Ever had three AI coding agents installed — Claude Code for backend, Codex for prototyping, Cursor for frontend — and realized they each have their own configs, skills, memory, and security posture? You’re not running three tools. You’re managing three separate operating systems, and none of them talk to each other.
But that’s the gap ECC fills. And with its v2.0.0 release eight days ago — rebranding from “Everything Claude Code” to ECC: The Agent Harness OS — it’s no longer just a Claude Code setup pack. It’s a universal layer that standardizes skills, security, memory, and workflow across every major AI coding harness.
And 217,000 GitHub stars. And 33,400 forks. 230+ contributors. Not vanity metrics — a community shipping production-grade agent infrastructure for over 10 months.
Quick Verdict
If you use more than one AI coding agent, it’ll save you hours of duplicated config work. If you’re a Claude Code power user, the AgentShield security scanner alone is worth the install. The learning curve is real (67 agents, 271 skills), but curated install paths make it manageable.
Best for: Multi-harness developers, teams standardizing agent workflows, and anyone wanting a security audit of their agent config.
Skip if: You use one agent for one language and don’t need shared skills or security scanning.
What Is ECC — And Why “Agent Harness OS” Matters
Here’s how I think about it: before operating systems, every program managed its own memory, disk I/O, and hardware. But ECC is the operating system for your AI coding agents.
Now, originally called “Everything Claude Code,” it started as a battle-tested config pack built from daily use. But over 2,166 commits and 230+ contributors, it evolved into something larger.
So v2.0.0 (June 10, 2026) marks the formal rebrand to ECC: The Agent Harness OS. But the key change? It’s no longer Claude Code-specific. The repo now ships:
- 67 agent definitions — specialized subagents for planning, code review, security, and more
- 271 skills — the primary workflow surface, replacing the old slash-command system
- 92 legacy command shims — for backward compatibility
- AgentShield — security scanner with 1,282 tests covering 102 static analysis rules
- Memory persistence hooks — auto save/load context across sessions
- Cross-harness support — Claude Code, Codex, Cursor, OpenCode, Gemini, Zed, Copilot
And I’ve been running Claude Code daily for months. And what struck me about ECC isn’t the star count — it’s the decision to make every feature harness-agnostic.
So ECC ships dedicated adapters for seven harnesses. And the .agents/ directory works across Claude Code, Codex, or Cursor. That’s not a config trick. That’s an OS.
Core Features — What You Actually Get
1. Cross-Harness Architecture
| Harness | Agents | Commands | Skills | Hooks | Rules | MCP |
|---|---|---|---|---|---|---|
| Claude Code | 67 | 92 | 271 | 8 events | 34 | 14 |
| Cursor IDE | Shared | Shared | Shared | 15 events | 34 | Shared |
| Codex CLI | Shared | Instruction | 10 native | None | Instruction | 7 |
| OpenCode | 12 | 35 | 37 | 11 events | 13 | Full |
| GitHub Copilot | N/A | 5 prompts | Via instructions | None | 1 file | N/A |
And the cross-tool file that ties it all together? A root AGENTS.md — read by Claude Code, Cursor, Codex, and OpenCode. One file to define your agent behavior across every harness.
2. Skills System (The Primary Workflow Surface)
Now, ECC v2.0.0 migrated from slash commands to a skill-based architecture. Skills define reusable workflows in markdown with YAML frontmatter. I spent about 20 minutes browsing after install, and the range surprised me:
- tdd-workflow — Red-Green-Improve cycle with 80%+ coverage enforcement
- security-review — Comprehensive OWASP-aligned checklist
- continuous-learning-v2 — Instinct-based learning that auto-extracts patterns from your sessions and clusters them into reusable skills
- article-writing — Long-form writing that avoids generic AI tone
- deep-research — Multi-source research with source attribution
And dozens more — from golang-patterns to postgres-patterns to frontend-slides.
3. AgentShield — Security Scanner
But this is the feature that made me install ECC on all my machines. AgentShield scans your Claude Code config for vulnerabilities — secrets in config files, hook injection risks, MCP server misconfigurations, and over-permissive agent definitions.
So I ran it on my main dev machine. So here’s what stood out:
npx ecc-agentshield scan
Output was color-graded A through F across five categories. And it found two things I’d missed — a stale API key in an old settings.json backup, and an MCP server pointing at an internal service with no auth. And both took about 30 seconds to fix with --fix.
The --opus flag runs three Claude Opus 4.6 agents in a red-team/blue-team/auditor pipeline. So I tried it on a fresh project config. And the attacker found an exploit chain I’d never have checked — a prompt injection path through a custom tool. Honest admission: that was uncomfortable, but I’m glad I saw it before shipping.
4. Memory Persistence and Continuous Learning
Now, ECC’s hook system saves session context across restarts. The continuous-learning-v2 skill takes this further — it extracts patterns from your sessions, assigns confidence scores, and evolves them into reusable “instincts.”
So I tested this on a week-long Rails migration project. After about 15 sessions, it learned my naming preferences and started suggesting them automatically. It’s subtle — not a “wow” feature — but after a few days, your agent needs less hand-holding. For a more hands-on comparison, my Claude Mem review covers a dedicated memory management approach — ECC’s hooks are more integrated but Claude Mem gives you finer-grained context control.
Getting Started — Installing ECC
So installation is straightforward. Two paths:
Path 1 — Plugin install (recommended for Claude Code users):
# Add ECC as a marketplace
/plugin marketplace add https://github.com/affaan-m/ECC
# Install the plugin
/plugin install ecc@ecc
Path 2 — Manual install (more control):
# Clone the repo
git clone https://github.com/affaan-m/ECC.git
cd ECC
# Minimal profile — just rules and core skills
npx ecc-install --profile minimal --target claude
So I went with the plugin path on my Ryzen 9 + 4090 dev workstation. The install took about 30 seconds. Then I ran ecc doctor — it detected Claude Code, Cursor, and Codex CLI automatically. A nice touch.
And one thing I appreciate: the README is explicit about not stacking install methods. If you install via plugin, don’t run the full installer. The project calls this out in bold, with a reset procedure if you layer them accidentally. That’s the kind of detail that tells you this repo is battle-tested.
ECC vs The Competition
But ECC operates in a crowded space — new agent skill frameworks pop up weekly. After using all three major ones, here’s how they stack up:
| Dimension | ECC | superpowers (obra) | agent-skills (addyosmani) |
|---|---|---|---|
| GitHub Stars | 217K★ | 231K★ | 62K★ |
| Scope | Full Agent Harness OS | Skill framework + methodology | Engineering skill packages (~7 skills) |
| Cross-Harness | ✅ Claude Code, Codex, Cursor, OpenCode, Gemini, Zed, Copilot | ❌ Claude Code primarily | ❌ Multi-tool but not OS layer |
| Security Scanning | ✅ AgentShield built-in | ❌ | ❌ |
| Memory/Context Persistence | ✅ Hooks + continuous learning v2 | ❌ | ❌ |
| Performance Optimization | ✅ Token optimization, model routing | ❌ | ❌ |
| SaaS Tier | ✅ ECC Tools ($19/seat/mo) | ❌ | ❌ |
| License | MIT | MIT | Apache 2.0 |
| Install Time | ~30 seconds (plugin) | ~2 minutes | ~1 minute |
Still, the headline comparison: agent-skills gives you great engineering habits (spec-first, TDD, review-before-merge). superpowers gives you a methodology for building agent skills. ECC gives you the full OS.
If you only use Claude Code for simple tasks, agent-skills will serve you well — I reviewed it a couple weeks back and still use the /spec workflow daily. But if you’re running multiple agents, managing context windows, shipping production code, and care about security, ECC is the only option that covers all those bases in one install.
What’s Good and What Isn’t
What I Liked
- AgentShield is genuinely useful. But I was skeptical of another security scanner, but it found real issues — not hypothetical ones. The
--opuspipeline is genuinely novel. - Cross-harness parity is real. So I tested the same skill workflow in both Claude Code and Cursor. It worked identically.
- Documentation quality. Still the README is a manifesto — install paths, migration notes, uninstall, reset. Every edge case anticipated.
- Massive skill catalog. 271 skills covering TDD to deployment to continuous learning. Unmatched breadth.
- Active development. Last commit 7 hours ago. 2,166 total. Not abandonware.
What Could Be Better
- Learning curve is real. 67 agents, 271 skills, 92 commands, 34 rules — it’s a lot. The
npx ecc consultadvisor helps, but first-timers should start with the minimal profile and add components gradually. - Multi-model commands need extra setup. The
multi-*commands require a separateccg-workflowruntime. The README warns in all caps, but it’s easy to miss. - Codex plugin mode is fragile. The README is honest —
openai/codex#26037. Plugin discovery works but runtime skill loading is unreliable. The manual sync flow works, but isn’t as smooth as the Claude Code experience. - No direct monetization path for the project. ECC is MIT licensed and free. $19/seat/mo ECC Tools Pro is a GitHub App for private repos — the main repo has no direct way for users to support it beyond Sponsors. A sustainability question, not a quality one.
Who Should Use ECC
Install ECC if:
- You use two or more AI coding agents (Claude Code + Codex, Claude Code + Cursor, etc.)
- You care about agent security and want a one-command audit of your config
- You want shared skills and memory across all your agents
- You’re a team standardizing on agent workflows
- You’re a Claude Code power user wanting more structure
Skip ECC if:
- You use one agent for one language and it’s working fine
- You don’t want to learn a new system on top of your agent
- You prefer minimal configs and simple setups
Pricing
ECC itself is free (MIT license). The paid tier is ECC Tools Pro — a hosted GitHub App for private repos:
| Tier | Price | Features |
|---|---|---|
| Free | $0 | Open source, MIT, all 271 skills, AgentShield |
| Pro | $19/seat/mo | GitHub App, private repo support, PR audits, advanced CI integration |
| Team | Custom | Team management, billing, support |
| Enterprise | Custom | SSO, audit logs, SLA |
So the free tier is feature-complete for individual developers. You pay for private repo integration and team features.
Final Verdict
So ECC started as a Claude Code config pack and evolved into a genuine operating system for AI coding agents. At 217K stars, with 230+ contributors and a weekly release cycle, it’s not a side project anymore.
And I installed it, ran AgentShield (it caught real issues), used the same skills across Claude Code and Cursor (it worked), and spent an afternoon browsing through 271 skills (barely scratched the surface). Still, the curated install paths and built-in advisor make the learning curve manageable.
Here’s my honest take: if you’re running multiple AI coding agents without ECC, you’re duplicating work. Cross-harness memory, shared skills, and security scanning alone justify the install. Start with the minimal profile, run ecc doctor, and add components as you need them.
And if you’re on one agent and want to understand what’s coming — this is where the ecosystem is heading: agent-agnostic, security-aware, and skill-driven.
Looking to level up your AI agent skills?
If you found this review useful, check out my earlier review of agent-skills — Addy Osmani’s 7 production-grade slash commands. Together they cover both the skill-level and system-level approaches to agent workflows.