Claude Code ships as a general-purpose but undifferentiated AI coding assistant. Developers who rely on it out of the box quickly discover the absence of structure: no specialized agents, no built-in security scanning, no enforced rules, and no repeatable workflows. Everything Claude Code (ECC) addresses this gap directly. It is an open-source operator system that layers 60 specialized agents, 232 skills, 75 slash commands, and a 1,282-test security scanner on top of Claude Code, transforming ad-hoc AI prompting into an auditable, extensible engineering platform. And it is not locked to a single harness. ECC supports Codex CLI, Cursor, and OpenCode, making it a cross-harness framework designed to enforce consistent engineering standards across multiple AI coding tools.
As of this writing, readers should confirm the ECC package name, repository URL, and current version from the project’s official documentation before proceeding. The feature counts cited here (60 agents, 232 skills, 75 slash commands, 1,282 scanner tests) reflect the project’s self-reported numbers and should be verified against the installed version using the commands described in the verification section below.
Table of Contents
What Is ECC (Everything Claude Code)?
The Problem with Vanilla Claude Code
When you install Claude Code fresh, it operates as a blank slate. Claude Code supports CLAUDE.md project configuration files, but these require manual setup and lack the structured enforcement layer ECC provides. No predefined personas, no lifecycle hooks, no policy enforcement, no automated security checks beyond what you manually configure. Every interaction starts from limited context unless you provide it.
These gaps compound fast. Developers re-prompt the same constraints session after session, lose context across tasks, and ship AI-generated code with no safety net beyond their own review. Nothing built in enforces team conventions, audits what the AI produced, or catches the insecure patterns that language models frequently generate, from hardcoded secrets to SQL injection vectors.
ECC as a Harness-Native Operator System
The term “operator system” (used here to describe a structured orchestration layer for AI coding tools) distinguishes ECC from prompt libraries, configuration packs, or curated tip collections. An operator system is an integrated platform that provides a structured layer of agents, skills, rules, hooks, and commands sitting on top of the AI harness. Agents are specialized AI personas with defined constraints and skill sets. Skills are discrete, composable capabilities that agents draw from. Rules enforce policies across all agent behavior. Hooks fire at lifecycle events like pre-commit or post-generation. Slash commands provide the developer-facing interface to invoke all of this.
The scale is concrete: 60 agents covering roles from architecture review to documentation writing, 232 skills ranging from dependency auditing to migration planning, 75 slash commands for direct invocation, and a security scanner called AgentShield with 1,282 individual tests. This is not a configuration overlay. It is a full execution framework.
Multi-Harness Portability
ECC abstracts away the differences between AI coding harnesses. While Claude Code is the primary target, the same agents, skills, rules, and security scanner carry over to Codex CLI, Cursor, and OpenCode. The harness abstraction layer translates ECC’s internal configuration into the format each tool expects. If the translation fails or a harness updates its config schema, ECC commands surface an explicit error rather than silently degrading. A team defines its engineering standards once and enforces them regardless of which AI coding tool individual developers prefer.
To bootstrap ECC in a project after global install (npm install -g ecc), run:
ecc init --harness claude-codeAlternatively, without a global install, use npx ecc init to run the same initialization.
Confirm the exact npm package name from the ECC project’s official documentation before running these commands. If the package name differs, substitute it in all
npmandnpxcommands below.
This scaffolds the following directory structure:
.ecc/
├── agents/
├── skills/
├── rules/
├── hooks/
├── commands/
├── scanner/
├── config.yaml
└── audit.db Everything lives in the .ecc/ directory at the project root, version-controllable and shareable across the team.
Architecture Deep Dive: How ECC’s Layers Work Together
ECC’s architecture is a layered pipeline with six stages: (1) slash command intake, where the developer issues a command; (2) agent dispatch, routing the task to the appropriate persona; (3) skill selection, where the agent picks the capabilities it needs; (4) rule enforcement, constraining agent behavior against declared policies; (5) hook processing, firing lifecycle handlers like pre-commit or post-generation; and (6) AgentShield validation, scanning generated output against the security test suite. Data flows from developer command through agent execution to security validation, with every step logged to the SQLite audit database.
Agents: Specialized AI Personas for Every Task
Suppose you need a vulnerability review on a pull request. Instead of manually prompting Claude with “act as a security reviewer, check for OWASP Top 10 issues, rate severity, and cite line numbers,” you invoke @security-reviewer and get all of that from a versioned, declarative definition. An ECC agent bundles a system prompt, an assigned skill set, applicable rules, and behavioral constraints into a single YAML file. The 60 built-in agents include @architect for system design decisions, @security-reviewer for vulnerability analysis, @refactor for code transformation, and @docs-writer for documentation generation, among many others.
The difference between an ECC agent and manually instructing Claude to adopt a role is persistence and composability. An agent’s constraints, skills, and rules are declarative, versioned, and enforced automatically, meaning ECC validates the agent’s YAML schema and applies the declared rules to every invocation. They do not depend on the developer remembering to include them in every prompt. When @security-reviewer runs, it inherits its full configuration without any manual setup.
The difference between an ECC agent and manually instructing Claude to adopt a role is persistence and composability.
Skills: Composable Capabilities Agents Draw From
Think of a skill as a function signature for the AI: defined inputs, defined outputs, clear scope. ECC’s 232 skills include dependency-audit, test-generation, migration-planning, api-contract-validation, and secret-detection. Teams declare skills independently and link them to agents through the agent definition file. A single skill can serve multiple agents, and a single agent can draw from many skills. This composability lets teams mix and match capabilities without duplicating configuration.
Hooks, Rules, and the Execution Pipeline
Hooks are lifecycle event handlers that fire at specific points: pre-commit, post-generation, on-error, and others. A hook might trigger an automatic security scan after every code generation event, or auto-format output before a commit.
Rules constrain and enforce policies across all agents. A rule like “never modify production database schemas without explicit confirmation” applies universally, regardless of which agent the developer is running. Rules and hooks compose into an execution pipeline: when a developer invokes a slash command, the corresponding agent activates, selects relevant skills, operates within its rule constraints, and the output passes through any applicable hooks before reaching the developer.
Here is an annotated excerpt of an ECC agent definition file:
agent:
name: security-reviewer
description: "Analyzes code for security vulnerabilities and insecure patterns"
system_prompt: |
You are a senior application security engineer conducting a thorough
code review. Focus on OWASP Top 10 vulnerabilities, authentication
flaws, injection vectors, and insecure data handling. Always provide
severity ratings and concrete remediation steps.
skills:
- secret-detection
- injection-analysis
- dependency-audit
- auth-flow-validation
- cryptographic-review
rules:
- require-severity-rating
- no-auto-fix-auth-code
- flag-hardcoded-credentials
output:
format: structured
include_line_references: true
severity_scale: [critical, high, medium, low, info]This is editable, not a black box. Teams modify agent definitions to match their own security policies, add or remove skills, and adjust rules as their codebase evolves.
Getting Started: Installing and Configuring ECC
Prerequisites
ECC requires Node.js (v18 or later) for the core CLI and runtime. Python 3.9 or later is needed for AgentShield scanner modules. After running ecc init, install required Python packages in an isolated virtual environment:
python3 -m venv .venv
source .venv/bin/activate
pip install --require-hashes -r .ecc/scanner/requirements.txtUsing a virtual environment prevents dependency conflicts with your system Python. The --require-hashes flag ensures that only verified packages are installed. If the provided requirements.txt does not include hashes, generate them first with pip-compile --generate-hashes or review the file contents manually before installing.
Verify your Python version: python3 --version should return 3.9 or later.
The Claude Code CLI must already be installed and authenticated. Install it following the official Claude Code documentation and verify with:
claude --version
claude auth statusECC also uses SQLite internally for session state management and audit logging. On most systems, SQLite is already available, but the CLI will warn if it is missing. If absent, install with apt-get install sqlite3 (Debian/Ubuntu) or brew install sqlite3 (macOS).
Installation Walkthrough
Installation proceeds in three steps: install the ECC CLI globally, initialize it within a project, and select the target harness.
npm install -g ecc
ecc init --harness claude-codeIf you prefer not to install globally, use npx ecc init --harness claude-code instead. Both forms produce identical .ecc/ directory output.
The .ecc/ directory is the operational core. It contains all agent definitions, skill modules, rule files, hook handlers, slash command definitions, scanner test suites, the global configuration file, and the SQLite audit database. Modifying anything in this directory directly changes how ECC behaves in that project. The audit.db file is auto-generated and should be excluded from version control. Add the following to your .gitignore:
.ecc/audit.dbEverything else in .ecc/ is designed to be committed and shared.
If your team uses audit.db as a compliance trail, configure an export pipeline to preserve audit records. For example:
ecc audit export --format json \
--out "./audit-archive/$(date +%Y%m%d).json"
ecc audit export --format json `
--out "./audit-archive/$(Get-Date -Format yyyyMMdd).json"First Run: Invoking an Agent and a Slash Command
The terminal sessions below show representative output. Actual output format and content will vary by project, ECC version, and harness configuration.
The following terminal session demonstrates initializing ECC, running a slash command, and reviewing the structured output:
$ ecc init --harness claude-code
✔ ECC initialized in .ecc/
✔ 60 agents loaded
✔ 232 skills registered
✔ 75 slash commands available
✔ AgentShield scanner ready (1,282 tests)
✔ Harness target: claude-code
$ /ecc:review ./src/auth/login.ts
── ECC Code Review ─────────────────────────────────────
Agent: @code-reviewer
File: ./src/auth/login.ts
Skills active: code-quality, auth-flow-validation, error-handling-audit
┌──────────┬──────┬─────────────────────────────────────────────┬──────────────────────────┐
│ Severity │ Line │ Finding │ Recommendation │
├──────────┼──────┼─────────────────────────────────────────────┼──────────────────────────┤
│ HIGH │ 23 │ Password compared using == (timing attack) │ Use crypto.timingSafeEq │
│ MEDIUM │ 41 │ JWT secret read from env without fallback │ Add startup validation │
│ LOW │ 67 │ Error message leaks internal stack trace │ Sanitize error response │
│ INFO │ 12 │ Missing rate limiting on login endpoint │ Add express-rate-limit │
└──────────┴──────┴─────────────────────────────────────────────┴──────────────────────────┘
Audit logged → .ecc/audit.db (session: 2025-07-15T09:23:41Z)To invoke a specific agent with a scoped target:
$ ecc agent '@security-reviewer' --target ./src/auth/
── AgentShield: @security-reviewer ──────────────────────
Scope: ./src/auth/ (4 files, 312 lines)
Skills active: secret-detection, injection-analysis, auth-flow-validation
[CRITICAL] ./src/auth/oauth.ts:89
Hardcoded client secret: "sk_test_EXAMPLE_REDACTED" detected in source
→ Move to environment variable, rotate credential immediately
[HIGH] ./src/auth/session.ts:34
Session token generated with Math.random() — not cryptographically secure
→ Replace with crypto.randomBytes(32).toString('hex')
[MEDIUM] ./src/auth/middleware.ts:15
JWT verification missing audience claim check
→ Add { audience: 'your-app-id' } to verify options
Summary: 1 critical, 1 high, 1 medium across 4 files
Full results → .ecc/audit.dbThe agent’s output is scoped, structured, and immediately actionable. Every finding includes a file, line number, description, and concrete remediation step.
AgentShield: The Built-In Security Scanner
Why AI-Generated Code Needs Its Own Security Layer
Language models routinely produce code containing insecure patterns. Research from Stanford (2022) and subsequent studies have documented that LLM-generated code contains security vulnerabilities at a higher rate than human-written code, with developers using AI assistants more likely to introduce issues like SQL injection via string concatenation, hardcoded secrets, improper authentication flows, missing input validation, and insecure cryptographic defaults. Traditional SAST tools such as Semgrep, Gitleaks, and Bandit cover many of these patterns. AgentShield complements them with rules calibrated to patterns that appear more often in LLM-generated output than in human-written code: overreliance on insecure defaults, predictable placeholder secrets, and incomplete authentication flows that models tend to produce when generating boilerplate.
AgentShield complements them with rules calibrated to patterns that appear more often in LLM-generated output than in human-written code: overreliance on insecure defaults, predictable placeholder secrets, and incomplete authentication flows that models tend to produce when generating boilerplate.
What 1,282 Tests Actually Cover
The 1,282 tests in AgentShield are organized across several categories: injection vectors (SQL, NoSQL, command injection, XSS), secret leakage (API keys, tokens, passwords in source), dependency vulnerabilities (known CVEs in imported packages, checked against the OSV database on each scan), insecure defaults (weak cryptographic algorithms, permissive CORS, missing security headers), and a mapping to the OWASP Top 10. Teams extend the test suites with custom tests for domain-specific patterns, such as PCI-DSS compliance checks for payment code or HIPAA-relevant data handling patterns for health tech.
You can verify the test count in your installed version:
ecc scan --list-tests | grep -c '.'Running the Scanner and Reading Results
AgentShield runs automatically as a hook, firing after every code generation event, or on manual invocation. The output goes to three destinations: the SQLite audit log for persistent records, a terminal summary for immediate review, and an optional CI-compatible export format for pipeline integration.
Each AgentShield scan may invoke API calls to the underlying language model. For large projects, monitor usage and consider running --full scans on a schedule rather than on every generation event.
$ ecc scan --full
── AgentShield Full Scan ────────────────────────────────
Project: ./my-app (127 files, 8,491 lines)
Tests run: 1,282
┌──────────┬───────┬─────────────────────────────────────┬──────────────────┬──────┐
│ Severity │ Count │ Category │ File │ Line │
├──────────┼───────┼─────────────────────────────────────┼──────────────────┼──────┤
│ CRITICAL │ 1 │ Secret Leakage │ src/config.ts │ 12 │
│ HIGH │ 3 │ Injection Vector (SQL) │ src/db/query.ts │ 45 │
│ HIGH │ 1 │ Insecure Crypto (MD5 for passwords) │ src/auth/hash.ts │ 29 │
│ MEDIUM │ 4 │ Missing Input Validation │ src/api/users.ts │ 78 │
│ LOW │ 7 │ Insecure Defaults │ (multiple) │ -- │
│ INFO │ 12 │ Best Practice Suggestions │ (multiple) │ -- │
└──────────┴───────┴─────────────────────────────────────┴──────────────────┴──────┘
Passed: 1,254 / 1,282 tests
Findings: 28 (1 critical, 4 high (3 SQL injection + 1 insecure crypto), 4 medium, 7 low, 12 info)
Audit logged → .ecc/audit.db
CI export → .ecc/reports/scan-2025-07-15.jsonThe results table includes severity, category, file, line, and actionable recommendations for each finding. The JSON export integrates directly into CI pipelines for gated deployments.
Customizing ECC: Writing Your Own Agents, Skills, and Rules
Creating a Custom Agent
The built-in agents cover common engineering tasks, but teams inevitably have domain-specific needs. A fintech company might need a @payments-reviewer agent that understands PCI-DSS requirements. A healthcare startup might need a @hipaa-auditor. Custom agents are defined in YAML files placed in the .ecc/agents/ directory.
The YAML filename (without .yaml) must match the name: field in the agent definition. For example, api-reviewer.yaml must contain name: api-reviewer. A mismatch will prevent ECC from resolving the agent.
Adding Custom Skills
A skill is a reusable prompt module with defined input/output contracts. To create a custom skill, you specify what the skill does, what inputs it accepts, what output format it produces, and which agents can use it. A single skill can serve multiple agents: a rate-limit-check skill might be used by both @api-reviewer and @security-reviewer.
Defining Project-Specific Rules and Hooks
Rules encode team policies: “All API endpoints must have rate limiting,” “No raw SQL in controller files,” “Database migrations require a rollback script.” Hooks automate enforcement: trigger a security scan on every code generation event, auto-format output before commit, or integrate with external notification systems when a critical finding is detected.
Here is a complete custom agent definition:
agent:
name: api-reviewer
description: "Reviews API endpoints for consistency, security, and performance"
system_prompt: |
You are a senior API engineer reviewing endpoint implementations.
Enforce RESTful conventions, validate input/output schemas, check
for rate limiting, verify authentication middleware is applied,
and flag N+1 query patterns. Provide severity ratings for all findings.
skills:
- rate-limit-check
- schema-validation
- auth-middleware-audit
- n-plus-one-detection
rules:
- require-rate-limiting-on-public-endpoints
- enforce-json-schema-responses
hooks:
post-review:
- auto-run-agentshield-scan
output:
format: structured
include_line_references: true
severity_scale: [critical, high, medium, low, info]
skill:
name: rate-limit-check
description: "Verifies rate limiting is configured on API endpoints"
input: source_file
output:
type: finding_list
fields: [endpoint, has_rate_limit, recommendation]
rule:
name: require-rate-limiting-on-public-endpoints
severity: high
description: "All public-facing API endpoints must have rate limiting middleware"
applies_to: [api-reviewer, security-reviewer]
trigger: "Endpoint handler missing rate limiting middleware"New agent files are picked up on the next ecc command invocation. If running ECC as a background process, run ecc reload to apply changes immediately.
Using ECC Across Multiple Harnesses
Configuring for Cursor, Codex CLI, and OpenCode
Switching the target harness requires a single configuration change. Choose exactly one of the following options — do not run them sequentially, as each ecc init will overwrite config.yaml:
ecc init --harness claude-code
Alternatively, the harness target can be set in .ecc/config.yaml. Agents, skills, rules, and the AgentShield scanner carry over entirely. The primary harness-specific differences are in slash command syntax and how ECC communicates with the underlying tool. ECC’s abstraction layer handles these translations, so the team’s engineering standards remain consistent regardless of individual tool preference.
Team Workflows: Sharing ECC Configurations via Git
Committing the .ecc/ directory (excluding audit.db) to the repository means every team member inherits the same agents, rules, security policies, and scanner configuration. Ensure .ecc/audit.db is listed in your .gitignore as described in the Installation Walkthrough section above.
This version-controls the team’s AI engineering standards alongside the codebase itself. When a new rule is added or an agent is updated, the change propagates through normal pull request and merge workflows.
Where ECC Fits in a Production Engineering Workflow
CI/CD Integration Points
ECC scans run in GitHub Actions or any CI environment with Node.js and Python available. The JSON export from AgentShield integrates as a quality gate: fail the build on critical or high severity findings, surface medium findings as warnings. The SQLite audit log provides a compliance trail documenting every AI-assisted code generation and review event.
Limitations and What ECC Doesn’t Replace
ECC structures and governs AI-assisted development, but it does not upgrade the underlying model. If the language model produces architecturally flawed designs, ECC’s agents can flag surface-level issues but cannot substitute for human judgment on system design. Architectural decisions, trade-off analysis, and business logic validation remain human responsibilities.
ECC is an early-stage open-source project. Breaking changes should be expected between releases. The agent and skill APIs may evolve, and teams adopting ECC should pin versions and review changelogs before upgrading.
Verification
After installation, verify your setup:
ecc --version
find .ecc/agents/ -maxdepth 1 -name "*.yaml" | wc -l
find .ecc/skills/ -maxdepth 1 -name "*.yaml" | wc -l
ecc scan --list-tests | grep -c '.'
sqlite3 .ecc/audit.db "SELECT sqlite_version();" Key Takeaways and Next Steps
For teams shipping AI-assisted code to production, the fastest way to evaluate ECC is to run it against an existing module and compare its findings against your current SAST output. The path to adoption is incremental: install ECC on a side project, run /ecc:review on an existing file from within the Claude Code interface, examine the structured output, and then customize one agent for the team’s specific conventions. The ECC GitHub repository contains full documentation, the AgentShield test suite reference, and examples for all supported harnesses. Check the project’s official documentation for the current repository URL and installation instructions.
