by kaanozhan
ADE( Agentic Development Environment) The spec-driven environment for AI coding agents, where your planning becomes lasting, shared project context.
# Add to your Claude Code skills
git clone https://github.com/kaanozhan/FrameLast scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@electron/node-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@electron/rebuild: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@isaacs/brace-expansion: @isaacs/brace-expansion has Uncontrolled Resource Consumption",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cacache: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron: Electron has ASAR Integrity Bypass via resource modification",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "make-fetch-happen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"severity": "high"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T15:03:23.939Z",
"npmAuditRan": true,
"pipAuditRan": true
}Frame is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by kaanozhan. ADE( Agentic Development Environment) The spec-driven environment for AI coding agents, where your planning becomes lasting, shared project context. It has 316 GitHub stars.
Frame returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/kaanozhan/Frame" and add it to your Claude Code skills directory (see the Installation section above).
Frame is primarily written in JavaScript. It is open-source under kaanozhan on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh Frame against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
The shape of software development changed — agents write the code now — but the foundation didn't: good results still come from good planning. Frame puts planning back at the center. You write a spec once, and that single spec becomes three things at once: the plan your agents follow, a clean unit of work you can run in parallel without collisions, and the durable, shared context your project keeps across every session. Every future agent arrives knowing what was done and why — no more re-explaining your architecture every time you open a terminal.
Built on Claude Code. Codex CLI and Gemini CLI work too — and because your context lives in plain, git-versioned files, it stays yours and stays readable by any tool.
https://github.com/user-attachments/assets/6fe108d1-70c8-441e-a913-b34583c803b0
As projects grow with AI agents, things fall apart fast:
These problems are manageable on small projects. On larger ones, they become blockers.
Frame solves all of this.
Frame brings a consistent structure to every project you work on. When you initialize Frame in a project, it creates:
| File | Purpose |
|---|---|
AGENTS.md |
Project rules and instructions — AI reads this automatically |
STRUCTURE.json |
Module map with intentIndex for fast file lookup |
PROJECT_NOTES.md |
Architectural decisions and context that persist across sessions |
tasks.json |
Task tracking with status, context, and acceptance criteria |
Every project gets its own isolated session — its own context, its own task list, its own notes. Switching projects in Frame means switching to a completely fresh, project-specific AI context. No bleed-over, no confusion.
This standard works with any AI tool. Claude Code and Gemini CLI read these files natively. For Codex CLI, Frame injects them automatically via a wrapper script — no manual setup needed.
The result: any developer (or AI agent) who opens a Frame project immediately knows where everything is and what's been decided. Onboarding a new AI session to a large project takes seconds, not minutes.
One of the hardest problems in agentic development is knowing when to capture context. Session boundaries are fuzzy — you might stay in the same session for hours. Task completion is ambiguous — agents don't always signal clearly when something is done. Trying to detect "important moments" mid-session is unreliable.
Frame's approach: use git commits as the single reliable boundary.
When you commit, something real happened. It's intentional, it's deterministic, and it's a natural checkpoint you're already making. Frame builds its entire context system around this moment:
When the next session starts, these files are read automatically. The agent picks up exactly where things left off — not from a vague session transcript, but from structured, up-to-date context written at the one moment you can be certain something real was completed.
The practical implication: commit often. Small, intentional commits aren't just good git hygiene — in Frame, they're how context stays accurate and agents stay oriented.
For features that won't fit in one session, Frame ships a built-in spec workflow. Each spec is four markdown files on disk:
.frame/specs/<slug>/
spec.md what we're building
plan.md how we'll build it
tasks.md broken-down work
outcome.md what actually shipped
Describe what you want and the AI drafts the spec. /spec.plan produces an implementation plan. /spec.tasks breaks the plan into discrete tasks that import into tasks.json (tagged with source: "spec:<slug>:T<n>"). /spec.implement walks them one by one — and after each task, the agent appends 2-3 sentences to outcome.md: what shipped, what diverged from the plan, what to follow up on.
That last file is the move that makes the rest worth doing. Plans tell you intent. Code tells you reality. outcome.md tells you the story between them, written while the agent's memory was fresh — the kind of context that's normally lost the moment a session ends.
Two principles shaped this:
tasks.json workflows are untouched.Running agents in parallel is easy — every tool does it now. Landing their
work into main without chaos is the hard part. That's what Frame's
orchestration is built for: specs make features durable, orchestration makes
them parallel and safe to land.
Open the Orchestrator and hand a conductor agent several ready specs. It runs them at the same time — each spec in its own git worktree, worked by its own agent, fully isolated. No two agents fighting over the same files, no half-finished work bleeding into your working tree.
The conductor doesn't guess at safety. Before running anything it reads each spec's declared footprint (the files it will touch) and only parallelizes specs that don't overlap; the rest are serialized. That guard is enforced in Frame's code, not left to the model — a spec whose footprint collides with in-flight work is refused, not merged into chaos.
The unit of parallelism is the spec, not the task. A spec's own tasks are interdependent, so one agent runs them in order; different specs are the independent units that fan out. Need more parallelism? Split the work into more specs.
When you dispatch a spec, Frame sets up its sandbox automatically — you don't run a single git command:
.frame/worktrees/<slug>, branched from current HEAD (so serialized specs build on already-merged work),frame/<slug>/work,Every worker carries a live state you watch on the pipeline rail: queued → running → done → approved, with blocked (footprint conflict — held until its predecessor merges), idle, and failed surfaced too. Each worker is a real frame — click it to drop into its terminal, answer an approval prompt, or take over by hand. When you tear a session down, Frame removes the worktrees and prunes merged branches but keeps un-merged work on its branch, so nothing is lost.
You stay in control of what lands:
tasks.json, STRUCTURE.json, …).main is never touched; promoting it or opening a PR stays your call.It all lives on one screen: the conductor's terminal (talk to it directly), the pipeline rail across the top, your worker lanes, and the spec rail to assign more — a cockpit, not a black box. Because no real task finishes in one shot and an agent may need your approval mid-run, you can always step into any frame and keep working by hand.
Honest framing: this is guardrailed, human-steered parallelism — not fire-and-forget automation. The conductor proposes and isolates; you decide what merges. That's the point.
Instead of scanning the entire codebase, Frame's intentIndex maps concepts to files:
node scripts/find-module.js github # → githubManager.js