r/AIAgentsInAction

A solo dev won the Anthropic hackathon by shipping a product in eight hours with Claude Code. Prize: $15,000. He open-sourced the repo and it sits at 153,000+ stars on GitHub.

The repo is Everything Claude Code (ECC). Claude Code with 38 specialized agents, 156 skills, 72 commands, and a security scanner with 1,282 tests.

Install selectively

# Plugin install
/plugin marketplace add affaan-m/everything-claude-code
/plugin install everything-claude-code@everything-claude-code

# Or pick what you need
ecc install --profile developer \
  --with lang:typescript \
  --with agent:security-reviewer \
  --without skill:continuous-learning

Loading all 156 skills wastes context. Pick your stack, drop the rest.

Agents that do one job

planner             → breaks down task, delegates to specialists
security-reviewer   → scans for vulnerabilities pre-ship
typescript-reviewer → catches TS antipatterns
code-reviewer       → 5 parallel checks
debugger            → root-cause analysis

Coverage spans 12 language ecosystems. The planner agent handles orchestration: hand it a ticket, it decomposes the work and routes to specialists.

Skills load on demand

/plan          → structured task planning
/tdd           → test-driven workflow
/security-scan → AgentShield audit
/quality-gate  → ship-readiness check
/simplify      → refactor for readability

Stack-specific ones too: nextjs-turbopack, bun-runtime, pytorch-patterns, mcp-server-patterns.

AgentShield

This is the part most people skip and where ECC pays for itself.

# Quick scan, no install
npx ecc-agentshield scan

# Auto-fix safe issues
npx ecc-agentshield scan --fix

# Three Opus 4.6 agents in red-team pipeline
npx ecc-agentshield scan --opus --stream

The --opus flag runs three Claude Opus 4.6 agents:

Attacker  → looks for exploit chains
Defender  → evaluates defenses
Auditor   → synthesizes a prioritized risk report

What gets scanned:

CLAUDE.md     → hardcoded secrets, injection vectors
settings.json → misconfigured permissions
MCP configs   → server risks (25+ known CVEs)
Hooks         → injection analysis
Agents        → prompt injection, privilege escalation
Skills        → supply chain verification

Sample output:

Grade: B+
Critical: 0 | High: 2 | Medium: 5 | Low: 3

❌ HIGH: Hardcoded API key in CLAUDE.md:15
   Fix: Move to environment variable

Drops into continuous integration so any pull request changing an agent config gets audited.

The learning layer

Stock Claude Code starts each session blank. ECC's continuous learning watches your sessions and builds patterns:

Session 1:  you fix an async error pattern    (confidence: 0.3)
Session 5:  same pattern, refined             (confidence: 0.6)
Session 10: stable, applied automatically     (confidence: 0.9)

A knowledge layer that persists across sessions, sharpens with use. After two or three weeks, Claude writes in your conventions instead of generic large language model defaults.

Three repos that close ECC's gaps

claude-mem for cross-session memory (github.com/thedotmack/claude-mem). Five lifecycle hooks, SQLite storage, web viewer at localhost:37777.

/plugin marketplace add thedotmack/claude-mem
/plugin install claude-mem

Superpowers for forced planning (github.com/obra/superpowers). ECC's agents will write 400 lines without a plan. Superpowers makes them think first.

/plugin marketplace add obra/superpowers
/plugin install superpowers

CLAUDE.md rules for predictable agent behavior. All 38 agents read the file. Drop in:

- Run tests before marking task complete
- Never create files outside the project directory
- Ask before deleting any file
- Explain reasoning before writing code
- If unsure, ask. Don't guess.

Easy setup

# 1. Install ECC for your stack
/plugin install everything-claude-code@everything-claude-code

# 2. Memory
/plugin install claude-mem

# 3. Planning discipline
/plugin install superpowers

# 4. Security scan
npx ecc-agentshield scan --fix

# 5. Drop behavior rules into CLAUDE.md

Hey everyone,

I currently have 6 micro-SaaS live, bringing in a bit over $20k in MRR.

The crazy part? I barely wrote a single line of code. I used AI to generate everything, from the database to the UI.

It wasn’t magic on day one. I spent hours stuck on broken code before I finally cracked the system:

• Keeping the idea tiny (a true MVP).
• Prompting the AI step-by-step.
• Launching fast to get real traction.

Lately, I see too many non-tech people give up at the first AI bug. It sucks because the technical barrier is basically gone.

So, I’m starting a Skool community.

Full transparency: I will probably charge for the full course down the line. It makes sense given the exact workflows and copy-paste prompts I’ll be sharing.

But the main goal right now is to build together. Building alone is the fastest way to quit.

If you want to join and build your own AI SaaS with us: drop a comment or shoot me a DM, and I’ll send you the invite!

Once an agent is live, the next question gets surprisingly hard to answer.

How do you know it is actually working?

Not in a demo. Not on a benchmark. In production.

We have spent a lot of time looking at agent systems across support bots, internal copilots, RAG workflows, and multi-step setups.

The surprising part is that the model is usually not the main problem. The harder part is defining what “working” means, then measuring it in a way that survives real usage.

A few patterns keep coming up.

An “autonomous research agent” gets judged by thumbs-up rate, but nobody can clearly describe what the bad 20% actually looks like.

A multi-agent workflow fails, but the team cannot tell whether the issue came from retrieval, routing, tool use, or state passed between steps.

An eval set looks strong in staging, but nobody is measuring production outputs closely enough to know whether that behavior holds up under real traffic.

A team says the agent does the job well, but they have never run it enough times across varied inputs to know where consistency starts to break.

That has changed how we think about production agents.

The fix is usually not “switch to a better model.” More often it is one of a few less glamorous things.

Write down what success looks like in a form that can actually be graded.

Trace each step, not just the final output.

Run broader scenario coverage before production sees the edge cases first.

Take failures from production and push them back into the eval set so the system does not keep passing the same stale checks.

That last one feels especially important.

A lot of eval sets get written once, then stay mostly frozen while prompts, models, tools, and workflows keep changing underneath them.

But the issue is that many teams still talk about agents like they are features, when in practice they behave more like systems.

They have state, dependencies, failure modes, and weird interactions between parts. If that system is non-deterministic, then the job is not to pretend it is deterministic. The job is to make the behavior visible enough to debug, score, and improve.

That is where evals and observability start to matter.

Not as reporting layers, but as the thing that makes non-deterministic behavior legible.

We are curious how this looks for others shipping real agents.

What was the first thing that broke once your agent hit real users?

Markdown made sense when you were the one editing the file. You'd write a plan, Claude would suggest changes, you'd merge them by hand. The format served that loop.

That loop is mostly gone. Claude edits the files now. You read them, or you pass them to a verification agent, or you share them with someone who needs to approve the direction. Nobody's doing line edits in a text file.

Markdown still works at 30 lines. Past 100, most people stop reading. The format can't hold tables with real styling, can't embed diagrams that don't look like ASCII guesswork, can't let you interact with the content. It just sits there as text.

HTML doesn't have those limits. Claude can put real tabular data in a table with CSS, draw diagrams in SVG, add JavaScript-driven sliders so you can tune a parameter and see the result, build a mobile-responsive layout if the file needs to travel. There's almost no category of information that won't fit, and you can share it as a URL instead of an attachment.

The practical upgrade shows up fast in a few specific workflows.

Specs and planning. Instead of a 200-line markdown plan nobody reads, ask Claude Code to produce an HTML file with mockups, data flow diagrams, and annotated code snippets in one document. Pass that file into the next session as context. The verification agent reads it too and has far more to work with than a flat text spec.

A prompt that works:

>

Code review. Rendered diffs, severity-coded annotations, flowcharts of the logic you're trying to explain, all in one file you attach to the pull request. The default GitHub diff view doesn't do any of that.

>

Throwaway editors. This one takes a minute to see, but it's the most useful pattern. When you're working on something that's painful to describe in text, ask Claude to build you a single-purpose HTML interface for that exact thing. Drag-and-drop ticket triage, a form-based config editor with dependency warnings, a side-by-side prompt editor with live variable rendering. Always end it with an export button that outputs the result as text or JSON you can paste back into Claude Code.

>

The export button is the critical detail. Without it, the editor is a dead end. With it, it becomes a UI layer for your agent loop.

Context is the reason to use Claude Code specifically for this. Claude Code can read your file system, pull from connected Model Context Protocol servers like Slack or Linear, check your git history. An HTML report built from that context will have actual specifics in it, not placeholders.

One real tradeoff: HTML diffs are noisy. If your team reviews documentation in version control, HTML is harder to scan than markdown. For files that live in a repo and get reviewed in pull requests, markdown still wins. For files that get read, shared, or acted on, HTML is the better format.

The frontend design plugin helps Claude produce cleaner, more consistent HTML output. If you want it to match your product's visual style, point Claude at your codebase and ask it to generate a design system reference file first, then use that as a reference for subsequent HTML outputs.

You don't need a skill or a preset for any of this. Ask Claude to make an HTML file and describe what it should contain. The format will handle the rest.

Don't run Claude in a loop: prompt in, answer out. Here's a full Claude ecosystem published it as six reference files on GitHub, verified April 2026. Commands, Model Context Protocol servers, plugins, tools, workflows, agent frameworks.

Commands worth knowing

/remote-control — Control your local Claude Code session from your phone via claude.ai
/fork — Branch your conversation without touching main context
/usage-report — Full HTML analytics: sessions, token cost by project, most-used commands
/checkpoint — Save conversation state before a major change
/memory-dump — Export everything Claude knows about your project to a file
/diff-review — Claude reviews the full git diff and annotates every change
/security-scan — Runs a vulnerability check on current codebase

Community-discovered activation phrases, not in official docs, consistent across sessions:

MEGAPROMPT      → Claude expands your rough idea into a full spec before executing
BEASTMODE       → Full effort, no shortcuts, maximum output
ULTRATHINK      → Extended reasoning before any response
STEELMAN        → Claude argues the strongest version of your idea first
CRITIC MODE     → Claude finds every flaw before proceeding
FIRSTPRINCIPLES → Breaks the problem to fundamentals before solving

Install Memory MCP first

Every session starts from zero without it.

{
  "mcpServers": {
    "memory": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-memory"]
    }
  }
}

Session startup: "Load project context for [name]. Retrieve: architecture decisions, coding standards, current sprint tasks."

Other high-impact Model Context Protocol servers: Filesystem, GitHub, PostgreSQL, Brave Search, Puppeteer (controls a real Chrome instance), Fetch. The repo also documents 10 memory systems including Memora, which runs fully local with no cloud dependency.

Three plugins

claude skills add juliusbrussee/caveman
/plugin install superpowers@superpowers-marketplace
/plugin install context7@claude-plugins-official

Caveman (27,900+ stars) cuts output tokens 65-75% with no accuracy loss. Superpowers (121,000+ stars) forces plan-before-build, test-before-ship. Context7 (53,864+ stars) pulls live version-specific docs before generation, eliminating hallucinated APIs.

Tool decisions

Retrieval-augmented generation app?  → LlamaIndex
Everything else?                     → LangChain
Production memory?                   → Qdrant
Local dev?                           → Chroma (pip install, zero setup)
Full backend?                        → Supabase
Local embeddings, no API cost?       → Ollama


curl -fsSL https://ollama.com/install.sh | sh
ollama pull llama3.2

Ollama for embeddings and simple tasks, Claude for reasoning that needs it. API costs drop, nothing leaves your machine.

Builder-Validator

Two Claude calls, no framework, opposing objectives.

builder = claude.complete(
    system="Senior developer. Write the best implementation.",
    prompt=task
)
validator = claude.complete(
    system="Security auditor. Find every bug, edge case, vulnerability.",
    prompt=f"Review:\n{builder.output}"
)
# Loop until validator approves

The two roles have structurally incompatible incentives. That tension does the work a single-pass prompt can't. Production numbers: Fountain cut delivery time 50%. Rakuten dropped feature cycles from 24 days to 5. Ramp cut incident investigation time 80%.

Agent framework benchmarks

• LangGraph 87% task success. Used at Klarna, Replit, Uber, LinkedIn.
• CrewAI 82% task success. Fastest to a working demo. 44,600+ stars, 60 million executions per month.
• AutoGen top GAIA benchmark score across all difficulty levels.
• Claude Agent SDK Claude-only stacks, no framework overhead.

​

Fastest to demo?             → CrewAI
Complex production workflow? → LangGraph
Research / code-executing?   → AutoGen
Claude-only stack?           → Claude Agent SDK
Data-heavy retrieval?        → LlamaIndex Agents

95% of agentic tasks don't need multi-agent systems. A well-prompted single Claude instance with 3 tools outperforms a complex 5-agent setup. Build simple first. Full repo

10 Claude Code plugins worth installing if you build iOS apps.

• Caveman (JuliusBrussee/caveman) cuts Claude's output tokens by 65-75% by stripping filler responses. Keeps technical precision, kills pleasantries. Useful when long stack traces and large Swift files eat context fast. Bonus: caveman-compress rewrites your CLAUDE.md to ~46% fewer tokens.
• Superpowers (obra/superpowers) imposes engineering discipline before Claude writes anything. Forces clarifying questions first, breaks work into 2-5 minute tasks with exact file paths, enforces test-driven development red/green/refactor, runs verification commands before marking work done.
• SuperClaude Framework (SuperClaude-Org/SuperClaude_Framework) — adds 30 slash commands and 20 specialized personas on top of Claude Code. The ones that matter for iOS: architect (module boundaries), security engineer (keychain, certificate pinning), performance (memory leaks, main-thread violations). Built-in 70% token reduction for large codebases.
• TDD Guard (nizos/tdd-guard) hooks into Claude Code's file operations and blocks implementation code without a failing test first. Supports XCTest. Stops the common pattern where Claude writes tests that confirm its own implementation rather than testing the contract. 2,000+ GitHub stars.
• Safety Net (kenryu42/claude-code-safety-net) intercepts destructive git commands before execution. Blocks git reset --hard, force pushes to main/master, git branch -D, and rm -rf on project directories. Redirects Claude toward safer alternatives instead.
• Cartographer (kingbootoshi/cartographer) deploys parallel subagents to map your codebase and output an architecture.md: module dependency graph, data flow, layer separation analysis. Feed the output into your CLAUDE.md so every session starts with full architectural context.
• Karpathy Guidelines (forrestchang/andrej-karpathy-skills) encodes Andrej Karpathy's published observations on large language model coding behavior as enforced rules. No unrequested code, no premature abstractions, no protocol extensions added "just in case." Prefer reading before modifying. Delete dead code rather than commenting it out.
• Context Engineering Kit (hesreallyhim/awesome-claude-code) patterns for working with codebases that exceed a single context window. Hierarchical loading (architecture first, then specific modules), context handoff templates for multi-session work, minimal-footprint CLAUDE.md structure. Pair with Caveman: Caveman compresses outputs, this compresses inputs.
• Trail of Bits Security Skills (trailofbits/) the same security auditing methodology Trail of Bits uses on paid client engagements, published as Claude Code skills. Covers keychain misuse, certificate pinning gaps, hardcoded credentials, insecure UserDefaults usage, URL handling injection, and incorrect NSPrivacyAccessedAPITypes. Run before App Store submission.
• Claude Code Workflows (OneRedOak/claude-code-workflows) structured templates for code review, security assessment, and pre-pull request checklists. Customizable for iOS-specific checks: no synchronous main thread operations, closure capture lists, forced unwraps, accessibility identifiers on new interactive elements.

Install order if starting from zero: Caveman + Superpowers first. Safety Net before you need it. TDD Guard if test coverage matters. Everything else as the project grows.

People around me swear by Obsidian and I’m honestly not sure I get it. I’m using Claude Code a lot, and I’m trying to understand how do you actually use Obsidian together with Claude? tnx in advance!

He's kinda a nerd yeah. I was teaching him some basics in AI since he turned 16 but fast forward he found out he can make money off this. I replied "Im sure you do", jokingly because I didn't think he actually is able to find some clients. Hes now 17 and thanks to an automation he built on n8n, he gets at least 2 clients a month and builds them a new website or makes them a chatbot. On April he made 1000$ which is actually more than me that month. what can I say haha

This automation finds businesses with low reviews on Google Maps and actually sends them personalised emails. That way hes able to find a car rental company that someone rated low, because of the trashy, non helpful website. Now obviously I use that as well but it's good to have a nerd lil bro hahah

Wanted to share this as a fun motivation to any young builders there who struggles to get that first win.