@vyuhlabs/dxkit 0.6.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -21,61 +21,51 @@ Running `init` auto-detects your tech stack and generates a complete `.claude/`
21
21
 
22
22
  ```
23
23
  .claude/
24
- settings.json # Permissions, deny list, hooks
25
- agents/ # Active agents (auto-trigger)
24
+ settings.json # Permissions, deny list, learning hooks
25
+ agents/ # Active agents (auto-trigger on matching questions)
26
26
  knowledge-bot.md # Answers codebase questions
27
27
  onboarding.md # Interactive onboarding buddy
28
28
  quality-reviewer.md # Reviews code before committing
29
- agents-available/ # Dormant agents (activate on demand)
29
+ doc-writer.md # Audits and writes documentation
30
+ agents-available/ # Dormant agents (activate with /enable-agent)
30
31
  codebase-explorer.md # Deep architecture analysis
31
32
  code-reviewer.md # PR review and security audit
32
33
  test-writer.md # Writes tests for existing code
34
+ test-gap-finder.md # Identifies untested critical code
35
+ dependency-mapper.md # Maps import chains and blast radius
36
+ health-auditor.md # 6-dimension codebase health audit
37
+ vulnerability-scanner.md # Dependency + code security scan
38
+ dev-report.md # Developer activity + quality attribution
33
39
  debugger.md # Root cause analysis
34
- commands/ # Slash commands
35
- ask.md # /ask — Query the codebase
36
- quality.md # /quality — Run linters
37
- test.md # /test — Run tests with coverage
38
- check.md # /check — Full pre-commit validation
39
- fix.md # /fix — Auto-fix issues
40
- learn.md # /learn — Capture gotchas/conventions
41
- onboarding.md # /onboarding — Start onboarding
42
- help.md # /help — List everything
43
- session-start.md # /session-start — Begin dev session
44
- session-end.md # /session-end — Checkpoint + evolve skills
45
- ...
40
+ commands/ # 24 slash commands (see below)
46
41
  skills/ # Domain knowledge
47
42
  codebase/ # Auto-generated architecture overview
48
43
  learned/ # Evolving gotchas, conventions, deny list
49
- quality/ # Quality check patterns
50
- ...
51
- rules/ # Path-scoped rules (per language)
44
+ rules/ # Path-scoped rules (per language + framework)
52
45
  CLAUDE.md # Main context file for Claude Code
53
46
  .ai/
54
47
  sessions/ # Session checkpoints
48
+ reports/ # Generated reports (health, vulnerabilities, etc.)
49
+ .github/
50
+ workflows/
51
+ pr-review.yml # Automated PR review (opt-in)
55
52
  ```
56
53
 
57
54
  ## Supported Languages
58
55
 
59
- | Language | Detection | Linters | Tests | Coverage |
60
- |---|---|---|---|---|
61
- | Node.js / TypeScript | `package.json` | ESLint, Prettier, tsc | Auto-detected (Jest, Mocha, Vitest, Ava) | framework-specific |
62
- | Python | `pyproject.toml`, `setup.py`, `*.py` | ruff, mypy | pytest | pytest-cov |
63
- | Go | `go.mod` | golangci-lint, go vet | go test | go cover |
64
- | C# | `*.csproj`, `*.sln` | dotnet format, Roslyn | dotnet test | coverlet |
65
- | Rust | `Cargo.toml` | clippy, rustfmt | cargo test | tarpaulin |
56
+ | Language | Detection | Linters | Test Runner |
57
+ |---|---|---|---|
58
+ | Node.js / TypeScript | `package.json` | ESLint, Prettier, tsc | Auto-detected (Jest, Mocha, Vitest, Ava, Tap) |
59
+ | Python | `pyproject.toml`, `setup.py`, `*.py` | ruff, mypy | pytest |
60
+ | Go | `go.mod` | golangci-lint, go vet | go test |
61
+ | C# | `*.csproj`, `*.sln` | dotnet format, Roslyn | dotnet test |
62
+ | Rust | `Cargo.toml` | clippy, rustfmt | cargo test |
66
63
 
67
- ## Supported Tools
68
-
69
- Auto-detected and integrated when present:
70
-
71
- - **Google Cloud** (gcloud) — SDK commands, security rules
72
- - **Infisical** — Secrets management, never-leak rules
73
- - **Pulumi** — IaC with preview-before-apply safety
74
- - **Docker** — Container commands
64
+ Multi-language repos fully supported — detects and generates rules/commands for all languages present.
75
65
 
76
66
  ## Supported Frameworks
77
67
 
78
- Auto-detected with framework-specific rules:
68
+ Auto-detected with framework-specific path-scoped rules:
79
69
 
80
70
  - **LoopBack** — Controller/model/repository patterns, decorator conventions
81
71
  - **Express** — Middleware/routing conventions, error handling patterns
@@ -83,9 +73,16 @@ Auto-detected with framework-specific rules:
83
73
  - **FastAPI**, **Django**, **Flask** — Detected (rules coming soon)
84
74
  - **Gin**, **Echo**, **Fiber** — Detected (rules coming soon)
85
75
 
86
- ## Commands
76
+ ## Supported Tools
77
+
78
+ Auto-detected and integrated when present:
79
+
80
+ - **Google Cloud** (gcloud) — SDK commands, security rules
81
+ - **Infisical** — Secrets management, never-leak rules
82
+ - **Pulumi** — IaC with preview-before-apply safety
83
+ - **Docker** — Container commands
87
84
 
88
- After init, these slash commands are available in Claude Code:
85
+ ## Commands (24)
89
86
 
90
87
  ### Development Workflow
91
88
  | Command | Description |
@@ -99,19 +96,28 @@ After init, these slash commands are available in Claude Code:
99
96
  | Command | Description |
100
97
  |---|---|
101
98
  | `/quality` | Run language-specific linters + AI review |
102
- | `/test` | Run tests (auto-detected runner: Jest, Mocha, Vitest, etc.) |
99
+ | `/test` | Run tests (auto-detected runner) |
103
100
  | `/check` | Full pre-commit validation (quality + tests + AI review) |
104
101
  | `/fix` | Auto-fix formatting and lint issues |
105
102
  | `/build` | Build the project |
106
103
  | `/setup-hooks` | Install git pre-commit/pre-push hooks |
107
104
  | `/test-gaps` | Find critical untested code paths |
108
105
 
106
+ ### Analysis & Reports
107
+ | Command | Description | Report |
108
+ |---|---|---|
109
+ | `/health` | 6-dimension codebase health audit | `.ai/reports/health-audit-*.md` |
110
+ | `/vulnerabilities` | Dependency + code vulnerability scan | `.ai/reports/vulnerability-scan-*.md` |
111
+ | `/dev-report` | Developer activity + security attribution | `.ai/reports/developer-report-*.md` |
112
+ | `/docs audit` | Documentation gap analysis | `.ai/reports/docs-audit-*.md` |
113
+ | `/deps` | Dependency map + blast radius | `.ai/reports/dependency-map-*.md` |
114
+ | `/export-pdf` | Convert markdown reports to PDF | `.ai/reports/*.pdf` |
115
+
109
116
  ### Exploration & Onboarding
110
117
  | Command | Description |
111
118
  |---|---|
112
- | `/onboarding` | Interactive onboarding for new developers |
119
+ | `/onboarding` | Interactive onboarding buddy for new developers |
113
120
  | `/explore-codebase` | Deep architecture exploration |
114
- | `/deps` | Map dependencies ("what breaks if I change X?") |
115
121
  | `/help` | List all commands and agents |
116
122
 
117
123
  ### Operations
@@ -124,21 +130,41 @@ After init, these slash commands are available in Claude Code:
124
130
 
125
131
  ## Agents
126
132
 
127
- ### Active by Default
133
+ ### Active by Default (4)
128
134
  These agents auto-trigger when Claude detects a matching question:
129
135
 
130
136
  - **knowledge-bot** — "How does auth work?" "Where are payments handled?"
131
137
  - **onboarding** — "I'm new, help me get started" "What does this project do?"
132
138
  - **quality-reviewer** — "Review my changes" "Check quality before I commit"
139
+ - **doc-writer** — "What needs documentation?" "Help me write docs"
133
140
 
134
- ### Dormant (activate with `/enable-agent`)
141
+ ### Dormant (9) — activate with `/enable-agent`
135
142
  - **codebase-explorer** — Deep architecture analysis, generates documentation
136
143
  - **code-reviewer** — PR review and security audit (read-only)
137
144
  - **test-writer** — Writes tests for existing code
138
145
  - **test-gap-finder** — Identifies critical untested code paths, prioritized by risk
139
146
  - **dependency-mapper** — Maps import chains and blast radius of changes
147
+ - **health-auditor** — Comprehensive codebase health audit (scores 6 dimensions)
148
+ - **vulnerability-scanner** — Dependency + code vulnerability analysis
149
+ - **dev-report** — Developer activity, quality patterns, security attribution
140
150
  - **debugger** — Systematic root cause analysis
141
151
 
152
+ ## Reports
153
+
154
+ All analysis commands save timestamped reports to `.ai/reports/`:
155
+
156
+ ```bash
157
+ .ai/reports/
158
+ health-audit-2026-03-30.md # Scores: tests, quality, docs, security, DX
159
+ vulnerability-scan-2026-03-30.md # CVEs, hardcoded secrets, dependency risks
160
+ developer-report-2026-03-30.md # Team activity, ownership, security attribution
161
+ test-gaps-2026-03-30.md # Critical untested code, prioritized by risk
162
+ docs-audit-2026-03-30.md # Documentation gaps and recommendations
163
+ dependency-map-2026-03-30.md # Import chains, most-depended-on files
164
+ ```
165
+
166
+ Convert to PDF: `/export-pdf all` or `/export-pdf .ai/reports/health-audit-2026-03-30.md`
167
+
142
168
  ## Learning System
143
169
 
144
170
  DXKit includes a continuous learning system that improves over time:
@@ -146,14 +172,14 @@ DXKit includes a continuous learning system that improves over time:
146
172
  1. **Stop Hook** — After each conversation, Claude is reminded to capture learnings
147
173
  2. **`/learn` command** — Explicitly save gotchas, conventions, or things to avoid
148
174
  3. **`/session-end`** — Creates checkpoint and evolves skill files
149
- 4. **Evolving files** — These files are append-only and never overwritten:
175
+ 4. **Evolving files** — Append-only, never overwritten even with `--force`:
150
176
  - `.claude/skills/learned/references/gotchas.md`
151
177
  - `.claude/skills/learned/references/conventions.md`
152
178
  - `.claude/skills/learned/references/deny-recommendations.md`
153
179
 
154
180
  ## PR Review Automation
155
181
 
156
- DXKit generates a GitHub Action (`.github/workflows/pr-review.yml`) that automatically reviews PRs using Claude Code. Enable it by:
182
+ DXKit generates a GitHub Action that automatically reviews PRs using Claude Code:
157
183
 
158
184
  1. Set `ENABLE_AI_REVIEW=true` as a GitHub Actions variable
159
185
  2. Add `ANTHROPIC_API_KEY` to repo secrets
@@ -162,33 +188,21 @@ Reviews appear as PR comments with issues rated as critical/warning/suggestion.
162
188
 
163
189
  ## Smart Detection
164
190
 
165
- DXKit goes beyond language detection:
166
-
167
- - **Test runner** — Detects Jest, Mocha, Vitest, Ava, Tap, pytest, go test from package.json scripts and dependencies
168
- - **Framework** — Detects LoopBack, Express, NestJS, FastAPI, Gin, etc. and generates framework-specific rules
169
- - **Test presence** — Counts test files vs source files and warns about minimal test coverage
170
- - **Multi-language** — Detects Python from `.py` files even without `pyproject.toml` (common in mixed repos)
191
+ - **Test runner** Detects Jest, Mocha, Vitest, Ava, Tap, pytest, go test from scripts and dependencies
192
+ - **Framework** — Detects LoopBack, Express, NestJS, FastAPI, Gin, etc. with framework-specific rules
193
+ - **Test presence** — Counts test files vs source files, warns about minimal coverage
194
+ - **Multi-language** — Detects all languages including Python from `.py` files (no config file required)
195
+ - **Language breakdown** — Shows file count per language in codebase skill for accurate analysis
171
196
 
172
197
  ## CLI Reference
173
198
 
174
199
  ```bash
175
- # Initialize (auto-detect stack)
176
- npx @vyuhlabs/dxkit init --detect
177
-
178
- # Initialize (interactive)
179
- npx @vyuhlabs/dxkit init
180
-
181
- # Initialize (everything, no prompts)
182
- npx @vyuhlabs/dxkit init --full --yes
183
-
184
- # Re-generate after config changes (preserves evolved files)
185
- npx @vyuhlabs/dxkit update
186
-
187
- # Re-generate with codebase rescan
188
- npx @vyuhlabs/dxkit update --rescan
189
-
190
- # Verify setup
191
- npx @vyuhlabs/dxkit doctor
200
+ npx @vyuhlabs/dxkit init --detect # Auto-detect, minimal prompts
201
+ npx @vyuhlabs/dxkit init # Interactive
202
+ npx @vyuhlabs/dxkit init --full --yes # Everything, no prompts
203
+ npx @vyuhlabs/dxkit update # Re-generate (preserves evolved files)
204
+ npx @vyuhlabs/dxkit update --rescan # Re-run codebase analysis
205
+ npx @vyuhlabs/dxkit doctor # Verify setup
192
206
  ```
193
207
 
194
208
  ### Init Options
@@ -203,56 +217,44 @@ npx @vyuhlabs/dxkit doctor
203
217
  | `--name <n>` | Override project name |
204
218
  | `--no-scan` | Skip codebase analysis |
205
219
 
206
- ## Example: Adding to an Existing Node.js Project
220
+ ## Example: Node.js/TypeScript Project
207
221
 
208
222
  ```bash
209
- cd my-express-app
223
+ cd my-loopback-app
210
224
  npx @vyuhlabs/dxkit init --detect --yes
211
225
  ```
212
226
 
213
- This generates:
214
- - `CLAUDE.md` with Node.js-specific context
215
- - `.claude/commands/quality.md` with `npx eslint .` and `npx tsc --noEmit`
216
- - `.claude/commands/test.md` with auto-detected test runner and framework
217
- - `.claude/rules/` with Node.js + framework-specific conventions
218
- - `.claude/skills/codebase/SKILL.md` with auto-scanned architecture overview
219
- - `.github/workflows/pr-review.yml` for automated PR review
220
- - 3 active agents + 7 dormant agents
227
+ Output:
228
+ ```
229
+ Languages: node
230
+ Framework: loopback
231
+ Tests: mocha (npm test)
232
+ Created: 61 files
233
+ ```
221
234
 
222
235
  Then in Claude Code:
223
236
  ```
224
- /help # See everything available
225
- /ask How does the auth middleware work? # Ask about the codebase
226
- /quality # Run ESLint + TypeScript checks
227
- /onboarding # Get oriented as a new developer
237
+ /help # See everything
238
+ /ask How does the auth middleware work? # Codebase Q&A
239
+ /health # Full health audit
240
+ /vulnerabilities # Security scan
241
+ /dev-report # Team activity report
242
+ /quality # ESLint + AI review
243
+ /onboarding # New developer guide
228
244
  ```
229
245
 
230
- ## Example: Adding to a Python + Go Monorepo
246
+ ## Example: Multi-Language Repo (Python + Go + TypeScript)
231
247
 
232
248
  ```bash
233
249
  cd my-monorepo
234
250
  npx @vyuhlabs/dxkit init --detect --yes
235
251
  ```
236
252
 
237
- Detects both languages and generates:
238
- - Quality commands with ruff + mypy (Python) and golangci-lint (Go)
239
- - Test commands with pytest + go test
240
- - Path-scoped rules for both `.py` and `.go` files
241
- - Language-specific coverage enforcement
242
-
243
- ## How It Works
244
-
245
- 1. **Detection** — Scans for config files (`package.json`, `go.mod`, `pyproject.toml`, etc.) to determine languages and tools
246
- 2. **Template Processing** — Processes `.md.template` files through a conditional template engine, stripping irrelevant language sections
247
- 3. **Codebase Scanning** — Analyzes source files to find entry points, API routes, test patterns, and conventions
248
- 4. **Generation** — Writes files non-destructively (never overwrites without `--force`, evolving files always preserved)
249
- 5. **Manifest** — Saves state to `.vyuh-dxkit.json` for `update` and `doctor` commands
250
-
251
- ## Non-Destructive by Design
252
-
253
- - Files that already exist are **skipped** (use `--force` to overwrite)
254
- - Evolving files (`gotchas.md`, `conventions.md`, `deny-recommendations.md`) are **never overwritten**, even with `--force`
255
- - The manifest (`.vyuh-dxkit.json`) tracks what was generated for safe updates
253
+ Generates:
254
+ - Quality commands with `npx eslint .` + `ruff check .` + `golangci-lint run`
255
+ - Test commands with `npm test` + `pytest` + `go test`
256
+ - Path-scoped rules for `.ts`, `.py`, and `.go` files
257
+ - Language breakdown in codebase skill: "TypeScript: 200, Python: 50, Go: 30"
256
258
 
257
259
  ## AI-Assisted Development Workflow
258
260
 
@@ -262,11 +264,20 @@ git checkout -b feature/my-feature # Create branch
262
264
  /ask How does the payment flow work? # Understand the code
263
265
  # ... develop with full context ...
264
266
  /quality # Lint + AI review
265
- /test # Tests with coverage
267
+ /test # Tests
268
+ /learn auth tokens expire after 24h # Capture gotcha
266
269
  git add -A && git commit # Commit
267
270
  /session-end # Checkpoint + evolve skills
268
271
  ```
269
272
 
273
+ ## How It Works
274
+
275
+ 1. **Detection** — Scans for config files, source files, and tools to determine languages, frameworks, and test runners
276
+ 2. **Template Processing** — Processes `.md.template` files through a conditional engine, generating language-specific commands
277
+ 3. **Codebase Scanning** — Analyzes source files to find entry points, API routes (including LoopBack/Express/FastAPI decorators), test patterns, and language breakdown
278
+ 4. **Generation** — Writes 60+ files non-destructively (never overwrites without `--force`, evolving files always preserved)
279
+ 5. **Manifest** — Saves state to `.vyuh-dxkit.json` for `update` and `doctor` commands
280
+
270
281
  ## License
271
282
 
272
283
  MIT
@@ -1,5 +1,5 @@
1
1
  import { ResolvedConfig } from './types';
2
- export declare const VERSION = "0.6.0";
2
+ export declare const VERSION = "0.8.0";
3
3
  export declare const DEFAULT_VERSIONS: {
4
4
  python: string;
5
5
  go: string;
package/dist/constants.js CHANGED
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.EVOLVING_FILES = exports.DEFAULT_COVERAGE = exports.DEFAULT_VERSIONS = exports.VERSION = void 0;
4
4
  exports.buildVariables = buildVariables;
5
5
  exports.buildConditions = buildConditions;
6
- exports.VERSION = '0.6.0';
6
+ exports.VERSION = '0.8.0';
7
7
  exports.DEFAULT_VERSIONS = {
8
8
  python: '3.12',
9
9
  go: '1.24.0',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vyuhlabs/dxkit",
3
- "version": "0.6.0",
3
+ "version": "0.8.0",
4
4
  "description": "AI-native developer experience toolkit for any repository",
5
5
  "license": "MIT",
6
6
  "bin": {
@@ -0,0 +1,104 @@
1
+ ---
2
+ name: dev-report
3
+ description: Generates developer activity and code quality reports from git history. Use when asked about "developer report", "who introduced this bug?", "contribution analysis", or "team activity". Saves report to .ai/reports/.
4
+ model: sonnet
5
+ tools: Read, Grep, Glob, Bash, Write
6
+ ---
7
+
8
+ You are a developer activity analyst. Your job is to generate insightful reports about developer contributions, code quality patterns, and areas of ownership.
9
+
10
+ ## Report Types
11
+
12
+ ### 1. Team Overview (default)
13
+ When asked for a general report or "developer report":
14
+
15
+ Run these commands to gather data:
16
+ - `git shortlog -sn --no-merges --since="3 months ago"` — commit counts per developer
17
+ - `git log --since="3 months ago" --pretty=format:"%an|%s" --no-merges` — recent commits
18
+ - `git log --since="3 months ago" --pretty=format:"%an" --no-merges | sort | uniq -c | sort -rn` — activity ranking
19
+
20
+ For each active developer, analyze:
21
+ - **Areas of ownership**: `git log --author="Name" --since="3 months ago" --name-only --pretty=format:"" | sort | uniq -c | sort -rn | head -20`
22
+ - **Commit patterns**: feature vs fix vs refactor ratio
23
+ - **Files most touched**: potential hotspots
24
+
25
+ ### 2. Individual Developer Report
26
+ When asked about a specific developer:
27
+
28
+ - `git log --author="Name" --since="6 months ago" --stat --no-merges` — their commits with stats
29
+ - `git log --author="Name" --since="6 months ago" --pretty=format:"%H" --no-merges` — commit hashes
30
+ - For each recent commit, check the diff for:
31
+ - Quality issues introduced (hardcoded values, missing error handling, TODOs)
32
+ - Security concerns (secrets, eval, exec, SQL concatenation)
33
+ - Test coverage (did they add tests with features?)
34
+
35
+ ### 3. Code Quality by Developer
36
+ Cross-reference git blame with known issues:
37
+
38
+ - For files with known vulnerabilities (from `/vulnerabilities` report if available in `.ai/reports/`):
39
+ - `git blame <file>` on the problematic lines
40
+ - Identify who introduced the issue and when
41
+ - For files with no tests:
42
+ - Who last modified them? They should write the tests.
43
+
44
+ ## Output Format
45
+
46
+ Save to `.ai/reports/developer-report-YYYY-MM-DD.md`:
47
+
48
+ ```markdown
49
+ ## Developer Activity Report
50
+ Generated: YYYY-MM-DD | Period: last 3 months
51
+
52
+ ### Team Summary
53
+ | Developer | Commits | Files Changed | Primary Areas |
54
+ |-----------|---------|--------------|---------------|
55
+ | Alice | 45 | 120 | controllers, services |
56
+ | Bob | 30 | 80 | models, migrations |
57
+
58
+ ### Activity by Developer
59
+
60
+ #### Alice (45 commits)
61
+ **Areas of ownership:**
62
+ - src/controllers/ (25 commits)
63
+ - src/services/ (12 commits)
64
+
65
+ **Commit breakdown:**
66
+ - Features: 20 | Fixes: 15 | Refactors: 8 | Docs: 2
67
+
68
+ **Quality observations:**
69
+ - Added tests in 8/20 feature commits (40%)
70
+ - 2 commits introduced TODOs without linked issues
71
+ - No security concerns in recent changes
72
+
73
+ **Notable contributions:**
74
+ - Implemented auth middleware (commit abc123)
75
+ - Fixed payment race condition (commit def456)
76
+
77
+ ---
78
+
79
+ ### Code Quality Hotspots
80
+ Files with most churn (frequent changes = potential instability):
81
+ | File | Changes (3mo) | Last Author | Concern |
82
+ |------|--------------|-------------|---------|
83
+ | src/server.ts | 12 changes | Multiple | High churn, complex file |
84
+
85
+ ### Security Attribution
86
+ Issues from vulnerability scan attributed to authors:
87
+ | Issue | File:Line | Introduced by | When |
88
+ |-------|-----------|--------------|------|
89
+ | Hardcoded secret | keys.ts:18 | Bob | 2025-06-15 |
90
+
91
+ ### Recommendations
92
+ 1. [Team-level recommendations]
93
+ 2. [Per-developer suggestions]
94
+ ```
95
+
96
+ ## Important Guidelines
97
+
98
+ - **Be constructive, not punitive** — the goal is to improve, not blame
99
+ - **Context matters** — a developer may have inherited bad code
100
+ - **Use git blame carefully** — the last modifier isn't always the author of the problem
101
+ - **Focus on patterns** — one missed test is noise; consistently missing tests is a pattern
102
+ - **Respect privacy** — this report may be sensitive; don't include in public repos
103
+ - **Never output secrets** found in git history
104
+ - Save report to `.ai/reports/developer-report-YYYY-MM-DD.md`
@@ -0,0 +1,14 @@
1
+ ---
2
+ description: Generate developer activity and code quality report from git history
3
+ ---
4
+
5
+ Delegate to the **dev-report** agent. It analyzes git history to generate reports on developer contributions, code quality patterns, and security attribution.
6
+
7
+ **Saves report to `.ai/reports/developer-report-YYYY-MM-DD.md`**
8
+
9
+ Examples:
10
+ - `/dev-report` — Team overview (last 3 months)
11
+ - `/dev-report Alice` — Individual developer report
12
+ - `/dev-report security` — Who introduced known security issues
13
+
14
+ $ARGUMENTS
@@ -0,0 +1,30 @@
1
+ ---
2
+ description: Convert a markdown report to PDF
3
+ argument-hint: "[file-path or 'all' for all reports]"
4
+ ---
5
+
6
+ Convert markdown report(s) to PDF.
7
+
8
+ ## Arguments
9
+ - `$ARGUMENTS`
10
+ - If empty or "all", convert all reports in `.ai/reports/`
11
+ - If a file path, convert that specific file
12
+
13
+ ## How to Convert
14
+
15
+ Try these tools in order (use whichever is available):
16
+
17
+ 1. **md-to-pdf** (Node.js): `npx md-to-pdf <file.md>` — creates `<file.pdf>` alongside it
18
+ 2. **pandoc**: `pandoc <file.md> -o <file.pdf> --pdf-engine=wkhtmltopdf`
19
+ 3. **If neither is available**, install md-to-pdf: `npx md-to-pdf <file.md>`
20
+
21
+ ## For "all" reports
22
+ ```
23
+ for f in .ai/reports/*.md; do
24
+ npx md-to-pdf "$f"
25
+ done
26
+ ```
27
+
28
+ ## Output
29
+ - PDFs are saved alongside the markdown files in `.ai/reports/`
30
+ - Report which files were converted and their paths
@@ -160,7 +160,9 @@ Slash commands for common workflows. Run `/help` to list all with descriptions.
160
160
  - `/deps` - Map dependencies ("what breaks if I change X?")
161
161
  - `/health` - Comprehensive codebase health audit
162
162
  - `/vulnerabilities` - Scan dependencies and code for security issues
163
+ - `/dev-report` - Developer activity and code quality report
163
164
  - `/docs` - Audit, write, or improve documentation
165
+ - `/export-pdf` - Convert markdown reports to PDF
164
166
  - `/fix-issue <number>` - Investigate and fix a GitHub issue
165
167
 
166
168
  ### Rules (`.claude/rules/`)
@@ -181,6 +183,7 @@ Language-specific conventions that activate automatically when editing matching
181
183
  - `dependency-mapper` — Maps import chains and blast radius (sonnet, read-only)
182
184
  - `health-auditor` — Comprehensive codebase health audit (sonnet, read-only)
183
185
  - `vulnerability-scanner` — Dependency and code vulnerability analysis (sonnet)
186
+ - `dev-report` — Developer activity, quality patterns, security attribution (sonnet)
184
187
  - `doc-writer` — Audits docs, identifies gaps, writes/improves documentation (sonnet)
185
188
  - `debugger` — Traces root causes systematically (sonnet, no file edits)
186
189