@vyuhlabs/dxkit 2.5.0 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/CHANGELOG.md +77 -0
  2. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  3. package/dist/analyzers/tools/graphify.js +9 -5
  4. package/dist/analyzers/tools/graphify.js.map +1 -1
  5. package/dist/analyzers/tools/tool-registry.d.ts +19 -1
  6. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  7. package/dist/analyzers/tools/tool-registry.js +25 -0
  8. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  9. package/dist/cli.d.ts.map +1 -1
  10. package/dist/cli.js +38 -1
  11. package/dist/cli.js.map +1 -1
  12. package/dist/doctor.d.ts.map +1 -1
  13. package/dist/doctor.js +18 -11
  14. package/dist/doctor.js.map +1 -1
  15. package/dist/generator.d.ts +1 -1
  16. package/dist/generator.d.ts.map +1 -1
  17. package/dist/generator.js +81 -135
  18. package/dist/generator.js.map +1 -1
  19. package/dist/hooks-cli.d.ts +20 -0
  20. package/dist/hooks-cli.d.ts.map +1 -0
  21. package/dist/hooks-cli.js +145 -0
  22. package/dist/hooks-cli.js.map +1 -0
  23. package/dist/languages/csharp.d.ts.map +1 -1
  24. package/dist/languages/csharp.js +4 -0
  25. package/dist/languages/csharp.js.map +1 -1
  26. package/dist/languages/go.d.ts.map +1 -1
  27. package/dist/languages/go.js +4 -0
  28. package/dist/languages/go.js.map +1 -1
  29. package/dist/languages/index.d.ts +18 -0
  30. package/dist/languages/index.d.ts.map +1 -1
  31. package/dist/languages/index.js +32 -0
  32. package/dist/languages/index.js.map +1 -1
  33. package/dist/languages/java.d.ts.map +1 -1
  34. package/dist/languages/java.js +4 -0
  35. package/dist/languages/java.js.map +1 -1
  36. package/dist/languages/kotlin.d.ts.map +1 -1
  37. package/dist/languages/kotlin.js +9 -0
  38. package/dist/languages/kotlin.js.map +1 -1
  39. package/dist/languages/python.d.ts.map +1 -1
  40. package/dist/languages/python.js +4 -0
  41. package/dist/languages/python.js.map +1 -1
  42. package/dist/languages/ruby.d.ts.map +1 -1
  43. package/dist/languages/ruby.js +4 -0
  44. package/dist/languages/ruby.js.map +1 -1
  45. package/dist/languages/rust.d.ts.map +1 -1
  46. package/dist/languages/rust.js +4 -0
  47. package/dist/languages/rust.js.map +1 -1
  48. package/dist/languages/types.d.ts +27 -0
  49. package/dist/languages/types.d.ts.map +1 -1
  50. package/dist/languages/typescript.d.ts.map +1 -1
  51. package/dist/languages/typescript.js +5 -0
  52. package/dist/languages/typescript.js.map +1 -1
  53. package/dist/ship-installers.d.ts +6 -0
  54. package/dist/ship-installers.d.ts.map +1 -1
  55. package/dist/ship-installers.js +120 -5
  56. package/dist/ship-installers.js.map +1 -1
  57. package/dist/tools-cli.d.ts.map +1 -1
  58. package/dist/tools-cli.js +45 -9
  59. package/dist/tools-cli.js.map +1 -1
  60. package/package.json +1 -1
  61. package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
  62. package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
  63. package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
  64. package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
  65. package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
  66. package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
  67. package/templates/.devcontainer/devcontainer.json +7 -33
  68. package/templates/.devcontainer/post-create.sh +18 -4
  69. package/templates/AGENTS.md.template +137 -0
  70. package/templates/CLAUDE.md.template +16 -111
  71. package/dist/codebase-scanner.d.ts +0 -36
  72. package/dist/codebase-scanner.d.ts.map +0 -1
  73. package/dist/codebase-scanner.js +0 -687
  74. package/dist/codebase-scanner.js.map +0 -1
  75. package/templates/.claude/agents/doc-writer.md +0 -107
  76. package/templates/.claude/agents/knowledge-bot.md +0 -64
  77. package/templates/.claude/agents/onboarding.md +0 -62
  78. package/templates/.claude/agents/quality-reviewer.md +0 -85
  79. package/templates/.claude/agents-available/code-reviewer.md +0 -29
  80. package/templates/.claude/agents-available/codebase-explorer.md +0 -100
  81. package/templates/.claude/agents-available/dashboard-builder.md +0 -433
  82. package/templates/.claude/agents-available/debugger.md +0 -29
  83. package/templates/.claude/agents-available/dependency-mapper.md +0 -80
  84. package/templates/.claude/agents-available/dev-report.md +0 -108
  85. package/templates/.claude/agents-available/doc-writer.md +0 -107
  86. package/templates/.claude/agents-available/feature-builder.md +0 -163
  87. package/templates/.claude/agents-available/feature-planner.md +0 -185
  88. package/templates/.claude/agents-available/health-auditor.md +0 -95
  89. package/templates/.claude/agents-available/hooks-configurator.md +0 -211
  90. package/templates/.claude/agents-available/knowledge-bot.md +0 -62
  91. package/templates/.claude/agents-available/plan-executor.md +0 -133
  92. package/templates/.claude/agents-available/strategic-planner.md +0 -141
  93. package/templates/.claude/agents-available/test-gap-finder.md +0 -67
  94. package/templates/.claude/agents-available/test-writer.md +0 -34
  95. package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
  96. package/templates/.claude/commands/ask.md +0 -7
  97. package/templates/.claude/commands/build-feature.md +0 -26
  98. package/templates/.claude/commands/build.md.template +0 -30
  99. package/templates/.claude/commands/check.md.template +0 -43
  100. package/templates/.claude/commands/dashboard.md +0 -28
  101. package/templates/.claude/commands/deps.md +0 -15
  102. package/templates/.claude/commands/dev-report.md +0 -50
  103. package/templates/.claude/commands/docs.md +0 -21
  104. package/templates/.claude/commands/doctor.md +0 -29
  105. package/templates/.claude/commands/enable-agent.md +0 -12
  106. package/templates/.claude/commands/execute-plan.md +0 -25
  107. package/templates/.claude/commands/explore-codebase.md +0 -12
  108. package/templates/.claude/commands/export-pdf.md +0 -30
  109. package/templates/.claude/commands/feature.md +0 -25
  110. package/templates/.claude/commands/fix-issue.md +0 -12
  111. package/templates/.claude/commands/fix.md.template +0 -32
  112. package/templates/.claude/commands/health.md +0 -58
  113. package/templates/.claude/commands/help.md +0 -36
  114. package/templates/.claude/commands/learn.md +0 -48
  115. package/templates/.claude/commands/onboarding.md +0 -21
  116. package/templates/.claude/commands/plan.md +0 -20
  117. package/templates/.claude/commands/quality.md.template +0 -65
  118. package/templates/.claude/commands/session-end.md +0 -40
  119. package/templates/.claude/commands/session-start.md +0 -30
  120. package/templates/.claude/commands/setup-hooks.md +0 -18
  121. package/templates/.claude/commands/stealth-mode.md +0 -17
  122. package/templates/.claude/commands/test-gaps.md +0 -49
  123. package/templates/.claude/commands/test.md.template +0 -40
  124. package/templates/.claude/commands/vulnerabilities.md +0 -49
  125. package/templates/.claude/skills/build/SKILL.md.template +0 -90
  126. package/templates/.claude/skills/deploy/SKILL.md.template +0 -111
  127. package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
  128. package/templates/.claude/skills/doctor/SKILL.md +0 -31
  129. package/templates/.claude/skills/gcloud/SKILL.md +0 -66
  130. package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
  131. package/templates/.claude/skills/learned/SKILL.md +0 -55
  132. package/templates/.claude/skills/learned/references/conventions.md +0 -11
  133. package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
  134. package/templates/.claude/skills/learned/references/gotchas.md +0 -11
  135. package/templates/.claude/skills/pulumi/SKILL.md +0 -73
  136. package/templates/.claude/skills/quality/SKILL.md.template +0 -89
  137. package/templates/.claude/skills/quality/references/gotchas.md +0 -5
  138. package/templates/.claude/skills/review/SKILL.md.template +0 -74
  139. package/templates/.claude/skills/scaffold/SKILL.md.template +0 -113
  140. package/templates/.claude/skills/secrets/SKILL.md +0 -51
  141. package/templates/.claude/skills/session/SKILL.md +0 -32
  142. package/templates/.claude/skills/test/SKILL.md.template +0 -116
  143. package/templates/.claude/skills/test/references/gotchas.md +0 -5
@@ -1,173 +0,0 @@
1
- ---
2
- name: vulnerability-scanner
3
- description: Comprehensive security vulnerability scanner — dependencies (with CWE classification), code patterns, file uploads, decompression bombs, recursion depth, native modules, resource limits. Use when asked about vulnerabilities, "is this secure?", "audit dependencies", or "security scan". Saves report to .dxkit/reports/.
4
- model: sonnet
5
- tools: Read, Grep, Glob, Bash, Write
6
- ---
7
-
8
- You are a security vulnerability analyst. Your job is to comprehensively scan dependencies and code for security issues, classify findings by CWE, and produce an actionable report.
9
-
10
- ## Phase 1: Dependency Vulnerabilities with CWE Classification
11
-
12
- ### Node.js
13
- Run `npm audit --json 2>/dev/null` and parse the full output:
14
- 1. Extract severity counts (critical/high/medium/low)
15
- 2. **Extract CWE fields** from each advisory's `via` entries (skip string entries — those are transitive refs)
16
- 3. Group findings by CWE category using this mapping:
17
-
18
- | CWE | Name |
19
- |-----|------|
20
- | CWE-22 | Directory Traversal |
21
- | CWE-78 | Command Injection |
22
- | CWE-94 | Arbitrary Code Injection |
23
- | CWE-120 | Buffer Overflow |
24
- | CWE-248 | Uncaught Exception |
25
- | CWE-352 | Cross-Site Request Forgery |
26
- | CWE-400 | Uncontrolled Resource Consumption |
27
- | CWE-407 | Inefficient Algorithmic Complexity |
28
- | CWE-409 | Decompression Bomb |
29
- | CWE-434 | Arbitrary File Upload |
30
- | CWE-674 | Uncontrolled Recursion |
31
- | CWE-770 | Allocation Without Limits |
32
- | CWE-772 | Missing Resource Release |
33
- | CWE-835 | Infinite Loop |
34
- | CWE-918 | Server-Side Request Forgery |
35
- | CWE-1321 | Prototype Pollution |
36
- | CWE-1333 | ReDoS |
37
-
38
- Also run `npm outdated --json 2>/dev/null` for outdated packages.
39
-
40
- ### Python
41
- - Run `pip audit 2>/dev/null` or `safety check 2>/dev/null` if available
42
- - Check for pinned vs unpinned versions in `requirements.txt` / `pyproject.toml`
43
-
44
- ### Go / Rust / C#
45
- - Run `govulncheck ./... 2>/dev/null`, `cargo audit 2>/dev/null`, `dotnet list package --vulnerable 2>/dev/null`
46
-
47
- ## Phase 2: Code-Level Vulnerability Scan
48
-
49
- ### Injection (CWE-78, CWE-89, CWE-79)
50
- - **Command injection**: `exec(`, `child_process`, `os.system(`, `subprocess.call(` — flag if input could be user-controlled
51
- - **SQL injection**: string concatenation in queries, template literals with user input
52
- - **XSS**: `dangerouslySetInnerHTML`, `v-html`, unescaped output in templates
53
-
54
- ### Authentication & Secrets (CWE-798, CWE-327)
55
- - Hardcoded secrets: `password\s*=\s*['"]`, `apiKey`, `secret\s*=`, `token\s*=\s*['"]`
56
- - Weak crypto: `md5`, `sha1` for passwords, `Math.random` for tokens
57
- - JWT issues: `algorithm.*none`, missing expiry, hardcoded signing keys
58
-
59
- ### Decompression Bomb (CWE-409)
60
- - `zlib.createGunzip()`, `createInflate()`, `createUnzip()` — flag if no `maxOutputLength`
61
- - `tar.extract()`, `tar.x()` — flag if no `maxReadSize` or size filter
62
- - `require('decompress')`, `require('unzipper')`, `require('adm-zip')` — flag on user-uploaded files
63
- - `express.json()`, `bodyParser.json()` — flag if no `limit` option
64
-
65
- ### Uncontrolled Recursion (CWE-674)
66
- - `JSON.parse(` on user input without depth validation
67
- - XML parsers (`fast-xml-parser`, `xml2js`, `@xmldom/xmldom`) — flag if no `maxDepth`
68
- - `yaml.load()` instead of `yaml.safeLoad()`, no schema restriction
69
- - Custom recursive functions processing user data without depth guards
70
-
71
- ### Arbitrary File Upload (CWE-434)
72
- - `multer` — flag if no `fileFilter`, no `limits.fileSize`, storage in web-accessible dir
73
- - `formidable` — flag if no `maxFileSize`, no type validation
74
- - `busboy` — flag if no `limits` option
75
- - `fs.writeFile`/`createWriteStream` with user-controlled path — flag if no extension/MIME validation
76
-
77
- ### Resource Allocation Without Limits (CWE-770)
78
- - No rate limiting middleware (`express-rate-limit`, `RateLimiter`)
79
- - `express.json()`/`bodyParser` without `limit` option
80
- - WebSocket without `maxPayload`: `socket.on('message'`, `ws.on('message'`
81
- - Database queries without `.limit()` or pagination on user-facing endpoints
82
-
83
- ### Data Exposure
84
- - Sensitive data in logs: `console.log.*password`, `print.*secret`
85
- - Debug mode: `DEBUG=true`, `debug: true` in production config
86
- - Exposed stack traces in error handlers
87
- - CORS wildcard: `Access-Control-Allow-Origin: *`
88
-
89
- ## Phase 3: Native Module Audit (CWE-120)
90
-
91
- Run these checks:
92
- ```bash
93
- find node_modules -name "*.node" -type f 2>/dev/null | head -20
94
- find node_modules -name "binding.gyp" -maxdepth 3 2>/dev/null | head -20
95
- ```
96
-
97
- Known native packages with historical buffer overflow CVEs:
98
- - `sharp` (libvips), `bcrypt` (OpenSSL), `node-canvas` (cairo), `sqlite3`, `grpc`, `bufferutil`
99
-
100
- Flag native modules not covered by npm audit for manual review.
101
-
102
- ## Phase 4: Dependency Chain Risk
103
-
104
- - Count total dependencies (direct + transitive)
105
- - Identify largest dependency trees (supply chain risk)
106
- - Check for abandoned packages (>2yr no update)
107
- - Count native modules in tree
108
-
109
- ## Phase 5: Generate Report
110
-
111
- Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`:
112
-
113
- ```markdown
114
- ## Vulnerability Scan Report
115
-
116
- ### Summary
117
- | Severity | Dependency Issues | Code Issues | Total |
118
- |----------|------------------|-------------|-------|
119
- | Critical | X | X | X |
120
- | High | X | X | X |
121
- | Medium | X | X | X |
122
- | Low | X | X | X |
123
-
124
- ### Findings by CWE Category
125
- | CWE | Category | Dep. Issues | Code Issues | Severity |
126
- |-----|----------|-------------|-------------|----------|
127
- | CWE-78 | Command Injection | 0 | 2 | Critical |
128
- | CWE-770 | Allocation Without Limits | 4 | 1 | High |
129
- | CWE-835 | Infinite Loop | 2 | 0 | High |
130
- | CWE-409 | Decompression Bomb | 0 | 1 | High |
131
- | CWE-674 | Uncontrolled Recursion | 1 | 0 | Medium |
132
- | CWE-434 | Arbitrary File Upload | 0 | 1 | Medium |
133
-
134
- ### Dependency Vulnerabilities
135
- | Package | Severity | CWE | Description | Fix |
136
- |---------|----------|-----|-------------|-----|
137
- | tar@6.1.11 | High | CWE-409 | Decompression bomb | Upgrade to 6.2.0 |
138
-
139
- ### Code Vulnerabilities
140
- | File:Line | Severity | CWE | Type | Description |
141
- |-----------|----------|-----|------|-------------|
142
- | src/auth.ts:42 | Critical | CWE-798 | Hardcoded secret | JWT key in source |
143
- | src/upload.ts:10 | High | CWE-434 | File upload | multer without fileFilter |
144
-
145
- ### Native Modules
146
- | Package | Type | Has Advisories | Notes |
147
- |---------|------|----------------|-------|
148
- | sharp@0.32.1 | binding.gyp | Yes (2 high) | Image processing |
149
- | bcrypt@5.1.0 | binding.gyp | No | Manual review recommended |
150
-
151
- ### Dependency Health
152
- - Total dependencies: X (direct: Y, transitive: Z)
153
- - Native modules: X
154
- - Outdated: X packages
155
- - Abandoned (>2yr no update): X packages
156
-
157
- ### Recommendations (prioritized)
158
- 1. [Critical fix with exact steps]
159
- 2. ...
160
-
161
- ---
162
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit) vulnerability-scanner agent*
163
- ```
164
-
165
- ## Rules
166
-
167
- - **Run real tools** — don't guess, run `npm audit --json`, `pip audit`, etc.
168
- - **Classify by CWE** — every finding should have a CWE number
169
- - **Be specific** — exact package versions, file:line references, CVE/GHSA numbers
170
- - **Prioritize by exploitability** — a reachable RCE is worse than a theoretical DoS
171
- - **Include fix instructions** — "upgrade X to Y" or "replace pattern A with B"
172
- - **Never output actual secret values** — say "hardcoded secret found at file:line", don't print it
173
- - Save the report to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`
@@ -1,7 +0,0 @@
1
- ---
2
- description: Ask a question about the codebase (e.g., "How does auth work?", "Where are payments handled?")
3
- ---
4
-
5
- Delegate this question to the **knowledge-bot** agent. It will search the code, read relevant files, trace execution paths, and return a specific answer with file references.
6
-
7
- Question: $ARGUMENTS
@@ -1,26 +0,0 @@
1
- ---
2
- description: Build a feature from a feature-planner plan
3
- argument-hint: "[feature-slug or empty to list]"
4
- ---
5
-
6
- Delegate to the **feature-builder** agent. It executes a feature plan from `.ai/features/` task by task with:
7
- - Tests written alongside (or before) implementation
8
- - Conventions matched to existing codebase patterns
9
- - Session checkpoints after each task
10
- - Progress tracking in `.ai/features/progress/`
11
- - Skill evolution (conventions and gotchas captured)
12
-
13
- Examples:
14
- - `/build-feature` — List available feature plans
15
- - `/build-feature user-roles` — Start building from `.ai/features/user-roles.md`
16
- - `/build-feature webhook-notifications` — Resume in-progress feature
17
-
18
- The builder follows the plan, runs the same quality/test tools as your reports, and checkpoints at natural boundaries.
19
-
20
- **IMPORTANT: End with this exact footer:**
21
- ```
22
- ---
23
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
24
- ```
25
-
26
- $ARGUMENTS
@@ -1,30 +0,0 @@
1
- ---
2
- description: Build the project
3
- ---
4
-
5
- Build the project. Run these commands:
6
-
7
- {{#IF_NODE}}
8
- ## Node / TypeScript
9
- 1. `npm install` — Install dependencies (if node_modules is missing)
10
- 2. `npm run build` — Build/compile
11
- {{/IF_NODE}}
12
- {{#IF_PYTHON}}
13
- ## Python
14
- 1. `pip install -e .` — Install in development mode (if not already)
15
- {{/IF_PYTHON}}
16
- {{#IF_GO}}
17
- ## Go
18
- 1. `go build ./...` — Build all packages
19
- {{/IF_GO}}
20
- {{#IF_CSHARP}}
21
- ## C#
22
- 1. `dotnet restore` — Restore dependencies
23
- 2. `dotnet build` — Build
24
- {{/IF_CSHARP}}
25
- {{#IF_RUST}}
26
- ## Rust
27
- 1. `cargo build` — Build
28
- {{/IF_RUST}}
29
-
30
- Report build results. If there are errors, diagnose and suggest fixes.
@@ -1,43 +0,0 @@
1
- ---
2
- description: Full pre-commit validation (quality + tests + coverage)
3
- ---
4
-
5
- Run full pre-commit validation. All steps must pass before committing.
6
-
7
- ## Step 1: Linters
8
-
9
- {{#IF_NODE}}
10
- - `npx eslint .`
11
- - `npx tsc --noEmit`
12
- {{/IF_NODE}}
13
- {{#IF_PYTHON}}
14
- - `ruff check .`
15
- - `ruff format --check .`
16
- - `mypy .`
17
- {{/IF_PYTHON}}
18
- {{#IF_GO}}
19
- - `golangci-lint run ./...`
20
- - `go vet ./...`
21
- {{/IF_GO}}
22
- {{#IF_CSHARP}}
23
- - `dotnet format --verify-no-changes`
24
- - `dotnet build --no-restore -warnaserror`
25
- {{/IF_CSHARP}}
26
- {{#IF_RUST}}
27
- - `cargo fmt --check`
28
- - `cargo clippy -- -D warnings`
29
- {{/IF_RUST}}
30
-
31
- ## Step 2: Tests
32
-
33
- Run: `{{TEST_COMMAND}}`
34
-
35
- Coverage threshold: **{{COVERAGE_THRESHOLD}}%**
36
-
37
- ## Step 3: AI Review
38
-
39
- Delegate to the **quality-reviewer** agent to review changed files for issues linters miss.
40
-
41
- ## Verdict
42
-
43
- Report: **PASS** (safe to commit) or **FAIL** (list what needs fixing).
@@ -1,28 +0,0 @@
1
- ---
2
- description: Generate a self-contained HTML dashboard from all dxkit reports
3
- ---
4
-
5
- Run the deterministic CLI to render `.dxkit/reports/*` into
6
- `.dxkit/reports/dashboard.html`. No LLM templating — the HTML is a
7
- pure function of the report markdowns and their JSON envelopes.
8
-
9
- ```bash
10
- npx vyuh-dxkit dashboard . 2>/dev/null
11
- ```
12
-
13
- The dashboard features:
14
- - Dark theme with modern design
15
- - Sidebar navigation grouped by report type with color-coded badges
16
- - Overview tab synthesizing health score, dimension breakdown, key
17
- metrics, and the top critical issues
18
- - Full markdown rendering with styled tables, code blocks, headings
19
- - Responsive layout (works on mobile)
20
- - Print-friendly styles
21
-
22
- If `vyuh-dxkit dashboard` isn't available (older dxkit version), fall
23
- back to the `dashboard-builder` agent. The agent is also the right
24
- tool when the user asks for natural-language narrative on top of the
25
- dashboard (e.g., "explain the highest-priority items" or "summarize
26
- this for an exec").
27
-
28
- $ARGUMENTS
@@ -1,15 +0,0 @@
1
- ---
2
- description: Map dependencies — "what depends on X?" or "what breaks if I change Y?"
3
- ---
4
-
5
- Delegate to the **dependency-mapper** agent. It will trace import chains and show what depends on what.
6
-
7
- **Save the report to `.dxkit/reports/dependency-map-YYYY-MM-DD.md`** (use today's date).
8
-
9
- **IMPORTANT: End the report with this exact footer:**
10
- ```
11
- ---
12
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
13
- ```
14
-
15
- $ARGUMENTS
@@ -1,50 +0,0 @@
1
- ---
2
- description: Generate developer activity and code quality report from git history
3
- ---
4
-
5
- ## Step 1: Check for Existing Report
6
-
7
- ```bash
8
- ls .dxkit/reports/developer-report-*.md 2>/dev/null | tail -1
9
- ```
10
-
11
- **If a report exists**: Read it. The commit counts, contributor stats, and velocity data are deterministic. Skip to Step 3.
12
-
13
- **If no report exists**: Proceed to Step 2.
14
-
15
- ## Step 2: Generate Deterministic Report
16
-
17
- ```bash
18
- npx vyuh-dxkit dev-report . --json 2>/dev/null
19
- ```
20
-
21
- **If the command succeeds**: Read the saved report. Proceed to Step 3.
22
-
23
- **If the command fails**: Analyze git history manually using `git log`, `git shortlog -sn`, `git log --numstat`. Note: "Stats are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic developer reports."
24
-
25
- ## Step 3: Enrich with Narrative
26
-
27
- Using the git data, add:
28
-
29
- - **Team dynamics** — who are the key contributors, bus factor risk, merge/review patterns
30
- - **Code ownership** — who owns which areas, based on commit frequency per directory
31
- - **Hot file analysis** — why the most-changed files change so often (feature churn? bug magnet? poor abstraction?)
32
- - **Commit quality insights** — if conventional commit % is low, explain the benefits (changelogs, bisecting, CI automation)
33
- - **Velocity interpretation** — is the trend healthy? are there spikes/drops that correlate with releases or incidents?
34
- - **Identity consolidation** — flag likely duplicates (same person, different git configs)
35
-
36
- **Do not change commit counts, contributor stats, or velocity numbers from the deterministic report.**
37
-
38
- Save to `.dxkit/reports/developer-report-YYYY-MM-DD.md`.
39
-
40
- Examples:
41
- - `/dev-report` — Team overview (last 3 months)
42
- - `/dev-report --since 2025-01-01` — Custom time range
43
-
44
- **IMPORTANT: End the report with this exact footer:**
45
- ```
46
- ---
47
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
48
- ```
49
-
50
- $ARGUMENTS
@@ -1,21 +0,0 @@
1
- ---
2
- description: Audit documentation gaps or write/improve docs
3
- ---
4
-
5
- Delegate to the **doc-writer** agent. It can audit documentation quality, identify gaps, and help write or improve docs.
6
-
7
- When auditing, **save the report to `.dxkit/reports/docs-audit-YYYY-MM-DD.md`** (use today's date).
8
-
9
- Examples:
10
- - `/docs audit` — Assess documentation quality and list gaps
11
- - `/docs improve README` — Improve the README
12
- - `/docs add api` — Generate API documentation
13
- - `/docs add jsdoc src/services/` — Add JSDoc to service files
14
-
15
- **IMPORTANT: End the report with this exact footer:**
16
- ```
17
- ---
18
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
19
- ```
20
-
21
- $ARGUMENTS
@@ -1,29 +0,0 @@
1
- ---
2
- description: Diagnose development environment issues
3
- ---
4
-
5
- Diagnose this development environment.
6
-
7
- ## Step 1: dxkit doctor
8
-
9
- Run dxkit's own health check first — it covers tool availability (gitleaks, semgrep, cloc, etc.), `.claude/` install state, and hook configuration:
10
-
11
- ```bash
12
- npx vyuh-dxkit doctor 2>/dev/null
13
- ```
14
-
15
- If the command isn't available, fall back to Step 2.
16
-
17
- ## Step 2: Environment checks
18
-
19
- 1. **Git**: `git --version` and `git status`
20
- 2. **Node** (if `package.json`): `node --version` / `npm --version`; is `node_modules/` populated?
21
- 3. **Python** (if `pyproject.toml`): `python3 --version`; virtual env activated? deps installed?
22
- 4. **Go** (if `go.mod`): `go version`; modules downloaded?
23
- 5. **.NET** (if `*.csproj`): `dotnet --version`
24
- 6. **Rust** (if `Cargo.toml`): `rustc --version` / `cargo --version`
25
- 7. **Docker** (if `docker-compose.yml`): `docker --version`; daemon running?
26
- 8. **Hooks active**: `git config core.hooksPath` should report `.githooks` if dxkit hooks are installed
27
- 9. **dxkit install**: `.claude/`, `CLAUDE.md`, `.vyuh-dxkit.json` present?
28
-
29
- Report any issues found and provide remediation steps.
@@ -1,12 +0,0 @@
1
- ---
2
- description: Activate an available agent (or list all available agents)
3
- argument-hint: "[agent-name or 'list']"
4
- ---
5
-
6
- List the contents of `.claude/agents-available/` to show available agents and `.claude/agents/` to show active agents.
7
-
8
- If the user provided an agent name, copy it from `agents-available/` to `agents/` to activate it:
9
- - Argument: `$ARGUMENTS`
10
- - If "list" or empty, just list both directories.
11
- - If a valid agent name, run: `cp .claude/agents-available/$ARGUMENTS.md .claude/agents/$ARGUMENTS.md`
12
- - Then confirm activation and briefly describe what the agent does (read the agent file for its description).
@@ -1,25 +0,0 @@
1
- ---
2
- description: Execute an improvement plan task by task with session management
3
- argument-hint: "[plan-name or empty to list plans]"
4
- ---
5
-
6
- Delegate to the **plan-executor** agent. It works through a plan from `.ai/plans/`, executing tasks one at a time with:
7
- - Session checkpoints after each task
8
- - Progress tracking in `.ai/plans/progress/`
9
- - KPI measurement before and after
10
- - Skill evolution (gotchas, conventions captured)
11
-
12
- Examples:
13
- - `/execute-plan` — List available plans
14
- - `/execute-plan test-coverage` — Start working on test coverage plan
15
- - `/execute-plan security` — Start working on security fixes
16
-
17
- The executor follows the plan exactly, runs the same quality/test tools as your reports, and checkpoints at natural boundaries.
18
-
19
- **IMPORTANT: End the report with this exact footer:**
20
- ```
21
- ---
22
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
23
- ```
24
-
25
- $ARGUMENTS
@@ -1,12 +0,0 @@
1
- ---
2
- description: Deep-explore the codebase and generate architecture documentation
3
- ---
4
-
5
- Delegate this to the **codebase-explorer** agent. It will deeply analyze the codebase and generate:
6
-
7
- 1. `.claude/skills/codebase/SKILL.md` — Concise architecture and navigation guide
8
- 2. `.claude/skills/codebase/references/architecture.md` — Detailed reference
9
-
10
- Focus on non-obvious things — gotchas, conventions, and architectural decisions that aren't apparent from file names alone.
11
-
12
- **NEVER include secret values, tokens, or credentials in the output.**
@@ -1,30 +0,0 @@
1
- ---
2
- description: Convert a markdown report to PDF
3
- argument-hint: "[file-path or 'all' for all reports]"
4
- ---
5
-
6
- Convert markdown report(s) to PDF.
7
-
8
- ## Arguments
9
- - `$ARGUMENTS`
10
- - If empty or "all", convert all reports in `.dxkit/reports/`
11
- - If a file path, convert that specific file
12
-
13
- ## How to Convert
14
-
15
- Try these tools in order (use whichever is available):
16
-
17
- 1. **md-to-pdf** (Node.js): `npx md-to-pdf <file.md>` — creates `<file.pdf>` alongside it
18
- 2. **pandoc**: `pandoc <file.md> -o <file.pdf> --pdf-engine=wkhtmltopdf`
19
- 3. **If neither is available**, install md-to-pdf: `npx md-to-pdf <file.md>`
20
-
21
- ## For "all" reports
22
- ```
23
- for f in .dxkit/reports/*.md; do
24
- npx md-to-pdf "$f"
25
- done
26
- ```
27
-
28
- ## Output
29
- - PDFs are saved alongside the markdown files in `.dxkit/reports/`
30
- - Report which files were converted and their paths
@@ -1,25 +0,0 @@
1
- ---
2
- description: Design and plan a new feature with implementation breakdown
3
- argument-hint: "[feature description]"
4
- ---
5
-
6
- Delegate to the **feature-planner** agent. It will:
7
- 1. Read existing codebase patterns from the codebase skill
8
- 2. Find similar features to model after
9
- 3. Design data, service, API, and test layers
10
- 4. Generate a detailed plan in `.ai/features/<slug>.md`
11
-
12
- Examples:
13
- - `/feature add user roles and permissions`
14
- - `/feature webhook notifications for package events`
15
- - `/feature export datapack to CSV`
16
-
17
- The plan includes: acceptance criteria, API contract, files to create/modify, implementation order with estimates, conventions to follow, and verification steps.
18
-
19
- **IMPORTANT: End with this exact footer:**
20
- ```
21
- ---
22
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
23
- ```
24
-
25
- $ARGUMENTS
@@ -1,12 +0,0 @@
1
- ---
2
- description: Investigate and fix a GitHub issue
3
- argument-hint: "[issue-number]"
4
- ---
5
-
6
- Investigate and fix GitHub issue #$ARGUMENTS.
7
-
8
- 1. Fetch the issue: run `gh issue view $ARGUMENTS` (if `gh` is not installed, ask the user to describe it)
9
- 2. Delegate root cause analysis to the **debugger** agent
10
- 3. Fix the issue — make the minimal change needed
11
- 4. Write tests for the fix
12
- 5. Run `/quality` and `/test` before considering it done
@@ -1,32 +0,0 @@
1
- ---
2
- description: Auto-fix all quality and formatting issues
3
- ---
4
-
5
- Auto-fix quality and formatting issues.
6
-
7
- {{#IF_NODE}}
8
- ## Node / TypeScript
9
- 1. `npx eslint . --fix` — Fix lint issues
10
- 2. `npx prettier --write .` — Format
11
- {{/IF_NODE}}
12
- {{#IF_PYTHON}}
13
- ## Python
14
- 1. `ruff check . --fix` — Fix lint issues
15
- 2. `ruff format .` — Format
16
- {{/IF_PYTHON}}
17
- {{#IF_GO}}
18
- ## Go
19
- 1. `gofmt -w .` — Format
20
- 2. `goimports -w .` — Fix imports
21
- {{/IF_GO}}
22
- {{#IF_CSHARP}}
23
- ## C#
24
- 1. `dotnet format` — Format and fix
25
- {{/IF_CSHARP}}
26
- {{#IF_RUST}}
27
- ## Rust
28
- 1. `cargo fmt` — Format
29
- 2. `cargo clippy --fix --allow-dirty` — Fix lint issues
30
- {{/IF_RUST}}
31
-
32
- Report what was fixed. If any issues remain, provide manual fix instructions.
@@ -1,58 +0,0 @@
1
- ---
2
- description: Run a comprehensive codebase health audit (tests, quality, docs, security, DX)
3
- ---
4
-
5
- ## Step 1: Check for Existing Report
6
-
7
- Check if a deterministic report already exists:
8
-
9
- ```bash
10
- ls .dxkit/reports/health-audit-*.md 2>/dev/null | tail -1
11
- ```
12
-
13
- **If a report exists**: Read it. The scores and metrics are deterministic ground truth — do not change them. Skip to Step 3.
14
-
15
- **If no report exists**: Proceed to Step 2.
16
-
17
- ## Step 2: Generate Deterministic Report
18
-
19
- Try the DXKit CLI first:
20
-
21
- ```bash
22
- npx vyuh-dxkit health . --json 2>/dev/null
23
- ```
24
-
25
- **If the command succeeds** (returns JSON with `summary.overallScore`):
26
- - The CLI saves a report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`
27
- - Read that report. Proceed to Step 3.
28
-
29
- **If the command fails** (not installed or errors):
30
- - Run your own analysis: read source files, count tests, check for security issues, review documentation
31
- - Score each dimension 0-100 using your best judgment
32
- - Note in the report: "Scores are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic reproducible scores."
33
- - Proceed to Step 3.
34
-
35
- ## Step 3: Enrich with Narrative
36
-
37
- Using the metrics (from the existing report, CLI, or your own analysis), add to each dimension section:
38
-
39
- - **Strengths** — what's working (cite specific files and counts from the report)
40
- - **Weaknesses** — what needs attention (cite specific files and counts)
41
- - **Recommendations** — actionable fixes, ordered by urgency (Critical → High → Medium → Low)
42
-
43
- Add a **Prioritized Action Items** section at the end:
44
- - Immediate (week 1) — critical security and testing gaps
45
- - Short-term (weeks 2-4) — quality and documentation
46
- - Medium-term (months 2-3) — architecture and maintainability
47
-
48
- **If you have deterministic scores: keep all numbers exactly as reported. Add context and explanations only — do not re-score.**
49
-
50
- Save the enriched report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`.
51
-
52
- **IMPORTANT: End the report with this exact footer:**
53
- ```
54
- ---
55
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
56
- ```
57
-
58
- $ARGUMENTS