WonderLab

Posted on Apr 13

One Open Source Project a Day (No.37): everything-claude-code - The Most Systematic Claude Code Enhancement Framework

#ai #opensource #claude #python

Introduction

"Not just config files — a complete system: skill library, instinctual rules, memory optimization, continuous learning, security scanning, and a research-first development paradigm."

This is article No.37 in the "One Open Source Project a Day" series. Today's project is everything-claude-code (GitHub).

If Claude Code is a high-performance race car, most developers are only running it at 30% throttle. everything-claude-code (ECC) is AI engineer Affaan Mustafa's gift to the community after 10 months of intensive daily use — a production-grade Claude Code enhancement system built from 181 Skills, 47 sub-agents, 34 rules, and 8 lifecycle hook types.

From cross-session memory persistence to parallel Git Worktree workflows, from quantified MCP tool count thresholds to zero-width character injection defense — this project systematically codifies the most valuable, least-known Claude Code techniques into a directly installable toolkit.

150k+ Stars, GitHub Trending leader, and described by the community as "the project splitting the developer community" — this is currently the largest and most comprehensive Claude Code enhancement framework in existence.

What You'll Learn

ECC's overall architecture: how 6 modules work in concert
Advanced Hook usage: the three-hook combo for cross-session memory
Parallel workflows: /fork + Git Worktrees for concurrent tasks
Cost optimization: tiered model strategy and MCP tool count thresholds
AgentShield: the built-in AI agent security scanner

Prerequisites

Familiarity with day-to-day Claude Code usage
Basic CLI fluency
Git fundamentals

Project Background

What Is It?

everything-claude-code originated as an award-winning entry at an official Anthropic hackathon and evolved over 10 months of refinement and community co-building into the most comprehensive Claude Code enhancement system available today.

It's not a standalone application — it's an enhancement layer stacked on top of Claude Code. Once installed, Claude Code automatically gains additional Skills, agents, rules, and hook capabilities, yielding systematic improvements to both productivity and code quality.

ECC also supports Cursor, Codex, OpenCode, Gemini CLI, and other AI coding tools — making it the most broadly compatible AI code tool enhancement framework currently available.

About the Author

Author: Affaan Mustafa (@affaan-m)
Location: San Francisco / Bellevue
Background: Former founding engineer at pmx.trade; UCSD + University of Washington; research in meta-learning, autonomous trading systems, applied math
GitHub Followers: 4,600+
Related Projects: AgentShield (370 ⭐), JARVIS (autonomous web crawler), claude-swarm (multi-agent orchestration)

Project Stats

⭐ GitHub Stars: 150,000+
🍴 Forks: 23,700+
👥 Contributors: 170+
📦 Latest Version: v1.10.0 (April 2026)
📄 License: MIT
🔧 Minimum Requirement: Claude Code CLI v2.1.0+

Key Features

Six Core Modules

1. Skills — 181 total

Strikingly broad coverage:

Category	Example Skills
Backend development	Django, Laravel, Spring Boot, NestJS framework patterns
Frontend development	React component patterns, CSS architecture, responsive design
CI/CD	GitHub Actions workflows, Docker build optimization
Language standards	Python, TypeScript, Go, Java, Kotlin, Rust, C++, Swift
Content creation	Investor materials, market research reports
Media processing	Video processing pipelines

2. Agents — 47 sub-agents

One of the most complete Sub-Agent systems available:

Planner: Task decomposition and priority ordering
Architect: System design and technology selection
Code Reviewer: Multi-dimensional code quality inspection
Security Auditor: Vulnerability scanning and risk assessment
Build Error Resolver: Automated build failure diagnosis and fixing
E2E Test Engineer: End-to-end test generation
Language Specialists: Deep experts for TypeScript / Python / Go / Java / Kotlin / Rust / C++ / Swift

3. Rules — 34 total

General rules and language-specific rules that enforce best practices throughout Claude's work, covering: TypeScript, Python, Go, Swift, PHP, Perl, Java, Kotlin, C++, Rust.

4. Hooks — 8 lifecycle event types

Hook Type	Fires When	Typical Use
`PreToolUse`	Before any tool call	Security check, permission validation
`PostToolUse`	After any tool call	Result logging, quality check
`UserPromptSubmit`	When user submits a message	Input sanitization, injection detection
`Stop`	Session ends	Save memory, output summary
`PreCompact`	Before context compression	Extract and preserve key information
`Notification`	Task completion	External system integration
`SessionStart`	New session begins	Load historical memory

5. Commands — 79 legacy commands

A backward-compatible slash command layer, gradually migrating to Skills while keeping existing workflows uninterrupted.

6. MCP Configurations

Out-of-the-box support for major MCP servers:

GitHub, Supabase, Firecrawl (web scraping)
Vercel, Railway, Cloudflare (deployment platforms)
ClickHouse (data analytics)
Sequential Thinking (reasoning enhancement)
Memory persistence MCP

Quick Install

# Option 1: Script install (recommended)
curl -fsSL https://raw.githubusercontent.com/affaan-m/everything-claude-code/main/scripts/install.sh | bash

# Select a profile:
# minimal  — core rules + basic hooks
# standard — + skills + agents (recommended)
# full     — everything, including experimental features

# Option 2: Plugin marketplace (inside Claude Code)
# Search for "everything-claude-code"

# Option 3: Manual install (full control)
git clone https://github.com/affaan-m/everything-claude-code.git
# Copy .claude/ directory and specific modules as needed

Deep Dive

The Three-Hook Combo: Cross-Session Memory Persistence

The most underappreciated technical insight in ECC is the PreCompact + Stop + SessionStart hook trio — a pattern for persistent cross-session memory that the official Claude Code documentation barely mentions:

Session A:
  User working...
      ↓
  [PreCompact hook] Context about to be compressed
  → Extract and save key decisions, code patterns, preferences to memory.md
      ↓
  [Stop hook] Session ending
  → Write session summary, append to long-term memory file

Session B (next day):
  [SessionStart hook] New session begins
  → Load memory.md, inject via --system-prompt
  → Claude automatically "remembers" last session's decisions and context

The technical key:

# Dynamically inject memory into Claude Code
claude --system-prompt "$(cat ~/.claude/memory.md)" "Continue yesterday's task"

# System prompt has higher priority than user messages,
# which have higher priority than tool results.
# This is the foundation of the persistent memory mechanism.

Each hook's role:

PreCompact: Rescues the most important information before context compression
Stop: Creates a full summary when the session ends naturally
SessionStart: Restores "memory" when a new session begins

Sub-Agent Iterative Retrieval Pattern

ECC's sub-agent design follows a critical principle: the orchestrator must evaluate sub-agent return values and loop up to 3 times with follow-up questions rather than accepting a summary at face value.

Orchestrator (Lead Agent)
    │
    ├─ Send request to Researcher sub-agent
    │       ↓
    │   [Round 1] Sub-agent returns initial results
    │       ↓
    ├─ Evaluate: Are results complete? Any gaps?
    │   → Incomplete: send targeted follow-up question
    │       ↓
    │   [Round 2] Sub-agent returns supplementary results
    │       ↓
    ├─ Re-evaluate (max 3 rounds)
    │       ↓
    └─ Synthesize final result

This design addresses the problem of sub-agents returning shallow results when they lack complete semantic context — the 3-round cap prevents infinite loops while providing enough iterations to ensure result quality.

Cost Optimization: Tiered Model Strategy

ECC provides a battle-tested tiered model usage strategy:

Default: use Sonnet (saves ~60% vs Opus)
    │
    ├─ Upgrade to Opus when:
    │   ├── Task failed and needs retry
    │   ├── Complex task spanning 5+ files
    │   └── Security-critical code review
    │
    └─ Stay on Sonnet for:
        ├── Single-file edits
        ├── Code explanation and documentation
        └── Routine Q&A

Key environment variable configuration:

# Limit thinking tokens (balance quality vs cost)
export MAX_THINKING_TOKENS=10000

# Auto-compact threshold (trigger at 50% context fill)
export CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=50

MCP tool count warning (a quantitative threshold derived from extensive testing):

Active MCP servers: < 10
Total active tools: < 80
Exceeding these limits causes significant context window degradation

# Check how many tools are currently active
claude mcp list | wc -l

Parallel Workflows: Fork + Git Worktrees

ECC provides two parallel working patterns that break the "single-threaded AI conversation" bottleneck:

Method 1: /fork to branch conversations

# When two independent tasks exist in one conversation
/fork "Handle API interface refactor"   # Process in a new branch conversation
# Continue working on the other task in the current conversation

Method 2: Git Worktrees for multi-instance parallelism

# Create independent worktrees for different features
git worktree add ../feature-auth feature/auth
git worktree add ../feature-ui  feature/ui

# Launch Claude Code in separate terminals
# Two instances work simultaneously, no conflicts
cd ../feature-auth && claude
cd ../feature-ui   && claude

"Cascade Method" task management:

←──────── Scan for completed tasks ────────→
←── Start new tasks (move right)

[Task A: Done ✓] [Task B: Active] [Task C: Active] [Task D: Pending]

Rule: maintain 3-4 active tasks simultaneously

AgentShield: Built-in Security Scanner

AgentShield is ECC's built-in AI agent configuration security scanner — 1,282 test cases, 102 static analysis rules:

# Install the standalone version (or use through ECC)
pip install agentshield

# Scan current Claude Code configuration
agentshield scan --path .claude/

# Sample report output:
# ✓ No plaintext API keys found
# ✗ [HIGH] Command injection risk in hook script (hook-name.sh:23)
# ✗ [MEDIUM] Overly broad MCP server permissions (github: read/write all repos)
# ✓ No zero-width character injection detected

Security risks AgentShield can detect:

Credential detection: Hardcoded API keys, tokens, passwords
Hook injection analysis: Command injection vulnerabilities in hook scripts
MCP permission audit: Overly permissive MCP server scopes
Zero-width character injection: Zero-width spaces, bidi override characters
Base64 payload detection: Encoded instructions hidden in seemingly benign content

The project explicitly documents real CVEs:

CVE-2025-59536: RCE vulnerability triggerable by cloning a malicious repository
CVE-2026-21852: API key exfiltration through MCP

Rarely-Known Shortcuts and Tips

Claude Code keyboard shortcuts (many developers don't know these):

Shortcut	Function
`Ctrl+U`	Delete entire input line
`Tab`	Toggle chain-of-thought display
`Esc Esc`	Interrupt current task / resume
`/rewind`	Restore to previous state
`/checkpoints`	File-level undo point management
`/fork`	Branch the current conversation

Token-saving tip:

# Use mgrep instead of grep — reduces token consumption by ~50%
# (mgrep returns more precise context without large amounts of irrelevant lines)
alias grep="mgrep"

Security note on zero-width characters:

Zero-width spaces, bidi override characters, base64 payloads, and HTML comments can bypass human code review but cannot bypass model tokenization — however, they can be used in prompt injection attacks. ECC's UserPromptSubmit hook sanitizes inputs before they reach privileged agents.

Resources

Official

🌟 GitHub: https://github.com/affaan-m/everything-claude-code
📖 Quick Guide: the-shortform-guide.md
📚 Advanced Guide: the-longform-guide.md
🔒 Security Guide: the-security-guide.md
🛡️ AgentShield: https://github.com/affaan-m/AgentShield

Community Ecosystem

awesome-claude-code (hesreallyhim): Community-curated skills/hooks/commands/plugins collection
claude-code-ultimate-guide (FlorianBruniaux): Comprehensive documentation guide, 200+ commits of ongoing maintenance
awesome-claude-code-toolkit (rohitg00): 135 agents + 35 skills + 150+ plugins (similar positioning to ECC)

Summary

Key Takeaways

System-level enhancement: ECC is not a tips collection — it's an installable production-grade Claude Code enhancement system (181 Skills + 47 Agents + 34 Rules + 8 Hooks)
Three-hook memory persistence: The PreCompact + Stop + SessionStart combo delivers cross-session memory that official docs barely mention
Quantified thresholds: MCP tools < 80 is an empirically derived limit that directly impacts working efficiency
Parallel workflows: /fork + Git Worktrees transforms Claude Code from a single-threaded conversation into a multi-task concurrent factory
Security baseline: AgentShield is currently the most complete AI agent configuration security scanner — essential as the MCP ecosystem rapidly expands

Who Should Use This

Claude Code power users: Engineers looking to push AI-assisted development efficiency up a full level
AI infrastructure teams: Teams standardizing AI development workflows and security practices across an organization
Solo developers: Developers building large projects with AI tools who need systematic context and task management
Security engineers: Professionals focused on AI agent security risks who need to scan and audit AI tool configurations

Visit my personal site for more useful knowledge and interesting products

DEV Community