@vyuhlabs/dxkit 2.5.0 → 2.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +77 -0
- package/dist/analyzers/tools/graphify.d.ts.map +1 -1
- package/dist/analyzers/tools/graphify.js +9 -5
- package/dist/analyzers/tools/graphify.js.map +1 -1
- package/dist/analyzers/tools/tool-registry.d.ts +19 -1
- package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
- package/dist/analyzers/tools/tool-registry.js +25 -0
- package/dist/analyzers/tools/tool-registry.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +38 -1
- package/dist/cli.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +18 -11
- package/dist/doctor.js.map +1 -1
- package/dist/generator.d.ts +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +81 -135
- package/dist/generator.js.map +1 -1
- package/dist/hooks-cli.d.ts +20 -0
- package/dist/hooks-cli.d.ts.map +1 -0
- package/dist/hooks-cli.js +145 -0
- package/dist/hooks-cli.js.map +1 -0
- package/dist/languages/csharp.d.ts.map +1 -1
- package/dist/languages/csharp.js +4 -0
- package/dist/languages/csharp.js.map +1 -1
- package/dist/languages/go.d.ts.map +1 -1
- package/dist/languages/go.js +4 -0
- package/dist/languages/go.js.map +1 -1
- package/dist/languages/index.d.ts +18 -0
- package/dist/languages/index.d.ts.map +1 -1
- package/dist/languages/index.js +32 -0
- package/dist/languages/index.js.map +1 -1
- package/dist/languages/java.d.ts.map +1 -1
- package/dist/languages/java.js +4 -0
- package/dist/languages/java.js.map +1 -1
- package/dist/languages/kotlin.d.ts.map +1 -1
- package/dist/languages/kotlin.js +9 -0
- package/dist/languages/kotlin.js.map +1 -1
- package/dist/languages/python.d.ts.map +1 -1
- package/dist/languages/python.js +4 -0
- package/dist/languages/python.js.map +1 -1
- package/dist/languages/ruby.d.ts.map +1 -1
- package/dist/languages/ruby.js +4 -0
- package/dist/languages/ruby.js.map +1 -1
- package/dist/languages/rust.d.ts.map +1 -1
- package/dist/languages/rust.js +4 -0
- package/dist/languages/rust.js.map +1 -1
- package/dist/languages/types.d.ts +27 -0
- package/dist/languages/types.d.ts.map +1 -1
- package/dist/languages/typescript.d.ts.map +1 -1
- package/dist/languages/typescript.js +5 -0
- package/dist/languages/typescript.js.map +1 -1
- package/dist/ship-installers.d.ts +6 -0
- package/dist/ship-installers.d.ts.map +1 -1
- package/dist/ship-installers.js +120 -5
- package/dist/ship-installers.js.map +1 -1
- package/dist/tools-cli.d.ts.map +1 -1
- package/dist/tools-cli.js +45 -9
- package/dist/tools-cli.js.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +150 -0
- package/templates/.claude/skills/dxkit-config/SKILL.md +124 -0
- package/templates/.claude/skills/dxkit-hooks/SKILL.md +109 -0
- package/templates/.claude/skills/dxkit-init/SKILL.md +93 -0
- package/templates/.claude/skills/dxkit-learn/SKILL.md +84 -0
- package/templates/.claude/skills/dxkit-reports/SKILL.md +111 -0
- package/templates/.devcontainer/devcontainer.json +7 -33
- package/templates/.devcontainer/post-create.sh +18 -4
- package/templates/AGENTS.md.template +137 -0
- package/templates/CLAUDE.md.template +16 -111
- package/dist/codebase-scanner.d.ts +0 -36
- package/dist/codebase-scanner.d.ts.map +0 -1
- package/dist/codebase-scanner.js +0 -687
- package/dist/codebase-scanner.js.map +0 -1
- package/templates/.claude/agents/doc-writer.md +0 -107
- package/templates/.claude/agents/knowledge-bot.md +0 -64
- package/templates/.claude/agents/onboarding.md +0 -62
- package/templates/.claude/agents/quality-reviewer.md +0 -85
- package/templates/.claude/agents-available/code-reviewer.md +0 -29
- package/templates/.claude/agents-available/codebase-explorer.md +0 -100
- package/templates/.claude/agents-available/dashboard-builder.md +0 -433
- package/templates/.claude/agents-available/debugger.md +0 -29
- package/templates/.claude/agents-available/dependency-mapper.md +0 -80
- package/templates/.claude/agents-available/dev-report.md +0 -108
- package/templates/.claude/agents-available/doc-writer.md +0 -107
- package/templates/.claude/agents-available/feature-builder.md +0 -163
- package/templates/.claude/agents-available/feature-planner.md +0 -185
- package/templates/.claude/agents-available/health-auditor.md +0 -95
- package/templates/.claude/agents-available/hooks-configurator.md +0 -211
- package/templates/.claude/agents-available/knowledge-bot.md +0 -62
- package/templates/.claude/agents-available/plan-executor.md +0 -133
- package/templates/.claude/agents-available/strategic-planner.md +0 -141
- package/templates/.claude/agents-available/test-gap-finder.md +0 -67
- package/templates/.claude/agents-available/test-writer.md +0 -34
- package/templates/.claude/agents-available/vulnerability-scanner.md +0 -173
- package/templates/.claude/commands/ask.md +0 -7
- package/templates/.claude/commands/build-feature.md +0 -26
- package/templates/.claude/commands/build.md.template +0 -30
- package/templates/.claude/commands/check.md.template +0 -43
- package/templates/.claude/commands/dashboard.md +0 -28
- package/templates/.claude/commands/deps.md +0 -15
- package/templates/.claude/commands/dev-report.md +0 -50
- package/templates/.claude/commands/docs.md +0 -21
- package/templates/.claude/commands/doctor.md +0 -29
- package/templates/.claude/commands/enable-agent.md +0 -12
- package/templates/.claude/commands/execute-plan.md +0 -25
- package/templates/.claude/commands/explore-codebase.md +0 -12
- package/templates/.claude/commands/export-pdf.md +0 -30
- package/templates/.claude/commands/feature.md +0 -25
- package/templates/.claude/commands/fix-issue.md +0 -12
- package/templates/.claude/commands/fix.md.template +0 -32
- package/templates/.claude/commands/health.md +0 -58
- package/templates/.claude/commands/help.md +0 -36
- package/templates/.claude/commands/learn.md +0 -48
- package/templates/.claude/commands/onboarding.md +0 -21
- package/templates/.claude/commands/plan.md +0 -20
- package/templates/.claude/commands/quality.md.template +0 -65
- package/templates/.claude/commands/session-end.md +0 -40
- package/templates/.claude/commands/session-start.md +0 -30
- package/templates/.claude/commands/setup-hooks.md +0 -18
- package/templates/.claude/commands/stealth-mode.md +0 -17
- package/templates/.claude/commands/test-gaps.md +0 -49
- package/templates/.claude/commands/test.md.template +0 -40
- package/templates/.claude/commands/vulnerabilities.md +0 -49
- package/templates/.claude/skills/build/SKILL.md.template +0 -90
- package/templates/.claude/skills/deploy/SKILL.md.template +0 -111
- package/templates/.claude/skills/deploy/references/gotchas.md +0 -5
- package/templates/.claude/skills/doctor/SKILL.md +0 -31
- package/templates/.claude/skills/gcloud/SKILL.md +0 -66
- package/templates/.claude/skills/gcloud/references/gotchas.md +0 -5
- package/templates/.claude/skills/learned/SKILL.md +0 -55
- package/templates/.claude/skills/learned/references/conventions.md +0 -11
- package/templates/.claude/skills/learned/references/deny-recommendations.md +0 -18
- package/templates/.claude/skills/learned/references/gotchas.md +0 -11
- package/templates/.claude/skills/pulumi/SKILL.md +0 -73
- package/templates/.claude/skills/quality/SKILL.md.template +0 -89
- package/templates/.claude/skills/quality/references/gotchas.md +0 -5
- package/templates/.claude/skills/review/SKILL.md.template +0 -74
- package/templates/.claude/skills/scaffold/SKILL.md.template +0 -113
- package/templates/.claude/skills/secrets/SKILL.md +0 -51
- package/templates/.claude/skills/session/SKILL.md +0 -32
- package/templates/.claude/skills/test/SKILL.md.template +0 -116
- package/templates/.claude/skills/test/references/gotchas.md +0 -5
|
@@ -1,36 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: List all available project commands and agents
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
List all available commands and agents for this project.
|
|
6
|
-
|
|
7
|
-
## Available Commands
|
|
8
|
-
|
|
9
|
-
!`ls .claude/commands/`
|
|
10
|
-
|
|
11
|
-
## Active Agents
|
|
12
|
-
|
|
13
|
-
!`ls .claude/agents/ 2>/dev/null`
|
|
14
|
-
|
|
15
|
-
## Dormant Agents
|
|
16
|
-
|
|
17
|
-
!`ls .claude/agents-available/ 2>/dev/null`
|
|
18
|
-
|
|
19
|
-
## How Agents Work
|
|
20
|
-
|
|
21
|
-
- **Active agents** (`.claude/agents/`) — Claude automatically delegates matching questions to them. No action needed.
|
|
22
|
-
- **Dormant agents** (`.claude/agents-available/`) — Must be activated first: `/enable-agent <name>`
|
|
23
|
-
- Agents run in an **isolated context** with restricted tools (typically read-only).
|
|
24
|
-
- Deactivate an agent by removing it from `.claude/agents/`.
|
|
25
|
-
|
|
26
|
-
## Quick Start
|
|
27
|
-
|
|
28
|
-
- **Start a session**: `/session-start`
|
|
29
|
-
- **Ask about the codebase**: `/ask How does X work?` (or just ask naturally — knowledge-bot auto-triggers)
|
|
30
|
-
- **Run quality checks**: `/quality`
|
|
31
|
-
- **Explore architecture**: `/explore-codebase`
|
|
32
|
-
- **Generate onboarding guide**: `/onboarding`
|
|
33
|
-
- **Enable an agent**: `/enable-agent <name>`
|
|
34
|
-
- **End session**: `/session-end`
|
|
35
|
-
|
|
36
|
-
For each command and agent file listed above, read its `.md` file to get the description from frontmatter, then present everything in a clean, readable format. Strip the `.md` extension when displaying command names.
|
|
@@ -1,48 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Capture a learning from this conversation (gotcha, convention, or thing to avoid)
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Review this conversation and capture any learnings. If the user provided specific input, use that:
|
|
6
|
-
|
|
7
|
-
$ARGUMENTS
|
|
8
|
-
|
|
9
|
-
## What to Capture
|
|
10
|
-
|
|
11
|
-
Look for:
|
|
12
|
-
1. **Gotchas** — something surprising, broke unexpectedly, or took time to debug
|
|
13
|
-
2. **Conventions** — a pattern or approach that worked well and should be repeated
|
|
14
|
-
3. **Deny recommendations** — a dangerous command that should be avoided
|
|
15
|
-
|
|
16
|
-
## Where to Write
|
|
17
|
-
|
|
18
|
-
First read the existing files to avoid duplicates. Then append (never overwrite) to the appropriate file:
|
|
19
|
-
|
|
20
|
-
- **Gotchas** → `.claude/skills/learned/references/gotchas.md`
|
|
21
|
-
```
|
|
22
|
-
## YYYY-MM-DD - Category / Title
|
|
23
|
-
**Problem:** What went wrong
|
|
24
|
-
**Resolution:** How it was fixed
|
|
25
|
-
**Prevention:** How to avoid it next time
|
|
26
|
-
```
|
|
27
|
-
|
|
28
|
-
- **Conventions** → `.claude/skills/learned/references/conventions.md`
|
|
29
|
-
```
|
|
30
|
-
## Category - Convention Name
|
|
31
|
-
**Pattern:** What to do
|
|
32
|
-
**Rationale:** Why this works
|
|
33
|
-
```
|
|
34
|
-
|
|
35
|
-
- **Deny recommendations** → `.claude/skills/learned/references/deny-recommendations.md`
|
|
36
|
-
```
|
|
37
|
-
## Command / Pattern to Avoid
|
|
38
|
-
**Risk:** What could go wrong
|
|
39
|
-
**Alternative:** Safer approach
|
|
40
|
-
```
|
|
41
|
-
|
|
42
|
-
## Rules
|
|
43
|
-
|
|
44
|
-
- Only capture things that are **non-obvious** and useful for future sessions
|
|
45
|
-
- Don't repeat what's already in the files
|
|
46
|
-
- Be concise — future sessions will read these
|
|
47
|
-
- **NEVER include secrets, tokens, or credentials**
|
|
48
|
-
- Tell the user what you captured and where
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Start interactive onboarding for a new developer
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
The **onboarding** agent is active and will help you get started with this project.
|
|
6
|
-
|
|
7
|
-
It can:
|
|
8
|
-
- Give you a project overview and architecture walkthrough
|
|
9
|
-
- Walk you through local setup step by step
|
|
10
|
-
- Explain how any part of the codebase works
|
|
11
|
-
- Point out gotchas and conventions before you hit them
|
|
12
|
-
- Suggest what to read first based on what area you'll work on
|
|
13
|
-
|
|
14
|
-
Just start asking questions — for example:
|
|
15
|
-
- "What does this project do?"
|
|
16
|
-
- "How do I set up my local environment?"
|
|
17
|
-
- "Where are the API endpoints defined?"
|
|
18
|
-
- "What should I read first?"
|
|
19
|
-
- "How does authentication work?"
|
|
20
|
-
|
|
21
|
-
$ARGUMENTS
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Generate improvement plans with KPIs from reports (or list existing plans)
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate to the **strategic-planner** agent. It reads all reports in `.dxkit/reports/`, proposes measurable KPIs, and generates actionable plans in `.ai/plans/`.
|
|
6
|
-
|
|
7
|
-
If reports don't exist yet, it will tell you which commands to run first (`/health`, `/vulnerabilities`, `/test-gaps`, etc.).
|
|
8
|
-
|
|
9
|
-
Examples:
|
|
10
|
-
- `/plan` — Analyze all reports and generate full improvement roadmap
|
|
11
|
-
- `/plan security` — Generate a security-focused plan only
|
|
12
|
-
- `/plan test-coverage` — Generate a test coverage plan only
|
|
13
|
-
|
|
14
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
15
|
-
```
|
|
16
|
-
---
|
|
17
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
18
|
-
```
|
|
19
|
-
|
|
20
|
-
$ARGUMENTS
|
|
@@ -1,65 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Run code quality analysis with slop detection
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
## Step 1: Check for Existing Report
|
|
6
|
-
|
|
7
|
-
```bash
|
|
8
|
-
ls .dxkit/reports/quality-review-*.md 2>/dev/null | tail -1
|
|
9
|
-
```
|
|
10
|
-
|
|
11
|
-
**If a report exists**: Read it. The slop score, duplication %, and metrics are deterministic. Skip to Step 3.
|
|
12
|
-
|
|
13
|
-
**If no report exists**: Proceed to Step 2.
|
|
14
|
-
|
|
15
|
-
## Step 2: Generate Deterministic Report
|
|
16
|
-
|
|
17
|
-
```bash
|
|
18
|
-
npx vyuh-dxkit quality . --json 2>/dev/null
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
**If the command succeeds**: Read the saved report. Proceed to Step 3.
|
|
22
|
-
|
|
23
|
-
**If the command fails**: Run linters and checks manually:
|
|
24
|
-
{{#IF_NODE}}
|
|
25
|
-
1. `npx eslint . --format json` — Lint
|
|
26
|
-
2. `npx tsc --noEmit` — Type check
|
|
27
|
-
{{/IF_NODE}}
|
|
28
|
-
{{#IF_PYTHON}}
|
|
29
|
-
1. `ruff check .` — Lint
|
|
30
|
-
2. `ruff format --check .` — Format check
|
|
31
|
-
{{/IF_PYTHON}}
|
|
32
|
-
{{#IF_GO}}
|
|
33
|
-
1. `golangci-lint run ./...` — Lint
|
|
34
|
-
2. `go vet ./...` — Vet
|
|
35
|
-
{{/IF_GO}}
|
|
36
|
-
{{#IF_CSHARP}}
|
|
37
|
-
1. `dotnet format --verify-no-changes` — Format check
|
|
38
|
-
{{/IF_CSHARP}}
|
|
39
|
-
{{#IF_RUST}}
|
|
40
|
-
1. `cargo fmt --check` — Format check
|
|
41
|
-
2. `cargo clippy -- -D warnings` — Lint
|
|
42
|
-
{{/IF_RUST}}
|
|
43
|
-
Then analyze code for duplication, dead code, TODO/FIXME density, comment ratio. Note: "Metrics are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic quality analysis with jscpd + graphify."
|
|
44
|
-
|
|
45
|
-
## Step 3: Enrich with Narrative
|
|
46
|
-
|
|
47
|
-
Using the quality metrics, add:
|
|
48
|
-
|
|
49
|
-
- **Duplication hotspots** — which files/functions are copy-pasted, and how to extract shared code
|
|
50
|
-
- **God file remediation** — how to break up files with >50 functions (suggest module boundaries)
|
|
51
|
-
- **Dead code cleanup** — which orphan modules and dead imports to remove
|
|
52
|
-
- **Slop indicators** — if comment ratio >40% or TODO count is high, suggest cleanup priorities
|
|
53
|
-
- **Lint fix plan** — group lint errors by rule, suggest auto-fixable vs manual
|
|
54
|
-
|
|
55
|
-
**Do not change the slop score, duplication %, or metric counts from the deterministic report.**
|
|
56
|
-
|
|
57
|
-
Save to `.dxkit/reports/quality-review-YYYY-MM-DD.md`.
|
|
58
|
-
|
|
59
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
60
|
-
```
|
|
61
|
-
---
|
|
62
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
$ARGUMENTS
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: End session and create checkpoint with skill evolution
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Ending the current development session.
|
|
6
|
-
|
|
7
|
-
## Session Info
|
|
8
|
-
|
|
9
|
-
Determine the developer name from `git config user.name` and today's date. Create the session directory at `.ai/sessions/<developer>/<date>/` if it doesn't exist. Find the next session number by checking existing `session-*.md` files. Also check recent git commits and uncommitted changes.
|
|
10
|
-
|
|
11
|
-
## Create Checkpoint
|
|
12
|
-
|
|
13
|
-
Create a comprehensive checkpoint at `.ai/sessions/<developer>/<date>/session-<N>.md`. Include:
|
|
14
|
-
|
|
15
|
-
### Required Sections
|
|
16
|
-
- **Session Goal** — What we set out to do
|
|
17
|
-
- **Accomplished** — Specific items completed (not vague — include file paths, counts)
|
|
18
|
-
- **Files Created/Modified** — Every file with description
|
|
19
|
-
- **Key Decisions** — What we decided, why, alternatives considered
|
|
20
|
-
- **Implementation Details** — How things work, patterns used
|
|
21
|
-
- **Testing Status** — Tests added, coverage, passing status
|
|
22
|
-
- **Next Session** — Clear, actionable steps for next session
|
|
23
|
-
- **Context for AI** — Detailed context for the next session's agent
|
|
24
|
-
- **Blockers / Considerations** — Issues, tech debt, dependencies
|
|
25
|
-
|
|
26
|
-
## Skill Evolution
|
|
27
|
-
|
|
28
|
-
After creating the checkpoint, review this session for learnings:
|
|
29
|
-
|
|
30
|
-
1. **Gotchas** — Append to `.claude/skills/learned/references/gotchas.md`
|
|
31
|
-
Format: `## YYYY-MM-DD - Category / Title` + description + resolution
|
|
32
|
-
|
|
33
|
-
2. **Conventions** — Append to `.claude/skills/learned/references/conventions.md`
|
|
34
|
-
Format: `## Category - Convention Name` + description + rationale
|
|
35
|
-
|
|
36
|
-
3. **Deny recommendations** — If a dangerous command was nearly executed, append to `.claude/skills/learned/references/deny-recommendations.md`
|
|
37
|
-
|
|
38
|
-
4. **New skills** — If a distinct new domain emerged, create `.claude/skills/<name>/SKILL.md`
|
|
39
|
-
|
|
40
|
-
**NEVER include secret values, tokens, or credentials in checkpoints or skill files.**
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Start an AI-assisted development session
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Starting a new development session.
|
|
6
|
-
|
|
7
|
-
## Session Info
|
|
8
|
-
|
|
9
|
-
Determine the developer name from `git config user.name` and today's date. Check `.ai/sessions/` for previous checkpoints from this developer.
|
|
10
|
-
|
|
11
|
-
## Before Planning
|
|
12
|
-
|
|
13
|
-
Check Claude Code skills for relevant context:
|
|
14
|
-
- Read `.claude/skills/codebase/SKILL.md` if it exists (run `/explore-codebase` if missing)
|
|
15
|
-
- Read `.claude/skills/learned/references/gotchas.md` for known project gotchas
|
|
16
|
-
- Read `.claude/skills/learned/references/conventions.md` for team conventions
|
|
17
|
-
|
|
18
|
-
## Plan This Session
|
|
19
|
-
|
|
20
|
-
Before coding, let's plan:
|
|
21
|
-
|
|
22
|
-
1. What files will we need to create/modify?
|
|
23
|
-
2. What are the key components/functions?
|
|
24
|
-
3. What dependencies or external services do we need?
|
|
25
|
-
4. What tests should we write?
|
|
26
|
-
5. Can we complete this in one session?
|
|
27
|
-
6. Does this align with our architecture?
|
|
28
|
-
7. Are there relevant gotchas or conventions in `.claude/skills/` to be aware of?
|
|
29
|
-
|
|
30
|
-
Once we have a solid plan, I'll proceed step by step — explaining WHAT, WHY, and HOW before each change.
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Configure git hooks (quality, test, vulnerability) — consistent with DXKit reports
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate to the **hooks-configurator** agent. It will:
|
|
6
|
-
|
|
7
|
-
1. Ask which checks to enable (quality, test, vulnerability)
|
|
8
|
-
2. Read your existing `/quality`, `/test`, and `/vulnerabilities` commands to ensure hooks run the **exact same tools** as your reports
|
|
9
|
-
3. Generate scoped hooks (staged files for commit, changed files for push, full suite for PR)
|
|
10
|
-
4. Optionally enable stealth mode (gitignore DXKit files, keep hooks committed)
|
|
11
|
-
|
|
12
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
13
|
-
```
|
|
14
|
-
---
|
|
15
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
16
|
-
```
|
|
17
|
-
|
|
18
|
-
$ARGUMENTS
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Configure DXKit as local-only (gitignore all generated files) + install git hooks
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Delegate to the **hooks-configurator** agent with stealth mode enabled.
|
|
6
|
-
|
|
7
|
-
This will:
|
|
8
|
-
1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `.dxkit/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
|
|
9
|
-
2. Ask which hooks to enable (quality, test, vulnerability)
|
|
10
|
-
3. Generate `.githooks/` directory (committed — all devs get the hooks)
|
|
11
|
-
4. Install hooks with `git config core.hooksPath .githooks`
|
|
12
|
-
|
|
13
|
-
Result: DXKit AI features are local-only, but quality/test/security hooks run for everyone.
|
|
14
|
-
|
|
15
|
-
**Enable stealth mode: yes**
|
|
16
|
-
|
|
17
|
-
$ARGUMENTS
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Find critical code paths that lack test coverage
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
## Step 1: Check for Existing Report
|
|
6
|
-
|
|
7
|
-
```bash
|
|
8
|
-
ls .dxkit/reports/test-gaps-*.md 2>/dev/null | tail -1
|
|
9
|
-
```
|
|
10
|
-
|
|
11
|
-
**If a report exists**: Read it. The file counts, coverage %, and risk tiers are deterministic. Skip to Step 3.
|
|
12
|
-
|
|
13
|
-
**If no report exists**: Proceed to Step 2.
|
|
14
|
-
|
|
15
|
-
## Step 2: Generate Deterministic Report
|
|
16
|
-
|
|
17
|
-
```bash
|
|
18
|
-
npx vyuh-dxkit test-gaps . --json 2>/dev/null
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
**If the command succeeds**: Read the saved report. Proceed to Step 3.
|
|
22
|
-
|
|
23
|
-
**If the command fails**: Analyze manually — find test files, check if they have active assertions or are commented out, map source files to test files, identify critical untested code (auth, crypto, payments). Note: "Coverage is AI-estimated. Install `@vyuhlabs/dxkit` for deterministic gap analysis."
|
|
24
|
-
|
|
25
|
-
## Step 3: Enrich with Narrative
|
|
26
|
-
|
|
27
|
-
Using the gap analysis, add for each priority tier (CRITICAL/HIGH/MEDIUM/LOW):
|
|
28
|
-
|
|
29
|
-
- **Why this file is critical** — what breaks if this code has a bug (data loss, auth bypass, etc.)
|
|
30
|
-
- **What to test** — specific test scenarios and assertions
|
|
31
|
-
- **Effort estimate** — rough developer-days per file
|
|
32
|
-
- **Dependencies** — what test infrastructure is needed first (fixtures, mocks, test DB)
|
|
33
|
-
|
|
34
|
-
Add a **Test Infrastructure Setup** section if tests are at 0%:
|
|
35
|
-
- Which test framework to use
|
|
36
|
-
- How to configure coverage reporting
|
|
37
|
-
- First 5 test files to write (highest impact)
|
|
38
|
-
|
|
39
|
-
**Do not change coverage %, file counts, or risk classifications from the deterministic report.**
|
|
40
|
-
|
|
41
|
-
Save to `.dxkit/reports/test-gaps-YYYY-MM-DD.md`.
|
|
42
|
-
|
|
43
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
44
|
-
```
|
|
45
|
-
---
|
|
46
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
47
|
-
```
|
|
48
|
-
|
|
49
|
-
$ARGUMENTS
|
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Run tests with coverage reporting
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
Run tests with coverage. Enforce minimum coverage threshold.
|
|
6
|
-
|
|
7
|
-
{{#IF_NODE}}
|
|
8
|
-
## Node / TypeScript ({{TEST_FRAMEWORK}})
|
|
9
|
-
Run: `{{TEST_COMMAND}}`
|
|
10
|
-
{{#ELSE}}
|
|
11
|
-
{{#IF_PYTHON}}
|
|
12
|
-
## Python
|
|
13
|
-
Run: `pytest --cov --cov-report=term-missing --cov-fail-under={{COVERAGE_THRESHOLD}}`
|
|
14
|
-
{{/IF_PYTHON}}
|
|
15
|
-
{{#IF_GO}}
|
|
16
|
-
## Go
|
|
17
|
-
Run: `go test -coverprofile=coverage.out -covermode=atomic ./...`
|
|
18
|
-
Then: `go tool cover -func=coverage.out`
|
|
19
|
-
Check that total coverage is at least **{{COVERAGE_THRESHOLD}}%**.
|
|
20
|
-
{{/IF_GO}}
|
|
21
|
-
{{#IF_CSHARP}}
|
|
22
|
-
## C#
|
|
23
|
-
Run: `dotnet test --collect:"XPlat Code Coverage"`
|
|
24
|
-
{{/IF_CSHARP}}
|
|
25
|
-
{{#IF_RUST}}
|
|
26
|
-
## Rust
|
|
27
|
-
Run: `cargo test`
|
|
28
|
-
{{/IF_RUST}}
|
|
29
|
-
{{/IF_NODE}}
|
|
30
|
-
|
|
31
|
-
**Coverage threshold: {{COVERAGE_THRESHOLD}}%**
|
|
32
|
-
|
|
33
|
-
## Report
|
|
34
|
-
|
|
35
|
-
Summarize:
|
|
36
|
-
- Total tests: passed / failed / skipped
|
|
37
|
-
- Coverage: X% (threshold: {{COVERAGE_THRESHOLD}}%)
|
|
38
|
-
- Uncovered critical files (if any)
|
|
39
|
-
|
|
40
|
-
If coverage is below threshold, list the files with lowest coverage that should be prioritized.
|
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: Scan dependencies and code for security vulnerabilities
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
## Step 1: Check for Existing Report
|
|
6
|
-
|
|
7
|
-
```bash
|
|
8
|
-
ls .dxkit/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
|
|
9
|
-
```
|
|
10
|
-
|
|
11
|
-
**If a report exists**: Read it. The findings and severity counts are deterministic — do not change them. Skip to Step 3.
|
|
12
|
-
|
|
13
|
-
**If no report exists**: Proceed to Step 2.
|
|
14
|
-
|
|
15
|
-
## Step 2: Generate Deterministic Report
|
|
16
|
-
|
|
17
|
-
```bash
|
|
18
|
-
npx vyuh-dxkit vulnerabilities . --json 2>/dev/null
|
|
19
|
-
```
|
|
20
|
-
|
|
21
|
-
**If the command succeeds**: Read the saved report from `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`. Proceed to Step 3.
|
|
22
|
-
|
|
23
|
-
**If the command fails**: Run your own security analysis — check for hardcoded secrets, eval/exec calls, dependency vulnerabilities (`npm audit`), private keys in git, disabled TLS. Note: "Findings are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic scanning with gitleaks + semgrep."
|
|
24
|
-
|
|
25
|
-
## Step 3: Enrich with Narrative
|
|
26
|
-
|
|
27
|
-
Using the findings, add for each vulnerability:
|
|
28
|
-
|
|
29
|
-
- **Risk explanation** — what an attacker could do with this
|
|
30
|
-
- **Exploitation context** — is it remotely exploitable? requires repo access?
|
|
31
|
-
- **Remediation steps** — specific code changes, commands, or migrations needed
|
|
32
|
-
- **Priority rationale** — why fix this before others
|
|
33
|
-
|
|
34
|
-
Add a **Remediation Plan** section:
|
|
35
|
-
- Immediate (today) — rotate compromised credentials, remove private keys from git
|
|
36
|
-
- This week — fix critical code vulnerabilities (eval, exec, TLS)
|
|
37
|
-
- This sprint — address high/medium dependency CVEs
|
|
38
|
-
|
|
39
|
-
**Do not change severity counts or finding details from the deterministic report.**
|
|
40
|
-
|
|
41
|
-
Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`.
|
|
42
|
-
|
|
43
|
-
**IMPORTANT: End the report with this exact footer:**
|
|
44
|
-
```
|
|
45
|
-
---
|
|
46
|
-
*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit)*
|
|
47
|
-
```
|
|
48
|
-
|
|
49
|
-
$ARGUMENTS
|
|
@@ -1,90 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: build
|
|
3
|
-
description: Build code, compile binaries, install dependencies, clean artifacts. Use when asked to build, compile, install, or clean the project.
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# Build
|
|
7
|
-
|
|
8
|
-
{{#IF_PYTHON}}
|
|
9
|
-
## Python
|
|
10
|
-
|
|
11
|
-
Editable installs for development:
|
|
12
|
-
```bash
|
|
13
|
-
pip install -e <package-dir>/
|
|
14
|
-
```
|
|
15
|
-
|
|
16
|
-
Build checks:
|
|
17
|
-
- Syntax: `python3 -m py_compile <file>`
|
|
18
|
-
- Types: `mypy src/`
|
|
19
|
-
- Package: `python3 -m build` (if `pyproject.toml` has `build-system`)
|
|
20
|
-
{{/IF_PYTHON}}
|
|
21
|
-
|
|
22
|
-
{{#IF_GO}}
|
|
23
|
-
## Go
|
|
24
|
-
|
|
25
|
-
```bash
|
|
26
|
-
go build ./... # build everything
|
|
27
|
-
go build -o bin/<name> # build a specific binary to bin/
|
|
28
|
-
```
|
|
29
|
-
|
|
30
|
-
Build flags:
|
|
31
|
-
- `CGO_ENABLED=0` for static binaries (container-friendly)
|
|
32
|
-
- `-ldflags="-s -w"` to strip debug info
|
|
33
|
-
- `GOOS=linux GOARCH=amd64` for cross-compilation
|
|
34
|
-
{{/IF_GO}}
|
|
35
|
-
|
|
36
|
-
{{#IF_NODE}}
|
|
37
|
-
## Node.js
|
|
38
|
-
|
|
39
|
-
```bash
|
|
40
|
-
npm install # install dependencies
|
|
41
|
-
npm run build # compile TypeScript / bundle
|
|
42
|
-
```
|
|
43
|
-
{{/IF_NODE}}
|
|
44
|
-
|
|
45
|
-
{{#IF_NEXTJS}}
|
|
46
|
-
## Next.js
|
|
47
|
-
|
|
48
|
-
```bash
|
|
49
|
-
cd frontend
|
|
50
|
-
npm install
|
|
51
|
-
npm run build # production build (catches TS + import errors)
|
|
52
|
-
npm run dev # development server
|
|
53
|
-
```
|
|
54
|
-
{{/IF_NEXTJS}}
|
|
55
|
-
|
|
56
|
-
{{#IF_RUST}}
|
|
57
|
-
## Rust
|
|
58
|
-
|
|
59
|
-
```bash
|
|
60
|
-
cargo build # debug
|
|
61
|
-
cargo build --release # optimized
|
|
62
|
-
```
|
|
63
|
-
{{/IF_RUST}}
|
|
64
|
-
|
|
65
|
-
{{#IF_CSHARP}}
|
|
66
|
-
## C#
|
|
67
|
-
|
|
68
|
-
```bash
|
|
69
|
-
dotnet restore # NuGet packages
|
|
70
|
-
dotnet build # debug
|
|
71
|
-
dotnet build --configuration Release # release
|
|
72
|
-
dotnet publish -c Release -o out/ # publish for deployment
|
|
73
|
-
```
|
|
74
|
-
{{/IF_CSHARP}}
|
|
75
|
-
|
|
76
|
-
{{#IF_DOCKER}}
|
|
77
|
-
## Docker
|
|
78
|
-
|
|
79
|
-
```bash
|
|
80
|
-
docker-compose build # build all services
|
|
81
|
-
docker-compose build <service> # build specific service
|
|
82
|
-
docker-compose up --build # rebuild and start
|
|
83
|
-
```
|
|
84
|
-
{{/IF_DOCKER}}
|
|
85
|
-
|
|
86
|
-
## Security
|
|
87
|
-
|
|
88
|
-
- **Never include secrets in build args or Dockerfiles**
|
|
89
|
-
- Use multi-stage builds to avoid leaking build-time dependencies
|
|
90
|
-
- Don't copy `.env` files into Docker images
|
|
@@ -1,111 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: deploy
|
|
3
|
-
description: Deploy services, release to production, push to cloud. Use when asked about deployment, releases, shipping to production, or CI/CD.
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# Deployment
|
|
7
|
-
|
|
8
|
-
## Pre-deployment checklist
|
|
9
|
-
|
|
10
|
-
- [ ] `/quality` and `/test` pass
|
|
11
|
-
- [ ] All changes committed and pushed
|
|
12
|
-
- [ ] PR reviewed and approved
|
|
13
|
-
- [ ] No hardcoded secrets in code or config
|
|
14
|
-
|
|
15
|
-
## Deployment safety
|
|
16
|
-
|
|
17
|
-
**CRITICAL: Never auto-approve destructive deployment operations.**
|
|
18
|
-
|
|
19
|
-
- Always preview/dry-run before applying changes
|
|
20
|
-
- Require explicit user confirmation for production deployments
|
|
21
|
-
- Never force-push or skip CI checks before deploying
|
|
22
|
-
- Never pass secrets as CLI arguments — use environment variables or secret managers
|
|
23
|
-
|
|
24
|
-
{{#IF_GCLOUD}}
|
|
25
|
-
## Google Cloud Deployment
|
|
26
|
-
|
|
27
|
-
### Cloud Run
|
|
28
|
-
```bash
|
|
29
|
-
# Build and push container
|
|
30
|
-
gcloud builds submit --tag gcr.io/$PROJECT_ID/<service-name>
|
|
31
|
-
|
|
32
|
-
# Deploy (ALWAYS review before confirming)
|
|
33
|
-
gcloud run deploy <service-name> \
|
|
34
|
-
--image gcr.io/$PROJECT_ID/<service-name> \
|
|
35
|
-
--region <region> \
|
|
36
|
-
--platform managed
|
|
37
|
-
```
|
|
38
|
-
|
|
39
|
-
### GKE
|
|
40
|
-
```bash
|
|
41
|
-
# Build image
|
|
42
|
-
docker build -t gcr.io/$PROJECT_ID/<service-name> .
|
|
43
|
-
docker push gcr.io/$PROJECT_ID/<service-name>
|
|
44
|
-
|
|
45
|
-
# Apply manifests (review first)
|
|
46
|
-
kubectl apply -f k8s/ --dry-run=client # preview
|
|
47
|
-
kubectl apply -f k8s/ # apply
|
|
48
|
-
```
|
|
49
|
-
|
|
50
|
-
**Security:** Use Workload Identity for GCP auth in production — never embed service account keys.
|
|
51
|
-
{{/IF_GCLOUD}}
|
|
52
|
-
|
|
53
|
-
{{#IF_PULUMI}}
|
|
54
|
-
## Pulumi Deployment
|
|
55
|
-
|
|
56
|
-
```bash
|
|
57
|
-
# ALWAYS preview first
|
|
58
|
-
pulumi preview
|
|
59
|
-
|
|
60
|
-
# Review the diff carefully, then apply
|
|
61
|
-
pulumi up
|
|
62
|
-
|
|
63
|
-
# Check outputs
|
|
64
|
-
pulumi stack output
|
|
65
|
-
```
|
|
66
|
-
|
|
67
|
-
**Security:** Use `pulumi config set --secret` for sensitive config — never plain-text.
|
|
68
|
-
|
|
69
|
-
**Never run `pulumi destroy` without explicit confirmation** — it deletes all resources.
|
|
70
|
-
{{/IF_PULUMI}}
|
|
71
|
-
|
|
72
|
-
{{#IF_DOCKER}}
|
|
73
|
-
## Docker Deployment
|
|
74
|
-
|
|
75
|
-
```bash
|
|
76
|
-
# Build images
|
|
77
|
-
docker-compose build
|
|
78
|
-
|
|
79
|
-
# Push to registry
|
|
80
|
-
docker-compose push
|
|
81
|
-
|
|
82
|
-
# Deploy (depends on orchestration platform)
|
|
83
|
-
docker-compose -f docker-compose.prod.yml up -d
|
|
84
|
-
```
|
|
85
|
-
|
|
86
|
-
**Security:** Never copy `.env` files into Docker images. Use runtime environment variables.
|
|
87
|
-
{{/IF_DOCKER}}
|
|
88
|
-
|
|
89
|
-
{{#IF_CSHARP}}
|
|
90
|
-
## C# Deployment
|
|
91
|
-
|
|
92
|
-
```bash
|
|
93
|
-
# Framework-dependent (requires .NET runtime on target)
|
|
94
|
-
dotnet publish -c Release -o out/ --self-contained false
|
|
95
|
-
|
|
96
|
-
# Self-contained (no runtime needed on target)
|
|
97
|
-
dotnet publish -c Release -r linux-x64 --self-contained true
|
|
98
|
-
```
|
|
99
|
-
|
|
100
|
-
For Docker, use multi-stage builds:
|
|
101
|
-
- Build stage: `mcr.microsoft.com/dotnet/sdk:{{CSHARP_VERSION}}`
|
|
102
|
-
- Runtime stage: `mcr.microsoft.com/dotnet/aspnet:{{CSHARP_VERSION}}`
|
|
103
|
-
{{/IF_CSHARP}}
|
|
104
|
-
|
|
105
|
-
## CI/CD
|
|
106
|
-
|
|
107
|
-
Set up the project's CI pipeline so it runs the same checks as `/quality` and `/test` on every PR.
|
|
108
|
-
|
|
109
|
-
## Gotchas
|
|
110
|
-
|
|
111
|
-
See [references/gotchas.md](references/gotchas.md) for known deployment issues.
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: doctor
|
|
3
|
-
description: Diagnose and fix development environment issues. Use when setup fails, tools are missing, the environment is broken, or something is misconfigured.
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
# Doctor
|
|
7
|
-
|
|
8
|
-
## Diagnose
|
|
9
|
-
|
|
10
|
-
Walk through this checklist when something feels off:
|
|
11
|
-
|
|
12
|
-
1. **Git**: `git --version`, working tree clean?
|
|
13
|
-
2. **Language toolchains** (only for languages present in this repo):
|
|
14
|
-
- Node: `node --version` / `npm --version`; `node_modules/` populated?
|
|
15
|
-
- Python: `python3 --version`; virtual env activated? deps installed?
|
|
16
|
-
- Go: `go version`; modules downloaded?
|
|
17
|
-
- .NET: `dotnet --version`
|
|
18
|
-
- Rust: `rustc --version` / `cargo --version`
|
|
19
|
-
3. **Docker** (if `docker-compose.yml` present): `docker --version`; daemon running?
|
|
20
|
-
4. **dxkit health**: `npx vyuh-dxkit doctor` — verifies dxkit-managed tools (gitleaks, semgrep, cloc, etc.) and the `.claude/` install
|
|
21
|
-
5. **Hooks active**: `git config core.hooksPath` should report `.githooks` if hooks are installed
|
|
22
|
-
|
|
23
|
-
## Fix
|
|
24
|
-
|
|
25
|
-
- Missing dxkit tools: `npx vyuh-dxkit tools install`
|
|
26
|
-
- Stale `node_modules/`: `rm -rf node_modules && npm install`
|
|
27
|
-
- Hooks not firing: `git config core.hooksPath .githooks`
|
|
28
|
-
|
|
29
|
-
## Environment
|
|
30
|
-
|
|
31
|
-
If the repo has `.devcontainer/`, the canonical environment is the container — open in a devcontainer-aware editor (VS Code "Reopen in Container", Codespaces) instead of fighting host-machine setup.
|