@rrgarciach/flow-spec 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/init.js +91 -0
- package/package.json +28 -0
- package/template/.cursor/rules/use-base-rules.mdc +37 -0
- package/template/ai-specs/agents/backend-developer.md +121 -0
- package/template/ai-specs/agents/frontend-developer.md +134 -0
- package/template/ai-specs/agents/product-strategy-analyst.md +53 -0
- package/template/ai-specs/flow-spec-instructions.md +389 -0
- package/template/ai-specs/scripts/code_review.sh +35 -0
- package/template/ai-specs/skills/code-auditing/SKILL.md +155 -0
- package/template/ai-specs/skills/code-auditing/references/audit-methodology.md +371 -0
- package/template/ai-specs/skills/code-auditing/references/dead-code-methodology.md +261 -0
- package/template/ai-specs/skills/commit/SKILL.md +101 -0
- package/template/ai-specs/skills/enrich-us/SKILL.md +42 -0
- package/template/ai-specs/skills/explain/SKILL.md +84 -0
- package/template/ai-specs/skills/meta-prompt/SKILL.md +19 -0
- package/template/ai-specs/skills/update-docs/SKILL.md +13 -0
- package/template/ai-specs/skills/using-git-worktrees/SKILL.md +375 -0
- package/template/ai-specs/skills/writing-skills/SKILL.md +655 -0
- package/template/ai-specs/skills/writing-skills/anthropic-best-practices.md +1150 -0
- package/template/ai-specs/skills/writing-skills/examples/CLAUDE_MD_TESTING.md +189 -0
- package/template/ai-specs/skills/writing-skills/graphviz-conventions.dot +172 -0
- package/template/ai-specs/skills/writing-skills/persuasion-principles.md +187 -0
- package/template/ai-specs/skills/writing-skills/render-graphs.js +168 -0
- package/template/ai-specs/skills/writing-skills/testing-skills-with-subagents.md +384 -0
- package/template/docs/api-spec.yml +29 -0
- package/template/docs/backend-standards.md +53 -0
- package/template/docs/base-standards.md +114 -0
- package/template/docs/data-model.md +26 -0
- package/template/docs/development_guide.md +36 -0
- package/template/docs/documentation-standards.md +49 -0
- package/template/docs/frontend-standards.md +45 -0
|
@@ -0,0 +1,371 @@
|
|
|
1
|
+
# Code Audit Methodology
|
|
2
|
+
|
|
3
|
+
This document provides a comprehensive, systematic approach to code quality auditing. Follow these phases for thorough analysis.
|
|
4
|
+
|
|
5
|
+
## Phase 0: Pre-Analysis Setup
|
|
6
|
+
|
|
7
|
+
Before analyzing code, establish the context:
|
|
8
|
+
|
|
9
|
+
### 1. Project Configuration
|
|
10
|
+
- **Package files**: package.json, requirements.txt, go.mod, pom.xml, etc.
|
|
11
|
+
- **Tech stack**: Identify languages, frameworks, and core libraries
|
|
12
|
+
- **Linting configs**: eslint, prettier, black, golint, etc.
|
|
13
|
+
- **Project docs**: CLAUDE.md, README.md for project-specific guidelines
|
|
14
|
+
|
|
15
|
+
### 2. Baseline Checks
|
|
16
|
+
Run existing linting and testing:
|
|
17
|
+
```bash
|
|
18
|
+
# JavaScript/TypeScript
|
|
19
|
+
npm run lint
|
|
20
|
+
npm run typecheck
|
|
21
|
+
npm test
|
|
22
|
+
|
|
23
|
+
# Python
|
|
24
|
+
black --check .
|
|
25
|
+
flake8
|
|
26
|
+
pytest
|
|
27
|
+
|
|
28
|
+
# Go
|
|
29
|
+
go vet ./...
|
|
30
|
+
golint ./...
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
Document existing errors/warnings as baseline.
|
|
34
|
+
|
|
35
|
+
### 3. Documentation Loading
|
|
36
|
+
Use Context7 to pre-load documentation for identified core libraries:
|
|
37
|
+
```
|
|
38
|
+
mcp__context7__resolve-library-id → Get library ID
|
|
39
|
+
mcp__context7__query-docs → Load current best practices
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Phase 1: Discovery
|
|
43
|
+
|
|
44
|
+
### File Identification
|
|
45
|
+
Find all code files by type:
|
|
46
|
+
```
|
|
47
|
+
*.js, *.ts, *.jsx, *.tsx (JavaScript/TypeScript)
|
|
48
|
+
*.py (Python)
|
|
49
|
+
*.java (Java)
|
|
50
|
+
*.go (Go)
|
|
51
|
+
*.rs (Rust)
|
|
52
|
+
*.rb (Ruby)
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
### Organization
|
|
56
|
+
- Group files by module/feature for contextual analysis
|
|
57
|
+
- Create a tracking list for systematic progress
|
|
58
|
+
- Prioritize core business logic over utilities
|
|
59
|
+
|
|
60
|
+
## Phase 2: File-by-File Analysis
|
|
61
|
+
|
|
62
|
+
For each file, analyze for the following categories:
|
|
63
|
+
|
|
64
|
+
### Dead Code
|
|
65
|
+
- Unused functions and methods
|
|
66
|
+
- Unused variables and imports
|
|
67
|
+
- Unreachable code blocks
|
|
68
|
+
- Commented-out code
|
|
69
|
+
- Deprecated features still present
|
|
70
|
+
|
|
71
|
+
### Code Smells & Anti-Patterns
|
|
72
|
+
- Functions longer than 50 lines
|
|
73
|
+
- High cyclomatic complexity (> 10)
|
|
74
|
+
- Deeply nested conditionals (> 3 levels)
|
|
75
|
+
- Magic numbers without constants
|
|
76
|
+
- Copy-paste code duplication
|
|
77
|
+
- God objects/functions doing too much
|
|
78
|
+
- Long parameter lists (> 5 params)
|
|
79
|
+
|
|
80
|
+
### Security Vulnerabilities
|
|
81
|
+
- Hardcoded secrets, API keys, passwords
|
|
82
|
+
- SQL injection vulnerabilities
|
|
83
|
+
- XSS (Cross-Site Scripting) risks
|
|
84
|
+
- Command injection risks
|
|
85
|
+
- Insecure deserialization
|
|
86
|
+
- Missing input validation
|
|
87
|
+
- Information disclosure in errors
|
|
88
|
+
|
|
89
|
+
### Performance Issues
|
|
90
|
+
- O(n²) or worse algorithms in hot paths
|
|
91
|
+
- Missing database indexes
|
|
92
|
+
- N+1 query patterns
|
|
93
|
+
- Unnecessary synchronous operations
|
|
94
|
+
- Missing caching for expensive operations
|
|
95
|
+
- Large memory allocations in loops
|
|
96
|
+
- Blocking I/O in async contexts
|
|
97
|
+
|
|
98
|
+
### TypeScript/Type Safety Issues
|
|
99
|
+
- Missing type annotations
|
|
100
|
+
- Excessive use of `any` type
|
|
101
|
+
- Type assertions that could be avoided
|
|
102
|
+
- Custom types duplicating official @types/* packages
|
|
103
|
+
- Missing null/undefined checks
|
|
104
|
+
|
|
105
|
+
### Async/Promise Issues
|
|
106
|
+
- Missing `await` keywords
|
|
107
|
+
- Unhandled promise rejections
|
|
108
|
+
- Callback hell that should use async/await
|
|
109
|
+
- Fire-and-forget promises without error handling
|
|
110
|
+
|
|
111
|
+
### Memory Leaks
|
|
112
|
+
- Event listeners not removed on cleanup
|
|
113
|
+
- Timers (setInterval, setTimeout) not cleared
|
|
114
|
+
- Large objects retained unnecessarily
|
|
115
|
+
- Closures holding references too long
|
|
116
|
+
- DOM references kept after element removal
|
|
117
|
+
|
|
118
|
+
### Error Handling
|
|
119
|
+
- Empty catch blocks
|
|
120
|
+
- Catch-and-ignore patterns
|
|
121
|
+
- Missing try/catch in async code
|
|
122
|
+
- Inconsistent error types
|
|
123
|
+
- Generic error messages hiding root cause
|
|
124
|
+
|
|
125
|
+
## Phase 3: Best Practices Verification
|
|
126
|
+
|
|
127
|
+
### Context7 Documentation Check
|
|
128
|
+
For every major library identified:
|
|
129
|
+
|
|
130
|
+
1. **Resolve library ID**:
|
|
131
|
+
```
|
|
132
|
+
mcp__context7__resolve-library-id: "react"
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
2. **Get current best practices**:
|
|
136
|
+
```
|
|
137
|
+
mcp__context7__query-docs: {
|
|
138
|
+
"context7CompatibleLibraryID": "/facebook/react",
|
|
139
|
+
"topic": "hooks best practices"
|
|
140
|
+
}
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
3. **Focus areas**:
|
|
144
|
+
- Migration guides between versions
|
|
145
|
+
- Deprecated features and replacements
|
|
146
|
+
- Performance best practices
|
|
147
|
+
- Security considerations
|
|
148
|
+
- Common pitfalls and anti-patterns
|
|
149
|
+
|
|
150
|
+
### GitHub Research
|
|
151
|
+
Use `gh` CLI to research real-world usage:
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
# Search for patterns
|
|
155
|
+
gh search code "useEffect cleanup" --language=typescript
|
|
156
|
+
|
|
157
|
+
# Check repository health
|
|
158
|
+
gh repo view [library] --json stargazersCount,updatedAt,openIssues
|
|
159
|
+
|
|
160
|
+
# Look for security advisories
|
|
161
|
+
gh api /repos/{owner}/{repo}/security-advisories
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
### Cross-Reference Findings
|
|
165
|
+
- Compare actual implementation vs official documentation
|
|
166
|
+
- Identify deviations from recommended patterns
|
|
167
|
+
- Note outdated patterns that need modernization
|
|
168
|
+
- Flag anti-patterns explicitly discouraged in docs
|
|
169
|
+
|
|
170
|
+
## Phase 3.5: TypeScript Types Verification
|
|
171
|
+
|
|
172
|
+
For TypeScript projects, perform additional type analysis:
|
|
173
|
+
|
|
174
|
+
### Check for Duplicate Types
|
|
175
|
+
Search for custom interfaces that mirror official types:
|
|
176
|
+
- React types (React.FC, React.Component, event types)
|
|
177
|
+
- Node.js types (Buffer, Process, Global)
|
|
178
|
+
- DOM types (HTMLElement, Event types)
|
|
179
|
+
- Express types (Request, Response)
|
|
180
|
+
- Popular library types (lodash, axios, etc.)
|
|
181
|
+
|
|
182
|
+
### Verify @types Packages
|
|
183
|
+
```bash
|
|
184
|
+
# Check if official types exist
|
|
185
|
+
npm view @types/[library] types
|
|
186
|
+
|
|
187
|
+
# Verify installed @types versions
|
|
188
|
+
npm ls @types/*
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
### Common Issues
|
|
192
|
+
- Custom `IRequest` when `express.Request` exists
|
|
193
|
+
- Custom event types when React provides them
|
|
194
|
+
- Duplicating `@types/node` built-in types
|
|
195
|
+
|
|
196
|
+
## Phase 4: Pattern Detection
|
|
197
|
+
|
|
198
|
+
Look for recurring issues across the codebase:
|
|
199
|
+
|
|
200
|
+
### Cross-File Patterns
|
|
201
|
+
- Same anti-pattern repeated in multiple files
|
|
202
|
+
- Duplicated utility functions
|
|
203
|
+
- Inconsistent error handling approaches
|
|
204
|
+
- Different coding styles in different modules
|
|
205
|
+
|
|
206
|
+
### Abstraction Opportunities
|
|
207
|
+
- Repeated code that could be a utility function
|
|
208
|
+
- Common patterns that could be hooks (React)
|
|
209
|
+
- Cross-cutting concerns needing middleware
|
|
210
|
+
|
|
211
|
+
### Inconsistencies
|
|
212
|
+
- Mixed async styles (callbacks, promises, async/await)
|
|
213
|
+
- Inconsistent naming conventions
|
|
214
|
+
- Different error handling strategies
|
|
215
|
+
- Varying code organization patterns
|
|
216
|
+
|
|
217
|
+
## Phase 5: Library Recommendations
|
|
218
|
+
|
|
219
|
+
For custom implementations, find mature replacements:
|
|
220
|
+
|
|
221
|
+
### Discovery Process
|
|
222
|
+
1. **Check existing libraries first** - Use Context7 to see if current libraries already provide needed functionality
|
|
223
|
+
2. **Search package registries** - npm, PyPI, crates.io, etc.
|
|
224
|
+
3. **Verify library health**:
|
|
225
|
+
- Recent commits (active development)
|
|
226
|
+
- Open issues (responsiveness)
|
|
227
|
+
- Download stats (community adoption)
|
|
228
|
+
- Security advisories (vulnerability history)
|
|
229
|
+
|
|
230
|
+
### Evaluation Criteria
|
|
231
|
+
- **Maintenance**: Last commit < 6 months
|
|
232
|
+
- **Adoption**: Significant download/star count
|
|
233
|
+
- **Security**: No unaddressed vulnerabilities
|
|
234
|
+
- **Bundle size**: Important for frontend code
|
|
235
|
+
- **API stability**: Semantic versioning, migration guides
|
|
236
|
+
- **Documentation**: Clear examples and API docs
|
|
237
|
+
|
|
238
|
+
### Common Replacements
|
|
239
|
+
| Custom Implementation | Recommended Library |
|
|
240
|
+
|----------------------|---------------------|
|
|
241
|
+
| Date manipulation | date-fns, dayjs |
|
|
242
|
+
| HTTP client | axios, ky |
|
|
243
|
+
| Form validation | zod, yup |
|
|
244
|
+
| State management | zustand, jotai |
|
|
245
|
+
| Deep cloning | lodash/cloneDeep, structuredClone |
|
|
246
|
+
| UUID generation | uuid, nanoid |
|
|
247
|
+
| Retry logic | p-retry, async-retry |
|
|
248
|
+
|
|
249
|
+
## Phase 6: Report Generation
|
|
250
|
+
|
|
251
|
+
### Report Structure
|
|
252
|
+
|
|
253
|
+
#### Executive Summary (2-3 paragraphs)
|
|
254
|
+
- Total files analyzed
|
|
255
|
+
- High-level findings overview
|
|
256
|
+
- Key risks and recommendations
|
|
257
|
+
|
|
258
|
+
#### Critical Issues (Immediate Action)
|
|
259
|
+
For each:
|
|
260
|
+
- File path and line number
|
|
261
|
+
- Issue description
|
|
262
|
+
- Security/stability impact
|
|
263
|
+
- Fix example
|
|
264
|
+
- Effort estimate
|
|
265
|
+
|
|
266
|
+
#### High Priority Issues
|
|
267
|
+
- Performance bottlenecks
|
|
268
|
+
- Maintainability problems
|
|
269
|
+
- Missing error handling
|
|
270
|
+
|
|
271
|
+
#### Medium Priority Issues
|
|
272
|
+
- Best practices violations
|
|
273
|
+
- Code quality concerns
|
|
274
|
+
- Type safety improvements
|
|
275
|
+
|
|
276
|
+
#### Low Priority Issues
|
|
277
|
+
- Style inconsistencies
|
|
278
|
+
- Minor improvements
|
|
279
|
+
- Documentation gaps
|
|
280
|
+
|
|
281
|
+
#### Library Recommendations
|
|
282
|
+
For each suggested replacement:
|
|
283
|
+
- Current custom code location
|
|
284
|
+
- Recommended library
|
|
285
|
+
- Migration effort
|
|
286
|
+
- Bundle size impact
|
|
287
|
+
|
|
288
|
+
#### Quick Wins
|
|
289
|
+
Low-effort, high-value fixes:
|
|
290
|
+
- < 30 minutes to implement
|
|
291
|
+
- High impact on quality/security
|
|
292
|
+
|
|
293
|
+
#### Action Plan
|
|
294
|
+
Prioritized steps with:
|
|
295
|
+
- Effort estimates (S/M/L/XL)
|
|
296
|
+
- Dependencies between tasks
|
|
297
|
+
- Suggested sprint allocation
|
|
298
|
+
|
|
299
|
+
### Report Format Requirements
|
|
300
|
+
|
|
301
|
+
Each issue should include:
|
|
302
|
+
```markdown
|
|
303
|
+
### [PRIORITY] Issue Title
|
|
304
|
+
**Location:** `src/auth/login.js:42`
|
|
305
|
+
|
|
306
|
+
**Problem:**
|
|
307
|
+
Description of the issue and why it matters.
|
|
308
|
+
|
|
309
|
+
**Before:**
|
|
310
|
+
```javascript
|
|
311
|
+
// problematic code
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
**After:**
|
|
315
|
+
```javascript
|
|
316
|
+
// fixed code
|
|
317
|
+
```
|
|
318
|
+
|
|
319
|
+
**Effort:** S (< 30 min) | M (1-4 hours) | L (4-8 hours) | XL (> 8 hours)
|
|
320
|
+
```
|
|
321
|
+
|
|
322
|
+
## Tool Usage Reference
|
|
323
|
+
|
|
324
|
+
### Context7
|
|
325
|
+
```
|
|
326
|
+
# Resolve library ID first
|
|
327
|
+
mcp__context7__resolve-library-id: "express"
|
|
328
|
+
|
|
329
|
+
# Then get documentation
|
|
330
|
+
mcp__context7__query-docs: {
|
|
331
|
+
"context7CompatibleLibraryID": "/expressjs/express",
|
|
332
|
+
"topic": "middleware"
|
|
333
|
+
}
|
|
334
|
+
```
|
|
335
|
+
|
|
336
|
+
### GitHub CLI
|
|
337
|
+
```bash
|
|
338
|
+
# Repository health
|
|
339
|
+
gh repo view owner/repo --json stargazersCount,updatedAt
|
|
340
|
+
|
|
341
|
+
# Code search
|
|
342
|
+
gh search code "pattern" --language=javascript
|
|
343
|
+
|
|
344
|
+
# Issues search
|
|
345
|
+
gh search issues "memory leak" --repo=owner/repo
|
|
346
|
+
```
|
|
347
|
+
|
|
348
|
+
### Package Research
|
|
349
|
+
Use `mcp__fetch__fetch` for package registry pages:
|
|
350
|
+
- npmjs.com/package/[name]
|
|
351
|
+
- pypi.org/project/[name]
|
|
352
|
+
|
|
353
|
+
## Common Pitfalls to Avoid
|
|
354
|
+
|
|
355
|
+
1. **Don't rely on assumptions** - Always verify with documentation
|
|
356
|
+
2. **Don't suggest outdated patterns** - Check current best practices
|
|
357
|
+
3. **Don't recommend unmaintained libraries** - Verify activity
|
|
358
|
+
4. **Don't ignore project conventions** - Respect CLAUDE.md guidelines
|
|
359
|
+
5. **Don't break functionality** - Ensure fixes are safe
|
|
360
|
+
6. **Don't over-engineer** - Consider cost/benefit ratio
|
|
361
|
+
7. **Don't skip TypeScript type checks** - Types are documentation
|
|
362
|
+
8. **Don't ignore bundle size** - Frontend performance matters
|
|
363
|
+
|
|
364
|
+
## Performance Optimization
|
|
365
|
+
|
|
366
|
+
For large codebases:
|
|
367
|
+
- **Parallel processing**: Analyze multiple files simultaneously
|
|
368
|
+
- **Batch operations**: Group similar checks together
|
|
369
|
+
- **Selective scanning**: Focus on changed files first
|
|
370
|
+
- **Cache documentation**: Reuse Context7 lookups
|
|
371
|
+
- **Progressive reporting**: Provide interim results
|
|
@@ -0,0 +1,261 @@
|
|
|
1
|
+
# Dead Code Detection Methodology
|
|
2
|
+
|
|
3
|
+
This document provides guidance on detecting and removing dead code using automated tools and manual verification.
|
|
4
|
+
|
|
5
|
+
## Overview
|
|
6
|
+
|
|
7
|
+
Dead code is code that exists in the codebase but is never executed. It increases maintenance burden, bundle size, and cognitive load. This methodology uses specialized tools combined with agent verification to filter false positives.
|
|
8
|
+
|
|
9
|
+
## Types of Dead Code
|
|
10
|
+
|
|
11
|
+
### 1. Unused Imports
|
|
12
|
+
Import statements for modules/symbols that are never used:
|
|
13
|
+
```javascript
|
|
14
|
+
import { unused } from './utils'; // Never referenced
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
### 2. Unused Exports
|
|
18
|
+
Functions, classes, variables exported but never imported elsewhere:
|
|
19
|
+
```javascript
|
|
20
|
+
export function formatDate() { ... } // Not imported anywhere
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
### 3. Unused Variables
|
|
24
|
+
Variables declared but never read:
|
|
25
|
+
```python
|
|
26
|
+
result = compute() # Never used after assignment
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
### 4. Unused Functions/Methods
|
|
30
|
+
Functions defined but never called:
|
|
31
|
+
```typescript
|
|
32
|
+
function legacyHelper() { ... } // Never invoked
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
### 5. Unused Files
|
|
36
|
+
Entire files not imported anywhere in the codebase.
|
|
37
|
+
|
|
38
|
+
### 6. Unused Dependencies
|
|
39
|
+
Packages in package.json/requirements.txt not used in code.
|
|
40
|
+
|
|
41
|
+
### 7. Unreachable Code
|
|
42
|
+
Code after return/throw statements or in dead branches:
|
|
43
|
+
```javascript
|
|
44
|
+
function foo() {
|
|
45
|
+
return 42;
|
|
46
|
+
console.log('never runs'); // Unreachable
|
|
47
|
+
}
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
## Detection Tools
|
|
51
|
+
|
|
52
|
+
### Knip (JavaScript/TypeScript)
|
|
53
|
+
|
|
54
|
+
**Installation:**
|
|
55
|
+
```bash
|
|
56
|
+
npm install -g knip
|
|
57
|
+
# or use via npx (no install required)
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
**Commands:**
|
|
61
|
+
```bash
|
|
62
|
+
# Detection (default output)
|
|
63
|
+
npx knip
|
|
64
|
+
|
|
65
|
+
# JSON output for parsing
|
|
66
|
+
npx knip --reporter json
|
|
67
|
+
|
|
68
|
+
# Fix automatically (use with caution)
|
|
69
|
+
npx knip --fix
|
|
70
|
+
|
|
71
|
+
# Specific workspace
|
|
72
|
+
npx knip --workspace packages/core
|
|
73
|
+
|
|
74
|
+
# Include/exclude patterns
|
|
75
|
+
npx knip --include files --exclude dependencies
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
**Configuration (`knip.json`):**
|
|
79
|
+
```json
|
|
80
|
+
{
|
|
81
|
+
"$schema": "https://unpkg.com/knip@latest/schema.json",
|
|
82
|
+
"entry": ["src/index.ts"],
|
|
83
|
+
"project": ["src/**/*.ts"],
|
|
84
|
+
"ignore": ["**/*.test.ts"],
|
|
85
|
+
"ignoreDependencies": ["@types/*"]
|
|
86
|
+
}
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
**Categories detected:**
|
|
90
|
+
- files, dependencies, devDependencies
|
|
91
|
+
- exports, nsExports, classMembers
|
|
92
|
+
- types, nsTypes, enumMembers
|
|
93
|
+
- unlisted, binaries, unresolved, duplicates
|
|
94
|
+
|
|
95
|
+
### Deadcode (Python)
|
|
96
|
+
|
|
97
|
+
**Installation:**
|
|
98
|
+
```bash
|
|
99
|
+
pip install deadcode
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
**Commands:**
|
|
103
|
+
```bash
|
|
104
|
+
# Detection
|
|
105
|
+
deadcode .
|
|
106
|
+
|
|
107
|
+
# With verbose output
|
|
108
|
+
deadcode . --verbose
|
|
109
|
+
|
|
110
|
+
# Fix automatically
|
|
111
|
+
deadcode . --fix
|
|
112
|
+
|
|
113
|
+
# Dry run (show what would be fixed)
|
|
114
|
+
deadcode . --dry
|
|
115
|
+
|
|
116
|
+
# Specific path
|
|
117
|
+
deadcode src/
|
|
118
|
+
|
|
119
|
+
# Exclude patterns
|
|
120
|
+
deadcode . --exclude tests/
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
**Detection capabilities:**
|
|
124
|
+
- Unused imports (DC01)
|
|
125
|
+
- Unused variables (DC02)
|
|
126
|
+
- Unused functions (DC03)
|
|
127
|
+
- Unused classes (DC04)
|
|
128
|
+
- Unused methods (DC05)
|
|
129
|
+
|
|
130
|
+
## False Positive Detection
|
|
131
|
+
|
|
132
|
+
**CRITICAL: Always verify findings before reporting to the user.**
|
|
133
|
+
|
|
134
|
+
### Common False Positives
|
|
135
|
+
|
|
136
|
+
#### 1. Dynamic Imports
|
|
137
|
+
```javascript
|
|
138
|
+
// These imports appear unused but are loaded at runtime
|
|
139
|
+
const module = await import(modulePath);
|
|
140
|
+
require(variableName);
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
#### 2. Framework Magic
|
|
144
|
+
```typescript
|
|
145
|
+
// React components used in JSX
|
|
146
|
+
export const Button = () => <button />; // Used as <Button />
|
|
147
|
+
|
|
148
|
+
// Decorators in TypeScript/Python
|
|
149
|
+
@decorator
|
|
150
|
+
export class Controller {}
|
|
151
|
+
|
|
152
|
+
// Vue setup functions
|
|
153
|
+
export function useCounter() { ... } // Used in <script setup>
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
#### 3. Re-exports for Public API
|
|
157
|
+
```typescript
|
|
158
|
+
// index.ts barrel file - exports ARE the purpose
|
|
159
|
+
export { Helper } from './helper'; // Re-exported for external use
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
#### 4. Entry Points
|
|
163
|
+
```javascript
|
|
164
|
+
// CLI scripts, serverless handlers, etc.
|
|
165
|
+
export const handler = async (event) => { ... }; // AWS Lambda entry
|
|
166
|
+
```
|
|
167
|
+
|
|
168
|
+
#### 5. Test Utilities
|
|
169
|
+
```typescript
|
|
170
|
+
// Only used in test files
|
|
171
|
+
export class TestHelper {} // Referenced in *.test.ts
|
|
172
|
+
```
|
|
173
|
+
|
|
174
|
+
#### 6. String-Based References
|
|
175
|
+
```javascript
|
|
176
|
+
// Accessed via strings or reflection
|
|
177
|
+
const fn = functions['dynamicName'];
|
|
178
|
+
getattr(obj, 'method_name')()
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
### Verification Checklist
|
|
182
|
+
|
|
183
|
+
For each flagged item, the agent MUST:
|
|
184
|
+
|
|
185
|
+
1. **Read the flagged code** to understand context
|
|
186
|
+
2. **Search for dynamic references**:
|
|
187
|
+
- `import(` or `require(` with variables
|
|
188
|
+
- String interpolation with the item name
|
|
189
|
+
- `eval`, `getattr`, or reflection patterns
|
|
190
|
+
3. **Check framework patterns**:
|
|
191
|
+
- React: Is it a component used in JSX?
|
|
192
|
+
- Angular: Is it decorated with @Component, @Injectable, etc.?
|
|
193
|
+
- Express: Is it middleware or route handler?
|
|
194
|
+
4. **Check for re-exports**:
|
|
195
|
+
- Is this in an index.ts/index.js barrel file?
|
|
196
|
+
- Is this part of the public API?
|
|
197
|
+
5. **Check entry points**:
|
|
198
|
+
- Is this a CLI script, serverless handler, or worker?
|
|
199
|
+
- Is it referenced in package.json scripts or config files?
|
|
200
|
+
|
|
201
|
+
## Workflow
|
|
202
|
+
|
|
203
|
+
### 1. Run Detection Tool
|
|
204
|
+
```bash
|
|
205
|
+
# Use the helper script
|
|
206
|
+
${CLAUDE_PLUGIN_ROOT}/scripts/dead-code-detect.sh --format json
|
|
207
|
+
```
|
|
208
|
+
|
|
209
|
+
### 2. Parse and Categorize
|
|
210
|
+
Group findings by type:
|
|
211
|
+
- Unused exports
|
|
212
|
+
- Unused files
|
|
213
|
+
- Unused dependencies
|
|
214
|
+
- Unused imports
|
|
215
|
+
- Unused class members
|
|
216
|
+
|
|
217
|
+
### 3. Verify Each Finding
|
|
218
|
+
For each item:
|
|
219
|
+
1. Read the code
|
|
220
|
+
2. Check for false positive patterns
|
|
221
|
+
3. Mark as "verified" or "likely false positive"
|
|
222
|
+
|
|
223
|
+
### 4. Present Verified Report
|
|
224
|
+
Show user:
|
|
225
|
+
- Summary counts (verified items only)
|
|
226
|
+
- Detailed list with file:line references
|
|
227
|
+
- Filtered items with reasons
|
|
228
|
+
|
|
229
|
+
### 5. Apply Fixes (After Approval)
|
|
230
|
+
```bash
|
|
231
|
+
# Only after user confirms
|
|
232
|
+
npx knip --fix
|
|
233
|
+
# or
|
|
234
|
+
deadcode . --fix
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
## Integration with Audits
|
|
238
|
+
|
|
239
|
+
### Quick Check Integration
|
|
240
|
+
- Run detection as part of automated checks
|
|
241
|
+
- Report findings under "Dead Code" category
|
|
242
|
+
- Don't auto-fix; inform user of findings
|
|
243
|
+
|
|
244
|
+
### Deep Audit Integration
|
|
245
|
+
- Run as Phase 2.5: Dead Code Detection
|
|
246
|
+
- Include in comprehensive report
|
|
247
|
+
- Provide fix commands for user to run
|
|
248
|
+
|
|
249
|
+
### Standalone `/dead-code` Command
|
|
250
|
+
- Focused workflow for dead code only
|
|
251
|
+
- Interactive cleanup with user approval
|
|
252
|
+
- Show verification process
|
|
253
|
+
|
|
254
|
+
## Best Practices
|
|
255
|
+
|
|
256
|
+
1. **Run regularly** - Include in CI/CD pipeline
|
|
257
|
+
2. **Configure properly** - Set up ignore rules for framework patterns
|
|
258
|
+
3. **Test after removal** - Ensure nothing breaks
|
|
259
|
+
4. **Review before commit** - Manual verification recommended
|
|
260
|
+
5. **Document exceptions** - Comment why certain "dead" code is intentional
|
|
261
|
+
6. **Start conservative** - Better to miss some than to break things
|