Claude Code & ECC

Claude Code is Anthropic's terminal-first coding agent: it runs shell commands, edits files, and chains steps like a teammate at the keyboard, not a one-off chat in a sidebar. This page walks through how that works, why the open-source Everything Claude Code (ECC) repo matters, and how to think about skills, hooks, and safety without the jargon wall.

Why terminal-native agents

Old-school IDE autocomplete finishes your line. Agentic tools like Claude Code treat the repo and shell as the interface: read tree, run tests, apply patches, repeat. That means you can wire it into CI, scripts, and the same environments you already use.

Filesystem truth: the model sees real paths, not pasted snippets.
Repeatable runs: print mode (-p) and hooks make behavior closer to software than chat.
Guardrails: permissions and hooks let you block risky commands before they run.

Everything Claude Code (ECC)

ECC started from a Forum Ventures x Anthropic hackathon in NYC (Sept 2025): Affaan Mustafa and a teammate used early Claude Code configs to ship zenith.chat in about eight hours, took first place, and open-sourced the setup. The repo blew up: huge GitHub star counts and daily iteration turned it into the best-known "batteries included" layer on top of Claude Code.

By early 2026, ECC was framed as a full harness performance system, not a static dotfiles dump: dozens of agents, 100+ skills, hooks, selective install, and docs for Cursor, Codex, OpenCode, and more. Version 1.9.0 (March 2026) added manifest-driven installs and broader language coverage. Treat the README as the source of truth for version numbers; this page is the tour.

Takeaway: ECC is community infrastructure. You pick languages and profiles; scripts merge configs without forcing a monolithic copy-paste.

Install & sign-in

Install follows your OS package story; keep the CLI updated so hooks and plugins match what the docs assume.

macOS / Linux: Homebrew: brew install --cask claude-code, or curl installer from Anthropic.
Windows: PowerShell installer or winget install Anthropic.ClaudeCode.

Auth: Claude Pro / Teams, API keys via Console, or enterprise routing through Bedrock, Vertex, or Microsoft Foundry when you need data residency. Set the env vars the docs specify for each path so billing and regions stay predictable.

Handy CLI moves

These are the verbs people actually use day to day:

Command	What it does
`claude -p "task"`	One-shot "print" mode: runs and exits (great for scripts).
`claude --resume <id>`	Pick up a stored session from local persistence.
`/compact`	Shrink context on purpose at a clean breakpoint (see below).
MCP commands	Manage Model Context Protocol servers that add tools (DB, browser, etc.).

Newer builds add quality-of-life (remote env, background tasks, stricter gitignore). Check claude --help after upgrades.

Context window & MCP overhead

Claude Code runs with a large context budget (on the order of 200k tokens for the conversation layer). Everything counts: files, tool output, skills, system text, and every MCP server's tool definitions. ECC docs warn that piling on MCPs can eat a huge slice of that budget, sometimes on the order of 100k+ tokens for tool metadata alone, before you write a line of code.

Rule of thumb: keep fewer than ~10 MCP servers enabled per project unless you really need them. Fewer tools, more room for code and reasoning.

Play with MCP count (illustrative): each slider step adds mock "tool overhead." Real projects vary; this shows the shape of the tradeoff.

Simulated MCP servers: 0

Model + chat MCP overhead (simulated)

Strategic compaction

By default, auto-compaction can fire late in the session and truncate early messages, including the rules you set at the start. ECC pushes strategic compaction: run /compact after a natural break (research done, bug fixed, milestone merged) so you keep intent and delete noise on purpose.

ECC also nudges token hygiene: cap hidden "thinking" budgets where your settings allow, default to smaller models for routine edits, and reserve the heavy model for architecture or gnarly debugging. Same idea as turning off every browser tab you do not need.

Skills & progressive disclosure

A skill is a folder with a SKILL.md: YAML frontmatter plus instructions. The harness loads light metadata first (name + description, on the order of tens of tokens), then pulls the full body only when the task matches. That pattern is called progressive disclosure, and it is how you scale libraries of skills without stuffing the whole repo into every prompt.

Advanced skills can shell out with !`command` so the harness drops real command output into the prompt before the model answers. Forked sub-sessions (context: fork) keep noisy tasks isolated.

Example SKILL.md frontmatter sketch

---
name: rust-patterns
description: Idiomatic Rust error handling and tests for this repo.
---

When editing Rust here, prefer thiserror for errors and add tests with cargo nextest...

Agents & delegation

Agents are narrower personas (planner, reviewer, explorer, etc.) with scoped tools. ECC ships many of them so you can delegate: map the repo read-only first, plan, implement, then review. That mirrors how real teams split work and keeps any one prompt from pretending it is everything at once.

Example agent roles (illustrative)

Role	When to use it
Explorer	Read-only recon before you let anything touch disk.
Planner	Break a feature into ordered steps with files and risks called out.
Reviewer / security	Pre-merge pass for correctness and obvious security footguns.
Build fixer	Iterate on compiler or test output until green.

Good planner output often looks like phased work: smallest useful slice first, then happy path, then edge cases, then polish. If a step wants a 200-line function, that is a signal to split differently.

Hooks & automation

Hooks are event handlers: before a tool runs, after a file edit, when a prompt submits, and so on. They receive JSON on stdin and exit with codes the harness understands (for example, exit 2 can block a dangerous prompt). That is how you auto-format, run typecheck, or strip secrets before they leave your machine.

ECC shares hook scripts across tools using a small adapter so Cursor or OpenCode can normalize events into the same shape Claude Code expects. One implementation, multiple IDEs.

Hook flavors (conceptual)

Command: run a local script.
HTTP: POST JSON to a service.
Prompt: quick LLM check without bloating main context.
Agent: tiny read-only sub-pass for verification.

ECC install, state, and cross-tool

Modern ECC uses manifest-driven installs: pick a profile, run the provided Node installer, and let it track what landed. A local SQLite state store helps with incremental updates instead of blindly overwriting your tweaks (think "terraform state," but for agent config).

ECC also ships AGENTS.md and translated configs for Cursor, Codex, and OpenCode. Where hooks are weaker, instructions and sandbox settings pick up the slack so rules stay consistent across tools.

NanoClaw / CCG workflow: optional orchestration layers route work across models or sessions. Treat them as advanced modules: read upstream docs before turning on multi-model paths in production.

Instincts & continuous learning

ECC's learning loop watches how you edit and can mint small instinct files with confidence scores. Helpful patterns can merge into skills; weak ones decay. Commands like /instinct-status and /evolve expose the lifecycle.

Example instinct sketch (illustrative YAML)

---
id: prefer-functional-style
trigger: "when writing new functions"
confidence: 0.7
domain: code-style
---
Prefer small pure helpers over deep nesting in UI code.

Security & AgentShield

Agent harnesses can run shell, read secrets, and talk to the network. That means supply-chain risk: malicious skills, typosquatted MCP servers, or hooks that exfiltrate env vars. Researchers have documented "ToxicSkills"-style attacks; treat third-party skills like any other dependency.

ECC ships AgentShield-style scanning: static rules across secrets, permissions, hooks, MCP configs, and agent files, with a large test suite in upstream releases. For deep review, some flows run adversarial passes (red / blue / auditor style) on your config. Use --fix only when you understand what changed.

What scanners often look for

Hardcoded API keys or tokens in configs and hooks.
Over-broad tool permissions (wildcard shell, silent network).
Risky hook scripts and MCP endpoints without timeouts.
Instruction tricks (hidden prompts, "always approve" patterns).

Practical habit: start from known-good templates, pin versions, review diffs on skill updates, and keep MCP count low. Your future self is part of the threat model.