@vyuhlabs/dxkit 2.2.1 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/CHANGELOG.md +115 -0
  2. package/README.md +40 -29
  3. package/dist/analyzers/bom/discovery.d.ts +38 -0
  4. package/dist/analyzers/bom/discovery.d.ts.map +1 -0
  5. package/dist/analyzers/bom/discovery.js +166 -0
  6. package/dist/analyzers/bom/discovery.js.map +1 -0
  7. package/dist/analyzers/bom/gather.d.ts +28 -0
  8. package/dist/analyzers/bom/gather.d.ts.map +1 -1
  9. package/dist/analyzers/bom/gather.js +98 -0
  10. package/dist/analyzers/bom/gather.js.map +1 -1
  11. package/dist/analyzers/bom/index.d.ts +49 -2
  12. package/dist/analyzers/bom/index.d.ts.map +1 -1
  13. package/dist/analyzers/bom/index.js +188 -12
  14. package/dist/analyzers/bom/index.js.map +1 -1
  15. package/dist/analyzers/bom/types.d.ts +33 -1
  16. package/dist/analyzers/bom/types.d.ts.map +1 -1
  17. package/dist/analyzers/licenses/index.d.ts +1 -1
  18. package/dist/analyzers/licenses/index.d.ts.map +1 -1
  19. package/dist/analyzers/licenses/index.js +22 -7
  20. package/dist/analyzers/licenses/index.js.map +1 -1
  21. package/dist/analyzers/security/detailed.d.ts.map +1 -1
  22. package/dist/analyzers/security/detailed.js +21 -8
  23. package/dist/analyzers/security/detailed.js.map +1 -1
  24. package/dist/analyzers/security/gather.d.ts.map +1 -1
  25. package/dist/analyzers/security/gather.js +76 -1
  26. package/dist/analyzers/security/gather.js.map +1 -1
  27. package/dist/analyzers/security/index.d.ts.map +1 -1
  28. package/dist/analyzers/security/index.js +20 -7
  29. package/dist/analyzers/security/index.js.map +1 -1
  30. package/dist/analyzers/tools/epss.d.ts +55 -0
  31. package/dist/analyzers/tools/epss.d.ts.map +1 -0
  32. package/dist/analyzers/tools/epss.js +133 -0
  33. package/dist/analyzers/tools/epss.js.map +1 -0
  34. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  35. package/dist/analyzers/tools/graphify.js +17 -7
  36. package/dist/analyzers/tools/graphify.js.map +1 -1
  37. package/dist/analyzers/tools/kev.d.ts +52 -0
  38. package/dist/analyzers/tools/kev.d.ts.map +1 -0
  39. package/dist/analyzers/tools/kev.js +95 -0
  40. package/dist/analyzers/tools/kev.js.map +1 -0
  41. package/dist/analyzers/tools/npm-registry.d.ts +43 -0
  42. package/dist/analyzers/tools/npm-registry.d.ts.map +1 -0
  43. package/dist/analyzers/tools/npm-registry.js +107 -0
  44. package/dist/analyzers/tools/npm-registry.js.map +1 -0
  45. package/dist/analyzers/tools/osv.d.ts +12 -0
  46. package/dist/analyzers/tools/osv.d.ts.map +1 -1
  47. package/dist/analyzers/tools/osv.js +45 -2
  48. package/dist/analyzers/tools/osv.js.map +1 -1
  49. package/dist/analyzers/tools/reachability.d.ts +60 -0
  50. package/dist/analyzers/tools/reachability.d.ts.map +1 -0
  51. package/dist/analyzers/tools/reachability.js +104 -0
  52. package/dist/analyzers/tools/reachability.js.map +1 -0
  53. package/dist/analyzers/tools/risk-score.d.ts +69 -0
  54. package/dist/analyzers/tools/risk-score.d.ts.map +1 -0
  55. package/dist/analyzers/tools/risk-score.js +86 -0
  56. package/dist/analyzers/tools/risk-score.js.map +1 -0
  57. package/dist/analyzers/tools/tool-registry.d.ts +10 -0
  58. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  59. package/dist/analyzers/tools/tool-registry.js +35 -20
  60. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  61. package/dist/analyzers/xlsx/bom.d.ts.map +1 -1
  62. package/dist/analyzers/xlsx/bom.js +1 -2
  63. package/dist/analyzers/xlsx/bom.js.map +1 -1
  64. package/dist/cli.d.ts.map +1 -1
  65. package/dist/cli.js +41 -10
  66. package/dist/cli.js.map +1 -1
  67. package/dist/languages/capabilities/types.d.ts +6 -0
  68. package/dist/languages/capabilities/types.d.ts.map +1 -1
  69. package/dist/languages/csharp.d.ts.map +1 -1
  70. package/dist/languages/csharp.js +8 -0
  71. package/dist/languages/csharp.js.map +1 -1
  72. package/dist/languages/go.d.ts.map +1 -1
  73. package/dist/languages/go.js +24 -7
  74. package/dist/languages/go.js.map +1 -1
  75. package/dist/languages/python.d.ts.map +1 -1
  76. package/dist/languages/python.js +8 -0
  77. package/dist/languages/python.js.map +1 -1
  78. package/dist/languages/rust.d.ts.map +1 -1
  79. package/dist/languages/rust.js +9 -0
  80. package/dist/languages/rust.js.map +1 -1
  81. package/dist/languages/typescript.d.ts.map +1 -1
  82. package/dist/languages/typescript.js +23 -1
  83. package/dist/languages/typescript.js.map +1 -1
  84. package/package.json +1 -1
  85. package/templates/.claude/agents-available/dashboard-builder.md +7 -7
  86. package/templates/.claude/agents-available/dev-report.md +4 -4
  87. package/templates/.claude/agents-available/health-auditor.md +1 -1
  88. package/templates/.claude/agents-available/strategic-planner.md +7 -7
  89. package/templates/.claude/agents-available/vulnerability-scanner.md +3 -3
  90. package/templates/.claude/commands/dashboard.md +1 -1
  91. package/templates/.claude/commands/deps.md +1 -1
  92. package/templates/.claude/commands/dev-report.md +2 -2
  93. package/templates/.claude/commands/docs.md +1 -1
  94. package/templates/.claude/commands/export-pdf.md +3 -3
  95. package/templates/.claude/commands/health.md +3 -3
  96. package/templates/.claude/commands/plan.md +1 -1
  97. package/templates/.claude/commands/quality.md.template +2 -2
  98. package/templates/.claude/commands/stealth-mode.md +1 -1
  99. package/templates/.claude/commands/test-gaps.md +2 -2
  100. package/templates/.claude/commands/vulnerabilities.md +3 -3
@@ -7,7 +7,7 @@ description: Run a comprehensive codebase health audit (tests, quality, docs, se
7
7
  Check if a deterministic report already exists:
8
8
 
9
9
  ```bash
10
- ls .ai/reports/health-audit-*.md 2>/dev/null | tail -1
10
+ ls .dxkit/reports/health-audit-*.md 2>/dev/null | tail -1
11
11
  ```
12
12
 
13
13
  **If a report exists**: Read it. The scores and metrics are deterministic ground truth — do not change them. Skip to Step 3.
@@ -23,7 +23,7 @@ npx vyuh-dxkit health . --json 2>/dev/null
23
23
  ```
24
24
 
25
25
  **If the command succeeds** (returns JSON with `summary.overallScore`):
26
- - The CLI saves a report to `.ai/reports/health-audit-YYYY-MM-DD.md`
26
+ - The CLI saves a report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`
27
27
  - Read that report. Proceed to Step 3.
28
28
 
29
29
  **If the command fails** (not installed or errors):
@@ -47,7 +47,7 @@ Add a **Prioritized Action Items** section at the end:
47
47
 
48
48
  **If you have deterministic scores: keep all numbers exactly as reported. Add context and explanations only — do not re-score.**
49
49
 
50
- Save the enriched report to `.ai/reports/health-audit-YYYY-MM-DD.md`.
50
+ Save the enriched report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`.
51
51
 
52
52
  **IMPORTANT: End the report with this exact footer:**
53
53
  ```
@@ -2,7 +2,7 @@
2
2
  description: Generate improvement plans with KPIs from reports (or list existing plans)
3
3
  ---
4
4
 
5
- Delegate to the **strategic-planner** agent. It reads all reports in `.ai/reports/`, proposes measurable KPIs, and generates actionable plans in `.ai/plans/`.
5
+ Delegate to the **strategic-planner** agent. It reads all reports in `.dxkit/reports/`, proposes measurable KPIs, and generates actionable plans in `.ai/plans/`.
6
6
 
7
7
  If reports don't exist yet, it will tell you which commands to run first (`/health`, `/vulnerabilities`, `/test-gaps`, etc.).
8
8
 
@@ -5,7 +5,7 @@ description: Run code quality analysis with slop detection
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/quality-review-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/quality-review-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The slop score, duplication %, and metrics are deterministic. Skip to Step 3.
@@ -54,7 +54,7 @@ Using the quality metrics, add:
54
54
 
55
55
  **Do not change the slop score, duplication %, or metric counts from the deterministic report.**
56
56
 
57
- Save to `.ai/reports/quality-review-YYYY-MM-DD.md`.
57
+ Save to `.dxkit/reports/quality-review-YYYY-MM-DD.md`.
58
58
 
59
59
  **IMPORTANT: End the report with this exact footer:**
60
60
  ```
@@ -5,7 +5,7 @@ description: Configure DXKit as local-only (gitignore all generated files) + ins
5
5
  Delegate to the **hooks-configurator** agent with stealth mode enabled.
6
6
 
7
7
  This will:
8
- 1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
8
+ 1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `.dxkit/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
9
9
  2. Ask which hooks to enable (quality, test, vulnerability)
10
10
  3. Generate `.githooks/` directory (committed — all devs get the hooks)
11
11
  4. Install hooks with `git config core.hooksPath .githooks`
@@ -5,7 +5,7 @@ description: Find critical code paths that lack test coverage
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/test-gaps-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/test-gaps-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The file counts, coverage %, and risk tiers are deterministic. Skip to Step 3.
@@ -38,7 +38,7 @@ Add a **Test Infrastructure Setup** section if tests are at 0%:
38
38
 
39
39
  **Do not change coverage %, file counts, or risk classifications from the deterministic report.**
40
40
 
41
- Save to `.ai/reports/test-gaps-YYYY-MM-DD.md`.
41
+ Save to `.dxkit/reports/test-gaps-YYYY-MM-DD.md`.
42
42
 
43
43
  **IMPORTANT: End the report with this exact footer:**
44
44
  ```
@@ -5,7 +5,7 @@ description: Scan dependencies and code for security vulnerabilities
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The findings and severity counts are deterministic — do not change them. Skip to Step 3.
@@ -18,7 +18,7 @@ ls .ai/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
18
18
  npx vyuh-dxkit vulnerabilities . --json 2>/dev/null
19
19
  ```
20
20
 
21
- **If the command succeeds**: Read the saved report from `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`. Proceed to Step 3.
21
+ **If the command succeeds**: Read the saved report from `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`. Proceed to Step 3.
22
22
 
23
23
  **If the command fails**: Run your own security analysis — check for hardcoded secrets, eval/exec calls, dependency vulnerabilities (`npm audit`), private keys in git, disabled TLS. Note: "Findings are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic scanning with gitleaks + semgrep."
24
24
 
@@ -38,7 +38,7 @@ Add a **Remediation Plan** section:
38
38
 
39
39
  **Do not change severity counts or finding details from the deterministic report.**
40
40
 
41
- Save to `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`.
41
+ Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`.
42
42
 
43
43
  **IMPORTANT: End the report with this exact footer:**
44
44
  ```