ECC System - OpenClaw Skill

Version: 1.0.0
Source: everything-claude-code (obra/ecc)
Integration Date: 2026-04-03

🎯 When to Activate

• Starting any new project or task
• Writing or reviewing code
• Debugging issues
• Planning complex features
• Multi-language projects
• TDD workflow required
• Security-sensitive code
• Before any commit or completion claim

🏆 4 Iron Laws (Mandatory)

1. TDD Iron Law

NO PRODUCTION CODE WITHOUT A FAILING TEST FIRST
没有失败的测试，绝不写生产代码

Workflow:

1. Write test first (RED)
2. Run test → should FAIL
3. Write minimal implementation (GREEN)
4. Run test → should PASS
5. Refactor (IMPROVE)
6. Verify coverage (80%+)

2. Verification Iron Law

NO COMPLETION CLAIMS WITHOUT FRESH VERIFICATION EVIDENCE
没有新的验证证据，绝不声明完成

Required Evidence:

• Test results (passing)
• Coverage report (80%+)
• Security scan (clean)
• Code review (approved)

3. Debugging Iron Law

NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST
没有根本原因调查，绝不修复

Investigation Steps:

1. Reproduce the issue
2. Gather logs and context
3. Identify root cause (5 Whys)
4. Propose fix
5. Test fix
6. Verify no regression

4. Code Review Marking

🔴 Blocker - Must fix before merge
🟡 Suggestion - Recommended improvement
💭 Nit - Optional polish

Review Checklist:

• No hardcoded secrets
• All inputs validated
• SQL injection prevention
• XSS prevention
• CSRF protection
• Auth/authorization verified
• Rate limiting enabled
• Error messages safe

📋 Core Principles (6 Mandatory)

1. Immutability (CRITICAL)

ALWAYS create new objects, NEVER mutate existing ones

WRONG:  modify(original, field, value) → changes in-place
CORRECT: update(original, field, value) → returns new copy

2. 80% Test Coverage

Minimum 80% coverage required for all code

Test Types (ALL required):
1. Unit tests - individual functions/components
2. Integration tests - API endpoints/database operations
3. E2E tests - critical user flows

3. Security First

Before ANY commit, verify:
- No hardcoded secrets (API keys, passwords, tokens)
- All user inputs validated
- SQL injection prevention (parameterized queries)
- XSS prevention (sanitized HTML)
- CSRF protection enabled
- Authentication/authorization verified
- Rate limiting on all endpoints
- Error messages don't leak sensitive data

4. TDD Workflow

RED → GREEN → REFACTOR → VERIFY

1. Write failing test
2. Write minimal implementation
3. Refactor for quality
4. Verify coverage and security

5. File Organization

MANY SMALL FILES > FEW LARGE FILES

- High cohesion, low coupling
- 200-400 lines typical, 800 max
- Extract utilities from large modules
- Organize by feature/domain, not by type

6. Agent Orchestration

Parallel execution, multi-perspective review