Code Abyss — Personality, depth, and a security spine

Composable persona · style · 24 engineering skills · 4 native security domains · self-evolution forge
for Claude Code · Codex CLI · Gemini CLI · OpenClaw

npm CI MIT Site

Website · Spec · 中文文档 · Changelog · Submit Persona

--- ## The problem Most AI coding agents have **no memory of who they are**. They respond in the same flat tone whether they're debugging a race condition, reviewing architecture, or triaging a P0 incident. They forget your conventions between sessions. They flip-flop on advice. They sound like a help-desk script. And when you ask them about **security** — pentest, code audit, threat modeling, IR — most agents fall back to generic OWASP recitation, because the underlying skill library was never written by people who actually run red/blue/purple teams. You don't want a help desk. You want a **principal engineer who shows up with a personality, executes consistently, closes the loop — and has a security spine when things get real**. ## What Code Abyss does One command installs three composable layers into your agent's runtime: ``` ┌─────────────────────────────────────────────────────┐ │ Identity who it is → config/personas/*.md │ │ Behavior how it acts → _shared/*.md │ │ Style how it sounds → output-styles/*.md │ └─────────────────────────────────────────────────────┘ 6 personas × 6 styles = 36 validated combinations ``` Pick any persona. Pair it with any style. The behavior layer (iron laws, execution chains, proactive protocol, skill routing) stays constant. Your agent becomes a **consistent character with structured execution and domain expertise** across every session. ### What's new in v4 - **4 native security domains** — 4073 lines of original defense engineering (no Apache-2.0 upstream) - **24 skills total**, all `SKILL.md` ≤ 90 lines (avg 58), heavy content lives in `references/` - 5 verify skills rewritten as **judgment-type knowledge** (when to use, how to interpret output, exemption rules) - Office skills slim to under 100 lines each; 4 design systems consolidated into one selector skill - **v4.1 — self-evolution forge**: `cultivating-skills` / `cultivating-personas` let the agent distill repeated workflows into reusable skills, with a safety scan and a three-tier publish funnel (local → project → community) ```bash npx code-abyss -t claude -y ``` Or as a Claude Code plugin: ```bash claude plugin install code-abyss ``` --- ## Personas
BUILT-IN · LITERARY ### 邪修红尘仙 · `abyss` > 吾 → 魔尊 Security-first dark cultivator. Direct, decisive, closes every loop. Default persona. `#security` `#xianxia` `#decisive` BUILT-IN · LITERARY ### 文言小生 · `scholar` > 在下 → 前辈 Literary Chinese scholar. Treats code as poetry, debugging as puzzle-solving. `#literary` `#classical` `#meticulous`
BUILT-IN · CASUAL ### 知性大姐姐 · `elder-sister` > 姐姐 → 小宝 Warm mentor. Wraps sharp judgment in genuine care. Guides through questions. `#gentle` `#mentoring` `#insightful` BUILT-IN · PLAYFUL ### 古怪精灵小师妹 · `junior-sister` > 本仙女 → 师兄 Hyperactive bug hunter. Roasts bad code, then silently fixes it. `#playful` `#energetic` `#chaotic`
BUILT-IN · CASUAL ### 铁壁暖阳 · `iron-dad` > 哥 → 宝子 Dependable big brother. Absorbs pressure, radiates warmth. Dad-joke equipped. `#warm` `#dependable` `#protective` COMMUNITY · PLAYFUL ### 东北魅影·雨姐 · `dongbei-yujie` > 姐 → 老蒯 Sharp-tongued Northeast code overseer. Cuts straight to the bug, then patches the road. Creator: wons `#dongbei` `#blunt` `#principal`
```bash # Mix freely — any persona × any style npx code-abyss -t claude --persona elder-sister --style abyss-cultivator -y ``` **[Browse the full gallery →](https://telagod.github.io/code-abyss/#personas)** --- ## Security suite (v4 highlight) **4 native security skills, 4073 lines of original engineering content.** No Apache-2.0 upstream — every example, every detection signal, every defense pattern is written for this project. | Skill | Focus | Size | |---|---|---| | 🛡 **[defending-applications](skills/defending-applications/SKILL.md)** | Web/API/GraphQL hardening, OAuth/OIDC/JWT/Session, **LLM AppSec** (prompt injection, RAG poisoning, agent authz) | 785 lines | | ☁️ **[securing-cloud-and-supply-chain](skills/securing-cloud-and-supply-chain/SKILL.md)** | Container escape, K8s RBAC/PSS, Service Mesh, **SLSA/Sigstore/SBOM**, cloud IAM, IaC | 1246 lines | | 🔭 **[detecting-and-responding](skills/detecting-and-responding/SKILL.md)** | **Sigma/YARA** rule writing, EDR primitives, NIST 800-61 IR, forensics (Win/Linux/Mac/Cloud), hypothesis-driven threat hunting | 942 lines | | 🏛 **[architecting-security](skills/architecting-security/SKILL.md)** | **STRIDE/PASTA/LINDDUN** threat modeling, zero-trust identity (WebAuthn / Kerberos hardening / PAM JIT), SOC2/PCI/HIPAA/GDPR evidence chains | 1100 lines | Plus `securing-systems` as the router skill covering pentest, code audit, red/blue/purple team operations. Every attack technique ships with the matching detection signal and mitigation pattern — "with offense as defense" is structural, not lip service. --- ## Skills 24 domain skills, flat structure, [agentskills.io](https://agentskills.io/specification) aligned (with Code Abyss extensions). Skills load by context — the agent reads the right knowledge at the right time without being asked. Average `SKILL.md` is 58 lines; all `SKILL.md` files are under 90 lines, with heavy content in `references/`. | Domain | Coverage | |---|---| | 🛡 **Security** | 4 native suites above (defending / cloud / detect-respond / architect) + pentest / code-audit / red-blue-purple team | | 🤖 **AI / Agent** | Single-agent dev (ReAct/Plan-Execute), multi-agent orchestration, RAG, prompt engineering, LLM security | | 🏛 **Architecture** | API design, cloud-native patterns, messaging, caching, data security | | 💻 **Development** | Python, TypeScript, Go, Rust, Java, C++, Shell | | 🚀 **DevOps** | Git workflow, testing, databases, observability, performance, FinOps | | 🎨 **Frontend** | Unified design system selector — Glassmorphism / Liquid Glass / Neubrutalism / Claymorphism | | 📑 **Office** | Word, PDF, PowerPoint, Excel — OOXML-level automation | | 📡 **Infra / Mobile / Data** | Kubernetes, GitOps, IaC · iOS, Android, RN, Flutter · pipelines, streaming, quality | | 🜲 **Self-evolution** | `cultivating-skills` (distill repeated workflows) + `cultivating-personas` (distill voice into Tech Persona Card) — both with safety scan + 3-tier publish funnel | Five skills also ship as **executable verification tools** for CI: ```bash node skills/analyzing-security/scripts/security_scanner.js . # OWASP / injection / secrets node skills/checking-code-quality/scripts/quality_checker.js . # Complexity, dupes, naming node skills/analyzing-changes/scripts/change_analyzer.js --mode staged node skills/verifying-modules/scripts/module_scanner.js node skills/generating-docs/scripts/doc_generator.js ``` --- ## Install | Target | Command | Artifacts | |---|---|---| | Claude | `npx code-abyss -t claude -y` | `CLAUDE.md` + skills + output styles + settings | | Codex | `npx code-abyss -t codex -y` | `instruction.md` + skills + config.toml | | Gemini | `npx code-abyss -t gemini -y` | `GEMINI.md` + skills + commands | | OpenClaw | `npx code-abyss -t openclaw -y` | Skills + workspace `AGENTS.md` / `SOUL.md` | ```bash npx code-abyss # Interactive — pick target, persona, style npx code-abyss --list-styles # Browse styles npx code-abyss --uninstall claude # Clean removal, restores user backups ``` Code Abyss tracks every installed file in `.code-abyss-backup/manifest.json`. Uninstall restores your previous configuration verbatim. **Your custom skills coexist** with Code Abyss skills — install/uninstall preserves anything you put under `~/.{target}/skills/` yourself. ### Upgrading | From | To | Path | |---|---|---| | v3.x | v4.x | `npx code-abyss --uninstall ` → install v4 → `npm run migrate:v4 -- -t ` (optional cleanup) | | v2.x | v3.x | `npx code-abyss --uninstall ` first, then install v3 | --- ## Tech Persona Card · open standard Code Abyss introduces **[Tech Persona Card v1.0](docs/specs/tech-persona-card-v1.0.md)** — the first portable format for AI agent persona interchange. Think Character Card V2, but for engineering workflows instead of roleplay. Each persona ships as a structured `persona-card.json` with voice, capabilities, scenarios, and three-layer content references: ```jsonc { "spec": "tech-persona-card", "spec_version": "1.0", "data": { "name": "stoic-architect", "voice": { "self": "I", "user": "colleague", "register": "formal", "emoji_policy": "none" }, "scenarios": [{ "name": "Architecture Review", "triggers": ["design", "scale"], "chain": ["constraints", "options", "trade-offs", "diagram"], "priority": "correctness > completeness > speed" }] } } ``` **Bidirectional converters** ship out of the box: ```js const { toCharaCardV2, toGPTInstructions, fromCharaCardV2 } = require('code-abyss/bin/lib/persona-converter'); const cc = toCharaCardV2(card, { identityContent }); // → SillyTavern / Chub.ai const gpt = toGPTInstructions(card, { identityContent });// → OpenAI Custom GPT ``` [**Specification**](docs/specs/tech-persona-card-v1.0.md) · [**JSON Schema**](docs/specs/persona-card.schema.json) · [**Reference cards**](config/personas/) --- ## Why Code Abyss | | Without Code Abyss | With Code Abyss | |---|---|---| | **Identity** | Flat help-desk tone | Consistent character with named voice | | **Execution** | Ad-hoc, varies by prompt | Iron laws + execution chains baked in | | **Domain depth** | Generic best-practices | 24 skill files load by context (avg 58 lines) | | **Security depth** | OWASP recitation | 4 native suites · 4073 lines · detection signals + mitigation patterns | | **Cross-platform** | Re-engineer per CLI | One spec, four platforms | | **Reproducibility** | Prompt drift across sessions | Versioned `persona-card.json` | | **Portability** | Locked to one runtime | Convert to CharaCard V2, GPT Instructions | --- ## Contributing ```bash git clone https://github.com/telagod/code-abyss && cd code-abyss npm install npm test # 375 tests npm run verify:skills # Validate 24 skill contracts ``` **Add a skill** — create `skills//SKILL.md` with [SKILL frontmatter](https://agentskills.io/specification), optionally add `scripts/` for executable tools. `npm run verify:skills` validates the contract. **Submit a persona** — open an Issue via the [submission portal](https://telagod.github.io/code-abyss/submit.html). The site walks you through generating a `persona-card.json` + `identity.md` with your own AI, reviewing, and submitting via a pre-configured issue template. ---

MIT License · v4.1.0 · made with 紫宵脉 by @telagod