing claims have live evidence.
Feedback wanted: install friction, cross-harness gaps, partner integrations,
sponsor fit, and examples of teams using multiple AI coding harnesses.
```
## Video CTA Hooks
Use these with the release video suite:
- "If your AI coding setup only works in one harness, it is not an operating
system yet."
- "ECC 2.0 is the shared layer: skills, hooks, MCPs, release gates, and team
workflows across the tools people actually use."
- "OSS stays free. Sponsors, Pro, and implementation work fund the public
layer."
- "Start with one workflow lane: engineering, research, content, or outreach."
## Do Not Send Or Publish If
- The release URL ledger still has stale or placeholder links.
- `npm run release:video-suite -- --format json` is not green against the
intended video roots.
- The GitHub prerelease, npm package, plugin path, or billing claim is described
as live without evidence.
- The message claims native payments are ready before ECC Tools billing readback
passes.
- The recipient needs a custom promise that is not covered by `SPONSORS.md`,
`SPONSORING.md`, or a separate consulting scope.
- The user has not approved outbound sponsor, partner, consulting, or media
messages.
## Routing Links
- Repo: <https://github.com/affaan-m/ECC>
- Release notes: <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md>
- Quickstart: <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/quickstart.md>
- Sponsor: <https://github.com/sponsors/affaan-m>
- Sponsor tiers: <https://github.com/affaan-m/ECC/blob/main/SPONSORS.md>
- Sponsoring guide: <https://github.com/affaan-m/ECC/blob/main/SPONSORING.md>

32
docs/releases/2.0.0-rc.1/preview-pack-manifest.md
View File

@@ -15,8 +15,9 @@ surfaces, or posting announcements.
| `docs/architecture/cross-harness.md` | Shared substrate model for Claude Code, Codex, OpenCode, Cursor, Gemini, Hermes, and terminal-only use | Names portability boundaries and does not claim unsupported native parity |
| `docs/architecture/harness-adapter-compliance.md` | Adapter matrix and scorecard | Verified by `npm run harness:adapters -- --check` |
| `docs/architecture/observability-readiness.md` | Local operator-readiness gate | Verified by `npm run observability:ready` |
| `docs/architecture/progress-sync-contract.md` | GitHub, Linear, handoff, roadmap, and work-item sync boundary | Checked by `node scripts/platform-audit.js --format json --allow-untracked docs/drafts/` |
| `docs/architecture/progress-sync-contract.md` | GitHub, Linear, handoff, roadmap, and work-item sync boundary | Checked by `node scripts/platform-audit.js --json` |
| `scripts/preview-pack-smoke.js` | Deterministic preview-pack smoke gate | Verified by `npm run preview-pack:smoke` |
| `scripts/release-approval-gate.js` | Final owner-decision, live-URL, and launch-copy gate | Must return ready true before any release publish, package publish, plugin tag, video upload, announcement, or outbound batch |
| `docs/releases/2.0.0-rc.1/release-notes.md` | GitHub release copy source | Must be refreshed with final live release/package/plugin URLs before publication |
| `docs/releases/2.0.0-rc.1/quickstart.md` | Clone-to-first-workflow path | Covers clone, install, verify, first skill, and harness switch |
| `docs/releases/2.0.0-rc.1/launch-checklist.md` | Operator launch checklist | Must remain approval-gated for release, package, plugin, and announcement actions |
@@ -24,11 +25,18 @@ surfaces, or posting announcements.
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md` | Current May 15 queue, roadmap, security, supply-chain watch, no-lifecycle CI install hardening, AgentShield #86 evidence-pack provenance, ECC Tools billing-gate, Actions cache purge, and `ecc2` test evidence through PR #1941 | Must be superseded by a final clean-checkout evidence file before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-16.md` | Current May 16/17 queue cleanup, recsys skill merge, GateGuard triage, PR #1947 supply-chain protection, AgentShield #87 plugin-cache confidence evidence, AgentShield #88 evidence-pack inspect/readback, AgentShield #89 evidence-pack fleet routing, AgentShield #90 fleet review items, AgentShield #91 policy export, AgentShield #92 policy promotion, ECC-Tools #76 fleet-summary consumption, ECC-Tools #77 hosted finding evidence paths, ECC-Tools #78 harness policy-route linking, dashboard refresh, and combined Node/Rust/release-surface gate evidence through the May 16 mirror | Must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-17.md` | May 17 queue-zero state, Japanese localization merge, Dependabot TypeScript and Node type merges, post-merge ja-JP lint repair, Mini Shai-Hulud/TanStack protection recheck, npm audit/signature checks, legacy and Linear progress routing, deterministic preview-pack smoke, operator dashboard refresh, Linear sync, and GitHub CI evidence for `27dc2918` | Superseded by the May 18 evidence snapshot; repeat from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md` | Current May 18 queue-zero state, #1970/#1971/#1972 merge batch, current-head Mini Shai-Hulud/TanStack protection recheck, no-lifecycle install, npm audit/signature checks, AgentShield project `.claude` scan, work-items sync, Linear sync, operator dashboard refresh, and Supply-Chain Watch success for `3b7e0ba3` | Current strongest readiness snapshot; must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md` | May 18 queue-zero state, #1970/#1971/#1972 merge batch, #1978 review/closure, supply-chain recheck, AgentShield evidence mirror, Linear sync, current-head CI/security scan success for `4470e2e6`, and ITO-46 naming/plugin publication closure | Superseded by the May 19 ECC identity, video, and growth evidence snapshot |
| `docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md` | Current May 19/20 evidence for canonical ECC identity, release video suite, partner/sponsor/talk outreach pack, owner approval packet, release approval gate, May 20 operator dashboard, preview-pack smoke digest `eebb8a66c33e`, 2568-test local suite, PR #1998 visual QA CI success, PR #1999 dashboard evidence CI success, PR #2000 suite-count evidence success, PR #2001 owner approval packet CI success, PR #2002 owner-approval dashboard gate CI success, PR #2004 Linear readiness evidence sync CI success, PR #2008 supply-chain evidence gate CI success, post-PR #2006 main CI success, PR #2009 project-registry hygiene CI success, post-PR #2009 main CI success, post-PR #2011 GateGuard CI success, post-PR #2013 release-approval-gate CI success, PR #2017/#2018 AgentShield evidence sync, ECC-Tools #79 billing-announcement redaction hardening, ECC-Tools #80-#93 runtime-receipt, AgentShield approval-ID, Linear sync, remediation sync, hosted observability event/status/depth-plan/API readback, Marketplace Pro selected-target readback, selected-target announcement gate, env-file billing operator path, non-breaking operator bearer path, live `announcementGateReady: true`, AgentShield #94 Zed/VS Code adapter coverage, AgentShield #95 Dependabot alert closure, JARVIS #15/#16 queue/deploy repair, ECC #2019/#2020 Marketplace Pro gate sync, and the May 19/20 Linear sync comments | Current strongest readiness snapshot; must still be repeated from a strict clean checkout before real publication |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-17.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 18 generated dashboard |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Current prompt-to-artifact operator dashboard | Shows PR/issue/discussion/platform/supply-chain gates current and publication, plugin, billing, AgentShield, ECC Tools, legacy, and Linear productization gaps still open |
| `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md` | Live URL and approval-gated URL ledger for release copy | Must be regenerated from the final release commit before public announcements |
| `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` | Naming, slug, and publication-path decision record | Keeps `Everything Claude Code / ECC`, npm `ecc-universal`, and plugin slug `ecc` for rc.1 |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 19 generated dashboard |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md` | Previous prompt-to-artifact operator dashboard | Superseded by the May 20 generated dashboard |
| `docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md` | Current prompt-to-artifact operator dashboard | Shows PR/issue/discussion/platform/supply-chain gates current and adds the current `$1,728/mo` to `$10,000/mo` hypergrowth, video owner-approval, Linear release-gate sync, selected-target billing gate, operator bearer path, live billing gate pass, and outbound-pack operating lanes |
| `docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md` | Final human decision sheet for release, package, plugin, video, billing, social, and outbound approvals | Must be reviewed by the owner before any publication or outbound action |
| `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md` | Live URL and approval-gated URL ledger for release copy | Must be regenerated from the final release commit before public announcements |
| `docs/releases/2.0.0-rc.1/video-suite-production.md` | Release video production manifest | Gates local media inventory, rough primary render, captions, timeline, self-eval, and no-private-path publication rules |
| `docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md` | Partner, sponsor, consulting, conference, podcast, and discussion copy | Must stay approval-gated and avoid live billing, release, package, or plugin claims without evidence |
| `docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md` | Naming, slug, and publication-path decision record | Keeps `ECC`, npm `ecc-universal`, and plugin slug `ecc` for rc.1 |
| `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md` | Release name, package, Claude plugin, Codex plugin, and publication-order checklist | Freezes rc.1 identity and requires final commit evidence before release, npm, plugin, billing, or announcement actions |
| `docs/releases/2.0.0-rc.1/x-thread.md` | X launch draft | Must replace placeholders with live URLs after release/package/plugin publication |
| `docs/releases/2.0.0-rc.1/linkedin-post.md` | LinkedIn launch draft | Must replace placeholders with live URLs after release/package/plugin publication |
| `docs/releases/2.0.0-rc.1/article-outline.md` | Longform launch outline | Must stay release-candidate framed until GA evidence exists |
@@ -72,8 +80,10 @@ Run these from the exact release commit before publication:
```bash
git status --short --branch
node scripts/platform-audit.js --format json --allow-untracked docs/drafts/
node scripts/platform-audit.js --json
npm run preview-pack:smoke
npm run release:approval-gate -- --format json
npm run release:video-suite -- --format json
npm run harness:adapters -- --check
npm run harness:audit -- --format json
npm run observability:ready
@@ -91,14 +101,20 @@ The preview pack is assembled, but publication is still blocked until these live
surfaces exist and are recorded in a final evidence file:
- final release URL ledger regenerated from the intended release commit;
- `npm run release:approval-gate -- --format json` returning ready true after
owner approvals and live URL readbacks are recorded;
- final release name/plugin publication checklist rerun from the intended
release commit;
- GitHub prerelease `v2.0.0-rc.1`;
- npm `ecc-universal@2.0.0-rc.1` on the `next` dist-tag;
- Claude plugin tag / marketplace propagation for `ecc@ecc`;
- Codex repo-marketplace distribution evidence plus official Plugin Directory
availability status;
- final announcement URLs in X, LinkedIn, GitHub release, and longform copy;
- ECC Tools billing/product readiness evidence before any native-payments
announcement copy is published.
- ECC Tools billing/product readiness evidence remains fresh: the May 20
selected-target KV readback and live announcement gate passed through the
operator bearer path. Repeat the billing readback and gate immediately before
any native-payments announcement copy is published.
## Result

88
docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md
View File

@@ -7,10 +7,10 @@ npm publication, plugin tag, marketplace submission, or announcement post.
| Field | Evidence |
| --- | --- |
| Upstream main | `81fca2cea6f1399c52c8faa70f9a17e42f0bd447` |
| Upstream main | `4470e2e6702f17099d6feb137ba03ff00582c202` |
| Git remote | `https://github.com/affaan-m/everything-claude-code.git` |
| Evidence scope | Current `main` after PR #1970 workflow-security validator bypass fixes, PR #1971 metrics bridge cost-reporting fixes, PR #1972 `uncloud` skill merge, PR #1973 stale script cleanup, issue #1974 cost-reporting verification/closure, catalog/operator dashboard refresh, Mini Shai-Hulud/TanStack protection recheck, current-head CI/security scan, work-items sync, and Linear progress sync |
| Local status caveat | `git status --short --branch` showed `## main...origin/main` plus unrelated untracked `docs/drafts/`; generated evidence files are committed after the source snapshot they describe |
| Evidence scope | Current `main` after PR #1970 workflow-security validator bypass fixes, PR #1971 metrics bridge cost-reporting fixes, PR #1972 `uncloud` skill merge, PR #1973 stale script cleanup, issue #1974 cost-reporting verification/closure, PR #1976 OpenAI/AstraFlow provider response guards, PR #1978 review/closure, catalog/operator dashboard refresh, ECC-Tools Wrangler OAuth billing readback mirror, AgentShield `840952a` fleet-ticket and Mini Shai-Hulud IOC evidence mirror, Mini Shai-Hulud/TanStack protection recheck, defensive-deny IOC scanner hardening, release name/plugin publication checklist, readiness/smoke gate enforcement for that checklist, release OIDC publishing-scope hardening, workflow line-ending normalization, current-head CI/security scan, work-items sync, Linear progress sync, the ITO-46 publication-path dry-run refresh, ITO-46 Linear closure, and the post-closure operator dashboard refresh |
| Local status caveat | `git status --short --branch` was clean at dashboard generation time; generated evidence files are committed after the source snapshot they describe |
The actual release operator should repeat all publish-facing checks from the
final release commit with a strictly clean checkout before publishing.
@@ -24,7 +24,7 @@ final release commit with a strictly clean checkout before publishing.
| Discussion audit | `npm run discussion:audit -- --json` | Ready; 58 sampled discussions in `affaan-m/everything-claude-code`, 0 needing maintainer touch, 0 answerable discussions missing accepted answer, and 0 fetch errors |
| Platform audit | `node scripts/platform-audit.js --json --allow-untracked docs/drafts/` | Ready; tracked repos report 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A missing accepted answers, and 0 blocking dirty files |
| Work-items sync | `node scripts/work-items.js sync-github --repo <tracked-repo>` for five tracked repos; `node scripts/status.js --json`; `node scripts/work-items.js list --json` | All five tracked repos synced with 0 open PRs/issues and no changed work items; local status reports 0 open, 0 blocked, and 0 closed work items |
| Operator dashboard | `node scripts/operator-readiness-dashboard.js --markdown --allow-untracked docs/drafts/ --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Generated current dashboard for `81fca2cea6f1399c52c8faa70f9a17e42f0bd447`; dashboard ready true, publication ready false because release, npm, plugin, billing, and announcement gates are approval-gated |
| Operator dashboard | `npm run operator:dashboard -- --markdown --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md` | Regenerated at `4470e2e6702f17099d6feb137ba03ff00582c202`; dashboard ready true, publication ready false because release, npm, plugin, billing, and announcement gates are approval-gated; 0 PRs, 0 issues, and 0 discussion gaps remain across tracked repos; AgentShield enterprise evidence includes `840952a`; ECC Tools native-payments gate now names the narrowed ITO-61 blocker: create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and `INTERNAL_API_SECRET`, then rerun target readback and the live announcement gate |
Tracked repositories in the platform audit and work-items sync were:
@@ -44,7 +44,19 @@ Tracked repositories in the platform audit and work-items sync were:
| PR #1973 | Merged stale `skills/strategic-compact/suggest-compact.sh` removal after confirming the active hook is `scripts/hooks/suggest-compact.js`; remote main includes `812d4d06` |
| Issue #1974 | Closed after verifying current `origin/main` already reads the latest cumulative metrics bridge cost row and focused cost/metrics tests pass |
| Catalog/operator refresh | Pushed `81fca2ce` to refresh generated catalog count, URL ledger, and operator dashboard state after #1973/#1974 |
| PR #1976 | Merged provider response hardening for OpenAI-compatible and AstraFlow providers; main includes `eb0d8939` follow-up guards for empty/filtered provider choices, missing OpenAI `response.usage`, shared filtered-response error text, and credential-less provider construction validation |
| Provider guard validation | `uv run --extra dev pytest -q tests/test_provider_tools.py tests/test_astraflow_provider.py`, `uv run --extra dev pytest -q`, `node tests/run-all.js`, and `git diff --check` passed before merging #1976 follow-up into main: 11 provider-focused Python tests, 76 full Python tests, 2509 Node tests, and clean whitespace checks |
| Defensive-deny IOC scanner hardening | Pushed `04d4d819` so explicit Claude `permissions.deny` IOC entries are treated as defensive controls while the same IOC still fails in hooks, tasks, scripts, locks, and payload files; local `npm test` passed 2511/2511 and current-head CI `26017368895` passed 37/37 |
| Release name/plugin publication checklist | Pushed `6c0fbfb6` to add `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md`; the artifact freezes rc.1 as Everything Claude Code / ECC, keeps npm `ecc-universal`, keeps Claude/Codex plugin slug `ecc`, cites current Anthropic/OpenAI plugin publication paths, and blocks rename/npm publish/plugin tag/submission/billing/social actions until final release evidence exists; GitHub Actions CI `26034898420` passed |
| Dashboard and preview-pack checklist enforcement | Added `680aeff0` so `scripts/operator-readiness-dashboard.js` and `scripts/preview-pack-smoke.js` require the release-name/plugin publication checklist; local dashboard and smoke tests passed and preview-pack smoke now enforces 26 required artifacts |
| AgentShield enterprise evidence mirror | Added `2ba0c62d` and refreshed the dashboard generator/GA roadmap/AgentShield enterprise roadmap so the ECC release evidence names AgentShield `840952a` fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumb coverage |
| PR #1978 | Closed broad/failing outside Excel harness PR after review; recorded a corrected split path for a future smaller Excel harness proposal, install-target/tooling PR, plugin-runtime PR, and translation-automation PR |
| Announcement draft tracking | Added `docs/drafts/release-1.10.1-announcement.md` so the stabilization announcement draft is tracked instead of remaining as release-blocking untracked local state |
| Clean-worktree preview-pack smoke | Detached worktree at `680aeff0fb9a8598858e3105ba4742973ef386ab`; `node scripts/preview-pack-smoke.js --root <worktree> --format json` passed 5/5 with digest `0ed831dbd0cf`; 26 required artifacts, final verification commands, Hermes public sanitization boundary, and approval-gated publication blockers were all preserved |
| Public queues | Rechecked after the merge and issue-closure batch; 0 PRs, 0 issues, and 0 discussion gaps remain across tracked repos |
| Release OIDC publishing scope | Pushed `7911af4a` to keep the release workflow's trusted-publishing path scoped to release publication instead of broadening OIDC permissions across unrelated jobs; local workflow security validation passed |
| Release workflow normalization | Pushed `97567a91` to normalize release workflow line endings after the OIDC hardening slice; current-head CI `26050727969` passed for `97567a91e79e1ee4c291eb78f5f9c30c2046ac94` |
| Operator readiness evidence refresh | Pushed `0f1775e3`, `fe7b4f2b`, and `67e63e63` to refresh blocker evidence, regenerate the operator dashboard, and align publication readiness to the latest CI/security evidence; pushed `4470e2e6` to close ITO-46 publication-path evidence, then regenerated the dashboard at `4470e2e6702f17099d6feb137ba03ff00582c202`; current-head CI `26057806361` passed for `4470e2e6702f17099d6feb137ba03ff00582c202` |
## Supply-Chain And Security Evidence
@@ -52,23 +64,46 @@ Tracked repositories in the platform audit and work-items sync were:
| --- | --- | --- |
| Repo IOC scan | `npm run security:ioc-scan` | Passed; 198 files inspected |
| Home persistence IOC scan | `node scripts/ci/scan-supply-chain-iocs.js --home --json` | Passed; 200 files inspected; `findings: []` |
| ECC workspace IOC recheck | `node scripts/ci/scan-supply-chain-iocs.js --root <local ECC root> --home --json` | Passed; 1212 files inspected; `findings: []`; exact local path is kept out of public release evidence |
| Narrow active persistence sweep | Targeted search over user-level Claude, VS Code, LaunchAgent/systemd, local-bin, `/tmp`, and `/private/tmp` campaign paths | Existing active targets: 2; no campaign marker hits |
| Scanner fixture tests | `node tests/ci/scan-supply-chain-iocs.test.js` | 18 passed, 0 failed |
| Scanner fixture tests | `node tests/ci/scan-supply-chain-iocs.test.js` | 20 passed, 0 failed, including defensive Claude deny-wall pass and hook-with-same-IOC fail-closed coverage |
| Advisory source refresh | `node scripts/ci/supply-chain-advisory-sources.js --refresh --json` | Ready with 9 sources; live refresh produced 1 OpenAI URL warning from Node fetch while primary TanStack, GitHub advisory, StepSecurity, Wiz, Socket, npm, and CISA sources returned OK |
| No-lifecycle install | `npm ci --ignore-scripts` | Completed cleanly; 213 packages installed, 0 vulnerabilities |
| npm audit | `npm audit --audit-level=high` | 0 vulnerabilities |
| npm signatures | `npm audit signatures` | 213 verified registry signatures; 17 verified attestations |
| Workflow security | `node scripts/ci/validate-workflow-security.js` | Validated 8 workflow files |
| Workflow security | `node scripts/ci/validate-workflow-security.js` | Validated 8 workflow files after the release OIDC publishing-scope hardening |
| AgentShield project scan | `npx --no-install ecc-agentshield scan --format json` | Grade A / 99; 0 critical, 0 high, 0 medium; 6 low docs-example skill telemetry/governance findings |
| Current-head CI security scan | `gh run view 26011460500 --repo affaan-m/everything-claude-code --json status,conclusion,jobs,url` | Completed successfully for `81fca2cea6f1399c52c8faa70f9a17e42f0bd447`; 37/37 CI jobs passed, including lint, workflow/component validation, coverage, cross-platform package-manager tests, npm audit, and supply-chain IOC scan |
| Current-head CI security scan | `gh run view 26057806361 --repo affaan-m/everything-claude-code --json status,conclusion,headSha,jobs,url` | Completed successfully for `4470e2e6702f17099d6feb137ba03ff00582c202`; 37/37 CI jobs passed, including lint, workflow/component validation, coverage, cross-platform package-manager tests, npm audit, and supply-chain IOC scan |
| Latest Supply-Chain Watch | `gh run view 26010432490 --repo affaan-m/everything-claude-code --json status,conclusion,headSha,url` | Completed successfully for `25ac57ac40e9fc5a0606e76e6339e72c79748c99`; rerun from the final release commit before publication |
## ITO-46 Publication Path Refresh
| Gate | Command | Result |
| --- | --- | --- |
| Clean publication-path baseline | `git status --short --branch`; `git rev-parse HEAD`; `git remote get-url origin` | Clean `main` at `67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b`; remote `https://github.com/affaan-m/everything-claude-code.git` |
| Package/plugin identity readback | `node -p "JSON.stringify({pkg, claude, codex, opencode}, null, 2)"` | `ecc-universal@2.0.0-rc.1`; Claude plugin `ecc@2.0.0-rc.1`; Codex plugin `ecc@2.0.0-rc.1`; OpenCode package `ecc-universal@2.0.0-rc.1` |
| Name availability | `npm view ecc name version description repository.url --json`; `npm view @affaan-m/ecc name version --json`; `npm view ecc-universal name version dist-tags --json` | `ecc` is occupied by unrelated `ecc@0.0.2`; `@affaan-m/ecc` returns 404; `ecc-universal` registry latest remains `1.10.0` with no `next` dist-tag |
| Plugin manifest tests | `node tests/plugin-manifest.test.js` | 54 passed, 0 failed |
| Release surface tests | `node tests/docs/ecc2-release-surface.test.js` | 21 passed, 0 failed |
| Claude plugin validation | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin validate .`; `claude plugin tag .claude-plugin --dry-run` | Claude Code `2.1.143`; manifest validation passed; full plugin validation passed with one expected root `CLAUDE.md` context warning; tag dry run would create `ecc--v2.0.0-rc.1` |
| Claude marketplace source help | `claude plugin marketplace add --help`; `claude plugin marketplace update --help` | Marketplace add supports URL, local path, GitHub repo, `--scope`, and `--sparse`; update supports targeted or all-marketplace refresh |
| Codex marketplace help | `codex plugin marketplace add --help` | Codex CLI `0.131.0`; marketplace add supports local paths, `owner/repo[@ref]`, HTTPS Git URL, SSH Git URL, `--ref`, and `--sparse` |
| Codex local marketplace smoke | `HOME="$(mktemp -d)" codex plugin marketplace add ./` | Added marketplace `ecc` from the local checkout without touching the real Codex config |
| Codex GitHub-ref marketplace smoke | `HOME="$(mktemp -d)" codex plugin marketplace add affaan-m/everything-claude-code --ref "$(git rev-parse HEAD)"` | Added marketplace `ecc` from the public GitHub repo pinned to `67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b` without touching the real Codex config |
| npm package dry-run | `NPM_CONFIG_USERCONFIG=/dev/null npm pack --dry-run --json`; `NPM_CONFIG_USERCONFIG=/dev/null npm publish --tag next --dry-run` | Pack produced `ecc-universal-2.0.0-rc.1.tgz`, 2228 files, 4,348,504 bytes packed, 13,024,929 bytes unpacked, shasum `29d6a17029d80f5cb1df068880ba86c55a5d60f1`; publish dry-run would publish `ecc-universal@2.0.0-rc.1` with tag `next` |
| OpenCode package build | `npm run build:opencode` | Passed |
| Preview pack smoke | `npm run preview-pack:smoke` | Ready yes; digest `0ed831dbd0cf`; 5 passed, 0 failed |
| Official docs check | Anthropic `https://code.claude.com/docs/en/plugins` and `https://code.claude.com/docs/en/plugin-marketplaces`; OpenAI `https://developers.openai.com/codex/plugins/build` | Anthropic documents self-hosted marketplace sources; OpenAI documents repo/personal marketplaces and the official Plugin Directory. ECC has not created a real release tag, official listing, or npm publication in this pass |
| ITO-46 closure | Linear ITO-46 comment `9ef92056-ab23-4eed-bfdb-932dddc2b056`; Linear issue status `Done`; GitHub Actions `26057806361` | Publication-path docs now record every channel, name conflicts, package/plugin dry-run commands, and blocker register; Codex repo-marketplace distribution is verified but official Plugin Directory listing is not claimed before OpenAI submission/listing evidence |
## Linear Progress Sync
| Surface | Evidence |
| --- | --- |
| ITO-57 issue comment | `0b9931b9-1556-4ebc-a70c-f3635557625d` records May 18 queue counts, #1970/#1971/#1972 merge evidence, supply-chain verification, current-head watch URL, deferred gates, and next slices |
| ECC platform project comment | `e32e5b7a-287b-4bf4-9ed7-314389a157e1` records the same current public queue, security, and remaining-gate state at the project level |
| ITO-57 issue comments | `0b9931b9-1556-4ebc-a70c-f3635557625d` records May 18 queue counts, #1970/#1971/#1972/#1976 merge evidence, supply-chain verification, current-head CI URL, deferred gates, and next slices; reply `6fa15367-d994-4e53-ade3-9462477e1100` records the expanded TanStack/Mini Shai-Hulud recheck, defensive-deny scanner fix, current-head CI `26017368895`, and post-push platform audit; comment `3fe5b2b7-c4fe-401c-a317-b40d72119cb3` records the final emergency refresh against `97567a91`, AgentShield `4e36aab`, clean ECC/Ito/Documents workspace IOC scans, absent dead-man/persistence artifacts, and package-manager/Claude deny-wall posture; comment `43837404-c01c-4aaa-b5e2-1e784c136d69` records ECC-Tools `brace-expansion` alert 44 fixed in `e56fc1a` with CI `26054671308` and Dependabot API `state: fixed` |
| ITO-52 issue status | `f2e5a208-de91-4a3a-960b-5362d12aa5a4` records ECC-Tools `69ca535` team-learning feedback controls, local verification, and CI `26054455434`; Linear ITO-52 is Done |
| ITO-61 issue status | `6904e4fb-bec7-4787-90e2-759f077a628c` records the narrowed native-payments readback blocker: Wrangler OAuth now works, aggregate readback is clean, but there is still no Marketplace-managed Pro target billing-state with webhook provenance and the local announcement preflight is missing the target account plus `INTERNAL_API_SECRET` |
| ECC platform project comment | `e32e5b7a-287b-4bf4-9ed7-314389a157e1` records the earlier current public queue, security, #1976, and remaining-gate state at the project level; follow-up ITO-44 comments `a01eeef3-c69b-48c0-8804-a4682acfc1ef` and `6b0885cc-c4e9-40db-899b-f7b88b4aa046` record ITO-52 completion and the fixed ECC-Tools Dependabot alert |
| Project status update caveat | Linear returned "Project status updates are not enabled for this workspace"; project comment was used as the supported status surface |
## Current Publication Blockers
@@ -81,18 +116,35 @@ Tracked repositories in the platform audit and work-items sync were:
Plugin Directory publishing remains blocked on OpenAI's self-serve publishing
surface.
- ECC Tools billing/native-payments copy remains blocked until a Marketplace
purchase/webhook path writes production `account-billing:*` and
`billing-state:*` records, then `npm run billing:announcement-gate --
--account <github-login>` returns an announcement-ready gate.
Pro purchase/webhook path writes ready production `billing-state:*`
provenance for the target Marketplace test account, then
`npm run billing:kv-readback -- --account <github-login> --require-ready`
with working Cloudflare API auth or repaired Wrangler OAuth, followed by
`npm run billing:announcement-gate -- --account <github-login>`, return
announcement-ready gates. The latest Wrangler OAuth aggregate readback found
256 `account-billing:*` records, 256 `billing-state:*` records, 197
Marketplace-source records, 59 Stripe-source records, 53 Pro records, 4
Marketplace webhook-provenance records, all `Open Source`, 0 Marketplace Pro
states, 0 ready-like Marketplace Pro states, and 0 parse failures. ECC-Tools
commit `632e059` adds the follow-up target-account readback mode, redacts
the account login and raw KV key names, and requires both target key families
before `--require-ready` can pass. ECC-Tools commit `13cd3fc` normalizes
billing-state key casing. The latest ITO-61 retry fails because no
Marketplace-managed Pro state exists and the announcement preflight is
missing the target account plus `INTERNAL_API_SECRET`; Linear ITO-61 tracks
the exact target-account acceptance criteria.
- Release notes, X, LinkedIn, GitHub release, and longform copy still need final
live URLs after release/package/plugin URLs exist.
- The local checkout still has unrelated untracked `docs/drafts/`, so a strict
clean-checkout release pass remains required before real publication.
- The local checkout is clean after the dashboard/evidence refresh, but a
strict clean-checkout release pass remains required before real publication.
## Result
The tracked public PR queue, issue queue, discussion queue, local work-items
bridge, and Mini Shai-Hulud/TanStack protection loop are current on
May 18, 2026 for `81fca2ce`. This improves publication readiness but does not
replace the approval-gated release, package, plugin, billing, and announcement
steps in `publication-readiness.md`.
bridge, release-name/plugin publication gate, and Mini Shai-Hulud/TanStack
protection loop are current on May 18, 2026 for current `main` through
`97567a91`, with follow-up ECC Tools billing-gate hardening in `632e059`
and AgentShield enterprise/security hardening through `4e36aab`.
This improves publication readiness but does not replace the approval-gated
release, package, plugin, billing, and announcement steps in
`publication-readiness.md`.

207
docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md Normal file
View File

@@ -0,0 +1,207 @@
# ECC v2.0.0-rc.1 Publication Evidence - 2026-05-19
This is release-readiness evidence only. It does not create a GitHub release,
npm publication, plugin tag, marketplace submission, billing announcement, or
social announcement.
## Source Commit
| Field | Evidence |
| --- | --- |
| Upstream main | `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2` |
| Git remote | `https://github.com/affaan-m/ECC.git` |
| Evidence scope | Current `main` after PR #1990 harness-audit GitHub integration scoring, PR #1991 canonical ECC identity gate, PR #1992 release video-suite gate, PR #1993 growth outreach pack, PR #1994 May 19 publication evidence refresh, PR #1995 operator dashboard refresh, PR #1996 primary render self-eval gate, PR #1997 publish-candidate gate, PR #1998 visual QA gate, PR #1999 video dashboard evidence refresh, PR #2000 suite-count evidence refresh, PR #2001 owner approval packet addition, PR #2002 owner approval dashboard gate refresh, PR #2004 Linear readiness evidence sync, PR #2005 post-PR #2004 evidence refresh, PR #2008 release supply-chain evidence gate fix, PR #2006 per-project Claude Code adapter, PR #2009 continuous-learning project registry hygiene fix, PR #2011 GateGuard quoted git introspection fix, PR #2013 deterministic release approval gate, PR #2017 AgentShield adapter evidence sync, PR #2018 AgentShield Dependabot evidence sync, ECC-Tools #80-#91 hosted observability/readback, Marketplace Pro selected-target, selected-target announcement gate, and env-file operator-path batch, AgentShield #94 Zed/VS Code adapter coverage, AgentShield #95 Dependabot alert closure, PR #2019 Marketplace Pro release-gate sync, and PR #2020 selected-target announcement gate sync |
| Local status caveat | `git status --short --branch` was clean after pulling `origin/main`; generated evidence files are committed after the source snapshot they describe |
The release operator must repeat all publish-facing checks from the exact final
release commit with a strictly clean checkout before publishing.
## Queue And Discussion State
| Surface | Command | Result |
| --- | --- | --- |
| Platform audit | `node scripts/platform-audit.js --json` | Ready true; tracked repos report 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, and 0 blocking dirty files |
| Trunk PRs | `gh pr list --repo affaan-m/ECC --state open --json number,title,url,author --limit 100` | `[]` |
| Trunk issues | `gh issue list --repo affaan-m/ECC --state open --json number,title,url,author --limit 100` | `[]` |
| Discussion audit through platform audit | `node scripts/platform-audit.js --json` | `affaan-m/ECC` discussions enabled; 60 sampled after #2015 setup-location Q&A was answered and accepted; 0 needing maintainer touch; 0 answerable without accepted answer |
| Worktree | `git status --short --branch` | `## main...origin/main` |
Tracked repositories in the platform audit were:
- `affaan-m/ECC`
- `affaan-m/agentshield`
- `affaan-m/JARVIS`
- `ECC-Tools/ECC-Tools`
- `ECC-Tools/ECC-website`
## Merge Batch
| Item | Result |
| --- | --- |
| PR #1990 | Merged GitHub integration harness-audit scoring and conflict salvage from the earlier unsafe PR lane |
| PR #1991 | Merged canonical ECC release identity gate across README, plugin/package metadata, OpenCode surfaces, Marketplace metadata, audit defaults, quickstart, release URL ledger, naming/publication matrix, and release tests |
| PR #1992 | Merged the release video-suite gate, production manifest, validator, package file surface, preview-pack smoke wiring, release-surface tests, and compact CI JSON output |
| PR #1993 | Merged the partner, sponsor, consulting, conference, podcast, GitHub Discussion, and video CTA pack for the hypergrowth outbound lane |
| PR #1994 | Merged the May 19 publication-evidence refresh, platform-audit evidence gate, preview-pack smoke evidence gate, and URL/readiness/roadmap references |
| PR #1995 | Merged the May 19 operator dashboard refresh with the `$1,728/mo` MRR baseline, `$10,000/mo` target, and release/video/outbound top actions |
| PR #1996 | Merged the primary launch render self-eval gate for duration, size, resolution, video stream, and audio stream checks |
| PR #1997 | Merged the publish-candidate gate for the primary launch MP4/captions plus five short clips in wide and vertical formats |
| PR #1998 | Merged the release video visual QA gate for publish candidates and black-frame segment detection |
| PR #1999 | Merged the operator dashboard refresh that moved the release video suite to current once publish-candidate evidence was recorded |
| PR #2000 | Merged the suite-count evidence refresh so the platform audit rejects stale local-suite totals |
| PR #2001 | Merged the final human decision sheet for release, package, plugin, video, billing, social, and outbound approvals; GitHub Actions run `26102500291` completed successfully |
| PR #2002 | Merged the owner-approval dashboard refresh so the operator dashboard fails closed when the final decision sheet is missing or incomplete; CI passed before merge |
| PR #2004 | Merged the May 19 Linear readiness evidence sync after PR #2002, including roadmap, dashboard, preview-pack manifest, publication evidence, operator dashboard generator, and release-surface test updates |
| PR #2005 | Merged the post-PR #2004 evidence refresh, keeping the May 19 readiness ledger, dashboard, roadmap, and release-surface references current on `main` |
| PR #2008 | Merged the release supply-chain evidence gate fix so platform-audit readiness keeps matching current publication evidence |
| PR #2006 | Merged the `claude-project` install target for per-project Claude Code adapter support, then fixed the manifest schema enum on top of the feature branch before merge |
| PR #2009 | Merged the continuous-learning project registry hygiene fix: non-git hook payloads stay global, no-remote linked worktrees migrate to the main worktree project ID, and `instinct-cli.py projects delete`, `merge`, and `gc` provide operator maintenance commands |
| PR #2011 | Merged the GateGuard read-only git introspection tokenizer fix so quoted `git show` pathspecs with spaces are preserved while quoted shell separators stay outside the bypass |
| PR #2013 | Merged the deterministic `release:approval-gate` so final publication, package, plugin, video, billing, social, and outbound actions remain blocked until owner decisions and live URL readbacks are complete |
| PR #2017 | Merged the AgentShield #94 evidence mirror as `906e06406e95742944ccb05065f95a7e4dd4a036`, syncing roadmap, publication evidence, preview-pack manifest, and supply-chain incident-response surfaces after full GitHub CI passed |
| PR #2018 | Merged the AgentShield #95 Dependabot evidence mirror as `68b4e45145968acd52e68d900f8422061ed7f4a2`, syncing the roadmap, publication evidence, and preview-pack manifest after full PR CI passed |
| PR #2019 | Merged the Marketplace Pro selected-target release-gate sync as `30f60710d4e0424fc70d9bbdc105009db141d9d8`, updating the roadmap, publication evidence, naming matrix, preview manifest, and operator dashboard after full PR CI passed |
| PR #2020 | Merged the selected-target announcement gate sync as `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, updating the roadmap, publication evidence, naming matrix, preview manifest, release URL ledger, platform audit surfaces, and operator dashboard after full PR CI passed |
## Post-Queue-Zero Sync - 2026-05-19 Late Pass
| Surface | Evidence |
| --- | --- |
| ECC approval gate | PR #2013 merged as `9819626459a662773be7d0b1c18d82c1316b8c36`; GitHub Actions run `26128749863` completed successfully; `npm run release:approval-gate -- --format json` remains intentionally blocked with digest `ef8f49f727b7`, 4/6 passing, and failures only on owner decisions plus live URL readbacks |
| ECC platform audit | `node scripts/platform-audit.js --json` at `2026-05-19T22:45:15Z` returned ready true, 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, and 0 dirty blockers across `affaan-m/ECC`, `affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website` |
| ECC-Tools billing hardening | ECC-Tools PR #79 merged as `67ee247ae1b7b50ecc1261ed5d62d65cc8390da8`; preflight and live billing-announcement output now redact account login values to a stable fingerprint while preserving readiness blockers/actions; local validation passed targeted tests, full test suite 678/678, lint, typecheck, manual preflight, and `git diff --check`; post-merge main CI run `26129253509` completed successfully |
| JARVIS queue drain | JARVIS PR #15 merged the Dependabot `idna` 3.11 to 3.15 security bump as `4b3685d6ee23b4da1f1a7d22281c6b5d6c0a42c7`; PR checks and post-merge CI/CodeQL passed |
| JARVIS deploy repair | JARVIS PR #16 merged as `4369c34babd21d539c420866da51c7a8365f1c9e`; the deploy workflow no longer uses an invalid job-level `secrets.*` condition, Vercel deploy skips cleanly when secrets are absent, backend image build/push succeeds, and main CI, CodeQL, and Deploy runs `26129539376`, `26129539427`, and `26129539425` completed successfully |
| Linear roadmap sync | Linear document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f`, project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`, and issue comments on ITO-44, ITO-50, ITO-54, ITO-56, and ITO-61 record the late-pass queue-zero, release-gate, billing-safety, and progress-sync state. |
## May 20 Hosted Observability And AgentShield Adapter Sync
| Surface | Evidence |
| --- | --- |
| ECC discussion queue | Discussion #2015 was answered and marked accepted with conservative setup guidance: do not install in `C:\`; use a normal workspace; install `ecc@ecc` once through the Claude plugin marketplace; copy only needed rule folders when using manual rules; do not stack plugin plus full manual install. |
| ECC platform audit | `node scripts/platform-audit.js --json` at `2026-05-20T00:25:38Z` returned ready true with 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, and 0 dirty blockers across `affaan-m/ECC`, `affaan-m/agentshield`, `affaan-m/JARVIS`, `ECC-Tools/ECC-Tools`, and `ECC-Tools/ECC-website`. |
| ECC platform audit recheck | `npm run platform:audit -- --json` at `2026-05-20T00:42:11Z` returned ready true with 0 open PRs, 0 open issues, 0 discussion maintainer-touch gaps, 0 answerable Q&A gaps, 0 conflicting PRs, 0 GitHub errors, and 0 dirty blockers across the same tracked repo set after AgentShield #94 merged. |
| ECC-Tools #80/#81/#82 | PR #80 merged runtime-receipt failure-reason enforcement as `4efc8cc858022f84c844690f3298633b081c4398`; PR #81 preserved AgentShield fleet approval IDs as `1fbf635f492284f75ba7166c029c39eb8cc15794`; PR #82 rendered those approval IDs in hosted security review comments/check-runs as `7a7b4d096a176ae80b3a2076c09d45601e36013a`. |
| ECC-Tools #83/#84 | PR #83 merged deterministic Linear external-ID reuse for deferred follow-ups as `b6b107f33961bef18a85fb619f3a976eb5d752dd`; PR #84 merged hosted AgentShield remediation sync to Linear as `73bac7058071c55cb30c6b8ac6db779b3660c02c`. Local validation covered focused route/client tests, typecheck, lint, full ECC-Tools test suite, and whitespace checks before merge; GitHub Verify, Security Audit, and Workers Builds passed. |
| ECC-Tools #85/#86/#87 | PR #85 merged hosted job observability events as `1637e0f2bfa0a889387f2c20675680ccc5528123`; PR #86 merged hosted status observability readback as `5a9e94d3ff860307c3e7fd9fd065f0de2bd633dd`; PR #87 merged hosted depth-plan observability readback as `508fbc02b63cf1fcb5af2f3624608fa66e53b5d4`. Local validation for the final depth-plan readback slice passed the focused hosted depth-plan route test, full route suite (89/89), typecheck, lint, full ECC-Tools Vitest suite (683/683), and `git diff --check`; GitHub Verify, Security Audit, and Workers Builds passed before merge. |
| ECC-Tools #88 | PR #88 merged authenticated hosted observability API readback as `c836ac3fb24ed7e2ae38cd61e41c9651ac9c00f8`. `GET /api/analysis/observability` now summarizes hosted events by event type and job for operator/dashboard readback, skips malformed stale KV records, and the deployment runbook includes the production smoke command. Local verification passed typecheck, lint, full ECC-Tools Vitest suite (686/686), and `git diff --check`; GitHub Verify, Security Audit, and Workers Builds passed before merge. |
| AgentShield #94 | PR #94 merged Zed/VS Code adapter coverage as `4caee27acfadb50a4cd024e738b5c3cbd4b0bb03`. AgentShield now reports Zed and VS Code as first-class harness adapters, discovers `.zed/settings.json`, `.zed/tasks.json`, and `.zed` hook-code files, and flags `.zed/setup.mjs` in the AI-tool persistence IOC rule alongside `.vscode/setup.mjs`. Local verification passed typecheck, lint, focused scanner/rule tests, full `npm test` (1822 tests), `npm run build`, and `git diff --check`; GitHub checks passed across GitGuardian, scan suite, self-scan, self-scan examples, Node 18/20/22 CI, CodeRabbit, and Cubic after rerunning a transient artifact-upload failure. |
| AgentShield #95 | PR #95 merged the `brace-expansion` Dependabot fix as `25d91f0002214c408da4ceaac7def20bad40ca10`. The lockfile now resolves vulnerable transitive `brace-expansion` 5.x entries to `5.0.6`, local `npm audit --audit-level=moderate` returns 0 vulnerabilities, and `gh api repos/affaan-m/agentshield/dependabot/alerts?state=open` returns `[]`. Local validation passed typecheck, lint, full `npm test` (1822 tests), build, audit, and whitespace checks; GitHub checks passed across Verify Node 18/20/22, self-scan, self-scan examples, Test GitHub Action, GitGuardian, CodeRabbit, and Cubic. |
| Linear roadmap sync | Linear ITO-54 comment `74dcc101-3be5-4173-be13-62b80d54f569` and ECC Platform Roadmap project comment `348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5` record the May 20 hosted observability status/depth-plan readback batch; Linear comments `291e2a4b-06e3-4672-a057-cdb141478161` and `b2d35de0-ca49-44cb-982a-ddec229e7691` add the #88 observability API readback; Linear ITO-49 comment `faed69dd-35f5-469d-acb5-ddde6a70d6a1` and project comment `70187c1e-d481-4181-b418-09bd65d54b5e` add the #94 AgentShield Zed/VS Code adapter evidence; Linear ITO-49 comment `371fc3e4-611f-4d20-a23f-67db1260b418`, ITO-57 comment `bd06e252-15c1-4256-b667-caa3f64f5968`, and project comment `22c2c388-2fd1-4dea-a939-6141f40c9a21` add the #95 AgentShield Dependabot alert closure; earlier comments on ITO-54, ITO-48, and the project record the #84 hosted remediation sync and #85 hosted observability event emission batches. |
## May 20 Marketplace Pro Release-Gate Sync
| Surface | Evidence |
| --- | --- |
| ECC-Tools #89 | PR #89 merged as `512bca6b99cdaa67058a6aa9a4e7e7f0b1d9873a` after Verify, Security Audit, and Workers Builds passed. It added `billing:kv-readback -- --select-ready-target --require-ready`, allowing operators to select a ready Marketplace Pro target internally without passing or printing the login. |
| Live production readback | The 2026-05-20 Wrangler OAuth readback found ready-like Marketplace Pro records with webhook provenance, selected a target with both key families, seat and webhook readiness, no overage, and 0 blockers, with account details redacted. The old missing Marketplace Pro target-state blocker is cleared. |
| ECC #2019 | PR #2019 merged as `30f60710d4e0424fc70d9bbdc105009db141d9d8`, syncing the selected-target readback evidence into the GA roadmap, rc.1 publication evidence, naming matrix, preview manifest, and operator dashboard. |
| ECC-Tools #90 | PR #90 merged as `16a5bb33ee5ce7c31d2ad8d041e5afac03308f05` after Verify, Security Audit, and Workers Builds passed. It added the selected-target official announcement gate through `/api/billing/readiness?selectReadyTarget=1` and `npm run billing:announcement-gate -- --select-ready-target`, keeping the raw account login out of command logs. |
| ECC #2020 | PR #2020 merged as `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, syncing ECC-Tools #90 into the roadmap, publication evidence, naming matrix, preview manifest, publication readiness, release URL ledger, platform audit surfaces, and operator dashboard. |
| ECC-Tools #91 | PR #91 merged as `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05` after Verify, Security Audit, and Workers Builds passed. It added `--env-file` to the billing announcement and KV readback scripts for ignored local operator credential files, with tests proving sentinel secrets and account logins are not printed. |
| ECC-Tools #92 | PR #92 merged as `18d80197be779619283e0b37e2952bac53819a07` after Verify, Security Audit, and Workers Builds passed. It added the non-breaking `INTERNAL_OPERATOR_API_SECRET` bearer accepted by privileged internal API routes without rotating the primary `INTERNAL_API_SECRET`, and the merged Worker was deployed to `api.ecc.tools`. |
| May 20 live selected-target gate | Vault-backed Wrangler readback passed with Marketplace Pro state, target fingerprint `e953a74209fe`, both key families, webhook evidence, seat readiness, no overage, and 0 blockers. After rotating the operator bearer, `npm run billing:announcement-gate -- --preflight --select-ready-target` returned ready and `npm run billing:announcement-gate -- --select-ready-target` returned `announcementGateReady: true`, 0 required actions, 0 blockers, and audit summary 6 pass / 1 warn / 0 fail. |
| ECC-Tools #93 | PR #93 merged as `d3d62df83fa075660fa4530c3e0edc311a4355fe`, recording the live billing announcement gate pass in the launch checklist and distribution roadmap while preserving final release/plugin/URL approval gates. |
| Post-merge main CI | ECC GitHub Actions runs `26135974576`, `26136949698`, and `26138015245` completed successfully on `main` for `30f60710d4e0424fc70d9bbdc105009db141d9d8`, `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, and `6e25458dbc15cd07cfb7a4e1f0b06f3eda41a043` across lint, coverage, security, validation, and the full OS/package-manager matrix. ECC-Tools main CI runs `26137280847`, `26138403065`, and `26138669148` completed successfully for `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`, `18d80197be779619283e0b37e2952bac53819a07`, and `d3d62df83fa075660fa4530c3e0edc311a4355fe`. |
| Post-merge local gates | `npm run platform:audit -- --json` returned ready true with 0 PRs, 0 issues, 0 discussion gaps, and 0 dirty blockers; `npm run preview-pack:smoke -- --format json` returned ready true with digest `531328aaaa53` before the May 20 dashboard rollover and `eebb8a66c33e` after adding the May 20 dashboard artifact; `git diff --check HEAD~1..HEAD` was clean. |
| Linear roadmap sync | Linear ITO-61 comment `467d148a-712a-4777-aad9-95593e9f1739` and ECC Platform Roadmap project comment `7642ee9c-3107-400c-a229-53e2895a8914` record ECC-Tools #89, ECC #2019, the green post-merge CI run, and the earlier internal bearer-token gate; Linear ITO-44 comment `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, ITO-56 comment `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, ITO-61 comment `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and project reply `1c74a3d0-f8ca-4306-997e-a37c53d49f97` record the ECC #2020 selected-target announcement-gate sync; a new Linear sync should record ECC-Tools #92/#93 and the live gate pass. |
| Remaining blocker | Native-payments billing evidence is ready as of the May 20 selected-target gate pass. Repeat KV readback and `billing:announcement-gate -- --select-ready-target` immediately before launch, and keep native-payments copy behind the final release, plugin, live URL, and owner-approval gates. |
## Release And Growth Evidence
| Gate | Command | Result |
| --- | --- | --- |
| Release-surface tests | `node tests/docs/ecc2-release-surface.test.js` | 28 passed, 0 failed |
| Preview-pack smoke | `npm run preview-pack:smoke -- --format json` | Ready true; digest `eebb8a66c33e`; 33 required artifacts; 5 passed, 0 failed |
| Release approval gate | `npm run release:approval-gate -- --format json` | Expected blocked; digest `ef8f49f727b7`; 4 passed, 2 failed; owner decisions and live URL readbacks remain approval-gated |
| Operator dashboard | `npm run operator:dashboard -- --write docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md` | Regenerated from the May 20 `main` baseline with platform audit ready true, 0 tracked PRs, 0 tracked issues, 0 discussion gaps, `$1,728/mo` current MRR, `$10,000/mo` target MRR, the release video suite marked current, Linear release-gate sync current, and top actions for plugin publication, notifications, outbound approval, AgentShield, and ECC Tools billing |
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build` | Current supply-chain refresh found 0 npm vulnerabilities, verified 254 registry signatures and 30 attestations, and accepted the Yarn lock after pinning `@types/node@25.7.0` plus refreshing `brace-expansion` to `5.0.6` / `1.1.14` |
| Release video suite | `npm run release:video-suite -- --format json --summary` with `ECC_VIDEO_SOURCE_ROOT` and `ECC_VIDEO_RELEASE_SUITE_ROOT` | Ready true; 15/15 source assets present; 13/13 render, timeline, caption, EDL, and segment artifacts present; 12/12 publish-candidate outputs present with zero detected black-frame segments; primary rough render self-eval passed at 144.759 seconds, 1920x1080, 1 audio stream, and 106.78 MB |
| Focused post-merge regression set | `node tests/hooks/detect-project-worktree.test.js`; `node tests/hooks/observe-subdirectory-detection.test.js`; `node tests/scripts/instinct-cli-projects.test.js`; `node tests/hooks/hooks.test.js` | 10/10, 6/6, 5/5, and 237/237 passed after PR #2009 merged |
| GateGuard PR #2011 regression | `node tests/hooks/gateguard-fact-force.test.js`; `npm test`; `git diff --check main...HEAD` | 91/91 passed on the PR branch; full local suite passed 2560/2560 before merge; whitespace check passed; focused GateGuard suite passed again on current `main` |
| Release approval gate PR #2013 validation | `npm test`; `npm run lint`; `git diff --check`; `npm run preview-pack:smoke -- --format json`; `npm run release:approval-gate -- --format json` | 2568/2568 tests passed before merge; lint and whitespace passed; preview pack stayed ready with digest `531328aaaa53`; release approval gate returned the expected blocked exit with digest `ef8f49f727b7` |
| Full local suite | `node tests/run-all.js` | 2568 passed, 0 failed before PR #2013 merge |
| PR #1998 CI | GitHub Actions run `26099020341` | Completed successfully for `d500de1e9f11c0446b6a1349bd98b522d31f9125`; all reported checks passed, including lint, validation, security scan, coverage, GitGuardian, CodeRabbit, Cubic, and the macOS/Ubuntu/Windows test matrix |
| PR #1999 CI | GitHub Actions run `26100148726` | Completed successfully for `90584b6d5e5814bc2ad9a4cd651bebd043de989d`; lint, validation, security scan, coverage, GitGuardian, CodeRabbit, and the macOS/Ubuntu/Windows test matrix passed; Cubic completed neutral and did not block merge |
| PR #2001 CI | GitHub Actions run `26102500291` | Completed successfully for `8148340ad14eb32c971346f0cb4cb9431ec0f5de`; required checks passed before merge |
| PR #2002 CI | GitHub Actions run `26103853507` | Completed successfully before merge; required checks passed, Cubic remained non-blocking, and PR #2002 merged into `main` as `c7d662c3c68719e5ef0b5305ca3f6782b3214224` |
| PR #2004 CI | GitHub Actions run `26105012698` | Completed successfully after rerunning the single failed Windows Node 18 yarn job; required checks passed, Cubic remained non-blocking, and PR #2004 merged into `main` as `ac7434ea8f39166b11e9d06ce64b38c4fb8d9202` |
| PR #2005 CI | GitHub Actions run `26106321921` | Completed successfully with 37 completed jobs, 0 failed jobs, and PR #2005 merged into `main` as `d6022d6b8dc5ef1393cf18ae40ee58f646f3754e` |
| PR #2008 CI | GitHub Actions run `26108473648` | Completed successfully across the required matrix before merge; non-blocking Cubic skipped after review |
| Post-PR #2006 main CI | GitHub Actions run `26109953093` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `98bd517451f38fa0150a53aab4234c2239a47b7e` |
| PR #2009 CI | GitHub Actions run `26111313938` | Completed successfully with 37 completed jobs, 0 failed jobs after replacing the brittle fake-worktree regression fixture with a real `git worktree add` setup |
| Post-PR #2009 main CI | GitHub Actions run `26111946778` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `bc519e5b8ed42f26c0a5a611756e04351c323f21` |
| Post-PR #2011 main CI | GitHub Actions run `26113695068` | Completed successfully with 37 completed jobs, 0 failed jobs, and `main` advanced to `14d88e517b0c56a80c1a6392b1cde2474948d29f` |
| Post-PR #2013 main CI | GitHub Actions run `26128749863` | Completed successfully with `main` advanced to `9819626459a662773be7d0b1c18d82c1316b8c36` |
| Post-PR #2019 main CI | GitHub Actions run `26135974576` | Completed successfully with `main` advanced to `30f60710d4e0424fc70d9bbdc105009db141d9d8` |
| Post-PR #2020 main CI | GitHub Actions run `26136949698` | Completed successfully with `main` advanced to `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2` |
| ECC-Tools #91 main CI | GitHub Actions run `26137280847` | Completed successfully on ECC-Tools `main` with `72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05` after the env-file billing gate support merged |
| ECC-Tools #92 main CI | GitHub Actions run `26138403065` | Completed successfully on ECC-Tools `main` with `18d80197be779619283e0b37e2952bac53819a07` after the operator bearer path merged |
| ECC-Tools #93 main CI | GitHub Actions run `26138669148` | Completed successfully on ECC-Tools `main` with `d3d62df83fa075660fa4530c3e0edc311a4355fe` after the live billing announcement evidence merged |
| Linear sync | Linear document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` plus project comment `a6411e3a-8c8e-4a58-adba-687e77d4c543`; late-pass document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f` plus project comment `d42bf0e2-7a8e-4934-9f3f-e281498ee805`; May 20 ITO-61 comment `467d148a-712a-4777-aad9-95593e9f1739` plus project comment `7642ee9c-3107-400c-a229-53e2895a8914`; May 20 ITO-44 comment `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, ITO-56 comment `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, ITO-61 comment `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and project reply `1c74a3d0-f8ca-4306-997e-a37c53d49f97` | Project and issue lanes record PR #2002 evidence, discussion #2003 routing, owner-approval dashboard gate, and In Progress status for ITO-47, ITO-48, ITO-49, ITO-51, ITO-54, and ITO-56; the late-pass sync attaches PR #2013, ECC-Tools #79, and JARVIS #15/#16 evidence to ITO-44, ITO-50, ITO-54, ITO-56, and ITO-61; the May 20 sync attaches ECC-Tools #89/#90, ECC #2019/#2020 Marketplace Pro selected-target and selected-target announcement-gate evidence, and the remaining env-file/bearer-token gate to ITO-44, ITO-56, ITO-61, and the project |
| Public-path sanitization | `node scripts/ci/validate-no-personal-paths.js` through local suite and CI | Passed |
| Markdown and whitespace | `markdownlint` focused release docs plus `git diff --check` before PR #1999 | Passed |
## Product And Positioning Evidence
| Surface | Evidence |
| --- | --- |
| Canonical repo identity | Public URLs and release docs now use `https://github.com/affaan-m/ECC` where public links are needed |
| Release claim | Release notes and launch collateral frame ECC as the harness-native operator system for agentic work, not a Claude-only config pack |
| Video proof | `video-suite-production.md` gates the local rough render, timeline, captions, source inventory, publish-candidate clip set, self-eval, black-frame QA, and no-private-path publication rules |
| Growth proof | `partner-sponsor-talks-pack.md` provides approval-gated copy for sponsors, partners, consulting, talks, podcasts, GitHub Discussion, and video CTAs |
| Owner approval proof | `owner-approval-packet-2026-05-19.md` centralizes release, package, plugin, video, billing, social, and outbound decision gates |
| Business baseline | Hypergrowth command center and partner pack use `$1,728/mo` current MRR, `$10,000/mo` target MRR, and `$8,272/mo` gap |
| Operator dashboard | `operator-readiness-dashboard-2026-05-20.md` pulls the growth baseline into the same queue, publication, video, outbound, AgentShield, ECC Tools billing/env-file gate, Linear, and supply-chain control surface |
| Linear progress proof | Linear project document `ecc-may-19-post-pr-2002-sync-64cef8f668e0` mirrors the post-PR #2002 state and records active lanes for launch materials, AgentShield, ECC Tools deep analysis, observability, and final release publication; Linear document `ecc-may-19-late-queue-zero-and-release-gate-sync-1c26f65e6b3f` adds the PR #2013 approval gate, ECC-Tools #79 redaction hardening, and JARVIS #15/#16 queue/deploy repair evidence; May 20 Linear comments `74dcc101-3be5-4173-be13-62b80d54f569`, `348ea8f5-2a2d-46d9-a0fe-ed99653e7fe5`, `291e2a4b-06e3-4672-a057-cdb141478161`, `b2d35de0-ca49-44cb-982a-ddec229e7691`, `faed69dd-35f5-469d-acb5-ddde6a70d6a1`, `70187c1e-d481-4181-b418-09bd65d54b5e`, `371fc3e4-611f-4d20-a23f-67db1260b418`, `bd06e252-15c1-4256-b667-caa3f64f5968`, `22c2c388-2fd1-4dea-a939-6141f40c9a21`, `a9297467-208a-41e4-8dbb-35f0dad5fe2b`, `5008b70b-cf98-43cd-a8d4-f098ba9b9780`, `5ebf0aaf-e2d3-4537-878f-484f49dcf87a`, and `1c74a3d0-f8ca-4306-997e-a37c53d49f97` add ECC-Tools hosted observability readback evidence, AgentShield adapter evidence, AgentShield Dependabot alert closure, and Marketplace selected-target announcement-gate evidence to ITO-44, ITO-49, ITO-54, ITO-56, ITO-57, ITO-61, and the project |
## Current Publication Blockers
- GitHub prerelease `v2.0.0-rc.1` is still not created in this pass.
- npm `ecc-universal@2.0.0-rc.1` is still not published to the `next`
dist-tag.
- Claude plugin tag and marketplace propagation remain approval-gated.
- Codex repo-marketplace distribution is verified by prior evidence, but
official Plugin Directory publishing remains blocked on OpenAI submission or
listing evidence.
- ECC Tools billing/native-payments evidence is no longer blocked by the
internal bearer-token path or selected-target announcement gate. Repeat
`billing:kv-readback -- --select-ready-target --require-ready` and
`billing:announcement-gate -- --select-ready-target` immediately before
launch, and keep the copy behind the final release, plugin, live URL, and
owner-approval gates.
ECC-Tools PR #89 (`512bca6`) added `billing:kv-readback --
--select-ready-target --require-ready`; its 2026-05-20 production run cleared
the old missing-target-state blocker without printing the account login.
ECC-Tools PR #90 (`16a5bb3`) added the selected-target official announcement
gate, so production preflight no longer needs a raw GitHub login.
ECC-Tools PR #91 (`72119a1`) added `--env-file` support for ignored local
billing credentials without printing loaded secrets or account logins.
ECC-Tools PR #92 (`18d8019`) added the non-breaking operator bearer path, and
ECC-Tools PR #93 (`d3d62df`) recorded the live gate pass.
- Release notes, X, LinkedIn, GitHub release, GitHub Discussion, longform copy,
sponsor outreach, partner outreach, consulting copy, conference pitches, and
podcast pitches still need final live URLs plus human approval before posting
or sending.
- Discord/community links still need a real invite or bot/guild credential path
before public docs should route users there.
## Result
The tracked public PR queue, issue queue, discussion queue, canonical ECC
identity, release video suite, preview pack, growth outreach packet, per-project
Claude Code adapter surface, continuous-learning project registry hygiene,
GateGuard quoted git introspection fix, deterministic release approval gate,
ECC-Tools billing-announcement redaction hardening, selected-target billing
readback, selected-target announcement gate, billing gate env-file operator path,
ECC-Tools hosted observability readback, AgentShield Zed/VS Code adapter coverage,
AgentShield Dependabot alert closure, and JARVIS security/deploy queue repairs
are current on May 20, 2026 for ECC `main` through
`c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`, ECC-Tools `main` through
`72119a1acc6f5a0cd3bb5d90afd6e87fd1fefd05`, and AgentShield `main` through
`25d91f0002214c408da4ceaac7def20bad40ca10`. The remaining video work is owner
approval, upload, and public URL attachment, not render or QA production.
This improves publication readiness but does not replace the approval-gated
release, package, plugin, billing, Discord, and announcement steps in
`publication-readiness.md`.

77
docs/releases/2.0.0-rc.1/publication-readiness.md
View File

@@ -6,6 +6,9 @@ URLs from the exact commit being released.
For the current rc.1 naming decision and package/plugin publication path, see
[`naming-and-publication-matrix.md`](naming-and-publication-matrix.md).
For the May 18 release name, package, Claude plugin, Codex plugin, and
publication-order gate, see
[`release-name-plugin-publication-checklist-2026-05-18.md`](release-name-plugin-publication-checklist-2026-05-18.md).
For the assembled rc.1 preview pack boundary, see
[`preview-pack-manifest.md`](preview-pack-manifest.md).
For the May 12 dry-run evidence pass, see
@@ -36,11 +39,15 @@ routing, deterministic preview-pack smoke gate, and current operator dashboard
refresh, see
[`publication-evidence-2026-05-17.md`](publication-evidence-2026-05-17.md).
For the May 18 current-head queue, workflow-security/metrics/uncloud merge
batch, Mini Shai-Hulud/TanStack local and home protection recheck, npm
no-lifecycle install/audit/signature gates, AgentShield project scan,
work-items sync, Linear progress comments, operator dashboard refresh, and
current-head Supply-Chain Watch, see
[`publication-evidence-2026-05-18.md`](publication-evidence-2026-05-18.md).
batch, PR #1978 review/closure, Mini Shai-Hulud/TanStack local and home
protection recheck, npm no-lifecycle install/audit/signature gates,
AgentShield project scan, AgentShield `840952a` enterprise/IOC evidence mirror,
release OIDC publishing-scope hardening, workflow normalization, later
dashboard/publication-readiness refreshes through `67e63e63`, work-items sync,
Linear progress comments, ITO-46 closure, operator dashboard refresh, and
current-head CI/security scan success through the May 19 identity, video, and
growth-pack merge batch, see
[`publication-evidence-2026-05-19.md`](publication-evidence-2026-05-19.md).
For the operator-facing prompt-to-artifact readiness dashboard from the same
May 16 pass, see
[`operator-readiness-dashboard-2026-05-15.md`](operator-readiness-dashboard-2026-05-15.md).
@@ -48,23 +55,31 @@ For the May 17 operator dashboard refresh, see
[`operator-readiness-dashboard-2026-05-17.md`](operator-readiness-dashboard-2026-05-17.md).
For the May 18 operator dashboard refresh, see
[`operator-readiness-dashboard-2026-05-18.md`](operator-readiness-dashboard-2026-05-18.md).
For the May 18 live/pending release URL ledger, see
[`release-url-ledger-2026-05-18.md`](release-url-ledger-2026-05-18.md).
For the May 19 hypergrowth/operator dashboard, see
[`operator-readiness-dashboard-2026-05-19.md`](operator-readiness-dashboard-2026-05-19.md).
The current May 20 Marketplace Pro release-gate operator dashboard is
[`operator-readiness-dashboard-2026-05-20.md`](operator-readiness-dashboard-2026-05-20.md).
For the final owner decision sheet across release, npm, plugin, video, billing,
social, and outbound approvals, see
[`owner-approval-packet-2026-05-19.md`](owner-approval-packet-2026-05-19.md).
For the May 19 live/pending release URL ledger after the public repo rename, see
[`release-url-ledger-2026-05-19.md`](release-url-ledger-2026-05-19.md).
## Release Identity Matrix
| Surface | Expected value | Source of truth | Fresh check | Evidence artifact | Owner | Status |
| --- | --- | --- | --- | --- | --- | --- |
| Product name | Everything Claude Code / ECC | `README.md`, `CHANGELOG.md`, release notes | `rg -n "Everything Claude Code" README.md CHANGELOG.md docs/releases/2.0.0-rc.1` | `publication-evidence-2026-05-12.md` | Release owner | Evidence recorded |
| GitHub repo | `affaan-m/everything-claude-code` | Git remote and release URLs | `git remote get-url origin` | `publication-evidence-2026-05-12.md` | Release owner | Evidence recorded |
| Git tag | `v2.0.0-rc.1` | GitHub releases | `gh release view v2.0.0-rc.1 --repo affaan-m/everything-claude-code` | `release not found` | Release owner | Blocked until release approval |
| Product name | ECC | `README.md`, plugin manifests, release notes | `rg -n "^# ECC\|displayName.*ECC\|affaan-m/ECC" README.md .codex-plugin/plugin.json docs/releases/2.0.0-rc.1` | `release-name-plugin-publication-checklist-2026-05-18.md` plus `release-url-ledger-2026-05-19.md` | Release owner | Evidence recorded |
| GitHub repo | `affaan-m/ECC` | Git remote and release URLs | `git remote get-url origin` | `release-url-ledger-2026-05-19.md` | Release owner | Evidence recorded |
| Git tag | `v2.0.0-rc.1` | GitHub releases | `gh release view v2.0.0-rc.1 --repo affaan-m/ECC` | `release not found` | Release owner | Blocked until release approval |
| npm package | `ecc-universal` | `package.json` | `node -p "require('./package.json').name"` | `publication-evidence-2026-05-12.md` | Package owner | Evidence recorded |
| npm version | `2.0.0-rc.1` | `VERSION`, `package.json`, lockfiles | `node -p "require('./package.json').version"` | `publication-evidence-2026-05-12.md` | Package owner | Evidence recorded |
| npm dist-tag | `next` for rc, `latest` only for GA | npm registry | `npm view ecc-universal dist-tags --json` | Current registry only has `latest: 1.10.0`; `next` is pending publish | Package owner | Blocked until publish approval |
| Claude plugin slug | `ecc` / `ecc@ecc` install path | `.claude-plugin/plugin.json`, `.claude-plugin/marketplace.json` | `node tests/hooks/hooks.test.js` | `publication-evidence-2026-05-12.md` | Plugin owner | Evidence recorded |
| Claude plugin manifest | `2.0.0-rc.1`, no unsupported `agents` or explicit `hooks` fields | `.claude-plugin/plugin.json`, `.claude-plugin/PLUGIN_SCHEMA_NOTES.md` | `claude plugin validate .claude-plugin/plugin.json` | `publication-evidence-2026-05-12.md` | Plugin owner | Evidence recorded |
| Codex plugin manifest | `2.0.0-rc.1` with shared skill source | `.codex-plugin/plugin.json` | `node tests/docs/ecc2-release-surface.test.js` | `publication-evidence-2026-05-12.md` | Plugin owner | Evidence recorded |
| Codex repo marketplace | `ecc@2.0.0-rc.1` exposed through `.agents/plugins/marketplace.json` | `.agents/plugins/marketplace.json`, `.codex-plugin/README.md` | `HOME="$(mktemp -d)" codex plugin marketplace add <local-checkout>` | `publication-evidence-2026-05-15.md` | Plugin owner | Repo-marketplace path verified; official Plugin Directory publishing coming soon |
| Codex repo marketplace | `ecc@2.0.0-rc.1` exposed through `.agents/plugins/marketplace.json` | `.agents/plugins/marketplace.json`, `.codex-plugin/README.md` | `HOME="$(mktemp -d)" codex plugin marketplace add <local-checkout>` | `publication-evidence-2026-05-15.md` | Plugin owner | Repo-marketplace path verified; do not claim official Plugin Directory listing before OpenAI submission evidence |
| OpenCode package | `ecc-universal` plugin module | `.opencode/package.json`, `.opencode/index.ts` | `npm run build:opencode` | `publication-evidence-2026-05-12.md` | Package owner | Evidence recorded |
| Agent metadata | `2.0.0-rc.1` | `agent.yaml`, `.agents/plugins/marketplace.json` | `node tests/scripts/catalog.test.js` | `publication-evidence-2026-05-12.md` | Release owner | Evidence recorded |
| Migration copy | rc.1 upgrade path, not GA claim | `release-notes.md`, `quickstart.md`, `HERMES-SETUP.md` | `npx markdownlint-cli '**/*.md' --ignore node_modules` | `publication-evidence-2026-05-13.md` | Docs owner | Evidence recorded |
@@ -76,10 +91,10 @@ For the May 18 live/pending release URL ledger, see
| GitHub release | Tag exists, release notes use final URLs, assets attached if needed | `gh release view v2.0.0-rc.1 --json tagName,url,isPrerelease` | `Blocker: release not found on 2026-05-12` | Release owner | Pending approval |
| npm package | `npm pack --dry-run` has expected files, version matches, rc goes to `next` | `npm pack --dry-run` and `npm publish --tag next --dry-run` where supported | `Blocker: actual publish requires approval; dry run passed with next tag` | Package owner | Dry-run passed |
| Claude plugin | Manifest validates, marketplace JSON points to public repo, install docs match slug | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin tag .claude-plugin --dry-run`; isolated temp-home install smoke | `Blocker: real tag creation/push requires approval` | Plugin owner | Clean-checkout dry-run and install smoke recorded |
| Codex plugin | Manifest version matches package and docs, repo marketplace points at the plugin root, and OpenAI's current official Plugin Directory status is recorded | `node tests/docs/ecc2-release-surface.test.js`; `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; temp-home `codex plugin marketplace add <local-checkout>` | `Blocker: official Plugin Directory publishing and self-serve management are documented as coming soon` | Plugin owner | Repo-marketplace distribution verified; official directory pending |
| Codex plugin | Manifest version matches package and docs, repo marketplace points at the plugin root, and OpenAI's current official Plugin Directory status is recorded | `node tests/docs/ecc2-release-surface.test.js`; `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; temp-home `codex plugin marketplace add <local-checkout>` | `Blocker: official Plugin Directory listing requires OpenAI submission/listing evidence` | Plugin owner | Repo-marketplace distribution verified; official directory pending |
| OpenCode package | Build output is regenerated from source and package metadata is current | `npm run build:opencode` | `Blocker: none for local build; public distribution still follows npm/plugin release` | Package owner | Evidence recorded |
| ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `env -u GITHUB_TOKEN gh repo view ECC-Tools/ECC-Tools --json nameWithOwner,isPrivate,viewerPermission` plus internal `/api/billing/readiness?accountLogin=<marketplace-test-account>` readback | `Blocker: ECC-Tools #73 added announcementGate; live Marketplace test-account readback must return announcementGate.ready === true before payment announcement` | ECC Tools owner | Code gate recorded; live billing readback pending |
| Announcement copy | X, LinkedIn, GitHub release, and longform copy point to live URLs | placeholder-marker scan and `release-url-ledger-2026-05-18.md` | `Blocker: final live release/npm/plugin/billing URLs do not exist yet; live and pending URLs are separated in the May 18 ledger` | Release owner | URL ledger recorded; final URLs pending |
| ECC Tools billing reference | Any billing claim links to verified Marketplace/App state | `env -u GITHUB_TOKEN gh repo view ECC-Tools/ECC-Tools --json nameWithOwner,isPrivate,viewerPermission` plus internal `/api/billing/readiness?selectReadyTarget=1` readback using the operator bearer path | `Ready: ECC-Tools #92 main CI and ECC-Tools #93 main CI passed; live selected-target readback returned announcementGate.ready === true on 2026-05-20; repeat before payment announcement` | ECC Tools owner | Billing evidence ready; final copy still waits on release/plugin/live URL approvals |
| Announcement copy | X, LinkedIn, GitHub release, and longform copy point to live URLs | placeholder-marker scan and `release-url-ledger-2026-05-19.md` | `Blocker: final live release/npm/plugin/billing URLs do not exist yet; live and pending URLs are separated in the May 19 ledger` | Release owner | URL ledger recorded; final URLs pending |
| Privileged workflow hardening | Release and maintenance workflows avoid persisted checkout tokens | `node scripts/ci/validate-workflow-security.js` | `Blocker:` | Release owner | Evidence recorded in post-hardening refresh |
## Required Command Evidence
@@ -88,23 +103,25 @@ Record the exact commit SHA and command output before any publication action:
| Evidence | Command | Required result | Recorded output |
| --- | --- | --- | --- |
| Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Pending final strict clean-checkout release pass; `publication-evidence-2026-05-17.md` records current `main` with unrelated untracked `docs/drafts/` |
| Preview-pack smoke | `npm run preview-pack:smoke` | Preview pack artifacts, Hermes boundary, final verification command list, and publication blockers pass | `publication-evidence-2026-05-17.md`: ready yes, digest `dfb1ed014607`, 5 passed, 0 failed; repeat in a final strict clean-checkout release pass |
| Harness audit | `npm run harness:audit -- --format json` | 70/70 passing | `publication-evidence-2026-05-17.md`: 70/70 |
| Adapter scorecard | `npm run harness:adapters -- --check` | PASS | `publication-evidence-2026-05-16.md`: PASS, 11 adapters |
| Observability readiness | `npm run observability:ready` | 21/21 passing | `publication-evidence-2026-05-17.md`: 21/21, ready yes |
| Release safety gate | `npm run observability:ready -- --format json` | Release Safety category passing with publication readiness, supply-chain, workflow security, package surface, and release-surface evidence | `publication-evidence-2026-05-13-post-hardening.md`: Release Safety 3/3 |
| Supply-chain verification | `npm audit --json`; `npm audit signatures`; `cd ecc2 && cargo audit -q`; Dependabot alerts; GitGuardian Security Checks | 0 vulnerabilities/alerts, registry signatures verified, GitGuardian clean | `publication-evidence-2026-05-18.md`: npm registry signatures and attestations verified, 0 high-or-higher npm vulnerabilities, repo/home IOC scans clean, current-head Supply-Chain Watch passed |
| Root suite | `node tests/run-all.js` | 0 failures | `publication-evidence-2026-05-17.md`: `npm test` passed 2487/2487, 0 failed |
| Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules` | 0 failures | `publication-evidence-2026-05-17.md`: passed after ja-JP autonomous-loop anchor repair |
| Package surface | `node tests/scripts/npm-publish-surface.test.js` | 0 failures; no Python bytecode in npm tarball | `2/2` passed in May 12 evidence pass |
| Release surface | `node tests/docs/ecc2-release-surface.test.js` | 0 failures | `publication-evidence-2026-05-16.md`: 20/20 passed |
| Clean release branch | `git status --short --branch` | On intended release commit; no unrelated files | Current May 20 baseline `c2471fe5c535310f8a8008c9ed7ea9f6757b33f2`: `## main...origin/main`; repeat from the exact final publication commit before release |
| Preview-pack smoke | `npm run preview-pack:smoke` | Preview pack artifacts, Hermes boundary, final verification command list, and publication blockers pass | `publication-evidence-2026-05-19.md`: ready yes, digest `eebb8a66c33e`, 33 artifacts, 5 passed, 0 failed; repeat in the final strict clean-checkout release pass |
| Release approval gate | `npm run release:approval-gate -- --format json` | Ready true only after owner decision rows are approved, live release/package/plugin/video/billing URLs are recorded, and launch/outbound copy has no placeholders or private paths | Current May 19 state is intentionally blocked because owner decisions and live URL readbacks remain approval-gated |
| Harness audit | `npm run harness:audit -- --format json` | 80/80 passing | Current release gate: 80/80 across 8 applicable categories, 0 top actions |
| Adapter scorecard | `npm run harness:adapters -- --check` | PASS | Current release gate: PASS, 11 adapters |
| Observability readiness | `npm run observability:ready` | 21/21 passing | Current release gate: 21/21, ready true |
| Release safety gate | `npm run observability:ready -- --format json` | Release Safety category passing with publication readiness, supply-chain, workflow security, package surface, and release-surface evidence | Current release gate keeps Release Safety passing at 3/3; repeat the JSON gate from the exact final release commit |
| Supply-chain verification | `npm audit --audit-level=moderate`; `npm audit signatures`; `yarn install --immutable --mode=skip-build`; `cd ecc2 && cargo audit -q`; Dependabot alerts; GitGuardian Security Checks | 0 vulnerabilities/alerts, registry signatures verified, package-manager locks accepted, GitGuardian clean | Current supply-chain branch: `npm audit` found 0 vulnerabilities; `npm audit signatures` verified 254 registry signatures and 30 attestations; Yarn immutable install accepted the lock after pinning `@types/node@25.7.0` and moving `brace-expansion` to `5.0.6` / `1.1.14`; PR #2008 CI `26108473648`, post-PR #2006 main CI `26109953093`, PR #2009 CI `26111313938`, and post-PR #2009 main CI `26111946778` completed with 0 failures |
| Root suite | `node tests/run-all.js` | 0 failures | Current May 19 local suite: 2568 passed, 0 failed before PR #2013 merged; post-PR #2009 focused regressions also passed for worktree detection, observe subdirectory/global fallback, project maintenance CLI, and the hooks suite |
| Markdown lint | `npx markdownlint-cli '**/*.md' --ignore node_modules` | 0 failures | Current release gate: focused lint passed for `publication-readiness.md`, `publication-evidence-2026-05-19.md`, and `docs/ECC-2.0-GA-ROADMAP.md` |
| Package surface | `node tests/scripts/npm-publish-surface.test.js` | 0 failures; no Python bytecode in npm tarball | Current release gate: 2/2 passed |
| Release surface | `node tests/docs/ecc2-release-surface.test.js` | 0 failures | Current release gate: 27/27 passed after refreshing the discussion-count assertion to the post-PR #2005 baseline |
| Optional Rust surface | `cd ecc2 && cargo test` | 0 failures or explicit deferral | `publication-evidence-2026-05-16.md`: 462/462 passed, existing warnings only |
| Queue baseline | `gh pr list` / `gh issue list` across trunk, AgentShield, JARVIS, ECC Tools, and ECC website | Under 20 open PRs and under 20 open issues | `publication-evidence-2026-05-17.md`: platform audit ready, 0 open PRs and 0 open issues across checked repos |
| Discussion baseline | `node scripts/discussion-audit.js --json` | No unmanaged active discussion queue and no answerable Q&A missing an accepted answer | `publication-evidence-2026-05-15.md`: 58 trunk discussions, 0 without maintainer touch; other tracked repos disabled or 0 |
| Linear roadmap | Linear project and issue readback | Detailed roadmap exists with release, security, AgentShield, ECC Tools, legacy, and observability lanes | `publication-evidence-2026-05-15.md`: project and 16 issue lanes recorded |
| Operator readiness dashboard | `npm run operator:dashboard -- --json --allow-untracked docs/drafts/` | Current queue state mapped to macro-goal deliverables and incomplete gaps | `publication-evidence-2026-05-18.md`: generated from `3b7e0ba3`, platform ready true, dashboard ready true, 0 open PRs, 0 open issues, 0 discussion gaps; regenerated May 18 dashboard now also tracks the URL ledger |
| Release URL ledger | `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md` plus placeholder-marker scan | Live links and approval-gated links are separated before announcement copy is posted | Ledger records public repo/docs/CI/supply-chain/npm/OpenAI Codex documentation URLs and blocks GitHub release/npm/plugin/billing/social URLs until approval-gated checks pass |
| Queue baseline | `node scripts/platform-audit.js --json` across trunk, AgentShield, JARVIS, ECC Tools, and ECC website | Under 20 open PRs and under 20 open issues | Current May 20 baseline after PR #2020: platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 conflicting PRs, and 0 blocking dirty files across tracked repos |
| Discussion baseline | `node scripts/platform-audit.js --json` and `node scripts/discussion-audit.js --json` | No unmanaged active discussion queue and no answerable Q&A missing an accepted answer | Post-PR #2005 baseline: platform audit sampled 59 trunk discussions, 0 needing maintainer touch, 0 answerable discussions missing accepted answer; `docs/architecture/discussion-response-playbook.md` records response templates and security escalation rules |
| Linear roadmap | Linear project and issue readback | Detailed roadmap exists with release, security, AgentShield, ECC Tools, legacy, and observability lanes | May 18 Linear comments include ITO-57 `3fe5b2b7-c4fe-401c-a317-b40d72119cb3` and ITO-44 `fb4a4f33-6c2d-421a-bbdb-63cfad3e3ee4`; earlier evidence records the project and 16 issue lanes |
| Operator readiness dashboard | `npm run operator:dashboard -- --json` | Current queue state mapped to macro-goal deliverables and incomplete gaps | Current May 20 dashboard is refreshed from the post-PR #2020 baseline; platform audit ready true, 0 open PRs, 0 open issues, 0 discussion gaps, 0 dirty files, release video suite current, selected-target billing/env-file path mirrored, and publication gates still approval-gated |
| Release URL ledger | `docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md` plus placeholder-marker scan | Live links and approval-gated links are separated before announcement copy is posted | Ledger records public repo/docs/npm/OpenAI Codex documentation URLs and blocks GitHub release/npm/plugin/billing/social URLs until approval-gated checks pass |
| Release name and plugin publication checklist | `docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md` | Name/package/plugin values are frozen, final-release commands are listed, and Claude/Codex publication paths cite current official docs | Checklist keeps `ECC`, `ecc-universal`, and plugin slug `ecc` for rc.1; no npm rename, npm publish, plugin tag, official listing, billing claim, or announcement before final evidence |
## Do Not Publish If

4
docs/releases/2.0.0-rc.1/quickstart.md
View File

@@ -5,8 +5,8 @@ This path is for a new contributor who wants to verify the release surface befor
## Clone
```bash
git clone https://github.com/affaan-m/everything-claude-code.git
cd everything-claude-code
git clone https://github.com/affaan-m/ECC.git
cd ECC
```
Start from a clean checkout. Do not copy private operator state, raw workspace exports, tokens, or local Hermes files into the repo.

119
docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md Normal file
View File

@@ -0,0 +1,119 @@
# ECC v2.0.0-rc.1 Release Name And Plugin Publication Checklist
Snapshot date: 2026-05-18. Canonical repo decision refreshed 2026-05-19
after the public repo rename to `affaan-m/ECC`.
This checklist is the operator gate for release naming, package publication,
and Claude/Codex plugin distribution. It is not a publication action by itself.
Run it from the exact release commit before creating tags, publishing npm,
submitting marketplace forms, or posting announcements.
## Fixed rc.1 Decision
Ship `v2.0.0-rc.1` as **ECC**.
- Keep the GitHub repo at `affaan-m/ECC`.
- Keep the npm package as `ecc-universal`.
- Keep Claude and Codex plugin slugs as `ecc`.
- Publish the npm prerelease on the `next` dist-tag, not `latest`.
- Do not rename the npm package to `ecc` or `@affaan-m/ecc` before rc.1.
- Treat `affaan-m/ECC` as the canonical public repo for rc.1 and GA release
copy.
Reasons:
- `ecc-universal` is the current working install and package surface.
- `ecc` on npm is occupied by an unrelated elliptic-curve package.
- `@affaan-m/ecc` is unclaimed on npm, but would require a migration plan.
- `affaan-m/ECC` is now the live public GitHub repo.
- Claude and Codex already expose the desired short namespace as `ecc`.
## Current Surface Evidence
| Surface | Current value | Evidence command | 2026-05-18 result | Release action |
| --- | --- | --- | --- | --- |
| Git commit | `67e63e63f9bfd074bd6a21bf6bac71f3dfefa58b` | `git rev-parse HEAD` | Recorded from clean `main` before this ITO-46 evidence refresh | Re-run from final release commit |
| GitHub repo | `affaan-m/ECC` | `git remote get-url origin` | `https://github.com/affaan-m/ECC.git` | Keep for rc.1 and GA |
| npm package | `ecc-universal@2.0.0-rc.1` local, `1.10.0` registry latest | `node -p "require('./package.json').name + '@' + require('./package.json').version"` and `npm view ecc-universal name version dist-tags --json` | Local rc.1 ready; registry still latest `1.10.0` | Publish rc.1 with `--tag next` after approval |
| Exact npm short name | `ecc` | `npm view ecc name version description repository.url --json` | Occupied by unrelated `ecc@0.0.2` | Do not use |
| Scoped npm short name | `@affaan-m/ecc` | `npm view @affaan-m/ecc name version --json` | 404 | Candidate only after migration plan |
| Claude plugin | `ecc@2.0.0-rc.1` | `claude plugin validate .claude-plugin/plugin.json`; `claude plugin validate .`; `claude plugin tag .claude-plugin --dry-run` | Validation passed on Claude Code `2.1.143`; full plugin validation has one expected root `CLAUDE.md` context warning; dry run would create `ecc--v2.0.0-rc.1` | Run dry-run tag again from the final commit, then tag/push only after approval |
| Claude marketplace | `.claude-plugin/marketplace.json` | `claude plugin marketplace add --help`; Anthropic plugin marketplace docs | GitHub repo, git URL, remote marketplace JSON, and local path marketplace sources are supported | Verify post-tag marketplace install/update path after final evidence |
| Codex plugin | `ecc@2.0.0-rc.1` | `node tests/plugin-manifest.test.js`; `codex plugin marketplace add --help`; OpenAI Codex plugin docs | Plugin manifest passed 54/54; local and GitHub-ref repo marketplace smokes passed on Codex CLI `0.131.0` | Use repo marketplace for rc.1; do not claim official directory listing until OpenAI publishing path is available |
| OpenCode package | `ecc-universal@2.0.0-rc.1` | `node -p "require('./.opencode/package.json').name + '@' + require('./.opencode/package.json').version"` | Matches rc.1 package identity | Follow npm package publication |
| Billing claim | ECC Tools selected-target billing evidence ready | ECC Tools billing gate and Marketplace account readback | May 20 selected-target readback and live selected-target announcement gate passed with `announcementGateReady: true`; repeat immediately before announcement | Do not announce native payments until final release/plugin/live URL approvals are green |
## Required Gate
Run these checks from the final release commit and paste the exact output into
a fresh `publication-evidence-YYYY-MM-DD.md` file before release actions:
```bash
git status --short --branch
git rev-parse HEAD
git remote get-url origin
npm view ecc name version description repository.url --json
npm view @affaan-m/ecc name version --json
npm view ecc-universal name version dist-tags --json
node tests/plugin-manifest.test.js
node tests/docs/ecc2-release-surface.test.js
claude plugin validate .claude-plugin/plugin.json
claude plugin tag .claude-plugin --dry-run
codex plugin marketplace add --help
HOME="$(mktemp -d)" codex plugin marketplace add ./
HOME="$(mktemp -d)" codex plugin marketplace add affaan-m/ECC --ref "$(git rev-parse HEAD)"
npm pack --dry-run --json
npm publish --tag next --dry-run
npm run build:opencode
npm run preview-pack:smoke
npm run release:approval-gate -- --format json
```
If a command is unavailable on the release machine, record the exact error and
keep the related publication action blocked.
## Publication Order
| Step | Action | Required evidence | Stop condition |
| --- | --- | --- | --- |
| 1 | Freeze name and version | Package, Claude plugin, Codex plugin, OpenCode package, `VERSION`, and release docs all say `2.0.0-rc.1` | Any `preview`/`rc.1` mismatch |
| 2 | Verify clean release branch | `git status --short --branch` shows only the intended release commit and no unrelated drift | Any unexplained dirty file |
| 3 | Verify package and plugin manifests | `node tests/plugin-manifest.test.js` and `node tests/docs/ecc2-release-surface.test.js` pass | Manifest or release-surface failure |
| 4 | Dry-run package surface | `npm pack --dry-run --json`; `npm publish --tag next --dry-run` | Missing files, wrong dist-tag, or publish dry-run failure |
| 5 | Dry-run Claude distribution | `claude plugin validate`; `claude plugin tag .claude-plugin --dry-run`; marketplace source/help evidence | Validation, tag, or install-smoke failure |
| 6 | Verify Codex repo marketplace | `codex plugin marketplace add --help`; temp-home local and GitHub-ref repo marketplace add smoke; OpenAI official directory status recorded | Missing repo marketplace or unverified official-directory status |
| 7 | Verify OpenCode package | `npm run build:opencode` | Build failure |
| 8 | Regenerate release URL ledger | Live and approval-gated URLs separated in `release-url-ledger-YYYY-MM-DD.md` | Placeholder, private URL, or announcement URL drift |
| 9 | Create GitHub prerelease | `gh release view v2.0.0-rc.1 --json tagName,url,isPrerelease` | Missing URL or wrong prerelease flag |
| 10 | Publish npm rc | `npm view ecc-universal version dist-tags --json` shows rc.1 on `next` | rc.1 lands on `latest` or registry output is unclear |
| 11 | Publish/plugin-submit | Claude official submission and Codex repo marketplace evidence recorded | Form not submitted, listing not visible, or docs status changed |
| 12 | Announce | X, LinkedIn, GitHub release, and longform copy use final live URLs | Any final URL is still pending |
## Do Not Proceed
- Do not publish npm before `npm pack --dry-run --json` is captured from the
final release commit.
- Do not create or push Claude plugin tags before `claude plugin tag
.claude-plugin --dry-run` passes from the final release commit.
- Do not claim an official Codex Plugin Directory listing unless OpenAI
documents a public submission path or confirms the plugin has been listed.
- Do not announce billing, Marketplace, or native payments until ECC Tools live
Marketplace account readback returns ready.
- Do not rename the npm package until rc.1 is published and a migration guide
maps old install names to new names.
- Do not post social copy while any release, npm, plugin, or billing URL is
still approval-gated.
## External Distribution Sources
- Anthropic Claude Code plugin docs: `https://code.claude.com/docs/en/plugins`
- Anthropic Claude Code marketplace docs:
`https://code.claude.com/docs/en/plugin-marketplaces`
- OpenAI Codex plugin docs:
`https://developers.openai.com/codex/plugins/build#add-a-marketplace-from-the-cli`
As of this snapshot, Anthropic documents self-hosted marketplace distribution
through GitHub, git URL, remote marketplace JSON, and local path sources.
OpenAI documents repo/personal marketplace distribution for Codex and describes
an official Plugin Directory, but ECC has not submitted or received an official
directory listing in this pass.

6
docs/releases/2.0.0-rc.1/release-notes.md
View File

@@ -46,8 +46,8 @@ feature branch:
- documentation expansion, Japanese localization, zh-CN to ja-JP parity
repair, and dependency readiness through TypeScript 6 and Node type updates;
- launch collateral for GitHub release copy, X, LinkedIn, article outline,
Telegram/Hermes handoff, demo prompts, and the approval-gated launch
checklist.
Telegram/Hermes handoff, demo prompts, partner/sponsor/talk outreach, and
the approval-gated launch checklist.
- a release URL ledger that separates links which already resolve from links
that must wait for the GitHub release, npm rc package, plugin tag/directory,
and ECC Tools billing readback.
@@ -91,7 +91,7 @@ What stays local:
2. Read the [Hermes setup guide](../../HERMES-SETUP.md).
3. Review the [cross-harness architecture](../../architecture/cross-harness.md).
4. Run the [observability readiness gate](../../architecture/observability-readiness.md).
5. Check the [release URL ledger](release-url-ledger-2026-05-18.md) before
5. Check the [release URL ledger](release-url-ledger-2026-05-19.md) before
using any announcement links.
6. Start with one workflow lane: engineering, research, content, or outreach.
7. Import only sanitized operator patterns into ECC skills.

55
docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md Normal file
View File

@@ -0,0 +1,55 @@
# ECC v2.0.0-rc.1 Release URL Ledger
This ledger separates links that are already public from links that only become
valid after the approval-gated release, package, plugin, and announcement
steps. Regenerate it from the final release commit before posting any public
announcement.
Refreshed on 2026-05-19 after the public repository rename to
`affaan-m/ECC`. The final release pass must replace commit-specific evidence
with output from the exact release commit.
## Live Now
| Surface | URL | Verification |
| --- | --- | --- |
| Repository | <https://github.com/affaan-m/ECC> | `git remote get-url origin` returns `https://github.com/affaan-m/ECC.git` |
| Release pack folder | <https://github.com/affaan-m/ECC/tree/main/docs/releases/2.0.0-rc.1> | In-tree release pack |
| Release notes draft | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md> | In-tree release copy |
| Hermes setup guide | <https://github.com/affaan-m/ECC/blob/main/docs/HERMES-SETUP.md> | In-tree sanitized Hermes guide |
| May 19 evidence snapshot | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md> | Current strongest identity, video, growth, and CI readiness evidence |
| May 18 evidence snapshot | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md> | Previous supply-chain and publication-path readiness evidence |
| May 18 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md> | Previous prompt-to-artifact dashboard |
| May 19 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-19.md> | Previous prompt-to-artifact dashboard with hypergrowth, video, and outbound lanes |
| May 20 operator dashboard | <https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md> | Current prompt-to-artifact dashboard with Marketplace Pro release-gate sync |
| npm package page | <https://www.npmjs.com/package/ecc-universal> | `npm view ecc-universal name version dist-tags --json` returned `latest: 1.10.0`; rc.1 is not published yet |
| Codex marketplace CLI docs | <https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace> | Official docs list `codex plugin marketplace add` for GitHub shorthand, Git URLs, SSH URLs, and local marketplace roots |
| Codex official Plugin Directory status | <https://developers.openai.com/codex/plugins/build#publish-official-public-plugins> | Official docs say public Plugin Directory publishing and self-serve management are coming soon |
## Approval-Gated URLs
| Surface | Intended URL or command | Gate before use |
| --- | --- | --- |
| GitHub prerelease | <https://github.com/affaan-m/ECC/releases/tag/v2.0.0-rc.1> | `gh release view v2.0.0-rc.1 --repo affaan-m/ECC --json tagName,url,isPrerelease` must return the prerelease |
| npm rc package | <https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1> | `npm publish --tag next` approval and post-publish `npm view ecc-universal dist-tags --json` |
| Claude plugin tag | `claude plugin tag .claude-plugin --dry-run`, then real tag only after approval | Clean release commit and plugin tag/push approval |
| Codex repo marketplace install | `codex plugin marketplace add affaan-m/ECC --ref v2.0.0-rc.1` | GitHub tag must exist; official Plugin Directory submission remains separate |
| ECC Tools native-payments announcement | ECC Tools Marketplace/App URL plus selected-target billing readiness readback through the operator bearer path | Marketplace-managed selected target returned `announcementGate.ready === true` on 2026-05-20; repeat immediately before publication |
| Public announcements | X, LinkedIn, GitHub release, and longform URLs | GitHub release, npm, plugin, and billing URLs must resolve first |
## Pre-Post Check
Run these immediately before publication:
```bash
git status --short --branch
gh release view v2.0.0-rc.1 --repo affaan-m/ECC --json tagName,url,isPrerelease
npm view ecc-universal name version dist-tags --json
codex plugin marketplace add --help
rg -n "TODO|TBD|PLACEHOLDER" docs/releases/2.0.0-rc.1
npm run preview-pack:smoke
npm run release:approval-gate -- --format json
```
Do not post the social or notification copy until the approval-gated URLs above
resolve from a clean release commit.

202
docs/releases/2.0.0-rc.1/video-suite-production.md Normal file
View File

@@ -0,0 +1,202 @@
# ECC 2.0 Video Suite Production Manifest
Snapshot date: 2026-05-19.
This is the production contract for the ECC 2.0 release video suite. It keeps
the public release story, local source inventory, render outputs, and self-eval
gate in one place without committing raw footage, private transcript exports, or
absolute local paths.
## Claim
ECC 2.0 is the harness-native operator system for agentic work.
The videos should prove that claim directly:
- one reusable layer across Claude Code, Codex, OpenCode, Cursor, Gemini, Zed,
GitHub Copilot, and terminal workflows;
- reusable skills, rules, hooks, agents, MCP conventions, release gates, and
operator workflows;
- `ecc2/` as the alpha control-plane/TUI direction, not the whole product;
- AgentShield and supply-chain gates as the enterprise trust layer;
- OSS stays free, with GitHub Sponsors, ECC Tools Pro, and consulting as the
funding surface.
Do not frame the launch as a rename, pivot, config pack, or Claude-only package.
## Private Inputs
Do not commit raw footage, transcript JSON, or timeline exports.
Operators should point the validator at local media using environment variables:
```bash
ECC_VIDEO_SOURCE_ROOT=/path/to/ecc_2_raws \
ECC_VIDEO_RELEASE_SUITE_ROOT=/path/to/ecc_2_release_suite \
npm run release:video-suite -- --format json
```
`ECC_VIDEO_SOURCE_ROOT` should contain proof images and may contain an `_edited/`
subdirectory with edited source clips. `ECC_VIDEO_RELEASE_SUITE_ROOT` should
contain `edl/`, `segments/`, `renders/`, `timelines/`, and `transcripts/`.
## Source Inventory
These basenames are the required local inputs for the release suite validator.
| Asset | Lane | Proof |
| --- | --- | --- |
| `longform-full-wide.mp4` | Primary launch video | operator system, control-plane direction, closing proof |
| `sf-longform-full.mp4` | Primary launch video | structured context opener |
| `sf-thread-2-whatisecc.mp4` | What is ECC | category clarity and GitHub App explanation |
| `sf-thread-4-security.mp4` | Security proof | AgentShield, hooks, MCP, permission risk |
| `thread-2-ghapp-money.mp4` | Money/proof clip | OSS plus paid hosting and services |
| `architecture-2-wide.mp4` | B-roll | harness-native architecture |
| `terminal-scan-2-wide.mp4` | Install proof | terminal workflow and install confidence |
| `new_site_raw.mp4` | B-roll | site and product surface |
| `coverage-montage-wide.mp4` | Coverage/social proof | distribution and social proof |
| `metrics-ticker-2-wide.mp4` | Money/proof clip | traction and funnel proof |
| `growth-timeline-2-wide.mp4` | Coverage/social proof | release momentum timeline |
| `gh_app_1.png` | Money/proof clip | hosted GitHub App surface |
| `star_history.png` | Coverage/social proof | OSS adoption chart |
| `x_analytics.png` | Coverage/social proof | social distribution proof |
| `100k.png` | Coverage/social proof | reach milestone proof |
## Deliverables
| Deliverable | Length | Aspect | Output |
| --- | ---: | --- | --- |
| Primary launch video | 90-150s | 16:9 | `ecc-2-primary-launch.mp4` |
| Install proof clip | 25-35s | 16:9 and 9:16 | `ecc-2-install-proof-*` |
| What is ECC clip | 45-60s | 16:9 and 9:16 | `ecc-2-what-is-ecc-*` |
| Security proof clip | 45-60s | 16:9 and 9:16 | `ecc-2-security-proof-*` |
| Money/proof clip | 30-45s | 16:9 and 9:16 | `ecc-2-money-proof-*` |
| Coverage/social proof clip | 30-45s | 16:9 and 9:16 | `ecc-2-social-proof-*` |
## Primary Launch Video
The rough v1 primary launch assembly is the current spine. It should stay
speech-led, with product proof covering jump cuts and older wording.
| Order | Source | In | Out | Use |
| --- | --- | ---: | ---: | --- |
| 01 | `sf-longform-full.mp4` | 161.12 | 177.68 | Cleaner opener: ECC as structured context with skills, commands, agents, hooks, and project setup. |
| 02 | `thread-2-ghapp-money.mp4` | 21.84 | 30.40 | Direct product thesis: agentic harness optimization. |
| 03 | `thread-2-ghapp-money.mp4` | 41.00 | 59.72 | Not another harness; ECC is the layer and tooling on top of harnesses. |
| 04 | `longform-full-wide.mp4` | 254.60 | 271.20 | Agentic IDE, observability, tracing, and multi-agent control-plane direction. |
| 05 | `sf-thread-2-whatisecc.mp4` | 40.08 | 60.60 | GitHub App analyzes repos and injects project-specific skills, prompts, and hooks. |
| 06 | `sf-thread-4-security.mp4` | 17.60 | 32.72 | Security risk setup: hooks, MCP servers, permissions. |
| 07 | `sf-thread-4-security.mp4` | 37.28 | 51.32 | AgentShield proof: rules, categories, grades, secrets, injection, exfiltration. |
| 08 | `thread-2-ghapp-money.mp4` | 59.72 | 75.96 | OSS-first business model plus managed GitHub App surface. |
| 09 | `longform-full-wide.mp4` | 507.34 | 525.62 | Close on workflows, tested shipping, and secure daily agent work. |
Required local rough v1 artifacts:
- `edl/primary-launch.edl.md`
- `timelines/primary-launch-v1.timeline.json`
- `renders/ecc-2-primary-launch-rough-v1.mp4`
- `renders/ecc-2-primary-launch-rough-v1.captions.srt`
- `segments/primary-launch-v1/01-structured-context.mp4`
- `segments/primary-launch-v1/02-agentic-harness-optimization.mp4`
- `segments/primary-launch-v1/03-not-another-harness.mp4`
- `segments/primary-launch-v1/04-agentic-ide-surface.mp4`
- `segments/primary-launch-v1/05-github-app-proof.mp4`
- `segments/primary-launch-v1/06-security-risk.mp4`
- `segments/primary-launch-v1/07-agentshield-proof.mp4`
- `segments/primary-launch-v1/08-oss-paid-model.mp4`
- `segments/primary-launch-v1/09-close-shipping-system.mp4`
## Publish-Candidate Outputs
The release validator also expects the current publish-candidate set under
`renders/publish-candidates/`. These are still local review files, not public
uploads or committed media.
| Output | Target |
| --- | --- |
| `ecc-2-primary-launch.mp4` | 90-150s, 1920x1080, audio |
| `ecc-2-primary-launch.captions.srt` | primary captions |
| `ecc-2-install-proof-wide.mp4` | 25-35s, 1920x1080, audio |
| `ecc-2-install-proof-vertical.mp4` | 25-35s, 1080x1920, audio |
| `ecc-2-what-is-ecc-wide.mp4` | 45-60s, 1920x1080, audio |
| `ecc-2-what-is-ecc-vertical.mp4` | 45-60s, 1080x1920, audio |
| `ecc-2-security-proof-wide.mp4` | 45-60s, 1920x1080, audio |
| `ecc-2-security-proof-vertical.mp4` | 45-60s, 1080x1920, audio |
| `ecc-2-money-proof-wide.mp4` | 30-45s, 1920x1080, audio |
| `ecc-2-money-proof-vertical.mp4` | 30-45s, 1080x1920, audio |
| `ecc-2-social-proof-wide.mp4` | 30-45s, 1920x1080, audio |
| `ecc-2-social-proof-vertical.mp4` | 30-45s, 1080x1920, audio |
## video-use compatible workflow
Use the same production shape as Video Use while keeping the ECC-specific media
stack intact:
1. Treat transcript and timeline data as the editing surface.
2. Keep visual inspection on demand: filmstrips, waveform/timeline composites,
or frame samples only at ambiguous cut points.
3. Propose the edit strategy and EDL before rendering.
4. Cut deterministically with FFmpeg.
5. Add proof overlays with Remotion or Manim where product claims need visual
evidence.
6. Export the MP4 plus editable timeline and caption state.
7. Run cut-boundary, audio, caption, black-frame, and product-claim self-eval
before any upload or social post.
Do not dump frames into the repo. Frame samples used for self-eval belong in the
local release suite workspace.
## Browser Capture Plan
Use Browser or equivalent desktop capture only for proof footage that must be
current on release day:
| Surface | Capture |
| --- | --- |
| GitHub repo | README hero, install block, sponsor links, release notes |
| Codex plugin | repo marketplace install path and local plugin README |
| OpenCode package | package install and plugin banner |
| ECC Tools Pro | billing/product page only after live readback confirms claims |
| AgentShield | CLI output, policy category view, supply-chain gate |
| `ecc2/` | alpha control-plane/TUI surface with alpha framing |
If a surface is not live, use a local browser capture and label it as local or
release-candidate proof. Do not claim marketplace, billing, or official
directory availability before evidence exists.
## Self-Eval Gate
Run the validator:
```bash
ECC_VIDEO_SOURCE_ROOT=/path/to/ecc_2_raws \
ECC_VIDEO_RELEASE_SUITE_ROOT=/path/to/ecc_2_release_suite \
npm run release:video-suite -- --format json
```
Then manually check the final render for:
- validator self-eval passes for the primary render: 90-150 seconds, at least
1280x720, video stream present, audio stream present, and non-empty output;
- validator self-eval passes for the publish-candidate set: primary MP4 plus
captions and five short clips in both wide and vertical formats;
- validator visual QA reports zero detected black-frame segments for every
publish-candidate MP4;
- no blank frames or accidental desktop exposure;
- no stale repo name, pivot, rename, or Claude-only framing in captions;
- no captions that rewrite speech into a false claim;
- no stale URLs, old install commands, or pre-rename repository links;
- no internal MRR numbers unless the post explicitly needs them;
- audio continuity across every cut;
- first 10 seconds clearly say what ECC is;
- final CTA routes to repo, sponsor, Pro, or consulting without clutter.
## Do Not Publish If
- `npm run release:video-suite` is not ready for the local source roots.
- The primary launch render is outside the 90-150 second target.
- Captions mention the old repository name.
- Product proof relies on private screens, secrets, customer data, or raw local
paths.
- The release URL, npm, plugin, billing, or marketplace claims outrun the
evidence in `publication-readiness.md`.

8
docs/releases/2.0.0-rc.1/x-thread.md
View File

@@ -71,13 +71,13 @@ The deeper local integrations stay local until they are sanitized, and publicati
11/ Start here:
Repo:
<https://github.com/affaan-m/everything-claude-code>
<https://github.com/affaan-m/ECC>
Hermes x ECC setup:
<https://github.com/affaan-m/everything-claude-code/blob/main/docs/HERMES-SETUP.md>
<https://github.com/affaan-m/ECC/blob/main/docs/HERMES-SETUP.md>
12/ Release notes:
<https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md>
<https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md>
URL ledger:
<https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md>
<https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md>

179
docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md Normal file
View File

@@ -0,0 +1,179 @@
# ECC 2.0 Hypergrowth Release Command Center
Snapshot date: 2026-05-19.
This is the execution map for turning ECC 2.0 into a complete public release,
partner funnel, sponsor funnel, consulting surface, and content launch. It is
written for operators. Use it to decide what ships, what gets announced, and
what stays blocked until evidence exists.
## Release Claim
ECC 2.0 is the harness-native operator system for agentic work.
The public proof must show the actual system:
- reusable skills, rules, hooks, MCP conventions, and release gates;
- Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and
terminal-only workflows as supported execution surfaces;
- `ecc2/` as the alpha control-plane/TUI direction;
- Hermes as the optional operator shell for chat, cron, handoffs, and daily
work routing;
- ECC Tools Pro, GitHub Sponsors, and consulting as the business surface that
funds the OSS layer.
Avoid language that frames this as a rename or a retreat from the old project.
The release copy should show the 2.0 product shape directly.
## Current Growth Baseline
| Metric | Current | Target | Gap |
| --- | ---: | ---: | ---: |
| MRR | `$1,728/mo` | `$10,000/mo` | `$8,272/mo` |
| Sponsor motion | Active GitHub Sponsors plus open inbound | Repeatable sponsor close loop | Approval-gated outbound |
| Consulting motion | Open, non-primary | Partner-ready packages | Public proof, talks, and intake |
| Content motion | Release video publish candidates ready | Weekly launch clips and founder proof | Owner approval, upload, and public URLs |
| Community motion | Discord exists | Useful coding/operator community | Invite, channels, pins, moderation |
MRR growth should come from four lanes at once:
- GitHub Sponsors and OSS partner sponsors;
- ECC Tools Pro subscriptions;
- consulting and implementation contracts;
- talks, podcasts, conference demos, and partner webinars that create inbound.
## Second Hypergrowth Phase
The release should behave like a proof engine, not a name-change announcement.
Every public surface should make the product obvious in the first screen,
clip, paragraph, or demo:
| Workstream | Public proof | Revenue path |
| --- | --- | --- |
| Product category | ECC as the harness-native operator system, not a Claude-only config pack | Converts confused OSS traffic into install, Pro, and sponsor intent |
| Harness coverage | Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows shown as execution surfaces | Partner conversations with tools, IDEs, model providers, and platform teams |
| Control plane | `ecc2/` alpha dashboard/status/session surface and Hermes operator shell clearly framed as directionally live | Consulting and team implementation sprints |
| Enterprise trust | AgentShield, supply-chain, release, observability, and CI gates shown as repeatable evidence | Security vendors, code-review vendors, platform sponsors, and enterprise pilots |
| Media engine | Primary launch video, five proof clips, browser captures, transcripts, EDLs, captions, and editable timelines | Social reach, podcast/talk booking, sponsor proof, partner demos |
| Community funnel | GitHub Discussions, Discord once approved, sponsor tiers, Pro, and consulting CTAs routed without clutter | Repeatable inbound, not one-off launch spikes |
The operating rhythm after launch should be weekly:
1. one product proof clip;
2. one security or release-discipline proof clip;
3. one partner/sponsor/talk outreach batch after owner approval;
4. one public discussion or community prompt;
5. one measurable funnel readback covering repo traffic, sponsor clicks, Pro
conversions, MRR movement, and inbound replies.
## Release Gates
| Lane | Done when | Current action |
| --- | --- | --- |
| Repo identity | README, package metadata, plugin metadata, release docs, workflows, and launch copy all use `affaan-m/ECC` where public URLs are needed | Canonical URL sweep |
| Package and plugin publication | `ecc-universal@2.0.0-rc.1` dry-runs clean, npm `next` is approved, Claude plugin tag dry-runs, Codex repo marketplace smoke passes, OpenCode build passes | Refresh publication evidence from final commit |
| Product proof | Quickstart, cross-harness architecture, demo prompts, `ecc2/` alpha boundary, AgentShield safety proof, and hosted ECC Tools links are consistent | Keep proof surfaces concrete |
| Revenue proof | Sponsor tiers, Pro pricing, consulting CTA, partner CTA, and billing-readback language are current | Do not announce billing claims before live readback |
| Content proof | Launch video, short-form clips, screenshots, release notes, GitHub Discussion, X, LinkedIn, and longform post are aligned | Pick final video cuts, upload after approval, and attach public URLs |
| Community proof | Discord invite, rules, channels, onboarding, and sponsor/community routing are ready | Needs invite/token decision before public links |
## Video Suite
The video lane should use the existing ECC video-editing skill plus the
`browser-use/video-use` model where useful: transcript as the editing surface,
strategy approval before render, deterministic cuts, timeline/project output
when available, and self-eval before publication.
Reference pattern: <https://github.com/browser-use/video-use>
Primary source classes already exist in the local ECC media library. Keep raw
absolute paths out of public docs; use basenames or a private production
manifest when handing work to an editor or agent.
| Deliverable | Length | Source material | Proof goal |
| --- | ---: | --- | --- |
| Primary launch video | 90-150s | `longform-full-wide.mp4`, `sf-longform-full.mp4`, `architecture-2-wide.mp4`, `terminal-scan-2-wide.mp4`, `new_site_raw.mp4` | ECC 2.0 as the operator system |
| Install proof | 30s | README install, terminal scan, quickstart, plugin install | Fewer-click adoption |
| What is ECC | 45-60s | `sf-thread-2-whatisecc.mp4`, `vertical-2-whatisecc.mp4`, `architecture-2-*` | Product category clarity |
| Security proof | 45-60s | `sf-thread-4-security.mp4`, AgentShield evidence, supply-chain gates | Enterprise trust |
| Money/proof clip | 30-45s | `thread-2-ghapp-money.mp4`, `metrics-ticker-2-*`, `gh_app_*.png` | Sponsor, Pro, and partner credibility |
| Coverage/social proof | 30-45s | `coverage-montage-wide.mp4`, `100k.png`, `star_history.png`, `x_analytics.png`, coverage screenshots | Distribution leverage |
Production steps:
1. Generate transcripts for the longform and shortform raw clips.
2. Build an edit decision list with hook, proof, demo, business CTA, and final
CTA segments.
3. Cut deterministically with FFmpeg.
4. Add overlays and data motion in Remotion or Manim.
5. Add captions, light color correction, audio normalization, and platform
reframes.
6. Run a self-eval pass for blank frames, bad captions, jump cuts, weak hook,
missing product proof, and stale URLs.
7. Export final MP4s plus the editable timeline/project state.
## Distribution Plan
| Channel | Asset | CTA |
| --- | --- | --- |
| GitHub Release | release notes, quickstart, launch video, sponsor link | star, install, sponsor |
| GitHub Discussion | short announcement and proof bullets | questions, feedback, sponsors |
| X | launch thread, 30s install clip, proof clips | repo, sponsor, Pro |
| LinkedIn | partner-friendly product proof, consulting CTA | sponsors, consulting, talks |
| YouTube/Shorts/Reels/TikTok | primary launch video and clips | repo, site, newsletter/community |
| Podcasts/talks | one-page pitch, demo outline, founder proof | bookings, partners |
| Sponsor outbound | direct sponsor note and tier table | GitHub Sponsors or Pro |
The source of truth for sponsor, partner, consulting, conference, podcast, and
GitHub Discussion copy is
`docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md`.
The source of truth for owner approval across release, package, plugin, video,
billing, social, and outbound actions is
`docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md`.
## Copy Rules
Use direct product language:
- `ECC 2.0 is the harness-native operator system for agentic work.`
- `One reusable layer across Claude Code, Codex, OpenCode, Cursor, Gemini, Zed, GitHub Copilot, and terminal workflows.`
- `OSS stays free. Sponsors and Pro fund the work.`
- `Use ECC for skills, hooks, rules, MCP conventions, release gates, and operator workflows.`
Avoid:
- `we renamed the repo`;
- `pivot`;
- legacy config-pack framing;
- `Claude-only`;
- generic founder-journey language;
- claims about billing, marketplace payments, or official directory listings
before live evidence exists.
## First Build Order
1. Land the public repo identity fixes.
2. Refresh package, plugin, workflow, release, and launch-copy URLs.
3. Record final publication evidence from the exact release commit.
4. Keep the video suite manifest, transcripts, publish candidates, and visual QA
current with `npm run release:video-suite -- --format json`.
5. Browser-capture the README, ECC Tools app, install flow, and relevant proof
surfaces for b-roll.
6. Choose the owner-approved primary launch video and five short clips, then
upload and attach final public URLs.
7. Finalize GitHub release, X thread, LinkedIn post, Discussion announcement,
sponsor email copy, consulting intro, partner DM, and podcast/talk pitch.
8. Publish only after npm, plugin, release URL, and billing-readback gates are
either live or explicitly marked blocked.
## Owner Approvals
These actions need a human approval or credential before they move:
- sending annual-upgrade or sponsor emails;
- updating LinkedIn profile text;
- wiring Discord with a bot token and guild ID;
- publishing npm or creating plugin tags;
- announcing billing/native payments;
- sending partner, consulting, conference, podcast, or sponsor outreach;
- posting final social copy from personal accounts.

7
docs/security/supply-chain-incident-response.md
View File

@@ -26,8 +26,9 @@ credentials:
with historical malicious `node-ipc` versions also blocked by ECC because
they carried destructive or unauthorized file-writing behavior.
- The live IOC set includes persistence through Claude Code
`.claude/settings.json`, VS Code `.vscode/tasks.json`, and OS-level
`gh-token-monitor` LaunchAgent/systemd services. Some variants add
`.claude/settings.json`, VS Code `.vscode/tasks.json`, Zed
`.zed/tasks.json`, and OS-level `gh-token-monitor` LaunchAgent/systemd
services. Some variants add
`~/.config/gh-token-monitor/token` plus a dead-man-switch token description
`IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner`, malicious workflow
files such as `.github/workflows/codeql_analysis.yml`, and Python runtime
@@ -179,7 +180,7 @@ Escalate to a maintainer security review before any release or merge if:
- a dependency lockfile references a package named in an active advisory;
- `node scripts/ci/scan-supply-chain-iocs.js --home` finds Claude Code,
VS Code, or OS-level persistence indicators;
VS Code, Zed, or OS-level persistence indicators;
- a workflow combines `pull_request_target` with dependency installation,
cache restore/save, PR-head checkout, or write permissions;
- a release workflow combines `id-token: write` with shared cache usage;

18
docs/stale-pr-salvage-ledger.md
View File

@@ -108,6 +108,24 @@ porting.
| #1682/#1701 | Strategic compact hook-path fixes were merged directly or superseded by current docs fixes. |
| JARVIS #4/#5/#6 | Stale failing dependency-only PRs; future dependency state should be regenerated by Dependabot. |
## 2026-05-18 Owner-Wide Queue Cleanup
The ECC release repos were already clean, but an owner-wide `gh search` sweep
found stale queues in older public/private projects. The cleanup closed 24
stale dependency-bot PRs and 72 stale legacy payments/0EM roadmap issues,
then closed the final 9 stale/generated/conflicting/test PRs and 5
legacy/outreach/placeholder issues. The `affaan-m` owner namespace is now at 0
open PRs and 0 open issues by live `gh search`. The detailed before/after
evidence and final queue disposition are recorded in
`docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md`.
| Scope | Disposition |
| --- | --- |
| Dependabot PRs in `stoictradingAI`, `Behavioral_RL`, `dprc-autotrader-v2`, `x-algorithm-score`, `polycule-secure`, and `pragmAItism_defAInce` | Skipped as stale generated dependency bumps; regenerate from current base if still needed. |
| Legacy issues in `payments0-api`, `payments0-sdk`, `agent-payments-gateway`, `0EM_Frontend`, `0em-payments-dashboard`, and `yield-optimizer` | Superseded by ECC Tools native-payments, hosted analysis, billing-readback, and Linear/project roadmap lanes. |
| Archived repos touched for PR closure | `stoictradingAI`, `dprc-autotrader-v2`, `polycule-secure`, and `pragmAItism_defAInce` were restored to archived state after stale PR closure. |
| Final PR/issue sweep | Closed the remaining generated ECC bundles, stale Cloudflare rename PRs, stale README-card PR, test/noise PR, public outreach issues, and empty placeholder issue. Preserved `dexploy#25` findings in Linear `ITO-62` before closure. |
## Skipped
| Source PR | Reason |

4
docs/zh-CN/AGENTS.md
View File

@@ -1,6 +1,6 @@
# Everything Claude Code (ECC) — 智能体指令
这是一个**生产就绪的 AI 编码插件**,提供 60 个专业代理、231 项技能、75 条命令以及自动化钩子工作流,用于软件开发。
这是一个**生产就绪的 AI 编码插件**,提供 60 个专业代理、232 项技能、75 条命令以及自动化钩子工作流,用于软件开发。
**版本:** 2.0.0-rc.1
@@ -147,7 +147,7 @@
```
agents/ — 60 个专业子代理
skills/ — 231 个工作流技能和领域知识
skills/ — 232 个工作流技能和领域知识
commands/ — 75 个斜杠命令
hooks/ — 基于触发的自动化
rules/ — 始终遵循的指导方针(通用 + 每种语言)

6
docs/zh-CN/README.md
View File

@@ -224,7 +224,7 @@ Copy-Item -Recurse rules/typescript "$HOME/.claude/rules/"
/plugin list ecc@ecc
```
**搞定!** 你现在可以使用 60 个智能体、231 项技能和 75 个命令了。
**搞定!** 你现在可以使用 60 个智能体、232 项技能和 75 个命令了。
***
@@ -1138,7 +1138,7 @@ opencode
|---------|-------------|----------|--------|
| 智能体 | PASS: 60 个 | PASS: 12 个 | **Claude Code 领先** |
| 命令 | PASS: 75 个 | PASS: 35 个 | **Claude Code 领先** |
| 技能 | PASS: 231 项 | PASS: 37 项 | **Claude Code 领先** |
| 技能 | PASS: 232 项 | PASS: 37 项 | **Claude Code 领先** |
| 钩子 | PASS: 8 种事件类型 | PASS: 11 种事件 | **OpenCode 更多!** |
| 规则 | PASS: 29 条 | PASS: 13 条指令 | **Claude Code 领先** |
| MCP 服务器 | PASS: 14 个 | PASS: 完整 | **完全对等** |
@@ -1246,7 +1246,7 @@ ECC 是**第一个最大化利用每个主要 AI 编码工具的插件**。以
|---------|------------|------------|-----------|----------|
| **智能体** | 60 | 共享 (AGENTS.md) | 共享 (AGENTS.md) | 12 |
| **命令** | 75 | 共享 | 基于指令 | 35 |
| **技能** | 231 | 共享 | 10 (原生格式) | 37 |
| **技能** | 232 | 共享 | 10 (原生格式) | 37 |
| **钩子事件** | 8 种类型 | 15 种类型 | 暂无 | 11 种类型 |
| **钩子脚本** | 20+ 个脚本 | 16 个脚本 (DRY 适配器) | N/A | 插件钩子 |
| **规则** | 34 (通用 + 语言) | 34 (YAML 前页) | 基于指令 | 13 条指令 |

2
ecc2/Cargo.toml
View File

@@ -5,7 +5,7 @@ edition = "2021"
description = "ECC 2.0 — Agentic IDE control plane with TUI dashboard"
license = "MIT"
authors = ["Affaan Mustafa <me@affaanmustafa.com>"]
repository = "https://github.com/affaan-m/everything-claude-code"
repository = "https://github.com/affaan-m/ECC"
[features]
default = ["vendored-openssl"]

2
eslint.config.js
View File

@@ -3,7 +3,7 @@ const globals = require('globals');
module.exports = [
{
ignores: ['.opencode/dist/**', '.cursor/**', 'node_modules/**']
ignores: ['.opencode/dist/**', '.cursor/**', 'node_modules/**', '.venv/**', 'venv/**', 'coverage/**']
},
js.configs.recommended,
{

42
hooks/hooks.json
View File

@@ -7,7 +7,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/pre-bash-dispatcher.js"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/pre-bash-dispatcher.js"
}
],
"description": "Consolidated Bash preflight dispatcher for quality, tmux, push, and GateGuard checks",
@@ -18,7 +18,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:write:doc-file-warning scripts/hooks/doc-file-warning.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:write:doc-file-warning scripts/hooks/doc-file-warning.js standard,strict"
}
],
"description": "Doc file warning: warn about non-standard documentation files (exit code 0; warns only)",
@@ -29,7 +29,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:suggest-compact scripts/hooks/suggest-compact.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:suggest-compact scripts/hooks/suggest-compact.js standard,strict"
}
],
"description": "Suggest manual compaction at logical intervals",
@@ -40,7 +40,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplace\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplace\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:observe scripts/hooks/observe-runner.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:observe scripts/hooks/observe-runner.js standard,strict",
"async": true,
"timeout": 10
}
@@ -53,7 +53,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:governance-capture scripts/hooks/governance-capture.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:governance-capture scripts/hooks/governance-capture.js standard,strict",
"timeout": 10
}
],
@@ -65,7 +65,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:config-protection scripts/hooks/config-protection.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:config-protection scripts/hooks/config-protection.js standard,strict",
"timeout": 5
}
],
@@ -77,7 +77,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
}
],
"description": "Check MCP server health before MCP tool execution and block unhealthy MCP calls",
@@ -88,7 +88,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:gateguard-fact-force scripts/hooks/gateguard-fact-force.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:edit-write:gateguard-fact-force scripts/hooks/gateguard-fact-force.js standard,strict",
"timeout": 5
}
],
@@ -102,7 +102,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:compact scripts/hooks/pre-compact.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js pre:compact scripts/hooks/pre-compact.js standard,strict"
}
],
"description": "Save state before context compaction",
@@ -115,7 +115,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/session-start-bootstrap.js"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/session-start-bootstrap.js"
}
],
"description": "Load previous context and detect package manager on new session",
@@ -128,7 +128,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/post-bash-dispatcher.js",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/post-bash-dispatcher.js",
"async": true,
"timeout": 30
}
@@ -141,7 +141,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:quality-gate scripts/hooks/quality-gate.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:quality-gate scripts/hooks/quality-gate.js standard,strict",
"async": true,
"timeout": 30
}
@@ -154,7 +154,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:design-quality-check scripts/hooks/design-quality-check.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:design-quality-check scripts/hooks/design-quality-check.js standard,strict",
"timeout": 10
}
],
@@ -166,7 +166,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:accumulate scripts/hooks/post-edit-accumulator.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:accumulate scripts/hooks/post-edit-accumulator.js standard,strict"
}
],
"description": "Record edited JS/TS file paths for batch format+typecheck at Stop time",
@@ -177,7 +177,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:console-warn scripts/hooks/post-edit-console-warn.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:edit:console-warn scripts/hooks/post-edit-console-warn.js standard,strict"
}
],
"description": "Warn about console.log statements after edits",
@@ -188,7 +188,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:governance-capture scripts/hooks/governance-capture.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:governance-capture scripts/hooks/governance-capture.js standard,strict",
"timeout": 10
}
],
@@ -200,7 +200,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:session-activity-tracker scripts/hooks/session-activity-tracker.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:session-activity-tracker scripts/hooks/session-activity-tracker.js standard,strict",
"timeout": 10
}
],
@@ -212,7 +212,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplace\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplace\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:observe scripts/hooks/observe-runner.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:observe scripts/hooks/observe-runner.js standard,strict",
"async": true,
"timeout": 10
}
@@ -225,7 +225,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-metrics-bridge scripts/hooks/ecc-metrics-bridge.js minimal,standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-metrics-bridge scripts/hooks/ecc-metrics-bridge.js minimal,standard,strict",
"timeout": 10
}
],
@@ -237,7 +237,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-context-monitor scripts/hooks/ecc-context-monitor.js standard,strict",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:ecc-context-monitor scripts/hooks/ecc-context-monitor.js standard,strict",
"timeout": 10
}
],
@@ -251,7 +251,7 @@
"hooks": [
{
"type": "command",
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [[\\\"ecc\\\"],[\\\"ecc@ecc\\\"],[\\\"marketplaces\\\",\\\"ecc\\\"],[\\\"everything-claude-code\\\"],[\\\"everything-claude-code@everything-claude-code\\\"],[\\\"marketplaces\\\",\\\"everything-claude-code\\\"]]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of [\\\"ecc\\\",\\\"everything-claude-code\\\"]){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
"command": "node -e \"const p=require('path');const r=(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of [['ecc'],['ecc@ecc'],['marketplaces','ecc'],['everything-claude-code'],['everything-claude-code@everything-claude-code'],['marketplaces','everything-claude-code']]){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ['ecc','everything-claude-code']){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})();const s=p.join(r,'scripts/hooks/plugin-hook-bootstrap.js');process.env.CLAUDE_PLUGIN_ROOT=r;process.argv.splice(1,0,s);require(s)\" node scripts/hooks/run-with-flags.js post:mcp-health-check scripts/hooks/mcp-health-check.js standard,strict"
}
],
"description": "Track failed MCP tool calls, mark unhealthy servers, and attempt reconnect",

46
manifests/install-modules.json
View File

@@ -10,6 +10,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codebuddy",
@@ -33,6 +34,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -55,6 +57,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"opencode",
@@ -79,6 +82,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"opencode",
"codebuddy"
@@ -106,6 +110,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -177,6 +182,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -210,6 +216,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -255,6 +262,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -294,6 +302,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -326,6 +335,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -360,6 +370,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -402,6 +413,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -428,6 +440,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -449,6 +462,7 @@
"kind": "skills",
"description": "Media generation, technical explainers, and AI-assisted editing skills.",
"paths": [
"skills/blender-motion-state-inspection",
"skills/fal-ai-media",
"skills/manim-video",
"skills/remotion-video-creation",
@@ -458,6 +472,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"codex",
"opencode",
@@ -489,6 +504,7 @@
],
"targets": [
"claude",
"claude-project",
"codex",
"opencode"
],
@@ -514,6 +530,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -558,6 +575,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -591,6 +609,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -616,6 +635,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -652,6 +672,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -678,6 +699,7 @@
],
"targets": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",
@@ -702,7 +724,8 @@
"docs/ja-JP"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -717,7 +740,8 @@
"docs/zh-CN"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -732,7 +756,8 @@
"docs/ko-KR"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -747,7 +772,8 @@
"docs/pt-BR"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -762,7 +788,8 @@
"docs/ru"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -777,7 +804,8 @@
"docs/tr"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -792,7 +820,8 @@
"docs/vi-VN"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,
@@ -807,7 +836,8 @@
"docs/zh-TW"
],
"targets": [
"claude"
"claude",
"claude-project"
],
"dependencies": [],
"defaultInstall": false,

40
package-lock.json generated
View File

@@ -21,7 +21,7 @@
"devDependencies": {
"@eslint/js": "^9.39.2",
"@opencode-ai/plugin": "^1.0.0",
"@types/node": "^25.8.0",
"@types/node": "25.7.0",
"c8": "^11.0.0",
"eslint": "^9.39.2",
"globals": "^17.4.0",
@@ -398,13 +398,13 @@
"license": "MIT"
},
"node_modules/@types/node": {
"version": "25.8.0",
"resolved": "https://registry.npmjs.org/@types/node/-/node-25.8.0.tgz",
"integrity": "sha512-TCFSk8IZh+iLX1xtksoBVtdmgL+1IX0fC9BeU4QqFSuNdN/K+HUlhqOzEmSYYpZUVsLYcPqc9KX+60iDuninSQ==",
"version": "25.7.0",
"resolved": "https://registry.npmjs.org/@types/node/-/node-25.7.0.tgz",
"integrity": "sha512-z+pdZyxE+RTQE9AcboAZCb4otwcrvgHD+GlBpPgn0emDVt0ohrTMhAwlr2Wd9nZ+nihhYFxO2pThz3C5qSu2Eg==",
"dev": true,
"license": "MIT",
"dependencies": {
"undici-types": ">=7.24.0 <7.24.7"
"undici-types": "~7.21.0"
}
},
"node_modules/@types/unist": {
@@ -497,9 +497,9 @@
"license": "MIT"
},
"node_modules/brace-expansion": {
"version": "1.1.13",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
"integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
"version": "1.1.14",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
"integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -1210,9 +1210,9 @@
}
},
"node_modules/glob/node_modules/brace-expansion": {
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -1680,9 +1680,9 @@
}
},
"node_modules/markdownlint-cli/node_modules/brace-expansion": {
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2666,9 +2666,9 @@
}
},
"node_modules/test-exclude/node_modules/brace-expansion": {
"version": "5.0.5",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
"integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
"version": "5.0.6",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
"integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -2745,9 +2745,9 @@
"dev": true
},
"node_modules/undici-types": {
"version": "7.24.6",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.24.6.tgz",
"integrity": "sha512-WRNW+sJgj5OBN4/0JpHFqtqzhpbnV0GuB+OozA9gCL7a993SmU+1JBZCzLNxYsbMfIeDL+lTsphD5jN5N+n0zg==",
"version": "7.21.0",
"resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.21.0.tgz",
"integrity": "sha512-w9IMgQrz4O0YN1LtB7K5P63vhlIOvC7opSmouCJ+ZywlPAlO9gIkJ+otk6LvGpAs2wg4econaCz3TvQ9xPoyuQ==",
"dev": true,
"license": "MIT"
},

17
package.json
View File

@@ -1,7 +1,7 @@
{
"name": "ecc-universal",
"version": "2.0.0-rc.1",
"description": "Complete collection of battle-tested Claude Code configs — agents, skills, hooks, rules, and legacy command shims evolved over 10+ months of intensive daily use by an Anthropic hackathon winner",
"description": "Harness-native agent operating system for Claude Code, Codex, OpenCode, Cursor, Gemini, and terminal workflows - skills, hooks, rules, MCP conventions, and operator control-plane patterns",
"publishConfig": {
"access": "public"
},
@@ -34,11 +34,11 @@
"license": "MIT",
"repository": {
"type": "git",
"url": "git+https://github.com/affaan-m/everything-claude-code.git"
"url": "git+https://github.com/affaan-m/ECC.git"
},
"homepage": "https://github.com/affaan-m/everything-claude-code#readme",
"homepage": "https://github.com/affaan-m/ECC#readme",
"bugs": {
"url": "https://github.com/affaan-m/everything-claude-code/issues"
"url": "https://github.com/affaan-m/ECC/issues"
},
"files": [
".agents/",
@@ -89,6 +89,8 @@
"scripts/operator-readiness-dashboard.js",
"scripts/platform-audit.js",
"scripts/preview-pack-smoke.js",
"scripts/release-approval-gate.js",
"scripts/release-video-suite.js",
"scripts/hooks/",
"scripts/install-apply.js",
"scripts/install-plan.js",
@@ -122,6 +124,7 @@
"skills/automation-audit-ops/",
"skills/autonomous-loops/",
"skills/backend-patterns/",
"skills/blender-motion-state-inspection/",
"skills/blueprint/",
"skills/brand-voice/",
"skills/carrier-relationship-management/",
@@ -298,7 +301,7 @@
"ecc-install": "scripts/install-apply.js"
},
"scripts": {
"postinstall": "echo '\\n ecc-universal installed!\\n Run: npx ecc typescript\\n Compat: npx ecc-install typescript\\n Docs: https://github.com/affaan-m/everything-claude-code\\n'",
"postinstall": "echo '\\n ecc-universal installed!\\n Run: npx ecc typescript\\n Compat: npx ecc-install typescript\\n Docs: https://github.com/affaan-m/ECC\\n'",
"catalog:check": "node scripts/ci/catalog.js --text",
"catalog:sync": "node scripts/ci/catalog.js --write --text",
"command-registry:generate": "node scripts/ci/generate-command-registry.js",
@@ -310,6 +313,8 @@
"observability:ready": "node scripts/observability-readiness.js",
"operator:dashboard": "node scripts/operator-readiness-dashboard.js",
"preview-pack:smoke": "node scripts/preview-pack-smoke.js",
"release:approval-gate": "node scripts/release-approval-gate.js",
"release:video-suite": "node scripts/release-video-suite.js",
"platform:audit": "node scripts/platform-audit.js",
"discussion:audit": "node scripts/discussion-audit.js",
"security:ioc-scan": "node scripts/ci/scan-supply-chain-iocs.js",
@@ -332,7 +337,7 @@
"devDependencies": {
"@eslint/js": "^9.39.2",
"@opencode-ai/plugin": "^1.0.0",
"@types/node": "^25.8.0",
"@types/node": "25.7.0",
"c8": "^11.0.0",
"eslint": "^9.39.2",
"globals": "^17.4.0",

1
schemas/ecc-install-config.schema.json
View File

@@ -19,6 +19,7 @@
"type": "string",
"enum": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",

1
schemas/install-modules.schema.json
View File

@@ -49,6 +49,7 @@
"type": "string",
"enum": [
"claude",
"claude-project",
"cursor",
"antigravity",
"codex",

26
scripts/ci/check-unicode-safety.js
View File

@@ -114,7 +114,31 @@ function isDangerousInvisibleCodePoint(codePoint) {
(codePoint >= 0x202A && codePoint <= 0x202E) ||
(codePoint >= 0x2066 && codePoint <= 0x2069) ||
(codePoint >= 0xFE00 && codePoint <= 0xFE0F) ||
(codePoint >= 0xE0100 && codePoint <= 0xE01EF)
(codePoint >= 0xE0100 && codePoint <= 0xE01EF) ||
// Unicode Tag block (U+E0000U+E007F). Tag characters were proposed
// for language tagging in Unicode 3.1 and have been deprecated since
// Unicode 5.1, so no legitimate text uses them. They are the canonical
// vector for "ASCII smuggling" / "Tag smuggling" prompt injection:
// an attacker hides instructions inside ASCII-looking strings (PR
// bodies, SKILL.md, frontmatter), the LLM consumes the tag bytes,
// and the human reviewer sees nothing.
(codePoint >= 0xE0000 && codePoint <= 0xE007F) ||
// U+180E MONGOLIAN VOWEL SEPARATOR — formerly classified as a space
// separator, reclassified as a format control in Unicode 6.3; renders
// as zero-width and routinely abused for homograph / smuggling.
codePoint === 0x180E ||
// U+115F / U+1160 HANGUL CHOSEONG/JUNGSEONG FILLER — zero-width fillers
// used in Korean text shaping; abused as invisible characters.
codePoint === 0x115F ||
codePoint === 0x1160 ||
// U+2061U+2064 invisible math operators (FUNCTION APPLICATION,
// INVISIBLE TIMES, INVISIBLE SEPARATOR, INVISIBLE PLUS). Zero-width
// and not used outside math typesetting; legitimate Markdown / source
// does not contain them.
(codePoint >= 0x2061 && codePoint <= 0x2064) ||
// U+3164 HANGUL FILLER — zero-width filler reportedly used in Discord
// / Twitter smuggling attacks; not used in legitimate Korean text.
codePoint === 0x3164
);
}

65
scripts/ci/scan-supply-chain-iocs.js
View File

@@ -580,12 +580,51 @@ function addFinding(findings, severity, filePath, line, indicator, message) {
findings.push({ severity, filePath, line, indicator, message });
}
function isClaudeSettingsFile(filePath) {
const normalized = normalizedPath(filePath);
return /\/\.claude\/settings(?:\.local)?\.json$/.test(normalized);
}
function claudePermissionDenyRanges(filePath, text) {
if (!isClaudeSettingsFile(filePath)) return [];
let parsed;
try {
parsed = JSON.parse(text);
} catch {
return [];
}
const denyEntries = parsed?.permissions?.deny;
if (!Array.isArray(denyEntries)) return [];
const ranges = [];
for (const entry of denyEntries) {
if (typeof entry !== 'string' || entry.length === 0) continue;
for (const needle of [...new Set([JSON.stringify(entry), entry])]) {
let index = text.indexOf(needle);
while (index !== -1) {
ranges.push([index, index + needle.length]);
index = text.indexOf(needle, index + needle.length);
}
}
}
return ranges;
}
function indexInRanges(index, ranges) {
return ranges.some(([start, end]) => index >= start && index < end);
}
function scanFile(filePath, rootDir, findings) {
const base = path.basename(filePath);
const relativePath = path.relative(rootDir, filePath) || filePath;
const text = readText(filePath);
const lowerText = normalizeForMatch(text);
const hashFinding = MALICIOUS_FILE_HASHES[sha256File(filePath)];
const defensiveClaudeDenyRanges = claudePermissionDenyRanges(filePath, text);
if (hashFinding) {
addFinding(
@@ -621,16 +660,22 @@ function scanFile(filePath, rootDir, findings) {
}
for (const indicator of CRITICAL_TEXT_INDICATORS) {
const index = lowerText.indexOf(normalizeForMatch(indicator));
if (index !== -1) {
addFinding(
findings,
'critical',
relativePath,
lineForIndex(text, index),
indicator,
'Known active supply-chain IOC is present',
);
const normalizedIndicator = normalizeForMatch(indicator);
let index = lowerText.indexOf(normalizedIndicator);
while (index !== -1) {
if (!indexInRanges(index, defensiveClaudeDenyRanges)) {
addFinding(
findings,
'critical',
relativePath,
lineForIndex(text, index),
indicator,
'Known active supply-chain IOC is present',
);
break;
}
index = lowerText.indexOf(normalizedIndicator, index + normalizedIndicator.length);
}
}

13
scripts/ci/validate-workflow-security.js
View File

@@ -45,6 +45,7 @@ const NPM_AUDIT_PATTERN = /\bnpm\s+audit\b(?!\s+signatures\b)/;
const NPM_AUDIT_SIGNATURES_PATTERN = /\bnpm\s+audit\s+signatures\b/;
const ACTIONS_CACHE_PATTERN = /uses:\s*['"]?actions\/cache@/m;
const ID_TOKEN_WRITE_PATTERN = /^\s*id-token:\s*write\b/m;
const TOP_LEVEL_JOBS_PATTERN = /^jobs:\s*$/m;
const UNSAFE_INSTALL_PATTERNS = [
{
pattern: /\bnpm\s+ci\b(?![^\n]*--ignore-scripts)/g,
@@ -121,6 +122,8 @@ function extractCheckoutSteps(source) {
function findViolations(filePath, source) {
const violations = [];
const checkoutSteps = extractCheckoutSteps(source);
const jobsIndex = source.search(TOP_LEVEL_JOBS_PATTERN);
const workflowHeader = jobsIndex >= 0 ? source.slice(0, jobsIndex) : source;
for (const rule of RULES) {
if (!rule.eventPattern.test(source)) {
@@ -175,6 +178,16 @@ function findViolations(filePath, source) {
}
if (ID_TOKEN_WRITE_PATTERN.test(workflowHeader)) {
violations.push({
filePath,
event: 'workflow-scoped id-token',
description: 'id-token: write must be scoped to a publish-only job, not the entire workflow',
expression: 'top-level id-token: write',
line: getLineNumber(source, source.search(ID_TOKEN_WRITE_PATTERN)),
});
}
for (const installRule of UNSAFE_INSTALL_PATTERNS) {
for (const match of source.matchAll(installRule.pattern)) {
violations.push({

2
scripts/discussion-audit.js
View File

@@ -11,7 +11,7 @@ const {
const SCHEMA_VERSION = 'ecc.discussion-audit.v1';
const DEFAULT_REPOS = Object.freeze([
'affaan-m/everything-claude-code',
'affaan-m/ECC',
'affaan-m/agentshield',
'affaan-m/JARVIS',
'ECC-Tools/ECC-Tools',

2
scripts/ecc.js
View File

@@ -130,7 +130,7 @@ Examples:
ecc sessions
ecc sessions session-active --json
ecc work-items upsert linear-ecc-20 --source linear --source-id ECC-20 --title "Review control-plane contract" --status blocked
ecc work-items sync-github --repo affaan-m/everything-claude-code
ecc work-items sync-github --repo affaan-m/ECC
ecc session-inspect claude:latest
ecc loop-status --json
ecc uninstall --target antigravity --dry-run

215
scripts/harness-audit.js
View File

@@ -12,8 +12,53 @@ const CATEGORIES = [
'Eval Coverage',
'Security Guardrails',
'Cost Efficiency',
'GitHub Integration',
'Vercel Integration',
'Netlify Integration',
'Cloudflare Integration',
'Fly Integration',
];
const RUBRIC_VERSION = '2026-05-19';
const PROVIDERS = {
Vercel: {
detect: (rootDir) =>
fileExists(rootDir, 'vercel.json') ||
fileExists(rootDir, '.vercel/project.json') ||
fileExists(rootDir, '.vercel'),
keyPattern: /vercel/i,
buildPattern: /vercel/i,
workflowPattern: /(vercel-action|vercel\s+(deploy|--prod))/i,
},
Netlify: {
detect: (rootDir) =>
fileExists(rootDir, 'netlify.toml') || fileExists(rootDir, '.netlify'),
keyPattern: /netlify/i,
buildPattern: /netlify/i,
workflowPattern: /(netlify\/actions|netlify\s+deploy)/i,
},
Cloudflare: {
detect: (rootDir) =>
fileExists(rootDir, 'wrangler.toml') || fileExists(rootDir, 'wrangler.jsonc'),
keyPattern: /\b(cloudflare|wrangler)\b/i,
buildPattern: /(wrangler|cloudflare)/i,
workflowPattern: /(cloudflare\/wrangler-action|wrangler\s+(deploy|publish))/i,
},
Fly: {
detect: (rootDir) => fileExists(rootDir, 'fly.toml'),
keyPattern: /fly[_-]?(api|io)/i,
buildPattern: /fly\s+(deploy|launch)/i,
workflowPattern: /(superfly\/flyctl-actions|flyctl\s+deploy|fly\s+deploy)/i,
},
};
function getApplicableProviders(rootDir) {
return Object.entries(PROVIDERS)
.filter(([_, spec]) => spec.detect(rootDir))
.map(([name]) => name);
}
function normalizeScope(scope) {
const value = (scope || 'repo').toLowerCase();
if (!['repo', 'hooks', 'skills', 'commands', 'agents'].includes(value)) {
@@ -607,9 +652,172 @@ function getRepoChecks(rootDir) {
pass: fileExists(rootDir, 'commands/model-route.md'),
fix: 'Add commands/model-route.md and route policies for cheap-default execution.',
},
...buildGithubChecks(rootDir),
];
}
// GitHub Integration is intentionally repo-scoped. Scoped audits such as hooks,
// skills, commands, and agents should keep reporting only that surface.
function buildGithubChecks(rootDir) {
return [
{
id: 'github-workflows',
category: 'GitHub Integration',
points: 3,
scopes: ['repo'],
path: '.github/workflows/',
description: 'GitHub Actions workflows are checked in',
pass: hasFileWithExtension(rootDir, '.github/workflows', ['.yml', '.yaml']),
fix: 'Add at least one workflow under .github/workflows/ so CI runs on every PR.',
},
{
id: 'github-pr-template',
category: 'GitHub Integration',
points: 2,
scopes: ['repo'],
path: '.github/PULL_REQUEST_TEMPLATE.md',
description: 'A pull request template is configured',
pass:
fileExists(rootDir, '.github/PULL_REQUEST_TEMPLATE.md') ||
fileExists(rootDir, '.github/pull_request_template.md'),
fix: 'Add .github/PULL_REQUEST_TEMPLATE.md so PR descriptions follow a consistent shape.',
},
{
id: 'github-issue-templates',
category: 'GitHub Integration',
points: 2,
scopes: ['repo'],
path: '.github/ISSUE_TEMPLATE/',
description: 'Issue templates are configured',
pass: hasFileWithExtension(rootDir, '.github/ISSUE_TEMPLATE', ['.md', '.yml', '.yaml']),
fix: 'Add at least one issue template under .github/ISSUE_TEMPLATE/.',
},
{
id: 'github-codeowners',
category: 'GitHub Integration',
points: 1,
scopes: ['repo'],
path: '.github/CODEOWNERS',
description: 'A CODEOWNERS file routes reviews',
pass:
fileExists(rootDir, 'CODEOWNERS') ||
fileExists(rootDir, '.github/CODEOWNERS') ||
fileExists(rootDir, 'docs/CODEOWNERS'),
fix: 'Add a CODEOWNERS file so PRs auto-request the right reviewers.',
},
{
id: 'github-dep-updates',
category: 'GitHub Integration',
points: 2,
scopes: ['repo'],
path: '.github/dependabot.yml',
description: 'Automated dependency updates are configured',
pass:
fileExists(rootDir, '.github/dependabot.yml') ||
fileExists(rootDir, '.github/dependabot.yaml') ||
fileExists(rootDir, 'renovate.json') ||
fileExists(rootDir, '.github/renovate.json') ||
fileExists(rootDir, '.renovaterc'),
fix: 'Add a Dependabot or Renovate config so dependency updates land automatically.',
},
];
}
function readAllWorkflowsText(rootDir) {
const dir = path.join(rootDir, '.github/workflows');
if (!fs.existsSync(dir)) {
return '';
}
const stack = [dir];
let combined = '';
while (stack.length > 0) {
const current = stack.pop();
const entries = fs.readdirSync(current, { withFileTypes: true });
for (const entry of entries) {
const nextPath = path.join(current, entry.name);
if (entry.isDirectory()) {
stack.push(nextPath);
} else if (entry.name.endsWith('.yml') || entry.name.endsWith('.yaml')) {
try {
combined += `${fs.readFileSync(nextPath, 'utf8')}\n`;
} catch (_error) {
// Ignore unreadable workflow files; the finding should stay deterministic.
}
}
}
}
return combined;
}
function buildProviderChecks(rootDir, provider, sharedContext) {
const spec = PROVIDERS[provider];
const packageJson = sharedContext.packageJson || {};
const scriptsText = Object.values(packageJson.scripts || {}).join('\n');
const category = `${provider} Integration`;
return [
{
id: `${provider.toLowerCase()}-config`,
category,
points: 3,
scopes: ['repo'],
path: `${provider} config`,
description: `${provider} deployment config is checked in`,
pass: spec.detect(rootDir),
fix: `Commit ${provider} configuration so deploys are reproducible from source.`,
},
{
id: `${provider.toLowerCase()}-build-script`,
category,
points: 2,
scopes: ['repo'],
path: 'package.json scripts',
description: `package.json scripts reference ${provider}`,
pass: spec.buildPattern.test(scriptsText),
fix: `Add a build or deploy script in package.json that runs ${provider}.`,
},
{
id: `${provider.toLowerCase()}-env-doc`,
category,
points: 2,
scopes: ['repo'],
path: '.env.example',
description: `${provider} env keys are documented in .env.example`,
pass: spec.keyPattern.test(sharedContext.envExample),
fix: `Document ${provider} environment variables in .env.example.`,
},
{
id: `${provider.toLowerCase()}-workflow-uses`,
category,
points: 3,
scopes: ['repo'],
path: '.github/workflows/',
description: `A GitHub workflow uses the ${provider} action or CLI`,
pass: spec.workflowPattern.test(sharedContext.workflowsText),
fix: `Reference the ${provider} action or CLI from a workflow under .github/workflows/.`,
},
];
}
function collectProviderChecks(rootDir, packageJson) {
const providers = getApplicableProviders(rootDir);
if (providers.length === 0) {
return [];
}
const sharedContext = {
packageJson: packageJson || {},
envExample: `${safeRead(rootDir, '.env.example')}\n${safeRead(rootDir, '.env.sample')}`,
workflowsText: readAllWorkflowsText(rootDir),
};
return providers.flatMap(provider => buildProviderChecks(rootDir, provider, sharedContext));
}
function getConsumerChecks(rootDir) {
const packageJson = safeParseJson(safeRead(rootDir, 'package.json'));
const gitignore = safeRead(rootDir, '.gitignore');
@@ -731,6 +939,8 @@ function getConsumerChecks(rootDir) {
pass: projectHooks.includes('PreToolUse') || projectHooks.includes('beforeSubmitPrompt') || fileExists(rootDir, '.claude/hooks.json'),
fix: 'Add project-local hook settings or hook definitions for prompt/tool guardrails.',
},
...buildGithubChecks(rootDir),
...collectProviderChecks(rootDir, packageJson),
];
}
@@ -764,6 +974,7 @@ function buildReport(scope, options = {}) {
const overallScore = checks
.filter(check => check.pass)
.reduce((sum, check) => sum + check.points, 0);
const applicableCategories = CATEGORIES.filter(name => categoryScores[name]?.max > 0);
const failedChecks = checks.filter(check => !check.pass);
const topActions = failedChecks
@@ -781,10 +992,12 @@ function buildReport(scope, options = {}) {
root_dir: rootDir,
target_mode: targetMode,
deterministic: true,
rubric_version: '2026-03-30',
rubric_version: RUBRIC_VERSION,
overall_score: overallScore,
max_score: maxScore,
categories: categoryScores,
applicable_categories: applicableCategories,
category_count: applicableCategories.length,
checks: checks.map(check => ({
id: check.id,
category: check.category,

24
scripts/hooks/ecc-context-monitor.js
View File

@@ -9,10 +9,11 @@
'use strict';
const crypto = require('crypto');
const fs = require('fs');
const os = require('os');
const path = require('path');
const { sanitizeSessionId, readBridge } = require('../lib/session-bridge');
const { sanitizeSessionId, readBridge, renameWithRetry } = require('../lib/session-bridge');
const CONTEXT_WARNING_PCT = 35;
const CONTEXT_CRITICAL_PCT = 25;
@@ -61,15 +62,30 @@ function readWarnState(sessionId) {
}
/**
* Write debounce state.
* Write debounce state atomically (unique-suffix tmp then rename).
*
* The tmp path includes `process.pid` plus a random nonce so concurrent
* PostToolUse subprocesses writing to the same session's warn-state
* file do not clobber each other's tmp mid-write. Without the unique
* suffix, two writers race over a shared `${target}.tmp` and produce
* either a corrupted payload or an ENOENT throw on the second rename.
*
* Same pattern as `writeBridgeAtomic` in `scripts/lib/session-bridge.js`
* and `writeCostWarningIfChanged` in `scripts/hooks/ecc-metrics-bridge.js`.
*
* @param {string} sessionId
* @param {object} state
*/
function writeWarnState(sessionId, state) {
const target = getWarnPath(sessionId);
const tmp = `${target}.tmp`;
const tmp = `${target}.${process.pid}.${crypto.randomBytes(4).toString('hex')}.tmp`;
fs.writeFileSync(tmp, JSON.stringify(state), 'utf8');
fs.renameSync(tmp, target);
try {
renameWithRetry(tmp, target);
} catch (err) {
try { fs.unlinkSync(tmp); } catch { /* ignore */ }
throw err;
}
}
/**

73
scripts/hooks/gateguard-fact-force.js
View File

@@ -119,6 +119,65 @@ function tokenize(segment) {
return segment.split(/\s+/).filter(Boolean);
}
/**
* Tokenize a short allowlisted shell command while preserving quoted
* arguments. This is intentionally smaller than a full shell parser: the
* caller rejects shell control characters before invoking it, so this only
* needs to keep spaces inside quotes together for read-only git commands.
*
* @param {string} input
* @returns {string[] | null}
*/
function tokenizeAllowlistedShellWords(input) {
const tokens = [];
let current = '';
let quote = null;
let escaped = false;
for (const char of String(input || '')) {
if (escaped) {
current += char;
escaped = false;
continue;
}
if (char === '\\') {
escaped = true;
continue;
}
if (quote) {
if (char === quote) {
quote = null;
} else {
current += char;
}
continue;
}
if (char === '"' || char === "'") {
quote = char;
continue;
}
if (/\s/.test(char)) {
if (current) {
tokens.push(current);
current = '';
}
continue;
}
current += char;
}
if (escaped) current += '\\';
if (quote) return null;
if (current) tokens.push(current);
return tokens;
}
/**
* Strip a leading path and trailing `.exe` from a command token so
* `/usr/bin/git`, `git.exe`, and `GIT` all normalize to `git`.
@@ -592,8 +651,16 @@ function isReadOnlyGitIntrospection(command) {
return false;
}
const tokens = trimmed.split(/\s+/);
if (tokens[0] !== 'git' || tokens.length < 2) {
const segments = splitCommandSegments(trimmed);
if (segments.length !== 1) {
return false;
}
const tokens = tokenizeAllowlistedShellWords(trimmed);
if (!tokens) {
return false;
}
if (commandBasename(tokens[0]) !== 'git' || tokens.length < 2) {
return false;
}
@@ -613,7 +680,7 @@ function isReadOnlyGitIntrospection(command) {
}
if (subcommand === 'show') {
return args.length === 1 && !args[0].startsWith('--') && /^[a-zA-Z0-9._:/-]+$/.test(args[0]);
return args.length === 1 && !args[0].startsWith('--') && /^[a-zA-Z0-9._:/ -]+$/.test(args[0]);
}
if (subcommand === 'branch') {

6
scripts/hooks/mcp-health-check.js
View File

@@ -26,8 +26,10 @@ const DEFAULT_BACKOFF_MS = 30 * 1000;
const MAX_BACKOFF_MS = 10 * 60 * 1000;
// The preflight HTTP probe only checks reachability; it does not have access to
// Claude Code's stored OAuth bearer token. Treat auth-gated responses as
// reachable so the real MCP client can attempt the authenticated call.
const HEALTHY_HTTP_CODES = new Set([200, 201, 202, 204, 301, 302, 303, 304, 307, 308, 400, 401, 403, 405]);
// reachable so the real MCP client can attempt the authenticated call. A
// Streamable HTTP MCP server can also return 406 to a bare GET that omits
// Accept: text/event-stream; that still proves the endpoint is alive.
const HEALTHY_HTTP_CODES = new Set([200, 201, 202, 204, 301, 302, 303, 304, 307, 308, 400, 401, 403, 405, 406]);
const RECONNECT_STATUS_CODES = new Set([401, 403, 429, 503]);
const FAILURE_PATTERNS = [
{ code: 401, pattern: /\b401\b|unauthori[sz]ed|auth(?:entication)?\s+(?:failed|expired|invalid)/i },

7
scripts/install-apply.js
View File

@@ -27,11 +27,12 @@ Usage: install.sh [--target <${LEGACY_INSTALL_TARGETS.join('|')}>] [--dry-run] [
install.sh [--target <${SUPPORTED_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] --profile <name> [--with <component>]... [--without <component>]...
install.sh [--target <${SUPPORTED_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] --modules <id,id,...> [--with <component>]... [--without <component>]...
install.sh [--target <${SUPPORTED_INSTALL_TARGETS.join('|')}>] [--dry-run] [--json] --skills <skill-id[,skill-id...]>
install.sh [--target claude] [--dry-run] [--json] --locale <locale-code>
install.sh [--target claude|claude-project] [--dry-run] [--json] --locale <locale-code>
install.sh [--dry-run] [--json] --config <path>
Targets:
claude (default) - Install ECC into ~/.claude/ with managed rules/skills under rules/ecc and skills/ecc
claude-project - Install ECC into ./.claude/ (per-project) with managed rules/skills under rules/ecc and skills/ecc
cursor - Install rules, hooks, and bundled Cursor configs to ./.cursor/
antigravity - Install rules, workflows, skills, and agents to ./.agent/
codex - Install shared agents/config into ~/.codex/
@@ -49,8 +50,8 @@ Options:
--skills <ids> Install one or more skill directories by ID, e.g. continuous-learning-v2
--without <component>
Exclude a user-facing install component
--locale <code> Install translated docs to ~/.claude/docs/<locale>/
(claude target only; can be combined with --profile or --with)
--locale <code> Install translated docs to ~/.claude/docs/<locale>/ (or ./.claude/docs/<locale>/ for claude-project)
(claude or claude-project target only; can be combined with --profile or --with)
--config <path> Load install intent from ecc-install.json
--dry-run Show the install plan without copying files
--json Emit machine-readable plan/result JSON

10
scripts/lib/install-manifests.js
View File

@@ -4,7 +4,7 @@ const path = require('path');
const { getInstallTargetAdapter, planInstallTargetScaffold } = require('./install-targets/registry');
const DEFAULT_REPO_ROOT = path.join(__dirname, '../..');
const SUPPORTED_INSTALL_TARGETS = ['claude', 'cursor', 'antigravity', 'codex', 'gemini', 'opencode', 'codebuddy', 'joycode', 'qwen', 'zed'];
const SUPPORTED_INSTALL_TARGETS = ['claude', 'claude-project', 'cursor', 'antigravity', 'codex', 'gemini', 'opencode', 'codebuddy', 'joycode', 'qwen', 'zed'];
const COMPONENT_FAMILY_PREFIXES = {
baseline: 'baseline:',
language: 'lang:',
@@ -43,6 +43,14 @@ const LEGACY_COMPAT_BASE_MODULE_IDS_BY_TARGET = Object.freeze({
'platform-configs',
'workflow-quality',
],
'claude-project': [
'rules-core',
'agents-core',
'commands-core',
'hooks-runtime',
'platform-configs',
'workflow-quality',
],
cursor: [
'rules-core',
'agents-core',

91
scripts/lib/install-targets/claude-project.js Normal file
View File

@@ -0,0 +1,91 @@
const path = require('path');
const {
createInstallTargetAdapter,
createRemappedOperation,
isForeignPlatformPath,
normalizeRelativePath,
} = require('./helpers');
const CLAUDE_ECC_NAMESPACE = 'ecc';
function getClaudeManagedDestinationPath(adapter, sourceRelativePath, input) {
const normalizedSourcePath = normalizeRelativePath(sourceRelativePath);
const targetRoot = adapter.resolveRoot(input);
if (normalizedSourcePath === 'rules') {
return path.join(targetRoot, 'rules', CLAUDE_ECC_NAMESPACE);
}
if (normalizedSourcePath.startsWith('rules/')) {
return path.join(
targetRoot,
'rules',
CLAUDE_ECC_NAMESPACE,
normalizedSourcePath.slice('rules/'.length)
);
}
if (normalizedSourcePath === 'skills') {
return path.join(targetRoot, 'skills', CLAUDE_ECC_NAMESPACE);
}
if (normalizedSourcePath.startsWith('skills/')) {
return path.join(
targetRoot,
'skills',
CLAUDE_ECC_NAMESPACE,
normalizedSourcePath.slice('skills/'.length)
);
}
if (normalizedSourcePath === 'docs' || normalizedSourcePath.startsWith('docs/')) {
return path.join(targetRoot, normalizedSourcePath);
}
return null;
}
module.exports = createInstallTargetAdapter({
id: 'claude-project',
target: 'claude-project',
kind: 'project',
rootSegments: ['.claude'],
installStatePathSegments: ['ecc', 'install-state.json'],
nativeRootRelativePath: '.claude-plugin',
planOperations(input, adapter) {
const modules = Array.isArray(input.modules)
? input.modules
: (input.module ? [input.module] : []);
const planningInput = {
repoRoot: input.repoRoot,
projectRoot: input.projectRoot,
homeDir: input.homeDir,
};
return modules.flatMap(module => {
const paths = Array.isArray(module.paths) ? module.paths : [];
return paths
.filter(p => !isForeignPlatformPath(p, 'claude'))
.map(sourceRelativePath => {
const managedDestinationPath = getClaudeManagedDestinationPath(
adapter,
sourceRelativePath,
planningInput
);
if (managedDestinationPath) {
return createRemappedOperation(
adapter,
module.id,
sourceRelativePath,
managedDestinationPath,
{ strategy: 'preserve-relative-path' }
);
}
return adapter.createScaffoldOperation(module.id, sourceRelativePath, planningInput);
});
});
},
});

2
scripts/lib/install-targets/registry.js
View File

@@ -1,5 +1,6 @@
const antigravityProject = require('./antigravity-project');
const claudeHome = require('./claude-home');
const claudeProject = require('./claude-project');
const codebuddyProject = require('./codebuddy-project');
const codexHome = require('./codex-home');
const cursorProject = require('./cursor-project');
@@ -11,6 +12,7 @@ const zedProject = require('./zed-project');
const ADAPTERS = Object.freeze([
claudeHome,
claudeProject,
cursorProject,
antigravityProject,
codexHome,

2
scripts/lib/install/apply.js
View File

@@ -89,7 +89,7 @@ function isMcpConfigPath(filePath) {
}
function buildResolvedClaudeHooks(plan) {
if (!plan.adapter || plan.adapter.target !== 'claude') {
if (!plan.adapter || (plan.adapter.target !== 'claude' && plan.adapter.target !== 'claude-project')) {
return null;
}

4
scripts/lib/install/request.js
View File

@@ -100,8 +100,8 @@ function normalizeInstallRequest(options = {}) {
`Unsupported locale: "${locale}". Supported locales: ${listSupportedLocales().join(', ')}`
);
}
if (locale && target !== 'claude') {
throw new Error('--locale can only be used with --target claude');
if (locale && target !== 'claude' && target !== 'claude-project') {
throw new Error('--locale can only be used with --target claude or --target claude-project');
}
const requestedIncludeComponentIds = dedupeStrings([
...(config?.includeComponentIds || []),

17
scripts/lib/resolve-ecc-root.js
View File

@@ -110,7 +110,22 @@ function resolveEccRoot(options = {}) {
* const _r = <paste INLINE_RESOLVE>;
* const sm = require(_r + '/scripts/lib/session-manager');
*/
const INLINE_RESOLVE = `(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of ${JSON.stringify(PLUGIN_ROOT_SEGMENTS)}){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ${JSON.stringify(PLUGIN_CACHE_SLUGS)}){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})()`;
function inlineSingleQuote(value) {
return `'${String(value).replace(/\\/g, '\\\\').replace(/'/g, "\\'")}'`;
}
function inlineArray(values) {
return `[${values.map(inlineSingleQuote).join(',')}]`;
}
function inlineNestedArray(values) {
return `[${values.map(inlineArray).join(',')}]`;
}
const INLINE_PLUGIN_ROOT_SEGMENTS = inlineNestedArray(PLUGIN_ROOT_SEGMENTS);
const INLINE_PLUGIN_CACHE_SLUGS = inlineArray(PLUGIN_CACHE_SLUGS);
const INLINE_RESOLVE = `(()=>{var e=process.env.CLAUDE_PLUGIN_ROOT;if(e&&e.trim())return e.trim();var p=require('path'),f=require('fs'),h=require('os').homedir(),d=p.join(h,'.claude'),q=p.join('scripts','lib','utils.js');if(f.existsSync(p.join(d,q)))return d;for(var s of ${INLINE_PLUGIN_ROOT_SEGMENTS}){var l=p.join(d,'plugins',...s);if(f.existsSync(p.join(l,q)))return l}try{for(var g of ${INLINE_PLUGIN_CACHE_SLUGS}){var b=p.join(d,'plugins','cache',g);for(var o of f.readdirSync(b,{withFileTypes:true})){if(!o.isDirectory())continue;for(var v of f.readdirSync(p.join(b,o.name),{withFileTypes:true})){if(!v.isDirectory())continue;var c=p.join(b,o.name,v.name);if(f.existsSync(p.join(c,q)))return c}}}}catch(x){}return d})()`;
module.exports = {
resolveEccRoot,

73
scripts/lib/session-bridge.js
View File

@@ -8,6 +8,7 @@
* without scanning large JSONL logs on every invocation.
*/
const crypto = require('crypto');
const fs = require('fs');
const os = require('os');
const path = require('path');
@@ -51,15 +52,80 @@ function readBridge(sessionId) {
}
/**
* Write bridge data atomically (write .tmp then rename).
* Write bridge data atomically (write unique-suffix tmp then rename).
*
* The tmp path includes `process.pid` plus a random nonce so concurrent
* writers (e.g. PostToolUse `ecc-metrics-bridge` and the background
* `ecc-statusline`, both writing to the same session bridge) do not
* clobber each other's tmp file mid-write. With a fixed `.tmp` suffix
* two writers could both call `writeFileSync` against the same path
* before either reaches `renameSync`, causing one writer's payload to
* silently overwrite the other and the second `renameSync` to throw
* ENOENT once the rename consumes the file.
*
* Same pattern already used by `writeCostWarningIfChanged` in
* `scripts/hooks/ecc-metrics-bridge.js` (commit 9b1d8918) for the
* cost-warning cache; this commit applies it to the session-bridge
* primitive too.
*
* @param {string} sessionId - Already-sanitized session ID
* @param {object} data
*/
function writeBridgeAtomic(sessionId, data) {
const target = getBridgePath(sessionId);
const tmp = `${target}.tmp`;
const tmp = `${target}.${process.pid}.${crypto.randomBytes(4).toString('hex')}.tmp`;
fs.writeFileSync(tmp, JSON.stringify(data), 'utf8');
fs.renameSync(tmp, target);
try {
renameWithRetry(tmp, target);
} catch (err) {
try { fs.unlinkSync(tmp); } catch { /* ignore */ }
throw err;
}
}
/**
* Replace a file via rename, retrying briefly on transient OS-level errors.
*
* POSIX `rename(2)` is atomic between source and destination, so concurrent
* writers each rename onto the same target without conflict. Windows
* `MoveFileExW` is different: it fails with EPERM/EACCES/EBUSY if the
* target is currently being renamed by *another* process — a short race
* window that fires reliably under our PostToolUse + statusline concurrency.
*
* To stay portable, retry up to 5 times with exponential backoff (20 ms,
* 40, 80, 160, 320) on the Windows-only transient codes. POSIX runs hit
* the first try and exit immediately. Other error codes (ENOENT, ENOSPC,
* EROFS, …) re-throw without retry — they are not transient.
*
* Sleep uses `Atomics.wait` on a throwaway SharedArrayBuffer so the
* retry path does not busy-spin the CPU. This works on the main thread
* in Node ≥ 17 (and on workers in earlier versions).
*
* @param {string} tmp
* @param {string} target
*/
function renameWithRetry(tmp, target) {
const RETRY_CODES = new Set(['EPERM', 'EACCES', 'EBUSY']);
const MAX_ATTEMPTS = 5;
for (let attempt = 0; ; attempt++) {
try {
fs.renameSync(tmp, target);
return;
} catch (err) {
if (attempt + 1 >= MAX_ATTEMPTS || !RETRY_CODES.has(err.code)) {
throw err;
}
const delayMs = 20 << attempt;
try {
Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, delayMs);
} catch {
// Atomics.wait throws on the main thread in some older runtimes;
// fall back to a brief busy-wait so the retry path still has a delay.
const until = Date.now() + delayMs;
while (Date.now() < until) { /* spin */ }
}
}
}
}
/**
@@ -76,6 +142,7 @@ module.exports = {
getBridgePath,
readBridge,
writeBridgeAtomic,
renameWithRetry,
resolveSessionId,
MAX_SESSION_ID_LENGTH
};

333
scripts/operator-readiness-dashboard.js
View File

@@ -335,13 +335,49 @@ function agentShieldEnterpriseGap(roadmap) {
function agentShieldEnterpriseEvidence(roadmap) {
if (roadmap.includes('hosted promotion judge audit traces')
|| roadmap.includes('operator-visible promotion output values')) {
return 'AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap';
return 'AgentShield policy promotion `reviewItems` landed in `87aec47`; package-manager hardening drift detection landed in `28d08c7`; workflow action runtime pins were refreshed in `659f569`; npm age-gate guidance was corrected in `ee585cd`; package-manager hardening Action outputs landed in `1124535`; policy-promotion Action outputs and runtime-smoke job-summary evidence landed in `1593925`; fleet review ticket payloads and current Mini Shai-Hulud IOC breadcrumbs landed in `840952a`; ECC-Tools consumes those outputs in `8658951`, surfaces operator-readable status/pack/count/digest telemetry in `16c537f`, and renders hosted promotion judge audit traces in `05d4e82`; all are mirrored in the GA roadmap';
}
return 'AgentShield enterprise PR evidence is mirrored in the GA roadmap';
}
function eccToolsNextLevelEvidence(roadmap) {
if (roadmap.includes('announcementGateReady` is `true')
|| roadmap.includes('Native GitHub payments announcement gate is ready')
|| roadmap.includes('d3d62df83fa075660fa4530c3e0edc311a4355fe')) {
return 'billing announcement gate, selected-target announcement gate, billing gate env-file operator path, non-breaking operator bearer path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler selected-target readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
}
if (roadmap.includes('selected-target official announcement gate')
|| roadmap.includes('billing gate env-file operator path')
|| roadmap.includes('72119a1')
|| roadmap.includes('16a5bb3')
|| roadmap.includes('select-ready-target')
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')) {
return 'billing announcement gate, selected-target announcement gate, billing gate env-file operator path, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, ready Marketplace Pro target selection, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
}
if (roadmap.includes('69ca535')
|| roadmap.includes('team feedback controls')
|| roadmap.includes('e56fc1a')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, sanitized Marketplace plan/action provenance counts, hosted team-learning feedback controls, and ECC-Tools Dependabot alert remediation are mirrored in the GA roadmap';
}
if (roadmap.includes('d5f60db')
|| roadmap.includes('Marketplace-source provenance counts')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, provenance-aware Marketplace billing-state gates, and sanitized Marketplace plan/action provenance counts are mirrored in the GA roadmap';
}
if (roadmap.includes('target account billing readback')
|| roadmap.includes('632e059')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, target-account billing readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap';
}
if (roadmap.includes('Wrangler OAuth readback')
|| roadmap.includes('42653f9')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, Wrangler OAuth readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap';
}
if (roadmap.includes('Marketplace webhook provenance')
|| roadmap.includes('2859678')) {
return 'billing announcement gate, hosted analysis lanes, AgentShield fleet-summary consumption, hosted finding evidence paths, harness-route policy linking, policy-promotion Action-output telemetry, operator-visible promotion output details, hosted promotion judge audit traces, billing announcement preflight, aggregate production billing KV readback, and provenance-aware Marketplace billing-state gates are mirrored in the GA roadmap';
@@ -366,6 +402,47 @@ function eccToolsNextLevelEvidence(roadmap) {
}
function eccToolsNextLevelGap(roadmap) {
if (roadmap.includes('announcementGateReady` is `true')
|| roadmap.includes('Native GitHub payments announcement gate is ready')
|| roadmap.includes('d3d62df83fa075660fa4530c3e0edc311a4355fe')) {
return 'repeat KV readback and selected-target announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates';
}
if (roadmap.includes('selected-target official announcement gate')
|| roadmap.includes('billing gate env-file operator path')
|| roadmap.includes('72119a1')
|| roadmap.includes('16a5bb3')
|| roadmap.includes('select-ready-target')
|| roadmap.includes('f14ed2fe-a219-470c-8119-63429e197027')
|| roadmap.includes('old "no Marketplace-managed Pro target billing-state" blocker is cleared')) {
return 'obtain or rotate the local/internal INTERNAL_API_SECRET bearer-token path, via exported env or ignored --env-file, then run the live selected-target billing announcement gate before publishing native-payments copy';
}
if (roadmap.includes('1Password CLI authorization timed out')
|| roadmap.includes('Cloudflare API auth returned `Authentication error [code: 10000]`')) {
return 'authorize Cloudflare API or 1Password CLI access, configure the target Marketplace Pro account and INTERNAL_API_SECRET, create or replay Marketplace Pro webhook state, then rerun target readback and the live announcement gate';
}
if (roadmap.includes('Wrangler OAuth now works')
|| roadmap.includes('6904e4fb-bec7-4787-90e2-759f077a628c')) {
return 'create or verify Marketplace-managed Pro target billing-state with webhook provenance, configure the target account and INTERNAL_API_SECRET, then rerun target readback and the live announcement gate';
}
if (roadmap.includes('d5f60db')
|| roadmap.includes('Marketplace-source provenance counts')) {
return 'create or verify Marketplace-managed Pro target billing-state with webhook provenance, then run `billing:kv-readback -- --wrangler --wrangler-bin ./node_modules/.bin/wrangler --account <github-login> --require-ready`, followed by the live announcement gate';
}
if (roadmap.includes('target account billing readback')
|| roadmap.includes('632e059')) {
return 'create or verify Marketplace-managed Pro target billing-state with webhook provenance, then run `billing:kv-readback -- --account <github-login> --require-ready` with working Cloudflare API auth or repaired Wrangler OAuth, followed by the live announcement gate';
}
if (roadmap.includes('Wrangler OAuth readback')
|| roadmap.includes('42653f9')) {
return 'create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` with working Cloudflare API auth or repaired Wrangler OAuth, followed by the live announcement gate';
}
if (roadmap.includes('Marketplace webhook provenance')
|| roadmap.includes('2859678')) {
return 'replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate';
@@ -412,9 +489,16 @@ function supplyChainLocalProtectionGap({ roadmap, scripts }) {
function hasCurrentLinearProgressSync({ roadmap, progressSync }) {
const hasOperatorProgressSurface = roadmap.includes('operator progress snapshot')
|| roadmap.includes('operator progress comment');
const hasMay19ProgressSurface = roadmap.includes('ecc-may-19-post-pr-2002-sync-64cef8f668e0')
&& roadmap.includes('a6411e3a-8c8e-4a58-adba-687e77d4c543')
&& roadmap.includes('ITO-56');
const hasMay20ReleaseGateSurface = roadmap.includes('467d148a-712a-4777-aad9-95593e9f1739')
&& roadmap.includes('7642ee9c-3107-400c-a229-53e2895a8914')
&& roadmap.includes('30f60710')
&& roadmap.includes('26135974576');
return roadmap.includes('Linear live sync is current')
&& hasOperatorProgressSurface
&& (hasOperatorProgressSurface || hasMay19ProgressSurface || hasMay20ReleaseGateSurface)
&& includesAll(progressSync, [
'node scripts/work-items.js sync-github --repo <owner/repo>',
'node scripts/status.js --json',
@@ -437,6 +521,15 @@ function linearProgressStatus(context) {
function linearProgressEvidence(context) {
if (hasCurrentLinearProgressSync(context)) {
if (context.roadmap.includes('467d148a-712a-4777-aad9-95593e9f1739')
&& context.roadmap.includes('7642ee9c-3107-400c-a229-53e2895a8914')) {
return 'Linear live sync is current with the May 20 Marketplace Pro release-gate comments on ITO-61 and the ECC platform roadmap; progress-sync contract defines the file-backed work-items/status path';
}
if (context.roadmap.includes('ecc-may-19-post-pr-2002-sync-64cef8f668e0')) {
return 'Linear live sync is current with the May 19 post-PR #2002 sync document, project comment, and active issue-lane updates; progress-sync contract defines the file-backed work-items/status path';
}
return 'Linear live sync and project progress surface are current; progress-sync contract defines the file-backed work-items/status path';
}
@@ -482,17 +575,70 @@ function buildRequirement(id, requirement, artifact, status, evidence, gap) {
return { id, requirement, artifact, status, evidence, gap };
}
function extractLabeledCount(text, label) {
const pattern = new RegExp(`${label.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}:\\s*(\\d+)`, 'i');
const match = text.match(pattern);
if (!match) {
return null;
}
const parsed = Number.parseInt(match[1], 10);
return Number.isFinite(parsed) ? parsed : null;
}
function isCurrentOrComplete(status) {
return status === 'current' || status === 'complete';
}
function extractGrowthBaseline(hypergrowth) {
const mrrMatch = hypergrowth.match(/\| MRR \| `([^`]+)` \| `([^`]+)` \| `([^`]+)` \|/);
if (!mrrMatch) {
return {
currentMrr: 'unknown',
targetMrr: 'unknown',
gapMrr: 'unknown',
};
}
return {
currentMrr: mrrMatch[1],
targetMrr: mrrMatch[2],
gapMrr: mrrMatch[3],
};
}
function buildGrowthSummary(rootDir) {
const hypergrowth = readText(rootDir, 'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
const partnerPack = readText(rootDir, 'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md');
const baseline = extractGrowthBaseline(hypergrowth || partnerPack);
return {
...baseline,
lanes: [
'GitHub Sponsors and OSS partner sponsors',
'ECC Tools Pro subscriptions',
'consulting and implementation contracts',
'talks, podcasts, conference demos, and partner webinars',
],
};
}
function buildRequirements(rootDir, platformReport) {
const roadmap = readText(rootDir, 'docs/ECC-2.0-GA-ROADMAP.md');
const publicationReadiness = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-readiness.md');
const namingMatrix = readText(rootDir, 'docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md');
const releaseUrlLedger = readText(rootDir, 'docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-18.md');
const releasePublicationChecklist = readText(rootDir, 'docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md');
const releaseUrlLedger = readText(rootDir, 'docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md');
const publicationEvidenceMay19 = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md');
const hypergrowthCommandCenter = readText(rootDir, 'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
const partnerSponsorTalksPack = readText(rootDir, 'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md');
const releaseVideoProduction = readText(rootDir, 'docs/releases/2.0.0-rc.1/video-suite-production.md');
const ownerQueueCleanup = readText(rootDir, 'docs/releases/2.0.0-rc.1/owner-queue-cleanup-2026-05-18.md');
const ownerApprovalPacket = readText(rootDir, 'docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md');
const previewManifest = readText(rootDir, 'docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
const previewPackSmoke = readText(rootDir, 'scripts/preview-pack-smoke.js');
const releaseVideoSuite = readText(rootDir, 'scripts/release-video-suite.js');
const progressSync = readText(rootDir, 'docs/architecture/progress-sync-contract.md');
const observabilityReadiness = readText(rootDir, 'docs/architecture/observability-readiness.md');
const stalePrSalvage = readText(rootDir, 'docs/stale-pr-salvage-ledger.md');
@@ -518,11 +664,77 @@ function buildRequirements(rootDir, platformReport) {
]);
const hermesArtifactsReady = fileExists(rootDir, 'docs/HERMES-SETUP.md')
&& fileExists(rootDir, 'skills/hermes-imports/SKILL.md');
const hypergrowthCommandCenterReady = includesAll(hypergrowthCommandCenter, [
'harness-native operator system',
'$1,728/mo',
'$10,000/mo',
'Video Suite',
'Distribution Plan',
'Owner Approvals',
]) && includesAll(publicationEvidenceMay19, [
'Business baseline',
'$1,728/mo',
'$8,272/mo',
]);
const releaseVideoSuiteReady = scripts['release:video-suite'] === 'node scripts/release-video-suite.js'
&& fileExists(rootDir, 'scripts/release-video-suite.js')
&& includesAll(releaseVideoProduction, [
'ECC 2.0 Video Suite Production Manifest',
'Primary launch video',
'Self-Eval Gate',
'timeline',
])
&& includesAll(releaseVideoSuite, [
'ecc.release-video-suite.v1',
'video-source-assets-present',
'video-release-artifacts-present',
]);
const releaseVideoPublishCandidatesReady = releaseVideoSuiteReady
&& includesAll(publicationEvidenceMay19, [
'Ready true',
'15/15 source assets present',
'13/13 render, timeline, caption, EDL, and segment artifacts present',
'12/12 publish-candidate outputs present',
'zero detected black-frame segments',
'primary rough render self-eval passed',
]);
const partnerSponsorTalksReady = includesAll(partnerSponsorTalksPack, [
'Sponsor Outbound',
'Platform Partner DM',
'Consulting Intro',
'Talk And Podcast Pitch',
'GitHub Discussion Announcement',
'Do Not Send Or Publish If',
]);
const ownerApprovalPacketReady = includesAll(ownerApprovalPacket, [
'Owner Approval Packet',
'Decision Register',
'GitHub prerelease',
'npm `next` publish',
'Claude plugin tag',
'Video upload',
'Final URL Fill-In',
'Do Not Approve If',
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.'
]) && includesAll(previewManifest, ['owner-approval-packet-2026-05-19.md']);
const githubLive = !platformReport.github.skipped && platformReport.github.totals.errors === 0;
const queuesCurrent = githubLive
&& platformReport.github.totals.openPrs <= platformReport.thresholds.maxOpenPrs
const ownerWideOpenPrs = extractLabeledCount(ownerQueueCleanup, 'Owner-wide open PRs after cleanup');
const ownerWideOpenIssues = extractLabeledCount(ownerQueueCleanup, 'Owner-wide open issues after cleanup');
const trackedPrQueueCurrent = githubLive
&& platformReport.github.totals.openPrs <= platformReport.thresholds.maxOpenPrs;
const trackedIssueQueueCurrent = githubLive
&& platformReport.github.totals.openIssues <= platformReport.thresholds.maxOpenIssues;
const ownerPrQueueCurrent = ownerWideOpenPrs === null
|| ownerWideOpenPrs <= platformReport.thresholds.maxOpenPrs;
const ownerIssueQueueCurrent = ownerWideOpenIssues === null
|| ownerWideOpenIssues <= platformReport.thresholds.maxOpenIssues;
const ownerPrEvidence = ownerWideOpenPrs === null
? ''
: `; ${ownerWideOpenPrs} owner-wide open PRs after cleanup`;
const ownerIssueEvidence = ownerWideOpenIssues === null
? ''
: `; ${ownerWideOpenIssues} owner-wide open issues after cleanup`;
const discussionsCurrent = githubLive
&& platformReport.github.totals.discussionsNeedingMaintainerTouch === 0
&& platformReport.github.totals.discussionsMissingAcceptedAnswer === 0;
@@ -531,22 +743,30 @@ function buildRequirements(rootDir, platformReport) {
buildRequirement(
'public-pr-budget',
'Keep public PRs below 20',
'scripts/platform-audit.js live GitHub sweep',
queuesCurrent ? 'current' : 'in_progress',
ownerWideOpenPrs === null
? 'scripts/platform-audit.js live GitHub sweep'
: 'scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger',
trackedPrQueueCurrent && ownerPrQueueCurrent ? 'current' : 'in_progress',
githubLive
? `${platformReport.github.totals.openPrs} open PRs across ${platformReport.github.repos.length} tracked repos`
? `${platformReport.github.totals.openPrs} open PRs across ${platformReport.github.repos.length} tracked repos${ownerPrEvidence}`
: 'live GitHub queue readback was skipped or failed',
queuesCurrent ? 'repeat before release' : 'run live platform:audit and drain PR queue'
trackedPrQueueCurrent && ownerPrQueueCurrent
? 'repeat platform:audit and owner-wide gh search before release'
: 'run live platform:audit and owner-wide gh search, then drain PR queue'
),
buildRequirement(
'public-issue-budget',
'Keep public issues below 20',
'scripts/platform-audit.js live GitHub sweep',
queuesCurrent ? 'current' : 'in_progress',
ownerWideOpenIssues === null
? 'scripts/platform-audit.js live GitHub sweep'
: 'scripts/platform-audit.js live GitHub sweep plus owner-wide queue cleanup ledger',
trackedIssueQueueCurrent && ownerIssueQueueCurrent ? 'current' : 'in_progress',
githubLive
? `${platformReport.github.totals.openIssues} open issues across ${platformReport.github.repos.length} tracked repos`
? `${platformReport.github.totals.openIssues} open issues across ${platformReport.github.repos.length} tracked repos${ownerIssueEvidence}`
: 'live GitHub queue readback was skipped or failed',
queuesCurrent ? 'repeat before release' : 'run live platform:audit and drain issue queue'
trackedIssueQueueCurrent && ownerIssueQueueCurrent
? 'repeat platform:audit and owner-wide gh search before release'
: 'run live platform:audit and owner-wide gh search, then drain issue queue'
),
buildRequirement(
'repository-discussions',
@@ -602,12 +822,20 @@ function buildRequirements(rootDir, platformReport) {
buildRequirement(
'naming-and-plugin-publication',
'Prepare name-change, Claude plugin, and Codex plugin paths',
'naming-and-publication-matrix plus publication-readiness',
'naming-and-publication-matrix plus release-name-plugin-publication checklist plus publication-readiness',
includesAll(namingMatrix, ['Claude plugin', 'Codex plugin', 'npm package', 'Publication Paths'])
&& includesAll(releasePublicationChecklist, [
'Ship `v2.0.0-rc.1` as **ECC**',
'affaan-m/ECC',
'ecc-universal',
'claude plugin tag .claude-plugin --dry-run',
'codex plugin marketplace add',
'Do not rename the npm package until rc.1 is published'
])
&& includesAll(publicationReadiness, ['Claude plugin', 'Codex plugin'])
? 'in_progress'
: 'not_complete',
'naming matrix and plugin readiness gates exist',
'naming matrix, release publication checklist, and plugin readiness gates exist',
'real tag/push, marketplace submission, and final channel choice remain approval-gated'
),
buildRequirement(
@@ -626,6 +854,58 @@ function buildRequirements(rootDir, platformReport) {
? 'final live release/npm/plugin/billing URLs and publish approval still pending'
: 'URL-backed refresh and publish approval still pending'
),
buildRequirement(
'owner-approval-packet',
'Prepare final owner approval packet',
'docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md',
ownerApprovalPacketReady ? 'current' : 'not_complete',
ownerApprovalPacketReady
? 'owner approval packet covers release, package, plugin, video, billing, social, and outbound decisions'
: 'owner approval packet is missing or incomplete',
ownerApprovalPacketReady
? 'review owner approvals from the final release commit before any publication or outbound action'
: 'add the owner decision sheet before publication review'
),
buildRequirement(
'hypergrowth-command-center',
'Create a second-phase hypergrowth release command center',
'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md plus May 19 evidence',
hypergrowthCommandCenterReady ? 'current' : 'in_progress',
hypergrowthCommandCenterReady
? 'current MRR, target MRR, gap, release claim, video lane, distribution plan, and approval boundaries are in-tree'
: 'hypergrowth command center or May 19 business baseline evidence is incomplete',
hypergrowthCommandCenterReady
? 'refresh after every MRR, channel, or approval-state change before public launch'
: 'add current MRR, target gap, channel plan, video lane, and approval boundaries'
),
buildRequirement(
'release-video-suite',
'Produce the ECC 2.0 release video suite',
'docs/releases/2.0.0-rc.1/video-suite-production.md and npm run release:video-suite',
releaseVideoPublishCandidatesReady ? 'current' : releaseVideoSuiteReady ? 'in_progress' : 'not_complete',
releaseVideoPublishCandidatesReady
? 'video-suite gate is ready with 15/15 source assets, 13/13 suite artifacts, 12/12 publish candidates, primary self-eval, and zero detected black-frame segments recorded in May 19 evidence'
: releaseVideoSuiteReady
? 'video production manifest and deterministic video-suite gate are wired for launch video, short clips, captions, timeline, and self-eval evidence'
: 'video production manifest or release:video-suite gate is incomplete',
releaseVideoPublishCandidatesReady
? 'final owner approval, upload, and public video URLs remain approval-gated'
: releaseVideoSuiteReady
? 'render final owner-approved MP4s, captions, platform reframes, and editable timeline before posting'
: 'wire release:video-suite and production manifest before final content work'
),
buildRequirement(
'partner-sponsor-talks-pack',
'Prepare sponsor, partner, consulting, podcast, talk, and Discussion copy',
'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md',
partnerSponsorTalksReady ? 'in_progress' : 'not_complete',
partnerSponsorTalksReady
? 'sponsor outbound, platform partner DM, consulting intro, talk/podcast pitch, GitHub Discussion announcement, CTA hooks, and do-not-send gate are drafted'
: 'partner, sponsor, consulting, talk, or discussion copy is missing',
partnerSponsorTalksReady
? 'replace final URLs after publication gates, then get explicit approval before outbound or personal-account posts'
: 'draft the full outbound pack and approval gate'
),
buildRequirement(
'agentshield-enterprise-iteration',
'Advance AgentShield enterprise iteration',
@@ -714,12 +994,18 @@ function buildReport(options) {
fix: item.gap,
}));
const head = runCommand('git', ['rev-parse', 'HEAD'], { cwd: rootDir });
const growth = buildGrowthSummary(rootDir);
const releaseVideoRequirement = requirements.find(item => item.id === 'release-video-suite');
const releaseVideoWorkOrder = releaseVideoRequirement && releaseVideoRequirement.status === 'current'
? 'Review the owner-approved primary launch video candidates, choose the final cuts, upload after approval, and attach public video URLs to the release pack.'
: 'Render the owner-approved primary launch video, short clips, captions, reframes, and editable timeline from the video-suite production manifest.';
return {
schema_version: SCHEMA_VERSION,
generatedAt,
root: rootDir,
head,
growth,
ready: incompleteRequirements.length === 0,
dashboardReady: platformReport.ready,
publicationReady: false,
@@ -739,9 +1025,11 @@ function buildReport(options) {
top_actions: topActions,
next_work_order: [
'Regenerate this dashboard from the final release commit before publication evidence is recorded.',
'Review the owner approval packet from the final release commit and approve, defer, or block each publication and outbound lane.',
releaseVideoWorkOrder,
'Replace final release, npm, plugin, billing, and video URLs in the partner/sponsor/talk pack, then get explicit approval before outbound.',
'Repeat ITO-57 Linear/project status sync after the next significant merge batch or advisory-source refresh.',
'Replace the invalid Cloudflare credential, create or verify Marketplace-managed Pro billing-state with webhook provenance, then run `billing:kv-readback -- --require-ready` and the live announcement gate before publishing native-payments copy.',
'Resume ITO-45, ITO-46, and ITO-56 only after the generated dashboard and final release gates are refreshed.',
'Repeat KV readback and the selected-target billing announcement gate immediately before launch; keep native-payments copy behind the final release, plugin, URL, and owner-approval gates.',
],
};
}
@@ -760,6 +1048,9 @@ function renderText(report) {
`Dashboard ready: ${report.dashboardReady}`,
`Publication ready: ${report.publicationReady}`,
'',
'Growth baseline:',
` MRR: ${report.growth ? report.growth.currentMrr : 'unknown'} -> ${report.growth ? report.growth.targetMrr : 'unknown'} (gap ${report.growth ? report.growth.gapMrr : 'unknown'})`,
'',
'Platform:',
` PRs: ${report.platform.openPrs}`,
` Issues: ${report.platform.openIssues}`,
@@ -807,6 +1098,14 @@ function renderMarkdown(report) {
`| Dashboard generation | ${report.dashboardReady ? 'Current' : 'Needs work'} | platform audit ready: ${report.platform.ready}; GitHub skipped: ${report.platform.githubSkipped} |`,
`| Publication | ${report.publicationReady ? 'Ready' : 'Not complete'} | release, npm, plugin, billing, and announcement gates are tracked below |`,
'',
'## Growth Baseline',
'',
'| Metric | Current | Target | Gap |',
'| --- | ---: | ---: | ---: |',
`| MRR | ${markdownEscape(report.growth ? report.growth.currentMrr : 'unknown')} | ${markdownEscape(report.growth ? report.growth.targetMrr : 'unknown')} | ${markdownEscape(report.growth ? report.growth.gapMrr : 'unknown')} |`,
'',
'Growth lanes: GitHub Sponsors and OSS partner sponsors; ECC Tools Pro subscriptions; consulting and implementation contracts; talks, podcasts, conference demos, and partner webinars.',
'',
'## Prompt-To-Artifact Checklist',
'',
'| Objective requirement | Artifact or gate | Status | Evidence | Gap |',

16
scripts/platform-audit.js
View File

@@ -11,7 +11,7 @@ const {
const SCHEMA_VERSION = 'ecc.platform-audit.v1';
const DEFAULT_REPOS = Object.freeze([
'affaan-m/everything-claude-code',
'affaan-m/ECC',
'affaan-m/agentshield',
'affaan-m/JARVIS',
'ECC-Tools/ECC-Tools',
@@ -426,8 +426,8 @@ function buildLocalEvidenceChecks(rootDir) {
const roadmap = readText(rootDir, 'docs/ECC-2.0-GA-ROADMAP.md');
const progressSync = readText(rootDir, 'docs/architecture/progress-sync-contract.md');
const supplyChain = readText(rootDir, 'docs/security/supply-chain-incident-response.md');
const evidence = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md');
const operatorDashboard = readText(rootDir, 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md');
const evidence = readText(rootDir, 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md');
const operatorDashboard = readText(rootDir, 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md');
return [
buildCheck(
@@ -472,21 +472,23 @@ function buildLocalEvidenceChecks(rootDir) {
),
buildCheck(
'release-evidence-current',
includesAll(evidence, ['TanStack', 'Mini Shai-Hulud', 'Home persistence IOC scan', 'Supply-Chain Watch', 'npm signatures']) ? 'pass' : 'fail',
'rc.1 evidence includes current supply-chain verification artifacts',
{ path: 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-18.md' }
includesAll(evidence, ['Release video suite', 'growth outreach', 'Operator dashboard', 'GitGuardian', 'macOS/Ubuntu/Windows test matrix', '2568 passed']) ? 'pass' : 'fail',
'rc.1 evidence includes current release, video, growth, and CI artifacts',
{ path: 'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md' }
),
buildCheck(
'operator-readiness-dashboard',
includesAll(operatorDashboard, [
'This dashboard is generated by `npm run operator:dashboard`',
'Growth Baseline',
'hypergrowth release command center',
'Prompt-To-Artifact Checklist',
'PR queue',
'Not complete',
'Next Work Order',
]) ? 'pass' : 'fail',
'operator dashboard maps macro-goal requirements to current evidence and open gaps',
{ path: 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-18.md' }
{ path: 'docs/releases/2.0.0-rc.1/operator-readiness-dashboard-2026-05-20.md' }
),
];
}

14
scripts/preview-pack-smoke.js
View File

@@ -18,6 +18,7 @@ const REQUIRED_ARTIFACTS = [
'docs/architecture/observability-readiness.md',
'docs/architecture/progress-sync-contract.md',
'scripts/preview-pack-smoke.js',
'scripts/release-approval-gate.js',
`${RELEASE_DIR}/release-notes.md`,
`${RELEASE_DIR}/quickstart.md`,
`${RELEASE_DIR}/launch-checklist.md`,
@@ -26,10 +27,17 @@ const REQUIRED_ARTIFACTS = [
`${RELEASE_DIR}/publication-evidence-2026-05-16.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-17.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-18.md`,
`${RELEASE_DIR}/publication-evidence-2026-05-19.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-17.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-18.md`,
`${RELEASE_DIR}/release-url-ledger-2026-05-18.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-19.md`,
`${RELEASE_DIR}/operator-readiness-dashboard-2026-05-20.md`,
`${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`,
`${RELEASE_DIR}/release-url-ledger-2026-05-19.md`,
`${RELEASE_DIR}/video-suite-production.md`,
`${RELEASE_DIR}/partner-sponsor-talks-pack.md`,
`${RELEASE_DIR}/naming-and-publication-matrix.md`,
`${RELEASE_DIR}/release-name-plugin-publication-checklist-2026-05-18.md`,
`${RELEASE_DIR}/x-thread.md`,
`${RELEASE_DIR}/linkedin-post.md`,
`${RELEASE_DIR}/article-outline.md`,
@@ -39,8 +47,10 @@ const REQUIRED_ARTIFACTS = [
const REQUIRED_VERIFICATION_COMMANDS = [
'git status --short --branch',
'node scripts/platform-audit.js --format json --allow-untracked docs/drafts/',
'node scripts/platform-audit.js --json',
'npm run preview-pack:smoke',
'npm run release:approval-gate -- --format json',
'npm run release:video-suite -- --format json',
'npm run harness:adapters -- --check',
'npm run harness:audit -- --format json',
'npm run observability:ready',

553
scripts/release-approval-gate.js Normal file
View File

@@ -0,0 +1,553 @@
#!/usr/bin/env node
'use strict';
const crypto = require('crypto');
const fs = require('fs');
const path = require('path');
const RELEASE = '2.0.0-rc.1';
const RELEASE_DIR = `docs/releases/${RELEASE}`;
const SCHEMA_VERSION = 'ecc.release-approval-gate.v1';
const SCRIPT_PATH = 'scripts/release-approval-gate.js';
const OWNER_PACKET_PATH = `${RELEASE_DIR}/owner-approval-packet-2026-05-19.md`;
const URL_LEDGER_PATH = `${RELEASE_DIR}/release-url-ledger-2026-05-19.md`;
const PREVIEW_MANIFEST_PATH = `${RELEASE_DIR}/preview-pack-manifest.md`;
const REQUIRED_COMMAND = 'npm run release:approval-gate -- --format json';
const REQUIRED_DECISIONS = [
{
id: 'github-prerelease',
label: 'GitHub prerelease',
},
{
id: 'npm-next-publish',
label: 'npm `next` publish',
},
{
id: 'claude-plugin-tag',
label: 'Claude plugin tag',
},
{
id: 'codex-repo-marketplace',
label: 'Codex repo marketplace',
},
{
id: 'ecc-tools-billing-language',
label: 'ECC Tools billing language',
},
{
id: 'video-upload',
label: 'Video upload',
},
{
id: 'social-and-longform',
label: 'X, LinkedIn, GitHub Discussion, longform',
},
{
id: 'outbound-growth',
label: 'Sponsor, partner, consulting, conference, podcast outreach',
},
];
const REQUIRED_URL_SURFACES = [
{
id: 'github-prerelease-url',
label: 'GitHub prerelease URL',
exampleUrl: 'https://github.com/affaan-m/ECC/releases/tag/v2.0.0-rc.1',
},
{
id: 'npm-rc-package-url',
label: 'npm rc package URL',
exampleUrl: 'https://www.npmjs.com/package/ecc-universal/v/2.0.0-rc.1',
},
{
id: 'claude-plugin-tag-url',
label: 'Claude plugin tag URL',
exampleUrl: 'https://github.com/affaan-m/ECC/releases/tag/ecc--v2.0.0-rc.1',
},
{
id: 'codex-repo-marketplace-evidence',
label: 'Codex repo-marketplace evidence',
exampleUrl: 'https://github.com/affaan-m/ECC/tree/v2.0.0-rc.1/.codex-plugin',
},
{
id: 'primary-launch-video-url',
label: 'Primary launch video URL',
exampleUrl: 'https://x.com/affaanmustafa/status/0000000000000000000',
},
{
id: 'short-clip-urls',
label: 'Short clip URLs',
exampleUrl: 'https://x.com/affaanmustafa/status/0000000000000000001',
},
{
id: 'ecc-tools-billing-readiness-url',
label: 'ECC Tools billing/readiness URL',
exampleUrl: 'https://github.com/ECC-Tools',
},
];
const ANNOUNCEMENT_FILES = [
`${RELEASE_DIR}/release-notes.md`,
`${RELEASE_DIR}/x-thread.md`,
`${RELEASE_DIR}/linkedin-post.md`,
`${RELEASE_DIR}/article-outline.md`,
`${RELEASE_DIR}/partner-sponsor-talks-pack.md`,
'docs/business/social-launch-copy.md',
];
function usage() {
console.log([
'Usage: node scripts/release-approval-gate.js [--format <text|json>] [--root <dir>]',
'',
'Final approval gate for ECC 2.0 rc.1 publication and outbound actions.',
'',
'Options:',
' --format <text|json> Output format (default: text)',
' --json Alias for --format json',
' --root <dir> Repository root to inspect (default: cwd)',
' --help, -h Show this help',
].join('\n'));
}
function readArgValue(args, index, flagName) {
const value = args[index + 1];
if (!value || value.startsWith('--')) {
throw new Error(`${flagName} requires a value`);
}
return value;
}
function parseArgs(argv) {
const args = argv.slice(2);
const parsed = {
format: 'text',
help: false,
root: path.resolve(process.cwd()),
};
for (let index = 0; index < args.length; index += 1) {
const arg = args[index];
if (arg === '--help' || arg === '-h') {
parsed.help = true;
continue;
}
if (arg === '--json') {
parsed.format = 'json';
continue;
}
if (arg === '--format') {
parsed.format = readArgValue(args, index, arg).toLowerCase();
index += 1;
continue;
}
if (arg.startsWith('--format=')) {
parsed.format = arg.slice('--format='.length).toLowerCase();
continue;
}
if (arg === '--root') {
parsed.root = path.resolve(readArgValue(args, index, arg));
index += 1;
continue;
}
if (arg.startsWith('--root=')) {
parsed.root = path.resolve(arg.slice('--root='.length));
continue;
}
throw new Error(`Unknown argument: ${arg}`);
}
if (!['text', 'json'].includes(parsed.format)) {
throw new Error(`Invalid format: ${parsed.format}. Use text or json.`);
}
return parsed;
}
function readText(rootDir, relativePath) {
try {
return fs.readFileSync(path.join(rootDir, relativePath), 'utf8');
} catch (_error) {
return '';
}
}
function fileExists(rootDir, relativePath) {
return fs.existsSync(path.join(rootDir, relativePath));
}
function safeParseJson(text) {
if (!text.trim()) {
return null;
}
try {
return JSON.parse(text);
} catch (_error) {
return null;
}
}
function normalizeLabel(value) {
return String(value)
.replace(/[`*_]/g, '')
.replace(/\s+/g, ' ')
.trim()
.toLowerCase();
}
function normalizeState(value) {
return String(value)
.replace(/[`*_]/g, '')
.replace(/\s+/g, ' ')
.trim()
.toLowerCase();
}
function splitMarkdownRow(row) {
const trimmed = row.trim();
if (!trimmed.startsWith('|') || !trimmed.endsWith('|')) {
return [];
}
return trimmed
.slice(1, -1)
.split('|')
.map(cell => cell.trim());
}
function parseDecisionRegister(packet) {
const decisions = new Map();
for (const line of packet.split('\n')) {
const cells = splitMarkdownRow(line);
if (cells.length < 4) {
continue;
}
const [decision, state] = cells;
const normalizedDecision = normalizeLabel(decision);
if (
!normalizedDecision
|| normalizedDecision === 'decision'
|| /^-+$/.test(normalizedDecision)
) {
continue;
}
decisions.set(normalizedDecision, normalizeState(state));
}
return decisions;
}
function isApproved(state) {
return state === 'approve' || state === 'approved';
}
function lineNumberForIndex(text, index) {
return text.slice(0, index).split('\n').length;
}
function findAnnouncementOffenders(rootDir, relativePaths) {
const offenders = [];
const privatePathPattern = /\/Users\/(?!\.\.\.)[A-Za-z0-9._-]+|\/home\/(?!user|runner)[A-Za-z0-9._-]+/g;
const anglePlaceholderPattern = /<(?!(?:https?:\/\/|mailto:|#))[^>\n]*(?:url|link|todo|tbd|placeholder)[^>\n]*>/gi;
const barePlaceholderPattern = /\bTODO\b|\bTBD\b|\bPLACEHOLDER\b/g;
for (const relativePath of relativePaths) {
const text = readText(rootDir, relativePath);
if (!text) {
offenders.push({
path: relativePath,
line: 1,
marker: 'missing file',
});
continue;
}
for (const match of text.matchAll(privatePathPattern)) {
offenders.push({
path: relativePath,
line: lineNumberForIndex(text, match.index),
marker: match[0],
});
}
for (const match of text.matchAll(anglePlaceholderPattern)) {
offenders.push({
path: relativePath,
line: lineNumberForIndex(text, match.index),
marker: match[0],
});
}
for (const match of text.matchAll(barePlaceholderPattern)) {
offenders.push({
path: relativePath,
line: lineNumberForIndex(text, match.index),
marker: match[0],
});
}
}
return offenders;
}
function ledgerBlockers(ledger) {
const blockers = [];
if (/^##\s+Approval-Gated URLs\s*$/im.test(ledger)) {
blockers.push('approval-gated URL section still present');
}
for (const [pattern, label] of [
[/not published yet/i, 'not-published marker still present'],
[/must return/i, 'must-return readback marker still present'],
[/Gate before use/i, 'gate-before-use column still present'],
[/\bpending\b/i, 'pending marker still present'],
[/\bblocked\b/i, 'blocked marker still present'],
]) {
if (pattern.test(ledger)) {
blockers.push(label);
}
}
return blockers;
}
function makeCheck(id, status, evidence, fix) {
return {
id,
status,
evidence,
fix: status === 'pass' ? '' : fix,
};
}
function topActionsForChecks(checks) {
const actions = [];
const failedIds = new Set(checks.filter(check => check.status !== 'pass').map(check => check.id));
if (failedIds.has('release-approval-script-registered')) {
actions.push('Wire release:approval-gate into package.json, package files, and the preview-pack manifest.');
}
if (failedIds.has('owner-decisions-approved')) {
actions.push('Approve, defer, or block each owner decision row explicitly after final evidence is rerun from the release commit.');
}
if (failedIds.has('release-url-ledger-finalized')) {
actions.push('Replace approval-gated URL ledger rows with live readback URLs from the approved release, package, plugin, video, and billing surfaces.');
}
if (failedIds.has('final-evidence-command-listed')) {
actions.push('Add release:approval-gate to the final evidence command lists before asking for publication approval.');
}
if (failedIds.has('announcement-copy-finalized')) {
actions.push('Remove unresolved placeholders and private local paths from launch, social, and outbound copy.');
}
if (failedIds.has('public-action-guard-present')) {
actions.push('Restore the explicit no-outbound/no-publish authorization boundary in the owner packet.');
}
return actions;
}
function buildReport(options = {}) {
const rootDir = path.resolve(options.root || process.cwd());
const packageJson = safeParseJson(readText(rootDir, 'package.json')) || {};
const packageScripts = packageJson.scripts || {};
const packageFiles = Array.isArray(packageJson.files) ? packageJson.files : [];
const ownerPacket = readText(rootDir, OWNER_PACKET_PATH);
const ledger = readText(rootDir, URL_LEDGER_PATH);
const manifest = readText(rootDir, PREVIEW_MANIFEST_PATH);
const decisions = parseDecisionRegister(ownerPacket);
const missingDecisions = [];
const unapprovedDecisions = [];
for (const decision of REQUIRED_DECISIONS) {
const state = decisions.get(normalizeLabel(decision.label));
if (!state) {
missingDecisions.push(decision.label);
} else if (!isApproved(state)) {
unapprovedDecisions.push(`${decision.label}=${state}`);
}
}
const missingUrlSurfaces = REQUIRED_URL_SURFACES
.filter(surface => !ledger.includes(surface.label))
.map(surface => surface.label);
const urlBlockers = ledgerBlockers(ledger);
const announcementOffenders = findAnnouncementOffenders(rootDir, ANNOUNCEMENT_FILES);
const commandListedIn = [
ownerPacket.includes(REQUIRED_COMMAND) ? OWNER_PACKET_PATH : '',
ledger.includes(REQUIRED_COMMAND) ? URL_LEDGER_PATH : '',
manifest.includes(REQUIRED_COMMAND) ? PREVIEW_MANIFEST_PATH : '',
].filter(Boolean);
const checks = [
makeCheck(
'release-approval-script-registered',
packageScripts['release:approval-gate'] === `node ${SCRIPT_PATH}`
&& packageFiles.includes(SCRIPT_PATH)
&& fileExists(rootDir, SCRIPT_PATH)
&& manifest.includes(`\`${SCRIPT_PATH}\``)
&& manifest.includes(REQUIRED_COMMAND)
? 'pass'
: 'fail',
'package script, npm package file entry, local script, and preview-pack manifest reference',
'Add release:approval-gate to package scripts, package files, and preview-pack-manifest.md.'
),
makeCheck(
'owner-decisions-approved',
missingDecisions.length === 0 && unapprovedDecisions.length === 0 ? 'pass' : 'fail',
missingDecisions.length === 0 && unapprovedDecisions.length === 0
? `${REQUIRED_DECISIONS.length} owner decision rows are approved`
: `missing decisions: ${missingDecisions.join(', ') || 'none'}; pending decisions: ${unapprovedDecisions.join(', ') || 'none'}`,
'Set every required owner decision row to approve only after the final release evidence has been rerun.'
),
makeCheck(
'release-url-ledger-finalized',
ledger
&& missingUrlSurfaces.length === 0
&& urlBlockers.length === 0
? 'pass'
: 'fail',
ledger && missingUrlSurfaces.length === 0 && urlBlockers.length === 0
? `${REQUIRED_URL_SURFACES.length} final URL surfaces are recorded without approval-gated blockers`
: `missing URL surfaces: ${missingUrlSurfaces.join(', ') || 'none'}; blockers: ${urlBlockers.join(', ') || 'none'}`,
'Regenerate the release URL ledger after the approved publication actions and record live readback URLs.'
),
makeCheck(
'final-evidence-command-listed',
commandListedIn.length === 3 ? 'pass' : 'fail',
commandListedIn.length === 3
? `${REQUIRED_COMMAND} is listed in owner packet, URL ledger, and preview manifest`
: `${REQUIRED_COMMAND} listed in: ${commandListedIn.join(', ') || 'none'}`,
'List release:approval-gate in every final evidence command block.'
),
makeCheck(
'announcement-copy-finalized',
announcementOffenders.length === 0 ? 'pass' : 'fail',
announcementOffenders.length === 0
? `${ANNOUNCEMENT_FILES.length} launch/outbound copy files have no placeholders or private paths`
: `offenders: ${announcementOffenders.map(item => `${item.path}:${item.line}`).join(', ')}`,
'Replace placeholders with live URLs and remove private local paths from launch/outbound copy.'
),
makeCheck(
'public-action-guard-present',
ownerPacket.includes(
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.'
)
? 'pass'
: 'fail',
'owner packet preserves the explicit no-public-action authorization boundary',
'Restore the owner-packet sentence that blocks outbound, posts, package publish, plugin tags, and billing announcements.'
),
];
const failed = checks.filter(check => check.status !== 'pass');
const digest = crypto
.createHash('sha256')
.update(JSON.stringify(checks.map(check => [check.id, check.status, check.evidence])))
.digest('hex')
.slice(0, 12);
return {
schema_version: SCHEMA_VERSION,
release: RELEASE,
ready: failed.length === 0,
digest,
summary: {
passed: checks.length - failed.length,
failed: failed.length,
total: checks.length,
},
top_actions: topActionsForChecks(checks),
checks,
};
}
function renderText(report) {
const lines = [
'ECC release approval gate',
`Release: ${report.release}`,
`Ready: ${report.ready ? 'yes' : 'no'}`,
`Digest: ${report.digest}`,
'',
'Checks:',
];
for (const check of report.checks) {
lines.push(`- ${check.status} ${check.id}: ${check.evidence}`);
if (check.fix) {
lines.push(` fix: ${check.fix}`);
}
}
if (report.top_actions.length > 0) {
lines.push('');
lines.push('Top actions:');
for (const action of report.top_actions) {
lines.push(`- ${action}`);
}
}
lines.push('');
lines.push(`Passed: ${report.summary.passed}`);
lines.push(`Failed: ${report.summary.failed}`);
return `${lines.join('\n')}\n`;
}
function main() {
let parsed;
try {
parsed = parseArgs(process.argv);
} catch (error) {
console.error(`Error: ${error.message}`);
process.exit(1);
}
if (parsed.help) {
usage();
return;
}
const report = buildReport({ root: parsed.root });
if (parsed.format === 'json') {
console.log(JSON.stringify(report, null, 2));
} else {
process.stdout.write(renderText(report));
}
if (!report.ready) {
process.exit(2);
}
}
if (require.main === module) {
main();
}
module.exports = {
ANNOUNCEMENT_FILES,
REQUIRED_COMMAND,
REQUIRED_DECISIONS,
REQUIRED_URL_SURFACES,
buildReport,
parseArgs,
renderText,
};

1096
scripts/release-video-suite.js Normal file
View File

File diff suppressed because it is too large Load Diff

164
skills/blender-motion-state-inspection/SKILL.md Normal file
View File

@@ -0,0 +1,164 @@
---
name: blender-motion-state-inspection
description: Use this skill when inspecting Blender characters, rigs, poses, animation retargeting, ground contact, facing direction, or model-vs-motion alignment where screenshots alone are not enough.
origin: ECC
tools: Read, Write, Edit, Bash, Grep, Glob
---
# Blender Motion State Inspection
## When to Use
- A Blender character looks twisted, mirrored, flattened, offset, or foot-sliding in an animation.
- A user asks whether an imported avatar, armature, or retargeted motion matches an expected pose.
- You need to compare rendered evidence with structured facts such as bones, bounding boxes, contacts, and facing vectors.
- A workflow depends on deciding whether a model is a character, prop, proxy mesh, control rig, or broken import.
## Core Principle
Do not judge animated 3D assets only from screenshots. Screenshots are review evidence, but they hide axis conventions, bone names, object scale, local transforms, parented meshes, material slots, and frame-by-frame contact state.
First extract structured Blender state, then use viewport screenshots or renders to confirm what the facts imply.
## How It Works
1. Establish the clean scene and asset baseline before judging motion.
2. Extract structured facts from Blender using an exporter or Blender Python run inside Blender's own interpreter.
3. Sample the frames most likely to expose contact, orientation, scale, and retargeting errors.
4. Compare the measured facts against the user's expected pose, direction, ground plane, and render goal.
5. Return a concise report that separates confirmed facts, likely causes, and required fixes.
## Inspection Workflow
1. Inventory the scene.
- List meshes, armatures, empties, cameras, lights, modifiers, parent relationships, and hidden objects.
- Separate character meshes from helper/proxy geometry before judging the avatar.
- Record object-space and world-space bounding boxes.
2. Identify the skeleton.
- Capture armature names, pose bones, bone heads/tails, roll, parent chains, constraints, and rest-pose axes.
- Map semantic bones such as hips, spine, neck, head, shoulders, elbows, hands, thighs, knees, ankles, and feet.
- Flag missing left/right pairs and unusual naming schemes.
3. Determine forward, up, and side axes.
- Use the pelvis, spine, shoulders, hips, head, and feet together; do not rely on a single mesh normal.
- Compare local armature axes with world axes and imported file conventions such as glTF Y-up vs Blender Z-up.
- Mark likely mirrored or backwards imports when face/head/feet direction conflicts with root motion.
4. Sample animation frames.
- Inspect first, middle, contact, airborne, and extreme frames.
- Record root location, root heading, pelvis height, torso lean, limb directions, foot clearance, and mesh bounds.
- For long or fast motion, sample more densely around flips, landings, turns, collisions, and floor contacts.
5. Check model integrity before retargeting blame.
- Confirm the clean baseline shape before applying animation.
- Preserve original mesh, materials, armature, and skinning unless the user explicitly asks for repair.
- Treat unexplained sphere-like blobs, giant proxy meshes, or crushed bodies as import/selection issues until proven otherwise.
6. Diagnose contact and motion issues.
- Ground penetration: compare lowest foot or shoe vertices with floor height per frame.
- Foot sliding: compare foot world positions across planted frames.
- Leg crossover: compare left/right thigh, knee, ankle, and foot side ordering.
- Twist damage: compare bone swing direction separately from roll/twist around the limb axis.
- Scale drift: compare animated mesh bounds against the clean baseline bounds.
7. Report facts before opinions.
- Include frame numbers, object names, bone names, world coordinates, and thresholds.
- Separate confirmed failures from visual suspicions.
- Attach screenshots only after the structured state explains what to look for.
## Recommended Report Shape
```markdown
## Blender Motion Inspection
### Scene Inventory
- Character candidates:
- Armatures:
- Helper/proxy objects:
- Cameras/lights:
### Orientation
- World up:
- Character forward:
- Root heading:
- Mirrored/backwards risk:
### Baseline Integrity
- Clean mesh bounds:
- Animated mesh bounds:
- Materials/skin preserved:
- Suspicious non-character meshes:
### Frame Findings
| Frame | Finding | Evidence |
| --- | --- | --- |
| 1 | Clean baseline pose | hips/spine/feet aligned |
| 96 | Foot penetrates floor | left_foot min_z = -0.04 |
### Verdict
- Pass/fail:
- Required fix:
- Render readiness:
```
## Examples
### Walk Cycle With Foot Sliding
Scenario: a retargeted character appears to skate during a walk cycle, but the front camera angle makes the foot contact hard to judge.
Apply the workflow:
- Inventory the scene: character mesh `HeroBody`, armature `HeroRig`, ground plane `Floor`, no hidden proxy meshes.
- Identify the skeleton: semantic feet are `foot.L` and `foot.R`; hips are `pelvis`; root bone is `root`.
- Sample animation frames: inspect frames 1, 18, 24, 30, 42, and 48 around planted-foot moments.
- Diagnose contact and motion issues: compare world-space foot locations during planted frames.
Extracted facts:
| Frame | Fact | Evidence |
| --- | --- | --- |
| 18 | Left foot is planted | `foot.L min_z = 0.004`, toe and heel both near floor |
| 24 | Left foot slides while planted | `foot.L x = 0.21 -> 0.28` over six frames |
| 30 | Pelvis keeps moving forward | `pelvis y = 1.14 -> 1.31` |
Verdict: fail for render readiness. The motion needs foot-lock cleanup or retargeting constraint review; the body mesh does not need proportion changes.
### Backwards Imported Character
Scenario: a character looks correct in a still frame, but the animation moves opposite the expected travel direction.
Apply the workflow:
- Determine forward, up, and side axes: compare head, chest, feet, and root motion.
- Sample animation frames: inspect frame 1 and the midpoint of the travel path.
- Report facts before opinions: include the root heading and model-facing direction separately.
Extracted facts:
| Frame | Fact | Evidence |
| --- | --- | --- |
| 1 | Character face points toward world `-Y` | head/chest vector from `neck` to `head` resolves to `-Y` |
| 72 | Root motion travels toward world `+Y` | `root y = 0.0 -> 2.8` |
| 72 | Feet remain visually forward-facing opposite travel | toe bones point `-Y` while displacement is `+Y` |
Verdict: likely backwards import or retargeting forward-axis mismatch. Fix the import/retarget axis mapping before editing animation curves.
## Practical Thresholds
- Assume Blender's default meter-scale units unless the scene unit scale says otherwise.
- Treat ground penetration above 1-2 cm as visible unless the floor is soft or intentionally stylized.
- Treat a sudden scale change above 5% as a likely rig, constraint, or transform inheritance problem.
- Treat left/right ankle side-order flips during airborne inverted motion as leg crossover risk even if it recovers later.
- Treat root heading jumps above 30 degrees per frame as suspicious unless the source motion includes a snap turn.
## Anti-Patterns
- Do not modify body proportions to force pose matching unless the task is explicitly mesh repair.
- Do not bake away the clean baseline before recording it.
- Do not use one rendered camera angle as proof that a pose is correct.
- Do not delete helper objects until you have recorded why they are not part of the character.
- Do not assume an avatar faces +Y, -Y, +X, or -X without checking head, feet, torso, and root motion together.
## Tooling Notes
If a Blender state exporter is available, prefer JSON that includes meshes, armatures, pose bones, materials, contacts, bounding boxes, and sampled animation frames. If no exporter exists, run a small Blender Python script through Blender itself, for example `blender --background scene.blend --python collect_motion_state.py`, because `bpy` is not available in a normal system Python interpreter.

8
skills/continuous-learning-v2/hooks/observe.sh
View File

@@ -116,7 +116,13 @@ except(KeyError, TypeError, ValueError):
# If cwd was provided in stdin, use it for project detection
if [ -n "$STDIN_CWD" ] && [ -d "$STDIN_CWD" ]; then
_GIT_ROOT=$(git -C "$STDIN_CWD" rev-parse --show-toplevel 2>/dev/null || true)
export CLAUDE_PROJECT_DIR="${_GIT_ROOT:-$STDIN_CWD}"
if [ -n "$_GIT_ROOT" ]; then
export CLAUDE_PROJECT_DIR="$_GIT_ROOT"
unset CLV2_NO_PROJECT
else
unset CLAUDE_PROJECT_DIR
export CLV2_NO_PROJECT=1
fi
fi
# ─────────────────────────────────────────────

42
skills/continuous-learning-v2/scripts/detect-project.sh
View File

@@ -75,16 +75,42 @@ _clv2_normalize_remote_url() {
fi
}
_clv2_main_worktree_root() {
local root="$1"
[ -z "$root" ] && return 0
command -v git >/dev/null 2>&1 || return 0
git -C "$root" worktree list --porcelain 2>/dev/null | while IFS= read -r line; do
case "$line" in
worktree\ *)
printf '%s\n' "${line#worktree }"
break
;;
esac
done
}
_clv2_detect_project() {
local project_root=""
local project_name=""
local project_id=""
local source_hint=""
if [ "${CLV2_NO_PROJECT:-0}" = "1" ]; then
_CLV2_PROJECT_ID="global"
_CLV2_PROJECT_NAME="global"
_CLV2_PROJECT_ROOT=""
_CLV2_PROJECT_DIR="${_CLV2_HOMUNCULUS_DIR}"
mkdir -p "$_CLV2_PROJECT_DIR"
return 0
fi
# 1. Try CLAUDE_PROJECT_DIR env var
if [ -n "$CLAUDE_PROJECT_DIR" ] && [ -d "$CLAUDE_PROJECT_DIR" ]; then
project_root="$CLAUDE_PROJECT_DIR"
source_hint="env"
if [ -n "$CLAUDE_PROJECT_DIR" ] && [ -d "$CLAUDE_PROJECT_DIR" ] && command -v git &>/dev/null; then
project_root=$(git -C "$CLAUDE_PROJECT_DIR" rev-parse --show-toplevel 2>/dev/null || true)
if [ -n "$project_root" ]; then
source_hint="env"
fi
fi
# 2. Try git repo root from CWD (only if git is available)
@@ -101,6 +127,7 @@ _clv2_detect_project() {
_CLV2_PROJECT_NAME="global"
_CLV2_PROJECT_ROOT=""
_CLV2_PROJECT_DIR="${_CLV2_HOMUNCULUS_DIR}"
mkdir -p "$_CLV2_PROJECT_DIR"
return 0
fi
@@ -133,7 +160,14 @@ _clv2_detect_project() {
normalized_remote=$(_clv2_normalize_remote_url "$remote_url")
fi
local hash_input="${normalized_remote:-${remote_url:-$project_root}}"
local fallback_root="$project_root"
if [ -z "$remote_url" ]; then
local main_worktree_root
main_worktree_root=$(_clv2_main_worktree_root "$project_root")
[ -n "$main_worktree_root" ] && fallback_root="$main_worktree_root"
fi
local hash_input="${normalized_remote:-${remote_url:-$fallback_root}}"
# Prefer Python for consistent SHA256 behavior across shells/platforms.
# Pass the value via env var and encode as UTF-8 inside Python so the hash
# is locale-independent (shells vary between UTF-8 / CP932 / CP1252, which

331
skills/continuous-learning-v2/scripts/instinct-cli.py
View File

@@ -22,6 +22,7 @@ import os
import subprocess
import sys
import re
import shutil
import urllib.request
from pathlib import Path
from datetime import datetime, timedelta, timezone
@@ -194,26 +195,64 @@ def _yaml_quote(value: str) -> str:
# Project Detection (Python equivalent of detect-project.sh)
# ─────────────────────────────────────────────
def _git_repo_root(cwd: Optional[str] = None) -> Optional[str]:
args = ["git"]
if cwd:
args.extend(["-C", cwd])
args.extend(["rev-parse", "--show-toplevel"])
try:
result = subprocess.run(args, capture_output=True, text=True, timeout=5)
if result.returncode == 0:
return result.stdout.strip()
except (subprocess.TimeoutExpired, FileNotFoundError):
pass
return None
def _main_worktree_root(project_root: str) -> str:
"""Return the main worktree root when project_root is a linked worktree."""
try:
result = subprocess.run(
["git", "-C", project_root, "worktree", "list", "--porcelain"],
capture_output=True, text=True, timeout=5
)
except (subprocess.TimeoutExpired, FileNotFoundError):
return project_root
if result.returncode != 0:
return project_root
for line in result.stdout.splitlines():
if line.startswith("worktree "):
main_root = line.split(" ", 1)[1].strip()
return main_root or project_root
return project_root
def detect_project() -> dict:
"""Detect current project context. Returns dict with id, name, root, project_dir."""
project_root = None
if os.environ.get("CLV2_NO_PROJECT") == "1":
return {
"id": "global",
"name": "global",
"root": "",
"project_dir": HOMUNCULUS_DIR,
"instincts_personal": GLOBAL_PERSONAL_DIR,
"instincts_inherited": GLOBAL_INHERITED_DIR,
"evolved_dir": GLOBAL_EVOLVED_DIR,
"observations_file": GLOBAL_OBSERVATIONS_FILE,
}
# 1. CLAUDE_PROJECT_DIR env var
env_dir = os.environ.get("CLAUDE_PROJECT_DIR")
if env_dir and os.path.isdir(env_dir):
project_root = env_dir
project_root = _git_repo_root(env_dir)
# 2. git repo root
if not project_root:
try:
result = subprocess.run(
["git", "rev-parse", "--show-toplevel"],
capture_output=True, text=True, timeout=5
)
if result.returncode == 0:
project_root = result.stdout.strip()
except (subprocess.TimeoutExpired, FileNotFoundError):
pass
project_root = _git_repo_root()
# Normalize: strip trailing slashes to keep basename and hash stable
if project_root:
@@ -250,9 +289,10 @@ def detect_project() -> dict:
if remote_url:
remote_url = _strip_remote_credentials(remote_url)
fallback_root = _main_worktree_root(project_root) if not remote_url else project_root
legacy_hash_source = remote_url if remote_url else project_root
normalized_remote = _normalize_remote_url(remote_url) if remote_url else ""
hash_source = normalized_remote if normalized_remote else legacy_hash_source
hash_source = normalized_remote if normalized_remote else (remote_url if remote_url else fallback_root)
project_id = _project_hash(hash_source)
project_dir = PROJECTS_DIR / project_id
@@ -352,6 +392,26 @@ def load_registry() -> dict:
return {}
def _write_registry(registry: dict) -> None:
"""Write the project registry atomically."""
REGISTRY_FILE.parent.mkdir(parents=True, exist_ok=True)
tmp_file = REGISTRY_FILE.parent / f".{REGISTRY_FILE.name}.tmp.{os.getpid()}"
with open(tmp_file, "w", encoding="utf-8") as f:
json.dump(registry, f, indent=2)
f.write("\n")
f.flush()
os.fsync(f.fileno())
os.replace(tmp_file, REGISTRY_FILE)
def _validate_project_id(project_id: str) -> bool:
if not project_id or len(project_id) > 128:
return False
if "/" in project_id or "\\" in project_id or ".." in project_id:
return False
return bool(re.match(r"^[A-Za-z0-9][A-Za-z0-9._-]*$", project_id))
# ─────────────────────────────────────────────
# Instinct Parser
# ─────────────────────────────────────────────
@@ -436,6 +496,96 @@ def _load_instincts_from_dir(directory: Path, source_type: str, scope_label: str
return instincts
def _project_counts(project_id: str) -> dict:
project_dir = PROJECTS_DIR / project_id
personal_dir = project_dir / "instincts" / "personal"
inherited_dir = project_dir / "instincts" / "inherited"
observations_file = project_dir / "observations.jsonl"
personal_count = len(_load_instincts_from_dir(personal_dir, "personal", "project"))
inherited_count = len(_load_instincts_from_dir(inherited_dir, "inherited", "project"))
observations_count = 0
if observations_file.exists():
try:
with open(observations_file, encoding="utf-8") as f:
observations_count = sum(1 for _ in f)
except OSError:
observations_count = 0
return {
"personal": personal_count,
"inherited": inherited_count,
"observations": observations_count,
"total": personal_count + inherited_count + observations_count,
}
def _remove_project_storage(project_id: str) -> None:
project_dir = PROJECTS_DIR / project_id
if project_dir.exists():
shutil.rmtree(project_dir)
def _project_instinct_ids(project_dir: Path, source_type: str) -> set[str]:
instinct_dir = project_dir / "instincts" / source_type
return {
inst.get("id")
for inst in _load_instincts_from_dir(instinct_dir, source_type, "project")
if inst.get("id")
}
def _merge_instinct_dir(from_dir: Path, into_dir: Path, existing_ids: set[str]) -> tuple[int, int]:
moved = 0
skipped = 0
if not from_dir.exists():
return moved, skipped
into_dir.mkdir(parents=True, exist_ok=True)
for file_path in sorted(from_dir.iterdir()):
if not file_path.is_file() or file_path.suffix.lower() not in ALLOWED_INSTINCT_EXTENSIONS:
continue
try:
instincts = parse_instinct_file(file_path.read_text(encoding="utf-8"))
except (OSError, UnicodeDecodeError):
instincts = []
instinct_ids = [inst.get("id") for inst in instincts if inst.get("id")]
if any(instinct_id in existing_ids for instinct_id in instinct_ids):
skipped += 1
continue
target_path = into_dir / file_path.name
if target_path.exists():
target_path = into_dir / f"{file_path.stem}-{_project_hash(str(file_path))}{file_path.suffix}"
shutil.copy2(file_path, target_path)
existing_ids.update(instinct_ids)
moved += 1
return moved, skipped
def _append_observations(from_project_dir: Path, into_project_dir: Path) -> int:
from_file = from_project_dir / "observations.jsonl"
if not from_file.exists():
return 0
into_file = into_project_dir / "observations.jsonl"
into_file.parent.mkdir(parents=True, exist_ok=True)
try:
lines = from_file.read_text(encoding="utf-8").splitlines()
except (OSError, UnicodeDecodeError):
return 0
if not lines:
return 0
with open(into_file, "a", encoding="utf-8") as f:
for line in lines:
if line.strip():
f.write(line.rstrip("\n") + "\n")
return len([line for line in lines if line.strip()])
def load_all_instincts(project: dict, include_global: bool = True) -> list[dict]:
"""Load all instincts: project-scoped + global.
@@ -1180,7 +1330,14 @@ def _promote_auto(project: dict, force: bool, dry_run: bool) -> int:
# ─────────────────────────────────────────────
def cmd_projects(args) -> int:
"""List all known projects and their instinct counts."""
"""List or maintain known projects and their instinct counts."""
if getattr(args, "project_action", None) == "delete":
return _cmd_projects_delete(args)
if getattr(args, "project_action", None) == "merge":
return _cmd_projects_merge(args)
if getattr(args, "project_action", None) == "gc":
return _cmd_projects_gc(args)
registry = load_registry()
if not registry:
@@ -1225,6 +1382,143 @@ def cmd_projects(args) -> int:
return 0
def _cmd_projects_delete(args) -> int:
registry = load_registry()
project_id = args.project_id
if not _validate_project_id(project_id):
print(f"Invalid project ID: {project_id}", file=sys.stderr)
return 1
if project_id not in registry and not (PROJECTS_DIR / project_id).exists():
print(f"Project '{project_id}' not found.", file=sys.stderr)
return 1
counts = _project_counts(project_id)
print(f"Project: {project_id}")
print(f" Instincts: {counts['personal']} personal, {counts['inherited']} inherited")
print(f" Observations: {counts['observations']} events")
if args.dry_run:
print(f"\n[DRY RUN] Would delete project '{project_id}' from registry and storage.")
return 0
if not args.force:
if counts["total"] > 0:
print("\nWarning: this project has instincts or observations.")
response = input(f"Delete project '{project_id}'? [y/N] ")
if response.lower() != "y":
print("Cancelled.")
return 0
registry.pop(project_id, None)
_write_registry(registry)
_remove_project_storage(project_id)
print(f"\nDeleted project '{project_id}'.")
return 0
def _cmd_projects_gc(args) -> int:
registry = load_registry()
candidates = [
project_id
for project_id in sorted(registry)
if _validate_project_id(project_id) and _project_counts(project_id)["total"] == 0
]
if not candidates:
print("No zero-value project entries found.")
return 0
print(f"Zero-value project entries: {len(candidates)}")
for project_id in candidates:
pinfo = registry.get(project_id, {})
print(f" - {pinfo.get('name', project_id)} [{project_id}]")
if args.dry_run:
print(f"\n[DRY RUN] Would delete {len(candidates)} project entr{'y' if len(candidates) == 1 else 'ies'}.")
return 0
if not args.force:
response = input(f"\nDelete {len(candidates)} zero-value project entr{'y' if len(candidates) == 1 else 'ies'}? [y/N] ")
if response.lower() != "y":
print("Cancelled.")
return 0
for project_id in candidates:
registry.pop(project_id, None)
_remove_project_storage(project_id)
_write_registry(registry)
print(f"\nDeleted {len(candidates)} zero-value project entr{'y' if len(candidates) == 1 else 'ies'}.")
return 0
def _cmd_projects_merge(args) -> int:
from_id = args.from_id
into_id = args.into_id
if not _validate_project_id(from_id) or not _validate_project_id(into_id):
print("Invalid project ID.", file=sys.stderr)
return 1
if from_id == into_id:
print("Cannot merge a project into itself.", file=sys.stderr)
return 1
registry = load_registry()
if from_id not in registry:
print(f"Source project '{from_id}' not found.", file=sys.stderr)
return 1
if into_id not in registry:
print(f"Destination project '{into_id}' not found.", file=sys.stderr)
return 1
from_counts = _project_counts(from_id)
into_counts = _project_counts(into_id)
print(f"Merge: {from_id} -> {into_id}")
print(f" Source: {from_counts['personal']} personal, {from_counts['inherited']} inherited, {from_counts['observations']} observations")
print(f" Destination before merge: {into_counts['personal']} personal, {into_counts['inherited']} inherited, {into_counts['observations']} observations")
if args.dry_run:
print("\n[DRY RUN] Would merge source project into destination and remove source.")
return 0
if not args.force:
response = input(f"\nMerge '{from_id}' into '{into_id}' and remove source? [y/N] ")
if response.lower() != "y":
print("Cancelled.")
return 0
from_project_dir = PROJECTS_DIR / from_id
into_project_dir = PROJECTS_DIR / into_id
into_project_dir.mkdir(parents=True, exist_ok=True)
personal_existing = _project_instinct_ids(into_project_dir, "personal")
inherited_existing = _project_instinct_ids(into_project_dir, "inherited")
personal_moved, personal_skipped = _merge_instinct_dir(
from_project_dir / "instincts" / "personal",
into_project_dir / "instincts" / "personal",
personal_existing,
)
inherited_moved, inherited_skipped = _merge_instinct_dir(
from_project_dir / "instincts" / "inherited",
into_project_dir / "instincts" / "inherited",
inherited_existing,
)
observations_moved = _append_observations(from_project_dir, into_project_dir)
registry.pop(from_id, None)
destination = registry.get(into_id, {})
destination["last_seen"] = datetime.now(timezone.utc).isoformat().replace("+00:00", "Z")
registry[into_id] = destination
_write_registry(registry)
_remove_project_storage(from_id)
print("\nMerged project registry entry.")
print(f" Moved instincts: {personal_moved + inherited_moved}")
print(f" Skipped duplicate instincts: {personal_skipped + inherited_skipped}")
print(f" Appended observations: {observations_moved}")
return 0
# ─────────────────────────────────────────────
# Generate Evolved Structures
# ─────────────────────────────────────────────
@@ -1486,6 +1780,19 @@ def main() -> int:
# Projects (new in v2.1)
projects_parser = subparsers.add_parser('projects', help='List known projects and instinct counts')
projects_subparsers = projects_parser.add_subparsers(dest='project_action')
projects_delete = projects_subparsers.add_parser('delete', help='Delete a project registry entry')
projects_delete.add_argument('project_id', help='Project ID to delete')
projects_delete.add_argument('--dry-run', action='store_true', help='Preview without deleting')
projects_delete.add_argument('--force', action='store_true', help='Skip confirmation')
projects_merge = projects_subparsers.add_parser('merge', help='Merge one project registry entry into another')
projects_merge.add_argument('from_id', help='Source project ID')
projects_merge.add_argument('into_id', help='Destination project ID')
projects_merge.add_argument('--dry-run', action='store_true', help='Preview without merging')
projects_merge.add_argument('--force', action='store_true', help='Skip confirmation')
projects_gc = projects_subparsers.add_parser('gc', help='Delete zero-value project registry entries')
projects_gc.add_argument('--dry-run', action='store_true', help='Preview without deleting')
projects_gc.add_argument('--force', action='store_true', help='Skip confirmation')
# Prune (pending instinct TTL)
prune_parser = subparsers.add_parser('prune', help='Delete pending instincts older than TTL')

39
tests/ci/scan-supply-chain-iocs.test.js
View File

@@ -251,6 +251,45 @@ function run() {
});
})) passed++; else failed++;
if (test('ignores explicit Claude Code deny-wall IOC entries', () => {
withFixture({
'home/.claude/settings.local.json': JSON.stringify({
permissions: {
deny: [
'Bash(*filev2.getsession.org*)',
'Bash(*router_runtime.js*)',
'Bash(*gh-token-monitor*)',
],
},
}, null, 2),
}, rootDir => {
const homeDir = path.join(rootDir, 'home');
const result = scanSupplyChainIocs({ rootDir, home: true, homeDir });
assert.deepStrictEqual(result.findings, []);
});
})) passed++; else failed++;
if (test('still rejects Claude Code hooks when matching IOCs also appear in deny entries', () => {
withFixture({
'home/.claude/settings.local.json': JSON.stringify({
permissions: {
deny: [
'Bash(*router_runtime.js*)',
],
},
hooks: {
PostToolUse: [{
hooks: [{ command: 'node ~/.claude/router_runtime.js' }],
}],
},
}, null, 2),
}, rootDir => {
const homeDir = path.join(rootDir, 'home');
const result = scanSupplyChainIocs({ rootDir, home: true, homeDir });
assert.ok(result.findings.some(finding => finding.indicator === 'router_runtime.js'));
});
})) passed++; else failed++;
if (test('rejects current dead-drop and import-time payload markers', () => {
withFixture({
'.vscode/tasks.json': JSON.stringify({

17
tests/ci/validate-workflow-security.test.js
View File

@@ -244,12 +244,27 @@ function run() {
if (test('rejects actions/cache in workflows with id-token write', () => {
const result = runValidator({
'unsafe-oidc-cache.yml': `name: Unsafe\non:\n push:\npermissions:\n contents: read\n id-token: write\njobs:\n release:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/cache@v5\n with:\n path: ~/.npm\n key: cache\n`,
'unsafe-oidc-cache.yml': `name: Unsafe\non:\n push:\npermissions:\n contents: read\njobs:\n release:\n runs-on: ubuntu-latest\n permissions:\n contents: read\n id-token: write\n steps:\n - uses: actions/cache@v5\n with:\n path: ~/.npm\n key: cache\n`,
});
assert.notStrictEqual(result.status, 0, 'Expected validator to fail on id-token workflow cache use');
assert.match(result.stderr, /id-token: write must not restore or save shared dependency caches/);
})) passed++; else failed++;
if (test('rejects workflow-scoped id-token write', () => {
const result = runValidator({
'unsafe-workflow-oidc.yml': `name: Unsafe\non:\n push:\npermissions:\n contents: read\n id-token: write\njobs:\n verify:\n runs-on: ubuntu-latest\n steps:\n - run: npm ci --ignore-scripts\n`,
});
assert.notStrictEqual(result.status, 0, 'Expected validator to fail on workflow-level id-token write');
assert.match(result.stderr, /id-token: write must be scoped to a publish-only job/);
})) passed++; else failed++;
if (test('allows job-scoped id-token for publish-only jobs', () => {
const result = runValidator({
'safe-publish-oidc.yml': `name: Safe\non:\n push:\npermissions:\n contents: read\njobs:\n publish:\n runs-on: ubuntu-latest\n permissions:\n contents: write\n id-token: write\n steps:\n - run: npm publish package.tgz --access public --provenance\n`,
});
assert.strictEqual(result.status, 0, result.stderr || result.stdout);
})) passed++; else failed++;
if (test('rejects npm audit without registry signature verification', () => {
const result = runValidator({
'unsafe-audit.yml': `name: Unsafe\non:\n push:\njobs:\n audit:\n runs-on: ubuntu-latest\n steps:\n - run: npm audit --audit-level=high\n`,

298
tests/docs/ecc2-release-surface.test.js
View File

@@ -52,6 +52,10 @@ const expectedReleaseFiles = [
'quickstart.md',
'preview-pack-manifest.md',
'publication-readiness.md',
'video-suite-production.md',
'partner-sponsor-talks-pack.md',
'owner-approval-packet-2026-05-19.md',
'release-name-plugin-publication-checklist-2026-05-18.md',
];
test('release candidate directory includes the public launch pack', () => {
@@ -110,12 +114,12 @@ test('business launch copy stays aligned with the rc.1 public surface', () => {
'business launch copy should stay pre-publication until release URLs exist'
);
assert.ok(
source.includes('https://github.com/affaan-m/everything-claude-code'),
source.includes('https://github.com/affaan-m/ECC'),
'business launch copy should include the public repo URL'
);
assert.ok(
source.includes(
'https://github.com/affaan-m/everything-claude-code/blob/main/docs/releases/2.0.0-rc.1/release-notes.md'
'https://github.com/affaan-m/ECC/blob/main/docs/releases/2.0.0-rc.1/release-notes.md'
),
'business launch copy should link to the rc.1 release notes'
);
@@ -126,6 +130,7 @@ test('business launch copy stays aligned with the rc.1 public surface', () => {
test('announcement drafts avoid live-release claims before publication', () => {
const announcementFiles = [
'docs/releases/2.0.0-rc.1/linkedin-post.md',
'docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md',
'docs/business/social-launch-copy.md',
];
@@ -172,8 +177,14 @@ test('preview pack manifest assembles release, Hermes, and publication gates', (
'skills/hermes-imports/SKILL.md',
'docs/architecture/harness-adapter-compliance.md',
'scripts/preview-pack-smoke.js',
'scripts/release-approval-gate.js',
'docs/releases/2.0.0-rc.1/publication-readiness.md',
'docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md',
'docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md',
'docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md',
'docs/releases/2.0.0-rc.1/video-suite-production.md',
'docs/releases/2.0.0-rc.1/publication-evidence-2026-05-19.md',
'docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md',
]) {
assert.ok(manifest.includes(artifact), `preview pack manifest missing ${artifact}`);
}
@@ -191,14 +202,93 @@ test('preview pack manifest assembles release, Hermes, and publication gates', (
assert.ok(manifest.includes('no raw workspace exports'));
assert.ok(manifest.includes('Final Verification Commands'));
assert.ok(manifest.includes('npm run preview-pack:smoke'));
assert.ok(manifest.includes('npm run release:approval-gate -- --format json'));
assert.ok(manifest.includes('npm run release:video-suite -- --format json'));
assert.ok(manifest.includes('Reference-Inspired Adapter Direction'));
});
test('owner approval packet consolidates the final gated decisions', () => {
const packet = read('docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md');
const manifest = read('docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
const publicationReadiness = read('docs/releases/2.0.0-rc.1/publication-readiness.md');
const hypergrowth = read('docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
for (const marker of [
'Owner Approval Packet',
'Source commit',
'Decision Register',
'GitHub prerelease',
'npm `next` publish',
'Claude plugin tag',
'Video upload',
'Final URL Fill-In',
'Do Not Approve If',
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement is authorized by this packet alone.',
]) {
assert.ok(packet.includes(marker), `owner approval packet missing ${marker}`);
}
for (const command of [
'node scripts/platform-audit.js --json',
'npm run preview-pack:smoke -- --format json',
'npm run release:approval-gate -- --format json',
'npm run release:video-suite -- --format json',
'node tests/run-all.js',
]) {
assert.ok(packet.includes(command), `owner approval packet missing command ${command}`);
}
for (const urlSurface of [
'GitHub prerelease URL',
'npm rc package URL',
'Claude plugin tag URL',
'Primary launch video URL',
'ECC Tools billing/readiness URL',
]) {
assert.ok(packet.includes(urlSurface), `owner approval packet missing ${urlSurface}`);
}
assert.ok(manifest.includes('owner-approval-packet-2026-05-19.md'));
assert.ok(publicationReadiness.includes('owner-approval-packet-2026-05-19.md'));
assert.ok(hypergrowth.includes('owner-approval-packet-2026-05-19.md'));
});
test('GA roadmap mirrors the current May 19 release evidence', () => {
const roadmap = read('docs/ECC-2.0-GA-ROADMAP.md');
for (const marker of [
'owner-approval-packet-2026-05-19.md',
'preview-pack smoke digest `eebb8a66c33e`',
'local 2568-test suite',
'PR #2001',
'GitHub Actions run `26102500291`',
'PR #2002',
'GitHub Actions run `26103853507`',
'PR #2009',
'GitHub Actions run `26111313938`',
'PR #2019',
'30f60710',
'26135974576',
'467d148a-712a-4777-aad9-95593e9f1739',
'7642ee9c-3107-400c-a229-53e2895a8914',
'ecc-may-19-post-pr-2002-sync-64cef8f668e0',
'owner approval packet',
]) {
assert.ok(roadmap.includes(marker), `GA roadmap missing current evidence marker ${marker}`);
}
assert.ok(!roadmap.includes('preview-pack smoke digest `bc2bf157616e`'));
assert.ok(!roadmap.includes('preview-pack smoke digest `531328aaaa53`'));
assert.ok(!roadmap.includes('local 2544-test suite'));
});
test('rc.1 quickstart gives a clone-to-cross-harness path', () => {
const quickstart = read('docs/releases/2.0.0-rc.1/quickstart.md');
for (const heading of ['Clone', 'Install', 'Verify', 'First Skill', 'Switch Harness']) {
assert.ok(quickstart.includes(`## ${heading}`), `Missing ${heading} section`);
}
assert.ok(quickstart.includes('git clone https://github.com/affaan-m/ECC.git'));
assert.ok(quickstart.includes('cd ECC'));
assert.ok(quickstart.includes('node tests/run-all.js'));
assert.ok(quickstart.includes('skills/hermes-imports/SKILL.md'));
});
@@ -226,9 +316,126 @@ test('launch checklist records the ecc2 alpha version policy', () => {
assert.ok(!launchChecklist.includes('confirm whether `ecc2/Cargo.toml` moves'));
});
test('release video suite manifest gates the content launch lane', () => {
const videoManifest = read('docs/releases/2.0.0-rc.1/video-suite-production.md');
const launchChecklist = read('docs/releases/2.0.0-rc.1/launch-checklist.md');
const hypergrowth = read('docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
const packageJson = JSON.parse(read('package.json'));
for (const marker of [
'ECC 2.0 Video Suite Production Manifest',
'ECC_VIDEO_SOURCE_ROOT',
'ECC_VIDEO_RELEASE_SUITE_ROOT',
'video-use compatible workflow',
'Self-Eval Gate',
'Do Not Publish If',
'renders/ecc-2-primary-launch-rough-v1.mp4',
'timelines/primary-launch-v1.timeline.json',
'Primary launch video',
]) {
assert.ok(videoManifest.includes(marker), `video suite manifest missing ${marker}`);
}
for (const asset of [
'longform-full-wide.mp4',
'sf-thread-2-whatisecc.mp4',
'thread-2-ghapp-money.mp4',
'coverage-montage-wide.mp4',
'star_history.png',
'x_analytics.png',
]) {
assert.ok(videoManifest.includes(asset), `video suite manifest missing asset ${asset}`);
}
assert.ok(launchChecklist.includes('npm run release:video-suite -- --format json'));
assert.ok(hypergrowth.includes('Pick final video cuts, upload after approval, and attach public URLs'));
assert.strictEqual(packageJson.scripts['release:video-suite'], 'node scripts/release-video-suite.js');
assert.ok(packageJson.files.includes('scripts/release-video-suite.js'));
});
test('release approval gate blocks publication until owner decisions and URLs are final', () => {
const manifest = read('docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
const packet = read('docs/releases/2.0.0-rc.1/owner-approval-packet-2026-05-19.md');
const ledger = read('docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md');
const script = read('scripts/release-approval-gate.js');
const packageJson = JSON.parse(read('package.json'));
for (const marker of [
'ecc.release-approval-gate.v1',
'owner-decisions-approved',
'release-url-ledger-finalized',
'announcement-copy-finalized',
'No outbound email, personal-account post, package publish, plugin tag, or billing announcement',
]) {
assert.ok(script.includes(marker), `release approval gate missing ${marker}`);
}
assert.ok(manifest.includes('scripts/release-approval-gate.js'));
assert.ok(manifest.includes('npm run release:approval-gate -- --format json'));
assert.ok(packet.includes('npm run release:approval-gate -- --format json'));
assert.ok(ledger.includes('npm run release:approval-gate -- --format json'));
assert.strictEqual(packageJson.scripts['release:approval-gate'], 'node scripts/release-approval-gate.js');
assert.ok(packageJson.files.includes('scripts/release-approval-gate.js'));
});
test('partner sponsor talks pack gates the hypergrowth outbound lane', () => {
const partnerPack = read('docs/releases/2.0.0-rc.1/partner-sponsor-talks-pack.md');
const manifest = read('docs/releases/2.0.0-rc.1/preview-pack-manifest.md');
const releaseNotes = read('docs/releases/2.0.0-rc.1/release-notes.md');
const launchChecklist = read('docs/releases/2.0.0-rc.1/launch-checklist.md');
const hypergrowth = read('docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md');
for (const marker of [
'Partner, Sponsor, and Talks Pack',
'$1,728/mo',
'$10,000/mo',
'$8,272/mo',
'Pilot sponsor',
'Business sponsor',
'Strategic partner',
'Consulting sprint',
'Talk or podcast',
'Sponsor Outbound',
'Platform Partner DM',
'Consulting Intro',
'Talk And Podcast Pitch',
'GitHub Discussion Announcement',
'Video CTA Hooks',
'Do Not Send Or Publish If',
'The user has not approved outbound sponsor, partner, consulting, or media',
]) {
assert.ok(partnerPack.includes(marker), `partner pack missing ${marker}`);
}
assert.ok(partnerPack.includes('SPONSORS.md'));
assert.ok(partnerPack.includes('SPONSORING.md'));
assert.ok(manifest.includes('partner-sponsor-talks-pack.md'));
assert.ok(releaseNotes.includes('partner/sponsor/talk outreach'));
assert.ok(launchChecklist.includes('partner-sponsor-talks-pack.md'));
assert.ok(hypergrowth.includes('partner-sponsor-talks-pack.md'));
});
test('release video suite public docs do not expose private media paths', () => {
const releaseVideoDocs = [
'docs/releases/2.0.0-rc.1/video-suite-production.md',
'docs/releases/2.0.0/ecc-2-hypergrowth-release-command-center.md',
];
const offenders = [];
for (const relativePath of releaseVideoDocs) {
const source = read(relativePath);
if (/\/Users\/[A-Za-z0-9._-]+|\/home\/(?!user|runner)[A-Za-z0-9._-]+/.test(source)) {
offenders.push(relativePath);
}
}
assert.deepStrictEqual(offenders, []);
});
test('publication readiness checklist gates public release actions on evidence', () => {
const source = read('docs/releases/2.0.0-rc.1/publication-readiness.md');
const may15Evidence = read('docs/releases/2.0.0-rc.1/publication-evidence-2026-05-15.md');
const discussionPlaybook = read('docs/architecture/discussion-response-playbook.md');
for (const section of [
'## Release Identity Matrix',
@@ -286,15 +493,96 @@ test('publication readiness checklist gates public release actions on evidence',
assert.ok(may15Evidence.includes('codex plugin marketplace add <local-checkout>'));
assert.ok(may15Evidence.includes('Plugin Directory publishing is still blocked'));
assert.ok(may15Evidence.includes('announcementGate.ready === true'));
assert.ok(source.includes('ECC-Tools #73 added announcementGate'));
assert.ok(source.includes('official Plugin Directory publishing and self-serve management are documented as coming soon'));
assert.ok(source.includes('ECC-Tools #92 main CI'));
assert.ok(source.includes('ECC-Tools #93 main CI'));
assert.ok(source.includes('do not claim official Plugin Directory listing before OpenAI submission evidence'));
assert.ok(source.includes('release-name-plugin-publication-checklist-2026-05-18.md'));
assert.ok(source.includes('Release name and plugin publication checklist'));
assert.ok(may15Evidence.includes('| Trunk discussions | GraphQL discussion count and maintainer-touch sweep | 58 total discussions;'));
assert.ok(source.includes('58 trunk discussions, 0 without maintainer touch'));
assert.ok(source.includes('platform audit sampled 59 trunk discussions'));
assert.ok(source.includes('0 needing maintainer touch'));
assert.ok(source.includes('discussion-response-playbook.md'));
for (const expected of [
'Public Support',
'Maintainer Coordination',
'Stale Or Concluded',
'Release Announcement',
'Security Escalation',
'classified as informational',
]) {
assert.ok(discussionPlaybook.includes(expected), `discussion playbook missing ${expected}`);
}
assert.ok(may15Evidence.includes('env -u GITHUB_TOKEN'));
assert.ok(may15Evidence.includes('ITO-44'));
assert.ok(may15Evidence.includes('0 open PRs, 0 open issues'));
});
test('release name and plugin publication checklist freezes rc.1 surfaces', () => {
const checklist = read(
'docs/releases/2.0.0-rc.1/release-name-plugin-publication-checklist-2026-05-18.md'
);
const launchChecklist = read('docs/releases/2.0.0-rc.1/launch-checklist.md');
const referenceArchitecture = read('docs/ECC-2.0-REFERENCE-ARCHITECTURE.md');
for (const value of [
'Ship `v2.0.0-rc.1` as **ECC**',
'`affaan-m/ECC`',
'`ecc-universal`',
'`ecc` on npm is occupied',
'`@affaan-m/ecc` is unclaimed on npm',
'Claude plugin',
'Codex plugin',
'do not claim official directory listing until OpenAI publishing path is available',
'Do not rename the npm package until rc.1 is published',
'Do not announce billing, Marketplace, or native payments',
]) {
assert.ok(checklist.includes(value), `release name/plugin checklist missing ${value}`);
}
for (const command of [
'claude plugin validate .claude-plugin/plugin.json',
'claude plugin tag .claude-plugin --dry-run',
'codex plugin marketplace add --help',
'npm publish --tag next --dry-run',
'npm run preview-pack:smoke',
'npm run release:approval-gate -- --format json',
]) {
assert.ok(checklist.includes(command), `release name/plugin checklist missing command ${command}`);
}
assert.ok(launchChecklist.includes('release-name-plugin-publication-checklist-2026-05-18.md'));
assert.ok(referenceArchitecture.includes('Keep the release/name/plugin publication checklist current'));
});
test('active release identity surfaces use canonical ECC repo URLs', () => {
const activeFiles = [
'README.md',
'.codex-plugin/README.md',
'.codex-plugin/plugin.json',
'.opencode/README.md',
'.opencode/package.json',
'docs/business/metrics-and-sponsorship.md',
'docs/releases/2.0.0-rc.1/quickstart.md',
'docs/releases/2.0.0-rc.1/x-thread.md',
'docs/releases/2.0.0-rc.1/publication-readiness.md',
'docs/releases/2.0.0-rc.1/naming-and-publication-matrix.md',
'docs/releases/2.0.0-rc.1/release-url-ledger-2026-05-19.md',
'ecc2/Cargo.toml',
'scripts/platform-audit.js',
'scripts/discussion-audit.js',
];
const offenders = [];
for (const relativePath of activeFiles) {
const source = read(relativePath);
if (source.includes('affaan-m/everything-claude-code')) {
offenders.push(relativePath);
}
}
assert.deepStrictEqual(offenders, []);
});
test('release checklist and roadmap link to publication readiness evidence gate', () => {
const launchChecklist = read('docs/releases/2.0.0-rc.1/launch-checklist.md');
const roadmap = read('docs/ECC-2.0-GA-ROADMAP.md');

84
tests/hooks/detect-project-worktree.test.js
View File

@@ -181,29 +181,14 @@ test('detect-project.sh sets PROJECT_NAME and non-global PROJECT_ID for worktree
}
});
// Create a worktree-like directory with .git as a file
const worktreeDir = path.join(testDir, 'my-worktree');
fs.mkdirSync(worktreeDir, { recursive: true });
// Set up the worktree directory structure in the main repo
const worktreesDir = path.join(mainRepo, '.git', 'worktrees', 'my-worktree');
fs.mkdirSync(worktreesDir, { recursive: true });
// Create the gitdir file and commondir in the worktree metadata
const mainGitDir = path.join(mainRepo, '.git');
fs.writeFileSync(
path.join(worktreesDir, 'commondir'),
'../..\n'
);
fs.writeFileSync(
path.join(worktreesDir, 'HEAD'),
fs.readFileSync(path.join(mainGitDir, 'HEAD'), 'utf8')
);
// Write .git file in the worktree directory (this is what git worktree creates)
fs.writeFileSync(
path.join(worktreeDir, '.git'),
`gitdir: ${worktreesDir}\n`
execSync(`git worktree add "${worktreeDir}" -b feature/project-id`, {
cwd: mainRepo,
stdio: 'pipe'
});
assert.ok(
fs.statSync(path.join(worktreeDir, '.git')).isFile(),
'linked worktree should expose .git as a file'
);
// Source detect-project.sh from the worktree directory and capture results
@@ -248,6 +233,61 @@ test('detect-project.sh sets PROJECT_NAME and non-global PROJECT_ID for worktree
}
});
test('detect-project.sh uses the main worktree hash when no remote exists', () => {
const testDir = createTempDir();
try {
const mainRepo = path.join(testDir, 'main-repo');
const worktreeDir = path.join(testDir, 'feature-worktree');
const homeDir = path.join(testDir, 'home');
fs.mkdirSync(mainRepo, { recursive: true });
fs.mkdirSync(homeDir, { recursive: true });
execSync('git init', { cwd: mainRepo, stdio: 'pipe' });
execSync('git commit --allow-empty -m "init"', {
cwd: mainRepo,
stdio: 'pipe',
env: {
...process.env,
GIT_AUTHOR_NAME: 'Test',
GIT_AUTHOR_EMAIL: 'test@test.com',
GIT_COMMITTER_NAME: 'Test',
GIT_COMMITTER_EMAIL: 'test@test.com'
}
});
execSync(`git worktree add "${worktreeDir}" -b feature/no-remote`, {
cwd: mainRepo,
stdio: 'pipe'
});
function detectId(targetDir) {
const script = `
export HOME="${toBashPath(homeDir)}"
export USERPROFILE="${toBashPath(homeDir)}"
export CLAUDE_PROJECT_DIR="${toBashPath(targetDir)}"
source "${toBashPath(detectProjectPath)}" >/dev/null
printf "%s" "$PROJECT_ID"
`;
return execFileSync('bash', ['-lc', script], {
cwd: targetDir,
timeout: 10000,
env: {
...process.env,
HOME: toBashPath(homeDir),
USERPROFILE: toBashPath(homeDir),
CLAUDE_PROJECT_DIR: toBashPath(targetDir)
}
}).toString();
}
const mainId = detectId(mainRepo);
const worktreeId = detectId(worktreeDir);
assert.ok(mainId && mainId !== 'global', 'main repo should get a project id');
assert.strictEqual(worktreeId, mainId, 'linked worktree should share the main worktree project id');
} finally {
cleanupDir(testDir);
}
});
// ──────────────────────────────────────────────────────
// Summary
// ──────────────────────────────────────────────────────

17
tests/hooks/gateguard-fact-force.test.js
View File

@@ -769,6 +769,8 @@ function runTests() {
'git diff --name-only',
'git log --oneline --max-count=1',
'git show HEAD:README.md',
'git show HEAD:"docs/install guide.md"',
'/usr/bin/git status --short',
'git branch --show-current',
'git rev-parse --abbrev-ref HEAD',
];
@@ -802,7 +804,20 @@ function runTests() {
assert.ok(output.hookSpecificOutput.permissionDecisionReason.includes('current user request'));
})) passed++; else failed++;
// --- Test 23: module-load pruning removes old state files only ---
// --- Test 23: quoted shell separators are not read-only git bypasses
clearState();
if (test('does not treat quoted shell separators as read-only git introspection', () => {
const result = runBashHook({
tool_name: 'Bash',
tool_input: { command: 'git show HEAD:"docs/a;b.md"' }
});
const output = parseOutput(result.stdout);
assert.ok(output, 'should produce valid JSON output');
assert.strictEqual(output.hookSpecificOutput.permissionDecision, 'deny');
assert.ok(output.hookSpecificOutput.permissionDecisionReason.includes('current user request'));
})) passed++; else failed++;
// --- Test 24: module-load pruning removes old state files only ---
clearState();
if (test('prunes stale state files while keeping fresh state files', () => {
const staleFile = path.join(stateDir, 'state-stale-session.json');

34
tests/hooks/hooks.test.js
View File

@@ -2513,6 +2513,29 @@ async function runTests() {
passed++;
else failed++;
if (
test('inline hook bootstraps avoid escaped double quotes for Git Bash', () => {
const hooksPath = path.join(__dirname, '..', '..', 'hooks', 'hooks.json');
const hooks = JSON.parse(fs.readFileSync(hooksPath, 'utf8'));
for (const [eventName, hookArray] of Object.entries(hooks.hooks)) {
for (const entry of hookArray) {
for (const hook of entry.hooks) {
const commandText = Array.isArray(hook.command) ? hook.command.join(' ') : hook.command;
if (typeof commandText === 'string' && commandText.startsWith('node -e ')) {
assert.ok(
!commandText.includes('\\"'),
`${eventName}/${entry.id || entry.matcher || 'hook'} should not ship escaped double quotes in node -e payload`,
);
}
}
}
}
})
)
passed++;
else failed++;
if (
test('all hook commands use node or approved shell wrappers', () => {
const hooksPath = path.join(__dirname, '..', '..', 'hooks', 'hooks.json');
@@ -3277,11 +3300,14 @@ async function runTests() {
assert.strictEqual(result.code, 0, `observe.sh should exit successfully, stderr: ${result.stderr}`);
const projectsDir = path.join(homeDir, '.local', 'share', 'ecc-homunculus', 'projects');
const projectIds = fs.readdirSync(projectsDir);
assert.strictEqual(projectIds.length, 1, 'observe.sh should create one project-scoped observation directory');
const homunculusDir = path.join(homeDir, '.local', 'share', 'ecc-homunculus');
const projectsDir = path.join(homunculusDir, 'projects');
assert.ok(
!fs.existsSync(projectsDir) || fs.readdirSync(projectsDir).length === 0,
'observe.sh should not create a project-scoped directory for a non-git cwd'
);
const observationsPath = path.join(projectsDir, projectIds[0], 'observations.jsonl');
const observationsPath = path.join(homunculusDir, 'observations.jsonl');
const observations = fs.readFileSync(observationsPath, 'utf8').trim().split('\n').filter(Boolean);
assert.ok(observations.length > 0, 'observe.sh should append at least one observation');

8
tests/hooks/insaits-security-monitor.test.js
View File

@@ -75,7 +75,7 @@ function readAudit(root) {
function runMonitor(options = {}) {
if (!PYTHON) {
throw new Error('Python 3 is required for insaits-security-monitor.py tests');
throw new Error('Python 3 was expected to be available for this test run');
}
const tempDir = createTempDir();
@@ -119,6 +119,12 @@ function test(name, fn) {
function runTests() {
console.log('\n=== Testing insaits-security-monitor.py ===\n');
if (!PYTHON) {
console.log(' SKIP Python 3 not found; insaits-security-monitor.py subprocess tests require a Python runtime');
console.log('\nResults: Passed: 0, Failed: 0');
process.exit(0);
}
let passed = 0;
let failed = 0;

69
tests/hooks/mcp-health-check.test.js
View File

@@ -955,6 +955,75 @@ async function runTests() {
}
})) passed++; else failed++;
if (await asyncTest('treats HTTP 406 probe responses as healthy reachable Streamable HTTP MCP servers', async () => {
const tempDir = createTempDir();
const configPath = path.join(tempDir, 'claude.json');
const statePath = path.join(tempDir, 'mcp-health.json');
const serverScript = path.join(tempDir, 'http-406-server.js');
const portFile = path.join(tempDir, 'server-port.txt');
fs.writeFileSync(
serverScript,
[
"const fs = require('fs');",
"const http = require('http');",
"const portFile = process.argv[2];",
"const server = http.createServer((req, res) => {",
" if (String(req.headers.accept || '').includes('text/event-stream')) {",
" res.writeHead(200, { 'Content-Type': 'text/event-stream' });",
" res.end();",
" return;",
" }",
" res.writeHead(406, { 'Content-Type': 'application/json' });",
" res.end(JSON.stringify({ error: 'missing Accept: text/event-stream' }));",
"});",
"server.listen(0, '127.0.0.1', () => {",
" fs.writeFileSync(portFile, String(server.address().port));",
"});",
"setInterval(() => {}, 1000);"
].join('\n')
);
const serverProcess = spawn(process.execPath, [serverScript, portFile], {
stdio: 'ignore'
});
try {
const port = waitForFile(portFile).trim();
await waitForHttpReady(`http://127.0.0.1:${port}/mcp`);
writeConfig(configPath, {
mcpServers: {
streamable: {
type: 'http',
url: `http://127.0.0.1:${port}/mcp`
}
}
});
const input = { tool_name: 'mcp__streamable__initialize', tool_input: {} };
const result = runHook(input, {
CLAUDE_HOOK_EVENT_NAME: 'PreToolUse',
ECC_MCP_CONFIG_PATH: configPath,
ECC_MCP_HEALTH_STATE_PATH: statePath,
ECC_MCP_HEALTH_TIMEOUT_MS: '2000'
});
assert.strictEqual(
result.code,
0,
`Expected HTTP 406 probe to be treated as healthy: ${hookFailureDetails(result, statePath)}`
);
assert.strictEqual(result.stdout.trim(), JSON.stringify(input), 'Expected original JSON on stdout');
const state = readState(statePath);
assert.strictEqual(state.servers.streamable.status, 'healthy', 'Expected Streamable HTTP MCP server to be marked healthy');
} finally {
serverProcess.kill('SIGTERM');
cleanupTempDir(tempDir);
}
})) passed++; else failed++;
// Windows-only: child_process.spawn cannot resolve .cmd/.bat shims for
// bare PATH commands without an extension, and Node 18.20+/20.12+ refuse
// to spawn .cmd targets without `shell: true` (CVE-2024-27980). The probe

21
tests/hooks/observe-subdirectory-detection.test.js
View File

@@ -135,8 +135,8 @@ test('observe.sh resolves cwd to git root before setting CLAUDE_PROJECT_DIR', ()
'observe.sh should resolve STDIN_CWD to git repo root'
);
assert.ok(
content.includes('${_GIT_ROOT:-$STDIN_CWD}'),
'observe.sh should fall back to raw cwd when git root is unavailable'
content.includes('export CLV2_NO_PROJECT=1'),
'observe.sh should mark non-git cwd payloads as global instead of registering raw cwd'
);
});
@@ -250,7 +250,7 @@ test('observe.sh falls back to CLAUDE_HOOK_EVENT_NAME when no phase argument is
}
});
test('observe.sh keeps the raw cwd when the directory is not inside a git repo', () => {
test('observe.sh records non-git cwd payloads globally without project registry side effects', () => {
const testRoot = createTempDir();
try {
@@ -262,12 +262,17 @@ test('observe.sh keeps the raw cwd when the directory is not inside a git repo',
const result = runObserve({ homeDir, cwd: nonGitDir });
assert.strictEqual(result.status, 0, result.stderr);
const { metadata } = readSingleProjectMetadata(homeDir);
assert.strictEqual(
normalizeComparablePath(metadata.root),
normalizeComparablePath(nonGitDir),
'project metadata root should stay on the non-git cwd'
const homunculusDir = path.join(homeDir, '.local', 'share', 'ecc-homunculus');
const projectsDir = path.join(homunculusDir, 'projects');
const registryPath = path.join(homunculusDir, 'projects.json');
const observationsPath = path.join(homunculusDir, 'observations.jsonl');
assert.ok(!fs.existsSync(registryPath), 'non-git cwd should not create projects.json');
assert.ok(
!fs.existsSync(projectsDir) || fs.readdirSync(projectsDir).length === 0,
'non-git cwd should not create project directories'
);
assert.ok(fs.existsSync(observationsPath), 'non-git cwd should still record a global observation');
} finally {
cleanupDir(testRoot);
}

7
tests/integration/hooks.test.js
View File

@@ -997,6 +997,13 @@ async function runTests() {
(Array.isArray(command) && typeof command[0] === 'string' && command[0].endsWith('.sh')) ||
commandText.endsWith('.sh');
if (isInline) {
assert.ok(
!commandText.includes('\\"'),
`Hook command in ${hookType} should not include escaped double quotes in node -e payload: ${commandText.substring(0, 80)}`
);
}
assert.ok(
isInline || isFilePath || isNpx || isShellWrapper || isShellScriptPath,
`Hook command in ${hookType} should be node -e, node script, npx, or shell wrapper/script, got: ${commandText.substring(0, 80)}`

5
tests/lib/command-plugin-root.test.js
View File

@@ -38,8 +38,9 @@ test('skill-health command uses shared inline resolver in all shell snippets', (
});
test('inline resolver covers current and legacy marketplace plugin roots', () => {
assert.ok(INLINE_RESOLVE.includes('"marketplaces","ecc"'));
assert.ok(INLINE_RESOLVE.includes('"marketplaces","everything-claude-code"'));
assert.ok(INLINE_RESOLVE.includes("'marketplaces','ecc'"));
assert.ok(INLINE_RESOLVE.includes("'marketplaces','everything-claude-code'"));
assert.ok(!INLINE_RESOLVE.includes('\\"'), 'Inline resolver should not require escaped double quotes');
});
console.log(`Passed: ${passed}`);

101
tests/lib/install-targets.test.js
View File

@@ -37,6 +37,7 @@ function runTests() {
const adapters = listInstallTargetAdapters();
const targets = adapters.map(adapter => adapter.target);
assert.ok(targets.includes('claude'), 'Should include claude target');
assert.ok(targets.includes('claude-project'), 'Should include claude-project target');
assert.ok(targets.includes('cursor'), 'Should include cursor target');
assert.ok(targets.includes('antigravity'), 'Should include antigravity target');
assert.ok(targets.includes('codex'), 'Should include codex target');
@@ -865,6 +866,106 @@ function runTests() {
}
})) passed++; else failed++;
if (test('resolves claude-project adapter root and install-state path from project root', () => {
const adapter = getInstallTargetAdapter('claude-project');
const projectRoot = '/workspace/app';
const root = adapter.resolveRoot({ projectRoot });
const statePath = adapter.getInstallStatePath({ projectRoot });
assert.strictEqual(adapter.id, 'claude-project');
assert.strictEqual(adapter.target, 'claude-project');
assert.strictEqual(adapter.kind, 'project');
assert.strictEqual(root, path.join(projectRoot, '.claude'));
assert.strictEqual(statePath, path.join(projectRoot, '.claude', 'ecc', 'install-state.json'));
})) passed++; else failed++;
if (test('claude-project adapter supports lookup by target and adapter id', () => {
const byTarget = getInstallTargetAdapter('claude-project');
const byId = getInstallTargetAdapter('claude-project');
assert.strictEqual(byTarget.id, 'claude-project');
assert.strictEqual(byId.id, 'claude-project');
assert.ok(byTarget.supports('claude-project'));
})) passed++; else failed++;
if (test('plans claude-project rules and skills under project-scope ECC-managed subdirectories', () => {
const repoRoot = path.join(__dirname, '..', '..');
const projectRoot = '/workspace/app';
const plan = planInstallTargetScaffold({
target: 'claude-project',
repoRoot,
projectRoot,
modules: [
{
id: 'rules-core',
paths: ['rules'],
},
{
id: 'workflow-quality',
paths: ['skills/tdd-workflow'],
},
],
});
assert.strictEqual(plan.adapter.id, 'claude-project');
assert.strictEqual(plan.targetRoot, path.join(projectRoot, '.claude'));
assert.strictEqual(plan.installStatePath, path.join(projectRoot, '.claude', 'ecc', 'install-state.json'));
assert.ok(
plan.operations.some(operation => (
normalizedRelativePath(operation.sourceRelativePath) === 'rules'
&& operation.destinationPath === path.join(projectRoot, '.claude', 'rules', 'ecc')
)),
'Should install bundled rules under project-scope rules/ecc'
);
assert.ok(
plan.operations.some(operation => (
normalizedRelativePath(operation.sourceRelativePath) === 'skills/tdd-workflow'
&& operation.destinationPath === path.join(projectRoot, '.claude', 'skills', 'ecc', 'tdd-workflow')
)),
'Should install bundled skills under project-scope skills/ecc'
);
})) passed++; else failed++;
if (test('claude-project skips foreign platform source paths', () => {
const repoRoot = path.join(__dirname, '..', '..');
const projectRoot = '/workspace/app';
const plan = planInstallTargetScaffold({
target: 'claude-project',
repoRoot,
projectRoot,
modules: [
{
id: 'platform-configs',
paths: ['.cursor', '.zed', 'rules'],
},
],
});
assert.ok(
plan.operations.some(operation => (
normalizedRelativePath(operation.sourceRelativePath) === 'rules'
&& operation.destinationPath === path.join(projectRoot, '.claude', 'rules', 'ecc')
)),
'Should still include non-foreign rules path (guards against empty-plan regression)'
);
assert.ok(
!plan.operations.some(operation => (
normalizedRelativePath(operation.sourceRelativePath) === '.cursor'
|| normalizedRelativePath(operation.sourceRelativePath).startsWith('.cursor/')
)),
'Should skip foreign Cursor platform paths'
);
assert.ok(
!plan.operations.some(operation => (
normalizedRelativePath(operation.sourceRelativePath) === '.zed'
|| normalizedRelativePath(operation.sourceRelativePath).startsWith('.zed/')
)),
'Should skip foreign Zed platform paths'
);
})) passed++; else failed++;
console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`);
process.exit(failed > 0 ? 1 : 0);
}

124
tests/lib/session-bridge.test.js
View File

@@ -135,6 +135,130 @@ function runTests() {
passed++;
else failed++;
// Concurrency contract: two processes writing to the same session
// bridge must not throw ENOENT and must never leave a corrupt JSON
// file behind. The previous implementation used a fixed `${target}.tmp`
// suffix; with concurrent writers it raced over a shared tmp path,
// producing both ENOENT on rename and (occasionally) a half-written
// payload on the destination.
//
// This test exercises the atomic-rename primitive only — it does NOT
// attempt to defend against the read-modify-write race in callers,
// which is a separate concern. Each subprocess writes its own
// independent payload N times; we assert (a) every process exits 0
// (no ENOENT bubbled up) and (b) the final file is always parseable
// JSON whose contents match one of the two writers' last payloads.
if (
test('concurrent writeBridgeAtomic does not throw ENOENT or corrupt the bridge file', () => {
// Spawn two child processes that BOTH stay alive at the same time
// and call writeBridgeAtomic in a tight loop. `spawnSync` would
// run them sequentially (blocking on each), which would never
// exercise the race the fix targets. Instead a sync runner script
// launches both as async `spawn` children inside its own process,
// waits for both to exit, and reports their statuses on stdout —
// and the test calls *that* runner via `spawnSync`. The runner is
// the only place that needs the event loop.
const { spawnSync } = require('child_process');
const path = require('path');
const testId = `test-bridge-race-${Date.now()}-${process.pid}`;
const writerPath = path.join(__dirname, '..', '__tmp_bridge_writer.js');
const runnerPath = path.join(__dirname, '..', '__tmp_bridge_race_runner.js');
const bridgeLib = path.join(__dirname, '..', '..', 'scripts', 'lib', 'session-bridge');
fs.writeFileSync(
writerPath,
[
"const { writeBridgeAtomic } = require(" + JSON.stringify(bridgeLib) + ");",
"const [, , sid, tag] = process.argv;",
"for (let i = 0; i < 200; i++) {",
" writeBridgeAtomic(sid, { writer: tag, i });",
"}",
].join('\n'),
'utf8'
);
fs.writeFileSync(
runnerPath,
[
"'use strict';",
"const { spawn } = require('child_process');",
"const [, , writerPath, sid] = process.argv;",
"const c1 = spawn(process.execPath, [writerPath, sid, 'A'], { stdio: ['ignore','pipe','pipe'] });",
"const c2 = spawn(process.execPath, [writerPath, sid, 'B'], { stdio: ['ignore','pipe','pipe'] });",
"const exits = {};",
"const stderrs = { A: '', B: '' };",
"c1.stderr.on('data', chunk => { stderrs.A += chunk.toString(); });",
"c2.stderr.on('data', chunk => { stderrs.B += chunk.toString(); });",
"let done = 0;",
"function onExit(tag) { return function(code) { exits[tag] = code; if (++done === 2) finish(); }; }",
"c1.on('exit', onExit('A'));",
"c2.on('exit', onExit('B'));",
"function finish() {",
" process.stdout.write(JSON.stringify({ exits, stderrs }));",
" process.exit(0);",
"}",
].join('\n'),
'utf8'
);
try {
const result = spawnSync('node', [runnerPath, writerPath, testId], { encoding: 'utf8' });
assert.strictEqual(result.status, 0,
`race runner should exit 0, got ${result.status}: ${result.stderr}`);
const parsed = JSON.parse(result.stdout);
assert.strictEqual(parsed.exits.A, 0,
`writer A should exit 0 (no ENOENT), got ${parsed.exits.A}: ${parsed.stderrs.A}`);
assert.strictEqual(parsed.exits.B, 0,
`writer B should exit 0 (no ENOENT), got ${parsed.exits.B}: ${parsed.stderrs.B}`);
// Final file must be parseable JSON and belong to one of the writers.
const final = readBridge(testId);
assert.ok(final && typeof final === 'object',
`expected parseable JSON object, got: ${JSON.stringify(final)}`);
assert.ok(final.writer === 'A' || final.writer === 'B',
`expected last-writer-wins payload, got: ${JSON.stringify(final)}`);
} finally {
try { fs.unlinkSync(getBridgePath(testId)); } catch { /* ignore */ }
try { fs.unlinkSync(writerPath); } catch { /* ignore */ }
try { fs.unlinkSync(runnerPath); } catch { /* ignore */ }
}
})
)
passed++;
else failed++;
if (
test('writeBridgeAtomic cleans up its tmp file on renameSync failure', () => {
// Trigger renameSync failure by passing a sessionId whose path is
// already a directory. The tmp file exists at this point; the fix
// must not leak it behind.
const path = require('path');
const testId = `test-bridge-cleanup-${Date.now()}-${process.pid}`;
const target = getBridgePath(testId);
const os = require('os');
const tmpDir = os.tmpdir();
// Plant a directory at the target path so renameSync (target.tmp → target) fails.
fs.mkdirSync(target);
try {
assert.throws(
() => writeBridgeAtomic(testId, { x: 1 }),
// renameSync of a regular file onto an existing directory throws
// EISDIR on Linux, EPERM on macOS, ENOTDIR on some BSDs. Accept
// any of those so the test stays portable across CI runners.
/EISDIR|EPERM|ENOTDIR|ENOENT/,
'expected rename failure to surface'
);
// Count any leaked tmp files. The pid+nonce suffix is unique per
// call, so we look for any matching pattern under os.tmpdir().
const prefix = path.basename(target) + '.' + process.pid + '.';
const leaked = fs.readdirSync(tmpDir).filter(f => f.startsWith(prefix) && f.endsWith('.tmp'));
assert.strictEqual(leaked.length, 0,
`expected no leaked tmp files after rename failure, found: ${leaked.join(', ')}`);
} finally {
try { fs.rmdirSync(target); } catch { /* ignore */ }
}
})
)
passed++;
else failed++;
// resolveSessionId tests
console.log('\nresolveSessionId:');

16
tests/plugin-manifest.test.js
View File

@@ -134,6 +134,11 @@ test('agent.yaml version matches package.json', () => {
assert.strictEqual(match[1], expectedVersion);
});
test('agent.yaml uses canonical ECC identity', () => {
const agentYamlSource = fs.readFileSync(agentYamlPath, 'utf8');
assert.ok(/^name:\s*ecc$/m.test(agentYamlSource), 'Expected agent.yaml to use the ecc name');
});
test('VERSION file matches package.json', () => {
const versionFile = fs.readFileSync(versionFilePath, 'utf8').trim();
assert.ok(versionFile, 'Expected VERSION file to be non-empty');
@@ -149,7 +154,7 @@ test('docs/SELECTIVE-INSTALL-ARCHITECTURE.md repoVersion example matches package
test('.opencode/plugins/ecc-hooks.ts active plugin banner matches package.json', () => {
const source = fs.readFileSync(opencodeHooksPluginPath, 'utf8');
const match = source.match(new RegExp(`## Active Plugin: Everything Claude Code v(${semverPattern})`));
const match = source.match(new RegExp(`## Active Plugin: ECC v(${semverPattern})`));
assert.ok(match, 'Expected .opencode/plugins/ecc-hooks.ts to declare an active plugin banner');
assert.strictEqual(match[1], expectedVersion);
});
@@ -346,6 +351,11 @@ test('codex plugin.json has interface.displayName', () => {
);
});
test('codex plugin.json uses canonical ECC repo and display name', () => {
assert.strictEqual(codexPlugin.repository, 'https://github.com/affaan-m/ECC');
assert.strictEqual(codexPlugin.interface.displayName, 'ECC');
});
// ── .mcp.json at plugin root ──────────────────────────────────────────────────
// Per official docs: keep .mcp.json at plugin root, NOT inside .codex-plugin/
console.log('\n=== .mcp.json (plugin root) ===\n');
@@ -522,6 +532,10 @@ test('.codex-plugin README uses current marketplace add flow', () => {
readme.includes('codex plugin marketplace add'),
'Expected .codex-plugin README to document codex plugin marketplace add',
);
assert.ok(
readme.includes('codex plugin marketplace add affaan-m/ECC'),
'Expected .codex-plugin README to document the canonical ECC repo marketplace source',
);
assert.ok(
readme.includes('Official Plugin Directory publishing is coming soon'),
'Expected .codex-plugin README to document current official directory status',

Some files were not shown because too many files have changed in this diff Show More