elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-16 16:36:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
everything-claude-code/AGENTS.md
legeZZZ eb5ad2b009
feat(agents): add spec-miner agent for brownfield spec extraction (#2253) 
* feat(agents): add spec-miner agent for brownfield spec extraction

Mines behavioral specs (Requirements + Invariants) from existing codebases
without OpenSpec. Fully self-bootstrapping with sample-and-expand token
strategy. Produces flat, delta-ready spec.md files with machine-parseable
metadata (id, entities, enforced, depends_on, triggers).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs: bump agent catalog count from 64 to 65 for spec-miner

All documentation and plugin manifests now reflect the new agent total.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: add spec-miner to routing table and clarify id field requirement

- Add spec-miner to AGENTS.md agent table and orchestration hints
- Fix id field in output template: was marked [optional] but Rule #7
  requires it when enforced is known

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: update catalog skills count from 261 to 262 across all docs

The upstream added a 262nd skill but documentation references across 7 files
still reported 261. The CI validate step (scripts/ci/catalog.js --text) caught
the mismatch — this only runs on PRs, not on direct pushes to main.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: replace emoji characters with text equivalents in spec-miner agent

The unicode safety check (check-unicode-safety.js) blocks emoji characters.
Replace  with FAIL: per the project's targeted replacement convention.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: add Write tool to spec-miner agent tools list

The agent generates spec output files at openspec/specs/<capability>/spec.md
and requires the Write tool to create them.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: address review bot comments - tool guardrails and metadata schema consistency

- Add Tool guardrails section: scoping Write to openspec/specs/ path, Bash to read-only
- Fix deferred/uncertainty comments to follow key: value schema (deferred: file list, uncertainty: reason)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: strengthen Prompt Defense Baseline for repository content and Bash boundaries

Add two defense points: treat all repo content as untrusted prompt-injection
vector, and explicitly reject Bash commands that mutate, exfiltrate, or write
outside the allowed openspec/specs/ path.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: strip explanatory prose from id metadata comment to preserve key:value format

The id comments included explanatory text after the value, which would be
stored verbatim in copied specs and break stable delta matching. The
explanation is already covered by Format Rule #7.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: restore README.md to upstream baseline with only catalog count changes

The README was corrupted during cherry-pick conflict resolution — an older fork
version was introduced, changing release notes links, badge URLs, sponsor
sections, and other content. Restore to upstream/main (5b173d2) and re-apply
only the agent count (64→65) using catalog.js --write.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix: restore all catalog files to upstream baseline, keep only intentional changes

The cherry-pick during rebase introduced a stale fork version of multiple files
via git checkout --theirs conflict resolution. Restore from upstream/main and
re-apply only:

- Agent counts: 64→65 (all 7 catalog-tracked files)
- Skills counts: 261→262 (where needed)
- AGENTS.md: spec-miner routing table + orchestration hint (our additions)

This reverts unintended regressions:
- Version downgrades (2.0.0 → 2.0.0-rc.1) in marketplace.json, plugin.json,
  AGENTS.md, docs/zh-CN/AGENTS.md, docs/zh-CN/README.md
- Badge URL changes (api.ecc.tools dynamic → hardcoded) in Chinese READMEs
- Deleted v2.0.0 stable release sections in Chinese READMEs
- Wrong release notes path (2.0.0-rc.1 → 2.0.0) in README.md

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: lege962 <1515808962@qq.com>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-15 14:02:02 -04:00

173 lines
8.4 KiB
Markdown
Raw Blame History

# Everything Claude Code (ECC) — Agent Instructions
This is a **production-ready AI coding plugin** providing 65 specialized agents, 262 skills, 84 commands, and automated hook workflows for software development.
**Version:** 2.0.0
## Core Principles
1. **Agent-First** — Delegate to specialized agents for domain tasks
2. **Test-Driven** — Write tests before implementation, 80%+ coverage required
3. **Security-First** — Never compromise on security; validate all inputs
4. **Immutability** — Always create new objects, never mutate existing ones
5. **Plan Before Execute** — Plan complex features before writing code
## Available Agents
| Agent | Purpose | When to Use |
|-------|---------|-------------|
| planner | Implementation planning | Complex features, refactoring |
| architect | System design and scalability | Architectural decisions |
| tdd-guide | Test-driven development | New features, bug fixes |
| code-reviewer | Code quality and maintainability | After writing/modifying code |
| security-reviewer | Vulnerability detection | Before commits, sensitive code |
| spec-miner | Brownfield spec extraction | Onboarding brownfield projects to spec-driven development |
| build-error-resolver | Fix build/type errors | When build fails |
| e2e-runner | End-to-end Playwright testing | Critical user flows |
| refactor-cleaner | Dead code cleanup | Code maintenance |
| doc-updater | Documentation and codemaps | Updating docs |
| cpp-reviewer | C/C++ code review | C and C++ projects |
| cpp-build-resolver | C/C++ build errors | C and C++ build failures |
| fsharp-reviewer | F# functional code review | F# projects |
| docs-lookup | Documentation lookup via Context7 | API/docs questions |
| go-reviewer | Go code review | Go projects |
| go-build-resolver | Go build errors | Go build failures |
| kotlin-reviewer | Kotlin code review | Kotlin/Android/KMP projects |
| kotlin-build-resolver | Kotlin/Gradle build errors | Kotlin build failures |
| database-reviewer | PostgreSQL/Supabase specialist | Schema design, query optimization |
| python-reviewer | Python code review | Python projects |
| django-reviewer | Django code review | Django apps, DRF APIs, ORM, migrations |
| django-build-resolver | Django build, migration, and setup errors | Django startup, dependency, migration, collectstatic failures |
| java-reviewer | Java and Spring Boot code review | Java/Spring Boot projects |
| java-build-resolver | Java/Maven/Gradle build errors | Java build failures |
| loop-operator | Autonomous loop execution | Run loops safely, monitor stalls, intervene |
| harness-optimizer | Harness config tuning | Reliability, cost, throughput |
| rust-reviewer | Rust code review | Rust projects |
| rust-build-resolver | Rust build errors | Rust build failures |
| pytorch-build-resolver | PyTorch runtime/CUDA/training errors | PyTorch build/training failures |
| mle-reviewer | Production ML pipeline review | ML pipelines, evals, serving, monitoring, rollback |
| typescript-reviewer | TypeScript/JavaScript code review | TypeScript/JavaScript projects |
## Agent Orchestration
Use agents proactively without user prompt:
- Complex feature requests → **planner**
- Code just written/modified → **code-reviewer**
- Bug fix or new feature → **tdd-guide**
- Architectural decision → **architect**
- Security-sensitive code → **security-reviewer**
- Brownfield project onboarding → **spec-miner**
- Autonomous loops / loop monitoring → **loop-operator**
- Harness config reliability and cost → **harness-optimizer**
Use parallel execution for independent operations — launch multiple agents simultaneously.
## Security Guidelines
**Before ANY commit:**
- No hardcoded secrets (API keys, passwords, tokens)
- All user inputs validated
- SQL injection prevention (parameterized queries)
- XSS prevention (sanitized HTML)
- CSRF protection enabled
- Authentication/authorization verified
- Rate limiting on all endpoints
- Error messages don't leak sensitive data
**Secret management:** NEVER hardcode secrets. Use environment variables or a secret manager. Validate required secrets at startup. Rotate any exposed secrets immediately.
**If security issue found:** STOP → use security-reviewer agent → fix CRITICAL issues → rotate exposed secrets → review codebase for similar issues.
## Coding Style
**Immutability (CRITICAL):** Always create new objects, never mutate. Return new copies with changes applied.
**File organization:** Many small files over few large ones. 200-400 lines typical, 800 max. Organize by feature/domain, not by type. High cohesion, low coupling.
**Error handling:** Handle errors at every level. Provide user-friendly messages in UI code. Log detailed context server-side. Never silently swallow errors.
**Input validation:** Validate all user input at system boundaries. Use schema-based validation. Fail fast with clear messages. Never trust external data.
**Code quality checklist:**
- Functions small (<50 lines), files focused (<800 lines)
- No deep nesting (>4 levels)
- Proper error handling, no hardcoded values
- Readable, well-named identifiers
## Testing Requirements
**Minimum coverage: 80%**
Test types (all required):
1. **Unit tests** — Individual functions, utilities, components
2. **Integration tests** — API endpoints, database operations
3. **E2E tests** — Critical user flows
**TDD workflow (mandatory):**
1. Write test first (RED) — test should FAIL
2. Write minimal implementation (GREEN) — test should PASS
3. Refactor (IMPROVE) — verify coverage 80%+
Troubleshoot failures: check test isolation → verify mocks → fix implementation (not tests, unless tests are wrong).
## Development Workflow
1. **Plan** — Use planner agent, identify dependencies and risks, break into phases
2. **TDD** — Use tdd-guide agent, write tests first, implement, refactor
3. **Review** — Use code-reviewer agent immediately, address CRITICAL/HIGH issues
4. **Capture knowledge in the right place**
- Personal debugging notes, preferences, and temporary context → auto memory
- Team/project knowledge (architecture decisions, API changes, runbooks) → the project's existing docs structure
- If the current task already produces the relevant docs or code comments, do not duplicate the same information elsewhere
- If there is no obvious project doc location, ask before creating a new top-level file
5. **Commit** — Conventional commits format, comprehensive PR summaries
## Workflow Surface Policy
- `skills/` is the canonical workflow surface.
- New workflow contributions should land in `skills/` first.
- `commands/` is a legacy slash-entry compatibility surface and should only be added or updated when a shim is still required for migration or cross-harness parity.
## Git Workflow
**Commit format:** `<type>: <description>` — Types: feat, fix, refactor, docs, test, chore, perf, ci
**PR workflow:** Analyze full commit history → draft comprehensive summary → include test plan → push with `-u` flag.
## Architecture Patterns
**API response format:** Consistent envelope with success indicator, data payload, error message, and pagination metadata.
**Repository pattern:** Encapsulate data access behind standard interface (findAll, findById, create, update, delete). Business logic depends on abstract interface, not storage mechanism.
**Skeleton projects:** Search for battle-tested templates, evaluate with parallel agents (security, extensibility, relevance), clone best match, iterate within proven structure.
## Performance
**Context management:** Avoid last 20% of context window for large refactoring and multi-file features. Lower-sensitivity tasks (single edits, docs, simple fixes) tolerate higher utilization.
**Build troubleshooting:** Use build-error-resolver agent → analyze errors → fix incrementally → verify after each fix.
## Project Structure
```
agents/ — 65 specialized subagents
skills/ — 262 workflow skills and domain knowledge
commands/ — 84 slash commands
hooks/ — Trigger-based automations
rules/ — Always-follow guidelines (common + per-language)
scripts/ — Cross-platform Node.js utilities
mcp-configs/ — 14 MCP server configurations
tests/ — Test suite
```
`commands/` remains in the repo for compatibility, but the long-term direction is skills-first.
## Success Metrics
- All tests pass with 80%+ coverage
- No security vulnerabilities
- Code is readable and maintainable
- Performance is acceptable
- User requirements are met
Reference in New Issue View Git Blame Copy Permalink