@vyuhlabs/dxkit 2.5.0 → 2.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (143) hide show
  1. package/CHANGELOG.md +77 -0
  2. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  3. package/dist/analyzers/tools/graphify.js +9 -5
  4. package/dist/analyzers/tools/graphify.js.map +1 -1
  5. package/dist/analyzers/tools/tool-registry.d.ts +19 -1
  6. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  7. package/dist/analyzers/tools/tool-registry.js +25 -0
  8. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  9. package/dist/cli.d.ts.map +1 -1
  10. package/dist/cli.js +38 -1
  11. package/dist/cli.js.map +1 -1
  12. package/dist/doctor.d.ts.map +1 -1
  13. package/dist/doctor.js +18 -11
  14. package/dist/doctor.js.map +1 -1
  15. package/dist/generator.d.ts +1 -1
  16. package/dist/generator.d.ts.map +1 -1
  17. package/dist/generator.js +81 -135
  18. package/dist/generator.js.map +1 -1
  19. package/dist/hooks-cli.d.ts +20 -0
  20. package/dist/hooks-cli.d.ts.map +1 -0
  21. package/dist/hooks-cli.js +145 -0
  22. package/dist/hooks-cli.js.map +1 -0
  23. package/dist/languages/csharp.d.ts.map +1 -1
  24. package/dist/languages/csharp.js +4 -0
  25. package/dist/languages/csharp.js.map +1 -1
  26. package/dist/languages/go.d.ts.map +1 -1
  27. package/dist/languages/go.js +4 -0
  28. package/dist/languages/go.js.map +1 -1
  29. package/dist/languages/index.d.ts +18 -0
  30. package/dist/languages/index.d.ts.map +1 -1
  31. package/dist/languages/index.js +32 -0
  32. package/dist/languages/index.js.map +1 -1
  33. package/dist/languages/java.d.ts.map +1 -1
  34. package/dist/languages/java.js +4 -0
  35. package/dist/languages/java.js.map +1 -1
  36. package/dist/languages/kotlin.d.ts.map +1 -1
  37. package/dist/languages/kotlin.js +9 -0
  38. package/dist/languages/kotlin.js.map +1 -1
  39. package/dist/languages/python.d.ts.map +1 -1
  40. package/dist/languages/python.js +4 -0
  41. package/dist/languages/python.js.map +1 -1
  42. package/dist/languages/ruby.d.ts.map +1 -1
  43. package/dist/languages/ruby.js +4 -0
  44. package/dist/languages/ruby.js.map +1 -1
  45. package/dist/languages/rust.d.ts.map +1 -1
  46. package/dist/languages/rust.js +4 -0
  47. package/dist/languages/rust.js.map +1 -1
  48. package/dist/languages/types.d.ts +27 -0
  49. package/dist/languages/types.d.ts.map +1 -1
  50. package/dist/languages/typescript.d.ts.map +1 -1
  51. package/dist/languages/typescript.js +5 -0
  52. package/dist/languages/typescript.js.map +1 -1
  53. package/dist/ship-installers.d.ts +6 -0
  54. package/dist/ship-installers.d.ts.map +1 -1
  55. package/dist/ship-installers.js +120 -5
  56. package/dist/ship-installers.js.map +1 -1
  57. package/dist/tools-cli.d.ts.map +1 -1
  58. package/dist/tools-cli.js +45 -9
  59. package/dist/tools-cli.js.map +1 -1
  60. package/package.json +1 -1
  61. package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
  62. package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
  63. package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
  64. package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
  65. package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
  66. package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
  67. package/templates/.devcontainer/devcontainer.json +7 -33
  68. package/templates/.devcontainer/post-create.sh +18 -4
  69. package/templates/AGENTS.md.template +137 -0
  70. package/templates/CLAUDE.md.template +16 -111
  71. package/dist/codebase-scanner.d.ts +0 -36
  72. package/dist/codebase-scanner.d.ts.map +0 -1
  73. package/dist/codebase-scanner.js +0 -687
  74. package/dist/codebase-scanner.js.map +0 -1
  75. package/templates/.claude/agents/doc-writer.md +0 -107
  76. package/templates/.claude/agents/knowledge-bot.md +0 -64
  77. package/templates/.claude/agents/onboarding.md +0 -62
  78. package/templates/.claude/agents/quality-reviewer.md +0 -85
  79. package/templates/.claude/agents-available/code-reviewer.md +0 -29
  80. package/templates/.claude/agents-available/codebase-explorer.md +0 -100
  81. package/templates/.claude/agents-available/dashboard-builder.md +0 -433
  82. package/templates/.claude/agents-available/debugger.md +0 -29
  83. package/templates/.claude/agents-available/dependency-mapper.md +0 -80
  84. package/templates/.claude/agents-available/dev-report.md +0 -108
  85. package/templates/.claude/agents-available/doc-writer.md +0 -107
  86. package/templates/.claude/agents-available/feature-builder.md +0 -163
  87. package/templates/.claude/agents-available/feature-planner.md +0 -185
  88. package/templates/.claude/agents-available/health-auditor.md +0 -95
  89. package/templates/.claude/agents-available/hooks-configurator.md +0 -211
  90. package/templates/.claude/agents-available/knowledge-bot.md +0 -62
  91. package/templates/.claude/agents-available/plan-executor.md +0 -133
  92. package/templates/.claude/agents-available/strategic-planner.md +0 -141
  93. package/templates/.claude/agents-available/test-gap-finder.md +0 -67
  94. package/templates/.claude/agents-available/test-writer.md +0 -34
  95. package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
  96. package/templates/.claude/commands/ask.md +0 -7
  97. package/templates/.claude/commands/build-feature.md +0 -26
  98. package/templates/.claude/commands/build.md.template +0 -30
  99. package/templates/.claude/commands/check.md.template +0 -43
  100. package/templates/.claude/commands/dashboard.md +0 -28
  101. package/templates/.claude/commands/deps.md +0 -15
  102. package/templates/.claude/commands/dev-report.md +0 -50
  103. package/templates/.claude/commands/docs.md +0 -21
  104. package/templates/.claude/commands/doctor.md +0 -29
  105. package/templates/.claude/commands/enable-agent.md +0 -12
  106. package/templates/.claude/commands/execute-plan.md +0 -25
  107. package/templates/.claude/commands/explore-codebase.md +0 -12
  108. package/templates/.claude/commands/export-pdf.md +0 -30
  109. package/templates/.claude/commands/feature.md +0 -25
  110. package/templates/.claude/commands/fix-issue.md +0 -12
  111. package/templates/.claude/commands/fix.md.template +0 -32
  112. package/templates/.claude/commands/health.md +0 -58
  113. package/templates/.claude/commands/help.md +0 -36
  114. package/templates/.claude/commands/learn.md +0 -48
  115. package/templates/.claude/commands/onboarding.md +0 -21
  116. package/templates/.claude/commands/plan.md +0 -20
  117. package/templates/.claude/commands/quality.md.template +0 -65
  118. package/templates/.claude/commands/session-end.md +0 -40
  119. package/templates/.claude/commands/session-start.md +0 -30
  120. package/templates/.claude/commands/setup-hooks.md +0 -18
  121. package/templates/.claude/commands/stealth-mode.md +0 -17
  122. package/templates/.claude/commands/test-gaps.md +0 -49
  123. package/templates/.claude/commands/test.md.template +0 -40
  124. package/templates/.claude/commands/vulnerabilities.md +0 -49
  125. package/templates/.claude/skills/build/SKILL.md.template +0 -90
  126. package/templates/.claude/skills/deploy/SKILL.md.template +0 -111
  127. package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
  128. package/templates/.claude/skills/doctor/SKILL.md +0 -31
  129. package/templates/.claude/skills/gcloud/SKILL.md +0 -66
  130. package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
  131. package/templates/.claude/skills/learned/SKILL.md +0 -55
  132. package/templates/.claude/skills/learned/references/conventions.md +0 -11
  133. package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
  134. package/templates/.claude/skills/learned/references/gotchas.md +0 -11
  135. package/templates/.claude/skills/pulumi/SKILL.md +0 -73
  136. package/templates/.claude/skills/quality/SKILL.md.template +0 -89
  137. package/templates/.claude/skills/quality/references/gotchas.md +0 -5
  138. package/templates/.claude/skills/review/SKILL.md.template +0 -74
  139. package/templates/.claude/skills/scaffold/SKILL.md.template +0 -113
  140. package/templates/.claude/skills/secrets/SKILL.md +0 -51
  141. package/templates/.claude/skills/session/SKILL.md +0 -32
  142. package/templates/.claude/skills/test/SKILL.md.template +0 -116
  143. package/templates/.claude/skills/test/references/gotchas.md +0 -5
@@ -1,36 +0,0 @@
1
- ---
2
- description: List all available project commands and agents
3
- ---
4
-
5
- List all available commands and agents for this project.
6
-
7
- ## Available Commands
8
-
9
- !`ls .claude/commands/`
10
-
11
- ## Active Agents
12
-
13
- !`ls .claude/agents/ 2>/dev/null`
14
-
15
- ## Dormant Agents
16
-
17
- !`ls .claude/agents-available/ 2>/dev/null`
18
-
19
- ## How Agents Work
20
-
21
- - **Active agents** (`.claude/agents/`) — Claude automatically delegates matching questions to them. No action needed.
22
- - **Dormant agents** (`.claude/agents-available/`) — Must be activated first: `/enable-agent <name>`
23
- - Agents run in an **isolated context** with restricted tools (typically read-only).
24
- - Deactivate an agent by removing it from `.claude/agents/`.
25
-
26
- ## Quick Start
27
-
28
- - **Start a session**: `/session-start`
29
- - **Ask about the codebase**: `/ask How does X work?` (or just ask naturally — knowledge-bot auto-triggers)
30
- - **Run quality checks**: `/quality`
31
- - **Explore architecture**: `/explore-codebase`
32
- - **Generate onboarding guide**: `/onboarding`
33
- - **Enable an agent**: `/enable-agent <name>`
34
- - **End session**: `/session-end`
35
-
36
- For each command and agent file listed above, read its `.md` file to get the description from frontmatter, then present everything in a clean, readable format. Strip the `.md` extension when displaying command names.
@@ -1,48 +0,0 @@
1
- ---
2
- description: Capture a learning from this conversation (gotcha, convention, or thing to avoid)
3
- ---
4
-
5
- Review this conversation and capture any learnings. If the user provided specific input, use that:
6
-
7
- $ARGUMENTS
8
-
9
- ## What to Capture
10
-
11
- Look for:
12
- 1. **Gotchas** — something surprising, broke unexpectedly, or took time to debug
13
- 2. **Conventions** — a pattern or approach that worked well and should be repeated
14
- 3. **Deny recommendations** — a dangerous command that should be avoided
15
-
16
- ## Where to Write
17
-
18
- First read the existing files to avoid duplicates. Then append (never overwrite) to the appropriate file:
19
-
20
- - **Gotchas** → `.claude/skills/learned/references/gotchas.md`
21
- ```
22
- ## YYYY-MM-DD - Category / Title
23
- **Problem:** What went wrong
24
- **Resolution:** How it was fixed
25
- **Prevention:** How to avoid it next time
26
- ```
27
-
28
- - **Conventions** → `.claude/skills/learned/references/conventions.md`
29
- ```
30
- ## Category - Convention Name
31
- **Pattern:** What to do
32
- **Rationale:** Why this works
33
- ```
34
-
35
- - **Deny recommendations** → `.claude/skills/learned/references/deny-recommendations.md`
36
- ```
37
- ## Command / Pattern to Avoid
38
- **Risk:** What could go wrong
39
- **Alternative:** Safer approach
40
- ```
41
-
42
- ## Rules
43
-
44
- - Only capture things that are **non-obvious** and useful for future sessions
45
- - Don't repeat what's already in the files
46
- - Be concise — future sessions will read these
47
- - **NEVER include secrets, tokens, or credentials**
48
- - Tell the user what you captured and where
@@ -1,21 +0,0 @@
1
- ---
2
- description: Start interactive onboarding for a new developer
3
- ---
4
-
5
- The **onboarding** agent is active and will help you get started with this project.
6
-
7
- It can:
8
- - Give you a project overview and architecture walkthrough
9
- - Walk you through local setup step by step
10
- - Explain how any part of the codebase works
11
- - Point out gotchas and conventions before you hit them
12
- - Suggest what to read first based on what area you'll work on
13
-
14
- Just start asking questions — for example:
15
- - "What does this project do?"
16
- - "How do I set up my local environment?"
17
- - "Where are the API endpoints defined?"
18
- - "What should I read first?"
19
- - "How does authentication work?"
20
-
21
- $ARGUMENTS
@@ -1,20 +0,0 @@
1
- ---
2
- description: Generate improvement plans with KPIs from reports (or list existing plans)
3
- ---
4
-
5
- Delegate to the **strategic-planner** agent. It reads all reports in `.dxkit/reports/`, proposes measurable KPIs, and generates actionable plans in `.ai/plans/`.
6
-
7
- If reports don't exist yet, it will tell you which commands to run first (`/health`, `/vulnerabilities`, `/test-gaps`, etc.).
8
-
9
- Examples:
10
- - `/plan` — Analyze all reports and generate full improvement roadmap
11
- - `/plan security` — Generate a security-focused plan only
12
- - `/plan test-coverage` — Generate a test coverage plan only
13
-
14
- **IMPORTANT: End the report with this exact footer:**
15
- ```
16
- ---
17
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
18
- ```
19
-
20
- $ARGUMENTS
@@ -1,65 +0,0 @@
1
- ---
2
- description: Run code quality analysis with slop detection
3
- ---
4
-
5
- ## Step 1: Check for Existing Report
6
-
7
- ```bash
8
- ls .dxkit/reports/quality-review-*.md 2>/dev/null | tail -1
9
- ```
10
-
11
- **If a report exists**: Read it. The slop score, duplication %, and metrics are deterministic. Skip to Step 3.
12
-
13
- **If no report exists**: Proceed to Step 2.
14
-
15
- ## Step 2: Generate Deterministic Report
16
-
17
- ```bash
18
- npx vyuh-dxkit quality . --json 2>/dev/null
19
- ```
20
-
21
- **If the command succeeds**: Read the saved report. Proceed to Step 3.
22
-
23
- **If the command fails**: Run linters and checks manually:
24
- {{#IF_NODE}}
25
- 1. `npx eslint . --format json` — Lint
26
- 2. `npx tsc --noEmit` — Type check
27
- {{/IF_NODE}}
28
- {{#IF_PYTHON}}
29
- 1. `ruff check .` — Lint
30
- 2. `ruff format --check .` — Format check
31
- {{/IF_PYTHON}}
32
- {{#IF_GO}}
33
- 1. `golangci-lint run ./...` — Lint
34
- 2. `go vet ./...` — Vet
35
- {{/IF_GO}}
36
- {{#IF_CSHARP}}
37
- 1. `dotnet format --verify-no-changes` — Format check
38
- {{/IF_CSHARP}}
39
- {{#IF_RUST}}
40
- 1. `cargo fmt --check` — Format check
41
- 2. `cargo clippy -- -D warnings` — Lint
42
- {{/IF_RUST}}
43
- Then analyze code for duplication, dead code, TODO/FIXME density, comment ratio. Note: "Metrics are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic quality analysis with jscpd + graphify."
44
-
45
- ## Step 3: Enrich with Narrative
46
-
47
- Using the quality metrics, add:
48
-
49
- - **Duplication hotspots** — which files/functions are copy-pasted, and how to extract shared code
50
- - **God file remediation** — how to break up files with >50 functions (suggest module boundaries)
51
- - **Dead code cleanup** — which orphan modules and dead imports to remove
52
- - **Slop indicators** — if comment ratio >40% or TODO count is high, suggest cleanup priorities
53
- - **Lint fix plan** — group lint errors by rule, suggest auto-fixable vs manual
54
-
55
- **Do not change the slop score, duplication %, or metric counts from the deterministic report.**
56
-
57
- Save to `.dxkit/reports/quality-review-YYYY-MM-DD.md`.
58
-
59
- **IMPORTANT: End the report with this exact footer:**
60
- ```
61
- ---
62
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
63
- ```
64
-
65
- $ARGUMENTS
@@ -1,40 +0,0 @@
1
- ---
2
- description: End session and create checkpoint with skill evolution
3
- ---
4
-
5
- Ending the current development session.
6
-
7
- ## Session Info
8
-
9
- Determine the developer name from `git config user.name` and today's date. Create the session directory at `.ai/sessions/<developer>/<date>/` if it doesn't exist. Find the next session number by checking existing `session-*.md` files. Also check recent git commits and uncommitted changes.
10
-
11
- ## Create Checkpoint
12
-
13
- Create a comprehensive checkpoint at `.ai/sessions/<developer>/<date>/session-<N>.md`. Include:
14
-
15
- ### Required Sections
16
- - **Session Goal** — What we set out to do
17
- - **Accomplished** — Specific items completed (not vague — include file paths, counts)
18
- - **Files Created/Modified** — Every file with description
19
- - **Key Decisions** — What we decided, why, alternatives considered
20
- - **Implementation Details** — How things work, patterns used
21
- - **Testing Status** — Tests added, coverage, passing status
22
- - **Next Session** — Clear, actionable steps for next session
23
- - **Context for AI** — Detailed context for the next session's agent
24
- - **Blockers / Considerations** — Issues, tech debt, dependencies
25
-
26
- ## Skill Evolution
27
-
28
- After creating the checkpoint, review this session for learnings:
29
-
30
- 1. **Gotchas** — Append to `.claude/skills/learned/references/gotchas.md`
31
- Format: `## YYYY-MM-DD - Category / Title` + description + resolution
32
-
33
- 2. **Conventions** — Append to `.claude/skills/learned/references/conventions.md`
34
- Format: `## Category - Convention Name` + description + rationale
35
-
36
- 3. **Deny recommendations** — If a dangerous command was nearly executed, append to `.claude/skills/learned/references/deny-recommendations.md`
37
-
38
- 4. **New skills** — If a distinct new domain emerged, create `.claude/skills/<name>/SKILL.md`
39
-
40
- **NEVER include secret values, tokens, or credentials in checkpoints or skill files.**
@@ -1,30 +0,0 @@
1
- ---
2
- description: Start an AI-assisted development session
3
- ---
4
-
5
- Starting a new development session.
6
-
7
- ## Session Info
8
-
9
- Determine the developer name from `git config user.name` and today's date. Check `.ai/sessions/` for previous checkpoints from this developer.
10
-
11
- ## Before Planning
12
-
13
- Check Claude Code skills for relevant context:
14
- - Read `.claude/skills/codebase/SKILL.md` if it exists (run `/explore-codebase` if missing)
15
- - Read `.claude/skills/learned/references/gotchas.md` for known project gotchas
16
- - Read `.claude/skills/learned/references/conventions.md` for team conventions
17
-
18
- ## Plan This Session
19
-
20
- Before coding, let's plan:
21
-
22
- 1. What files will we need to create/modify?
23
- 2. What are the key components/functions?
24
- 3. What dependencies or external services do we need?
25
- 4. What tests should we write?
26
- 5. Can we complete this in one session?
27
- 6. Does this align with our architecture?
28
- 7. Are there relevant gotchas or conventions in `.claude/skills/` to be aware of?
29
-
30
- Once we have a solid plan, I'll proceed step by step — explaining WHAT, WHY, and HOW before each change.
@@ -1,18 +0,0 @@
1
- ---
2
- description: Configure git hooks (quality, test, vulnerability) — consistent with DXKit reports
3
- ---
4
-
5
- Delegate to the **hooks-configurator** agent. It will:
6
-
7
- 1. Ask which checks to enable (quality, test, vulnerability)
8
- 2. Read your existing `/quality`, `/test`, and `/vulnerabilities` commands to ensure hooks run the **exact same tools** as your reports
9
- 3. Generate scoped hooks (staged files for commit, changed files for push, full suite for PR)
10
- 4. Optionally enable stealth mode (gitignore DXKit files, keep hooks committed)
11
-
12
- **IMPORTANT: End the report with this exact footer:**
13
- ```
14
- ---
15
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
16
- ```
17
-
18
- $ARGUMENTS
@@ -1,17 +0,0 @@
1
- ---
2
- description: Configure DXKit as local-only (gitignore all generated files) + install git hooks
3
- ---
4
-
5
- Delegate to the **hooks-configurator** agent with stealth mode enabled.
6
-
7
- This will:
8
- 1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `.dxkit/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
9
- 2. Ask which hooks to enable (quality, test, vulnerability)
10
- 3. Generate `.githooks/` directory (committed — all devs get the hooks)
11
- 4. Install hooks with `git config core.hooksPath .githooks`
12
-
13
- Result: DXKit AI features are local-only, but quality/test/security hooks run for everyone.
14
-
15
- **Enable stealth mode: yes**
16
-
17
- $ARGUMENTS
@@ -1,49 +0,0 @@
1
- ---
2
- description: Find critical code paths that lack test coverage
3
- ---
4
-
5
- ## Step 1: Check for Existing Report
6
-
7
- ```bash
8
- ls .dxkit/reports/test-gaps-*.md 2>/dev/null | tail -1
9
- ```
10
-
11
- **If a report exists**: Read it. The file counts, coverage %, and risk tiers are deterministic. Skip to Step 3.
12
-
13
- **If no report exists**: Proceed to Step 2.
14
-
15
- ## Step 2: Generate Deterministic Report
16
-
17
- ```bash
18
- npx vyuh-dxkit test-gaps . --json 2>/dev/null
19
- ```
20
-
21
- **If the command succeeds**: Read the saved report. Proceed to Step 3.
22
-
23
- **If the command fails**: Analyze manually — find test files, check if they have active assertions or are commented out, map source files to test files, identify critical untested code (auth, crypto, payments). Note: "Coverage is AI-estimated. Install `@vyuhlabs/dxkit` for deterministic gap analysis."
24
-
25
- ## Step 3: Enrich with Narrative
26
-
27
- Using the gap analysis, add for each priority tier (CRITICAL/HIGH/MEDIUM/LOW):
28
-
29
- - **Why this file is critical** — what breaks if this code has a bug (data loss, auth bypass, etc.)
30
- - **What to test** — specific test scenarios and assertions
31
- - **Effort estimate** — rough developer-days per file
32
- - **Dependencies** — what test infrastructure is needed first (fixtures, mocks, test DB)
33
-
34
- Add a **Test Infrastructure Setup** section if tests are at 0%:
35
- - Which test framework to use
36
- - How to configure coverage reporting
37
- - First 5 test files to write (highest impact)
38
-
39
- **Do not change coverage %, file counts, or risk classifications from the deterministic report.**
40
-
41
- Save to `.dxkit/reports/test-gaps-YYYY-MM-DD.md`.
42
-
43
- **IMPORTANT: End the report with this exact footer:**
44
- ```
45
- ---
46
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
47
- ```
48
-
49
- $ARGUMENTS
@@ -1,40 +0,0 @@
1
- ---
2
- description: Run tests with coverage reporting
3
- ---
4
-
5
- Run tests with coverage. Enforce minimum coverage threshold.
6
-
7
- {{#IF_NODE}}
8
- ## Node / TypeScript ({{TEST_FRAMEWORK}})
9
- Run: `{{TEST_COMMAND}}`
10
- {{#ELSE}}
11
- {{#IF_PYTHON}}
12
- ## Python
13
- Run: `pytest --cov --cov-report=term-missing --cov-fail-under={{COVERAGE_THRESHOLD}}`
14
- {{/IF_PYTHON}}
15
- {{#IF_GO}}
16
- ## Go
17
- Run: `go test -coverprofile=coverage.out -covermode=atomic ./...`
18
- Then: `go tool cover -func=coverage.out`
19
- Check that total coverage is at least **{{COVERAGE_THRESHOLD}}%**.
20
- {{/IF_GO}}
21
- {{#IF_CSHARP}}
22
- ## C#
23
- Run: `dotnet test --collect:"XPlat Code Coverage"`
24
- {{/IF_CSHARP}}
25
- {{#IF_RUST}}
26
- ## Rust
27
- Run: `cargo test`
28
- {{/IF_RUST}}
29
- {{/IF_NODE}}
30
-
31
- **Coverage threshold: {{COVERAGE_THRESHOLD}}%**
32
-
33
- ## Report
34
-
35
- Summarize:
36
- - Total tests: passed / failed / skipped
37
- - Coverage: X% (threshold: {{COVERAGE_THRESHOLD}}%)
38
- - Uncovered critical files (if any)
39
-
40
- If coverage is below threshold, list the files with lowest coverage that should be prioritized.
@@ -1,49 +0,0 @@
1
- ---
2
- description: Scan dependencies and code for security vulnerabilities
3
- ---
4
-
5
- ## Step 1: Check for Existing Report
6
-
7
- ```bash
8
- ls .dxkit/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
9
- ```
10
-
11
- **If a report exists**: Read it. The findings and severity counts are deterministic — do not change them. Skip to Step 3.
12
-
13
- **If no report exists**: Proceed to Step 2.
14
-
15
- ## Step 2: Generate Deterministic Report
16
-
17
- ```bash
18
- npx vyuh-dxkit vulnerabilities . --json 2>/dev/null
19
- ```
20
-
21
- **If the command succeeds**: Read the saved report from `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`. Proceed to Step 3.
22
-
23
- **If the command fails**: Run your own security analysis — check for hardcoded secrets, eval/exec calls, dependency vulnerabilities (`npm audit`), private keys in git, disabled TLS. Note: "Findings are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic scanning with gitleaks + semgrep."
24
-
25
- ## Step 3: Enrich with Narrative
26
-
27
- Using the findings, add for each vulnerability:
28
-
29
- - **Risk explanation** — what an attacker could do with this
30
- - **Exploitation context** — is it remotely exploitable? requires repo access?
31
- - **Remediation steps** — specific code changes, commands, or migrations needed
32
- - **Priority rationale** — why fix this before others
33
-
34
- Add a **Remediation Plan** section:
35
- - Immediate (today) — rotate compromised credentials, remove private keys from git
36
- - This week — fix critical code vulnerabilities (eval, exec, TLS)
37
- - This sprint — address high/medium dependency CVEs
38
-
39
- **Do not change severity counts or finding details from the deterministic report.**
40
-
41
- Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`.
42
-
43
- **IMPORTANT: End the report with this exact footer:**
44
- ```
45
- ---
46
- *Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
47
- ```
48
-
49
- $ARGUMENTS
@@ -1,90 +0,0 @@
1
- ---
2
- name: build
3
- description: Build code, compile binaries, install dependencies, clean artifacts. Use when asked to build, compile, install, or clean the project.
4
- ---
5
-
6
- # Build
7
-
8
- {{#IF_PYTHON}}
9
- ## Python
10
-
11
- Editable installs for development:
12
- ```bash
13
- pip install -e <package-dir>/
14
- ```
15
-
16
- Build checks:
17
- - Syntax: `python3 -m py_compile <file>`
18
- - Types: `mypy src/`
19
- - Package: `python3 -m build` (if `pyproject.toml` has `build-system`)
20
- {{/IF_PYTHON}}
21
-
22
- {{#IF_GO}}
23
- ## Go
24
-
25
- ```bash
26
- go build ./... # build everything
27
- go build -o bin/<name> # build a specific binary to bin/
28
- ```
29
-
30
- Build flags:
31
- - `CGO_ENABLED=0` for static binaries (container-friendly)
32
- - `-ldflags="-s -w"` to strip debug info
33
- - `GOOS=linux GOARCH=amd64` for cross-compilation
34
- {{/IF_GO}}
35
-
36
- {{#IF_NODE}}
37
- ## Node.js
38
-
39
- ```bash
40
- npm install # install dependencies
41
- npm run build # compile TypeScript / bundle
42
- ```
43
- {{/IF_NODE}}
44
-
45
- {{#IF_NEXTJS}}
46
- ## Next.js
47
-
48
- ```bash
49
- cd frontend
50
- npm install
51
- npm run build # production build (catches TS + import errors)
52
- npm run dev # development server
53
- ```
54
- {{/IF_NEXTJS}}
55
-
56
- {{#IF_RUST}}
57
- ## Rust
58
-
59
- ```bash
60
- cargo build # debug
61
- cargo build --release # optimized
62
- ```
63
- {{/IF_RUST}}
64
-
65
- {{#IF_CSHARP}}
66
- ## C#
67
-
68
- ```bash
69
- dotnet restore # NuGet packages
70
- dotnet build # debug
71
- dotnet build --configuration Release # release
72
- dotnet publish -c Release -o out/ # publish for deployment
73
- ```
74
- {{/IF_CSHARP}}
75
-
76
- {{#IF_DOCKER}}
77
- ## Docker
78
-
79
- ```bash
80
- docker-compose build # build all services
81
- docker-compose build <service> # build specific service
82
- docker-compose up --build # rebuild and start
83
- ```
84
- {{/IF_DOCKER}}
85
-
86
- ## Security
87
-
88
- - **Never include secrets in build args or Dockerfiles**
89
- - Use multi-stage builds to avoid leaking build-time dependencies
90
- - Don't copy `.env` files into Docker images
@@ -1,111 +0,0 @@
1
- ---
2
- name: deploy
3
- description: Deploy services, release to production, push to cloud. Use when asked about deployment, releases, shipping to production, or CI/CD.
4
- ---
5
-
6
- # Deployment
7
-
8
- ## Pre-deployment checklist
9
-
10
- - [ ] `/quality` and `/test` pass
11
- - [ ] All changes committed and pushed
12
- - [ ] PR reviewed and approved
13
- - [ ] No hardcoded secrets in code or config
14
-
15
- ## Deployment safety
16
-
17
- **CRITICAL: Never auto-approve destructive deployment operations.**
18
-
19
- - Always preview/dry-run before applying changes
20
- - Require explicit user confirmation for production deployments
21
- - Never force-push or skip CI checks before deploying
22
- - Never pass secrets as CLI arguments — use environment variables or secret managers
23
-
24
- {{#IF_GCLOUD}}
25
- ## Google Cloud Deployment
26
-
27
- ### Cloud Run
28
- ```bash
29
- # Build and push container
30
- gcloud builds submit --tag gcr.io/$PROJECT_ID/<service-name>
31
-
32
- # Deploy (ALWAYS review before confirming)
33
- gcloud run deploy <service-name> \
34
- --image gcr.io/$PROJECT_ID/<service-name> \
35
- --region <region> \
36
- --platform managed
37
- ```
38
-
39
- ### GKE
40
- ```bash
41
- # Build image
42
- docker build -t gcr.io/$PROJECT_ID/<service-name> .
43
- docker push gcr.io/$PROJECT_ID/<service-name>
44
-
45
- # Apply manifests (review first)
46
- kubectl apply -f k8s/ --dry-run=client # preview
47
- kubectl apply -f k8s/ # apply
48
- ```
49
-
50
- **Security:** Use Workload Identity for GCP auth in production — never embed service account keys.
51
- {{/IF_GCLOUD}}
52
-
53
- {{#IF_PULUMI}}
54
- ## Pulumi Deployment
55
-
56
- ```bash
57
- # ALWAYS preview first
58
- pulumi preview
59
-
60
- # Review the diff carefully, then apply
61
- pulumi up
62
-
63
- # Check outputs
64
- pulumi stack output
65
- ```
66
-
67
- **Security:** Use `pulumi config set --secret` for sensitive config — never plain-text.
68
-
69
- **Never run `pulumi destroy` without explicit confirmation** — it deletes all resources.
70
- {{/IF_PULUMI}}
71
-
72
- {{#IF_DOCKER}}
73
- ## Docker Deployment
74
-
75
- ```bash
76
- # Build images
77
- docker-compose build
78
-
79
- # Push to registry
80
- docker-compose push
81
-
82
- # Deploy (depends on orchestration platform)
83
- docker-compose -f docker-compose.prod.yml up -d
84
- ```
85
-
86
- **Security:** Never copy `.env` files into Docker images. Use runtime environment variables.
87
- {{/IF_DOCKER}}
88
-
89
- {{#IF_CSHARP}}
90
- ## C# Deployment
91
-
92
- ```bash
93
- # Framework-dependent (requires .NET runtime on target)
94
- dotnet publish -c Release -o out/ --self-contained false
95
-
96
- # Self-contained (no runtime needed on target)
97
- dotnet publish -c Release -r linux-x64 --self-contained true
98
- ```
99
-
100
- For Docker, use multi-stage builds:
101
- - Build stage: `mcr.microsoft.com/dotnet/sdk:{{CSHARP_VERSION}}`
102
- - Runtime stage: `mcr.microsoft.com/dotnet/aspnet:{{CSHARP_VERSION}}`
103
- {{/IF_CSHARP}}
104
-
105
- ## CI/CD
106
-
107
- Set up the project's CI pipeline so it runs the same checks as `/quality` and `/test` on every PR.
108
-
109
- ## Gotchas
110
-
111
- See [references/gotchas.md](references/gotchas.md) for known deployment issues.
@@ -1,5 +0,0 @@
1
- # Deployment Gotchas
2
-
3
- <!-- This file grows over time. Each entry is added during session-end. -->
4
- <!-- Format: date, category, description, resolution -->
5
- <!-- NEVER include secret values, tokens, or credentials here -->
@@ -1,31 +0,0 @@
1
- ---
2
- name: doctor
3
- description: Diagnose and fix development environment issues. Use when setup fails, tools are missing, the environment is broken, or something is misconfigured.
4
- ---
5
-
6
- # Doctor
7
-
8
- ## Diagnose
9
-
10
- Walk through this checklist when something feels off:
11
-
12
- 1. **Git**: `git --version`, working tree clean?
13
- 2. **Language toolchains** (only for languages present in this repo):
14
- - Node: `node --version` / `npm --version`; `node_modules/` populated?
15
- - Python: `python3 --version`; virtual env activated? deps installed?
16
- - Go: `go version`; modules downloaded?
17
- - .NET: `dotnet --version`
18
- - Rust: `rustc --version` / `cargo --version`
19
- 3. **Docker** (if `docker-compose.yml` present): `docker --version`; daemon running?
20
- 4. **dxkit health**: `npx vyuh-dxkit doctor` — verifies dxkit-managed tools (gitleaks, semgrep, cloc, etc.) and the `.claude/` install
21
- 5. **Hooks active**: `git config core.hooksPath` should report `.githooks` if hooks are installed
22
-
23
- ## Fix
24
-
25
- - Missing dxkit tools: `npx vyuh-dxkit tools install`
26
- - Stale `node_modules/`: `rm -rf node_modules && npm install`
27
- - Hooks not firing: `git config core.hooksPath .githooks`
28
-
29
- ## Environment
30
-
31
- If the repo has `.devcontainer/`, the canonical environment is the container — open in a devcontainer-aware editor (VS Code "Reopen in Container", Codespaces) instead of fighting host-machine setup.