Everything Claude Code (ECC) is an 🏷️#open-source 📝agent harness performance optimization system built on top of 📝Claude Code, providing a structured plugin layer of specialized agents, skills, hooks, rules, and 📝MCP configurations that extends Claude Code from a single-session assistant into a persistent multi-agent development system.
ECC was created by Affaan Mustafa, a 📝San Francisco, CA-based developer who won the 📝Anthropic x Cerebral Valley hackathon in February 2026. After the win, he open-sourced the configuration system he had been refining for ten months of daily production use. The repo crossed 164,000 📝GitHub stars within weeks of launch, making it the fastest-growing developer tooling repository of its release window. It is 📝MIT licensed and freely installable. A commercial GitHub App layer (ECC Tools) adds private repo scanning, auto-triggered audits, and team rollout support at $19/month per seat.
Key Facts
- Category: Claude Code plugin / agent harness framework
- Origin: Open-sourced January 2026; born from a February 2026 Anthropic hackathon win
- Creator: Affaan Mustafa
- Home: github.com/affaan-m/everything-claude-code
- License: MIT
- Scale: 156 skills, 38 agents, 72 legacy command shims, 1,282 security tests
- Ecosystem: Claude Code, Codex, Cursor, OpenCode, Gemini CLI
How It Works
ECC installs as a Claude Code plugin and operates across four layers. The rules layer encodes behavioral constraints and stack-specific conventions into Claude Code's context. The agents layer provides 38 specialized subagents — planner, architect, security reviewer, TDD guide, language-specific reviewers for TypeScript, Python, Go, Java, Kotlin, Rust, and C++ — each with defined scope boundaries. The skills layer provides 156 reusable workflow modules that trigger automatically when relevant context is detected, covering development lifecycle from brainstorming through deployment. The hooks layer fires lifecycle scripts at session start, stop, and on tool use events, handling session summaries, context compaction, and security checks without manual intervention.
AgentShield is ECC's purpose-built security scanner. It runs 1,282 tests at 98% coverage across 102 static analysis rules, scanning CLAUDE.md, settings.json, MCP configs, hooks, and agent definitions. The --opus flag escalates to a three-agent red-team/blue-team/auditor pipeline using Claude Opus, where one agent finds exploit chains, one evaluates existing defenses, and a third synthesizes a prioritized risk report. It targets the attack surface specific to agentic systems: prompt injection, hook injection, over-broad permissions, MCP server risk, and secrets exposure.
NanoClaw v2 is the built-in orchestration layer, handling model routing (auto-selecting the appropriate Claude model per task), skill hot-loading, and session management including branching, export, compaction, and cost metrics.
Hook runtime controls introduced in v1.8.0 allow profile selection via ECC_HOOK_PROFILE=minimal|standard|strict and per-hook disabling via ECC_DISABLED_HOOKS, enabling overhead tuning without editing config files directly.
Why It Matters
The core problem ECC addresses is that Claude Code ships with no persistent configuration, no memory of prior sessions, and no enforced workflows. Every project starts from scratch. ECC converts that per-project overhead into a shared, version-controlled system that travels across sessions and repos. The security scanning component (AgentShield) addresses a structural shift in the threat model: repository configuration files, which were historically passive metadata, now control active execution paths in agentic systems. Two CVEs disclosed by Check Point Research in February 2026 — CVE-2025-59536 (CVSS 8.7) and CVE-2026-21852 — demonstrated that simply cloning and opening an untrusted project in Claude Code could result in remote code execution and API key theft. AgentShield is one of the few tools scanning for this class of vulnerability in agent-specific configurations.
FAQ
What is the difference between ECC, Superpowers, and gstack?
ECC is the largest and most comprehensive of the three, with 156 skills, 38 agents, 170+ contributors, and dedicated security tooling. 📝Superpowers (obra/superpowers) is a single-maintainer methodology-focused plugin emphasizing mandatory workflow enforcement — TDD, git worktrees, subagent dispatch — with a tighter, more opinionated surface area. 📝gstack (garrytan/gstack) is Garry Tan's personal config, smallest in scope, organized around a sprint-sequence model (Think → Plan → Build → Review → Test → Ship → Reflect), designed for a solo founder shipping like a team.
Is ECC safe to install?
ECC installs hooks that execute shell commands on your machine with your filesystem permissions. The 170+ contributor graph means trusting a larger set of people than single-maintainer alternatives. The recommended posture: read hook files before installing, pin to a specific commit hash rather than tracking main, disable auto-updates, and run AgentShield against ECC's own hooks before allowing them to fire. The ECC_HOOK_PROFILE=minimal flag reduces hook surface area significantly.
Does ECC work with tools other than Claude Code?
Yes. ECC provides parallel configuration directories for Claude Code, Cursor (.cursor/), OpenCode (.opencode/), Codex (AGENTS.md-based), and Gemini CLI. The same agents, skills, and rules are designed to transfer across harnesses without reauthoring.
How does AgentShield relate to ECC?
AgentShield is ECC's bundled security scanner, invocable via /security-scan inside Claude Code or npx ecc-agentshield scan from the command line. It is also available as a standalone npm package. The --opus flag runs a three-model red-team pipeline. Output formats include terminal, JSON (for CI/CD integration), Markdown, and HTML.