@vyuhlabs/dxkit 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -21,61 +21,51 @@ Running `init` auto-detects your tech stack and generates a complete `.claude/`
21
21
 
22
22
  ```
23
23
  .claude/
24
- settings.json # Permissions, deny list, hooks
25
- agents/ # Active agents (auto-trigger)
24
+ settings.json # Permissions, deny list, learning hooks
25
+ agents/ # Active agents (auto-trigger on matching questions)
26
26
  knowledge-bot.md # Answers codebase questions
27
27
  onboarding.md # Interactive onboarding buddy
28
28
  quality-reviewer.md # Reviews code before committing
29
- agents-available/ # Dormant agents (activate on demand)
29
+ doc-writer.md # Audits and writes documentation
30
+ agents-available/ # Dormant agents (activate with /enable-agent)
30
31
  codebase-explorer.md # Deep architecture analysis
31
32
  code-reviewer.md # PR review and security audit
32
33
  test-writer.md # Writes tests for existing code
34
+ test-gap-finder.md # Identifies untested critical code
35
+ dependency-mapper.md # Maps import chains and blast radius
36
+ health-auditor.md # 6-dimension codebase health audit
37
+ vulnerability-scanner.md # Dependency + code security scan
38
+ dev-report.md # Developer activity + quality attribution
33
39
  debugger.md # Root cause analysis
34
- commands/ # Slash commands
35
- ask.md # /ask — Query the codebase
36
- quality.md # /quality — Run linters
37
- test.md # /test — Run tests with coverage
38
- check.md # /check — Full pre-commit validation
39
- fix.md # /fix — Auto-fix issues
40
- learn.md # /learn — Capture gotchas/conventions
41
- onboarding.md # /onboarding — Start onboarding
42
- help.md # /help — List everything
43
- session-start.md # /session-start — Begin dev session
44
- session-end.md # /session-end — Checkpoint + evolve skills
45
- ...
40
+ commands/ # 24 slash commands (see below)
46
41
  skills/ # Domain knowledge
47
42
  codebase/ # Auto-generated architecture overview
48
43
  learned/ # Evolving gotchas, conventions, deny list
49
- quality/ # Quality check patterns
50
- ...
51
- rules/ # Path-scoped rules (per language)
44
+ rules/ # Path-scoped rules (per language + framework)
52
45
  CLAUDE.md # Main context file for Claude Code
53
46
  .ai/
54
47
  sessions/ # Session checkpoints
48
+ reports/ # Generated reports (health, vulnerabilities, etc.)
49
+ .github/
50
+ workflows/
51
+ pr-review.yml # Automated PR review (opt-in)
55
52
  ```
56
53
 
57
54
  ## Supported Languages
58
55
 
59
- | Language | Detection | Linters | Tests | Coverage |
60
- |---|---|---|---|---|
61
- | Node.js / TypeScript | `package.json` | ESLint, Prettier, tsc | Auto-detected (Jest, Mocha, Vitest, Ava) | framework-specific |
62
- | Python | `pyproject.toml`, `setup.py`, `*.py` | ruff, mypy | pytest | pytest-cov |
63
- | Go | `go.mod` | golangci-lint, go vet | go test | go cover |
64
- | C# | `*.csproj`, `*.sln` | dotnet format, Roslyn | dotnet test | coverlet |
65
- | Rust | `Cargo.toml` | clippy, rustfmt | cargo test | tarpaulin |
56
+ | Language | Detection | Linters | Test Runner |
57
+ |---|---|---|---|
58
+ | Node.js / TypeScript | `package.json` | ESLint, Prettier, tsc | Auto-detected (Jest, Mocha, Vitest, Ava, Tap) |
59
+ | Python | `pyproject.toml`, `setup.py`, `*.py` | ruff, mypy | pytest |
60
+ | Go | `go.mod` | golangci-lint, go vet | go test |
61
+ | C# | `*.csproj`, `*.sln` | dotnet format, Roslyn | dotnet test |
62
+ | Rust | `Cargo.toml` | clippy, rustfmt | cargo test |
66
63
 
67
- ## Supported Tools
68
-
69
- Auto-detected and integrated when present:
70
-
71
- - **Google Cloud** (gcloud) — SDK commands, security rules
72
- - **Infisical** — Secrets management, never-leak rules
73
- - **Pulumi** — IaC with preview-before-apply safety
74
- - **Docker** — Container commands
64
+ Multi-language repos fully supported — detects and generates rules/commands for all languages present.
75
65
 
76
66
  ## Supported Frameworks
77
67
 
78
- Auto-detected with framework-specific rules:
68
+ Auto-detected with framework-specific path-scoped rules:
79
69
 
80
70
  - **LoopBack** — Controller/model/repository patterns, decorator conventions
81
71
  - **Express** — Middleware/routing conventions, error handling patterns
@@ -83,9 +73,16 @@ Auto-detected with framework-specific rules:
83
73
  - **FastAPI**, **Django**, **Flask** — Detected (rules coming soon)
84
74
  - **Gin**, **Echo**, **Fiber** — Detected (rules coming soon)
85
75
 
86
- ## Commands
76
+ ## Supported Tools
77
+
78
+ Auto-detected and integrated when present:
79
+
80
+ - **Google Cloud** (gcloud) — SDK commands, security rules
81
+ - **Infisical** — Secrets management, never-leak rules
82
+ - **Pulumi** — IaC with preview-before-apply safety
83
+ - **Docker** — Container commands
87
84
 
88
- After init, these slash commands are available in Claude Code:
85
+ ## Commands (24)
89
86
 
90
87
  ### Development Workflow
91
88
  | Command | Description |
@@ -99,19 +96,28 @@ After init, these slash commands are available in Claude Code:
99
96
  | Command | Description |
100
97
  |---|---|
101
98
  | `/quality` | Run language-specific linters + AI review |
102
- | `/test` | Run tests (auto-detected runner: Jest, Mocha, Vitest, etc.) |
99
+ | `/test` | Run tests (auto-detected runner) |
103
100
  | `/check` | Full pre-commit validation (quality + tests + AI review) |
104
101
  | `/fix` | Auto-fix formatting and lint issues |
105
102
  | `/build` | Build the project |
106
103
  | `/setup-hooks` | Install git pre-commit/pre-push hooks |
107
104
  | `/test-gaps` | Find critical untested code paths |
108
105
 
106
+ ### Analysis & Reports
107
+ | Command | Description | Report |
108
+ |---|---|---|
109
+ | `/health` | 6-dimension codebase health audit | `.ai/reports/health-audit-*.md` |
110
+ | `/vulnerabilities` | Dependency + code vulnerability scan | `.ai/reports/vulnerability-scan-*.md` |
111
+ | `/dev-report` | Developer activity + security attribution | `.ai/reports/developer-report-*.md` |
112
+ | `/docs audit` | Documentation gap analysis | `.ai/reports/docs-audit-*.md` |
113
+ | `/deps` | Dependency map + blast radius | `.ai/reports/dependency-map-*.md` |
114
+ | `/export-pdf` | Convert markdown reports to PDF | `.ai/reports/*.pdf` |
115
+
109
116
  ### Exploration & Onboarding
110
117
  | Command | Description |
111
118
  |---|---|
112
- | `/onboarding` | Interactive onboarding for new developers |
119
+ | `/onboarding` | Interactive onboarding buddy for new developers |
113
120
  | `/explore-codebase` | Deep architecture exploration |
114
- | `/deps` | Map dependencies ("what breaks if I change X?") |
115
121
  | `/help` | List all commands and agents |
116
122
 
117
123
  ### Operations
@@ -124,21 +130,41 @@ After init, these slash commands are available in Claude Code:
124
130
 
125
131
  ## Agents
126
132
 
127
- ### Active by Default
133
+ ### Active by Default (4)
128
134
  These agents auto-trigger when Claude detects a matching question:
129
135
 
130
136
  - **knowledge-bot** — "How does auth work?" "Where are payments handled?"
131
137
  - **onboarding** — "I'm new, help me get started" "What does this project do?"
132
138
  - **quality-reviewer** — "Review my changes" "Check quality before I commit"
139
+ - **doc-writer** — "What needs documentation?" "Help me write docs"
133
140
 
134
- ### Dormant (activate with `/enable-agent`)
141
+ ### Dormant (9) — activate with `/enable-agent`
135
142
  - **codebase-explorer** — Deep architecture analysis, generates documentation
136
143
  - **code-reviewer** — PR review and security audit (read-only)
137
144
  - **test-writer** — Writes tests for existing code
138
145
  - **test-gap-finder** — Identifies critical untested code paths, prioritized by risk
139
146
  - **dependency-mapper** — Maps import chains and blast radius of changes
147
+ - **health-auditor** — Comprehensive codebase health audit (scores 6 dimensions)
148
+ - **vulnerability-scanner** — Dependency + code vulnerability analysis
149
+ - **dev-report** — Developer activity, quality patterns, security attribution
140
150
  - **debugger** — Systematic root cause analysis
141
151
 
152
+ ## Reports
153
+
154
+ All analysis commands save timestamped reports to `.ai/reports/`:
155
+
156
+ ```bash
157
+ .ai/reports/
158
+ health-audit-2026-03-30.md # Scores: tests, quality, docs, security, DX
159
+ vulnerability-scan-2026-03-30.md # CVEs, hardcoded secrets, dependency risks
160
+ developer-report-2026-03-30.md # Team activity, ownership, security attribution
161
+ test-gaps-2026-03-30.md # Critical untested code, prioritized by risk
162
+ docs-audit-2026-03-30.md # Documentation gaps and recommendations
163
+ dependency-map-2026-03-30.md # Import chains, most-depended-on files
164
+ ```
165
+
166
+ Convert to PDF: `/export-pdf all` or `/export-pdf .ai/reports/health-audit-2026-03-30.md`
167
+
142
168
  ## Learning System
143
169
 
144
170
  DXKit includes a continuous learning system that improves over time:
@@ -146,14 +172,14 @@ DXKit includes a continuous learning system that improves over time:
146
172
  1. **Stop Hook** — After each conversation, Claude is reminded to capture learnings
147
173
  2. **`/learn` command** — Explicitly save gotchas, conventions, or things to avoid
148
174
  3. **`/session-end`** — Creates checkpoint and evolves skill files
149
- 4. **Evolving files** — These files are append-only and never overwritten:
175
+ 4. **Evolving files** — Append-only, never overwritten even with `--force`:
150
176
  - `.claude/skills/learned/references/gotchas.md`
151
177
  - `.claude/skills/learned/references/conventions.md`
152
178
  - `.claude/skills/learned/references/deny-recommendations.md`
153
179
 
154
180
  ## PR Review Automation
155
181
 
156
- DXKit generates a GitHub Action (`.github/workflows/pr-review.yml`) that automatically reviews PRs using Claude Code. Enable it by:
182
+ DXKit generates a GitHub Action that automatically reviews PRs using Claude Code:
157
183
 
158
184
  1. Set `ENABLE_AI_REVIEW=true` as a GitHub Actions variable
159
185
  2. Add `ANTHROPIC_API_KEY` to repo secrets
@@ -162,33 +188,21 @@ Reviews appear as PR comments with issues rated as critical/warning/suggestion.
162
188
 
163
189
  ## Smart Detection
164
190
 
165
- DXKit goes beyond language detection:
166
-
167
- - **Test runner** — Detects Jest, Mocha, Vitest, Ava, Tap, pytest, go test from package.json scripts and dependencies
168
- - **Framework** — Detects LoopBack, Express, NestJS, FastAPI, Gin, etc. and generates framework-specific rules
169
- - **Test presence** — Counts test files vs source files and warns about minimal test coverage
170
- - **Multi-language** — Detects Python from `.py` files even without `pyproject.toml` (common in mixed repos)
191
+ - **Test runner** Detects Jest, Mocha, Vitest, Ava, Tap, pytest, go test from scripts and dependencies
192
+ - **Framework** — Detects LoopBack, Express, NestJS, FastAPI, Gin, etc. with framework-specific rules
193
+ - **Test presence** — Counts test files vs source files, warns about minimal coverage
194
+ - **Multi-language** — Detects all languages including Python from `.py` files (no config file required)
195
+ - **Language breakdown** — Shows file count per language in codebase skill for accurate analysis
171
196
 
172
197
  ## CLI Reference
173
198
 
174
199
  ```bash
175
- # Initialize (auto-detect stack)
176
- npx @vyuhlabs/dxkit init --detect
177
-
178
- # Initialize (interactive)
179
- npx @vyuhlabs/dxkit init
180
-
181
- # Initialize (everything, no prompts)
182
- npx @vyuhlabs/dxkit init --full --yes
183
-
184
- # Re-generate after config changes (preserves evolved files)
185
- npx @vyuhlabs/dxkit update
186
-
187
- # Re-generate with codebase rescan
188
- npx @vyuhlabs/dxkit update --rescan
189
-
190
- # Verify setup
191
- npx @vyuhlabs/dxkit doctor
200
+ npx @vyuhlabs/dxkit init --detect # Auto-detect, minimal prompts
201
+ npx @vyuhlabs/dxkit init # Interactive
202
+ npx @vyuhlabs/dxkit init --full --yes # Everything, no prompts
203
+ npx @vyuhlabs/dxkit update # Re-generate (preserves evolved files)
204
+ npx @vyuhlabs/dxkit update --rescan # Re-run codebase analysis
205
+ npx @vyuhlabs/dxkit doctor # Verify setup
192
206
  ```
193
207
 
194
208
  ### Init Options
@@ -203,56 +217,44 @@ npx @vyuhlabs/dxkit doctor
203
217
  | `--name <n>` | Override project name |
204
218
  | `--no-scan` | Skip codebase analysis |
205
219
 
206
- ## Example: Adding to an Existing Node.js Project
220
+ ## Example: Node.js/TypeScript Project
207
221
 
208
222
  ```bash
209
- cd my-express-app
223
+ cd my-loopback-app
210
224
  npx @vyuhlabs/dxkit init --detect --yes
211
225
  ```
212
226
 
213
- This generates:
214
- - `CLAUDE.md` with Node.js-specific context
215
- - `.claude/commands/quality.md` with `npx eslint .` and `npx tsc --noEmit`
216
- - `.claude/commands/test.md` with auto-detected test runner and framework
217
- - `.claude/rules/` with Node.js + framework-specific conventions
218
- - `.claude/skills/codebase/SKILL.md` with auto-scanned architecture overview
219
- - `.github/workflows/pr-review.yml` for automated PR review
220
- - 3 active agents + 7 dormant agents
227
+ Output:
228
+ ```
229
+ Languages: node
230
+ Framework: loopback
231
+ Tests: mocha (npm test)
232
+ Created: 61 files
233
+ ```
221
234
 
222
235
  Then in Claude Code:
223
236
  ```
224
- /help # See everything available
225
- /ask How does the auth middleware work? # Ask about the codebase
226
- /quality # Run ESLint + TypeScript checks
227
- /onboarding # Get oriented as a new developer
237
+ /help # See everything
238
+ /ask How does the auth middleware work? # Codebase Q&A
239
+ /health # Full health audit
240
+ /vulnerabilities # Security scan
241
+ /dev-report # Team activity report
242
+ /quality # ESLint + AI review
243
+ /onboarding # New developer guide
228
244
  ```
229
245
 
230
- ## Example: Adding to a Python + Go Monorepo
246
+ ## Example: Multi-Language Repo (Python + Go + TypeScript)
231
247
 
232
248
  ```bash
233
249
  cd my-monorepo
234
250
  npx @vyuhlabs/dxkit init --detect --yes
235
251
  ```
236
252
 
237
- Detects both languages and generates:
238
- - Quality commands with ruff + mypy (Python) and golangci-lint (Go)
239
- - Test commands with pytest + go test
240
- - Path-scoped rules for both `.py` and `.go` files
241
- - Language-specific coverage enforcement
242
-
243
- ## How It Works
244
-
245
- 1. **Detection** — Scans for config files (`package.json`, `go.mod`, `pyproject.toml`, etc.) to determine languages and tools
246
- 2. **Template Processing** — Processes `.md.template` files through a conditional template engine, stripping irrelevant language sections
247
- 3. **Codebase Scanning** — Analyzes source files to find entry points, API routes, test patterns, and conventions
248
- 4. **Generation** — Writes files non-destructively (never overwrites without `--force`, evolving files always preserved)
249
- 5. **Manifest** — Saves state to `.vyuh-dxkit.json` for `update` and `doctor` commands
250
-
251
- ## Non-Destructive by Design
252
-
253
- - Files that already exist are **skipped** (use `--force` to overwrite)
254
- - Evolving files (`gotchas.md`, `conventions.md`, `deny-recommendations.md`) are **never overwritten**, even with `--force`
255
- - The manifest (`.vyuh-dxkit.json`) tracks what was generated for safe updates
253
+ Generates:
254
+ - Quality commands with `npx eslint .` + `ruff check .` + `golangci-lint run`
255
+ - Test commands with `npm test` + `pytest` + `go test`
256
+ - Path-scoped rules for `.ts`, `.py`, and `.go` files
257
+ - Language breakdown in codebase skill: "TypeScript: 200, Python: 50, Go: 30"
256
258
 
257
259
  ## AI-Assisted Development Workflow
258
260
 
@@ -262,11 +264,20 @@ git checkout -b feature/my-feature # Create branch
262
264
  /ask How does the payment flow work? # Understand the code
263
265
  # ... develop with full context ...
264
266
  /quality # Lint + AI review
265
- /test # Tests with coverage
267
+ /test # Tests
268
+ /learn auth tokens expire after 24h # Capture gotcha
266
269
  git add -A && git commit # Commit
267
270
  /session-end # Checkpoint + evolve skills
268
271
  ```
269
272
 
273
+ ## How It Works
274
+
275
+ 1. **Detection** — Scans for config files, source files, and tools to determine languages, frameworks, and test runners
276
+ 2. **Template Processing** — Processes `.md.template` files through a conditional engine, generating language-specific commands
277
+ 3. **Codebase Scanning** — Analyzes source files to find entry points, API routes (including LoopBack/Express/FastAPI decorators), test patterns, and language breakdown
278
+ 4. **Generation** — Writes 60+ files non-destructively (never overwrites without `--force`, evolving files always preserved)
279
+ 5. **Manifest** — Saves state to `.vyuh-dxkit.json` for `update` and `doctor` commands
280
+
270
281
  ## License
271
282
 
272
283
  MIT
@@ -1,5 +1,5 @@
1
1
  import { ResolvedConfig } from './types';
2
- export declare const VERSION = "0.7.0";
2
+ export declare const VERSION = "0.8.0";
3
3
  export declare const DEFAULT_VERSIONS: {
4
4
  python: string;
5
5
  go: string;
package/dist/constants.js CHANGED
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.EVOLVING_FILES = exports.DEFAULT_COVERAGE = exports.DEFAULT_VERSIONS = exports.VERSION = void 0;
4
4
  exports.buildVariables = buildVariables;
5
5
  exports.buildConditions = buildConditions;
6
- exports.VERSION = '0.7.0';
6
+ exports.VERSION = '0.8.0';
7
7
  exports.DEFAULT_VERSIONS = {
8
8
  python: '3.12',
9
9
  go: '1.24.0',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vyuhlabs/dxkit",
3
- "version": "0.7.0",
3
+ "version": "0.8.0",
4
4
  "description": "AI-native developer experience toolkit for any repository",
5
5
  "license": "MIT",
6
6
  "bin": {
@@ -0,0 +1,30 @@
1
+ ---
2
+ description: Convert a markdown report to PDF
3
+ argument-hint: "[file-path or 'all' for all reports]"
4
+ ---
5
+
6
+ Convert markdown report(s) to PDF.
7
+
8
+ ## Arguments
9
+ - `$ARGUMENTS`
10
+ - If empty or "all", convert all reports in `.ai/reports/`
11
+ - If a file path, convert that specific file
12
+
13
+ ## How to Convert
14
+
15
+ Try these tools in order (use whichever is available):
16
+
17
+ 1. **md-to-pdf** (Node.js): `npx md-to-pdf <file.md>` — creates `<file.pdf>` alongside it
18
+ 2. **pandoc**: `pandoc <file.md> -o <file.pdf> --pdf-engine=wkhtmltopdf`
19
+ 3. **If neither is available**, install md-to-pdf: `npx md-to-pdf <file.md>`
20
+
21
+ ## For "all" reports
22
+ ```
23
+ for f in .ai/reports/*.md; do
24
+ npx md-to-pdf "$f"
25
+ done
26
+ ```
27
+
28
+ ## Output
29
+ - PDFs are saved alongside the markdown files in `.ai/reports/`
30
+ - Report which files were converted and their paths
@@ -162,6 +162,7 @@ Slash commands for common workflows. Run `/help` to list all with descriptions.
162
162
  - `/vulnerabilities` - Scan dependencies and code for security issues
163
163
  - `/dev-report` - Developer activity and code quality report
164
164
  - `/docs` - Audit, write, or improve documentation
165
+ - `/export-pdf` - Convert markdown reports to PDF
165
166
  - `/fix-issue <number>` - Investigate and fix a GitHub issue
166
167
 
167
168
  ### Rules (`.claude/rules/`)