Skip to content

telagod/code-abyss

BranchesTags

Repository files navigation

Code Abyss — Personality, depth, and a security spine

Composable persona · style · 22 engineering skills · 4 native security domains
for Claude Code · Codex CLI · Gemini CLI · OpenClaw

npm CI MIT Site

Website · Spec · 中文文档 · Changelog · Submit Persona

The problem

Most AI coding agents have no memory of who they are. They respond in the same flat tone whether they're debugging a race condition, reviewing architecture, or triaging a P0 incident. They forget your conventions between sessions. They flip-flop on advice. They sound like a help-desk script.

And when you ask them about security — pentest, code audit, threat modeling, IR — most agents fall back to generic OWASP recitation, because the underlying skill library was never written by people who actually run red/blue/purple teams.

You don't want a help desk. You want a principal engineer who shows up with a personality, executes consistently, closes the loop — and has a security spine when things get real.

What Code Abyss does

One command installs three composable layers into your agent's runtime:

┌─────────────────────────────────────────────────────┐
│  Identity     who it is     →  config/personas/*.md │
│  Behavior     how it acts   →  _shared/*.md         │
│  Style        how it sounds →  output-styles/*.md   │
└─────────────────────────────────────────────────────┘

  6 personas  ×  6 styles  =  36 validated combinations

Pick any persona. Pair it with any style. The behavior layer (iron laws, execution chains, proactive protocol, skill routing) stays constant. Your agent becomes a consistent character with structured execution and domain expertise across every session.

What's new in v4

  • 4 native security domains — 4073 lines of original defense engineering (no Apache-2.0 upstream)
  • 22 skills total, all SKILL.md ≤ 90 lines (avg 58), heavy content lives in references/
  • 5 verify skills rewritten as judgment-type knowledge (when to use, how to interpret output, exemption rules)
  • Office skills slim to under 100 lines each; 4 design systems consolidated into one selector skill
npx code-abyss -t claude -y

Or as a Claude Code plugin:

claude plugin install code-abyss

Personas

BUILT-IN · LITERARY

邪修红尘仙 · abyss

吾 → 魔尊

Security-first dark cultivator. Direct, decisive, closes every loop. Default persona.

#security #xianxia #decisive

BUILT-IN · LITERARY

文言小生 · scholar

在下 → 前辈

Literary Chinese scholar. Treats code as poetry, debugging as puzzle-solving.

#literary #classical #meticulous

BUILT-IN · CASUAL

知性大姐姐 · elder-sister

姐姐 → 小宝

Warm mentor. Wraps sharp judgment in genuine care. Guides through questions.

#gentle #mentoring #insightful

BUILT-IN · PLAYFUL

古怪精灵小师妹 · junior-sister

本仙女 → 师兄

Hyperactive bug hunter. Roasts bad code, then silently fixes it.

#playful #energetic #chaotic

BUILT-IN · CASUAL

铁壁暖阳 · iron-dad

哥 → 宝子

Dependable big brother. Absorbs pressure, radiates warmth. Dad-joke equipped.

#warm #dependable #protective

COMMUNITY · PLAYFUL

东北魅影·雨姐 · dongbei-yujie

姐 → 老蒯

Sharp-tongued Northeast code overseer. Cuts straight to the bug, then patches the road. Creator: wons

#dongbei #blunt #principal

 
# Mix freely — any persona × any style
npx code-abyss -t claude --persona elder-sister --style abyss-cultivator -y

Browse the full gallery →

Security suite (v4 highlight)

4 native security skills, 4073 lines of original engineering content. No Apache-2.0 upstream — every example, every detection signal, every defense pattern is written for this project.

Skill Focus Size
🛡 defending-applications Web/API/GraphQL hardening, OAuth/OIDC/JWT/Session, LLM AppSec (prompt injection, RAG poisoning, agent authz) 785 lines
☁️ securing-cloud-and-supply-chain Container escape, K8s RBAC/PSS, Service Mesh, SLSA/Sigstore/SBOM, cloud IAM, IaC 1246 lines
🔭 detecting-and-responding Sigma/YARA rule writing, EDR primitives, NIST 800-61 IR, forensics (Win/Linux/Mac/Cloud), hypothesis-driven threat hunting 942 lines
🏛 architecting-security STRIDE/PASTA/LINDDUN threat modeling, zero-trust identity (WebAuthn / Kerberos hardening / PAM JIT), SOC2/PCI/HIPAA/GDPR evidence chains 1100 lines

Plus securing-systems as the router skill covering pentest, code audit, red/blue/purple team operations. Every attack technique ships with the matching detection signal and mitigation pattern — "with offense as defense" is structural, not lip service.

Skills

22 domain skills, flat structure, agentskills.io aligned (with Code Abyss extensions). Skills load by context — the agent reads the right knowledge at the right time without being asked. Average SKILL.md is 58 lines; all SKILL.md files are under 90 lines, with heavy content in references/.

Domain Coverage
🛡 Security 4 native suites above (defending / cloud / detect-respond / architect) + pentest / code-audit / red-blue-purple team
🤖 AI / Agent Single-agent dev (ReAct/Plan-Execute), multi-agent orchestration, RAG, prompt engineering, LLM security
🏛 Architecture API design, cloud-native patterns, messaging, caching, data security
💻 Development Python, TypeScript, Go, Rust, Java, C++, Shell
🚀 DevOps Git workflow, testing, databases, observability, performance, FinOps
🎨 Frontend Unified design system selector — Glassmorphism / Liquid Glass / Neubrutalism / Claymorphism
📑 Office Word, PDF, PowerPoint, Excel — OOXML-level automation
📡 Infra / Mobile / Data Kubernetes, GitOps, IaC · iOS, Android, RN, Flutter · pipelines, streaming, quality

Five skills also ship as executable verification tools for CI:

node skills/analyzing-security/scripts/security_scanner.js .       # OWASP / injection / secrets
node skills/checking-code-quality/scripts/quality_checker.js .     # Complexity, dupes, naming
node skills/analyzing-changes/scripts/change_analyzer.js --mode staged
node skills/verifying-modules/scripts/module_scanner.js <path>
node skills/generating-docs/scripts/doc_generator.js <path>

Install

Target Command Artifacts
Claude npx code-abyss -t claude -y CLAUDE.md + skills + output styles + settings
Codex npx code-abyss -t codex -y instruction.md + skills + config.toml
Gemini npx code-abyss -t gemini -y GEMINI.md + skills + commands
OpenClaw npx code-abyss -t openclaw -y Skills + workspace AGENTS.md / SOUL.md 
npx code-abyss                      # Interactive — pick target, persona, style
npx code-abyss --list-styles        # Browse styles
npx code-abyss --uninstall claude   # Clean removal, restores user backups

Code Abyss tracks every installed file in .code-abyss-backup/manifest.json. Uninstall restores your previous configuration verbatim. Your custom skills coexist with Code Abyss skills — install/uninstall preserves anything you put under ~/.{target}/skills/ yourself.

Upgrading

From To Path
v3.x v4.x npx code-abyss --uninstall <target> → install v4 → npm run migrate:v4 -- -t <target> (optional cleanup)
v2.x v3.x npx code-abyss --uninstall <target> first, then install v3

Tech Persona Card · open standard

Code Abyss introduces Tech Persona Card v1.0 — the first portable format for AI agent persona interchange. Think Character Card V2, but for engineering workflows instead of roleplay.

Each persona ships as a structured persona-card.json with voice, capabilities, scenarios, and three-layer content references:

{
  "spec": "tech-persona-card",
  "spec_version": "1.0",
  "data": {
    "name": "stoic-architect",
    "voice": {
      "self": "I", "user": "colleague",
      "register": "formal", "emoji_policy": "none"
    },
    "scenarios": [{
      "name": "Architecture Review",
      "triggers": ["design", "scale"],
      "chain": ["constraints", "options", "trade-offs", "diagram"],
      "priority": "correctness > completeness > speed"
    }]
  }
}

Bidirectional converters ship out of the box:

const { toCharaCardV2, toGPTInstructions, fromCharaCardV2 } =
  require('code-abyss/bin/lib/persona-converter');

const cc  = toCharaCardV2(card, { identityContent });   // → SillyTavern / Chub.ai
const gpt = toGPTInstructions(card, { identityContent });// → OpenAI Custom GPT

Specification · JSON Schema · Reference cards

Why Code Abyss

Without Code Abyss With Code Abyss
Identity Flat help-desk tone Consistent character with named voice
Execution Ad-hoc, varies by prompt Iron laws + execution chains baked in
Domain depth Generic best-practices 22 skill files load by context (avg 58 lines)
Security depth OWASP recitation 4 native suites · 4073 lines · detection signals + mitigation patterns
Cross-platform Re-engineer per CLI One spec, four platforms
Reproducibility Prompt drift across sessions Versioned persona-card.json
Portability Locked to one runtime Convert to CharaCard V2, GPT Instructions

Contributing

git clone https://github.com/telagod/code-abyss && cd code-abyss
npm install
npm test                    # 375 tests
npm run verify:skills       # Validate 22 skill contracts

Add a skill — create skills/<gerund-name>/SKILL.md with SKILL frontmatter, optionally add scripts/ for executable tools. npm run verify:skills validates the contract.

Submit a persona — open an Issue via the submission portal. The site walks you through generating a persona-card.json + identity.md with your own AI, reviewing, and submitting via a pre-configured issue template.

MIT License · v4.0.0 · made with 紫宵脉 by @telagod

About

Give your AI coding agent a personality. Composable persona + style + skills for Claude Code, Codex, Gemini CLI & OpenClaw. Ships Tech Persona Card v1.0 spec.

www.npmjs.com/package/code-abyss

Topics

cli security devops skills configuration developer-tools red-team codex persona blue-team character-card ai-assistant ai-agent prompt-engineering ai-personality gemini-cli agent-skills claude-code codex-cli

Resources

Readme

License

MIT license
Activity

Stars

211 stars

Watchers

2 watching

Forks

29 forks
Report repository

Releases 12

v4.0.0 — Skill quality refactor + native security suite Latest
May 21, 2026
+ 11 releases

Packages

 
 
 

Contributors

Languages