@vyuhlabs/dxkit 2.4.8 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +312 -0
- package/README.md +360 -439
- package/dist/analyzers/security/aggregator.d.ts.map +1 -1
- package/dist/analyzers/security/aggregator.js +4 -46
- package/dist/analyzers/security/aggregator.js.map +1 -1
- package/dist/analyzers/tools/fingerprint.d.ts +91 -26
- package/dist/analyzers/tools/fingerprint.d.ts.map +1 -1
- package/dist/analyzers/tools/fingerprint.js +111 -22
- package/dist/analyzers/tools/fingerprint.js.map +1 -1
- package/dist/analyzers/tools/generic.d.ts.map +1 -1
- package/dist/analyzers/tools/generic.js +6 -1
- package/dist/analyzers/tools/generic.js.map +1 -1
- package/dist/analyzers/tools/gitleaks.d.ts +24 -1
- package/dist/analyzers/tools/gitleaks.d.ts.map +1 -1
- package/dist/analyzers/tools/gitleaks.js +20 -11
- package/dist/analyzers/tools/gitleaks.js.map +1 -1
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +9 -5
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts +19 -1
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +25 -0
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/analyzers/types.d.ts +6 -4
- package/dist/analyzers/types.d.ts.map +1 -1
- package/dist/baseline/baseline-file.d.ts +104 -0
- package/dist/baseline/baseline-file.d.ts.map +1 -0
- package/dist/baseline/baseline-file.js +110 -0
- package/dist/baseline/baseline-file.js.map +1 -0
- package/dist/baseline/check-renderers.d.ts +108 -0
- package/dist/baseline/check-renderers.d.ts.map +1 -0
- package/dist/baseline/check-renderers.js +379 -0
- package/dist/baseline/check-renderers.js.map +1 -0
- package/dist/baseline/check.d.ts +127 -0
- package/dist/baseline/check.d.ts.map +1 -0
- package/dist/baseline/check.js +462 -0
- package/dist/baseline/check.js.map +1 -0
- package/dist/baseline/content-hash.d.ts +83 -0
- package/dist/baseline/content-hash.d.ts.map +1 -0
- package/dist/baseline/content-hash.js +131 -0
- package/dist/baseline/content-hash.js.map +1 -0
- package/dist/baseline/create.d.ts +96 -0
- package/dist/baseline/create.d.ts.map +1 -0
- package/dist/baseline/create.js +339 -0
- package/dist/baseline/create.js.map +1 -0
- package/dist/baseline/entry-to-located.d.ts +35 -0
- package/dist/baseline/entry-to-located.d.ts.map +1 -0
- package/dist/baseline/entry-to-located.js +72 -0
- package/dist/baseline/entry-to-located.js.map +1 -0
- package/dist/baseline/finding-identity.d.ts +47 -0
- package/dist/baseline/finding-identity.d.ts.map +1 -0
- package/dist/baseline/finding-identity.js +292 -0
- package/dist/baseline/finding-identity.js.map +1 -0
- package/dist/baseline/git-aware-match.d.ts +146 -0
- package/dist/baseline/git-aware-match.d.ts.map +1 -0
- package/dist/baseline/git-aware-match.js +439 -0
- package/dist/baseline/git-aware-match.js.map +1 -0
- package/dist/baseline/policy.d.ts +171 -0
- package/dist/baseline/policy.d.ts.map +1 -0
- package/dist/baseline/policy.js +206 -0
- package/dist/baseline/policy.js.map +1 -0
- package/dist/baseline/producers/health.d.ts +30 -0
- package/dist/baseline/producers/health.d.ts.map +1 -0
- package/dist/baseline/producers/health.js +42 -0
- package/dist/baseline/producers/health.js.map +1 -0
- package/dist/baseline/producers/index.d.ts +164 -0
- package/dist/baseline/producers/index.d.ts.map +1 -0
- package/dist/baseline/producers/index.js +200 -0
- package/dist/baseline/producers/index.js.map +1 -0
- package/dist/baseline/producers/licenses.d.ts +23 -0
- package/dist/baseline/producers/licenses.d.ts.map +1 -0
- package/dist/baseline/producers/licenses.js +46 -0
- package/dist/baseline/producers/licenses.js.map +1 -0
- package/dist/baseline/producers/quality.d.ts +39 -0
- package/dist/baseline/producers/quality.d.ts.map +1 -0
- package/dist/baseline/producers/quality.js +84 -0
- package/dist/baseline/producers/quality.js.map +1 -0
- package/dist/baseline/producers/secret-hmac.d.ts +45 -0
- package/dist/baseline/producers/secret-hmac.d.ts.map +1 -0
- package/dist/baseline/producers/secret-hmac.js +70 -0
- package/dist/baseline/producers/secret-hmac.js.map +1 -0
- package/dist/baseline/producers/security.d.ts +59 -0
- package/dist/baseline/producers/security.d.ts.map +1 -0
- package/dist/baseline/producers/security.js +135 -0
- package/dist/baseline/producers/security.js.map +1 -0
- package/dist/baseline/producers/tests.d.ts +36 -0
- package/dist/baseline/producers/tests.d.ts.map +1 -0
- package/dist/baseline/producers/tests.js +69 -0
- package/dist/baseline/producers/tests.js.map +1 -0
- package/dist/baseline/salt.d.ts +45 -0
- package/dist/baseline/salt.d.ts.map +1 -0
- package/dist/baseline/salt.js +113 -0
- package/dist/baseline/salt.js.map +1 -0
- package/dist/baseline/show.d.ts +79 -0
- package/dist/baseline/show.d.ts.map +1 -0
- package/dist/baseline/show.js +233 -0
- package/dist/baseline/show.js.map +1 -0
- package/dist/baseline/types.d.ts +482 -0
- package/dist/baseline/types.d.ts.map +1 -0
- package/dist/baseline/types.js +53 -0
- package/dist/baseline/types.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +398 -82
- package/dist/cli.js.map +1 -1
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.js +0 -4
- package/dist/constants.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +39 -35
- package/dist/doctor.js.map +1 -1
- package/dist/fail-on.d.ts +84 -0
- package/dist/fail-on.d.ts.map +1 -0
- package/dist/fail-on.js +128 -0
- package/dist/fail-on.js.map +1 -0
- package/dist/generator.d.ts +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +81 -274
- package/dist/generator.js.map +1 -1
- package/dist/hooks-cli.d.ts +20 -0
- package/dist/hooks-cli.d.ts.map +1 -0
- package/dist/hooks-cli.js +145 -0
- package/dist/hooks-cli.js.map +1 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +4 -9
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +3 -14
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +19 -1
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +32 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +4 -6
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +9 -11
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +4 -15
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +4 -6
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +4 -4
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +29 -28
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +31 -4
- package/dist/languages/typescript.js.map +1 -1
- package/dist/lib.d.ts +2 -3
- package/dist/lib.d.ts.map +1 -1
- package/dist/lib.js +3 -6
- package/dist/lib.js.map +1 -1
- package/dist/prompts.d.ts.map +1 -1
- package/dist/prompts.js +0 -10
- package/dist/prompts.js.map +1 -1
- package/dist/report-schema.d.ts +42 -0
- package/dist/report-schema.d.ts.map +1 -0
- package/dist/report-schema.js +54 -0
- package/dist/report-schema.js.map +1 -0
- package/dist/ship-installers.d.ts +112 -0
- package/dist/ship-installers.d.ts.map +1 -0
- package/dist/ship-installers.js +530 -0
- package/dist/ship-installers.js.map +1 -0
- package/dist/tools-cli.d.ts.map +1 -1
- package/dist/tools-cli.js +45 -9
- package/dist/tools-cli.js.map +1 -1
- package/dist/types.d.ts +0 -4
- package/dist/types.d.ts.map +1 -1
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +0 -4
- package/dist/update.js.map +1 -1
- package/package.json +17 -11
- package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
- package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
- package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
- package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
- package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
- package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
- package/templates/.devcontainer/devcontainer.json +55 -0
- package/templates/.devcontainer/install-agent-clis.sh +42 -0
- package/templates/.devcontainer/post-create.sh +81 -0
- package/templates/.githooks/pre-commit +55 -0
- package/templates/.githooks/pre-push +63 -0
- package/templates/.github/workflows/dxkit-baseline-refresh.yml +78 -0
- package/templates/.github/workflows/dxkit-guardrails.yml +98 -0
- package/templates/AGENTS.md.template +137 -0
- package/templates/CLAUDE.md.template +16 -245
- package/dist/codebase-scanner.d.ts +0 -36
- package/dist/codebase-scanner.d.ts.map +0 -1
- package/dist/codebase-scanner.js +0 -688
- package/dist/codebase-scanner.js.map +0 -1
- package/dist/project-yaml.d.ts +0 -13
- package/dist/project-yaml.d.ts.map +0 -1
- package/dist/project-yaml.js +0 -188
- package/dist/project-yaml.js.map +0 -1
- package/templates/.ai/README.md +0 -117
- package/templates/.ai/prompts/execution-prompt.md +0 -9
- package/templates/.ai/prompts/planning-prompt.md +0 -18
- package/templates/.ai/prompts/session-end-template.md +0 -182
- package/templates/.ai/prompts/session-end.md +0 -132
- package/templates/.ai/prompts/session-start.md +0 -109
- package/templates/.ai/prompts/step-by-step.md +0 -113
- package/templates/.ai/sessions/.gitkeep +0 -0
- package/templates/.claude/agents/doc-writer.md +0 -107
- package/templates/.claude/agents/knowledge-bot.md +0 -64
- package/templates/.claude/agents/onboarding.md +0 -61
- package/templates/.claude/agents/quality-reviewer.md +0 -85
- package/templates/.claude/agents-available/code-reviewer.md +0 -29
- package/templates/.claude/agents-available/codebase-explorer.md +0 -100
- package/templates/.claude/agents-available/dashboard-builder.md +0 -433
- package/templates/.claude/agents-available/debugger.md +0 -29
- package/templates/.claude/agents-available/dependency-mapper.md +0 -80
- package/templates/.claude/agents-available/dev-report.md +0 -108
- package/templates/.claude/agents-available/doc-writer.md +0 -107
- package/templates/.claude/agents-available/feature-builder.md +0 -163
- package/templates/.claude/agents-available/feature-planner.md +0 -185
- package/templates/.claude/agents-available/health-auditor.md +0 -95
- package/templates/.claude/agents-available/hooks-configurator.md +0 -211
- package/templates/.claude/agents-available/knowledge-bot.md +0 -62
- package/templates/.claude/agents-available/plan-executor.md +0 -133
- package/templates/.claude/agents-available/strategic-planner.md +0 -141
- package/templates/.claude/agents-available/test-gap-finder.md +0 -67
- package/templates/.claude/agents-available/test-writer.md +0 -34
- package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
- package/templates/.claude/commands/ask.md +0 -7
- package/templates/.claude/commands/build-feature.md +0 -26
- package/templates/.claude/commands/build.md.template +0 -30
- package/templates/.claude/commands/check.md.template +0 -43
- package/templates/.claude/commands/dashboard.md +0 -28
- package/templates/.claude/commands/deps.md +0 -15
- package/templates/.claude/commands/dev-report.md +0 -50
- package/templates/.claude/commands/docs.md +0 -21
- package/templates/.claude/commands/doctor.md +0 -21
- package/templates/.claude/commands/enable-agent.md +0 -12
- package/templates/.claude/commands/execute-plan.md +0 -25
- package/templates/.claude/commands/explore-codebase.md +0 -12
- package/templates/.claude/commands/export-pdf.md +0 -30
- package/templates/.claude/commands/feature.md +0 -25
- package/templates/.claude/commands/fix-issue.md +0 -12
- package/templates/.claude/commands/fix.md.template +0 -32
- package/templates/.claude/commands/health.md +0 -58
- package/templates/.claude/commands/help.md +0 -36
- package/templates/.claude/commands/learn.md +0 -48
- package/templates/.claude/commands/onboarding.md +0 -21
- package/templates/.claude/commands/plan.md +0 -20
- package/templates/.claude/commands/quality.md.template +0 -65
- package/templates/.claude/commands/session-end.md +0 -40
- package/templates/.claude/commands/session-start.md +0 -30
- package/templates/.claude/commands/setup-hooks.md +0 -18
- package/templates/.claude/commands/setup-pr-review.md +0 -72
- package/templates/.claude/commands/stealth-mode.md +0 -17
- package/templates/.claude/commands/test-gaps.md +0 -49
- package/templates/.claude/commands/test.md.template +0 -40
- package/templates/.claude/commands/vulnerabilities.md +0 -49
- package/templates/.claude/skills/build/SKILL.md.template +0 -98
- package/templates/.claude/skills/deploy/SKILL.md.template +0 -131
- package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
- package/templates/.claude/skills/doctor/SKILL.md +0 -54
- package/templates/.claude/skills/gcloud/SKILL.md +0 -66
- package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
- package/templates/.claude/skills/learned/SKILL.md +0 -55
- package/templates/.claude/skills/learned/references/conventions.md +0 -11
- package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
- package/templates/.claude/skills/learned/references/gotchas.md +0 -11
- package/templates/.claude/skills/pulumi/SKILL.md +0 -73
- package/templates/.claude/skills/quality/SKILL.md.template +0 -108
- package/templates/.claude/skills/quality/references/gotchas.md +0 -5
- package/templates/.claude/skills/review/SKILL.md.template +0 -73
- package/templates/.claude/skills/scaffold/SKILL.md.template +0 -123
- package/templates/.claude/skills/secrets/SKILL.md +0 -52
- package/templates/.claude/skills/session/SKILL.md +0 -43
- package/templates/.claude/skills/test/SKILL.md.template +0 -122
- package/templates/.claude/skills/test/references/gotchas.md +0 -5
- package/templates/.devcontainer/Dockerfile.dev.template +0 -89
- package/templates/.devcontainer/devcontainer.json.template +0 -184
- package/templates/.devcontainer/docker-compose.yml.template +0 -105
- package/templates/.devcontainer/init-scripts/01-init.sql.template +0 -12
- package/templates/.devcontainer/post-create.sh.template +0 -298
- package/templates/.github/workflows/ci.yml.template +0 -399
- package/templates/.github/workflows/quality.yml.template +0 -376
- package/templates/.pre-commit-config.yaml.template +0 -106
- package/templates/.project/config/edit_config.py +0 -275
- package/templates/.project/config/project_config.py +0 -894
- package/templates/.project/scripts/codegen/generate-all.sh +0 -20
- package/templates/.project/scripts/codegen/validate-all.sh +0 -17
- package/templates/.project/scripts/docs/generate-all.sh +0 -30
- package/templates/.project/scripts/docs/serve.sh +0 -20
- package/templates/.project/scripts/quality/fix-all.sh +0 -138
- package/templates/.project/scripts/quality/lint-go.sh +0 -34
- package/templates/.project/scripts/quality/lint-python.sh +0 -54
- package/templates/.project/scripts/quality/run-all.sh +0 -497
- package/templates/.project/scripts/session/commit.sh +0 -70
- package/templates/.project/scripts/session/create-pr.sh +0 -165
- package/templates/.project/scripts/session/end.sh +0 -207
- package/templates/.project/scripts/session/start.sh +0 -233
- package/templates/.project/scripts/setup/doctor.sh +0 -404
- package/templates/.project/scripts/setup/interactive-setup.sh +0 -585
- package/templates/.project/scripts/sync/sync-template.sh +0 -328
- package/templates/.project/scripts/test/run-all.sh +0 -179
- package/templates/.project/scripts/test/run-quick.sh +0 -25
- package/templates/Makefile +0 -514
- package/templates/config/versions.yaml +0 -57
- package/templates/configs/go/.golangci.yml.template +0 -172
- package/templates/configs/go/go.mod.template +0 -15
- package/templates/configs/java/README.md +0 -6
- package/templates/configs/kotlin/README.md +0 -6
- package/templates/configs/node/package.json.template +0 -67
- package/templates/configs/node/tsconfig.json.template +0 -53
- package/templates/configs/python/pyproject.toml.template +0 -92
- package/templates/configs/python/pytest.ini.template +0 -64
- package/templates/configs/python/ruff.toml.template +0 -79
- package/templates/configs/ruby/README.md +0 -6
- package/templates/configs/rust/Cargo.toml.template +0 -51
- package/templates/configs/shared/.editorconfig +0 -67
- package/templates/scripts/validate-templates.sh +0 -449
|
@@ -1,173 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: vulnerability-scanner
|
|
3
|
-
description: Comprehensive security vulnerability scanner — dependencies (with CWE classification), code patterns, file uploads, decompression bombs, recursion depth, native modules, resource limits. Use when asked about vulnerabilities, "is this secure?", "audit dependencies", or "security scan". Saves report to .dxkit/reports/.
|
|
4
|
-
model: sonnet
|
|
5
|
-
tools: Read, Grep, Glob, Bash, Write
|
|
6
|
-
---
|
|
7
|
-
|
|
8
|
-
You are a security vulnerability analyst. Your job is to comprehensively scan dependencies and code for security issues, classify findings by CWE, and produce an actionable report.
|
|
9
|
-
|
|
10
|
-
## Phase 1: Dependency Vulnerabilities with CWE Classification
|
|
11
|
-
|
|
12
|
-
### Node.js
|
|
13
|
-
Run `npm audit --json 2>/dev/null` and parse the full output:
|
|
14
|
-
1. Extract severity counts (critical/high/medium/low)
|
|
15
|
-
2. **Extract CWE fields** from each advisory's `via` entries (skip string entries — those are transitive refs)
|
|
16
|
-
3. Group findings by CWE category using this mapping:
|
|
17
|
-
|
|
18
|
-
| CWE | Name |
|
|
19
|
-
|-----|------|
|
|
20
|
-
| CWE-22 | Directory Traversal |
|
|
21
|
-
| CWE-78 | Command Injection |
|
|
22
|
-
| CWE-94 | Arbitrary Code Injection |
|
|
23
|
-
| CWE-120 | Buffer Overflow |
|
|
24
|
-
| CWE-248 | Uncaught Exception |
|
|
25
|
-
| CWE-352 | Cross-Site Request Forgery |
|
|
26
|
-
| CWE-400 | Uncontrolled Resource Consumption |
|
|
27
|
-
| CWE-407 | Inefficient Algorithmic Complexity |
|
|
28
|
-
| CWE-409 | Decompression Bomb |
|
|
29
|
-
| CWE-434 | Arbitrary File Upload |
|
|
30
|
-
| CWE-674 | Uncontrolled Recursion |
|
|
31
|
-
| CWE-770 | Allocation Without Limits |
|
|
32
|
-
| CWE-772 | Missing Resource Release |
|
|
33
|
-
| CWE-835 | Infinite Loop |
|
|
34
|
-
| CWE-918 | Server-Side Request Forgery |
|
|
35
|
-
| CWE-1321 | Prototype Pollution |
|
|
36
|
-
| CWE-1333 | ReDoS |
|
|
37
|
-
|
|
38
|
-
Also run `npm outdated --json 2>/dev/null` for outdated packages.
|
|
39
|
-
|
|
40
|
-
### Python
|
|
41
|
-
- Run `pip audit 2>/dev/null` or `safety check 2>/dev/null` if available
|
|
42
|
-
- Check for pinned vs unpinned versions in `requirements.txt` / `pyproject.toml`
|
|
43
|
-
|
|
44
|
-
### Go / Rust / C#
|
|
45
|
-
- Run `govulncheck ./... 2>/dev/null`, `cargo audit 2>/dev/null`, `dotnet list package --vulnerable 2>/dev/null`
|
|
46
|
-
|
|
47
|
-
## Phase 2: Code-Level Vulnerability Scan
|
|
48
|
-
|
|
49
|
-
### Injection (CWE-78, CWE-89, CWE-79)
|
|
50
|
-
- **Command injection**: `exec(`, `child_process`, `os.system(`, `subprocess.call(` — flag if input could be user-controlled
|
|
51
|
-
- **SQL injection**: string concatenation in queries, template literals with user input
|
|
52
|
-
- **XSS**: `dangerouslySetInnerHTML`, `v-html`, unescaped output in templates
|
|
53
|
-
|
|
54
|
-
### Authentication & Secrets (CWE-798, CWE-327)
|
|
55
|
-
- Hardcoded secrets: `password\s*=\s*['"]`, `apiKey`, `secret\s*=`, `token\s*=\s*['"]`
|
|
56
|
-
- Weak crypto: `md5`, `sha1` for passwords, `Math.random` for tokens
|
|
57
|
-
- JWT issues: `algorithm.*none`, missing expiry, hardcoded signing keys
|
|
58
|
-
|
|
59
|
-
### Decompression Bomb (CWE-409)
|
|
60
|
-
- `zlib.createGunzip()`, `createInflate()`, `createUnzip()` — flag if no `maxOutputLength`
|
|
61
|
-
- `tar.extract()`, `tar.x()` — flag if no `maxReadSize` or size filter
|
|
62
|
-
- `require('decompress')`, `require('unzipper')`, `require('adm-zip')` — flag on user-uploaded files
|
|
63
|
-
- `express.json()`, `bodyParser.json()` — flag if no `limit` option
|
|
64
|
-
|
|
65
|
-
### Uncontrolled Recursion (CWE-674)
|
|
66
|
-
- `JSON.parse(` on user input without depth validation
|
|
67
|
-
- XML parsers (`fast-xml-parser`, `xml2js`, `@xmldom/xmldom`) — flag if no `maxDepth`
|
|
68
|
-
- `yaml.load()` instead of `yaml.safeLoad()`, no schema restriction
|
|
69
|
-
- Custom recursive functions processing user data without depth guards
|
|
70
|
-
|
|
71
|
-
### Arbitrary File Upload (CWE-434)
|
|
72
|
-
- `multer` — flag if no `fileFilter`, no `limits.fileSize`, storage in web-accessible dir
|
|
73
|
-
- `formidable` — flag if no `maxFileSize`, no type validation
|
|
74
|
-
- `busboy` — flag if no `limits` option
|
|
75
|
-
- `fs.writeFile`/`createWriteStream` with user-controlled path — flag if no extension/MIME validation
|
|
76
|
-
|
|
77
|
-
### Resource Allocation Without Limits (CWE-770)
|
|
78
|
-
- No rate limiting middleware (`express-rate-limit`, `RateLimiter`)
|
|
79
|
-
- `express.json()`/`bodyParser` without `limit` option
|
|
80
|
-
- WebSocket without `maxPayload`: `socket.on('message'`, `ws.on('message'`
|
|
81
|
-
- Database queries without `.limit()` or pagination on user-facing endpoints
|
|
82
|
-
|
|
83
|
-
### Data Exposure
|
|
84
|
-
- Sensitive data in logs: `console.log.*password`, `print.*secret`
|
|
85
|
-
- Debug mode: `DEBUG=true`, `debug: true` in production config
|
|
86
|
-
- Exposed stack traces in error handlers
|
|
87
|
-
- CORS wildcard: `Access-Control-Allow-Origin: *`
|
|
88
|
-
|
|
89
|
-
## Phase 3: Native Module Audit (CWE-120)
|
|
90
|
-
|
|
91
|
-
Run these checks:
|
|
92
|
-
```bash
|
|
93
|
-
find node_modules -name "*.node" -type f 2>/dev/null | head -20
|
|
94
|
-
find node_modules -name "binding.gyp" -maxdepth 3 2>/dev/null | head -20
|
|
95
|
-
```
|
|
96
|
-
|
|
97
|
-
Known native packages with historical buffer overflow CVEs:
|
|
98
|
-
- `sharp` (libvips), `bcrypt` (OpenSSL), `node-canvas` (cairo), `sqlite3`, `grpc`, `bufferutil`
|
|
99
|
-
|
|
100
|
-
Flag native modules not covered by npm audit for manual review.
|
|
101
|
-
|
|
102
|
-
## Phase 4: Dependency Chain Risk
|
|
103
|
-
|
|
104
|
-
- Count total dependencies (direct + transitive)
|
|
105
|
-
- Identify largest dependency trees (supply chain risk)
|
|
106
|
-
- Check for abandoned packages (>2yr no update)
|
|
107
|
-
- Count native modules in tree
|
|
108
|
-
|
|
109
|
-
## Phase 5: Generate Report
|
|
110
|
-
|
|
111
|
-
Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`:
|
|
112
|
-
|
|
113
|
-
```markdown
|
|
114
|
-
## Vulnerability Scan Report
|
|
115
|
-
|
|
116
|
-
### Summary
|
|
117
|
-
| Severity | Dependency Issues | Code Issues | Total |
|
|
118
|
-
|----------|------------------|-------------|-------|
|
|
119
|
-
| Critical | X | X | X |
|
|
120
|
-
| High | X | X | X |
|
|
121
|
-
| Medium | X | X | X |
|
|
122
|
-
| Low | X | X | X |
|
|
123
|
-
|
|
124
|
-
### Findings by CWE Category
|
|
125
|
-
| CWE | Category | Dep. Issues | Code Issues | Severity |
|
|
126
|
-
|-----|----------|-------------|-------------|----------|
|
|
127
|
-
| CWE-78 | Command Injection | 0 | 2 | Critical |
|
|
128
|
-
| CWE-770 | Allocation Without Limits | 4 | 1 | High |
|
|
129
|
-
| CWE-835 | Infinite Loop | 2 | 0 | High |
|
|
130
|
-
| CWE-409 | Decompression Bomb | 0 | 1 | High |
|
|
131
|
-
| CWE-674 | Uncontrolled Recursion | 1 | 0 | Medium |
|
|
132
|
-
| CWE-434 | Arbitrary File Upload | 0 | 1 | Medium |
|
|
133
|
-
|
|
134
|
-
### Dependency Vulnerabilities
|
|
135
|
-
| Package | Severity | CWE | Description | Fix |
|
|
136
|
-
|---------|----------|-----|-------------|-----|
|
|
137
|
-
| tar@6.1.11 | High | CWE-409 | Decompression bomb | Upgrade to 6.2.0 |
|
|
138
|
-
|
|
139
|
-
### Code Vulnerabilities
|
|
140
|
-
| File:Line | Severity | CWE | Type | Description |
|
|
141
|
-
|-----------|----------|-----|------|-------------|
|
|
142
|
-
| src/auth.ts:42 | Critical | CWE-798 | Hardcoded secret | JWT key in source |
|
|
143
|
-
| src/upload.ts:10 | High | CWE-434 | File upload | multer without fileFilter |
|
|
144
|
-
|
|
145
|
-
### Native Modules
|
|
146
|
-
| Package | Type | Has Advisories | Notes |
|
|
147
|
-
|---------|------|----------------|-------|
|
|
148
|
-
| sharp@0.32.1 | binding.gyp | Yes (2 high) | Image processing |
|
|
149
|
-
| bcrypt@5.1.0 | binding.gyp | No | Manual review recommended |
|
|
150
|
-
|
|
151
|
-
### Dependency Health
|
|
152
|
-
- Total dependencies: X (direct: Y, transitive: Z)
|
|
153
|
-
- Native modules: X
|
|
154
|
-
- Outdated: X packages
|
|
155
|
-
- Abandoned (>2yr no update): X packages
|
|
156
|
-
|
|
157
|
-
### Recommendations (prioritized)
|
|
158
|
-
1. [Critical fix with exact steps]
|
|
159
|
-
2. ...
|
|
160
|
-
|
|
161
|
-
---
|
|
162
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit) vulnerability-scanner agent*
|
|
163
|
-
```
|
|
164
|
-
|
|
165
|
-
## Rules
|
|
166
|
-
|
|
167
|
-
- **Run real tools** — don't guess, run `npm audit --json`, `pip audit`, etc.
|
|
168
|
-
- **Classify by CWE** — every finding should have a CWE number
|
|
169
|
-
- **Be specific** — exact package versions, file:line references, CVE/GHSA numbers
|
|
170
|
-
- **Prioritize by exploitability** — a reachable RCE is worse than a theoretical DoS
|
|
171
|
-
- **Include fix instructions** — "upgrade X to Y" or "replace pattern A with B"
|
|
172
|
-
- **Never output actual secret values** — say "hardcoded secret found at file:line", don't print it
|
|
173
|
-
- Save the report to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Ask a question about the codebase (e.g., "How does auth work?", "Where are payments handled?")
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate this question to the **knowledge-bot** agent. It will search the code, read relevant files, trace execution paths, and return a specific answer with file references.
|
|
6
|
-
|
|
7
|
-
Question: $ARGUMENTS
|
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Build a feature from a feature-planner plan
|
|
3
|
-
argument-hint: "[feature-slug or empty to list]"
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
Delegate to the **feature-builder** agent. It executes a feature plan from `.ai/features/` task by task with:
|
|
7
|
-
- Tests written alongside (or before) implementation
|
|
8
|
-
- Conventions matched to existing codebase patterns
|
|
9
|
-
- Session checkpoints after each task
|
|
10
|
-
- Progress tracking in `.ai/features/progress/`
|
|
11
|
-
- Skill evolution (conventions and gotchas captured)
|
|
12
|
-
|
|
13
|
-
Examples:
|
|
14
|
-
- `/build-feature` — List available feature plans
|
|
15
|
-
- `/build-feature user-roles` — Start building from `.ai/features/user-roles.md`
|
|
16
|
-
- `/build-feature webhook-notifications` — Resume in-progress feature
|
|
17
|
-
|
|
18
|
-
The builder follows the plan, runs the same quality/test tools as your reports, and checkpoints at natural boundaries.
|
|
19
|
-
|
|
20
|
-
**IMPORTANT: End with this exact footer:**
|
|
21
|
-
```
|
|
22
|
-
---
|
|
23
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
24
|
-
```
|
|
25
|
-
|
|
26
|
-
$ARGUMENTS
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Build the project
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Build the project. Run these commands:
|
|
6
|
-
|
|
7
|
-
{{#IF_NODE}}
|
|
8
|
-
## Node / TypeScript
|
|
9
|
-
1. `npm install` — Install dependencies (if node_modules is missing)
|
|
10
|
-
2. `npm run build` — Build/compile
|
|
11
|
-
{{/IF_NODE}}
|
|
12
|
-
{{#IF_PYTHON}}
|
|
13
|
-
## Python
|
|
14
|
-
1. `pip install -e .` — Install in development mode (if not already)
|
|
15
|
-
{{/IF_PYTHON}}
|
|
16
|
-
{{#IF_GO}}
|
|
17
|
-
## Go
|
|
18
|
-
1. `go build ./...` — Build all packages
|
|
19
|
-
{{/IF_GO}}
|
|
20
|
-
{{#IF_CSHARP}}
|
|
21
|
-
## C#
|
|
22
|
-
1. `dotnet restore` — Restore dependencies
|
|
23
|
-
2. `dotnet build` — Build
|
|
24
|
-
{{/IF_CSHARP}}
|
|
25
|
-
{{#IF_RUST}}
|
|
26
|
-
## Rust
|
|
27
|
-
1. `cargo build` — Build
|
|
28
|
-
{{/IF_RUST}}
|
|
29
|
-
|
|
30
|
-
Report build results. If there are errors, diagnose and suggest fixes.
|
|
@@ -1,43 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Full pre-commit validation (quality + tests + coverage)
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Run full pre-commit validation. All steps must pass before committing.
|
|
6
|
-
|
|
7
|
-
## Step 1: Linters
|
|
8
|
-
|
|
9
|
-
{{#IF_NODE}}
|
|
10
|
-
- `npx eslint .`
|
|
11
|
-
- `npx tsc --noEmit`
|
|
12
|
-
{{/IF_NODE}}
|
|
13
|
-
{{#IF_PYTHON}}
|
|
14
|
-
- `ruff check .`
|
|
15
|
-
- `ruff format --check .`
|
|
16
|
-
- `mypy .`
|
|
17
|
-
{{/IF_PYTHON}}
|
|
18
|
-
{{#IF_GO}}
|
|
19
|
-
- `golangci-lint run ./...`
|
|
20
|
-
- `go vet ./...`
|
|
21
|
-
{{/IF_GO}}
|
|
22
|
-
{{#IF_CSHARP}}
|
|
23
|
-
- `dotnet format --verify-no-changes`
|
|
24
|
-
- `dotnet build --no-restore -warnaserror`
|
|
25
|
-
{{/IF_CSHARP}}
|
|
26
|
-
{{#IF_RUST}}
|
|
27
|
-
- `cargo fmt --check`
|
|
28
|
-
- `cargo clippy -- -D warnings`
|
|
29
|
-
{{/IF_RUST}}
|
|
30
|
-
|
|
31
|
-
## Step 2: Tests
|
|
32
|
-
|
|
33
|
-
Run: `{{TEST_COMMAND}}`
|
|
34
|
-
|
|
35
|
-
Coverage threshold: **{{COVERAGE_THRESHOLD}}%**
|
|
36
|
-
|
|
37
|
-
## Step 3: AI Review
|
|
38
|
-
|
|
39
|
-
Delegate to the **quality-reviewer** agent to review changed files for issues linters miss.
|
|
40
|
-
|
|
41
|
-
## Verdict
|
|
42
|
-
|
|
43
|
-
Report: **PASS** (safe to commit) or **FAIL** (list what needs fixing).
|
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Generate a self-contained HTML dashboard from all dxkit reports
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Run the deterministic CLI to render `.dxkit/reports/*` into
|
|
6
|
-
`.dxkit/reports/dashboard.html`. No LLM templating — the HTML is a
|
|
7
|
-
pure function of the report markdowns and their JSON envelopes.
|
|
8
|
-
|
|
9
|
-
```bash
|
|
10
|
-
npx vyuh-dxkit dashboard . 2>/dev/null
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
The dashboard features:
|
|
14
|
-
- Dark theme with modern design
|
|
15
|
-
- Sidebar navigation grouped by report type with color-coded badges
|
|
16
|
-
- Overview tab synthesizing health score, dimension breakdown, key
|
|
17
|
-
metrics, and the top critical issues
|
|
18
|
-
- Full markdown rendering with styled tables, code blocks, headings
|
|
19
|
-
- Responsive layout (works on mobile)
|
|
20
|
-
- Print-friendly styles
|
|
21
|
-
|
|
22
|
-
If `vyuh-dxkit dashboard` isn't available (older dxkit version), fall
|
|
23
|
-
back to the `dashboard-builder` agent. The agent is also the right
|
|
24
|
-
tool when the user asks for natural-language narrative on top of the
|
|
25
|
-
dashboard (e.g., "explain the highest-priority items" or "summarize
|
|
26
|
-
this for an exec").
|
|
27
|
-
|
|
28
|
-
$ARGUMENTS
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Map dependencies — "what depends on X?" or "what breaks if I change Y?"
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate to the **dependency-mapper** agent. It will trace import chains and show what depends on what.
|
|
6
|
-
|
|
7
|
-
**Save the report to `.dxkit/reports/dependency-map-YYYY-MM-DD.md`** (use today's date).
|
|
8
|
-
|
|
9
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
10
|
-
```
|
|
11
|
-
---
|
|
12
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
13
|
-
```
|
|
14
|
-
|
|
15
|
-
$ARGUMENTS
|
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Generate developer activity and code quality report from git history
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
## Step 1: Check for Existing Report
|
|
6
|
-
|
|
7
|
-
```bash
|
|
8
|
-
ls .dxkit/reports/developer-report-*.md 2>/dev/null | tail -1
|
|
9
|
-
```
|
|
10
|
-
|
|
11
|
-
**If a report exists**: Read it. The commit counts, contributor stats, and velocity data are deterministic. Skip to Step 3.
|
|
12
|
-
|
|
13
|
-
**If no report exists**: Proceed to Step 2.
|
|
14
|
-
|
|
15
|
-
## Step 2: Generate Deterministic Report
|
|
16
|
-
|
|
17
|
-
```bash
|
|
18
|
-
npx vyuh-dxkit dev-report . --json 2>/dev/null
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
**If the command succeeds**: Read the saved report. Proceed to Step 3.
|
|
22
|
-
|
|
23
|
-
**If the command fails**: Analyze git history manually using `git log`, `git shortlog -sn`, `git log --numstat`. Note: "Stats are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic developer reports."
|
|
24
|
-
|
|
25
|
-
## Step 3: Enrich with Narrative
|
|
26
|
-
|
|
27
|
-
Using the git data, add:
|
|
28
|
-
|
|
29
|
-
- **Team dynamics** — who are the key contributors, bus factor risk, merge/review patterns
|
|
30
|
-
- **Code ownership** — who owns which areas, based on commit frequency per directory
|
|
31
|
-
- **Hot file analysis** — why the most-changed files change so often (feature churn? bug magnet? poor abstraction?)
|
|
32
|
-
- **Commit quality insights** — if conventional commit % is low, explain the benefits (changelogs, bisecting, CI automation)
|
|
33
|
-
- **Velocity interpretation** — is the trend healthy? are there spikes/drops that correlate with releases or incidents?
|
|
34
|
-
- **Identity consolidation** — flag likely duplicates (same person, different git configs)
|
|
35
|
-
|
|
36
|
-
**Do not change commit counts, contributor stats, or velocity numbers from the deterministic report.**
|
|
37
|
-
|
|
38
|
-
Save to `.dxkit/reports/developer-report-YYYY-MM-DD.md`.
|
|
39
|
-
|
|
40
|
-
Examples:
|
|
41
|
-
- `/dev-report` — Team overview (last 3 months)
|
|
42
|
-
- `/dev-report --since 2025-01-01` — Custom time range
|
|
43
|
-
|
|
44
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
45
|
-
```
|
|
46
|
-
---
|
|
47
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
48
|
-
```
|
|
49
|
-
|
|
50
|
-
$ARGUMENTS
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Audit documentation gaps or write/improve docs
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate to the **doc-writer** agent. It can audit documentation quality, identify gaps, and help write or improve docs.
|
|
6
|
-
|
|
7
|
-
When auditing, **save the report to `.dxkit/reports/docs-audit-YYYY-MM-DD.md`** (use today's date).
|
|
8
|
-
|
|
9
|
-
Examples:
|
|
10
|
-
- `/docs audit` — Assess documentation quality and list gaps
|
|
11
|
-
- `/docs improve README` — Improve the README
|
|
12
|
-
- `/docs add api` — Generate API documentation
|
|
13
|
-
- `/docs add jsdoc src/services/` — Add JSDoc to service files
|
|
14
|
-
|
|
15
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
16
|
-
```
|
|
17
|
-
---
|
|
18
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
$ARGUMENTS
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Diagnose development environment issues
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Diagnose this development environment. Check for common issues:
|
|
6
|
-
|
|
7
|
-
## Checks
|
|
8
|
-
|
|
9
|
-
1. **Git**: `git --version` and repo status
|
|
10
|
-
2. **Node** (if package.json): `node --version`, `npm --version`, check if `node_modules/` exists
|
|
11
|
-
3. **Python** (if pyproject.toml): `python3 --version`, check virtual env, check if deps installed
|
|
12
|
-
4. **Go** (if go.mod): `go version`, check if modules downloaded
|
|
13
|
-
5. **C#** (if .csproj): `dotnet --version`
|
|
14
|
-
6. **Rust** (if Cargo.toml): `rustc --version`, `cargo --version`
|
|
15
|
-
7. **Docker** (if docker-compose.yml): `docker --version`, check if running
|
|
16
|
-
8. **Make** (if Makefile): `make --version`
|
|
17
|
-
9. **Claude Code DX**: check `.claude/` directory, `CLAUDE.md`, `.vyuh-dxkit.json`
|
|
18
|
-
|
|
19
|
-
If `Makefile` exists with `doctor` target, run `make doctor` instead.
|
|
20
|
-
|
|
21
|
-
Report any issues found and provide remediation steps.
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Activate an available agent (or list all available agents)
|
|
3
|
-
argument-hint: "[agent-name or 'list']"
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
List the contents of `.claude/agents-available/` to show available agents and `.claude/agents/` to show active agents.
|
|
7
|
-
|
|
8
|
-
If the user provided an agent name, copy it from `agents-available/` to `agents/` to activate it:
|
|
9
|
-
- Argument: `$ARGUMENTS`
|
|
10
|
-
- If "list" or empty, just list both directories.
|
|
11
|
-
- If a valid agent name, run: `cp .claude/agents-available/$ARGUMENTS.md .claude/agents/$ARGUMENTS.md`
|
|
12
|
-
- Then confirm activation and briefly describe what the agent does (read the agent file for its description).
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Execute an improvement plan task by task with session management
|
|
3
|
-
argument-hint: "[plan-name or empty to list plans]"
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
Delegate to the **plan-executor** agent. It works through a plan from `.ai/plans/`, executing tasks one at a time with:
|
|
7
|
-
- Session checkpoints after each task
|
|
8
|
-
- Progress tracking in `.ai/plans/progress/`
|
|
9
|
-
- KPI measurement before and after
|
|
10
|
-
- Skill evolution (gotchas, conventions captured)
|
|
11
|
-
|
|
12
|
-
Examples:
|
|
13
|
-
- `/execute-plan` — List available plans
|
|
14
|
-
- `/execute-plan test-coverage` — Start working on test coverage plan
|
|
15
|
-
- `/execute-plan security` — Start working on security fixes
|
|
16
|
-
|
|
17
|
-
The executor follows the plan exactly, runs the same quality/test tools as your reports, and checkpoints at natural boundaries.
|
|
18
|
-
|
|
19
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
20
|
-
```
|
|
21
|
-
---
|
|
22
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
23
|
-
```
|
|
24
|
-
|
|
25
|
-
$ARGUMENTS
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Deep-explore the codebase and generate architecture documentation
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate this to the **codebase-explorer** agent. It will deeply analyze the codebase and generate:
|
|
6
|
-
|
|
7
|
-
1. `.claude/skills/codebase/SKILL.md` — Concise architecture and navigation guide
|
|
8
|
-
2. `.claude/skills/codebase/references/architecture.md` — Detailed reference
|
|
9
|
-
|
|
10
|
-
Focus on non-obvious things — gotchas, conventions, and architectural decisions that aren't apparent from file names alone.
|
|
11
|
-
|
|
12
|
-
**NEVER include secret values, tokens, or credentials in the output.**
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Convert a markdown report to PDF
|
|
3
|
-
argument-hint: "[file-path or 'all' for all reports]"
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
Convert markdown report(s) to PDF.
|
|
7
|
-
|
|
8
|
-
## Arguments
|
|
9
|
-
- `$ARGUMENTS`
|
|
10
|
-
- If empty or "all", convert all reports in `.dxkit/reports/`
|
|
11
|
-
- If a file path, convert that specific file
|
|
12
|
-
|
|
13
|
-
## How to Convert
|
|
14
|
-
|
|
15
|
-
Try these tools in order (use whichever is available):
|
|
16
|
-
|
|
17
|
-
1. **md-to-pdf** (Node.js): `npx md-to-pdf <file.md>` — creates `<file.pdf>` alongside it
|
|
18
|
-
2. **pandoc**: `pandoc <file.md> -o <file.pdf> --pdf-engine=wkhtmltopdf`
|
|
19
|
-
3. **If neither is available**, install md-to-pdf: `npx md-to-pdf <file.md>`
|
|
20
|
-
|
|
21
|
-
## For "all" reports
|
|
22
|
-
```
|
|
23
|
-
for f in .dxkit/reports/*.md; do
|
|
24
|
-
npx md-to-pdf "$f"
|
|
25
|
-
done
|
|
26
|
-
```
|
|
27
|
-
|
|
28
|
-
## Output
|
|
29
|
-
- PDFs are saved alongside the markdown files in `.dxkit/reports/`
|
|
30
|
-
- Report which files were converted and their paths
|
|
@@ -1,25 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Design and plan a new feature with implementation breakdown
|
|
3
|
-
argument-hint: "[feature description]"
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
Delegate to the **feature-planner** agent. It will:
|
|
7
|
-
1. Read existing codebase patterns from the codebase skill
|
|
8
|
-
2. Find similar features to model after
|
|
9
|
-
3. Design data, service, API, and test layers
|
|
10
|
-
4. Generate a detailed plan in `.ai/features/<slug>.md`
|
|
11
|
-
|
|
12
|
-
Examples:
|
|
13
|
-
- `/feature add user roles and permissions`
|
|
14
|
-
- `/feature webhook notifications for package events`
|
|
15
|
-
- `/feature export datapack to CSV`
|
|
16
|
-
|
|
17
|
-
The plan includes: acceptance criteria, API contract, files to create/modify, implementation order with estimates, conventions to follow, and verification steps.
|
|
18
|
-
|
|
19
|
-
**IMPORTANT: End with this exact footer:**
|
|
20
|
-
```
|
|
21
|
-
---
|
|
22
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
23
|
-
```
|
|
24
|
-
|
|
25
|
-
$ARGUMENTS
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Investigate and fix a GitHub issue
|
|
3
|
-
argument-hint: "[issue-number]"
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
Investigate and fix GitHub issue #$ARGUMENTS.
|
|
7
|
-
|
|
8
|
-
1. Fetch the issue: run `gh issue view $ARGUMENTS` (if `gh` is not installed, ask the user to describe it)
|
|
9
|
-
2. Delegate root cause analysis to the **debugger** agent
|
|
10
|
-
3. Fix the issue — make the minimal change needed
|
|
11
|
-
4. Write tests for the fix
|
|
12
|
-
5. Run `/quality` and `/test` before considering it done
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Auto-fix all quality and formatting issues
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Auto-fix quality and formatting issues.
|
|
6
|
-
|
|
7
|
-
{{#IF_NODE}}
|
|
8
|
-
## Node / TypeScript
|
|
9
|
-
1. `npx eslint . --fix` — Fix lint issues
|
|
10
|
-
2. `npx prettier --write .` — Format
|
|
11
|
-
{{/IF_NODE}}
|
|
12
|
-
{{#IF_PYTHON}}
|
|
13
|
-
## Python
|
|
14
|
-
1. `ruff check . --fix` — Fix lint issues
|
|
15
|
-
2. `ruff format .` — Format
|
|
16
|
-
{{/IF_PYTHON}}
|
|
17
|
-
{{#IF_GO}}
|
|
18
|
-
## Go
|
|
19
|
-
1. `gofmt -w .` — Format
|
|
20
|
-
2. `goimports -w .` — Fix imports
|
|
21
|
-
{{/IF_GO}}
|
|
22
|
-
{{#IF_CSHARP}}
|
|
23
|
-
## C#
|
|
24
|
-
1. `dotnet format` — Format and fix
|
|
25
|
-
{{/IF_CSHARP}}
|
|
26
|
-
{{#IF_RUST}}
|
|
27
|
-
## Rust
|
|
28
|
-
1. `cargo fmt` — Format
|
|
29
|
-
2. `cargo clippy --fix --allow-dirty` — Fix lint issues
|
|
30
|
-
{{/IF_RUST}}
|
|
31
|
-
|
|
32
|
-
Report what was fixed. If any issues remain, provide manual fix instructions.
|
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Run a comprehensive codebase health audit (tests, quality, docs, security, DX)
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
## Step 1: Check for Existing Report
|
|
6
|
-
|
|
7
|
-
Check if a deterministic report already exists:
|
|
8
|
-
|
|
9
|
-
```bash
|
|
10
|
-
ls .dxkit/reports/health-audit-*.md 2>/dev/null | tail -1
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
**If a report exists**: Read it. The scores and metrics are deterministic ground truth — do not change them. Skip to Step 3.
|
|
14
|
-
|
|
15
|
-
**If no report exists**: Proceed to Step 2.
|
|
16
|
-
|
|
17
|
-
## Step 2: Generate Deterministic Report
|
|
18
|
-
|
|
19
|
-
Try the DXKit CLI first:
|
|
20
|
-
|
|
21
|
-
```bash
|
|
22
|
-
npx vyuh-dxkit health . --json 2>/dev/null
|
|
23
|
-
```
|
|
24
|
-
|
|
25
|
-
**If the command succeeds** (returns JSON with `summary.overallScore`):
|
|
26
|
-
- The CLI saves a report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`
|
|
27
|
-
- Read that report. Proceed to Step 3.
|
|
28
|
-
|
|
29
|
-
**If the command fails** (not installed or errors):
|
|
30
|
-
- Run your own analysis: read source files, count tests, check for security issues, review documentation
|
|
31
|
-
- Score each dimension 0-100 using your best judgment
|
|
32
|
-
- Note in the report: "Scores are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic reproducible scores."
|
|
33
|
-
- Proceed to Step 3.
|
|
34
|
-
|
|
35
|
-
## Step 3: Enrich with Narrative
|
|
36
|
-
|
|
37
|
-
Using the metrics (from the existing report, CLI, or your own analysis), add to each dimension section:
|
|
38
|
-
|
|
39
|
-
- **Strengths** — what's working (cite specific files and counts from the report)
|
|
40
|
-
- **Weaknesses** — what needs attention (cite specific files and counts)
|
|
41
|
-
- **Recommendations** — actionable fixes, ordered by urgency (Critical → High → Medium → Low)
|
|
42
|
-
|
|
43
|
-
Add a **Prioritized Action Items** section at the end:
|
|
44
|
-
- Immediate (week 1) — critical security and testing gaps
|
|
45
|
-
- Short-term (weeks 2-4) — quality and documentation
|
|
46
|
-
- Medium-term (months 2-3) — architecture and maintainability
|
|
47
|
-
|
|
48
|
-
**If you have deterministic scores: keep all numbers exactly as reported. Add context and explanations only — do not re-score.**
|
|
49
|
-
|
|
50
|
-
Save the enriched report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`.
|
|
51
|
-
|
|
52
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
53
|
-
```
|
|
54
|
-
---
|
|
55
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
56
|
-
```
|
|
57
|
-
|
|
58
|
-
$ARGUMENTS
|
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: List all available project commands and agents
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
List all available commands and agents for this project.
|
|
6
|
-
|
|
7
|
-
## Available Commands
|
|
8
|
-
|
|
9
|
-
!`ls .claude/commands/`
|
|
10
|
-
|
|
11
|
-
## Active Agents
|
|
12
|
-
|
|
13
|
-
!`ls .claude/agents/ 2>/dev/null`
|
|
14
|
-
|
|
15
|
-
## Dormant Agents
|
|
16
|
-
|
|
17
|
-
!`ls .claude/agents-available/ 2>/dev/null`
|
|
18
|
-
|
|
19
|
-
## How Agents Work
|
|
20
|
-
|
|
21
|
-
- **Active agents** (`.claude/agents/`) — Claude automatically delegates matching questions to them. No action needed.
|
|
22
|
-
- **Dormant agents** (`.claude/agents-available/`) — Must be activated first: `/enable-agent <name>`
|
|
23
|
-
- Agents run in an **isolated context** with restricted tools (typically read-only).
|
|
24
|
-
- Deactivate an agent by removing it from `.claude/agents/`.
|
|
25
|
-
|
|
26
|
-
## Quick Start
|
|
27
|
-
|
|
28
|
-
- **Start a session**: `/session-start`
|
|
29
|
-
- **Ask about the codebase**: `/ask How does X work?` (or just ask naturally — knowledge-bot auto-triggers)
|
|
30
|
-
- **Run quality checks**: `/quality`
|
|
31
|
-
- **Explore architecture**: `/explore-codebase`
|
|
32
|
-
- **Generate onboarding guide**: `/onboarding`
|
|
33
|
-
- **Enable an agent**: `/enable-agent <name>`
|
|
34
|
-
- **End session**: `/session-end`
|
|
35
|
-
|
|
36
|
-
For each command and agent file listed above, read its `.md` file to get the description from frontmatter, then present everything in a clean, readable format. Strip the `.md` extension when displaying command names.
|