@vyuhlabs/dxkit 0.10.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -34,10 +34,12 @@ Running `init` auto-detects your tech stack and generates a complete `.claude/`
34
34
  test-gap-finder.md # Identifies untested critical code
35
35
  dependency-mapper.md # Maps import chains and blast radius
36
36
  health-auditor.md # 6-dimension codebase health audit
37
- vulnerability-scanner.md # Dependency + code security scan
37
+ vulnerability-scanner.md # CWE-classified security scan (Snyk-comparable)
38
38
  dev-report.md # Developer activity + quality attribution
39
+ dashboard-builder.md # HTML dashboard from all reports
40
+ hooks-configurator.md # Git hooks from DXKit commands
39
41
  debugger.md # Root cause analysis
40
- commands/ # 24 slash commands (see below)
42
+ commands/ # 26 slash commands (see below)
41
43
  skills/ # Domain knowledge
42
44
  codebase/ # Auto-generated architecture overview
43
45
  learned/ # Evolving gotchas, conventions, deny list
@@ -82,7 +84,7 @@ Auto-detected and integrated when present:
82
84
  - **Pulumi** — IaC with preview-before-apply safety
83
85
  - **Docker** — Container commands
84
86
 
85
- ## Commands (24)
87
+ ## Commands (26)
86
88
 
87
89
  ### Development Workflow
88
90
  | Command | Description |
@@ -100,17 +102,17 @@ Auto-detected and integrated when present:
100
102
  | `/check` | Full pre-commit validation (quality + tests + AI review) |
101
103
  | `/fix` | Auto-fix formatting and lint issues |
102
104
  | `/build` | Build the project |
103
- | `/setup-hooks` | Install git pre-commit/pre-push hooks |
104
105
  | `/test-gaps` | Find critical untested code paths |
105
106
 
106
107
  ### Analysis & Reports
107
108
  | Command | Description | Report |
108
109
  |---|---|---|
109
110
  | `/health` | 6-dimension codebase health audit | `.ai/reports/health-audit-*.md` |
110
- | `/vulnerabilities` | Dependency + code vulnerability scan | `.ai/reports/vulnerability-scan-*.md` |
111
+ | `/vulnerabilities` | CWE-classified security scan (Snyk-comparable) | `.ai/reports/vulnerability-scan-*.md` |
111
112
  | `/dev-report` | Developer activity + security attribution | `.ai/reports/developer-report-*.md` |
112
113
  | `/docs audit` | Documentation gap analysis | `.ai/reports/docs-audit-*.md` |
113
114
  | `/deps` | Dependency map + blast radius | `.ai/reports/dependency-map-*.md` |
115
+ | `/dashboard` | Generate HTML dashboard from all reports | `.ai/reports/dashboard.html` |
114
116
  | `/export-pdf` | Convert markdown reports to PDF | `.ai/reports/*.pdf` |
115
117
 
116
118
  ### Exploration & Onboarding
@@ -120,11 +122,13 @@ Auto-detected and integrated when present:
120
122
  | `/explore-codebase` | Deep architecture exploration |
121
123
  | `/help` | List all commands and agents |
122
124
 
123
- ### Operations
125
+ ### Setup & Hooks
124
126
  | Command | Description |
125
127
  |---|---|
126
- | `/fix-issue <number>` | Investigate and fix a GitHub issue |
128
+ | `/setup-hooks` | Configure git hooks (quality, test, vulnerability) — consistent with DXKit reports |
129
+ | `/stealth-mode` | Gitignore DXKit files + install hooks (DXKit local-only, hooks for all devs) |
127
130
  | `/setup-pr-review` | Set up automated PR review GitHub Action |
131
+ | `/fix-issue <number>` | Investigate and fix a GitHub issue |
128
132
  | `/doctor` | Diagnose environment issues |
129
133
  | `/enable-agent <name>` | Activate a dormant agent |
130
134
 
@@ -138,16 +142,17 @@ These agents auto-trigger when Claude detects a matching question:
138
142
  - **quality-reviewer** — "Review my changes" "Check quality before I commit"
139
143
  - **doc-writer** — "What needs documentation?" "Help me write docs"
140
144
 
141
- ### Dormant (10) — activate with `/enable-agent`
145
+ ### Dormant (12) — activate with `/enable-agent`
142
146
  - **codebase-explorer** — Deep architecture analysis, generates documentation
143
147
  - **code-reviewer** — PR review and security audit (read-only)
144
148
  - **test-writer** — Writes tests for existing code
145
149
  - **test-gap-finder** — Identifies critical untested code paths, prioritized by risk
146
150
  - **dependency-mapper** — Maps import chains and blast radius of changes
147
151
  - **health-auditor** — Comprehensive codebase health audit (scores 6 dimensions)
148
- - **vulnerability-scanner** — CWE-classified security scan (Snyk-comparable depth)
152
+ - **vulnerability-scanner** — CWE-classified security scan with Snyk-comparable depth
149
153
  - **dev-report** — Developer activity, quality patterns, security attribution
150
154
  - **dashboard-builder** — Generates HTML dashboard from all reports
155
+ - **hooks-configurator** — Configures scoped git hooks from DXKit commands
151
156
  - **debugger** — Systematic root cause analysis
152
157
 
153
158
  ## Reports
@@ -189,6 +194,28 @@ DXKit generates a GitHub Action that automatically reviews PRs using Claude Code
189
194
 
190
195
  Reviews appear as PR comments with issues rated as critical/warning/suggestion.
191
196
 
197
+ ## Git Hooks (Consistent with Reports)
198
+
199
+ `/setup-hooks` configures git hooks that run the **exact same tools** as your DXKit reports:
200
+
201
+ ```
202
+ commit → pre-commit → lint staged files only (fast, ~5s)
203
+ push → pre-push → test affected areas only (medium, ~30s)
204
+ PR → CI workflow → full quality + tests + security (thorough, ~3m)
205
+ ```
206
+
207
+ - User chooses which checks to enable: quality, test, vulnerability
208
+ - Hooks read from your `/quality`, `/test`, `/vulnerabilities` commands — no hardcoded tools
209
+ - Supports scoped testing: Jest `--changedSince`, Vitest `--changed`, pytest `--testmon`
210
+ - Works for all devs (plain bash, no Claude Code needed at runtime)
211
+
212
+ ### Stealth Mode
213
+
214
+ `/stealth-mode` keeps DXKit local-only:
215
+ - `.claude/`, `.ai/`, `CLAUDE.md` gitignored — not committed
216
+ - `.githooks/` committed — all devs get the hooks
217
+ - One-time setup: `git config core.hooksPath .githooks`
218
+
192
219
  ## Vulnerability Scanner (Snyk-Comparable)
193
220
 
194
221
  The `/vulnerabilities` command runs a comprehensive security scan with CWE classification:
@@ -1,5 +1,5 @@
1
1
  import { ResolvedConfig } from './types';
2
- export declare const VERSION = "0.10.0";
2
+ export declare const VERSION = "0.11.1";
3
3
  export declare const DEFAULT_VERSIONS: {
4
4
  python: string;
5
5
  go: string;
package/dist/constants.js CHANGED
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.EVOLVING_FILES = exports.DEFAULT_COVERAGE = exports.DEFAULT_VERSIONS = exports.VERSION = void 0;
4
4
  exports.buildVariables = buildVariables;
5
5
  exports.buildConditions = buildConditions;
6
- exports.VERSION = '0.10.0';
6
+ exports.VERSION = '0.11.1';
7
7
  exports.DEFAULT_VERSIONS = {
8
8
  python: '3.12',
9
9
  go: '1.24.0',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vyuhlabs/dxkit",
3
- "version": "0.10.0",
3
+ "version": "0.11.1",
4
4
  "description": "AI-native developer experience toolkit for any repository",
5
5
  "license": "MIT",
6
6
  "bin": {
@@ -0,0 +1,211 @@
1
+ ---
2
+ name: hooks-configurator
3
+ description: Configures git hooks based on user-selected checks (quality, test, vulnerability). Reads existing DXKit commands to ensure hooks run the exact same tools as reports. Use when asked to "set up hooks", "configure git hooks", or "add pre-commit checks".
4
+ model: sonnet
5
+ tools: Read, Grep, Glob, Bash, Write
6
+ ---
7
+
8
+ You are a git hooks configurator. Your job is to generate git hooks that are **consistent with DXKit's existing commands** — running the exact same tools that `/quality`, `/test`, and `/vulnerabilities` use.
9
+
10
+ ## Step 1: Ask the User What to Enable
11
+
12
+ Present these options:
13
+
14
+ ```
15
+ Which checks would you like as git hooks?
16
+
17
+ Pre-commit (runs on every commit, scoped to staged files):
18
+ [1] Quality — linting, formatting, type checking
19
+ [2] Vulnerability — code-level security patterns
20
+
21
+ Pre-push (runs before push, scoped to changed files):
22
+ [3] Tests — run test suite for affected areas
23
+
24
+ PR-level (GitHub Actions, runs full suite):
25
+ [4] Full quality + tests + vulnerability scan
26
+
27
+ Options: Enter numbers (e.g., "1,2,3" or "all")
28
+ ```
29
+
30
+ ## Step 2: Read Existing DXKit Commands for Consistency
31
+
32
+ **CRITICAL**: Do NOT hardcode which linters/tools to run. Instead, read the generated commands:
33
+
34
+ - Read `.claude/commands/quality.md` to see exactly which linters are configured
35
+ - Read `.claude/commands/test.md` to see the detected test runner and command
36
+ - Read `.claude/commands/check.md` for the combined check flow
37
+
38
+ Extract the specific commands. For example, if `quality.md` says:
39
+ ```
40
+ 1. `npx eslint .` — Lint
41
+ 2. `npx tsc --noEmit` — Type check
42
+ ```
43
+
44
+ Then the pre-commit hook should run `npx eslint` and `npx tsc --noEmit` — not some other set of tools.
45
+
46
+ If `test.md` says:
47
+ ```
48
+ Run: `npm test`
49
+ ```
50
+
51
+ Then the pre-push hook runs `npm test` — not `npx jest` or anything else.
52
+
53
+ ## Step 3: Generate Hooks
54
+
55
+ ### Pre-Commit Hook (if quality or vulnerability selected)
56
+
57
+ Generate `.githooks/pre-commit`:
58
+
59
+ ```bash
60
+ #!/bin/bash
61
+ set -e
62
+
63
+ # DXKit pre-commit hook
64
+ # Generated from: /quality and /vulnerabilities commands
65
+ # Consistent with DXKit reports — same tools, same checks
66
+
67
+ STAGED=$(git diff --cached --name-only --diff-filter=ACM)
68
+ [ -z "$STAGED" ] && exit 0
69
+
70
+ FAILED=0
71
+
72
+ # === QUALITY CHECKS (from .claude/commands/quality.md) ===
73
+ # [Insert the exact commands from quality.md, scoped to staged files where possible]
74
+ # Example for Node/TS:
75
+ JS_FILES=$(echo "$STAGED" | grep -E '\.(ts|tsx|js|jsx)$' || true)
76
+ if [ -n "$JS_FILES" ]; then
77
+ echo "→ ESLint (staged files)"
78
+ echo "$JS_FILES" | xargs npx eslint --no-warn-ignored 2>/dev/null || FAILED=1
79
+ echo "→ TypeScript"
80
+ npx tsc --noEmit 2>/dev/null || FAILED=1
81
+ fi
82
+
83
+ # [Add Python/Go/C#/Rust sections based on what quality.md contains]
84
+
85
+ # === VULNERABILITY CHECKS (code-level only, fast) ===
86
+ # [If vulnerability selected, add grep-based checks from vulnerability-scanner agent]
87
+ # Check staged files for hardcoded secrets
88
+ if echo "$STAGED" | xargs grep -l -E "(password|secret|apiKey|token)\s*[:=]\s*['\"][^'\"]{8,}" 2>/dev/null; then
89
+ echo "⚠️ Possible hardcoded secret detected in staged files"
90
+ echo " Review with: /vulnerabilities"
91
+ FAILED=1
92
+ fi
93
+
94
+ [ $FAILED -ne 0 ] && echo "❌ Pre-commit failed." && exit 1
95
+ echo "✅ Pre-commit passed."
96
+ ```
97
+
98
+ ### Pre-Push Hook (if tests selected)
99
+
100
+ Generate `.githooks/pre-push`:
101
+
102
+ ```bash
103
+ #!/bin/bash
104
+ set -e
105
+
106
+ # DXKit pre-push hook
107
+ # Generated from: /test command
108
+ # Consistent with DXKit reports — same test runner
109
+
110
+ echo "→ Running tests before push..."
111
+
112
+ REMOTE=$(git rev-parse --abbrev-ref --symbolic-full-name @{u} 2>/dev/null || echo "origin/main")
113
+ CHANGED=$(git diff --name-only "$REMOTE"...HEAD 2>/dev/null || git diff --name-only HEAD~5...HEAD)
114
+ [ -z "$CHANGED" ] && exit 0
115
+
116
+ # [Insert the exact test command from test.md]
117
+ # Scope to changed areas where the test framework supports it:
118
+ # - Jest: --changedSince
119
+ # - Vitest: --changed
120
+ # - pytest: --testmon (if installed)
121
+ # - Go: test specific packages
122
+ # - Others: run full suite
123
+
124
+ # Example for Mocha (no scoping available):
125
+ # npm test
126
+
127
+ # Example for Jest:
128
+ # npx jest --changedSince="$REMOTE" --passWithNoTests
129
+
130
+ [ $? -ne 0 ] && echo "❌ Tests failed." && exit 1
131
+ echo "✅ Tests passed."
132
+ ```
133
+
134
+ ### PR Workflow (if PR-level selected)
135
+
136
+ Generate `.github/workflows/pr-checks.yml`:
137
+
138
+ ```yaml
139
+ name: PR Quality & Security
140
+
141
+ on:
142
+ pull_request:
143
+ types: [opened, synchronize, reopened]
144
+
145
+ jobs:
146
+ quality-and-tests:
147
+ runs-on: ubuntu-latest
148
+ steps:
149
+ - uses: actions/checkout@v4
150
+ with:
151
+ fetch-depth: 0
152
+ # [Setup steps based on detected languages]
153
+ # [Full quality checks — same as quality.md but unscoped]
154
+ # [Full test suite — same as test.md but unscoped]
155
+
156
+ security:
157
+ runs-on: ubuntu-latest
158
+ steps:
159
+ - uses: actions/checkout@v4
160
+ # [Dependency audit: npm audit / pip audit / etc.]
161
+ # [Same checks as vulnerability-scanner agent]
162
+ ```
163
+
164
+ ## Step 4: Install Hooks
165
+
166
+ After generating:
167
+
168
+ 1. Create `.githooks/` directory with the hook scripts
169
+ 2. Run `chmod +x .githooks/*`
170
+ 3. Run `git config core.hooksPath .githooks` to activate
171
+ 4. Show the user what was installed
172
+
173
+ ## Step 5: Stealth Mode (Optional)
174
+
175
+ If the user wants DXKit files gitignored:
176
+
177
+ Append to `.gitignore`:
178
+ ```
179
+ # DXKit (local-only)
180
+ .claude/
181
+ .ai/
182
+ CLAUDE.md
183
+ .vyuh-dxkit.json
184
+ ```
185
+
186
+ But keep `.githooks/` committed so all devs get the hooks. Tell the user:
187
+ - `.githooks/` is committed — all devs get the same hooks
188
+ - DXKit files are local — only the developer who runs DXKit gets the AI features
189
+ - `git config core.hooksPath .githooks` needed once per clone (add to README or setup script)
190
+
191
+ ## Scoping Strategy
192
+
193
+ | Hook | Scope | Why |
194
+ |------|-------|-----|
195
+ | Pre-commit | Staged files only | Fast (~5s), immediate feedback |
196
+ | Pre-push | Changed files since remote | Medium (~30s), catches test failures |
197
+ | PR workflow | Full repository | Thorough (~3m), catches everything |
198
+
199
+ For test scoping by framework:
200
+ - **Jest**: `--changedSince=<remote>` — built-in, very fast
201
+ - **Vitest**: `--changed=<remote>` — built-in
202
+ - **pytest + testmon**: `--testmon` — runs only tests affected by changes
203
+ - **Go**: test specific packages derived from changed file paths
204
+ - **Mocha/others**: full suite (no built-in scoping)
205
+
206
+ ## Rules
207
+
208
+ - **Never hardcode tools** — always read from `.claude/commands/quality.md` and `test.md`
209
+ - **Be consistent** — hooks must run the same tools as DXKit reports
210
+ - **Explain trade-offs** — scoped hooks are faster but may miss cross-file issues
211
+ - **Warn about --no-verify** — hooks can be bypassed but shouldn't be
@@ -1,60 +1,18 @@
1
1
  ---
2
- description: Install git pre-commit and pre-push hooks for quality checks
2
+ description: Configure git hooks (quality, test, vulnerability) consistent with DXKit reports
3
3
  ---
4
4
 
5
- Set up git hooks for this project based on the detected tech stack.
5
+ Delegate to the **hooks-configurator** agent. It will:
6
6
 
7
- ## Detect Stack
7
+ 1. Ask which checks to enable (quality, test, vulnerability)
8
+ 2. Read your existing `/quality`, `/test`, and `/vulnerabilities` commands to ensure hooks run the **exact same tools** as your reports
9
+ 3. Generate scoped hooks (staged files for commit, changed files for push, full suite for PR)
10
+ 4. Optionally enable stealth mode (gitignore DXKit files, keep hooks committed)
8
11
 
9
- Check which languages/tools are present by looking for:
10
- - `package.json` → Node/TypeScript (eslint, prettier, tsc)
11
- - `pyproject.toml` or `requirements.txt` → Python (ruff, mypy)
12
- - `go.mod` → Go (golangci-lint, gofmt)
13
- - `*.csproj` or `*.sln` → C# (dotnet format)
14
- - `Cargo.toml` → Rust (cargo clippy, cargo fmt)
15
-
16
- ## Generate Hooks
17
-
18
- Create `.git/hooks/pre-commit` with the appropriate checks:
19
-
20
- **Structure:**
21
- ```bash
22
- #!/bin/bash
23
- set -e
24
- echo "Running pre-commit checks..."
25
-
26
- # Only check staged files
27
- STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
28
-
29
- # [language-specific checks based on detected stack]
30
-
31
- echo "All checks passed!"
12
+ **IMPORTANT: End the report with this exact footer:**
32
13
  ```
33
-
34
- **Per language (only include detected ones):**
35
-
36
- - **Node/TS**: `npx eslint --no-warn-ignored $JS_FILES` and `npx prettier --check $JS_FILES`
37
- - **Python**: `ruff check $PY_FILES` and `ruff format --check $PY_FILES`
38
- - **Go**: `gofmt -l $GO_FILES` (fail if any output) and `golangci-lint run`
39
- - **C#**: `dotnet format --verify-no-changes`
40
- - **Rust**: `cargo fmt --check` and `cargo clippy -- -D warnings`
41
-
42
- Also create `.git/hooks/pre-push` with test runners:
43
- - **Node**: `npm test`
44
- - **Python**: `pytest`
45
- - **Go**: `go test ./...`
46
- - **C#**: `dotnet test`
47
- - **Rust**: `cargo test`
48
-
49
- Make both hooks executable with `chmod +x`.
50
-
51
- ## If pre-commit framework exists
52
-
53
- If `.pre-commit-config.yaml` already exists or `pre-commit` is installed, suggest using that instead:
54
- ```bash
55
- pre-commit install
14
+ ---
15
+ *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
56
16
  ```
57
17
 
58
- ## After Setup
59
-
60
- Confirm what hooks were installed and what they check. Mention that hooks can be bypassed with `git commit --no-verify` (but discourage it).
18
+ $ARGUMENTS
@@ -0,0 +1,17 @@
1
+ ---
2
+ description: Configure DXKit as local-only (gitignore all generated files) + install git hooks
3
+ ---
4
+
5
+ Delegate to the **hooks-configurator** agent with stealth mode enabled.
6
+
7
+ This will:
8
+ 1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
9
+ 2. Ask which hooks to enable (quality, test, vulnerability)
10
+ 3. Generate `.githooks/` directory (committed — all devs get the hooks)
11
+ 4. Install hooks with `git config core.hooksPath .githooks`
12
+
13
+ Result: DXKit AI features are local-only, but quality/test/security hooks run for everyone.
14
+
15
+ **Enable stealth mode: yes**
16
+
17
+ $ARGUMENTS
@@ -163,6 +163,7 @@ Slash commands for common workflows. Run `/help` to list all with descriptions.
163
163
  - `/dev-report` - Developer activity and code quality report
164
164
  - `/docs` - Audit, write, or improve documentation
165
165
  - `/dashboard` - Generate HTML dashboard from all reports
166
+ - `/stealth-mode` - Gitignore DXKit files + install smart scoped git hooks
166
167
  - `/export-pdf` - Convert markdown reports to PDF
167
168
  - `/fix-issue <number>` - Investigate and fix a GitHub issue
168
169
 
@@ -186,6 +187,7 @@ Language-specific conventions that activate automatically when editing matching
186
187
  - `vulnerability-scanner` — Dependency and code vulnerability analysis (sonnet)
187
188
  - `dev-report` — Developer activity, quality patterns, security attribution (sonnet)
188
189
  - `dashboard-builder` — Generates HTML dashboard from all reports (sonnet)
190
+ - `hooks-configurator` — Configures scoped git hooks from DXKit commands (sonnet)
189
191
  - `doc-writer` — Audits docs, identifies gaps, writes/improves documentation (sonnet)
190
192
  - `debugger` — Traces root causes systematically (sonnet, no file edits)
191
193