Three things worth knowing
- ECC, an open-source "agent harness operating system," reached version 2.0.0 and now has 224k GitHub stars and 289 contributors.
- It packages skills, agents, hooks, and security tooling that run across Claude Code, Cursor, Codex, OpenCode, and several other coding agents, all from a single repository.
- A recent audit cut the default MCP servers from six to one, trading bundled connectors for lighter CLI-wrapped skills, a sign of how tight context budgets are getting.
If you use more than one AI coding agent, you've probably already hit this: the security rules you wrote for Claude Code don't carry over to Cursor, the TDD workflow you tuned in Codex doesn't exist in OpenCode, and you're maintaining three or four versions of the same config because none of these tools talk to each other.
ECC is built on the bet that most serious teams won't standardize on a single harness, so the config layer should be the thing shared instead.

What Happened
ECC reached its 2.0.0 stable release, which the project frames as a complete system rather than a config pack: 67 agents, 277 skills, and 92 legacy command shims, plus a Rust control-plane prototype sitting in the ecc2/ directory as an early alpha. The full repository is at affaan-m/ECC.
The repository is MIT-licensed and distributed through the npm packages ecc-universal and ecc-agentshield, a ecc@ecc plugin slug, and a GitHub App for private repos. It now stands at 224k stars, 34.3k forks, and 289 contributors. Recent commits lean heavily into security hardening and Windows compatibility, which tracks with a single maintainer shipping across seven harnesses every week.
Key Features
- Cross-harness install targets: One repo ships adapters for Claude Code, Cursor, Codex, OpenCode, Zed, Gemini, and GitHub Copilot. A DRY adapter pattern in
.cursor/hooks/adapter.jstransforms Cursor's hook format into Claude Code's, so the same scripts run in both without duplication. - Selective install via profiles:
npx ecc-install --profile minimal --target claudeinstalls the core skills without the hooks runtime.npx ecc consult "security reviews"returns matching components before you commit to anything. - AgentShield security auditor:
npx ecc-agentshield scanchecks CLAUDE.md,settings.json, MCP configs, and hooks across secrets detection, permission auditing, and hook injection analysis. The--opusflag runs a red-team, blue-team, and auditor pipeline against your setup. - GateGuard runtime guards: Blocks destructive shell commands before they run, including
rm, forcedgit checkouts, and destructivefind -execcalls. - Continuous learning v2: Instinct-based pattern extraction with confidence scoring.
/instinct-status,/evolve, and/instinct-importmanage what the system has learned and cluster it into reusable skills. - Token controls: Environment flags like
ECC_HOOK_PROFILE=minimal|standard|stricttune context usage without directly modifying hook files.
Why It Matters
Most teams running AI agents end up using more than one. Deep refactors in Claude Code, inline edits in Cursor, CLI tasks in Codex. Maintaining separate rules, security checks, and workflows for each one gets old fast, and the configs drift out of sync the moment someone updates one and forgets the others.
ECC centralizes that. Write your rules once, install the language packs you actually need, and the same standards follow you across tools instead of living in three different places that quietly disagree with each other.
The MCP connector, cut from six defaults to one, is the detail I'd flag for anyone watching context budgets. Each MCP tool description eats tokens from your context window before you've written a single prompt. Trading five bundled servers for CLI-wrapped skills is a real trade-off, not a cosmetic one, and it's the kind of decision that only makes sense once your context window starts feeling tight on a regular basis.
Example Use Case
Say you run a Next.js app and want a security review baked into your workflow without hand-rolling one. Install the minimal profile for Claude Code, then add the security capability:
Copy the TypeScript rules into your own namespace:
Now run /security-scan in Claude Code to invoke the security reviewer on your config, or run npx ecc-agentshield scan --fix to auto-fix safe issues. The same rules apply if you later open the project in Cursor, since both tools read from AGENTS.md at the repo root.
Competitive Context
Cursor and Claude Code solve different parts of the same problem, and ECC sits on top of both rather than competing with either. Cursor has more hook events (15 versus Claude Code's 8) and a beforeSubmitPrompt hook that catches leaked secrets in prompts before they reach any destination. Claude Code leads in raw component count in ECC's own comparison table: 67 agents and 277 skills, compared to OpenCode's 12 agents and 37 skills.
The actual gap ECC fills is portability. Claude Code is the primary target, but the project exports the same configs so they run in Cursor's project layout, Codex's config.toml, and OpenCode's opencode.json. Codex still doesn't support Claude-style hooks, so ECC falls back to instruction-based enforcement through AGENTS.md there instead. No individual vendor is solving this cross-tool coordination problem right now, which is exactly the gap ECC is filling.
My Take
224k stars on a project maintained largely by one person is the kind of number that should make you ask what's actually driving it. The answer here looks like genuine pain: teams are really running multiple agents and are tired of maintaining duplicate configs.
What I'd want to see before adopting this for a whole team: how it holds up when the underlying harnesses change their hook APIs or config formats, since a project bridging seven different tools has seven different places where an upstream change can break something. The selective install path makes that risk manageable, since you're not forced to take the whole system at once.
The New Code Review Workflow for AI-Native Engineering Teams
See how leading teams keep code review fast and rigorous as AI writes more of the code.
Written by

Ani Galstian
Technical Writer
Ani writes about enterprise-scale AI coding tool evaluation, agentic development security, and the operational patterns that make AI agents reliable in production. His guides cover topics like AGENTS.md context files, spec-as-source-of-truth workflows, and how engineering teams should assess AI coding tools across dimensions like auditability and security compliance