@joshski/dust 0.1.33 → 0.1.35

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joshski/dust",
-  "version": "0.1.33",
+  "version": "0.1.35",
   "description": "Flow state for AI coding agents",
   "type": "module",
   "bin": {

package/templates/agent-implement-task.txt

@@ -12,7 +12,7 @@
    - All implementation changes
    - Deletion of the completed task file
    - Updates to any facts that changed
-   - Deletion of any ideas that were fully realized
+   - Deletion of the idea file that spawned this task (if remaining scope exists, create new ideas for it)
 
    Use the task title as the commit message. Task titles are written in imperative form, which is the recommended style for git commit messages. Do not add prefixes like "Complete task:" - use the title directly.
 

package/templates/agent-new-task.txt

@@ -24,7 +24,6 @@ Use a todo list to track your progress through these steps.
 10. Run `{{bin}} lint markdown` to catch any issues with the task format
 11. Create a single atomic commit with a message in the format "Add task: <title>" that includes:
     - The new task file
-    - Deletion of any ideas that were fully realized
-    - Updates to any ideas whose scope changed
+    - Deletion of the idea file that spawned this task (if remaining scope exists, create new ideas for it)
 {{#unless isClaudeCodeWeb}}12. Push your commit to the remote repository
 {{/unless}}{{#if isClaudeCodeWeb}}12. **Start a sub-agent** to implement the task: "Run `{{bin}} implement task` and implement the task in `.dust/tasks/[task-file].md`"{{/if}}

package/templates/audits/dead-code.md

@@ -0,0 +1,30 @@
+# Dead Code
+
+Find and remove unused code to improve maintainability and reduce bundle size.
+
+## Scope
+
+Focus on these areas:
+
+1. **Unused exports** - Functions, classes, constants that are never imported
+2. **Unreachable code** - Code after return statements, impossible conditions
+3. **Orphaned files** - Files that are not imported anywhere
+4. **Unused dependencies** - Packages in package.json not used in code
+5. **Commented-out code** - Old code left in comments
+
+## Goals
+
+(none)
+
+## Blocked By
+
+(none)
+
+## Definition of Done
+
+- [ ] Ran static analysis tools to find unused exports
+- [ ] Identified files with no incoming imports
+- [ ] Listed unused dependencies
+- [ ] Reviewed commented-out code blocks
+- [ ] Created list of code safe to remove
+- [ ] Verified removal won't break dynamic imports or reflection

package/templates/audits/security-review.md

@@ -0,0 +1,30 @@
+# Security Review
+
+Review the codebase for common security vulnerabilities and misconfigurations.
+
+## Scope
+
+Focus on these areas:
+
+1. **Hardcoded secrets** - API keys, passwords, tokens in source code
+2. **Injection vulnerabilities** - SQL injection, command injection, XSS
+3. **Authentication issues** - Weak password handling, missing auth checks
+4. **Sensitive data exposure** - Logging sensitive data, insecure storage
+5. **Dependency vulnerabilities** - Known CVEs in dependencies
+
+## Goals
+
+(none)
+
+## Blocked By
+
+(none)
+
+## Definition of Done
+
+- [ ] Searched for hardcoded secrets (API keys, passwords, tokens)
+- [ ] Reviewed input validation and sanitization
+- [ ] Checked authentication and authorization logic
+- [ ] Verified sensitive data is not logged or exposed
+- [ ] Ran dependency audit for known vulnerabilities
+- [ ] Documented any findings with severity ratings

package/templates/audits/test-coverage.md

@@ -0,0 +1,29 @@
+# Test Coverage
+
+Identify untested code paths and areas that need additional test coverage.
+
+## Scope
+
+Focus on these areas:
+
+1. **Core business logic** - Functions that handle critical operations
+2. **Edge cases** - Boundary conditions, error handling paths
+3. **Integration points** - API endpoints, database operations
+4. **User-facing features** - UI components, form validation
+5. **Recent changes** - Code modified in the last few commits
+
+## Goals
+
+(none)
+
+## Blocked By
+
+(none)
+
+## Definition of Done
+
+- [ ] Identified modules with low or no test coverage
+- [ ] Listed critical paths that lack tests
+- [ ] Prioritized areas by risk and importance
+- [ ] Created list of specific test cases to add
+- [ ] Estimated effort for improving coverage

package/templates/templates/agent-implement-task.txt

@@ -12,7 +12,7 @@
    - All implementation changes
    - Deletion of the completed task file
    - Updates to any facts that changed
-   - Deletion of any ideas that were fully realized
+   - Deletion of the idea file that spawned this task (if remaining scope exists, create new ideas for it)
 
    Use the task title as the commit message. Task titles are written in imperative form, which is the recommended style for git commit messages. Do not add prefixes like "Complete task:" - use the title directly.
 

package/templates/templates/agent-new-task.txt

@@ -24,7 +24,6 @@ Use a todo list to track your progress through these steps.
 10. Run `{{bin}} lint markdown` to catch any issues with the task format
 11. Create a single atomic commit with a message in the format "Add task: <title>" that includes:
     - The new task file
-    - Deletion of any ideas that were fully realized
-    - Updates to any ideas whose scope changed
+    - Deletion of the idea file that spawned this task (if remaining scope exists, create new ideas for it)
 {{#unless isClaudeCodeWeb}}12. Push your commit to the remote repository
 {{/unless}}{{#if isClaudeCodeWeb}}12. **Start a sub-agent** to implement the task: "Run `{{bin}} implement task` and implement the task in `.dust/tasks/[task-file].md`"{{/if}}

package/templates/templates/audits/dead-code.md

@@ -0,0 +1,30 @@
+# Dead Code
+
+Find and remove unused code to improve maintainability and reduce bundle size.
+
+## Scope
+
+Focus on these areas:
+
+1. **Unused exports** - Functions, classes, constants that are never imported
+2. **Unreachable code** - Code after return statements, impossible conditions
+3. **Orphaned files** - Files that are not imported anywhere
+4. **Unused dependencies** - Packages in package.json not used in code
+5. **Commented-out code** - Old code left in comments
+
+## Goals
+
+(none)
+
+## Blocked By
+
+(none)
+
+## Definition of Done
+
+- [ ] Ran static analysis tools to find unused exports
+- [ ] Identified files with no incoming imports
+- [ ] Listed unused dependencies
+- [ ] Reviewed commented-out code blocks
+- [ ] Created list of code safe to remove
+- [ ] Verified removal won't break dynamic imports or reflection

package/templates/templates/audits/security-review.md

@@ -0,0 +1,30 @@
+# Security Review
+
+Review the codebase for common security vulnerabilities and misconfigurations.
+
+## Scope
+
+Focus on these areas:
+
+1. **Hardcoded secrets** - API keys, passwords, tokens in source code
+2. **Injection vulnerabilities** - SQL injection, command injection, XSS
+3. **Authentication issues** - Weak password handling, missing auth checks
+4. **Sensitive data exposure** - Logging sensitive data, insecure storage
+5. **Dependency vulnerabilities** - Known CVEs in dependencies
+
+## Goals
+
+(none)
+
+## Blocked By
+
+(none)
+
+## Definition of Done
+
+- [ ] Searched for hardcoded secrets (API keys, passwords, tokens)
+- [ ] Reviewed input validation and sanitization
+- [ ] Checked authentication and authorization logic
+- [ ] Verified sensitive data is not logged or exposed
+- [ ] Ran dependency audit for known vulnerabilities
+- [ ] Documented any findings with severity ratings

package/templates/templates/audits/test-coverage.md

@@ -0,0 +1,29 @@
+# Test Coverage
+
+Identify untested code paths and areas that need additional test coverage.
+
+## Scope
+
+Focus on these areas:
+
+1. **Core business logic** - Functions that handle critical operations
+2. **Edge cases** - Boundary conditions, error handling paths
+3. **Integration points** - API endpoints, database operations
+4. **User-facing features** - UI components, form validation
+5. **Recent changes** - Code modified in the last few commits
+
+## Goals
+
+(none)
+
+## Blocked By
+
+(none)
+
+## Definition of Done
+
+- [ ] Identified modules with low or no test coverage
+- [ ] Listed critical paths that lack tests
+- [ ] Prioritized areas by risk and importance
+- [ ] Created list of specific test cases to add
+- [ ] Estimated effort for improving coverage