
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
GoHighLevel Agentic Workspace Engine — forked from Everything Claude Code (ecc-universal)
GoHighLevel Agentic Workspace Engine — forked from Everything Claude Code.
aw-ecc is GoHighLevel's private fork of ECC. It keeps the upstream ECC engine, then layers in AW SDLC routing, GHL platform integration, repo-local defaults, and eval coverage for GoHighLevel workflows.
The current catalog exposed by this repo is:
Installing aw-ecc gives your workspace access to 28 agents, 158 skills, and 69 commands through the repo-local AW command surface plus GHL-specific skill and policy layers.
| Surface | Availability |
|---|---|
| Agents | ✅ 28 agents |
| Skills | ✅ 158 skills |
| Commands | ✅ 69 commands |
These catalog counts are validated in CI so the published docs stay aligned with the repo contents.
aw-ecc (this repo) = the engine - ECC baseline + AW SDLC routing + GHL platform integration
platform/ = the brain - GHL domain knowledge (NestJS, Vue, HighRise, multi-tenancy, events)
aw init = the glue - shallow-clone aw-ecc -> run installer -> aw link for platform/
When a developer runs aw init, the CLI:
platform/ and team namespace contentscripts/install-apply.js --target cursor --profile fullResult: the workspace gets the repo-local AW command surface plus linked GHL platform content.
The default AW delivery flow is:
/aw:plan -> define the approved technical path/aw:build -> implement approved work in thin, reversible slices/aw:test -> prove the requested QA scope with fresh evidence/aw:review -> findings, governance, and readiness decisions/aw:deploy -> perform one release action/aw:ship -> launch, rollout, rollback readiness, and release closeoutThere is also one conditional diagnostic route:
/aw:investigate -> reproduce, localize, and confirm bugs or alerts before broad fixes/aw:investigate is intentionally not part of every happy-path request.
Use it when the problem is real but the cause is still unclear, then return to /aw:build, /aw:test, or /aw:review as needed.
Compatibility entrypoints remain available during migration:
/aw:execute -> /aw:build/aw:verify -> /aw:test, /aw:review, or the smallest correct combined verification flowFor explicit end-to-end automation, the repo uses the internal aw-yolo orchestration skill instead of overloading ship.
aw-yolo starts from the first unsatisfied stage and runs only the smallest correct remaining sequence.
For the smallest newcomer-friendly path through the repo, see docs/aw-ecc-core-bundle.md.
| Change | Scope |
|---|---|
AW SDLC public-stage routing (/aw:plan, /aw:build, /aw:test, /aw:review, /aw:deploy, /aw:ship, plus conditional /aw:investigate) | commands, skills, defaults, docs |
Compatibility routing for legacy /aw:execute and /aw:verify entrypoints | commands, skills, router docs |
| GHL baseline operating standards for review, QA, frontend quality, governance, and rollout safety | defaults, references, stage skills |
| Repo-local staging and verification confidence artifacts | docs, defaults, evals |
| Rebrand and package metadata | package.json, README.md |
The repo still tracks upstream ECC, but it now carries meaningful repo-local AW SDLC behavior on top of the upstream baseline.
Each stage skill should also activate the matching GHL platform skill family by task domain:
platform-services:*platform-frontend:* plus platform-design:*platform-data:*platform-infra:*platform-sdet:*platform-review:*The namespace families let the model auto-discover GHL platform skills without hardcoding every individual name.
After the primary AW stage is selected, using-platform-skills should choose the smallest supporting platform stack.
AW stages should inherit org standards directly from the GHL baseline profiles and platform playbooks, not from ad hoc prompt prose.
That means:
The testing stack is documented in four places:
Use this mental model when reading the eval docs:
deterministic/ = contract checksrouting/ = routing checksoutcomes/ = outcome checksThis is a fork of affaan-m/everything-claude-code. To merge upstream changes:
git remote add upstream https://github.com/affaan-m/everything-claude-code.git
git fetch upstream
git merge upstream/main
# Resolve conflicts in the repo-local AW SDLC command, skill, and doc layers
git tag v1.x.0
If you have everything-claude-code installed as a Claude Code plugin, remove it before using aw-ecc.
Running both can duplicate skills, commands, and routing instructions in the IDE context.
MIT — same as upstream ECC.
FAQs
GoHighLevel Agentic Workspace Engine — forked from Everything Claude Code (ecc-universal)
We found that aw-ecc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.