- Claude Code
Claude
TypeScript
Shell
Python
Repo of the day: ECC, the open-source "operating system" for Claude Code
I've seen plenty of "config packs" for Claude Code come and go, but ECC (Everything Claude Code) is a different category: the project calls itself "the agent harness operating system", and the numbers lend it some credibility — 211k+ stars, 32k forks, 230+ contributors and releases shipping weekly. It's not a new model and it's not a magic tool: it's the systematization of how you work with a coding agent, born from ten-plus months of daily use by its author, Affaan Mustafa. Inside you'll find skills, agents, per-language rules, persistent-memory hooks, an "instincts"-based continuous learning system and even a security scanner for your configuration. I look at it with interest and some caution: it's a lot, maybe too much — which is exactly why it's worth understanding before you install it.
💡 What ECC is: from config pack to an "operating system" for agents
ECC is an open-source repository (MIT license) that gathers into a single system everything you need to get more out of a coding agent: as of version 2.0 that means ~66 agents, 260+ skills, rules for 12 language ecosystems, hooks, MCP configurations and a family of orchestrators. It isn't tied to Claude Code alone: the same repo installs on Codex, Cursor, OpenCode, Gemini CLI, Zed and GitHub Copilot, with the declared goal of being "harness-native" everywhere.
The story is as interesting as the code: open-sourced in January 2026, it exploded within months into one of the fastest-growing AI repos ever, and in June 2026 the v2.0.0 release marked its maturation from a collection of files into a platform, with the "control-pane" substrate (session adapters + MCP inventory), the worktree-lifecycle service and the `orch-*` command family. The business model is transparent: the repo stays MIT forever, and the author funds the work through sponsors and a paid GitHub App for private repos.
repo affaan-m/ECC (Everything Claude Code) stars ~211,900 · MIT license · 230+ contributors surface ~66 agents · 260+ skills · rules for 12 languages harnesses Claude Code · Codex · Cursor · OpenCode · Gemini · Zed extras AgentShield (security) · instincts · persistent memory guides shortform · longform · security guide (in the repo)
Official repo · affaan-m/ECC ↗
⚙️ How to install it: plugin, installer or npx — but one path only
The recommended path for Claude Code is the plugin: add the repo as a marketplace and install `ecc@ecc`. Alternatively there's a manual installer with profiles (`minimal`, `core`, `full`) for anyone who wants fine-grained control over what enters their environment. The README is unusually honest about the trickiest point: never stack the two methods, because plugin + full installer is the most common recipe for ending up with duplicated skills and hooks.
One detail I appreciate: the rules (per-language style and workflow guidelines) can't ship inside the plugin due to a limitation of Claude Code's plugin system, so you copy by hand only the ones you need — `rules/common` plus the pack for the language you actually use. And if you don't know where to start, there's a command-line "advisor" that suggests the right components from a natural-language request.
# 1) add the repo as a marketplace and install the plugin
/plugin marketplace add https://github.com/affaan-m/ECC
/plugin install ecc@ecc
# 2) copy ONLY the rules you need (plugins can't distribute them)
mkdir -p ~/.claude/rules/ecc
cp -R rules/common ~/.claude/rules/ecc/
cp -R rules/typescript ~/.claude/rules/ecc/
# unsure? ask the advisor which components to install
npx ecc consult "security reviews" --target claudeThe Shorthand Guide · setup and philosophy ↗
🧠 Instincts and memory: the agent that learns from your sessions
The most conceptually original part is continuous learning v2: during your sessions ECC extracts recurring patterns and saves them as instincts, small units of knowledge with a confidence score. You can inspect instincts (`/instinct-status`), export and import them to share with your team, and when a group of related instincts matures you can "evolve" it into a full skill with `/evolve`. It's a serious attempt at a real problem: every session with an agent starts from zero, and accumulated knowledge evaporates.
The persistent-memory hooks work on the same problem: scripts that reload context at SessionStart, save state when the session ends, and secure what matters before compaction. These are patterns my readers will recognize — I use similar hooks every day in my own small way — but here they come packaged, tested and configurable via runtime profiles (`minimal`, `standard`, `strict`) without touching the files.
- 01Sessionyou work normally with the agent
- 02Extractionrecurring patterns become instincts
- 03Confidenceeach instinct matures a score
- 04/evolverelated instincts become skills
- 05Reusethe skill applies to all future sessions
From volatile knowledge to reusable skill: the instincts → skill flow.
🛡️ AgentShield: the security audit for your configuration
The component I'd recommend even to people who will never install ECC is AgentShield, the security scanner born at a Claude Code hackathon and now part of the ecosystem: it analyzes `CLAUDE.md`, `settings.json`, MCP configurations, hooks and agent definitions hunting for exposed secrets, excessive permissions and injection risks, with 102 static rules and a thousand-plus tests. It runs with a single command, installs nothing, and returns a grade from A to F.
The advanced mode is fascinating: with the `--opus` flag, three Claude agents work in a red team / blue team / auditor pipeline — one hunts for exploit chains, one evaluates defenses, the third synthesizes a prioritized risk report. Your agent's configuration is attack surface, and almost nobody audits it: a tool that makes this audit trivial deserves attention regardless of the rest of the repo.
# quick scan, no install needed
npx ecc-agentshield scan
# auto-fix the issues that are safe to fix
npx ecc-agentshield scan --fix
# deep analysis: red team / blue team / auditor
npx ecc-agentshield scan --opus --streamAgentShield · repo and GitHub Action ↗
🏢 Why it matters, for developers and SMBs
For developers, ECC is valuable first of all as literature: the three guides in the repo (shortform, longform and security) are among the densest texts around on token optimization, cross-session memory, verification loops and worktree parallelization. Even without installing anything, reading how the author structures skills, hooks and per-language rules is a crash course in agentic engineering — and many ideas can be brought home in a scaled-down version, in your own CLAUDE.md.
For an SMB adopting coding agents, ECC is useful as a benchmark: it shows what it means to treat agent configuration as an engineering asset — versioned, tested, with shared per-language rules and security audits — instead of a collection of personal prompts. You don't need to adopt the whole system: you need to understand that the layer above the agent has become a discipline, and that whoever curates it gets measurably better results from the same model.
⚠️ What to know before adopting it
ECC divides the community, and the criticism deserves to be taken seriously. The most concrete point is context weight: installing "everything" means loading hundreds of skills and rules, and part of your token budget goes to overhead — the antithesis of the "less is more" philosophy of those who prefer a minimal CLAUDE.md. The project knows this, and indeed pushes toward selective installs (the `minimal` profile, targeted components, the advisor): the value is in choosing little, not in taking everything.
Then there's the "one-man band" dimension: a single maintainer shipping weekly across seven harnesses is impressive, but it's also a risk factor to weigh if you build a team workflow on top of it. One last hygiene note: the project explicitly warns to install only from official channels (the GitHub repo, the npm packages `ecc-universal` and `ecc-agentshield`, the `ecc@ecc` plugin), because unofficial re-uploads exist and may be dangerous. That's a good general reminder for the whole plugin ecosystem.
- Context overhead: a full install = hundreds of skills loaded; prefer the selective profiles.
- Single maintainer: remarkable release pace, but a bus factor to consider for team use.
- Don't stack install methods: plugin or installer, never both.
- Official channels only: repo `affaan-m/ECC`, npm `ecc-universal` / `ecc-agentshield`, plugin `ecc@ecc`.
🗺️ Where to start
The path I suggest is gradual. First: read the Shorthand Guide in the repo, which explains philosophy and setup in half an hour. Second: run `npx ecc-agentshield scan` on your current configuration — it's free, installs nothing and tells you right away whether you have security issues. Third: if something convinces you, install just that with the minimal profile or a targeted component, and watch for a week whether the cost/benefit ratio on your context works out.
If the topic interests you, I've written about it several times from different angles: how to build a personal plugin marketplace, how to configure `settings.json` and how to use hooks as a quality gate. ECC is the maximalist version of those same ideas: even if you choose the minimalist route, knowing what's inside helps you choose better.
Frequently asked questions about Everything Claude Code
What is Everything Claude Code (ECC)?
ECC (affaan-m/ECC) is an MIT-licensed open-source project gathering skills, agents, per-language rules, hooks, MCP configurations and security tooling to supercharge coding agents. Born for Claude Code, it now also supports Codex, Cursor, OpenCode, Gemini CLI, Zed and GitHub Copilot. As of mid-July 2026 it has 211k+ stars on GitHub.
How do you install ECC in Claude Code?
The recommended path is the plugin: /plugin marketplace add https://github.com/affaan-m/ECC followed by /plugin install ecc@ecc. Alternatively there's a manual installer with profiles (minimal, core, full). Important: never combine the two methods, and rules must be copied by hand into ~/.claude/rules/ecc/ because Claude Code plugins can't distribute them.
What are ECC's instincts?
They're the base unit of the continuous learning system: patterns automatically extracted from your work sessions and saved with a confidence score. You inspect them with /instinct-status, import and export them for sharing, and with /evolve groups of related instincts turn into reusable skills.
Is ECC free?
Yes, the repository is MIT-licensed and the author states it will stay that way. There's a paid tier, ECC Pro, which is a hosted GitHub App for private repos, and the project is also funded by sponsors. AgentShield, the security scanner, is free to use via npx ecc-agentshield scan.
Let's talk
If this topic is relevant to you, write to me: comparing notes on code and AI is always time well spent.