Skip to content
Book demo
Back to Learn

ECC Hits 224k Stars: One Agent Config for Every Harness You Use

Jun 30, 2026
Ani Galstian
Ani Galstian
ECC Hits 224k Stars: One Agent Config for Every Harness You Use

Three things worth knowing

  • ECC, an open-source "agent harness operating system," reached version 2.0.0 and now has 224k GitHub stars and 289 contributors.
  • It packages skills, agents, hooks, and security tooling that run across Claude Code, Cursor, Codex, OpenCode, and several other coding agents, all from a single repository.
  • A recent audit cut the default MCP servers from six to one, trading bundled connectors for lighter CLI-wrapped skills, a sign of how tight context budgets are getting.

If you use more than one AI coding agent, you've probably already hit this: the security rules you wrote for Claude Code don't carry over to Cursor, the TDD workflow you tuned in Codex doesn't exist in OpenCode, and you're maintaining three or four versions of the same config because none of these tools talk to each other.

ECC is built on the bet that most serious teams won't standardize on a single harness, so the config layer should be the thing shared instead.

The affaan-m/ECC GitHub repository showing 224k stars, 34.3k forks, and a directory listing including the skills, agents, and rules folders.

What Happened

ECC reached its 2.0.0 stable release, which the project frames as a complete system rather than a config pack: 67 agents, 277 skills, and 92 legacy command shims, plus a Rust control-plane prototype sitting in the ecc2/ directory as an early alpha. The full repository is at affaan-m/ECC.

The repository is MIT-licensed and distributed through the npm packages ecc-universal and ecc-agentshield, a ecc@ecc plugin slug, and a GitHub App for private repos. It now stands at 224k stars, 34.3k forks, and 289 contributors. Recent commits lean heavily into security hardening and Windows compatibility, which tracks with a single maintainer shipping across seven harnesses every week.

Key Features

  • Cross-harness install targets: One repo ships adapters for Claude Code, Cursor, Codex, OpenCode, Zed, Gemini, and GitHub Copilot. A DRY adapter pattern in .cursor/hooks/adapter.js transforms Cursor's hook format into Claude Code's, so the same scripts run in both without duplication.
  • Selective install via profiles: npx ecc-install --profile minimal --target claude installs the core skills without the hooks runtime. npx ecc consult "security reviews" returns matching components before you commit to anything.
  • AgentShield security auditor: npx ecc-agentshield scan checks CLAUDE.md, settings.json, MCP configs, and hooks across secrets detection, permission auditing, and hook injection analysis. The --opus flag runs a red-team, blue-team, and auditor pipeline against your setup.
  • GateGuard runtime guards: Blocks destructive shell commands before they run, including rm, forced git checkouts, and destructive find -exec calls.
  • Continuous learning v2: Instinct-based pattern extraction with confidence scoring. /instinct-status, /evolve, and /instinct-import manage what the system has learned and cluster it into reusable skills.
  • Token controls: Environment flags like ECC_HOOK_PROFILE=minimal|standard|strict tune context usage without directly modifying hook files.

Why It Matters

Most teams running AI agents end up using more than one. Deep refactors in Claude Code, inline edits in Cursor, CLI tasks in Codex. Maintaining separate rules, security checks, and workflows for each one gets old fast, and the configs drift out of sync the moment someone updates one and forgets the others.

ECC centralizes that. Write your rules once, install the language packs you actually need, and the same standards follow you across tools instead of living in three different places that quietly disagree with each other.

The MCP connector, cut from six defaults to one, is the detail I'd flag for anyone watching context budgets. Each MCP tool description eats tokens from your context window before you've written a single prompt. Trading five bundled servers for CLI-wrapped skills is a real trade-off, not a cosmetic one, and it's the kind of decision that only makes sense once your context window starts feeling tight on a regular basis.

Example Use Case

Say you run a Next.js app and want a security review baked into your workflow without hand-rolling one. Install the minimal profile for Claude Code, then add the security capability:

bash
npx ecc consult "security reviews" --target claude
npx ecc install --profile minimal --target claude

Copy the TypeScript rules into your own namespace:

bash
mkdir -p ~/.claude/rules/ecc
cp -R rules/common ~/.claude/rules/ecc/
cp -R rules/typescript ~/.claude/rules/ecc/

Now run /security-scan in Claude Code to invoke the security reviewer on your config, or run npx ecc-agentshield scan --fix to auto-fix safe issues. The same rules apply if you later open the project in Cursor, since both tools read from AGENTS.md at the repo root.

Competitive Context

Cursor and Claude Code solve different parts of the same problem, and ECC sits on top of both rather than competing with either. Cursor has more hook events (15 versus Claude Code's 8) and a beforeSubmitPrompt hook that catches leaked secrets in prompts before they reach any destination. Claude Code leads in raw component count in ECC's own comparison table: 67 agents and 277 skills, compared to OpenCode's 12 agents and 37 skills.

Open source
augmentcode/augment.vim610
Star on GitHub

The actual gap ECC fills is portability. Claude Code is the primary target, but the project exports the same configs so they run in Cursor's project layout, Codex's config.toml, and OpenCode's opencode.json. Codex still doesn't support Claude-style hooks, so ECC falls back to instruction-based enforcement through AGENTS.md there instead. No individual vendor is solving this cross-tool coordination problem right now, which is exactly the gap ECC is filling.

My Take

224k stars on a project maintained largely by one person is the kind of number that should make you ask what's actually driving it. The answer here looks like genuine pain: teams are really running multiple agents and are tired of maintaining duplicate configs.

What I'd want to see before adopting this for a whole team: how it holds up when the underlying harnesses change their hook APIs or config formats, since a project bridging seven different tools has seven different places where an upstream change can break something. The selective install path makes that risk manageable, since you're not forced to take the whole system at once.

[ Coming up next ]

The New Code Review Workflow for AI-Native Engineering Teams

See how leading teams keep code review fast and rigorous as AI writes more of the code.

Save your seat
Thu, Jul 9 // 9:45 AM PDT

Written by

Ani Galstian

Ani Galstian

Technical Writer

Ani writes about enterprise-scale AI coding tool evaluation, agentic development security, and the operational patterns that make AI agents reliable in production. His guides cover topics like AGENTS.md context files, spec-as-source-of-truth workflows, and how engineering teams should assess AI coding tools across dimensions like auditability and security compliance

Get Started

Give your codebase the agents it deserves

Install Augment to get started. Works with codebases of any size, from side projects to enterprise monorepos.