@vyuhlabs/dxkit 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +112 -101
- package/dist/constants.d.ts +1 -1
- package/dist/constants.js +1 -1
- package/package.json +1 -1
- package/templates/.claude/agents-available/dev-report.md +104 -0
- package/templates/.claude/commands/dev-report.md +14 -0
- package/templates/.claude/commands/export-pdf.md +30 -0
- package/templates/CLAUDE.md.template +3 -0
package/README.md
CHANGED
|
@@ -21,61 +21,51 @@ Running `init` auto-detects your tech stack and generates a complete `.claude/`
|
|
|
21
21
|
|
|
22
22
|
```
|
|
23
23
|
.claude/
|
|
24
|
-
settings.json # Permissions, deny list, hooks
|
|
25
|
-
agents/ # Active agents (auto-trigger)
|
|
24
|
+
settings.json # Permissions, deny list, learning hooks
|
|
25
|
+
agents/ # Active agents (auto-trigger on matching questions)
|
|
26
26
|
knowledge-bot.md # Answers codebase questions
|
|
27
27
|
onboarding.md # Interactive onboarding buddy
|
|
28
28
|
quality-reviewer.md # Reviews code before committing
|
|
29
|
-
|
|
29
|
+
doc-writer.md # Audits and writes documentation
|
|
30
|
+
agents-available/ # Dormant agents (activate with /enable-agent)
|
|
30
31
|
codebase-explorer.md # Deep architecture analysis
|
|
31
32
|
code-reviewer.md # PR review and security audit
|
|
32
33
|
test-writer.md # Writes tests for existing code
|
|
34
|
+
test-gap-finder.md # Identifies untested critical code
|
|
35
|
+
dependency-mapper.md # Maps import chains and blast radius
|
|
36
|
+
health-auditor.md # 6-dimension codebase health audit
|
|
37
|
+
vulnerability-scanner.md # Dependency + code security scan
|
|
38
|
+
dev-report.md # Developer activity + quality attribution
|
|
33
39
|
debugger.md # Root cause analysis
|
|
34
|
-
commands/ #
|
|
35
|
-
ask.md # /ask — Query the codebase
|
|
36
|
-
quality.md # /quality — Run linters
|
|
37
|
-
test.md # /test — Run tests with coverage
|
|
38
|
-
check.md # /check — Full pre-commit validation
|
|
39
|
-
fix.md # /fix — Auto-fix issues
|
|
40
|
-
learn.md # /learn — Capture gotchas/conventions
|
|
41
|
-
onboarding.md # /onboarding — Start onboarding
|
|
42
|
-
help.md # /help — List everything
|
|
43
|
-
session-start.md # /session-start — Begin dev session
|
|
44
|
-
session-end.md # /session-end — Checkpoint + evolve skills
|
|
45
|
-
...
|
|
40
|
+
commands/ # 24 slash commands (see below)
|
|
46
41
|
skills/ # Domain knowledge
|
|
47
42
|
codebase/ # Auto-generated architecture overview
|
|
48
43
|
learned/ # Evolving gotchas, conventions, deny list
|
|
49
|
-
|
|
50
|
-
...
|
|
51
|
-
rules/ # Path-scoped rules (per language)
|
|
44
|
+
rules/ # Path-scoped rules (per language + framework)
|
|
52
45
|
CLAUDE.md # Main context file for Claude Code
|
|
53
46
|
.ai/
|
|
54
47
|
sessions/ # Session checkpoints
|
|
48
|
+
reports/ # Generated reports (health, vulnerabilities, etc.)
|
|
49
|
+
.github/
|
|
50
|
+
workflows/
|
|
51
|
+
pr-review.yml # Automated PR review (opt-in)
|
|
55
52
|
```
|
|
56
53
|
|
|
57
54
|
## Supported Languages
|
|
58
55
|
|
|
59
|
-
| Language | Detection | Linters |
|
|
60
|
-
|
|
61
|
-
| Node.js / TypeScript | `package.json` | ESLint, Prettier, tsc | Auto-detected (Jest, Mocha, Vitest, Ava) |
|
|
62
|
-
| Python | `pyproject.toml`, `setup.py`, `*.py` | ruff, mypy | pytest |
|
|
63
|
-
| Go | `go.mod` | golangci-lint, go vet | go test |
|
|
64
|
-
| C# | `*.csproj`, `*.sln` | dotnet format, Roslyn | dotnet test |
|
|
65
|
-
| Rust | `Cargo.toml` | clippy, rustfmt | cargo test |
|
|
56
|
+
| Language | Detection | Linters | Test Runner |
|
|
57
|
+
|---|---|---|---|
|
|
58
|
+
| Node.js / TypeScript | `package.json` | ESLint, Prettier, tsc | Auto-detected (Jest, Mocha, Vitest, Ava, Tap) |
|
|
59
|
+
| Python | `pyproject.toml`, `setup.py`, `*.py` | ruff, mypy | pytest |
|
|
60
|
+
| Go | `go.mod` | golangci-lint, go vet | go test |
|
|
61
|
+
| C# | `*.csproj`, `*.sln` | dotnet format, Roslyn | dotnet test |
|
|
62
|
+
| Rust | `Cargo.toml` | clippy, rustfmt | cargo test |
|
|
66
63
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
Auto-detected and integrated when present:
|
|
70
|
-
|
|
71
|
-
- **Google Cloud** (gcloud) — SDK commands, security rules
|
|
72
|
-
- **Infisical** — Secrets management, never-leak rules
|
|
73
|
-
- **Pulumi** — IaC with preview-before-apply safety
|
|
74
|
-
- **Docker** — Container commands
|
|
64
|
+
Multi-language repos fully supported — detects and generates rules/commands for all languages present.
|
|
75
65
|
|
|
76
66
|
## Supported Frameworks
|
|
77
67
|
|
|
78
|
-
Auto-detected with framework-specific rules:
|
|
68
|
+
Auto-detected with framework-specific path-scoped rules:
|
|
79
69
|
|
|
80
70
|
- **LoopBack** — Controller/model/repository patterns, decorator conventions
|
|
81
71
|
- **Express** — Middleware/routing conventions, error handling patterns
|
|
@@ -83,9 +73,16 @@ Auto-detected with framework-specific rules:
|
|
|
83
73
|
- **FastAPI**, **Django**, **Flask** — Detected (rules coming soon)
|
|
84
74
|
- **Gin**, **Echo**, **Fiber** — Detected (rules coming soon)
|
|
85
75
|
|
|
86
|
-
##
|
|
76
|
+
## Supported Tools
|
|
77
|
+
|
|
78
|
+
Auto-detected and integrated when present:
|
|
79
|
+
|
|
80
|
+
- **Google Cloud** (gcloud) — SDK commands, security rules
|
|
81
|
+
- **Infisical** — Secrets management, never-leak rules
|
|
82
|
+
- **Pulumi** — IaC with preview-before-apply safety
|
|
83
|
+
- **Docker** — Container commands
|
|
87
84
|
|
|
88
|
-
|
|
85
|
+
## Commands (24)
|
|
89
86
|
|
|
90
87
|
### Development Workflow
|
|
91
88
|
| Command | Description |
|
|
@@ -99,19 +96,28 @@ After init, these slash commands are available in Claude Code:
|
|
|
99
96
|
| Command | Description |
|
|
100
97
|
|---|---|
|
|
101
98
|
| `/quality` | Run language-specific linters + AI review |
|
|
102
|
-
| `/test` | Run tests (auto-detected runner
|
|
99
|
+
| `/test` | Run tests (auto-detected runner) |
|
|
103
100
|
| `/check` | Full pre-commit validation (quality + tests + AI review) |
|
|
104
101
|
| `/fix` | Auto-fix formatting and lint issues |
|
|
105
102
|
| `/build` | Build the project |
|
|
106
103
|
| `/setup-hooks` | Install git pre-commit/pre-push hooks |
|
|
107
104
|
| `/test-gaps` | Find critical untested code paths |
|
|
108
105
|
|
|
106
|
+
### Analysis & Reports
|
|
107
|
+
| Command | Description | Report |
|
|
108
|
+
|---|---|---|
|
|
109
|
+
| `/health` | 6-dimension codebase health audit | `.ai/reports/health-audit-*.md` |
|
|
110
|
+
| `/vulnerabilities` | Dependency + code vulnerability scan | `.ai/reports/vulnerability-scan-*.md` |
|
|
111
|
+
| `/dev-report` | Developer activity + security attribution | `.ai/reports/developer-report-*.md` |
|
|
112
|
+
| `/docs audit` | Documentation gap analysis | `.ai/reports/docs-audit-*.md` |
|
|
113
|
+
| `/deps` | Dependency map + blast radius | `.ai/reports/dependency-map-*.md` |
|
|
114
|
+
| `/export-pdf` | Convert markdown reports to PDF | `.ai/reports/*.pdf` |
|
|
115
|
+
|
|
109
116
|
### Exploration & Onboarding
|
|
110
117
|
| Command | Description |
|
|
111
118
|
|---|---|
|
|
112
|
-
| `/onboarding` | Interactive onboarding for new developers |
|
|
119
|
+
| `/onboarding` | Interactive onboarding buddy for new developers |
|
|
113
120
|
| `/explore-codebase` | Deep architecture exploration |
|
|
114
|
-
| `/deps` | Map dependencies ("what breaks if I change X?") |
|
|
115
121
|
| `/help` | List all commands and agents |
|
|
116
122
|
|
|
117
123
|
### Operations
|
|
@@ -124,21 +130,41 @@ After init, these slash commands are available in Claude Code:
|
|
|
124
130
|
|
|
125
131
|
## Agents
|
|
126
132
|
|
|
127
|
-
### Active by Default
|
|
133
|
+
### Active by Default (4)
|
|
128
134
|
These agents auto-trigger when Claude detects a matching question:
|
|
129
135
|
|
|
130
136
|
- **knowledge-bot** — "How does auth work?" "Where are payments handled?"
|
|
131
137
|
- **onboarding** — "I'm new, help me get started" "What does this project do?"
|
|
132
138
|
- **quality-reviewer** — "Review my changes" "Check quality before I commit"
|
|
139
|
+
- **doc-writer** — "What needs documentation?" "Help me write docs"
|
|
133
140
|
|
|
134
|
-
### Dormant (activate with `/enable-agent`
|
|
141
|
+
### Dormant (9) — activate with `/enable-agent`
|
|
135
142
|
- **codebase-explorer** — Deep architecture analysis, generates documentation
|
|
136
143
|
- **code-reviewer** — PR review and security audit (read-only)
|
|
137
144
|
- **test-writer** — Writes tests for existing code
|
|
138
145
|
- **test-gap-finder** — Identifies critical untested code paths, prioritized by risk
|
|
139
146
|
- **dependency-mapper** — Maps import chains and blast radius of changes
|
|
147
|
+
- **health-auditor** — Comprehensive codebase health audit (scores 6 dimensions)
|
|
148
|
+
- **vulnerability-scanner** — Dependency + code vulnerability analysis
|
|
149
|
+
- **dev-report** — Developer activity, quality patterns, security attribution
|
|
140
150
|
- **debugger** — Systematic root cause analysis
|
|
141
151
|
|
|
152
|
+
## Reports
|
|
153
|
+
|
|
154
|
+
All analysis commands save timestamped reports to `.ai/reports/`:
|
|
155
|
+
|
|
156
|
+
```bash
|
|
157
|
+
.ai/reports/
|
|
158
|
+
health-audit-2026-03-30.md # Scores: tests, quality, docs, security, DX
|
|
159
|
+
vulnerability-scan-2026-03-30.md # CVEs, hardcoded secrets, dependency risks
|
|
160
|
+
developer-report-2026-03-30.md # Team activity, ownership, security attribution
|
|
161
|
+
test-gaps-2026-03-30.md # Critical untested code, prioritized by risk
|
|
162
|
+
docs-audit-2026-03-30.md # Documentation gaps and recommendations
|
|
163
|
+
dependency-map-2026-03-30.md # Import chains, most-depended-on files
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
Convert to PDF: `/export-pdf all` or `/export-pdf .ai/reports/health-audit-2026-03-30.md`
|
|
167
|
+
|
|
142
168
|
## Learning System
|
|
143
169
|
|
|
144
170
|
DXKit includes a continuous learning system that improves over time:
|
|
@@ -146,14 +172,14 @@ DXKit includes a continuous learning system that improves over time:
|
|
|
146
172
|
1. **Stop Hook** — After each conversation, Claude is reminded to capture learnings
|
|
147
173
|
2. **`/learn` command** — Explicitly save gotchas, conventions, or things to avoid
|
|
148
174
|
3. **`/session-end`** — Creates checkpoint and evolves skill files
|
|
149
|
-
4. **Evolving files** —
|
|
175
|
+
4. **Evolving files** — Append-only, never overwritten even with `--force`:
|
|
150
176
|
- `.claude/skills/learned/references/gotchas.md`
|
|
151
177
|
- `.claude/skills/learned/references/conventions.md`
|
|
152
178
|
- `.claude/skills/learned/references/deny-recommendations.md`
|
|
153
179
|
|
|
154
180
|
## PR Review Automation
|
|
155
181
|
|
|
156
|
-
DXKit generates a GitHub Action
|
|
182
|
+
DXKit generates a GitHub Action that automatically reviews PRs using Claude Code:
|
|
157
183
|
|
|
158
184
|
1. Set `ENABLE_AI_REVIEW=true` as a GitHub Actions variable
|
|
159
185
|
2. Add `ANTHROPIC_API_KEY` to repo secrets
|
|
@@ -162,33 +188,21 @@ Reviews appear as PR comments with issues rated as critical/warning/suggestion.
|
|
|
162
188
|
|
|
163
189
|
## Smart Detection
|
|
164
190
|
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
- **Test
|
|
168
|
-
- **
|
|
169
|
-
- **
|
|
170
|
-
- **Multi-language** — Detects Python from `.py` files even without `pyproject.toml` (common in mixed repos)
|
|
191
|
+
- **Test runner** — Detects Jest, Mocha, Vitest, Ava, Tap, pytest, go test from scripts and dependencies
|
|
192
|
+
- **Framework** — Detects LoopBack, Express, NestJS, FastAPI, Gin, etc. with framework-specific rules
|
|
193
|
+
- **Test presence** — Counts test files vs source files, warns about minimal coverage
|
|
194
|
+
- **Multi-language** — Detects all languages including Python from `.py` files (no config file required)
|
|
195
|
+
- **Language breakdown** — Shows file count per language in codebase skill for accurate analysis
|
|
171
196
|
|
|
172
197
|
## CLI Reference
|
|
173
198
|
|
|
174
199
|
```bash
|
|
175
|
-
#
|
|
176
|
-
npx @vyuhlabs/dxkit init
|
|
177
|
-
|
|
178
|
-
#
|
|
179
|
-
npx @vyuhlabs/dxkit
|
|
180
|
-
|
|
181
|
-
# Initialize (everything, no prompts)
|
|
182
|
-
npx @vyuhlabs/dxkit init --full --yes
|
|
183
|
-
|
|
184
|
-
# Re-generate after config changes (preserves evolved files)
|
|
185
|
-
npx @vyuhlabs/dxkit update
|
|
186
|
-
|
|
187
|
-
# Re-generate with codebase rescan
|
|
188
|
-
npx @vyuhlabs/dxkit update --rescan
|
|
189
|
-
|
|
190
|
-
# Verify setup
|
|
191
|
-
npx @vyuhlabs/dxkit doctor
|
|
200
|
+
npx @vyuhlabs/dxkit init --detect # Auto-detect, minimal prompts
|
|
201
|
+
npx @vyuhlabs/dxkit init # Interactive
|
|
202
|
+
npx @vyuhlabs/dxkit init --full --yes # Everything, no prompts
|
|
203
|
+
npx @vyuhlabs/dxkit update # Re-generate (preserves evolved files)
|
|
204
|
+
npx @vyuhlabs/dxkit update --rescan # Re-run codebase analysis
|
|
205
|
+
npx @vyuhlabs/dxkit doctor # Verify setup
|
|
192
206
|
```
|
|
193
207
|
|
|
194
208
|
### Init Options
|
|
@@ -203,56 +217,44 @@ npx @vyuhlabs/dxkit doctor
|
|
|
203
217
|
| `--name <n>` | Override project name |
|
|
204
218
|
| `--no-scan` | Skip codebase analysis |
|
|
205
219
|
|
|
206
|
-
## Example:
|
|
220
|
+
## Example: Node.js/TypeScript Project
|
|
207
221
|
|
|
208
222
|
```bash
|
|
209
|
-
cd my-
|
|
223
|
+
cd my-loopback-app
|
|
210
224
|
npx @vyuhlabs/dxkit init --detect --yes
|
|
211
225
|
```
|
|
212
226
|
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
- 3 active agents + 7 dormant agents
|
|
227
|
+
Output:
|
|
228
|
+
```
|
|
229
|
+
✓ Languages: node
|
|
230
|
+
✓ Framework: loopback
|
|
231
|
+
✓ Tests: mocha (npm test)
|
|
232
|
+
✓ Created: 61 files
|
|
233
|
+
```
|
|
221
234
|
|
|
222
235
|
Then in Claude Code:
|
|
223
236
|
```
|
|
224
|
-
/help
|
|
225
|
-
/ask How does the auth middleware work?
|
|
226
|
-
/
|
|
227
|
-
/
|
|
237
|
+
/help # See everything
|
|
238
|
+
/ask How does the auth middleware work? # Codebase Q&A
|
|
239
|
+
/health # Full health audit
|
|
240
|
+
/vulnerabilities # Security scan
|
|
241
|
+
/dev-report # Team activity report
|
|
242
|
+
/quality # ESLint + AI review
|
|
243
|
+
/onboarding # New developer guide
|
|
228
244
|
```
|
|
229
245
|
|
|
230
|
-
## Example:
|
|
246
|
+
## Example: Multi-Language Repo (Python + Go + TypeScript)
|
|
231
247
|
|
|
232
248
|
```bash
|
|
233
249
|
cd my-monorepo
|
|
234
250
|
npx @vyuhlabs/dxkit init --detect --yes
|
|
235
251
|
```
|
|
236
252
|
|
|
237
|
-
|
|
238
|
-
- Quality commands with
|
|
239
|
-
- Test commands with pytest + go test
|
|
240
|
-
- Path-scoped rules for
|
|
241
|
-
- Language
|
|
242
|
-
|
|
243
|
-
## How It Works
|
|
244
|
-
|
|
245
|
-
1. **Detection** — Scans for config files (`package.json`, `go.mod`, `pyproject.toml`, etc.) to determine languages and tools
|
|
246
|
-
2. **Template Processing** — Processes `.md.template` files through a conditional template engine, stripping irrelevant language sections
|
|
247
|
-
3. **Codebase Scanning** — Analyzes source files to find entry points, API routes, test patterns, and conventions
|
|
248
|
-
4. **Generation** — Writes files non-destructively (never overwrites without `--force`, evolving files always preserved)
|
|
249
|
-
5. **Manifest** — Saves state to `.vyuh-dxkit.json` for `update` and `doctor` commands
|
|
250
|
-
|
|
251
|
-
## Non-Destructive by Design
|
|
252
|
-
|
|
253
|
-
- Files that already exist are **skipped** (use `--force` to overwrite)
|
|
254
|
-
- Evolving files (`gotchas.md`, `conventions.md`, `deny-recommendations.md`) are **never overwritten**, even with `--force`
|
|
255
|
-
- The manifest (`.vyuh-dxkit.json`) tracks what was generated for safe updates
|
|
253
|
+
Generates:
|
|
254
|
+
- Quality commands with `npx eslint .` + `ruff check .` + `golangci-lint run`
|
|
255
|
+
- Test commands with `npm test` + `pytest` + `go test`
|
|
256
|
+
- Path-scoped rules for `.ts`, `.py`, and `.go` files
|
|
257
|
+
- Language breakdown in codebase skill: "TypeScript: 200, Python: 50, Go: 30"
|
|
256
258
|
|
|
257
259
|
## AI-Assisted Development Workflow
|
|
258
260
|
|
|
@@ -262,11 +264,20 @@ git checkout -b feature/my-feature # Create branch
|
|
|
262
264
|
/ask How does the payment flow work? # Understand the code
|
|
263
265
|
# ... develop with full context ...
|
|
264
266
|
/quality # Lint + AI review
|
|
265
|
-
/test # Tests
|
|
267
|
+
/test # Tests
|
|
268
|
+
/learn auth tokens expire after 24h # Capture gotcha
|
|
266
269
|
git add -A && git commit # Commit
|
|
267
270
|
/session-end # Checkpoint + evolve skills
|
|
268
271
|
```
|
|
269
272
|
|
|
273
|
+
## How It Works
|
|
274
|
+
|
|
275
|
+
1. **Detection** — Scans for config files, source files, and tools to determine languages, frameworks, and test runners
|
|
276
|
+
2. **Template Processing** — Processes `.md.template` files through a conditional engine, generating language-specific commands
|
|
277
|
+
3. **Codebase Scanning** — Analyzes source files to find entry points, API routes (including LoopBack/Express/FastAPI decorators), test patterns, and language breakdown
|
|
278
|
+
4. **Generation** — Writes 60+ files non-destructively (never overwrites without `--force`, evolving files always preserved)
|
|
279
|
+
5. **Manifest** — Saves state to `.vyuh-dxkit.json` for `update` and `doctor` commands
|
|
280
|
+
|
|
270
281
|
## License
|
|
271
282
|
|
|
272
283
|
MIT
|
package/dist/constants.d.ts
CHANGED
package/dist/constants.js
CHANGED
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.EVOLVING_FILES = exports.DEFAULT_COVERAGE = exports.DEFAULT_VERSIONS = exports.VERSION = void 0;
|
|
4
4
|
exports.buildVariables = buildVariables;
|
|
5
5
|
exports.buildConditions = buildConditions;
|
|
6
|
-
exports.VERSION = '0.
|
|
6
|
+
exports.VERSION = '0.8.0';
|
|
7
7
|
exports.DEFAULT_VERSIONS = {
|
|
8
8
|
python: '3.12',
|
|
9
9
|
go: '1.24.0',
|
package/package.json
CHANGED
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dev-report
|
|
3
|
+
description: Generates developer activity and code quality reports from git history. Use when asked about "developer report", "who introduced this bug?", "contribution analysis", or "team activity". Saves report to .ai/reports/.
|
|
4
|
+
model: sonnet
|
|
5
|
+
tools: Read, Grep, Glob, Bash, Write
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
You are a developer activity analyst. Your job is to generate insightful reports about developer contributions, code quality patterns, and areas of ownership.
|
|
9
|
+
|
|
10
|
+
## Report Types
|
|
11
|
+
|
|
12
|
+
### 1. Team Overview (default)
|
|
13
|
+
When asked for a general report or "developer report":
|
|
14
|
+
|
|
15
|
+
Run these commands to gather data:
|
|
16
|
+
- `git shortlog -sn --no-merges --since="3 months ago"` — commit counts per developer
|
|
17
|
+
- `git log --since="3 months ago" --pretty=format:"%an|%s" --no-merges` — recent commits
|
|
18
|
+
- `git log --since="3 months ago" --pretty=format:"%an" --no-merges | sort | uniq -c | sort -rn` — activity ranking
|
|
19
|
+
|
|
20
|
+
For each active developer, analyze:
|
|
21
|
+
- **Areas of ownership**: `git log --author="Name" --since="3 months ago" --name-only --pretty=format:"" | sort | uniq -c | sort -rn | head -20`
|
|
22
|
+
- **Commit patterns**: feature vs fix vs refactor ratio
|
|
23
|
+
- **Files most touched**: potential hotspots
|
|
24
|
+
|
|
25
|
+
### 2. Individual Developer Report
|
|
26
|
+
When asked about a specific developer:
|
|
27
|
+
|
|
28
|
+
- `git log --author="Name" --since="6 months ago" --stat --no-merges` — their commits with stats
|
|
29
|
+
- `git log --author="Name" --since="6 months ago" --pretty=format:"%H" --no-merges` — commit hashes
|
|
30
|
+
- For each recent commit, check the diff for:
|
|
31
|
+
- Quality issues introduced (hardcoded values, missing error handling, TODOs)
|
|
32
|
+
- Security concerns (secrets, eval, exec, SQL concatenation)
|
|
33
|
+
- Test coverage (did they add tests with features?)
|
|
34
|
+
|
|
35
|
+
### 3. Code Quality by Developer
|
|
36
|
+
Cross-reference git blame with known issues:
|
|
37
|
+
|
|
38
|
+
- For files with known vulnerabilities (from `/vulnerabilities` report if available in `.ai/reports/`):
|
|
39
|
+
- `git blame <file>` on the problematic lines
|
|
40
|
+
- Identify who introduced the issue and when
|
|
41
|
+
- For files with no tests:
|
|
42
|
+
- Who last modified them? They should write the tests.
|
|
43
|
+
|
|
44
|
+
## Output Format
|
|
45
|
+
|
|
46
|
+
Save to `.ai/reports/developer-report-YYYY-MM-DD.md`:
|
|
47
|
+
|
|
48
|
+
```markdown
|
|
49
|
+
## Developer Activity Report
|
|
50
|
+
Generated: YYYY-MM-DD | Period: last 3 months
|
|
51
|
+
|
|
52
|
+
### Team Summary
|
|
53
|
+
| Developer | Commits | Files Changed | Primary Areas |
|
|
54
|
+
|-----------|---------|--------------|---------------|
|
|
55
|
+
| Alice | 45 | 120 | controllers, services |
|
|
56
|
+
| Bob | 30 | 80 | models, migrations |
|
|
57
|
+
|
|
58
|
+
### Activity by Developer
|
|
59
|
+
|
|
60
|
+
#### Alice (45 commits)
|
|
61
|
+
**Areas of ownership:**
|
|
62
|
+
- src/controllers/ (25 commits)
|
|
63
|
+
- src/services/ (12 commits)
|
|
64
|
+
|
|
65
|
+
**Commit breakdown:**
|
|
66
|
+
- Features: 20 | Fixes: 15 | Refactors: 8 | Docs: 2
|
|
67
|
+
|
|
68
|
+
**Quality observations:**
|
|
69
|
+
- Added tests in 8/20 feature commits (40%)
|
|
70
|
+
- 2 commits introduced TODOs without linked issues
|
|
71
|
+
- No security concerns in recent changes
|
|
72
|
+
|
|
73
|
+
**Notable contributions:**
|
|
74
|
+
- Implemented auth middleware (commit abc123)
|
|
75
|
+
- Fixed payment race condition (commit def456)
|
|
76
|
+
|
|
77
|
+
---
|
|
78
|
+
|
|
79
|
+
### Code Quality Hotspots
|
|
80
|
+
Files with most churn (frequent changes = potential instability):
|
|
81
|
+
| File | Changes (3mo) | Last Author | Concern |
|
|
82
|
+
|------|--------------|-------------|---------|
|
|
83
|
+
| src/server.ts | 12 changes | Multiple | High churn, complex file |
|
|
84
|
+
|
|
85
|
+
### Security Attribution
|
|
86
|
+
Issues from vulnerability scan attributed to authors:
|
|
87
|
+
| Issue | File:Line | Introduced by | When |
|
|
88
|
+
|-------|-----------|--------------|------|
|
|
89
|
+
| Hardcoded secret | keys.ts:18 | Bob | 2025-06-15 |
|
|
90
|
+
|
|
91
|
+
### Recommendations
|
|
92
|
+
1. [Team-level recommendations]
|
|
93
|
+
2. [Per-developer suggestions]
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
## Important Guidelines
|
|
97
|
+
|
|
98
|
+
- **Be constructive, not punitive** — the goal is to improve, not blame
|
|
99
|
+
- **Context matters** — a developer may have inherited bad code
|
|
100
|
+
- **Use git blame carefully** — the last modifier isn't always the author of the problem
|
|
101
|
+
- **Focus on patterns** — one missed test is noise; consistently missing tests is a pattern
|
|
102
|
+
- **Respect privacy** — this report may be sensitive; don't include in public repos
|
|
103
|
+
- **Never output secrets** found in git history
|
|
104
|
+
- Save report to `.ai/reports/developer-report-YYYY-MM-DD.md`
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Generate developer activity and code quality report from git history
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
Delegate to the **dev-report** agent. It analyzes git history to generate reports on developer contributions, code quality patterns, and security attribution.
|
|
6
|
+
|
|
7
|
+
**Saves report to `.ai/reports/developer-report-YYYY-MM-DD.md`**
|
|
8
|
+
|
|
9
|
+
Examples:
|
|
10
|
+
- `/dev-report` — Team overview (last 3 months)
|
|
11
|
+
- `/dev-report Alice` — Individual developer report
|
|
12
|
+
- `/dev-report security` — Who introduced known security issues
|
|
13
|
+
|
|
14
|
+
$ARGUMENTS
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
---
|
|
2
|
+
description: Convert a markdown report to PDF
|
|
3
|
+
argument-hint: "[file-path or 'all' for all reports]"
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
Convert markdown report(s) to PDF.
|
|
7
|
+
|
|
8
|
+
## Arguments
|
|
9
|
+
- `$ARGUMENTS`
|
|
10
|
+
- If empty or "all", convert all reports in `.ai/reports/`
|
|
11
|
+
- If a file path, convert that specific file
|
|
12
|
+
|
|
13
|
+
## How to Convert
|
|
14
|
+
|
|
15
|
+
Try these tools in order (use whichever is available):
|
|
16
|
+
|
|
17
|
+
1. **md-to-pdf** (Node.js): `npx md-to-pdf <file.md>` — creates `<file.pdf>` alongside it
|
|
18
|
+
2. **pandoc**: `pandoc <file.md> -o <file.pdf> --pdf-engine=wkhtmltopdf`
|
|
19
|
+
3. **If neither is available**, install md-to-pdf: `npx md-to-pdf <file.md>`
|
|
20
|
+
|
|
21
|
+
## For "all" reports
|
|
22
|
+
```
|
|
23
|
+
for f in .ai/reports/*.md; do
|
|
24
|
+
npx md-to-pdf "$f"
|
|
25
|
+
done
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## Output
|
|
29
|
+
- PDFs are saved alongside the markdown files in `.ai/reports/`
|
|
30
|
+
- Report which files were converted and their paths
|
|
@@ -160,7 +160,9 @@ Slash commands for common workflows. Run `/help` to list all with descriptions.
|
|
|
160
160
|
- `/deps` - Map dependencies ("what breaks if I change X?")
|
|
161
161
|
- `/health` - Comprehensive codebase health audit
|
|
162
162
|
- `/vulnerabilities` - Scan dependencies and code for security issues
|
|
163
|
+
- `/dev-report` - Developer activity and code quality report
|
|
163
164
|
- `/docs` - Audit, write, or improve documentation
|
|
165
|
+
- `/export-pdf` - Convert markdown reports to PDF
|
|
164
166
|
- `/fix-issue <number>` - Investigate and fix a GitHub issue
|
|
165
167
|
|
|
166
168
|
### Rules (`.claude/rules/`)
|
|
@@ -181,6 +183,7 @@ Language-specific conventions that activate automatically when editing matching
|
|
|
181
183
|
- `dependency-mapper` — Maps import chains and blast radius (sonnet, read-only)
|
|
182
184
|
- `health-auditor` — Comprehensive codebase health audit (sonnet, read-only)
|
|
183
185
|
- `vulnerability-scanner` — Dependency and code vulnerability analysis (sonnet)
|
|
186
|
+
- `dev-report` — Developer activity, quality patterns, security attribution (sonnet)
|
|
184
187
|
- `doc-writer` — Audits docs, identifies gaps, writes/improves documentation (sonnet)
|
|
185
188
|
- `debugger` — Traces root causes systematically (sonnet, no file edits)
|
|
186
189
|
|