npm - @soulbatical/tetra-dev-toolkit - Versions diffs - 1.1.0 → 1.1.1 - Mend

@soulbatical/tetra-dev-toolkit 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +2 -3
package/README.md +0 -312

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@soulbatical/tetra-dev-toolkit",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "publishConfig": {
     "access": "restricted"
   },
@@ -39,8 +39,7 @@
   "scripts": {
     "test": "node --test src/**/*.test.js",
     "lint": "eslint src/ lib/ bin/",
-    "build": "echo 'No build step needed'",
-    "prepublishOnly": "npm test && npm run lint"
+    "build": "echo 'No build step needed'"
   },
   "engines": {
     "node": ">=18.0.0"

package/README.md DELETED Viewed

@@ -1,312 +0,0 @@
-# @vca/quality-toolkit
-Unified quality checks for all VCA projects. Consolidates security, stability, and code quality checks from sparkbuddy-live and vca-tools into a single npm package.
-**Status:** Installed in 13 projects | Version 1.0.0
-## Installation
-```bash
-# Local installation (recommended for VCA projects)
-npm install --save-dev /Users/albertbarth/projecten/vca-quality-toolkit
-# Or via file reference in package.json
-"devDependencies": {
-  "@vca/quality-toolkit": "file:../vca-quality-toolkit"
-}
-```
-## Quick Start
-```bash
-# Run all checks
-npx vca-audit
-# Run only security checks
-npx vca-audit security
-# Run only stability checks
-npx vca-audit stability
-# Quick check (critical issues only - fast, for pre-commit)
-npx vca-audit quick
-# Setup Husky hooks and CI
-npx vca-setup
-```
-## Example Output
-```
-═══════════════════════════════════════════════════════════════
-  🔍 VCA Quality Toolkit - Audit Results
-═══════════════════════════════════════════════════════════════
-  Project: /Users/albertbarth/projecten/ralph-manager
-  Time: 2026-02-03T15:04:03.478Z
-  ✅ Overall Status: PASSED
-  ✅ SECURITY
-  ──────────────────────────────────────────────────
-    ✅ Hardcoded Secrets Detection PASS
-    ✅ Service Role Key Exposure PASS
-    ✅ Deprecated supabaseAdmin Usage PASS
-    ✅ systemDB Context Whitelist PASS
-  ✅ STABILITY
-  ──────────────────────────────────────────────────
-    ✅ Pre-commit Hooks (Husky) PASS
-    ✅ CI/CD Pipeline PASS
-    ✅ NPM Vulnerability Audit PASS
-═══════════════════════════════════════════════════════════════
-  Checks: 7 passed, 0 failed, 0 skipped
-═══════════════════════════════════════════════════════════════
-```
-## What It Checks
-### Security (4 checks implemented)
-| Check | Severity | Description |
-|-------|----------|-------------|
-| Hardcoded Secrets | Critical | API keys, tokens, JWTs in source code |
-| Service Key Exposure | Critical | Supabase service role key in frontend |
-| Deprecated supabaseAdmin | High | Direct supabaseAdmin usage (use systemDB/userDB) |
-| systemDB Whitelist | High | Unwhitelisted systemDB contexts |
-### Stability (3 checks implemented)
-| Check | Severity | Description |
-|-------|----------|-------------|
-| Husky Hooks | High | Pre-commit hooks configured with useful checks |
-| CI Pipeline | High | GitHub Actions/GitLab CI with lint, test, build |
-| npm audit | High | No critical/high vulnerabilities |
-### Health (15 ecosystem checks) — NEW
-Project-level health scanner shared by ralph-manager and development-mcp.
-| Check | Max Score | Description |
-|-------|-----------|-------------|
-| `plugins` | 2 | Claude Code plugins installed |
-| `mcps` | 1 | MCP servers configured |
-| `git` | 3 | Branch, uncommitted, unpushed |
-| `tests` | 5 | Test pyramid (unit/integration/e2e) |
-| `secrets` | 2 | Exposed secrets in MD files |
-| `quality-toolkit` | 2 | @vca/dev-toolkit installed |
-| `naming-conventions` | 3 | DB + code naming compliance |
-| `rls-audit` | 3 | RLS policies in SQL migrations |
-| `gitignore` | 2 | Critical .gitignore entries |
-| `repo-visibility` | 2 | Public vs private repo |
-| `vincifox-widget` | 2 | VinciFox feedback widget |
-| `stella-integration` | 2 | @ralph/stella integration level |
-| `claude-md` | 3 | CLAUDE.md protocol sections |
-| `doppler-compliance` | 3 | Doppler secret management |
-| `infrastructure-yml` | 3 | .ralph/INFRASTRUCTURE.yml |
-**Total: 38 points.** Score thresholds: Healthy >= 70%, Warning 40-70%, Unhealthy < 40%.
-```javascript
-import { scanProjectHealth } from '@vca/dev-toolkit'
-const report = await scanProjectHealth('/path/to/project', 'my-project')
-console.log(report.healthPercent + '%')  // e.g. "58%"
-console.log(report.status)               // "healthy" | "warning" | "unhealthy"
-```
-### Planned Checks
-- [ ] Dead code detection (Knip integration)
-- [ ] Circular dependency detection
-- [ ] TypeScript strict mode
-- [ ] Test coverage thresholds
-## Integration with Ralph Manager
-The toolkit integrates with ralph-manager's Health dashboard:
-- **Health Scanner**: Shared 15-check scanner (ralph-manager imports from this package)
-- **Toolkit Check**: Shows toolkit installation status per project
-- **API Endpoint**: `/api/admin/health/quality-toolkit` returns status for all projects
-## Usage in package.json
-```json
-{
-  "scripts": {
-    "audit": "vca-audit",
-    "audit:security": "vca-audit security",
-    "audit:quick": "vca-audit quick",
-    "prepare": "husky"
-  }
-}
-```
-## Configuration
-Create `.vca-quality.json` in your project root:
-```json
-{
-  "suites": {
-    "security": true,
-    "stability": true,
-    "codeQuality": true,
-    "supabase": "auto"
-  },
-  "security": {
-    "checkHardcodedSecrets": true,
-    "checkServiceKeyExposure": true
-  },
-  "stability": {
-    "requireHusky": true,
-    "requireCiConfig": true,
-    "allowedVulnerabilities": {
-      "critical": 0,
-      "high": 0,
-      "moderate": 10
-    }
-  },
-  "supabase": {
-    "publicRpcFunctions": ["get_public_stats"],
-    "publicTables": ["lookup_countries"]
-  },
-  "ignore": [
-    "node_modules/**",
-    "dist/**"
-  ]
-}
-```
-## CI Integration
-### GitHub Actions
-```yaml
-name: Quality Checks
-on: [push, pull_request]
-jobs:
-  quality:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-      - run: npm ci
-      - run: npx vca-audit --ci
-```
-The `--ci` flag outputs GitHub Actions annotations for inline PR feedback.
-### Pre-commit Hook
-Run `npx vca-setup hooks` or manually create `.husky/pre-commit`:
-```bash
-#!/bin/sh
-npx vca-audit quick
-if [ $? -ne 0 ]; then
-  echo "❌ Security issues found! Fix before committing."
-  exit 1
-fi
-```
-## Programmatic Usage
-```javascript
-import { runAllChecks, runSecurityChecks } from '@vca/quality-toolkit'
-const results = await runAllChecks()
-if (!results.passed) {
-  console.log('Quality checks failed!')
-  console.log(`Critical: ${results.summary.findings.critical}`)
-  console.log(`High: ${results.summary.findings.high}`)
-}
-```
-## Projects Using This Toolkit
-| Project | Status | Version |
-|---------|--------|---------|
-| ralph-manager | ✅ | 1.0.0 |
-| sparkbuddy-live | ✅ | 1.0.0 |
-| snelstart-mcp | ✅ | 1.0.0 |
-| snelstart-portal | ✅ | 1.0.0 |
-| vibecodingacademy | ✅ | 1.0.0 |
-| Plokko | ✅ | 1.0.0 |
-| ad-agent | ✅ | 1.0.0 |
-| ai-finder | ✅ | 1.0.0 |
-| airbnb | ✅ | 1.0.0 |
-| github-ai-research | ✅ | 1.0.0 |
-| groei-boom | ✅ | 1.0.0 |
-| sparkgrowth | ✅ | 1.0.0 |
-| vca-security | ✅ | 1.0.0 |
-## Relationship to vca-tools
-This package complements [vca-tools](https://github.com/mralbertzwolle/vibe-coding-academy-tools) (Claude Code plugins):
-| Tool | Purpose | Usage |
-|------|---------|-------|
-| **vca-tools** | Interactive Claude Code plugins | `/security-audit:run`, `/codebase-stability-audit:run` |
-| **@vca/quality-toolkit** | Automated CI/pre-commit checks | `npx vca-audit`, GitHub Actions |
-Both share the same check logic, but:
-- **vca-tools** = human-in-the-loop, detailed reports, fix suggestions
-- **@vca/quality-toolkit** = automated, CI-friendly, pass/fail
-## Architecture
-```
-@vca/quality-toolkit/
-├── bin/
-│   ├── vca-audit.js        # Main CLI
-│   └── vca-setup.js        # Setup hooks/CI
-├── lib/
-│   ├── index.js            # Main exports
-│   ├── config.js           # Configuration loader
-│   ├── runner.js           # Check orchestrator
-│   ├── checks/
-│   │   ├── health/         # 15 ecosystem health checks (shared with ralph-manager)
-│   │   │   ├── scanner.js  # Orchestrator — scanProjectHealth()
-│   │   │   ├── types.js    # Shared types & helpers
-│   │   │   ├── plugins.js  # Claude Code plugins
-│   │   │   ├── mcps.js     # MCP server config
-│   │   │   ├── git.js      # Git status
-│   │   │   ├── tests.js    # Test pyramid
-│   │   │   ├── secrets.js  # Exposed secrets
-│   │   │   └── ...         # 10 more checks
-│   │   ├── security/       # Security checks
-│   │   ├── stability/      # Stability checks
-│   │   ├── codeQuality/    # Code quality checks
-│   │   └── supabase/       # Supabase checks
-│   └── reporters/
-│       └── terminal.js     # Pretty output + GitHub Actions
-└── package.json
-```
-## Consumers
-| Package | Import | Usage |
-|---------|--------|-------|
-| **ralph-manager** | `scanProjectHealth` | Dashboard health scanner (background job, every 2 min) |
-| **development-mcp** | `scanProjectHealth` | `health_check` MCP tool (on-demand via Claude Code) |
-| **13 VCA projects** | `vca-audit` CLI | CI/pre-commit quality checks |
-## Contributing
-1. Add new check in `lib/checks/<category>/<name>.js`
-2. Register in `lib/runner.js`
-3. Update README
-4. Test with `npx vca-audit` in a project
-## License
-MIT
----
-Built by [Vibe Coding Academy](https://vibecodingacademy.nl) • [Albert Barth](https://linkedin.com/in/albertbarth/)