Skip to content

fix(plan-orchestrate): detect ecc@ecc marketplace + emit ecc: agent prefix (#2316)#2409

Open
devin-ai-integration[bot] wants to merge 3 commits into
mainfrom
devin/1782858420-ecc-namespace-rename
Open

fix(plan-orchestrate): detect ecc@ecc marketplace + emit ecc: agent prefix (#2316)#2409
devin-ai-integration[bot] wants to merge 3 commits into
mainfrom
devin/1782858420-ecc-namespace-rename

Conversation

@devin-ai-integration

@devin-ai-integration devin-ai-integration Bot commented Jun 30, 2026

Copy link
Copy Markdown

What Changed

Fixes the stale marketplace identifier in the model-facing skill/command docs. After the 2.0.0 rename to ecc@ecc, the plugin installs to ~/.claude/plugins/marketplaces/ecc/ and agents register under the ecc: namespace — but these docs still referenced the old everything-claude-code name, so the model emitted unresolvable prefixes.

  • skills/plan-orchestrate/SKILL.md (plan-orchestrate: stale ECC install detection after marketplace rename to ecc@ecc #2316): Phase 0 detection now matches <claude-home>/plugins/marketplaces/ecc/, and Phase 4 output emits /ecc:orchestrate + ecc:<name> instead of the old everything-claude-code: forms. Version label updated to 2.0.0+.
  • skills/team-builder/SKILL.md: plugin-agent naming examples updated to ecc: (e.g. ecc:architect, ecc:security-reviewer).
  • commands/security-scan.md: frontmatter agent: updated to ecc:security-reviewer.

The inline plugin-root resolvers in hooks/hooks.json, commands/sessions.md, commands/auto-update.md, etc. already probe both ecc and the legacy everything-claude-code names, so they were left untouched. Repo-URL references (github.com/affaan-m/everything-claude-code) were deliberately not changed.

Note: This branch also carries the CI-health commits from #2408 (lockfile resync to eslint 10 + Yarn 4 format, pyyaml dev dep, Windows bash-probe status === 0 fix) because main is currently red without them — npm ci / Python collection / Lint all fail on the base branch. These commits are identical to #2408's and will de-duplicate when both merge. They are not part of the #2316 fix itself.

Why This Change

Under the plugin install, agents register as ecc:tdd-guide. With the old prefix in the skill, plan-orchestrate Phase 0 failed to detect the plugin install and defaulted to legacy bare names (> Warning: could not detect ECC install; defaulting to legacy form.), which fail to resolve under the plugin namespace.

Testing Done

  • Automated tests pass locally (node tests/run-all.js) — 2946/2946
  • validate-skills.js (277), validate-commands.js (92), catalog:check all pass
  • npm ci + npm run lint (eslint + markdownlint) pass
  • All 44 CI checks green on this PR
  • Edge cases considered (legacy bare-install path unchanged; resolver fallbacks untouched)

Type of Change

  • fix: Bug fix

Security & Quality Checklist

  • No secrets or API keys committed
  • JSON files validate cleanly
  • Follows conventional commits format

Documentation

  • Updated relevant documentation (skill + command docs)

Link to Devin session: https://app.devin.ai/sessions/408d7d92c162491d98c736d2a144a96c

…refix (#2316)

Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
@devin-ai-integration devin-ai-integration Bot requested a review from affaan-m as a code owner June 30, 2026 22:28
@devin-ai-integration

Copy link
Copy Markdown
Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment, CI, and merge conflict monitoring
affaan-m and others added 2 commits June 30, 2026 22:29
…n.lock to Yarn 4 format

package.json requires eslint@^10.6.0 but the committed locks pinned 9.39.2, so
npm ci aborted and Yarn 4 hardened mode rejected the stale v1-classic yarn.lock
(YN0028). Regenerate package-lock.json and rewrite yarn.lock in Yarn 4 (berry)
format so npm ci and immutable yarn installs both pass.

Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
…dd pyyaml dev dep

Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
@ecc-tools

ecc-tools Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

ECC bundle files are already tracked in this repository. Skipping generation of another bundle PR.

@greptile-apps

greptile-apps Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR updates ECC routing docs and tool metadata for the new marketplace namespace. The main changes are:

  • security-scan now routes to ecc:security-reviewer.
  • plan-orchestrate now detects marketplaces/ecc/ and emits ecc: commands.
  • team-builder examples now use ecc: plugin agents.
  • Hook shell probing now requires a clean probe exit.
  • Dev dependency metadata was refreshed.

Confidence Score: 4/5

The namespace migration needs compatibility fixes before merging cleanly.

  • Existing legacy plugin installs can be misdetected as bare installs.
  • Older plan documents can keep the old prefixed agent name and fail catalogue validation.
  • Strict Node engine installs can fail after the ESLint dependency refresh.

skills/plan-orchestrate/SKILL.md, commands/security-scan.md, package metadata

Important Files Changed

Filename Overview
commands/security-scan.md Updates the frontmatter agent to the new ecc: namespace, with a possible legacy exact-match routing break.
scripts/hooks/plugin-hook-bootstrap.js Requires candidate shells to exit cleanly during probing, which avoids accepting broken WSL bash stubs.
skills/plan-orchestrate/SKILL.md Updates detection and output to ecc:, but drops legacy marketplace-path and prefix handling in the model-facing algorithm.
skills/team-builder/SKILL.md Updates examples to the new ecc: namespace while keeping generic plugin-name parsing.
pyproject.toml Adds pyyaml to Python development extras.
package-lock.json Refreshes ESLint dependencies to versions that require newer Node than the package metadata advertises.

Reviews (1): Last reviewed commit: "fix(ci): require clean probe exit for Wi..." | Re-trigger Greptile

1. Read `<plan-doc-path>`. If missing or empty, report and stop.
2. Detect ECC install form once and freeze it into `ECC_MODE`. Algorithm (run in order, stop at the first match):
1. If `<claude-home>/plugins/marketplaces/everything-claude-code/` exists → `ECC_MODE=plugin`.
1. If `<claude-home>/plugins/marketplaces/ecc/` exists → `ECC_MODE=plugin`.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Legacy Plugin Path Missed

When an existing install still lives under ~/.claude/plugins/marketplaces/everything-claude-code/, this check no longer detects plugin mode. The skill then falls back to legacy output and emits bare /orchestrate commands, so plugin-registered agents are not resolved reliably.

Suggested change
1. If `<claude-home>/plugins/marketplaces/ecc/` exists → `ECC_MODE=plugin`.
1. If `<claude-home>/plugins/marketplaces/ecc/` or `<claude-home>/plugins/marketplaces/everything-claude-code/` exists → `ECC_MODE=plugin`.

Rule Used: Review for prompt injection, tool-permission creep... (source)

- `lang=unknown` is a sentinel — it is **not** an agent name. Phase 2 rules 4 and 5 turn it into `code-reviewer` / `build-error-resolver` at chain composition time.
4. Detect a **PyTorch sub-profile**: when `lang=python` and any of `pyproject.toml` / `requirements.txt` / `uv.lock` declares a dependency on `torch`, set `pytorch=true`. This only affects `build` chain selection (Phase 2 rule below); the reviewer remains `python-reviewer`.
5. **Normalize any agent names declared in the plan**: if the plan text references agents by their plugin-prefixed form (e.g. `everything-claude-code:tdd-guide`), strip the prefix to get the bare catalogue name before validating or composing chains. Re-prefixing happens only at output time per `ECC_MODE` (Phase 4). Never let a pre-prefixed name flow into chain composition — it would double-prefix in plugin mode.
5. **Normalize any agent names declared in the plan**: if the plan text references agents by their plugin-prefixed form (e.g. `ecc:tdd-guide`), strip the prefix to get the bare catalogue name before validating or composing chains. Re-prefixing happens only at output time per `ECC_MODE` (Phase 4). Never let a pre-prefixed name flow into chain composition — it would double-prefix in plugin mode.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Legacy Prefix Remains Unnormalized

Plans written before the rename can still declare agents such as everything-claude-code:tdd-guide. This instruction now only names ecc:, so the old prefixed value can reach catalogue validation as a non-catalogue agent and produce an invalid or replaced chain.

Suggested change
5. **Normalize any agent names declared in the plan**: if the plan text references agents by their plugin-prefixed form (e.g. `ecc:tdd-guide`), strip the prefix to get the bare catalogue name before validating or composing chains. Re-prefixing happens only at output time per `ECC_MODE` (Phase 4). Never let a pre-prefixed name flow into chain composition — it would double-prefix in plugin mode.
5. **Normalize any agent names declared in the plan**: if the plan text references agents by their plugin-prefixed form (e.g. `ecc:tdd-guide` or `everything-claude-code:tdd-guide`), strip the prefix to get the bare catalogue name before validating or composing chains. Re-prefixing happens only at output time per `ECC_MODE` (Phase 4). Never let a pre-prefixed name flow into chain composition — it would double-prefix in plugin mode.

Rule Used: Review for prompt injection, tool-permission creep... (source)

Comment thread commands/security-scan.md
---
description: Run AgentShield against agent, hook, MCP, permission, and secret surfaces.
agent: everything-claude-code:security-reviewer
agent: ecc:security-reviewer

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Legacy Agent Routing Breaks

If Claude Code resolves command frontmatter agents by exact registered name, users with a legacy marketplace install that registers everything-claude-code:security-reviewer no longer have an agent matching this new ecc:security-reviewer value. In that state, /security-scan cannot route to its intended reviewer and can fail before running AgentShield.

Rule Used: Review for prompt injection, tool-permission creep... (source)

Comment thread package-lock.json
Comment on lines 944 to 948
"eslint": "bin/eslint.js"
},
"engines": {
"node": "^18.18.0 || ^20.9.0 || >=21.1.0"
"node": "^20.19.0 || ^22.13.0 || >=24"
},

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Node Engine Contract Diverges

The committed dependency now requires Node ^20.19.0 || ^22.13.0 || >=24, while the package metadata still advertises Node >=18 and the CI matrix includes Node 18 installs. Developers or CI jobs using strict engine checks on Node 18 can fail during install or when running the lint script.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant